2016-09-22 09:46:50 +02:00
< ? php
2016-10-12 09:25:18 +02:00
/* Moved to the README.md*/
2016-09-22 09:46:50 +02:00
2017-05-11 19:18:19 +02:00
$version = " v4.0.3 " ;
$released = " May/17 " ;
2016-09-22 09:46:50 +02:00
$author = " Malin Cenusa " ;
$mail = " malin.cenusa@lunarpages.com " ;
2016-10-12 09:25:18 +02:00
$ip = " 84.124.94.176 " ;
2016-09-22 09:46:50 +02:00
$error = " Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 54 bytes) " ;
?>
< html >
< head >
< title >..:: Global Account Maintenance Tool ::.. < ? php print_r ( $version ); ?> released <?php print_r($released); ?> - by <?php print_r($author); ?> [ <?php print_r($mail); ?> ]</title>
< link rel = " stylesheet " type = " text/css " href = " http://fonts.googleapis.com/css?family=Poiret One|Play " media = " screen " >
2017-05-14 08:49:00 +02:00
<!-- < link rel = " stylesheet " type = " text/css " href = " css/style.css " > -->
2016-09-22 09:46:50 +02:00
</ head >
< body >
< div id = " menu " >
< h3 >..:: Global Account Maintenance Tool ::.. < ? php print_r ( $version ); ?> released <?php print_r($released); ?> - by <?php print_r($author); ?> [ <?php print_r($mail); ?> ]</h3>
< div align = " right " >< a href = " ?run=remove " style = " color: #000000; background-color:#00ff00; font-size: 18px; " > REMOVE SCRIPT </ a ></ div >< br />< hr >
< table style = " border-spacing:0; width:100%; " >
< tr >
< td width = " 25% " >
< span style = " background-color:#00ff00; font-family: 'Play', Helvetica, Arial, serif; font-size: 16px; " >..:: MALWARE AUDIT ::..</ span >< br />
< ul >
< li >< a href = " ?run=infection " style = " color: #ff0000; " > Known PHPShell Scan </ a ></ li >
< li >< a href = " ?run=scanme " style = " color: #ff0000; " > Known Malware Scan </ a ></ li >
< li >< a href = " ?run=checkexif " style = " color: #ff0000; " > Scan JPEG EXIF Data </ b ></ a ></ li >
< li >< a href = " ?run=iframe " style = " color: #ff0000; " > malicious IFRAME scan </ a ></ li >
< li >< a href = " ?run=checklarge " style = " color: #ff0000; " > Check Files With Large Lines </ b ></ a ></ li >
< li >< a href = " ?run=newscan " style = " color: #ff0000; " > Database String Scanner </ a ></ li >
< li >< a href = " ?run=findbot " style = " color: #ff0000; " > Run Findbot . PL </ a ></ li >
2017-05-11 21:09:20 +02:00
< li >< a href = " ?run=insecplug " style = " color: #ff0000; " > Insecure WP plugins </ a ></ li >
2016-09-22 09:46:50 +02:00
< li >< a href = " ?run=custom " style = " color: #ff0000; " > Custom string scanner </ b ></ a ></ li >
</ ul >
</ td >
< td width = " 25% " >
2017-05-11 21:09:20 +02:00
< span style = " background-color:#00ff00; font-family: 'Play', Helvetica, Arial, serif; font-size: 16px; " >..:: SOP ::..</ span >< br />
2016-09-22 09:46:50 +02:00
< ul >
2017-05-11 21:09:20 +02:00
< li >< a href = " ?run=version " style = " color: #ff0000; " > Get a list of installed scripts and their versions </ a ></ li >
< li >< a href = " ?run=addsec " style = " color: #ff0000; " > Secure . htaccess and php . ini </ a ></ li >
< li >< a href = " ?run=securetemps " style = " color: #ff0000; " > Secure Temporary / Images </ a ></ li >
< li >< a href = " ?run=fixperms " style = " color: #ff0000; " > Fix File and Folder Permissions </ a ></ li >
< li >< a href = " ?run=pwds " style = " color: #ff0000; " > Check password security </ a ></ li >
< li >< a href = " ?run=optim " style = " color: #ff0000; " > MySQL DB Optimization </ a ></ li >
2017-05-15 11:54:53 +02:00
< li >< a href = " ?run=cleanupl " style = " color: #ff0000; " > Cleanup ( error logs , . suspected , zero byte files ) </ a ></ li >
2016-09-22 09:46:50 +02:00
</ ul >
</ td >
< td width = " 25% " >
< span style = " background-color:#00ff00; font-family: 'Play', Helvetica, Arial, serif; font-size: 16px; " >..:: CLEANER ::..</ span >< br />
< ul >
< li >< a href = " ?run=cleanPL " style = " color: #ff0000; " > Clean . PL </ b ></ a ></ li >
< li >< a href = " ?run=cleanPHP " style = " color: #ff0000; " > Clean . PHP </ a ></ li >
< li >< a href = " ?run=cleanexif " style = " color: #ff0000; " > Clean EXIF </ a ></ li >
< li >< a href = " ?run=cleangravity " style = " color: #ff0000; " > Clean Gravity Forms Exploit </ a ></ li >
2017-05-11 21:09:20 +02:00
2016-09-22 09:46:50 +02:00
</ ul >
</ td >
< td width = " 25% " >
< span style = " background-color:#00ff00; font-family: 'Play', Helvetica, Arial, serif; font-size: 16px; " >..:: MySQL ::..</ span >< br />
< ul >
< li >< a href = " ?run=prefix " style = " color: #ff0000; " > Change Table Prefix </ a ></ li >
< li >< a href = " ?run=mysqlpwd " style = " color: #ff0000; " > Change MySQL user password </ a ></ li >
< li >< a href = " ?run=changeengine " style = " color: #ff0000; " > Change MySQL database engine </ a ></ li >
< li >< a href = " ?run=repl " style = " color: #ff0000; " > Replace Strings ( MySQL password ) </ a ></ li >
</ ul >
</ td >
</ tr >
</ table >< br />
< table style = " border-spacing:0; width:100%; " >
< tr >
< td width = " 25% " >
< span style = " background-color:#00ff00; font-family: 'Play', Helvetica, Arial, serif; font-size: 16px; " >..:: FIND STUFF ::..</ span >< br />
< ul >
< li >< a href = " ?run=tmpcheck " style = " color: #ff0000; " > Find suspicious files in / tmp </ a ></ li >
< li >< a href = " ?run=symcheck " style = " color: #ff0000; " > Check for broken symlinks </ a ></ li >
< li >< a href = " ?run=findbackups " style = " color: #ff0000; " > Find backups </ a ></ li >
< li >< a href = " ?run=findsql " style = " color: #ff0000; " > Find SQL dumps </ a ></ li >
< li >< a href = " ?run=findlarge " style = " color: #ff0000; " > Find large files ( unrelated content ) </ a ></ li >
< li >< a href = " ?run=lastfiles " style = " color: #ff0000; " > Find last 500 modified files </ a ></ li >
< li >< a href = " ?run=findsymlinks " style = " color: #ff0000; " > Find Symlinks </ a ></ li >
< li >< a href = " ?run=findchmod " style = " color: #ff0000; " > Find Files & Dirs With Chmod 0000 </ a ></ li >
< li >< a href = " ?run=getsize " style = " color: #ff0000; " > Get Size of a directory </ a ></ li >
</ ul >
</ td >
< td width = " 25% " >
< span style = " background-color:#00ff00; font-family: 'Play', Helvetica, Arial, serif; font-size: 16px; " >..:: SOP / MISC . ::..</ span >< br />
< ul >
2017-05-11 21:09:20 +02:00
< li >< a href = " ?run=reshog " style = " color: #ff0000; " > WP Resource Hogs </ a ></ li >
< li >< a href = " ?run=reshog " style = " color: #ff0000; " > Database Size </ a ></ li >
< li >< a href = " ?run=reshog " style = " color: #ff0000; " > Running Processes </ a ></ li >
< li >< a href = " ?run=processlist " style = " color: #ff0000; " > Check The ProcessList </ a ></ li >
2016-09-22 09:46:50 +02:00
< li >< a href = " ?run=transfer " style = " color: #ff0000; " > Site Transfer </ a ></ li >
< li >< a href = " ?run=zencart " style = " color: #ff0000; " > ZenCart Concantenated </ a ></ li >
2017-05-11 21:09:20 +02:00
< li >< a href = " ?run=vulntheme " style = " color: #ff0000; " > Vulnerable WP themes </ a ></ li >
2016-09-22 09:46:50 +02:00
</ ul >
</ td >
2017-05-11 21:09:20 +02:00
2016-09-22 09:46:50 +02:00
</ tr >
</ ul >
</ table >
< hr >
< div align = " center " >
< ? php
/* let's define the paths first */
2017-05-11 20:52:36 +02:00
$processUser = posix_getpwuid ( posix_geteuid ());
2017-05-13 06:39:58 +02:00
$GLOBALS [ " user " ] = $processUser [ 'name' ];
$GLOBALS [ " docroot " ] = '/home/' . $GLOBALS [ " user " ] . '/' ;
$GLOBALS [ " webroot " ] = '/home/' . $GLOBALS [ " user " ] . '/public_html/' ;
2016-09-22 09:46:50 +02:00
$GLOBALS [ " red " ] = " <span style='color: #FF0000';> " ;
$GLOBALS [ " br " ] = " <br /> " ;
$GLOBALS [ " span " ] = " </span> " ;
/* let's get the server and account specs */
echo " Server: " ;
system ( 'hostname' );
echo " | user: " ;
system ( 'whoami' );
echo " | location: " ;
system ( 'pwd' );
if ( ini_get ( 'safe_mode' ) ){
echo " <font color= \" #ff0000; \" ><br />PHP is running in safe mode - functionality is limited</font> " ;
} else {
echo " <font color= \" #ff0000; \" ><br />PHP is not running in safe mode - script has full functionality<br /></font> " ;
}
/* checking the server wide load */
echo " <h3><b><center><font color='#FF0000'>Check the server load below first and make sure that you do not execute any of the functions if server has high load!!!</font></b></h3> " ;
system ( " w | grep load " );
?>
< hr >
</ div >
< span style = " font-size: 15px; line-height:90% " >
< ? php
function cleanupl (){
2017-05-15 11:54:53 +02:00
system ( 'find ' . $GLOBALS [ " webroot " ] . '/*/wp-content/uploads/ -type f -name "*.php" -print -exec rm -rfv {} \;' ); /* clear PHP files from wp-content/uploads */
system ( 'find ' . $GLOBALS [ " webroot " ] . ' -type f -name "*.php.suspected" -print -exec rm -rfv {} \;' ); /* clear files renamed as *.suspected by the server AV */
system ( 'find ' . $GLOBALS [ " webroot " ] . ' -type f -name "*.php" -size 0 -print -exec rm -rfv {} \;' ); /* clear files with 0 bytes size */
system ( 'find ' . $GLOBALS [ " webroot " ] . ' -type f -name "error_log" -print -exec rm -rfv {} \;' ); // clear the error logs
2016-09-22 09:46:50 +02:00
}
2018-01-05 13:38:46 +01:00
function passgen (){
$caracteres = '0123456789abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ$#@!?=%-+*.[]{}_,;:<>|' ;
$caractereslong = strlen ( $caracteres );
$clave = '' ;
for ( $i = 0 ; $i < 24 ; $i ++ ) {
$clave .= $caracteres [ rand ( 0 , $caractereslong - 1 )];
}
echo $clave ;
}
2016-09-22 09:46:50 +02:00
/* function removezero (){
system ( " find ./ -type f -empty -print -exec rm -f { } \ ; " );
} */
function vulntheme (){
}
2017-05-11 21:47:43 +02:00
function clear_cache (){
2017-05-13 06:39:58 +02:00
//system("if [ $(find-name "cache" -maxdepth 0 -type d -empty 2>/dev/null) ]; then rm -rfv $i/*; echo "no cache dirs, or empty ones found"; fi");
2017-05-11 21:47:43 +02:00
}
2016-09-22 09:46:50 +02:00
/* cleaning the backdoor files of the Gravity Forms Exploit */
function cleangravity (){
2017-05-13 06:39:58 +02:00
system ( 'find ' . $GLOBALS [ " webroot " ] . ' -type f -name "*_input__test*" -print -exec rm -rf {} \;' );
system ( 'find ' . $GLOBALS [ " webroot " ] . ' -type f -name "*_input_*.php*" -print -exec rm -rf {} \;' );
system ( 'find ' . $GLOBALS [ " webroot " ] . ' -type f -name "*_input_*.txt*" -print -exec rm -rf {} \;' );
2016-09-22 09:46:50 +02:00
}
/* use a modified version of Spamhaus's findbot.pl to identify left over backdoors */
function findbot (){
$output = shell_exec ( './findbot.pl -c ./' );
echo " <pre> $output </pre> " ;
}
/* secure the temporary directories against execution of malicious files */
2017-05-11 21:47:43 +02:00
// need to change this to PHP: https://gist.github.com/PalmaSolutions/3b5d2b69ac020c87ce53942785e39127
2016-09-22 09:46:50 +02:00
function securetemps (){
2017-05-11 21:47:43 +02:00
2016-09-22 09:46:50 +02:00
$htdata = '
< FilesMatch " \ .(php([0-9]|s)?|s?p?html|cgi|pl|exe) $ " >
Order Deny , Allow
Deny from all
</ FilesMatch >
' ;
2017-05-14 11:36:03 +02:00
foreach ( glob ( " ../ { **/*,*}/wp-content/uploads/ " ) as $dirname )
2017-05-12 08:34:16 +02:00
{
$hta = fopen ( $dirname . " /.htaccess " , " w " );
2017-05-11 21:47:43 +02:00
fwrite ( $hta , $htdata );
fclose ( $hta );
}
2017-05-15 11:54:53 +02:00
// patch for document root
if ( file_exists ( " ../wp-content " ))
{
if ( file_exists ( " ../wp-content/uploads " ))
{
if (( is_dir ( " ../wp-content/uploads/ " )) AND ( $dir !== " . " ) AND ( $dir !== " .. " ))
{
if ( file_exists ( " ../wp-content/uploads/.htaccess " ))
{
echo " " ;
}
else {
$hta = fopen ( " ../wp-content/uploads/.htaccess " , " w " );
fwrite ( $hta , $htdata );
fclose ( $hta );
}
}
}
}
2017-05-11 21:47:43 +02:00
// system("for i in `find ../ -type d -path '*/tmp'`; do echo $i && echo -e '".$htdata."' >> \$i/.htaccess; done");
2016-09-22 09:46:50 +02:00
/* Joomla /images may cause a ton of false positive patches so we'll research this further */
// system("for i in `find ./ -type d -path '*/images' -print;`; do echo -e '".$htdata."' >> \$i/.htaccess; done");
2017-05-11 21:47:43 +02:00
//echo "all patched\n";
2016-09-22 09:46:50 +02:00
}
/* Vulnerability check
$output = shell_exec ( 'find ./ -type f -name "*.php" -print -exec grep -RPn "(passthru|shell_exec|system|phpinfo|base64_decode|chmod|mkdir|fopen|fclose|readfile|php_uname|eval|tcpflood|udpflood|edoced_46esab) *\(" --color {} \;' );
echo " <pre> $output </pre> " ; */
2017-05-15 12:04:33 +02:00
/* let ' s scan and clean cryptoPHP - moved to the main scanner - needs testing
2016-09-22 09:46:50 +02:00
function cryptophp (){
echo " Scanning for cryptoPHP in social.png files \n " ;
system ( " find ../ -type f -iname \" social*.png \" -exec grep -E -o 'php. { 0,80}' { } \ ; -print " );
echo " \n Scanning for cryptoPHP in all PNG files \n " ;
system ( " find ../ -type f -iname '*.png' -print0 | xargs -0 file | grep \" PHP script \" " );
}
2017-05-15 12:04:33 +02:00
*/
2016-09-22 09:46:50 +02:00
/* Execute The Malware Scanner */
function scanme (){
2017-05-14 11:36:03 +02:00
2016-09-22 09:46:50 +02:00
require_once ( " ./scan.php " );
2017-05-14 11:36:03 +02:00
2016-09-22 09:46:50 +02:00
}
/* Execute The PHP Cleaner */
2017-05-15 11:54:53 +02:00
function cleanPHP (){
2016-09-22 09:46:50 +02:00
require_once ( " ./clean.php " );
2017-05-15 11:54:53 +02:00
2016-09-22 09:46:50 +02:00
}
/* Execute the Perl Cleaners */
function cleanPL (){
system ( " ./malware.pl " );
}
/* EXIF scanner */
function checkexif (){
2017-05-13 06:39:58 +02:00
define ( 'IMAGEPATH' , $GLOBALS [ " webroot " ]);
2016-09-22 09:46:50 +02:00
$directory = new RecursiveDirectoryIterator ( IMAGEPATH );
$iterator = new RecursiveIteratorIterator ( $directory );
$matches = new RegexIterator ( $iterator , '/^.+\.(jpg|jpeg|png|tiff)$/i' , RecursiveRegexIterator :: GET_MATCH );
foreach ( $matches as $key => $match ) :
$exif = exif_read_data ( $match [ 0 ], 0 , 'EXIF' );
echo '<pre>' , print_r ( $exif , true ), '</pre>' ;
endforeach ;
}
/* Insecure Plugins */
function insecplug (){
$plugins_list = array (
" complete-gallery-manager " ,
" wp-phpmyadmin " ,
" 1-flash-gallery " ,
" category-list-portfolio-page " ,
" disclosure-policy-plugin " ,
" dp-thumbnail " ,
" ip-logger " ,
" is-human " ,
" jquery-slider-for-featured-content " ,
" kish-guest-posting " ,
" lisl-last-image-slider " ,
" really-easy-slider " ,
" rent-a-car " ,
" vk-gallery " ,
" wordpress-news-ticker-plugin " ,
" wp-marketplace " ,
" adminer " ,
" file-commander " ,
" portable-phpmyadmin " ,
" portable-phpmyadmin " ,
" toolspack " ,
" ToolsPack " ,
" revslider " ,
" research-plugin* "
);
foreach ( $plugins_list as $plugin ){
2017-05-13 06:39:58 +02:00
system ( 'find ' . $GLOBALS [ " webroot " ] . ' -type d -name ' . $plugin . ' -print' );
2016-09-22 09:46:50 +02:00
}
}
/* Resource Hog Plugins */
function reshog (){
$plugin_list = array (
" broken-link-checker " ,
" myreviewplugin " ,
" linkman " ,
" fuzzy-seo-booster " ,
" wp-postviews " ,
" wordfence " ,
" tweet-blender " ,
" dynamic-related-posts " ,
" yet-another-related-posts-plugin " ,
" similar-posts " ,
" contextual-related-posts " ,
" yet-another-featured-posts-plugin " ,
" wponlinebackup " ,
" wpengine-snapshot " ,
" wpengine-migrate " ,
" wp-symposium-alerts " ,
" wp-slimstat " ,
" wp-missed-schedule " ,
" wordpress-gzip-compression " ,
" wp-cache " ,
" wp-database-optimizer " ,
" wp-db-backup " ,
" wp-dbmanager " ,
" wp-engine-snapshot " ,
" wp-file-cache " ,
" wp-mailinglist " ,
" async-google-analytics " ,
" backup-scheduler " ,
" backupwordpress " ,
" backwpup " ,
" duplicator " ,
" ewww-image-optimizer " ,
" ezpz-one-click-backup " ,
" google-xml-sitemaps-with-multisite-support " ,
" jr-referrer " ,
" missed-schedule " ,
" no-revisions " ,
" ozh-who-sees-ads " ,
" quick-cache " ,
" seo-alrp " ,
" si-captcha-for-wordpress " ,
" similar-posts " ,
" spyderspanker " ,
" spyderspanker_pro " ,
" super-post " ,
" superslider " ,
" text-passwords " ,
" the-codetree-backup " ,
);
foreach ( $plugin_list as $plugins ){
2017-05-13 06:39:58 +02:00
system ( 'find ' . $GLOBALS [ " webroot " ] . ' -type d -name ' . $plugins . ' -print' );
2016-09-22 09:46:50 +02:00
}
}
/* EXIF cleaner */
function cleanexif (){
2017-05-13 06:39:58 +02:00
define ( 'IMAGEPATH' , $GLOBALS [ " webroot " ]);
2016-09-22 09:46:50 +02:00
$directory = new RecursiveDirectoryIterator ( IMAGEPATH );
$iterator = new RecursiveIteratorIterator ( $directory );
$matches = new RegexIterator ( $iterator , '/^.+\.(jpg|jpeg)$/i' , RecursiveRegexIterator :: GET_MATCH );
foreach ( $matches as $key => $image ) :
echo '<pre>' , print_r ( $image , true ), '</pre>' ;
try
{
$img = new Imagick ( $image [ 0 ]);
$img -> stripImage ();
$img -> writeImage ( $image [ 0 ]);
$img -> clear ();
$img -> destroy ();
echo " Removed EXIF data from $image . \n " ;
} catch ( Exception $e ) {
echo 'Exception caught: ' , $e -> getMessage (), PHP_EOL ;
}
endforeach ;
}
/* Get MySQL process list for a given user */
function processlist (){
echo '<form method="post" enctype="multipart/form-data"><br /><hr>' ;
echo '<b>MySQL Host:</b></td><td><input name="host" id="host" type="text" size="30"><br />' ;
echo '<b>MySQL Username:</b></td><td><input name="usern" id="usern" type="text" size="30"><br />' ;
echo '<b>MySQL Password:</b></td><td><input name="passwd" id="passwd" type="text" size="30"><br />' ;
echo '<input name="submit" type="submit" value="Go"><br /><br />' ;
if (( $_POST [ 'submit' ]) == " Go " ) {
$mhost = ( $_POST [ " host " ]);;
$mpass = ( $_POST [ " passwd " ]);
$musr = ( $_POST [ " usern " ]);
}
mysql_connect ( $mhost , $musr , $mpass );
$q = mysql_query ( " SHOW FULL PROCESSLIST " );
echo " <span style='background-color:#00ff00; '>..:: MySQL-Processes ::..</span> \n " ;
echo " <table width='*' border='1' cellspacing='1' cellpadding='3'> \n " ;
while ( $l = mysql_fetch_row ( $q ) ) {
echo " <tr> \n " ;
foreach ( $l as $val ) echo " <td> $val </td> \n " ;
echo " </tr> \n " ;
}
echo " </table> \n " ;
echo " <span style='background-color:#00ff00; '>..:: Query Cache Status ::..</span> \n " ;
echo " <table width='*' border='1' cellspacing='1' cellpadding='3'> \n " ;
$q = mysql_query ( " SHOW STATUS LIKE 'Qcache%' " );
while ( $l = mysql_fetch_row ( $q ) ) {
echo " <tr> \n " ;
foreach ( $l as $val ) echo " <td> $val </td> \n " ;
echo " </tr> \n " ;
}
echo " </table> \n " ;
mysql_close ();
}
/* Get STAT data for a given file */
function stats (){
$output = shell_exec ( 'stat ./ModSettings.php' );
echo " <pre> $output </pre> " ;
}
/* change MySQL Engine */
function changeengine (){
mysql_connect ( 'localhost' , 'learn0_mdle1' , 'O{XgxSMtTXrD' );
$databases = mysql_query ( 'SHOW databases' );
while ( $db = mysql_fetch_array ( $databases )) {
echo " database => { $db [ 0 ] } \n " ;
mysql_select_db ( $db [ 0 ]);
$tables = mysql_query ( 'SHOW tables' );
while ( $tbl = mysql_fetch_array ( $tables )) {
echo " table => { $tbl [ 0 ] } \n " ;
mysql_query ( " ALTER TABLE { $tbl [ 0 ] } ENGINE=INNODB " );
}
}
}
function checklarge (){
$ite = new RecursiveDirectoryIterator ( dirname ( __FILE__ ));
$i = 0 ;
foreach ( new RecursiveIteratorIterator ( $ite ) as $filename => $cur ) :
preg_match ( '/^.+\.php$/i' , $filename , $match );
if ( $match ) :
$file = fopen ( $match [ 0 ], " r " );
while ( ! feof ( $file )) :
$line = fgets ( $file );
if ( ! feof ( $file )) :
if ( mb_strlen ( $line ) > 999 ) :
$i ++ ;
echo '<div class="well">' , $i , ')<div class="alert alert-danger"><i class="icon-warning-sign"></i>' , $filename , ' found line having more than 1000 characters, output to follow:</div>' ;
echo '<pre class="prettyprint">' ;
echo trim ( htmlentities ( $line ));
echo '</pre>' ;
echo '<span>This file was last modified on: ' , date ( " F d Y H:i:s. " , filemtime ( $filename )) , '</span>' ;
echo '</div>' ;
endif ;
endif ;
endwhile ;
fclose ( $file );
endif ;
endforeach ;
}
function removezero (){
echo " Removing Files With Zero Size " ;
}
function findchmod (){
echo " Finding All Files With Chmod Set To 0000<br /><br /> " ;
2017-05-13 06:39:58 +02:00
system ( 'find ' . $GLOBALS [ " webroot " ] . ' -type f -perm 0000 -exec ls -al' );
2016-09-22 09:46:50 +02:00
echo " Finding All Directories With Chmod Set To 0000<br /><br /> " ;
2017-05-13 06:39:58 +02:00
system ( 'find ' . $GLOBALS [ " webroot " ] . ' -type d -perm 0000 -exec ls -al' );
2016-09-22 09:46:50 +02:00
}
function trimblanklines ( $str ) {
return preg_replace ( '`\A[ \t]*\r?\n|\r?\n[ \t]*\Z`' , '' , $str );
}
function scanspam (){
}
function fixperms (){
echo ( " To save time (and money) we're going to locate the files and directories with improper permissions and fix just those: \n " );
2017-05-13 06:39:58 +02:00
system ( 'find ' . $GLOBALS [ " webroot " ] . ' -perm +og+w -follow -type d -print -exec chmod 755 {} \;' );
system ( 'find ' . $GLOBALS [ " webroot " ] . ' -perm 0000 -follow -type d -print -exec chmod 755 {} \;' );
system ( 'find ' . $GLOBALS [ " webroot " ] . ' -perm +og+w -follow -type f -print -exec chmod 644 {} \;' );
system ( 'find ' . $GLOBALS [ " webroot " ] . ' -perm 0000 -follow -type f -print -exec chmod 644 {} \;' );
system ( 'find ' . $GLOBALS [ " webroot " ] . ' -perm +og+w -follow -type f -name "*.cgi" -print -exec chmod 755 {} \;' );
system ( 'find ' . $GLOBALS [ " webroot " ] . ' -perm +og+w -follow -type f -name "*.pl" -print -exec chmod 755 {} \;' );
2016-09-22 09:46:50 +02:00
}
function getcleaner (){
$remote = " http://malin.online9.net/cl.txt " ;
$local = " cl.php " ;
$contents = file_get_contents ( $remote );
$fp = fopen ( $local , " w " );
fwrite ( $fp , $contents );
fclose ( $fp );
include ( './cl.php' );
}
function addsec (){
echo " securing .htaccess<br /> " ;
2017-05-13 06:39:58 +02:00
$htafile = $GLOBALS [ " webroot " ] . '/.htaccess' ;
2016-09-22 09:46:50 +02:00
$htaData = "
# Protection agains XSS exploits added by Lunarpages MSH team
Options + FollowSymLinks
RewriteEngine On
RewriteCond % { QUERY_STRING } base64_encode .* \ ( .* \ ) [ OR ]
RewriteCond % { QUERY_STRING } ( \ <|% 3 C ) .* script .* ( \ >|% 3 E ) [ NC , OR ]
RewriteCond % { QUERY_STRING } ( \ <|% 3 C ) .* iframe .* ( \ >|% 3 E ) [ NC , OR ]
RewriteCond % { QUERY_STRING } GLOBALS ( =| \ [ | \ % [ 0 - 9 A - Z ]{ 0 , 2 }) [ OR ]
RewriteCond % { QUERY_STRING } _REQUEST ( =| \ [ | \ % [ 0 - 9 A - Z ]{ 0 , 2 })
RewriteRule ^ ( .* ) $ index_error . php [ F , L ]
RewriteCond % { REQUEST_METHOD } ^ ( TRACE | TRACK )
RewriteRule .* - [ F ]
" ;
file_put_contents ( $htafile , $htaData , FILE_APPEND | LOCK_EX );
echo " data added to .htaccess<br /> " ;
show_source ( $htafile );
echo " moving on to php.ini " ;
2017-05-13 06:39:58 +02:00
$phpfile = $GLOBALS [ " webroot " ] . '/php.ini' ;
2016-09-22 09:46:50 +02:00
$phpData = '
; Protection agains RFI exploits added by Lunarpages MSH team
allow_url_fopen = Off
allow_url_include = Off
disable_functions = popen , passthru , escapeshellarg , escapeshellcmd , exec , passthru , proc_close , proc_get_status , proc_nice , proc_open , proc_terminate , shell_exec , system , blob , exec , escapeshellarg , pfsockopen , stream_get_transports , stream_set_blocking
display_errors = Off
display_startup_errors = Off
error_reporting = E_ALL
mail . add_x_header = On
2017-05-15 12:19:06 +02:00
mail . log = '.$GLOBALS["docroot"].' / phpmail . log
2016-09-22 09:46:50 +02:00
' ;
file_put_contents ( $phpfile , $phpData , FILE_APPEND | LOCK_EX );
echo " data added to php.ini " ;
show_source ( $phpfile );
}
function rmfile (){
echo " insert filename for mass deletion: <br /> " ;
echo '<form method="post" enctype="multipart/form-data">' ;
echo '<input name="name" id="name" type="text" size="100">;' ;
echo '<input name="send" type="send" value="Remove it">' ;
if (( $_POST [ 'send' ]) == " Remove it " ) {
$name = ( $_POST [ " name " ]);
2017-05-13 06:39:58 +02:00
system ( 'find ' . $GLOBALS [ " webroot " ] . ' -name "' . $name . '" -print -exec rm -fr {} \;' );
2016-09-22 09:46:50 +02:00
}
}
function mysqlsearch (){
?>
< form method = " post " enctype = " multipart/form-data " > < table >
< tbody >
< tr >
< td >< label for = " server " > Server Name </ label ></ td >
< td >< input type = " text " name = " server " value = " localhost " /></ td >
</ tr >
< tr >
< td >< label for = " dbuser " > User Name </ label ></ td >
< td >< input type = " text " name = " dbuser " /></ td >
</ tr >
< tr >
< td >< label for = " pass " > Password </ label ></ td >
< td >< input type = " password " name = " pass " /></ td >
</ tr >
< tr >
< td >< label for = " dbname " > Database Name </ label ></ td >
< td >< input type = " text " name = " dbname " /></ td >
</ tr >
<!-- < tr >
< td >< label for = " search_text " > Search on Database </ label >< br /></ td >
< td >< input type = " text " name = " search_text " < ? php if ( ! empty ( $_POST [ 'search_text' ])) echo 'value="' . $_POST [ 'search_text' ] . '"' ; ?> /></td>
</ tr >
< tr > -->
< td >< input type = " submit " value = " Find the Malware " /></ td >
</ tr >
</ tbody >
</ table >
</ form >
< ? php
$server = ( $_POST [ " server " ]);
$dbuser = ( $_POST [ " dbuser " ]);
$dbpass = ( $_POST [ " pass " ]);
$dbname = ( $_POST [ " dbname " ]);
$link = @ mysql_connect ( $server , $dbuser , $dbpass );
if ( ! $link ) { session_destroy (); header ( " Refresh:0;url=http:// " . $_SERVER [ 'HTTP_HOST' ] . $_SERVER [ 'PHP_SELF' ] . '?error_message=Username OR password Missmatch' );}
if ( !@ mysql_select_db ( $dbname , $link )){ session_destroy (); header ( " Refresh:0;url=http:// " . $_SERVER [ 'HTTP_HOST' ] . $_SERVER [ 'PHP_SELF' ] . '?error_message=Database Not found' );};
///@endof Databse Connection
$patterns = array (
" cacat " ,
" lacat " ,
);
foreach ( $patterns as $pattern ) {
$search_text = ( $pattern );
$result_in_tables = 0 ;
echo " <h4>Results for: <i> " . $search_text . '</i></h4>' ;
// @abstract table count in the database
$sql = 'show tables' ;
$res = mysql_query ( $sql );
//@abstract get all table information in row tables
$tables = fetch_array ( $res );
//$tables = array(array('album'));
//endof table count
for ( $i = 0 ; $i < sizeof ( $tables ); $i ++ )
// @abstract for each table of the db seaching text
{
//@abstract querry bliding of each table
$sql = 'select count(*) from ' . $tables [ $i ][ 'Tables_in_' . $dbname ];
$res = mysql_query ( $sql );
if ( mysql_num_rows ( $res ) > 0 )
//@abstract Buliding search Querry, search
{
//@abstract taking the table data type information
$sql = 'desc ' . $tables [ $i ][ 'Tables_in_' . $dbname ];
$res = mysql_query ( $sql );
$collum = fetch_array ( $res );
$search_sql = 'select * from ' . $tables [ $i ][ 'Tables_in_' . $dbname ] . ' where ' ;
$no_varchar_field = 0 ;
for ( $j = 0 ; $j < sizeof ( $collum ); $j ++ )
// @abstract only finding each row information
{
## we are searching all the fields in this table
//if(substr($collum[$j]['Type'],0,7)=='varchar'|| substr($collum[$j]['Type'],0,7)=='text')
// @abstractonly type selection part of query buliding
// @todo seach all field in the data base put a 1 in if(1)
// @example if(1)
//{
//echo $collum[$j]->Field .'<br />';
if ( $no_varchar_field != 0 ){ $search_sql .= ' or ' ;}
$search_sql .= '`' . $collum [ $j ][ 'Field' ] . '` like \'%' . $search_text . '%\' ' ;
$no_varchar_field ++ ;
//} // endof type selection part of query bulidingtype selection part
} //@endof for |buliding search query
if ( $no_varchar_field > 0 )
// @abstract only main searching part showing the data
{
$res = mysql_query ( $search_sql );
$search_result = fetch_array ( $res );
if ( sizeof ( $search_result ))
// @abstract found search data showing it!
{
$result_in_tables ++ ;
echo '<div class="table_name"> Table : '
. $tables [ $i ][ 'Tables_in_' . $dbname ]
. ' & nbsp ; & nbsp ; </ div >
& nbsp ; & nbsp ; & nbsp ; & nbsp ; & nbsp ; & nbsp ; & nbsp ; & nbsp ; & nbsp ; & nbsp ; ' .
'<span class="number_result"> Total Results for <i>"' . $search_text . '"</i>: ' . mysql_affected_rows () . ' </ span >
< br />
< div class = " link_wrapper " >< a href = " javascript:toggle( \ ''. $tables[$i] ['Tables_in_'. $dbname ].'_sql'.' \ ') " > SQL </ a ></ div >
< div id = " '. $tables[$i] ['Tables_in_'. $dbname ].'_sql " class = " sql keys " >< i > '.$search_sql.' </ i ></ div >
< div class = " link_wrapper " >< a href = " javascript:toggle( \ ''. $tables[$i] ['Tables_in_'. $dbname ].'_wrapper'.' \ ') " > Result </ a ></ div >
< script language = " JavaScript " >
table_id . push ( " '. $tables[$i] ['Tables_in_'. $dbname ].'_wrapper " );
</ script >
< div class = " wrapper " id = " '. $tables[$i] ['Tables_in_'. $dbname ].'_wrapper " > ' ;
table_arrange ( $search_result );
echo '</div><br/><br/>' ;
} // @endof showing found search
} //@endof main searching
} //@endof querry building and searching
}
if ( ! $result_in_tables )
// @abstract if result is not found
{
echo '<p style="color:red;">Sorry, <i>' .
$search_text .
'</i> is not found in this Database (' . $dbname . ') !</p>' ;
}
mysql_close ( $link );
}
}
//*********************
//* PHP functions
//*********************
function fetch_array ( $res )
// @method fetch_array
// @abstract taking the mySQL $resource id and fetch and return the result array
// @param string| MySQL resouser
// @return array
{
$data = array ();
while ( $row = mysql_fetch_assoc ( $res ))
{
$data [] = $row ;
}
return $data ;
} //@endof function fetch_array
function table_arrange ( $array )
// @method table_arrange
// @abstract taking the mySQL the result array and return html Table in a string. showing the search content in a diffrent css class.
// @param array
// @post_data search_text
// @return string | html table
{
$table_data = '' ; // @abstract returning table
$max = 0 ; // @abstract max lenth of a row
$max_i = 0 ; // @abstract number of the row which is maximum max lenth of a row
$search_text = $_POST [ " search_text " ];
for ( $i = 0 ; $i < sizeof ( $array ); $i ++ )
{
//@abstract table row
$table_data .= '<tr class=' . (( $i & 1 ) ? '"odd_row"' : '"even_row"' ) . ' >' ;
//
$j = 0 ;
foreach ( $array [ $i ] as $key => $data )
{
//@abstract a class around the search text
$data = preg_replace ( " |( $search_text )|Ui " , " <pre class= \" search_text \" ><b> $ 1</b></pre> " , htmlspecialchars ( $data ));
$table_data .= '<td>' . $data . ' </td>' ;
$j ++ ;
}
if ( $max < $j )
{
$max = $j ;
$max_i = $i ;
}
$table_data .= '</tr>' . " \n " ;
}
$table_data .= '</table></div>' ;
unset ( $data );
// @endof html table
//@abstract populating the table head
// @varname $data_a
//@abstract taking the highest sized array and printing the key name.
$data_a = $array [ $max_i ];
$table_head = '<tr>' ;
foreach ( $data_a as $key => $value )
{
$table_head .= '<td class="keys">' . $key . '</td>' ;
}
$table_head .= '</tr>' . " \n " ;
//@endof populating the table head
// @abstract printing the table data
echo ' < div class = " table_bor " >
< table cellspacing = " 0 " cellpadding = " 3 " border = " 0 " class = " data_table " > ' . $table_head . $table_data ;
} //@endof function table_arrange
/*
Calculate sizes of all your databases in MB :
SELECT table_schema " DB Name " , SUM ( data_length + index_length ) / 1024 / 1024
" DB Size " FROM information_schema . TABLES GROUP BY table_schema ;
Calculate table sizes for a specific database :
SELECT TABLE_NAME , table_rows , data_length , index_length , round ((( data_length + index_length ) / 1024 / 1024 ), 2 ) " Size in MB " FROM information_schema . TABLES WHERE table_schema = " PUT_YOUR_DATABASE_NAME_HERE " ;
*/
function repl (){
echo " String Replacement " ;
echo '<form method="post" enctype="multipart/form-data"><br /><hr>' ;
echo '<b>Old String:</b></td><td><input name="oldstr" id="oldstr" type="text" size="50"><br />' ;
echo '<b>New String:</b></td><td><input name="newstr" id="newstr" type="text" size="50"><br />' ;
echo '<input name="submit" type="submit" value="Go"><br /><br />' ;
if (( $_POST [ 'submit' ]) == " Go " ) {
$oldstr = ( $_POST [ " oldstr " ]);
$newstr = ( $_POST [ " newstr " ]);
system ( " grep -ilr ' " . $oldstr . " ' * | xargs -i@ sed -i 's/ " . $oldstr . " / " . $newstr . " /g' @ " );
/* xargs /usr/bin/perl -w -i -p -e "s/your_old_string/your_new_string/g" */
echo 'all done' ;
}
}
/* getting the total size of a specific directory */
function getsize (){
$username = system ( 'whoami' );
echo " insert the location you wish to get the size for: <br /> " ;
echo '<form method="post" enctype="multipart/form-data">' ;
2017-05-15 12:38:06 +02:00
echo '' . $GLOBALS [ " docroot " ] . '<input name="path" id="path" type="text" size="100">' ;
2016-09-22 09:46:50 +02:00
echo '<input name="send" type="submit" value="Get it">' ;
if (( $_POST [ 'send' ]) == " Get it " ) {
$path = ( $_POST [ " path " ]);
echo " <br />Getting size of: " . $path . " <br/> " ;
2017-05-15 12:38:06 +02:00
system ( 'du -sh ' . $GLOBALS [ " docroot " ] . $path );
2016-09-22 09:46:50 +02:00
}
}
/* looking for any backup files that would cause issues */
function findbackups (){
$ziparray = array ( " zip " , " rar " , " tgz " , " tar.gz " , " bz2 " , " tar " );
foreach ( $ziparray as $i => $valzip ) {
echo 'checking for backup files with extension: ' . $valzip . '<br />' ;
2017-05-13 06:39:58 +02:00
system ( 'find ' . $GLOBALS [ " webroot " ] . '-name *.' . $valzip . ' -exec du -sh {} \; | grep "backup"' );
2016-09-22 09:46:50 +02:00
}
}
/* looking for SQL dumps that may expose sensitive info */
function findsql (){
echo 'checking for SQL dumps <br />' ;
2017-05-15 12:38:06 +02:00
system ( 'find ' . $GLOBALS [ " docroot " ] . ' -name "*.sql" -exec du -sh {} \;' );
2016-09-22 09:46:50 +02:00
}
/* looking for large files that may crash the scans*/
function findlarge (){
echo 'checking for large files (over 10MB) <br/>' ;
2017-05-15 12:38:06 +02:00
system ( 'find ' . $GLOBALS [ " docroot " ] . ' -size +10000k -exec du -sh {} \;' );
2016-09-22 09:46:50 +02:00
}
/* looking for symlinks that may expose sensitive data and will crash the scans */
function findsymlinks (){
echo 'checking for symlinks <br />' ;
system ( " find ../ -type l -exec ls -al { } \ ; " );
}
/* generate a concantenated password for ZenCart */
function zencart (){
echo 'generating ZenCart concantenated password: <br />' ;
echo '<form method="post" enctype="multipart/form-data"><br />' ;
echo '<b>New Password:</b></td><td><input name="newzen" id="newzen" type="text" size="50"><br />' ;
echo '<input name="submit" type="submit" value="Go"><br /><br />' ;
if (( $_POST [ 'submit' ]) == " Go " ) {
$password = ( $_POST [ " newzen " ]);
$salt = substr ( md5 ( $password ), 0 , 2 );
$password = md5 ( $salt . $password ) . ':' . $salt ;
echo 'New Password Hash is: <br />' ;
echo $password ;
}
}
function mysqlpwd (){
echo '<form method="post" enctype="multipart/form-data"><br /><hr>' ;
echo '<b>MySQL Username:</b></td><td><input name="actusr" id="actusr" type="text" size="50"><br />' ;
echo '<b>Current Password:</b></td><td><input name="actpwd" id="actpwd" type="text" size="50"><br />' ;
echo '<b>New MySQL Password:</b></td><td><input name="pwd" id="pwd" type="text" size="50"><br />' ;
echo '<input name="submit" type="submit" value="Go"><br /><br />' ;
if (( $_POST [ 'submit' ]) == " Go " ) {
$host = " localhost " ;
$pass = ( $_POST [ " pwd " ]);
$actusr = ( $_POST [ " actusr " ]);
$actpass = ( $_POST [ " actpwd " ]);
$link = mysql_connect ( $host , $actusr , $actpass ) or die ( mysql_error ());
mysql_query ( " SET PASSWORD FOR ' " . $actusr . " '@' " . $host . " ' = PASSWORD(' " . $pass . " '); " ) or die ( mysql_error ());
}
mysql_close ( $link );
}
function pwds (){
system ( 'find ../ -name "*.php" -type f -exec grep -HA4 "`whoami`_" {} \;' );
}
function clean (){
$dir = " ../ " ;
echo '<form method="post" enctype="multipart/form-data"><br /><hr>' ;
echo '<b>Malware String:</b></td><td><input name="malware" id="malware" type="text" size="300">' ;
echo '<input name="submit" type="submit" value="Go"><br /><br />' ;
if (( $_POST [ 'submit' ]) == " Go " ) {
$malware = ( $_POST [ " malware " ]);
system ( `find $dir -name "*.php" -type f |xargs sed -i 's#<?php /\*\*/ '.$malware.'.*?>##g' 2>&1` );
echo " Malware removed.<br /> \n " ;
}
system ( `find $dir -name "*.php" -type f | xargs sed -i '/./,$!d' 2>&1` );
echo " Empty lines removed.<br /> \n " ;
}
function optim (){
echo '<form method="post" enctype="multipart/form-data"><br /><hr>' ;
echo '<b>MySQL Hostname/IP:</b></td><td><input name="host" id="host" type="text" size="50">' ;
echo '<b>MySQL Username:</b></td><td><input name="usr" id="usr" type="text" size="50">' ;
echo '<b>MySQL Password:</b></td><td><input name="pwd" id="pwd" type="text" size="50">' ;
echo '<input name="submit" type="submit" value="Go"><br /><br />' ;
if (( $_POST [ 'submit' ]) == " Go " ) {
$host = ( $_POST [ " host " ]);
$user = ( $_POST [ " usr " ]);
$pass = ( $_POST [ " pwd " ]);
echo " " . date ( 'H:i:s' ) . " : Connecting to MySQL Server .... <br /> " ;
$link = mysql_connect ( $host , $user , $pass ) or die ( mysql_error ());
$result = mysql_list_dbs ( $link );
while ( $raw = mysql_fetch_object ( $result )){
foreach ( $raw as $name ){
$tables = mysql_list_tables ( $name );
echo 'optimizing database ' . $name . '<br />' ;
if ( $name == 'information_schema' )
{
echo 'skipping information_schema<br />' ;
}
else
{
echo " " . date ( 'H:i:s' ) . " : Get tables from database $name .... <br /> " ;
while ( $row = mysql_fetch_row ( $tables )) {
echo " " . date ( 'H:i:s' ) . " : Optimize table $row[0] ....<br /> " ;
mysql_query ( 'optimize table ' . $row [ 0 ] . ' ' ) or die ( mysql_error ());
}
}
echo " " . date ( 'H:i:s' ) . " : Table of Database " . $name . " Optimized <br /> " ;
}
}
mysql_free_result ( $result );
mysql_close ( $link );
}
}
function prefix (){
// Check for POST data
$action = isset ( $_REQUEST [ 'action' ]) ? $_REQUEST [ 'action' ] : false ;
if ( ! $action ) {
?>
< form name = " form1 " method = " post " enctype = " multipart/form-data " >
< table width = " 75% " border = " 0 " cellspacing = " 2 " cellpadding = " 2 " >
< tr >
< td > Enter database name :</ td >
< td >< input name = " d " type = " text " id = " d " size = " 50 " ></ td >
</ tr >
< tr >
< td > Enter database user </ td >
< td >< input name = " u " type = " text " id = " u " size = " 50 " </ td >
</ tr >
< tr >
< td > Enter database password :</ td >
< td >< input name = " p " type = " password " id = " p " size = " 50 " ></ td >
</ tr >
< tr >
< td > Enter New Prefix :</ td >
< td >< input name = " n " type = " text " id = " n " size = " 50 " value = " (Do not include the trailing underscore) " ></ td >
</ tr >
< tr >
< td >& nbsp ; </ td >
< td >& nbsp ; </ td >
</ tr >
< tr >
< td colspan = " 2 " align = " center " >< input name = " action " type = " hidden " id = " action " value = " data " >
< input type = " submit " name = " Submit " value = " Change Table Prefixes " ></ td >
</ tr >
</ table >
</ form >
< ? php
} else {
$mysql_db = $_REQUEST [ 'd' ];
$mysql_user = $_REQUEST [ 'u' ];
$mysql_pass = $_REQUEST [ 'p' ];
$table_prefix = $_REQUEST [ 'n' ];
// Open MySQL link
$link = mysql_connect ( 'localhost' , $mysql_user , $mysql_pass );
if ( ! $link ) {
die ( 'Could not connect: ' . mysql_error ());
}
echo 'Connected successfully<br><br>' ;
// Select database and grab table list
mysql_select_db ( $mysql_db , $link ) or die ( " Database not found. " );
$tables = mysql_list_tables ( $mysql_db );
// Pull table names into an array and replace prefixes
$i = 0 ;
while ( $i < mysql_num_rows ( $tables )) {
$table_name = mysql_tablename ( $tables , $i );
$table_array [ $i ] = $table_name ;
$i ++ ;
}
// Pull table names into another array after replacing prefixes
foreach ( $table_array as $key => $value ) {
$table_names [ $key ] = replace_prefix ( $value , $table_prefix );
}
// Write new table names back
foreach ( $table_array as $key => $value ) {
$query = sprintf ( 'RENAME TABLE %s TO %s' , $table_array [ $key ], $table_names [ $key ]);
$result = mysql_query ( $query , $link );
if ( ! $result ) {
$error = mysql_error ();
echo " Could not $query : $error <br> " ;
} else {
$message = sprintf ( 'Successfully renamed %s to %s in %s' , $table_array [ $key ], $table_names [ $key ], $mysql_db );
echo " $message <br> " ;
}
}
// Free the resources
mysql_close ( $link );
}
function replace_prefix ( $s , $prefix ) {
$pos = strpos ( $s , " _ " );
$s = substr ( $s , $pos + 1 );
$s = sprintf ( " %s_%s " , $prefix , $s );
return $s ;
}
}
function loop (){
system ( 'find ../ -type l -exec ls -l {} \;' );
}
function lastfiles (){
system ( " find ../ -type f -printf '%T@ %p \t \t %t \n ' | sort -k 1 -nr | sed 's/^[^ ]* //' | head -n 500 " );
}
function execmd (){
}
/* Let's Remove All Files So The Don't Fall In Wrong Hands */
function remove (){
2017-06-02 21:23:51 +02:00
if ( ! is_dir ( $GLOBALS [ " webroot " ] . '/lp-msh-scanner' )) {
rmdir ( $GLOBALS [ " webroot " ] . '/lp-msh-scanner' );
2017-05-15 13:04:20 +02:00
}
2016-09-22 09:46:50 +02:00
}
function norun (){
if ( '' == $df ) {
echo " <font color='#0000FF'>[X]=> <font color='#04B404'>No functions are disabled, this script should run without issues <br /></font> " ;
} else {
echo " <font color='#FF0000'>WARNING!: The following functions are disabled, please check your php.ini " . $df . " <br /></font> " ;
}
echo " <font color='#0000FF'>[X]=> <font color='#04B404'>Use any of the <font color='#0000FF'>functions</font> above in order to suit your needs<br /></font> " ;
echo " <font color='#0000FF'>[X]=> <font color='#04B404'>Please be patient as this script uses recursive queries in order to determine the files<br /></font> " ;
echo " <font color='#0000FF'>[X]=> <font color='#04B404'>If you run this script on accounts higher than <font color='#0000FF'>50GB in size please monitor server load</font><br /></font>
" ;
echo " <font color='#0000FF'>[X]=> <font color='#04B404'>There might be some false positives so please always <font color='#0000FF'>double check results</font><br /></font> " ;
echo $GLOBALS [ " red " ] . " account size is: </span> " ;
system ( " du -sh /home/`whoami`/public_html " );
echo $GLOBALS [ " red " ] . " total files in public_html: </span> " ;
system ( " find ../ -type f | wc -l " );
echo '<br />php.ini files with register_globals enabled: <br />' ;
system ( " find ../ -name php.ini -exec grep -Hli '^register_globals.*=.*On' { } \ ; " );
echo '<br />Running processes:' ;
echo '<br><pre>' ;
system ( " ps -eo pid,user,cmd | grep `whoami` " );
}
echo '<br><pre>' ;
//starting script functions
function version () {
2017-05-15 13:04:20 +02:00
// externalized the function to version.php in order to keep this cleaner than before
2016-09-22 09:46:50 +02:00
2018-04-01 09:58:49 +02:00
require_once ( " cms-ver.php " );
2017-05-14 07:57:25 +02:00
2017-05-11 20:31:21 +02:00
}
2016-09-22 09:46:50 +02:00
//custom pattern scanner
function custom (){
echo '<form method="post" enctype="multipart/form-data"><br /><hr>' ;
echo '<b>Enter desired string:</b></td><td><input name="customz" id="customz" type="text" size="100">' ;
echo '<input name="submit" type="submit" value="Go">' ;
if (( $_POST [ 'submit' ]) == " Go " ) {
$string = ( $_POST [ " customz " ]);
echo " <br />Scanning for: " . $string . " <br/> " ;
system ( 'grep -RHl ' . $string . ' /home/`whoami`/public_html' );
}
}
/*
function spam (){
< u style = " display: block;overflow: hidden;width: 0;height: 0; " >
< div style = " position: absolute; left: -5000px; font-size: 0; width: 1; height: 0; overflow: hidden; " >
}
*/
// Checking for suspicious files in /tmp
function tmpcheck () {
echo '<p>' ;
echo '<h4><b><u>Suspicious files in /tmp:</h4></b></u>' ;
echo '<br><pre>' ;
system ( " ls -al /tmp/ | grep `whoami` | grep -v sess_ " );
}
// check broken symlinks
function symcheck () {
echo '</pre></p><p>' ;
echo 'Broken symlinks:' ;
echo '<br><pre>' ;
system ( " for i in `find ../ -type l`; do [ -e $i ] || echo $i is broken; done " );
}
// Searching for malicious php shells
function infection (){
echo '</pre></p><p>' ;
echo 'Let`s find if there is a malicious base64 infection:<br />' ;
function parse_dir ( $dir ) {
global $shell_definitions ;
global $generic ;
global $settings ;
$dh = dir ( $dir );
while ( $entry = $dh -> read ( ) )
{
if ( $entry == '.' ||
$entry == '..' ||
@ filesize ( $dir . '/' . $entry ) > $settings [ 'SIZE_LIMIT' ] ||
$entry === basename ( $_SERVER [ 'PHP_SELF' ] ) )
continue ;
if ( @ is_dir ( $dir . '/' . $entry ) )
$dirs [] = $dir . '/' . $entry ;
if ( @ filesize ( $dir . '/' . $entry ) > 0 )
{
$h = fopen ( $dir . '/' . $entry , 'r' );
$cnt = fread ( $h , @ filesize ( $dir . '/' . $entry ) );
fclose ( $h );
if ( $settings [ 'USE_DEFINITIONS' ] )
{
for ( $i = 0 ; $i < count ( $shell_definitions ); $i ++ )
{
foreach ( $shell_definitions [ $i ] as $key => $el )
{
if ( $key == 'id' )
{
$id = $el ;
continue ;
}
if ( strpos ( strtolower ( $cnt ), strtolower ( base64_decode ( $el ) ) ) !== FALSE )
{
$site = $dir . '/' . $entry ;
@ $shfound .= '<br />Probabile shell [' . $id . ']: <b> <a href=' . $site . ' target="_blank">' . $dir . '/' . $entry .
'</a></b><br />' ;
$end = true ;
break ;
}
}
if ( @ $end )
{
$end = false ;
break ;
}
}
}
else
if ( strpos ( strtolower ( $cnt ), $generic ) !== FALSE )
$shfound .= 'Probabile shell [generica]: <b>' . $dir . '/' . $entry . '</b><br />' ;
}
}
$dh -> close ( );
if ( strlen ( @ $shfound ) > 0 )
{
echo '<b>Directory: ' . $dir . '</b>' ;
echo $shfound ;
}
if ( count ( @ $dirs ) <= 0 ) return ;
foreach ( $dirs as $dir )
parse_dir ( $dir );
}
}
if ( isset ( $_GET [ 'run' ])) $linkchoice = $_GET [ 'run' ];
2017-05-14 11:36:03 +02:00
else $linkchoice = '' ;
2016-09-22 09:46:50 +02:00
2017-05-14 11:36:03 +02:00
switch ( $linkchoice ){
2016-09-22 09:46:50 +02:00
2017-05-14 11:36:03 +02:00
case 'removezero' :
removezero ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-14 11:36:03 +02:00
case 'findchmod' :
findchmod ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-14 11:36:03 +02:00
case 'optim' :
optim ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-14 11:36:03 +02:00
case 'addsec' :
addsec ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-14 11:36:03 +02:00
case 'getcleaner' :
getcleaner ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-14 11:36:03 +02:00
case 'tmpcheck' :
tmpcheck ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-14 11:36:03 +02:00
case 'prefix' :
prefix ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-14 11:36:03 +02:00
case 'symcheck' :
symcheck ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-14 11:36:03 +02:00
case 'infection' :
infection ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'pwds' :
pwds ();
break ;
case 'mailing' :
mailing ();
break ;
case 'mysqlsearch' :
mysqlsearch ();
break ;
case 'remove' :
remove ();
break ;
case 'clean' :
clean ();
break ;
case 'loop' :
loop ();
break ;
case 'otherinfect' :
otherinfect ();
break ;
case 'hta' :
hta ();
break ;
case 'version' :
version ();
break ;
case 'checkexif' :
checkexif ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'transfer' :
transfer ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'cleanexif' :
cleanexif ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'custom' :
custom ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'iframe' :
iframe ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'lastfiles' :
lastfiles ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'execcmd' :
execcmd ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'mysqlpwd' :
mysqlpwd ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'findbackups' :
findbackups ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'findlarge' :
findlarge ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'findsql' :
findsql ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'findsymlinks' :
findsymlinks ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'zencart' :
zencart ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'getsize' :
getsize ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'repl' :
repl ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'fixperms' :
fixperms ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'checklarge' :
checklarge ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'processlist' :
processlist ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'scanme' :
scanme ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'cleanPHP' :
cleanPHP ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'securetemps' :
securetemps ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'cleanPL' :
cleanPL ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'insecplug' :
insecplug ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'reshog' :
reshog ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'findbot' :
findbot ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'cleangravity' :
cleangravity ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
case 'cleanupl' :
cleanupl ();
break ;
2016-09-22 09:46:50 +02:00
2017-05-15 06:38:22 +02:00
default :
norun ();
echo 'no function chosen. please pick a function from the menu above' ;
2016-09-22 09:46:50 +02:00
}
$settings = array (
2017-05-13 06:39:58 +02:00
'BASE_DIR' => $GLOBALS [ " webroot " ],
2016-09-22 09:46:50 +02:00
'USE_DEFINITIONS' => true ,
'SIZE_LIMIT' => ( 1024 * 1024 ) //size limit set to 1mb
);
$shell_definitions = array (
array ( 'id' => 'Database' , 'def1' => 'cGhwTXlBZG1pbiBTUUwgRHVtcA==' , 'def2' => 'cGhwQkIgQmFja3VwIFNjcmlwdA==' , 'def3' => 'VkFMVUVTKCIxIiwi' ),
array ( 'id' => 'Ciro1992Shell' , 'def1' =>
'JHRleHRbMV0gPSAifCBTYWZlIG1vZGUgPSAiOw0KJHRleHRbMl0gPSAiT24iOw0KJHRleHRbM10gPSAiT2ZmIjsNCiR0ZXh0WzRdID0gIk1hZ2ljcyBRdW90ZXMgPSAiOw0KJHRleHRbNV0gPSAiIHwgIjsNCiR0ZXh0WzZdID0gIk15U3FsID0gIjsNCiR0ZXh0WzddID0gIkhkZCBMaWJlcm8gOiAi' ,
'def2' => 'JHRleHRbMzZdID0gIi46Oi4gUG93ZXJlZCBieSBDaXJvMTk5MiAtIEJsYWNrIE1pbGl0aWEgVGVhbQ==' ),
array ( 'id' => 'Ka_uShell' , 'def1' => 'PHRpdGxlPktBX3VTaGVsbCAwLjEuNjwvdGl0bGU+' , 'def2' =>
'Ly8gTWVudQ0KZWNobyAiDQp8PGEgaHJlZj0kc2VsZj9hYz1zaGVsbD5TaGVsbDwvYT58DQp8PGEgaHJlZj0kc2VsZj9hYz11cGxvYWQ+RmlsZSBVcGxvYWQ8L2E+fA0KfDxhIGhyZWY9JHNlbGY/YWM9dG9vbHM+VG9vbHM8L2E+fA0KfDxhIGhyZWY9JHNlbGY/YWM9ZXZhbD5QSFAgRXZhbCBDb2RlPC9hPnwNCnw8YSBocmVmPSRzZWxmP2FjPXdob2lzPldob2lzPC9hPnwNCjxicj48YnI+PGJyPjxwcmU+Ijs='
),
array ( 'id' => 'DxShell' , 'def1' => 'aWYgKGhlYWRlcnNfc2VudCgpKSAkRFhHTE9CQUxTSElUPXRydWU7IGVsc2UgJERYR0xPQkFMU0hJVD1GQUxTRTs=' , 'def2' =>
'aWYgKCEoJGRpcl9wdHI9b3BlbmRpcigkX0dFVFsnZHhkaXInXSkpKSBkaWUoRHhFcnJvcignVW5hYmxlIHRvIG9wZW4gZGlyIGZvciByZWFkaW5nLiBQZXJtcz8uLi4nKSk7' ),
array ( 'id' => 'Crystal' , 'def1' =>
'aWYgKCRhY3QgPT0gImFib3V0Iikge2VjaG8gIjxjZW50ZXI+PGI+Q29kaW5nIGJ5Ojxicj48YnI+U3VwZXItQ3J5c3RhbDxicj4mPGJyPk1vaGFqZXIyMjxicj4tLS0tLTxicj5UaGFua3MgPGJyPlRyWWFHIFRlYW0gPGJyPiBBcmFiU2VjdXJpdHlDZW50ZXIgVGVhbSA8YnI+Q1JZU1RBTC1IIFZlcnNpb246MCBCZXRhIHBocHNoZWxsIGNvZGU8YnI+U2F1ZGkgQXJhYmljICA8L2E+LjwvYj4iO30=' ,
'def2' => 'aWYoZW1wdHkoJF9QT1NUWydNb2hhamVyMjInXSkpew==' ),
array ( 'id' => 'Antichat' , 'def1' => 'PHRkPjxhIGhyZWY9IiMiIG9uY2xpY2s9ImRvY3VtZW50LnJlcXMuYWN0aW9uLnZhbHVlPSdzaGVsbCc7IGRvY3VtZW50LnJlcXMuc3VibWl0KCk7Ij58IFNoZWxsIDwvYT48L3RkPg==' ,
'def2' =>
'PHRhYmxlIHN0eWxlPSJCT1JERVItQ09MTEFQU0U6IGNvbGxhcHNlIiBjZWxsU3BhY2luZz0wIGJvcmRlckNvbG9yRGFyaz0jNjY2NjY2IGNlbGxQYWRkaW5nPTUgd2lkdGg9IjEwMCUiIGJnQ29sb3I9IzMzMzMzMyBib3JkZXJDb2xvckxpZ2h0PSNjMGMwYzAgYm9yZGVyPTE+'
),
array ( 'id' => 'Arabic' , 'def1' => 'dHJ5YWcucGhwIC0gaHR0cDovL3dXdy50cnlhZy5jT20=' , 'def2' => 'ZXhpdCgiPGI+PGEgaHJlZj1odHRwOi8vd1d3LnRyeWFnLmNPbT50cnlhZy10ZWFtPC9hPg==' ),
array ( 'id' => 'ZipShell' , 'def1' => 'WmlwU2hlbGwgVjEuMSBQcml2YXRlIEVkaXRvbiBbR1JFWS1IQVQtSEFDS0lOR10=' , 'def2' =>
'JHRoaXMtPl9fZXJyb3IoJ2NyZWF0aW9uJywnVW5rbm93biBtZXRob2Q6IDx1PicuJHR5cGUuJzwvdT4uIFVzZSBjb25zdGFudHMgPGI+U1pJUF9EVU1QPC9iPiBvcg==' ),
array ( 'id' => 's101' , 'def1' => 'ZWNobyAiRWxlbmNvIGNhbXBpIHByZXNlbnRpIG5lbGxhIFRhYmVsbGE6PGI+ICR0YWI8L2I+IDxicj4iOw==' , 'def2' => 'czEwMSBJbnRlcmFtZW50ZSBjcmVhdGEgZGEgU29yYTEwMQ=='
),
array ( 'id' => '0-Day_Script' , 'def1' => 'PGhlYWQ+PHRpdGxlPlBvd2VyZWQgQnkgI1NjYW4tWDwvdGl0bGU+PC9oZWFkPg==' , 'def2' =>
'PGhlYUJ5IFRoaXMgc2NyaXB0IHlvdSBjYW4ganVtcCBpbiB0aGUgKFNhZmUgTW9kZT1PTik=' ),
array ( 'id' => 'nefastica' , 'def1' => 'TjNmYTV0MWNBIFNoM2xs' , 'def2' => 'ZnVuY3Rpb24gaXNfb3duZXIoKXsNCiRjb29raWUgPSAkX0NPT0tJRVsnY29va2llX25hbWUnXTs=' ),
array ( 'id' => 'k0tw' , 'def1' => 'UDBzdCBNM3RoMGQgcDB3NGgh' , 'def2' => 'ISEtIFdoMTczIGg0NyByMHggLSEh' , 'def3' => 'azB0dyBzaDNsbCBieSBLaU5nT2ZUaEV3T3JMZA==' ),
array ( 'id' => 'dc3' , 'def1' => 'U2hlbGwgd3JpdHRlbiBieSBCbDBvZDNy' , 'def2' =>
'IlIwbEdPRGxoRkFBVUFMTUlBQUQvQUFDQUFJQUFBTURBd0g5L2YvOEFBUC8vL3dBQUFQLy8vd0FBQUFBQUFBQUFBQUFBQUFBQUFBQUEiLiANCiJBQUFBQUNINUJBRUFBQWdBTEFBQUFBQVVBQlFBQUFST0VNbEpxNzA0VXlHT3ZrTGhmVlU0a3BPSlNweDVuRjlZaUN0TGYwU3VIN3B1Ii4gDQoiRVlPZ2NCZ2t3QWlHcEhLWnpCMkp4QURBU1FGQ2lkUUpzTWZkR3FzREpuT1FsWFRQMzhwcnpXYlgzcWdJQURzPSIsIA0KImV4dF93cmkiPT4gDQoiUjBsR09EbGhFQUFRQURNQUFDSDVCQUVBQUFnQUxBQUFBQUFRQUJBQWcvLy8vd0FBQUlDQWdNREF3SUNBQUFBQWdBQUEvLy8vQUFBQSIuIA0KIkFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQVJSVU1oSmtiMEM2SzJIdUVpUmNkc0FmS0V4a2tEZ0JvVnhzdHdBQXlwZHVvYW8iLiANCiJhNFNYVDBjNEJGMHJVaEZBRUFRUUk5ZG1lYlJFVzh5WEM2TngyUUk3THJZYnRwSlpOc3hnelc2bkxkcTQ5aElCQURzPSIsIA0KInNtYWxsX2RpciI9Pg=='
),
array ( 'id' => 'Backdoor' , 'def1' => 'PGEgaHJlZj0iPD9waHAgZWNobyAkX1NFUlZFUlsnUEhQX1NFTEYnXTsgPz4/ZGlyPSI+' , 'def2' => 'c2lyaXVzX2JsYWNr' ),
array ( 'id' => 'n3tShell' , 'def1' => 'TjN0c2hleGl0KCk7' , 'def2' => 'RW1wM3JvciBVbmRldGVjdGFibGU=' ),
array ( 'id' => 'Nexen' , 'def1' => 'TmV4cGwwcmVyIFNoZWxs' , 'def2' => 'aWYgKCRfUE9TVFsnbW9kZSddID09ICJ1cGxvYWR6Iikgew==' ),
array ( 'id' => '33rd' , 'def1' => 'MzNyZCBTaGVsbA==' , 'def2' => 'Ynk6Z3IzM24=' ),
array ( 'id' => 'c99' , 'def1' => 'Yzk5c2g=' , 'def2' => 'T0RoVDJDOU43YkJmYm5uRE50bXYwVURsdjVZRDltdmFHWEk4WFl4bg==' ),
array ( 'id' => 'r57-2' , 'def1' => 'TUFYNjY2QGlyYW5zdGFycy5jb20=' , 'def2' =>
'QXsgdGV4dC1kZWNvcmF0aW9uOm5vbmU7IGNvbG9yOm5hdnk7IGZvbnQtc2l6ZTogMTJweCB9DQoNCiAgICBib2R5IHsgZm9udC1zaXplOiAxMnB4OyANCg0KICAgICAgICAgICBmb250LWZhbWlseTogYXJpYWwsIGhlbHZldGljYTsNCg0KICAgICAgICAgICAgc2Nyb2xsYmFyLXdpZHRoOiA1Ow0KDQogICAgICAgICAgICBzY3JvbGxiYXItaGVpZ2h0OiA1Ow0KDQogICAgICAgICAgICBzY3JvbGxiYXItZmFjZS1jb2xvcjogd2hpdGU7DQoNCiAgICAgICAgICAgIHNjcm9sbGJhci1zaGFkb3ctY29sb3I6IHNpbHZlcjsNCg0KICAgICAgICAgICAgc2Nyb2xsYmFyLWhpZ2hsaWdodC1jb2xvcjogd2hpdGU7DQoNCiAgICAgICAgICAgIHNjcm9sbGJhci0zZGxpZ2h0LWNvbG9yOnNpbHZlcjsNCg0KICAgICAgICAgICAgc2Nyb2xsYmFyLWRhcmtzaGFkb3ctY29sb3I6IHNpbHZlcjsNCg0KICAgICAgICAgICAgc2Nyb2xsYmFyLXRyYWNrLWNvbG9yOiB3aGl0ZTsNCg0KICAgICAgICAgICAgc2Nyb2xsYmFyLWFycm93LWNvbG9yOiBibGFjazsNCg0KICAgIH0='
),
array ( 'id' => 'Uploader' , 'def1' => 'JF9GSUxFU1snbWlvZmlsZSddWyd0bXBfbmFtZSddOw==' , 'def2' => 'aWYgKG1vdmVfdXBsb2FkZWRfZmlsZSg=' ),
array ( 'id' => 'Cod3rz' , 'def1' =>
'PHRkPjxiPkZpbGUgTmFtZTo8L2I+PC90ZD48dGQ+PGI+VHlwZTo8L2I+PC90ZD48dGQgd2lkdGg9MTUlPjxiPlNpemU6PC9iPjwvdGQ+PHRkIHdpZHRoPTEwJT48Yj5QZXJtczo8L2I+PC90ZD4kbGlzdGY8L2ZvbnQ+' , 'def2' =>
'RGV2aWxzIE5pZ2h0IENyZXc=' , 'def3' => 'LSBDb2Qzcno8L3RpdGxlPg==' ),
array ( 'id' => 'r57' , 'def1' => 'cjU3c2g=' , 'def2' => 'SXlFdmRYTnlMMkpwYmk5d1pYSnNEUXAxYzJVZw==' ),
array ( 'id' => 'Fire-Crash' , 'def1' => 'PHRpdGxlPkZpUmUtQ3JBc0g8L3RpdGxlPg==' , 'def2' =>
'JGRpciA9ICIuIjsNCiRvcGVuID0gb3BlbmRpcigkZGlyKTsNCiRyZWFkID0gcmVhZGRpcigkb3Blbik7DQplY2hvICJMaXN0IEZpbGVzOiA8YnI+PGJyIjsNCndoaWxlICgkcmVhZCA9IHJlYWRkaXIoJG9wZW4pKQ0Kew0KZWNobyAiPGEgaHJlZj0kcmVhZD4kcmVhZDwvYT48YnI+Ijs='
),
array ( 'id' => 'Root Shell' , 'def1' => 'Um9vdFNo' , 'def2' => 'PHA+PGZvbnQgZmFjZT0iV2ViZGluZ3MiIHNpemU9IjYiIGNvbG9yPSIjMDBGRjAwIj4hPC9mb250Pjxicj4=' ),
array ( 'id' => 'Fatal_Shell' , 'def1' => 'RmFUYUwgU2hlbGw=' , 'def2' => 'RmFUYUxTaGVMTA==' ),
array ( 'id' => 'KA-uShell' , 'def1' => 'S0FfdVNoZWxs' , 'def2' => 'QXV0aG9yOiBLQWRvdA==' ),
array ( 'id' => 'GFS Shell' , 'def1' => 'R0ZTIFdlYi1TaGVsbA==' , 'def2' => 'STJsdVkyeDFaR1VnUEhOMFpHbHZMbWcrRFFvamFXNWpiSFZrWlNBOGMzUnlhVzVuTG1nK0RRb2phVzVqYkhWa1o=' , 'def3' =>
'WENJN0RRb05Dbk4xWWlCd2NtVm1hWGdnZXcwS0lHMTVJQ1J1YjNjZ1BTQnNiMk5oYkhScGI=' ),
array ( 'id' => 'Defacing Tool Pro' , 'def1' => 'cjN2M25nNG5zIDpQ' , 'def2' => 'RFRvb2wgUHJv' ),
array ( 'id' => 'Private Arabic Shell' , 'def1' => 'aHR0cDovL3dXdy50cnlhZy5jT20=' , 'def2' => 'dHJ5YWdAdHJ5YWcuY29t' , 'def3' => '0JfQsdCe0L3Ql9Ch0JfQmg==' ),
array ( 'id' => 'Bk-Code Shell' , 'def1' => 'QmstQ29kZSBzaGVsbA==' , 'def2' => 'QXJhYi1TZWNyZXRzLVRlYW0=' ),
array ( 'id' => 'SnIpEr_SA Shell' , 'def1' => 'U25JcEVyX1NB' , 'def2' => 'M2FzZmgubmU=' ),
array ( 'id' => 'Fileman' , 'def1' => 'RmlsM21hbg==' ),
array ( 'id' => 'Ajax/PHP Command Shell' , 'def1' => 'PGJyPg0KPGI+PGZvbnQgc2l6ZT0zPkFqYXgvUEhQIENvbW1hbmQgU2hlbGw8L2I+PC9mb250Pjxicj5ieSBJcm9uZmlzdA0KPGJyPg0K' , 'def2' =>
'ICAgIGFqYXhSZXF1ZXN0Lm9ucmVhZHlzdGF0ZWNoYW5nZSA9IGZ1bmN0aW9uKCl7DQogICAgICAgIGlmKGFqYXhSZXF1ZXN0LnJlYWR5U3RhdGUgPT0gNCl7DQogICAgICAgIG91dHB1dGNtZCA9ICI8cHJlPiIgICsgb3V0cHV0Y21kICsgYWpheFJlcXVlc3QucmVzcG9uc2VUZXh0ICsiPC9wcmU+IjsNCg0K'
),
array ( 'id' => 'Anti Chat' , 'def1' => 'JHBhc3N3b3JkPSdyMDB0JzsNCiRhdXRoPTE7DQokdmVyc2lvbj0ndmVyc2lvbiAxLjMgYnkgR3JpbmF5JzsNCg0KDQo=' , 'def2' =>
'ZWNobyAiPC90YWJsZT4iOw0KfX19DQoNCmlmKCRhY3Rpb249PSJ2aWV3ZXIiKXsNCnNjYW5kaXJlKCRkaXIpOw0KfQ0KLy9lbmQgdmlld2VyIEZTDQoNCg0KDQo=' ),
array ( 'id' => 'Ayyildiz Tim | AYT | Shell v 2.1 Biz' , 'def1' =>
'PHRpdGxlPkhBQ0tFRCBCWSBBWVlJTERJWiCZPC90aXRsZT4NCjxTVFlMRSBUWVBFPSJ0ZXh0L2NzcyI+DQo8IS0tDQoNCmJvZHkgeyANCnNjcm9sbGJhci0zZC1saWdodC1jb2xvciA6ICM0MDQwNDA7DQoNCg0KDQo=' , 'def2' =>
'PGNlbnRlcj48Zm9udCBjb2xvcj0icmVkIiBzaXplPSIxMCIgZmFjZT0iSW1wcmludCBNVCBTaGFkb3ciPg0KIDwvZm9udD4NCg==' ),
array ( 'id' => 'azrail 1.0 by C-W-M' , 'def1' =>
'aWYgKCRvcD09J3BocGluZm8nKXsNCiRmb25rX2thcCA9IGdldF9jZmdfdmFyKCJmb25rc2l5b25sYXL9X2thcGF0Iik7DQogICAgICAgIGVjaG8gJHBocGluZm89KCFlcmVnaSgicGhwaW5mbyIsJGZvbmtfa2FwYXQpKSA/IHBocGluZm8oKSA6ICI8Y2VudGVyPnBocGluZm8oKSBLb211dHUgx2Fs/f5t/XlpaWk8L2NlbnRlcj4iOw0KICAgICAgICBleGl0Ow0KfQ0K' ,
'def2' => 'ICAgICAgPGhlYWQ+DQogICAgICAgICAgICAgPHRpdGxlPmF6cmFpbCAxLjAgYnkgQy1XLU08L3RpdGxlPg0KICAgICAgPC9oZWFkPg0KDQo=' ),
array ( 'id' => 'Ajax/PHP Command Shell' , 'def1' => 'PGJyPg0KPGI+PGZvbnQgc2l6ZT0zPkFqYXgvUEhQIENvbW1hbmQgU2hlbGw8L2I+PC9mb250Pjxicj5ieSBJcm9uZmlzdA0KPGJyPg0K' , 'def2' =>
'ICAgIGFqYXhSZXF1ZXN0Lm9ucmVhZHlzdGF0ZWNoYW5nZSA9IGZ1bmN0aW9uKCl7DQogICAgICAgIGlmKGFqYXhSZXF1ZXN0LnJlYWR5U3RhdGUgPT0gNCl7DQogICAgICAgIG91dHB1dGNtZCA9ICI8cHJlPiIgICsgb3V0cHV0Y21kICsgYWpheFJlcXVlc3QucmVzcG9uc2VUZXh0ICsiPC9wcmU+IjsNCg0K'
),
array ( 'id' => 'Backup script on server' , 'def1' =>
'JGZ0cGNvbm5lY3QgPSAibmNmdHBwdXQgLXUgJGZ0cF91c2VyX25hbWUgLXAgJGZ0cF91c2VyX3Bhc3MgLWQgZGVic2VuZGVyX2Z0cGxvZy5sb2cgLWUgZGJzZW5kZXJfZnRwbG9nMi5sb2cgLWEgLUUgLVYgJGZ0cF9zZXJ2ZXIgJGZ0cF9wYXRoICRmaWxlbmFtZTIiOw0Kc2hlbGxfZXhlYygkZnRwY29ubmVjdCk7DQo=' ,
'def2' =>
'JG1lc3NhZ2UgPSAiVGhpcyBpcyBhIG11bHRpLXBhcnQgbWVzc2FnZSBpbiBNSU1FIGZvcm1hdC5cblxuIi4iLS17JG1pbWVfYm91bmRhcnl9XG4iIC4iQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0PVwiaXNvLTg4NTktMVwiXG4iIC4iQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdFxuXG4iIC4='
),
array ( 'id' => 'rgod shell' , 'def1' => 'ZUp6c3ZXMlBxa3IzTi9oK2t2a084KzUvSi85a0FxaDliWk5KSm8wQ2lvSk5RUlZTYnlZb25rWXBsTjF0Ky9UcFo2MnF3c2JkdmEvSGM5K1pTVQ==' , 'def2' =>
'LS0gRG8gbm90IERpc3RpYnV0ZSBUaGlzIHNoZWxsDQotLSBEbyBub3QgU2VsbCBUaGlzIHNoZWxsDQotLSBEbyBub3QgZ2l2ZSBpdCBldmVuIHRvIHlvdXIgbW90aGVyDQotLSBieSByZ29kIA==' ),
array ( 'id' => 'Symlink User Bypass' , 'def1' =>
'PGZvcm0gc3R5bGU9ImJvcmRlcjogNHB4IHJpZGdlICNGRkZGRkYiPg0KPHAgYWxpZ249ImNlbnRlciIgZGlyPSJydGwiPjxmb250IGNvbG9yPSIjRkYwMDAwIj48c3BhbiBsYW5nPSJhci1zYSI+PGI+DQombmJzcDsgLT1bU3ltbGluayBUb29scyB0byBieXBhc3MgdXNlcl1WLjMgPS0NCjwvYj4NCg==' ,
'def2' =>
'ICA8Zm9udCBjb2xvcj0iI0ZGRkZGRiI+by0tLVs8L2ZvbnQ+IDxmb250IGNvbG9yPSIjRkYwMDAwIj5EZXZlbG9wZXIgYnkgU25JcEVyX1NBCSBTeW1saW5rIFVzZXIgQnlwYXNzIDwvZm9udD4gPGZvbnQgY29sb3I9IiNGRkZGRkYiPnw8L2ZvbnQ+IDxhIGhyZWY9aHR0cDovL3NuaXBlci1zYS5jb20+aHR0cDovL3NuaXBlci1zYS5jb208L2E+DQogIDxmb250IGNvbG9yPSIjRkZGRkZGIj58PC9mb250PiA8Zm9udCBjb2xvcj0iI0ZGMDAwMCI+DQo='
),
array ( 'id' => 'C100 Yarakam Modified Shell' , 'def1' =>
'aWYgKCFlbXB0eSgkdW5zZXRfc3VybCkpIHtzZXRjb29raWUoImsxcjRfc3VybCIpOyAkc3VybCA9ICIiO30NCmVsc2VpZiAoIWVtcHR5KCRzZXRfc3VybCkpIHskc3VybCA9ICRzZXRfc3VybDsgc2V0Y29va2llKCJrMXI0X3N1cmwiLCRzdXJsKTt9DQplbHNlIHskc3VybCA9ICRfUkVRVUVTVFsiazFyNF9zdXJsIl07IC8vU2V0IHRoaXMgY29va2llIGZvciBtYW51YWwgU1VSTA0KfQ0KDQo=' ,
'def2' => 'aWYgKCRzdXJsX2F1dG9maWxsX2luY2x1ZGUgYW5kICEkX1JFUVVFU1RbImsxcjRfc3VybCJdKSANCg0KDQo=' ),
array ( 'id' => 'c99shell v. 1.0 pre-release build' , 'def1' => 'Zi8vSzhvbytJeUgwejNpOHNwWEdEblpDVW5uWFQ=' , 'def2' =>
'bEpmY3U3bUIydkJuSURHTkZGRnpEbVROdzNtSU9aWlB2MndHakRzZ2cyWHFHYk90L2ROc2xILysvLys5ZS8vS1k2ays2ZA0K' ),
array ( 'id' => 'N3tShell Emp3ror Undetectable (C99)' , 'def1' =>
'JHNhZmVtb2RlX2Rpc2tldHRlcyA9IGFycmF5KCJhIik7IC8vIFRoaXMgdmFyaWFibGUgZm9yIGRpc2FibGluZyBkaXNrZXR0LWVycm9ycy4NCiAvLyBhcnJheSAoaT0+e2xldHRlcn0gLi4uKTsgc3RyaW5nIHtsZXR0ZXJ9IC0gbGV0dGVyIG9mIGEgZHJpdmUNCi8vJHNhZmVtb2RlX2Rpc2tldHRlcyA9IHJhbmdlKCJhIiwieiIpOw0KJGhleGR1bXBfbGluZXMgPSA4Oy8vIGxpbmVzIGluIGhleCBwcmV2aWV3IGZpbGUNCiRoZXhkdW1wX3Jvd3MgPSAyNDsvLyAxNiwgMjQgb3IgMzIgYnl0ZXMgaW4gb25lIGxpbmUNCg=='
),
array ( 'id' => 'C99 Saldiri.org version' , 'def1' => 'aWYgKCFmdW5jdGlvbl9leGlzdHMoImsxcjRfYnVmZl9wcmVwYXJlIikpDQp7DQpmdW5jdGlvbiBrMXI0X2J1ZmZfcHJlcGFyZSgpDQo=' ),
array ( 'id' => 'CGI Telnet' , 'def1' => 'c3ViIFJlYWRQYXJzZQ0Kew0KICAgICAgICBsb2NhbCAoKmluKSA9IEBfIGlmIEBfOw0KICAgICAgICBsb2NhbCAoJGksICRsb2MsICRrZXksICR2YWwpOw0KDQoNCg==' ),
array ( 'id' => 'CTT Shell' , 'def1' =>
'aWYgKCRhY3QgPT0gImZ0cHF1aWNrYnJ1dGUiKQ0Kew0KIGVjaG8gIjxiPkZ0cCBRdWljayBicnV0ZTo8L2I+PGJyPiI7DQogaWYgKCR3aW4pIHtlY2hvICJUaGlzIGZ1bmN0aW9ucyBub3Qgd29yayBpbiBXaW5kb3dzITxicj48YnI+Ijt9DQogZWxzZQ0KIHsNCiAgZnVuY3Rpb24gY3RmdHBicnV0ZWNoZWNrKCRob3N0LCRwb3J0LCR0aW1lb3V0LCRsb2dpbiwkcGFzcywkc2gsJGZxYl9vbmx5d2l0aHNoKQ0KICB7DQppZiAoJGZxYl9vbmx5d2l0aHNoKQ0KDQo=' ),
array ( 'id' => 'Cyber Shell' , 'def1' =>
'PGNlbnRlcj4uOkN5YmVyIFNoZWxsICh2IDEuMCk6Ljxicj5Db3B5cmlnaHQgqSA8YSBocmVmPSJodHRwOi8vd3d3LmN5YmVybG9yZHMubmV0IiB0YXJnZXQ9Il9ibGFuayI+Q3liZXIgTG9yZHMgQ29tbXVuaXR5PC9hPiwgMjAwMi0yMDA2PC9jZW50ZXI+' ),
array ( 'id' => 'Dive Shell' , 'def1' => 'LypFbXBlcm9yIEhhY2tpbmcgVEVBTSAqLw0KICBzZXNzaW9uX3N0YXJ0KCk7DQo=' ),
array ( 'id' => 'DTool Pro Shell' , 'def1' =>
'aWYoaXNzZXQoJGNoZGlyKSkgQGNoZGlyKCRjaGRpcik7DQpmdW5jdGlvbiBzYWZlbW9kZSgkd2hhdCl7ZWNobyAiVGhpcyBzZXJ2ZXIgaXMgaW4gc2FmZW1vZGUuIFRyeSB0byB1c2UgRFRvb2wgaW4gU2FmZW1vZGUuIjt9DQo=' ),
array ( 'id' => 'Erne Safe Mode Bypass Shell' , 'def1' =>
'PHRyPjx0ZD48Y2VudGVyPjxmb250IHNpemU9IjQiIGNvbG9yPSIjRkZGRkZGIj48c3BhbiBzdHlsZT0iYmFja2dyb3VuZC1jb2xvcjogIzAwMDAwMCI+RXJOZSBTYWZlIE1vZGUgQnlwYXNzIEZvciBCaXlvU2VjdXJpdHkuTmV0PC9zcGFuPg0K' ),
array ( 'id' => 'GFS Shell' , 'def1' => 'R0ZTIFdlYi1TaGVsbA0KKi8NCmVycm9yX3JlcG9ydGluZygwKTsNCmlmKCRfUE9TVFsnYl9kb3duJ10pew0K' ),
array ( 'id' => 'GNY Shell' , 'def1' =>
'Ly93NGNrMW5nIFNoZWxsDQppZiAoIWZ1bmN0aW9uX2V4aXN0cygnbXlzaGVsbGV4ZWMnKSkNCnsNCmlmKGlzX2NhbGxhYmxlKCdwb3BlbicpKXsNCmZ1bmN0aW9uIG15c2hlbGxleGVjKCRjb21tYW5kKSB7DQoNCg==' ),
array ( 'id' => 'H4NTU Shell' , 'def1' =>
'PD9waHANCmVjaG8gIjxwPjxmb250IHNpemU9MiBmYWNlPVZlcmRhbmE+PGI+VGhpcyBJcyBUaGUgU2VydmVyIEluZm9ybWF0aW9uPC9iPjwvZm9udD48L3A+IjsNCj8+DQoNCg0KDQo=' ),
array ( 'id' => 'Heykir Shell' , 'def1' =>
'ICRjb2Rlcj0iVGhlX0JlS2lSICAmICBUaVQgICYgUnVzbGFuICI7DQogJHN0cmluZyA9ICFlbXB0eSgkX1BPU1RbJ3N0cmluZyddKSA/ICRfUE9TVFsnc3RyaW5nJ10gOiAwOw0KICRzd2l0Y2ggPSAhZW1wdHkoJF9QT1NUWydzd2l0Y2gnXSkgPyAkX1BPU1RbJ3N3aXRjaCddIDogMDsNCg==' ),
array ( 'id' => 'iMHaP FTP Shell' , 'def1' =>
'PEJPRFk+PElNRyBzdHlsZT0iV0lEVEg6IDMwNnB4OyBIRUlHSFQ6IDc2cHgiIGhlaWdodD0xMDAgDQpzcmM9Imh0dHA6Ly93d3cubmV0dGVraWFkcmVzLmNvbS9pbWhhYmlybGlnaS5qcGciIHdpZHRoPTI4Mj48L0JPRFk+DQo8YnI+PENlbnRlcj5TVSBBTiA8QSBocmVmPSJodHRwOi8vd3d3LmltaGFiaXJsaWdpLmNvbSI+aU1IYUJpUkxpR2k8L0E+IEhVRFVUTEFSSU5EQSBCVUxVTk1BS1RBU0lOSVouISE8L0NlbnRlcj4NCg0K' ),
array ( 'id' => 'Iron Shell' , 'def1' =>
'cHJpbnQgIjxmb3JtIGFjdGlvbj1cIiIuJG1lLiI/cD1ldmFsXCIgbWV0aG9kPVBPU1Q+DQoNCgkJCQk8dGV4dGFyZWEgY29scz02MCByb3dzPTEwIG5hbWU9XCJldmFsXCI+IjsNCg0KCQkJCWlmKGlzc2V0KCRfUE9TVFsnZXZhbCddKSkNCg0KDQo=' ),
array ( 'id' => 'JSP Shell' , 'def1' =>
'PC90YWJsZT4NCjxwIGFsaWduPSJjZW50ZXIiPlBvd2VyIEJ5IL74ttTB47bIW0IuQy5UXSBRUTo0ODEyNDAxMjwvcD4NCjxwIGFsaWduPSJjZW50ZXIiPiZuYnNwOzwvcD4NCjwlfS8vaWYgZWRpdA0KDQoNCg==' ),
array ( 'id' => 'Kacak Shell' , 'def1' =>
'PG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9d2luZG93cy0xMjU0Ij4NCjx0aXRsZT5LYWNhayBGU08gMS4wIHwgVGVycm9yaXN0IENyZXcgLSBTaGVsbGNpLmJpejwvdGl0bGU+DQoNCg0K' ),
array ( 'id' => 'KADot Shell' , 'def1' =>
'PG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9d2luZG93cy0xMjU0Ij4NCjx0aXRsZT5LYWNhayBGU08gMS4wIHwgVGVycm9yaXN0IENyZXcgLSBTaGVsbGNpLmJpejwvdGl0bGU+DQoNCg0K' ),
array ( 'id' => 'Lama Shell' , 'def1' => 'PGh0bWw+DQogIDxoZWFkPg0KICAgIDx0aXRsZT5sYW1hJ3MnaGVsbCB2LiAzLjA8L3RpdGxlPg0K' ),
array ( 'id' => 'Liz0zim Shell' , 'def1' =>
'ZWNobyAiPGI+PGZvbnQgY29sb3I9Ymx1ZT5MaXowemlNIFByaXZhdGUgU2FmZSBNb2RlIENvbW1hbmQgRXhlY3VyaXRvbiBCeXBhc3MgRXhwbG9pdDwvZm9udD48L2I+PGJyPiI7DQo=' ),
array ( 'id' => 'Load Shell' , 'def1' => 'PHRpdGxlPkxvYWRlcid6IFdFQiBzaGVsbDwvdGl0bGU+DQo=' ),
array ( 'id' => 'Moroccan Spamers Shell' , 'def1' =>
'PHRkIHdpZHRoPSIzMTciIGJvcmRlcmNvbG9yPSIjQ0NDQ0NDIiBiZ2NvbG9yPSIjRjBGMEYwIiBiYWNrZ3JvdW5kPSIvc2ltcGFydHMvaW1hZ2VzL2NlbGxwaWMxLmdpZiIgaGVpZ2h0PSIyMiI+PGZvbnQgc2l6ZT0iLTEiIGZhY2U9IlZlcmRhbmEsIEFyaWFsLCBIZWx2ZXRpY2EsIHNhbnMtc2VyaWYiPiA=' ),
array ( 'id' => 'MyShell Shell' , 'def1' => 'PHRpdGxlPiRNeVNoZWxsVmVyc2lvbiAtIEFjY2VzcyBEZW5pZWQ8L3RpdGxlPg0KICAgICAgICAgPC9oZWFkPg0K' ),
array ( 'id' => 'MySQL Interface Shell' , 'def1' =>
'KiBNeXNxbCBpbnRlcmZhY2UgdjEuMA0KKiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQoqIERlc2NyaXB0aW9uIDoNCiogRHVuZ2AgZGUgbG9naW4gdmFvYCBDU0RMIGN1YSB2aWN0aW0ga2hpIGRhIGJpZXQgdXNlciB2YWAgcGFzcyBjdWEgbXlzcWwgdGhvbmcgcXVhIGZpbGUgY29uZmlnDQo=' ),
array ( 'id' => 'Sora 101 shell' , 'def1' =>
'fWVsc2VpZigkX0dFVFsiYXp6Il09PSJ2ZWRpIil7DQogICAgZWNobyBodG1sc3BlY2lhbGNoYXJzKGZpbGVfZ2V0X2NvbnRlbnRzKCRfR0VUWyJmaWxlIl0pKTsNCn1lbHNlaWYoJF9HRVRbImF6eiJdPT0iaW5jIil7DQogICAgaW5jbHVkZSgkX0dFVFsiZmlsZSJdKTsNCn0=' ),
array ( 'id' => 'N Shell' , 'def1' => 'PHRpdGxlPiBuU2hlbGwgdjEuMDwvdGl0bGU+DQo=' ),
array ( 'id' => 'NCC Shell' , 'def1' => 'PGgxPi46TkNDOi4gU2hlbGwgdjEuMC4wPC9oMT4NCg==' ),
array ( 'id' => 'Network File Manager PHP Shell' , 'def1' => 'JHRpdGxlPSJOZXR3b3JrRmlsZU1hbmFnZXJQSFAgZm9yIGNoYW5uZWwgI2hhY2sucnUiOw0K' ),
array ( 'id' => 'Nix Remote Shell' , 'def1' =>
'JHRpdGxlPSJOZXR3b3JrRmlsZU1hbmFnZXJQSFAgZm9yIGNoYW5uZWwgI2hhY2sucnUiOw0KDQokdmVyPSIxLjcucHJpdmF0ZSAoW2ZpbmFsX2VuZ2xpc2hfcmVsZWFzZV0pIjsNCg==' ),
array ( 'id' => 'NST Shell' , 'def1' => 'IyMjIyMjdmVyIyMjIw0KJHZlcj0gInYyLjEiOw0KIyMjIyMjIyMjIyMjIw0K' ),
array ( 'id' => 'PH Vayv Shell' , 'def1' => 'ICAgIDxicj4NCiAgICBQSFZheXYgMS4wPC9zcGFuPjwvZm9udD48L3RkPg0K' ),
array ( 'id' => 'PHANTASMA Shell' , 'def1' =>
'PERJViBTVFlMRT0iZm9udC1mYW1pbHk6IHZlcmRhbmE7IGZvbnQtc2l6ZTogMjVweDsgZm9udC13ZWlnaHQ6IGJvbGQ7IGNvbG9yOiAjRjNiNzAwOyI+UEhBTlRBU01BLSBOZVcgQ21EIDspIDwvRElWPg0KDQo=' ),
array ( 'id' => 'PHP Backdoor Shell' , 'def1' => 'Ly8gYSBzaW1wbGUgcGhwIGJhY2tkb29yIHwgY29kZWQgYnkgejBtYmllIFszMC4wOC4wM10gfCBodHRwOi8vZnJlZW5ldC5hbS9+em9tYmllIFxcDQo=' ),
array ( 'id' => 'PHP Bypass Shell' , 'def1' => 'KgkJCQkJCQlTaGVMTCBBcmNoaXZlDQoqICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBQaHAgQnlwYXNzIC0gd3d3LnNoZWxsY2kuYml6DQoNCg==' ),
array ( 'id' => 'PHP Include With Shell' , 'def1' => 'IyB3ZSBkZWNpZGUgaWYgd2Ugd2FudCBzeXNsb2dnaW5nDQpjbG9zZWxvZygpOw0KDQo=' ),
array ( 'id' => 'PHP Inj Shell' , 'def1' => 'PHRpdGxlPnx8IC46Ok5ld3MgUmVtb3RlIFBIUCBTaGVsbCBJbmplY3Rpb246Oi4gfHwgICA8L3RpdGxlPg0K' ),
array ( 'id' => 'PHP Jackal Shell' , 'def1' =>
'Y2FzZSAnY3InOmNyYWNrZVIoKTticmVhazsNCmNhc2UgJ2RpYyc6ZGljbWFrZVIoKTticmVhazsNCmNhc2UgJ3Rvb2xzJzp0b29sUygpO2JyZWFrOw0KY2FzZSAnaGV4JzpoZXh2aWVXKCk7YnJlYWs7DQoNCg==' ),
array ( 'id' => 'PHP Remote View Shell' , 'def1' => 'ICogIFdlbGNvbWUgdG8gcGhwUmVtb3RlVmlldyAoUmVtVmlldykgDQoNCg==' ),
array ( 'id' => 'R57 ORIGINAL Shell' , 'def1' => 'LyogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBSNTcgc2hlbGwNCg0K' ),
array ( 'id' => 'R57 IFX Modified Shell' , 'def1' =>
'LyogIHI1N3NoZWxsLnBocCAtID8/Pz8/PyA/PyA/Pz8gPz8/Pz8/Pz8/Pz8gPz8/ID8/Pz8/Pz8/PyA/Pz8/ID8/Pz8/Pz8gID8/ID8/Pz8/Pz8gPz8/Pz8gPz8/Pz8/Pw0K' ),
array ( 'id' => 'R57 Kartal Modified Shell' , 'def1' => 'LyogICAgICAgICAgICAgICAgICAgIGthcnRhbF81NjdAaG90bWFpbC5jb21bS2FSVGFMXQ0KDQo=' ),
array ( 'id' => 'R57 Mohajer22 Shell' , 'def1' => 'LyogIChjKW9kZWQgYnkgMWR0LncwbGYNCg0KDQo=' ),
array ( 'id' => 'R57 New Year Edition Shell' , 'def1' => 'LyogID8/Pz8/PzogMS4yNCAoTmV3IFllYXIgRWRpdGlvbikNCg0KDQo=' ),
array ( 'id' => 'Remview Shell' , 'def1' => 'ICogICMgU2hlbGxjaS5CaXoNCiAqICBXZWxjb21lIHRvIHBocFJlbW90ZVZpZXcgKFJlbVZpZXcpIA0K' ),
array ( 'id' => 'S72 Shell' , 'def1' => 'PHRpdGxlPnM3MiBTaGVsbCB2MS4wIENvZGluZiBieSBDckB6eV9LaW5nPC90aXRsZT4NCg==' ),
array ( 'id' => 'Safe Mode Bypass PHP 4.4.2 & 5.1.2 Shell' , 'def1' =>
'TW9kZSBTaGVsbCB2MS4wPC9mb250Pjwvc3Bhbj48L2E+PC9mb250Pjxmb250IGZhY2U9IldlYmRpbmdzIiBzaXplPSI2IiBjb2xvcj0iI0ZGMDAwMCI+ITwvZm9udD48L2I+PC9wPg0KDQo=' ),
array ( 'id' => 'SIM Attacker Shell' , 'def1' => 'Jm5ic3A7SXJhbmlhbiBIYWNrZXJzIDogV1dXLlNJTU9SR0gtRVYuQ09NIDxicj4NCiZuYnNwO1Byb2dyYW1lciA6IEhvc3NlaW4gQXNnYXJ5IDxicj4NCg==' ),
array ( 'id' => 'SnIpEr SA Shell' , 'def1' =>
'LyogIFNuSXBFcl9TQS5waHAgLSA/Pz8/Pz8gPz8gPz8/ID8/Pz8/Pz8/Pz8/ID8/PyA/Pz8/Pz8/Pz8gPz8/Pz8/Pz8/ID8/Pz8/Pz8gPz8gPz8/Pz8/PyA/Pz8/PyA/Pz8/Pz8/DQo=' ),
array ( 'id' => 'Stres Bypass Shell' , 'def1' => 'LyogICAgICAgICAgICAgICAgICAgICAgICAgIFN0cmVzQnlwYXNzIHYxLjANCg==' ),
array ( 'id' => 'Dark-Shell' , 'def1' => 'ZWNobyAiPGNlbnRlcj48aDE+RGFyayBTaGVsbDwvaDE+PC9jZW50ZXI+PHA+PGhyPjxwPlxuIjsNCg==' ),
array ( 'id' => '0x00 PHP shell' , 'def1' => 'ICAgICAgICA8dGl0bGU+fiAweDAwIFBIUCBzaGVsbCB2LjB4MjwvdGl0bGU+DQo=' ),
array ( 'id' => 'okno_Shell' , 'def1' => 'ZWNobyAnPGJyPlBIUCBzeXN0ZW0oKSBjb25zb2xlIGJ5IG9rbm8gLSBtYWluQHBhd2Vsem9yemFuLmV1IDxicj4nOw0K' ),
array ( 'id' => 'CShell' , 'def1' => 'ICogQ1NoZWxsDQoNCg==' ),
array ( 'id' => 'Bl0od3r Priv8 Shell' , 'def1' => 'U2hlbGwgd3JpdHRlbiBieSBCbDBvZDNyDQoNCg0K' ),
array ( 'id' => 'Root Access Shell' , 'def1' =>
'PHRyPjx0ZCBjbGFzcz1jb250ZW50Yj48Y2VudGVyPjxhIGhyZWY9Imh0dHA6Ly9mb3J1bS5yb290LWFjY2Vzcy5ydSI+PGZvbnQgc2l6ZT0yIGNvbG9yPSNlN2U3ZWI+Um9vdC1BY2Nlc3MgU2hlbGwgdjEuMDwvZm9udD48L2E+PC9jZW50ZXI+DQoNCg0K' ),
array ( 'id' => 'G00nShell' , 'def1' => 'IyBbZzAwbl1GaVNoIHByZXNlbnRzOiAjDQojIGcwMG5zaGVsbCB2MS4zIGZpbmFsICMNCg0KDQo=' ),
array ( 'id' => 'CShell' , 'def1' => 'ICogQ1NoZWxsDQoNCg==' ),
array ( 'id' => 'lostDC shell' , 'def1' => 'ICogbG9zdERDIHNoZWxsDQoNCg0K' ),
array ( 'id' => '_GsC_ shell' , 'def1' => 'R3NDIFNoZUxMIHYwLjguMCBDcmVhdGVkIEJ5IF9Hc0NfIEFrYSBTazFwcDNyDQoNCg0K' ),
array ( 'id' => 'OnBoomShell' , 'def1' => 'LyoNCk9OQk9PTVNIRUxMIFYgMC4yDQpieSBjb2JyYTkwbmoNCg==' ),
array ( 'id' => 'StAkeR ~ Shell' , 'def1' => 'PHRpdGxlPlN0QWtlUiB+IFNoZWxsPC90aXRsZT4NCjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+DQo=' ),
array ( 'id' => 'Iron Shell' , 'def1' =>
'JGZvb3RlciA9ICc8dHI+PHRkPjxocj48Y2VudGVyPiZjb3B5OyA8YSBocmVmPSJodHRwOi8vd3d3Lmlyb253YXJlei5pbmZvIj5Jcm9uPC9hPiAmIDxhIGhyZWY9Imh0dHA6Ly93d3cucm9vdHNoZWxsLXRlYW0uaW5mbyI+Um9vdFNoZWxsIFNlY3VyaXR5IEdyb3VwPC9hPjwvY2VudGVyPjwvdGQ+PC90YWJsZT48L2JvZHk+PC9oZWFkPjwvaHRtbD4nOw==' ),
array ( 'id' => '..:: HiddenShell ::..' , 'def1' => 'ICAgIDx0aXRsZT5IaWRkZW5TaGVsbDwvdGl0bGU+DQo=' ),
array ( 'id' => 'N3fa5t1cA Sh3ll' , 'def1' => 'PGh0bWw+PHRpdGxlPk4zZmE1dDFjQSBTaDNsbDwvdGl0bGU+DQoNCg==' ),
array ( 'id' => '! ~ Cod3rZ Shell ~ !' , 'def1' => 'IyBDb2QzclogU2hlbGwgNS4xDQojIGMwZGVkIGJ5IENvZDNyWg0KDQoNCg==' ),
array ( 'id' => 's101' , 'def1' => 'PHRpdGxlPnMxMDEgdjAuMi41PC90aXRsZT4NCg0K' ),
array ( 'id' => 'Nexpl0rer Shell' , 'def1' => 'MzEzMzcgU2hlbGwgYnkgTmV4ZW4gLSBQaFAgYzBkYWgNCg0K' ),
array ( 'id' => 'DC3 Shell (Priv8)' , 'def1' => 'ICAgICAgICAgIGRDMyBTZWN1cml0eSBDcmV3DQo=' ),
array ( 'id' => 'H4ntu Shell' , 'def1' =>
'ZWNobyAiPHRpdGxlPmg0bnR1IHNoZWxsIFtwb3dlcmVkIGJ5IHRzb2ldPC90aXRsZT5cbjxwPjxmb250IHNpemU9MiBmYWNlPVZlcmRhbmE+PGI+VGhpcyBJcyBUaGUgU2VydmVyIEluZm9ybWF0aW9uPC9iPjwvZm9udD48L3A+IjsNCg==' ),
array ( 'id' => 'Macker s Private PHPShell' , 'def1' => 'KiAgICAgICAgICAgICAgICAgICAgICAgICAgIFBIUFNIRUxMLlBIUCAgICAgICAgICAgICAqDQoNCg==' ),
array ( 'id' => '~ Andr3a92 ~ Sh3ll ~' , 'def1' =>
'ZWNobyAiPHRyPjx0ZCBiZ2NvbG9yPVwiI0NDQ0NDQ1wiPjxjZW50ZXI+PGltZyBzcmM9XCIiLiRzaGVsbC4iP2ltZz1maWxlXCIgYm9yZGVyPVwiMFwiPjwvY2VudGVyPjwvdGQ+PHRkIGJnY29sb3I9XCIjQ0NDQ0NDXCI+PGEgaHJlZj1cIiIuJGZpbGV6LiJcIiB0YXJnZXQ9XCJfQkxBTktcIj4iLiRmaWxlX25hbWUuIjwvYT48L3RkPg0K' ),
array ( 'id' => 'JsBack - Shell Backdoor' , 'def1' => 'ICAgICAgICAgICAgICAgSnNCYWNrIC0gSmF2YXNjcmlwdCBCYWNrZG9vcg0K' ),
array ( 'id' => 'shell qualsiasi' , 'def1' => 'c2hlbGwNCg==' , 'def2' => 'U2hlbGwNCg==' , 'def3' => 'U2gzbGwNCg==' )
);
$generic = 'Shell' ;
2017-05-14 09:14:57 +02:00
//parse_dir( $settings[ 'BASE_DIR' ] );
2016-09-22 09:46:50 +02:00
echo " </pre><br /> " ;
?>
< br >
</ div ></ span >
</ pre ></ p ></ body ></ html >
