Ani-Shell v1.0--PHP Shell with features like Fuzzer , Mailer

lionaneesh · Jun 4, 2011

Hey Guyz! I have released a new Project Named Ani-Shell , Its OpenSource and You can do anything with it! Enj0y!

Ani-Shell v1.0

==[0x00] Introduction

Ani-Shell is a simple PHP shell with some unique features like Mass Mailer , A simple Web-Server Fuzzer , etc ! This shell has immense capabilities and have been written with some coding standards in mind for better editing and customization.

====[0x0001] Support

[0x0001A] Donate
[0x0001B] Follow Me
[0x0001C] Facebook

====[0x0002] Default Login

Username : lionaneesh
Password : lionaneesh

==[0x01] Features

[0x01A] Shell
[0x01B] Platform Independent
[0x01C] Mass - Mailer
[0x01D] Small Web-Server Fuzzer
[0x01E] Design

Link
Download

shabbir · Jun 4, 2011

Is this project different from your last open source server project?

lionaneesh · Jun 4, 2011

shabbir said: ↑

Is this project different from your last open source server project?
Click to expand...

Yeah Sir! Its a Shell this time! A shell is used to execute commands on a System! Like we use CMD , Bash etc! But it has a nice GUI interface with some plugins installed like! Fuzzer , Mailer etc etc! and still tons more to come!

Basically main aim of this project is to provide the functionality to control a remote machine!

I hope you understand now!

PS : If you can change that into article! It world be great!

shabbir · Jun 4, 2011

lionaneesh said: ↑

Yeah Sir! Its a Shell this time! A shell is used to execute commands on a System! Like we use CMD , Bash etc! But it has a nice GUI interface with some plugins installed like! Fuzzer , Mailer etc etc! and still tons more to come!

Basically main aim of this project is to provide the functionality to control a remote machine!

I hope you understand now!

PS : If you can change that into article! It world be great!
Click to expand...

No it is by no means can be an article.

pein87 · Jun 5, 2011

I'll give it a try. Does it use shell_exec(), system(), or passthru(), or a mix of them all? It'd be nice to create a shell that works for the site, and as a tiny query builder/viewer to. I think someone made a shell for vbulletin's adminCP with similar feautres. I personally wouldn't use it to ping someones server but I'll see how it works.

lionaneesh · Jun 5, 2011

pein87 said: ↑

I'll give it a try. Does it use shell_exec(), system(), or passthru(), or a mix of them all? It'd be nice to create a shell that works for the site, and as a tiny query builder/viewer to. I think someone made a shell for vbulletin's adminCP with similar feautres. I personally wouldn't use it to ping someones server but I'll see how it works.
Click to expand...

it uses shell_exec() for the first version! But will add other in later versions! Thanks !

pein87 · Jun 5, 2011

I see, it functions ok, Maybe improve the UI of it so its more graphical and looks less like a dos prompt and it would be ok. Is the password and username hard coded on the file? To me if the UI had a modern application design it would be better. The Dos prompt could do with some ajax that shoots off the command on keydown of the enter key though so it better resembles an actual dos prompt. Maybe a tabbed interface would work best with each take being a new page housing more features. Said page could then have additional links to various functions related to that page. Just my advice though, and you could just use CSS3 instead of images with some small ajax for the dos prompt and it would still be a single file application. If you want I could design a simple UI real fast and post it.

lionaneesh · Jun 5, 2011

pein87 said: ↑

I see, it functions ok, Maybe improve the UI of it so its more graphical and looks less like a dos prompt and it would be ok. Is the password and username hard coded on the file? To me if the UI had a modern application design it would be better. The Dos prompt could do with some ajax that shoots off the command on keydown of the enter key though so it better resembles an actual dos prompt. Maybe a tabbed interface would work best with each take being a new page housing more features. Said page could then have additional links to various functions related to that page. Just my advice though, and you could just use CSS3 instead of images with some small ajax for the dos prompt and it would still be a single file application. If you want I could design a simple UI real fast and post it.
Click to expand...

1. Yeah the username and password are hardcoded!
2. I Will try to improve the UI (Please post yours)
3. Will surely add ajax in next version!

pein87 · Jun 6, 2011

Ok I'm done, I needed to figure out design wise what would be simple yet display it in modern terms. Everything can be done using CSS3 and I only used well supported options like border-radius and gradients. I didn't code it myself but the PSD, and demo image has been included. Its designed in an app centric manner when you get a feature set done and implemented the UI will be sleek and easy to navigate for who ever uses it. I can design additional pages if you need me to just let me know. May I suggest adding a config file, either xml,or a json type which can be included, or a regular php file. Possibly create a parser to read menu file so everything isn't hard coded and fixed. Vbulletin does something along these lines for the admincp and its very fast and effective especially if you convert them into a json style format that is just included and the array it outputted view a function call to load the file and render it. Then a parser for the dos which reads the input and compares it to a dictionary of expected commands so you can do custom error notices and prevent misuse which could damage the users or someone else's computer. So far you have a good start but if you implemented some of my suggestions it could be something you could put on codecanyon and profit off of in the future. As for the xml parser you could use simplexml an extension for php or write one using regex like vbulletin does/did in 3.x. When I say json type I mean a file thats an array php style that can simply be included and used without having to re-parse everything every page call and is similar to a cache file. This way everything is flat file, and doesn't require any database. Heck an Admincp for it with some basic options like logging activity and a GUI interface for changing config options would be pretty sweet to. Of course you don't have to use any of my suggestion, just trying to give you some feed back from another programmer and web dev. If you need some help or questions on how to implement something let me know we can bounce ideas back and forth until your happy with an idea.

lionaneesh · Jun 6, 2011

pein87 said: ↑

Ok I'm done, I needed to figure out design wise what would be simple yet display it in modern terms. Everything can be done using CSS3 and I only used well supported options like border-radius and gradients. I didn't code it myself but the PSD, and demo image has been included. Its designed in an app centric manner when you get a feature set done and implemented the UI will be sleek and easy to navigate for who ever uses it. I can design additional pages if you need me to just let me know. May I suggest adding a config file, either xml,or a json type which can be included, or a regular php file. Possibly create a parser to read menu file so everything isn't hard coded and fixed. Vbulletin does something along these lines for the admincp and its very fast and effective especially if you convert them into a json style format that is just included and the array it outputted view a function call to load the file and render it. Then a parser for the dos which reads the input and compares it to a dictionary of expected commands so you can do custom error notices and prevent misuse which could damage the users or someone else's computer. So far you have a good start but if you implemented some of my suggestions it could be something you could put on codecanyon and profit off of in the future. As for the xml parser you could use simplexml an extension for php or write one using regex like vbulletin does/did in 3.x. When I say json type I mean a file thats an array php style that can simply be included and used without having to re-parse everything every page call and is similar to a cache file. This way everything is flat file, and doesn't require any database. Heck an Admincp for it with some basic options like logging activity and a GUI interface for changing config options would be pretty sweet to. Of course you don't have to use any of my suggestion, just trying to give you some feed back from another programmer and web dev. If you need some help or questions on how to implement something let me know we can bounce ideas back and forth until your happy with an idea.
Click to expand...

Thanks for the PSD and Suggestions! But you must understand the main aim of this app was portability and so that people dont have to upload multiple files on servers and can just upload a single php file and get started! Your ideas seem cool! I am presently working on the UI and the AJAX part ! Please let me know what you feel!

pein87 · Jun 6, 2011

Its fine, it is your project after all. I'm sure it will blossom into something cool once your fully done. I see what you mean about portability but keep in mind it could still be a simple one pager that creates those files on set up. Adding in the read me that the password is hard coded and can be changed would be helpful for those who use it and want to change them. If you need some help let me know, I didn't check the source but are you using OOP or procedural coding?

lionaneesh · Jun 6, 2011

pein87 said: ↑

Its fine, it is your project after all. I'm sure it will blossom into something cool once your fully done. I see what you mean about portability but keep in mind it could still be a simple one pager that creates those files on set up. Adding in the read me that the password is hard coded and can be changed would be helpful for those who use it and want to change them. If you need some help let me know, I didn't check the source but are you using OOP or procedural coding?
Click to expand...

I am using procedural! Dint felt the need of using OOP! But maybe will use afterwards!

pein87 · Jun 8, 2011

I wrote some functionality that you may want to use. I will note on wamp I got undefined index on line 95(inside while loop making array) but it returns the values for display so I just added error_reporting since the code is working. You don't have to use it but I noticed you had something similar and though I'd help out. Could be useful to see what settings are what in a hurry and if you use ajax it could be a search feature or command line feature.

PHP:

//define constant using the value of the phpversion function which should change when the version changes but remain constant define("PHP_VERS", phpversion()); //define apache version as a constant define("APACHE_VERS", substr(apache_get_version(),7,7)); error_reporting(E_ALL ^ E_NOTICE); //get php extensions in as a sorted array function getPhpExtensions($sort = NULL) { $loadExts = get_loaded_extensions(); if($sort == "ASC") { asort($loadExts); } else if($sort == "DESC") { arsort($loadExts); } return $loadExts; } // get all apache modules function getApacheModules($sort = NULL) { $apacheModules = apache_get_modules(); if($sort == "ASC") { asort($apacheModules); } else if($sort == "DESC") { arsort($apacheModules); } return $apacheModules; } //get mysql, excepts mysql_connect data incase error is returned and checks if extension is loaded function mysqlVersion($host = NULL,$user = NULL,$pass = NULL,$port = NULL) { //mysql is not loaded show error if(!extension_loaded('mysql')) { return "mysql extension is not loaded"; } //mysql is loaded check what params are set and do mysql_connect if they are and show version or connection error else { if($host != NULL && $pass != NULL && $user != NULL && $port == NULL) { //no port connect via no port $MSQLCONN = @mysql_connect($host,$user,$pass); if(!$MSQLCONN) { return "could not connect to mysql"; } else { return substr(mysql_get_server_info(),0,5);; } } else if($host != NULL && $pass != NULL && $user != NULL && $port != NULL) { //connect using port $MSQLCONN = @mysql_connect($host . ":" . $port,$user,$pass); if(!$MSQLCONN) { return "could not connect to mysql"; } else { return substr(mysql_get_server_info(),0,5); } } else { return substr(mysql_get_server_info(),0,5); } } } /*search for an ini setting includes multi-values and a fix for magic quotes if its an array key it will have its value set using the magic quote functions; confirmed to work*/ function searchIniSetting($setting) { $iniValue; if(is_array($setting)) { $size = count($setting); $i = 0; /*run ini_get function until there are no more elements left in the array, and return associative array with the name of the setting as the key. Currently does not support stripping empty elements since it expects youto know what your looking for */ while($i < $size) { $iniValue[$setting[$i]] .= ini_get($setting[$i]); $i++; } //magic quotes is not gotten via this method check if its a key and change its value using the magic quotes functions if(array_key_exists('magic_quotes_gpc',$iniValue)) { $iniValue['magic_quotes_gpc'] = get_magic_quotes_gpc(); } if(array_key_exists("magic_quotes_runtime",$iniValue)) { $iniValue['magic_quotes_runtime'] = get_magic_quotes_runtime(); } return $iniValue; } else { if($setting == "magic_quotes_gpc") { //since they are seeking magic quotes instead use its specific function $iniValue = get_magic_quotes_gpc(); return $iniValue; } else if($setting == "magic_quotes_runtime") { $iniValue = get_magic_quotes_runtime(); return $iniValue; } else { $iniValue = ini_get($setting); if($iniValue) { return $iniValue; } else { return "Unsupported Ini setting."; } } } } /* Sample usage and proof of working concept */ $modules = getApacheModules("DESC"); foreach($modules as $mods) { echo "<div style=\"display:block;border-radius:5px;-moz-border-radius:5px;-webkit-border-radius:5px;-o-border-radius:5px;-ie-border-radius:5px;background: #000; width: 900px; height: 30px; color:#fff; margin:0px 0px 10px 0px;\">" . $mods . "</div>"; } echo "<br />"; $extensions = getPhpExtensions("DESC"); foreach($extensions as $exts) { echo "<div style=\"display:block;border-radius:5px;-moz-border-radius:5px;-webkit-border-radius:5px;-o-border-radius:5px;-ie-border-radius:5px;background: #000; width: 900px; height: 30px; color:#fff; margin:0px 0px 10px 0px;\">" . $exts . "</div>"; } echo "<br />"; echo mysqlVersion(); echo "<br />"; echo mysqlVersion("localhost","root",""); echo "<br />"; echo mysqlVersion("localhost","root","",3606); echo "<br />"; echo PHP_VERS; echo "<br />"; echo APACHE_VERS; echo "<br />"; $iniSettings = array("extension_dir","include_path","post_max_size","magic_quotes_gpc"); $iniResultSet = searchIniSetting($iniSettings); if (searchIniSetting('magic_quotes_gpc') == 0) { echo "Magic Quotes is Off"; } else { echo "Magic Quotes is On! Turn them off!"; } echo "<br />"; foreach($iniResultSet as $key => $iniResults) { echo "<div style=\"display:block;border-radius:5px;-moz-border-radius:5px;-webkit-border-radius:5px;-o-border-radius:5px;-ie-border-radius:5px;background: #000; width: 900px; height: 30px; color:#fff; margin:0px 0px 10px 0px;\">" . $key . ": " . $iniResults . "</div>"; }

pein87 · Jun 10, 2011

Removed Concatenation or the .= and made it equal sign or = and it works like a little sexy beast. Works in both 2.2.11 and 2.3.5 without any errors now.

PHP:

<?php //define constant using the value of the phpversion function which should change when the version changes but remain constant define("PHP_VERS", phpversion()); //define apache version as a constant define("APACHE_VERS", substr(apache_get_version(),7,7)); //error_reporting(E_ALL ^ E_NOTICE); //get php extensions in as a sorted array function getPhpExtensions($sort = NULL) { $loadExts = get_loaded_extensions(); if($sort == "ASC") { asort($loadExts); } else if($sort == "DESC") { arsort($loadExts); } return $loadExts; } // get all apache modules function getApacheModules($sort = NULL) { $apacheModules = apache_get_modules(); if($sort == "ASC") { asort($apacheModules); } else if($sort == "DESC") { arsort($apacheModules); } return $apacheModules; } //get mysql, excepts mysql_connect data incase error is returned and checks if extension is loaded function mysqlVersion($host = NULL,$user = NULL,$pass = NULL,$port = NULL) { //mysql is not loaded show error if(!extension_loaded('mysql')) { return "mysql extension is not loaded"; } //mysql is loaded check what params are set and do mysql_connect if they are and show version or connection error else { if($host != NULL && $pass != NULL && $user != NULL && $port == NULL) { //no port connect via no port $MSQLCONN = @mysql_connect($host,$user,$pass); if(!$MSQLCONN) { return "could not connect to mysql"; } else { return substr(mysql_get_server_info(),0,5);; } } else if($host != NULL && $pass != NULL && $user != NULL && $port != NULL) { //connect using port $MSQLCONN = @mysql_connect($host . ":" . $port,$user,$pass); if(!$MSQLCONN) { return "could not connect to mysql"; } else { return substr(mysql_get_server_info(),0,5); } } else { return substr(mysql_get_server_info(),0,5); } } } /*search for an ini setting includes multi-values and a fix for magic quotes if its an array key it will have its value set using the magic quote functions; confirmed to work*/ function searchIniSetting($setting) { $iniValue; if(is_array($setting)) { $size = count($setting); $i = 0; /*run ini_get function until there are no more elements left in the array, and return associative array with the name of the setting as the key. Currently does not support stripping empty elements since it expects youto know what your looking for */ while($i < $size) { $iniValue[$setting[$i]] = ini_get($setting[$i]); $i++; } //magic quotes is not gotten via this method check if its a key and change its value using the magic quotes functions if(array_key_exists('magic_quotes_gpc',$iniValue)) { $iniValue['magic_quotes_gpc'] = get_magic_quotes_gpc(); } if(array_key_exists("magic_quotes_runtime",$iniValue)) { $iniValue['magic_quotes_runtime'] = get_magic_quotes_runtime(); } return $iniValue; } else { if($setting == "magic_quotes_gpc") { //since they are seeking magic quotes instead use its specific function $iniValue = get_magic_quotes_gpc(); return $iniValue; } else if($setting == "magic_quotes_runtime") { $iniValue = get_magic_quotes_runtime(); return $iniValue; } else { $iniValue = ini_get($setting); if($iniValue) { return $iniValue; } else { return "Unsupported Ini setting."; } } } } /* Sample usage and proof of working concept */ $modules = getApacheModules("DESC"); foreach($modules as $mods) { echo "<div style=\"display:block;border-radius:5px;-moz-border-radius:5px;-webkit-border-radius:5px;-o-border-radius:5px;-ie-border-radius:5px;background: #000; width: 900px; height: 30px; color:#fff; margin:0px 0px 10px 0px;\">" . $mods . "</div>"; } echo "<br />"; $extensions = getPhpExtensions("DESC"); foreach($extensions as $exts) { echo "<div style=\"display:block;border-radius:5px;-moz-border-radius:5px;-webkit-border-radius:5px;-o-border-radius:5px;-ie-border-radius:5px;background: #000; width: 900px; height: 30px; color:#fff; margin:0px 0px 10px 0px;\">" . $exts . "</div>"; } echo "<br />"; echo mysqlVersion(); echo "<br />"; echo mysqlVersion("localhost","root",""); echo "<br />"; echo mysqlVersion("localhost","root","",3606); echo "<br />"; echo PHP_VERS; echo "<br />"; echo APACHE_VERS; echo "<br />"; $iniSettings = array("extension_dir","include_path","post_max_size","magic_quotes_gpc"); $iniResultSet = searchIniSetting($iniSettings); if (searchIniSetting('magic_quotes_gpc') == 0) { echo "Magic Quotes is Off"; } else { echo "Magic Quotes is On! Turn them off!"; } echo "<br />"; foreach($iniResultSet as $key => $iniResults) { echo "<div style=\"display:block;border-radius:5px;-moz-border-radius:5px;-webkit-border-radius:5px;-o-border-radius:5px;-ie-border-radius:5px;background: #000; width: 900px; height: 30px; color:#fff; margin:0px 0px 10px 0px;\">" . $key . ": " . $iniResults . "</div>"; } /* These functions have been test on windows using both wamp and xampp using the apache server with */ ?>

lionaneesh · Jun 11, 2011

Thanks for the help! Hey pein would you like to work on my new project! Please let me know what you feel!

pein87 · Jun 11, 2011

Fixed: 0's and 1's are now changed to Off and On respectively, null values are then removed cutting out params that aren't in the ini file. So now Magic Quotes will show On or Off instead of 0 or 1 and so will any other setting that uses this system. The rest are either char or string and I haven't seen boolean,besides 0 or 1, in the ini file so it should be good now. Added better display for proofof concepts, but remove them when you use it or it'll look really ugly having it output like that lol.

PHP:

<?php //define constant using the value of the phpversion function which should change when the version changes but remain constant define("PHP_VERS", phpversion()); //define apache version as a constant define("APACHE_VERS", substr(apache_get_version(),7,7)); //error_reporting(E_ALL ^ E_NOTICE); //get php extensions in as a sorted array function getPhpExtensions($sort = NULL) { $loadExts = get_loaded_extensions(); if($sort == "ASC") { asort($loadExts); } else if($sort == "DESC") { arsort($loadExts); } return $loadExts; } // get all apache modules function getApacheModules($sort = NULL) { $apacheModules = apache_get_modules(); if($sort == "ASC") { asort($apacheModules); } else if($sort == "DESC") { arsort($apacheModules); } return $apacheModules; } //get mysql, excepts mysql_connect data incase error is returned and checks if extension is loaded function mysqlVersion($host = NULL,$user = NULL,$pass = NULL,$port = NULL) { //mysql is not loaded show error if(!extension_loaded('mysql')) { return "mysql extension is not loaded"; } //mysql is loaded check what params are set and do mysql_connect if they are and show version or connection error else { if($host != NULL && $pass != NULL && $user != NULL && $port == NULL) { //no port connect via no port $MSQLCONN = @mysql_connect($host,$user,$pass); if(!$MSQLCONN) { return "could not connect to mysql"; } else { return substr(mysql_get_server_info(),0,5);; } } else if($host != NULL && $pass != NULL && $user != NULL && $port != NULL) { //connect using port $MSQLCONN = @mysql_connect($host . ":" . $port,$user,$pass); if(!$MSQLCONN) { return "could not connect to mysql"; } else { return substr(mysql_get_server_info(),0,5); } } else { return substr(mysql_get_server_info(),0,5); } } } /*search for an ini setting includes multi-values and a fix for magic quotes if its an array key it will have its value set using the magic quote functions; confirmed to work*/ function searchIniSetting($setting) { $iniValue; if(is_array($setting)) { $size = count($setting); $i = 0; /*run ini_get function until there are no more elements left in the array, and return associative array with the name of the setting as the key. Currently does not support stripping empty elements since it expects youto know what your looking for */ while($i < $size) { $iniValue[$setting[$i]] = ini_get($setting[$i]); if(is_numeric($iniValue[$setting[$i]]) && $iniValue[$setting[$i]] == 0) { $iniValue[$setting[$i]] = "Off"; } else if(is_numeric($iniValue[$setting[$i]]) && $iniValue[$setting[$i]] == 1) { $iniValue[$setting[$i]] = "ON"; } $i++; } //magic quotes is not gotten via this method check if its a key and change its value using the magic quotes functions if(array_key_exists("magic_quotes_gpc",$iniValue)) { $iniValue['magic_quotes_gpc'] = get_magic_quotes_gpc(); if($iniValue['magic_quotes_gpc'] == 0) { $iniValue['magic_quotes_gpc'] = "Off"; } else if($iniValue['magic_quotes_gpc'] == 1) { $iniValue['magic_quotes_gpc'] = "On"; } } if(array_key_exists("magic_quotes_runtime",$iniValue)) { $iniValue['magic_quotes_runtime'] = get_magic_quotes_runtime(); if($iniValue['magic_quotes_runtime'] == 0) { $iniValue['magic_quotes_runtime'] = "Off"; } else if($iniValue['magic_quotes_runtime'] == 1) { $iniValue['magic_quotes_runtime'] = "On"; } } foreach($iniValue as $k => $v) { if($iniValue[$k] == "") { unset($iniValue[$k]); } } return $iniValue; } else { if($setting == "magic_quotes_gpc") { //since they are seeking magic quotes instead use its specific function $iniValue = get_magic_quotes_gpc(); if($iniValue == 0) { $iniValue = "Off"; } else if($iniValue == 1) { $iniValue = "On"; } return $iniValue; } else if($setting == "magic_quotes_runtime") { $iniValue = get_magic_quotes_runtime(); if($iniValue == 0) { $iniValue = "Off"; } else if($iniValue == 1) { $iniValue = "On"; } return $iniValue; } else { $iniValue = ini_get($setting); if($iniValue) { if($iniValue == 0) { $iniValue = "Off"; } else if($iniValue == 1) { $iniValue = "On"; } return $iniValue; } else { return "Unsupported Ini setting."; } } } } /* Sample usage and proof of working concept */ $modules = getApacheModules("DESC"); foreach($modules as $mods) { echo "<div style=\"display:block;border-radius:5px;-moz-border-radius:5px;-webkit-border-radius:5px;-o-border-radius:5px;-ie-border-radius:5px;background: #000; width: 900px; height: 30px; color:#fff; margin:0px 0px 10px 0px;\">" . $mods . "</div>"; } echo "<br />"; $extensions = getPhpExtensions("DESC"); foreach($extensions as $exts) { echo "<div style=\"display:block;border-radius:5px;-moz-border-radius:5px;-webkit-border-radius:5px;-o-border-radius:5px;-ie-border-radius:5px;background: #000; width: 900px; height: 30px; color:#fff; margin:0px 0px 10px 0px;\">" . $exts . "</div>"; } echo "<br /><br />"; echo "MySQL Version: " . mysqlVersion(); echo "<br /><br />"; echo "MySQL Version: " . mysqlVersion("localhost","root",""); echo "<br /><br />"; echo "MySQL Version: " . mysqlVersion("localhost","root","",3606); echo "<br /><br />"; echo "PHP Version: " . PHP_VERS; echo "<br /><br />"; echo "Apache Version: " . APACHE_VERS; echo "<br /><br />"; $iniSettings = array("extension_dir","include_path","post_max_size","gloop","glop","gleep","magic_quotes_gpc"); $iniResultSet = searchIniSetting($iniSettings); echo "Oupt Buffering: " .searchIniSetting("output_buffering"); echo "<br /><br />"; echo "The original Array is: "; print_r($iniSettings); echo "<br /><br /> The new array has blanks removed, and numerics that are 0 changed to Off and 1's are set to On, new Array: "; print_r($iniResultSet); echo "<br />"; foreach($iniResultSet as $key => $iniResults) { echo "<div style=\"display:block;border-radius:5px;-moz-border-radius:5px;-webkit-border-radius:5px;-o-border-radius:5px;-ie-border-radius:5px;background: #000; width: 900px; height: 30px; color:#fff; margin:0px 0px 10px 0px;\">" . $key . ": " . $iniResults . "</div>"; } /* These functions have been test on windows using both wamp and xampp using the apache server with php versions 2.2.11 & 2.3.5 */ ?>

What is your new project? Is it web related or system level? What would you likeme to do, design(html/css), code(php/javascript), or UI design? I'd need to know what the project is before I say for sure if I'd help or not. Post or PM me what the project is.

pein87 · Jun 12, 2011

More additions show IP, port used to access page, ISP, browser array, computer memory being used at that time(ajax to call function to get values steadily), auto convert bytes into another format(KB - YB), see what the value of your bytes is in another format(kB - YB). Though I'd add some extra stuff that could possibly be useful, so it now has the functionality of www.ipchicken.com with the added functions for your file showing portion and it can render the systems memory being used.

PHP:

<?php //define constant using the value of the phpversion function which should change when the version changes but remain constant define("PHP_VERS", phpversion()); //define apache version as a constant define("APACHE_VERS", substr(apache_get_version(),7,7)); $compMeasurements = array("kb" => 1024,"mb" => 1048576,"gb" => 1073741824,"tb" => 1099511627776,"pb" => 1125899906842624,"eb" => 1152921504606846976,"zb" => 1180591620717411303424,"yb" => 1208925819614629174706176); //error_reporting(E_ALL ^ E_NOTICE); //get php extensions in as a sorted array function getPhpExtensions($sort = NULL) { $loadExts = get_loaded_extensions(); if($sort == "ASC") { asort($loadExts); } else if($sort == "DESC") { arsort($loadExts); } return $loadExts; } // get all apache modules function getApacheModules($sort = NULL) { $apacheModules = apache_get_modules(); if($sort == "ASC") { asort($apacheModules); } else if($sort == "DESC") { arsort($apacheModules); } return $apacheModules; } //get mysql, excepts mysql_connect data incase error is returned and checks if extension is loaded function mysqlVersion($host = NULL,$user = NULL,$pass = NULL,$port = NULL) { //mysql is not loaded show error if(!extension_loaded('mysql')) { return "mysql extension is not loaded"; } //mysql is loaded check what params are set and do mysql_connect if they are and show version or connection error else { if($host != NULL && $pass != NULL && $user != NULL && $port == NULL) { //no port connect via no port $MSQLCONN = @mysql_connect($host,$user,$pass); if(!$MSQLCONN) { return "could not connect to mysql"; } else { return substr(mysql_get_server_info(),0,5);; } } else if($host != NULL && $pass != NULL && $user != NULL && $port != NULL) { //connect using port $MSQLCONN = @mysql_connect($host . ":" . $port,$user,$pass); if(!$MSQLCONN) { return "could not connect to mysql"; } else { return substr(mysql_get_server_info(),0,5); } } else { return substr(mysql_get_server_info(),0,5); } } } /*search for an ini setting includes multi-values and a fix for magic quotes if its an array key it will have its value set using the magic quote functions; confirmed to work*/ function searchIniSetting($setting) { $iniValue; if(is_array($setting)) { $size = count($setting); $i = 0; /*run ini_get function until there are no more elements left in the array, and return associative array with the name of the setting as the key. Currently does not support stripping empty elements since it expects youto know what your looking for */ while($i < $size) { $iniValue[$setting[$i]] = ini_get($setting[$i]); if(is_numeric($iniValue[$setting[$i]]) && $iniValue[$setting[$i]] == 0) { $iniValue[$setting[$i]] = "Off"; } else if(is_numeric($iniValue[$setting[$i]]) && $iniValue[$setting[$i]] == 1) { $iniValue[$setting[$i]] = "ON"; } $i++; } //magic quotes is not gotten via this method check if its a key and change its value using the magic quotes functions if(array_key_exists("magic_quotes_gpc",$iniValue)) { $iniValue['magic_quotes_gpc'] = get_magic_quotes_gpc(); if($iniValue['magic_quotes_gpc'] == 0) { $iniValue['magic_quotes_gpc'] = "Off"; } else if($iniValue['magic_quotes_gpc'] == 1) { $iniValue['magic_quotes_gpc'] = "On"; } } if(array_key_exists("magic_quotes_runtime",$iniValue)) { $iniValue['magic_quotes_runtime'] = get_magic_quotes_runtime(); if($iniValue['magic_quotes_runtime'] == 0) { $iniValue['magic_quotes_runtime'] = "Off"; } else if($iniValue['magic_quotes_runtime'] == 1) { $iniValue['magic_quotes_runtime'] = "On"; } } foreach($iniValue as $k => $v) { if($iniValue[$k] == "") { unset($iniValue[$k]); } } return $iniValue; } else { if($setting == "magic_quotes_gpc") { //since they are seeking magic quotes instead use its specific function $iniValue = get_magic_quotes_gpc(); if($iniValue == 0) { $iniValue = "Off"; } else if($iniValue == 1) { $iniValue = "On"; } return $iniValue; } else if($setting == "magic_quotes_runtime") { $iniValue = get_magic_quotes_runtime(); if($iniValue == 0) { $iniValue = "Off"; } else if($iniValue == 1) { $iniValue = "On"; } return $iniValue; } else { $iniValue = ini_get($setting); if($iniValue) { if($iniValue == 0) { $iniValue = "Off"; } else if($iniValue == 1) { $iniValue = "On"; } return $iniValue; } else { return "Unsupported Ini setting."; } } } } //gets the total amount of memory currently in use function memoryUsage() { return memory_get_peak_usage(true); } // takes bytes and returns the desired value according to your return type function bytesTo($amount,$kMes) { $kMes = strtoupper($kMes); $conValues = 2; $memTypes = array("kb" => "KB","mb" => "MB","gb" => "GB","tb" => "TB","pb" => "PB","eb" => "EB","zb" => "ZB","yb" => "YB"); if(!in_array($kMes,$memTypes)) { return 0; } else { switch($kMes) { case $memTypes['kb']: return $amount / (pow($conValues,10)); break; case $memTypes['mb']: return $amount / (pow($conValues,20)); break; case $memTypes['gb']: return $amount / (pow($conValues,30)); break; case $memTypes['tb']: return $amount / (pow($conValues,40)); break; case $memTypes['pb']: return $amount / (pow($conValues,50)); break; case $memTypes['eb']: return $amount / (pow($conValues,60)); break; case $memTypes['zb']: return $amount / (pow($conValues,70)); break; case $memTypes['yb']: return $amount / (pow($conValues,80)); break; } } } // get IP address function getIp() { return $_SERVER['REMOTE_ADDR']; } // get port used to access this page excepts F for full and S for short function getPort($show = null) { if(strtoupper($show) == "F") { return $_SERVER['REMOTE_PORT']; } else if(strtoupper($show) == "S") { return substr($_SERVER['REMOTE_PORT'],0,2); } else { return $_SERVER['REMOTE_PORT']; } } // get ISP based on IP Address function getIsp() { return gethostbyaddr(getIp()); } // get full browser data needs regex to get actual browser function getBrowserFull() { return $_SERVER['HTTP_USER_AGENT']; } // auto change bytes to a different value, supports all the way up to YB function memConversion($amount) { $compMeasurements = array("kb" => 1024,"mb" => 1048576,"gb" => 1073741824,"tb" => 1099511627776,"pb" => 1125899906842624,"eb" => 1152921504606846976,"zb" => 1180591620717411303424,"yb" => 1208925819614629174706176); if($amount < $compMeasurements['kb']) { return $amount; } else if($amount >= $compMeasurements['kb'] && $amount < $compMeasurements['mb']) { $mem = array("value" => $amount / $compMeasurements['kb'], "size" => "KB"); return $mem; } else if($amount >= $compMeasurements['mb'] && $amount < $compMeasurements['gb']) { $mem = array("value" => $amount / $compMeasurements['mb'], "size" => "MB"); return $mem; } else if($amount >= $compMeasurements['gb'] && $amount < $compMeasurements['tb']) { $mem = array("value" => $amount / $compMeasurements['gb'], "size" => "GB"); return $mem; } else if($amount >= $compMeasurements['tb'] && $amount < $compMeasurements['pb']) { $mem = array("value" => $amount / $compMeasurements['tb'], "size" => "TB"); return $mem; } else if($amount >= $compMeasurements['pb'] && $amount < $compMeasurements['eb']) { $mem = array("value" => $amount / $compMeasurements['pb'], "size" => "PB"); return $mem; } else if($amount >= $compMeasurements['eb'] && $amount < $compMeasurements['zb']) { $mem = array("value" => $amount / $compMeasurements['eb'], "size" => "EB"); return $mem; } else if($amount >= $compMeasurements['zb'] && $amount < $compMeasurements['yb']) { $mem = array("value" => $amount / $compMeasurements['zb'], "size" => "ZB"); return $mem; } else if($amount >= $compMeasurements['yb'] && $amount < 1237940039285380274899124224) { $mem = array("value" => $amount / $compMeasurements['yb'], "size" => "YB"); return $mem; } } /* These functions have been test on windows using both wamp and xampp using the apache server with php versions 2.2.11 & 2.3.5 */ ?>

Alex.Gabriel · Oct 23, 2011

Code:
[RELEASE]Ani-Shell v1.0--PHP Shell with features like DDos , Fuzzer , Mail[/RELEASE]
Just another php shell used to ruin people's websites
This "Release" has been found on some scriptkiddies hacking forums released by this author ..
Nice to see that DDos is a feature.

lionaneesh · Oct 23, 2011

Alex.Gabriel said: ↑
Code:
[RELEASE]Ani-Shell v1.0--PHP Shell with features like DDos , Fuzzer , Mail[/RELEASE]
Just another php shell used to ruin people's websites
This "Release" has been found on some scriptkiddies hacking forums released by this author ..
Nice to see that DDos is a feature.
Click to expand...
The Shell is not designed for Destroying websites! In turn its designed for Penetration testing and Remote Access!

Alex.Gabriel · Oct 25, 2011

lionaneesh said: ↑

The Shell is not designed for Destroying websites! In turn its designed for Penetration testing and Remote Access!
Click to expand...

Well , if you say so .. i want to tell you that i have 6-7 years of RFI , LFi , file uploads , vuln scanners usage and other . I have quited because in the time when i was playing with peoples websites somebody else has ruined my website with a mass deface tool. Since then i have stoped all my actions and only now i see that i have made the good choice. So i can tell you as an EXPERT in this shits that this tool is not made for pentest. Many kids get these *made-4-reputation* tools and use them to crack peoples websites.
Penetration testing has another meaning , not to upload a php file and ddos , send mail and send commands on server.
If you don't believe me just search wikipedia or any other wiki site for the meaning of pentest.
Last time when i have posted here with another user 'rider' (wich i can't use it anymore) i got some *** kicks because i only said the word 'format' but now ... after a year ... people can share anything here

Log in or Sign up

Ani-Shell v1.0--PHP Shell with features like Fuzzer , Mailer

lionaneesh Active Member

shabbir Administrator Staff Member

lionaneesh Active Member

shabbir Administrator Staff Member

pein87 Active Member

lionaneesh Active Member

pein87 Active Member

lionaneesh Active Member

pein87 Active Member

Attached Files:

Ani-Shell.zip

lionaneesh Active Member

pein87 Active Member

lionaneesh Active Member

pein87 Active Member

pein87 Active Member

lionaneesh Active Member

pein87 Active Member

pein87 Active Member

Alex.Gabriel New Member

lionaneesh Active Member

Alex.Gabriel New Member

Share This Page

Log in or Sign up

Ani-Shell v1.0--PHP Shell with features like Fuzzer , Mailer

lionaneesh Active Member

shabbir Administrator Staff Member

lionaneesh Active Member

shabbir Administrator Staff Member

pein87 Active Member

lionaneesh Active Member

pein87 Active Member

lionaneesh Active Member

pein87 Active Member

Attached Files:

Ani-Shell.zip

lionaneesh Active Member

pein87 Active Member

lionaneesh Active Member

pein87 Active Member

pein87 Active Member

lionaneesh Active Member

pein87 Active Member

pein87 Active Member

Alex.Gabriel New Member

lionaneesh Active Member

Alex.Gabriel New Member

Share This Page

Useful Searches